##// END OF EJS Templates
Merge branch 'master' into func-as-nobody
drtyhlpr -
r176:f1d907267caa Fusion
parent child
Show More
@@ -0,0 +1,15
1 # Configuration template file used by rpi23-gen-image.sh
2 # Debian Stretch using the Arm64 for kernel compilation and Debian distribution.
3
4 RPI_MODEL=3
5 RELEASE=stretch
6 BUILD_KERNEL=true
7 KERNEL_ARCH=arm64
8 RELEASE_ARCH=arm64
9 CROSS_COMPILE=aarch64-linux-gnu-
10 QEMU_BINARY=/usr/bin/qemu-aarch64-static
11 KERNEL_DEFCONFIG=bcmrpi3_defconfig
12 KERNEL_BIN_IMAGE=Image
13 KERNEL_IMAGE=kernel8.img
14 KERNEL_BRANCH=rpi-4.11.y
15 ENABLE_WIRELESS=true
@@ -1,425 +1,452
1 # rpi23-gen-image
1 # rpi23-gen-image
2 ## Introduction
2 ## Introduction
3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `jessie` and `stretch`. Raspberry Pi 3 images are currently generated for 32-bit mode only.
3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `jessie` and `stretch`. Raspberry Pi 3 images are currently generated for 32-bit mode only.
4
4
5 ## Build dependencies
5 ## Build dependencies
6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7
7
8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9
9
10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandetory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandetory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
11
11
12 The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `jessie` and `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
12 The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `jessie` and `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13
13
14 If a Debian Linux `jessie` build system is used it will be required to add the [Debian Cross-toolchains repository](http://emdebian.org/tools/debian/) first:
14 If a Debian Linux `jessie` build system is used it will be required to add the [Debian Cross-toolchains repository](http://emdebian.org/tools/debian/) first:
15
15
16 ```
16 ```
17 echo "deb http://emdebian.org/tools/debian/ jessie main" > /etc/apt/sources.list.d/crosstools.list
17 echo "deb http://emdebian.org/tools/debian/ jessie main" > /etc/apt/sources.list.d/crosstools.list
18 sudo -u nobody wget -O - http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add -
18 sudo -u nobody wget -O - http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add -
19 dpkg --add-architecture armhf
19 dpkg --add-architecture armhf
20 apt-get update
20 apt-get update
21 ```
21 ```
22
22
23 ## Command-line parameters
23 ## Command-line parameters
24 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
24 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
25
25
26 #####Command-line examples:
26 ##### Command-line examples:
27 ```shell
27 ```shell
28 ENABLE_UBOOT=true ./rpi23-gen-image.sh
28 ENABLE_UBOOT=true ./rpi23-gen-image.sh
29 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
29 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
30 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
30 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
31 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
31 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
32 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
32 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
33 ENABLE_MINBASE=true ./rpi23-gen-image.sh
33 ENABLE_MINBASE=true ./rpi23-gen-image.sh
34 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
34 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
35 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
35 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
36 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
36 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
37 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
37 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
38 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
38 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
39 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
39 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
40 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
40 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
41 ```
41 ```
42
42
43 ## Configuration template files
43 ## Configuration template files
44 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
44 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
45
45
46 #####Command-line examples:
46 ##### Command-line examples:
47 ```shell
47 ```shell
48 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
48 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
49 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
49 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
50 ```
50 ```
51
51
52 ## Supported parameters and settings
52 ## Supported parameters and settings
53 #### APT settings:
53 #### APT settings:
54 ##### `APT_SERVER`="ftp.debian.org"
54 ##### `APT_SERVER`="ftp.debian.org"
55 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
55 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
56
56
57 ##### `APT_PROXY`=""
57 ##### `APT_PROXY`=""
58 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
58 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
59
59
60 ##### `APT_INCLUDES`=""
60 ##### `APT_INCLUDES`=""
61 A comma separated list of additional packages to be installed during bootstrapping.
61 A comma separated list of additional packages to be installed by debootstrap during bootstrapping.
62
63 ##### `APT_INCLUDES_LATE`=""
64 A comma separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
62
65
63 ---
66 ---
64
67
65 #### General system settings:
68 #### General system settings:
66 ##### `RPI_MODEL`=2
69 ##### `RPI_MODEL`=2
67 Specifiy the target Raspberry Pi hardware model. The script at this time supports the Raspberry Pi models `2` and `3`. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
70 Specifiy the target Raspberry Pi hardware model. The script at this time supports the Raspberry Pi models `2` and `3`. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
68
71
69 ##### `RELEASE`="jessie"
72 ##### `RELEASE`="jessie"
70 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases "jessie" and "stretch". `BUILD_KERNEL`=true will automatically be set if the Debian release `stretch` is used.
73 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases "jessie" and "stretch". `BUILD_KERNEL`=true will automatically be set if the Debian release `stretch` is used.
71
74
75 ##### `RELEASE_ARCH`="armhf"
76 Set the desired Debian release architecture.
77
72 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
78 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
73 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
79 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
74
80
75 ##### `PASSWORD`="raspberry"
81 ##### `PASSWORD`="raspberry"
76 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
82 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
77
83
78 ##### `USER_PASSWORD`="raspberry"
84 ##### `USER_PASSWORD`="raspberry"
79 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
85 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
80
86
81 ##### `DEFLOCAL`="en_US.UTF-8"
87 ##### `DEFLOCAL`="en_US.UTF-8"
82 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
88 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
83
89
84 ##### `TIMEZONE`="Europe/Berlin"
90 ##### `TIMEZONE`="Europe/Berlin"
85 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
91 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
86
92
87 ##### `EXPANDROOT`=true
93 ##### `EXPANDROOT`=true
88 Expand the root partition and filesystem automatically on first boot.
94 Expand the root partition and filesystem automatically on first boot.
89
95
90 ---
96 ---
91
97
92 #### Keyboard settings:
98 #### Keyboard settings:
93 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
99 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
94
100
95 ##### `XKB_MODEL`=""
101 ##### `XKB_MODEL`=""
96 Set the name of the model of your keyboard type.
102 Set the name of the model of your keyboard type.
97
103
98 ##### `XKB_LAYOUT`=""
104 ##### `XKB_LAYOUT`=""
99 Set the supported keyboard layout(s).
105 Set the supported keyboard layout(s).
100
106
101 ##### `XKB_VARIANT`=""
107 ##### `XKB_VARIANT`=""
102 Set the supported variant(s) of the keyboard layout(s).
108 Set the supported variant(s) of the keyboard layout(s).
103
109
104 ##### `XKB_OPTIONS`=""
110 ##### `XKB_OPTIONS`=""
105 Set extra xkb configuration options.
111 Set extra xkb configuration options.
106
112
107 ---
113 ---
108
114
109 #### Networking settings (DHCP):
115 #### Networking settings (DHCP):
110 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
116 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
111
117
112 #####`ENABLE_DHCP`=true
118 ##### `ENABLE_DHCP`=true
113 Set the system to use DHCP. This requires an DHCP server.
119 Set the system to use DHCP. This requires an DHCP server.
114
120
115 ---
121 ---
116
122
117 #### Networking settings (static):
123 #### Networking settings (static):
118 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
124 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
119
125
120 #####`NET_ADDRESS`=""
126 ##### `NET_ADDRESS`=""
121 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
127 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
122
128
123 #####`NET_GATEWAY`=""
129 ##### `NET_GATEWAY`=""
124 Set the IP address for the default gateway.
130 Set the IP address for the default gateway.
125
131
126 #####`NET_DNS_1`=""
132 ##### `NET_DNS_1`=""
127 Set the IP address for the first DNS server.
133 Set the IP address for the first DNS server.
128
134
129 #####`NET_DNS_2`=""
135 ##### `NET_DNS_2`=""
130 Set the IP address for the second DNS server.
136 Set the IP address for the second DNS server.
131
137
132 #####`NET_DNS_DOMAINS`=""
138 ##### `NET_DNS_DOMAINS`=""
133 Set the default DNS search domains to use for non fully qualified host names.
139 Set the default DNS search domains to use for non fully qualified host names.
134
140
135 #####`NET_NTP_1`=""
141 ##### `NET_NTP_1`=""
136 Set the IP address for the first NTP server.
142 Set the IP address for the first NTP server.
137
143
138 #####`NET_NTP_2`=""
144 ##### `NET_NTP_2`=""
139 Set the IP address for the second NTP server.
145 Set the IP address for the second NTP server.
140
146
141 ---
147 ---
142
148
143 #### Basic system features:
149 #### Basic system features:
144 ##### `ENABLE_CONSOLE`=true
150 ##### `ENABLE_CONSOLE`=true
145 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
151 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
146
152
147 ##### `ENABLE_I2C`=false
153 ##### `ENABLE_I2C`=false
148 Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
154 Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
149
155
150 ##### `ENABLE_SPI`=false
156 ##### `ENABLE_SPI`=false
151 Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
157 Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
152
158
153 ##### `ENABLE_IPV6`=true
159 ##### `ENABLE_IPV6`=true
154 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
160 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
155
161
156 ##### `ENABLE_SSHD`=true
162 ##### `ENABLE_SSHD`=true
157 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
163 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
158
164
159 ##### `ENABLE_NONFREE`=false
165 ##### `ENABLE_NONFREE`=false
160 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
166 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
161
167
162 ##### `ENABLE_WIRELESS`=false
168 ##### `ENABLE_WIRELESS`=false
163 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
169 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
164
170
165 ##### `ENABLE_RSYSLOG`=true
171 ##### `ENABLE_RSYSLOG`=true
166 If set to false, disable and uninstall rsyslog (so logs will be available only
172 If set to false, disable and uninstall rsyslog (so logs will be available only
167 in journal files)
173 in journal files)
168
174
169 ##### `ENABLE_SOUND`=true
175 ##### `ENABLE_SOUND`=true
170 Enable sound hardware and install Advanced Linux Sound Architecture.
176 Enable sound hardware and install Advanced Linux Sound Architecture.
171
177
172 ##### `ENABLE_HWRANDOM`=true
178 ##### `ENABLE_HWRANDOM`=true
173 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
179 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
174
180
175 ##### `ENABLE_MINGPU`=false
181 ##### `ENABLE_MINGPU`=false
176 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
182 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
177
183
178 ##### `ENABLE_DBUS`=true
184 ##### `ENABLE_DBUS`=true
179 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
185 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
180
186
181 ##### `ENABLE_XORG`=false
187 ##### `ENABLE_XORG`=false
182 Install Xorg open-source X Window System.
188 Install Xorg open-source X Window System.
183
189
184 ##### `ENABLE_WM`=""
190 ##### `ENABLE_WM`=""
185 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
191 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
186
192
187 ---
193 ---
188
194
189 #### Advanced system features:
195 #### Advanced system features:
190 ##### `ENABLE_MINBASE`=false
196 ##### `ENABLE_MINBASE`=false
191 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
197 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
192
198
193 ##### `ENABLE_REDUCE`=false
199 ##### `ENABLE_REDUCE`=false
194 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
200 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
195
201
196 ##### `ENABLE_UBOOT`=false
202 ##### `ENABLE_UBOOT`=false
197 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](http://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
203 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](http://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
198
204
199 ##### `UBOOTSRC_DIR`=""
205 ##### `UBOOTSRC_DIR`=""
200 Path to a directory (`u-boot`) of [U-Boot bootloader sources](http://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
206 Path to a directory (`u-boot`) of [U-Boot bootloader sources](http://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
201
207
202 ##### `ENABLE_FBTURBO`=false
208 ##### `ENABLE_FBTURBO`=false
203 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
209 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
204
210
205 ##### `FBTURBOSRC_DIR`=""
211 ##### `FBTURBOSRC_DIR`=""
206 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
212 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
207
213
208 ##### `ENABLE_IPTABLES`=false
214 ##### `ENABLE_IPTABLES`=false
209 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
215 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
210
216
211 ##### `ENABLE_USER`=true
217 ##### `ENABLE_USER`=true
212 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
218 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
213
219
214 ##### `USER_NAME`=pi
220 ##### `USER_NAME`=pi
215 Non-root user to create. Ignored if `ENABLE_USER`=false
221 Non-root user to create. Ignored if `ENABLE_USER`=false
216
222
217 ##### `ENABLE_ROOT`=false
223 ##### `ENABLE_ROOT`=false
218 Set root user password so root login will be enabled
224 Set root user password so root login will be enabled
219
225
220 ##### `ENABLE_HARDNET`=false
226 ##### `ENABLE_HARDNET`=false
221 Enable IPv4/IPv6 network stack hardening settings.
227 Enable IPv4/IPv6 network stack hardening settings.
222
228
223 ##### `ENABLE_SPLITFS`=false
229 ##### `ENABLE_SPLITFS`=false
224 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
230 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
225
231
226 ##### `CHROOT_SCRIPTS`=""
232 ##### `CHROOT_SCRIPTS`=""
227 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
233 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
228
234
229 ##### `ENABLE_INITRAMFS`=false
235 ##### `ENABLE_INITRAMFS`=false
230 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
236 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
231
237
232 ##### `ENABLE_IFNAMES`=true
238 ##### `ENABLE_IFNAMES`=true
233 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names. This parameter is only supported if the Debian release `stretch` is used.
239 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names. This parameter is only supported if the Debian release `stretch` is used.
234
240
235 ##### `DISABLE_UNDERVOLT_WARNINGS`=
241 ##### `DISABLE_UNDERVOLT_WARNINGS`=
236 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
242 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
237
243
238 ---
244 ---
239
245
240 #### SSH settings:
246 #### SSH settings:
241 ##### `SSH_ENABLE_ROOT`=false
247 ##### `SSH_ENABLE_ROOT`=false
242 Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
248 Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
243
249
244 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
250 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
245 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
251 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
246
252
247 ##### `SSH_LIMIT_USERS`=false
253 ##### `SSH_LIMIT_USERS`=false
248 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
254 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
249
255
250 ##### `SSH_ROOT_PUB_KEY`=""
256 ##### `SSH_ROOT_PUB_KEY`=""
251 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
257 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
252
258
253 ##### `SSH_USER_PUB_KEY`=""
259 ##### `SSH_USER_PUB_KEY`=""
254 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
260 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
255
261
256 ---
262 ---
257
263
258 #### Kernel compilation:
264 #### Kernel compilation:
259 ##### `BUILD_KERNEL`=false
265 ##### `BUILD_KERNEL`=false
260 Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
266 Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
261
267
268 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
269 This sets the cross compile enviornment for the compiler.
270
271 ##### `KERNEL_ARCH`="arm"
272 This sets the kernel architecture for the compiler.
273
274 ##### `KERNEL_IMAGE`="kernel7.img"
275 Name of the image file in the boot partition.
276
277 ##### `KERNEL_BRANCH`=""
278 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
279
280 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
281 Sets the QEMU enviornment for the Debian archive.
282
283 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
284 Sets the default config for kernel compiling.
285
262 ##### `KERNEL_REDUCE`=false
286 ##### `KERNEL_REDUCE`=false
263 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
287 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
264
288
265 ##### `KERNEL_THREADS`=1
289 ##### `KERNEL_THREADS`=1
266 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
290 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
267
291
268 ##### `KERNEL_HEADERS`=true
292 ##### `KERNEL_HEADERS`=true
269 Install kernel headers with built kernel.
293 Install kernel headers with built kernel.
270
294
271 ##### `KERNEL_MENUCONFIG`=false
295 ##### `KERNEL_MENUCONFIG`=false
272 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
296 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
273
297
274 ##### `KERNEL_REMOVESRC`=true
298 ##### `KERNEL_REMOVESRC`=true
275 Remove all kernel sources from the generated OS image after it was built and installed.
299 Remove all kernel sources from the generated OS image after it was built and installed.
276
300
277 ##### `KERNELSRC_DIR`=""
301 ##### `KERNELSRC_DIR`=""
278 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
302 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
279
303
280 ##### `KERNELSRC_CLEAN`=false
304 ##### `KERNELSRC_CLEAN`=false
281 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
305 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
282
306
283 ##### `KERNELSRC_CONFIG`=true
307 ##### `KERNELSRC_CONFIG`=true
284 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
308 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
285
309
286 ##### `KERNELSRC_USRCONFIG`=""
310 ##### `KERNELSRC_USRCONFIG`=""
287 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
311 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
288
312
289 ##### `KERNELSRC_PREBUILT`=false
313 ##### `KERNELSRC_PREBUILT`=false
290 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
314 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
291
315
292 ##### `RPI_FIRMWARE_DIR`=""
316 ##### `RPI_FIRMWARE_DIR`=""
293 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
317 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
294
318
295 ---
319 ---
296
320
297 #### Reduce disk usage:
321 #### Reduce disk usage:
298 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
322 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
299
323
300 ##### `REDUCE_APT`=true
324 ##### `REDUCE_APT`=true
301 Configure APT to use compressed package repository lists and no package caching files.
325 Configure APT to use compressed package repository lists and no package caching files.
302
326
303 ##### `REDUCE_DOC`=true
327 ##### `REDUCE_DOC`=true
304 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
328 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
305
329
306 ##### `REDUCE_MAN`=true
330 ##### `REDUCE_MAN`=true
307 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
331 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
308
332
309 ##### `REDUCE_VIM`=false
333 ##### `REDUCE_VIM`=false
310 Replace `vim-tiny` package by `levee` a tiny vim clone.
334 Replace `vim-tiny` package by `levee` a tiny vim clone.
311
335
312 ##### `REDUCE_BASH`=false
336 ##### `REDUCE_BASH`=false
313 Remove `bash` package and switch to `dash` shell (experimental).
337 Remove `bash` package and switch to `dash` shell (experimental).
314
338
315 ##### `REDUCE_HWDB`=true
339 ##### `REDUCE_HWDB`=true
316 Remove PCI related hwdb files (experimental).
340 Remove PCI related hwdb files (experimental).
317
341
318 ##### `REDUCE_SSHD`=true
342 ##### `REDUCE_SSHD`=true
319 Replace `openssh-server` with `dropbear`.
343 Replace `openssh-server` with `dropbear`.
320
344
321 ##### `REDUCE_LOCALE`=true
345 ##### `REDUCE_LOCALE`=true
322 Remove all `locale` translation files.
346 Remove all `locale` translation files.
323
347
324 ---
348 ---
325
349
326 #### Encrypted root partition:
350 #### Encrypted root partition:
327 ##### `ENABLE_CRYPTFS`=false
351 ##### `ENABLE_CRYPTFS`=false
328 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
352 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
329
353
330 ##### `CRYPTFS_PASSWORD`=""
354 ##### `CRYPTFS_PASSWORD`=""
331 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
355 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
332
356
333 ##### `CRYPTFS_MAPPING`="secure"
357 ##### `CRYPTFS_MAPPING`="secure"
334 Set name of dm-crypt managed device-mapper mapping.
358 Set name of dm-crypt managed device-mapper mapping.
335
359
336 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
360 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
337 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
361 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
338
362
339 ##### `CRYPTFS_XTSKEYSIZE`=512
363 ##### `CRYPTFS_XTSKEYSIZE`=512
340 Sets key size in bits. The argument has to be a multiple of 8.
364 Sets key size in bits. The argument has to be a multiple of 8.
341
365
342 ---
366 ---
343
367
344 #### Build settings:
368 #### Build settings:
345 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
369 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
346 Set a path to a working directory used by the script to generate an image.
370 Set a path to a working directory used by the script to generate an image.
347
371
348 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-rpi${RPI_MODEL}-${RELEASE}
372 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
349 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true.
373 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
350
374
351 ## Understanding the script
375 ## Understanding the script
352 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
376 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
353
377
354 | Script | Description |
378 | Script | Description |
355 | --- | --- |
379 | --- | --- |
356 | `10-bootstrap.sh` | Debootstrap basic system |
380 | `10-bootstrap.sh` | Debootstrap basic system |
357 | `11-apt.sh` | Setup APT repositories |
381 | `11-apt.sh` | Setup APT repositories |
358 | `12-locale.sh` | Setup Locales and keyboard settings |
382 | `12-locale.sh` | Setup Locales and keyboard settings |
359 | `13-kernel.sh` | Build and install RPi2/3 Kernel |
383 | `13-kernel.sh` | Build and install RPi2/3 Kernel |
360 | `14-fstab.sh` | Setup fstab and initramfs |
384 | `14-fstab.sh` | Setup fstab and initramfs |
361 | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline |
385 | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline |
362 | `20-networking.sh` | Setup Networking |
386 | `20-networking.sh` | Setup Networking |
363 | `21-firewall.sh` | Setup Firewall |
387 | `21-firewall.sh` | Setup Firewall |
364 | `30-security.sh` | Setup Users and Security settings |
388 | `30-security.sh` | Setup Users and Security settings |
365 | `31-logging.sh` | Setup Logging |
389 | `31-logging.sh` | Setup Logging |
366 | `32-sshd.sh` | Setup SSH and public keys |
390 | `32-sshd.sh` | Setup SSH and public keys |
367 | `41-uboot.sh` | Build and Setup U-Boot |
391 | `41-uboot.sh` | Build and Setup U-Boot |
368 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
392 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
369 | `50-firstboot.sh` | First boot actions |
393 | `50-firstboot.sh` | First boot actions |
370 | `99-reduce.sh` | Reduce the disk space usage |
394 | `99-reduce.sh` | Reduce the disk space usage |
371
395
372 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
396 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
373
397
374 | Directory | Description |
398 | Directory | Description |
375 | --- | --- |
399 | --- | --- |
376 | `apt` | APT management configuration files |
400 | `apt` | APT management configuration files |
377 | `boot` | Boot and RPi2/3 configuration files |
401 | `boot` | Boot and RPi2/3 configuration files |
378 | `dpkg` | Package Manager configuration |
402 | `dpkg` | Package Manager configuration |
379 | `etc` | Configuration files and rc scripts |
403 | `etc` | Configuration files and rc scripts |
380 | `firstboot` | Scripts that get executed on first boot |
404 | `firstboot` | Scripts that get executed on first boot |
381 | `initramfs` | Initramfs scripts |
405 | `initramfs` | Initramfs scripts |
382 | `iptables` | Firewall configuration files |
406 | `iptables` | Firewall configuration files |
383 | `locales` | Locales configuration |
407 | `locales` | Locales configuration |
384 | `modules` | Kernel Modules configuration |
408 | `modules` | Kernel Modules configuration |
385 | `mount` | Fstab configuration |
409 | `mount` | Fstab configuration |
386 | `network` | Networking configuration files |
410 | `network` | Networking configuration files |
387 | `sysctl.d` | Swapping and Network Hardening configuration |
411 | `sysctl.d` | Swapping and Network Hardening configuration |
388 | `xorg` | fbturbo Xorg driver configuration |
412 | `xorg` | fbturbo Xorg driver configuration |
389
413
390 ## Custom packages and scripts
414 ## Custom packages and scripts
391 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
415 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
392
416
393 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
417 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
394
418
395 ## Logging of the bootstrapping process
419 ## Logging of the bootstrapping process
396 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
420 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
397
421
398 ```shell
422 ```shell
399 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
423 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
400 ```
424 ```
401
425
402 ## Flashing the image file
426 ## Flashing the image file
403 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
427 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
404
428
405 #####Flashing examples:
429 ##### Flashing examples:
406 ```shell
430 ```shell
407 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie.img /dev/mmcblk0
431 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie.img /dev/mmcblk0
408 dd bs=4M if=./images/jessie/2017-01-23-rpi3-jessie.img of=/dev/mmcblk0
432 dd bs=4M if=./images/jessie/2017-01-23-rpi3-jessie.img of=/dev/mmcblk0
409 ```
433 ```
410 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
434 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
411 ```shell
435 ```shell
412 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-frmw.img /dev/mmcblk0
436 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-frmw.img /dev/mmcblk0
413 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc
437 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc
414 ```
438 ```
439 ## Weekly image builds
440 The image files are provided by JRWR'S I/O PORT and are built once a Sunday at midnight UTC!
441 * [Debian Stretch Raspberry Pi2/3 Weekly Image Builds](https://jrwr.io/doku.php?id=projects:debianpi)
415
442
416 ## External links and references
443 ## External links and references
417 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
444 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
418 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
445 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
419 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
446 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
420 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
447 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
421 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
448 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
422 * [U-BOOT git repository](http://git.denx.de/?p=u-boot.git;a=summary)
449 * [U-BOOT git repository](http://git.denx.de/?p=u-boot.git;a=summary)
423 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
450 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
424 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
451 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
425 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
452 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,47 +1,47
1 #
1 #
2 # Debootstrap basic system
2 # Debootstrap basic system
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 VARIANT=""
8 VARIANT=""
9 COMPONENTS="main"
9 COMPONENTS="main"
10 EXCLUDES=""
10 EXCLUDES=""
11
11
12 # Use non-free Debian packages if needed
12 # Use non-free Debian packages if needed
13 if [ "$ENABLE_NONFREE" = true ] ; then
13 if [ "$ENABLE_NONFREE" = true ] ; then
14 COMPONENTS="main,non-free"
14 COMPONENTS="main,non-free"
15 fi
15 fi
16
16
17 # Use minbase bootstrap variant which only includes essential packages
17 # Use minbase bootstrap variant which only includes essential packages
18 if [ "$ENABLE_MINBASE" = true ] ; then
18 if [ "$ENABLE_MINBASE" = true ] ; then
19 VARIANT="--variant=minbase"
19 VARIANT="--variant=minbase"
20 fi
20 fi
21
21
22 # Exclude packages if required by Debian release
22 # Exclude packages if required by Debian release
23 if [ "$RELEASE" = "stretch" ] ; then
23 if [ "$RELEASE" = "stretch" ] ; then
24 EXCLUDES="--exclude=init,systemd-sysv"
24 EXCLUDES="--exclude=init,systemd-sysv"
25 fi
25 fi
26
26
27 # Base debootstrap (unpack only)
27 # Base debootstrap (unpack only)
28 http_proxy=${APT_PROXY} debootstrap ${EXCLUDES} --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
28 http_proxy=${APT_PROXY} debootstrap ${EXCLUDES} --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
29
29
30 # Copy qemu emulator binary to chroot
30 # Copy qemu emulator binary to chroot
31 install_exec "${QEMU_BINARY}" "${R}${QEMU_BINARY}"
31 install -m 755 -o root -g root "${QEMU_BINARY}" "${R}${QEMU_BINARY}"
32
32
33 # Copy debian-archive-keyring.pgp
33 # Copy debian-archive-keyring.pgp
34 mkdir -p "${R}/usr/share/keyrings"
34 mkdir -p "${R}/usr/share/keyrings"
35 install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "${R}/usr/share/keyrings/debian-archive-keyring.gpg"
35 install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "${R}/usr/share/keyrings/debian-archive-keyring.gpg"
36
36
37 # Complete the bootstrapping process
37 # Complete the bootstrapping process
38 chroot_exec /debootstrap/debootstrap --second-stage
38 chroot_exec /debootstrap/debootstrap --second-stage
39
39
40 # Mount required filesystems
40 # Mount required filesystems
41 mount -t proc none "${R}/proc"
41 mount -t proc none "${R}/proc"
42 mount -t sysfs none "${R}/sys"
42 mount -t sysfs none "${R}/sys"
43
43
44 # Mount pseudo terminal slave if supported by Debian release
44 # Mount pseudo terminal slave if supported by Debian release
45 if [ -d "${R}/dev/pts" ] ; then
45 if [ -d "${R}/dev/pts" ] ; then
46 mount --bind /dev/pts "${R}/dev/pts"
46 mount --bind /dev/pts "${R}/dev/pts"
47 fi
47 fi
@@ -1,51 +1,55
1 #
1 #
2 # Setup APT repositories
2 # Setup APT repositories
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Install and setup APT proxy configuration
8 # Install and setup APT proxy configuration
9 if [ -z "$APT_PROXY" ] ; then
9 if [ -z "$APT_PROXY" ] ; then
10 install_readonly files/apt/10proxy "${ETC_DIR}/apt/apt.conf.d/10proxy"
10 install_readonly files/apt/10proxy "${ETC_DIR}/apt/apt.conf.d/10proxy"
11 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
11 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
12 fi
12 fi
13
13
14 if [ "$BUILD_KERNEL" = false ] ; then
14 if [ "$BUILD_KERNEL" = false ] ; then
15 # Install APT pinning configuration for flash-kernel package
15 # Install APT pinning configuration for flash-kernel package
16 install_readonly files/apt/flash-kernel "${ETC_DIR}/apt/preferences.d/flash-kernel"
16 install_readonly files/apt/flash-kernel "${ETC_DIR}/apt/preferences.d/flash-kernel"
17
17
18 # Install APT sources.list
18 # Install APT sources.list
19 install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
19 install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
20 echo "deb ${COLLABORA_URL} ${RELEASE} rpi2" >> "${ETC_DIR}/apt/sources.list"
20 echo "deb ${COLLABORA_URL} ${RELEASE} rpi2" >> "${ETC_DIR}/apt/sources.list"
21
21
22 # Upgrade collabora package index and install collabora keyring
22 # Upgrade collabora package index and install collabora keyring
23 chroot_exec apt-get -qq -y update
23 chroot_exec apt-get -qq -y update
24 chroot_exec apt-get -qq -y --allow-unauthenticated install collabora-obs-archive-keyring
24 chroot_exec apt-get -qq -y --allow-unauthenticated install collabora-obs-archive-keyring
25 else # BUILD_KERNEL=true
25 else # BUILD_KERNEL=true
26 # Install APT sources.list
26 # Install APT sources.list
27 install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
27 install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
28
28
29 # Use specified APT server and release
29 # Use specified APT server and release
30 sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list"
30 sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list"
31 sed -i "s/ jessie/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
31 sed -i "s/ jessie/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
32 fi
32 fi
33
33
34 # Allow the installation of non-free Debian packages
34 # Allow the installation of non-free Debian packages
35 if [ "$ENABLE_NONFREE" = true ] ; then
35 if [ "$ENABLE_NONFREE" = true ] ; then
36 sed -i "s/ contrib/ contrib non-free/" "${ETC_DIR}/apt/sources.list"
36 sed -i "s/ contrib/ contrib non-free/" "${ETC_DIR}/apt/sources.list"
37 fi
37 fi
38
38
39 # Upgrade package index and update all installed packages and changed dependencies
39 # Upgrade package index and update all installed packages and changed dependencies
40 chroot_exec apt-get -qq -y update
40 chroot_exec apt-get -qq -y update
41 chroot_exec apt-get -qq -y -u dist-upgrade
41 chroot_exec apt-get -qq -y -u dist-upgrade
42
42
43 if [ "$APT_INCLUDES_LATE" ] ; then
44 chroot_exec apt-get -qq -y install $(echo $APT_INCLUDES_LATE |tr , ' ')
45 fi
46
43 if [ -d packages ] ; then
47 if [ -d packages ] ; then
44 for package in packages/*.deb ; do
48 for package in packages/*.deb ; do
45 cp $package ${R}/tmp
49 cp $package ${R}/tmp
46 chroot_exec dpkg --unpack /tmp/$(basename $package)
50 chroot_exec dpkg --unpack /tmp/$(basename $package)
47 done
51 done
48 fi
52 fi
49 chroot_exec apt-get -qq -y -f install
53 chroot_exec apt-get -qq -y -f install
50
54
51 chroot_exec apt-get -qq -y check
55 chroot_exec apt-get -qq -y check
@@ -1,172 +1,183
1 #
1 #
2 # Build and Setup RPi2/3 Kernel
2 # Build and Setup RPi2/3 Kernel
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Fetch and build latest raspberry kernel
8 # Fetch and build latest raspberry kernel
9 if [ "$BUILD_KERNEL" = true ] ; then
9 if [ "$BUILD_KERNEL" = true ] ; then
10 # Setup source directory
10 # Setup source directory
11 mkdir -p "${R}/usr/src"
11 mkdir -p "${R}/usr/src"
12
12
13 # Copy existing kernel sources into chroot directory
13 # Copy existing kernel sources into chroot directory
14 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
14 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
15 # Copy kernel sources
15 # Copy kernel sources
16 cp -r "${KERNELSRC_DIR}" "${R}/usr/src"
16 cp -r "${KERNELSRC_DIR}" "${R}/usr/src"
17
17
18 # Clean the kernel sources
18 # Clean the kernel sources
19 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
19 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
20 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
20 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
21 fi
21 fi
22 else # KERNELSRC_DIR=""
22 else # KERNELSRC_DIR=""
23 # Create temporary directory for kernel sources
23 # Create temporary directory for kernel sources
24 temp_dir=$(as_nobody mktemp -d)
24 temp_dir=$(as_nobody mktemp -d)
25
25
26 # Fetch current RPi2/3 kernel sources
26 # Fetch current RPi2/3 kernel sources
27 as_nobody git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}"
27 if [ -z "${KERNEL_BRANCH}" ] ; then
28
28 as_nobody -u nobody git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}"
29 else
30 as_nobody -u nobody git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}"
31 fi
32
29 # Copy downloaded kernel sources
33 # Copy downloaded kernel sources
30 mv "${temp_dir}/linux" "${R}/usr/src/"
34 mv "${temp_dir}/linux" "${R}/usr/src/"
31
35
32 # Remove temporary directory for kernel sources
36 # Remove temporary directory for kernel sources
33 rm -fr "${temp_dir}"
37 rm -fr "${temp_dir}"
34
38
35 # Set permissions of the kernel sources
39 # Set permissions of the kernel sources
36 chown -R root:root "${R}/usr/src"
40 chown -R root:root "${R}/usr/src"
37 fi
41 fi
38
42
39 # Calculate optimal number of kernel building threads
43 # Calculate optimal number of kernel building threads
40 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
44 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
41 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
45 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
42 fi
46 fi
43
47
44 # Configure and build kernel
48 # Configure and build kernel
45 if [ "$KERNELSRC_PREBUILT" = false ] ; then
49 if [ "$KERNELSRC_PREBUILT" = false ] ; then
46 # Remove device, network and filesystem drivers from kernel configuration
50 # Remove device, network and filesystem drivers from kernel configuration
47 if [ "$KERNEL_REDUCE" = true ] ; then
51 if [ "$KERNEL_REDUCE" = true ] ; then
48 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
52 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
49 sed -i\
53 sed -i\
50 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
54 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
51 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
55 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
52 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
56 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
53 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
57 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
54 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
58 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
55 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
59 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
56 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
60 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
57 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
61 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
58 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
62 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
59 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
63 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
60 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
64 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
61 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
65 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
62 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
66 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
63 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
67 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
64 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
68 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
65 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
69 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
66 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
70 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
67 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
71 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
68 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
72 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
69 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
73 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
70 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
74 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
71 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
75 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
72 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
76 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
73 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
77 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
74 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
78 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
75 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
79 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
76 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
80 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
77 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
81 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
78 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
82 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
79 "${KERNEL_DIR}/.config"
83 "${KERNEL_DIR}/.config"
80 fi
84 fi
81
85
82 if [ "$KERNELSRC_CONFIG" = true ] ; then
86 if [ "$KERNELSRC_CONFIG" = true ] ; then
83 # Load default raspberry kernel configuration
87 # Load default raspberry kernel configuration
84 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
88 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
85
89
86 if [ ! -z "$KERNELSRC_USRCONFIG" ] ; then
90 if [ ! -z "$KERNELSRC_USRCONFIG" ] ; then
87 cp $KERNELSRC_USRCONFIG ${KERNEL_DIR}/.config
91 cp $KERNELSRC_USRCONFIG ${KERNEL_DIR}/.config
88 fi
92 fi
89
93
90 # Start menu-driven kernel configuration (interactive)
94 # Start menu-driven kernel configuration (interactive)
91 if [ "$KERNEL_MENUCONFIG" = true ] ; then
95 if [ "$KERNEL_MENUCONFIG" = true ] ; then
92 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
96 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
93 fi
97 fi
94 fi
98 fi
95
99
96 # Cross compile kernel and modules
100 # Cross compile kernel and modules
97 make -C "${KERNEL_DIR}" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" zImage modules dtbs
101 make -C "${KERNEL_DIR}" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_BIN_IMAGE}" modules dtbs
98 fi
102 fi
99
103
100 # Check if kernel compilation was successful
104 # Check if kernel compilation was successful
101 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/zImage" ] ; then
105 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
102 echo "error: kernel compilation failed! (zImage not found)"
106 echo "error: kernel compilation failed! (kernel image not found)"
103 cleanup
107 cleanup
104 exit 1
108 exit 1
105 fi
109 fi
106
110
107 # Install kernel modules
111 # Install kernel modules
108 if [ "$ENABLE_REDUCE" = true ] ; then
112 if [ "$ENABLE_REDUCE" = true ] ; then
109 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
113 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
110 else
114 else
111 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
115 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
112
116
113 # Install kernel firmware
117 # Install kernel firmware
114 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
118 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
115 fi
119 fi
116
120
117 # Install kernel headers
121 # Install kernel headers
118 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
122 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
119 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
123 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
120 fi
124 fi
121
125
122 # Prepare boot (firmware) directory
126 # Prepare boot (firmware) directory
123 mkdir "${BOOT_DIR}"
127 mkdir "${BOOT_DIR}"
124
128
125 # Get kernel release version
129 # Get kernel release version
126 KERNEL_VERSION=`cat "${KERNEL_DIR}/include/config/kernel.release"`
130 KERNEL_VERSION=`cat "${KERNEL_DIR}/include/config/kernel.release"`
127
131
128 # Copy kernel configuration file to the boot directory
132 # Copy kernel configuration file to the boot directory
129 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
133 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
130
134
131 # Copy dts and dtb device tree sources and binaries
135 # Copy dts and dtb device tree sources and binaries
132 mkdir "${BOOT_DIR}/overlays"
136 mkdir "${BOOT_DIR}/overlays"
133 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb "${BOOT_DIR}/"
137
138 # Ensure the proper .dtb is located
139 if [ "$KERNEL_ARCH" = "arm" ] ; then
140 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb "${BOOT_DIR}/"
141 else
142 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb "${BOOT_DIR}/"
143 fi
144
134 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb* "${BOOT_DIR}/overlays/"
145 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb* "${BOOT_DIR}/overlays/"
135 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
146 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
136
147
137 if [ "$ENABLE_UBOOT" = false ] ; then
148 if [ "$ENABLE_UBOOT" = false ] ; then
138 # Convert and copy zImage kernel to the boot directory
149 # Convert and copy kernel image to the boot directory
139 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/zImage" "${BOOT_DIR}/${KERNEL_IMAGE}"
150 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
140 else
151 else
141 # Copy zImage kernel to the boot directory
152 # Copy kernel image to the boot directory
142 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/zImage" "${BOOT_DIR}/${KERNEL_IMAGE}"
153 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
143 fi
154 fi
144
155
145 # Remove kernel sources
156 # Remove kernel sources
146 if [ "$KERNEL_REMOVESRC" = true ] ; then
157 if [ "$KERNEL_REMOVESRC" = true ] ; then
147 rm -fr "${KERNEL_DIR}"
158 rm -fr "${KERNEL_DIR}"
148 else
159 else
149 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
160 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
150
161
151 # Create symlinks for kernel modules
162 # Create symlinks for kernel modules
152 ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/build"
163 ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/build"
153 ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/source"
164 ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/source"
154 fi
165 fi
155
166
156 else # BUILD_KERNEL=false
167 else # BUILD_KERNEL=false
157 # Kernel installation
168 # Kernel installation
158 chroot_exec apt-get -qq -y --no-install-recommends install linux-image-"${COLLABORA_KERNEL}" raspberrypi-bootloader-nokernel
169 chroot_exec apt-get -qq -y --no-install-recommends install linux-image-"${COLLABORA_KERNEL}" raspberrypi-bootloader-nokernel
159
170
160 # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
171 # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
161 chroot_exec apt-get -qq -y install flash-kernel
172 chroot_exec apt-get -qq -y install flash-kernel
162
173
163 # Check if kernel installation was successful
174 # Check if kernel installation was successful
164 VMLINUZ="$(ls -1 ${R}/boot/vmlinuz-* | sort | tail -n 1)"
175 VMLINUZ="$(ls -1 ${R}/boot/vmlinuz-* | sort | tail -n 1)"
165 if [ -z "$VMLINUZ" ] ; then
176 if [ -z "$VMLINUZ" ] ; then
166 echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
177 echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
167 cleanup
178 cleanup
168 exit 1
179 exit 1
169 fi
180 fi
170 # Copy vmlinuz kernel to the boot directory
181 # Copy vmlinuz kernel to the boot directory
171 install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}"
182 install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}"
172 fi
183 fi
@@ -1,629 +1,640
1 #!/bin/sh
1 #!/bin/sh
2
2
3 ########################################################################
3 ########################################################################
4 # rpi23-gen-image.sh 2015-2017
4 # rpi23-gen-image.sh 2015-2017
5 #
5 #
6 # Advanced Debian "jessie" and "stretch" bootstrap script for RPi2/3
6 # Advanced Debian "jessie" and "stretch" bootstrap script for RPi2/3
7 #
7 #
8 # This program is free software; you can redistribute it and/or
8 # This program is free software; you can redistribute it and/or
9 # modify it under the terms of the GNU General Public License
9 # modify it under the terms of the GNU General Public License
10 # as published by the Free Software Foundation; either version 2
10 # as published by the Free Software Foundation; either version 2
11 # of the License, or (at your option) any later version.
11 # of the License, or (at your option) any later version.
12 #
12 #
13 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
14 #
14 #
15 # Big thanks for patches and enhancements by 10+ github contributors!
15 # Big thanks for patches and enhancements by 10+ github contributors!
16 ########################################################################
16 ########################################################################
17
17
18 # Are we running as root?
18 # Are we running as root?
19 if [ "$(id -u)" -ne "0" ] ; then
19 if [ "$(id -u)" -ne "0" ] ; then
20 echo "error: this script must be executed with root privileges!"
20 echo "error: this script must be executed with root privileges!"
21 exit 1
21 exit 1
22 fi
22 fi
23
23
24 # Check if ./functions.sh script exists
24 # Check if ./functions.sh script exists
25 if [ ! -r "./functions.sh" ] ; then
25 if [ ! -r "./functions.sh" ] ; then
26 echo "error: './functions.sh' required script not found!"
26 echo "error: './functions.sh' required script not found!"
27 exit 1
27 exit 1
28 fi
28 fi
29
29
30 # Load utility functions
30 # Load utility functions
31 . ./functions.sh
31 . ./functions.sh
32
32
33 # Load parameters from configuration template file
33 # Load parameters from configuration template file
34 if [ ! -z "$CONFIG_TEMPLATE" ] ; then
34 if [ ! -z "$CONFIG_TEMPLATE" ] ; then
35 use_template
35 use_template
36 fi
36 fi
37
37
38 # Introduce settings
38 # Introduce settings
39 set -e
39 set -e
40 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
40 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
41 set -x
41 set -x
42
42
43 # Raspberry Pi model configuration
43 # Raspberry Pi model configuration
44 RPI_MODEL=${RPI_MODEL:=2}
44 RPI_MODEL=${RPI_MODEL:=2}
45 RPI2_DTB_FILE=${RPI2_DTB_FILE:=bcm2709-rpi-2-b.dtb}
45 RPI2_DTB_FILE=${RPI2_DTB_FILE:=bcm2709-rpi-2-b.dtb}
46 RPI2_UBOOT_CONFIG=${RPI2_UBOOT_CONFIG:=rpi_2_defconfig}
46 RPI2_UBOOT_CONFIG=${RPI2_UBOOT_CONFIG:=rpi_2_defconfig}
47 RPI3_DTB_FILE=${RPI3_DTB_FILE:=bcm2710-rpi-3-b.dtb}
47 RPI3_DTB_FILE=${RPI3_DTB_FILE:=bcm2710-rpi-3-b.dtb}
48 RPI3_UBOOT_CONFIG=${RPI3_UBOOT_CONFIG:=rpi_3_32b_defconfig}
48 RPI3_UBOOT_CONFIG=${RPI3_UBOOT_CONFIG:=rpi_3_32b_defconfig}
49
49
50 # Debian release
50 # Debian release
51 RELEASE=${RELEASE:=jessie}
51 RELEASE=${RELEASE:=jessie}
52 KERNEL_ARCH=${KERNEL_ARCH:=arm}
52 KERNEL_ARCH=${KERNEL_ARCH:=arm}
53 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
53 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
54 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
54 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
55 COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
55 COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
56 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
56 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
57 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
57 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
58 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
58 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
59 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
59
60
60 # URLs
61 # URLs
61 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
62 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
62 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
63 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
63 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm80211/brcm}
64 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm80211/brcm}
64 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
65 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
65 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
66 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
66 UBOOT_URL=${UBOOT_URL:=git://git.denx.de/u-boot.git}
67 UBOOT_URL=${UBOOT_URL:=git://git.denx.de/u-boot.git}
67
68
68 # Build directories
69 # Build directories
69 BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}}
70 BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}}
70 BUILDDIR="${BASEDIR}/build"
71 BUILDDIR="${BASEDIR}/build"
72
71 # Prepare date string for default image file name
73 # Prepare date string for default image file name
72 DATE="$(date +%Y-%m-%d)"
74 DATE="$(date +%Y-%m-%d)"
73 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-rpi${RPI_MODEL}-${RELEASE}}
75 if [ -z "$KERNEL_BRANCH" ] ; then
76 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
77 else
78 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
79 fi
74
80
75 # Chroot directories
81 # Chroot directories
76 R="${BUILDDIR}/chroot"
82 R="${BUILDDIR}/chroot"
77 ETC_DIR="${R}/etc"
83 ETC_DIR="${R}/etc"
78 LIB_DIR="${R}/lib"
84 LIB_DIR="${R}/lib"
79 BOOT_DIR="${R}/boot/firmware"
85 BOOT_DIR="${R}/boot/firmware"
80 KERNEL_DIR="${R}/usr/src/linux"
86 KERNEL_DIR="${R}/usr/src/linux"
81 WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm"
87 WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm"
82
88
83 # Firmware directory: Blank if download from github
89 # Firmware directory: Blank if download from github
84 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
90 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
85
91
86 # General settings
92 # General settings
87 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
93 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
88 PASSWORD=${PASSWORD:=raspberry}
94 PASSWORD=${PASSWORD:=raspberry}
89 USER_PASSWORD=${USER_PASSWORD:=raspberry}
95 USER_PASSWORD=${USER_PASSWORD:=raspberry}
90 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
96 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
91 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
97 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
92 EXPANDROOT=${EXPANDROOT:=true}
98 EXPANDROOT=${EXPANDROOT:=true}
93
99
94 # Keyboard settings
100 # Keyboard settings
95 XKB_MODEL=${XKB_MODEL:=""}
101 XKB_MODEL=${XKB_MODEL:=""}
96 XKB_LAYOUT=${XKB_LAYOUT:=""}
102 XKB_LAYOUT=${XKB_LAYOUT:=""}
97 XKB_VARIANT=${XKB_VARIANT:=""}
103 XKB_VARIANT=${XKB_VARIANT:=""}
98 XKB_OPTIONS=${XKB_OPTIONS:=""}
104 XKB_OPTIONS=${XKB_OPTIONS:=""}
99
105
100 # Network settings (DHCP)
106 # Network settings (DHCP)
101 ENABLE_DHCP=${ENABLE_DHCP:=true}
107 ENABLE_DHCP=${ENABLE_DHCP:=true}
102
108
103 # Network settings (static)
109 # Network settings (static)
104 NET_ADDRESS=${NET_ADDRESS:=""}
110 NET_ADDRESS=${NET_ADDRESS:=""}
105 NET_GATEWAY=${NET_GATEWAY:=""}
111 NET_GATEWAY=${NET_GATEWAY:=""}
106 NET_DNS_1=${NET_DNS_1:=""}
112 NET_DNS_1=${NET_DNS_1:=""}
107 NET_DNS_2=${NET_DNS_2:=""}
113 NET_DNS_2=${NET_DNS_2:=""}
108 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
114 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
109 NET_NTP_1=${NET_NTP_1:=""}
115 NET_NTP_1=${NET_NTP_1:=""}
110 NET_NTP_2=${NET_NTP_2:=""}
116 NET_NTP_2=${NET_NTP_2:=""}
111
117
112 # APT settings
118 # APT settings
113 APT_PROXY=${APT_PROXY:=""}
119 APT_PROXY=${APT_PROXY:=""}
114 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
120 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
115
121
116 # Feature settings
122 # Feature settings
117 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
123 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
118 ENABLE_I2C=${ENABLE_I2C:=false}
124 ENABLE_I2C=${ENABLE_I2C:=false}
119 ENABLE_SPI=${ENABLE_SPI:=false}
125 ENABLE_SPI=${ENABLE_SPI:=false}
120 ENABLE_IPV6=${ENABLE_IPV6:=true}
126 ENABLE_IPV6=${ENABLE_IPV6:=true}
121 ENABLE_SSHD=${ENABLE_SSHD:=true}
127 ENABLE_SSHD=${ENABLE_SSHD:=true}
122 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
128 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
123 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
129 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
124 ENABLE_SOUND=${ENABLE_SOUND:=true}
130 ENABLE_SOUND=${ENABLE_SOUND:=true}
125 ENABLE_DBUS=${ENABLE_DBUS:=true}
131 ENABLE_DBUS=${ENABLE_DBUS:=true}
126 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
132 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
127 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
133 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
128 ENABLE_XORG=${ENABLE_XORG:=false}
134 ENABLE_XORG=${ENABLE_XORG:=false}
129 ENABLE_WM=${ENABLE_WM:=""}
135 ENABLE_WM=${ENABLE_WM:=""}
130 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
136 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
131 ENABLE_USER=${ENABLE_USER:=true}
137 ENABLE_USER=${ENABLE_USER:=true}
132 USER_NAME=${USER_NAME:="pi"}
138 USER_NAME=${USER_NAME:="pi"}
133 ENABLE_ROOT=${ENABLE_ROOT:=false}
139 ENABLE_ROOT=${ENABLE_ROOT:=false}
134
140
135 # SSH settings
141 # SSH settings
136 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
142 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
137 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
143 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
138 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
144 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
139 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
145 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
140 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
146 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
141
147
142 # Advanced settings
148 # Advanced settings
143 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
149 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
144 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
150 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
145 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
151 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
146 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
152 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
147 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
153 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
148 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
154 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
149 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
155 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
150 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
156 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
151 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
157 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
152 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
158 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
153 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
159 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
154 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
160 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
155
161
156 # Kernel compilation settings
162 # Kernel compilation settings
157 BUILD_KERNEL=${BUILD_KERNEL:=false}
163 BUILD_KERNEL=${BUILD_KERNEL:=false}
158 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
164 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
159 KERNEL_THREADS=${KERNEL_THREADS:=1}
165 KERNEL_THREADS=${KERNEL_THREADS:=1}
160 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
166 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
161 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
167 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
162 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
168 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
169 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
163
170
164 # Kernel compilation from source directory settings
171 # Kernel compilation from source directory settings
165 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
172 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
166 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
173 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
167 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
174 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
168 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
175 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
169
176
170 # Reduce disk usage settings
177 # Reduce disk usage settings
171 REDUCE_APT=${REDUCE_APT:=true}
178 REDUCE_APT=${REDUCE_APT:=true}
172 REDUCE_DOC=${REDUCE_DOC:=true}
179 REDUCE_DOC=${REDUCE_DOC:=true}
173 REDUCE_MAN=${REDUCE_MAN:=true}
180 REDUCE_MAN=${REDUCE_MAN:=true}
174 REDUCE_VIM=${REDUCE_VIM:=false}
181 REDUCE_VIM=${REDUCE_VIM:=false}
175 REDUCE_BASH=${REDUCE_BASH:=false}
182 REDUCE_BASH=${REDUCE_BASH:=false}
176 REDUCE_HWDB=${REDUCE_HWDB:=true}
183 REDUCE_HWDB=${REDUCE_HWDB:=true}
177 REDUCE_SSHD=${REDUCE_SSHD:=true}
184 REDUCE_SSHD=${REDUCE_SSHD:=true}
178 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
185 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
179
186
180 # Encrypted filesystem settings
187 # Encrypted filesystem settings
181 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
188 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
182 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
189 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
183 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
190 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
184 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
191 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
185 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
192 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
186
193
187 # Stop the Crypto Wars
194 # Stop the Crypto Wars
188 DISABLE_FBI=${DISABLE_FBI:=false}
195 DISABLE_FBI=${DISABLE_FBI:=false}
189
196
190 # Chroot scripts directory
197 # Chroot scripts directory
191 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
198 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
192
199
193 # Packages required in the chroot build environment
200 # Packages required in the chroot build environment
194 APT_INCLUDES=${APT_INCLUDES:=""}
201 APT_INCLUDES=${APT_INCLUDES:=""}
195 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils"
202 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils"
196
203
197 # Packages required for bootstrapping
204 # Packages required for bootstrapping
198 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
205 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
199 MISSING_PACKAGES=""
206 MISSING_PACKAGES=""
200
207
201 # Packages installed for c/c++ build environment in chroot (keep empty)
208 # Packages installed for c/c++ build environment in chroot (keep empty)
202 COMPILER_PACKAGES=""
209 COMPILER_PACKAGES=""
203
210
204 set +x
211 set +x
205
212
206 # Set Raspberry Pi model specific configuration
213 # Set Raspberry Pi model specific configuration
207 if [ "$RPI_MODEL" = 2 ] ; then
214 if [ "$RPI_MODEL" = 2 ] ; then
208 DTB_FILE=${RPI2_DTB_FILE}
215 DTB_FILE=${RPI2_DTB_FILE}
209 UBOOT_CONFIG=${RPI2_UBOOT_CONFIG}
216 UBOOT_CONFIG=${RPI2_UBOOT_CONFIG}
210 elif [ "$RPI_MODEL" = 3 ] ; then
217 elif [ "$RPI_MODEL" = 3 ] ; then
211 DTB_FILE=${RPI3_DTB_FILE}
218 DTB_FILE=${RPI3_DTB_FILE}
212 UBOOT_CONFIG=${RPI3_UBOOT_CONFIG}
219 UBOOT_CONFIG=${RPI3_UBOOT_CONFIG}
213 BUILD_KERNEL=true
220 BUILD_KERNEL=true
214 else
221 else
215 echo "error: Raspberry Pi model ${RPI_MODEL} is not supported!"
222 echo "error: Raspberry Pi model ${RPI_MODEL} is not supported!"
216 exit 1
223 exit 1
217 fi
224 fi
218
225
219 # Check if the internal wireless interface is supported by the RPi model
226 # Check if the internal wireless interface is supported by the RPi model
220 if [ "$ENABLE_WIRELESS" = true ] && [ "$RPI_MODEL" != 3 ] ; then
227 if [ "$ENABLE_WIRELESS" = true ] && [ "$RPI_MODEL" != 3 ] ; then
221 echo "error: The selected Raspberry Pi model has no internal wireless interface"
228 echo "error: The selected Raspberry Pi model has no internal wireless interface"
222 exit 1
229 exit 1
223 fi
230 fi
224
231
225 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
232 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
226 if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
233 if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
227 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
234 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
228 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
235 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
229 exit 1
236 exit 1
230 fi
237 fi
231 fi
238 fi
232
239
233 # Build RPi2/3 Linux kernel if required by Debian release
240 # Build RPi2/3 Linux kernel if required by Debian release
234 if [ "$RELEASE" = "stretch" ] ; then
241 if [ "$RELEASE" = "stretch" ] ; then
235 BUILD_KERNEL=true
242 BUILD_KERNEL=true
236 fi
243 fi
237
244
238 # Add packages required for kernel cross compilation
245 # Add packages required for kernel cross compilation
239 if [ "$BUILD_KERNEL" = true ] ; then
246 if [ "$BUILD_KERNEL" = true ] ; then
240 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
247 if [ "$KERNEL_ARCH" = "arm" ] ; then
248 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
249 else
250 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
251 fi
241 fi
252 fi
242
253
243 # Add libncurses5 to enable kernel menuconfig
254 # Add libncurses5 to enable kernel menuconfig
244 if [ "$KERNEL_MENUCONFIG" = true ] ; then
255 if [ "$KERNEL_MENUCONFIG" = true ] ; then
245 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses5-dev"
256 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses5-dev"
246 fi
257 fi
247
258
248 # Stop the Crypto Wars
259 # Stop the Crypto Wars
249 if [ "$DISABLE_FBI" = true ] ; then
260 if [ "$DISABLE_FBI" = true ] ; then
250 ENABLE_CRYPTFS=true
261 ENABLE_CRYPTFS=true
251 fi
262 fi
252
263
253 # Add cryptsetup package to enable filesystem encryption
264 # Add cryptsetup package to enable filesystem encryption
254 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
265 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
255 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
266 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
256 APT_INCLUDES="${APT_INCLUDES},cryptsetup"
267 APT_INCLUDES="${APT_INCLUDES},cryptsetup"
257
268
258 if [ -z "$CRYPTFS_PASSWORD" ] ; then
269 if [ -z "$CRYPTFS_PASSWORD" ] ; then
259 echo "error: no password defined (CRYPTFS_PASSWORD)!"
270 echo "error: no password defined (CRYPTFS_PASSWORD)!"
260 exit 1
271 exit 1
261 fi
272 fi
262 ENABLE_INITRAMFS=true
273 ENABLE_INITRAMFS=true
263 fi
274 fi
264
275
265 # Add initramfs generation tools
276 # Add initramfs generation tools
266 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
277 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
267 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
278 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
268 fi
279 fi
269
280
270 # Add device-tree-compiler required for building the U-Boot bootloader
281 # Add device-tree-compiler required for building the U-Boot bootloader
271 if [ "$ENABLE_UBOOT" = true ] ; then
282 if [ "$ENABLE_UBOOT" = true ] ; then
272 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler"
283 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler"
273 fi
284 fi
274
285
275 # Check if root SSH (v2) public key file exists
286 # Check if root SSH (v2) public key file exists
276 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
287 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
277 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
288 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
278 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
289 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
279 exit 1
290 exit 1
280 fi
291 fi
281 fi
292 fi
282
293
283 # Check if $USER_NAME SSH (v2) public key file exists
294 # Check if $USER_NAME SSH (v2) public key file exists
284 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
295 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
285 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
296 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
286 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
297 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
287 exit 1
298 exit 1
288 fi
299 fi
289 fi
300 fi
290
301
291 # Check if all required packages are installed on the build system
302 # Check if all required packages are installed on the build system
292 for package in $REQUIRED_PACKAGES ; do
303 for package in $REQUIRED_PACKAGES ; do
293 if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
304 if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
294 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
305 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
295 fi
306 fi
296 done
307 done
297
308
298 # If there are missing packages ask confirmation for install, or exit
309 # If there are missing packages ask confirmation for install, or exit
299 if [ -n "$MISSING_PACKAGES" ] ; then
310 if [ -n "$MISSING_PACKAGES" ] ; then
300 echo "the following packages needed by this script are not installed:"
311 echo "the following packages needed by this script are not installed:"
301 echo "$MISSING_PACKAGES"
312 echo "$MISSING_PACKAGES"
302
313
303 echo -n "\ndo you want to install the missing packages right now? [y/n] "
314 echo -n "\ndo you want to install the missing packages right now? [y/n] "
304 read confirm
315 read confirm
305 [ "$confirm" != "y" ] && exit 1
316 [ "$confirm" != "y" ] && exit 1
306
317
307 # Make sure all missing required packages are installed
318 # Make sure all missing required packages are installed
308 apt-get -qq -y install ${MISSING_PACKAGES}
319 apt-get -qq -y install ${MISSING_PACKAGES}
309 fi
320 fi
310
321
311 # Check if ./bootstrap.d directory exists
322 # Check if ./bootstrap.d directory exists
312 if [ ! -d "./bootstrap.d/" ] ; then
323 if [ ! -d "./bootstrap.d/" ] ; then
313 echo "error: './bootstrap.d' required directory not found!"
324 echo "error: './bootstrap.d' required directory not found!"
314 exit 1
325 exit 1
315 fi
326 fi
316
327
317 # Check if ./files directory exists
328 # Check if ./files directory exists
318 if [ ! -d "./files/" ] ; then
329 if [ ! -d "./files/" ] ; then
319 echo "error: './files' required directory not found!"
330 echo "error: './files' required directory not found!"
320 exit 1
331 exit 1
321 fi
332 fi
322
333
323 # Check if specified KERNELSRC_DIR directory exists
334 # Check if specified KERNELSRC_DIR directory exists
324 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
335 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
325 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
336 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
326 exit 1
337 exit 1
327 fi
338 fi
328
339
329 # Check if specified UBOOTSRC_DIR directory exists
340 # Check if specified UBOOTSRC_DIR directory exists
330 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
341 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
331 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
342 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
332 exit 1
343 exit 1
333 fi
344 fi
334
345
335 # Check if specified FBTURBOSRC_DIR directory exists
346 # Check if specified FBTURBOSRC_DIR directory exists
336 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
347 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
337 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
348 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
338 exit 1
349 exit 1
339 fi
350 fi
340
351
341 # Check if specified CHROOT_SCRIPTS directory exists
352 # Check if specified CHROOT_SCRIPTS directory exists
342 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
353 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
343 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
354 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
344 exit 1
355 exit 1
345 fi
356 fi
346
357
347 # Check if specified device mapping already exists (will be used by cryptsetup)
358 # Check if specified device mapping already exists (will be used by cryptsetup)
348 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
359 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
349 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
360 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
350 exit 1
361 exit 1
351 fi
362 fi
352
363
353 # Don't clobber an old build
364 # Don't clobber an old build
354 if [ -e "$BUILDDIR" ] ; then
365 if [ -e "$BUILDDIR" ] ; then
355 echo "error: directory ${BUILDDIR} already exists, not proceeding"
366 echo "error: directory ${BUILDDIR} already exists, not proceeding"
356 exit 1
367 exit 1
357 fi
368 fi
358
369
359 # Setup chroot directory
370 # Setup chroot directory
360 mkdir -p "${R}"
371 mkdir -p "${R}"
361
372
362 # Check if build directory has enough of free disk space >512MB
373 # Check if build directory has enough of free disk space >512MB
363 if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
374 if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
364 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
375 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
365 exit 1
376 exit 1
366 fi
377 fi
367
378
368 set -x
379 set -x
369
380
370 # Call "cleanup" function on various signals and errors
381 # Call "cleanup" function on various signals and errors
371 trap cleanup 0 1 2 3 6
382 trap cleanup 0 1 2 3 6
372
383
373 # Add required packages for the minbase installation
384 # Add required packages for the minbase installation
374 if [ "$ENABLE_MINBASE" = true ] ; then
385 if [ "$ENABLE_MINBASE" = true ] ; then
375 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
386 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
376 fi
387 fi
377
388
378 # Add required locales packages
389 # Add required locales packages
379 if [ "$DEFLOCAL" != "en_US.UTF-8" ] ; then
390 if [ "$DEFLOCAL" != "en_US.UTF-8" ] ; then
380 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
391 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
381 fi
392 fi
382
393
383 # Add parted package, required to get partprobe utility
394 # Add parted package, required to get partprobe utility
384 if [ "$EXPANDROOT" = true ] ; then
395 if [ "$EXPANDROOT" = true ] ; then
385 APT_INCLUDES="${APT_INCLUDES},parted"
396 APT_INCLUDES="${APT_INCLUDES},parted"
386 fi
397 fi
387
398
388 # Add dbus package, recommended if using systemd
399 # Add dbus package, recommended if using systemd
389 if [ "$ENABLE_DBUS" = true ] ; then
400 if [ "$ENABLE_DBUS" = true ] ; then
390 APT_INCLUDES="${APT_INCLUDES},dbus"
401 APT_INCLUDES="${APT_INCLUDES},dbus"
391 fi
402 fi
392
403
393 # Add iptables IPv4/IPv6 package
404 # Add iptables IPv4/IPv6 package
394 if [ "$ENABLE_IPTABLES" = true ] ; then
405 if [ "$ENABLE_IPTABLES" = true ] ; then
395 APT_INCLUDES="${APT_INCLUDES},iptables"
406 APT_INCLUDES="${APT_INCLUDES},iptables"
396 fi
407 fi
397
408
398 # Add openssh server package
409 # Add openssh server package
399 if [ "$ENABLE_SSHD" = true ] ; then
410 if [ "$ENABLE_SSHD" = true ] ; then
400 APT_INCLUDES="${APT_INCLUDES},openssh-server"
411 APT_INCLUDES="${APT_INCLUDES},openssh-server"
401 fi
412 fi
402
413
403 # Add alsa-utils package
414 # Add alsa-utils package
404 if [ "$ENABLE_SOUND" = true ] ; then
415 if [ "$ENABLE_SOUND" = true ] ; then
405 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
416 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
406 fi
417 fi
407
418
408 # Add rng-tools package
419 # Add rng-tools package
409 if [ "$ENABLE_HWRANDOM" = true ] ; then
420 if [ "$ENABLE_HWRANDOM" = true ] ; then
410 APT_INCLUDES="${APT_INCLUDES},rng-tools"
421 APT_INCLUDES="${APT_INCLUDES},rng-tools"
411 fi
422 fi
412
423
413 # Add fbturbo video driver
424 # Add fbturbo video driver
414 if [ "$ENABLE_FBTURBO" = true ] ; then
425 if [ "$ENABLE_FBTURBO" = true ] ; then
415 # Enable xorg package dependencies
426 # Enable xorg package dependencies
416 ENABLE_XORG=true
427 ENABLE_XORG=true
417 fi
428 fi
418
429
419 # Add user defined window manager package
430 # Add user defined window manager package
420 if [ -n "$ENABLE_WM" ] ; then
431 if [ -n "$ENABLE_WM" ] ; then
421 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
432 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
422
433
423 # Enable xorg package dependencies
434 # Enable xorg package dependencies
424 ENABLE_XORG=true
435 ENABLE_XORG=true
425 fi
436 fi
426
437
427 # Add xorg package
438 # Add xorg package
428 if [ "$ENABLE_XORG" = true ] ; then
439 if [ "$ENABLE_XORG" = true ] ; then
429 APT_INCLUDES="${APT_INCLUDES},xorg"
440 APT_INCLUDES="${APT_INCLUDES},xorg"
430 fi
441 fi
431
442
432 # Replace selected packages with smaller clones
443 # Replace selected packages with smaller clones
433 if [ "$ENABLE_REDUCE" = true ] ; then
444 if [ "$ENABLE_REDUCE" = true ] ; then
434 # Add levee package instead of vim-tiny
445 # Add levee package instead of vim-tiny
435 if [ "$REDUCE_VIM" = true ] ; then
446 if [ "$REDUCE_VIM" = true ] ; then
436 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
447 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
437 fi
448 fi
438
449
439 # Add dropbear package instead of openssh-server
450 # Add dropbear package instead of openssh-server
440 if [ "$REDUCE_SSHD" = true ] ; then
451 if [ "$REDUCE_SSHD" = true ] ; then
441 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/openssh-server/dropbear/")"
452 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/openssh-server/dropbear/")"
442 fi
453 fi
443 fi
454 fi
444
455
445 # Configure kernel sources if no KERNELSRC_DIR
456 # Configure kernel sources if no KERNELSRC_DIR
446 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
457 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
447 KERNELSRC_CONFIG=true
458 KERNELSRC_CONFIG=true
448 fi
459 fi
449
460
450 # Configure reduced kernel
461 # Configure reduced kernel
451 if [ "$KERNEL_REDUCE" = true ] ; then
462 if [ "$KERNEL_REDUCE" = true ] ; then
452 KERNELSRC_CONFIG=false
463 KERNELSRC_CONFIG=false
453 fi
464 fi
454
465
455 # Execute bootstrap scripts
466 # Execute bootstrap scripts
456 for SCRIPT in bootstrap.d/*.sh; do
467 for SCRIPT in bootstrap.d/*.sh; do
457 head -n 3 "$SCRIPT"
468 head -n 3 "$SCRIPT"
458 . "$SCRIPT"
469 . "$SCRIPT"
459 done
470 done
460
471
461 ## Execute custom bootstrap scripts
472 ## Execute custom bootstrap scripts
462 if [ -d "custom.d" ] ; then
473 if [ -d "custom.d" ] ; then
463 for SCRIPT in custom.d/*.sh; do
474 for SCRIPT in custom.d/*.sh; do
464 . "$SCRIPT"
475 . "$SCRIPT"
465 done
476 done
466 fi
477 fi
467
478
468 # Execute custom scripts inside the chroot
479 # Execute custom scripts inside the chroot
469 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
480 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
470 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
481 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
471 chroot_exec /bin/bash -x <<'EOF'
482 chroot_exec /bin/bash -x <<'EOF'
472 for SCRIPT in /chroot_scripts/* ; do
483 for SCRIPT in /chroot_scripts/* ; do
473 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
484 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
474 $SCRIPT
485 $SCRIPT
475 fi
486 fi
476 done
487 done
477 EOF
488 EOF
478 rm -rf "${R}/chroot_scripts"
489 rm -rf "${R}/chroot_scripts"
479 fi
490 fi
480
491
481 # Remove c/c++ build environment from the chroot
492 # Remove c/c++ build environment from the chroot
482 chroot_remove_cc
493 chroot_remove_cc
483
494
484 # Remove apt-utils
495 # Remove apt-utils
485 if [ "$RELEASE" = "jessie" ] ; then
496 if [ "$RELEASE" = "jessie" ] ; then
486 chroot_exec apt-get purge -qq -y --force-yes apt-utils
497 chroot_exec apt-get purge -qq -y --force-yes apt-utils
487 fi
498 fi
488
499
489 # Generate required machine-id
500 # Generate required machine-id
490 MACHINE_ID=$(dbus-uuidgen)
501 MACHINE_ID=$(dbus-uuidgen)
491 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
502 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
492 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
503 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
493
504
494 # APT Cleanup
505 # APT Cleanup
495 chroot_exec apt-get -y clean
506 chroot_exec apt-get -y clean
496 chroot_exec apt-get -y autoclean
507 chroot_exec apt-get -y autoclean
497 chroot_exec apt-get -y autoremove
508 chroot_exec apt-get -y autoremove
498
509
499 # Unmount mounted filesystems
510 # Unmount mounted filesystems
500 umount -l "${R}/proc"
511 umount -l "${R}/proc"
501 umount -l "${R}/sys"
512 umount -l "${R}/sys"
502
513
503 # Clean up directories
514 # Clean up directories
504 rm -rf "${R}/run/*"
515 rm -rf "${R}/run/*"
505 rm -rf "${R}/tmp/*"
516 rm -rf "${R}/tmp/*"
506
517
507 # Clean up files
518 # Clean up files
508 rm -f "${ETC_DIR}/ssh/ssh_host_*"
519 rm -f "${ETC_DIR}/ssh/ssh_host_*"
509 rm -f "${ETC_DIR}/dropbear/dropbear_*"
520 rm -f "${ETC_DIR}/dropbear/dropbear_*"
510 rm -f "${ETC_DIR}/apt/sources.list.save"
521 rm -f "${ETC_DIR}/apt/sources.list.save"
511 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
522 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
512 rm -f "${ETC_DIR}/*-"
523 rm -f "${ETC_DIR}/*-"
513 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
524 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
514 rm -f "${ETC_DIR}/resolv.conf"
525 rm -f "${ETC_DIR}/resolv.conf"
515 rm -f "${R}/root/.bash_history"
526 rm -f "${R}/root/.bash_history"
516 rm -f "${R}/var/lib/urandom/random-seed"
527 rm -f "${R}/var/lib/urandom/random-seed"
517 rm -f "${R}/initrd.img"
528 rm -f "${R}/initrd.img"
518 rm -f "${R}/vmlinuz"
529 rm -f "${R}/vmlinuz"
519 rm -f "${R}${QEMU_BINARY}"
530 rm -f "${R}${QEMU_BINARY}"
520
531
521 # Calculate size of the chroot directory in KB
532 # Calculate size of the chroot directory in KB
522 CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`)
533 CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`)
523
534
524 # Calculate the amount of needed 512 Byte sectors
535 # Calculate the amount of needed 512 Byte sectors
525 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
536 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
526 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
537 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
527 ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS})
538 ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS})
528
539
529 # The root partition is EXT4
540 # The root partition is EXT4
530 # This means more space than the actual used space of the chroot is used.
541 # This means more space than the actual used space of the chroot is used.
531 # As overhead for journaling and reserved blocks 25% are added.
542 # As overhead for journaling and reserved blocks 25% are added.
532 ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 25) \* 1024 \/ 512)
543 ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 25) \* 1024 \/ 512)
533
544
534 # Calculate required image size in 512 Byte sectors
545 # Calculate required image size in 512 Byte sectors
535 IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS})
546 IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS})
536
547
537 # Prepare image file
548 # Prepare image file
538 if [ "$ENABLE_SPLITFS" = true ] ; then
549 if [ "$ENABLE_SPLITFS" = true ] ; then
539 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=${TABLE_SECTORS}
550 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=${TABLE_SECTORS}
540 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS}
551 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS}
541 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=${TABLE_SECTORS}
552 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=${TABLE_SECTORS}
542 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek=${ROOT_SECTORS}
553 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek=${ROOT_SECTORS}
543
554
544 # Write firmware/boot partition tables
555 # Write firmware/boot partition tables
545 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
556 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
546 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
557 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
547 EOM
558 EOM
548
559
549 # Write root partition table
560 # Write root partition table
550 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
561 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
551 ${TABLE_SECTORS},${ROOT_SECTORS},83
562 ${TABLE_SECTORS},${ROOT_SECTORS},83
552 EOM
563 EOM
553
564
554 # Setup temporary loop devices
565 # Setup temporary loop devices
555 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME-frmw.img)"
566 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME-frmw.img)"
556 ROOT_LOOP="$(losetup -o 1M -f --show $IMAGE_NAME-root.img)"
567 ROOT_LOOP="$(losetup -o 1M -f --show $IMAGE_NAME-root.img)"
557 else # ENABLE_SPLITFS=false
568 else # ENABLE_SPLITFS=false
558 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=${TABLE_SECTORS}
569 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=${TABLE_SECTORS}
559 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek=${IMAGE_SECTORS}
570 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek=${IMAGE_SECTORS}
560
571
561 # Write partition table
572 # Write partition table
562 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
573 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
563 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
574 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
564 ${ROOT_OFFSET},${ROOT_SECTORS},83
575 ${ROOT_OFFSET},${ROOT_SECTORS},83
565 EOM
576 EOM
566
577
567 # Setup temporary loop devices
578 # Setup temporary loop devices
568 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME.img)"
579 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME.img)"
569 ROOT_LOOP="$(losetup -o 65M -f --show $IMAGE_NAME.img)"
580 ROOT_LOOP="$(losetup -o 65M -f --show $IMAGE_NAME.img)"
570 fi
581 fi
571
582
572 if [ "$ENABLE_CRYPTFS" = true ] ; then
583 if [ "$ENABLE_CRYPTFS" = true ] ; then
573 # Create dummy ext4 fs
584 # Create dummy ext4 fs
574 mkfs.ext4 "$ROOT_LOOP"
585 mkfs.ext4 "$ROOT_LOOP"
575
586
576 # Setup password keyfile
587 # Setup password keyfile
577 touch .password
588 touch .password
578 chmod 600 .password
589 chmod 600 .password
579 echo -n ${CRYPTFS_PASSWORD} > .password
590 echo -n ${CRYPTFS_PASSWORD} > .password
580
591
581 # Initialize encrypted partition
592 # Initialize encrypted partition
582 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
593 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
583
594
584 # Open encrypted partition and setup mapping
595 # Open encrypted partition and setup mapping
585 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
596 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
586
597
587 # Secure delete password keyfile
598 # Secure delete password keyfile
588 shred -zu .password
599 shred -zu .password
589
600
590 # Update temporary loop device
601 # Update temporary loop device
591 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
602 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
592
603
593 # Wipe encrypted partition (encryption cipher is used for randomness)
604 # Wipe encrypted partition (encryption cipher is used for randomness)
594 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count=$(blockdev --getsz "${ROOT_LOOP}")
605 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count=$(blockdev --getsz "${ROOT_LOOP}")
595 fi
606 fi
596
607
597 # Build filesystems
608 # Build filesystems
598 mkfs.vfat "$FRMW_LOOP"
609 mkfs.vfat "$FRMW_LOOP"
599 mkfs.ext4 "$ROOT_LOOP"
610 mkfs.ext4 "$ROOT_LOOP"
600
611
601 # Mount the temporary loop devices
612 # Mount the temporary loop devices
602 mkdir -p "$BUILDDIR/mount"
613 mkdir -p "$BUILDDIR/mount"
603 mount "$ROOT_LOOP" "$BUILDDIR/mount"
614 mount "$ROOT_LOOP" "$BUILDDIR/mount"
604
615
605 mkdir -p "$BUILDDIR/mount/boot/firmware"
616 mkdir -p "$BUILDDIR/mount/boot/firmware"
606 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
617 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
607
618
608 # Copy all files from the chroot to the loop device mount point directory
619 # Copy all files from the chroot to the loop device mount point directory
609 rsync -a "${R}/" "$BUILDDIR/mount/"
620 rsync -a "${R}/" "$BUILDDIR/mount/"
610
621
611 # Unmount all temporary loop devices and mount points
622 # Unmount all temporary loop devices and mount points
612 cleanup
623 cleanup
613
624
614 # Create block map file(s) of image(s)
625 # Create block map file(s) of image(s)
615 if [ "$ENABLE_SPLITFS" = true ] ; then
626 if [ "$ENABLE_SPLITFS" = true ] ; then
616 # Create block map files for "bmaptool"
627 # Create block map files for "bmaptool"
617 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
628 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
618 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
629 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
619
630
620 # Image was successfully created
631 # Image was successfully created
621 echo "$IMAGE_NAME-frmw.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
632 echo "$IMAGE_NAME-frmw.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
622 echo "$IMAGE_NAME-root.img ($(expr \( ${TABLE_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
633 echo "$IMAGE_NAME-root.img ($(expr \( ${TABLE_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
623 else
634 else
624 # Create block map file for "bmaptool"
635 # Create block map file for "bmaptool"
625 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
636 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
626
637
627 # Image was successfully created
638 # Image was successfully created
628 echo "$IMAGE_NAME.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
639 echo "$IMAGE_NAME.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
629 fi
640 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant