Raspi2-3_GenImage Commit - r54:f6d8c17fbf01 · Collaboration Tremplin des Sciences

1

#!/bin/sh

1

#!/bin/sh

2

3

########################################################################

3

########################################################################

4

# rpi2-gen-image.sh ver2a 12/2015

4

# rpi2-gen-image.sh ver2a 12/2015

5

#

5

#

6

# Advanced debian "jessie" bootstrap script for RPi2

6

# Advanced debian "jessie" bootstrap script for RPi2

7

#

7

#

8

# This program is free software; you can redistribute it and/or

8

# This program is free software; you can redistribute it and/or

9

# modify it under the terms of the GNU General Public License

9

# modify it under the terms of the GNU General Public License

10

# as published by the Free Software Foundation; either version 2

10

# as published by the Free Software Foundation; either version 2

11

# of the License, or (at your option) any later version.

11

# of the License, or (at your option) any later version.

12

#

12

#

13

# some parts based on rpi2-build-image:

13

# some parts based on rpi2-build-image:

14

15

16

########################################################################

16

########################################################################

17

18

# Clean up all temporary mount points

18

# Clean up all temporary mount points

19

cleanup (){

19

cleanup (){

20

set +x

20

set +x

21

set +e

21

set +e

22

echo "removing temporary mount points ..."

22

echo "removing temporary mount points ..."

23

umount -l $R/proc 2> /dev/null

23

umount -l $R/proc 2> /dev/null

24

umount -l $R/sys 2> /dev/null

24

umount -l $R/sys 2> /dev/null

25

umount -l $R/dev/pts 2> /dev/null

25

umount -l $R/dev/pts 2> /dev/null

26

umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null

26

umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null

27

umount "$BUILDDIR/mount" 2> /dev/null

27

umount "$BUILDDIR/mount" 2> /dev/null

28

losetup -d "$EXT4_LOOP" 2> /dev/null

28

losetup -d "$EXT4_LOOP" 2> /dev/null

29

losetup -d "$VFAT_LOOP" 2> /dev/null

29

losetup -d "$VFAT_LOOP" 2> /dev/null

30

trap - 0 1 2 3 6

30

trap - 0 1 2 3 6

31

}

31

}

32

33

# Exec command in chroot

33

# Exec command in chroot

34

chroot_exec() {

34

chroot_exec() {

35

LANG=C LC_ALL=C chroot $R $*

35

LANG=C LC_ALL=C chroot $R $*

36

}

36

}

37

38

set -e

38

set -e

39

set -x

39

set -x

40

41

# Debian release

41

# Debian release

42

RELEASE=${RELEASE:=jessie}

42

RELEASE=${RELEASE:=jessie}

43

KERNEL=${KERNEL:=3.18.0-trunk-rpi2}

43

KERNEL=${KERNEL:=3.18.0-trunk-rpi2}

44

45

# Build settings

45

# Build settings

46

BASEDIR=./images/${RELEASE}

46

BASEDIR=./images/${RELEASE}

47

BUILDDIR=${BASEDIR}/build

47

BUILDDIR=${BASEDIR}/build

48

49

# General settings

49

# General settings

50

HOSTNAME=${HOSTNAME:=rpi2-${RELEASE}}

50

HOSTNAME=${HOSTNAME:=rpi2-${RELEASE}}

51

PASSWORD=${PASSWORD:=raspberry}

51

PASSWORD=${PASSWORD:=raspberry}

52

DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}

52

DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}

53

TIMEZONE=${TIMEZONE:="Europe/Berlin"}

53

TIMEZONE=${TIMEZONE:="Europe/Berlin"}

54

XKBMODEL=${XKBMODEL:=""}

54

XKBMODEL=${XKBMODEL:=""}

55

XKBLAYOUT=${XKBLAYOUT:=""}

55

XKBLAYOUT=${XKBLAYOUT:=""}

56

XKBVARIANT=${XKBVARIANT:=""}

56

XKBVARIANT=${XKBVARIANT:=""}

57

XKBOPTIONS=${XKBOPTIONS:=""}

57

XKBOPTIONS=${XKBOPTIONS:=""}

58

EXPANDROOT=${EXPANDROOT:=true}

58

EXPANDROOT=${EXPANDROOT:=true}

59

60

# Network settings

60

# Network settings

61

ENABLE_DHCP=${ENABLE_DHCP:=true}

61

ENABLE_DHCP=${ENABLE_DHCP:=true}

62

# NET_* settings are ignored when ENABLE_DHCP=true

62

# NET_* settings are ignored when ENABLE_DHCP=true

63

# NET_ADDRESS is an IPv4 or IPv6 address and its prefix, separated by "/"

63

# NET_ADDRESS is an IPv4 or IPv6 address and its prefix, separated by "/"

64

NET_ADDRESS=${NET_ADDRESS:=""}

64

NET_ADDRESS=${NET_ADDRESS:=""}

65

NET_GATEWAY=${NET_GATEWAY:=""}

65

NET_GATEWAY=${NET_GATEWAY:=""}

66

NET_DNS_1=${NET_DNS_1:=""}

66

NET_DNS_1=${NET_DNS_1:=""}

67

NET_DNS_2=${NET_DNS_2:=""}

67

NET_DNS_2=${NET_DNS_2:=""}

68

NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}

68

NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}

69

NET_NTP_1=${NET_NTP_1:=""}

69

NET_NTP_1=${NET_NTP_1:=""}

70

NET_NTP_2=${NET_NTP_2:=""}

70

NET_NTP_2=${NET_NTP_2:=""}

71

72

# APT settings

72

# APT settings

73

APT_PROXY=${APT_PROXY:=""}

73

APT_PROXY=${APT_PROXY:=""}

74

APT_SERVER=${APT_SERVER:="ftp.debian.org"}

74

APT_SERVER=${APT_SERVER:="ftp.debian.org"}

75

76

# Feature settings

76

# Feature settings

77

ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}

77

ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}

78

ENABLE_IPV6=${ENABLE_IPV6:=true}

78

ENABLE_IPV6=${ENABLE_IPV6:=true}

79

ENABLE_SSHD=${ENABLE_SSHD:=true}

79

ENABLE_SSHD=${ENABLE_SSHD:=true}

80

ENABLE_SOUND=${ENABLE_SOUND:=true}

80

ENABLE_SOUND=${ENABLE_SOUND:=true}

81

ENABLE_DBUS=${ENABLE_DBUS:=true}

81

ENABLE_DBUS=${ENABLE_DBUS:=true}

82

ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}

82

ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}

83

ENABLE_MINGPU=${ENABLE_MINGPU:=false}

83

ENABLE_MINGPU=${ENABLE_MINGPU:=false}

84

ENABLE_XORG=${ENABLE_XORG:=false}

84

ENABLE_XORG=${ENABLE_XORG:=false}

85

ENABLE_WM=${ENABLE_WM:=""}

85

ENABLE_WM=${ENABLE_WM:=""}

86

ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}

86

ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}

87

ENABLE_USER=${ENABLE_USER:=true}

87

ENABLE_USER=${ENABLE_USER:=true}

88

ENABLE_ROOT=${ENABLE_ROOT:=false}

88

ENABLE_ROOT=${ENABLE_ROOT:=false}

89

ENABLE_ROOT_SSH=${ENABLE_ROOT_SSH:=false}

89

ENABLE_ROOT_SSH=${ENABLE_ROOT_SSH:=false}

90

91

# Advanced settings

91

# Advanced settings

92

ENABLE_MINBASE=${ENABLE_MINBASE:=false}

92

ENABLE_MINBASE=${ENABLE_MINBASE:=false}

93

ENABLE_UBOOT=${ENABLE_UBOOT:=false}

93

ENABLE_UBOOT=${ENABLE_UBOOT:=false}

94

ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}

94

ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}

95

ENABLE_HARDNET=${ENABLE_HARDNET:=false}

95

ENABLE_HARDNET=${ENABLE_HARDNET:=false}

96

ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}

96

ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}

97

98

# Image chroot path

98

# Image chroot path

99

R=${BUILDDIR}/chroot

99

R=${BUILDDIR}/chroot

100

CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}

100

101

# Packages required for bootstrapping

102

# Packages required for bootstrapping

102

REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git-core"

103

REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git-core"

103

104

# Missing packages that need to be installed

105

# Missing packages that need to be installed

105

MISSING_PACKAGES=""

106

MISSING_PACKAGES=""

106

107

# Packages required in the chroot build environment

108

# Packages required in the chroot build environment

108

APT_INCLUDES=${APT_INCLUDES:=""}

109

APT_INCLUDES=${APT_INCLUDES:=""}

109

APT_INCLUDES="${APT_INCLUDES},apt-transport-https,ca-certificates,debian-archive-keyring,dialog,sudo"

110

APT_INCLUDES="${APT_INCLUDES},apt-transport-https,ca-certificates,debian-archive-keyring,dialog,sudo"

110

111

set +x

112

set +x

112

113

# Are we running as root?

114

# Are we running as root?

114

if [ "$(id -u)" -ne "0" ] ; then

115

if [ "$(id -u)" -ne "0" ] ; then

115

echo "this script must be executed with root privileges"

116

echo "this script must be executed with root privileges"

116

exit 1

117

exit 1

117

fi

118

fi

118

119

# Check if all required packages are installed

120

# Check if all required packages are installed

120

for package in $REQUIRED_PACKAGES ; do

121

for package in $REQUIRED_PACKAGES ; do

121

if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then

122

if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then

122

MISSING_PACKAGES="$MISSING_PACKAGES $package"

123

MISSING_PACKAGES="$MISSING_PACKAGES $package"

123

fi

124

fi

124

done

125

done

125

126

# Ask if missing packages should get installed right now

127

# Ask if missing packages should get installed right now

127

if [ -n "$MISSING_PACKAGES" ] ; then

128

if [ -n "$MISSING_PACKAGES" ] ; then

128

echo "the following packages needed by this script are not installed:"

129

echo "the following packages needed by this script are not installed:"

129

echo "$MISSING_PACKAGES"

130

echo "$MISSING_PACKAGES"

130

131

echo -n "\ndo you want to install the missing packages right now? [y/n] "

132

echo -n "\ndo you want to install the missing packages right now? [y/n] "

132

read confirm

133

read confirm

133

if [ "$confirm" != "y" ] ; then

134

if [ "$confirm" != "y" ] ; then

134

exit 1

135

exit 1

135

fi

136

fi

136

fi

137

fi

137

138

# Make sure all required packages are installed

139

# Make sure all required packages are installed

139

apt-get -qq -y install ${REQUIRED_PACKAGES}

140

apt-get -qq -y install ${REQUIRED_PACKAGES}

140

141

# Don't clobber an old build

142

# Don't clobber an old build

142

if [ -e "$BUILDDIR" ]; then

143

if [ -e "$BUILDDIR" ]; then

143

echo "directory $BUILDDIR already exists, not proceeding"

144

echo "directory $BUILDDIR already exists, not proceeding"

144

exit 1

145

exit 1

145

fi

146

fi

146

147

set -x

148

set -x

148

149

# Call "cleanup" function on various signals and errors

150

# Call "cleanup" function on various signals and errors

150

trap cleanup 0 1 2 3 6

151

trap cleanup 0 1 2 3 6

151

152

# Set up chroot directory

153

# Set up chroot directory

153

mkdir -p $R

154

mkdir -p $R

154

155

# Add required packages for the minbase installation

156

# Add required packages for the minbase installation

156

if [ "$ENABLE_MINBASE" = true ] ; then

157

if [ "$ENABLE_MINBASE" = true ] ; then

157

APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools"

158

APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools"

158

else

159

else

159

APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"

160

APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"

160

fi

161

fi

161

162

# Add parted package, required to get partprobe utility

163

# Add parted package, required to get partprobe utility

163

if [ "$EXPANDROOT" = true ] ; then

164

if [ "$EXPANDROOT" = true ] ; then

164

APT_INCLUDES="${APT_INCLUDES},parted"

165

APT_INCLUDES="${APT_INCLUDES},parted"

165

fi

166

fi

166

167

# Add dbus package, recommended if using systemd

168

# Add dbus package, recommended if using systemd

168

if [ "$ENABLE_DBUS" = true ] ; then

169

if [ "$ENABLE_DBUS" = true ] ; then

169

APT_INCLUDES="${APT_INCLUDES},dbus"

170

APT_INCLUDES="${APT_INCLUDES},dbus"

170

fi

171

fi

171

172

# Add iptables IPv4/IPv6 package

173

# Add iptables IPv4/IPv6 package

173

if [ "$ENABLE_IPTABLES" = true ] ; then

174

if [ "$ENABLE_IPTABLES" = true ] ; then

174

APT_INCLUDES="${APT_INCLUDES},iptables"

175

APT_INCLUDES="${APT_INCLUDES},iptables"

175

fi

176

fi

176

177

# Add openssh server package

178

# Add openssh server package

178

if [ "$ENABLE_SSHD" = true ] ; then

179

if [ "$ENABLE_SSHD" = true ] ; then

179

APT_INCLUDES="${APT_INCLUDES},openssh-server"

180

APT_INCLUDES="${APT_INCLUDES},openssh-server"

180

fi

181

fi

181

182

# Add alsa-utils package

183

# Add alsa-utils package

183

if [ "$ENABLE_SOUND" = true ] ; then

184

if [ "$ENABLE_SOUND" = true ] ; then

184

APT_INCLUDES="${APT_INCLUDES},alsa-utils"

185

APT_INCLUDES="${APT_INCLUDES},alsa-utils"

185

fi

186

fi

186

187

# Add rng-tools package

188

# Add rng-tools package

188

if [ "$ENABLE_HWRANDOM" = true ] ; then

189

if [ "$ENABLE_HWRANDOM" = true ] ; then

189

APT_INCLUDES="${APT_INCLUDES},rng-tools"

190

APT_INCLUDES="${APT_INCLUDES},rng-tools"

190

fi

191

fi

191

192

if [ "$ENABLE_USER" = true ]; then

193

if [ "$ENABLE_USER" = true ]; then

193

APT_INCLUDES="${APT_INCLUDES},sudo"

194

APT_INCLUDES="${APT_INCLUDES},sudo"

194

fi

195

fi

195

196

# Add fbturbo video driver

197

# Add fbturbo video driver

197

if [ "$ENABLE_FBTURBO" = true ] ; then

198

if [ "$ENABLE_FBTURBO" = true ] ; then

198

# Enable xorg package dependencies

199

# Enable xorg package dependencies

199

ENABLE_XORG=true

200

ENABLE_XORG=true

200

fi

201

fi

201

202

# Add user defined window manager package

203

# Add user defined window manager package

203

if [ -n "$ENABLE_WM" ] ; then

204

if [ -n "$ENABLE_WM" ] ; then

204

APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"

205

APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"

205

206

# Enable xorg package dependencies

207

# Enable xorg package dependencies

207

ENABLE_XORG=true

208

ENABLE_XORG=true

208

fi

209

fi

209

210

# Add xorg package

211

# Add xorg package

211

if [ "$ENABLE_XORG" = true ] ; then

212

if [ "$ENABLE_XORG" = true ] ; then

212

APT_INCLUDES="${APT_INCLUDES},xorg"

213

APT_INCLUDES="${APT_INCLUDES},xorg"

213

fi

214

fi

214

215

# Base debootstrap (unpack only)

216

# Base debootstrap (unpack only)

216

if [ "$ENABLE_MINBASE" = true ] ; then

217

if [ "$ENABLE_MINBASE" = true ] ; then

217

http_proxy=${APT_PROXY} debootstrap --arch=armhf --variant=minbase --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian

218

http_proxy=${APT_PROXY} debootstrap --arch=armhf --variant=minbase --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian

218

else

219

else

219

http_proxy=${APT_PROXY} debootstrap --arch=armhf --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian

220

http_proxy=${APT_PROXY} debootstrap --arch=armhf --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian

220

fi

221

fi

221

222

# Copy qemu emulator binary to chroot

223

# Copy qemu emulator binary to chroot

223

cp /usr/bin/qemu-arm-static $R/usr/bin

224

cp /usr/bin/qemu-arm-static $R/usr/bin

224

225

# Copy debian-archive-keyring.pgp

226

# Copy debian-archive-keyring.pgp

226

chroot $R mkdir -p /usr/share/keyrings

227

chroot $R mkdir -p /usr/share/keyrings

227

cp /usr/share/keyrings/debian-archive-keyring.gpg $R/usr/share/keyrings/debian-archive-keyring.gpg

228

cp /usr/share/keyrings/debian-archive-keyring.gpg $R/usr/share/keyrings/debian-archive-keyring.gpg

228

229

# Complete the bootstrapping process

230

# Complete the bootstrapping process

230

chroot $R /debootstrap/debootstrap --second-stage

231

chroot $R /debootstrap/debootstrap --second-stage

231

232

# Mount required filesystems

233

# Mount required filesystems

233

mount -t proc none $R/proc

234

mount -t proc none $R/proc

234

mount -t sysfs none $R/sys

235

mount -t sysfs none $R/sys

235

mount --bind /dev/pts $R/dev/pts

236

mount --bind /dev/pts $R/dev/pts

236

237

# Use proxy inside chroot

238

# Use proxy inside chroot

238

if [ -z "$APT_PROXY" ] ; then

239

if [ -z "$APT_PROXY" ] ; then

239

echo "Acquire::http::Proxy \"$APT_PROXY\";" >> $R/etc/apt/apt.conf.d/10proxy

240

echo "Acquire::http::Proxy \"$APT_PROXY\";" >> $R/etc/apt/apt.conf.d/10proxy

240

fi

241

fi

241

242

# Pin package flash-kernel to repositories.collabora.co.uk

243

# Pin package flash-kernel to repositories.collabora.co.uk

243

cat <<EOM >$R/etc/apt/preferences.d/flash-kernel

244

cat <<EOM >$R/etc/apt/preferences.d/flash-kernel

244

Package: flash-kernel

245

Package: flash-kernel

245

Pin: origin repositories.collabora.co.uk

246

Pin: origin repositories.collabora.co.uk

246

Pin-Priority: 1000

247

Pin-Priority: 1000

247

EOM

248

EOM

248

249

# Set up timezone

250

# Set up timezone

250

echo ${TIMEZONE} >$R/etc/timezone

251

echo ${TIMEZONE} >$R/etc/timezone

251

chroot_exec dpkg-reconfigure -f noninteractive tzdata

252

chroot_exec dpkg-reconfigure -f noninteractive tzdata

252

253

# Upgrade collabora package index and install collabora keyring

254

# Upgrade collabora package index and install collabora keyring

254

echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >$R/etc/apt/sources.list

255

echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >$R/etc/apt/sources.list

255

chroot_exec apt-get -qq -y update

256

chroot_exec apt-get -qq -y update

256

chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring

257

chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring

257

258

# Set up initial sources.list

259

# Set up initial sources.list

259

cat <<EOM >$R/etc/apt/sources.list

260

cat <<EOM >$R/etc/apt/sources.list

260

deb http://${APT_SERVER}/debian ${RELEASE} main contrib

261

deb http://${APT_SERVER}/debian ${RELEASE} main contrib

261

#deb-src http://${APT_SERVER}/debian ${RELEASE} main contrib

262

#deb-src http://${APT_SERVER}/debian ${RELEASE} main contrib

262

263

deb http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib

264

deb http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib

264

#deb-src http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib

265

#deb-src http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib

265

266

deb http://security.debian.org/ ${RELEASE}/updates main contrib

267

deb http://security.debian.org/ ${RELEASE}/updates main contrib

267

#deb-src http://security.debian.org/ ${RELEASE}/updates main contrib

268

#deb-src http://security.debian.org/ ${RELEASE}/updates main contrib

268

269

deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2

270

deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2

270

EOM

271

EOM

271

272

# Upgrade package index and update all installed packages and changed dependencies

273

# Upgrade package index and update all installed packages and changed dependencies

273

chroot_exec apt-get -qq -y update

274

chroot_exec apt-get -qq -y update

274

chroot_exec apt-get -qq -y -u dist-upgrade

275

chroot_exec apt-get -qq -y -u dist-upgrade

275

276

# Set up default locale and keyboard configuration

277

# Set up default locale and keyboard configuration

277

if [ "$ENABLE_MINBASE" = false ] ; then

278

if [ "$ENABLE_MINBASE" = false ] ; then

278

# Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug

279

# Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug

279

# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957

280

# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957

280

# ... so we have to set locales manually

281

# ... so we have to set locales manually

281

if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then

282

if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then

282

chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections

283

chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections

283

else

284

else

284

# en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale

285

# en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale

285

chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections

286

chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections

286

chroot_exec sed -i "/en_US.UTF-8/s/^#//" /etc/locale.gen

287

chroot_exec sed -i "/en_US.UTF-8/s/^#//" /etc/locale.gen

287

fi

288

fi

288

chroot_exec sed -i "/${DEFLOCAL}/s/^#//" /etc/locale.gen

289

chroot_exec sed -i "/${DEFLOCAL}/s/^#//" /etc/locale.gen

289

chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections

290

chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections

290

chroot_exec locale-gen

291

chroot_exec locale-gen

291

chroot_exec update-locale LANG=${DEFLOCAL}

292

chroot_exec update-locale LANG=${DEFLOCAL}

292

293

# Keyboard configuration, if requested

294

# Keyboard configuration, if requested

294

if [ "$XKBMODEL" != "" ] ; then

295

if [ "$XKBMODEL" != "" ] ; then

295

chroot_exec sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKBMODEL}\"/" /etc/default/keyboard

296

chroot_exec sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKBMODEL}\"/" /etc/default/keyboard

296

fi

297

fi

297

if [ "$XKBLAYOUT" != "" ] ; then

298

if [ "$XKBLAYOUT" != "" ] ; then

298

chroot_exec sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKBLAYOUT}\"/" /etc/default/keyboard

299

chroot_exec sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKBLAYOUT}\"/" /etc/default/keyboard

299

fi

300

fi

300

if [ "$XKBVARIANT" != "" ] ; then

301

if [ "$XKBVARIANT" != "" ] ; then

301

chroot_exec sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKBVARIANT}\"/" /etc/default/keyboard

302

chroot_exec sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKBVARIANT}\"/" /etc/default/keyboard

302

fi

303

fi

303

if [ "$XKBOPTIONS" != "" ] ; then

304

if [ "$XKBOPTIONS" != "" ] ; then

304

chroot_exec sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKBOPTIONS}\"/" /etc/default/keyboard

305

chroot_exec sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKBOPTIONS}\"/" /etc/default/keyboard

305

fi

306

fi

306

chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration

307

chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration

307

# Set up font console

308

# Set up font console

308

case "${DEFLOCAL}" in

309

case "${DEFLOCAL}" in

309

*UTF-8)

310

*UTF-8)

310

chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' /etc/default/console-setup

311

chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' /etc/default/console-setup

311

;;

312

;;

312

*)

313

*)

313

chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="guess"/' /etc/default/console-setup

314

chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="guess"/' /etc/default/console-setup

314

;;

315

;;

315

esac

316

esac

316

chroot_exec dpkg-reconfigure -f noninteractive console-setup

317

chroot_exec dpkg-reconfigure -f noninteractive console-setup

317

fi

318

fi

318

319

# Kernel installation

320

# Kernel installation

320

# Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot

321

# Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot

321

chroot_exec apt-get -qq -y --no-install-recommends install linux-image-${KERNEL} raspberrypi-bootloader-nokernel

322

chroot_exec apt-get -qq -y --no-install-recommends install linux-image-${KERNEL} raspberrypi-bootloader-nokernel

322

chroot_exec apt-get -qq -y install flash-kernel

323

chroot_exec apt-get -qq -y install flash-kernel

323

324

VMLINUZ="$(ls -1 $R/boot/vmlinuz-* | sort | tail -n 1)"

325

VMLINUZ="$(ls -1 $R/boot/vmlinuz-* | sort | tail -n 1)"

325

[ -z "$VMLINUZ" ] && exit 1

326

[ -z "$VMLINUZ" ] && exit 1

326

cp $VMLINUZ $R/boot/firmware/kernel7.img

327

cp $VMLINUZ $R/boot/firmware/kernel7.img

327

328

# Set up IPv4 hosts

329

# Set up IPv4 hosts

329

echo ${HOSTNAME} >$R/etc/hostname

330

echo ${HOSTNAME} >$R/etc/hostname

330

cat <<EOM >$R/etc/hosts

331

cat <<EOM >$R/etc/hosts

331

127.0.0.1 localhost

332

127.0.0.1 localhost

332

127.0.1.1 ${HOSTNAME}

333

127.0.1.1 ${HOSTNAME}

333

EOM

334

EOM

334

if [ "$NET_ADDRESS" != "" ] ; then

335

if [ "$NET_ADDRESS" != "" ] ; then

335

NET_IP=$(echo ${NET_ADDRESS} | cut -f 1 -d'/')

336

NET_IP=$(echo ${NET_ADDRESS} | cut -f 1 -d'/')

336

sed -i "s/^127.0.1.1/${NET_IP}/" $R/etc/hosts

337

sed -i "s/^127.0.1.1/${NET_IP}/" $R/etc/hosts

337

fi

338

fi

338

339

# Set up IPv6 hosts

340

# Set up IPv6 hosts

340

if [ "$ENABLE_IPV6" = true ] ; then

341

if [ "$ENABLE_IPV6" = true ] ; then

341

cat <<EOM >>$R/etc/hosts

342

cat <<EOM >>$R/etc/hosts

342

343

::1 localhost ip6-localhost ip6-loopback

344

::1 localhost ip6-localhost ip6-loopback

344

ff02::1 ip6-allnodes

345

ff02::1 ip6-allnodes

345

ff02::2 ip6-allrouters

346

ff02::2 ip6-allrouters

346

EOM

347

EOM

347

fi

348

fi

348

349

# Place hint about network configuration

350

# Place hint about network configuration

350

cat <<EOM >$R/etc/network/interfaces

351

cat <<EOM >$R/etc/network/interfaces

351

# Debian switched to systemd-networkd configuration files.

352

# Debian switched to systemd-networkd configuration files.

352

# please configure your networks in '/etc/systemd/network/'

353

# please configure your networks in '/etc/systemd/network/'

353

EOM

354

EOM

354

355

if [ "$ENABLE_DHCP" = true ] ; then

356

if [ "$ENABLE_DHCP" = true ] ; then

356

# Enable systemd-networkd DHCP configuration for interface eth0

357

# Enable systemd-networkd DHCP configuration for interface eth0

357

cat <<EOM >$R/etc/systemd/network/eth.network

358

cat <<EOM >$R/etc/systemd/network/eth.network

358

[Match]

359

[Match]

359

Name=eth0

360

Name=eth0

360

361

[Network]

362

[Network]

362

DHCP=yes

363

DHCP=yes

363

EOM

364

EOM

364

365

# Set DHCP configuration to IPv4 only

366

# Set DHCP configuration to IPv4 only

366

if [ "$ENABLE_IPV6" = false ] ; then

367

if [ "$ENABLE_IPV6" = false ] ; then

367

sed -i "s/^DHCP=yes/DHCP=v4/" $R/etc/systemd/network/eth.network

368

sed -i "s/^DHCP=yes/DHCP=v4/" $R/etc/systemd/network/eth.network

368

fi

369

fi

369

else # ENABLE_DHCP=false

370

else # ENABLE_DHCP=false

370

cat <<EOM >$R/etc/systemd/network/eth.network

371

cat <<EOM >$R/etc/systemd/network/eth.network

371

[Match]

372

[Match]

372

Name=eth0

373

Name=eth0

373

374

[Network]

375

[Network]

375

DHCP=no

376

DHCP=no

376

Address=${NET_ADDRESS}

377

Address=${NET_ADDRESS}

377

Gateway=${NET_GATEWAY}

378

Gateway=${NET_GATEWAY}

378

DNS=${NET_DNS_1}

379

DNS=${NET_DNS_1}

379

DNS=${NET_DNS_2}

380

DNS=${NET_DNS_2}

380

Domains=${NET_DNS_DOMAINS}

381

Domains=${NET_DNS_DOMAINS}

381

NTP=${NET_NTP_1}

382

NTP=${NET_NTP_1}

382

NTP=${NET_NTP_2}

383

NTP=${NET_NTP_2}

383

EOM

384

EOM

384

fi

385

fi

385

386

# Enable systemd-networkd service

387

# Enable systemd-networkd service

387

chroot_exec systemctl enable systemd-networkd

388

chroot_exec systemctl enable systemd-networkd

388

389

# Generate crypt(3) password string

390

# Generate crypt(3) password string

390

ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 ${PASSWORD}`

391

ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 ${PASSWORD}`

391

392

# Set up default user

393

# Set up default user

393

if [ "$ENABLE_USER" = true ] ; then

394

if [ "$ENABLE_USER" = true ] ; then

394

chroot_exec adduser --gecos pi --add_extra_groups --disabled-password pi

395

chroot_exec adduser --gecos pi --add_extra_groups --disabled-password pi

395

chroot_exec usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi

396

chroot_exec usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi

396

fi

397

fi

397

398

# Set up root password or not

399

# Set up root password or not

399

if [ "$ENABLE_ROOT" = true ]; then

400

if [ "$ENABLE_ROOT" = true ]; then

400

chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root

401

chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root

401

402

if [ "$ENABLE_ROOT_SSH" = true ]; then

403

if [ "$ENABLE_ROOT_SSH" = true ]; then

403

sed -i 's|[#]*PermitRootLogin.*|PermitRootLogin yes|g' $R/etc/ssh/sshd_config

404

sed -i 's|[#]*PermitRootLogin.*|PermitRootLogin yes|g' $R/etc/ssh/sshd_config

404

fi

405

fi

405

else

406

else

406

chroot_exec usermod -p \'!\' root

407

chroot_exec usermod -p \'!\' root

407

fi

408

fi

408

409

# Set up firmware boot cmdline

410

# Set up firmware boot cmdline

410

CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1"

411

CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1"

411

412

# Set up serial console support (if requested)

413

# Set up serial console support (if requested)

413

if [ "$ENABLE_CONSOLE" = true ] ; then

414

if [ "$ENABLE_CONSOLE" = true ] ; then

414

CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"

415

CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"

415

fi

416

fi

416

417

# Set up IPv6 networking support

418

# Set up IPv6 networking support

418

if [ "$ENABLE_IPV6" = false ] ; then

419

if [ "$ENABLE_IPV6" = false ] ; then

419

CMDLINE="${CMDLINE} ipv6.disable=1"

420

CMDLINE="${CMDLINE} ipv6.disable=1"

420

fi

421

fi

421

422

echo "${CMDLINE}" >$R/boot/firmware/cmdline.txt

423

echo "${CMDLINE}" >$R/boot/firmware/cmdline.txt

423

424

# Set up firmware config

425

# Set up firmware config

425

install -o root -g root -m 644 files/config.txt $R/boot/firmware/config.txt

426

install -o root -g root -m 644 files/config.txt $R/boot/firmware/config.txt

426

427

# Load snd_bcm2835 kernel module at boot time

428

# Load snd_bcm2835 kernel module at boot time

428

if [ "$ENABLE_SOUND" = true ] ; then

429

if [ "$ENABLE_SOUND" = true ] ; then

429

echo "snd_bcm2835" >>$R/etc/modules

430

echo "snd_bcm2835" >>$R/etc/modules

430

fi

431

fi

431

432

# Set smallest possible GPU memory allocation size: 16MB (no X)

433

# Set smallest possible GPU memory allocation size: 16MB (no X)

433

if [ "$ENABLE_MINGPU" = true ] ; then

434

if [ "$ENABLE_MINGPU" = true ] ; then

434

echo "gpu_mem=16" >>$R/boot/firmware/config.txt

435

echo "gpu_mem=16" >>$R/boot/firmware/config.txt

435

fi

436

fi

436

437

# Create symlinks

438

# Create symlinks

438

ln -sf firmware/config.txt $R/boot/config.txt

439

ln -sf firmware/config.txt $R/boot/config.txt

439

ln -sf firmware/cmdline.txt $R/boot/cmdline.txt

440

ln -sf firmware/cmdline.txt $R/boot/cmdline.txt

440

441

# Prepare modules-load.d directory

442

# Prepare modules-load.d directory

442

mkdir -p $R/lib/modules-load.d/

443

mkdir -p $R/lib/modules-load.d/

443

444

# Load random module on boot

445

# Load random module on boot

445

if [ "$ENABLE_HWRANDOM" = true ] ; then

446

if [ "$ENABLE_HWRANDOM" = true ] ; then

446

cat <<EOM >$R/lib/modules-load.d/rpi2.conf

447

cat <<EOM >$R/lib/modules-load.d/rpi2.conf

447

bcm2708_rng

448

bcm2708_rng

448

EOM

449

EOM

449

fi

450

fi

450

451

# Prepare modprobe.d directory

452

# Prepare modprobe.d directory

452

mkdir -p $R/etc/modprobe.d/

453

mkdir -p $R/etc/modprobe.d/

453

454

# Blacklist sound modules

455

# Blacklist sound modules

455

install -o root -g root -m 644 files/modprobe.d/raspi-blacklist.conf $R/etc/modprobe.d/raspi-blacklist.conf

456

install -o root -g root -m 644 files/modprobe.d/raspi-blacklist.conf $R/etc/modprobe.d/raspi-blacklist.conf

456

457

# Create default fstab

458

# Create default fstab

458

install -o root -g root -m 644 files/fstab $R/etc/fstab

459

install -o root -g root -m 644 files/fstab $R/etc/fstab

459

460

# Avoid swapping and increase cache sizes

461

# Avoid swapping and increase cache sizes

461

install -o root -g root -m 644 files/sysctl.d/81-rpi-vm.conf $R/etc/sysctl.d/81-rpi-vm.conf

462

install -o root -g root -m 644 files/sysctl.d/81-rpi-vm.conf $R/etc/sysctl.d/81-rpi-vm.conf

462

463

# Enable network stack hardening

464

# Enable network stack hardening

464

if [ "$ENABLE_HARDNET" = true ] ; then

465

if [ "$ENABLE_HARDNET" = true ] ; then

465

install -o root -g root -m 644 files/sysctl.d/81-rpi-net-hardening.conf $R/etc/sysctl.d/81-rpi-net-hardening.conf

466

install -o root -g root -m 644 files/sysctl.d/81-rpi-net-hardening.conf $R/etc/sysctl.d/81-rpi-net-hardening.conf

466

467

# Enable resolver warnings about spoofed addresses

468

# Enable resolver warnings about spoofed addresses

468

cat <<EOM >>$R/etc/host.conf

469

cat <<EOM >>$R/etc/host.conf

469

spoof warn

470

spoof warn

470

EOM

471

EOM

471

fi

472

fi

472

473

# First boot actions

474

# First boot actions

474

cat files/firstboot/10-begin.sh > $R/etc/rc.firstboot

475

cat files/firstboot/10-begin.sh > $R/etc/rc.firstboot

475

476

# Ensure openssh server host keys are regenerated on first boot

477

# Ensure openssh server host keys are regenerated on first boot

477

if [ "$ENABLE_SSHD" = true ] ; then

478

if [ "$ENABLE_SSHD" = true ] ; then

478

cat files/firstboot/21-generate-ssh-keys.sh >> $R/etc/rc.firstboot

479

cat files/firstboot/21-generate-ssh-keys.sh >> $R/etc/rc.firstboot

479

rm -f $R/etc/ssh/ssh_host_*

480

rm -f $R/etc/ssh/ssh_host_*

480

fi

481

fi

481

482

if [ "$EXPANDROOT" = true ] ; then

483

if [ "$EXPANDROOT" = true ] ; then

483

cat files/firstboot/22-expandroot.sh >> $R/etc/rc.firstboot

484

cat files/firstboot/22-expandroot.sh >> $R/etc/rc.firstboot

484

fi

485

fi

485

486

cat files/firstboot/99-finish.sh >> $R/etc/rc.firstboot

487

cat files/firstboot/99-finish.sh >> $R/etc/rc.firstboot

487

chmod +x $R/etc/rc.firstboot

488

chmod +x $R/etc/rc.firstboot

488

489

sed -i '/exit 0/d' $R/etc/rc.local

490

sed -i '/exit 0/d' $R/etc/rc.local

490

echo /etc/rc.firstboot >> $R/etc/rc.local

491

echo /etc/rc.firstboot >> $R/etc/rc.local

491

echo exit 0 >> $R/etc/rc.local

492

echo exit 0 >> $R/etc/rc.local

492

493

# Disable rsyslog

494

# Disable rsyslog

494

if [ "$ENABLE_RSYSLOG" = false ]; then

495

if [ "$ENABLE_RSYSLOG" = false ]; then

495

sed -i 's|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g' $R/etc/systemd/journald.conf

496

sed -i 's|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g' $R/etc/systemd/journald.conf

496

chroot_exec systemctl disable rsyslog

497

chroot_exec systemctl disable rsyslog

497

chroot_exec apt-get purge -q -y --force-yes rsyslog

498

chroot_exec apt-get purge -q -y --force-yes rsyslog

498

fi

499

fi

499

500

# Enable serial console systemd style

501

# Enable serial console systemd style

501

if [ "$ENABLE_CONSOLE" = true ] ; then

502

if [ "$ENABLE_CONSOLE" = true ] ; then

502

chroot_exec systemctl enable serial-getty\@ttyAMA0.service

503

chroot_exec systemctl enable serial-getty\@ttyAMA0.service

503

fi

504

fi

504

505

# Enable firewall based on iptables started by systemd service

506

# Enable firewall based on iptables started by systemd service

506

if [ "$ENABLE_IPTABLES" = true ] ; then

507

if [ "$ENABLE_IPTABLES" = true ] ; then

507

# Create iptables configuration directory

508

# Create iptables configuration directory

508

mkdir -p "$R/etc/iptables"

509

mkdir -p "$R/etc/iptables"

509

510

# Create iptables systemd service

511

# Create iptables systemd service

511

install -o root -g root -m 644 files/iptables/iptables.service $R/etc/systemd/system/iptables.service

512

install -o root -g root -m 644 files/iptables/iptables.service $R/etc/systemd/system/iptables.service

512

513

# Create flush-table script called by iptables service

514

# Create flush-table script called by iptables service

514

install -o root -g root -m 755 files/iptables/flush-iptables.sh $R/etc/iptables/flush-iptables.sh

515

install -o root -g root -m 755 files/iptables/flush-iptables.sh $R/etc/iptables/flush-iptables.sh

515

516

# Create iptables rule file

517

# Create iptables rule file

517

install -o root -g root -m 644 files/iptables/iptables.rules $R/etc/iptables/iptables.rules

518

install -o root -g root -m 644 files/iptables/iptables.rules $R/etc/iptables/iptables.rules

518

519

# Reload systemd configuration and enable iptables service

520

# Reload systemd configuration and enable iptables service

520

chroot_exec systemctl daemon-reload

521

chroot_exec systemctl daemon-reload

521

chroot_exec systemctl enable iptables.service

522

chroot_exec systemctl enable iptables.service

522

523

if [ "$ENABLE_IPV6" = true ] ; then

524

if [ "$ENABLE_IPV6" = true ] ; then

524

# Create ip6tables systemd service

525

# Create ip6tables systemd service

525

install -o root -g root -m 644 files/iptables/ip6tables.service $R/etc/systemd/system/ip6tables.service

526

install -o root -g root -m 644 files/iptables/ip6tables.service $R/etc/systemd/system/ip6tables.service

526

527

# Create ip6tables file

528

# Create ip6tables file

528

install -o root -g root -m 755 files/iptables/flush-ip6tables.sh $R/etc/iptables/flush-ip6tables.sh

529

install -o root -g root -m 755 files/iptables/flush-ip6tables.sh $R/etc/iptables/flush-ip6tables.sh

529

530

install -o root -g root -m 644 files/iptables/ip6tables.rules $R/etc/iptables/ip6tables.rules

531

install -o root -g root -m 644 files/iptables/ip6tables.rules $R/etc/iptables/ip6tables.rules

531

532

# Reload systemd configuration and enable iptables service

533

# Reload systemd configuration and enable iptables service

533

chroot_exec systemctl daemon-reload

534

chroot_exec systemctl daemon-reload

534

chroot_exec systemctl enable ip6tables.service

535

chroot_exec systemctl enable ip6tables.service

535

fi

536

fi

536

fi

537

fi

537

538

# Remove SSHD related iptables rules

539

# Remove SSHD related iptables rules

539

if [ "$ENABLE_SSHD" = false ] ; then

540

if [ "$ENABLE_SSHD" = false ] ; then

540

sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/iptables.rules 2> /dev/null

541

sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/iptables.rules 2> /dev/null

541

sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/ip6tables.rules 2> /dev/null

542

sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/ip6tables.rules 2> /dev/null

542

fi

543

fi

543

544

# Install gcc/c++ build environment inside the chroot

545

# Install gcc/c++ build environment inside the chroot

545

if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then

546

if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then

546

chroot_exec apt-get install -q -y --force-yes --no-install-recommends linux-compiler-gcc-4.9-arm g++ make bc

547

chroot_exec apt-get install -q -y --force-yes --no-install-recommends linux-compiler-gcc-4.9-arm g++ make bc

547

fi

548

fi

548

549

# Fetch and build U-Boot bootloader

550

# Fetch and build U-Boot bootloader

550

if [ "$ENABLE_UBOOT" = true ] ; then

551

if [ "$ENABLE_UBOOT" = true ] ; then

551

# Fetch U-Boot bootloader sources

552

# Fetch U-Boot bootloader sources

552

git -C $R/tmp clone git://git.denx.de/u-boot.git

553

git -C $R/tmp clone git://git.denx.de/u-boot.git

553

554

# Build and install U-Boot inside chroot

555

# Build and install U-Boot inside chroot

555

chroot_exec make -C /tmp/u-boot/ rpi_2_defconfig all

556

chroot_exec make -C /tmp/u-boot/ rpi_2_defconfig all

556

557

# Copy compiled bootloader binary and set config.txt to load it

558

# Copy compiled bootloader binary and set config.txt to load it

558

cp $R/tmp/u-boot/u-boot.bin $R/boot/firmware/

559

cp $R/tmp/u-boot/u-boot.bin $R/boot/firmware/

559

printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> $R/boot/firmware/config.txt

560

printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> $R/boot/firmware/config.txt

560

561

# Set U-Boot command file

562

# Set U-Boot command file

562

cat <<EOM >$R/boot/firmware/uboot.mkimage

563

cat <<EOM >$R/boot/firmware/uboot.mkimage

563

# Tell Linux that it is booting on a Raspberry Pi2

564

# Tell Linux that it is booting on a Raspberry Pi2

564

setenv machid 0x00000c42

565

setenv machid 0x00000c42

565

566

# Set the kernel boot command line

567

# Set the kernel boot command line

567

setenv bootargs "earlyprintk ${CMDLINE}"

568

setenv bootargs "earlyprintk ${CMDLINE}"

568

569

# Save these changes to u-boot's environment

570

# Save these changes to u-boot's environment

570

saveenv

571

saveenv

571

572

# Load the existing Linux kernel into RAM

573

# Load the existing Linux kernel into RAM

573

fatload mmc 0:1 \${kernel_addr_r} kernel7.img

574

fatload mmc 0:1 \${kernel_addr_r} kernel7.img

574

575

# Boot the kernel we have just loaded

576

# Boot the kernel we have just loaded

576

bootz \${kernel_addr_r}

577

bootz \${kernel_addr_r}

577

EOM

578

EOM

578

579

# Generate U-Boot image from command file

580

# Generate U-Boot image from command file

580

chroot_exec mkimage -A arm -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi2 Boot Script" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr

581

chroot_exec mkimage -A arm -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi2 Boot Script" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr

581

fi

582

fi

582

583

# Fetch and build fbturbo Xorg driver

584

# Fetch and build fbturbo Xorg driver

584

if [ "$ENABLE_FBTURBO" = true ] ; then

585

if [ "$ENABLE_FBTURBO" = true ] ; then

585

# Fetch fbturbo driver sources

586

# Fetch fbturbo driver sources

586

git -C $R/tmp clone https://github.com/ssvb/xf86-video-fbturbo.git

587

git -C $R/tmp clone https://github.com/ssvb/xf86-video-fbturbo.git

587

588

# Install Xorg build dependencies

589

# Install Xorg build dependencies

589

chroot_exec apt-get install -q -y --no-install-recommends xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev

590

chroot_exec apt-get install -q -y --no-install-recommends xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev

590

591

# Build and install fbturbo driver inside chroot

592

# Build and install fbturbo driver inside chroot

592

chroot_exec /bin/bash -c "cd /tmp/xf86-video-fbturbo; autoreconf -vi; ./configure --prefix=/usr; make; make install"

593

chroot_exec /bin/bash -c "cd /tmp/xf86-video-fbturbo; autoreconf -vi; ./configure --prefix=/usr; make; make install"

593

594

# Add fbturbo driver to Xorg configuration

595

# Add fbturbo driver to Xorg configuration

595

cat <<EOM >$R/usr/share/X11/xorg.conf.d/99-fbturbo.conf

596

cat <<EOM >$R/usr/share/X11/xorg.conf.d/99-fbturbo.conf

596

Section "Device"

597

Section "Device"

597

Identifier "Allwinner A10/A13 FBDEV"

598

Identifier "Allwinner A10/A13 FBDEV"

598

Driver "fbturbo"

599

Driver "fbturbo"

599

Option "fbdev" "/dev/fb0"

600

Option "fbdev" "/dev/fb0"

600

Option "SwapbuffersWait" "true"

601

Option "SwapbuffersWait" "true"

601

EndSection

602

EndSection

602

EOM

603

EOM

603

604

# Remove Xorg build dependencies

605

# Remove Xorg build dependencies

605

chroot_exec apt-get -q -y purge --auto-remove xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev

606

chroot_exec apt-get -q -y purge --auto-remove xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev

606

fi

607

fi

607

608

# Remove gcc/c++ build environment from the chroot

609

# Remove gcc/c++ build environment from the chroot

609

if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then

610

if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then

610

chroot_exec apt-get -y -q purge --auto-remove bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.9-arm linux-libc-dev make

611

chroot_exec apt-get -y -q purge --auto-remove bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.9-arm linux-libc-dev make

611

fi

612

fi

612

613

# Clean cached downloads

614

# Clean cached downloads

614

chroot_exec apt-get -y clean

615

chroot_exec apt-get -y clean

615

chroot_exec apt-get -y autoclean

616

chroot_exec apt-get -y autoclean

616

chroot_exec apt-get -y autoremove

617

chroot_exec apt-get -y autoremove

617

618

619

# Invoke custom scripts

620

if [ -n "${CHROOT_SCRIPTS}" ]; then

621

cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"

622

LANG=C chroot $R bash -c 'for SCRIPT in /chroot_scripts/*; do if [ -f $SCRIPT -a -x $SCRIPT ]; then $SCRIPT; fi done;'

623

rm -rf "${R}/chroot_scripts"

624

fi

625

618

# Unmount mounted filesystems

626

# Unmount mounted filesystems

619

umount -l $R/proc

627

umount -l $R/proc

620

umount -l $R/sys

628

umount -l $R/sys

621

629

622

# Clean up files

630

# Clean up files

623

rm -f $R/etc/apt/sources.list.save

631

rm -f $R/etc/apt/sources.list.save

624

rm -f $R/etc/resolvconf/resolv.conf.d/original

632

rm -f $R/etc/resolvconf/resolv.conf.d/original

625

rm -rf $R/run

633

rm -rf $R/run

626

mkdir -p $R/run

634

mkdir -p $R/run

627

rm -f $R/etc/*-

635

rm -f $R/etc/*-

628

rm -f $R/root/.bash_history

636

rm -f $R/root/.bash_history

629

rm -rf $R/tmp/*

637

rm -rf $R/tmp/*

630

rm -f $R/var/lib/urandom/random-seed

638

rm -f $R/var/lib/urandom/random-seed

631

[ -L $R/var/lib/dbus/machine-id ] || rm -f $R/var/lib/dbus/machine-id

639

[ -L $R/var/lib/dbus/machine-id ] || rm -f $R/var/lib/dbus/machine-id

632

rm -f $R/etc/machine-id

640

rm -f $R/etc/machine-id

633

rm -fr $R/etc/apt/apt.conf.d/10proxy

641

rm -fr $R/etc/apt/apt.conf.d/10proxy

634

642

635

# Calculate size of the chroot directory in KB

643

# Calculate size of the chroot directory in KB

636

CHROOT_SIZE=$(expr `du -s $R | awk '{ print $1 }'`)

644

CHROOT_SIZE=$(expr `du -s $R | awk '{ print $1 }'`)

637

645

638

# Calculate the amount of needed 512 Byte sectors

646

# Calculate the amount of needed 512 Byte sectors

639

TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)

647

TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)

640

BOOT_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)

648

BOOT_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)

641

ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${BOOT_SECTORS})

649

ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${BOOT_SECTORS})

642

650

643

# The root partition is EXT4

651

# The root partition is EXT4

644

# This means more space than the actual used space of the chroot is used.

652

# This means more space than the actual used space of the chroot is used.

645

# As overhead for journaling and reserved blocks 20% are added.

653

# As overhead for journaling and reserved blocks 20% are added.

646

ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 20) \* 1024 \/ 512)

654

ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 20) \* 1024 \/ 512)

647

655

648

# Calculate required image size in 512 Byte sectors

656

# Calculate required image size in 512 Byte sectors

649

IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${BOOT_SECTORS} + ${ROOT_SECTORS})

657

IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${BOOT_SECTORS} + ${ROOT_SECTORS})

650

658

651

# Prepare date string for image file name

659

# Prepare date string for image file name

652

DATE="$(date +%Y-%m-%d)"

660

DATE="$(date +%Y-%m-%d)"

653

661

654

# Prepare image file

662

# Prepare image file

655

dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=${TABLE_SECTORS}

663

dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=${TABLE_SECTORS}

656

dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=0 seek=${IMAGE_SECTORS}

664

dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=0 seek=${IMAGE_SECTORS}

657

665

658

# Write partition table

666

# Write partition table

659

sfdisk -q -f "$BASEDIR/${DATE}-debian-${RELEASE}.img" <<EOM

667

sfdisk -q -f "$BASEDIR/${DATE}-debian-${RELEASE}.img" <<EOM

660

unit: sectors

668

unit: sectors

661

669

662

1 : start= ${TABLE_SECTORS}, size= ${BOOT_SECTORS}, Id= c, bootable

670

1 : start= ${TABLE_SECTORS}, size= ${BOOT_SECTORS}, Id= c, bootable

663

2 : start= ${ROOT_OFFSET}, size= ${ROOT_SECTORS}, Id=83

671

2 : start= ${ROOT_OFFSET}, size= ${ROOT_SECTORS}, Id=83

664

3 : start= 0, size= 0, Id= 0

672

3 : start= 0, size= 0, Id= 0

665

4 : start= 0, size= 0, Id= 0

673

4 : start= 0, size= 0, Id= 0

666

EOM

674

EOM

667

675

668

# Set up temporary loop devices and build filesystems

676

# Set up temporary loop devices and build filesystems

669

VFAT_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"

677

VFAT_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"

670

EXT4_LOOP="$(losetup -o 65M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"

678

EXT4_LOOP="$(losetup -o 65M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"

671

mkfs.vfat "$VFAT_LOOP"

679

mkfs.vfat "$VFAT_LOOP"

672

mkfs.ext4 "$EXT4_LOOP"

680

mkfs.ext4 "$EXT4_LOOP"

673

681

674

# Mount the temporary loop devices

682

# Mount the temporary loop devices

675

mkdir -p "$BUILDDIR/mount"

683

mkdir -p "$BUILDDIR/mount"

676

mount "$EXT4_LOOP" "$BUILDDIR/mount"

684

mount "$EXT4_LOOP" "$BUILDDIR/mount"

677

685

678

mkdir -p "$BUILDDIR/mount/boot/firmware"

686

mkdir -p "$BUILDDIR/mount/boot/firmware"

679

mount "$VFAT_LOOP" "$BUILDDIR/mount/boot/firmware"

687

mount "$VFAT_LOOP" "$BUILDDIR/mount/boot/firmware"

680

688

681

# Copy all files from the chroot to the loop device mount point directory

689

# Copy all files from the chroot to the loop device mount point directory

682

rsync -a "$R/" "$BUILDDIR/mount/"

690

rsync -a "$R/" "$BUILDDIR/mount/"

683

691

684

# Unmount all temporary loop devices and mount points

692

# Unmount all temporary loop devices and mount points

685

cleanup

693

cleanup

686

694

687

# (optinal) create block map file for "bmaptool"

695

# (optinal) create block map file for "bmaptool"

688

bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}.img"

696

bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}.img"

689

697

690

# Image was successfully created

698

# Image was successfully created

691

echo "$BASEDIR/${DATE}-debian-${RELEASE}.img (${IMAGE_SIZE})" ": successfully created"

699

echo "$BASEDIR/${DATE}-debian-${RELEASE}.img (${IMAGE_SIZE})" ": successfully created"

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Dépôts
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             # rpi2-gen-image
             ## Introduction
             `rpi2-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for the Raspberry 2 (RPi2) computer. The script at this time only supports the bootstrapping of the current stable Debian 8 "jessie" release.
             ## Build dependencies
             The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
               ```debootstrap debian-archive-keyring qemu-user-static dosfstools rsync bmap-tools whois git-core```
             ## Command-line parameters
             The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi2-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi2-gen-image.sh` script.
             #####Command-line examples:
             ```shell
             ENABLE_UBOOT=true ./rpi2-gen-image.sh
             ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi2-gen-image.sh
             ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi2-gen-image.sh
             ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi2-gen-image.sh
             APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi2-gen-image.sh
             ENABLE_MINBASE=true ./rpi2-gen-image.sh
              ```
             #### APT settings:
             ##### `APT_SERVER`="ftp.debian.org"
             Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
             ##### `APT_PROXY`=""
             Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
             ##### `APT_INCLUDES`=""
             A comma seperated list of additional packages to be installed during bootstrapping.
             #### General system settings:
             ##### `HOSTNAME`="rpi2-jessie"
             Set system host name. It's recommended that the host name is unique in the corresponding subnet.
             ##### `PASSWORD`="raspberry"
             Set system `root` password. The same password is used for the created user `pi`. It's **STRONGLY** recommended that you choose a custom password.
             ##### `DEFLOCAL`="en_US.UTF-8"
             Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. The script variant `minbase` (ENABLE_MINBASE=true) doesn't install `locales`.
             ##### `TIMEZONE`="Europe/Berlin"
             Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
             ##### `EXPANDROOT`=true
             Expand the root partition and filesystem automatically on first boot.
             #### Keyboard settings:
             These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
             ##### `XKBMODEL`=""
             Set the name of the model of your keyboard type.
             ##### `XKBLAYOUT`=""
             Set the supported keyboard layout(s).
             ##### `XKBVARIANT`=""
             Set the supported variant(s) of the keyboard layout(s).
             ##### `XKBOPTIONS`=""
             Set extra xkb configuration options.
             #### Networking settings (DHCP)
             This setting is used to set up networking auto configuration in `/etc/systemd/network/eth.network`.
             #####`ENABLE_DHCP`=true
             Set the system to use DHCP. This requires an DHCP server.
             #### Networking settings (static)
             These settings are used to set up a static networking configuration in /etc/systemd/network/eth.network. The following static networking settings are only supported if `ENABLE_DHCP` was set to `false`.
             #####`NET_ADDRESS`=""
             Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
             #####`NET_GATEWAY`=""
             Set the IP address for the default gateway.
             #####`NET_DNS_1`=""
             Set the IP address for the first DNS server.
             #####`NET_DNS_2`=""
             Set the IP address for the second DNS server.
             #####`NET_DNS_DOMAINS`=""
             Set the default DNS search domains to use for non fully qualified host names.
             #####`NET_NTP_1`=""
             Set the IP address for the first NTP server.
             #####`NET_NTP_2`=""
             Set the IP address for the second NTP server.
             #### Basic system features:
             ##### `ENABLE_CONSOLE`=true
             Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
             ##### `ENABLE_IPV6`=true
             Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
             ##### `ENABLE_SSHD`=true
             Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
             ##### `ENABLE_RSYSLOG`=true
             If set to false, disable and uninstall rsyslog (so logs will be available only
             in journal files)
             ##### `ENABLE_SOUND`=true
             Enable sound hardware and install Advanced Linux Sound Architecture.
             ##### `ENABLE_HWRANDOM`=true
             Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
             ##### `ENABLE_MINGPU`=false
             Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
             ##### `ENABLE_DBUS`=true
             Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
             ##### `ENABLE_XORG`=false
             Install Xorg open-source X Window System.
             ##### `ENABLE_WM`=""
             Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi2-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
             #### Advanced sytem features:
             ##### `ENABLE_MINBASE`=false
             Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
             ##### `ENABLE_UBOOT`=false
             Replace default RPi2 second stage bootloader (bootcode.bin) with U-Boot bootloader. U-Boot can boot images via the network using the BOOTP/TFTP protocol.
             ##### `ENABLE_FBTURBO`=false
             Install and enable the hardware accelerated Xorg video driver `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
             ##### `ENABLE_IPTABLES`=false
             Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
             ##### `ENABLE_USER`=true
             Create pi user with password raspberry
             ##### `ENABLE_ROOT`=true
             Set root user password so root login will be enabled
             ##### `ENABLE_ROOT_SSH`=true
             Enable password root login via SSH. May be a security risk with default
             password, use only in trusted environments.
             ##### `ENABLE_HARDNET`=false
             Enable IPv4/IPv6 network stack hardening settings.
+            ##### `CHROOT_SCRIPTS`=""
+            Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this direcory is run in lexicographical order.
             ## Logging of the bootstrapping process
             All information related to the bootstrapping process and the commands executed by the `rpi2-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
             ```shell
             script -c 'APT_SERVER=ftp.de.debian.org ./rpi2-gen-image.sh' ./build.log
             ```
             ## Flashing the image file
             After the image file was successfully created by the `rpi2-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
             #####Flashing examples:
             ```shell
             bmaptool copy ./images/jessie/2015-12-13-debian-jessie.img /dev/mmcblk0
             dd bs=4M if=./images/jessie/2015-12-13-debian-jessie.img of=/dev/mmcblk0
             ```

             #!/bin/sh
             ########################################################################
             # rpi2-gen-image.sh					   ver2a 12/2015
             #
             # Advanced debian "jessie" bootstrap script for RPi2
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # some parts based on rpi2-build-image:
             # Copyright (C) 2015 Ryan Finnie <ryan@finnie.org>
             # Copyright (C) 2015 Luca Falavigna <dktrkranz@debian.org>
             ########################################################################
             # Clean up all temporary mount points
             cleanup (){
               set +x
               set +e
               echo "removing temporary mount points ..."
               umount -l $R/proc 2> /dev/null
               umount -l $R/sys 2> /dev/null
               umount -l $R/dev/pts 2> /dev/null
               umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
               umount "$BUILDDIR/mount" 2> /dev/null
               losetup -d "$EXT4_LOOP" 2> /dev/null
               losetup -d "$VFAT_LOOP" 2> /dev/null
               trap - 0 1 2 3 6
             }
             # Exec command in chroot
             chroot_exec() {
               LANG=C LC_ALL=C chroot $R $*
             }
             set -e
             set -x
             # Debian release
             RELEASE=${RELEASE:=jessie}
             KERNEL=${KERNEL:=3.18.0-trunk-rpi2}
             # Build settings
             BASEDIR=./images/${RELEASE}
             BUILDDIR=${BASEDIR}/build
             # General settings
             HOSTNAME=${HOSTNAME:=rpi2-${RELEASE}}
             PASSWORD=${PASSWORD:=raspberry}
             DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
             TIMEZONE=${TIMEZONE:="Europe/Berlin"}
             XKBMODEL=${XKBMODEL:=""}
             XKBLAYOUT=${XKBLAYOUT:=""}
             XKBVARIANT=${XKBVARIANT:=""}
             XKBOPTIONS=${XKBOPTIONS:=""}
             EXPANDROOT=${EXPANDROOT:=true}
             # Network settings
             ENABLE_DHCP=${ENABLE_DHCP:=true}
             # NET_* settings are ignored when ENABLE_DHCP=true
             # NET_ADDRESS is an IPv4 or IPv6 address and its prefix, separated by "/"
             NET_ADDRESS=${NET_ADDRESS:=""}
             NET_GATEWAY=${NET_GATEWAY:=""}
             NET_DNS_1=${NET_DNS_1:=""}
             NET_DNS_2=${NET_DNS_2:=""}
             NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
             NET_NTP_1=${NET_NTP_1:=""}
             NET_NTP_2=${NET_NTP_2:=""}
             # APT settings
             APT_PROXY=${APT_PROXY:=""}
             APT_SERVER=${APT_SERVER:="ftp.debian.org"}
             # Feature settings
             ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
             ENABLE_IPV6=${ENABLE_IPV6:=true}
             ENABLE_SSHD=${ENABLE_SSHD:=true}
             ENABLE_SOUND=${ENABLE_SOUND:=true}
             ENABLE_DBUS=${ENABLE_DBUS:=true}
             ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
             ENABLE_MINGPU=${ENABLE_MINGPU:=false}
             ENABLE_XORG=${ENABLE_XORG:=false}
             ENABLE_WM=${ENABLE_WM:=""}
             ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
             ENABLE_USER=${ENABLE_USER:=true}
             ENABLE_ROOT=${ENABLE_ROOT:=false}
             ENABLE_ROOT_SSH=${ENABLE_ROOT_SSH:=false}
             # Advanced settings
             ENABLE_MINBASE=${ENABLE_MINBASE:=false}
             ENABLE_UBOOT=${ENABLE_UBOOT:=false}
             ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
             ENABLE_HARDNET=${ENABLE_HARDNET:=false}
             ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
             # Image chroot path
             R=${BUILDDIR}/chroot
+            CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
             # Packages required for bootstrapping
             REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git-core"
             # Missing packages that need to be installed
             MISSING_PACKAGES=""
             # Packages required in the chroot build environment
             APT_INCLUDES=${APT_INCLUDES:=""}
             APT_INCLUDES="${APT_INCLUDES},apt-transport-https,ca-certificates,debian-archive-keyring,dialog,sudo"
             set +x
             # Are we running as root?
             if [ "$(id -u)" -ne "0" ] ; then
               echo "this script must be executed with root privileges"
               exit 1
             fi
             # Check if all required packages are installed
             for package in $REQUIRED_PACKAGES ; do
               if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
                 MISSING_PACKAGES="$MISSING_PACKAGES $package"
               fi
             done
             # Ask if missing packages should get installed right now
             if [ -n "$MISSING_PACKAGES" ] ; then
               echo "the following packages needed by this script are not installed:"
               echo "$MISSING_PACKAGES"
               echo -n "\ndo you want to install the missing packages right now? [y/n] "
               read confirm
               if [ "$confirm" != "y" ] ; then
                 exit 1
               fi
             fi
             # Make sure all required packages are installed
             apt-get -qq -y install ${REQUIRED_PACKAGES}
             # Don't clobber an old build
             if [ -e "$BUILDDIR" ]; then
               echo "directory $BUILDDIR already exists, not proceeding"
               exit 1
             fi
             set -x
             # Call "cleanup" function on various signals and errors
             trap cleanup 0 1 2 3 6
             # Set up chroot directory
             mkdir -p $R
             # Add required packages for the minbase installation
             if [ "$ENABLE_MINBASE" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools"
             else
               APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
             fi
             # Add parted package, required to get partprobe utility
             if [ "$EXPANDROOT" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},parted"
             fi
             # Add dbus package, recommended if using systemd
             if [ "$ENABLE_DBUS" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},dbus"
             fi
             # Add iptables IPv4/IPv6 package
             if [ "$ENABLE_IPTABLES" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},iptables"
             fi
             # Add openssh server package
             if [ "$ENABLE_SSHD" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},openssh-server"
             fi
             # Add alsa-utils package
             if [ "$ENABLE_SOUND" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},alsa-utils"
             fi
             # Add rng-tools package
             if [ "$ENABLE_HWRANDOM" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},rng-tools"
             fi
             if [ "$ENABLE_USER" = true ]; then
               APT_INCLUDES="${APT_INCLUDES},sudo"
             fi
             # Add fbturbo video driver
             if [ "$ENABLE_FBTURBO" = true ] ; then
               # Enable xorg package dependencies
               ENABLE_XORG=true
             fi
             # Add user defined window manager package
             if [ -n "$ENABLE_WM" ] ; then
               APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
               # Enable xorg package dependencies
               ENABLE_XORG=true
             fi
             # Add xorg package
             if [ "$ENABLE_XORG" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},xorg"
             fi
             # Base debootstrap (unpack only)
             if [ "$ENABLE_MINBASE" = true ] ; then
               http_proxy=${APT_PROXY} debootstrap --arch=armhf --variant=minbase --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian
             else
               http_proxy=${APT_PROXY} debootstrap --arch=armhf --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian
             fi
             # Copy qemu emulator binary to chroot
             cp /usr/bin/qemu-arm-static $R/usr/bin
             # Copy debian-archive-keyring.pgp
             chroot $R mkdir -p /usr/share/keyrings
             cp /usr/share/keyrings/debian-archive-keyring.gpg $R/usr/share/keyrings/debian-archive-keyring.gpg
             # Complete the bootstrapping process
             chroot $R /debootstrap/debootstrap --second-stage
             # Mount required filesystems
             mount -t proc none $R/proc
             mount -t sysfs none $R/sys
             mount --bind /dev/pts $R/dev/pts
             # Use proxy inside chroot
             if [ -z "$APT_PROXY" ] ; then
               echo "Acquire::http::Proxy \"$APT_PROXY\";" >> $R/etc/apt/apt.conf.d/10proxy
             fi
             # Pin package flash-kernel to repositories.collabora.co.uk
             cat <<EOM >$R/etc/apt/preferences.d/flash-kernel
             Package: flash-kernel
             Pin: origin repositories.collabora.co.uk
             Pin-Priority: 1000
             EOM
             # Set up timezone
             echo ${TIMEZONE} >$R/etc/timezone
             chroot_exec dpkg-reconfigure -f noninteractive tzdata
             # Upgrade collabora package index and install collabora keyring
             echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >$R/etc/apt/sources.list
             chroot_exec apt-get -qq -y update
             chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring
             # Set up initial sources.list
             cat <<EOM >$R/etc/apt/sources.list
             deb http://${APT_SERVER}/debian ${RELEASE} main contrib
             #deb-src http://${APT_SERVER}/debian ${RELEASE} main contrib
             deb http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
             #deb-src http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
             deb http://security.debian.org/ ${RELEASE}/updates main contrib
             #deb-src http://security.debian.org/ ${RELEASE}/updates main contrib
             deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2
             EOM
             # Upgrade package index and update all installed packages and changed dependencies
             chroot_exec apt-get -qq -y update
             chroot_exec apt-get -qq -y -u dist-upgrade
             # Set up default locale and keyboard configuration
             if [ "$ENABLE_MINBASE" = false ] ; then
               # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
               # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
               # ... so we have to set locales manually
               if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then
                 chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections
               else
                 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
                 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
                 chroot_exec sed -i "/en_US.UTF-8/s/^#//" /etc/locale.gen
               fi
               chroot_exec sed -i "/${DEFLOCAL}/s/^#//" /etc/locale.gen
               chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
               chroot_exec locale-gen
               chroot_exec update-locale LANG=${DEFLOCAL}
               # Keyboard configuration, if requested
               if [ "$XKBMODEL" != "" ] ; then
                 chroot_exec sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKBMODEL}\"/" /etc/default/keyboard
               fi
               if [ "$XKBLAYOUT" != "" ] ; then
                 chroot_exec sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKBLAYOUT}\"/" /etc/default/keyboard
               fi
               if [ "$XKBVARIANT" != "" ] ; then
                 chroot_exec sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKBVARIANT}\"/" /etc/default/keyboard
               fi
               if [ "$XKBOPTIONS" != "" ] ; then
                 chroot_exec sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKBOPTIONS}\"/" /etc/default/keyboard
               fi
               chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
               # Set up font console
               case "${DEFLOCAL}" in
                 *UTF-8)
                   chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' /etc/default/console-setup
                   ;;
                 *)
                   chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="guess"/' /etc/default/console-setup
                   ;;
               esac
               chroot_exec dpkg-reconfigure -f noninteractive console-setup
             fi
             # Kernel installation
             # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
             chroot_exec apt-get -qq -y --no-install-recommends install linux-image-${KERNEL} raspberrypi-bootloader-nokernel
             chroot_exec apt-get -qq -y install flash-kernel
             VMLINUZ="$(ls -1 $R/boot/vmlinuz-* | sort | tail -n 1)"
             [ -z "$VMLINUZ" ] && exit 1
             cp $VMLINUZ $R/boot/firmware/kernel7.img
             # Set up IPv4 hosts
             echo ${HOSTNAME} >$R/etc/hostname
             cat <<EOM >$R/etc/hosts
 .0.0.1       localhost
 .0.1.1       ${HOSTNAME}
             EOM
             if [ "$NET_ADDRESS" != "" ] ; then
             NET_IP=$(echo ${NET_ADDRESS} | cut -f 1 -d'/')
             sed -i "s/^127.0.1.1/${NET_IP}/" $R/etc/hosts
             fi
             # Set up IPv6 hosts
             if [ "$ENABLE_IPV6" = true ] ; then
             cat <<EOM >>$R/etc/hosts
             ::1             localhost ip6-localhost ip6-loopback
             ff02::1         ip6-allnodes
             ff02::2         ip6-allrouters
             EOM
             fi
             # Place hint about network configuration
             cat <<EOM >$R/etc/network/interfaces
             # Debian switched to systemd-networkd configuration files.
             # please configure your networks in '/etc/systemd/network/'
             EOM
             if [ "$ENABLE_DHCP" = true ] ; then
             # Enable systemd-networkd DHCP configuration for interface eth0
             cat <<EOM >$R/etc/systemd/network/eth.network
             [Match]
             Name=eth0
             [Network]
             DHCP=yes
             EOM
             # Set DHCP configuration to IPv4 only
             if [ "$ENABLE_IPV6" = false ] ; then
               sed -i "s/^DHCP=yes/DHCP=v4/" $R/etc/systemd/network/eth.network
             fi
             else # ENABLE_DHCP=false
             cat <<EOM >$R/etc/systemd/network/eth.network
             [Match]
             Name=eth0
             [Network]
             DHCP=no
             Address=${NET_ADDRESS}
             Gateway=${NET_GATEWAY}
             DNS=${NET_DNS_1}
             DNS=${NET_DNS_2}
             Domains=${NET_DNS_DOMAINS}
             NTP=${NET_NTP_1}
             NTP=${NET_NTP_2}
             EOM
             fi
             # Enable systemd-networkd service
             chroot_exec systemctl enable systemd-networkd
             # Generate crypt(3) password string
             ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 ${PASSWORD}`
             # Set up default user
             if [ "$ENABLE_USER" = true ] ; then
               chroot_exec adduser --gecos pi --add_extra_groups --disabled-password pi
               chroot_exec usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi
             fi
             # Set up root password or not
             if [ "$ENABLE_ROOT" = true ]; then
               chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
               if [ "$ENABLE_ROOT_SSH" = true ]; then
                 sed -i 's|[#]*PermitRootLogin.*|PermitRootLogin yes|g' $R/etc/ssh/sshd_config
               fi
             else
               chroot_exec usermod -p \'!\' root
             fi
             # Set up firmware boot cmdline
             CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1"
             # Set up serial console support (if requested)
             if [ "$ENABLE_CONSOLE" = true ] ; then
               CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
             fi
             # Set up IPv6 networking support
             if [ "$ENABLE_IPV6" = false ] ; then
               CMDLINE="${CMDLINE} ipv6.disable=1"
             fi
             echo "${CMDLINE}" >$R/boot/firmware/cmdline.txt
             # Set up firmware config
             install -o root -g root -m 644 files/config.txt $R/boot/firmware/config.txt
             # Load snd_bcm2835 kernel module at boot time
             if [ "$ENABLE_SOUND" = true ] ; then
               echo "snd_bcm2835" >>$R/etc/modules
             fi
             # Set smallest possible GPU memory allocation size: 16MB (no X)
             if [ "$ENABLE_MINGPU" = true ] ; then
               echo "gpu_mem=16" >>$R/boot/firmware/config.txt
             fi
             # Create symlinks
             ln -sf firmware/config.txt $R/boot/config.txt
             ln -sf firmware/cmdline.txt $R/boot/cmdline.txt
             # Prepare modules-load.d directory
             mkdir -p $R/lib/modules-load.d/
             # Load random module on boot
             if [ "$ENABLE_HWRANDOM" = true ] ; then
               cat <<EOM >$R/lib/modules-load.d/rpi2.conf
             bcm2708_rng
             EOM
             fi
             # Prepare modprobe.d directory
             mkdir -p $R/etc/modprobe.d/
             # Blacklist sound modules
             install -o root -g root -m 644 files/modprobe.d/raspi-blacklist.conf $R/etc/modprobe.d/raspi-blacklist.conf
             # Create default fstab
             install -o root -g root -m 644 files/fstab $R/etc/fstab
             # Avoid swapping and increase cache sizes
             install -o root -g root -m 644 files/sysctl.d/81-rpi-vm.conf $R/etc/sysctl.d/81-rpi-vm.conf
             # Enable network stack hardening
             if [ "$ENABLE_HARDNET" = true ] ; then
               install -o root -g root -m 644 files/sysctl.d/81-rpi-net-hardening.conf $R/etc/sysctl.d/81-rpi-net-hardening.conf
             # Enable resolver warnings about spoofed addresses
               cat <<EOM >>$R/etc/host.conf
             spoof warn
             EOM
             fi
             # First boot actions
             cat files/firstboot/10-begin.sh > $R/etc/rc.firstboot
             # Ensure openssh server host keys are regenerated on first boot
             if [ "$ENABLE_SSHD" = true ] ; then
               cat files/firstboot/21-generate-ssh-keys.sh >> $R/etc/rc.firstboot
               rm -f $R/etc/ssh/ssh_host_*
             fi
             if [ "$EXPANDROOT" = true ] ; then
               cat files/firstboot/22-expandroot.sh >> $R/etc/rc.firstboot
             fi
             cat files/firstboot/99-finish.sh >> $R/etc/rc.firstboot
             chmod +x $R/etc/rc.firstboot
             sed -i '/exit 0/d' $R/etc/rc.local
             echo /etc/rc.firstboot >> $R/etc/rc.local
             echo exit 0 >> $R/etc/rc.local
             # Disable rsyslog
             if [ "$ENABLE_RSYSLOG" = false ]; then
               sed -i 's|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g' $R/etc/systemd/journald.conf
               chroot_exec systemctl disable rsyslog
               chroot_exec apt-get purge -q -y --force-yes rsyslog
             fi
             # Enable serial console systemd style
             if [ "$ENABLE_CONSOLE" = true ] ; then
               chroot_exec systemctl enable serial-getty\@ttyAMA0.service
             fi
             # Enable firewall based on iptables started by systemd service
             if [ "$ENABLE_IPTABLES" = true ] ; then
               # Create iptables configuration directory
               mkdir -p "$R/etc/iptables"
               # Create iptables systemd service
               install -o root -g root -m 644 files/iptables/iptables.service $R/etc/systemd/system/iptables.service
               # Create flush-table script called by iptables service
               install -o root -g root -m 755 files/iptables/flush-iptables.sh $R/etc/iptables/flush-iptables.sh
               # Create iptables rule file
               install -o root -g root -m 644 files/iptables/iptables.rules $R/etc/iptables/iptables.rules
               # Reload systemd configuration and enable iptables service
               chroot_exec systemctl daemon-reload
               chroot_exec systemctl enable iptables.service
               if [ "$ENABLE_IPV6" = true ] ; then
                 # Create ip6tables systemd service
                 install -o root -g root -m 644 files/iptables/ip6tables.service $R/etc/systemd/system/ip6tables.service
                 # Create ip6tables file
                 install -o root -g root -m 755 files/iptables/flush-ip6tables.sh $R/etc/iptables/flush-ip6tables.sh
                 install -o root -g root -m 644 files/iptables/ip6tables.rules $R/etc/iptables/ip6tables.rules
                 # Reload systemd configuration and enable iptables service
                 chroot_exec systemctl daemon-reload
                 chroot_exec systemctl enable ip6tables.service
               fi
             fi
             # Remove SSHD related iptables rules
             if [ "$ENABLE_SSHD" = false ] ; then
              sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/iptables.rules 2> /dev/null
              sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/ip6tables.rules 2> /dev/null
             fi
             # Install gcc/c++ build environment inside the chroot
             if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
               chroot_exec apt-get install -q -y --force-yes --no-install-recommends linux-compiler-gcc-4.9-arm g++ make bc
             fi
             # Fetch and build U-Boot bootloader
             if [ "$ENABLE_UBOOT" = true ] ; then
               # Fetch U-Boot bootloader sources
               git -C $R/tmp clone git://git.denx.de/u-boot.git
               # Build and install U-Boot inside chroot
               chroot_exec make -C /tmp/u-boot/ rpi_2_defconfig all
               # Copy compiled bootloader binary and set config.txt to load it
               cp $R/tmp/u-boot/u-boot.bin $R/boot/firmware/
               printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> $R/boot/firmware/config.txt
               # Set U-Boot command file
               cat <<EOM >$R/boot/firmware/uboot.mkimage
             # Tell Linux that it is booting on a Raspberry Pi2
             setenv machid 0x00000c42
             # Set the kernel boot command line
             setenv bootargs "earlyprintk ${CMDLINE}"
             # Save these changes to u-boot's environment
             saveenv
             # Load the existing Linux kernel into RAM
             fatload mmc 0:1 \${kernel_addr_r} kernel7.img
             # Boot the kernel we have just loaded
             bootz \${kernel_addr_r}
             EOM
               # Generate U-Boot image from command file
               chroot_exec mkimage -A arm -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi2 Boot Script" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
             fi
             # Fetch and build fbturbo Xorg driver
             if [ "$ENABLE_FBTURBO" = true ] ; then
               # Fetch fbturbo driver sources
               git -C $R/tmp clone https://github.com/ssvb/xf86-video-fbturbo.git
               # Install Xorg build dependencies
               chroot_exec apt-get install -q -y --no-install-recommends xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
               # Build and install fbturbo driver inside chroot
               chroot_exec /bin/bash -c "cd /tmp/xf86-video-fbturbo; autoreconf -vi; ./configure --prefix=/usr; make; make install"
               # Add fbturbo driver to Xorg configuration
               cat <<EOM >$R/usr/share/X11/xorg.conf.d/99-fbturbo.conf
             Section "Device"
                     Identifier "Allwinner A10/A13 FBDEV"
                     Driver "fbturbo"
                     Option "fbdev" "/dev/fb0"
                     Option "SwapbuffersWait" "true"
             EndSection
             EOM
               # Remove Xorg build dependencies
               chroot_exec apt-get -q -y purge --auto-remove xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
             fi
             # Remove gcc/c++ build environment from the chroot
             if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
               chroot_exec apt-get -y -q purge --auto-remove bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.9-arm linux-libc-dev make
             fi
             # Clean cached downloads
             chroot_exec apt-get -y clean
             chroot_exec apt-get -y autoclean
             chroot_exec apt-get -y autoremove
+            # Invoke custom scripts
+            if [ -n "${CHROOT_SCRIPTS}" ]; then
+              cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
+              LANG=C chroot $R bash -c 'for SCRIPT in /chroot_scripts/*; do if [ -f $SCRIPT -a -x $SCRIPT ]; then $SCRIPT; fi done;'
+              rm -rf "${R}/chroot_scripts"
+            fi
             # Unmount mounted filesystems
             umount -l $R/proc
             umount -l $R/sys
             # Clean up files
             rm -f $R/etc/apt/sources.list.save
             rm -f $R/etc/resolvconf/resolv.conf.d/original
             rm -rf $R/run
             mkdir -p $R/run
             rm -f $R/etc/*-
             rm -f $R/root/.bash_history
             rm -rf $R/tmp/*
             rm -f $R/var/lib/urandom/random-seed
             [ -L $R/var/lib/dbus/machine-id ] || rm -f $R/var/lib/dbus/machine-id
             rm -f $R/etc/machine-id
             rm -fr $R/etc/apt/apt.conf.d/10proxy
             # Calculate size of the chroot directory in KB
             CHROOT_SIZE=$(expr `du -s $R | awk '{ print $1 }'`)
             # Calculate the amount of needed 512 Byte sectors
             TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
             BOOT_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
             ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${BOOT_SECTORS})
             # The root partition is EXT4
             # This means more space than the actual used space of the chroot is used.
             # As overhead for journaling and reserved blocks 20% are added.
             ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 20) \* 1024 \/ 512)
             # Calculate required image size in 512 Byte sectors
             IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${BOOT_SECTORS} + ${ROOT_SECTORS})
             # Prepare date string for image file name
             DATE="$(date +%Y-%m-%d)"
             # Prepare image file
             dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=${TABLE_SECTORS}
             dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=0 seek=${IMAGE_SECTORS}
             # Write partition table
             sfdisk -q -f "$BASEDIR/${DATE}-debian-${RELEASE}.img" <<EOM
             unit: sectors
 : start=   ${TABLE_SECTORS}, size=   ${BOOT_SECTORS}, Id= c, bootable
 : start=     ${ROOT_OFFSET}, size=   ${ROOT_SECTORS}, Id=83
 : start=                  0, size=                 0, Id= 0
 : start=                  0, size=                 0, Id= 0
             EOM
             # Set up temporary loop devices and build filesystems
             VFAT_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
             EXT4_LOOP="$(losetup -o 65M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
             mkfs.vfat "$VFAT_LOOP"
             mkfs.ext4 "$EXT4_LOOP"
             # Mount the temporary loop devices
             mkdir -p "$BUILDDIR/mount"
             mount "$EXT4_LOOP" "$BUILDDIR/mount"
             mkdir -p "$BUILDDIR/mount/boot/firmware"
             mount "$VFAT_LOOP" "$BUILDDIR/mount/boot/firmware"
             # Copy all files from the chroot to the loop device mount point directory
             rsync -a "$R/" "$BUILDDIR/mount/"
             # Unmount all temporary loop devices and mount points
             cleanup
             # (optinal) create block map file for "bmaptool"
             bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}.img"
             # Image was successfully created
             echo "$BASEDIR/${DATE}-debian-${RELEASE}.img (${IMAGE_SIZE})" ": successfully created"