##// END OF EJS Templates
a
Unknown -
r699:f8c24f115d9a
parent child
Show More
@@ -1,611 +1,611
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3/4 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9 9
10 10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel/aarch64) cross-compiler toolchain.
11 11
12 12 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13 13
14 14 ## Command-line parameters
15 15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
16 16
17 17 ##### Command-line examples:
18 18 ```shell
19 19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
20 20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
21 21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
22 22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
23 23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
24 24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
26 26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
27 27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
30 30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 32 ```
33 33
34 34 ## Configuration template files
35 35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
36 36
37 37 ##### Command-line examples:
38 38 ```shell
39 39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
40 40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
41 41 ```
42 42
43 43 ## Supported parameters and settings
44 44 #### APT settings:
45 45 ##### `APT_SERVER`="ftp.debian.org"
46 46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
47 47
48 48 ##### `APT_PROXY`=""
49 49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
50 50
51 51 ##### `KEEP_APT_PROXY`=false
52 52 Keep the APT_PROXY settings used in the bootsrapping process in the generated image.
53 53
54 54 ##### `APT_INCLUDES`=""
55 55 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
56 56
57 57 ##### `APT_INCLUDES_LATE`=""
58 58 A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
59 59
60 60 ---
61 61
62 62 #### General system settings:
63 63 ##### `SET_ARCH`=32
64 64 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3/RPI3+/RPI4) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
65 65
66 66 ##### `RPI_MODEL`=2
67 67 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
68 68 - `0` = Raspberry Pi 0 and Raspberry Pi 0 W
69 69 - `1` = Raspberry Pi 1 model A and B
70 70 - `1P` = Raspberry Pi 1 model B+ and A+
71 71 - `2` = Raspberry Pi 2 model B
72 72 - `3` = Raspberry Pi 3 model B
73 73 - `3P` = Raspberry Pi 3 model B+
74 74 - `4` = Raspberry Pi 4 model B
75 75
76 76 ##### `RELEASE`="buster"
77 77 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
78 78
79 79 ##### `RELEASE_ARCH`="armhf"
80 80 Set the desired Debian release architecture.
81 81
82 82 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
83 83 Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.
84 84
85 85 ##### `PASSWORD`="raspberry"
86 86 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
87 87
88 88 ##### `USER_PASSWORD`="raspberry"
89 89 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
90 90
91 91 ##### `DEFLOCAL`="en_US.UTF-8"
92 92 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
93 93
94 94 ##### `TIMEZONE`="Europe/Berlin"
95 95 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
96 96
97 97 ##### `EXPANDROOT`=true
98 98 Expand the root partition and filesystem automatically on first boot.
99 99
100 100 ##### `ENABLE_DPHYSSWAP`=true
101 101 Enable swap. The size of the swapfile is chosen relative to the size of the root partition. It'll use the `dphys-swapfile` package for that.
102 102
103 103 ##### `ENABLE_QEMU`=false
104 104 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
105 105
106 106 ---
107 107
108 108 #### Keyboard settings:
109 109 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
110 110
111 111 ##### `XKB_MODEL`=""
112 112 Set the name of the model of your keyboard type.
113 113
114 114 ##### `XKB_LAYOUT`=""
115 115 Set the supported keyboard layout(s).
116 116
117 117 ##### `XKB_VARIANT`=""
118 118 Set the supported variant(s) of the keyboard layout(s).
119 119
120 120 ##### `XKB_OPTIONS`=""
121 121 Set extra xkb configuration options.
122 122
123 123 ---
124 124
125 125 #### Networking settings (DHCP):
126 126 This parameter `ENABLE_ETH_DHCP` is used to set up networking auto-configuration in `/etc/systemd/network/eth0.network`. This parameter `ENABLE_WIFI_DHCP` is used to set up networking auto-configuration in `/etc/systemd/network/wlan0.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
127 127
128 128 ##### `ENABLE_ETH_DHCP`=true
129 129 Set the system to use DHCP. This requires an DHCP server.
130 130
131 131 ##### `ENABLE_WIFI_DHCP`=true
132 132 Set the system to use DHCP. This requires an DHCP server.
133 133
134 134 ---
135 135
136 136 #### Networking settings (ethernet static):
137 137 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth0.network`. The following static networking parameters are only supported if `ENABLE_ETH_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
138 138
139 139 ##### `NET_ETH_ADDRESS`=""
140 140 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
141 141
142 142 ##### `NET_ETH_GATEWAY`=""
143 143 Set the IP address for the default gateway.
144 144
145 145 ##### `NET_ETH_DNS_1`=""
146 146 Set the IP address for the first DNS server.
147 147
148 148 ##### `NET_ETH_DNS_2`=""
149 149 Set the IP address for the second DNS server.
150 150
151 151 ##### `NET_ETH_DNS_DOMAINS`=""
152 152 Set the default DNS search domains to use for non fully qualified hostnames.
153 153
154 154 ##### `NET_ETH_NTP_1`=""
155 155 Set the IP address for the first NTP server.
156 156
157 157 ##### `NET_ETH_NTP_2`=""
158 158 Set the IP address for the second NTP server.
159 159
160 160 ---
161 161
162 162 #### Networking settings (WIFI):
163 163
164 164 ##### `NET_WIFI_SSID`=""
165 165 Set to your WIFI SSID
166 166
167 ##### `NET_WIFI_WPAPSK`=""
167 ##### `NET_WIFI_PSK`=""
168 168 Set your WPA/WPA2 PSK
169 169
170 170 ---
171 171
172 172 #### Networking settings (WIFI static):
173 173 These parameters are used to set up a static networking configuration in `/etc/systemd/network/wlan0.network`. The following static networking parameters are only supported if `ENABLE_WIFI_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
174 174
175 175 ##### `NET_WIFI_ADDRESS`=""
176 176 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
177 177
178 178 ##### `NET_WIFI_GATEWAY`=""
179 179 Set the IP address for the default gateway.
180 180
181 181 ##### `NET_WIFI_DNS_1`=""
182 182 Set the IP address for the first DNS server.
183 183
184 184 ##### `NET_WIFI_DNS_2`=""
185 185 Set the IP address for the second DNS server.
186 186
187 187 ##### `NET_WIFI_DNS_DOMAINS`=""
188 188 Set the default DNS search domains to use for non fully qualified hostnames.
189 189
190 190 ##### `NET_WIFI_NTP_1`=""
191 191 Set the IP address for the first NTP server.
192 192
193 193 ##### `NET_WIFI_NTP_2`=""
194 194 Set the IP address for the second NTP server.
195 195
196 196 ---
197 197
198 198 #### Basic system features:
199 199 ##### `ENABLE_CONSOLE`=true
200 200 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
201 201
202 202 ##### `ENABLE_PRINTK`=false
203 203 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
204 204
205 205 ##### `ENABLE_BLUETOOTH`=false
206 206 Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
207 207
208 208 ##### `ENABLE_MINIUART_OVERLAY`=false
209 209 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
210 210
211 211 ##### `ENABLE_TURBO`=false
212 212 Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
213 213
214 214 ##### `ENABLE_I2C`=false
215 215 Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
216 216
217 217 ##### `ENABLE_SPI`=false
218 218 Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
219 219
220 220 ##### `ENABLE_IPV6`=true
221 221 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
222 222
223 223 ##### `ENABLE_SSHD`=true
224 224 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
225 225
226 226 ##### `ENABLE_NONFREE`=false
227 227 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
228 228
229 229 ##### `ENABLE_WIRELESS`=false
230 230 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `0`,`3`,`3P`,`4`.
231 231
232 232 ##### `ENABLE_RSYSLOG`=true
233 233 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
234 234
235 235 ##### `ENABLE_SOUND`=true
236 236 Enable sound hardware and install Advanced Linux Sound Architecture.
237 237
238 238 ##### `ENABLE_HWRANDOM`=true
239 239 Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
240 240
241 241 ##### `ENABLE_MINGPU`=false
242 242 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
243 243
244 244 ##### `ENABLE_DBUS`=true
245 245 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
246 246
247 247 ##### `ENABLE_XORG`=false
248 248 Install Xorg open-source X Window System.
249 249
250 250 ##### `ENABLE_WM`=""
251 251 Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
252 252
253 253 ##### `ENABLE_SYSVINIT`=false
254 254 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
255 255
256 256 ---
257 257
258 258 #### Advanced system features:
259 259 ##### `ENABLE_KEYGEN`=false
260 260 Recover your lost codec license
261 261
262 262 ##### `ENABLE_SYSTEMDSWAP`=false
263 263 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
264 264
265 265 ##### `ENABLE_MINBASE`=false
266 266 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
267 267
268 268 ##### `ENABLE_REDUCE`=false
269 269 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
270 270
271 271 ##### `ENABLE_UBOOT`=false
272 272 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
273 273 RPI4 needs tbd
274 274
275 275 ##### `UBOOTSRC_DIR`=""
276 276 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
277 277
278 278 ##### `ENABLE_FBTURBO`=false
279 279 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
280 280
281 281 ##### `FBTURBOSRC_DIR`=""
282 282 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
283 283
284 284 ##### `ENABLE_VIDEOCORE`=false
285 285 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
286 286
287 287 ##### `VIDEOCORESRC_DIR`=""
288 288 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
289 289
290 290 ##### `ENABLE_NEXMON`=false
291 291 Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
292 292
293 293 ##### `NEXMONSRC_DIR`=""
294 294 Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
295 295
296 296 ##### `ENABLE_IPTABLES`=false
297 297 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
298 298
299 299 ##### `ENABLE_USER`=true
300 300 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
301 301
302 302 ##### `USER_NAME`=pi
303 303 Non-root user to create. Ignored if `ENABLE_USER`=false
304 304
305 305 ##### `ENABLE_ROOT`=false
306 306 Set root user password so root login will be enabled
307 307
308 308 ##### `ENABLE_HARDNET`=false
309 309 Enable IPv4/IPv6 network stack hardening settings.
310 310
311 311 ##### `ENABLE_SPLITFS`=false
312 312 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
313 313
314 314 ##### `CHROOT_SCRIPTS`=""
315 315 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
316 316
317 317 ##### `ENABLE_INITRAMFS`=false
318 318 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
319 319
320 320 ##### `ENABLE_IFNAMES`=true
321 321 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
322 322
323 323 ##### `ENABLE_SPLASH`=true
324 324 Enable default Raspberry Pi boot up rainbow splash screen.
325 325
326 326 ##### `ENABLE_LOGO`=true
327 327 Enable default Raspberry Pi console logo (image of four raspberries in the top left corner).
328 328
329 329 ##### `ENABLE_SILENT_BOOT`=false
330 330 Set the verbosity of console messages shown during boot up to a strict minimum.
331 331
332 332 ##### `DISABLE_UNDERVOLT_WARNINGS`=
333 333 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
334 334
335 335 ---
336 336
337 337 #### SSH settings:
338 338 ##### `SSH_ENABLE_ROOT`=false
339 339 Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
340 340
341 341 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
342 342 Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
343 343
344 344 ##### `SSH_LIMIT_USERS`=false
345 345 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
346 346
347 347 ##### `SSH_ROOT_PUB_KEY`=""
348 348 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
349 349
350 350 ##### `SSH_USER_PUB_KEY`=""
351 351 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
352 352
353 353 ---
354 354
355 355 #### Kernel compilation:
356 356 ##### `BUILD_KERNEL`=true
357 357 Build and install the latest RPi 0/1/2/3/4 Linux kernel. The default RPi 0/1/2/3/ kernel configuration is used most of the time.
358 358 ENABLE_NEXMON - Changes Kernel Source to [https://github.com/Re4son/](Kali Linux Kernel)
359 359 Precompiled 32bit kernel for RPI0/1/2/3 by [https://github.com/hypriot/](hypriot)
360 360 Precompiled 64bit kernel for RPI3/4 by [https://github.com/sakaki-/](sakaki)
361 361
362 362
363 363 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
364 364 This sets the cross-compile environment for the compiler.
365 365
366 366 ##### `KERNEL_ARCH`="arm"
367 367 This sets the kernel architecture for the compiler.
368 368
369 369 ##### `KERNEL_IMAGE`="kernel7.img"
370 370 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
371 371
372 372 ##### `KERNEL_BRANCH`=""
373 373 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
374 374
375 375 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
376 376 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
377 377
378 378 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
379 379 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
380 380
381 381 ##### `KERNEL_REDUCE`=false
382 382 Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
383 383
384 384 ##### `KERNEL_THREADS`=1
385 385 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
386 386
387 387 ##### `KERNEL_HEADERS`=true
388 388 Install kernel headers with the built kernel.
389 389
390 390 ##### `KERNEL_MENUCONFIG`=false
391 391 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
392 392
393 393 ##### `KERNEL_OLDDEFCONFIG`=false
394 394 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
395 395
396 396 ##### `KERNEL_CCACHE`=false
397 397 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
398 398
399 399 ##### `KERNEL_REMOVESRC`=true
400 400 Remove all kernel sources from the generated OS image after it was built and installed.
401 401
402 402 ##### `KERNELSRC_DIR`=""
403 403 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
404 404
405 405 ##### `KERNELSRC_CLEAN`=false
406 406 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
407 407
408 408 ##### `KERNELSRC_CONFIG`=true
409 409 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
410 410
411 411 ##### `KERNELSRC_USRCONFIG`=""
412 412 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
413 413
414 414 ##### `KERNELSRC_PREBUILT`=false
415 415 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
416 416
417 417 ##### `RPI_FIRMWARE_DIR`=""
418 418 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
419 419
420 420 ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
421 421 Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
422 422
423 423 ##### `KERNEL_NF`=false
424 424 Enable Netfilter modules as kernel modules
425 425
426 426 ##### `KERNEL_VIRT`=false
427 427 Enable Kernel KVM support (/dev/kvm)
428 428
429 429 ##### `KERNEL_ZSWAP`=false
430 430 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
431 431
432 432 ##### `KERNEL_BPF`=true
433 433 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
434 434
435 435 ##### `KERNEL_SECURITY`=false
436 436 Enables Apparmor, integrity subsystem, auditing.
437 437
438 438 ##### `KERNEL_BTRFS`="false"
439 439 enable btrfs kernel support
440 440
441 441 ##### `KERNEL_POEHAT`="false"
442 442 enable Enable RPI POE HAT fan kernel support
443 443
444 444 ##### `KERNEL_NSPAWN`="false"
445 445 Enable per-interface network priority control - for systemd-nspawn
446 446
447 447 ##### `KERNEL_DHKEY`="true"
448 448 Diffie-Hellman operations on retained keys - required for >keyutils-1.6
449 449
450 450 ---
451 451
452 452 #### Reduce disk usage:
453 453 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
454 454
455 455 ##### `REDUCE_APT`=true
456 456 Configure APT to use compressed package repository lists and no package caching files.
457 457
458 458 ##### `REDUCE_DOC`=true
459 459 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
460 460
461 461 ##### `REDUCE_MAN`=true
462 462 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
463 463
464 464 ##### `REDUCE_VIM`=false
465 465 Replace `vim-tiny` package by `levee` a tiny vim clone.
466 466
467 467 ##### `REDUCE_BASH`=false
468 468 Remove `bash` package and switch to `dash` shell (experimental).
469 469
470 470 ##### `REDUCE_HWDB`=true
471 471 Remove PCI related hwdb files (experimental).
472 472
473 473 ##### `REDUCE_SSHD`=true
474 474 Replace `openssh-server` with `dropbear`.
475 475
476 476 ##### `REDUCE_LOCALE`=true
477 477 Remove all `locale` translation files.
478 478
479 479 ---
480 480
481 481 #### Encrypted root partition:
482 482 ##### `ENABLE_CRYPTFS`=false
483 483 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
484 484
485 485 ##### `CRYPTFS_PASSWORD`=""
486 486 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
487 487
488 488 ##### `CRYPTFS_MAPPING`="secure"
489 489 Set name of dm-crypt managed device-mapper mapping.
490 490
491 491 ##### `CRYPTFS_CIPHER`="aes-xts-plain64"
492 492 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
493 493
494 494 ##### `CRYPTFS_HASH`=sha512
495 495 Hash function and size to be used
496 496
497 497 ##### `CRYPTFS_XTSKEYSIZE`=512
498 498 Sets key size in bits. The argument has to be a multiple of 8.
499 499
500 500 ##### `CRYPTFS_DROPBEAR`=false
501 501 Enable Dropbear Initramfs support
502 502
503 503 ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
504 504 Provide path to dropbear Public RSA-OpenSSH Key
505 505
506 506 ---
507 507
508 508 #### Build settings:
509 509 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
510 510 Set a path to a working directory used by the script to generate an image.
511 511
512 512 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
513 513 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
514 514
515 515 ## Understanding the script
516 516 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
517 517
518 518 | Script | Description |
519 519 | --- | --- |
520 520 | `10-bootstrap.sh` | Debootstrap basic system |
521 521 | `11-apt.sh` | Setup APT repositories |
522 522 | `12-locale.sh` | Setup Locales and keyboard settings |
523 523 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
524 524 | `14-fstab.sh` | Setup fstab and initramfs |
525 525 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
526 526 | `20-networking.sh` | Setup Networking |
527 527 | `21-firewall.sh` | Setup Firewall |
528 528 | `30-security.sh` | Setup Users and Security settings |
529 529 | `31-logging.sh` | Setup Logging |
530 530 | `32-sshd.sh` | Setup SSH and public keys |
531 531 | `41-uboot.sh` | Build and Setup U-Boot |
532 532 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
533 533 | `43-videocore.sh` | Build and Setup videocore libraries |
534 534 | `50-firstboot.sh` | First boot actions |
535 535 | `99-reduce.sh` | Reduce the disk space usage |
536 536
537 537 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
538 538
539 539 | Directory | Description |
540 540 | --- | --- |
541 541 | `apt` | APT management configuration files |
542 542 | `boot` | Boot and RPi 0/1/2/3 configuration files |
543 543 | `dpkg` | Package Manager configuration |
544 544 | `etc` | Configuration files and rc scripts |
545 545 | `firstboot` | Scripts that get executed on first boot |
546 546 | `initramfs` | Initramfs scripts |
547 547 | `iptables` | Firewall configuration files |
548 548 | `locales` | Locales configuration |
549 549 | `modules` | Kernel Modules configuration |
550 550 | `mount` | Fstab configuration |
551 551 | `network` | Networking configuration files |
552 552 | `sysctl.d` | Swapping and Network Hardening configuration |
553 553 | `xorg` | fbturbo Xorg driver configuration |
554 554
555 555 ## Custom packages and scripts
556 556 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
557 557
558 558 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
559 559
560 560 ## Logging of the bootstrapping process
561 561 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
562 562
563 563 ```shell
564 564 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
565 565 ```
566 566
567 567 ## Flashing the image file
568 568 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
569 569
570 570 ##### Flashing examples:
571 571 ```shell
572 572 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
573 573 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
574 574 ```
575 575 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
576 576 ```shell
577 577 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
578 578 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
579 579 ```
580 580
581 581 ## QEMU emulation
582 582 Start QEMU full system emulation:
583 583 ```shell
584 584 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
585 585 ```
586 586
587 587 Start QEMU full system emulation and output to console:
588 588 ```shell
589 589 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
590 590 ```
591 591
592 592 Start QEMU full system emulation with SMP and output to console:
593 593 ```shell
594 594 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
595 595 ```
596 596
597 597 Start QEMU full system emulation with cryptfs, initramfs and output to console:
598 598 ```shell
599 599 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
600 600 ```
601 601
602 602 ## External links and references
603 603 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
604 604 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
605 605 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
606 606 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
607 607 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
608 608 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
609 609 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
610 610 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm)
611 611 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,177 +1,179
1 1 #
2 2 # Setup Networking
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup hostname
9 9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
10 10 sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname"
11 11
12 12 # Install and setup hosts
13 13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
14 14 sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts"
15 15
16 16 # Setup hostname entry with static IP
17 17 if [ "$NET_ETH_ADDRESS" != "" ] ; then
18 18 NET_IP=$(echo "${NET_ETH_ADDRESS}" | cut -f 1 -d'/')
19 19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
20 20 fi
21 21
22 22 # Remove IPv6 hosts
23 23 if [ "$ENABLE_IPV6" = false ] ; then
24 24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
25 25 fi
26 26
27 27 # Install hint about network configuration
28 28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
29 29
30 30 # Install configuration for interface eth0
31 31 install_readonly files/network/eth0.network "${ETC_DIR}/systemd/network/eth0.network"
32 32
33 33 if [ "$RPI_MODEL" = 3P ] ; then
34 34 printf "\n[Link]\nGenericReceiveOffload=off\nTCPSegmentationOffload=off\nGenericSegmentationOffload=off" >> "${ETC_DIR}/systemd/network/eth0.network"
35 35 fi
36 36
37 37 # Install configuration for interface wl*
38 38 install_readonly files/network/wlan0.network "${ETC_DIR}/systemd/network/wlan0.network"
39 39
40 40 #always with dhcp since wpa_supplicant integration is missing
41 41 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan0.network"
42 42
43 43 if [ "$ENABLE_ETH_DHCP" = true ] ; then
44 44 # Enable DHCP configuration for interface eth0
45 45 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth0.network"
46 46
47 47 # Set DHCP configuration to IPv4 only
48 48 if [ "$ENABLE_IPV6" = false ] ; then
49 49 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth0.network"
50 50 sed '/IPv6PrivacyExtensions=true/d' "${ETC_DIR}/systemd/network/eth0.network"
51 51 fi
52 52
53 53 else # ENABLE_ETH_DHCP=false
54 54 # Set static network configuration for interface eth0
55 55 sed -i\
56 56 -e "s|DHCP=.*|DHCP=no|"\
57 57 -e "s|Address=\$|Address=${NET_ETH_ADDRESS}|"\
58 58 -e "s|Gateway=\$|Gateway=${NET_ETH_GATEWAY}|"\
59 59 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_ETH_DNS_1}|"\
60 60 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_ETH_DNS_2}|"\
61 61 -e "s|Domains=\$|Domains=${NET_ETH_DNS_DOMAINS}|"\
62 62 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_ETH_NTP_1}|"\
63 63 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_ETH_NTP_2}|"\
64 64 "${ETC_DIR}/systemd/network/eth0.network"
65 65 fi
66 66
67 67 if [ "$ENABLE_WIFI_DHCP" = true ] ; then
68 68 # Enable DHCP configuration for interface eth0
69 69 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan0.network"
70 70
71 71 # Set DHCP configuration to IPv4 only
72 72 if [ "$ENABLE_IPV6" = false ] ; then
73 73 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/wlan0.network"
74 74 sed '/IPv6PrivacyExtensions=true/d' "${ETC_DIR}/systemd/network/wlan0.network"
75 75 fi
76 76
77 77 else # ENABLE_ETH_DHCP=false
78 78 # Set static network configuration for interface eth0
79 79 sed -i\
80 80 -e "s|DHCP=.*|DHCP=no|"\
81 81 -e "s|Address=\$|Address=${NET_WIFI_ADDRESS}|"\
82 82 -e "s|Gateway=\$|Gateway=${NET_WIFI_GATEWAY}|"\
83 83 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_WIFI_DNS_1}|"\
84 84 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_WIFI_DNS_2}|"\
85 85 -e "s|Domains=\$|Domains=${NET_WIFI_DNS_DOMAINS}|"\
86 86 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_WIFI_NTP_1}|"\
87 87 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_WIFI_NTP_2}|"\
88 88 "${ETC_DIR}/systemd/network/wlan0.network"
89 89 fi
90 90
91 printf "
92 ctrl_interface=/run/wpa_supplicant
93 ctrl_interface_group=wheel
94 update_config=1
95 eapol_version=1
96 ap_scan=1
97 fast_reauth=1
98
99 " > /etc/wpa_supplicant/wpa_supplicant-wlan0.conf
100
101 #Configure WPA_supplicant
102 chroot_exec wpa_passphrase "$NET_SSID" "$NET_WPAPSK" >> /etc/wpa_supplicant/wpa_supplicant-wlan0.conf
103
104 chroot_exec systemctl enable wpa_supplicant.service
105 chroot_exec systemctl enable wpa_supplicant@wlan0.service
91 if [ -z "$NET_WIFI_SSID" ] && [ -z "$NET_WIFI_PSK" ] ; then
92 printf "
93 ctrl_interface=/run/wpa_supplicant
94 ctrl_interface_group=wheel
95 update_config=1
96 eapol_version=1
97 ap_scan=1
98 fast_reauth=1
99
100 " > /etc/wpa_supplicant/wpa_supplicant-wlan0.conf
101
102 #Configure WPA_supplicant
103 chroot_exec wpa_passphrase "$NET_SSID" "$NET_WPAPSK" >> /etc/wpa_supplicant/wpa_supplicant-wlan0.conf
104
105 chroot_exec systemctl enable wpa_supplicant.service
106 chroot_exec systemctl enable wpa_supplicant@wlan0.service
107 fi
106 108
107 109 # Remove empty settings from network configuration
108 110 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth0.network"
109 111 # Remove empty settings from wlan configuration
110 112 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan0.network"
111 113
112 114 # Move systemd network configuration if required by Debian release
113 115 mv -v "${ETC_DIR}/systemd/network/eth0.network" "${LIB_DIR}/systemd/network/10-eth0.network"
114 116 # If WLAN is enabled copy wlan configuration too
115 117 if [ "$ENABLE_WIRELESS" = true ] ; then
116 118 mv -v "${ETC_DIR}/systemd/network/wlan0.network" "${LIB_DIR}/systemd/network/11-wlan0.network"
117 119 fi
118 120 rm -fr "${ETC_DIR}/systemd/network"
119 121
120 122 # Enable systemd-networkd service
121 123 chroot_exec systemctl enable systemd-networkd
122 124
123 125 # Install host.conf resolver configuration
124 126 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
125 127
126 128 # Enable network stack hardening
127 129 if [ "$ENABLE_HARDNET" = true ] ; then
128 130 # Install sysctl.d configuration files
129 131 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
130 132
131 133 # Setup resolver warnings about spoofed addresses
132 134 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
133 135 fi
134 136
135 137 # Enable time sync
136 138 if [ "$NET_NTP_1" != "" ] ; then
137 139 chroot_exec systemctl enable systemd-timesyncd.service
138 140 fi
139 141
140 142 # Download the firmware binary blob required to use the RPi3 wireless interface
141 143 if [ "$ENABLE_WIRELESS" = true ] ; then
142 144 if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
143 145 mkdir -p "${WLAN_FIRMWARE_DIR}"
144 146 fi
145 147
146 148 # Create temporary directory for firmware binary blob
147 149 temp_dir=$(as_nobody mktemp -d)
148 150
149 151 # Fetch firmware binary blob for RPI3B+
150 152 if [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
151 153 # Fetch firmware binary blob for RPi3P
152 154 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
153 155 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
154 156 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
155 157
156 158 # Move downloaded firmware binary blob
157 159 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
158 160
159 161 # Set permissions of the firmware binary blob
160 162 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
161 163 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
162 164 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
163 165 # Fetch firmware binary blob for RPi3
164 166 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
165 167 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
166 168
167 169 # Move downloaded firmware binary blob
168 170 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
169 171
170 172 # Set permissions of the firmware binary blob
171 173 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
172 174 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
173 175 fi
174 176
175 177 # Remove temporary directory for firmware binary blob
176 178 rm -fr "${temp_dir}"
177 179 fi
@@ -1,28 +1,32
1 1 logger -t "rc.firstboot" "Configuring network interface name"
2 2
3 3 INTERFACE_NAME_ETH=$(dmesg | grep "renamed from eth0" | awk -F ":| " '{ print $9 }')
4 4 INTERFACE_NAME_WIFI=$(dmesg | grep "renamed from wlan0" | awk -F ":| " '{ print $9 }')
5 5
6 6 if [ ! -z INTERFACE_NAME_ETH ] ; then
7 7 if [ -r "/etc/systemd/network/eth0.network" ] ; then
8 8 sed -i "s/eth0/${INTERFACE_NAME_ETH}/" /etc/systemd/network/eth0.network
9 9 fi
10 10
11 11 if [ -r "/lib/systemd/network/10-eth0.network" ] ; then
12 12 sed -i "s/eth0/${INTERFACE_NAME_ETH}/" /lib/systemd/network/10-eth0.network
13 13 fi
14 14 # Move config to new interface name
15 15 mv /etc/systemd/network/eth0.network /etc/systemd/network/"${INTERFACE_NAME_ETH}".network
16 16 fi
17 17
18 18 if [ ! -z INTERFACE_NAME_WIFI ] ; then
19 19 if [ -r "/etc/systemd/network/wlan0.network" ] ; then
20 20 sed -i "s/wlan0/${INTERFACE_NAME_WIFI}/" /etc/systemd/network/wlan0.network
21 21 fi
22 22
23 23 if [ -r "/lib/systemd/network/11-wlan0.network" ] ; then
24 24 sed -i "s/wlan0/${INTERFACE_NAME_WIFI}/" /lib/systemd/network/11-wlan0.network
25 25 fi
26 26 # Move config to new interface name
27 27 mv /etc/systemd/network/wlan0.network /etc/systemd/network/"${INTERFACE_NAME_WIFI}".network
28
29 systemctl disable wpa_supplicant@wlan0.service
30 systemctl enable wpa_supplicant@"${INTERFACE_NAME_WIFI}".service
31 systemctl start wpa_supplicant@"${INTERFACE_NAME_WIFI}".service
28 32 fi
@@ -1,910 +1,910
1 1 #!/bin/sh
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration
43 43 RPI_MODEL=${RPI_MODEL:=2}
44 44
45 45 # Debian release
46 46 RELEASE=${RELEASE:=buster}
47 47 if [ $RELEASE = "bullseye" ] ; then
48 48 RELEASE=testing
49 49 fi
50 50
51 51 # Kernel Branch
52 52 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
53 53
54 54 # URLs
55 55 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
56 56 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
57 57 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
58 58 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
59 59 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
60 60 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
61 61 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
62 62 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
63 63 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
64 64
65 65 # Kernel deb packages for 32bit kernel
66 66 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
67 67 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
68 68 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
69 69 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.19.80.20191022/bcmrpi3-kernel-bis-4.19.80.20191022.tar.xz}
70 70 # Default precompiled 64bit kernel
71 71 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.19.80.20191022/bcmrpi3-kernel-4.19.80.20191022.tar.xz}
72 72 # Sakaki BIS Kernel RPI4 - https://github.com/sakaki-/bcm2711-kernel-bis
73 73 RPI4_64_BIS_KERNEL_URL=${RPI4_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz}
74 74 # Default precompiled 64bit kernel - https://github.com/sakaki-/bcm2711-kernel
75 75 RPI4_64_DEF_KERNEL_URL=${RPI4_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz}
76 76 # Generic
77 77 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
78 78 RPI4_64_KERNEL_URL=${RPI4_64_KERNEL_URL:=$RPI4_64_DEF_KERNEL_URL}
79 79 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
80 80 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
81 81
82 82 # Build directories
83 83 WORKDIR=$(pwd)
84 84 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
85 85 BUILDDIR="${BASEDIR}/build"
86 86
87 87 # Chroot directories
88 88 R="${BUILDDIR}/chroot"
89 89 ETC_DIR="${R}/etc"
90 90 LIB_DIR="${R}/lib"
91 91 BOOT_DIR="${R}/boot/firmware"
92 92 KERNEL_DIR="${R}/usr/src/linux"
93 93 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
94 94 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
95 95
96 96 # Firmware directory: Blank if download from github
97 97 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
98 98
99 99 # General settings
100 100 SET_ARCH=${SET_ARCH:=32}
101 101 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
102 102 PASSWORD=${PASSWORD:=raspberry}
103 103 USER_PASSWORD=${USER_PASSWORD:=raspberry}
104 104 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
105 105 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
106 106 EXPANDROOT=${EXPANDROOT:=true}
107 107 ENABLE_DPHYSSWAP=${ENABLE_DPHYSSWAP:=true}
108 108
109 109 # Keyboard settings
110 110 XKB_MODEL=${XKB_MODEL:=""}
111 111 XKB_LAYOUT=${XKB_LAYOUT:=""}
112 112 XKB_VARIANT=${XKB_VARIANT:=""}
113 113 XKB_OPTIONS=${XKB_OPTIONS:=""}
114 114
115 115 # Network settings (DHCP)
116 116 ENABLE_ETH_DHCP=${ENABLE_ETH_DHCP:=true}
117 117 ENABLE_WIFI_DHCP=${ENABLE_ETH_DHCP:=true}
118 118
119 119 # Network settings (static)
120 120 NET_ETH_ADDRESS=${NET_ETH_ADDRESS:=""}
121 121 NET_ETH_GATEWAY=${NET_ETH_GATEWAY:=""}
122 122 NET_ETH_DNS_1=${NET_ETH_DNS_1:=""}
123 123 NET_ETH_DNS_2=${NET_ETH_DNS_2:=""}
124 124 NET_ETH_DNS_DOMAINS=${NET_ETH_DNS_DOMAINS:=""}
125 125 NET_ETH_NTP_1=${NET_ETH_NTP_1:=""}
126 126 NET_ETH_NTP_2=${NET_ETH_NTP_2:=""}
127 127
128 NET_WIFI_SSID=${NET_SSID:=""}
129 NET_WIFI_WPAPSK=${NET_WPAPSK:=""}
128 NET_WIFI_SSID=${NET_WIFI_SSID:=""}
129 NET_WIFI_PSK=${NET_WIFI_PSK:=""}
130 130
131 131 # Network settings (static)
132 132 NET_WIFI_ADDRESS=${NET_WIFI_ADDRESS:=""}
133 133 NET_WIFI_GATEWAY=${NET_WIFI_GATEWAY:=""}
134 134 NET_WIFI_DNS_1=${NET_WIFI_DNS_1:=""}
135 135 NET_WIFI_DNS_2=${NET_WIFI_DNS_2:=""}
136 136 NET_WIFI_DNS_DOMAINS=${NET_WIFI_DNS_DOMAINS:=""}
137 137 NET_WIFI_NTP_1=${NET_WIFI_NTP_1:=""}
138 138 NET_WIFI_NTP_2=${NET_WIFI_NTP_2:=""}
139 139
140 140 # APT settings
141 141 APT_PROXY=${APT_PROXY:=""}
142 142 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
143 143 KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
144 144
145 145 # Feature settings
146 146 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
147 147 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
148 148 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
149 149 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
150 150 ENABLE_I2C=${ENABLE_I2C:=false}
151 151 ENABLE_SPI=${ENABLE_SPI:=false}
152 152 ENABLE_IPV6=${ENABLE_IPV6:=true}
153 153 ENABLE_SSHD=${ENABLE_SSHD:=true}
154 154 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
155 155 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
156 156 ENABLE_SOUND=${ENABLE_SOUND:=true}
157 157 ENABLE_DBUS=${ENABLE_DBUS:=true}
158 158 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
159 159 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
160 160 ENABLE_XORG=${ENABLE_XORG:=false}
161 161 ENABLE_WM=${ENABLE_WM:=""}
162 162 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
163 163 ENABLE_USER=${ENABLE_USER:=true}
164 164 USER_NAME=${USER_NAME:="pi"}
165 165 ENABLE_ROOT=${ENABLE_ROOT:=false}
166 166 ENABLE_QEMU=${ENABLE_QEMU:=false}
167 167 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
168 168
169 169 # SSH settings
170 170 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
171 171 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
172 172 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
173 173 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
174 174 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
175 175
176 176 # Advanced settings
177 177 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
178 178 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
179 179 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
180 180 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
181 181 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
182 182 ENABLE_USBBOOT=${ENABLE_USBBOOT=false}
183 183 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
184 184 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
185 185 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
186 186 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
187 187 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
188 188 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
189 189 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
190 190 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
191 191 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
192 192 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
193 193 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
194 194 ENABLE_SPLASH=${ENABLE_SPLASH:=true}
195 195 ENABLE_LOGO=${ENABLE_LOGO:=true}
196 196 ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
197 197 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
198 198
199 199 # Kernel compilation settings
200 200 BUILD_KERNEL=${BUILD_KERNEL:=true}
201 201 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
202 202 KERNEL_THREADS=${KERNEL_THREADS:=1}
203 203 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
204 204 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
205 205 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
206 206 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
207 207 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
208 208 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
209 209 KERNEL_VIRT=${KERNEL_VIRT:=false}
210 210 KERNEL_BPF=${KERNEL_BPF:=false}
211 211 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand}
212 212 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
213 213 KERNEL_NF=${KERNEL_NF:=false}
214 214 KERNEL_DHKEY=${KERNEL_DHKEY:=true}
215 215 KERNEL_BTRFS=${KERNEL_BTRFS:=false}
216 216 KERNEL_NSPAN=${KERNEL_NSPAN:=false}
217 217 KERNEL_POEHAT=${KERNEL_POEHAT:=false}
218 218
219 219 # Kernel compilation from source directory settings
220 220 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
221 221 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
222 222 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
223 223 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
224 224
225 225 # Reduce disk usage settings
226 226 REDUCE_APT=${REDUCE_APT:=true}
227 227 REDUCE_DOC=${REDUCE_DOC:=true}
228 228 REDUCE_MAN=${REDUCE_MAN:=true}
229 229 REDUCE_VIM=${REDUCE_VIM:=false}
230 230 REDUCE_BASH=${REDUCE_BASH:=false}
231 231 REDUCE_HWDB=${REDUCE_HWDB:=true}
232 232 REDUCE_SSHD=${REDUCE_SSHD:=true}
233 233 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
234 234
235 235 # Encrypted filesystem settings
236 236 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
237 237 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
238 238 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
239 239 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64"}
240 240 CRYPTFS_HASH=${CRYPTFS_HASH:="sha512"}
241 241 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
242 242 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
243 243 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
244 244 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
245 245 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
246 246
247 247 # Chroot scripts directory
248 248 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
249 249
250 250 # Packages required in the chroot build environment
251 251 APT_INCLUDES=${APT_INCLUDES:=""}
252 252 APT_INCLUDES="${APT_INCLUDES},flex,bison,apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
253 253
254 254 # Packages to exclude from chroot build environment
255 255 APT_EXCLUDES=${APT_EXCLUDES:=""}
256 256
257 257 # Packages required for bootstrapping
258 258 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
259 259 MISSING_PACKAGES=""
260 260
261 261 # Packages installed for c/c++ build environment in chroot (keep empty)
262 262 COMPILER_PACKAGES=""
263 263
264 264 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
265 265 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
266 266 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
267 267 APT_PROXY=http://127.0.0.1:3142/
268 268 fi
269 269
270 270 # Setup architecture specific settings
271 271 if [ -n "$SET_ARCH" ] ; then
272 272 # 64-bit configuration
273 273 if [ "$SET_ARCH" = 64 ] ; then
274 274 # General 64-bit depended settings
275 275 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
276 276 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
277 277 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
278 278
279 279 # Raspberry Pi model specific settings
280 280 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
281 281 if [ "$RPI_MODEL" != 4 ] ; then
282 282 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
283 283 else
284 284 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
285 285 fi
286 286
287 287 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
288 288 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
289 289 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
290 290 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
291 291 else
292 292 echo "error: Only Raspberry PI 3, 3B+ and 4 support 64-bit"
293 293 exit 1
294 294 fi
295 295 fi
296 296
297 297 # 32-bit configuration
298 298 if [ "$SET_ARCH" = 32 ] ; then
299 299 # General 32-bit dependend settings
300 300 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
301 301 KERNEL_ARCH=${KERNEL_ARCH:=arm}
302 302 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
303 303
304 304 # Raspberry Pi model specific settings
305 305 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
306 306 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
307 307 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
308 308 RELEASE_ARCH=${RELEASE_ARCH:=armel}
309 309 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
310 310 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
311 311 fi
312 312
313 313 # Raspberry Pi model specific settings
314 314 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
315 315 if [ "$RPI_MODEL" != 4 ] ; then
316 316 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
317 317 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
318 318 else
319 319 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
320 320 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7l.img}
321 321 fi
322 322
323 323 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
324 324 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
325 325
326 326 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
327 327 fi
328 328 fi
329 329 # SET_ARCH not set
330 330 else
331 331 echo "error: Please set '32' or '64' as value for SET_ARCH"
332 332 exit 1
333 333 fi
334 334 # Device specific configuration and U-Boot configuration
335 335 case "$RPI_MODEL" in
336 336 0)
337 337 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
338 338 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
339 339 ;;
340 340 1)
341 341 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
342 342 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
343 343 ;;
344 344 1P)
345 345 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
346 346 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
347 347 ;;
348 348 2)
349 349 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
350 350 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
351 351 ;;
352 352 3)
353 353 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
354 354 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
355 355 ;;
356 356 3P)
357 357 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
358 358 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
359 359 ;;
360 360 4)
361 361 DTB_FILE=${DTB_FILE:=bcm2711-rpi-4-b.dtb}
362 362 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_4_defconfig}
363 363 ;;
364 364 *)
365 365 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
366 366 exit 1
367 367 ;;
368 368 esac
369 369
370 370 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
371 371 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
372 372 # Include bluetooth packages on supported boards
373 373 if [ "$ENABLE_BLUETOOTH" = true ] ; then
374 374 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
375 375 fi
376 376 if [ "$ENABLE_WIRELESS" = true ] ; then
377 377 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb,wpasupplicant"
378 378 fi
379 379 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
380 380 # Check if the internal wireless interface is not supported by the RPi model
381 381 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
382 382 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
383 383 exit 1
384 384 fi
385 385 fi
386 386
387 387 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
388 388 echo "error: You have to compile kernel sources, if you want to enable nexmon"
389 389 exit 1
390 390 fi
391 391
392 392 # Prepare date string for default image file name
393 393 DATE="$(date +%Y-%m-%d)"
394 394 if [ -z "$KERNEL_BRANCH" ] ; then
395 395 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
396 396 else
397 397 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
398 398 fi
399 399
400 400 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
401 401 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
402 402 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
403 403 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
404 404 exit 1
405 405 fi
406 406 fi
407 407
408 408 # Add cmake to compile videocore sources
409 409 if [ "$ENABLE_VIDEOCORE" = true ] ; then
410 410 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
411 411 fi
412 412
413 413 # Add deps for nexmon
414 414 if [ "$ENABLE_NEXMON" = true ] ; then
415 415 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf make autoconf automake build-essential libtool"
416 416 fi
417 417
418 418 # Add libncurses5 to enable kernel menuconfig
419 419 if [ "$KERNEL_MENUCONFIG" = true ] ; then
420 420 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
421 421 fi
422 422
423 423 # Add ccache compiler cache for (faster) kernel cross (re)compilation
424 424 if [ "$KERNEL_CCACHE" = true ] ; then
425 425 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
426 426 fi
427 427
428 428 # Add cryptsetup package to enable filesystem encryption
429 429 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
430 430 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
431 431 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup,cryptsetup-initramfs"
432 432
433 433 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
434 434 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
435 435 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
436 436 fi
437 437
438 438 if [ -z "$CRYPTFS_PASSWORD" ] ; then
439 439 echo "error: no password defined (CRYPTFS_PASSWORD)!"
440 440 exit 1
441 441 fi
442 442 ENABLE_INITRAMFS=true
443 443 fi
444 444
445 445 # Add initramfs generation tools
446 446 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
447 447 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
448 448 fi
449 449
450 450 # Add device-tree-compiler required for building the U-Boot bootloader
451 451 if [ "$ENABLE_UBOOT" = true ] ; then
452 452 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bc"
453 453 fi
454 454
455 455 if [ "$ENABLE_USBBOOT" = true ] ; then
456 456 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 2 ]; then
457 457 echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P"
458 458 exit 1
459 459 fi
460 460 fi
461 461
462 462 # Check if root SSH (v2) public key file exists
463 463 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
464 464 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
465 465 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
466 466 exit 1
467 467 fi
468 468 fi
469 469
470 470 # Check if $USER_NAME SSH (v2) public key file exists
471 471 if [ -n "$SSH_USER_PUB_KEY" ] ; then
472 472 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
473 473 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
474 474 exit 1
475 475 fi
476 476 fi
477 477
478 478 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
479 479 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
480 480 exit 1
481 481 fi
482 482
483 483 # Check if all required packages are installed on the build system
484 484 for package in $REQUIRED_PACKAGES ; do
485 485 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
486 486 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
487 487 fi
488 488 done
489 489
490 490 # If there are missing packages ask confirmation for install, or exit
491 491 if [ -n "$MISSING_PACKAGES" ] ; then
492 492 echo "the following packages needed by this script are not installed:"
493 493 echo "$MISSING_PACKAGES"
494 494
495 495 printf "\ndo you want to install the missing packages right now? [y/n] "
496 496 read -r confirm
497 497 [ "$confirm" != "y" ] && exit 1
498 498
499 499 # Make sure all missing required packages are installed
500 500 apt-get update && apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
501 501 fi
502 502
503 503 # Check if ./bootstrap.d directory exists
504 504 if [ ! -d "./bootstrap.d/" ] ; then
505 505 echo "error: './bootstrap.d' required directory not found!"
506 506 exit 1
507 507 fi
508 508
509 509 # Check if ./files directory exists
510 510 if [ ! -d "./files/" ] ; then
511 511 echo "error: './files' required directory not found!"
512 512 exit 1
513 513 fi
514 514
515 515 # Check if specified KERNELSRC_DIR directory exists
516 516 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
517 517 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
518 518 exit 1
519 519 fi
520 520
521 521 # Check if specified UBOOTSRC_DIR directory exists
522 522 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
523 523 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
524 524 exit 1
525 525 fi
526 526
527 527 # Check if specified VIDEOCORESRC_DIR directory exists
528 528 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
529 529 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
530 530 exit 1
531 531 fi
532 532
533 533 # Check if specified FBTURBOSRC_DIR directory exists
534 534 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
535 535 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
536 536 exit 1
537 537 fi
538 538
539 539 # Check if specified NEXMONSRC_DIR directory exists
540 540 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
541 541 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
542 542 exit 1
543 543 fi
544 544
545 545 # Check if specified CHROOT_SCRIPTS directory exists
546 546 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
547 547 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
548 548 exit 1
549 549 fi
550 550
551 551 # Check if specified device mapping already exists (will be used by cryptsetup)
552 552 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
553 553 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
554 554 exit 1
555 555 fi
556 556
557 557 # Don't clobber an old build
558 558 if [ -e "$BUILDDIR" ] ; then
559 559 echo "error: directory ${BUILDDIR} already exists, not proceeding"
560 560 exit 1
561 561 fi
562 562
563 563 # Setup chroot directory
564 564 mkdir -p "${R}"
565 565
566 566 # Check if build directory has enough of free disk space >512MB
567 567 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
568 568 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
569 569 exit 1
570 570 fi
571 571
572 572 set -x
573 573
574 574 # Call "cleanup" function on various signals and errors
575 575 trap cleanup 0 1 2 3 6
576 576
577 577 # Add required packages for the minbase installation
578 578 if [ "$ENABLE_MINBASE" = true ] ; then
579 579 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
580 580 fi
581 581
582 582 # Add parted package, required to get partprobe utility
583 583 if [ "$EXPANDROOT" = true ] ; then
584 584 APT_INCLUDES="${APT_INCLUDES},parted"
585 585 fi
586 586
587 587 # Add dphys-swapfile package, required to enable swap
588 588 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
589 589 APT_INCLUDES="${APT_INCLUDES},dphys-swapfile"
590 590 fi
591 591
592 592 # Add dbus package, recommended if using systemd
593 593 if [ "$ENABLE_DBUS" = true ] ; then
594 594 APT_INCLUDES="${APT_INCLUDES},dbus"
595 595 fi
596 596
597 597 # Add iptables IPv4/IPv6 package
598 598 if [ "$ENABLE_IPTABLES" = true ] ; then
599 599 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
600 600 fi
601 601 # Add apparmor for KERNEL_SECURITY
602 602 if [ "$KERNEL_SECURITY" = true ] ; then
603 603 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
604 604 fi
605 605
606 606 # Add openssh server package
607 607 if [ "$ENABLE_SSHD" = true ] ; then
608 608 APT_INCLUDES="${APT_INCLUDES},openssh-server"
609 609 fi
610 610
611 611 # Add alsa-utils package
612 612 if [ "$ENABLE_SOUND" = true ] ; then
613 613 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
614 614 fi
615 615
616 616 # Add rng-tools package
617 617 if [ "$ENABLE_HWRANDOM" = true ] ; then
618 618 APT_INCLUDES="${APT_INCLUDES},rng-tools"
619 619 fi
620 620
621 621 # Add fbturbo video driver
622 622 if [ "$ENABLE_FBTURBO" = true ] ; then
623 623 # Enable xorg package dependencies
624 624 ENABLE_XORG=true
625 625 fi
626 626
627 627 # Add user defined window manager package
628 628 if [ -n "$ENABLE_WM" ] ; then
629 629 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
630 630
631 631 # Enable xorg package dependencies
632 632 ENABLE_XORG=true
633 633 fi
634 634
635 635 # Add xorg package
636 636 if [ "$ENABLE_XORG" = true ] ; then
637 637 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
638 638 fi
639 639
640 640 # Replace selected packages with smaller clones
641 641 if [ "$ENABLE_REDUCE" = true ] ; then
642 642 # Add levee package instead of vim-tiny
643 643 if [ "$REDUCE_VIM" = true ] ; then
644 644 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
645 645 fi
646 646
647 647 # Add dropbear package instead of openssh-server
648 648 if [ "$REDUCE_SSHD" = true ] ; then
649 649 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
650 650 fi
651 651 fi
652 652
653 653 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
654 654 if [ "$ENABLE_SYSVINIT" = false ] ; then
655 655 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
656 656 fi
657 657
658 658 # Configure kernel sources if no KERNELSRC_DIR
659 659 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
660 660 KERNELSRC_CONFIG=true
661 661 fi
662 662
663 663 # Configure reduced kernel
664 664 if [ "$KERNEL_REDUCE" = true ] ; then
665 665 KERNELSRC_CONFIG=false
666 666 fi
667 667
668 668 # Configure qemu compatible kernel
669 669 if [ "$ENABLE_QEMU" = true ] ; then
670 670 DTB_FILE=vexpress-v2p-ca15_a7.dtb
671 671 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
672 672 KERNEL_DEFCONFIG="vexpress_defconfig"
673 673 if [ "$KERNEL_MENUCONFIG" = false ] ; then
674 674 KERNEL_OLDDEFCONFIG=true
675 675 fi
676 676 fi
677 677
678 678 # Execute bootstrap scripts
679 679 for SCRIPT in bootstrap.d/*.sh; do
680 680 head -n 3 "$SCRIPT"
681 681 . "$SCRIPT"
682 682 done
683 683
684 684 ## Execute custom bootstrap scripts
685 685 if [ -d "custom.d" ] ; then
686 686 for SCRIPT in custom.d/*.sh; do
687 687 . "$SCRIPT"
688 688 done
689 689 fi
690 690
691 691 # Execute custom scripts inside the chroot
692 692 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
693 693 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
694 694 chroot_exec /bin/bash -x <<'EOF'
695 695 for SCRIPT in /chroot_scripts/* ; do
696 696 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
697 697 $SCRIPT
698 698 fi
699 699 done
700 700 EOF
701 701 rm -rf "${R}/chroot_scripts"
702 702 fi
703 703
704 704 # Remove c/c++ build environment from the chroot
705 705 chroot_remove_cc
706 706
707 707 # Generate required machine-id
708 708 MACHINE_ID=$(dbus-uuidgen)
709 709 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
710 710 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
711 711
712 712 # APT Cleanup
713 713 chroot_exec apt-get -y clean
714 714 chroot_exec apt-get -y autoclean
715 715 chroot_exec apt-get -y autoremove
716 716
717 717 # Unmount mounted filesystems
718 718 umount -l "${R}/proc"
719 719 umount -l "${R}/sys"
720 720
721 721 # Clean up directories
722 722 rm -rf "${R}/run/*"
723 723 rm -rf "${R}/tmp/*"
724 724
725 725 # Clean up APT proxy settings
726 726 if [ "$KEEP_APT_PROXY" = false ] ; then
727 727 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
728 728 fi
729 729
730 730 # Clean up files
731 731 rm -f "${ETC_DIR}/ssh/ssh_host_*"
732 732 rm -f "${ETC_DIR}/dropbear/dropbear_*"
733 733 rm -f "${ETC_DIR}/apt/sources.list.save"
734 734 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
735 735 rm -f "${ETC_DIR}/*-"
736 736 rm -f "${ETC_DIR}/resolv.conf"
737 737 rm -f "${R}/root/.bash_history"
738 738 rm -f "${R}/var/lib/urandom/random-seed"
739 739 rm -f "${R}/initrd.img"
740 740 rm -f "${R}/vmlinuz"
741 741 rm -f "${R}${QEMU_BINARY}"
742 742
743 743 if [ "$ENABLE_QEMU" = true ] ; then
744 744 # Setup QEMU directory
745 745 mkdir "${BASEDIR}/qemu"
746 746
747 747 # Copy kernel image to QEMU directory
748 748 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
749 749
750 750 # Copy kernel config to QEMU directory
751 751 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
752 752
753 753 # Copy kernel dtbs to QEMU directory
754 754 for dtb in "${BOOT_DIR}/"*.dtb ; do
755 755 if [ -f "${dtb}" ] ; then
756 756 install_readonly "${dtb}" "${BASEDIR}/qemu/"
757 757 fi
758 758 done
759 759
760 760 # Copy kernel overlays to QEMU directory
761 761 if [ -d "${BOOT_DIR}/overlays" ] ; then
762 762 # Setup overlays dtbs directory
763 763 mkdir "${BASEDIR}/qemu/overlays"
764 764
765 765 for dtb in "${BOOT_DIR}/overlays/"*.dtbo ; do
766 766 if [ -f "${dtb}" ] ; then
767 767 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
768 768 fi
769 769 done
770 770 fi
771 771
772 772 # Copy u-boot files to QEMU directory
773 773 if [ "$ENABLE_UBOOT" = true ] ; then
774 774 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
775 775 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
776 776 fi
777 777 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
778 778 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
779 779 fi
780 780 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
781 781 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
782 782 fi
783 783 fi
784 784
785 785 # Copy initramfs to QEMU directory
786 786 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
787 787 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
788 788 fi
789 789 fi
790 790
791 791 # Calculate size of the chroot directory in KB
792 792 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
793 793
794 794 # Calculate the amount of needed 512 Byte sectors
795 795 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
796 796 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
797 797 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
798 798
799 799 # The root partition is EXT4
800 800 # This means more space than the actual used space of the chroot is used.
801 801 # As overhead for journaling and reserved blocks 35% are added.
802 802 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
803 803
804 804 # Calculate required image size in 512 Byte sectors
805 805 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
806 806
807 807 # Prepare image file
808 808 if [ "$ENABLE_SPLITFS" = true ] ; then
809 809 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
810 810 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
811 811 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
812 812 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
813 813
814 814 # Write firmware/boot partition tables
815 815 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
816 816 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
817 817 EOM
818 818
819 819 # Write root partition table
820 820 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
821 821 ${TABLE_SECTORS},${ROOT_SECTORS},83
822 822 EOM
823 823
824 824 # Setup temporary loop devices
825 825 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
826 826 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
827 827 else # ENABLE_SPLITFS=false
828 828 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
829 829 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
830 830
831 831 # Write partition table
832 832 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
833 833 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
834 834 ${ROOT_OFFSET},${ROOT_SECTORS},83
835 835 EOM
836 836
837 837 # Setup temporary loop devices
838 838 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
839 839 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
840 840 fi
841 841
842 842 if [ "$ENABLE_CRYPTFS" = true ] ; then
843 843 # Create dummy ext4 fs
844 844 mkfs.ext4 "$ROOT_LOOP"
845 845
846 846 # Setup password keyfile
847 847 touch .password
848 848 chmod 600 .password
849 849 echo -n ${CRYPTFS_PASSWORD} > .password
850 850
851 851 # Initialize encrypted partition
852 852 cryptsetup --verbose --debug -q luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -h "${CRYPTFS_HASH}" -s "${CRYPTFS_XTSKEYSIZE}" .password
853 853
854 854 # Open encrypted partition and setup mapping
855 855 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
856 856
857 857 # Secure delete password keyfile
858 858 shred -zu .password
859 859
860 860 # Update temporary loop device
861 861 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
862 862
863 863 # Wipe encrypted partition (encryption cipher is used for randomness)
864 864 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
865 865 fi
866 866
867 867 # Build filesystems
868 868 mkfs.vfat "$FRMW_LOOP"
869 869 mkfs.ext4 "$ROOT_LOOP"
870 870
871 871 # Mount the temporary loop devices
872 872 mkdir -p "$BUILDDIR/mount"
873 873 mount "$ROOT_LOOP" "$BUILDDIR/mount"
874 874
875 875 mkdir -p "$BUILDDIR/mount/boot/firmware"
876 876 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
877 877
878 878 # Copy all files from the chroot to the loop device mount point directory
879 879 rsync -a "${R}/" "$BUILDDIR/mount/"
880 880
881 881 # Unmount all temporary loop devices and mount points
882 882 cleanup
883 883
884 884 # Create block map file(s) of image(s)
885 885 if [ "$ENABLE_SPLITFS" = true ] ; then
886 886 # Create block map files for "bmaptool"
887 887 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
888 888 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
889 889
890 890 # Image was successfully created
891 891 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
892 892 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
893 893 else
894 894 # Create block map file for "bmaptool"
895 895 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
896 896
897 897 # Image was successfully created
898 898 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
899 899
900 900 # Create qemu qcow2 image
901 901 if [ "$ENABLE_QEMU" = true ] ; then
902 902 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
903 903 QEMU_SIZE=16G
904 904
905 905 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
906 906 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
907 907
908 908 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
909 909 fi
910 910 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant