@@ -8,7 +8,7 | |||||
8 | # Install and setup fstab |
|
8 | # Install and setup fstab | |
9 | install_readonly files/mount/fstab "${ETC_DIR}/fstab" |
|
9 | install_readonly files/mount/fstab "${ETC_DIR}/fstab" | |
10 |
|
10 | |||
11 |
if [ "$ENABLE_UBOOT |
|
11 | if [ "$ENABLE_USBBOOT" = true ] ; then | |
12 | sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab" |
|
12 | sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab" | |
13 | sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab" |
|
13 | sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab" | |
14 | fi |
|
14 | fi | |
@@ -42,40 +42,54 if [ "$ENABLE_INITRAMFS" = true ] ; then | |||||
42 | install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount" |
|
42 | install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount" | |
43 | install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools" |
|
43 | install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools" | |
44 | fi |
|
44 | fi | |
|
45 | ||||
|
46 | if [ "$CRYPTFS_DROPBEAR" = true ] ; then | |||
|
47 | # Get cdir from NET_ADDRESS e.g. 24 | |||
|
48 | cdir=$(${NET_ADDRESS} | cut -d '/' -f2) | |||
|
49 | ||||
|
50 | # Convert cdir ro netmask e.g. 24 to 255.255.255.0 | |||
|
51 | NET_MASK=$(cdr2mask "$cdir") | |||
|
52 | ||||
|
53 | # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf | |||
|
54 | sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf | |||
|
55 | ||||
|
56 | # Regenerate initramfs | |||
|
57 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" | |||
|
58 | fi | |||
45 |
|
59 | |||
46 | if [ "$CRYPTFS_DROPBEAR" = true ]; then |
|
60 | if [ "$CRYPTFS_DROPBEAR" = true ]; then | |
47 |
|
|
61 | if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then | |
48 |
|
|
62 | install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub | |
49 |
|
|
63 | cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys | |
50 |
|
|
64 | else | |
51 |
|
|
65 | # Create key | |
52 |
|
|
66 | chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear | |
53 |
|
67 | |||
54 |
|
|
68 | # Convert dropbear key to openssh key | |
55 |
|
|
69 | chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa | |
56 |
|
70 | |||
57 |
|
|
71 | # Get Public Key Part | |
58 |
|
|
72 | chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub | |
59 |
|
73 | |||
60 |
|
|
74 | # Delete unwanted lines | |
61 |
|
|
75 | sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub | |
62 |
|
|
76 | sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub | |
63 |
|
77 | |||
64 |
|
|
78 | # Trust the new key | |
65 |
|
|
79 | cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys | |
66 |
|
80 | |||
67 |
|
|
81 | # Save Keys - convert with putty from rsa/openssh to puttkey | |
68 |
|
|
82 | cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa | |
69 |
|
83 | |||
70 |
|
|
84 | # Get unlock script | |
71 |
|
|
85 | install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh | |
72 |
|
86 | |||
73 |
|
|
87 | # Enable Dropbear inside initramfs | |
74 |
|
|
88 | printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf" | |
75 |
|
89 | |||
76 |
|
|
90 | # Enable Dropbear inside initramfs | |
77 |
|
|
91 | sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear | |
78 |
|
|
92 | fi | |
79 | else |
|
93 | else | |
80 | # Disable SSHD inside initramfs |
|
94 | # Disable SSHD inside initramfs | |
81 | printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf" |
|
95 | printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf" |
@@ -54,7 +54,7 if [ "$ENABLE_KEYGEN" = true] ; then | |||||
54 | fi |
|
54 | fi | |
55 |
|
55 | |||
56 | # Setup firmware boot cmdline |
|
56 | # Setup firmware boot cmdline | |
57 |
if [ "$ENABLE_UBOOT |
|
57 | if [ "$ENABLE_USBBOOT" = true ] ; then | |
58 | CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait init=/bin/systemd" |
|
58 | CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait init=/bin/systemd" | |
59 | else |
|
59 | else | |
60 | if [ "$ENABLE_SPLITFS" = true ] ; then |
|
60 | if [ "$ENABLE_SPLITFS" = true ] ; then | |
@@ -69,7 +69,7 if [ "$ENABLE_CRYPTFS" = true ] ; then | |||||
69 | if [ "$ENABLE_SPLITFS" = true ] ; then |
|
69 | if [ "$ENABLE_SPLITFS" = true ] ; then | |
70 | CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/") |
|
70 | CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/") | |
71 | else |
|
71 | else | |
72 |
if [ "$ENABLE_UBOOT |
|
72 | if [ "$ENABLE_USBBOOT" = true ] ; then | |
73 | CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/") |
|
73 | CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/") | |
74 | else |
|
74 | else | |
75 | CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/") |
|
75 | CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/") |
@@ -57,20 +57,6 else # ENABLE_DHCP=false | |||||
57 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\ |
|
57 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\ | |
58 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\ |
|
58 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\ | |
59 | "${ETC_DIR}/systemd/network/eth.network" |
|
59 | "${ETC_DIR}/systemd/network/eth.network" | |
60 |
|
||||
61 | if [ "$CRYPTFS_DROPBEAR" = true ] ; then |
|
|||
62 | # Get cdir from NET_ADDRESS e.g. 24 |
|
|||
63 | cdir=$(${NET_ADDRESS} | cut -d '/' -f2) |
|
|||
64 |
|
||||
65 | # Convert cdir ro netmask e.g. 24 to 255.255.255.0 |
|
|||
66 | NET_MASK=$(cdr2mask "$cdir") |
|
|||
67 |
|
||||
68 | # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf |
|
|||
69 | sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf |
|
|||
70 |
|
||||
71 | # Regenerate initramfs |
|
|||
72 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" |
|
|||
73 | fi |
|
|||
74 | fi |
|
60 | fi | |
75 |
|
61 | |||
76 | # Remove empty settings from network configuration |
|
62 | # Remove empty settings from network configuration |
@@ -159,7 +159,7 ENABLE_MINBASE=${ENABLE_MINBASE:=false} | |||||
159 | ENABLE_REDUCE=${ENABLE_REDUCE:=false} |
|
159 | ENABLE_REDUCE=${ENABLE_REDUCE:=false} | |
160 | ENABLE_UBOOT=${ENABLE_UBOOT:=false} |
|
160 | ENABLE_UBOOT=${ENABLE_UBOOT:=false} | |
161 | UBOOTSRC_DIR=${UBOOTSRC_DIR:=""} |
|
161 | UBOOTSRC_DIR=${UBOOTSRC_DIR:=""} | |
162 |
ENABLE_UBOOT |
|
162 | ENABLE_USBBOOT=${ENABLE_USBBOOT=false} | |
163 | ENABLE_FBTURBO=${ENABLE_FBTURBO:=false} |
|
163 | ENABLE_FBTURBO=${ENABLE_FBTURBO:=false} | |
164 | ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false} |
|
164 | ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false} | |
165 | ENABLE_NEXMON=${ENABLE_NEXMON:=false} |
|
165 | ENABLE_NEXMON=${ENABLE_NEXMON:=false} | |
@@ -433,11 +433,13 fi | |||||
433 | # Add device-tree-compiler required for building the U-Boot bootloader |
|
433 | # Add device-tree-compiler required for building the U-Boot bootloader | |
434 | if [ "$ENABLE_UBOOT" = true ] ; then |
|
434 | if [ "$ENABLE_UBOOT" = true ] ; then | |
435 | APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc" |
|
435 | APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc" | |
436 | #else |
|
436 | fi | |
437 | # if [ "$ENABLE_UBOOTUSB" = true ] ; then |
|
437 | ||
438 | # echo "error: Enabling UBOOTUSB requires u-boot to be enabled" |
|
438 | if [ "$ENABLE_USBBOOT" = true ] ; then | |
439 | # exit 1 |
|
439 | if ["$RPI_MODEL" != 3 ] || ["$RPI_MODEL" != 3P ] ; then | |
440 | # fi |
|
440 | echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P" | |
|
441 | exit 1 | |||
|
442 | fi | |||
441 | fi |
|
443 | fi | |
442 |
|
444 | |||
443 | # Check if root SSH (v2) public key file exists |
|
445 | # Check if root SSH (v2) public key file exists |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant