##// END OF EJS Templates
Added: I2C and SPI interface support
drtyhlpr -
r125:fa587c0f5aa0
parent child
Show More
@@ -1,386 +1,392
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `jessie` and `stretch`. Raspberry Pi 3 images are currently generated for 32-bit mode only.
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc```
9 9
10 10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandetory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
11 11
12 12 The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `jessie` and `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13 13
14 14 If a Debian Linux `jessie` build system is used it will be required to add the [Debian Cross-toolchains repository](http://emdebian.org/tools/debian/) first:
15 15
16 16 ```
17 17 echo "deb http://emdebian.org/tools/debian/ jessie main" > /etc/apt/sources.list.d/crosstools.list
18 18 sudo -u nobody wget -O - http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add -
19 19 dpkg --add-architecture armhf
20 20 apt-get update
21 21 ```
22 22
23 23 ## Command-line parameters
24 24 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
25 25
26 26 #####Command-line examples:
27 27 ```shell
28 28 ENABLE_UBOOT=true ./rpi23-gen-image.sh
29 29 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
30 30 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
31 31 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
32 32 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
33 33 ENABLE_MINBASE=true ./rpi23-gen-image.sh
34 34 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
35 35 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
36 36 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
37 37 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
38 38 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
39 39 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
40 40 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
41 41 ```
42 42
43 43 ## Configuration template files
44 44 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
45 45
46 46 #####Command-line examples:
47 47 ```shell
48 48 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
49 49 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
50 50 ```
51 51
52 52 ## Supported parameters and settings
53 53 #### APT settings:
54 54 ##### `APT_SERVER`="ftp.debian.org"
55 55 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
56 56
57 57 ##### `APT_PROXY`=""
58 58 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
59 59
60 60 ##### `APT_INCLUDES`=""
61 61 A comma separated list of additional packages to be installed during bootstrapping.
62 62
63 63 #### General system settings:
64 64 ##### `RPI_MODEL`=2
65 65 Specifiy the target Raspberry Pi hardware model. The script at this time supports the Raspberry Pi models `2` and `3`. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
66 66
67 67 ##### `RELEASE`="jessie"
68 68 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases "jessie" and "stretch". `BUILD_KERNEL`=true will automatically be set if the Debian release `stretch` is used.
69 69
70 70 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
71 71 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
72 72
73 73 ##### `PASSWORD`="raspberry"
74 74 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
75 75
76 76 ##### `USER_PASSWORD`="raspberry"
77 77 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
78 78
79 79 ##### `DEFLOCAL`="en_US.UTF-8"
80 80 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
81 81
82 82 ##### `TIMEZONE`="Europe/Berlin"
83 83 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
84 84
85 85 ##### `EXPANDROOT`=true
86 86 Expand the root partition and filesystem automatically on first boot.
87 87
88 88 #### Keyboard settings:
89 89 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
90 90
91 91 ##### `XKB_MODEL`=""
92 92 Set the name of the model of your keyboard type.
93 93
94 94 ##### `XKB_LAYOUT`=""
95 95 Set the supported keyboard layout(s).
96 96
97 97 ##### `XKB_VARIANT`=""
98 98 Set the supported variant(s) of the keyboard layout(s).
99 99
100 100 ##### `XKB_OPTIONS`=""
101 101 Set extra xkb configuration options.
102 102
103 103 #### Networking settings (DHCP):
104 104 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
105 105
106 106 #####`ENABLE_DHCP`=true
107 107 Set the system to use DHCP. This requires an DHCP server.
108 108
109 109 #### Networking settings (static):
110 110 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
111 111
112 112 #####`NET_ADDRESS`=""
113 113 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
114 114
115 115 #####`NET_GATEWAY`=""
116 116 Set the IP address for the default gateway.
117 117
118 118 #####`NET_DNS_1`=""
119 119 Set the IP address for the first DNS server.
120 120
121 121 #####`NET_DNS_2`=""
122 122 Set the IP address for the second DNS server.
123 123
124 124 #####`NET_DNS_DOMAINS`=""
125 125 Set the default DNS search domains to use for non fully qualified host names.
126 126
127 127 #####`NET_NTP_1`=""
128 128 Set the IP address for the first NTP server.
129 129
130 130 #####`NET_NTP_2`=""
131 131 Set the IP address for the second NTP server.
132 132
133 133 #### Basic system features:
134 134 ##### `ENABLE_CONSOLE`=true
135 135 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
136 136
137 ##### `ENABLE_I2C`=false
138 Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
139
140 ##### `ENABLE_SPI`=false
141 Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
142
137 143 ##### `ENABLE_IPV6`=true
138 144 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
139 145
140 146 ##### `ENABLE_SSHD`=true
141 147 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
142 148
143 149 ##### `ENABLE_NONFREE`=false
144 150 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
145 151
146 152 ##### `ENABLE_WIRELESS`=false
147 153 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
148 154
149 155 ##### `ENABLE_RSYSLOG`=true
150 156 If set to false, disable and uninstall rsyslog (so logs will be available only
151 157 in journal files)
152 158
153 159 ##### `ENABLE_SOUND`=true
154 160 Enable sound hardware and install Advanced Linux Sound Architecture.
155 161
156 162 ##### `ENABLE_HWRANDOM`=true
157 163 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
158 164
159 165 ##### `ENABLE_MINGPU`=false
160 166 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
161 167
162 168 ##### `ENABLE_DBUS`=true
163 169 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
164 170
165 171 ##### `ENABLE_XORG`=false
166 172 Install Xorg open-source X Window System.
167 173
168 174 ##### `ENABLE_WM`=""
169 175 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
170 176
171 177 #### Advanced system features:
172 178 ##### `ENABLE_MINBASE`=false
173 179 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
174 180
175 181 ##### `ENABLE_REDUCE`=false
176 182 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
177 183
178 184 ##### `ENABLE_UBOOT`=false
179 185 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](http://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
180 186
181 187 ##### `ENABLE_FBTURBO`=false
182 188 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
183 189
184 190 ##### `ENABLE_IPTABLES`=false
185 191 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
186 192
187 193 ##### `ENABLE_USER`=true
188 194 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
189 195
190 196 ##### `USER_NAME`=pi
191 197 Non-root user to create. Ignored if `ENABLE_USER`=false
192 198
193 199 ##### `ENABLE_ROOT`=false
194 200 Set root user password so root login will be enabled
195 201
196 202 ##### `ENABLE_HARDNET`=false
197 203 Enable IPv4/IPv6 network stack hardening settings.
198 204
199 205 ##### `ENABLE_SPLITFS`=false
200 206 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
201 207
202 208 ##### `CHROOT_SCRIPTS`=""
203 209 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
204 210
205 211 ##### `ENABLE_INITRAMFS`=false
206 212 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
207 213
208 214 ##### `ENABLE_IFNAMES`=true
209 215 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names. This parameter is only supported if the Debian release `stretch` is used.
210 216
211 217 #### SSH settings:
212 218 ##### `SSH_ENABLE_ROOT`=false
213 219 Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
214 220
215 221 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
216 222 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
217 223
218 224 ##### `SSH_LIMIT_USERS`=false
219 225 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login.
220 226
221 227 ##### `SSH_ROOT_AUTHORIZED_KEYS`=""
222 228 Add specified SSH `authorized_keys` file that contains keys for public key based SSH (v2) authentication of user `root`. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
223 229
224 230 ##### `SSH_ROOT_PUB_KEY`=""
225 231 Add specified SSH (v2) public key file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
226 232
227 233 ##### `SSH_USER_AUTHORIZED_KEYS`=""
228 234 Add specified SSH `authorized_keys` file that contains keys for public key based SSH (v2) authentication of user `USER_NAME`=pi. SSH protocol version 1 is not supported.
229 235
230 236 ##### `SSH_USER_PUB_KEY`=""
231 237 Add specified SSH (v2) public key file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. SSH protocol version 1 is not supported.
232 238
233 239 #### Kernel compilation:
234 240 ##### `BUILD_KERNEL`=false
235 241 Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
236 242
237 243 ##### `KERNEL_REDUCE`=false
238 244 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
239 245
240 246 ##### `KERNEL_THREADS`=1
241 247 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
242 248
243 249 ##### `KERNEL_HEADERS`=true
244 250 Install kernel headers with built kernel.
245 251
246 252 ##### `KERNEL_MENUCONFIG`=false
247 253 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
248 254
249 255 ##### `KERNEL_REMOVESRC`=true
250 256 Remove all kernel sources from the generated OS image after it was built and installed.
251 257
252 258 ##### `KERNELSRC_DIR`=""
253 259 Path to a directory of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
254 260
255 261 ##### `KERNELSRC_CLEAN`=false
256 262 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
257 263
258 264 ##### `KERNELSRC_CONFIG`=true
259 265 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
260 266
261 267 ##### `KERNELSRC_USRCONFIG`=""
262 268 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
263 269
264 270 ##### `KERNELSRC_PREBUILT`=false
265 271 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
266 272
267 273 ##### `RPI_FIRMWARE_DIR`=""
268 274 The directory containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
269 275
270 276 #### Reduce disk usage:
271 277 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
272 278
273 279 ##### `REDUCE_APT`=true
274 280 Configure APT to use compressed package repository lists and no package caching files.
275 281
276 282 ##### `REDUCE_DOC`=true
277 283 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
278 284
279 285 ##### `REDUCE_MAN`=true
280 286 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
281 287
282 288 ##### `REDUCE_VIM`=false
283 289 Replace `vim-tiny` package by `levee` a tiny vim clone.
284 290
285 291 ##### `REDUCE_BASH`=false
286 292 Remove `bash` package and switch to `dash` shell (experimental).
287 293
288 294 ##### `REDUCE_HWDB`=true
289 295 Remove PCI related hwdb files (experimental).
290 296
291 297 ##### `REDUCE_SSHD`=true
292 298 Replace `openssh-server` with `dropbear`.
293 299
294 300 ##### `REDUCE_LOCALE`=true
295 301 Remove all `locale` translation files.
296 302
297 303 #### Encrypted root partition:
298 304
299 305 ##### `ENABLE_CRYPTFS`=false
300 306 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
301 307
302 308 ##### `CRYPTFS_PASSWORD`=""
303 309 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
304 310
305 311 ##### `CRYPTFS_MAPPING`="secure"
306 312 Set name of dm-crypt managed device-mapper mapping.
307 313
308 314 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
309 315 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
310 316
311 317 ##### `CRYPTFS_XTSKEYSIZE`=512
312 318 Sets key size in bits. The argument has to be a multiple of 8.
313 319
314 320 ## Understanding the script
315 321 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
316 322
317 323 | Script | Description |
318 324 | --- | --- |
319 325 | `10-bootstrap.sh` | Debootstrap basic system |
320 326 | `11-apt.sh` | Setup APT repositories |
321 327 | `12-locale.sh` | Setup Locales and keyboard settings |
322 328 | `13-kernel.sh` | Build and install RPi2/3 Kernel |
323 329 | `20-networking.sh` | Setup Networking |
324 330 | `21-firewall.sh` | Setup Firewall |
325 331 | `30-security.sh` | Setup Users and Security settings |
326 332 | `31-logging.sh` | Setup Logging |
327 333 | `32-sshd.sh` | Setup SSH and public keys |
328 334 | `41-uboot.sh` | Build and Setup U-Boot |
329 335 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
330 336 | `50-firstboot.sh` | First boot actions |
331 337 | `99-reduce.sh` | Reduce the disk space usage |
332 338
333 339 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
334 340
335 341 | Directory | Description |
336 342 | --- | --- |
337 343 | `apt` | APT management configuration files |
338 344 | `boot` | Boot and RPi2/3 configuration files |
339 345 | `dpkg` | Package Manager configuration |
340 346 | `etc` | Configuration files and rc scripts |
341 347 | `firstboot` | Scripts that get executed on first boot |
342 348 | `initramfs` | Initramfs scripts |
343 349 | `iptables` | Firewall configuration files |
344 350 | `locales` | Locales configuration |
345 351 | `modules` | Kernel Modules configuration |
346 352 | `mount` | Fstab configuration |
347 353 | `network` | Networking configuration files |
348 354 | `sysctl.d` | Swapping and Network Hardening configuration |
349 355 | `xorg` | fbturbo Xorg driver configuration |
350 356
351 357 ## Custom packages and scripts
352 358 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
353 359
354 360 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
355 361
356 362 ## Logging of the bootstrapping process
357 363 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
358 364
359 365 ```shell
360 366 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
361 367 ```
362 368
363 369 ## Flashing the image file
364 370 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
365 371
366 372 #####Flashing examples:
367 373 ```shell
368 374 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie.img /dev/mmcblk0
369 375 dd bs=4M if=./images/jessie/2017-01-23-rpi3-jessie.img of=/dev/mmcblk0
370 376 ```
371 377 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
372 378 ```shell
373 379 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-frmw.img /dev/mmcblk0
374 380 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc
375 381 ```
376 382
377 383 ## External links and references
378 384 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
379 385 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
380 386 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
381 387 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
382 388 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
383 389 * [U-BOOT git repository](http://git.denx.de/?p=u-boot.git;a=summary)
384 390 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
385 391 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
386 392 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,320 +1,336
1 1 #
2 2 # Build and Setup RPi2/3 Kernel
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Fetch and build latest raspberry kernel
9 9 if [ "$BUILD_KERNEL" = true ] ; then
10 10 # Setup source directory
11 11 mkdir -p "${R}/usr/src"
12 12
13 13 # Copy existing kernel sources into chroot directory
14 14 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
15 15 # Copy kernel sources
16 16 cp -r "${KERNELSRC_DIR}" "${R}/usr/src"
17 17
18 18 # Clean the kernel sources
19 19 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
20 20 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
21 21 fi
22 22 else # KERNELSRC_DIR=""
23 23 # Fetch current raspberrypi kernel sources
24 24 git -C "${R}/usr/src" clone --depth=1 "${KERNEL_URL}"
25 25 fi
26 26
27 27 # Calculate optimal number of kernel building threads
28 28 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
29 29 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
30 30 fi
31 31
32 32 # Configure and build kernel
33 33 if [ "$KERNELSRC_PREBUILT" = false ] ; then
34 34 # Remove device, network and filesystem drivers from kernel configuration
35 35 if [ "$KERNEL_REDUCE" = true ] ; then
36 36 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
37 37 sed -i\
38 38 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
39 39 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
40 40 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
41 41 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
42 42 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
43 43 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
44 44 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
45 45 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
46 46 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
47 47 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
48 48 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
49 49 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
50 50 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
51 51 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
52 52 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
53 53 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
54 54 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
55 55 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
56 56 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
57 57 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
58 58 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
59 59 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
60 60 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
61 61 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
62 62 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
63 63 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
64 64 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
65 65 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
66 66 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
67 67 "${KERNEL_DIR}/.config"
68 68 fi
69 69
70 70 if [ "$KERNELSRC_CONFIG" = true ] ; then
71 71 # Load default raspberry kernel configuration
72 72 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
73 73
74 74 if [ ! -z "$KERNELSRC_USRCONFIG" ] ; then
75 75 cp $KERNELSRC_USRCONFIG ${KERNEL_DIR}/.config
76 76 fi
77 77
78 78 # Start menu-driven kernel configuration (interactive)
79 79 if [ "$KERNEL_MENUCONFIG" = true ] ; then
80 80 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
81 81 fi
82 82 fi
83 83
84 84 # Cross compile kernel and modules
85 85 make -C "${KERNEL_DIR}" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" zImage modules dtbs
86 86 fi
87 87
88 88 # Check if kernel compilation was successful
89 89 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/zImage" ] ; then
90 90 echo "error: kernel compilation failed! (zImage not found)"
91 91 cleanup
92 92 exit 1
93 93 fi
94 94
95 95 # Install kernel modules
96 96 if [ "$ENABLE_REDUCE" = true ] ; then
97 97 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
98 98 else
99 99 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
100 100
101 101 # Install kernel firmware
102 102 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
103 103 fi
104 104
105 105 # Install kernel headers
106 106 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
107 107 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
108 108 fi
109 109
110 110 # Prepare boot (firmware) directory
111 111 mkdir "${BOOT_DIR}"
112 112
113 113 # Get kernel release version
114 114 KERNEL_VERSION=`cat "${KERNEL_DIR}/include/config/kernel.release"`
115 115
116 116 # Copy kernel configuration file to the boot directory
117 117 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
118 118
119 119 # Copy dts and dtb device tree sources and binaries
120 120 mkdir "${BOOT_DIR}/overlays"
121 121 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb "${BOOT_DIR}/"
122 122 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb* "${BOOT_DIR}/overlays/"
123 123 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
124 124
125 125 if [ "$ENABLE_UBOOT" = false ] ; then
126 126 # Convert and copy zImage kernel to the boot directory
127 127 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/zImage" "${BOOT_DIR}/${KERNEL_IMAGE}"
128 128 else
129 129 # Copy zImage kernel to the boot directory
130 130 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/zImage" "${BOOT_DIR}/${KERNEL_IMAGE}"
131 131 fi
132 132
133 133 # Remove kernel sources
134 134 if [ "$KERNEL_REMOVESRC" = true ] ; then
135 135 rm -fr "${KERNEL_DIR}"
136 136 else
137 137 #make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" oldconfig
138 138 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
139 139 #make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
140 140 fi
141 141
142 142 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
143 143 # Install boot binaries from local directory
144 144 cp ${RPI_FIRMWARE_DIR}/boot/bootcode.bin ${BOOT_DIR}/bootcode.bin
145 145 cp ${RPI_FIRMWARE_DIR}/boot/fixup.dat ${BOOT_DIR}/fixup.dat
146 146 cp ${RPI_FIRMWARE_DIR}/boot/fixup_cd.dat ${BOOT_DIR}/fixup_cd.dat
147 147 cp ${RPI_FIRMWARE_DIR}/boot/fixup_x.dat ${BOOT_DIR}/fixup_x.dat
148 148 cp ${RPI_FIRMWARE_DIR}/boot/start.elf ${BOOT_DIR}/start.elf
149 149 cp ${RPI_FIRMWARE_DIR}/boot/start_cd.elf ${BOOT_DIR}/start_cd.elf
150 150 cp ${RPI_FIRMWARE_DIR}/boot/start_x.elf ${BOOT_DIR}/start_x.elf
151 151 else
152 152 # Install latest boot binaries from raspberry/firmware github
153 153 wget -q -O "${BOOT_DIR}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
154 154 wget -q -O "${BOOT_DIR}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
155 155 wget -q -O "${BOOT_DIR}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
156 156 wget -q -O "${BOOT_DIR}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
157 157 wget -q -O "${BOOT_DIR}/start.elf" "${FIRMWARE_URL}/start.elf"
158 158 wget -q -O "${BOOT_DIR}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
159 159 wget -q -O "${BOOT_DIR}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
160 160 fi
161 161
162 162 else # BUILD_KERNEL=false
163 163 # Kernel installation
164 164 chroot_exec apt-get -qq -y --no-install-recommends install linux-image-"${COLLABORA_KERNEL}" raspberrypi-bootloader-nokernel
165 165
166 166 # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
167 167 chroot_exec apt-get -qq -y install flash-kernel
168 168
169 169 # Check if kernel installation was successful
170 170 VMLINUZ="$(ls -1 ${R}/boot/vmlinuz-* | sort | tail -n 1)"
171 171 if [ -z "$VMLINUZ" ] ; then
172 172 echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
173 173 cleanup
174 174 exit 1
175 175 fi
176 176 # Copy vmlinuz kernel to the boot directory
177 177 install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}"
178 178 fi
179 179
180 180 # Setup firmware boot cmdline
181 181 if [ "$ENABLE_SPLITFS" = true ] ; then
182 182 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
183 183 else
184 184 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
185 185 fi
186 186
187 187 # Add encrypted root partition to cmdline.txt
188 188 if [ "$ENABLE_CRYPTFS" = true ] ; then
189 189 if [ "$ENABLE_SPLITFS" = true ] ; then
190 190 CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
191 191 else
192 192 CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
193 193 fi
194 194 fi
195 195
196 196 # Add serial console support
197 197 if [ "$ENABLE_CONSOLE" = true ] ; then
198 198 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
199 199 fi
200 200
201 201 # Remove IPv6 networking support
202 202 if [ "$ENABLE_IPV6" = false ] ; then
203 203 CMDLINE="${CMDLINE} ipv6.disable=1"
204 204 fi
205 205
206 206 # Automatically assign predictable network interface names
207 207 if [ "$ENABLE_IFNAMES" = false ] ; then
208 208 CMDLINE="${CMDLINE} net.ifnames=0"
209 209 else
210 210 CMDLINE="${CMDLINE} net.ifnames=1"
211 211 fi
212 212
213 213 # Set init to systemd if required by Debian release
214 214 if [ "$RELEASE" = "stretch" ] ; then
215 215 CMDLINE="${CMDLINE} init=/bin/systemd"
216 216 fi
217 217
218 218 # Install firmware boot cmdline
219 219 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
220 220
221 221 # Install firmware config
222 222 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
223 223
224 224 # Setup minimal GPU memory allocation size: 16MB (no X)
225 225 if [ "$ENABLE_MINGPU" = true ] ; then
226 226 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
227 227 fi
228 228
229 229 # Setup boot with initramfs
230 230 if [ "$ENABLE_INITRAMFS" = true ] ; then
231 231 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
232 232 fi
233 233
234 234 # Disable RPi3 Bluetooth and restore ttyAMA0 serial device
235 235 if [ "$RPI_MODEL" = 3 ] ; then
236 236 if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then
237 237 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
238 238 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
239 239 fi
240 240 fi
241 241
242 242 # Create firmware configuration and cmdline symlinks
243 243 ln -sf firmware/config.txt "${R}/boot/config.txt"
244 244 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
245 245
246 246 # Install and setup kernel modules to load at boot
247 247 mkdir -p "${R}/lib/modules-load.d/"
248 248 install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf"
249 249
250 250 # Load hardware random module at boot
251 251 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
252 252 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf"
253 253 fi
254 254
255 255 # Load sound module at boot
256 256 if [ "$ENABLE_SOUND" = true ] ; then
257 257 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
258 258 fi
259 259
260 # Enable I2C interface
261 if [ "$ENABLE_I2C" = true ] ; then
262 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
263 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${R}/lib/modules-load.d/rpi2.conf"
264 sed -i "s/^# i2c-dev/i2c-dev/" "${R}/lib/modules-load.d/rpi2.conf"
265 fi
266
267 # Enable SPI interface
268 if [ "$ENABLE_SPI" = true ] ; then
269 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
270 echo "spi-bcm2708" >> "${R}/lib/modules-load.d/rpi2.conf"
271 if [ "$RPI_MODEL" = 3 ] ; then
272 sed -i "s/spi-bcm2708/spi-bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
273 fi
274 fi
275
260 276 # Install kernel modules blacklist
261 277 mkdir -p "${ETC_DIR}/modprobe.d/"
262 278 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
263 279
264 280 # Install and setup fstab
265 281 install_readonly files/mount/fstab "${ETC_DIR}/fstab"
266 282
267 283 # Add usb/sda disk root partition to fstab
268 284 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
269 285 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
270 286 fi
271 287
272 288 # Add encrypted root partition to fstab and crypttab
273 289 if [ "$ENABLE_CRYPTFS" = true ] ; then
274 290 # Replace fstab root partition with encrypted partition mapping
275 291 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab"
276 292
277 293 # Add encrypted partition to crypttab and fstab
278 294 install_readonly files/mount/crypttab "${ETC_DIR}/crypttab"
279 295 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks" >> "${ETC_DIR}/crypttab"
280 296
281 297 if [ "$ENABLE_SPLITFS" = true ] ; then
282 298 # Add usb/sda disk to crypttab
283 299 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab"
284 300 fi
285 301 fi
286 302
287 303 # Generate initramfs file
288 304 if [ "$ENABLE_INITRAMFS" = true ] ; then
289 305 if [ "$ENABLE_CRYPTFS" = true ] ; then
290 306 # Include initramfs scripts to auto expand encrypted root partition
291 307 if [ "$EXPANDROOT" = true ] ; then
292 308 install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
293 309 install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
294 310 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
295 311 fi
296 312
297 313 # Disable SSHD inside initramfs
298 314 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
299 315
300 316 # Dummy mapping required by mkinitramfs
301 317 echo "0 1 crypt $(echo ${CRYPTFS_CIPHER} | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
302 318
303 319 # Generate initramfs with encrypted root partition support
304 320 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
305 321
306 322 # Remove dummy mapping
307 323 chroot_exec cryptsetup close "${CRYPTFS_MAPPING}"
308 324 else
309 325 # Generate initramfs without encrypted root partition support
310 326 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
311 327 fi
312 328 fi
313 329
314 330 # Install sysctl.d configuration files
315 331 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
316 332
317 333 # make symlinks
318 334 ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/build"
319 335 ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/source"
320 336
@@ -1,631 +1,633
1 1 #!/bin/sh
2 2
3 3 ########################################################################
4 4 # rpi23-gen-image.sh 2015-2017
5 5 #
6 6 # Advanced Debian "jessie" and "stretch" bootstrap script for RPi2/3
7 7 #
8 8 # This program is free software; you can redistribute it and/or
9 9 # modify it under the terms of the GNU General Public License
10 10 # as published by the Free Software Foundation; either version 2
11 11 # of the License, or (at your option) any later version.
12 12 #
13 13 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
14 14 #
15 15 # Big thanks for patches and enhancements by 10+ github contributors!
16 16 ########################################################################
17 17
18 18 # Are we running as root?
19 19 if [ "$(id -u)" -ne "0" ] ; then
20 20 echo "error: this script must be executed with root privileges!"
21 21 exit 1
22 22 fi
23 23
24 24 # Check if ./functions.sh script exists
25 25 if [ ! -r "./functions.sh" ] ; then
26 26 echo "error: './functions.sh' required script not found!"
27 27 exit 1
28 28 fi
29 29
30 30 # Load utility functions
31 31 . ./functions.sh
32 32
33 33 # Load parameters from configuration template file
34 34 if [ ! -z "$CONFIG_TEMPLATE" ] ; then
35 35 use_template
36 36 fi
37 37
38 38 # Introduce settings
39 39 set -e
40 40 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
41 41 set -x
42 42
43 43 # Raspberry Pi model configuration
44 44 RPI_MODEL=${RPI_MODEL:=2}
45 45 RPI2_DTB_FILE=${RPI2_DTB_FILE:=bcm2709-rpi-2-b.dtb}
46 46 RPI2_UBOOT_CONFIG=${RPI2_UBOOT_CONFIG:=rpi_2_defconfig}
47 47 RPI3_DTB_FILE=${RPI3_DTB_FILE:=bcm2710-rpi-3-b.dtb}
48 48 RPI3_UBOOT_CONFIG=${RPI3_UBOOT_CONFIG:=rpi_3_32b_defconfig}
49 49
50 50 # Debian release
51 51 RELEASE=${RELEASE:=jessie}
52 52 KERNEL_ARCH=${KERNEL_ARCH:=arm}
53 53 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
54 54 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
55 55 COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
56 56 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
57 57 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
58 58 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
59 59
60 60 # URLs
61 61 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
62 62 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
63 63 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm80211/brcm}
64 64 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
65 65 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
66 66 UBOOT_URL=${UBOOT_URL:=git://git.denx.de/u-boot.git}
67 67
68 68 # Build directories
69 69 BASEDIR="$(pwd)/images/${RELEASE}"
70 70 BUILDDIR="${BASEDIR}/build"
71 71
72 72 # Chroot directories
73 73 R="${BUILDDIR}/chroot"
74 74 ETC_DIR="${R}/etc"
75 75 LIB_DIR="${R}/lib"
76 76 BOOT_DIR="${R}/boot/firmware"
77 77 KERNEL_DIR="${R}/usr/src/linux"
78 78 WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm"
79 79
80 80 # Firmware directory: Blank if download from github
81 81 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
82 82
83 83 # General settings
84 84 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
85 85 PASSWORD=${PASSWORD:=raspberry}
86 86 USER_PASSWORD=${USER_PASSWORD:=raspberry}
87 87 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
88 88 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
89 89 EXPANDROOT=${EXPANDROOT:=true}
90 90
91 91 # Keyboard settings
92 92 XKB_MODEL=${XKB_MODEL:=""}
93 93 XKB_LAYOUT=${XKB_LAYOUT:=""}
94 94 XKB_VARIANT=${XKB_VARIANT:=""}
95 95 XKB_OPTIONS=${XKB_OPTIONS:=""}
96 96
97 97 # Network settings (DHCP)
98 98 ENABLE_DHCP=${ENABLE_DHCP:=true}
99 99
100 100 # Network settings (static)
101 101 NET_ADDRESS=${NET_ADDRESS:=""}
102 102 NET_GATEWAY=${NET_GATEWAY:=""}
103 103 NET_DNS_1=${NET_DNS_1:=""}
104 104 NET_DNS_2=${NET_DNS_2:=""}
105 105 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
106 106 NET_NTP_1=${NET_NTP_1:=""}
107 107 NET_NTP_2=${NET_NTP_2:=""}
108 108
109 109 # APT settings
110 110 APT_PROXY=${APT_PROXY:=""}
111 111 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
112 112
113 113 # Feature settings
114 114 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
115 ENABLE_I2C=${ENABLE_I2C:=false}
116 ENABLE_SPI=${ENABLE_SPI:=false}
115 117 ENABLE_IPV6=${ENABLE_IPV6:=true}
116 118 ENABLE_SSHD=${ENABLE_SSHD:=true}
117 119 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
118 120 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
119 121 ENABLE_SOUND=${ENABLE_SOUND:=true}
120 122 ENABLE_DBUS=${ENABLE_DBUS:=true}
121 123 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
122 124 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
123 125 ENABLE_XORG=${ENABLE_XORG:=false}
124 126 ENABLE_WM=${ENABLE_WM:=""}
125 127 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
126 128 ENABLE_USER=${ENABLE_USER:=true}
127 129 USER_NAME=${USER_NAME:="pi"}
128 130 ENABLE_ROOT=${ENABLE_ROOT:=false}
129 131
130 132 # SSH settings
131 133 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
132 134 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
133 135 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
134 136 SSH_ROOT_AUTHORIZED_KEYS=${SSH_ROOT_AUTHORIZED_KEYS:=""}
135 137 SSH_USER_AUTHORIZED_KEYS=${SSH_USER_AUTHORIZED_KEYS:=""}
136 138 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
137 139 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
138 140
139 141 # Advanced settings
140 142 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
141 143 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
142 144 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
143 145 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
144 146 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
145 147 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
146 148 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
147 149 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
148 150 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
149 151
150 152 # Kernel compilation settings
151 153 BUILD_KERNEL=${BUILD_KERNEL:=false}
152 154 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
153 155 KERNEL_THREADS=${KERNEL_THREADS:=1}
154 156 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
155 157 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
156 158 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
157 159
158 160 # Kernel compilation from source directory settings
159 161 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
160 162 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
161 163 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
162 164 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
163 165
164 166 # Reduce disk usage settings
165 167 REDUCE_APT=${REDUCE_APT:=true}
166 168 REDUCE_DOC=${REDUCE_DOC:=true}
167 169 REDUCE_MAN=${REDUCE_MAN:=true}
168 170 REDUCE_VIM=${REDUCE_VIM:=false}
169 171 REDUCE_BASH=${REDUCE_BASH:=false}
170 172 REDUCE_HWDB=${REDUCE_HWDB:=true}
171 173 REDUCE_SSHD=${REDUCE_SSHD:=true}
172 174 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
173 175
174 176 # Encrypted filesystem settings
175 177 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
176 178 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
177 179 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
178 180 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
179 181 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
180 182
181 183 # Stop the Crypto Wars
182 184 DISABLE_FBI=${DISABLE_FBI:=false}
183 185
184 186 # Chroot scripts directory
185 187 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
186 188
187 189 # Packages required in the chroot build environment
188 190 APT_INCLUDES=${APT_INCLUDES:=""}
189 191 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils"
190 192
191 193 # Packages required for bootstrapping
192 194 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc"
193 195 MISSING_PACKAGES=""
194 196
195 197 set +x
196 198
197 199 # Set Raspberry Pi model specific configuration
198 200 if [ "$RPI_MODEL" = 2 ] ; then
199 201 DTB_FILE=${RPI2_DTB_FILE}
200 202 UBOOT_CONFIG=${RPI2_UBOOT_CONFIG}
201 203 elif [ "$RPI_MODEL" = 3 ] ; then
202 204 DTB_FILE=${RPI3_DTB_FILE}
203 205 UBOOT_CONFIG=${RPI3_UBOOT_CONFIG}
204 206 BUILD_KERNEL=true
205 207 else
206 208 echo "error: Raspberry Pi model ${RPI_MODEL} is not supported!"
207 209 exit 1
208 210 fi
209 211
210 212 # Check if the internal wireless interface is supported by the RPi model
211 213 if [ "$ENABLE_WIRELESS" = true ] && [ "$RPI_MODEL" != 3 ] ; then
212 214 echo "error: The selected Raspberry Pi model has no internal wireless interface"
213 215 exit 1
214 216 fi
215 217
216 218 # Set compiler packages and build RPi2/3 Linux kernel if required by Debian release
217 219 if [ "$RELEASE" = "jessie" ] ; then
218 220 COMPILER_PACKAGES="linux-compiler-gcc-4.8-arm g++ make bc"
219 221 elif [ "$RELEASE" = "stretch" ] ; then
220 222 COMPILER_PACKAGES="linux-compiler-gcc-5-arm g++ make bc"
221 223 BUILD_KERNEL=true
222 224 else
223 225 echo "error: Debian release ${RELEASE} is not supported!"
224 226 exit 1
225 227 fi
226 228
227 229 # Add packages required for kernel cross compilation
228 230 if [ "$BUILD_KERNEL" = true ] ; then
229 231 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
230 232 fi
231 233
232 234 # Add libncurses5 to enable kernel menuconfig
233 235 if [ "$KERNEL_MENUCONFIG" = true ] ; then
234 236 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses5-dev"
235 237 fi
236 238
237 239 # Stop the Crypto Wars
238 240 if [ "$DISABLE_FBI" = true ] ; then
239 241 ENABLE_CRYPTFS=true
240 242 fi
241 243
242 244 # Add cryptsetup package to enable filesystem encryption
243 245 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
244 246 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
245 247 APT_INCLUDES="${APT_INCLUDES},cryptsetup"
246 248
247 249 if [ -z "$CRYPTFS_PASSWORD" ] ; then
248 250 echo "error: no password defined (CRYPTFS_PASSWORD)!"
249 251 exit 1
250 252 fi
251 253 ENABLE_INITRAMFS=true
252 254 fi
253 255
254 256 # Add initramfs generation tools
255 257 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
256 258 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
257 259 fi
258 260
259 261 # Add device-tree-compiler required for building the U-Boot bootloader
260 262 if [ "$ENABLE_UBOOT" = true ] ; then
261 263 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler"
262 264 fi
263 265
264 266 # Check if root SSH authorized keys file exists
265 267 if [ ! -z "$SSH_ROOT_AUTHORIZED_KEYS" ] ; then
266 268 if [ ! -f "$SSH_ROOT_AUTHORIZED_KEYS" ] ; then
267 269 echo "error: '$SSH_ROOT_AUTHORIZED_KEYS' specified SSH authorized keys file not found (SSH_ROOT_AUTHORIZED_KEYS)!"
268 270 exit 1
269 271 fi
270 272 fi
271 273
272 274 # Check if $USER_NAME SSH authorized keys file exists
273 275 if [ ! -z "$SSH_USER_AUTHORIZED_KEYS" ] ; then
274 276 if [ ! -f "$SSH_USER_AUTHORIZED_KEYS" ] ; then
275 277 echo "error: '$SSH_USER_AUTHORIZED_KEYS' specified SSH authorized keys file not found (SSH_USER_AUTHORIZED_KEYS)!"
276 278 exit 1
277 279 fi
278 280 fi
279 281
280 282 # Check if root SSH (v2) public key file exists
281 283 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
282 284 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
283 285 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
284 286 exit 1
285 287 fi
286 288 fi
287 289
288 290 # Check if $USER_NAME SSH (v2) public key file exists
289 291 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
290 292 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
291 293 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
292 294 exit 1
293 295 fi
294 296 fi
295 297
296 298 # Check if all required packages are installed on the build system
297 299 for package in $REQUIRED_PACKAGES ; do
298 300 if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
299 301 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
300 302 fi
301 303 done
302 304
303 305 # If there are missing packages ask confirmation for install, or exit
304 306 if [ -n "$MISSING_PACKAGES" ] ; then
305 307 echo "the following packages needed by this script are not installed:"
306 308 echo "$MISSING_PACKAGES"
307 309
308 310 echo -n "\ndo you want to install the missing packages right now? [y/n] "
309 311 read confirm
310 312 [ "$confirm" != "y" ] && exit 1
311 313
312 314 # Make sure all missing required packages are installed
313 315 apt-get -qq -y install ${MISSING_PACKAGES}
314 316 fi
315 317
316 318 # Check if ./bootstrap.d directory exists
317 319 if [ ! -d "./bootstrap.d/" ] ; then
318 320 echo "error: './bootstrap.d' required directory not found!"
319 321 exit 1
320 322 fi
321 323
322 324 # Check if ./files directory exists
323 325 if [ ! -d "./files/" ] ; then
324 326 echo "error: './files' required directory not found!"
325 327 exit 1
326 328 fi
327 329
328 330 # Check if specified KERNELSRC_DIR directory exists
329 331 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
330 332 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
331 333 exit 1
332 334 fi
333 335
334 336 # Check if specified CHROOT_SCRIPTS directory exists
335 337 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
336 338 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
337 339 exit 1
338 340 fi
339 341
340 342 # Check if specified device mapping already exists (will be used by cryptsetup)
341 343 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
342 344 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
343 345 exit 1
344 346 fi
345 347
346 348 # Don't clobber an old build
347 349 if [ -e "$BUILDDIR" ] ; then
348 350 echo "error: directory ${BUILDDIR} already exists, not proceeding"
349 351 exit 1
350 352 fi
351 353
352 354 # Setup chroot directory
353 355 mkdir -p "${R}"
354 356
355 357 # Check if build directory has enough of free disk space >512MB
356 358 if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
357 359 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
358 360 exit 1
359 361 fi
360 362
361 363 set -x
362 364
363 365 # Call "cleanup" function on various signals and errors
364 366 trap cleanup 0 1 2 3 6
365 367
366 368 # Add required packages for the minbase installation
367 369 if [ "$ENABLE_MINBASE" = true ] ; then
368 370 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
369 371 fi
370 372
371 373 # Add required locales packages
372 374 if [ "$DEFLOCAL" != "en_US.UTF-8" ] ; then
373 375 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
374 376 fi
375 377
376 378 # Add parted package, required to get partprobe utility
377 379 if [ "$EXPANDROOT" = true ] ; then
378 380 APT_INCLUDES="${APT_INCLUDES},parted"
379 381 fi
380 382
381 383 # Add dbus package, recommended if using systemd
382 384 if [ "$ENABLE_DBUS" = true ] ; then
383 385 APT_INCLUDES="${APT_INCLUDES},dbus"
384 386 fi
385 387
386 388 # Add iptables IPv4/IPv6 package
387 389 if [ "$ENABLE_IPTABLES" = true ] ; then
388 390 APT_INCLUDES="${APT_INCLUDES},iptables"
389 391 fi
390 392
391 393 # Add openssh server package
392 394 if [ "$ENABLE_SSHD" = true ] ; then
393 395 APT_INCLUDES="${APT_INCLUDES},openssh-server"
394 396 fi
395 397
396 398 # Add alsa-utils package
397 399 if [ "$ENABLE_SOUND" = true ] ; then
398 400 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
399 401 fi
400 402
401 403 # Add rng-tools package
402 404 if [ "$ENABLE_HWRANDOM" = true ] ; then
403 405 APT_INCLUDES="${APT_INCLUDES},rng-tools"
404 406 fi
405 407
406 408 # Add fbturbo video driver
407 409 if [ "$ENABLE_FBTURBO" = true ] ; then
408 410 # Enable xorg package dependencies
409 411 ENABLE_XORG=true
410 412 fi
411 413
412 414 # Add user defined window manager package
413 415 if [ -n "$ENABLE_WM" ] ; then
414 416 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
415 417
416 418 # Enable xorg package dependencies
417 419 ENABLE_XORG=true
418 420 fi
419 421
420 422 # Add xorg package
421 423 if [ "$ENABLE_XORG" = true ] ; then
422 424 APT_INCLUDES="${APT_INCLUDES},xorg"
423 425 fi
424 426
425 427 # Replace selected packages with smaller clones
426 428 if [ "$ENABLE_REDUCE" = true ] ; then
427 429 # Add levee package instead of vim-tiny
428 430 if [ "$REDUCE_VIM" = true ] ; then
429 431 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
430 432 fi
431 433
432 434 # Add dropbear package instead of openssh-server
433 435 if [ "$REDUCE_SSHD" = true ] ; then
434 436 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/openssh-server/dropbear/")"
435 437 fi
436 438 fi
437 439
438 440 # Configure kernel sources if no KERNELSRC_DIR
439 441 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
440 442 KERNELSRC_CONFIG=true
441 443 fi
442 444
443 445 # Configure reduced kernel
444 446 if [ "$KERNEL_REDUCE" = true ] ; then
445 447 KERNELSRC_CONFIG=false
446 448 fi
447 449
448 450 # Execute bootstrap scripts
449 451 for SCRIPT in bootstrap.d/*.sh; do
450 452 head -n 3 "$SCRIPT"
451 453 . "$SCRIPT"
452 454 done
453 455
454 456 ## Execute custom bootstrap scripts
455 457 if [ -d "custom.d" ] ; then
456 458 for SCRIPT in custom.d/*.sh; do
457 459 . "$SCRIPT"
458 460 done
459 461 fi
460 462
461 463 # Execute custom scripts inside the chroot
462 464 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
463 465 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
464 466 chroot_exec /bin/bash -x <<'EOF'
465 467 for SCRIPT in /chroot_scripts/* ; do
466 468 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
467 469 $SCRIPT
468 470 fi
469 471 done
470 472 EOF
471 473 rm -rf "${R}/chroot_scripts"
472 474 fi
473 475
474 476 # Remove apt-utils
475 477 if [ "$RELEASE" = "jessie" ] ; then
476 478 chroot_exec apt-get purge -qq -y --force-yes apt-utils
477 479 fi
478 480
479 481 # Generate required machine-id
480 482 MACHINE_ID=$(dbus-uuidgen)
481 483 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
482 484 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
483 485
484 486 # APT Cleanup
485 487 chroot_exec apt-get -y clean
486 488 chroot_exec apt-get -y autoclean
487 489 chroot_exec apt-get -y autoremove
488 490
489 491 # Unmount mounted filesystems
490 492 umount -l "${R}/proc"
491 493 umount -l "${R}/sys"
492 494
493 495 # Clean up directories
494 496 rm -rf "${R}/run/*"
495 497 rm -rf "${R}/tmp/*"
496 498
497 499 # Clean up files
498 500 rm -f "${ETC_DIR}/ssh/ssh_host_*"
499 501 rm -f "${ETC_DIR}/dropbear/dropbear_*"
500 502 rm -f "${ETC_DIR}/apt/sources.list.save"
501 503 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
502 504 rm -f "${ETC_DIR}/*-"
503 505 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
504 506 rm -f "${ETC_DIR}/resolv.conf"
505 507 rm -f "${R}/root/.bash_history"
506 508 rm -f "${R}/var/lib/urandom/random-seed"
507 509 rm -f "${R}/initrd.img"
508 510 rm -f "${R}/vmlinuz"
509 511 rm -f "${R}${QEMU_BINARY}"
510 512
511 513 # Remove root .ssh directory if it's empty
512 514 if [ -d "${R}/root/.ssh" ] ; then
513 515 rmdir --ignore-fail-on-non-empty "${R}/root/.ssh"
514 516 fi
515 517
516 518 # Remove $USER_NAME .ssh directory if it's empty
517 519 if [ -d "${R}/home/${USER_NAME}/.ssh" ] ; then
518 520 rmdir --ignore-fail-on-non-empty "${R}/home/${USER_NAME}/.ssh"
519 521 fi
520 522
521 523 # Calculate size of the chroot directory in KB
522 524 CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`)
523 525
524 526 # Calculate the amount of needed 512 Byte sectors
525 527 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
526 528 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
527 529 ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS})
528 530
529 531 # The root partition is EXT4
530 532 # This means more space than the actual used space of the chroot is used.
531 533 # As overhead for journaling and reserved blocks 25% are added.
532 534 ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 25) \* 1024 \/ 512)
533 535
534 536 # Calculate required image size in 512 Byte sectors
535 537 IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS})
536 538
537 539 # Prepare date string for image file name
538 540 DATE="$(date +%Y-%m-%d)"
539 541
540 542 # Prepare image file
541 543 if [ "$ENABLE_SPLITFS" = true ] ; then
542 544 dd if=/dev/zero of="$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-frmw.img" bs=512 count=${TABLE_SECTORS}
543 545 dd if=/dev/zero of="$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS}
544 546 dd if=/dev/zero of="$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-root.img" bs=512 count=${TABLE_SECTORS}
545 547 dd if=/dev/zero of="$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-root.img" bs=512 count=0 seek=${ROOT_SECTORS}
546 548
547 549 # Write firmware/boot partition tables
548 550 sfdisk -q -L -uS -f "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-frmw.img" 2> /dev/null <<EOM
549 551 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
550 552 EOM
551 553
552 554 # Write root partition table
553 555 sfdisk -q -L -uS -f "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-root.img" 2> /dev/null <<EOM
554 556 ${TABLE_SECTORS},${ROOT_SECTORS},83
555 557 EOM
556 558
557 559 # Setup temporary loop devices
558 560 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-frmw.img)"
559 561 ROOT_LOOP="$(losetup -o 1M -f --show $BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-root.img)"
560 562 else # ENABLE_SPLITFS=false
561 563 dd if=/dev/zero of="$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}.img" bs=512 count=${TABLE_SECTORS}
562 564 dd if=/dev/zero of="$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}.img" bs=512 count=0 seek=${IMAGE_SECTORS}
563 565
564 566 # Write partition table
565 567 sfdisk -q -L -uS -f "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}.img" 2> /dev/null <<EOM
566 568 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
567 569 ${ROOT_OFFSET},${ROOT_SECTORS},83
568 570 EOM
569 571
570 572 # Setup temporary loop devices
571 573 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}.img)"
572 574 ROOT_LOOP="$(losetup -o 65M -f --show $BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}.img)"
573 575 fi
574 576
575 577 if [ "$ENABLE_CRYPTFS" = true ] ; then
576 578 # Create dummy ext4 fs
577 579 mkfs.ext4 "$ROOT_LOOP"
578 580
579 581 # Setup password keyfile
580 582 echo -n ${CRYPTFS_PASSWORD} > .password
581 583 chmod 600 .password
582 584
583 585 # Initialize encrypted partition
584 586 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
585 587
586 588 # Open encrypted partition and setup mapping
587 589 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
588 590
589 591 # Secure delete password keyfile
590 592 shred -zu .password
591 593
592 594 # Update temporary loop device
593 595 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
594 596
595 597 # Wipe encrypted partition (encryption cipher is used for randomness)
596 598 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count=$(blockdev --getsz "${ROOT_LOOP}")
597 599 fi
598 600
599 601 # Build filesystems
600 602 mkfs.vfat "$FRMW_LOOP"
601 603 mkfs.ext4 "$ROOT_LOOP"
602 604
603 605 # Mount the temporary loop devices
604 606 mkdir -p "$BUILDDIR/mount"
605 607 mount "$ROOT_LOOP" "$BUILDDIR/mount"
606 608
607 609 mkdir -p "$BUILDDIR/mount/boot/firmware"
608 610 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
609 611
610 612 # Copy all files from the chroot to the loop device mount point directory
611 613 rsync -a "${R}/" "$BUILDDIR/mount/"
612 614
613 615 # Unmount all temporary loop devices and mount points
614 616 cleanup
615 617
616 618 # Create block map file(s) of image(s)
617 619 if [ "$ENABLE_SPLITFS" = true ] ; then
618 620 # Create block map files for "bmaptool"
619 621 bmaptool create -o "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-frmw.bmap" "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-frmw.img"
620 622 bmaptool create -o "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-root.bmap" "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-root.img"
621 623
622 624 # Image was successfully created
623 625 echo "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-frmw.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
624 626 echo "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-root.img ($(expr \( ${TABLE_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
625 627 else
626 628 # Create block map file for "bmaptool"
627 629 bmaptool create -o "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}.bmap" "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}.img"
628 630
629 631 # Image was successfully created
630 632 echo "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
631 633 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant