##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

Merge branch 'add-custom-packages' of https://github.com/stylesuxx/rpi2-gen-image into stylesuxx-add-custom-packages
Jan Wagner -
r42:fbacc20fe7ec Fusion
parent child
Show More
Show file before | Show file after | Hide comments
@@ -1,135 +1,138
1 1 # rpi2-gen-image
2 2 ## Introduction
3 3 `rpi2-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for the Raspberry 2 (RPi2) computer. The script at this time only supports the bootstrapping of the current stable Debian 8 "jessie" release.
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static dosfstools rsync bmap-tools whois git-core```
9 9
10 10 ## Command-line parameters
11 11 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi2-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi2-gen-image.sh` script.
12 12
13 13 #####Command-line examples:
14 14 ```shell
15 15 ENABLE_UBOOT=true ./rpi2-gen-image.sh
16 16 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi2-gen-image.sh
17 17 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi2-gen-image.sh
18 18 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi2-gen-image.sh
19 19 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi2-gen-image.sh
20 20 ENABLE_MINBASE=true ./rpi2-gen-image.sh
21 21 ```
22 22
23 23 #### APT settings:
24 24 ##### `APT_SERVER`="ftp.debian.org"
25 25 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
26 26
27 27 ##### `APT_PROXY`=""
28 28 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
29 29
30 ##### `APT_INCLUDES`=""
31 A comma seperated list of additional packages to be installed during bootstrapping.
32
30 33 #### General system settings:
31 34 ##### `HOSTNAME`="rpi2-jessie"
32 35 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
33 36
34 37 ##### `PASSWORD`="raspberry"
35 38 Set system `root` password. The same password is used for the created user `pi`. It's **STRONGLY** recommended that you choose a custom password.
36 39
37 40 ##### `DEFLOCAL`="en_US.UTF-8"
38 41 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. The script variant `minbase` (ENABLE_MINBASE=true) doesn't install `locales`.
39 42
40 43 ##### `TIMEZONE`="Europe/Berlin"
41 44 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
42 45
43 46 #### Keyboard settings:
44 47 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
45 48 ##### `XKBMODEL`=""
46 49 ##### `XKBLAYOUT`=""
47 50 ##### `XKBVARIANT`=""
48 51 ##### `XKBOPTIONS`=""
49 52
50 53 #### Networking settings
51 54 These settings are used to set up networking configuration in `/etc/systemd/network/eth.network`.
52 55
53 56 #####`ENABLE_DHCP`=true
54 57 Set the system to use DHCP. When set to "true", the following `NET_*` settings (used for static configuration) are ignored.
55 58
56 59 #####`NET_ADDRESS`=""
57 60 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
58 61
59 62 #####`NET_GATEWAY`=""
60 63 Set the IP address for the default gateway.
61 64
62 65 #####`NET_DNS_1`=""
63 66 Set the IP address for the first DNS server.
64 67
65 68 #####`NET_DNS_2`=""
66 69 Set the IP address for the second DNS server.
67 70
68 71 #####`NET_DNS_DOMAINS`=""
69 72 Set the default DNS search domains to use for non fully qualified host names.
70 73
71 74 #####`NET_NTP_1`=""
72 75 Set the IP address for the first NTP server.
73 76
74 77 #####`NET_NTP_2`=""
75 78 Set the IP address for the second NTP server.
76 79
77 80 #### Basic system features:
78 81 ##### `ENABLE_CONSOLE`=true
79 82 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
80 83
81 84 ##### `ENABLE_IPV6`=true
82 85 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
83 86
84 87 ##### `ENABLE_SSHD`=true
85 88 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
86 89
87 90 ##### `ENABLE_SOUND`=true
88 91 Enable sound hardware and install Advanced Linux Sound Architecture.
89 92
90 93 ##### `ENABLE_HWRANDOM`=true
91 94 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
92 95
93 96 ##### `ENABLE_MINGPU`=false
94 97 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
95 98
96 99 ##### `ENABLE_DBUS`=true
97 100 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
98 101
99 102 ##### `ENABLE_XORG`=false
100 103 Install Xorg open-source X Window System.
101 104
102 105 ##### `ENABLE_WM`=""
103 106 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi2-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
104 107
105 108 #### Advanced sytem features:
106 109 ##### `ENABLE_MINBASE`=false
107 110 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
108 111
109 112 ##### `ENABLE_UBOOT`=false
110 113 Replace default RPi2 second stage bootloader (bootcode.bin) with U-Boot bootloader. U-Boot can boot images via the network using the BOOTP/TFTP protocol.
111 114
112 115 ##### `ENABLE_FBTURBO`=false
113 116 Install and enable the hardware accelerated Xorg video driver `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
114 117
115 118 ##### `ENABLE_IPTABLES`=false
116 119 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
117 120
118 121 ##### `ENABLE_HARDNET`=false
119 122 Enable IPv4/IPv6 network stack hardening settings.
120 123
121 124 ## Logging of the bootstrapping process
122 125 All information related to the bootstrapping process and the commands executed by the `rpi2-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
123 126
124 127 ```shell
125 128 script -c 'APT_SERVER=ftp.de.debian.org ./rpi2-gen-image.sh' ./build.log
126 129 ```
127 130
128 131 ## Flashing the image file
129 132 After the image file was successfully created by the `rpi2-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
130 133
131 134 #####Flashing examples:
132 135 ```shell
133 136 bmaptool copy ./images/jessie/2015-12-13-debian-jessie.img /dev/mmcblk0
134 137 dd bs=4M if=./images/jessie/2015-12-13-debian-jessie.img of=/dev/mmcblk0
135 138 ```
Show file before | Show file after | Hide comments
@@ -1,915 +1,916
1 1 #!/bin/sh
2 2
3 3 ########################################################################
4 4 # rpi2-gen-image.sh ver2a 12/2015
5 5 #
6 6 # Advanced debian "jessie" bootstrap script for RPi2
7 7 #
8 8 # This program is free software; you can redistribute it and/or
9 9 # modify it under the terms of the GNU General Public License
10 10 # as published by the Free Software Foundation; either version 2
11 11 # of the License, or (at your option) any later version.
12 12 #
13 13 # some parts based on rpi2-build-image:
14 14 # Copyright (C) 2015 Ryan Finnie <ryan@finnie.org>
15 15 # Copyright (C) 2015 Luca Falavigna <dktrkranz@debian.org>
16 16 ########################################################################
17 17
18 18 # Clean up all temporary mount points
19 19 cleanup (){
20 20 set +x
21 21 set +e
22 22 echo "removing temporary mount points ..."
23 23 umount -l $R/proc 2> /dev/null
24 24 umount -l $R/sys 2> /dev/null
25 25 umount -l $R/dev/pts 2> /dev/null
26 26 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
27 27 umount "$BUILDDIR/mount" 2> /dev/null
28 28 losetup -d "$EXT4_LOOP" 2> /dev/null
29 29 losetup -d "$VFAT_LOOP" 2> /dev/null
30 30 trap - 0 1 2 3 6
31 31 }
32 32
33 33 set -e
34 34 set -x
35 35
36 36 # Debian release
37 37 RELEASE=${RELEASE:=jessie}
38 38
39 39 # Build settings
40 40 BASEDIR=./images/${RELEASE}
41 41 BUILDDIR=${BASEDIR}/build
42 42
43 43 # General settings
44 44 HOSTNAME=${HOSTNAME:=rpi2-${RELEASE}}
45 45 PASSWORD=${PASSWORD:=raspberry}
46 46 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
47 47 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
48 48 XKBMODEL=${XKBMODEL:=""}
49 49 XKBLAYOUT=${XKBLAYOUT:=""}
50 50 XKBVARIANT=${XKBVARIANT:=""}
51 51 XKBOPTIONS=${XKBOPTIONS:=""}
52 52
53 53 # Network settings
54 54 ENABLE_DHCP=${ENABLE_DHCP:=true}
55 55 # NET_* settings are ignored when ENABLE_DHCP=true
56 56 # NET_ADDRESS is an IPv4 or IPv6 address and its prefix, separated by "/"
57 57 NET_ADDRESS=${NET_ADDRESS:=""}
58 58 NET_GATEWAY=${NET_GATEWAY:=""}
59 59 NET_DNS_1=${NET_DNS_1:=""}
60 60 NET_DNS_2=${NET_DNS_2:=""}
61 61 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
62 62 NET_NTP_1=${NET_NTP_1:=""}
63 63 NET_NTP_2=${NET_NTP_2:=""}
64 64
65 65 # APT settings
66 66 APT_PROXY=${APT_PROXY:=""}
67 67 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
68 68
69 69 # Feature settings
70 70 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
71 71 ENABLE_IPV6=${ENABLE_IPV6:=true}
72 72 ENABLE_SSHD=${ENABLE_SSHD:=true}
73 73 ENABLE_SOUND=${ENABLE_SOUND:=true}
74 74 ENABLE_DBUS=${ENABLE_DBUS:=true}
75 75 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
76 76 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
77 77 ENABLE_XORG=${ENABLE_XORG:=false}
78 78 ENABLE_WM=${ENABLE_WM:=""}
79 79
80 80 # Advanced settings
81 81 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
82 82 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
83 83 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
84 84 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
85 85 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
86 86
87 87 # Image chroot path
88 88 R=${BUILDDIR}/chroot
89 89
90 90 # Packages required for bootstrapping
91 91 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git-core"
92 92
93 93 # Missing packages that need to be installed
94 94 MISSING_PACKAGES=""
95 95
96 96 # Packages required in the chroot build environment
97 APT_INCLUDES="apt-transport-https,ca-certificates,debian-archive-keyring,dialog,sudo"
97 APT_INCLUDES=${APT_INCLUDES:=""}
98 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,ca-certificates,debian-archive-keyring,dialog,sudo"
98 99
99 100 set +x
100 101
101 102 # Are we running as root?
102 103 if [ "$(id -u)" -ne "0" ] ; then
103 104 echo "this script must be executed with root privileges"
104 105 exit 1
105 106 fi
106 107
107 108 # Check if all required packages are installed
108 109 for package in $REQUIRED_PACKAGES ; do
109 110 if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
110 111 MISSING_PACKAGES="$MISSING_PACKAGES $package"
111 112 fi
112 113 done
113 114
114 115 # Ask if missing packages should get installed right now
115 116 if [ -n "$MISSING_PACKAGES" ] ; then
116 117 echo "the following packages needed by this script are not installed:"
117 118 echo "$MISSING_PACKAGES"
118 119
119 120 echo -n "\ndo you want to install the missing packages right now? [y/n] "
120 121 read confirm
121 122 if [ "$confirm" != "y" ] ; then
122 123 exit 1
123 124 fi
124 125 fi
125 126
126 127 # Make sure all required packages are installed
127 128 apt-get -qq -y install ${REQUIRED_PACKAGES}
128 129
129 130 # Don't clobber an old build
130 131 if [ -e "$BUILDDIR" ]; then
131 132 echo "directory $BUILDDIR already exists, not proceeding"
132 133 exit 1
133 134 fi
134 135
135 136 set -x
136 137
137 138 # Call "cleanup" function on various signals and errors
138 139 trap cleanup 0 1 2 3 6
139 140
140 141 # Set up chroot directory
141 142 mkdir -p $R
142 143
143 144 # Add required packages for the minbase installation
144 145 if [ "$ENABLE_MINBASE" = true ] ; then
145 146 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools"
146 147 else
147 148 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
148 149 fi
149 150
150 151 # Add dbus package, recommended if using systemd
151 152 if [ "$ENABLE_DBUS" = true ] ; then
152 153 APT_INCLUDES="${APT_INCLUDES},dbus"
153 154 fi
154 155
155 156 # Add iptables IPv4/IPv6 package
156 157 if [ "$ENABLE_IPTABLES" = true ] ; then
157 158 APT_INCLUDES="${APT_INCLUDES},iptables"
158 159 fi
159 160
160 161 # Add openssh server package
161 162 if [ "$ENABLE_SSHD" = true ] ; then
162 163 APT_INCLUDES="${APT_INCLUDES},openssh-server"
163 164 fi
164 165
165 166 # Add alsa-utils package
166 167 if [ "$ENABLE_SOUND" = true ] ; then
167 168 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
168 169 fi
169 170
170 171 # Add rng-tools package
171 172 if [ "$ENABLE_HWRANDOM" = true ] ; then
172 173 APT_INCLUDES="${APT_INCLUDES},rng-tools"
173 174 fi
174 175
175 176 # Add fbturbo video driver
176 177 if [ "$ENABLE_FBTURBO" = true ] ; then
177 178 # Enable xorg package dependencies
178 179 ENABLE_XORG=true
179 180 fi
180 181
181 182 # Add user defined window manager package
182 183 if [ -n "$ENABLE_WM" ] ; then
183 184 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
184 185
185 186 # Enable xorg package dependencies
186 187 ENABLE_XORG=true
187 188 fi
188 189
189 190 # Add xorg package
190 191 if [ "$ENABLE_XORG" = true ] ; then
191 192 APT_INCLUDES="${APT_INCLUDES},xorg"
192 193 fi
193 194
194 195 # Base debootstrap (unpack only)
195 196 if [ "$ENABLE_MINBASE" = true ] ; then
196 197 http_proxy=${APT_PROXY} debootstrap --arch=armhf --variant=minbase --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian
197 198 else
198 199 http_proxy=${APT_PROXY} debootstrap --arch=armhf --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian
199 200 fi
200 201
201 202 # Copy qemu emulator binary to chroot
202 203 cp /usr/bin/qemu-arm-static $R/usr/bin
203 204
204 205 # Copy debian-archive-keyring.pgp
205 206 chroot $R mkdir -p /usr/share/keyrings
206 207 cp /usr/share/keyrings/debian-archive-keyring.gpg $R/usr/share/keyrings/debian-archive-keyring.gpg
207 208
208 209 # Complete the bootstrapping process
209 210 chroot $R /debootstrap/debootstrap --second-stage
210 211
211 212 # Mount required filesystems
212 213 mount -t proc none $R/proc
213 214 mount -t sysfs none $R/sys
214 215 mount --bind /dev/pts $R/dev/pts
215 216
216 217 # Use proxy inside chroot
217 218 if [ -z "$APT_PROXY" ] ; then
218 219 echo "Acquire::http::Proxy \"$APT_PROXY\";" >> $R/etc/apt/apt.conf.d/10proxy
219 220 fi
220 221
221 222 # Pin package flash-kernel to repositories.collabora.co.uk
222 223 cat <<EOM >$R/etc/apt/preferences.d/flash-kernel
223 224 Package: flash-kernel
224 225 Pin: origin repositories.collabora.co.uk
225 226 Pin-Priority: 1000
226 227 EOM
227 228
228 229 # Set up timezone
229 230 echo ${TIMEZONE} >$R/etc/timezone
230 231 LANG=C chroot $R dpkg-reconfigure -f noninteractive tzdata
231 232
232 233 # Upgrade collabora package index and install collabora keyring
233 234 echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >$R/etc/apt/sources.list
234 235 LANG=C chroot $R apt-get -qq -y update
235 236 LANG=C chroot $R apt-get -qq -y --force-yes install collabora-obs-archive-keyring
236 237
237 238 # Set up initial sources.list
238 239 cat <<EOM >$R/etc/apt/sources.list
239 240 deb http://${APT_SERVER}/debian ${RELEASE} main contrib
240 241 #deb-src http://${APT_SERVER}/debian ${RELEASE} main contrib
241 242
242 243 deb http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
243 244 #deb-src http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
244 245
245 246 deb http://security.debian.org/ ${RELEASE}/updates main contrib
246 247 #deb-src http://security.debian.org/ ${RELEASE}/updates main contrib
247 248
248 249 deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2
249 250 EOM
250 251
251 252 # Upgrade package index and update all installed packages and changed dependencies
252 253 LANG=C chroot $R apt-get -qq -y update
253 254 LANG=C chroot $R apt-get -qq -y -u dist-upgrade
254 255
255 256 # Set up default locale and keyboard configuration
256 257 if [ "$ENABLE_MINBASE" = false ] ; then
257 258 # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
258 259 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
259 260 # ... so we have to set locales manually
260 261 if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then
261 262 LANG=C chroot $R echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections
262 263 else
263 264 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
264 265 LANG=C chroot $R echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
265 266 LANG=C chroot $R sed -i "/en_US.UTF-8/s/^#//" /etc/locale.gen
266 267 fi
267 268 LANG=C chroot $R sed -i "/${DEFLOCAL}/s/^#//" /etc/locale.gen
268 269 LANG=C chroot $R echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
269 270 LANG=C chroot $R locale-gen
270 271 LANG=C chroot $R update-locale LANG=${DEFLOCAL}
271 272
272 273 # Keyboard configuration, if requested
273 274 if [ "$XKBMODEL" != "" ] ; then
274 275 LANG=C chroot $R sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKBMODEL}\"/" /etc/default/keyboard
275 276 fi
276 277 if [ "$XKBLAYOUT" != "" ] ; then
277 278 LANG=C chroot $R sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKBLAYOUT}\"/" /etc/default/keyboard
278 279 fi
279 280 if [ "$XKBVARIANT" != "" ] ; then
280 281 LANG=C chroot $R sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKBVARIANT}\"/" /etc/default/keyboard
281 282 fi
282 283 if [ "$XKBOPTIONS" != "" ] ; then
283 284 LANG=C chroot $R sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKBOPTIONS}\"/" /etc/default/keyboard
284 285 fi
285 286 LANG=C chroot $R dpkg-reconfigure -f noninteractive keyboard-configuration
286 287 # Set up font console
287 288 case "${DEFLOCAL}" in
288 289 *UTF-8)
289 290 LANG=C chroot $R sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' /etc/default/console-setup
290 291 ;;
291 292 *)
292 293 LANG=C chroot $R sed -i 's/^CHARMAP.*/CHARMAP="guess"/' /etc/default/console-setup
293 294 ;;
294 295 esac
295 296 LANG=C chroot $R dpkg-reconfigure -f noninteractive console-setup
296 297 fi
297 298
298 299 # Kernel installation
299 300 # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
300 301 LANG=C chroot $R apt-get -qq -y --no-install-recommends install linux-image-3.18.0-trunk-rpi2
301 302 LANG=C chroot $R apt-get -qq -y install flash-kernel
302 303
303 304 VMLINUZ="$(ls -1 $R/boot/vmlinuz-* | sort | tail -n 1)"
304 305 [ -z "$VMLINUZ" ] && exit 1
305 306 mkdir -p $R/boot/firmware
306 307
307 308 # required boot binaries from raspberry/firmware github (commit: "kernel: Bump to 3.18.10")
308 309 wget -q -O $R/boot/firmware/bootcode.bin https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/bootcode.bin
309 310 wget -q -O $R/boot/firmware/fixup_cd.dat https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/fixup_cd.dat
310 311 wget -q -O $R/boot/firmware/fixup.dat https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/fixup.dat
311 312 wget -q -O $R/boot/firmware/fixup_x.dat https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/fixup_x.dat
312 313 wget -q -O $R/boot/firmware/start_cd.elf https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/start_cd.elf
313 314 wget -q -O $R/boot/firmware/start.elf https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/start.elf
314 315 wget -q -O $R/boot/firmware/start_x.elf https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/start_x.elf
315 316 cp $VMLINUZ $R/boot/firmware/kernel7.img
316 317
317 318 # Set up IPv4 hosts
318 319 echo ${HOSTNAME} >$R/etc/hostname
319 320 cat <<EOM >$R/etc/hosts
320 321 127.0.0.1 localhost
321 322 127.0.1.1 ${HOSTNAME}
322 323 EOM
323 324 if [ "$NET_ADDRESS" != "" ] ; then
324 325 NET_IP=$(echo ${NET_ADDRESS} | cut -f 1 -d'/')
325 326 sed -i "s/^127.0.1.1/${NET_IP}/" $R/etc/hosts
326 327 fi
327 328
328 329 # Set up IPv6 hosts
329 330 if [ "$ENABLE_IPV6" = true ] ; then
330 331 cat <<EOM >>$R/etc/hosts
331 332
332 333 ::1 localhost ip6-localhost ip6-loopback
333 334 ff02::1 ip6-allnodes
334 335 ff02::2 ip6-allrouters
335 336 EOM
336 337 fi
337 338
338 339 # Place hint about network configuration
339 340 cat <<EOM >$R/etc/network/interfaces
340 341 # Debian switched to systemd-networkd configuration files.
341 342 # please configure your networks in '/etc/systemd/network/'
342 343 EOM
343 344
344 345 if [ "$ENABLE_DHCP" = true ] ; then
345 346 # Enable systemd-networkd DHCP configuration for interface eth0
346 347 cat <<EOM >$R/etc/systemd/network/eth.network
347 348 [Match]
348 349 Name=eth0
349 350
350 351 [Network]
351 352 DHCP=yes
352 353 EOM
353 354
354 355 # Set DHCP configuration to IPv4 only
355 356 if [ "$ENABLE_IPV6" = false ] ; then
356 357 sed -i "s/^DHCP=yes/DHCP=v4/" $R/etc/systemd/network/eth.network
357 358 fi
358 359 else # ENABLE_DHCP=false
359 360 cat <<EOM >$R/etc/systemd/network/eth.network
360 361 [Match]
361 362 Name=eth0
362 363
363 364 [Network]
364 365 DHCP=no
365 366 Address=${NET_ADDRESS}
366 367 Gateway=${NET_GATEWAY}
367 368 DNS=${NET_DNS_1}
368 369 DNS=${NET_DNS_2}
369 370 Domains=${NET_DNS_DOMAINS}
370 371 NTP=${NET_NTP_1}
371 372 NTP=${NET_NTP_2}
372 373 EOM
373 374 fi
374 375
375 376 # Enable systemd-networkd service
376 377 LANG=C chroot $R systemctl enable systemd-networkd
377 378
378 379 # Generate crypt(3) password string
379 380 ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 ${PASSWORD}`
380 381
381 382 # Set up default user
382 383 LANG=C chroot $R adduser --gecos "Raspberry PI user" --add_extra_groups --disabled-password pi
383 384 LANG=C chroot $R usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi
384 385
385 386 # Set up root password
386 387 LANG=C chroot $R usermod -p "${ENCRYPTED_PASSWORD}" root
387 388
388 389 # Set up firmware boot cmdline
389 390 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1"
390 391
391 392 # Set up serial console support (if requested)
392 393 if [ "$ENABLE_CONSOLE" = true ] ; then
393 394 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
394 395 fi
395 396
396 397 # Set up IPv6 networking support
397 398 if [ "$ENABLE_IPV6" = false ] ; then
398 399 CMDLINE="${CMDLINE} ipv6.disable=1"
399 400 fi
400 401
401 402 echo "${CMDLINE}" >$R/boot/firmware/cmdline.txt
402 403
403 404 # Set up firmware config
404 405 cat <<EOM >$R/boot/firmware/config.txt
405 406 # For more options and information see
406 407 # http://www.raspberrypi.org/documentation/configuration/config-txt.md
407 408 # Some settings may impact device functionality. See link above for details
408 409
409 410 # uncomment if you get no picture on HDMI for a default "safe" mode
410 411 #hdmi_safe=1
411 412
412 413 # uncomment this if your display has a black border of unused pixels visible
413 414 # and your display can output without overscan
414 415 #disable_overscan=1
415 416
416 417 # uncomment the following to adjust overscan. Use positive numbers if console
417 418 # goes off screen, and negative if there is too much border
418 419 #overscan_left=16
419 420 #overscan_right=16
420 421 #overscan_top=16
421 422 #overscan_bottom=16
422 423
423 424 # uncomment to force a console size. By default it will be display's size minus
424 425 # overscan.
425 426 #framebuffer_width=1280
426 427 #framebuffer_height=720
427 428
428 429 # uncomment if hdmi display is not detected and composite is being output
429 430 #hdmi_force_hotplug=1
430 431
431 432 # uncomment to force a specific HDMI mode (this will force VGA)
432 433 #hdmi_group=1
433 434 #hdmi_mode=1
434 435
435 436 # uncomment to force a HDMI mode rather than DVI. This can make audio work in
436 437 # DMT (computer monitor) modes
437 438 #hdmi_drive=2
438 439
439 440 # uncomment to increase signal to HDMI, if you have interference, blanking, or
440 441 # no display
441 442 #config_hdmi_boost=4
442 443
443 444 # uncomment for composite PAL
444 445 #sdtv_mode=2
445 446
446 447 # uncomment to overclock the arm. 700 MHz is the default.
447 448 #arm_freq=800
448 449 EOM
449 450
450 451 # Load snd_bcm2835 kernel module at boot time
451 452 if [ "$ENABLE_SOUND" = true ] ; then
452 453 echo "snd_bcm2835" >>$R/etc/modules
453 454 fi
454 455
455 456 # Set smallest possible GPU memory allocation size: 16MB (no X)
456 457 if [ "$ENABLE_MINGPU" = true ] ; then
457 458 echo "gpu_mem=16" >>$R/boot/firmware/config.txt
458 459 fi
459 460
460 461 # Create symlinks
461 462 ln -sf firmware/config.txt $R/boot/config.txt
462 463 ln -sf firmware/cmdline.txt $R/boot/cmdline.txt
463 464
464 465 # Prepare modules-load.d directory
465 466 mkdir -p $R/lib/modules-load.d/
466 467
467 468 # Load random module on boot
468 469 if [ "$ENABLE_HWRANDOM" = true ] ; then
469 470 cat <<EOM >$R/lib/modules-load.d/rpi2.conf
470 471 bcm2708_rng
471 472 EOM
472 473 fi
473 474
474 475 # Prepare modprobe.d directory
475 476 mkdir -p $R/etc/modprobe.d/
476 477
477 478 # Blacklist sound modules
478 479 cat <<EOM >$R/etc/modprobe.d/raspi-blacklist.conf
479 480 blacklist snd_soc_core
480 481 blacklist snd_pcm
481 482 blacklist snd_pcm_dmaengine
482 483 blacklist snd_timer
483 484 blacklist snd_compress
484 485 blacklist snd_soc_pcm512x_i2c
485 486 blacklist snd_soc_pcm512x
486 487 blacklist snd_soc_tas5713
487 488 blacklist snd_soc_wm8804
488 489 EOM
489 490
490 491 # Create default fstab
491 492 cat <<EOM >$R/etc/fstab
492 493 /dev/mmcblk0p2 / ext4 noatime,nodiratime,errors=remount-ro,discard,data=writeback,commit=100 0 1
493 494 /dev/mmcblk0p1 /boot/firmware vfat defaults,noatime,nodiratime 0 2
494 495 EOM
495 496
496 497 # Avoid swapping and increase cache sizes
497 498 cat <<EOM >>$R/etc/sysctl.d/99-sysctl.conf
498 499
499 500 # Avoid swapping and increase cache sizes
500 501 vm.swappiness=1
501 502 vm.dirty_background_ratio=20
502 503 vm.dirty_ratio=40
503 504 vm.dirty_writeback_centisecs=500
504 505 vm.dirty_expire_centisecs=6000
505 506 EOM
506 507
507 508 # Enable network stack hardening
508 509 if [ "$ENABLE_HARDNET" = true ] ; then
509 510 cat <<EOM >>$R/etc/sysctl.d/99-sysctl.conf
510 511
511 512 # Enable network stack hardening
512 513 net.ipv4.tcp_timestamps=0
513 514 net.ipv4.tcp_syncookies=1
514 515 net.ipv4.conf.all.rp_filter=1
515 516 net.ipv4.conf.all.accept_redirects=0
516 517 net.ipv4.conf.all.send_redirects=0
517 518 net.ipv4.conf.all.accept_source_route=0
518 519 net.ipv4.conf.default.rp_filter=1
519 520 net.ipv4.conf.default.accept_redirects=0
520 521 net.ipv4.conf.default.send_redirects=0
521 522 net.ipv4.conf.default.accept_source_route=0
522 523 net.ipv4.conf.lo.accept_redirects=0
523 524 net.ipv4.conf.lo.send_redirects=0
524 525 net.ipv4.conf.lo.accept_source_route=0
525 526 net.ipv4.conf.eth0.accept_redirects=0
526 527 net.ipv4.conf.eth0.send_redirects=0
527 528 net.ipv4.conf.eth0.accept_source_route=0
528 529 net.ipv4.icmp_echo_ignore_broadcasts=1
529 530 net.ipv4.icmp_ignore_bogus_error_responses=1
530 531
531 532 net.ipv6.conf.all.accept_redirects=0
532 533 net.ipv6.conf.all.accept_source_route=0
533 534 net.ipv6.conf.all.router_solicitations=0
534 535 net.ipv6.conf.all.accept_ra_rtr_pref=0
535 536 net.ipv6.conf.all.accept_ra_pinfo=0
536 537 net.ipv6.conf.all.accept_ra_defrtr=0
537 538 net.ipv6.conf.all.autoconf=0
538 539 net.ipv6.conf.all.dad_transmits=0
539 540 net.ipv6.conf.all.max_addresses=1
540 541
541 542 net.ipv6.conf.default.accept_redirects=0
542 543 net.ipv6.conf.default.accept_source_route=0
543 544 net.ipv6.conf.default.router_solicitations=0
544 545 net.ipv6.conf.default.accept_ra_rtr_pref=0
545 546 net.ipv6.conf.default.accept_ra_pinfo=0
546 547 net.ipv6.conf.default.accept_ra_defrtr=0
547 548 net.ipv6.conf.default.autoconf=0
548 549 net.ipv6.conf.default.dad_transmits=0
549 550 net.ipv6.conf.default.max_addresses=1
550 551
551 552 net.ipv6.conf.lo.accept_redirects=0
552 553 net.ipv6.conf.lo.accept_source_route=0
553 554 net.ipv6.conf.lo.router_solicitations=0
554 555 net.ipv6.conf.lo.accept_ra_rtr_pref=0
555 556 net.ipv6.conf.lo.accept_ra_pinfo=0
556 557 net.ipv6.conf.lo.accept_ra_defrtr=0
557 558 net.ipv6.conf.lo.autoconf=0
558 559 net.ipv6.conf.lo.dad_transmits=0
559 560 net.ipv6.conf.lo.max_addresses=1
560 561
561 562 net.ipv6.conf.eth0.accept_redirects=0
562 563 net.ipv6.conf.eth0.accept_source_route=0
563 564 net.ipv6.conf.eth0.router_solicitations=0
564 565 net.ipv6.conf.eth0.accept_ra_rtr_pref=0
565 566 net.ipv6.conf.eth0.accept_ra_pinfo=0
566 567 net.ipv6.conf.eth0.accept_ra_defrtr=0
567 568 net.ipv6.conf.eth0.autoconf=0
568 569 net.ipv6.conf.eth0.dad_transmits=0
569 570 net.ipv6.conf.eth0.max_addresses=1
570 571 EOM
571 572
572 573 # Enable resolver warnings about spoofed addresses
573 574 cat <<EOM >>$R/etc/host.conf
574 575 spoof warn
575 576 EOM
576 577 fi
577 578
578 579 # Regenerate openssh server host keys
579 580 if [ "$ENABLE_SSHD" = true ] ; then
580 581 rm -fr $R/etc/ssh/ssh_host_*
581 582 LANG=C chroot $R dpkg-reconfigure openssh-server
582 583 fi
583 584
584 585 # Enable serial console systemd style
585 586 if [ "$ENABLE_CONSOLE" = true ] ; then
586 587 LANG=C chroot $R systemctl enable serial-getty\@ttyAMA0.service
587 588 fi
588 589
589 590 # Enable firewall based on iptables started by systemd service
590 591 if [ "$ENABLE_IPTABLES" = true ] ; then
591 592 # Create iptables configuration directory
592 593 mkdir -p "$R/etc/iptables"
593 594
594 595 # Create iptables systemd service
595 596 cat <<EOM >$R/etc/systemd/system/iptables.service
596 597 [Unit]
597 598 Description=Packet Filtering Framework
598 599 DefaultDependencies=no
599 600 After=systemd-sysctl.service
600 601 Before=sysinit.target
601 602 [Service]
602 603 Type=oneshot
603 604 ExecStart=/sbin/iptables-restore /etc/iptables/iptables.rules
604 605 ExecReload=/sbin/iptables-restore /etc/iptables/iptables.rules
605 606 ExecStop=/etc/iptables/flush-iptables.sh
606 607 RemainAfterExit=yes
607 608 [Install]
608 609 WantedBy=multi-user.target
609 610 EOM
610 611
611 612 # Create flush-table script called by iptables service
612 613 cat <<EOM >$R/etc/iptables/flush-iptables.sh
613 614 #!/bin/sh
614 615 iptables -F
615 616 iptables -X
616 617 iptables -t nat -F
617 618 iptables -t nat -X
618 619 iptables -t mangle -F
619 620 iptables -t mangle -X
620 621 iptables -P INPUT ACCEPT
621 622 iptables -P FORWARD ACCEPT
622 623 iptables -P OUTPUT ACCEPT
623 624 EOM
624 625
625 626 # Create iptables rule file
626 627 cat <<EOM >$R/etc/iptables/iptables.rules
627 628 *filter
628 629 :INPUT DROP [0:0]
629 630 :FORWARD DROP [0:0]
630 631 :OUTPUT ACCEPT [0:0]
631 632 :TCP - [0:0]
632 633 :UDP - [0:0]
633 634 :SSH - [0:0]
634 635
635 636 # Rate limit ping requests
636 637 -A INPUT -p icmp --icmp-type echo-request -m limit --limit 30/min --limit-burst 8 -j ACCEPT
637 638 -A INPUT -p icmp --icmp-type echo-request -j DROP
638 639
639 640 # Accept established connections
640 641 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
641 642
642 643 # Accept all traffic on loopback interface
643 644 -A INPUT -i lo -j ACCEPT
644 645
645 646 # Drop packets declared invalid
646 647 -A INPUT -m conntrack --ctstate INVALID -j DROP
647 648
648 649 # SSH rate limiting
649 650 -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -j SSH
650 651 -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
651 652 -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
652 653 -A SSH -m recent --name sshbf --set -j ACCEPT
653 654
654 655 # Send TCP and UDP connections to their respective rules chain
655 656 -A INPUT -p udp -m conntrack --ctstate NEW -j UDP
656 657 -A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP
657 658
658 659 # Reject dropped packets with a RFC compliant responce
659 660 -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
660 661 -A INPUT -p tcp -j REJECT --reject-with tcp-rst
661 662 -A INPUT -j REJECT --reject-with icmp-proto-unreachable
662 663
663 664 ## TCP PORT RULES
664 665 # -A TCP -p tcp -j LOG
665 666
666 667 ## UDP PORT RULES
667 668 # -A UDP -p udp -j LOG
668 669
669 670 COMMIT
670 671 EOM
671 672
672 673 # Reload systemd configuration and enable iptables service
673 674 LANG=C chroot $R systemctl daemon-reload
674 675 LANG=C chroot $R systemctl enable iptables.service
675 676
676 677 if [ "$ENABLE_IPV6" = true ] ; then
677 678 # Create ip6tables systemd service
678 679 cat <<EOM >$R/etc/systemd/system/ip6tables.service
679 680 [Unit]
680 681 Description=Packet Filtering Framework
681 682 DefaultDependencies=no
682 683 After=systemd-sysctl.service
683 684 Before=sysinit.target
684 685 [Service]
685 686 Type=oneshot
686 687 ExecStart=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
687 688 ExecReload=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
688 689 ExecStop=/etc/iptables/flush-ip6tables.sh
689 690 RemainAfterExit=yes
690 691 [Install]
691 692 WantedBy=multi-user.target
692 693 EOM
693 694
694 695 # Create ip6tables file
695 696 cat <<EOM >$R/etc/iptables/flush-ip6tables.sh
696 697 #!/bin/sh
697 698 ip6tables -F
698 699 ip6tables -X
699 700 ip6tables -Z
700 701 for table in $(</proc/net/ip6_tables_names)
701 702 do
702 703 ip6tables -t \$table -F
703 704 ip6tables -t \$table -X
704 705 ip6tables -t \$table -Z
705 706 done
706 707 ip6tables -P INPUT ACCEPT
707 708 ip6tables -P OUTPUT ACCEPT
708 709 ip6tables -P FORWARD ACCEPT
709 710 EOM
710 711
711 712 # Create ip6tables rule file
712 713 cat <<EOM >$R/etc/iptables/ip6tables.rules
713 714 *filter
714 715 :INPUT DROP [0:0]
715 716 :FORWARD DROP [0:0]
716 717 :OUTPUT ACCEPT [0:0]
717 718 :TCP - [0:0]
718 719 :UDP - [0:0]
719 720 :SSH - [0:0]
720 721
721 722 # Drop packets with RH0 headers
722 723 -A INPUT -m rt --rt-type 0 -j DROP
723 724 -A OUTPUT -m rt --rt-type 0 -j DROP
724 725 -A FORWARD -m rt --rt-type 0 -j DROP
725 726
726 727 # Rate limit ping requests
727 728 -A INPUT -p icmpv6 --icmpv6-type echo-request -m limit --limit 30/min --limit-burst 8 -j ACCEPT
728 729 -A INPUT -p icmpv6 --icmpv6-type echo-request -j DROP
729 730
730 731 # Accept established connections
731 732 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
732 733
733 734 # Accept all traffic on loopback interface
734 735 -A INPUT -i lo -j ACCEPT
735 736
736 737 # Drop packets declared invalid
737 738 -A INPUT -m conntrack --ctstate INVALID -j DROP
738 739
739 740 # SSH rate limiting
740 741 -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -j SSH
741 742 -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
742 743 -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
743 744 -A SSH -m recent --name sshbf --set -j ACCEPT
744 745
745 746 # Send TCP and UDP connections to their respective rules chain
746 747 -A INPUT -p udp -m conntrack --ctstate NEW -j UDP
747 748 -A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP
748 749
749 750 # Reject dropped packets with a RFC compliant responce
750 751 -A INPUT -p udp -j REJECT --reject-with icmp6-adm-prohibited
751 752 -A INPUT -p tcp -j REJECT --reject-with icmp6-adm-prohibited
752 753 -A INPUT -j REJECT --reject-with icmp6-adm-prohibited
753 754
754 755 ## TCP PORT RULES
755 756 # -A TCP -p tcp -j LOG
756 757
757 758 ## UDP PORT RULES
758 759 # -A UDP -p udp -j LOG
759 760
760 761 COMMIT
761 762 EOM
762 763
763 764 # Reload systemd configuration and enable iptables service
764 765 LANG=C chroot $R systemctl daemon-reload
765 766 LANG=C chroot $R systemctl enable ip6tables.service
766 767 fi
767 768 fi
768 769
769 770 # Remove SSHD related iptables rules
770 771 if [ "$ENABLE_SSHD" = false ] ; then
771 772 sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/iptables.rules 2> /dev/null
772 773 sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/ip6tables.rules 2> /dev/null
773 774 fi
774 775
775 776 # Install gcc/c++ build environment inside the chroot
776 777 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
777 778 LANG=C chroot $R apt-get install -q -y --force-yes --no-install-recommends linux-compiler-gcc-4.9-arm g++ make bc
778 779 fi
779 780
780 781 # Fetch and build U-Boot bootloader
781 782 if [ "$ENABLE_UBOOT" = true ] ; then
782 783 # Fetch U-Boot bootloader sources
783 784 git -C $R/tmp clone git://git.denx.de/u-boot.git
784 785
785 786 # Build and install U-Boot inside chroot
786 787 LANG=C chroot $R make -C /tmp/u-boot/ rpi_2_defconfig all
787 788
788 789 # Copy compiled bootloader binary and set config.txt to load it
789 790 cp $R/tmp/u-boot/u-boot.bin $R/boot/firmware/
790 791 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> $R/boot/firmware/config.txt
791 792
792 793 # Set U-Boot command file
793 794 cat <<EOM >$R/boot/firmware/uboot.mkimage
794 795 # Tell Linux that it is booting on a Raspberry Pi2
795 796 setenv machid 0x00000c42
796 797
797 798 # Set the kernel boot command line
798 799 setenv bootargs "earlyprintk ${CMDLINE}"
799 800
800 801 # Save these changes to u-boot's environment
801 802 saveenv
802 803
803 804 # Load the existing Linux kernel into RAM
804 805 fatload mmc 0:1 \${kernel_addr_r} kernel7.img
805 806
806 807 # Boot the kernel we have just loaded
807 808 bootz \${kernel_addr_r}
808 809 EOM
809 810
810 811 # Generate U-Boot image from command file
811 812 LANG=C chroot $R mkimage -A arm -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi2 Boot Script" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
812 813 fi
813 814
814 815 # Fetch and build fbturbo Xorg driver
815 816 if [ "$ENABLE_FBTURBO" = true ] ; then
816 817 # Fetch fbturbo driver sources
817 818 git -C $R/tmp clone https://github.com/ssvb/xf86-video-fbturbo.git
818 819
819 820 # Install Xorg build dependencies
820 821 LANG=C chroot $R apt-get install -q -y --no-install-recommends xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
821 822
822 823 # Build and install fbturbo driver inside chroot
823 824 LANG=C chroot $R /bin/bash -c "cd /tmp/xf86-video-fbturbo; autoreconf -vi; ./configure --prefix=/usr; make; make install"
824 825
825 826 # Add fbturbo driver to Xorg configuration
826 827 cat <<EOM >$R/usr/share/X11/xorg.conf.d/99-fbturbo.conf
827 828 Section "Device"
828 829 Identifier "Allwinner A10/A13 FBDEV"
829 830 Driver "fbturbo"
830 831 Option "fbdev" "/dev/fb0"
831 832 Option "SwapbuffersWait" "true"
832 833 EndSection
833 834 EOM
834 835
835 836 # Remove Xorg build dependencies
836 837 LANG=C chroot $R apt-get -q -y purge --auto-remove xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
837 838 fi
838 839
839 840 # Remove gcc/c++ build environment from the chroot
840 841 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
841 842 LANG=C chroot $R apt-get -y -q purge --auto-remove bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.9-arm linux-libc-dev make
842 843 fi
843 844
844 845 # Clean cached downloads
845 846 LANG=C chroot $R apt-get -y clean
846 847 LANG=C chroot $R apt-get -y autoclean
847 848 LANG=C chroot $R apt-get -y autoremove
848 849
849 850 # Unmount mounted filesystems
850 851 umount -l $R/proc
851 852 umount -l $R/sys
852 853
853 854 # Clean up files
854 855 rm -f $R/etc/apt/sources.list.save
855 856 rm -f $R/etc/resolvconf/resolv.conf.d/original
856 857 rm -rf $R/run
857 858 mkdir -p $R/run
858 859 rm -f $R/etc/*-
859 860 rm -f $R/root/.bash_history
860 861 rm -rf $R/tmp/*
861 862 rm -f $R/var/lib/urandom/random-seed
862 863 [ -L $R/var/lib/dbus/machine-id ] || rm -f $R/var/lib/dbus/machine-id
863 864 rm -f $R/etc/machine-id
864 865 rm -fr $R/etc/apt/apt.conf.d/10proxy
865 866
866 867 # Calculate size of the chroot directory
867 868 CHROOT_SIZE=$(expr `du -s $R | awk '{ print $1 }'` / 1024)
868 869
869 870 # Calculate required image size
870 871 IMAGE_SIZE=`expr $(expr ${CHROOT_SIZE} / 1024 + 1) \* 1024`
871 872
872 873 # Calculate number of sectors for the partition
873 874 IMAGE_SECTORS=`expr $(expr ${IMAGE_SIZE} \* 1048576) / 512 - 133120`
874 875
875 876 # Prepare date string for image file name
876 877 DATE="$(date +%Y-%m-%d)"
877 878
878 879 # Prepare image file
879 880 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=1M count=1
880 881 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=1M count=0 seek=${IMAGE_SIZE}
881 882
882 883 # Write partition table
883 884 sfdisk -q -L -f "$BASEDIR/${DATE}-debian-${RELEASE}.img" <<EOM
884 885 unit: sectors
885 886
886 887 1 : start= 2048, size= 131072, Id= c, bootable
887 888 2 : start= 133120, size= ${IMAGE_SECTORS}, Id=83
888 889 3 : start= 0, size= 0, Id= 0
889 890 4 : start= 0, size= 0, Id= 0
890 891 EOM
891 892
892 893 # Set up temporary loop devices and build filesystems
893 894 VFAT_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
894 895 EXT4_LOOP="$(losetup -o 65M --sizelimit `expr ${IMAGE_SIZE} - 64`M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
895 896 mkfs.vfat "$VFAT_LOOP"
896 897 mkfs.ext4 "$EXT4_LOOP"
897 898
898 899 # Mount the temporary loop devices
899 900 mkdir -p "$BUILDDIR/mount"
900 901 mount "$EXT4_LOOP" "$BUILDDIR/mount"
901 902
902 903 mkdir -p "$BUILDDIR/mount/boot/firmware"
903 904 mount "$VFAT_LOOP" "$BUILDDIR/mount/boot/firmware"
904 905
905 906 # Copy all files from the chroot to the loop device mount point directory
906 907 rsync -a "$R/" "$BUILDDIR/mount/"
907 908
908 909 # Unmount all temporary loop devices and mount points
909 910 cleanup
910 911
911 912 # (optinal) create block map file for "bmaptool"
912 913 bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}.img"
913 914
914 915 # Image was successfully created
915 916 echo "$BASEDIR/${DATE}-debian-${RELEASE}.img (${IMAGE_SIZE})" ": successfully created"
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant