diff options
author | Jan Wagner <mail@jwagner.eu> | 2016-03-12 17:18:39 +0100 |
---|---|---|
committer | Jan Wagner <mail@jwagner.eu> | 2016-03-12 17:18:39 +0100 |
commit | 69e22e063597ae540d175a6044eedede3b012a4b (patch) | |
tree | 075303de6a568bc7c3de697ec975058ecdb13f04 | |
parent | 4aa8ac6985680eb12ba5c82422ecc50e2bb55447 (diff) | |
parent | 061173da65b0b6061d7fa46066c69737bc4957fe (diff) | |
download | rpi2-gen-image-69e22e063597ae540d175a6044eedede3b012a4b.tar.gz rpi2-gen-image-69e22e063597ae540d175a6044eedede3b012a4b.tar.bz2 rpi2-gen-image-69e22e063597ae540d175a6044eedede3b012a4b.zip |
vknecht-master-merge
-rw-r--r-- | README.md | 8 | ||||
-rw-r--r-- | bootstrap.d/13-kernel.sh | 9 | ||||
-rw-r--r-- | bootstrap.d/20-networking.sh | 2 | ||||
-rw-r--r-- | functions.sh | 4 | ||||
-rwxr-xr-x | rpi2-gen-image.sh | 77 |
5 files changed, 77 insertions, 23 deletions
@@ -150,6 +150,9 @@ password, use only in trusted environments. ##### `ENABLE_HARDNET`=false Enable IPv4/IPv6 network stack hardening settings. +##### `ENABLE_SPLITFS`=false +Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`. + ##### `CHROOT_SCRIPTS`="" Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this direcory is run in lexicographical order. @@ -212,3 +215,8 @@ After the image file was successfully created by the `rpi2-gen-image.sh` script bmaptool copy ./images/jessie/2015-12-13-debian-jessie.img /dev/mmcblk0 dd bs=4M if=./images/jessie/2015-12-13-debian-jessie.img of=/dev/mmcblk0 ``` +If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive: +```shell +bmaptool copy ./images/jessie/2015-12-13-debian-jessie-frmw.img /dev/mmcblk0 +bmaptool copy ./images/jessie/2015-12-13-debian-jessie-root.img /dev/sdc +``` diff --git a/bootstrap.d/13-kernel.sh b/bootstrap.d/13-kernel.sh index 87a33b7..8fa3b08 100644 --- a/bootstrap.d/13-kernel.sh +++ b/bootstrap.d/13-kernel.sh @@ -61,7 +61,11 @@ else fi # Set up firmware boot cmdline -CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1 ${CMDLINE}" +if [ "$ENABLE_SPLITFS" = true ] ; then + CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1 ${CMDLINE}" +else + CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1 ${CMDLINE}" +fi # Set up serial console support (if requested) if [ "$ENABLE_CONSOLE" = true ] ; then @@ -110,6 +114,9 @@ install_readonly files/modprobe.d/raspi-blacklist.conf $R/etc/modprobe.d/raspi-b # Create default fstab install_readonly files/mount/fstab $R/etc/fstab +if [ "$ENABLE_SPLITFS" = true ] ; then + sed -i 's/mmcblk0p2/sda1/' $R/etc/fstab +fi # Avoid swapping and increase cache sizes install_readonly files/sysctl.d/81-rpi-vm.conf $R/etc/sysctl.d/81-rpi-vm.conf diff --git a/bootstrap.d/20-networking.sh b/bootstrap.d/20-networking.sh index 051c172..61270d4 100644 --- a/bootstrap.d/20-networking.sh +++ b/bootstrap.d/20-networking.sh @@ -60,7 +60,7 @@ chroot_exec systemctl enable systemd-networkd # Enable network stack hardening if [ "$ENABLE_HARDNET" = true ] ; then - install_readonly files/sysctl.d/81-rpi-net-hardening.conf $R/etc/sysctl.d/81-rpi-net-hardening.conf + install_readonly files/sysctl.d/82-rpi-net-hardening.conf $R/etc/sysctl.d/82-rpi-net-hardening.conf # Enable resolver warnings about spoofed addresses cat <<EOM >>$R/etc/host.conf diff --git a/functions.sh b/functions.sh index f64fb97..36f6bc3 100644 --- a/functions.sh +++ b/functions.sh @@ -17,8 +17,8 @@ cleanup (){ umount -l $R/dev/pts 2> /dev/null umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null umount "$BUILDDIR/mount" 2> /dev/null - losetup -d "$EXT4_LOOP" 2> /dev/null - losetup -d "$VFAT_LOOP" 2> /dev/null + losetup -d "$ROOT_LOOP" 2> /dev/null + losetup -d "$FRMW_LOOP" 2> /dev/null trap - 0 1 2 3 6 } diff --git a/rpi2-gen-image.sh b/rpi2-gen-image.sh index 2cb1277..39d5a76 100755 --- a/rpi2-gen-image.sh +++ b/rpi2-gen-image.sh @@ -81,6 +81,7 @@ ENABLE_UBOOT=${ENABLE_UBOOT:=false} ENABLE_FBTURBO=${ENABLE_FBTURBO:=false} ENABLE_HARDNET=${ENABLE_HARDNET:=false} ENABLE_IPTABLES=${ENABLE_IPTABLES:=false} +ENABLE_SPLITFS=${ENABLE_SPLITFS:=false} # Kernel compilation settings BUILD_KERNEL=${BUILD_KERNEL:=false} @@ -259,8 +260,8 @@ CHROOT_SIZE=$(expr `du -s $R | awk '{ print $1 }'`) # Calculate the amount of needed 512 Byte sectors TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512) -BOOT_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512) -ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${BOOT_SECTORS}) +FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512) +ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS}) # The root partition is EXT4 # This means more space than the actual used space of the chroot is used. @@ -268,37 +269,64 @@ ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${BOOT_SECTORS}) ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 20) \* 1024 \/ 512) # Calculate required image size in 512 Byte sectors -IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${BOOT_SECTORS} + ${ROOT_SECTORS}) +IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS}) # Prepare date string for image file name DATE="$(date +%Y-%m-%d)" # Prepare image file -dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=${TABLE_SECTORS} -dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=0 seek=${IMAGE_SECTORS} +if [ "$ENABLE_SPLITFS" = true ] ; then + dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img" bs=512 count=${TABLE_SECTORS} + dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS} + dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}-root.img" bs=512 count=${TABLE_SECTORS} + dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}-root.img" bs=512 count=0 seek=${ROOT_SECTORS} + # Write partition tables + sfdisk -q -L -f "$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img" <<EOM +unit: sectors -# Write partition table -sfdisk -q -f "$BASEDIR/${DATE}-debian-${RELEASE}.img" <<EOM +1 : start= ${TABLE_SECTORS}, size= ${FRMW_SECTORS}, Id= c, bootable +2 : start= 0, size= 0, Id= 0 +3 : start= 0, size= 0, Id= 0 +4 : start= 0, size= 0, Id= 0 +EOM + sfdisk -q -L -f "$BASEDIR/${DATE}-debian-${RELEASE}-root.img" <<EOM +unit: sectors + +1 : start= ${TABLE_SECTORS}, size= ${ROOT_SECTORS}, Id=83 +2 : start= 0, size= 0, Id= 0 +3 : start= 0, size= 0, Id= 0 +4 : start= 0, size= 0, Id= 0 +EOM + # Set up temporary loop devices + FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}-frmw.img)" + ROOT_LOOP="$(losetup -o 1M -f --show $BASEDIR/${DATE}-debian-${RELEASE}-root.img)" +else + dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=${TABLE_SECTORS} + dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=0 seek=${IMAGE_SECTORS} + # Write partition table + sfdisk -q -f "$BASEDIR/${DATE}-debian-${RELEASE}.img" <<EOM unit: sectors -1 : start= ${TABLE_SECTORS}, size= ${BOOT_SECTORS}, Id= c, bootable +1 : start= ${TABLE_SECTORS}, size= ${FRMW_SECTORS}, Id= c, bootable 2 : start= ${ROOT_OFFSET}, size= ${ROOT_SECTORS}, Id=83 3 : start= 0, size= 0, Id= 0 4 : start= 0, size= 0, Id= 0 EOM + # Set up temporary loop devices + FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)" + ROOT_LOOP="$(losetup -o 65M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)" +fi -# Set up temporary loop devices and build filesystems -VFAT_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)" -EXT4_LOOP="$(losetup -o 65M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)" -mkfs.vfat "$VFAT_LOOP" -mkfs.ext4 "$EXT4_LOOP" +# Build filesystems +mkfs.vfat "$FRMW_LOOP" +mkfs.ext4 "$ROOT_LOOP" # Mount the temporary loop devices mkdir -p "$BUILDDIR/mount" -mount "$EXT4_LOOP" "$BUILDDIR/mount" +mount "$ROOT_LOOP" "$BUILDDIR/mount" mkdir -p "$BUILDDIR/mount/boot/firmware" -mount "$VFAT_LOOP" "$BUILDDIR/mount/boot/firmware" +mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware" # Copy all files from the chroot to the loop device mount point directory rsync -a "$R/" "$BUILDDIR/mount/" @@ -306,8 +334,19 @@ rsync -a "$R/" "$BUILDDIR/mount/" # Unmount all temporary loop devices and mount points cleanup -# Create block map file for "bmaptool" -bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}.img" +# Create block map file(s) of image(s) +if [ "$ENABLE_SPLITFS" = true ] ; then + # Create block map files for "bmaptool" + bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}-frmw.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img" + bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}-root.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}-root.img" -# Image was successfully created -echo "$BASEDIR/${DATE}-debian-${RELEASE}.img (${IMAGE_SIZE})" ": successfully created" + # Image was successfully created + echo "$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img ($(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} \* 512 \/ 1024 \/ 1024)M)" ": successfully created" + echo "$BASEDIR/${DATE}-debian-${RELEASE}-root.img ($(expr ${TABLE_SECTORS} + ${ROOT_SECTORS} \* 512 \/ 1024 \/ 1024)M)" ": successfully created" +else + # Create block map file for "bmaptool" + bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}.img" + + # Image was successfully created + echo "$BASEDIR/${DATE}-debian-${RELEASE}.img ($(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \* 512 \/ 1024 \/ 1024)M)" ": successfully created" +fi |