fix: ENABLE_CRYPTFS -> UBOOT, SPLITFS, EXPANDROOT - cleanupHEADmaster

12 files changed, 212 insertions, 147 deletions

diff --git a/bootstrap.d/10-bootstrap.sh b/bootstrap.d/10-bootstrap.sh
index f55c3e3..2dfddff 100644
--- a/bootstrap.d/10-bootstrap.sh
+++ b/bootstrap.d/10-bootstrap.sh
@@ -7,22 +7,22 @@
 
 # Base debootstrap (unpack only)
 if [ "$ENABLE_MINBASE" = true ] ; then
-  http_proxy=${APT_PROXY} debootstrap --arch="${RELEASE_ARCH}" --foreign --variant=minbase --include="${APT_INCLUDES}" "${RELEASE}" "$R" "http://${APT_SERVER}/debian"
+  http_proxy=${APT_PROXY} debootstrap --arch="${RELEASE_ARCH}" --foreign --variant=minbase --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
 else
-  http_proxy=${APT_PROXY} debootstrap --arch="${RELEASE_ARCH}" --foreign --include="${APT_INCLUDES}" "${RELEASE}" "$R" "http://${APT_SERVER}/debian"
+  http_proxy=${APT_PROXY} debootstrap --arch="${RELEASE_ARCH}" --foreign --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
 fi
 
 # Copy qemu emulator binary to chroot
 install_exec "${QEMU_BINARY}" "${R}${QEMU_BINARY}"
 
 # Copy debian-archive-keyring.pgp
-mkdir -p "$R/usr/share/keyrings"
-install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "$R/usr/share/keyrings/debian-archive-keyring.gpg"
+mkdir -p "${R}/usr/share/keyrings"
+install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "${R}/usr/share/keyrings/debian-archive-keyring.gpg"
 
 # Complete the bootstrapping process
 chroot_exec /debootstrap/debootstrap --second-stage
 
 # Mount required filesystems
-mount -t proc none "$R/proc"
-mount -t sysfs none "$R/sys"
-mount --bind /dev/pts "$R/dev/pts"
+mount -t proc none "${R}/proc"
+mount -t sysfs none "${R}/sys"
+mount --bind /dev/pts "${R}/dev/pts"
diff --git a/bootstrap.d/11-apt.sh b/bootstrap.d/11-apt.sh
index 554aaf5..1d32051 100644
--- a/bootstrap.d/11-apt.sh
+++ b/bootstrap.d/11-apt.sh
@@ -7,28 +7,28 @@
 
 # Install and setup APT proxy configuration
 if [ -z "$APT_PROXY" ] ; then
-  install_readonly files/apt/10proxy "$R/etc/apt/apt.conf.d/10proxy"
-  sed -i "s/\"\"/\"${APT_PROXY}\"/" "$R/etc/apt/apt.conf.d/10proxy"
+  install_readonly files/apt/10proxy "${ETCDIR}/apt/apt.conf.d/10proxy"
+  sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETCDIR}/apt/apt.conf.d/10proxy"
 fi
 
 if [ "$BUILD_KERNEL" = false ] ; then
   # Install APT pinning configuration for flash-kernel package
-  install_readonly files/apt/flash-kernel "$R/etc/apt/preferences.d/flash-kernel"
+  install_readonly files/apt/flash-kernel "${ETCDIR}/apt/preferences.d/flash-kernel"
 
   # Install APT sources.list
-  install_readonly files/apt/sources.list "$R/etc/apt/sources.list"
-  echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >> "$R/etc/apt/sources.list"
+  install_readonly files/apt/sources.list "${ETCDIR}/apt/sources.list"
+  echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >> "${ETCDIR}/apt/sources.list"
 
   # Upgrade collabora package index and install collabora keyring
   chroot_exec apt-get -qq -y update
   chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring
 else # BUILD_KERNEL=true
   # Install APT sources.list
-  install_readonly files/apt/sources.list "$R/etc/apt/sources.list"
+  install_readonly files/apt/sources.list "${ETCDIR}/apt/sources.list"
 
   # Use specified APT server and release
-  sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "$R/etc/apt/sources.list"
-  sed -i "s/ jessie/ ${RELEASE}/" "$R/etc/apt/sources.list"
+  sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETCDIR}/apt/sources.list"
+  sed -i "s/ jessie/ ${RELEASE}/" "${ETCDIR}/apt/sources.list"
 fi
 
 # Upgrade package index and update all installed packages and changed dependencies
diff --git a/bootstrap.d/12-locale.sh b/bootstrap.d/12-locale.sh
index d82f212..bd1edf4 100644
--- a/bootstrap.d/12-locale.sh
+++ b/bootstrap.d/12-locale.sh
@@ -6,7 +6,7 @@
 . ./functions.sh
 
 # Install and setup timezone
-echo ${TIMEZONE} > "$R/etc/timezone"
+echo ${TIMEZONE} > "${ETCDIR}/timezone"
 chroot_exec dpkg-reconfigure -f noninteractive tzdata
 
 # Install and setup default locale and keyboard configuration
@@ -19,40 +19,40 @@ if [ "$ENABLE_MINBASE" = false ] ; then
   else
     # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
     chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
-    sed -i "/en_US.UTF-8/s/^#//" "$R/etc/locale.gen"
+    sed -i "/en_US.UTF-8/s/^#//" "${ETCDIR}/locale.gen"
   fi
 
-  sed -i "/${DEFLOCAL}/s/^#//" "$R/etc/locale.gen"
+  sed -i "/${DEFLOCAL}/s/^#//" "${ETCDIR}/locale.gen"
   chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
   chroot_exec locale-gen
   chroot_exec update-locale LANG="${DEFLOCAL}"
 
   # Install and setup default keyboard configuration
   if [ "$XKB_MODEL" != "" ] ; then
-    sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" "$R/etc/default/keyboard"
+    sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" "${ETCDIR}/default/keyboard"
   fi
   if [ "$XKB_LAYOUT" != "" ] ; then
-    sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" "$R/etc/default/keyboard"
+    sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" "${ETCDIR}/default/keyboard"
   fi
   if [ "$XKB_VARIANT" != "" ] ; then
-    sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" "$R/etc/default/keyboard"
+    sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" "${ETCDIR}/default/keyboard"
   fi
   if [ "$XKB_OPTIONS" != "" ] ; then
-    sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" "$R/etc/default/keyboard"
+    sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" "${ETCDIR}/default/keyboard"
   fi
   chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
 
   # Install and setup font console
   case "${DEFLOCAL}" in
     *UTF-8)
-      sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' "$R/etc/default/console-setup"
+      sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' "${ETCDIR}/default/console-setup"
       ;;
     *)
-      sed -i 's/^CHARMAP.*/CHARMAP="guess"/' "$R/etc/default/console-setup"
+      sed -i 's/^CHARMAP.*/CHARMAP="guess"/' "${ETCDIR}/default/console-setup"
       ;;
   esac
   chroot_exec dpkg-reconfigure -f noninteractive console-setup
 else # ENABLE_MINBASE=true
   # Install POSIX default locale
-  install_readonly files/locales/locale "$R/etc/default/locale"
+  install_readonly files/locales/locale "${ETCDIR}/default/locale"
 fi
diff --git a/bootstrap.d/13-kernel.sh b/bootstrap.d/13-kernel.sh
index cc4828d..2652142 100644
--- a/bootstrap.d/13-kernel.sh
+++ b/bootstrap.d/13-kernel.sh
@@ -8,7 +8,7 @@
 # Fetch and build latest raspberry kernel
 if [ "$BUILD_KERNEL" = true ] ; then
   # Setup source directory
-  mkdir -p "$R/usr/src"
+  mkdir -p "${R}/usr/src"
 
   # Copy existing kernel sources into chroot directory
   if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
@@ -17,11 +17,11 @@ if [ "$BUILD_KERNEL" = true ] ; then
 
     # Clean the kernel sources
     if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
-      make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
+      make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
     fi
   else # KERNELSRC_DIR=""
     # Fetch current raspberrypi kernel sources
-    git -C "$R/usr/src" clone --depth=1 https://github.com/raspberrypi/linux
+    git -C "${R}/usr/src" clone --depth=1 https://github.com/raspberrypi/linux
   fi
 
   # Calculate optimal number of kernel building threads
@@ -33,7 +33,7 @@ if [ "$BUILD_KERNEL" = true ] ; then
   if [ "$KERNELSRC_PREBUILT" = false ] ; then
     # Remove device, network and filesystem drivers from kernel configuration
     if [ "$KERNEL_REDUCE" = true ] ; then
-      make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
+      make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
       sed -i\
       -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
       -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
@@ -64,25 +64,25 @@ if [ "$BUILD_KERNEL" = true ] ; then
       -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
       -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
       -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
-      "$R/usr/src/linux/.config"
+      "${KERNELDIR}/.config"
     fi
 
     if [ "$KERNELSRC_CONFIG" = true ] ; then
       # Load default raspberry kernel configuration
-      make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
+      make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
 
       # Start menu-driven kernel configuration (interactive)
       if [ "$KERNEL_MENUCONFIG" = true ] ; then
-        make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
+        make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
       fi
     fi
 
     # Cross compile kernel and modules
-    make -C "$R/usr/src/linux" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" zImage modules dtbs
+    make -C "${KERNELDIR}" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" zImage modules dtbs
   fi
 
   # Check if kernel compilation was successful
-  if [ ! -r "$R/usr/src/linux/arch/${KERNEL_ARCH}/boot/zImage" ] ; then
+  if [ ! -r "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/zImage" ] ; then
     echo "error: kernel compilation failed! (zImage not found)"
     cleanup
     exit 1
@@ -90,50 +90,55 @@ if [ "$BUILD_KERNEL" = true ] ; then
 
   # Install kernel modules
   if [ "$ENABLE_REDUCE" = true ] ; then
-    make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
+    make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
   else
-    make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
+    make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
 
     # Install kernel firmware
-    make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
+    make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
   fi
 
   # Install kernel headers
   if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
-    make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
+    make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
   fi
 
   # Prepare boot (firmware) directory
-  mkdir "$R/boot/firmware/"
+  mkdir "${BOOTDIR}"
 
   # Get kernel release version
-  KERNEL_VERSION=`cat "$R/usr/src/linux/include/config/kernel.release"`
+  KERNEL_VERSION=`cat "${KERNELDIR}/include/config/kernel.release"`
 
   # Copy kernel configuration file to the boot directory
-  install_readonly "$R/usr/src/linux/.config" "$R/boot/config-${KERNEL_VERSION}"
+  install_readonly "${KERNELDIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
 
   # Copy dts and dtb device tree sources and binaries
-  mkdir "$R/boot/firmware/overlays/"
-  install_readonly "$R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/"*.dtb "$R/boot/firmware/"
-  install_readonly "$R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb* "$R/boot/firmware/overlays/"
-  install_readonly "$R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "$R/boot/firmware/overlays/README"
-
-  # Convert and copy zImage kernel to the boot directory
-  "$R/usr/src/linux/scripts/mkknlimg" "$R/usr/src/linux/arch/arm/boot/zImage" "$R/boot/firmware/kernel7.img"
+  mkdir "${BOOTDIR}/overlays"
+  install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb "${BOOTDIR}/"
+  install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb* "${BOOTDIR}/overlays/"
+  install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOTDIR}/overlays/README"
+
+  if [ "$ENABLE_UBOOT" = false ] ; then
+    # Convert and copy zImage kernel to the boot directory
+    "${KERNELDIR}/scripts/mkknlimg" "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/zImage" "${BOOTDIR}/${KERNEL_IMAGE}"
+  else
+    # Copy zImage kernel to the boot directory
+    install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/zImage" "${BOOTDIR}/${KERNEL_IMAGE}"
+  fi
 
   # Remove kernel sources
   if [ "$KERNEL_REMOVESRC" = true ] ; then
-    rm -fr "$R/usr/src/linux"
+    rm -fr "${KERNELDIR}"
   fi
 
   # Install latest boot binaries from raspberry/firmware github
-  wget -q -O "$R/boot/firmware/bootcode.bin" https://github.com/raspberrypi/firmware/raw/master/boot/bootcode.bin
-  wget -q -O "$R/boot/firmware/fixup.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup.dat
-  wget -q -O "$R/boot/firmware/fixup_cd.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_cd.dat
-  wget -q -O "$R/boot/firmware/fixup_x.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_x.dat
-  wget -q -O "$R/boot/firmware/start.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start.elf
-  wget -q -O "$R/boot/firmware/start_cd.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_cd.elf
-  wget -q -O "$R/boot/firmware/start_x.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_x.elf
+  wget -q -O "${BOOTDIR}/bootcode.bin" https://github.com/raspberrypi/firmware/raw/master/boot/bootcode.bin
+  wget -q -O "${BOOTDIR}/fixup.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup.dat
+  wget -q -O "${BOOTDIR}/fixup_cd.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_cd.dat
+  wget -q -O "${BOOTDIR}/fixup_x.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_x.dat
+  wget -q -O "${BOOTDIR}/start.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start.elf
+  wget -q -O "${BOOTDIR}/start_cd.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_cd.elf
+  wget -q -O "${BOOTDIR}/start_x.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_x.elf
 
 else # BUILD_KERNEL=false
   # Kernel installation
@@ -143,14 +148,14 @@ else # BUILD_KERNEL=false
   chroot_exec apt-get -qq -y install flash-kernel
 
   # Check if kernel installation was successful
-  VMLINUZ="$(ls -1 $R/boot/vmlinuz-* | sort | tail -n 1)"
+  VMLINUZ="$(ls -1 ${R}/boot/vmlinuz-* | sort | tail -n 1)"
   if [ -z "$VMLINUZ" ] ; then
     echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
     cleanup
     exit 1
   fi
   # Copy vmlinuz kernel to the boot directory
-  install_readonly "$VMLINUZ" "$R/boot/firmware/kernel7.img"
+  install_readonly "${VMLINUZ}" "${BOOTDIR}/${KERNEL_IMAGE}"
 fi
 
 # Setup firmware boot cmdline
@@ -160,6 +165,15 @@ else
   CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1 ${CMDLINE}"
 fi
 
+# Add encrypted root partition to cmdline.txt
+if [ "$ENABLE_CRYPTFS" = true ] ; then
+  if [ "$ENABLE_SPLITFS" = true ] ; then
+    CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
+  else
+    CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
+  fi
+fi
+
 # Add serial console support
 if [ "$ENABLE_CONSOLE" = true ] ; then
   CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
@@ -171,69 +185,79 @@ if [ "$ENABLE_IPV6" = false ] ; then
 fi
 
 # Install firmware boot cmdline
-echo "${CMDLINE}" > "$R/boot/firmware/cmdline.txt"
-
-# Add encrypted root partition to cmdline.txt
-if [ "$ENABLE_CRYPTFS" = true ] ; then
-    sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/" "$R/boot/firmware/cmdline.txt"
-fi
+echo "${CMDLINE}" > "${BOOTDIR}/cmdline.txt"
 
 # Install firmware config
-install_readonly files/boot/config.txt "$R/boot/firmware/config.txt"
+install_readonly files/boot/config.txt "${BOOTDIR}/config.txt"
 
 # Setup minimal GPU memory allocation size: 16MB (no X)
 if [ "$ENABLE_MINGPU" = true ] ; then
-  echo "gpu_mem=16" >> "$R/boot/firmware/config.txt"
+  echo "gpu_mem=16" >> "${BOOTDIR}/config.txt"
 fi
 
 # Setup boot with initramfs
 if [ "$ENABLE_INITRAMFS" = true ] ; then
-  echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "$R/boot/firmware/config.txt"
+  echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOTDIR}/config.txt"
 fi
 
 # Create firmware configuration and cmdline symlinks
-ln -sf firmware/config.txt "$R/boot/config.txt"
-ln -sf firmware/cmdline.txt "$R/boot/cmdline.txt"
+ln -sf firmware/config.txt "${R}/boot/config.txt"
+ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
 
 # Install and setup kernel modules to load at boot
-mkdir -p "$R/lib/modules-load.d/"
-install_readonly files/modules/rpi2.conf "$R/lib/modules-load.d/rpi2.conf"
+mkdir -p "${R}/lib/modules-load.d/"
+install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf"
 
 # Load hardware random module at boot
-if [ "$ENABLE_HWRANDOM" = true ] ; then
-  sed -i "s/^# bcm2708_rng/bcm2708_rng/" "$R/lib/modules-load.d/rpi2.conf"
+if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
+  sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf"
 fi
 
 # Load sound module at boot
 if [ "$ENABLE_SOUND" = true ] ; then
-  sed -i "s/^# snd_bcm2835/snd_bcm2835/" "$R/lib/modules-load.d/rpi2.conf"
+  sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
 fi
 
 # Install kernel modules blacklist
-mkdir -p "$R/etc/modprobe.d/"
-install_readonly files/modules/raspi-blacklist.conf "$R/etc/modprobe.d/raspi-blacklist.conf"
+mkdir -p "${ETCDIR}/modprobe.d/"
+install_readonly files/modules/raspi-blacklist.conf "${ETCDIR}/modprobe.d/raspi-blacklist.conf"
 
 # Install and setup fstab
-install_readonly files/mount/fstab "$R/etc/fstab"
+install_readonly files/mount/fstab "${ETCDIR}/fstab"
 
 # Add usb/sda disk root partition to fstab
-if [ "$ENABLE_SPLITFS" = true ] ; then
-  sed -i "s/mmcblk0p2/sda1/" "$R/etc/fstab"
+if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
+  sed -i "s/mmcblk0p2/sda1/" "${ETCDIR}/fstab"
 fi
 
 # Add encrypted root partition to fstab and crypttab
 if [ "$ENABLE_CRYPTFS" = true ] ; then
   # Replace fstab root partition with encrypted partition mapping
-  sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "$R/etc/fstab"
+  sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETCDIR}/fstab"
 
   # Add encrypted partition to crypttab and fstab
-  install_readonly files/mount/crypttab "$R/etc/crypttab"
-  echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks" >> "$R/etc/crypttab"
+  install_readonly files/mount/crypttab "${ETCDIR}/crypttab"
+  echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks" >> "${ETCDIR}/crypttab"
+
+  if [ "$ENABLE_SPLITFS" = true ] ; then
+    # Add usb/sda disk to crypttab
+    sed -i "s/mmcblk0p2/sda1/" "${ETCDIR}/crypttab"
+  fi
 fi
 
 # Generate initramfs file
 if [ "$ENABLE_INITRAMFS" = true ] ; then
   if [ "$ENABLE_CRYPTFS" = true ] ; then
+    # Include initramfs scripts to auto expand encrypted root partition
+    if [ "$EXPANDROOT" = true ] ; then
+      install_exec files/initramfs/expand_encrypted_rootfs "${ETCDIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
+      install_exec files/initramfs/expand-premount "${ETCDIR}/initramfs-tools/scripts/local-premount/expand-premount"
+      install_exec files/initramfs/expand-tools "${ETCDIR}/initramfs-tools/hooks/expand-tools"
+    fi
+
+    # Disable SSHD inside initramfs
+    printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETCDIR}/initramfs-tools/initramfs.conf"
+
     # Dummy mapping required by mkinitramfs
     echo "0 1 crypt $(echo ${CRYPTFS_CIPHER} | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
 
@@ -249,4 +273,4 @@ if [ "$ENABLE_INITRAMFS" = true ] ; then
 fi
 
 # Install sysctl.d configuration files
-install_readonly files/sysctl.d/81-rpi-vm.conf "$R/etc/sysctl.d/81-rpi-vm.conf"
+install_readonly files/sysctl.d/81-rpi-vm.conf "${ETCDIR}/sysctl.d/81-rpi-vm.conf"
diff --git a/bootstrap.d/20-networking.sh b/bootstrap.d/20-networking.sh
index bd6e8db..16e06f2 100644
--- a/bootstrap.d/20-networking.sh
+++ b/bootstrap.d/20-networking.sh
@@ -6,37 +6,37 @@
 . ./functions.sh
 
 # Install and setup hostname
-install_readonly files/network/hostname "$R/etc/hostname"
-sed -i "s/^rpi2-jessie/${HOSTNAME}/" "$R/etc/hostname"
+install_readonly files/network/hostname "${ETCDIR}/hostname"
+sed -i "s/^rpi2-jessie/${HOSTNAME}/" "${ETCDIR}/hostname"
 
 # Install and setup hosts
-install_readonly files/network/hosts "$R/etc/hosts"
-sed -i "s/rpi2-jessie/${HOSTNAME}/" "$R/etc/hosts"
+install_readonly files/network/hosts "${ETCDIR}/hosts"
+sed -i "s/rpi2-jessie/${HOSTNAME}/" "${ETCDIR}/hosts"
 
 # Setup hostname entry with static IP
 if [ "$NET_ADDRESS" != "" ] ; then
   NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
-  sed -i "s/^127.0.1.1/${NET_IP}/" "$R/etc/hosts"
+  sed -i "s/^127.0.1.1/${NET_IP}/" "${ETCDIR}/hosts"
 fi
 
 # Remove IPv6 hosts
 if [ "$ENABLE_IPV6" = false ] ; then
-  sed -i -e "/::[1-9]/d" -e "/^$/d" "$R/etc/hosts"
+  sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETCDIR}/hosts"
 fi
 
 # Install hint about network configuration
-install_readonly files/network/interfaces "$R/etc/network/interfaces"
+install_readonly files/network/interfaces "${ETCDIR}/network/interfaces"
 
 # Install configuration for interface eth0
-install_readonly files/network/eth.network "$R/etc/systemd/network/eth.network"
+install_readonly files/network/eth.network "${ETCDIR}/systemd/network/eth.network"
 
 if [ "$ENABLE_DHCP" = true ] ; then
   # Enable DHCP configuration for interface eth0
-  sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "$R/etc/systemd/network/eth.network"
+  sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETCDIR}/systemd/network/eth.network"
 
   # Set DHCP configuration to IPv4 only
   if [ "$ENABLE_IPV6" = false ] ; then
-    sed -i "s/DHCP=.*/DHCP=v4/" "$R/etc/systemd/network/eth.network"
+    sed -i "s/DHCP=.*/DHCP=v4/" "${ETCDIR}/systemd/network/eth.network"
   fi
 
 else # ENABLE_DHCP=false
@@ -50,23 +50,23 @@ else # ENABLE_DHCP=false
   -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
   -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
   -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
-  "$R/etc/systemd/network/eth.network"
+  "${ETCDIR}/systemd/network/eth.network"
 fi
 
 # Remove empty settings from network configuration
-sed -i "/.*=\$/d" "$R/etc/systemd/network/eth.network"
+sed -i "/.*=\$/d" "${ETCDIR}/systemd/network/eth.network"
 
 # Enable systemd-networkd service
 chroot_exec systemctl enable systemd-networkd
 
 # Install host.conf resolver configuration
-install_readonly files/network/host.conf "$R/etc/host.conf"
+install_readonly files/network/host.conf "${ETCDIR}/host.conf"
 
 # Enable network stack hardening
 if [ "$ENABLE_HARDNET" = true ] ; then
   # Install sysctl.d configuration files
-  install_readonly files/sysctl.d/82-rpi-net-hardening.conf "$R/etc/sysctl.d/82-rpi-net-hardening.conf"
+  install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETCDIR}/sysctl.d/82-rpi-net-hardening.conf"
 
   # Setup resolver warnings about spoofed addresses
-  sed -i "s/^# spoof warn/spoof warn/" "$R/etc/host.conf"
+  sed -i "s/^# spoof warn/spoof warn/" "${ETCDIR}/host.conf"
 fi
diff --git a/bootstrap.d/21-firewall.sh b/bootstrap.d/21-firewall.sh
index 247325e..7583d04 100644
--- a/bootstrap.d/21-firewall.sh
+++ b/bootstrap.d/21-firewall.sh
@@ -7,16 +7,16 @@
 
 if [ "$ENABLE_IPTABLES" = true ] ; then
   # Create iptables configuration directory
-  mkdir -p "$R/etc/iptables"
+  mkdir -p "${ETCDIR}/iptables"
 
   # Install iptables systemd service
-  install_readonly files/iptables/iptables.service "$R/etc/systemd/system/iptables.service"
+  install_readonly files/iptables/iptables.service "${ETCDIR}/systemd/system/iptables.service"
 
   # Install flush-table script called by iptables service
-  install_exec files/iptables/flush-iptables.sh "$R/etc/iptables/flush-iptables.sh"
+  install_exec files/iptables/flush-iptables.sh "${ETCDIR}/iptables/flush-iptables.sh"
 
   # Install iptables rule file
-  install_readonly files/iptables/iptables.rules "$R/etc/iptables/iptables.rules"
+  install_readonly files/iptables/iptables.rules "${ETCDIR}/iptables/iptables.rules"
 
   # Reload systemd configuration and enable iptables service
   chroot_exec systemctl daemon-reload
@@ -24,12 +24,12 @@ if [ "$ENABLE_IPTABLES" = true ] ; then
 
   if [ "$ENABLE_IPV6" = true ] ; then
     # Install ip6tables systemd service
-    install_readonly files/iptables/ip6tables.service "$R/etc/systemd/system/ip6tables.service"
+    install_readonly files/iptables/ip6tables.service "${ETCDIR}/systemd/system/ip6tables.service"
 
     # Install ip6tables file
-    install_exec files/iptables/flush-ip6tables.sh "$R/etc/iptables/flush-ip6tables.sh"
+    install_exec files/iptables/flush-ip6tables.sh "${ETCDIR}/iptables/flush-ip6tables.sh"
 
-    install_readonly files/iptables/ip6tables.rules "$R/etc/iptables/ip6tables.rules"
+    install_readonly files/iptables/ip6tables.rules "${ETCDIR}/iptables/ip6tables.rules"
 
     # Reload systemd configuration and enable iptables service
     chroot_exec systemctl daemon-reload
@@ -39,6 +39,6 @@ fi
 
 if [ "$ENABLE_SSHD" = false ] ; then
  # Remove SSHD related iptables rules
- sed -i "/^#/! {/SSH/ s/^/# /}" "$R/etc/iptables/iptables.rules" 2> /dev/null
- sed -i "/^#/! {/SSH/ s/^/# /}" "$R/etc/iptables/ip6tables.rules" 2> /dev/null
+ sed -i "/^#/! {/SSH/ s/^/# /}" "${ETCDIR}/iptables/iptables.rules" 2> /dev/null
+ sed -i "/^#/! {/SSH/ s/^/# /}" "${ETCDIR}/iptables/ip6tables.rules" 2> /dev/null
 fi
diff --git a/bootstrap.d/30-security.sh b/bootstrap.d/30-security.sh
index a07719d..a5b558b 100644
--- a/bootstrap.d/30-security.sh
+++ b/bootstrap.d/30-security.sh
@@ -19,7 +19,7 @@ if [ "$ENABLE_ROOT" = true ] ; then
   chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
 
   if [ "$ENABLE_ROOT_SSH" = true ] ; then
-    sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "$R/etc/ssh/sshd_config"
+    sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETCDIR}/ssh/sshd_config"
   fi
 else
   # Set no root password to disable root login
diff --git a/bootstrap.d/31-logging.sh b/bootstrap.d/31-logging.sh
index 00a9f86..149ab68 100644
--- a/bootstrap.d/31-logging.sh
+++ b/bootstrap.d/31-logging.sh
@@ -7,7 +7,7 @@
 
 # Disable rsyslog
 if [ "$ENABLE_RSYSLOG" = false ] ; then
-  sed -i "s|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g" "$R/etc/systemd/journald.conf"
+  sed -i "s|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g" "${ETCDIR}/systemd/journald.conf"
   chroot_exec systemctl disable rsyslog
   chroot_exec apt-get -qq -y --force-yes purge rsyslog
 fi
diff --git a/bootstrap.d/41-uboot.sh b/bootstrap.d/41-uboot.sh
index 8f59f26..19ad084 100644
--- a/bootstrap.d/41-uboot.sh
+++ b/bootstrap.d/41-uboot.sh
@@ -7,25 +7,61 @@
 
 # Install gcc/c++ build environment inside the chroot
 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ] ; then
-  chroot_exec apt-get -q -y --force-yes --no-install-recommends install linux-compiler-gcc-4.9-arm g++ make bc
+  chroot_exec apt-get -q -y --force-yes --no-install-recommends install linux-compiler-gcc-4.8-arm g++ make bc
 fi
 
 # Fetch and build U-Boot bootloader
 if [ "$ENABLE_UBOOT" = true ] ; then
   # Fetch U-Boot bootloader sources
-  git -C "$R/tmp" clone git://git.denx.de/u-boot.git
+  git -C "${R}/tmp" clone git://git.denx.de/u-boot.git
 
   # Build and install U-Boot inside chroot
-  chroot_exec make -C /tmp/u-boot/ rpi_2_defconfig all
+  chroot_exec make -C /tmp/u-boot/ ${UBOOT_CONFIG} all
 
   # Copy compiled bootloader binary and set config.txt to load it
-  install_readonly "$R/tmp/u-boot/u-boot.bin" "$R/boot/firmware/u-boot.bin"
-  printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "$R/boot/firmware/config.txt"
+  install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage"
+  install_readonly "${R}/tmp/u-boot/u-boot.bin" "${BOOTDIR}/u-boot.bin"
+  printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "${BOOTDIR}/config.txt"
 
   # Install and setup U-Boot command file
-  install_readonly files/boot/uboot.mkimage "$R/boot/firmware/uboot.mkimage"
-  printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat $R/boot/firmware/uboot.mkimage)" > "$R/boot/firmware/uboot.mkimage"
+  install_readonly files/boot/uboot.mkimage "${BOOTDIR}/uboot.mkimage"
+  printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat ${BOOTDIR}/uboot.mkimage)" > "${BOOTDIR}/uboot.mkimage"
+
+  if [ "$ENABLE_INITRAMFS" = true ] ; then
+    # Convert generated initramfs for U-Boot using mkimage
+    chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "/boot/firmware/initramfs-${KERNEL_VERSION}" "/boot/firmware/initramfs-${KERNEL_VERSION}.uboot"
+
+    # Remove original initramfs file
+    rm -f "${BOOTDIR}/initramfs-${KERNEL_VERSION}"
+
+    # Configure U-Boot to load generated initramfs
+    printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat ${BOOTDIR}/uboot.mkimage)" > "${BOOTDIR}/uboot.mkimage"
+    printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOTDIR}/uboot.mkimage"
+  else # ENABLE_INITRAMFS=false
+    # Remove initramfs from U-Boot mkfile
+    sed -i '/.*initramfs.*/d' "${BOOTDIR}/uboot.mkimage"
+
+    if [ "$BUILD_KERNEL" = false ] ; then
+      # Remove dtbfile from U-Boot mkfile
+      sed -i '/.*dtbfile.*/d' "${BOOTDIR}/uboot.mkimage"
+      printf "\nbootz \${kernel_addr_r}" >> "${BOOTDIR}/uboot.mkimage"
+    else
+      printf "\nbootz \${kernel_addr_r} - \${fdt_addr_r}" >> "${BOOTDIR}/uboot.mkimage"
+    fi
+  fi
+
+  # Set mkfile to use dtb file
+  sed -i "s/^\(setenv dtbfile \).*/\1${DTB_FILE}/" "${BOOTDIR}/uboot.mkimage"
+
+  # Set mkfile to use kernel image
+  sed -i "s/^\(fatload mmc 0:1 \${kernel_addr_r} \).*/\1${KERNEL_IMAGE}/" "${BOOTDIR}/uboot.mkimage"
+
+  # Remove all leading blank lines
+  sed -i "/./,\$!d" "${BOOTDIR}/uboot.mkimage"
 
   # Generate U-Boot bootloader image
-  chroot_exec /tmp/u-boot/tools/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n RPi2 -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
+  chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n RPi2 -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
+
+  # Remove U-Boot sources
+  rm -fr "${R}/tmp/u-boot"
 fi
diff --git a/bootstrap.d/42-fbturbo.sh b/bootstrap.d/42-fbturbo.sh
index ca6b2fb..4e03f53 100644
--- a/bootstrap.d/42-fbturbo.sh
+++ b/bootstrap.d/42-fbturbo.sh
@@ -7,7 +7,7 @@
 
 if [ "$ENABLE_FBTURBO" = true ] ; then
   # Fetch fbturbo driver sources
-  git -C "$R/tmp" clone https://github.com/ssvb/xf86-video-fbturbo.git
+  git -C "${R}/tmp" clone https://github.com/ssvb/xf86-video-fbturbo.git
 
   # Install Xorg build dependencies
   chroot_exec apt-get -q -y --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
@@ -22,7 +22,7 @@ make install
 EOF
 
   # Install fbturbo driver Xorg configuration
-  install_readonly files/xorg/99-fbturbo.conf "$R/usr/share/X11/xorg.conf.d/99-fbturbo.conf"
+  install_readonly files/xorg/99-fbturbo.conf "${R}/usr/share/X11/xorg.conf.d/99-fbturbo.conf"
 
   # Remove Xorg build dependencies
   chroot_exec apt-get -qq -y --auto-remove purge xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
@@ -30,5 +30,5 @@ fi
 
 # Remove gcc/c++ build environment from the chroot
 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ] ; then
-  chroot_exec apt-get -qq -y --auto-remove purge bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.9-arm linux-libc-dev make
+  chroot_exec apt-get -qq -y --auto-remove purge bc binutils cpp cpp-4.8 cpp-4.9 g++ g++-4.8 g++-4.9 gcc gcc-4.8 gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.8-dev libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.8-arm linux-libc-dev make
 fi
diff --git a/bootstrap.d/50-firstboot.sh b/bootstrap.d/50-firstboot.sh
index 2ec9404..7e2e008 100644
--- a/bootstrap.d/50-firstboot.sh
+++ b/bootstrap.d/50-firstboot.sh
@@ -6,29 +6,34 @@
 . ./functions.sh
 
 # Prepare rc.firstboot script
-cat files/firstboot/10-begin.sh > "$R/etc/rc.firstboot"
+cat files/firstboot/10-begin.sh > "${ETCDIR}/rc.firstboot"
 
 # Ensure openssh server host keys are regenerated on first boot
 if [ "$ENABLE_SSHD" = true ] ; then
-  cat files/firstboot/21-generate-ssh-keys.sh >> "$R/etc/rc.firstboot"
+  cat files/firstboot/21-generate-ssh-keys.sh >> "${ETCDIR}/rc.firstboot"
 fi
 
 # Prepare filesystem auto expand
 if [ "$EXPANDROOT" = true ] ; then
-  cat files/firstboot/22-expandroot.sh >> "$R/etc/rc.firstboot"
+  if [ "$ENABLE_CRYPTFS" = false ] ; then
+    cat files/firstboot/22-expandroot.sh >> "${ETCDIR}/rc.firstboot"
+  else
+    # Regenerate initramfs to remove encrypted root partition auto expand
+    cat files/firstboot/23-regenerate-initramfs.sh >> "${ETCDIR}/rc.firstboot"
+  fi
 fi
 
 # Ensure that dbus machine-id exists
-cat files/firstboot/23-generate-machineid.sh >> "$R/etc/rc.firstboot"
+cat files/firstboot/24-generate-machineid.sh >> "${ETCDIR}/rc.firstboot"
 
 # Create /etc/resolv.conf symlink
-cat files/firstboot/24-create-resolv-symlink.sh >> "$R/etc/rc.firstboot"
+cat files/firstboot/25-create-resolv-symlink.sh >> "${ETCDIR}/rc.firstboot"
 
 # Finalize rc.firstboot script
-cat files/firstboot/99-finish.sh >> "$R/etc/rc.firstboot"
-chmod +x "$R/etc/rc.firstboot"
+cat files/firstboot/99-finish.sh >> "${ETCDIR}/rc.firstboot"
+chmod +x "${ETCDIR}/rc.firstboot"
 
 # Add rc.firstboot script to rc.local
-sed -i '/exit 0/d' "$R/etc/rc.local"
-echo /etc/rc.firstboot >> "$R/etc/rc.local"
-echo exit 0 >> "$R/etc/rc.local"
+sed -i '/exit 0/d' "${ETCDIR}/rc.local"
+echo /etc/rc.firstboot >> "${ETCDIR}/rc.local"
+echo exit 0 >> "${ETCDIR}/rc.local"
diff --git a/bootstrap.d/99-reduce.sh b/bootstrap.d/99-reduce.sh
index 99fbc9b..128e7a6 100644
--- a/bootstrap.d/99-reduce.sh
+++ b/bootstrap.d/99-reduce.sh
@@ -10,33 +10,33 @@ if [ "$ENABLE_REDUCE" = true ] ; then
   if [ "$REDUCE_APT" = true ] ; then
     # Install dpkg configuration file
     if [ "$REDUCE_DOC" = true ] || [ "$REDUCE_MAN" = true ] ; then
-      install_readonly files/dpkg/01nodoc "$R/etc/dpkg/dpkg.cfg.d/01nodoc"
+      install_readonly files/dpkg/01nodoc "${ETCDIR}/dpkg/dpkg.cfg.d/01nodoc"
     fi
 
     # Install APT configuration files
-    install_readonly files/apt/02nocache "$R/etc/apt/apt.conf.d/02nocache"
-    install_readonly files/apt/03compress "$R/etc/apt/apt.conf.d/03compress"
-    install_readonly files/apt/04norecommends "$R/etc/apt/apt.conf.d/04norecommends"
+    install_readonly files/apt/02nocache "${ETCDIR}/apt/apt.conf.d/02nocache"
+    install_readonly files/apt/03compress "${ETCDIR}/apt/apt.conf.d/03compress"
+    install_readonly files/apt/04norecommends "${ETCDIR}/apt/apt.conf.d/04norecommends"
 
     # Remove APT cache files
-    rm -fr "$R/var/cache/apt/pkgcache.bin"
-    rm -fr "$R/var/cache/apt/srcpkgcache.bin"
+    rm -fr "${R}/var/cache/apt/pkgcache.bin"
+    rm -fr "${R}/var/cache/apt/srcpkgcache.bin"
   fi
 
   # Remove all doc files
   if [ "$REDUCE_DOC" = true ] ; then
-    find "$R/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true
-    find "$R/usr/share/doc" -empty | xargs rmdir || true
+    find "${R}/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true
+    find "${R}/usr/share/doc" -empty | xargs rmdir || true
   fi
 
   # Remove all man pages and info files
   if [ "$REDUCE_MAN" = true ] ; then
-    rm -rf "$R/usr/share/man" "$R/usr/share/groff" "$R/usr/share/info" "$R/usr/share/lintian" "$R/usr/share/linda" "$R/var/cache/man"
+    rm -rf "${R}/usr/share/man" "${R}/usr/share/groff" "${R}/usr/share/info" "${R}/usr/share/lintian" "${R}/usr/share/linda" "${R}/var/cache/man"
   fi
 
   # Remove all locale translation files
   if [ "$REDUCE_LOCALE" = true ] ; then
-    find "$R/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r
+    find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r
   fi
 
   # Remove hwdb PCI device classes (experimental)
@@ -60,19 +60,19 @@ if [ "$ENABLE_REDUCE" = true ] ; then
 
   # Remove GPU kernels
   if [ "$ENABLE_MINGPU" = true ] ; then
-    rm -f "$R/boot/firmware/start.elf"
-    rm -f "$R/boot/firmware/fixup.dat"
-    rm -f "$R/boot/firmware/start_x.elf"
-    rm -f "$R/boot/firmware/fixup_x.dat"
+    rm -f "${BOOTDIR}/start.elf"
+    rm -f "${BOOTDIR}/fixup.dat"
+    rm -f "${BOOTDIR}/start_x.elf"
+    rm -f "${BOOTDIR}/fixup_x.dat"
   fi
 
   # Remove kernel and initrd from /boot (already in /boot/firmware)
   if [ "$BUILD_KERNEL" = false ] ; then
-    rm -r "$R/boot/vmlinuz--*"
-    rm -r "$R/boot/initrd.img-*"
+    rm -f "${R}/boot/vmlinuz-*"
+    rm -f "${R}/boot/initrd.img-*"
   fi
 
   # Clean APT list of repositories
-  rm -fr "$R/var/lib/apt/lists/*"
+  rm -fr "${R}/var/lib/apt/lists/*"
   chroot_exec apt-get -qq -y update
 fi