diff options
author | Jan Wagner <mail@jwagner.eu> | 2016-03-13 13:40:33 +0100 |
---|---|---|
committer | Jan Wagner <mail@jwagner.eu> | 2016-03-13 13:40:33 +0100 |
commit | b855bcffebe13327660e4e7955de5e38018bcb90 (patch) | |
tree | 9989072c0557d00d4fafbdcdffe3cc262ad03273 /bootstrap.d | |
parent | 94ac6dc790aa5066b623e9706bdf0c98f7d40aa7 (diff) | |
download | rpi2-gen-image-b855bcffebe13327660e4e7955de5e38018bcb90.tar.gz rpi2-gen-image-b855bcffebe13327660e4e7955de5e38018bcb90.tar.bz2 rpi2-gen-image-b855bcffebe13327660e4e7955de5e38018bcb90.zip |
comment-cleanup, net-cleanup, size-calc-fix, split-more, menuconfig
Diffstat (limited to 'bootstrap.d')
-rw-r--r-- | bootstrap.d/10-bootstrap.sh | 6 | ||||
-rw-r--r-- | bootstrap.d/11-apt.sh | 6 | ||||
-rw-r--r-- | bootstrap.d/12-locale.sh | 10 | ||||
-rw-r--r-- | bootstrap.d/13-kernel.sh | 67 | ||||
-rw-r--r-- | bootstrap.d/20-networking.sh | 62 | ||||
-rw-r--r-- | bootstrap.d/21-firewall.sh | 10 | ||||
-rw-r--r-- | bootstrap.d/30-security.sh | 4 | ||||
-rw-r--r-- | bootstrap.d/41-uboot.sh | 8 | ||||
-rw-r--r-- | bootstrap.d/42-fbturbo.sh | 2 |
9 files changed, 91 insertions, 84 deletions
diff --git a/bootstrap.d/10-bootstrap.sh b/bootstrap.d/10-bootstrap.sh index 7899dbf..8a142eb 100644 --- a/bootstrap.d/10-bootstrap.sh +++ b/bootstrap.d/10-bootstrap.sh @@ -7,13 +7,13 @@ # Base debootstrap (unpack only) if [ "$ENABLE_MINBASE" = true ] ; then - http_proxy=${APT_PROXY} debootstrap --arch=armhf --variant=minbase --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian + http_proxy=${APT_PROXY} debootstrap --arch=${RELEASE_ARCH} --variant=minbase --foreign --include=${APT_INCLUDES} ${RELEASE} $R http://${APT_SERVER}/debian else - http_proxy=${APT_PROXY} debootstrap --arch=armhf --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian + http_proxy=${APT_PROXY} debootstrap --arch=${RELEASE_ARCH} --foreign --include=${APT_INCLUDES} ${RELEASE} $R http://${APT_SERVER}/debian fi # Copy qemu emulator binary to chroot -cp /usr/bin/qemu-arm-static $R/usr/bin +cp ${QEMU_BINARY} $R/usr/bin # Copy debian-archive-keyring.pgp mkdir -p $R/usr/share/keyrings diff --git a/bootstrap.d/11-apt.sh b/bootstrap.d/11-apt.sh index 56fcc0e..3ee51d8 100644 --- a/bootstrap.d/11-apt.sh +++ b/bootstrap.d/11-apt.sh @@ -5,13 +5,13 @@ # Load utility functions . ./functions.sh -# Use proxy inside chroot +# Install and setup APT proxy configuration if [ -z "$APT_PROXY" ] ; then install_readonly files/apt/10proxy $R/etc/apt/apt.conf.d/10proxy sed -i "s/\"\"/\"${APT_PROXY}\"/" $R/etc/apt/apt.conf.d/10proxy fi -# Pin package flash-kernel to repositories.collabora.co.uk +# Install APT pinning configuration for flash-kernel package install_readonly files/apt/flash-kernel $R/etc/apt/preferences.d/flash-kernel # Upgrade collabora package index and install collabora keyring @@ -19,7 +19,7 @@ echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >$R/etc/a chroot_exec apt-get -qq -y update chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring -# Set up initial sources.list +# Install APT sources.list install_readonly files/apt/sources.list $R/etc/apt/sources.list sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" $R/etc/apt/sources.list sed -i "s/ jessie/ ${RELEASE}/" $R/etc/apt/sources.list diff --git a/bootstrap.d/12-locale.sh b/bootstrap.d/12-locale.sh index cff48b2..06ad5a5 100644 --- a/bootstrap.d/12-locale.sh +++ b/bootstrap.d/12-locale.sh @@ -5,11 +5,11 @@ # Load utility functions . ./functions.sh -# Set up timezone +# Install and setup timezone echo ${TIMEZONE} >$R/etc/timezone chroot_exec dpkg-reconfigure -f noninteractive tzdata -# Set up default locale and keyboard configuration +# Install and setup default locale and keyboard configuration if [ "$ENABLE_MINBASE" = false ] ; then # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957 @@ -27,7 +27,7 @@ if [ "$ENABLE_MINBASE" = false ] ; then chroot_exec locale-gen chroot_exec update-locale LANG=${DEFLOCAL} - # Keyboard configuration, if requested + # Install and setup default keyboard configuration if [ "$XKB_MODEL" != "" ] ; then sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" $R/etc/default/keyboard fi @@ -42,7 +42,7 @@ if [ "$ENABLE_MINBASE" = false ] ; then fi chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration - # Set up font console + # Install and setup font console case "${DEFLOCAL}" in *UTF-8) sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' $R/etc/default/console-setup @@ -53,6 +53,6 @@ if [ "$ENABLE_MINBASE" = false ] ; then esac chroot_exec dpkg-reconfigure -f noninteractive console-setup else # ENABLE_MINBASE=true - # Set POSIX default locales + # Install POSIX default locale install_readonly files/locales/locale $R/etc/default/locale fi diff --git a/bootstrap.d/13-kernel.sh b/bootstrap.d/13-kernel.sh index 9fcb86f..8ec8856 100644 --- a/bootstrap.d/13-kernel.sh +++ b/bootstrap.d/13-kernel.sh @@ -11,42 +11,47 @@ if [ "$BUILD_KERNEL" = true ] ; then git -C $R/usr/src clone --depth=1 https://github.com/raspberrypi/linux # Load default raspberry kernel configuration - make -C $R/usr/src/linux ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- bcm2709_defconfig + make -C $R/usr/src/linux ARCH=${KERNEL_ARCH} CROSS_COMPILE=${CROSS_COMPILE} bcm2709_defconfig # Calculate optimal number of kernel building threads - if [ "KERNEL_THREADS" = 1 ] ; then + if [ "$KERNEL_THREADS" = 1 ] ; then if [ -f /proc/cpuinfo ] ; then KERNEL_THREADS=$(grep -c processor /proc/cpuinfo) fi fi + # Start menu-driven kernel configuration (interactive) + if [ "$KERNEL_MENUCONFIG" = true ] ; then + make -C $R/usr/src/linux ARCH=${KERNEL_ARCH} CROSS_COMPILE=${CROSS_COMPILE} menuconfig + fi + # Cross compile kernel and modules - make -C $R/usr/src/linux -j${KERNEL_THREADS} ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- zImage modules dtbs + make -C $R/usr/src/linux -j${KERNEL_THREADS} ARCH=${KERNEL_ARCH} CROSS_COMPILE=${CROSS_COMPILE} zImage modules dtbs # Install kernel modules - make -C $R/usr/src/linux ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- INSTALL_MOD_PATH=../../.. modules_install + make -C $R/usr/src/linux ARCH=${KERNEL_ARCH} CROSS_COMPILE=${CROSS_COMPILE} INSTALL_MOD_PATH=../../.. modules_install # Install kernel headers if [ "$KERNEL_HEADERS" = true ]; then - make -C $R/usr/src/linux ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- INSTALL_HDR_PATH=../.. headers_install + make -C $R/usr/src/linux ARCH=${KERNEL_ARCH} CROSS_COMPILE=${CROSS_COMPILE} INSTALL_HDR_PATH=../.. headers_install fi # Copy and rename compiled kernel to boot directory mkdir $R/boot/firmware/ - $R/usr/src/linux/scripts/mkknlimg $R/usr/src/linux/arch/arm/boot/zImage $R/boot/firmware/kernel7.img + $R/usr/src/linux/scripts/mkknlimg $R/usr/src/linux/arch/${KERNEL_ARCH}/boot/zImage $R/boot/firmware/kernel7.img # Copy dts and dtb device definitions mkdir $R/boot/firmware/overlays/ - cp $R/usr/src/linux/arch/arm/boot/dts/*.dtb $R/boot/firmware/ - cp $R/usr/src/linux/arch/arm/boot/dts/overlays/*.dtb* $R/boot/firmware/overlays/ - cp $R/usr/src/linux/arch/arm/boot/dts/overlays/README $R/boot/firmware/overlays/ + cp $R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/*.dtb $R/boot/firmware/ + cp $R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/overlays/*.dtb* $R/boot/firmware/overlays/ + cp $R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/overlays/README $R/boot/firmware/overlays/ # Remove kernel sources if [ "$KERNEL_RMSRC" = true ]; then rm -fr $R/usr/src/linux fi - # Install raspberry bootloader and flash-kernel + # Install raspberry bootloader and flash-kernel packages chroot_exec apt-get -qq -y --no-install-recommends install raspberrypi-bootloader-nokernel else # BUILD_KERNEL=false # Kernel installation @@ -60,63 +65,61 @@ else # BUILD_KERNEL=false cp $VMLINUZ $R/boot/firmware/kernel7.img fi -# Set up firmware boot cmdline +# Setup firmware boot cmdline if [ "$ENABLE_SPLITFS" = true ] ; then CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1 ${CMDLINE}" else CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1 ${CMDLINE}" fi -# Set up serial console support (if requested) +# Add serial console support if [ "$ENABLE_CONSOLE" = true ] ; then CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200" fi -# Set up IPv6 networking support +# Remove IPv6 networking support if [ "$ENABLE_IPV6" = false ] ; then CMDLINE="${CMDLINE} ipv6.disable=1" fi +# Install firmware boot cmdline echo "${CMDLINE}" >$R/boot/firmware/cmdline.txt -# Set up firmware config +# Install firmware config install_readonly files/boot/config.txt $R/boot/firmware/config.txt -# Load snd_bcm2835 kernel module at boot time -if [ "$ENABLE_SOUND" = true ] ; then - echo "snd_bcm2835" >>$R/etc/modules -fi - -# Set smallest possible GPU memory allocation size: 16MB (no X) +# Setup minimal GPU memory allocation size: 16MB (no X) if [ "$ENABLE_MINGPU" = true ] ; then echo "gpu_mem=16" >>$R/boot/firmware/config.txt fi -# Create symlinks +# Create firmware configuration and cmdline symlinks ln -sf firmware/config.txt $R/boot/config.txt ln -sf firmware/cmdline.txt $R/boot/cmdline.txt -# Prepare modules-load.d directory +# Install and setup kernel modules to load at boot mkdir -p $R/lib/modules-load.d/ +install_readonly files/modules/rpi2.conf $R/lib/modules-load.d/rpi2.conf -# Load random module on boot +# Load hardware random module at boot if [ "$ENABLE_HWRANDOM" = true ] ; then - cat <<EOM >$R/lib/modules-load.d/rpi2.conf -bcm2708_rng -EOM + sed -i "s/^# bcm2708_rng/bcm2708_rng/" $R/lib/modules-load.d/rpi2.conf fi -# Prepare modprobe.d directory -mkdir -p $R/etc/modprobe.d/ +# Load sound module at boot +if [ "$ENABLE_SOUND" = true ] ; then + sed -i "s/^# snd_bcm2835/snd_bcm2835/" $R/lib/modules-load.d/rpi2.conf +fi -# Blacklist sound modules -install_readonly files/modprobe.d/raspi-blacklist.conf $R/etc/modprobe.d/raspi-blacklist.conf +# Install kernel modules blacklist +mkdir -p $R/etc/modprobe.d/ +install_readonly files/modules/raspi-blacklist.conf $R/etc/modprobe.d/raspi-blacklist.conf -# Create default fstab +# Install and setup fstab install_readonly files/mount/fstab $R/etc/fstab if [ "$ENABLE_SPLITFS" = true ] ; then sed -i 's/mmcblk0p2/sda1/' $R/etc/fstab fi -# Avoid swapping and increase cache sizes +# Install sysctl.d configuration files install_readonly files/sysctl.d/81-rpi-vm.conf $R/etc/sysctl.d/81-rpi-vm.conf diff --git a/bootstrap.d/20-networking.sh b/bootstrap.d/20-networking.sh index c9f866f..3216f4e 100644 --- a/bootstrap.d/20-networking.sh +++ b/bootstrap.d/20-networking.sh @@ -5,64 +5,68 @@ # Load utility functions . ./functions.sh -# Set up IPv4 hosts +# Install and setup hostname install_readonly files/network/hostname $R/etc/hostname sed -i "s/^rpi2-jessie/${HOSTNAME}/" $R/etc/hostname +# Install and setup hosts install_readonly files/network/hosts $R/etc/hosts sed -i "s/rpi2-jessie/${HOSTNAME}/" $R/etc/hosts +# Setup hostname entry with static IP if [ "$NET_ADDRESS" != "" ] ; then NET_IP=$(echo ${NET_ADDRESS} | cut -f 1 -d'/') sed -i "s/^127.0.1.1/${NET_IP}/" $R/etc/hosts fi -# Set up IPv6 hosts -if [ "$ENABLE_IPV6" = true ] ; then - cat <<EOM >>$R/etc/hosts - -::1 localhost ip6-localhost ip6-loopback -ff02::1 ip6-allnodes -ff02::2 ip6-allrouters -EOM +# Remove IPv6 hosts +if [ "$ENABLE_IPV6" = false ] ; then + sed -i -e "/::[1-9]/d" -e "/^$/d" $R/etc/hosts fi -# Place hint about network configuration +# Install hint about network configuration install_readonly files/network/interfaces $R/etc/network/interfaces +# Install configuration for interface eth0 +install_readonly files/network/eth.network $R/etc/systemd/network/eth.network + if [ "$ENABLE_DHCP" = true ] ; then - # Enable systemd-networkd DHCP configuration for interface eth0 - install_readonly files/network/eth.network $R/etc/systemd/network/eth.network + # Enable DHCP configuration for interface eth0 + sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" $R/etc/systemd/network/eth.network # Set DHCP configuration to IPv4 only if [ "$ENABLE_IPV6" = false ] ; then - sed -i "s/^DHCP=yes/DHCP=v4/" $R/etc/systemd/network/eth.network + sed -i "s/DHCP=.*/DHCP=v4/" $R/etc/systemd/network/eth.network fi else # ENABLE_DHCP=false - cat <<EOM >$R/etc/systemd/network/eth.network -[Match] -Name=eth0 - -[Network] -DHCP=no -Address=${NET_ADDRESS} -Gateway=${NET_GATEWAY} -DNS=${NET_DNS_1} -DNS=${NET_DNS_2} -Domains=${NET_DNS_DOMAINS} -NTP=${NET_NTP_1} -NTP=${NET_NTP_2} -EOM + # Set static network configuration for interface eth0 + sed -i\ + -e "s|DHCP=.*|DHCP=no|"\ + -e "s|Address=\$|Address=${NET_ADDRESS}|"\ + -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\ + -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\ + -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\ + -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\ + -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\ + -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\ + $R/etc/systemd/network/eth.network fi +# Remove empty settings from network configuration +sed -i "/.*=\$/d" $R/etc/systemd/network/eth.network + # Enable systemd-networkd service chroot_exec systemctl enable systemd-networkd +# Install host.conf resolver configuration +install_readonly files/network/host.conf $R/etc/host.conf + # Enable network stack hardening if [ "$ENABLE_HARDNET" = true ] ; then + # Install sysctl.d configuration files install_readonly files/sysctl.d/82-rpi-net-hardening.conf $R/etc/sysctl.d/82-rpi-net-hardening.conf - # Enable resolver warnings about spoofed addresses - install_readonly files/network/host.conf $R/etc/host.conf + # Setup resolver warnings about spoofed addresses + sed -i "s/^# spoof warn/spoof warn/" $R/etc/host.conf fi diff --git a/bootstrap.d/21-firewall.sh b/bootstrap.d/21-firewall.sh index e006e2b..d2316e5 100644 --- a/bootstrap.d/21-firewall.sh +++ b/bootstrap.d/21-firewall.sh @@ -9,13 +9,13 @@ if [ "$ENABLE_IPTABLES" = true ] ; then # Create iptables configuration directory mkdir -p "$R/etc/iptables" - # Create iptables systemd service + # Install iptables systemd service install_readonly files/iptables/iptables.service $R/etc/systemd/system/iptables.service - # Create flush-table script called by iptables service + # Install flush-table script called by iptables service install_exec files/iptables/flush-iptables.sh $R/etc/iptables/flush-iptables.sh - # Create iptables rule file + # Install iptables rule file install_readonly files/iptables/iptables.rules $R/etc/iptables/iptables.rules # Reload systemd configuration and enable iptables service @@ -23,10 +23,10 @@ if [ "$ENABLE_IPTABLES" = true ] ; then chroot_exec systemctl enable iptables.service if [ "$ENABLE_IPV6" = true ] ; then - # Create ip6tables systemd service + # Install ip6tables systemd service install_readonly files/iptables/ip6tables.service $R/etc/systemd/system/ip6tables.service - # Create ip6tables file + # Install ip6tables file install_exec files/iptables/flush-ip6tables.sh $R/etc/iptables/flush-ip6tables.sh install_readonly files/iptables/ip6tables.rules $R/etc/iptables/ip6tables.rules diff --git a/bootstrap.d/30-security.sh b/bootstrap.d/30-security.sh index 899c250..3f25e4e 100644 --- a/bootstrap.d/30-security.sh +++ b/bootstrap.d/30-security.sh @@ -8,13 +8,13 @@ # Generate crypt(3) password string ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 ${PASSWORD}` -# Set up default user +# Setup default user if [ "$ENABLE_USER" = true ] ; then chroot_exec adduser --gecos pi --add_extra_groups --disabled-password pi chroot_exec usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi fi -# Set up root password or not +# Setup root password or not if [ "$ENABLE_ROOT" = true ]; then chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root diff --git a/bootstrap.d/41-uboot.sh b/bootstrap.d/41-uboot.sh index d3e4573..0767452 100644 --- a/bootstrap.d/41-uboot.sh +++ b/bootstrap.d/41-uboot.sh @@ -1,5 +1,5 @@ # -# Build and Setup Uboot +# Build and Setup U-Boot # # Load utility functions @@ -22,10 +22,10 @@ if [ "$ENABLE_UBOOT" = true ] ; then cp $R/tmp/u-boot/u-boot.bin $R/boot/firmware/ printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> $R/boot/firmware/config.txt - # Set U-Boot command file + # Install and setup U-Boot command file install_readonly files/boot/uboot.mkimage $R/boot/firmware/uboot.mkimage printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat $R/boot/firmware/uboot.mkimage)" > $R/boot/firmware/uboot.mkimage - # Generate U-Boot image from command file - chroot_exec /tmp/u-boot/tools/mkimage -A arm -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n RPi2 -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr + # Generate U-Boot bootloader image + chroot_exec /tmp/u-boot/tools/mkimage -A ${KERNEL_ARCH} -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n RPi2 -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr fi diff --git a/bootstrap.d/42-fbturbo.sh b/bootstrap.d/42-fbturbo.sh index b5c9147..2ed523b 100644 --- a/bootstrap.d/42-fbturbo.sh +++ b/bootstrap.d/42-fbturbo.sh @@ -21,7 +21,7 @@ make make install EOF - # Add fbturbo driver to Xorg configuration + # Install fbturbo driver Xorg configuration install_readonly files/xorg/99-fbturbo.conf $R/usr/share/X11/xorg.conf.d/99-fbturbo.conf # Remove Xorg build dependencies |