From 24bd7e97cf9d07454c9cde74e4d80a1b3de9dfac Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Tue, 15 Mar 2016 15:03:31 +0100 Subject: Added: KERNELSRC_PREBUILT, KERNELSRC_ rename, fix-quotes --- .gitignore | 1 + README.md | 23 +++++---- bootstrap.d/10-bootstrap.sh | 16 +++--- bootstrap.d/11-apt.sh | 14 +++--- bootstrap.d/12-locale.sh | 22 ++++----- bootstrap.d/13-kernel.sh | 113 ++++++++++++++++++++++++------------------- bootstrap.d/20-networking.sh | 32 ++++++------ bootstrap.d/21-firewall.sh | 16 +++--- bootstrap.d/30-security.sh | 4 +- bootstrap.d/31-logging.sh | 2 +- bootstrap.d/41-uboot.sh | 12 ++--- bootstrap.d/42-fbturbo.sh | 4 +- bootstrap.d/50-firstboot.sh | 22 ++++----- rpi2-gen-image.sh | 99 +++++++++++++++++++------------------ 14 files changed, 200 insertions(+), 180 deletions(-) diff --git a/.gitignore b/.gitignore index 445d7b0..6ba2fb7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ images custom.d *.swp +*.log diff --git a/README.md b/README.md index d19054c..c32bd8d 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi2-gen-image.sh APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi2-gen-image.sh ENABLE_MINBASE=true ./rpi2-gen-image.sh BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi2-gen-image.sh -BUILD_KERNEL=true KERNEL_SRCDIR=/tmp/linux ./rpi2-gen-image.sh +BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi2-gen-image.sh ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi2-gen-image.sh ``` @@ -165,9 +165,6 @@ Path to a directory with scripts that should be run in the chroot before the ima ##### `BUILD_KERNEL`=false Build and install the latest RPi2 Linux kernel. Currently only the default RPi2 kernel configuration is used. Detailed configuration parameters for customizing the kernel and minor bug fixes still need to get implemented. feel free to help. -##### `KERNEL_SRCDIR`="" -Path to a directory of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot. - ##### `KERNEL_THREADS`=1 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation. @@ -177,14 +174,20 @@ Install kernel headers with built kernel. ##### `KERNEL_MENUCONFIG`=false Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated. -##### `KERNEL_CONFIGSRC`=true -Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This setting is automatically set to `true` if no existing kernel sources directory was specified using `KERNEL_SRCDIR`. +##### `KERNEL_REMOVESRC`=true +Remove all kernel sources from the generated OS image after it was built and installed. -##### `KERNEL_CLEANSRC`=false -Clean the existing kernel sources directory `KERNEL_SRCDIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This setting will be ignored if no `KERNEL_SRCDIR` was specified. +##### `KERNELSRC_DIR`="" +Path to a directory of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot. -##### `KERNEL_RMSRC`=true -Remove all kernel sources from the generated OS image after it was built and installed. +##### `KERNELSRC_CLEAN`=false +Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This setting will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true. + +##### `KERNELSRC_CONFIG`=true +Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This setting is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This settings is ignored if `KERNELSRC_PREBUILT`=true. + +##### `KERNELSRC_PREBUILT`=false +With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed. ## Understanding the script The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order: diff --git a/bootstrap.d/10-bootstrap.sh b/bootstrap.d/10-bootstrap.sh index 8a142eb..f4a57cc 100644 --- a/bootstrap.d/10-bootstrap.sh +++ b/bootstrap.d/10-bootstrap.sh @@ -7,22 +7,22 @@ # Base debootstrap (unpack only) if [ "$ENABLE_MINBASE" = true ] ; then - http_proxy=${APT_PROXY} debootstrap --arch=${RELEASE_ARCH} --variant=minbase --foreign --include=${APT_INCLUDES} ${RELEASE} $R http://${APT_SERVER}/debian + http_proxy=${APT_PROXY} debootstrap --arch="${RELEASE_ARCH}" --variant=minbase --foreign --include="${APT_INCLUDES}" "${RELEASE}" "$R" "http://${APT_SERVER}/debian" else - http_proxy=${APT_PROXY} debootstrap --arch=${RELEASE_ARCH} --foreign --include=${APT_INCLUDES} ${RELEASE} $R http://${APT_SERVER}/debian + http_proxy=${APT_PROXY} debootstrap --arch="${RELEASE_ARCH}" --foreign --include="${APT_INCLUDES}" "${RELEASE}" "$R" "http://${APT_SERVER}/debian" fi # Copy qemu emulator binary to chroot -cp ${QEMU_BINARY} $R/usr/bin +cp "${QEMU_BINARY}" "$R/usr/bin" # Copy debian-archive-keyring.pgp -mkdir -p $R/usr/share/keyrings -cp /usr/share/keyrings/debian-archive-keyring.gpg $R/usr/share/keyrings/debian-archive-keyring.gpg +mkdir -p "$R/usr/share/keyrings" +cp /usr/share/keyrings/debian-archive-keyring.gpg "$R/usr/share/keyrings/debian-archive-keyring.gpg" # Complete the bootstrapping process chroot_exec /debootstrap/debootstrap --second-stage # Mount required filesystems -mount -t proc none $R/proc -mount -t sysfs none $R/sys -mount --bind /dev/pts $R/dev/pts +mount -t proc none "$R/proc" +mount -t sysfs none "$R/sys" +mount --bind /dev/pts "$R/dev/pts" diff --git a/bootstrap.d/11-apt.sh b/bootstrap.d/11-apt.sh index f3a642e..9610832 100644 --- a/bootstrap.d/11-apt.sh +++ b/bootstrap.d/11-apt.sh @@ -7,22 +7,22 @@ # Install and setup APT proxy configuration if [ -z "$APT_PROXY" ] ; then - install_readonly files/apt/10proxy $R/etc/apt/apt.conf.d/10proxy - sed -i "s/\"\"/\"${APT_PROXY}\"/" $R/etc/apt/apt.conf.d/10proxy + install_readonly files/apt/10proxy "$R/etc/apt/apt.conf.d/10proxy" + sed -i "s/\"\"/\"${APT_PROXY}\"/" "$R/etc/apt/apt.conf.d/10proxy" fi # Install APT pinning configuration for flash-kernel package -install_readonly files/apt/flash-kernel $R/etc/apt/preferences.d/flash-kernel +install_readonly files/apt/flash-kernel "$R/etc/apt/preferences.d/flash-kernel" # Upgrade collabora package index and install collabora keyring -echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >$R/etc/apt/sources.list +echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" > "$R/etc/apt/sources.list" chroot_exec apt-get -qq -y update chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring # Install APT sources.list -install_readonly files/apt/sources.list $R/etc/apt/sources.list -sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" $R/etc/apt/sources.list -sed -i "s/ jessie/ ${RELEASE}/" $R/etc/apt/sources.list +install_readonly files/apt/sources.list "$R/etc/apt/sources.list" +sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "$R/etc/apt/sources.list" +sed -i "s/ jessie/ ${RELEASE}/" "$R/etc/apt/sources.list" # Upgrade package index and update all installed packages and changed dependencies chroot_exec apt-get -qq -y update diff --git a/bootstrap.d/12-locale.sh b/bootstrap.d/12-locale.sh index 06ad5a5..d82f212 100644 --- a/bootstrap.d/12-locale.sh +++ b/bootstrap.d/12-locale.sh @@ -6,7 +6,7 @@ . ./functions.sh # Install and setup timezone -echo ${TIMEZONE} >$R/etc/timezone +echo ${TIMEZONE} > "$R/etc/timezone" chroot_exec dpkg-reconfigure -f noninteractive tzdata # Install and setup default locale and keyboard configuration @@ -19,40 +19,40 @@ if [ "$ENABLE_MINBASE" = false ] ; then else # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections - sed -i "/en_US.UTF-8/s/^#//" $R/etc/locale.gen + sed -i "/en_US.UTF-8/s/^#//" "$R/etc/locale.gen" fi - sed -i "/${DEFLOCAL}/s/^#//" $R/etc/locale.gen + sed -i "/${DEFLOCAL}/s/^#//" "$R/etc/locale.gen" chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections chroot_exec locale-gen - chroot_exec update-locale LANG=${DEFLOCAL} + chroot_exec update-locale LANG="${DEFLOCAL}" # Install and setup default keyboard configuration if [ "$XKB_MODEL" != "" ] ; then - sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" $R/etc/default/keyboard + sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" "$R/etc/default/keyboard" fi if [ "$XKB_LAYOUT" != "" ] ; then - sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" $R/etc/default/keyboard + sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" "$R/etc/default/keyboard" fi if [ "$XKB_VARIANT" != "" ] ; then - sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" $R/etc/default/keyboard + sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" "$R/etc/default/keyboard" fi if [ "$XKB_OPTIONS" != "" ] ; then - sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" $R/etc/default/keyboard + sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" "$R/etc/default/keyboard" fi chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration # Install and setup font console case "${DEFLOCAL}" in *UTF-8) - sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' $R/etc/default/console-setup + sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' "$R/etc/default/console-setup" ;; *) - sed -i 's/^CHARMAP.*/CHARMAP="guess"/' $R/etc/default/console-setup + sed -i 's/^CHARMAP.*/CHARMAP="guess"/' "$R/etc/default/console-setup" ;; esac chroot_exec dpkg-reconfigure -f noninteractive console-setup else # ENABLE_MINBASE=true # Install POSIX default locale - install_readonly files/locales/locale $R/etc/default/locale + install_readonly files/locales/locale "$R/etc/default/locale" fi diff --git a/bootstrap.d/13-kernel.sh b/bootstrap.d/13-kernel.sh index 798a5ce..a8e4f4a 100644 --- a/bootstrap.d/13-kernel.sh +++ b/bootstrap.d/13-kernel.sh @@ -8,88 +8,99 @@ # Fetch and build latest raspberry kernel if [ "$BUILD_KERNEL" = true ] ; then # Setup source directory - mkdir -p $R/usr/src + mkdir -p "$R/usr/src" # Copy existing kernel sources into chroot directory - if [ -n "$KERNEL_SRCDIR" ] && [ -d "$KERNEL_SRCDIR" ] ; then + if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then # Copy kernel sources - cp -r "${KERNEL_SRCDIR}" "${R}/usr/src" + cp -r "${KERNELSRC_DIR}" "${R}/usr/src" # Clean the kernel sources - if [ "$KERNEL_CLEANSRC" = true ] ; then - make -C $R/usr/src/linux ARCH=${KERNEL_ARCH} CROSS_COMPILE=${CROSS_COMPILE} mrproper + if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then + make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper fi - else # KERNEL_SRCDIR="" + else # KERNELSRC_DIR="" # Fetch current raspberrypi kernel sources - git -C $R/usr/src clone --depth=1 https://github.com/raspberrypi/linux + git -C "$R/usr/src" clone --depth=1 https://github.com/raspberrypi/linux fi # Calculate optimal number of kernel building threads - if [ "$KERNEL_THREADS" = "1" ] ; then - if [ -r /proc/cpuinfo ] ; then - KERNEL_THREADS=$(grep -c processor /proc/cpuinfo) - fi + if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then + KERNEL_THREADS=$(grep -c processor /proc/cpuinfo) fi - if [ "$KERNEL_CONFIGSRC" = true ] ; then - # Load default raspberry kernel configuration - make -C $R/usr/src/linux ARCH=${KERNEL_ARCH} CROSS_COMPILE=${CROSS_COMPILE} ${KERNEL_DEFCONFIG} + if [ "$KERNELSRC_PREBUILT" = false ] ; then + if [ "$KERNELSRC_CONFIG" = true ] ; then + # Load default raspberry kernel configuration + make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}" - # Start menu-driven kernel configuration (interactive) - if [ "$KERNEL_MENUCONFIG" = true ] ; then - make -C $R/usr/src/linux ARCH=${KERNEL_ARCH} CROSS_COMPILE=${CROSS_COMPILE} menuconfig + # Start menu-driven kernel configuration (interactive) + if [ "$KERNEL_MENUCONFIG" = true ] ; then + make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig + fi fi - fi - # Cross compile kernel and modules - make -C $R/usr/src/linux -j${KERNEL_THREADS} ARCH=${KERNEL_ARCH} CROSS_COMPILE=${CROSS_COMPILE} zImage modules dtbs + # Cross compile kernel and modules + make -C "$R/usr/src/linux" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" zImage modules dtbs + fi # Check if kernel compilation was successful - if [ ! -r $R/usr/src/linux/arch/${KERNEL_ARCH}/boot/zImage ] ; then - echo "error: kernel compilation failed!" + if [ ! -r "$R/usr/src/linux/arch/${KERNEL_ARCH}/boot/zImage" ] ; then + echo "error: kernel compilation failed! (zImage not found)" cleanup exit 1 fi # Install kernel modules if [ "$ENABLE_REDUCE" = true ] ; then - make -C $R/usr/src/linux ARCH=${KERNEL_ARCH} CROSS_COMPILE=${CROSS_COMPILE} INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install + make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install else - make -C $R/usr/src/linux ARCH=${KERNEL_ARCH} CROSS_COMPILE=${CROSS_COMPILE} INSTALL_MOD_PATH=../../.. modules_install + make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install + + # Install kernel firmware + make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install fi # Install kernel headers if [ "$KERNEL_HEADERS" = true ] ; then - make -C $R/usr/src/linux ARCH=${KERNEL_ARCH} CROSS_COMPILE=${CROSS_COMPILE} INSTALL_HDR_PATH=../.. headers_install + make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install fi - # Copy and rename compiled kernel to boot directory - mkdir $R/boot/firmware/ - $R/usr/src/linux/scripts/mkknlimg $R/usr/src/linux/arch/${KERNEL_ARCH}/boot/zImage $R/boot/firmware/kernel7.img + # Prepare boot (firmware) directory + mkdir "$R/boot/firmware/" + + # Get kernel release version + KERNEL_VERSION=`cat "$R/usr/src/linux/include/config/kernel.release"` + + # Copy kernel configuration file to the boot directory + cp "$R/usr/src/linux/.config" "$R/boot/config-${KERNEL_VERSION}" + + # Copy dts and dtb device tree sources and binaries + mkdir "$R/boot/firmware/overlays/" + cp "$R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/"*.dtb "$R/boot/firmware/" + cp "$R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb* "$R/boot/firmware/overlays/" + cp "$R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "$R/boot/firmware/overlays/" - # Copy dts and dtb device definitions - mkdir $R/boot/firmware/overlays/ - cp $R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/*.dtb $R/boot/firmware/ - cp $R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/overlays/*.dtb* $R/boot/firmware/overlays/ - cp $R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/overlays/README $R/boot/firmware/overlays/ + # Convert kernel zImage and copy it to the boot directory + "$R/usr/src/linux/scripts/mkknlimg" "$R/usr/src/linux/arch/${KERNEL_ARCH}/boot/zImage" "$R/boot/firmware/kernel7.img" # Remove kernel sources - if [ "$KERNEL_RMSRC" = true ] ; then - rm -fr $R/usr/src/linux + if [ "$KERNEL_REMOVESRC" = true ] ; then + rm -fr "$R/usr/src/linux" fi # Install raspberry bootloader and flash-kernel packages chroot_exec apt-get -qq -y --no-install-recommends install raspberrypi-bootloader-nokernel else # BUILD_KERNEL=false # Kernel installation - chroot_exec apt-get -qq -y --no-install-recommends install linux-image-${COLLABORA_KERNEL} raspberrypi-bootloader-nokernel + chroot_exec apt-get -qq -y --no-install-recommends install linux-image-"${COLLABORA_KERNEL}" raspberrypi-bootloader-nokernel # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot chroot_exec apt-get -qq -y install flash-kernel VMLINUZ="$(ls -1 $R/boot/vmlinuz-* | sort | tail -n 1)" [ -z "$VMLINUZ" ] && exit 1 - cp $VMLINUZ $R/boot/firmware/kernel7.img + cp "$VMLINUZ" "$R/boot/firmware/kernel7.img" fi # Setup firmware boot cmdline @@ -110,43 +121,43 @@ if [ "$ENABLE_IPV6" = false ] ; then fi # Install firmware boot cmdline -echo "${CMDLINE}" >$R/boot/firmware/cmdline.txt +echo "${CMDLINE}" > "$R/boot/firmware/cmdline.txt" # Install firmware config -install_readonly files/boot/config.txt $R/boot/firmware/config.txt +install_readonly files/boot/config.txt "$R/boot/firmware/config.txt" # Setup minimal GPU memory allocation size: 16MB (no X) if [ "$ENABLE_MINGPU" = true ] ; then - echo "gpu_mem=16" >>$R/boot/firmware/config.txt + echo "gpu_mem=16" >> "$R/boot/firmware/config.txt" fi # Create firmware configuration and cmdline symlinks -ln -sf firmware/config.txt $R/boot/config.txt -ln -sf firmware/cmdline.txt $R/boot/cmdline.txt +ln -sf firmware/config.txt "$R/boot/config.txt" +ln -sf firmware/cmdline.txt "$R/boot/cmdline.txt" # Install and setup kernel modules to load at boot -mkdir -p $R/lib/modules-load.d/ -install_readonly files/modules/rpi2.conf $R/lib/modules-load.d/rpi2.conf +mkdir -p "$R/lib/modules-load.d/" +install_readonly files/modules/rpi2.conf "$R/lib/modules-load.d/rpi2.conf" # Load hardware random module at boot if [ "$ENABLE_HWRANDOM" = true ] ; then - sed -i "s/^# bcm2708_rng/bcm2708_rng/" $R/lib/modules-load.d/rpi2.conf + sed -i "s/^# bcm2708_rng/bcm2708_rng/" "$R/lib/modules-load.d/rpi2.conf" fi # Load sound module at boot if [ "$ENABLE_SOUND" = true ] ; then - sed -i "s/^# snd_bcm2835/snd_bcm2835/" $R/lib/modules-load.d/rpi2.conf + sed -i "s/^# snd_bcm2835/snd_bcm2835/" "$R/lib/modules-load.d/rpi2.conf" fi # Install kernel modules blacklist -mkdir -p $R/etc/modprobe.d/ -install_readonly files/modules/raspi-blacklist.conf $R/etc/modprobe.d/raspi-blacklist.conf +mkdir -p "$R/etc/modprobe.d/" +install_readonly files/modules/raspi-blacklist.conf "$R/etc/modprobe.d/raspi-blacklist.conf" # Install and setup fstab -install_readonly files/mount/fstab $R/etc/fstab +install_readonly files/mount/fstab "$R/etc/fstab" if [ "$ENABLE_SPLITFS" = true ] ; then - sed -i 's/mmcblk0p2/sda1/' $R/etc/fstab + sed -i 's/mmcblk0p2/sda1/' "$R/etc/fstab" fi # Install sysctl.d configuration files -install_readonly files/sysctl.d/81-rpi-vm.conf $R/etc/sysctl.d/81-rpi-vm.conf +install_readonly files/sysctl.d/81-rpi-vm.conf "$R/etc/sysctl.d/81-rpi-vm.conf" diff --git a/bootstrap.d/20-networking.sh b/bootstrap.d/20-networking.sh index 3216f4e..bd6e8db 100644 --- a/bootstrap.d/20-networking.sh +++ b/bootstrap.d/20-networking.sh @@ -6,37 +6,37 @@ . ./functions.sh # Install and setup hostname -install_readonly files/network/hostname $R/etc/hostname -sed -i "s/^rpi2-jessie/${HOSTNAME}/" $R/etc/hostname +install_readonly files/network/hostname "$R/etc/hostname" +sed -i "s/^rpi2-jessie/${HOSTNAME}/" "$R/etc/hostname" # Install and setup hosts -install_readonly files/network/hosts $R/etc/hosts -sed -i "s/rpi2-jessie/${HOSTNAME}/" $R/etc/hosts +install_readonly files/network/hosts "$R/etc/hosts" +sed -i "s/rpi2-jessie/${HOSTNAME}/" "$R/etc/hosts" # Setup hostname entry with static IP if [ "$NET_ADDRESS" != "" ] ; then - NET_IP=$(echo ${NET_ADDRESS} | cut -f 1 -d'/') - sed -i "s/^127.0.1.1/${NET_IP}/" $R/etc/hosts + NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/') + sed -i "s/^127.0.1.1/${NET_IP}/" "$R/etc/hosts" fi # Remove IPv6 hosts if [ "$ENABLE_IPV6" = false ] ; then - sed -i -e "/::[1-9]/d" -e "/^$/d" $R/etc/hosts + sed -i -e "/::[1-9]/d" -e "/^$/d" "$R/etc/hosts" fi # Install hint about network configuration -install_readonly files/network/interfaces $R/etc/network/interfaces +install_readonly files/network/interfaces "$R/etc/network/interfaces" # Install configuration for interface eth0 -install_readonly files/network/eth.network $R/etc/systemd/network/eth.network +install_readonly files/network/eth.network "$R/etc/systemd/network/eth.network" if [ "$ENABLE_DHCP" = true ] ; then # Enable DHCP configuration for interface eth0 - sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" $R/etc/systemd/network/eth.network + sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "$R/etc/systemd/network/eth.network" # Set DHCP configuration to IPv4 only if [ "$ENABLE_IPV6" = false ] ; then - sed -i "s/DHCP=.*/DHCP=v4/" $R/etc/systemd/network/eth.network + sed -i "s/DHCP=.*/DHCP=v4/" "$R/etc/systemd/network/eth.network" fi else # ENABLE_DHCP=false @@ -50,23 +50,23 @@ else # ENABLE_DHCP=false -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\ -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\ -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\ - $R/etc/systemd/network/eth.network + "$R/etc/systemd/network/eth.network" fi # Remove empty settings from network configuration -sed -i "/.*=\$/d" $R/etc/systemd/network/eth.network +sed -i "/.*=\$/d" "$R/etc/systemd/network/eth.network" # Enable systemd-networkd service chroot_exec systemctl enable systemd-networkd # Install host.conf resolver configuration -install_readonly files/network/host.conf $R/etc/host.conf +install_readonly files/network/host.conf "$R/etc/host.conf" # Enable network stack hardening if [ "$ENABLE_HARDNET" = true ] ; then # Install sysctl.d configuration files - install_readonly files/sysctl.d/82-rpi-net-hardening.conf $R/etc/sysctl.d/82-rpi-net-hardening.conf + install_readonly files/sysctl.d/82-rpi-net-hardening.conf "$R/etc/sysctl.d/82-rpi-net-hardening.conf" # Setup resolver warnings about spoofed addresses - sed -i "s/^# spoof warn/spoof warn/" $R/etc/host.conf + sed -i "s/^# spoof warn/spoof warn/" "$R/etc/host.conf" fi diff --git a/bootstrap.d/21-firewall.sh b/bootstrap.d/21-firewall.sh index d2316e5..247325e 100644 --- a/bootstrap.d/21-firewall.sh +++ b/bootstrap.d/21-firewall.sh @@ -10,13 +10,13 @@ if [ "$ENABLE_IPTABLES" = true ] ; then mkdir -p "$R/etc/iptables" # Install iptables systemd service - install_readonly files/iptables/iptables.service $R/etc/systemd/system/iptables.service + install_readonly files/iptables/iptables.service "$R/etc/systemd/system/iptables.service" # Install flush-table script called by iptables service - install_exec files/iptables/flush-iptables.sh $R/etc/iptables/flush-iptables.sh + install_exec files/iptables/flush-iptables.sh "$R/etc/iptables/flush-iptables.sh" # Install iptables rule file - install_readonly files/iptables/iptables.rules $R/etc/iptables/iptables.rules + install_readonly files/iptables/iptables.rules "$R/etc/iptables/iptables.rules" # Reload systemd configuration and enable iptables service chroot_exec systemctl daemon-reload @@ -24,12 +24,12 @@ if [ "$ENABLE_IPTABLES" = true ] ; then if [ "$ENABLE_IPV6" = true ] ; then # Install ip6tables systemd service - install_readonly files/iptables/ip6tables.service $R/etc/systemd/system/ip6tables.service + install_readonly files/iptables/ip6tables.service "$R/etc/systemd/system/ip6tables.service" # Install ip6tables file - install_exec files/iptables/flush-ip6tables.sh $R/etc/iptables/flush-ip6tables.sh + install_exec files/iptables/flush-ip6tables.sh "$R/etc/iptables/flush-ip6tables.sh" - install_readonly files/iptables/ip6tables.rules $R/etc/iptables/ip6tables.rules + install_readonly files/iptables/ip6tables.rules "$R/etc/iptables/ip6tables.rules" # Reload systemd configuration and enable iptables service chroot_exec systemctl daemon-reload @@ -39,6 +39,6 @@ fi if [ "$ENABLE_SSHD" = false ] ; then # Remove SSHD related iptables rules - sed -i "/^#/! {/SSH/ s/^/# /}" $R/etc/iptables/iptables.rules 2> /dev/null - sed -i "/^#/! {/SSH/ s/^/# /}" $R/etc/iptables/ip6tables.rules 2> /dev/null + sed -i "/^#/! {/SSH/ s/^/# /}" "$R/etc/iptables/iptables.rules" 2> /dev/null + sed -i "/^#/! {/SSH/ s/^/# /}" "$R/etc/iptables/ip6tables.rules" 2> /dev/null fi diff --git a/bootstrap.d/30-security.sh b/bootstrap.d/30-security.sh index 2bdacd9..a07719d 100644 --- a/bootstrap.d/30-security.sh +++ b/bootstrap.d/30-security.sh @@ -6,7 +6,7 @@ . ./functions.sh # Generate crypt(3) password string -ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 ${PASSWORD}` +ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 "${PASSWORD}"` # Setup default user if [ "$ENABLE_USER" = true ] ; then @@ -19,7 +19,7 @@ if [ "$ENABLE_ROOT" = true ] ; then chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root if [ "$ENABLE_ROOT_SSH" = true ] ; then - sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" $R/etc/ssh/sshd_config + sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "$R/etc/ssh/sshd_config" fi else # Set no root password to disable root login diff --git a/bootstrap.d/31-logging.sh b/bootstrap.d/31-logging.sh index 740161b..00a9f86 100644 --- a/bootstrap.d/31-logging.sh +++ b/bootstrap.d/31-logging.sh @@ -7,7 +7,7 @@ # Disable rsyslog if [ "$ENABLE_RSYSLOG" = false ] ; then - sed -i "s|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g" $R/etc/systemd/journald.conf + sed -i "s|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g" "$R/etc/systemd/journald.conf" chroot_exec systemctl disable rsyslog chroot_exec apt-get -qq -y --force-yes purge rsyslog fi diff --git a/bootstrap.d/41-uboot.sh b/bootstrap.d/41-uboot.sh index 4968bdd..d3f13b9 100644 --- a/bootstrap.d/41-uboot.sh +++ b/bootstrap.d/41-uboot.sh @@ -13,19 +13,19 @@ fi # Fetch and build U-Boot bootloader if [ "$ENABLE_UBOOT" = true ] ; then # Fetch U-Boot bootloader sources - git -C $R/tmp clone git://git.denx.de/u-boot.git + git -C "$R/tmp" clone git://git.denx.de/u-boot.git # Build and install U-Boot inside chroot chroot_exec make -C /tmp/u-boot/ rpi_2_defconfig all # Copy compiled bootloader binary and set config.txt to load it - cp $R/tmp/u-boot/u-boot.bin $R/boot/firmware/ - printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> $R/boot/firmware/config.txt + cp "$R/tmp/u-boot/u-boot.bin" "$R/boot/firmware/" + printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "$R/boot/firmware/config.txt" # Install and setup U-Boot command file - install_readonly files/boot/uboot.mkimage $R/boot/firmware/uboot.mkimage - printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat $R/boot/firmware/uboot.mkimage)" > $R/boot/firmware/uboot.mkimage + install_readonly files/boot/uboot.mkimage "$R/boot/firmware/uboot.mkimage" + printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat $R/boot/firmware/uboot.mkimage)" > "$R/boot/firmware/uboot.mkimage" # Generate U-Boot bootloader image - chroot_exec /tmp/u-boot/tools/mkimage -A ${KERNEL_ARCH} -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n RPi2 -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr + chroot_exec /tmp/u-boot/tools/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n RPi2 -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr fi diff --git a/bootstrap.d/42-fbturbo.sh b/bootstrap.d/42-fbturbo.sh index c02b38f..ca6b2fb 100644 --- a/bootstrap.d/42-fbturbo.sh +++ b/bootstrap.d/42-fbturbo.sh @@ -7,7 +7,7 @@ if [ "$ENABLE_FBTURBO" = true ] ; then # Fetch fbturbo driver sources - git -C $R/tmp clone https://github.com/ssvb/xf86-video-fbturbo.git + git -C "$R/tmp" clone https://github.com/ssvb/xf86-video-fbturbo.git # Install Xorg build dependencies chroot_exec apt-get -q -y --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev @@ -22,7 +22,7 @@ make install EOF # Install fbturbo driver Xorg configuration - install_readonly files/xorg/99-fbturbo.conf $R/usr/share/X11/xorg.conf.d/99-fbturbo.conf + install_readonly files/xorg/99-fbturbo.conf "$R/usr/share/X11/xorg.conf.d/99-fbturbo.conf" # Remove Xorg build dependencies chroot_exec apt-get -qq -y --auto-remove purge xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev diff --git a/bootstrap.d/50-firstboot.sh b/bootstrap.d/50-firstboot.sh index f3deb18..4892c4b 100644 --- a/bootstrap.d/50-firstboot.sh +++ b/bootstrap.d/50-firstboot.sh @@ -6,30 +6,30 @@ . ./functions.sh # Prepare rc.firstboot script -cat files/firstboot/10-begin.sh > $R/etc/rc.firstboot +cat files/firstboot/10-begin.sh > "$R/etc/rc.firstboot" # Ensure openssh server host keys are regenerated on first boot if [ "$ENABLE_SSHD" = true ] ; then - cat files/firstboot/21-generate-ssh-keys.sh >> $R/etc/rc.firstboot - rm -f $R/etc/ssh/ssh_host_* + cat files/firstboot/21-generate-ssh-keys.sh >> "$R/etc/rc.firstboot" + rm -f "$R/etc/ssh/ssh_host_*" fi # Prepare filesystem auto expand if [ "$EXPANDROOT" = true ] ; then - cat files/firstboot/22-expandroot.sh >> $R/etc/rc.firstboot + cat files/firstboot/22-expandroot.sh >> "$R/etc/rc.firstboot" fi # Ensure that dbus machine-id exists -cat files/firstboot/23-generate-machineid.sh >> $R/etc/rc.firstboot +cat files/firstboot/23-generate-machineid.sh >> "$R/etc/rc.firstboot" # Create /etc/resolv.conf symlink -cat files/firstboot/24-create-resolv-symlink.sh >> $R/etc/rc.firstboot +cat files/firstboot/24-create-resolv-symlink.sh >> "$R/etc/rc.firstboot" # Finalize rc.firstboot script -cat files/firstboot/99-finish.sh >> $R/etc/rc.firstboot -chmod +x $R/etc/rc.firstboot +cat files/firstboot/99-finish.sh >> "$R/etc/rc.firstboot" +chmod +x "$R/etc/rc.firstboot" # Add rc.firstboot script to rc.local -sed -i '/exit 0/d' $R/etc/rc.local -echo /etc/rc.firstboot >> $R/etc/rc.local -echo exit 0 >> $R/etc/rc.local +sed -i '/exit 0/d' "$R/etc/rc.local" +echo /etc/rc.firstboot >> "$R/etc/rc.local" +echo exit 0 >> "$R/etc/rc.local" diff --git a/rpi2-gen-image.sh b/rpi2-gen-image.sh index ed7fc02..258fa6e 100755 --- a/rpi2-gen-image.sh +++ b/rpi2-gen-image.sh @@ -98,13 +98,16 @@ ENABLE_SPLITFS=${ENABLE_SPLITFS:=false} # Kernel compilation settings BUILD_KERNEL=${BUILD_KERNEL:=false} -KERNEL_SRCDIR=${KERNEL_SRCDIR:=""} KERNEL_THREADS=${KERNEL_THREADS:=1} KERNEL_HEADERS=${KERNEL_HEADERS:=true} KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false} -KERNEL_CLEANSRC=${KERNEL_CLEANSRC:=false} -KERNEL_CONFIGSRC=${KERNEL_CONFIGSRC:=true} -KERNEL_RMSRC=${KERNEL_RMSRC:=true} +KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true} + +# Kernel compilation from source directory settings +KERNELSRC_DIR=${KERNELSRC_DIR:=""} +KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false} +KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true} +KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false} # Image chroot path R=${BUILDDIR}/chroot @@ -140,9 +143,9 @@ if [ ! -d "./files/" ] ; then exit 1 fi -# Check if specified KERNEL_SRCDIR directory exists -if [ -n "$KERNEL_SRCDIR" ] && [ ! -d "$KERNEL_SRCDIR" ] ; then - echo "error: ${KERNEL_SRCDIR} (KERNEL_SRCDIR) specified directory not found!" +# Check if specified KERNELSRC_DIR directory exists +if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then + echo "error: ${KERNELSRC_DIR} (KERNELSRC_DIR) specified directory not found!" exit 1 fi @@ -155,6 +158,7 @@ fi # Add packages required for kernel cross compilation if [ "$BUILD_KERNEL" = true ] ; then REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf" + if [ "$KERNEL_MENUCONFIG" = true ] ; then REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ncurses-dev" fi @@ -163,7 +167,7 @@ fi # Check if all required packages are installed for package in $REQUIRED_PACKAGES ; do if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then - MISSING_PACKAGES="$MISSING_PACKAGES $package" + MISSING_PACKAGES="${MISSING_PACKAGES} $package" fi done @@ -188,6 +192,9 @@ if [ -e "$BUILDDIR" ] ; then exit 1 fi +# Setup chroot directory +mkdir -p "$R" + # Check if build directory has enough of free disk space >512MB if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then echo "error: ${BUILDDIR} not enough space left on this partition to generate the output image!" @@ -204,9 +211,6 @@ set -x # Call "cleanup" function on various signals and errors trap cleanup 0 1 2 3 6 -# Setup chroot directory -mkdir -p $R - # Add required packages for the minbase installation if [ "$ENABLE_MINBASE" = true ] ; then APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools" @@ -263,23 +267,23 @@ if [ "$ENABLE_XORG" = true ] ; then APT_INCLUDES="${APT_INCLUDES},xorg" fi -# Set KERNEL_CONFIGSRC=true -if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNEL_SRCDIR" ] ; then - KERNEL_CONFIGSRC=true +# Set KERNELSRC_CONFIG=true +if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then + KERNELSRC_CONFIG=true fi ## MAIN bootstrap for SCRIPT in bootstrap.d/*.sh; do # Execute bootstrap scripts (lexicographical order) - head -n 3 $SCRIPT - . $SCRIPT + head -n 3 "$SCRIPT" + . "$SCRIPT" done ## Custom bootstrap scripts if [ -d "custom.d" ] ; then # Execute custom bootstrap scripts (lexicographical order) for SCRIPT in custom.d/*.sh; do - . $SCRIPT + . "$SCRIPT" done fi @@ -294,7 +298,7 @@ for SCRIPT in /chroot_scripts/* ; do fi done EOF - rm -rf "${R}/chroot_scripts" + rm -rf "$R/chroot_scripts" fi # Remove apt-utils @@ -303,34 +307,35 @@ chroot_exec apt-get purge -qq -y --force-yes apt-utils # Reduce the image size by removing and compressing if [ "$ENABLE_REDUCE" = true ] ; then # Install dpkg configuration fragment file - install_readonly files/dpkg/01nodoc $R/etc/dpkg/dpkg.cfg.d/01nodoc + install_readonly files/dpkg/01nodoc "$R/etc/dpkg/dpkg.cfg.d/01nodoc" # Install APT configuration fragment files - install_readonly files/apt/02nocache $R/etc/apt/apt.conf.d/02nocache - install_readonly files/apt/03compress $R/etc/apt/apt.conf.d/03compress - install_readonly files/apt/04norecommends $R/etc/apt/apt.conf.d/04norecommends + install_readonly files/apt/02nocache "$R/etc/apt/apt.conf.d/02nocache" + install_readonly files/apt/03compress "$R/etc/apt/apt.conf.d/03compress" + install_readonly files/apt/04norecommends "$R/etc/apt/apt.conf.d/04norecommends" # Remove APT cache files - rm -fr $R/var/cache/apt/pkgcache.bin - rm -fr $R/var/cache/apt/srcpkgcache.bin + rm -fr "$R/var/cache/apt/pkgcache.bin" + rm -fr "$R/var/cache/apt/srcpkgcache.bin" # Remove all doc and man files - find $R/usr/share/doc -depth -type f ! -name copyright | xargs rm || true - find $R/usr/share/doc -empty | xargs rmdir || true - rm -rf $R/usr/share/man $R/usr/share/groff $R/usr/share/info $R/usr/share/lintian $R/usr/share/linda $R/var/cache/man + find "$R/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true + find "$R/usr/share/doc" -empty | xargs rmdir || true + rm -rf "$R/usr/share/man" "$R/usr/share/groff" "$R/usr/share/info" "$R/usr/share/lintian" "$R/usr/share/linda" "$R/var/cache/man" # Remove all translation files - find $R/usr/share/locale -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r + find "$R/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r # Clean APT list of repositories - rm -fr $R/var/lib/apt/lists/* + rm -fr "$R/var/lib/apt/lists/*" chroot_exec apt-get -qq -y update + # Remove GPU kernels if [ "$ENABLE_MINGPU" = true ] ; then - rm -f $R/boot/firmware/start.elf - rm -f $R/boot/firmware/fixup.dat - rm -f $R/boot/firmware/start_x.elf - rm -f $R/boot/firmware/fixup_x.dat + rm -f "$R/boot/firmware/start.elf" + rm -f "$R/boot/firmware/fixup.dat" + rm -f "$R/boot/firmware/start_x.elf" + rm -f "$R/boot/firmware/fixup_x.dat" fi fi @@ -340,27 +345,27 @@ chroot_exec apt-get -y autoclean chroot_exec apt-get -y autoremove # Unmount mounted filesystems -umount -l $R/proc -umount -l $R/sys +umount -l "$R/proc" +umount -l "$R/sys" # Clean up directories -rm -rf $R/run -rm -rf $R/tmp/* +rm -rf "$R/run" +rm -rf "$R/tmp/*" # Clean up files -rm -f $R/etc/apt/sources.list.save -rm -f $R/etc/resolvconf/resolv.conf.d/original -rm -f $R/etc/*- -rm -f $R/root/.bash_history -rm -f $R/var/lib/urandom/random-seed -rm -f $R/var/lib/dbus/machine-id -rm -f $R/etc/machine-id -rm -f $R/etc/apt/apt.conf.d/10proxy -rm -f $R/etc/resolv.conf +rm -f "$R/etc/apt/sources.list.save" +rm -f "$R/etc/resolvconf/resolv.conf.d/original" +rm -f "$R/etc/*-" +rm -f "$R/root/.bash_history" +rm -f "$R/var/lib/urandom/random-seed" +rm -f "$R/var/lib/dbus/machine-id" +rm -f "$R/etc/machine-id" +rm -f "$R/etc/apt/apt.conf.d/10proxy" +rm -f "$R/etc/resolv.conf" rm -f "${R}${QEMU_BINARY}" # Calculate size of the chroot directory in KB -CHROOT_SIZE=$(expr `du -s $R | awk '{ print $1 }'`) +CHROOT_SIZE=$(expr `du -s "$R" | awk '{ print $1 }'`) # Calculate the amount of needed 512 Byte sectors TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512) -- cgit v1.2.3