From d0f91512d9ca6d361d8a4a387094c48aab00e111 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Tue, 19 Apr 2016 15:10:50 +0200 Subject: fix: ENABLE_CRYPTFS -> UBOOT, SPLITFS, EXPANDROOT - cleanup --- bootstrap.d/10-bootstrap.sh | 14 ++--- bootstrap.d/11-apt.sh | 16 ++--- bootstrap.d/12-locale.sh | 20 +++---- bootstrap.d/13-kernel.sh | 140 +++++++++++++++++++++++++------------------ bootstrap.d/20-networking.sh | 30 +++++----- bootstrap.d/21-firewall.sh | 18 +++--- bootstrap.d/30-security.sh | 2 +- bootstrap.d/31-logging.sh | 2 +- bootstrap.d/41-uboot.sh | 52 +++++++++++++--- bootstrap.d/42-fbturbo.sh | 6 +- bootstrap.d/50-firstboot.sh | 25 ++++---- bootstrap.d/99-reduce.sh | 34 +++++------ 12 files changed, 212 insertions(+), 147 deletions(-) (limited to 'bootstrap.d') diff --git a/bootstrap.d/10-bootstrap.sh b/bootstrap.d/10-bootstrap.sh index f55c3e3..2dfddff 100644 --- a/bootstrap.d/10-bootstrap.sh +++ b/bootstrap.d/10-bootstrap.sh @@ -7,22 +7,22 @@ # Base debootstrap (unpack only) if [ "$ENABLE_MINBASE" = true ] ; then - http_proxy=${APT_PROXY} debootstrap --arch="${RELEASE_ARCH}" --foreign --variant=minbase --include="${APT_INCLUDES}" "${RELEASE}" "$R" "http://${APT_SERVER}/debian" + http_proxy=${APT_PROXY} debootstrap --arch="${RELEASE_ARCH}" --foreign --variant=minbase --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian" else - http_proxy=${APT_PROXY} debootstrap --arch="${RELEASE_ARCH}" --foreign --include="${APT_INCLUDES}" "${RELEASE}" "$R" "http://${APT_SERVER}/debian" + http_proxy=${APT_PROXY} debootstrap --arch="${RELEASE_ARCH}" --foreign --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian" fi # Copy qemu emulator binary to chroot install_exec "${QEMU_BINARY}" "${R}${QEMU_BINARY}" # Copy debian-archive-keyring.pgp -mkdir -p "$R/usr/share/keyrings" -install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "$R/usr/share/keyrings/debian-archive-keyring.gpg" +mkdir -p "${R}/usr/share/keyrings" +install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "${R}/usr/share/keyrings/debian-archive-keyring.gpg" # Complete the bootstrapping process chroot_exec /debootstrap/debootstrap --second-stage # Mount required filesystems -mount -t proc none "$R/proc" -mount -t sysfs none "$R/sys" -mount --bind /dev/pts "$R/dev/pts" +mount -t proc none "${R}/proc" +mount -t sysfs none "${R}/sys" +mount --bind /dev/pts "${R}/dev/pts" diff --git a/bootstrap.d/11-apt.sh b/bootstrap.d/11-apt.sh index 554aaf5..1d32051 100644 --- a/bootstrap.d/11-apt.sh +++ b/bootstrap.d/11-apt.sh @@ -7,28 +7,28 @@ # Install and setup APT proxy configuration if [ -z "$APT_PROXY" ] ; then - install_readonly files/apt/10proxy "$R/etc/apt/apt.conf.d/10proxy" - sed -i "s/\"\"/\"${APT_PROXY}\"/" "$R/etc/apt/apt.conf.d/10proxy" + install_readonly files/apt/10proxy "${ETCDIR}/apt/apt.conf.d/10proxy" + sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETCDIR}/apt/apt.conf.d/10proxy" fi if [ "$BUILD_KERNEL" = false ] ; then # Install APT pinning configuration for flash-kernel package - install_readonly files/apt/flash-kernel "$R/etc/apt/preferences.d/flash-kernel" + install_readonly files/apt/flash-kernel "${ETCDIR}/apt/preferences.d/flash-kernel" # Install APT sources.list - install_readonly files/apt/sources.list "$R/etc/apt/sources.list" - echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >> "$R/etc/apt/sources.list" + install_readonly files/apt/sources.list "${ETCDIR}/apt/sources.list" + echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >> "${ETCDIR}/apt/sources.list" # Upgrade collabora package index and install collabora keyring chroot_exec apt-get -qq -y update chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring else # BUILD_KERNEL=true # Install APT sources.list - install_readonly files/apt/sources.list "$R/etc/apt/sources.list" + install_readonly files/apt/sources.list "${ETCDIR}/apt/sources.list" # Use specified APT server and release - sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "$R/etc/apt/sources.list" - sed -i "s/ jessie/ ${RELEASE}/" "$R/etc/apt/sources.list" + sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETCDIR}/apt/sources.list" + sed -i "s/ jessie/ ${RELEASE}/" "${ETCDIR}/apt/sources.list" fi # Upgrade package index and update all installed packages and changed dependencies diff --git a/bootstrap.d/12-locale.sh b/bootstrap.d/12-locale.sh index d82f212..bd1edf4 100644 --- a/bootstrap.d/12-locale.sh +++ b/bootstrap.d/12-locale.sh @@ -6,7 +6,7 @@ . ./functions.sh # Install and setup timezone -echo ${TIMEZONE} > "$R/etc/timezone" +echo ${TIMEZONE} > "${ETCDIR}/timezone" chroot_exec dpkg-reconfigure -f noninteractive tzdata # Install and setup default locale and keyboard configuration @@ -19,40 +19,40 @@ if [ "$ENABLE_MINBASE" = false ] ; then else # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections - sed -i "/en_US.UTF-8/s/^#//" "$R/etc/locale.gen" + sed -i "/en_US.UTF-8/s/^#//" "${ETCDIR}/locale.gen" fi - sed -i "/${DEFLOCAL}/s/^#//" "$R/etc/locale.gen" + sed -i "/${DEFLOCAL}/s/^#//" "${ETCDIR}/locale.gen" chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections chroot_exec locale-gen chroot_exec update-locale LANG="${DEFLOCAL}" # Install and setup default keyboard configuration if [ "$XKB_MODEL" != "" ] ; then - sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" "$R/etc/default/keyboard" + sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" "${ETCDIR}/default/keyboard" fi if [ "$XKB_LAYOUT" != "" ] ; then - sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" "$R/etc/default/keyboard" + sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" "${ETCDIR}/default/keyboard" fi if [ "$XKB_VARIANT" != "" ] ; then - sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" "$R/etc/default/keyboard" + sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" "${ETCDIR}/default/keyboard" fi if [ "$XKB_OPTIONS" != "" ] ; then - sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" "$R/etc/default/keyboard" + sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" "${ETCDIR}/default/keyboard" fi chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration # Install and setup font console case "${DEFLOCAL}" in *UTF-8) - sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' "$R/etc/default/console-setup" + sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' "${ETCDIR}/default/console-setup" ;; *) - sed -i 's/^CHARMAP.*/CHARMAP="guess"/' "$R/etc/default/console-setup" + sed -i 's/^CHARMAP.*/CHARMAP="guess"/' "${ETCDIR}/default/console-setup" ;; esac chroot_exec dpkg-reconfigure -f noninteractive console-setup else # ENABLE_MINBASE=true # Install POSIX default locale - install_readonly files/locales/locale "$R/etc/default/locale" + install_readonly files/locales/locale "${ETCDIR}/default/locale" fi diff --git a/bootstrap.d/13-kernel.sh b/bootstrap.d/13-kernel.sh index cc4828d..2652142 100644 --- a/bootstrap.d/13-kernel.sh +++ b/bootstrap.d/13-kernel.sh @@ -8,7 +8,7 @@ # Fetch and build latest raspberry kernel if [ "$BUILD_KERNEL" = true ] ; then # Setup source directory - mkdir -p "$R/usr/src" + mkdir -p "${R}/usr/src" # Copy existing kernel sources into chroot directory if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then @@ -17,11 +17,11 @@ if [ "$BUILD_KERNEL" = true ] ; then # Clean the kernel sources if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then - make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper + make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper fi else # KERNELSRC_DIR="" # Fetch current raspberrypi kernel sources - git -C "$R/usr/src" clone --depth=1 https://github.com/raspberrypi/linux + git -C "${R}/usr/src" clone --depth=1 https://github.com/raspberrypi/linux fi # Calculate optimal number of kernel building threads @@ -33,7 +33,7 @@ if [ "$BUILD_KERNEL" = true ] ; then if [ "$KERNELSRC_PREBUILT" = false ] ; then # Remove device, network and filesystem drivers from kernel configuration if [ "$KERNEL_REDUCE" = true ] ; then - make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}" + make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}" sed -i\ -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\ -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\ @@ -64,25 +64,25 @@ if [ "$BUILD_KERNEL" = true ] ; then -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\ -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\ -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\ - "$R/usr/src/linux/.config" + "${KERNELDIR}/.config" fi if [ "$KERNELSRC_CONFIG" = true ] ; then # Load default raspberry kernel configuration - make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}" + make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}" # Start menu-driven kernel configuration (interactive) if [ "$KERNEL_MENUCONFIG" = true ] ; then - make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig + make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig fi fi # Cross compile kernel and modules - make -C "$R/usr/src/linux" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" zImage modules dtbs + make -C "${KERNELDIR}" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" zImage modules dtbs fi # Check if kernel compilation was successful - if [ ! -r "$R/usr/src/linux/arch/${KERNEL_ARCH}/boot/zImage" ] ; then + if [ ! -r "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/zImage" ] ; then echo "error: kernel compilation failed! (zImage not found)" cleanup exit 1 @@ -90,50 +90,55 @@ if [ "$BUILD_KERNEL" = true ] ; then # Install kernel modules if [ "$ENABLE_REDUCE" = true ] ; then - make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install + make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install else - make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install + make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install # Install kernel firmware - make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install + make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install fi # Install kernel headers if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then - make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install + make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install fi # Prepare boot (firmware) directory - mkdir "$R/boot/firmware/" + mkdir "${BOOTDIR}" # Get kernel release version - KERNEL_VERSION=`cat "$R/usr/src/linux/include/config/kernel.release"` + KERNEL_VERSION=`cat "${KERNELDIR}/include/config/kernel.release"` # Copy kernel configuration file to the boot directory - install_readonly "$R/usr/src/linux/.config" "$R/boot/config-${KERNEL_VERSION}" + install_readonly "${KERNELDIR}/.config" "${R}/boot/config-${KERNEL_VERSION}" # Copy dts and dtb device tree sources and binaries - mkdir "$R/boot/firmware/overlays/" - install_readonly "$R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/"*.dtb "$R/boot/firmware/" - install_readonly "$R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb* "$R/boot/firmware/overlays/" - install_readonly "$R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "$R/boot/firmware/overlays/README" - - # Convert and copy zImage kernel to the boot directory - "$R/usr/src/linux/scripts/mkknlimg" "$R/usr/src/linux/arch/arm/boot/zImage" "$R/boot/firmware/kernel7.img" + mkdir "${BOOTDIR}/overlays" + install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb "${BOOTDIR}/" + install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb* "${BOOTDIR}/overlays/" + install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOTDIR}/overlays/README" + + if [ "$ENABLE_UBOOT" = false ] ; then + # Convert and copy zImage kernel to the boot directory + "${KERNELDIR}/scripts/mkknlimg" "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/zImage" "${BOOTDIR}/${KERNEL_IMAGE}" + else + # Copy zImage kernel to the boot directory + install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/zImage" "${BOOTDIR}/${KERNEL_IMAGE}" + fi # Remove kernel sources if [ "$KERNEL_REMOVESRC" = true ] ; then - rm -fr "$R/usr/src/linux" + rm -fr "${KERNELDIR}" fi # Install latest boot binaries from raspberry/firmware github - wget -q -O "$R/boot/firmware/bootcode.bin" https://github.com/raspberrypi/firmware/raw/master/boot/bootcode.bin - wget -q -O "$R/boot/firmware/fixup.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup.dat - wget -q -O "$R/boot/firmware/fixup_cd.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_cd.dat - wget -q -O "$R/boot/firmware/fixup_x.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_x.dat - wget -q -O "$R/boot/firmware/start.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start.elf - wget -q -O "$R/boot/firmware/start_cd.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_cd.elf - wget -q -O "$R/boot/firmware/start_x.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_x.elf + wget -q -O "${BOOTDIR}/bootcode.bin" https://github.com/raspberrypi/firmware/raw/master/boot/bootcode.bin + wget -q -O "${BOOTDIR}/fixup.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup.dat + wget -q -O "${BOOTDIR}/fixup_cd.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_cd.dat + wget -q -O "${BOOTDIR}/fixup_x.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_x.dat + wget -q -O "${BOOTDIR}/start.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start.elf + wget -q -O "${BOOTDIR}/start_cd.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_cd.elf + wget -q -O "${BOOTDIR}/start_x.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_x.elf else # BUILD_KERNEL=false # Kernel installation @@ -143,14 +148,14 @@ else # BUILD_KERNEL=false chroot_exec apt-get -qq -y install flash-kernel # Check if kernel installation was successful - VMLINUZ="$(ls -1 $R/boot/vmlinuz-* | sort | tail -n 1)" + VMLINUZ="$(ls -1 ${R}/boot/vmlinuz-* | sort | tail -n 1)" if [ -z "$VMLINUZ" ] ; then echo "error: kernel installation failed! (/boot/vmlinuz-* not found)" cleanup exit 1 fi # Copy vmlinuz kernel to the boot directory - install_readonly "$VMLINUZ" "$R/boot/firmware/kernel7.img" + install_readonly "${VMLINUZ}" "${BOOTDIR}/${KERNEL_IMAGE}" fi # Setup firmware boot cmdline @@ -160,6 +165,15 @@ else CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1 ${CMDLINE}" fi +# Add encrypted root partition to cmdline.txt +if [ "$ENABLE_CRYPTFS" = true ] ; then + if [ "$ENABLE_SPLITFS" = true ] ; then + CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/") + else + CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/") + fi +fi + # Add serial console support if [ "$ENABLE_CONSOLE" = true ] ; then CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200" @@ -171,69 +185,79 @@ if [ "$ENABLE_IPV6" = false ] ; then fi # Install firmware boot cmdline -echo "${CMDLINE}" > "$R/boot/firmware/cmdline.txt" - -# Add encrypted root partition to cmdline.txt -if [ "$ENABLE_CRYPTFS" = true ] ; then - sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/" "$R/boot/firmware/cmdline.txt" -fi +echo "${CMDLINE}" > "${BOOTDIR}/cmdline.txt" # Install firmware config -install_readonly files/boot/config.txt "$R/boot/firmware/config.txt" +install_readonly files/boot/config.txt "${BOOTDIR}/config.txt" # Setup minimal GPU memory allocation size: 16MB (no X) if [ "$ENABLE_MINGPU" = true ] ; then - echo "gpu_mem=16" >> "$R/boot/firmware/config.txt" + echo "gpu_mem=16" >> "${BOOTDIR}/config.txt" fi # Setup boot with initramfs if [ "$ENABLE_INITRAMFS" = true ] ; then - echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "$R/boot/firmware/config.txt" + echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOTDIR}/config.txt" fi # Create firmware configuration and cmdline symlinks -ln -sf firmware/config.txt "$R/boot/config.txt" -ln -sf firmware/cmdline.txt "$R/boot/cmdline.txt" +ln -sf firmware/config.txt "${R}/boot/config.txt" +ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt" # Install and setup kernel modules to load at boot -mkdir -p "$R/lib/modules-load.d/" -install_readonly files/modules/rpi2.conf "$R/lib/modules-load.d/rpi2.conf" +mkdir -p "${R}/lib/modules-load.d/" +install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf" # Load hardware random module at boot -if [ "$ENABLE_HWRANDOM" = true ] ; then - sed -i "s/^# bcm2708_rng/bcm2708_rng/" "$R/lib/modules-load.d/rpi2.conf" +if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then + sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf" fi # Load sound module at boot if [ "$ENABLE_SOUND" = true ] ; then - sed -i "s/^# snd_bcm2835/snd_bcm2835/" "$R/lib/modules-load.d/rpi2.conf" + sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf" fi # Install kernel modules blacklist -mkdir -p "$R/etc/modprobe.d/" -install_readonly files/modules/raspi-blacklist.conf "$R/etc/modprobe.d/raspi-blacklist.conf" +mkdir -p "${ETCDIR}/modprobe.d/" +install_readonly files/modules/raspi-blacklist.conf "${ETCDIR}/modprobe.d/raspi-blacklist.conf" # Install and setup fstab -install_readonly files/mount/fstab "$R/etc/fstab" +install_readonly files/mount/fstab "${ETCDIR}/fstab" # Add usb/sda disk root partition to fstab -if [ "$ENABLE_SPLITFS" = true ] ; then - sed -i "s/mmcblk0p2/sda1/" "$R/etc/fstab" +if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then + sed -i "s/mmcblk0p2/sda1/" "${ETCDIR}/fstab" fi # Add encrypted root partition to fstab and crypttab if [ "$ENABLE_CRYPTFS" = true ] ; then # Replace fstab root partition with encrypted partition mapping - sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "$R/etc/fstab" + sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETCDIR}/fstab" # Add encrypted partition to crypttab and fstab - install_readonly files/mount/crypttab "$R/etc/crypttab" - echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks" >> "$R/etc/crypttab" + install_readonly files/mount/crypttab "${ETCDIR}/crypttab" + echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks" >> "${ETCDIR}/crypttab" + + if [ "$ENABLE_SPLITFS" = true ] ; then + # Add usb/sda disk to crypttab + sed -i "s/mmcblk0p2/sda1/" "${ETCDIR}/crypttab" + fi fi # Generate initramfs file if [ "$ENABLE_INITRAMFS" = true ] ; then if [ "$ENABLE_CRYPTFS" = true ] ; then + # Include initramfs scripts to auto expand encrypted root partition + if [ "$EXPANDROOT" = true ] ; then + install_exec files/initramfs/expand_encrypted_rootfs "${ETCDIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs" + install_exec files/initramfs/expand-premount "${ETCDIR}/initramfs-tools/scripts/local-premount/expand-premount" + install_exec files/initramfs/expand-tools "${ETCDIR}/initramfs-tools/hooks/expand-tools" + fi + + # Disable SSHD inside initramfs + printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETCDIR}/initramfs-tools/initramfs.conf" + # Dummy mapping required by mkinitramfs echo "0 1 crypt $(echo ${CRYPTFS_CIPHER} | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}" @@ -249,4 +273,4 @@ if [ "$ENABLE_INITRAMFS" = true ] ; then fi # Install sysctl.d configuration files -install_readonly files/sysctl.d/81-rpi-vm.conf "$R/etc/sysctl.d/81-rpi-vm.conf" +install_readonly files/sysctl.d/81-rpi-vm.conf "${ETCDIR}/sysctl.d/81-rpi-vm.conf" diff --git a/bootstrap.d/20-networking.sh b/bootstrap.d/20-networking.sh index bd6e8db..16e06f2 100644 --- a/bootstrap.d/20-networking.sh +++ b/bootstrap.d/20-networking.sh @@ -6,37 +6,37 @@ . ./functions.sh # Install and setup hostname -install_readonly files/network/hostname "$R/etc/hostname" -sed -i "s/^rpi2-jessie/${HOSTNAME}/" "$R/etc/hostname" +install_readonly files/network/hostname "${ETCDIR}/hostname" +sed -i "s/^rpi2-jessie/${HOSTNAME}/" "${ETCDIR}/hostname" # Install and setup hosts -install_readonly files/network/hosts "$R/etc/hosts" -sed -i "s/rpi2-jessie/${HOSTNAME}/" "$R/etc/hosts" +install_readonly files/network/hosts "${ETCDIR}/hosts" +sed -i "s/rpi2-jessie/${HOSTNAME}/" "${ETCDIR}/hosts" # Setup hostname entry with static IP if [ "$NET_ADDRESS" != "" ] ; then NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/') - sed -i "s/^127.0.1.1/${NET_IP}/" "$R/etc/hosts" + sed -i "s/^127.0.1.1/${NET_IP}/" "${ETCDIR}/hosts" fi # Remove IPv6 hosts if [ "$ENABLE_IPV6" = false ] ; then - sed -i -e "/::[1-9]/d" -e "/^$/d" "$R/etc/hosts" + sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETCDIR}/hosts" fi # Install hint about network configuration -install_readonly files/network/interfaces "$R/etc/network/interfaces" +install_readonly files/network/interfaces "${ETCDIR}/network/interfaces" # Install configuration for interface eth0 -install_readonly files/network/eth.network "$R/etc/systemd/network/eth.network" +install_readonly files/network/eth.network "${ETCDIR}/systemd/network/eth.network" if [ "$ENABLE_DHCP" = true ] ; then # Enable DHCP configuration for interface eth0 - sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "$R/etc/systemd/network/eth.network" + sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETCDIR}/systemd/network/eth.network" # Set DHCP configuration to IPv4 only if [ "$ENABLE_IPV6" = false ] ; then - sed -i "s/DHCP=.*/DHCP=v4/" "$R/etc/systemd/network/eth.network" + sed -i "s/DHCP=.*/DHCP=v4/" "${ETCDIR}/systemd/network/eth.network" fi else # ENABLE_DHCP=false @@ -50,23 +50,23 @@ else # ENABLE_DHCP=false -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\ -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\ -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\ - "$R/etc/systemd/network/eth.network" + "${ETCDIR}/systemd/network/eth.network" fi # Remove empty settings from network configuration -sed -i "/.*=\$/d" "$R/etc/systemd/network/eth.network" +sed -i "/.*=\$/d" "${ETCDIR}/systemd/network/eth.network" # Enable systemd-networkd service chroot_exec systemctl enable systemd-networkd # Install host.conf resolver configuration -install_readonly files/network/host.conf "$R/etc/host.conf" +install_readonly files/network/host.conf "${ETCDIR}/host.conf" # Enable network stack hardening if [ "$ENABLE_HARDNET" = true ] ; then # Install sysctl.d configuration files - install_readonly files/sysctl.d/82-rpi-net-hardening.conf "$R/etc/sysctl.d/82-rpi-net-hardening.conf" + install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETCDIR}/sysctl.d/82-rpi-net-hardening.conf" # Setup resolver warnings about spoofed addresses - sed -i "s/^# spoof warn/spoof warn/" "$R/etc/host.conf" + sed -i "s/^# spoof warn/spoof warn/" "${ETCDIR}/host.conf" fi diff --git a/bootstrap.d/21-firewall.sh b/bootstrap.d/21-firewall.sh index 247325e..7583d04 100644 --- a/bootstrap.d/21-firewall.sh +++ b/bootstrap.d/21-firewall.sh @@ -7,16 +7,16 @@ if [ "$ENABLE_IPTABLES" = true ] ; then # Create iptables configuration directory - mkdir -p "$R/etc/iptables" + mkdir -p "${ETCDIR}/iptables" # Install iptables systemd service - install_readonly files/iptables/iptables.service "$R/etc/systemd/system/iptables.service" + install_readonly files/iptables/iptables.service "${ETCDIR}/systemd/system/iptables.service" # Install flush-table script called by iptables service - install_exec files/iptables/flush-iptables.sh "$R/etc/iptables/flush-iptables.sh" + install_exec files/iptables/flush-iptables.sh "${ETCDIR}/iptables/flush-iptables.sh" # Install iptables rule file - install_readonly files/iptables/iptables.rules "$R/etc/iptables/iptables.rules" + install_readonly files/iptables/iptables.rules "${ETCDIR}/iptables/iptables.rules" # Reload systemd configuration and enable iptables service chroot_exec systemctl daemon-reload @@ -24,12 +24,12 @@ if [ "$ENABLE_IPTABLES" = true ] ; then if [ "$ENABLE_IPV6" = true ] ; then # Install ip6tables systemd service - install_readonly files/iptables/ip6tables.service "$R/etc/systemd/system/ip6tables.service" + install_readonly files/iptables/ip6tables.service "${ETCDIR}/systemd/system/ip6tables.service" # Install ip6tables file - install_exec files/iptables/flush-ip6tables.sh "$R/etc/iptables/flush-ip6tables.sh" + install_exec files/iptables/flush-ip6tables.sh "${ETCDIR}/iptables/flush-ip6tables.sh" - install_readonly files/iptables/ip6tables.rules "$R/etc/iptables/ip6tables.rules" + install_readonly files/iptables/ip6tables.rules "${ETCDIR}/iptables/ip6tables.rules" # Reload systemd configuration and enable iptables service chroot_exec systemctl daemon-reload @@ -39,6 +39,6 @@ fi if [ "$ENABLE_SSHD" = false ] ; then # Remove SSHD related iptables rules - sed -i "/^#/! {/SSH/ s/^/# /}" "$R/etc/iptables/iptables.rules" 2> /dev/null - sed -i "/^#/! {/SSH/ s/^/# /}" "$R/etc/iptables/ip6tables.rules" 2> /dev/null + sed -i "/^#/! {/SSH/ s/^/# /}" "${ETCDIR}/iptables/iptables.rules" 2> /dev/null + sed -i "/^#/! {/SSH/ s/^/# /}" "${ETCDIR}/iptables/ip6tables.rules" 2> /dev/null fi diff --git a/bootstrap.d/30-security.sh b/bootstrap.d/30-security.sh index a07719d..a5b558b 100644 --- a/bootstrap.d/30-security.sh +++ b/bootstrap.d/30-security.sh @@ -19,7 +19,7 @@ if [ "$ENABLE_ROOT" = true ] ; then chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root if [ "$ENABLE_ROOT_SSH" = true ] ; then - sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "$R/etc/ssh/sshd_config" + sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETCDIR}/ssh/sshd_config" fi else # Set no root password to disable root login diff --git a/bootstrap.d/31-logging.sh b/bootstrap.d/31-logging.sh index 00a9f86..149ab68 100644 --- a/bootstrap.d/31-logging.sh +++ b/bootstrap.d/31-logging.sh @@ -7,7 +7,7 @@ # Disable rsyslog if [ "$ENABLE_RSYSLOG" = false ] ; then - sed -i "s|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g" "$R/etc/systemd/journald.conf" + sed -i "s|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g" "${ETCDIR}/systemd/journald.conf" chroot_exec systemctl disable rsyslog chroot_exec apt-get -qq -y --force-yes purge rsyslog fi diff --git a/bootstrap.d/41-uboot.sh b/bootstrap.d/41-uboot.sh index 8f59f26..19ad084 100644 --- a/bootstrap.d/41-uboot.sh +++ b/bootstrap.d/41-uboot.sh @@ -7,25 +7,61 @@ # Install gcc/c++ build environment inside the chroot if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ] ; then - chroot_exec apt-get -q -y --force-yes --no-install-recommends install linux-compiler-gcc-4.9-arm g++ make bc + chroot_exec apt-get -q -y --force-yes --no-install-recommends install linux-compiler-gcc-4.8-arm g++ make bc fi # Fetch and build U-Boot bootloader if [ "$ENABLE_UBOOT" = true ] ; then # Fetch U-Boot bootloader sources - git -C "$R/tmp" clone git://git.denx.de/u-boot.git + git -C "${R}/tmp" clone git://git.denx.de/u-boot.git # Build and install U-Boot inside chroot - chroot_exec make -C /tmp/u-boot/ rpi_2_defconfig all + chroot_exec make -C /tmp/u-boot/ ${UBOOT_CONFIG} all # Copy compiled bootloader binary and set config.txt to load it - install_readonly "$R/tmp/u-boot/u-boot.bin" "$R/boot/firmware/u-boot.bin" - printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "$R/boot/firmware/config.txt" + install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage" + install_readonly "${R}/tmp/u-boot/u-boot.bin" "${BOOTDIR}/u-boot.bin" + printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "${BOOTDIR}/config.txt" # Install and setup U-Boot command file - install_readonly files/boot/uboot.mkimage "$R/boot/firmware/uboot.mkimage" - printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat $R/boot/firmware/uboot.mkimage)" > "$R/boot/firmware/uboot.mkimage" + install_readonly files/boot/uboot.mkimage "${BOOTDIR}/uboot.mkimage" + printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat ${BOOTDIR}/uboot.mkimage)" > "${BOOTDIR}/uboot.mkimage" + + if [ "$ENABLE_INITRAMFS" = true ] ; then + # Convert generated initramfs for U-Boot using mkimage + chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "/boot/firmware/initramfs-${KERNEL_VERSION}" "/boot/firmware/initramfs-${KERNEL_VERSION}.uboot" + + # Remove original initramfs file + rm -f "${BOOTDIR}/initramfs-${KERNEL_VERSION}" + + # Configure U-Boot to load generated initramfs + printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat ${BOOTDIR}/uboot.mkimage)" > "${BOOTDIR}/uboot.mkimage" + printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOTDIR}/uboot.mkimage" + else # ENABLE_INITRAMFS=false + # Remove initramfs from U-Boot mkfile + sed -i '/.*initramfs.*/d' "${BOOTDIR}/uboot.mkimage" + + if [ "$BUILD_KERNEL" = false ] ; then + # Remove dtbfile from U-Boot mkfile + sed -i '/.*dtbfile.*/d' "${BOOTDIR}/uboot.mkimage" + printf "\nbootz \${kernel_addr_r}" >> "${BOOTDIR}/uboot.mkimage" + else + printf "\nbootz \${kernel_addr_r} - \${fdt_addr_r}" >> "${BOOTDIR}/uboot.mkimage" + fi + fi + + # Set mkfile to use dtb file + sed -i "s/^\(setenv dtbfile \).*/\1${DTB_FILE}/" "${BOOTDIR}/uboot.mkimage" + + # Set mkfile to use kernel image + sed -i "s/^\(fatload mmc 0:1 \${kernel_addr_r} \).*/\1${KERNEL_IMAGE}/" "${BOOTDIR}/uboot.mkimage" + + # Remove all leading blank lines + sed -i "/./,\$!d" "${BOOTDIR}/uboot.mkimage" # Generate U-Boot bootloader image - chroot_exec /tmp/u-boot/tools/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n RPi2 -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr + chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n RPi2 -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr + + # Remove U-Boot sources + rm -fr "${R}/tmp/u-boot" fi diff --git a/bootstrap.d/42-fbturbo.sh b/bootstrap.d/42-fbturbo.sh index ca6b2fb..4e03f53 100644 --- a/bootstrap.d/42-fbturbo.sh +++ b/bootstrap.d/42-fbturbo.sh @@ -7,7 +7,7 @@ if [ "$ENABLE_FBTURBO" = true ] ; then # Fetch fbturbo driver sources - git -C "$R/tmp" clone https://github.com/ssvb/xf86-video-fbturbo.git + git -C "${R}/tmp" clone https://github.com/ssvb/xf86-video-fbturbo.git # Install Xorg build dependencies chroot_exec apt-get -q -y --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev @@ -22,7 +22,7 @@ make install EOF # Install fbturbo driver Xorg configuration - install_readonly files/xorg/99-fbturbo.conf "$R/usr/share/X11/xorg.conf.d/99-fbturbo.conf" + install_readonly files/xorg/99-fbturbo.conf "${R}/usr/share/X11/xorg.conf.d/99-fbturbo.conf" # Remove Xorg build dependencies chroot_exec apt-get -qq -y --auto-remove purge xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev @@ -30,5 +30,5 @@ fi # Remove gcc/c++ build environment from the chroot if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ] ; then - chroot_exec apt-get -qq -y --auto-remove purge bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.9-arm linux-libc-dev make + chroot_exec apt-get -qq -y --auto-remove purge bc binutils cpp cpp-4.8 cpp-4.9 g++ g++-4.8 g++-4.9 gcc gcc-4.8 gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.8-dev libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.8-arm linux-libc-dev make fi diff --git a/bootstrap.d/50-firstboot.sh b/bootstrap.d/50-firstboot.sh index 2ec9404..7e2e008 100644 --- a/bootstrap.d/50-firstboot.sh +++ b/bootstrap.d/50-firstboot.sh @@ -6,29 +6,34 @@ . ./functions.sh # Prepare rc.firstboot script -cat files/firstboot/10-begin.sh > "$R/etc/rc.firstboot" +cat files/firstboot/10-begin.sh > "${ETCDIR}/rc.firstboot" # Ensure openssh server host keys are regenerated on first boot if [ "$ENABLE_SSHD" = true ] ; then - cat files/firstboot/21-generate-ssh-keys.sh >> "$R/etc/rc.firstboot" + cat files/firstboot/21-generate-ssh-keys.sh >> "${ETCDIR}/rc.firstboot" fi # Prepare filesystem auto expand if [ "$EXPANDROOT" = true ] ; then - cat files/firstboot/22-expandroot.sh >> "$R/etc/rc.firstboot" + if [ "$ENABLE_CRYPTFS" = false ] ; then + cat files/firstboot/22-expandroot.sh >> "${ETCDIR}/rc.firstboot" + else + # Regenerate initramfs to remove encrypted root partition auto expand + cat files/firstboot/23-regenerate-initramfs.sh >> "${ETCDIR}/rc.firstboot" + fi fi # Ensure that dbus machine-id exists -cat files/firstboot/23-generate-machineid.sh >> "$R/etc/rc.firstboot" +cat files/firstboot/24-generate-machineid.sh >> "${ETCDIR}/rc.firstboot" # Create /etc/resolv.conf symlink -cat files/firstboot/24-create-resolv-symlink.sh >> "$R/etc/rc.firstboot" +cat files/firstboot/25-create-resolv-symlink.sh >> "${ETCDIR}/rc.firstboot" # Finalize rc.firstboot script -cat files/firstboot/99-finish.sh >> "$R/etc/rc.firstboot" -chmod +x "$R/etc/rc.firstboot" +cat files/firstboot/99-finish.sh >> "${ETCDIR}/rc.firstboot" +chmod +x "${ETCDIR}/rc.firstboot" # Add rc.firstboot script to rc.local -sed -i '/exit 0/d' "$R/etc/rc.local" -echo /etc/rc.firstboot >> "$R/etc/rc.local" -echo exit 0 >> "$R/etc/rc.local" +sed -i '/exit 0/d' "${ETCDIR}/rc.local" +echo /etc/rc.firstboot >> "${ETCDIR}/rc.local" +echo exit 0 >> "${ETCDIR}/rc.local" diff --git a/bootstrap.d/99-reduce.sh b/bootstrap.d/99-reduce.sh index 99fbc9b..128e7a6 100644 --- a/bootstrap.d/99-reduce.sh +++ b/bootstrap.d/99-reduce.sh @@ -10,33 +10,33 @@ if [ "$ENABLE_REDUCE" = true ] ; then if [ "$REDUCE_APT" = true ] ; then # Install dpkg configuration file if [ "$REDUCE_DOC" = true ] || [ "$REDUCE_MAN" = true ] ; then - install_readonly files/dpkg/01nodoc "$R/etc/dpkg/dpkg.cfg.d/01nodoc" + install_readonly files/dpkg/01nodoc "${ETCDIR}/dpkg/dpkg.cfg.d/01nodoc" fi # Install APT configuration files - install_readonly files/apt/02nocache "$R/etc/apt/apt.conf.d/02nocache" - install_readonly files/apt/03compress "$R/etc/apt/apt.conf.d/03compress" - install_readonly files/apt/04norecommends "$R/etc/apt/apt.conf.d/04norecommends" + install_readonly files/apt/02nocache "${ETCDIR}/apt/apt.conf.d/02nocache" + install_readonly files/apt/03compress "${ETCDIR}/apt/apt.conf.d/03compress" + install_readonly files/apt/04norecommends "${ETCDIR}/apt/apt.conf.d/04norecommends" # Remove APT cache files - rm -fr "$R/var/cache/apt/pkgcache.bin" - rm -fr "$R/var/cache/apt/srcpkgcache.bin" + rm -fr "${R}/var/cache/apt/pkgcache.bin" + rm -fr "${R}/var/cache/apt/srcpkgcache.bin" fi # Remove all doc files if [ "$REDUCE_DOC" = true ] ; then - find "$R/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true - find "$R/usr/share/doc" -empty | xargs rmdir || true + find "${R}/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true + find "${R}/usr/share/doc" -empty | xargs rmdir || true fi # Remove all man pages and info files if [ "$REDUCE_MAN" = true ] ; then - rm -rf "$R/usr/share/man" "$R/usr/share/groff" "$R/usr/share/info" "$R/usr/share/lintian" "$R/usr/share/linda" "$R/var/cache/man" + rm -rf "${R}/usr/share/man" "${R}/usr/share/groff" "${R}/usr/share/info" "${R}/usr/share/lintian" "${R}/usr/share/linda" "${R}/var/cache/man" fi # Remove all locale translation files if [ "$REDUCE_LOCALE" = true ] ; then - find "$R/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r + find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r fi # Remove hwdb PCI device classes (experimental) @@ -60,19 +60,19 @@ if [ "$ENABLE_REDUCE" = true ] ; then # Remove GPU kernels if [ "$ENABLE_MINGPU" = true ] ; then - rm -f "$R/boot/firmware/start.elf" - rm -f "$R/boot/firmware/fixup.dat" - rm -f "$R/boot/firmware/start_x.elf" - rm -f "$R/boot/firmware/fixup_x.dat" + rm -f "${BOOTDIR}/start.elf" + rm -f "${BOOTDIR}/fixup.dat" + rm -f "${BOOTDIR}/start_x.elf" + rm -f "${BOOTDIR}/fixup_x.dat" fi # Remove kernel and initrd from /boot (already in /boot/firmware) if [ "$BUILD_KERNEL" = false ] ; then - rm -r "$R/boot/vmlinuz--*" - rm -r "$R/boot/initrd.img-*" + rm -f "${R}/boot/vmlinuz-*" + rm -f "${R}/boot/initrd.img-*" fi # Clean APT list of repositories - rm -fr "$R/var/lib/apt/lists/*" + rm -fr "${R}/var/lib/apt/lists/*" chroot_exec apt-get -qq -y update fi -- cgit v1.2.3