forked from drtyhlpr/rpi23-gen-image
-
Notifications
You must be signed in to change notification settings - Fork 0
/
rpi23-gen-image.sh
executable file
·629 lines (519 loc) · 19.1 KB
/
rpi23-gen-image.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
#!/bin/sh
########################################################################
# rpi23-gen-image.sh 2015-2017
#
# Advanced Debian "jessie" and "stretch" bootstrap script for RPi2/3
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# Copyright (C) 2015 Jan Wagner <[email protected]>
#
# Big thanks for patches and enhancements by 10+ github contributors!
########################################################################
# Are we running as root?
if [ "$(id -u)" -ne "0" ] ; then
echo "error: this script must be executed with root privileges!"
exit 1
fi
# Check if ./functions.sh script exists
if [ ! -r "./functions.sh" ] ; then
echo "error: './functions.sh' required script not found!"
exit 1
fi
# Load utility functions
. ./functions.sh
# Load parameters from configuration template file
if [ ! -z "$CONFIG_TEMPLATE" ] ; then
use_template
fi
# Introduce settings
set -e
echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
set -x
# Raspberry Pi model configuration
RPI_MODEL=${RPI_MODEL:=2}
RPI2_DTB_FILE=${RPI2_DTB_FILE:=bcm2709-rpi-2-b.dtb}
RPI2_UBOOT_CONFIG=${RPI2_UBOOT_CONFIG:=rpi_2_defconfig}
RPI3_DTB_FILE=${RPI3_DTB_FILE:=bcm2710-rpi-3-b.dtb}
RPI3_UBOOT_CONFIG=${RPI3_UBOOT_CONFIG:=rpi_3_32b_defconfig}
# Debian release
RELEASE=${RELEASE:=jessie}
KERNEL_ARCH=${KERNEL_ARCH:=arm}
RELEASE_ARCH=${RELEASE_ARCH:=armhf}
CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
# URLs
KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm80211/brcm}
COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
UBOOT_URL=${UBOOT_URL:=git://git.denx.de/u-boot.git}
# Build directories
BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}}
BUILDDIR="${BASEDIR}/build"
# Prepare date string for default image file name
DATE="$(date +%Y-%m-%d)"
IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-rpi${RPI_MODEL}-${RELEASE}}
# Chroot directories
R="${BUILDDIR}/chroot"
ETC_DIR="${R}/etc"
LIB_DIR="${R}/lib"
BOOT_DIR="${R}/boot/firmware"
KERNEL_DIR="${R}/usr/src/linux"
WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm"
# Firmware directory: Blank if download from github
RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
# General settings
HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
PASSWORD=${PASSWORD:=raspberry}
USER_PASSWORD=${USER_PASSWORD:=raspberry}
DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
TIMEZONE=${TIMEZONE:="Europe/Berlin"}
EXPANDROOT=${EXPANDROOT:=true}
# Keyboard settings
XKB_MODEL=${XKB_MODEL:=""}
XKB_LAYOUT=${XKB_LAYOUT:=""}
XKB_VARIANT=${XKB_VARIANT:=""}
XKB_OPTIONS=${XKB_OPTIONS:=""}
# Network settings (DHCP)
ENABLE_DHCP=${ENABLE_DHCP:=true}
# Network settings (static)
NET_ADDRESS=${NET_ADDRESS:=""}
NET_GATEWAY=${NET_GATEWAY:=""}
NET_DNS_1=${NET_DNS_1:=""}
NET_DNS_2=${NET_DNS_2:=""}
NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
NET_NTP_1=${NET_NTP_1:=""}
NET_NTP_2=${NET_NTP_2:=""}
# APT settings
APT_PROXY=${APT_PROXY:=""}
APT_SERVER=${APT_SERVER:="http://ftp.debian.org/debian"}
# Feature settings
ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
ENABLE_I2C=${ENABLE_I2C:=false}
ENABLE_SPI=${ENABLE_SPI:=false}
ENABLE_IPV6=${ENABLE_IPV6:=true}
ENABLE_SSHD=${ENABLE_SSHD:=true}
ENABLE_NONFREE=${ENABLE_NONFREE:=false}
ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
ENABLE_SOUND=${ENABLE_SOUND:=true}
ENABLE_DBUS=${ENABLE_DBUS:=true}
ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
ENABLE_MINGPU=${ENABLE_MINGPU:=false}
ENABLE_XORG=${ENABLE_XORG:=false}
ENABLE_WM=${ENABLE_WM:=""}
ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
ENABLE_USER=${ENABLE_USER:=true}
USER_NAME=${USER_NAME:="pi"}
ENABLE_ROOT=${ENABLE_ROOT:=false}
# SSH settings
SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
# Advanced settings
ENABLE_MINBASE=${ENABLE_MINBASE:=false}
ENABLE_REDUCE=${ENABLE_REDUCE:=false}
ENABLE_UBOOT=${ENABLE_UBOOT:=false}
UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
ENABLE_HARDNET=${ENABLE_HARDNET:=false}
ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
# Kernel compilation settings
BUILD_KERNEL=${BUILD_KERNEL:=false}
KERNEL_REDUCE=${KERNEL_REDUCE:=false}
KERNEL_THREADS=${KERNEL_THREADS:=1}
KERNEL_HEADERS=${KERNEL_HEADERS:=true}
KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
# Kernel compilation from source directory settings
KERNELSRC_DIR=${KERNELSRC_DIR:=""}
KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
# Reduce disk usage settings
REDUCE_APT=${REDUCE_APT:=true}
REDUCE_DOC=${REDUCE_DOC:=true}
REDUCE_MAN=${REDUCE_MAN:=true}
REDUCE_VIM=${REDUCE_VIM:=false}
REDUCE_BASH=${REDUCE_BASH:=false}
REDUCE_HWDB=${REDUCE_HWDB:=true}
REDUCE_SSHD=${REDUCE_SSHD:=true}
REDUCE_LOCALE=${REDUCE_LOCALE:=true}
# Encrypted filesystem settings
ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
# Stop the Crypto Wars
DISABLE_FBI=${DISABLE_FBI:=false}
# Chroot scripts directory
CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
# Packages required in the chroot build environment
APT_INCLUDES=${APT_INCLUDES:=""}
APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils"
# Packages required for bootstrapping
REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
MISSING_PACKAGES=""
# Packages installed for c/c++ build environment in chroot (keep empty)
COMPILER_PACKAGES=""
set +x
# Set Raspberry Pi model specific configuration
if [ "$RPI_MODEL" = 2 ] ; then
DTB_FILE=${RPI2_DTB_FILE}
UBOOT_CONFIG=${RPI2_UBOOT_CONFIG}
elif [ "$RPI_MODEL" = 3 ] ; then
DTB_FILE=${RPI3_DTB_FILE}
UBOOT_CONFIG=${RPI3_UBOOT_CONFIG}
BUILD_KERNEL=true
else
echo "error: Raspberry Pi model ${RPI_MODEL} is not supported!"
exit 1
fi
# Check if the internal wireless interface is supported by the RPi model
if [ "$ENABLE_WIRELESS" = true ] && [ "$RPI_MODEL" != 3 ] ; then
echo "error: The selected Raspberry Pi model has no internal wireless interface"
exit 1
fi
# Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
exit 1
fi
fi
# Build RPi2/3 Linux kernel if required by Debian release
if [ "$RELEASE" = "stretch" ] ; then
BUILD_KERNEL=true
fi
# Add packages required for kernel cross compilation
if [ "$BUILD_KERNEL" = true ] ; then
REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
fi
# Add libncurses5 to enable kernel menuconfig
if [ "$KERNEL_MENUCONFIG" = true ] ; then
REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses5-dev"
fi
# Stop the Crypto Wars
if [ "$DISABLE_FBI" = true ] ; then
ENABLE_CRYPTFS=true
fi
# Add cryptsetup package to enable filesystem encryption
if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
APT_INCLUDES="${APT_INCLUDES},cryptsetup"
if [ -z "$CRYPTFS_PASSWORD" ] ; then
echo "error: no password defined (CRYPTFS_PASSWORD)!"
exit 1
fi
ENABLE_INITRAMFS=true
fi
# Add initramfs generation tools
if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
fi
# Add device-tree-compiler required for building the U-Boot bootloader
if [ "$ENABLE_UBOOT" = true ] ; then
APT_INCLUDES="${APT_INCLUDES},device-tree-compiler"
fi
# Check if root SSH (v2) public key file exists
if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
exit 1
fi
fi
# Check if $USER_NAME SSH (v2) public key file exists
if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
exit 1
fi
fi
# Check if all required packages are installed on the build system
for package in $REQUIRED_PACKAGES ; do
if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
MISSING_PACKAGES="${MISSING_PACKAGES} $package"
fi
done
# If there are missing packages ask confirmation for install, or exit
if [ -n "$MISSING_PACKAGES" ] ; then
echo "the following packages needed by this script are not installed:"
echo "$MISSING_PACKAGES"
echo -n "\ndo you want to install the missing packages right now? [y/n] "
read confirm
[ "$confirm" != "y" ] && exit 1
# Make sure all missing required packages are installed
apt-get -qq -y install ${MISSING_PACKAGES}
fi
# Check if ./bootstrap.d directory exists
if [ ! -d "./bootstrap.d/" ] ; then
echo "error: './bootstrap.d' required directory not found!"
exit 1
fi
# Check if ./files directory exists
if [ ! -d "./files/" ] ; then
echo "error: './files' required directory not found!"
exit 1
fi
# Check if specified KERNELSRC_DIR directory exists
if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
exit 1
fi
# Check if specified UBOOTSRC_DIR directory exists
if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
exit 1
fi
# Check if specified FBTURBOSRC_DIR directory exists
if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
exit 1
fi
# Check if specified CHROOT_SCRIPTS directory exists
if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
exit 1
fi
# Check if specified device mapping already exists (will be used by cryptsetup)
if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
exit 1
fi
# Don't clobber an old build
if [ -e "$BUILDDIR" ] ; then
echo "error: directory ${BUILDDIR} already exists, not proceeding"
exit 1
fi
# Setup chroot directory
mkdir -p "${R}"
# Check if build directory has enough of free disk space >512MB
if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
echo "error: ${BUILDDIR} not enough space left to generate the output image!"
exit 1
fi
set -x
# Call "cleanup" function on various signals and errors
trap cleanup 0 1 2 3 6
# Add required packages for the minbase installation
if [ "$ENABLE_MINBASE" = true ] ; then
APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
fi
# Add required locales packages
if [ "$DEFLOCAL" != "en_US.UTF-8" ] ; then
APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
fi
# Add parted package, required to get partprobe utility
if [ "$EXPANDROOT" = true ] ; then
APT_INCLUDES="${APT_INCLUDES},parted"
fi
# Add dbus package, recommended if using systemd
if [ "$ENABLE_DBUS" = true ] ; then
APT_INCLUDES="${APT_INCLUDES},dbus"
fi
# Add iptables IPv4/IPv6 package
if [ "$ENABLE_IPTABLES" = true ] ; then
APT_INCLUDES="${APT_INCLUDES},iptables"
fi
# Add openssh server package
if [ "$ENABLE_SSHD" = true ] ; then
APT_INCLUDES="${APT_INCLUDES},openssh-server"
fi
# Add alsa-utils package
if [ "$ENABLE_SOUND" = true ] ; then
APT_INCLUDES="${APT_INCLUDES},alsa-utils"
fi
# Add rng-tools package
if [ "$ENABLE_HWRANDOM" = true ] ; then
APT_INCLUDES="${APT_INCLUDES},rng-tools"
fi
# Add fbturbo video driver
if [ "$ENABLE_FBTURBO" = true ] ; then
# Enable xorg package dependencies
ENABLE_XORG=true
fi
# Add user defined window manager package
if [ -n "$ENABLE_WM" ] ; then
APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
# Enable xorg package dependencies
ENABLE_XORG=true
fi
# Add xorg package
if [ "$ENABLE_XORG" = true ] ; then
APT_INCLUDES="${APT_INCLUDES},xorg"
fi
# Replace selected packages with smaller clones
if [ "$ENABLE_REDUCE" = true ] ; then
# Add levee package instead of vim-tiny
if [ "$REDUCE_VIM" = true ] ; then
APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
fi
# Add dropbear package instead of openssh-server
if [ "$REDUCE_SSHD" = true ] ; then
APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/openssh-server/dropbear/")"
fi
fi
# Configure kernel sources if no KERNELSRC_DIR
if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
KERNELSRC_CONFIG=true
fi
# Configure reduced kernel
if [ "$KERNEL_REDUCE" = true ] ; then
KERNELSRC_CONFIG=false
fi
# Execute bootstrap scripts
for SCRIPT in bootstrap.d/*.sh; do
head -n 3 "$SCRIPT"
. "$SCRIPT"
done
## Execute custom bootstrap scripts
if [ -d "custom.d" ] ; then
for SCRIPT in custom.d/*.sh; do
. "$SCRIPT"
done
fi
# Execute custom scripts inside the chroot
if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
chroot_exec /bin/bash -x <<'EOF'
for SCRIPT in /chroot_scripts/* ; do
if [ -f $SCRIPT -a -x $SCRIPT ] ; then
$SCRIPT
fi
done
EOF
rm -rf "${R}/chroot_scripts"
fi
# Remove c/c++ build environment from the chroot
chroot_remove_cc
# Remove apt-utils
if [ "$RELEASE" = "jessie" ] ; then
chroot_exec apt-get purge -qq -y --force-yes apt-utils
fi
# Generate required machine-id
MACHINE_ID=$(dbus-uuidgen)
echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
# APT Cleanup
chroot_exec apt-get -y clean
chroot_exec apt-get -y autoclean
chroot_exec apt-get -y autoremove
# Unmount mounted filesystems
umount -l "${R}/proc"
umount -l "${R}/sys"
# Clean up directories
rm -rf "${R}/run/*"
rm -rf "${R}/tmp/*"
# Clean up files
rm -f "${ETC_DIR}/ssh/ssh_host_*"
rm -f "${ETC_DIR}/dropbear/dropbear_*"
rm -f "${ETC_DIR}/apt/sources.list.save"
rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
rm -f "${ETC_DIR}/*-"
rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
rm -f "${ETC_DIR}/resolv.conf"
rm -f "${R}/root/.bash_history"
rm -f "${R}/var/lib/urandom/random-seed"
rm -f "${R}/initrd.img"
rm -f "${R}/vmlinuz"
rm -f "${R}${QEMU_BINARY}"
# Calculate size of the chroot directory in KB
CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`)
# Calculate the amount of needed 512 Byte sectors
TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS})
# The root partition is EXT4
# This means more space than the actual used space of the chroot is used.
# As overhead for journaling and reserved blocks 25% are added.
ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 25) \* 1024 \/ 512)
# Calculate required image size in 512 Byte sectors
IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS})
# Prepare image file
if [ "$ENABLE_SPLITFS" = true ] ; then
dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=${TABLE_SECTORS}
dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS}
dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=${TABLE_SECTORS}
dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek=${ROOT_SECTORS}
# Write firmware/boot partition tables
sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
${TABLE_SECTORS},${FRMW_SECTORS},c,*
EOM
# Write root partition table
sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
${TABLE_SECTORS},${ROOT_SECTORS},83
EOM
# Setup temporary loop devices
FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME-frmw.img)"
ROOT_LOOP="$(losetup -o 1M -f --show $IMAGE_NAME-root.img)"
else # ENABLE_SPLITFS=false
dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=${TABLE_SECTORS}
dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek=${IMAGE_SECTORS}
# Write partition table
sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
${TABLE_SECTORS},${FRMW_SECTORS},c,*
${ROOT_OFFSET},${ROOT_SECTORS},83
EOM
# Setup temporary loop devices
FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME.img)"
ROOT_LOOP="$(losetup -o 65M -f --show $IMAGE_NAME.img)"
fi
if [ "$ENABLE_CRYPTFS" = true ] ; then
# Create dummy ext4 fs
mkfs.ext4 "$ROOT_LOOP"
# Setup password keyfile
touch .password
chmod 600 .password
echo -n ${CRYPTFS_PASSWORD} > .password
# Initialize encrypted partition
echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
# Open encrypted partition and setup mapping
cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
# Secure delete password keyfile
shred -zu .password
# Update temporary loop device
ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
# Wipe encrypted partition (encryption cipher is used for randomness)
dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count=$(blockdev --getsz "${ROOT_LOOP}")
fi
# Build filesystems
mkfs.vfat "$FRMW_LOOP"
mkfs.ext4 "$ROOT_LOOP"
# Mount the temporary loop devices
mkdir -p "$BUILDDIR/mount"
mount "$ROOT_LOOP" "$BUILDDIR/mount"
mkdir -p "$BUILDDIR/mount/boot/firmware"
mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
# Copy all files from the chroot to the loop device mount point directory
rsync -a "${R}/" "$BUILDDIR/mount/"
# Unmount all temporary loop devices and mount points
cleanup
# Create block map file(s) of image(s)
if [ "$ENABLE_SPLITFS" = true ] ; then
# Create block map files for "bmaptool"
bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
# Image was successfully created
echo "$IMAGE_NAME-frmw.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
echo "$IMAGE_NAME-root.img ($(expr \( ${TABLE_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
else
# Create block map file for "bmaptool"
bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
# Image was successfully created
echo "$IMAGE_NAME.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
fi