|
@@ -24,6 +24,7 @@ cat <<EOF
|
|
|
-c cross debootstrap
|
|
|
-p use aptcacher proxy
|
|
|
-i set path for kernel package or install from testing (set '-i testing' to install from debian testing)
|
|
|
+ -e configure for encrypted partition (default: false)
|
|
|
|
|
|
EOF
|
|
|
exit 1
|
|
@@ -35,7 +36,7 @@ DEB_HOSTNAME=olinux
|
|
|
REP=$(dirname $0)
|
|
|
APT='apt-get install -y --force-yes'
|
|
|
|
|
|
-while getopts ":a:b:d:n:t:i:ycp" opt; do
|
|
|
+while getopts ":a:b:d:n:t:i:ycpe" opt; do
|
|
|
case $opt in
|
|
|
d)
|
|
|
DEBIAN_RELEASE=$OPTARG
|
|
@@ -64,6 +65,9 @@ while getopts ":a:b:d:n:t:i:ycp" opt; do
|
|
|
p)
|
|
|
APTCACHER=yes
|
|
|
;;
|
|
|
+ e)
|
|
|
+ ENCRYPT=yes
|
|
|
+ ;;
|
|
|
\?)
|
|
|
show_usage
|
|
|
;;
|
|
@@ -124,6 +128,11 @@ fi
|
|
|
|
|
|
chroot_deb $TARGET_DIR 'apt-get update'
|
|
|
|
|
|
+
|
|
|
+if [ -n $ENCRYPT ] ; then
|
|
|
+ PACKAGES=$PACKAGES" dropbear busybox cryptsetup "
|
|
|
+fi
|
|
|
+
|
|
|
|
|
|
chroot_deb $TARGET_DIR "$APT openssh-server ntp parted locales vim-nox bash-completion rng-tools $PACKAGES"
|
|
|
echo 'HRNGDEVICE=/dev/urandom' >> $TARGET_DIR/etc/default/rng-tools
|
|
@@ -168,7 +177,7 @@ chroot_deb $TARGET_DIR "dpkg-reconfigure -f noninteractive tzdata"
|
|
|
|
|
|
if [ "$DEBIAN_RELEASE" = "jessie" ] ; then
|
|
|
|
|
|
- chroot_deb $TARGET_DIR "echo '/dev/mmcblk0 / ext4 defaults 0 1' >> /etc/fstab"
|
|
|
+ chroot_deb $TARGET_DIR "echo '/dev/mmcblk0p1 / ext4 defaults 0 1' >> /etc/fstab"
|
|
|
|
|
|
install -m 755 -o root -g root ${REP}/config/ttyS0.conf $TARGET_DIR/etc/init/ttyS0.conf
|
|
|
chroot_deb $TARGET_DIR 'cp /lib/systemd/system/serial-getty@.service /etc/systemd/system/getty.target.wants/serial-getty@ttyS0.service'
|
|
@@ -213,30 +222,62 @@ if [ $INSTALL_KERNEL ] ; then
|
|
|
cat <<EOT > ${TARGET_DIR}/etc/apt/preferences.d/kernel-testing
|
|
|
Package: linux-image*
|
|
|
Pin: release o=Debian,a=testing
|
|
|
-Pin-Priority: 100
|
|
|
+Pin-Priority: 990
|
|
|
|
|
|
Package: u-boot*
|
|
|
Pin: release o=Debian,a=testing
|
|
|
-Pin-Priority: 100
|
|
|
+Pin-Priority: 990
|
|
|
|
|
|
Package: flash-kernel*
|
|
|
Pin: release o=Debian,a=testing
|
|
|
-Pin-Priority: 100
|
|
|
-EOT
|
|
|
+Pin-Priority: 990
|
|
|
|
|
|
-
|
|
|
- cat <<EOT > ${TARGET_DIR}/etc/apt/preferences.d/stable
|
|
|
Package: *
|
|
|
-Pin: release o=Debian,a=stable
|
|
|
-Pin-Priority: 900
|
|
|
+Pin: release o=Debian,a=testing
|
|
|
+Pin-Priority: 50
|
|
|
EOT
|
|
|
|
|
|
umount_dir $TARGET_DIR
|
|
|
chroot_deb $TARGET_DIR 'apt-get update'
|
|
|
+ chroot_deb $TARGET_DIR 'apt-get upgrade -y --force-yes'
|
|
|
mkdir $TARGET_DIR/etc/flash-kernel
|
|
|
echo $FLASH_KERNEL > $TARGET_DIR/etc/flash-kernel/machine
|
|
|
- echo 'LINUX_KERNEL_CMDLINE="console=tty0 hdmi.audio=EDID:0 disp.screen0_output_mode=EDID:1280x720p60 root=/dev/mmcblk0p1 rootwait sunxi_ve_mem_reserve=0 sunxi_g2d_mem_reserve=0 sunxi_no_mali_mem_reserve sunxi_fb_mem_reserve=0 panic=10 loglevel=6 consoleblank=0"' > $TARGET_DIR/etc/default/flash-kernel
|
|
|
- chroot_deb $TARGET_DIR "$APT linux-image-armmp flash-kernel u-boot-sunxi u-boot-tools"
|
|
|
+ if [ -n $ENCRYPT ] ; then
|
|
|
+ PACKAGES="stunnel dropbear busybox"
|
|
|
+ echo 'LINUX_KERNEL_CMDLINE="console=tty0 hdmi.audio=EDID:0 disp.screen0_output_mode=EDID:1280x720p60 root=/dev/mapper/root cryptopts=target=root,source=/dev/mmcblk0p2,cipher=aes-xts-plain64,size=256,hash=sha1 rootwait sunxi_ve_mem_reserve=0 sunxi_g2d_mem_reserve=0 sunxi_no_mali_mem_reserve sunxi_fb_mem_reserve=0 panic=10 loglevel=6 consoleblank=0"' > $TARGET_DIR/etc/default/flash-kernel
|
|
|
+ echo 'aes' >> $TARGET_DIR/etc/initramfs-tools/modules
|
|
|
+ echo 'aes_x86_64' >> $TARGET_DIR/etc/initramfs-tools/modules
|
|
|
+ echo 'aes_generic' >> $TARGET_DIR/etc/initramfs-tools/modules
|
|
|
+ echo 'dm-crypt' >> $TARGET_DIR/etc/initramfs-tools/modules
|
|
|
+ echo 'dm-mod' >> $TARGET_DIR/etc/initramfs-tools/modules
|
|
|
+ echo 'sha256' >> $TARGET_DIR/etc/initramfs-tools/modules
|
|
|
+ echo 'sha256_generic' >> $TARGET_DIR/etc/initramfs-tools/modules
|
|
|
+ echo 'lrw' >> $TARGET_DIR/etc/initramfs-tools/modules
|
|
|
+ echo 'xts' >> $TARGET_DIR/etc/initramfs-tools/modules
|
|
|
+ echo 'crypto_blkcipher' >> $TARGET_DIR/etc/initramfs-tools/modules
|
|
|
+ echo 'gf128mul' >> $TARGET_DIR/etc/initramfs-tools/modules
|
|
|
+ else
|
|
|
+ echo 'LINUX_KERNEL_CMDLINE="console=tty0 hdmi.audio=EDID:0 disp.screen0_output_mode=EDID:1280x720p60 root=/dev/mmcblk0p1 rootwait sunxi_ve_mem_reserve=0 sunxi_g2d_mem_reserve=0 sunxi_no_mali_mem_reserve sunxi_fb_mem_reserve=0 panic=10 loglevel=6 consoleblank=0"' > $TARGET_DIR/etc/default/flash-kernel
|
|
|
+ fi
|
|
|
+ chroot_deb $TARGET_DIR "$APT linux-image-armmp flash-kernel u-boot-sunxi u-boot-tools $PACKAGES"
|
|
|
+ if [ -n $ENCRYPT ] ; then
|
|
|
+ echo 'root /dev/mmcblk0p2 none luks' >> $TARGET_DIR/etc/crypttab
|
|
|
+ echo '/dev/mapper/root / ext4 defaults 0 1' > $TARGET_DIR/etc/fstab
|
|
|
+ echo '/dev/mmcblk0p1 /boot ext4 defaults 0 2' >> $TARGET_DIR/etc/fstab
|
|
|
+ sed -i -e 's#DEVICE=#DEVICE=eth0#' $TARGET_DIR/etc/initramfs-tools/initramfs.conf
|
|
|
+ cp /olinux/script/initramfs/cryptroot $TARGET_DIR/etc/initramfs-tools/hooks/cryptroot
|
|
|
+
|
|
|
+ cp /olinux/script/initramfs/httpd $TARGET_DIR/etc/initramfs-tools/hooks/httpd
|
|
|
+ cp /olinux/script/initramfs/httpd_start $TARGET_DIR/etc/initramfs-tools/scripts/local-top/httpd
|
|
|
+ cp /olinux/script/initramfs/httpd_stop $TARGET_DIR/etc/initramfs-tools/scripts/local-bottom/httpd
|
|
|
+ cp /olinux/script/initramfs/stunnel $TARGET_DIR/etc/initramfs-tools/hooks/httpd
|
|
|
+ cp /olinux/script/initramfs/stunnel_start $TARGET_DIR/etc/initramfs-tools/scripts/local-top/httpd
|
|
|
+ cp /olinux/script/initramfs/stunnel_stop $TARGET_DIR/etc/initramfs-tools/scripts/local-bottom/httpd
|
|
|
+ mkdir -p $TARGET_DIR/etc/initramfs-tools/root/www/cgi-bin
|
|
|
+ cp /olinux/script/initramfs/index.html $TARGET_DIR/etc/initramfs-tools/root/www/
|
|
|
+ cp /olinux/script/initramfs/post.sh $TARGET_DIR/etc/initramfs-tools/root/www/cgi-bin/
|
|
|
+ chroot_deb $TARGET_DIR "update-initramfs -u -k all"
|
|
|
+ fi
|
|
|
else
|
|
|
cp ${INSTALL_KERNEL}/*.deb $TARGET_DIR/tmp/
|
|
|
chroot_deb $TARGET_DIR 'dpkg -i /tmp/*.deb'
|