Last active
May 14, 2016 09:58
-
-
Save StefanHamminga/829c2f4042c6450b57ba3b8984c8b226 to your computer and use it in GitHub Desktop.
Pi2 to Pi2 Debian bootstrap notes / script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -e | |
| echo "WARNING: Read and edit this before you run! Needs root privileges." | |
| exit 1 | |
| apt install debootstrap hdparm sdparm | |
| SD=/dev/sdb | |
| BASEDIR="." | |
| TARGETDIR="rpi-img" | |
| HOSTNAME=rpi2 | |
| TIMEZONE="Europe/Amsterdam" | |
| LOCALE="en-US" | |
| KERNELVER=4.5.y | |
| TARGET="${BASEDIR}/${TARGETDIR}" | |
| BOOTDIR="${TARGET}/boot" | |
| #==== SD card prep ==== | |
| # Partition layout: | |
| # Device Boot Start End Sectors Size Id Type | |
| # /dev/sdb1 2048 524288 522241 255M b W95 FAT32 | |
| # /dev/sdb2 524289 4718592 4194304 2G 82 Linux swap / Solaris | |
| # /dev/sdb3 4718593 62521343 57802751 27.6G 83 Linux | |
| partprobe $SD | |
| # 8MB Erase block size for my Samsung 32GB MicroSD. See: https://wiki.gentoo.org/wiki/SDCard | |
| ERASEBLOCK=`bc <<< "8 * 1024 * 1024"` | |
| MULTIPLANE=1 | |
| PAGESIZE=`getconf PAGESIZE` | |
| EXT4BLOCK=4096 | |
| EXT4STRIDE=`bc <<< "( $MULTIPLANE * EXT4BLOCK ) / $PAGESIZE"` | |
| EXT4STRIPE=`bc <<< "$ERASEBLOCK / $PAGESIZE"` | |
| mkfs.vfat -n "RPI2BOOT" ${SD}1 | |
| mkswap -L "RPI2SWAP" ${SD}2 | |
| mkfs.ext4 -b $EXT4BLOCK -E stride=${EXT4STRIDE},stripe_width=${EXT4STRIPE} -m 1 -L "RPI2ROOT" ${SD}3 | |
| mount -o noatime,rw ${SD}3 $TARGET | |
| mkdir $TARGET/{boot,home,dev,proc,sys} | |
| mount -o noatime ${SD}1 $TARGET/boot | |
| debootstrap stretch $TARGET http://httpredir.debian.org/debian/ | |
| echo "proc /proc proc defaults 0 0" >> $TARGET/etc/fstab | |
| echo "sys /sys sysfs defaults 0 0" >> $TARGET/etc/fstab | |
| echo "/dev/mmcblk0p3 / ext4 defaults,rw,noatime 0 1" >> $TARGET/etc/fstab | |
| echo "/dev/mmcblk0p1 /boot vfat defaults,rw,noatime 0 0" >> $TARGET/etc/fstab | |
| echo "/dev/mmcblk0p2 none swap defaults 0 0" >> $TARGET/etc/fstab | |
| cp /etc/apt/sources.list $TARGET/etc/apt/ | |
| echo "APT::Default-Release \"stretch\";" > $TARGET/etc/apt/apt.conf.d/99defaultrelease | |
| # cp /etc/apt/apt.conf.d/20auto-upgrades /etc/apt/apt.conf.d/50unattended-upgrades $TARGET/etc/apt/apt.conf.d/ | |
| cp /etc/resolv.conf $TARGET/etc/ | |
| cp /proc/mounts $TARGET/etc/mtab | |
| echo "$HOSTNAME" > $TARGET/etc/hostname | |
| echo "127.0.0.1 $HOSTNAME localhost" > $TARGET/etc/hosts | |
| echo "::1 $HOSTNAME localhost ip6-localhost ip6-loopback" >> $TARGET/etc/hosts | |
| echo "ff02::1 ip6-allnodes" >> $TARGET/etc/hosts | |
| echo "ff02::2 ip6-allrouters" >> $TARGET/etc/hosts | |
| mount -t proc none "${TARGET}/proc" | |
| mount -t sysfs none "${TARGET}/sys" | |
| mount --bind /dev/pts ${TARGET}/dev/pts | |
| echo $TIMEZONE > $TARGET/etc/timezone | |
| LANG=C chroot $TARGET dpkg-reconfigure -f noninteractive tzdata | |
| # Enable .local adressing for IPv6 | |
| sed -i -e "s/mdns4_minimal/mdns_minimal/" $TARGET/etc/nsswitch.conf | |
| LANG=C chroot $TARGET apt update | |
| # Prevent system profiling using http sniffing. This is sadly not supported by httpredir.debian.org (automatic mirror selection). | |
| #LANG=C chroot $TARGET apt install apt-transport-https | |
| #sed -i -e "s/http:/https:/" $TARGET/etc/apt/sources.list | |
| # And if you want to take this even further: | |
| #LANG=C chroot $TARGET apt install apt-transport-tor | |
| #sed -i -e "s/https?:/tor:/" $TARGET/etc/apt/sources.list | |
| # Basic language support | |
| LANG=C chroot $TARGET apt install -y locales | |
| echo "LANG=${LOCALE}.UTF-8" > $TARGET/etc/default/locale | |
| echo "${LOCALE}.UTF-8 UTF-8" >> $TARGET/etc/locale.gen | |
| echo "${LANG} UTF-8" >> $TARGET/etc/locale.gen | |
| LANG=C chroot $TARGET locale-gen | |
| LANG=C chroot $TARGET apt install -y unattended-upgrades apt-listchanges | |
| # Kernel compilation | |
| # Dev packages on the host needed for kernel tools, mainly perf: | |
| apt install binutils-dev python-dev libunwind-dev libelf-dev libaudit-dev libdw-dev libiberty-dev | |
| git -C "${TARGET}/usr/src" clone -b rpi-${KERNELVER} --depth=1 https://github.com/raspberrypi/linux | |
| cd $TARGET/usr/src/linux/ | |
| wget http://algo.ing.unimo.it/people/paolo/disk_sched/patches/4.4.0-v7r11/0001-block-cgroups-kconfig-build-bits-for-BFQ-v7r11-4.4.0.patch | |
| wget http://algo.ing.unimo.it/people/paolo/disk_sched/patches/4.4.0-v7r11/0002-block-introduce-the-BFQ-v7r11-I-O-sched-for-4.4.0.patch | |
| wget http://algo.ing.unimo.it/people/paolo/disk_sched/patches/4.4.0-v7r11/0003-block-bfq-add-Early-Queue-Merge-EQM-to-BFQ-v7r11-for.patch | |
| git apply 0001-block-cgroups-kconfig-build-bits-for-BFQ-v7r11-4.4.0.patch 0002-block-introduce-the-BFQ-v7r11-I-O-sched-for-4.4.0.patch 0003-block-bfq-add-Early-Queue-Merge-EQM-to-BFQ-v7r11-for.patch | |
| make bcm2709_defconfig | |
| make menuconfig | |
| make -j4 zImage modules dtbs | |
| make -C tools/ cgroup iio net perf spi tmon usb vm | |
| make INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install | |
| make INSTALL_FW_PATH=../../../lib firmware_install | |
| export KERNEL_VERSION=`cat include/config/kernel.release` | |
| install -m 640 .config ../../../boot/config-${KERNEL_VERSION} | |
| mkdir "${BOOTDIR}/overlays" | |
| install -m 640 arch/arm/boot/dts/*.dtb $BOOTDIR/ | |
| install -m 640 arch/arm/boot/dts/overlays/*.dtb* $BOOTDIR/overlays/ | |
| install -m 644 arch/arm/boot/dts/overlays/README $BOOTDIR/overlays/ | |
| scripts/mkknlimg arch/arm/boot/zImage $BOOTDIR/kernel7.img | |
| # This will remove the kernel module signing key, eg: no later module additions, but no screwing around with modules either. | |
| make mrproper | |
| cd $BOOTDIR | |
| wget -q -O "${BOOTDIR}/bootcode.bin" https://github.com/raspberrypi/firmware/raw/master/boot/bootcode.bin | |
| wget -q -O "${BOOTDIR}/fixup.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup.dat | |
| wget -q -O "${BOOTDIR}/fixup_cd.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_cd.dat | |
| wget -q -O "${BOOTDIR}/fixup_x.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_x.dat | |
| wget -q -O "${BOOTDIR}/start.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start.elf | |
| wget -q -O "${BOOTDIR}/start_cd.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_cd.elf | |
| wget -q -O "${BOOTDIR}/start_x.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_x.elf | |
| cp /boot/config.txt ${BOOTDIR}/ | |
| cd $TARGET/etc/sysctl.d/ | |
| wget https://github.com/drtyhlpr/rpi2-gen-image/raw/master/files/sysctl.d/81-rpi-vm.conf | |
| wget https://github.com/drtyhlpr/rpi2-gen-image/raw/master/files/sysctl.d/82-rpi-net-hardening.conf | |
| chmod 600 81-rpi-vm.conf 82-rpi-net-hardening.conf | |
| # Install additional tools | |
| LANG=C chroot $TARGET apt update | |
| LANG=C chroot $TARGET apt install sudo man attr ack-grep nano unrar zip unzip cpufreqd cpufrequtils rng-tools haveged usbutils btrfs-tools | |
| # Dev tools | |
| LANG=C chroot $TARGET apt install telnet git-core build-essential ncurses-dev libssl-dev bc binutils-dev libreadline6-dev | |
| # Networking services and tools | |
| LANG=C chroot $TARGET apt install dbus-user-session apt-file avahi-daemon avahi-autoipd sshfs cifs-utils crda geoip-bin wireless-tools bluetooth bluez-obexd network-manager iptables iputils-arping usb-modeswitch modemmanager macchanger libpam-ssh openssh-server avahi-daemon avahi-autoipd openssh-blacklist openssh-blacklist-extra curl wget rsync | |
| # Security tools | |
| LANC=C chroot $TARGET apt install ca-certificates apparmor apparmor-profiles apparmor-profiles-extra apparmor-utils | |
| ## Don't forget: | |
| LANG=C chroot $TARGET passwd root | |
| # And if you want to be able to login over SSH you need a normal user: | |
| LANG=C chroot $TARGET adduser user_name |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment