├── .gitignore ├── .gitmodules ├── README.md ├── Vagrantfile ├── build_in_podman.sh ├── mox ├── create-sdimg.sh └── files │ ├── genbootscr │ ├── interfaces │ ├── mox-25-hostap.txt │ ├── mox-5-hostapd.txt │ ├── mox_defconfig │ ├── rc.local │ └── sd8997_uapsta.bin ├── omnia ├── create-medkit.sh └── files │ ├── fw_env.config │ ├── genbootscr │ └── interfaces └── vagrant └── vagrant_provision.sh /.gitignore: -------------------------------------------------------------------------------- 1 | # C extensions 2 | *.so 3 | 4 | # Packages 5 | *.deb 6 | *.tar.gz 7 | *.md5 8 | *.diff.gz 9 | *.dsc 10 | *.buildinfo 11 | *.changes 12 | *.diff.gz 13 | 14 | # kernel build dir 15 | omnia/kernel/ 16 | mox/kernel/ 17 | 18 | # root dirs 19 | omnia/root 20 | mox/root 21 | 22 | # build dir 23 | mox/uboot/builddir/ 24 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "omnia/kernel/linux"] 2 | path = omnia/kernel/linux 3 | url = https://github.com/tmshlvck/linux.git 4 | branch = omnia 5 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # turris-debian 2 | 3 | Scripts that compile Debian image for Turris Omnia 4 | and MOX boards / routers by CZ.NIC, z.s.p.o. 5 | (https://www.turris.cz/en/). 6 | 7 | Dependencies: 8 | 9 | * Vagrant 10 | * working Vagrant VM provider - Libvirt+KVM or VirtualBox 11 | 12 | The scripts need space (~4 GB) and take some time to 13 | complete - downloading and installing the Debian packages 14 | by `debootstrap`. 15 | 16 | ## Images and usage 17 | 18 | You can download ready-made images for both **Turris Omnia** and **Turris MOX** 19 | from latest release: https://github.com/tmshlvck/turris-debian/releases 20 | 21 | ### Turris Omnia Installation 22 | 23 | To install the image on the Omnia board instead of default TurrisOS / OpenWRT distro 24 | just put created or donwloaded file `omnia-medkit-.tar.gz` to a root of 25 | an ext2/3/4 filesystem on the USB flash drive (other contents of the flash does not matter). 26 | Then put the USB drive to Omnia and go to the reflash mode (hold reset button untill 27 | 4 LEDs are on) and then wait until the installation finishes. The board goes through MMC 28 | reflash procedure that takes usually 3-5 minutes. The progress is indicated by the LEDs - 29 | first all LEDs turn green to indicate the last chance to stop the reflash by reseting. 30 | Then the LEDs turn red - from that point on the eMMC is erased and if you restart the board 31 | there would not be a usable operating system, so you would need to do the reflash procedure 32 | again to get a working system. 33 | 34 | When installation finishes the board restarts, LEDs turn white and resume their normal 35 | indication functions. 36 | 37 | After installation the root password is set to "turris" and by default the LAN interfaces 38 | are connected to a virtual bridge that has IP address 192.168.1.1/24. Please note: There 39 | is no DHCP server running by default and the WAN interface (SFP and Ethernet) is turned 40 | off after installation. You need to connect your computer to one of the Turris Omnia ports 41 | and run the following to get to the Omnia SSH console (assuming your interface on the workstation 42 | is `eth0`: 43 | 44 | ``` 45 | ip link set up dev eth0 46 | ip addr add 192.168.1.20/24 dev eth0 47 | ssh root@192.168.1.1 48 | ``` 49 | And then enter password: `turris`. 50 | 51 | Please note: 52 | 53 | * There the project Wiki: https://github.com/tmshlvck/turris-debian/wiki 54 | 55 | * The Buster image uses a custom kernel which is distributed in a new board/image specific repo: http://krtek.taaa.eu/~th/omnia/ The definition and the trusted key is added to the new (02/2020) images. But you might need to add it to older image manually along with installing the kernel metapackage linux-kernel-omnia. 56 | 57 | * The Bullseye images do not need any custom kernel and the abovementioned repo is therefore not addded to the images and will be eventually decomissioned. 58 | 59 | * The Buster images can boot with old Omnia bootloader - U-Boot version <2019. New bootloaders that can 60 | use bootscript `/boot/boot.scr` is supported in newer images (starting at 02/2020). 61 | 62 | * The Bullseye images do not support booting with old bootlader. Please update U-Boot to the latest version if you want to use this medkit image. For flashing procedure refer to next section. 63 | 64 | ### Turris Omnia U-Boot update / reflash 65 | 66 | Warning: This is an advanced topic. You may get into troubles if the U-Boot or rescue image 67 | flashing procedure fails. However, there is not a dange of hard-bricking the device. You can 68 | always boot the Omnia board over serial port, even if the U-Boot in SPI flash is damaged. Extra 69 | tools needed for that are screwdrivers (for opening the enclosure) and a 3.3V USB to UART converter. 70 | 71 | Refer to the Turris docs for the method and detailed bootloader flashig procedure: 72 | https://docs.turris.cz/hw/omnia/serial-boot/ 73 | 74 | Short version - I used this method for re-flashing both U-Boot and rescue image: 75 | ``` 76 | wget https://repo.turris.cz/hbl/omnia/packages/turrispackages/omnia-uboot_2019-07.1-1_arm_cortex-a9_vfpv3-d16.ipk 77 | tar xf omnia-uboot_2019-07.1-1_arm_cortex-a9_vfpv3-d16.ipk 78 | tar xf data.tar.gz 79 | 80 | wget https://repo.turris.cz/hbl/omnia/packages/turrispackages/rescue-image_3.6.1-1_arm_cortex-a9_vfpv3-d16.ipk 81 | tar xf rescue-image_3.6.1-1_arm_cortex-a9_vfpv3-d16.ipk 82 | tar xf data.tar.gz 83 | 84 | flash_erase /dev/mtd1 0 0 85 | nandwrite -p /dev/mtd1 usr/share/rescue-image/image.fit.lzma 86 | 87 | flash_erase /dev/mtd0 0 0 88 | nandwrite -p /dev/mtd0 usr/share/omnia/uboot-devel 89 | ``` 90 | 91 | 92 | ## Turris MOX install 93 | 94 | Created or downloaded file `mox-sdimg-.tar.gz` has to be extracted and its contents copied to a newly formated SD card with either ext2/3/4 or btrfs. The extraction should be executed as root. 95 | 96 | After unmounting the SD card it can be plugged into MOX and used as the boot disk. 97 | 98 | Root password is "turris". 99 | 100 | SD creation method (assuming that the SD card is accessible as /dev/mmcblk0): 101 | ``` 102 | # fdisk /dev/mmcblk0 103 | ``` 104 | With fdisk create partition table or delete all existing partitions and create one new 'Linux' partition over the entire disk as partition 1. 105 | 106 | ``` 107 | # mkfs.ext4 /dev/mmcblk0p1 108 | # cd /tmp 109 | # wget https://krtek.taaa.eu/~th/mox-images/mox-sdimg-20200130.tar.gz 110 | # mount /dev/mmcblk0p1 /mnt 111 | # cd /mnt 112 | # tar xf /tmp/mox-sdimg-20200130.tar.gz 113 | # cd /tmp 114 | # rm /tmp/mox-sdimg-20200130.tar.gz 115 | # umount /mnt 116 | # sync 117 | ``` 118 | 119 | You can modify `etc/network/interfaces` to set the desired IP address for ethernet 120 | interface on the MOX A module (eth0) or LAN bridge (br0), which has to be 121 | uncommented if the proper switch MOX module is connected. 122 | 123 | If no changes are made to network configuration and MOX is booted the eth0 124 | is by default configured with IP `192.168.0.1/24`. Use the following 125 | procedure to connect to MOX over eth0 (MOX side), assuming your worstation 126 | is connected with eth0 (workstation side): 127 | 128 | ``` 129 | ip link set up dev eth0 130 | ip addr add 192.168.0.20/24 dev eth0 131 | ssh root@192.168.0.1 132 | ``` 133 | 134 | ## Vagrant VM preparation 135 | 136 | Clone this repositiry by 137 | ``` 138 | $ git clone https://github.com/tmshlvck/turris-debian 139 | ``` 140 | 141 | then launch the Vagrant VM and connect to the VM: 142 | ``` 143 | $ cd turris-debian 144 | $ vagrant up 145 | $ vagrant ssh 146 | ``` 147 | 148 | Inside the Vagrant VM there is the cloned repo directory mounted to 149 | `/turris-debian`. 150 | 151 | Just become root and go the the repo directory: 152 | 153 | ``` 154 | vagrant@debian10:~$ sudo su - 155 | root@debian10:~# cd /turris-debian/ 156 | ``` 157 | 158 | Now you are ready to create your own Turris Omnia image: 159 | 160 | ``` 161 | root@debian10:~# cd /turris-debian/omnia 162 | ./create-medkit.sh 163 | ``` 164 | 165 | After the script finishes the resulting image and the checksum files: 166 | `omnia-medkit-.tar.gz` and `omnia-medkit-.tar.gz.md5` will be in the 167 | same directory. This directory and therefore the images are accessible from the 168 | physical host when you leave and shutdown the vagrant box (`vagrant halt`). 169 | 170 | -------------------------------------------------------------------------------- /Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | # All Vagrant configuration is done below. The "2" in Vagrant.configure 5 | # configures the configuration version (we support older styles for 6 | # backwards compatibility). Please don't change it unless you know what 7 | # you're doing. 8 | Vagrant.configure("2") do |config| 9 | # The most common configuration options are documented and commented below. 10 | # For a complete reference, please see the online documentation at 11 | # https://docs.vagrantup.com. 12 | 13 | # Every Vagrant development environment requires a box. You can search for 14 | # boxes at https://vagrantcloud.com/search. 15 | #config.vm.box = "generic/debian10" 16 | config.vm.box = "debian/bullseye64" 17 | 18 | # Disable automatic box update checking. If you disable this, then 19 | # boxes will only be checked for updates when the user runs 20 | # `vagrant box outdated`. This is not recommended. 21 | # config.vm.box_check_update = false 22 | 23 | # Create a forwarded port mapping which allows access to a specific port 24 | # within the machine from a port on the host machine. In the example below, 25 | # accessing "localhost:8080" will access port 80 on the guest machine. 26 | # NOTE: This will enable public access to the opened port 27 | # config.vm.network "forwarded_port", guest: 80, host: 8080 28 | 29 | # Create a forwarded port mapping which allows access to a specific port 30 | # within the machine from a port on the host machine and only allow access 31 | # via 127.0.0.1 to disable public access 32 | # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1" 33 | 34 | # Create a private network, which allows host-only access to the machine 35 | # using a specific IP. 36 | # config.vm.network "private_network", ip: "192.168.33.10" 37 | 38 | # Create a public network, which generally matched to bridged network. 39 | # Bridged networks make the machine appear as another physical device on 40 | # your network. 41 | # config.vm.network "public_network" 42 | 43 | # Share an additional folder to the guest VM. The first argument is 44 | # the path on the host to the actual folder. The second argument is 45 | # the path on the guest to mount the folder. And the optional third 46 | # argument is a set of non-required options. 47 | # config.vm.synced_folder "../data", "/vagrant_data" 48 | config.vm.synced_folder ".", "/turris-debian", type: "nfs", nfs_version: 4 49 | 50 | # Provider-specific configuration so you can fine-tune various 51 | # backing providers for Vagrant. These expose provider-specific options. 52 | # Example for VirtualBox: 53 | # 54 | # config.vm.provider "virtualbox" do |vb| 55 | # # Display the VirtualBox GUI when booting the machine 56 | # vb.gui = true 57 | # 58 | # # Customize the amount of memory on the VM: 59 | # vb.memory = "1024" 60 | # end 61 | # 62 | # View the documentation for the provider you are using for more 63 | # information on available options. 64 | 65 | # Enable provisioning with a shell script. Additional provisioners such as 66 | # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the 67 | # documentation for more information about their specific syntax and use. 68 | # config.vm.provision "shell", inline: <<-SHELL 69 | # apt-get update 70 | # apt-get install -y apache2 71 | # SHELL 72 | config.vm.provision "shell", path: "vagrant/vagrant_provision.sh" 73 | end 74 | -------------------------------------------------------------------------------- /build_in_podman.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eu -o pipefail 4 | 5 | NAME="turrisbuild" 6 | IMAGE="docker.io/library/ubuntu:20.04" 7 | 8 | podman pull ${IMAGE} 9 | 10 | cat >turris-setup.sh <>$ROOTDIR/etc/securetty 44 | 45 | # configure the system 46 | echo -e "${PASSWORD}\n${PASSWORD}" | chroot $ROOTDIR passwd root 47 | 48 | echo "$HOSTNAME" >$ROOTDIR/etc/hostname 49 | 50 | cp files/interfaces $ROOTDIR/etc/network/interfaces 51 | chown root:root $ROOTDIR/etc/network/interfaces 52 | 53 | cat >$ROOTDIR/etc/apt/sources.list <$ROOTDIR/etc/rc.local <$ROOTDIR/etc/fstab <>$ROOTDIR/etc/modules 85 | ENDSCRIPT 86 | 87 | if [[ $? != 0 ]]; then 88 | echo "Sudoed script failed. Exit." 89 | exit -1 90 | fi 91 | 92 | 93 | $SUDO chroot $ROOTDIR /bin/bash <mox-sdimg-${d}.tar.gz.md5 120 | 121 | exit 0 122 | 123 | # cleanup rootdir 124 | $SUDO rm -rf $ROOTDIR 125 | 126 | -------------------------------------------------------------------------------- /mox/files/genbootscr: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | KERNEL_IMAGE=`find /boot/ -name "vmlinuz-*" | sort --version-sort | tail -n1` 4 | if [ ! -f "${KERNEL_IMAGE}" ]; then 5 | echo "Kernel image not found. Exit." 6 | exit -1 7 | fi 8 | 9 | KERNEL_VER=`echo $KERNEL_IMAGE | sed -r 's%^.*/vmlinuz-(.*)$%\1%'` 10 | if [ -z "${KERNEL_VER}" ]; then 11 | echo "Kernel version not recognized. Exit." 12 | exit -1 13 | fi 14 | 15 | INITRD="/boot/initrd.img-${KERNEL_VER}" 16 | DT="/usr/lib/linux-image-${KERNEL_VER}/marvell/armada-3720-turris-mox.dtb" 17 | 18 | echo "Kernel Image: $KERNEL_IMAGE" 19 | echo "DT: $DT" 20 | echo "InitRD: $INITRD" 21 | 22 | cat >/boot/boot.txt <>/boot/boot.txt <>/boot/boot.txt <$ROOTDIR/etc/hostname 42 | 43 | cp files/interfaces $ROOTDIR/etc/network/interfaces 44 | chown root:root $ROOTDIR/etc/network/interfaces 45 | 46 | cp files/fw_env.config $ROOTDIR/etc/ 47 | chown root:root $ROOTDIR/etc/fw_env.config 48 | 49 | cat >$ROOTDIR/etc/apt/sources.list <$ROOTDIR/etc/rc.local <$ROOTDIR/etc/fstab <>/etc/modules 96 | 97 | /etc/kernel/postinst.d/z99-genbootscr -r /dev/sda1 98 | mv /boot/boot.scr /boot/boot.scr-sda1 99 | /etc/kernel/postinst.d/z99-genbootscr -r /dev/mmcblk0p1 100 | ENDSCRIPT 101 | 102 | # create package 103 | cd $ROOTDIR 104 | $SUDO rm -f ../omnia-medkit.tar.gz 105 | $SUDO tar zcf ../omnia-medkit.tar.gz * 106 | $SUDO mv ../omnia-medkit.tar.gz ${BUILDROOT} 107 | cd $BUILDROOT 108 | d=`date "+%Y%m%d"` 109 | $SUDO mv omnia-medkit.tar.gz omnia-medkit-${d}.tar.gz 110 | $SUDO md5sum omnia-medkit-${d}.tar.gz >omnia-medkit-${d}.tar.gz.md5 111 | 112 | # cleanup rootdir 113 | $SUDO rm -rf $ROOTDIR 114 | 115 | -------------------------------------------------------------------------------- /omnia/files/fw_env.config: -------------------------------------------------------------------------------- 1 | # MTD device name Device offset Env. size Flash sector size Number of sectors 2 | /dev/mtd0 0xF0000 0x10000 0x10000 3 | -------------------------------------------------------------------------------- /omnia/files/genbootscr: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | print_help () { 4 | echo "genbootscr.sh\n\n -h|--help - print this help\n -r|--root -- force root partition" 5 | } 6 | 7 | POSITIONAL_ARGS=() 8 | while [[ $# -gt 0 ]]; do 9 | case $1 in 10 | -r|--root) 11 | ROOT="$2" 12 | shift # past argument 13 | shift # past value 14 | ;; 15 | -h|--help) 16 | print_help 17 | exit 1 18 | ;; 19 | -*|--*) 20 | echo "Unknown option $1" 21 | exit 1 22 | ;; 23 | *) 24 | POSITIONAL_ARGS+=("$1") # save positional arg 25 | shift # past argument 26 | ;; 27 | esac 28 | done 29 | 30 | set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters 31 | echo "genbootscr arguments (ignored): $*" 32 | 33 | if [ -z "${ROOT}" ]; then 34 | ROOT=`mount | egrep "^[^ ]+ on / type" | sed -r 's/^([^ ]+) on \/ type .*/\1/'` 35 | fi 36 | echo "Root device: ${ROOT}" 37 | 38 | SCRIPT_PREPEND="" 39 | if echo $ROOT | grep "/dev/sd" >/dev/null; then 40 | BOOTDEV="scsi 0" 41 | SCRIPT_PREPEND="scsi scan;" 42 | else 43 | ROOT="b301" 44 | BOOTDEV="mmc 0" 45 | fi 46 | 47 | KERNEL_IMAGE=`find /boot/ -name "vmlinuz-*" | sort --version-sort | tail -n1` 48 | if [ ! -f "${KERNEL_IMAGE}" ]; then 49 | echo "Kernel image not found. Exit." 50 | exit -1 51 | fi 52 | 53 | KERNEL_VER=`echo $KERNEL_IMAGE | sed -r 's%^.*/vmlinuz-(.*)$%\1%'` 54 | if [ -z "${KERNEL_VER}" ]; then 55 | echo "Kernel version not recognized. Exit." 56 | exit -1 57 | fi 58 | 59 | INITRD="/boot/initrd.img-${KERNEL_VER}" 60 | DT="/usr/lib/linux-image-${KERNEL_VER}/armada-385-turris-omnia.dtb" 61 | 62 | echo "Selected kernel Image: $KERNEL_IMAGE" 63 | echo "Searching InitRD: $INITRD" 64 | 65 | cat >/boot/boot.txt <>/boot/boot.txt <>/boot/boot.txt <