From ed85185b09e52b3d89b565f30d176faa03b7421a Mon Sep 17 00:00:00 2001 From: Sjoerd Simons <sjoerd@collabora.com> Date: Sat, 12 Nov 2022 10:10:01 +0100 Subject: [PATCH 1/4] Remove unneeded image recipes --- image-rk3399.yaml | 150 ----------------------------- image-rpi64.yaml | 234 ---------------------------------------------- image-uefi.yaml | 177 ----------------------------------- 3 files changed, 561 deletions(-) delete mode 100644 image-rk3399.yaml delete mode 100644 image-rpi64.yaml delete mode 100644 image-uefi.yaml diff --git a/image-rk3399.yaml b/image-rk3399.yaml deleted file mode 100644 index 68ec9f1..0000000 --- a/image-rk3399.yaml +++ /dev/null @@ -1,150 +0,0 @@ -{{ $architecture := or .architecture "arm64" }} -{{ $type := or .type "fixedfunction" }} -{{ $suite := or .suite "v2023pre" }} -{{ $ospack := or .ospack (printf "ospack_%s-%s-%s" $suite $architecture $type) }} -{{ $sbc := or .sbc "rock-pi-4-rk3399" }} -{{ $image := or .image (printf "apertis-%s-%s-%s-%s" $suite $type $architecture $sbc) }} -{{ $unpack := or .unpack "true" }} -{{ $cmdline := or .cmdline "rootwait rw quiet splash plymouth.ignore-serial-consoles fsck.mode=auto fsck.repair=yes" }} - -architecture: {{ $architecture }} - -actions: -{{- if eq $unpack "true" }} - - action: unpack - description: Unpack {{ $ospack }} - compression: gz - file: {{ $ospack }}.tar.gz -{{- end }} - - - action: image-partition - imagename: {{ $image }}.img - imagesize: 7.5G - partitiontype: gpt - mountpoints: - - mountpoint: / - partition: system - - mountpoint: /boot - partition: boot - partitions: - - name: boot - fs: ext2 - start: 32768s - end: 256M - flags: [ boot ] - - name: system - fs: ext4 - start: 256M - end: 100% - - - action: filesystem-deploy - setup-kernel-cmdline: true - append-kernel-cmdline: {{ $cmdline }} - description: Deploying ospack onto image - -# - action: overlay -# description: Set the default bootcounter -# source: overlays/default-uboot-bootcount - -# - action: overlay -# description: "Enable USB automount" -# source: overlays/usb-automount-rules - - # on arm64 the initramfs post-install does not call zz-u-boot-menu from - # u-boot-menupackage when it is installed at the same time as the kernel - # work around it by installing the the boot configuration tools first - # see https://phabricator.apertis.org/T6325 - - action: apt - description: Boot configuration packages - packages: - - initramfs-tools - - u-boot-menu - -{{- if ne $architecture "amd64" }} - - action: overlay - source: overlays/initramfs-modules-{{$architecture}} -{{ end }} - - - action: apt - description: Kernel and system packages - packages: - - kmod - - linux-base -{{ if eq $architecture "armhf" }} - - linux-image-armmp -{{ else }} - - linux-image-{{$architecture}} -{{ end }} - - - action: apt - description: U-Boot package - packages: - - u-boot-rockchip - - - action: raw - description: Install loader1 for {{ $sbc }} - origin: filesystem - source: /usr/lib/u-boot/{{ $sbc }}/idbloader.img - offset: {{ sector 64 }} - - - action: raw - description: Install U-Boot for {{ $sbc }} - origin: filesystem - source: /usr/lib/u-boot/{{ $sbc }}/u-boot.itb - offset: {{ sector 16384 }} - -# - action: run -# description: Switch to live APT repos -# chroot: true -# script: scripts/switch-apt-to-live.sh -r {{ $suite }} - - - action: run - description: "Save installed package status" - chroot: false - command: gzip -c "${ROOTDIR}/var/lib/dpkg/status" > "${ARTIFACTDIR}/{{ $image }}.img.pkglist.gz" - - - action: run - description: Cleanup /var/lib - script: scripts/remove_var_lib_parts.sh - - # the clearing of machine-id can't be done before this point since - # systemd-boot requires the machine-id to be set for reasons related to - # dual-boot scenarios: - # * to avoid conflicts when creating entries, see the `90-loaderentry` kernel - # install trigger - # * to set the entries for the currently booted installation as default in - # the loader.conf generated by `bootctl install` - # - # in our image this is not useful, as the actual machine-id is supposed to be - # uniquely generated on the first boot. however the impact is negligible, as - # things still work albeit the code used to potentially disambiguate entries - # doesn't match a real machine-id - - action: run - chroot: false - description: "Empty /etc/machine-id so it's regenerated on first boot with an unique value" - command: truncate -s0 "${ROOTDIR}/etc/machine-id" - - - action: run - description: Delete /usr/share/doc - chroot: false - command: rm -rf "${ROOTDIR}"/usr/share/doc/* - - - action: run - description: List files on {{ $image }} - chroot: false - script: scripts/list-files "$ROOTDIR" | gzip > "${ARTIFACTDIR}/{{ $image }}.img.filelist.gz" - - - action: run - description: Create block map for {{ $image }}.img - postprocess: true - command: bmaptool create "${ARTIFACTDIR}/{{ $image }}.img" > "${ARTIFACTDIR}/{{ $image }}.img.bmap" - - - action: run - description: Compress {{ $image }}.img - postprocess: true - command: gzip -f "${ARTIFACTDIR}/{{ $image }}.img" - - - action: run - description: Checksum for {{ $image }}.img.gz - postprocess: true - command: sha256sum "${ARTIFACTDIR}/{{ $image }}.img.gz" > "${ARTIFACTDIR}/{{ $image }}.img.gz.sha256" diff --git a/image-rpi64.yaml b/image-rpi64.yaml deleted file mode 100644 index 6f2ad7e..0000000 --- a/image-rpi64.yaml +++ /dev/null @@ -1,234 +0,0 @@ -{{ $architecture := or .architecture "arm64" }} -{{ $type := or .type "fixedfunction" }} -{{ $suite := or .suite "v2023pre" }} -{{ $ospack := or .ospack (printf "ospack_%s-%s-%s" $suite $architecture $type) }} -{{ $image := or .image (printf "apertis_%s-%s-%s-rpi64" $suite $type $architecture) }} - -{{ $cmdline := or .cmdline " rootwait ro quiet splash plymouth.ignore-serial-consoles fsck.mode=auto fsck.repair=yes cma=128M" }} - -{{ $demopack := or .demopack "disabled" }} -{{ if eq $type "fixedfunction" }} -{{ $demopack := "disabled" }} -{{ end }} - -{{- $unpack := or .unpack "true" }} - -architecture: {{ $architecture }} - -actions: -{{- if eq $unpack "true" }} - - action: unpack - description: Unpack {{ $ospack }} - compression: gz - file: {{ $ospack }}.tar.gz -{{- end }} - - - action: image-partition - imagename: {{ $image }}.img -{{ if eq $type "fixedfunction" }} - imagesize: 4G -{{ else }} - imagesize: 15G -{{end}} - partitiontype: msdos - mountpoints: - - mountpoint: / - partition: system - - mountpoint: /boot - partition: boot - options: [ x-systemd.automount ] - - mountpoint: /boot/firmware - partition: firmware - options: [ x-systemd.automount ] - - mountpoint: /home - partition: general_storage - - partitions: - - name: firmware - fs: vfat - start: 0% - end: 64M - - name: boot - fs: ext2 - start: 64M - end: 256M - flags: [ boot ] - - name: system - fs: ext4 - start: 256M -{{ if eq $type "fixedfunction" }} - end: 3000M -{{ else }} - end: 6000M -{{ end }} - - name: general_storage - fs: ext4 -{{ if eq $type "fixedfunction" }} - start: 3000M -{{ else }} - start: 6000M -{{ end }} - end: 100% - - - action: filesystem-deploy - setup-kernel-cmdline: true - append-kernel-cmdline: {{ $cmdline }} - description: Deploying ospack onto image - - - action: overlay - description: Set the default bootcounter - source: overlays/default-uboot-bootcount - - - action: overlay - description: "Enable USB automount" - source: overlays/usb-automount-rules - - # on arm64 the initramfs post-install does not call zz-u-boot-menu from - # u-boot-menupackage when it is installed at the same time as the kernel - # work around it by installing the the boot configuration tools first - # see https://phabricator.apertis.org/T6325 - - action: apt - description: Boot configuration packages - packages: - - initramfs-tools - - u-boot-menu - - - action: apt - description: Kernel and system packages - packages: - - linux-image-{{$architecture}} - - e2fsprogs - - - action: apt - description: U-Boot package - packages: - - u-boot-rpi - - - action: apt - description: Firmware packages - packages: - - raspi-firmware - - firmware-brcm80211 - - - action: apt - description: Autoconfiguration packages for RPi64 - packages: - - rpi64-autoconfig-connman - - - action: overlay - description: "Default connman settings" - source: overlays/connman - - - action: run - description: Switch to live APT repos - chroot: true - script: scripts/switch-apt-to-live.sh -r {{ $suite }} - - - action: run - description: Install Raspberry Pi boot firmware - chroot: true - command: sh -c "cp -av /usr/lib/raspi-firmware/* /boot/firmware/" - - - action: run - description: Install U-Boot - chroot: true - command: sh -c "cp -av /usr/lib/u-boot/rpi_arm64/u-boot.bin /boot/firmware/" - - - action: run - description: Copy DTBs from u-boot - chroot: true - command: sh -c "cp -av /usr/lib/u-boot/rpi_arm64/*.dtb /boot/firmware/" - - - action: run - description: Create DTB Overlays directory - chroot: true - command: sh -c "mkdir -p /boot/firmware/overlays" - - - action: run - description: Copy DTB Overlays from u-boot - chroot: true - command: sh -c "cp -av /usr/lib/u-boot/rpi_arm64/bcm2711-vl805.dtbo /boot/firmware/overlays/vl805.dtbo" - - - action: overlay - description: Copy config.txt - source: overlays/raspberrypi/firmware - destination: /boot/firmware - - # Add multimedia demo pack - # Provide URL via '-t demopack:"https://images.apertis.org/media/multimedia-demo.tar.gz"' - # to add multimedia demo files - {{ if ne $demopack "disabled" }} - # Use wget to get some insight about https://phabricator.collabora.com/T11930 - # TODO: Revert to a download action once the cause is found - - action: run - description: Download multimedia demo pack - chroot: false - command: wget --debug {{ $demopack }} -O "${ARTIFACTDIR}/multimedia-demo.tar.gz" - - - action: unpack - description: Unpack multimedia demo pack - compression: gz - file: multimedia-demo.tar.gz - - - action: run - description: Clean up multimedia demo pack tarball - chroot: false - command: rm "${ARTIFACTDIR}/multimedia-demo.tar.gz" - {{ end }} - - - - action: run - description: "Save installed package status" - chroot: false - command: gzip -c "${ROOTDIR}/var/lib/dpkg/status" > "${ARTIFACTDIR}/{{ $image }}.img.pkglist.gz" - - - action: run - description: Cleanup /var/lib - script: scripts/remove_var_lib_parts.sh - - # the clearing of machine-id can't be done before this point since - # systemd-boot requires the machine-id to be set for reasons related to - # dual-boot scenarios: - # * to avoid conflicts when creating entries, see the `90-loaderentry` kernel - # install trigger - # * to set the entries for the currently booted installation as default in - # the loader.conf generated by `bootctl install` - # - # in our image this is not useful, as the actual machine-id is supposed to be - # uniquely generated on the first boot. however the impact is negligible, as - # things still work albeit the code used to potentially disambiguate entries - # doesn't match a real machine-id - - action: run - chroot: false - description: "Empty /etc/machine-id so it's regenerated on first boot with an unique value" - command: truncate -s0 "${ROOTDIR}/etc/machine-id" - - - action: run - description: Generate BOM file - chroot: false - script: scripts/generate_bom.py -C -d "${ROOTDIR}/usr/share/doc" -s "${ROOTDIR}/var/lib/dpkg/status" -v 2 > ${ARTIFACTDIR}/{{ $image }}.img.licenses - - - action: run - description: Delete /usr/share/doc - chroot: false - command: rm -rf "${ROOTDIR}"/usr/share/doc/* - - - action: run - description: List files on {{ $image }} - chroot: false - script: scripts/list-files "$ROOTDIR" | gzip > "${ARTIFACTDIR}/{{ $image }}.img.filelist.gz" - - - action: run - description: Create block map for {{ $image }}.img - postprocess: true - command: bmaptool create "${ARTIFACTDIR}/{{ $image }}.img" > "${ARTIFACTDIR}/{{ $image }}.img.bmap" - - - action: run - description: Compress {{ $image }}.img - postprocess: true - command: gzip -f "${ARTIFACTDIR}/{{ $image }}.img" - - - action: run - description: Checksum for {{ $image }}.img.gz - postprocess: true - command: sha256sum "${ARTIFACTDIR}/{{ $image }}.img.gz" > "${ARTIFACTDIR}/{{ $image }}.img.gz.sha256" diff --git a/image-uefi.yaml b/image-uefi.yaml deleted file mode 100644 index ba07ec5..0000000 --- a/image-uefi.yaml +++ /dev/null @@ -1,177 +0,0 @@ -{{ $architecture := or .architecture "amd64" }} -{{ $type := or .type "leaudio-central" }} -{{ $suite := or .suite "v2023pre" }} -{{ $ospack := or .ospack (printf "ospack_%s-%s-%s" $suite $architecture $type) }} -{{ $image := or .image (printf "apertis-%s-%s-%s" $suite $type $architecture) }} - -{{ $cmdline := or .cmdline "console=tty0 console=ttyS0,115200n8 rootwait rw quiet splash plymouth.ignore-serial-consoles fsck.mode=auto fsck.repair=yes snd-sof-pci.fw_path=\"intel/sof\"" }} - -{{ $demopack := or .demopack "disabled" }} -{{ if eq $type "leaudio-peripheral" }} -{{ $demopack := "disabled" }} -{{ end }} - -{{- $unpack := or .unpack "true" }} - -architecture: {{ $architecture }} - -actions: -{{- if eq $unpack "true" }} - - action: unpack - description: Unpack {{ $ospack }} - compression: gz - file: {{ $ospack }}.tar.gz -{{- end }} - -# - action: overlay -# description: "Enable USB automount" -# source: overlays/usb-automount-rules - - - action: image-partition - imagename: {{ $image }}.img -{{ if eq $type "leaudio-peripheral" }} - imagesize: 4G -{{ else }} - imagesize: 15G -{{ end }} - partitiontype: gpt - - mountpoints: - - mountpoint: / - partition: system - - mountpoint: /boot/efi - partition: EFI - - mountpoint: /home - partition: general_storage - - partitions: - - name: EFI - fs: vfat - start: 0% - end: 256M - flags: [ boot ] - - name: system - fs: ext4 - start: 256M -{{ if eq $type "leaudio-peripheral" }} - end: 3000M -{{ else }} - end: 6000M -{{ end }} - - name: general_storage - fs: ext4 -{{ if eq $type "leaudio-peripheral" }} - start: 3000M -{{ else }} - start: 6000M -{{ end }} - end: 100% - - - action: filesystem-deploy - description: Deploying ospack onto image - append-kernel-cmdline: {{ $cmdline }} - - - action: apt - description: "EFI bootloader" - packages: - - systemd-boot - - - action: run - description: Install UEFI bootloader - chroot: true - command: bootctl --path=/boot/efi install - - # Avoid creation of machine-id entry for the image - - action: run - description: Create the default entry for booloader - chroot: true - command: mkdir /boot/efi/Default - - - action: apt - description: Kernel and system packages for {{$architecture}} - packages: - - linux-image-{{$architecture}} - - libgles2-mesa - -# - action: run -# description: Switch to live APT repos -# chroot: true -# script: scripts/switch-apt-to-live.sh -r {{ $suite }} - - - action: run - description: "Save installed package status" - chroot: false - command: gzip -c "${ROOTDIR}/var/lib/dpkg/status" > "${ARTIFACTDIR}/{{ $image }}.img.pkglist.gz" - - - action: run - description: Cleanup /var/lib - script: scripts/remove_var_lib_parts.sh - - # the clearing of machine-id can't be done before this point since - # systemd-boot requires the machine-id to be set for reasons related to - # dual-boot scenarios: - # * to avoid conflicts when creating entries, see the `90-loaderentry` kernel - # install trigger - # * to set the entries for the currently booted installation as default in - # the loader.conf generated by `bootctl install` - # - # in our image this is not useful, as the actual machine-id is supposed to be - # uniquely generated on the first boot. however the impact is negligible, as - # things still work albeit the code used to potentially disambiguate entries - # doesn't match a real machine-id - - action: run - chroot: false - description: "Empty /etc/machine-id so it's regenerated on first boot with an unique value" - command: truncate -s0 "${ROOTDIR}/etc/machine-id" - - - action: run - chroot: false - description: Drop the systemd-boot random seed, see https://systemd.io/BUILDING_IMAGES/ - command: rm "${ROOTDIR}/boot/efi/loader/random-seed" - - # Add multimedia demo pack - # Provide URL via '-t demopack:"https://images.apertis.org/media/multimedia-demo.tar.gz"' - # to add multimedia demo files - {{ if ne $demopack "disabled" }} - # Use wget to get some insight about https://phabricator.collabora.com/T11930 - # TODO: Revert to a download action once the cause is found - - action: run - description: Download multimedia demo pack - chroot: false - command: wget --debug {{ $demopack }} -O "${ARTIFACTDIR}/multimedia-demo.tar.gz" - - - action: unpack - description: Unpack multimedia demo pack - compression: gz - file: multimedia-demo.tar.gz - - - action: run - description: Clean up multimedia demo pack tarball - chroot: false - command: rm "${ARTIFACTDIR}/multimedia-demo.tar.gz" - {{ end }} - - - action: run - description: Delete /usr/share/doc - chroot: false - command: rm -rf "${ROOTDIR}"/usr/share/doc/* - - - action: run - description: List files on {{ $image }} - chroot: false - script: scripts/list-files "$ROOTDIR" | gzip > "${ARTIFACTDIR}/{{ $image }}.img.filelist.gz" - - - action: run - description: Create block map for {{ $image }}.img - postprocess: true - command: bmaptool create "${ARTIFACTDIR}/{{ $image }}.img" > "${ARTIFACTDIR}/{{ $image }}.img.bmap" - - - action: run - description: Compress {{ $image }}.img - postprocess: true - command: gzip -f "${ARTIFACTDIR}/{{ $image }}.img" - - - action: run - description: Checksum for {{ $image }}.img.gz - postprocess: true - command: sha256sum "${ARTIFACTDIR}/{{ $image }}.img.gz" > "${ARTIFACTDIR}/{{ $image }}.img.gz.sha256" -- GitLab From 7bc449484ae631a9829ce15c87440fa350a28a1a Mon Sep 17 00:00:00 2001 From: Sjoerd Simons <sjoerd@collabora.com> Date: Sat, 12 Nov 2022 10:22:13 +0100 Subject: [PATCH 2/4] Simplify images --- ospack.yaml | 142 ++---------------- overlays/apertis-dev/usr/sbin/apertis-dev | 105 ------------- .../lib/systemd/system/iptables.service | 20 --- .../multi-user.target.wants/iptables.service | 1 - overlays/iptables-rules/etc/iptables/rules.v4 | 31 ---- overlays/iptables-rules/etc/iptables/rules.v6 | 16 -- scripts/add-initramfs-modules.sh | 9 -- scripts/add-xdg-user-metadata.sh | 17 --- 8 files changed, 9 insertions(+), 332 deletions(-) delete mode 100755 overlays/apertis-dev/usr/sbin/apertis-dev delete mode 100644 overlays/iptables-persistence/lib/systemd/system/iptables.service delete mode 120000 overlays/iptables-persistence/lib/systemd/system/multi-user.target.wants/iptables.service delete mode 100644 overlays/iptables-rules/etc/iptables/rules.v4 delete mode 100644 overlays/iptables-rules/etc/iptables/rules.v6 delete mode 100755 scripts/add-initramfs-modules.sh delete mode 100755 scripts/add-xdg-user-metadata.sh diff --git a/ospack.yaml b/ospack.yaml index 75e086a..e786a87 100644 --- a/ospack.yaml +++ b/ospack.yaml @@ -14,13 +14,13 @@ architecture: {{ $architecture }} actions: - action: debootstrap - suite: {{if eq $snapshot ""}} {{ $suite }} {{else}} {{ $suite }}/snapshots/{{ $snapshot }} {{end}} + suite: v2023pre components: - target - mirror: {{ $mirror }} + mirror: https://repositories.apertis.org/apertis/ variant: minbase - keyring-package: {{ $keyring }} - keyring-file: keyring/{{ $keyring }}.gpg + keyring-package: apertis-archive-keyring + keyring-file: keyring/apertis-archive-keyring.gpg merged-usr: true - action: overlay @@ -30,26 +30,6 @@ actions: description: Work around "Hash Sum Mismatch" errors, https://phabricator.collabora.com/T15071 source: overlays/apt-disable-http-pipelining - - action: run - description: "Add extra apt sources" - chroot: true - script: scripts/apt_source.sh -m {{ $mirror }} -r {{ $suite }} {{if eq $stable "true"}} --updates --security {{end}} target {{if ne $snapshot ""}} --snapshot {{ $snapshot }} {{end}} - - - action: run - description: "Add development apt sources" - chroot: true - script: scripts/apt_source.sh -m {{ $mirror }} -r {{ $suite }} {{if eq $stable "true"}} --updates --security {{end}} development {{if ne $snapshot ""}} --snapshot {{ $snapshot }} {{end}} - - - action: run - description: "Add non-free apt source" - chroot: true - script: scripts/apt_source.sh -m {{ $mirror }} -r {{ $suite }} {{if eq $stable "true"}} --updates --security {{end}} non-free {{if ne $snapshot ""}} --snapshot {{ $snapshot }} {{end}} - - - action: run - description: "Add Custom electronica 2022 apt sources" - chroot: true - script: scripts/apt_source.sh -m https://repositories.collabora.com/showcases/electronica2022 -r {{ $suite }} target - - action: overlay source: overlays/dpkg-exclusions-docs @@ -71,57 +51,17 @@ actions: - busybox - dbus-user-session - - action: apt - description: "Networking packages" - packages: - - busybox-ping - - connman - - iptables - - netbase - - wireless-regdb - - wpasupplicant - - - action: apt - description: "AppArmor packages" - packages: - - apparmor - - chaiwala-apparmor-profiles - - - action: apt - description: "Test environment packages" - packages: - - libglib2.0-bin - - net-tools - - openssh-client - - openssh-server - - vim.tiny - - - action: apt - description: "Compositor" - packages: - - weston - - libgl1-mesa-dri - - action: run description: Set the hostname chroot: false - command: echo "electronica2022" > "$ROOTDIR/etc/hostname" + command: echo "electronica2022-lava" > "$ROOTDIR/etc/hostname" - action: overlay source: overlays/default-hosts - - action: overlay - source: overlays/iptables-persistence - - - action: overlay - source: overlays/iptables-rules - - action: overlay source: overlays/machine-info - - action: overlay - source: overlays/loopback-interface - - action: overlay source: overlays/media-tmpfs @@ -131,21 +71,11 @@ actions: - action: overlay source: overlays/sudo-fqdn - - action: overlay - source: overlays/apertis-dev - - - action: overlay - source: overlays/fsck - - action: run chroot: true description: "Enable /tmp mount" script: scripts/enable-tmpfs.sh - - action: run - chroot: true - script: scripts/add-xdg-user-metadata.sh - - action: run chroot: true script: scripts/create-mtab-symlink.hook.sh @@ -162,14 +92,6 @@ actions: chroot: true script: scripts/check_sudoers_for_admin.sh - - action: run - chroot: true - script: scripts/generate_openssh_keys.sh - - - action: run - chroot: true - script: scripts/add-initramfs-modules.sh - - action: run chroot: true description: "Disable daily apt download, upgrade and clean activities, https://phabricator.apertis.org/T6341" @@ -181,50 +103,13 @@ actions: command: systemctl disable systemd-timesyncd - action: run + description: Create a base kernel-less initramfs chroot: true - description: "Disable e2scrub_all service by default" - command: systemctl disable e2scrub_all - - - action: run - chroot: true - description: "Disable e2scrub_all timer by default" - command: systemctl disable e2scrub_all.timer - - - action: run - chroot: true - description: "Disable e2scrub_reap service by default" - command: systemctl disable e2scrub_reap - - ## Disable fstrim timer and service since they trigger FS issues - ## https://gitlab.apertis.org/infrastructure/apertis-issues/-/issues/70 - - action: run - chroot: true - description: "Disable fstrim.timer by default" - command: systemctl disable fstrim.timer - - - action: run - chroot: true - description: "Disable fstrim.service by default" - command: systemctl disable fstrim.service - - ## Disable systemd-backlight service on leds:asus::kbd_backlight as this is - ## failing on the UP Squared 6000 board. - ## https://gitlab.apertis.org/infrastructure/apertis-issues/-/issues/163 - - action: run - chroot: true - description: "Mask systemd-backlight@leds:asus::kbd_backlight.service by default" - command: systemctl mask systemd-backlight@leds:asus::kbd_backlight.service - - - action: run - chroot: true - description: "Enable iptables services by default" - command: systemctl enable iptables + command: mkinitramfs -o /boot/initramfs - # Add image version information - action: run - description: "Setting up image version metadata" - chroot: true - script: scripts/setup_image_version.sh {{ $osname }} {{ $suite }} '{{ $timestamp }}' collabora {{ $type }} + chroot: false + command: mv ${ROOTDIR}/boot/initramfs ${ARTIFACTDIR}/{{ $architecture }}-initramfs.gz {{- if eq $pack "true" }} - action: run @@ -237,15 +122,6 @@ actions: chroot: false script: scripts/list-files "$ROOTDIR" | gzip > "${ARTIFACTDIR}/{{ $ospack }}.filelist.gz" - - action: run - description: Create a base kernel-less initramfs - chroot: true - command: mkinitramfs -o /boot/initramfs - - - action: run - chroot: false - command: mv ${ROOTDIR}/boot/initramfs ${ARTIFACTDIR}/{{ $architecture }}-initramfs.gz - - action: pack compression: gz diff --git a/overlays/apertis-dev/usr/sbin/apertis-dev b/overlays/apertis-dev/usr/sbin/apertis-dev deleted file mode 100755 index 7c15e6f..0000000 --- a/overlays/apertis-dev/usr/sbin/apertis-dev +++ /dev/null @@ -1,105 +0,0 @@ -#!/bin/sh - -# Copyright © 2015 Collabora Ltd. -# -# SPDX-License-Identifier: MPL-2.0 -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -# Reconfigure an Apertis target system for debugging and basic development. - -set -e - -die () { - echo "$0: $@" >&2 - exit 1 -} - -packages="openssh-server rsync" -build= -build_dep="" -gpl3= -enable_debug= -disable_debug= - -while [ "$#" -gt 0 ]; do - case "$1" in - (--help) - echo "usage: sudo apertis-dev [OPTIONS]" - echo "Enable debugging and basic development." - echo "OPTIONS are:" - echo " -b|--build: install basic build tools" - echo " -d|--build-dep PACKAGE: install build-deps of PACKAGE" - echo " -g|--debug: install basic debugging tools" - echo " -3|--gpl3: install GPL3 versions of tar, coreutils" - echo " --enable-debug: enable debug logging from applications" - echo " --disable-debug: disable debug logging from applications" - echo "For developer use only: do not do this in production." - exit 0 - ;; - (-b|--build) - build=1 - shift - ;; - (-d|--build-dep) - build=1 - build_dep="$build_dep $2" - shift 2 - ;; - (-g|--debug) - # devscripts is mainly here so we have debi - packages="$packages apertis-tests devscripts gdb strace valgrind bash-completion less systemd-coredump" - shift - ;; - (-3|--gpl3) - gpl3=1 - shift - ;; - (--enable-debug) - enable_debug=1 - shift - ;; - (--disable-debug) - disable_debug=1 - shift - ;; - (*) - die "unknown option \"$1\"" - ;; - esac -done - -[ "$(id -u)" = 0 ] || die "must be run as root" - -if [ -n "$enable_debug" ] && [ -n "$disable_debug" ]; then - echo "Both --enable-debug and --disable-debug specified. Doing neither." - enable_debug= - disable_debug= -fi - -if [ -n "$build" ]; then - packages="$packages build-essential ccache devscripts fakeroot" - packages="$packages pristine-tar python3-debian" -fi - -mount -o remount,rw / -# replace "target" component with "development" unless "development" is -# already there -sed -i.orig -e '/\bdevelopment\b/! s/ target\( \|$\)/ target development\1/' /etc/apt/sources.list -apt update -apt-get -y install --no-install-recommends eatmydata -eatmydata apt-get -y install --no-install-recommends $packages -if [ -n "$build_dep" ]; then - eatmydata apt-get -y build-dep --no-install-recommends $build_dep -fi - -if [ -n "$gpl3" ]; then - # Workaround for https://bugs.apertis.org/show_bug.cgi?id=626 - # dpkg will fail if there isn't a tar and an rm on $PATH - cp /bin/rm /bin/tar /usr/local/bin - apt-get -y install coreutils tar - rm /usr/local/bin/rm /usr/local/bin/tar -fi - -# vim:set sw=4 sts=4 et: diff --git a/overlays/iptables-persistence/lib/systemd/system/iptables.service b/overlays/iptables-persistence/lib/systemd/system/iptables.service deleted file mode 100644 index 1cf03a8..0000000 --- a/overlays/iptables-persistence/lib/systemd/system/iptables.service +++ /dev/null @@ -1,20 +0,0 @@ -[Unit] -Description=Packet Filtering Rules -DefaultDependencies=no -Wants=network-pre.target systemd-modules-load.service local-fs.target -Before=network-pre.target shutdown.target -After=systemd-modules-load.service local-fs.target -Conflicts=shutdown.target -ConditionPathExists=/etc/iptables/rules.v4 -ConditionPathExists=/etc/iptables/rules.v6 - -[Service] -Type=oneshot -ExecStart=/usr/sbin/iptables-restore /etc/iptables/rules.v4 -ExecStart=/usr/sbin/ip6tables-restore /etc/iptables/rules.v6 -ExecReload=/usr/sbin/iptables-restore /etc/iptables/rules.v4 -ExecReload=/usr/sbin/ip6tables-restore /etc/iptables/rules.v6 -RemainAfterExit=yes - -[Install] -WantedBy=multi-user.target diff --git a/overlays/iptables-persistence/lib/systemd/system/multi-user.target.wants/iptables.service b/overlays/iptables-persistence/lib/systemd/system/multi-user.target.wants/iptables.service deleted file mode 120000 index b8341f5..0000000 --- a/overlays/iptables-persistence/lib/systemd/system/multi-user.target.wants/iptables.service +++ /dev/null @@ -1 +0,0 @@ -../iptables.service \ No newline at end of file diff --git a/overlays/iptables-rules/etc/iptables/rules.v4 b/overlays/iptables-rules/etc/iptables/rules.v4 deleted file mode 100644 index 5d5cd92..0000000 --- a/overlays/iptables-rules/etc/iptables/rules.v4 +++ /dev/null @@ -1,31 +0,0 @@ -# sample configuration for iptables service -# you can edit this manually -# inspired from Fedora's packaging of iptables on: -# git://pkgs.fedoraproject.org/iptables.git -*filter -:INPUT ACCEPT [0:0] -:FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [0:0] --A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT --A INPUT -p icmp -j ACCEPT --A INPUT -i lo -j ACCEPT --A INPUT -i gpic0 -j ACCEPT -# Accept http --A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -# Accept ssh for development --A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -# Accept mDNS and UPnP (Avahi) --A INPUT -p udp -m udp --dport 1900 -j ACCEPT --A INPUT -p udp -m udp --dport 5353 -d 224.0.0.251 -j ACCEPT -# Accept dhcp/dns and forwarding on the tether interface --A INPUT -p udp --dport 67 -i tether -j ACCEPT --A INPUT -p udp --dport 53 -i tether -j ACCEPT --A INPUT -p tcp -m state --state NEW -m tcp --dport 1234 -j ACCEPT - --A FORWARD -i tether -j ACCEPT --A FORWARD -o tether -j ACCEPT - -# Reject everything else --A INPUT -j REJECT --reject-with icmp-host-prohibited --A FORWARD -j REJECT --reject-with icmp-host-prohibited -COMMIT diff --git a/overlays/iptables-rules/etc/iptables/rules.v6 b/overlays/iptables-rules/etc/iptables/rules.v6 deleted file mode 100644 index 9e1f579..0000000 --- a/overlays/iptables-rules/etc/iptables/rules.v6 +++ /dev/null @@ -1,16 +0,0 @@ -# sample configuration for ip6tables service -# you can edit this manually -# inspired from Fedora's packaging of iptables on: -# git://pkgs.fedoraproject.org/iptables.git -*filter -:INPUT ACCEPT [0:0] -:FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [0:0] --A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT --A INPUT -p ipv6-icmp -j ACCEPT --A INPUT -i lo -j ACCEPT --A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT --A INPUT -p tcp -m state --state NEW -m tcp --dport 1234 -j ACCEPT --A INPUT -j REJECT --reject-with icmp6-adm-prohibited --A FORWARD -j REJECT --reject-with icmp6-adm-prohibited -COMMIT diff --git a/scripts/add-initramfs-modules.sh b/scripts/add-initramfs-modules.sh deleted file mode 100755 index 73b8a92..0000000 --- a/scripts/add-initramfs-modules.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh - -set -e - -# Add extra modules to initramfs -echo "I: Adding netprio_cgroup and cls_cgroup modules to initramfs" -echo netprio_cgroup >> /etc/initramfs-tools/modules -echo cls_cgroup >> /etc/initramfs-tools/modules -update-initramfs -u diff --git a/scripts/add-xdg-user-metadata.sh b/scripts/add-xdg-user-metadata.sh deleted file mode 100755 index 4945f33..0000000 --- a/scripts/add-xdg-user-metadata.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/sh - -set -e - -# Hackish: Add user XDG metadata BUG: #1157 -echo "I: Adding XDG user metadata." -for d in .config .cache .dbus -do - mkdir -p "/etc/skel/$d" - mkdir -p "/root/$d" -done - -for d in bin etc include lib libexec share -do - mkdir -p "/etc/skel/.local/$d" - mkdir -p "/root/.local/$d" -done -- GitLab From 979f12d11d1ff992c564a4003741239eea781989 Mon Sep 17 00:00:00 2001 From: Sjoerd Simons <sjoerd@collabora.com> Date: Sat, 12 Nov 2022 10:30:39 +0100 Subject: [PATCH 3/4] Improve networking setup for nfs based systems Switched to systemd-network as the network configuration daemon and set it up to keep configuration such that it takes over what was setup in early boot for nfs root Signed-off-by: Sjoerd Simons <sjoerd@collabora.com> --- ospack.yaml | 12 +++++++++++ .../systemd/network/73-usb-net-by-mac.link | 5 +++++ .../etc/systemd/network/99-default.link | 20 +++++++++++++++++++ .../etc/systemd/network/wired.network | 7 +++++++ .../etc/systemd/sleep.conf.d/nosuspend.conf | 5 +++++ .../serial-getty@.service.d/override.conf | 3 +++ .../override.conf | 3 +++ scripts/enable-tmpfs.sh | 5 +++++ 8 files changed, 60 insertions(+) create mode 100644 overlays/networking/etc/systemd/network/73-usb-net-by-mac.link create mode 100644 overlays/networking/etc/systemd/network/99-default.link create mode 100644 overlays/networking/etc/systemd/network/wired.network create mode 100644 overlays/networking/etc/systemd/sleep.conf.d/nosuspend.conf create mode 100644 overlays/networking/etc/systemd/system/serial-getty@.service.d/override.conf create mode 100644 overlays/networking/etc/systemd/system/systemd-networkd-wait-online.service.d/override.conf diff --git a/ospack.yaml b/ospack.yaml index e786a87..8033e66 100644 --- a/ospack.yaml +++ b/ospack.yaml @@ -51,6 +51,18 @@ actions: - busybox - dbus-user-session + - action: run + description: Enable systemd network services + chroot: true + command: | + systemctl enable systemd-networkd + systemctl enable systemd-networkd-wait-online + systemctl enable systemd-resolved + ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf + + - action: overlay + source: overlays/networking + - action: run description: Set the hostname chroot: false diff --git a/overlays/networking/etc/systemd/network/73-usb-net-by-mac.link b/overlays/networking/etc/systemd/network/73-usb-net-by-mac.link new file mode 100644 index 0000000..0fef243 --- /dev/null +++ b/overlays/networking/etc/systemd/network/73-usb-net-by-mac.link @@ -0,0 +1,5 @@ +[Match] +Path=*-usb-* + +[Link] +NamePolicy= \ No newline at end of file diff --git a/overlays/networking/etc/systemd/network/99-default.link b/overlays/networking/etc/systemd/network/99-default.link new file mode 100644 index 0000000..f3f1aea --- /dev/null +++ b/overlays/networking/etc/systemd/network/99-default.link @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: CC0-1.0 +# +# This config file is installed as part of systemd. +# It may be freely copied and edited (following the Creative Commons Zero v1.0 Universal License). +# +# To make local modifications, one of the following methods may be used: +# 1. add a drop-in file that extends this file by creating the +# /etc/systemd/network/99-default.link.d/ directory and creating a +# new .conf file there. +# 2. copy this file into /etc/systemd/network or one of the other paths checked +# by systemd-udevd and edit it there. +# This file should not be edited in place, because it'll be overwritten on upgrades. + +[Match] +OriginalName=* + +[Link] +NamePolicy= +AlternativeNamesPolicy=database onboard slot path +MACAddressPolicy=persistent diff --git a/overlays/networking/etc/systemd/network/wired.network b/overlays/networking/etc/systemd/network/wired.network new file mode 100644 index 0000000..f7eedce --- /dev/null +++ b/overlays/networking/etc/systemd/network/wired.network @@ -0,0 +1,7 @@ +[Match] +Name=e* + +[Network] +DHCP=yes +KeepConfiguration=yes + diff --git a/overlays/networking/etc/systemd/sleep.conf.d/nosuspend.conf b/overlays/networking/etc/systemd/sleep.conf.d/nosuspend.conf new file mode 100644 index 0000000..95b0793 --- /dev/null +++ b/overlays/networking/etc/systemd/sleep.conf.d/nosuspend.conf @@ -0,0 +1,5 @@ +[Sleep] +AllowSuspend=no +AllowHibernation=no +AllowSuspendThenHibernate=no +AllowHybridSleep=no diff --git a/overlays/networking/etc/systemd/system/serial-getty@.service.d/override.conf b/overlays/networking/etc/systemd/system/serial-getty@.service.d/override.conf new file mode 100644 index 0000000..0a38143 --- /dev/null +++ b/overlays/networking/etc/systemd/system/serial-getty@.service.d/override.conf @@ -0,0 +1,3 @@ +[Unit] +Wants=network-online.target +After=network-online.target diff --git a/overlays/networking/etc/systemd/system/systemd-networkd-wait-online.service.d/override.conf b/overlays/networking/etc/systemd/system/systemd-networkd-wait-online.service.d/override.conf new file mode 100644 index 0000000..1ef5a03 --- /dev/null +++ b/overlays/networking/etc/systemd/system/systemd-networkd-wait-online.service.d/override.conf @@ -0,0 +1,3 @@ +[Service] +ExecStart= +ExecStart=/lib/systemd/systemd-networkd-wait-online --any diff --git a/scripts/enable-tmpfs.sh b/scripts/enable-tmpfs.sh index 0a5501b..e4099e9 100755 --- a/scripts/enable-tmpfs.sh +++ b/scripts/enable-tmpfs.sh @@ -6,3 +6,8 @@ set -e # NB: we generate /etc/fstab with debos, so use systemd's mechanism cp /usr/share/systemd/tmp.mount /etc/systemd/system/ systemctl enable tmp.mount + +cp /usr/share/systemd/tmp.mount /etc/systemd/system/var-tmp.mount +sed -i 's,/tmp,/var/tmp,g' /etc/systemd/system/var-tmp.mount +systemctl enable var-tmp.mount + -- GitLab From 6e3fb66f93522dc9bf0fa80ed30fe1e0f4fb62cb Mon Sep 17 00:00:00 2001 From: Sjoerd Simons <sjoerd@collabora.com> Date: Sat, 12 Nov 2022 10:42:03 +0100 Subject: [PATCH 4/4] Add a more verbose shell prompt for lava to match against Signed-off-by: Sjoerd Simons <sjoerd@collabora.com> --- ospack.yaml | 4 ++++ overlays/shell-profile/etc/profile.d/ash.sh | 5 +++++ 2 files changed, 9 insertions(+) create mode 100644 overlays/shell-profile/etc/profile.d/ash.sh diff --git a/ospack.yaml b/ospack.yaml index 8033e66..777d532 100644 --- a/ospack.yaml +++ b/ospack.yaml @@ -96,6 +96,10 @@ actions: chroot: true script: scripts/setup_user.sh + - description: "Setup shell prompt in ash" + action: overlay + source: overlays/shell-profile + - action: run chroot: true script: scripts/add_user_to_groups.sh diff --git a/overlays/shell-profile/etc/profile.d/ash.sh b/overlays/shell-profile/etc/profile.d/ash.sh new file mode 100644 index 0000000..20c3030 --- /dev/null +++ b/overlays/shell-profile/etc/profile.d/ash.sh @@ -0,0 +1,5 @@ +if [ "$(id -u)" -eq 0 ]; then + export PS1="\u@\h:\w# " +else + export PS1="\u@\h:\w\$ " +fi -- GitLab