From ed85185b09e52b3d89b565f30d176faa03b7421a Mon Sep 17 00:00:00 2001
From: Sjoerd Simons <sjoerd@collabora.com>
Date: Sat, 12 Nov 2022 10:10:01 +0100
Subject: [PATCH 1/4] Remove unneeded image recipes

---
 image-rk3399.yaml | 150 -----------------------------
 image-rpi64.yaml  | 234 ----------------------------------------------
 image-uefi.yaml   | 177 -----------------------------------
 3 files changed, 561 deletions(-)
 delete mode 100644 image-rk3399.yaml
 delete mode 100644 image-rpi64.yaml
 delete mode 100644 image-uefi.yaml

diff --git a/image-rk3399.yaml b/image-rk3399.yaml
deleted file mode 100644
index 68ec9f1..0000000
--- a/image-rk3399.yaml
+++ /dev/null
@@ -1,150 +0,0 @@
-{{ $architecture := or .architecture "arm64" }}
-{{ $type := or .type "fixedfunction" }}
-{{ $suite := or .suite "v2023pre" }}
-{{ $ospack := or .ospack (printf "ospack_%s-%s-%s" $suite $architecture $type) }}
-{{ $sbc := or .sbc "rock-pi-4-rk3399" }}
-{{ $image := or .image (printf "apertis-%s-%s-%s-%s" $suite $type $architecture $sbc) }}
-{{ $unpack := or .unpack "true" }}
-{{ $cmdline := or .cmdline "rootwait rw quiet splash plymouth.ignore-serial-consoles fsck.mode=auto fsck.repair=yes" }}
-
-architecture: {{ $architecture }}
-
-actions:
-{{- if eq $unpack "true" }}
-  - action: unpack
-    description: Unpack {{ $ospack }}
-    compression: gz
-    file: {{ $ospack }}.tar.gz
-{{- end }}
-
-  - action: image-partition
-    imagename: {{ $image }}.img
-    imagesize: 7.5G
-    partitiontype: gpt
-    mountpoints:
-      - mountpoint: /
-        partition: system
-      - mountpoint: /boot
-        partition: boot
-    partitions:
-      - name: boot
-        fs: ext2
-        start: 32768s
-        end: 256M
-        flags: [ boot ]
-      - name: system
-        fs: ext4
-        start: 256M
-        end: 100%
-
-  - action: filesystem-deploy
-    setup-kernel-cmdline: true
-    append-kernel-cmdline: {{ $cmdline }}
-    description: Deploying ospack onto image
-
-#  - action: overlay
-#    description: Set the default bootcounter
-#    source: overlays/default-uboot-bootcount
-
-#  - action: overlay
-#    description: "Enable USB automount"
-#    source: overlays/usb-automount-rules
-
-  # on arm64 the initramfs post-install does not call zz-u-boot-menu from
-  # u-boot-menupackage when it is installed at the same time as the kernel
-  # work around it by installing the the boot configuration tools first
-  # see https://phabricator.apertis.org/T6325
-  - action: apt
-    description: Boot configuration packages
-    packages:
-      - initramfs-tools
-      - u-boot-menu
-
-{{- if ne $architecture "amd64" }}
-  - action: overlay
-    source: overlays/initramfs-modules-{{$architecture}}
-{{ end }}
-
-  - action: apt
-    description: Kernel and system packages
-    packages:
-      - kmod
-      - linux-base
-{{ if eq $architecture "armhf" }}
-      - linux-image-armmp
-{{ else }}
-      - linux-image-{{$architecture}}
-{{ end }}
-
-  - action: apt
-    description: U-Boot package
-    packages:
-      - u-boot-rockchip
-
-  - action: raw
-    description: Install loader1 for {{ $sbc }}
-    origin: filesystem
-    source: /usr/lib/u-boot/{{ $sbc }}/idbloader.img
-    offset: {{ sector 64 }}
-
-  - action: raw
-    description: Install U-Boot for {{ $sbc }}
-    origin: filesystem
-    source: /usr/lib/u-boot/{{ $sbc }}/u-boot.itb
-    offset: {{ sector 16384 }}
-
-#  - action: run
-#    description: Switch to live APT repos
-#    chroot: true
-#    script: scripts/switch-apt-to-live.sh -r {{ $suite }}
-
-  - action: run
-    description: "Save installed package status"
-    chroot: false
-    command: gzip -c "${ROOTDIR}/var/lib/dpkg/status" > "${ARTIFACTDIR}/{{ $image }}.img.pkglist.gz"
-
-  - action: run
-    description: Cleanup /var/lib
-    script: scripts/remove_var_lib_parts.sh
-
-  # the clearing of machine-id can't be done before this point since
-  # systemd-boot requires the machine-id to be set for reasons related to
-  # dual-boot scenarios:
-  # * to avoid conflicts when creating entries, see the `90-loaderentry` kernel
-  #   install trigger
-  # * to set the entries for the currently booted installation as default in
-  #   the loader.conf generated by `bootctl install`
-  #
-  # in our image this is not useful, as the actual machine-id is supposed to be
-  # uniquely generated on the first boot. however the impact is negligible, as
-  # things still work albeit the code used to potentially disambiguate entries
-  # doesn't match a real machine-id
-  - action: run
-    chroot: false
-    description: "Empty /etc/machine-id so it's regenerated on first boot with an unique value"
-    command: truncate -s0 "${ROOTDIR}/etc/machine-id"
-
-  - action: run
-    description: Delete /usr/share/doc
-    chroot: false
-    command: rm -rf "${ROOTDIR}"/usr/share/doc/*
-
-  - action: run
-    description: List files on {{ $image }}
-    chroot: false
-    script: scripts/list-files "$ROOTDIR" | gzip > "${ARTIFACTDIR}/{{ $image }}.img.filelist.gz"
-
-  - action: run
-    description: Create block map for {{ $image }}.img
-    postprocess: true
-    command: bmaptool create "${ARTIFACTDIR}/{{ $image }}.img" > "${ARTIFACTDIR}/{{ $image }}.img.bmap"
-
-  - action: run
-    description: Compress {{ $image }}.img
-    postprocess: true
-    command: gzip -f "${ARTIFACTDIR}/{{ $image }}.img"
-
-  - action: run
-    description: Checksum for {{ $image }}.img.gz
-    postprocess: true
-    command: sha256sum "${ARTIFACTDIR}/{{ $image }}.img.gz" > "${ARTIFACTDIR}/{{ $image }}.img.gz.sha256"
diff --git a/image-rpi64.yaml b/image-rpi64.yaml
deleted file mode 100644
index 6f2ad7e..0000000
--- a/image-rpi64.yaml
+++ /dev/null
@@ -1,234 +0,0 @@
-{{ $architecture := or .architecture "arm64" }}
-{{ $type := or .type "fixedfunction" }}
-{{ $suite := or .suite "v2023pre" }}
-{{ $ospack := or .ospack (printf "ospack_%s-%s-%s" $suite $architecture $type) }}
-{{ $image := or .image (printf "apertis_%s-%s-%s-rpi64" $suite $type $architecture) }}
-
-{{ $cmdline := or .cmdline " rootwait ro quiet splash plymouth.ignore-serial-consoles fsck.mode=auto fsck.repair=yes cma=128M" }}
-
-{{ $demopack := or .demopack "disabled" }}
-{{ if eq $type "fixedfunction" }}
-{{ $demopack := "disabled" }}
-{{ end }}
-
-{{- $unpack := or .unpack "true" }}
-
-architecture: {{ $architecture }}
-
-actions:
-{{- if eq $unpack "true" }}
-  - action: unpack
-    description: Unpack {{ $ospack }}
-    compression: gz
-    file: {{ $ospack }}.tar.gz
-{{- end }}
-
-  - action: image-partition
-    imagename: {{ $image }}.img
-{{ if eq $type "fixedfunction" }}
-    imagesize: 4G
-{{ else }}
-    imagesize: 15G
-{{end}}
-    partitiontype: msdos
-    mountpoints:
-      - mountpoint: /
-        partition: system
-      - mountpoint: /boot
-        partition: boot
-        options: [ x-systemd.automount ]
-      - mountpoint: /boot/firmware
-        partition: firmware
-        options: [ x-systemd.automount ]
-      - mountpoint: /home
-        partition: general_storage
-
-    partitions:
-      - name: firmware
-        fs: vfat
-        start: 0%
-        end: 64M
-      - name: boot
-        fs: ext2
-        start: 64M
-        end: 256M
-        flags: [ boot ]
-      - name: system
-        fs: ext4
-        start: 256M
-{{ if eq $type "fixedfunction" }}
-        end: 3000M
-{{ else }}
-        end: 6000M
-{{ end }}
-      - name: general_storage
-        fs: ext4
-{{ if eq $type "fixedfunction" }}
-        start: 3000M
-{{ else }}
-        start: 6000M
-{{ end }}
-        end: 100%
-
-  - action: filesystem-deploy
-    setup-kernel-cmdline: true
-    append-kernel-cmdline: {{ $cmdline }}
-    description: Deploying ospack onto image
-
-  - action: overlay
-    description: Set the default bootcounter
-    source: overlays/default-uboot-bootcount
-
-  - action: overlay
-    description: "Enable USB automount"
-    source: overlays/usb-automount-rules
-
-  # on arm64 the initramfs post-install does not call zz-u-boot-menu from
-  # u-boot-menupackage when it is installed at the same time as the kernel
-  # work around it by installing the the boot configuration tools first
-  # see https://phabricator.apertis.org/T6325
-  - action: apt
-    description: Boot configuration packages
-    packages:
-      - initramfs-tools
-      - u-boot-menu
-
-  - action: apt
-    description: Kernel and system packages
-    packages:
-      - linux-image-{{$architecture}}
-      - e2fsprogs
-
-  - action: apt
-    description: U-Boot package
-    packages:
-      - u-boot-rpi
-
-  - action: apt
-    description: Firmware packages
-    packages:
-      - raspi-firmware
-      - firmware-brcm80211
-
-  - action: apt
-    description: Autoconfiguration packages for RPi64
-    packages:
-      - rpi64-autoconfig-connman
-
-  - action: overlay
-    description: "Default connman settings"
-    source: overlays/connman
-
-  - action: run
-    description: Switch to live APT repos
-    chroot: true
-    script: scripts/switch-apt-to-live.sh -r {{ $suite }}
-
-  - action: run
-    description: Install Raspberry Pi boot firmware
-    chroot: true
-    command: sh -c "cp -av /usr/lib/raspi-firmware/* /boot/firmware/"
-
-  - action: run
-    description: Install U-Boot
-    chroot: true
-    command:  sh -c "cp -av /usr/lib/u-boot/rpi_arm64/u-boot.bin /boot/firmware/"
-
-  - action: run
-    description: Copy DTBs from u-boot
-    chroot: true
-    command:  sh -c "cp -av /usr/lib/u-boot/rpi_arm64/*.dtb /boot/firmware/"
-
-  - action: run
-    description: Create DTB Overlays directory
-    chroot: true
-    command:  sh -c "mkdir -p /boot/firmware/overlays"
-
-  - action: run
-    description: Copy DTB Overlays from u-boot
-    chroot: true
-    command:  sh -c "cp -av /usr/lib/u-boot/rpi_arm64/bcm2711-vl805.dtbo /boot/firmware/overlays/vl805.dtbo"
-
-  - action: overlay
-    description: Copy config.txt
-    source: overlays/raspberrypi/firmware
-    destination: /boot/firmware
-
-  # Add multimedia demo pack
-  # Provide URL via '-t demopack:"https://images.apertis.org/media/multimedia-demo.tar.gz"'
-  # to add multimedia demo files
-  {{ if ne $demopack "disabled" }}
-  # Use wget to get some insight about https://phabricator.collabora.com/T11930
-  # TODO: Revert to a download action once the cause is found
-  - action: run
-    description: Download multimedia demo pack
-    chroot: false
-    command: wget --debug {{ $demopack }} -O "${ARTIFACTDIR}/multimedia-demo.tar.gz"
-
-  - action: unpack
-    description: Unpack multimedia demo pack
-    compression: gz
-    file: multimedia-demo.tar.gz
-
-  - action: run
-    description: Clean up multimedia demo pack tarball
-    chroot: false
-    command: rm "${ARTIFACTDIR}/multimedia-demo.tar.gz"
-  {{ end }}
-
-
-  - action: run
-    description: "Save installed package status"
-    chroot: false
-    command: gzip -c "${ROOTDIR}/var/lib/dpkg/status" > "${ARTIFACTDIR}/{{ $image }}.img.pkglist.gz"
-
-  - action: run
-    description: Cleanup /var/lib
-    script: scripts/remove_var_lib_parts.sh
-
-  # the clearing of machine-id can't be done before this point since
-  # systemd-boot requires the machine-id to be set for reasons related to
-  # dual-boot scenarios:
-  # * to avoid conflicts when creating entries, see the `90-loaderentry` kernel
-  #   install trigger
-  # * to set the entries for the currently booted installation as default in
-  #   the loader.conf generated by `bootctl install`
-  #
-  # in our image this is not useful, as the actual machine-id is supposed to be
-  # uniquely generated on the first boot. however the impact is negligible, as
-  # things still work albeit the code used to potentially disambiguate entries
-  # doesn't match a real machine-id
-  - action: run
-    chroot: false
-    description: "Empty /etc/machine-id so it's regenerated on first boot with an unique value"
-    command: truncate -s0 "${ROOTDIR}/etc/machine-id"
-
-  - action: run
-    description: Generate BOM file
-    chroot: false
-    script: scripts/generate_bom.py -C -d "${ROOTDIR}/usr/share/doc" -s "${ROOTDIR}/var/lib/dpkg/status" -v 2 > ${ARTIFACTDIR}/{{ $image }}.img.licenses
-
-  - action: run
-    description: Delete /usr/share/doc
-    chroot: false
-    command: rm -rf "${ROOTDIR}"/usr/share/doc/*
-
-  - action: run
-    description: List files on {{ $image }}
-    chroot: false
-    script: scripts/list-files "$ROOTDIR" | gzip > "${ARTIFACTDIR}/{{ $image }}.img.filelist.gz"
-
-  - action: run
-    description: Create block map for {{ $image }}.img
-    postprocess: true
-    command: bmaptool create "${ARTIFACTDIR}/{{ $image }}.img" > "${ARTIFACTDIR}/{{ $image }}.img.bmap"
-
-  - action: run
-    description: Compress {{ $image }}.img
-    postprocess: true
-    command: gzip -f "${ARTIFACTDIR}/{{ $image }}.img"
-
-  - action: run
-    description: Checksum for {{ $image }}.img.gz
-    postprocess: true
-    command: sha256sum "${ARTIFACTDIR}/{{ $image }}.img.gz" > "${ARTIFACTDIR}/{{ $image }}.img.gz.sha256"
diff --git a/image-uefi.yaml b/image-uefi.yaml
deleted file mode 100644
index ba07ec5..0000000
--- a/image-uefi.yaml
+++ /dev/null
@@ -1,177 +0,0 @@
-{{ $architecture := or .architecture "amd64" }}
-{{ $type := or .type "leaudio-central" }}
-{{ $suite := or .suite "v2023pre" }}
-{{ $ospack := or .ospack (printf "ospack_%s-%s-%s" $suite $architecture $type) }}
-{{ $image := or .image (printf "apertis-%s-%s-%s" $suite  $type $architecture) }}
-
-{{ $cmdline := or .cmdline "console=tty0 console=ttyS0,115200n8 rootwait rw quiet splash plymouth.ignore-serial-consoles fsck.mode=auto fsck.repair=yes snd-sof-pci.fw_path=\"intel/sof\"" }}
-
-{{ $demopack := or .demopack "disabled" }}
-{{ if eq $type "leaudio-peripheral" }}
-{{ $demopack := "disabled" }}
-{{ end }}
-
-{{- $unpack := or .unpack "true" }}
-
-architecture: {{ $architecture }}
-
-actions:
-{{- if eq $unpack "true" }}
-  - action: unpack
-    description: Unpack {{ $ospack }}
-    compression: gz
-    file: {{ $ospack }}.tar.gz
-{{- end }}
-
-#  - action: overlay
-#    description: "Enable USB automount"
-#    source: overlays/usb-automount-rules
-
-  - action: image-partition
-    imagename: {{ $image }}.img
-{{ if eq $type "leaudio-peripheral" }}
-    imagesize: 4G
-{{ else }}
-    imagesize: 15G
-{{ end }}
-    partitiontype: gpt
-
-    mountpoints:
-      - mountpoint: /
-        partition: system
-      - mountpoint: /boot/efi
-        partition: EFI
-      - mountpoint: /home
-        partition: general_storage
-
-    partitions:
-      - name: EFI
-        fs: vfat
-        start: 0%
-        end: 256M
-        flags: [ boot ]
-      - name: system
-        fs: ext4
-        start: 256M
-{{ if eq $type "leaudio-peripheral" }}
-        end: 3000M
-{{ else }}
-        end: 6000M
-{{ end }}
-      - name: general_storage
-        fs: ext4
-{{ if eq $type "leaudio-peripheral" }}
-        start: 3000M
-{{ else }}
-        start: 6000M
-{{ end }}
-        end: 100%
-
-  - action: filesystem-deploy
-    description: Deploying ospack onto image
-    append-kernel-cmdline: {{ $cmdline }}
-
-  - action: apt
-    description: "EFI bootloader"
-    packages:
-      - systemd-boot
-
-  - action: run
-    description: Install UEFI bootloader
-    chroot: true
-    command: bootctl --path=/boot/efi install
-
-  # Avoid creation of machine-id entry for the image
-  - action: run
-    description: Create the default entry for booloader
-    chroot: true
-    command: mkdir /boot/efi/Default
-
-  - action: apt
-    description: Kernel and system packages for {{$architecture}}
-    packages:
-      - linux-image-{{$architecture}}
-      - libgles2-mesa
-
-#  - action: run
-#    description: Switch to live APT repos
-#    chroot: true
-#    script: scripts/switch-apt-to-live.sh -r {{ $suite }}
-
-  - action: run
-    description: "Save installed package status"
-    chroot: false
-    command: gzip -c "${ROOTDIR}/var/lib/dpkg/status" > "${ARTIFACTDIR}/{{ $image }}.img.pkglist.gz"
-
-  - action: run
-    description: Cleanup /var/lib
-    script: scripts/remove_var_lib_parts.sh
-
-  # the clearing of machine-id can't be done before this point since
-  # systemd-boot requires the machine-id to be set for reasons related to
-  # dual-boot scenarios:
-  # * to avoid conflicts when creating entries, see the `90-loaderentry` kernel
-  #   install trigger
-  # * to set the entries for the currently booted installation as default in
-  #   the loader.conf generated by `bootctl install`
-  #
-  # in our image this is not useful, as the actual machine-id is supposed to be
-  # uniquely generated on the first boot. however the impact is negligible, as
-  # things still work albeit the code used to potentially disambiguate entries
-  # doesn't match a real machine-id
-  - action: run
-    chroot: false
-    description: "Empty /etc/machine-id so it's regenerated on first boot with an unique value"
-    command: truncate -s0 "${ROOTDIR}/etc/machine-id"
-
-  - action: run
-    chroot: false
-    description: Drop the systemd-boot random seed, see https://systemd.io/BUILDING_IMAGES/
-    command: rm "${ROOTDIR}/boot/efi/loader/random-seed"
-
-  # Add multimedia demo pack
-  # Provide URL via '-t demopack:"https://images.apertis.org/media/multimedia-demo.tar.gz"'
-  # to add multimedia demo files
-  {{ if ne $demopack "disabled" }}
-  # Use wget to get some insight about https://phabricator.collabora.com/T11930
-  # TODO: Revert to a download action once the cause is found
-  - action: run
-    description: Download multimedia demo pack
-    chroot: false
-    command: wget --debug {{ $demopack }} -O "${ARTIFACTDIR}/multimedia-demo.tar.gz"
-
-  - action: unpack
-    description: Unpack multimedia demo pack
-    compression: gz
-    file: multimedia-demo.tar.gz
-
-  - action: run
-    description: Clean up multimedia demo pack tarball
-    chroot: false
-    command: rm "${ARTIFACTDIR}/multimedia-demo.tar.gz"
-  {{ end }}
-
-  - action: run
-    description: Delete /usr/share/doc
-    chroot: false
-    command: rm -rf "${ROOTDIR}"/usr/share/doc/*
-
-  - action: run
-    description: List files on {{ $image }}
-    chroot: false
-    script: scripts/list-files "$ROOTDIR" | gzip > "${ARTIFACTDIR}/{{ $image }}.img.filelist.gz"
-
-  - action: run
-    description: Create block map for {{ $image }}.img
-    postprocess: true
-    command: bmaptool create "${ARTIFACTDIR}/{{ $image }}.img" > "${ARTIFACTDIR}/{{ $image }}.img.bmap"
-
-  - action: run
-    description: Compress {{ $image }}.img
-    postprocess: true
-    command: gzip -f "${ARTIFACTDIR}/{{ $image }}.img"
-
-  - action: run
-    description: Checksum for {{ $image }}.img.gz
-    postprocess: true
-    command: sha256sum "${ARTIFACTDIR}/{{ $image }}.img.gz" > "${ARTIFACTDIR}/{{ $image }}.img.gz.sha256"
-- 
GitLab


From 7bc449484ae631a9829ce15c87440fa350a28a1a Mon Sep 17 00:00:00 2001
From: Sjoerd Simons <sjoerd@collabora.com>
Date: Sat, 12 Nov 2022 10:22:13 +0100
Subject: [PATCH 2/4] Simplify images

---
 ospack.yaml                                   | 142 ++----------------
 overlays/apertis-dev/usr/sbin/apertis-dev     | 105 -------------
 .../lib/systemd/system/iptables.service       |  20 ---
 .../multi-user.target.wants/iptables.service  |   1 -
 overlays/iptables-rules/etc/iptables/rules.v4 |  31 ----
 overlays/iptables-rules/etc/iptables/rules.v6 |  16 --
 scripts/add-initramfs-modules.sh              |   9 --
 scripts/add-xdg-user-metadata.sh              |  17 ---
 8 files changed, 9 insertions(+), 332 deletions(-)
 delete mode 100755 overlays/apertis-dev/usr/sbin/apertis-dev
 delete mode 100644 overlays/iptables-persistence/lib/systemd/system/iptables.service
 delete mode 120000 overlays/iptables-persistence/lib/systemd/system/multi-user.target.wants/iptables.service
 delete mode 100644 overlays/iptables-rules/etc/iptables/rules.v4
 delete mode 100644 overlays/iptables-rules/etc/iptables/rules.v6
 delete mode 100755 scripts/add-initramfs-modules.sh
 delete mode 100755 scripts/add-xdg-user-metadata.sh

diff --git a/ospack.yaml b/ospack.yaml
index 75e086a..e786a87 100644
--- a/ospack.yaml
+++ b/ospack.yaml
@@ -14,13 +14,13 @@ architecture: {{ $architecture }}
 
 actions:
   - action: debootstrap
-    suite: {{if eq $snapshot ""}} {{ $suite }} {{else}} {{ $suite }}/snapshots/{{ $snapshot }} {{end}}
+    suite: v2023pre
     components:
       - target
-    mirror: {{ $mirror }}
+    mirror: https://repositories.apertis.org/apertis/
     variant: minbase
-    keyring-package: {{ $keyring }}
-    keyring-file: keyring/{{ $keyring }}.gpg
+    keyring-package: apertis-archive-keyring
+    keyring-file: keyring/apertis-archive-keyring.gpg
     merged-usr: true
 
   - action: overlay
@@ -30,26 +30,6 @@ actions:
     description: Work around "Hash Sum Mismatch" errors, https://phabricator.collabora.com/T15071
     source: overlays/apt-disable-http-pipelining
 
-  - action: run
-    description: "Add extra apt sources"
-    chroot: true
-    script: scripts/apt_source.sh -m {{ $mirror }} -r {{ $suite }} {{if eq $stable "true"}} --updates --security {{end}} target {{if ne $snapshot ""}} --snapshot {{ $snapshot }} {{end}}
-
-  - action: run
-    description: "Add development apt sources"
-    chroot: true
-    script: scripts/apt_source.sh -m {{ $mirror }} -r {{ $suite }} {{if eq $stable "true"}} --updates --security {{end}} development {{if ne $snapshot ""}} --snapshot {{ $snapshot }} {{end}}
-
-  - action: run
-    description: "Add non-free apt source"
-    chroot: true
-    script: scripts/apt_source.sh -m {{ $mirror }} -r {{ $suite }} {{if eq $stable "true"}} --updates --security {{end}} non-free {{if ne $snapshot ""}} --snapshot {{ $snapshot }} {{end}}
-
-  - action: run
-    description: "Add Custom electronica 2022 apt sources"
-    chroot: true
-    script: scripts/apt_source.sh -m https://repositories.collabora.com/showcases/electronica2022 -r {{ $suite }} target
-
   - action: overlay
     source: overlays/dpkg-exclusions-docs
 
@@ -71,57 +51,17 @@ actions:
       - busybox
       - dbus-user-session
 
-  - action: apt
-    description: "Networking packages"
-    packages:
-      - busybox-ping
-      - connman
-      - iptables
-      - netbase
-      - wireless-regdb
-      - wpasupplicant
-
-  - action: apt
-    description: "AppArmor packages"
-    packages:
-      - apparmor
-      - chaiwala-apparmor-profiles
-
-  - action: apt
-    description: "Test environment packages"
-    packages:
-      - libglib2.0-bin
-      - net-tools
-      - openssh-client
-      - openssh-server
-      - vim.tiny
-
-  - action: apt
-    description: "Compositor"
-    packages:
-      - weston
-      - libgl1-mesa-dri
-
   - action: run
     description: Set the hostname
     chroot: false
-    command: echo "electronica2022" > "$ROOTDIR/etc/hostname"
+    command: echo "electronica2022-lava" > "$ROOTDIR/etc/hostname"
 
   - action: overlay
     source: overlays/default-hosts
 
-  - action: overlay
-    source: overlays/iptables-persistence
-
-  - action: overlay
-    source: overlays/iptables-rules
-
   - action: overlay
     source: overlays/machine-info
 
-  - action: overlay
-    source: overlays/loopback-interface
-
   - action: overlay
     source: overlays/media-tmpfs
 
@@ -131,21 +71,11 @@ actions:
   - action: overlay
     source: overlays/sudo-fqdn
 
-  - action: overlay
-    source: overlays/apertis-dev
-
-  - action: overlay
-    source: overlays/fsck
-
   - action: run
     chroot: true
     description: "Enable /tmp mount"
     script: scripts/enable-tmpfs.sh
 
-  - action: run
-    chroot: true
-    script: scripts/add-xdg-user-metadata.sh
-
   - action: run
     chroot: true
     script: scripts/create-mtab-symlink.hook.sh
@@ -162,14 +92,6 @@ actions:
     chroot: true
     script: scripts/check_sudoers_for_admin.sh
 
-  - action: run
-    chroot: true
-    script: scripts/generate_openssh_keys.sh
-
-  - action: run
-    chroot: true
-    script: scripts/add-initramfs-modules.sh
-
   - action: run
     chroot: true
     description: "Disable daily apt download, upgrade and clean activities, https://phabricator.apertis.org/T6341"
@@ -181,50 +103,13 @@ actions:
     command: systemctl disable systemd-timesyncd
 
   - action: run
+    description: Create a base kernel-less initramfs
     chroot: true
-    description: "Disable e2scrub_all service by default"
-    command: systemctl disable e2scrub_all
-
-  - action: run
-    chroot: true
-    description: "Disable e2scrub_all timer by default"
-    command: systemctl disable e2scrub_all.timer
-
-  - action: run
-    chroot: true
-    description: "Disable e2scrub_reap service by default"
-    command: systemctl disable e2scrub_reap
-
-  ## Disable fstrim timer and service since they trigger FS issues
-  ## https://gitlab.apertis.org/infrastructure/apertis-issues/-/issues/70
-  - action: run
-    chroot: true
-    description: "Disable fstrim.timer by default"
-    command: systemctl disable fstrim.timer
-
-  - action: run
-    chroot: true
-    description: "Disable fstrim.service by default"
-    command: systemctl disable fstrim.service
-
-  ## Disable systemd-backlight service on leds:asus::kbd_backlight as this is
-  ## failing on the UP Squared 6000 board.
-  ## https://gitlab.apertis.org/infrastructure/apertis-issues/-/issues/163
-  - action: run
-    chroot: true
-    description: "Mask systemd-backlight@leds:asus::kbd_backlight.service by default"
-    command: systemctl mask systemd-backlight@leds:asus::kbd_backlight.service
-
-  - action: run
-    chroot: true
-    description: "Enable iptables services by default"
-    command: systemctl enable iptables
+    command: mkinitramfs -o /boot/initramfs
 
-  # Add image version information
   - action: run
-    description: "Setting up image version metadata"
-    chroot: true
-    script: scripts/setup_image_version.sh {{ $osname }} {{ $suite }} '{{ $timestamp }}' collabora {{ $type }}
+    chroot: false
+    command: mv ${ROOTDIR}/boot/initramfs ${ARTIFACTDIR}/{{ $architecture }}-initramfs.gz
 
 {{- if eq $pack "true" }}
   - action: run
@@ -237,15 +122,6 @@ actions:
     chroot: false
     script: scripts/list-files "$ROOTDIR" | gzip > "${ARTIFACTDIR}/{{ $ospack }}.filelist.gz"
 
-  - action: run
-    description: Create a base kernel-less initramfs
-    chroot: true
-    command: mkinitramfs -o /boot/initramfs
-
-  - action: run
-    chroot: false
-    command: mv ${ROOTDIR}/boot/initramfs ${ARTIFACTDIR}/{{ $architecture }}-initramfs.gz
-
 
   - action: pack
     compression: gz
diff --git a/overlays/apertis-dev/usr/sbin/apertis-dev b/overlays/apertis-dev/usr/sbin/apertis-dev
deleted file mode 100755
index 7c15e6f..0000000
--- a/overlays/apertis-dev/usr/sbin/apertis-dev
+++ /dev/null
@@ -1,105 +0,0 @@
-#!/bin/sh
-
-# Copyright © 2015 Collabora Ltd.
-#
-# SPDX-License-Identifier: MPL-2.0
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-# Reconfigure an Apertis target system for debugging and basic development.
-
-set -e
-
-die () {
-    echo "$0: $@" >&2
-    exit 1
-}
-
-packages="openssh-server rsync"
-build=
-build_dep=""
-gpl3=
-enable_debug=
-disable_debug=
-
-while [ "$#" -gt 0 ]; do
-    case "$1" in
-        (--help)
-            echo "usage: sudo apertis-dev [OPTIONS]"
-            echo "Enable debugging and basic development."
-            echo "OPTIONS are:"
-            echo "    -b|--build: install basic build tools"
-            echo "    -d|--build-dep PACKAGE: install build-deps of PACKAGE"
-            echo "    -g|--debug: install basic debugging tools"
-            echo "    -3|--gpl3: install GPL3 versions of tar, coreutils"
-            echo "    --enable-debug: enable debug logging from applications"
-            echo "    --disable-debug: disable debug logging from applications"
-            echo "For developer use only: do not do this in production."
-            exit 0
-            ;;
-        (-b|--build)
-            build=1
-            shift
-            ;;
-        (-d|--build-dep)
-            build=1
-            build_dep="$build_dep $2"
-            shift 2
-            ;;
-        (-g|--debug)
-            # devscripts is mainly here so we have debi
-            packages="$packages apertis-tests devscripts gdb strace valgrind bash-completion less systemd-coredump"
-            shift
-            ;;
-        (-3|--gpl3)
-            gpl3=1
-            shift
-            ;;
-        (--enable-debug)
-            enable_debug=1
-            shift
-            ;;
-        (--disable-debug)
-            disable_debug=1
-            shift
-            ;;
-        (*)
-            die "unknown option \"$1\""
-            ;;
-    esac
-done
-
-[ "$(id -u)" = 0 ] || die "must be run as root"
-
-if [ -n "$enable_debug" ] && [ -n "$disable_debug" ]; then
-    echo "Both --enable-debug and --disable-debug specified. Doing neither."
-    enable_debug=
-    disable_debug=
-fi
-
-if [ -n "$build" ]; then
-    packages="$packages build-essential ccache devscripts fakeroot"
-    packages="$packages pristine-tar python3-debian"
-fi
-
-mount -o remount,rw /
-# replace "target" component with "development" unless "development" is
-# already there
-sed -i.orig -e '/\bdevelopment\b/! s/ target\( \|$\)/ target development\1/' /etc/apt/sources.list
-apt update
-apt-get -y install --no-install-recommends eatmydata
-eatmydata apt-get -y install --no-install-recommends $packages
-if [ -n "$build_dep" ]; then
-    eatmydata apt-get -y build-dep --no-install-recommends $build_dep
-fi
-
-if [ -n "$gpl3" ]; then
-    # Workaround for https://bugs.apertis.org/show_bug.cgi?id=626
-    # dpkg will fail if there isn't a tar and an rm on $PATH
-    cp /bin/rm /bin/tar /usr/local/bin
-    apt-get -y install coreutils tar
-    rm /usr/local/bin/rm /usr/local/bin/tar
-fi
-
-# vim:set sw=4 sts=4 et:
diff --git a/overlays/iptables-persistence/lib/systemd/system/iptables.service b/overlays/iptables-persistence/lib/systemd/system/iptables.service
deleted file mode 100644
index 1cf03a8..0000000
--- a/overlays/iptables-persistence/lib/systemd/system/iptables.service
+++ /dev/null
@@ -1,20 +0,0 @@
-[Unit]
-Description=Packet Filtering Rules
-DefaultDependencies=no
-Wants=network-pre.target systemd-modules-load.service local-fs.target
-Before=network-pre.target shutdown.target
-After=systemd-modules-load.service local-fs.target
-Conflicts=shutdown.target
-ConditionPathExists=/etc/iptables/rules.v4
-ConditionPathExists=/etc/iptables/rules.v6
-
-[Service]
-Type=oneshot
-ExecStart=/usr/sbin/iptables-restore /etc/iptables/rules.v4
-ExecStart=/usr/sbin/ip6tables-restore /etc/iptables/rules.v6
-ExecReload=/usr/sbin/iptables-restore /etc/iptables/rules.v4
-ExecReload=/usr/sbin/ip6tables-restore /etc/iptables/rules.v6
-RemainAfterExit=yes
-
-[Install]
-WantedBy=multi-user.target
diff --git a/overlays/iptables-persistence/lib/systemd/system/multi-user.target.wants/iptables.service b/overlays/iptables-persistence/lib/systemd/system/multi-user.target.wants/iptables.service
deleted file mode 120000
index b8341f5..0000000
--- a/overlays/iptables-persistence/lib/systemd/system/multi-user.target.wants/iptables.service
+++ /dev/null
@@ -1 +0,0 @@
-../iptables.service
\ No newline at end of file
diff --git a/overlays/iptables-rules/etc/iptables/rules.v4 b/overlays/iptables-rules/etc/iptables/rules.v4
deleted file mode 100644
index 5d5cd92..0000000
--- a/overlays/iptables-rules/etc/iptables/rules.v4
+++ /dev/null
@@ -1,31 +0,0 @@
-# sample configuration for iptables service
-# you can edit this manually
-# inspired from Fedora's packaging of iptables on:
-# git://pkgs.fedoraproject.org/iptables.git
-*filter
-:INPUT ACCEPT [0:0]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
--A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
--A INPUT -p icmp -j ACCEPT
--A INPUT -i lo -j ACCEPT
--A INPUT -i gpic0 -j ACCEPT
-# Accept http
--A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-# Accept ssh for development
--A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-# Accept mDNS and UPnP (Avahi)
--A INPUT -p udp -m udp --dport 1900 -j ACCEPT
--A INPUT -p udp -m udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-# Accept dhcp/dns and forwarding on the tether interface
--A INPUT -p udp --dport 67 -i tether -j ACCEPT
--A INPUT -p udp --dport 53 -i tether -j ACCEPT
--A INPUT -p tcp -m state --state NEW -m tcp --dport 1234 -j ACCEPT
-
--A FORWARD -i tether -j ACCEPT
--A FORWARD -o tether -j ACCEPT
-
-# Reject everything else
--A INPUT -j REJECT --reject-with icmp-host-prohibited
--A FORWARD -j REJECT --reject-with icmp-host-prohibited
-COMMIT
diff --git a/overlays/iptables-rules/etc/iptables/rules.v6 b/overlays/iptables-rules/etc/iptables/rules.v6
deleted file mode 100644
index 9e1f579..0000000
--- a/overlays/iptables-rules/etc/iptables/rules.v6
+++ /dev/null
@@ -1,16 +0,0 @@
-# sample configuration for ip6tables service
-# you can edit this manually
-# inspired from Fedora's packaging of iptables on:
-# git://pkgs.fedoraproject.org/iptables.git
-*filter
-:INPUT ACCEPT [0:0]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
--A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
--A INPUT -p ipv6-icmp -j ACCEPT
--A INPUT -i lo -j ACCEPT
--A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
--A INPUT -p tcp -m state --state NEW -m tcp --dport 1234 -j ACCEPT
--A INPUT -j REJECT --reject-with icmp6-adm-prohibited
--A FORWARD -j REJECT --reject-with icmp6-adm-prohibited
-COMMIT
diff --git a/scripts/add-initramfs-modules.sh b/scripts/add-initramfs-modules.sh
deleted file mode 100755
index 73b8a92..0000000
--- a/scripts/add-initramfs-modules.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/sh
-
-set -e
-
-# Add extra modules to initramfs
-echo "I: Adding netprio_cgroup and cls_cgroup modules to initramfs"
-echo netprio_cgroup >> /etc/initramfs-tools/modules
-echo cls_cgroup >> /etc/initramfs-tools/modules
-update-initramfs -u
diff --git a/scripts/add-xdg-user-metadata.sh b/scripts/add-xdg-user-metadata.sh
deleted file mode 100755
index 4945f33..0000000
--- a/scripts/add-xdg-user-metadata.sh
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/sh
-
-set -e
-
-# Hackish: Add user XDG metadata BUG: #1157
-echo "I: Adding XDG user metadata."
-for d in .config .cache .dbus
-do
-    mkdir -p "/etc/skel/$d"
-    mkdir -p "/root/$d"
-done
-
-for d in bin etc include lib libexec share
-do
-    mkdir -p "/etc/skel/.local/$d"
-    mkdir -p "/root/.local/$d"
-done
-- 
GitLab


From 979f12d11d1ff992c564a4003741239eea781989 Mon Sep 17 00:00:00 2001
From: Sjoerd Simons <sjoerd@collabora.com>
Date: Sat, 12 Nov 2022 10:30:39 +0100
Subject: [PATCH 3/4] Improve networking setup for nfs based systems

Switched to systemd-network as the network configuration daemon and set
it up to keep configuration such that it takes over what was setup in
early boot for nfs root

Signed-off-by: Sjoerd Simons <sjoerd@collabora.com>
---
 ospack.yaml                                   | 12 +++++++++++
 .../systemd/network/73-usb-net-by-mac.link    |  5 +++++
 .../etc/systemd/network/99-default.link       | 20 +++++++++++++++++++
 .../etc/systemd/network/wired.network         |  7 +++++++
 .../etc/systemd/sleep.conf.d/nosuspend.conf   |  5 +++++
 .../serial-getty@.service.d/override.conf     |  3 +++
 .../override.conf                             |  3 +++
 scripts/enable-tmpfs.sh                       |  5 +++++
 8 files changed, 60 insertions(+)
 create mode 100644 overlays/networking/etc/systemd/network/73-usb-net-by-mac.link
 create mode 100644 overlays/networking/etc/systemd/network/99-default.link
 create mode 100644 overlays/networking/etc/systemd/network/wired.network
 create mode 100644 overlays/networking/etc/systemd/sleep.conf.d/nosuspend.conf
 create mode 100644 overlays/networking/etc/systemd/system/serial-getty@.service.d/override.conf
 create mode 100644 overlays/networking/etc/systemd/system/systemd-networkd-wait-online.service.d/override.conf

diff --git a/ospack.yaml b/ospack.yaml
index e786a87..8033e66 100644
--- a/ospack.yaml
+++ b/ospack.yaml
@@ -51,6 +51,18 @@ actions:
       - busybox
       - dbus-user-session
 
+  - action: run
+    description: Enable systemd network services
+    chroot: true
+    command: |
+      systemctl enable systemd-networkd
+      systemctl enable systemd-networkd-wait-online
+      systemctl enable systemd-resolved
+      ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
+
+  - action: overlay
+    source: overlays/networking
+
   - action: run
     description: Set the hostname
     chroot: false
diff --git a/overlays/networking/etc/systemd/network/73-usb-net-by-mac.link b/overlays/networking/etc/systemd/network/73-usb-net-by-mac.link
new file mode 100644
index 0000000..0fef243
--- /dev/null
+++ b/overlays/networking/etc/systemd/network/73-usb-net-by-mac.link
@@ -0,0 +1,5 @@
+[Match]
+Path=*-usb-*
+
+[Link]
+NamePolicy=
\ No newline at end of file
diff --git a/overlays/networking/etc/systemd/network/99-default.link b/overlays/networking/etc/systemd/network/99-default.link
new file mode 100644
index 0000000..f3f1aea
--- /dev/null
+++ b/overlays/networking/etc/systemd/network/99-default.link
@@ -0,0 +1,20 @@
+# SPDX-License-Identifier: CC0-1.0
+#
+# This config file is installed as part of systemd.
+# It may be freely copied and edited (following the Creative Commons Zero v1.0 Universal License).
+#
+# To make local modifications, one of the following methods may be used:
+# 1. add a drop-in file that extends this file by creating the
+#    /etc/systemd/network/99-default.link.d/ directory and creating a
+#    new .conf file there.
+# 2. copy this file into /etc/systemd/network or one of the other paths checked
+#    by systemd-udevd and edit it there.
+# This file should not be edited in place, because it'll be overwritten on upgrades.
+
+[Match]
+OriginalName=*
+
+[Link]
+NamePolicy=
+AlternativeNamesPolicy=database onboard slot path
+MACAddressPolicy=persistent
diff --git a/overlays/networking/etc/systemd/network/wired.network b/overlays/networking/etc/systemd/network/wired.network
new file mode 100644
index 0000000..f7eedce
--- /dev/null
+++ b/overlays/networking/etc/systemd/network/wired.network
@@ -0,0 +1,7 @@
+[Match]
+Name=e*
+
+[Network]
+DHCP=yes
+KeepConfiguration=yes
+
diff --git a/overlays/networking/etc/systemd/sleep.conf.d/nosuspend.conf b/overlays/networking/etc/systemd/sleep.conf.d/nosuspend.conf
new file mode 100644
index 0000000..95b0793
--- /dev/null
+++ b/overlays/networking/etc/systemd/sleep.conf.d/nosuspend.conf
@@ -0,0 +1,5 @@
+[Sleep]
+AllowSuspend=no
+AllowHibernation=no
+AllowSuspendThenHibernate=no
+AllowHybridSleep=no
diff --git a/overlays/networking/etc/systemd/system/serial-getty@.service.d/override.conf b/overlays/networking/etc/systemd/system/serial-getty@.service.d/override.conf
new file mode 100644
index 0000000..0a38143
--- /dev/null
+++ b/overlays/networking/etc/systemd/system/serial-getty@.service.d/override.conf
@@ -0,0 +1,3 @@
+[Unit]
+Wants=network-online.target
+After=network-online.target
diff --git a/overlays/networking/etc/systemd/system/systemd-networkd-wait-online.service.d/override.conf b/overlays/networking/etc/systemd/system/systemd-networkd-wait-online.service.d/override.conf
new file mode 100644
index 0000000..1ef5a03
--- /dev/null
+++ b/overlays/networking/etc/systemd/system/systemd-networkd-wait-online.service.d/override.conf
@@ -0,0 +1,3 @@
+[Service]
+ExecStart=
+ExecStart=/lib/systemd/systemd-networkd-wait-online --any
diff --git a/scripts/enable-tmpfs.sh b/scripts/enable-tmpfs.sh
index 0a5501b..e4099e9 100755
--- a/scripts/enable-tmpfs.sh
+++ b/scripts/enable-tmpfs.sh
@@ -6,3 +6,8 @@ set -e
 # NB: we generate /etc/fstab with debos, so use systemd's mechanism
 cp /usr/share/systemd/tmp.mount /etc/systemd/system/
 systemctl enable tmp.mount
+
+cp /usr/share/systemd/tmp.mount /etc/systemd/system/var-tmp.mount
+sed -i 's,/tmp,/var/tmp,g' /etc/systemd/system/var-tmp.mount
+systemctl enable var-tmp.mount
+
-- 
GitLab


From 6e3fb66f93522dc9bf0fa80ed30fe1e0f4fb62cb Mon Sep 17 00:00:00 2001
From: Sjoerd Simons <sjoerd@collabora.com>
Date: Sat, 12 Nov 2022 10:42:03 +0100
Subject: [PATCH 4/4] Add a more verbose shell prompt for lava to match against

Signed-off-by: Sjoerd Simons <sjoerd@collabora.com>
---
 ospack.yaml                                 | 4 ++++
 overlays/shell-profile/etc/profile.d/ash.sh | 5 +++++
 2 files changed, 9 insertions(+)
 create mode 100644 overlays/shell-profile/etc/profile.d/ash.sh

diff --git a/ospack.yaml b/ospack.yaml
index 8033e66..777d532 100644
--- a/ospack.yaml
+++ b/ospack.yaml
@@ -96,6 +96,10 @@ actions:
     chroot: true
     script: scripts/setup_user.sh
 
+  - description: "Setup shell prompt in ash"
+    action: overlay
+    source: overlays/shell-profile
+
   - action: run
     chroot: true
     script: scripts/add_user_to_groups.sh
diff --git a/overlays/shell-profile/etc/profile.d/ash.sh b/overlays/shell-profile/etc/profile.d/ash.sh
new file mode 100644
index 0000000..20c3030
--- /dev/null
+++ b/overlays/shell-profile/etc/profile.d/ash.sh
@@ -0,0 +1,5 @@
+if [ "$(id -u)" -eq 0 ]; then
+  export PS1="\u@\h:\w# "
+else
+  export PS1="\u@\h:\w\$ "
+fi
-- 
GitLab