From 4b61b1633d15d180c7d70e5ba9d5c9882a27784a Mon Sep 17 00:00:00 2001 From: "Lance R. Vick" Date: Mon, 30 Jan 2023 15:17:54 -0800 Subject: [PATCH] Refactor to use distrust/toolchain project. --- .gitignore | 2 +- .gitmodules | 3 + Makefile | 277 +++--------------- .../buildroot/configs/airgap_qemu_defconfig | 2 +- .../buildroot/configs/airgap_x86_64_defconfig | 6 +- config/config.env | 14 - config/global.env | 7 + scripts/build-fw | 11 - scripts/build-os | 8 - scripts/clean | 11 - scripts/environment | 12 - scripts/fetch | 38 --- scripts/host-env | 20 -- scripts/linux-menuconfig | 9 - scripts/menuconfig | 9 - scripts/shell | 4 - scripts/vm | 9 - {scripts => src/scripts}/audit | 0 src/toolchain | 1 + src/toolchain/Dockerfile | 18 -- src/toolchain/scripts/packages-install | 26 -- src/toolchain/scripts/packages-update | 43 --- 22 files changed, 55 insertions(+), 475 deletions(-) create mode 100644 .gitmodules delete mode 100644 config/config.env create mode 100644 config/global.env delete mode 100755 scripts/build-fw delete mode 100755 scripts/build-os delete mode 100755 scripts/clean delete mode 100755 scripts/environment delete mode 100755 scripts/fetch delete mode 100755 scripts/host-env delete mode 100755 scripts/linux-menuconfig delete mode 100755 scripts/menuconfig delete mode 100755 scripts/shell delete mode 100755 scripts/vm rename {scripts => src/scripts}/audit (100%) create mode 160000 src/toolchain delete mode 100644 src/toolchain/Dockerfile delete mode 100755 src/toolchain/scripts/packages-install delete mode 100755 src/toolchain/scripts/packages-update diff --git a/.gitignore b/.gitignore index df8deed..a84c17b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ -build/ +cache/ out/ release/develop .* diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..0628b7d --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "src/toolchain"] + path = src/toolchain + url = git@codeberg.org:distrust/toolchain.git diff --git a/Makefile b/Makefile index 0291a2f..80a74a7 100644 --- a/Makefile +++ b/Makefile @@ -1,195 +1,66 @@ -NAME := airgap -IMAGE := local/$(NAME):latest -ARCH := x86_64 -TARGET := $(ARCH) -USER := $(shell id -u):$(shell id -g) -CPUS := $(shell docker run -it debian nproc) -GIT_REF := $(shell git log -1 --format=%H config) -GIT_AUTHOR := $(shell git log -1 --format=%an config) -GIT_KEY := $(shell git log -1 --format=%GP config) -GIT_EPOCH := $(shell git log -1 --format=%at config) -GIT_DATETIME := \ - $(shell git log -1 --format=%cd --date=format:'%Y-%m-%d %H:%M:%S' config) -ifeq ($(strip $(shell git status --porcelain 2>/dev/null)),) - GIT_STATE=clean -else - GIT_STATE=dirty -endif -VERSION := $(shell TZ=UTC0 git show --quiet --date='format-local:%Y%m%dT%H%M%SZ' --format="%cd") -RELEASE_DIR := release/$(VERSION) -CONFIG_DIR := config -BR2_EXTERNAL := $(CONFIG_DIR)/buildroot -HEADS_EXTERNAL := $(CONFIG_DIR)/heads -CACHE_DIR := build -SRC_DIR := src -OUT_DIR := out -docker = docker -executables = $(docker) git patch +include $(PWD)/src/toolchain/Makefile -include $(PWD)/config/config.env - -## Use env vars from existing release if present -ifneq (,$(wildcard $(RELEASE_DIR)/release.env)) - include $(RELEASE_DIR)/release.env - export -endif - -.DEFAULT_GOAL := out/manifest.txt - -## Primary Targets - -.PHONY: fetch -fetch: $(CACHE_DIR)/toolchain.tar - mkdir -p build release - $(call toolchain,$(USER),"fetch") +.DEFAULT_GOAL := $(OUT_DIR)/airgap.iso .PHONY: clean -clean: $(CACHE_DIR)/toolchain.tar - $(call toolchain,$(USER),"clean") +clean: toolchain + rm -f $(OUT_DIR) $(CACHE_DIR)/buildroot-ccache || : + $(call toolchain,$(USER)," \ + cd $(CACHE_DIR)/buildroot; \ + make clean; \ + ") .PHONY: mrproper mrproper: docker image rm -f $(IMAGE) rm -rf $(CACHE_DIR) $(OUT_DIR) -## Release Targets - -.PHONY: release -release: | \ - $(OUT_DIR)/release.env \ - $(OUT_DIR)/airgap.iso \ - $(OUT_DIR)/manifest.txt - mkdir -p $(RELEASE_DIR) - cp out/release.env $(RELEASE_DIR)/release.env - cp out/airgap.iso $(RELEASE_DIR)/airgap.iso - cp out/manifest.txt $(RELEASE_DIR)/manifest.txt - -.PHONY: attest -attest: - rm -rf $(CACHE_DIR) $(OUT_DIR) - $(MAKE) $(OUT_DIR)/manifest.txt - diff -q $(OUT_DIR)/manifest.txt release/$(VERSION)/manifest.txt; - -.PHONY: sign -sign: - set -e; \ - git config --get user.signingkey 2>&1 >/dev/null || { \ - echo "Error: git user.signingkey is not defined"; \ - exit 1; \ - }; \ - fingerprint=$$(\ - git config --get user.signingkey \ - | sed 's/.*\([A-Z0-9]\{16\}\).*/\1/g' \ - ); \ - gpg --armor \ - --detach-sig \ - --output $(RELEASE_DIR)/manifest.$${fingerprint}.asc \ - $(RELEASE_DIR)/manifest.txt - -.PHONY: verify -verify: | $(RELEASE_DIR)/manifest.txt - set -e; \ - for file in $(RELEASE_DIR)/manifest.*.asc; do \ - echo "\nVerifying: $${file}\n"; \ - gpg --verify $${file} $(RELEASE_DIR)/manifest.txt; \ - done; - -.PHONY: audit -audit: $(CACHE_DIR)/toolchain.tar - mkdir -p $(CACHE_DIR)/audit - $(call toolchain,$(USER),"audit") - -$(RELEASE_DIR): - mkdir -p $(RELEASE_DIR) - -$(RELEASE_DIR)/release.env: \ - $(RELEASE_DIR) \ - $(OUT_DIR)/release.env - cp $(OUT_DIR)/release.env $(RELEASE_DIR)/release.env - -$(RELEASE_DIR)/airgap.iso: \ - $(RELEASE_DIR) \ - $(OUT_DIR)/airgap.iso - cp $(OUT_DIR)/airgap.iso $(RELEASE_DIR)/airgap.iso - -$(RELEASE_DIR)/manifest.txt: \ - $(RELEASE_DIR) \ - $(OUT_DIR)/manifest.txt - cp $(OUT_DIR)/manifest.txt $(RELEASE_DIR)/manifest.txt - -## Development Targets - .PHONY: menuconfig -menuconfig: $(CACHE_DIR)/toolchain.tar - $(call toolchain,$(USER),"menuconfig") +menuconfig: toolchain + $(call toolchain,$(USER)," \ + cd $(CACHE_DIR)/buildroot; \ + make "airgap_$(TARGET)_defconfig"; \ + make menuconfig; \ + ") cp $(CACHE_DIR)/buildroot/.config \ "config/buildroot/configs/airgap_$(TARGET)_defconfig" .PHONY: linux-menuconfig -linux-menuconfig: $(CACHE_DIR)/toolchain.tar - $(call toolchain,$(USER),"linux-menuconfig") +linux-menuconfig: toolchain + $(call toolchain,$(USER),"\ + cd $(CACHE_DIR)/buildroot; \ + make linux-menuconfig; \ + make linux-update-defconfig; \ + ") .PHONY: vm -vm: $(CACHE_DIR)/toolchain.tar - $(call toolchain,$(USER),"vm") +vm: toolchain + $(call toolchain,$(USER)," \ + qemu-system-i386 \ + -M pc \ + -nographic \ + -cdrom "${HOME}/release/${TARGET}/airgap.iso"; \ + ") -# Launch a shell inside the toolchain container -.PHONY: toolchain-shell -toolchain-shell: $(CACHE_DIR)/toolchain.tar - $(call toolchain,$(USER),"bash --norc") +.PHONY: release +release: | \ + $(OUT_DIR)/airgap.iso \ + $(OUT_DIR)/manifest.txt + mkdir -p $(RELEASE_DIR) + cp $(OUT_DIR)/release.env $(RELEASE_DIR)/release.env + cp $(OUT_DIR)/airgap.iso $(RELEASE_DIR)/airgap.iso + cp $(OUT_DIR)/manifest.txt $(RELEASE_DIR)/manifest.txt -# Pin all packages in toolchain container to latest versions -.PHONY: toolchain-update -toolchain-update: - docker run \ - --rm \ - --env LOCAL_USER=$(USER) \ - --platform=linux/$(ARCH) \ - --volume $(PWD)/$(CONFIG_DIR):/config \ - --volume $(PWD)/$(SRC_DIR)/toolchain/scripts:/usr/local/bin \ - --env ARCH=$(ARCH) \ - --interactive \ - --tty \ - debian@sha256:$(DEBIAN_HASH) \ - bash -c /usr/local/bin/packages-update - -## Real targets - -$(CACHE_DIR)/toolchain.tar: - mkdir -p $(CACHE_DIR) - DOCKER_BUILDKIT=1 \ - docker build \ - --tag $(IMAGE) \ - --build-arg DEBIAN_HASH=$(DEBIAN_HASH) \ - --build-arg CONFIG_DIR=$(CONFIG_DIR) \ - --build-arg SCRIPTS_DIR=$(SRC_DIR)/toolchain/scripts \ - --platform=linux/$(ARCH) \ - -f $(SRC_DIR)/toolchain/Dockerfile \ - . - docker save "$(IMAGE)" -o "$@" - -$(CACHE_DIR)/buildroot: $(CACHE_DIR)/toolchain.tar +$(CACHE_DIR)/buildroot: toolchain $(call git_clone,buildroot,$(BUILDROOT_REPO),$(BUILDROOT_REF)) -$(CACHE_DIR)/heads: $(CACHE_DIR)/toolchain.tar - $(call git_clone,heads,$(HEADS_REPO),$(HEADS_REF)) - -$(OUT_DIR): - mkdir -p $(OUT_DIR) - -$(OUT_DIR)/release.env: $(OUT_DIR) - echo 'VERSION=$(VERSION)' > $(OUT_DIR)/release.env - echo 'GIT_REF=$(GIT_REF)' >> $(OUT_DIR)/release.env - echo 'GIT_AUTHOR=$(GIT_AUTHOR)' >> $(OUT_DIR)/release.env - echo 'GIT_KEY=$(GIT_KEY)' >> $(OUT_DIR)/release.env - echo 'GIT_DATETIME=$(GIT_DATETIME)' >> $(OUT_DIR)/release.env - $(OUT_DIR)/airgap.iso: \ + toolchain \ $(CACHE_DIR)/buildroot \ $(OUT_DIR)/release.env - $(call apply_patches,buildroot,$(BR2_EXTERNAL)/patches) + $(call apply_patches,$(CACHE_DIR)/buildroot,$(BR2_EXTERNAL)/patches) $(call toolchain,$(USER)," \ - cd buildroot; \ + cd $(CACHE_DIR)/buildroot; \ make "airgap_$(TARGET)_defconfig"; \ unset FAKETIME; \ make source; \ @@ -198,73 +69,3 @@ $(OUT_DIR)/airgap.iso: \ mkdir -p $(OUT_DIR) cp $(CACHE_DIR)/buildroot/output/images/rootfs.iso9660 \ $(OUT_DIR)/airgap.iso - -$(OUT_DIR)/manifest.txt: \ - $(OUT_DIR)/airgap.iso \ - $(OUT_DIR)/release.env - cd $(OUT_DIR); \ - openssl sha256 -r release.env > manifest.txt; \ - openssl sha256 -r airgap.iso >> manifest.txt; - -## Make Helpers - -check_executables := $(foreach exec,$(executables),\$(if \ - $(shell which $(exec)),some string,$(error "No $(exec) in PATH"))) - -define git_clone - [ -d $(CACHE_DIR)/$(1) ] || git clone $(2) $(CACHE_DIR)/$(1) - git -C $(CACHE_DIR)/$(1) checkout $(3) - git -C $(CACHE_DIR)/$(1) rev-parse --verify HEAD | grep -q $(3) || { \ - echo 'Error: Git ref/branch collision.'; exit 1; \ - }; -endef - -define apply_patches - [ -d $(2) ] && $(call toolchain,$(USER)," \ - cd $(1); \ - git restore .; \ - find /$(2) -type f -iname '*.patch' -print0 \ - | xargs -t -0 -n 1 patch -p1 --no-backup-if-mismatch -i ; \ - ") -endef - -define toolchain - docker load -i $(CACHE_DIR)/toolchain.tar - docker run \ - --rm \ - --tty \ - --interactive \ - --user=$(1) \ - --platform=linux/$(ARCH) \ - --volume $(PWD)/config:/config \ - --volume $(PWD)/$(KEY_DIR):/keys \ - --volume $(PWD)/$(SRC_DIR):/src \ - --volume $(PWD)/$(CACHE_DIR):/home/build \ - --volume $(PWD)/scripts:/usr/local/bin \ - --cpus $(CPUS) \ - --workdir /home/build \ - --env HOME=/home/build \ - --env PS1="$(NAME)-toolchain" \ - --env GNUPGHOME=/cache/.gnupg \ - --env ARCH=$(ARCH) \ - --env TARGET="$(ARCH)" \ - --env GIT_REF="$(GIT_REF)" \ - --env GIT_AUTHOR="$(GIT_AUTHOR)" \ - --env GIT_KEY="$(GIT_KEY)" \ - --env GIT_DATETIME="$(GIT_DATETIME)" \ - --env GIT_EPOCH="$(GIT_EPOCH)" \ - --env KBUILD_BUILD_USER=$(KBUILD_BUILD_USER) \ - --env KBUILD_BUILD_HOST=$(KBUILD_BUILD_HOST) \ - --env KBUILD_BUILD_VERSION=$(KBUILD_BUILD_VERSION) \ - --env KBUILD_BUILD_TIMESTAMP=$(KBUILD_BUILD_TIMESTAMP) \ - --env KCONFIG_NOTIMESTAMP=$(KCONFIG_NOTIMESTAMP) \ - --env SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \ - --env FAKETIME_FMT=$(FAKETIME_FMT) \ - --env FAKETIME=$(FAKETIME) \ - --env BR2_EXTERNAL="/$(BR2_EXTERNAL)" \ - --env HEADS_EXTERNAL="/$(HEADS_EXTERNAL)" \ - --env UID="$(shell id -u)" \ - --env GID="$(shell id -g)" \ - $(IMAGE) \ - bash -c $(2) -endef diff --git a/config/buildroot/configs/airgap_qemu_defconfig b/config/buildroot/configs/airgap_qemu_defconfig index a639eba..ba3da9d 100644 --- a/config/buildroot/configs/airgap_qemu_defconfig +++ b/config/buildroot/configs/airgap_qemu_defconfig @@ -117,7 +117,7 @@ BR2_LUAROCKS_MIRROR="http://rocks.moonscript.org" BR2_CPAN_MIRROR="http://cpan.metacpan.org" BR2_JLEVEL=0 BR2_CCACHE=y -BR2_CCACHE_DIR="$(HOME)/build/buildroot-ccache" +BR2_CCACHE_DIR="$(HOME)/cache/buildroot-ccache" BR2_CCACHE_INITIAL_SETUP="" BR2_CCACHE_USE_BASEDIR=y # BR2_ENABLE_DEBUG is not set diff --git a/config/buildroot/configs/airgap_x86_64_defconfig b/config/buildroot/configs/airgap_x86_64_defconfig index da47205..0ac559f 100644 --- a/config/buildroot/configs/airgap_x86_64_defconfig +++ b/config/buildroot/configs/airgap_x86_64_defconfig @@ -3,7 +3,7 @@ # Buildroot 2022.02.8-dirty Configuration # BR2_HAVE_DOT_CONFIG=y -BR2_EXTERNAL_Airgap_PATH="/config/buildroot" +BR2_EXTERNAL_Airgap_PATH="/home/build/config/buildroot" BR2_HOST_GCC_AT_LEAST_4_9=y BR2_HOST_GCC_AT_LEAST_5=y BR2_HOST_GCC_AT_LEAST_6=y @@ -129,7 +129,7 @@ BR2_LUAROCKS_MIRROR="http://rocks.moonscript.org" BR2_CPAN_MIRROR="http://cpan.metacpan.org" BR2_JLEVEL=0 BR2_CCACHE=y -BR2_CCACHE_DIR="$(HOME)/build/buildroot-ccache" +BR2_CCACHE_DIR="$(HOME)/cache/buildroot-ccache" BR2_CCACHE_INITIAL_SETUP="" BR2_CCACHE_USE_BASEDIR=y # BR2_ENABLE_DEBUG is not set @@ -4500,7 +4500,7 @@ BR2_TARGET_UBOOT_CUSTOM_PATCH_DIR="" # # -# Linux distribution for offline cryptography use cases (in /config/buildroot) +# Linux distribution for offline cryptography use cases (in /home/build/config/buildroot) # # diff --git a/config/config.env b/config/config.env deleted file mode 100644 index 3ad73f4..0000000 --- a/config/config.env +++ /dev/null @@ -1,14 +0,0 @@ -export BUILDROOT_REF=ea51485ee9ab44f72f8b1cc019dcb17f276d1def -export HEADS_REF=6e62c83e164231c629d77a45d37569b3bff43d3f -export DEBIAN_HASH=48b28b354484a7f0e683e340fa0e6e4c4bce3dc3aa0146fc2f78f443fde2c55d -export FAKETIME_FMT="%s" -export FAKETIME="1" -export SOURCE_DATE_EPOCH=1 -export KBUILD_BUILD_TIMESTAMP="1970-01-01 00:00:00 UTC" -export KCONFIG_NOTIMESTAMP=1 -export KBUILD_BUILD_USER=root -export KBUILD_BUILD_HOST=AirgapOS -export KBUILD_BUILD_VERSION=1 - -export BUILDROOT_REPO=git://git.busybox.net/buildroot -export HEADS_REPO=https://source.puri.sm/coreboot/purism-heads.git diff --git a/config/global.env b/config/global.env new file mode 100644 index 0000000..cd6c4d3 --- /dev/null +++ b/config/global.env @@ -0,0 +1,7 @@ +DEBIAN_HASH=48b28b354484a7f0e683e340fa0e6e4c4bce3dc3aa0146fc2f78f443fde2c55d +BUILDROOT_REF=ea51485ee9ab44f72f8b1cc019dcb17f276d1def +HEADS_REF=6e62c83e164231c629d77a45d37569b3bff43d3f +BUILDROOT_REPO=git://git.busybox.net/buildroot +HEADS_REPO=https://source.puri.sm/coreboot/purism-heads.git +BR2_EXTERNAL=/home/build/config/buildroot +HEADS_EXTERNAL=/home/build/config/heads diff --git a/scripts/build-fw b/scripts/build-fw deleted file mode 100755 index 92cce4d..0000000 --- a/scripts/build-fw +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; } -set -e; source environment - -devices=${DEVICES?} -build_dir="${BUILD_DIR?}" -heads_dir="${build_dir}/heads" - -for device in ${devices}; do - (cd "${heads_dir}"; make BOARD="$device") -done diff --git a/scripts/build-os b/scripts/build-os deleted file mode 100755 index 364ea62..0000000 --- a/scripts/build-os +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash -[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; } -set -e; source environment -unset FAKETIME - -buildroot_dir="${HOME}/buildroot" - -(cd "${buildroot_dir}"; make ) diff --git a/scripts/clean b/scripts/clean deleted file mode 100755 index 658a901..0000000 --- a/scripts/clean +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; } -set -e; source environment - -build_dir="${BUILD_DIR?}" -release_dir="${RELEASE_DIR?}" - -[ -d "${build_dir}/buildroot" ] && (cd ${build_dir}/buildroot && make clean) -[ -d "${build_dir}/heads" ] && (cd ${build_dir}/heads && make real.clean) -[ -d "${build_dir}/buildroot-ccache" ] && rm -rf ${build_dir}/buildroot-ccache -[ -d "${release_dir}" ] && rm -rf ${release_dir}/develop diff --git a/scripts/environment b/scripts/environment deleted file mode 100755 index 9f99d56..0000000 --- a/scripts/environment +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -target=${TARGET?} -env_file=/config/config.env - -source ${env_file} - -export HOME=/home/build -export RELEASE_DIR="${HOME}/release" - -mkdir -p ${HOME} -chown -R "${UID}:${GID}" /home/build/ diff --git a/scripts/fetch b/scripts/fetch deleted file mode 100755 index 297f998..0000000 --- a/scripts/fetch +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash -[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; } -set -e; source environment - -heads_dir="${HOME}/heads" -heads_repo="${HEADS_REPO?}" -heads_ref=${HEADS_REF?} -heads_external=${HEADS_EXTERNAL?} -devices=${DEVICES?} -target=${TARGET?} -unset FAKETIME - -[[ -f ~/.gitconfig ]] || \ - printf "[color]\nui=auto\n[user]\nemail=build@local\nname=Build User" \ - > ~/.gitconfig - -[ "$(ls -A "${heads_dir}")" ] \ - || git clone "$heads_repo" "$heads_dir" -( - cd "$heads_dir"; - git checkout "$heads_ref"; - git reset --hard; - git tag airgap || : - current_ref="$(git rev-parse --verify HEAD)" - [ "$current_ref" == "$heads_ref" ] || { - echo "Error: $heads_ref was not successfully checked out"; exit 1; - } - if [ "$(ls -A "${heads_external}/patches")" ]; then - for patch in "${heads_external}"/patches/*; do - echo "Applying patch: ${patch}"; - patch -p1 --no-backup-if-mismatch < "${patch}"; - done; - fi - [ -d "${heads_external}/boards" ] && \ - rsync -Pav "${heads_external}/boards/" "${heads_dir}/boards/" - [[ "$devices" =~ "librem" ]] \ - && (cd "$heads_dir/blobs/librem_kbl" && ./get_blobs.sh) -) diff --git a/scripts/host-env b/scripts/host-env deleted file mode 100755 index ec7ca98..0000000 --- a/scripts/host-env +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -set -e - -uid=${UID?} -gid=${GID?} -user=${USER:-"build"} -export HOME="/home/${user}" - -groupadd -g "$gid" "${user}" -useradd \ - -g "$gid" \ - -u "$uid" \ - -md "/home/${user}" \ - -s /bin/bash \ - "${user}" - -mkdir -p "$HOME" -chown -R "$uid:$gid" "$HOME" -cd "$HOME" -setpriv --reuid="$uid" --regid="$gid" --init-groups "$@" diff --git a/scripts/linux-menuconfig b/scripts/linux-menuconfig deleted file mode 100755 index c18c918..0000000 --- a/scripts/linux-menuconfig +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash -[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; } -set -e; source environment - -target=${TARGET?} - -cd /home/build/build/buildroot -make linux-menuconfig -make linux-update-defconfig diff --git a/scripts/menuconfig b/scripts/menuconfig deleted file mode 100755 index 1881fb3..0000000 --- a/scripts/menuconfig +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash -[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; } -set -e; source environment - -target=${TARGET?} - -cd /home/build/buildroot -make "airgap_${TARGET}_defconfig" -make menuconfig diff --git a/scripts/shell b/scripts/shell deleted file mode 100755 index c79e31c..0000000 --- a/scripts/shell +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash --init-file -[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; } -source environment -clear diff --git a/scripts/vm b/scripts/vm deleted file mode 100755 index 2ec6b3d..0000000 --- a/scripts/vm +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash -[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; } -source environment -set -e - -qemu-system-i386 \ - -M pc \ - -nographic \ - -cdrom "${HOME}/release/${TARGET}/airgap.iso" diff --git a/scripts/audit b/src/scripts/audit similarity index 100% rename from scripts/audit rename to src/scripts/audit diff --git a/src/toolchain b/src/toolchain new file mode 160000 index 0000000..5191085 --- /dev/null +++ b/src/toolchain @@ -0,0 +1 @@ +Subproject commit 5191085576e4f9d043bbc2b0ca091d4bb81efaff diff --git a/src/toolchain/Dockerfile b/src/toolchain/Dockerfile deleted file mode 100644 index 37e384d..0000000 --- a/src/toolchain/Dockerfile +++ /dev/null @@ -1,18 +0,0 @@ -ARG DEBIAN_HASH -FROM debian@sha256:${DEBIAN_HASH} - -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - PATH=/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - -ARG CONFIG_DIR -ADD ${CONFIG_DIR} /config - -ARG SCRIPTS_DIR -ADD ${SCRIPTS_DIR} /usr/local/bin - -RUN packages-install - -RUN echo "/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1" \ - > /etc/ld.so.preload diff --git a/src/toolchain/scripts/packages-install b/src/toolchain/scripts/packages-install deleted file mode 100755 index 13b6acf..0000000 --- a/src/toolchain/scripts/packages-install +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/env bash -set -e; - -ARCH=$(uname -m) - -cp /config/toolchain/* /etc/apt/ - -apt-get update -apt-get install debian-archive-keyring - -until apt-get install --download-only --reinstall --allow-downgrades -y $(cat /etc/apt/packages-${ARCH}.list); do - echo "apt install failed. Likely throttled. Retrying in 10 mins..."; - sleep 600; -done; - -( - cd /var/cache/apt/archives \ - && find . -type f \( -iname \*.deb \) -exec sha256sum {} \; \ - | sed 's/.\///g' \ - | LC_ALL=C sort -) > /etc/apt/package-hashes-${ARCH}-compare.txt - -diff /etc/apt/package-hashes-${ARCH}{,-compare}.txt - -apt-get install --allow-downgrades -y $(cat /etc/apt/packages-${ARCH}.list) -rm -rf /var/cache/apt/archives/* /var/lib/apt/lists/* /tmp/* /var/tmp/*; diff --git a/src/toolchain/scripts/packages-update b/src/toolchain/scripts/packages-update deleted file mode 100755 index d385f2b..0000000 --- a/src/toolchain/scripts/packages-update +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash - -[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; } -set -e - -snapshot_url="http://snapshot.debian.org/archive/debian" -snapshot_date=$(date +"%Y%m%dT000000Z") -cat <<-EOF > /etc/apt/sources.list -deb http://deb.debian.org/debian bookworm main -deb http://security.debian.org/debian-security bookworm-security main -deb http://deb.debian.org/debian bookworm-updates main -deb [check-valid-until=no] ${snapshot_url}/${snapshot_date} bookworm main -deb [check-valid-until=no] ${snapshot_url}-security/${snapshot_date} bookworm-security main -deb [check-valid-until=no] ${snapshot_url}/${snapshot_date} bookworm-updates main -EOF -cp /etc/apt/sources.list /config/toolchain/ - -ARCH=$(uname -m) - -apt-get update -apt-get install -y --download-only --reinstall $( \ - dpkg-query \ - -W \ - -f='${db:Status-Abbrev}\t${binary:Package} - ${binary:Summary}\n' \ - | awk -F'\t' '/^ii/ {print $2}' \ - | awk '{print $1}' \ -) -apt-get install -y --download-only $(cat /config/toolchain/packages-base.list) - -( cd /var/cache/apt/archives \ - && find . -type f \( -iname \*.deb \) -exec sha256sum {} \; \ - | sed 's/.\///g' \ - | LC_ALL=C sort -) > /config/toolchain/package-hashes-${ARCH}.txt - -cp /dev/null /config/toolchain/packages-${ARCH}.list -for deb in /var/cache/apt/archives/*.deb; do - package=$(dpkg-deb -f $deb Package); - version=$(dpkg --info ${deb} | grep "^ Version: " | sed 's/^ Version: //g'); - echo "${package}=${version}" >> /config/toolchain/packages-${ARCH}.list; -done - -chown -R $LOCAL_USER /config/toolchain