Refactor to use distrust/toolchain project.
This commit is contained in:
parent
14f89c22d3
commit
4b61b1633d
|
@ -1,4 +1,4 @@
|
|||
build/
|
||||
cache/
|
||||
out/
|
||||
release/develop
|
||||
.*
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
[submodule "src/toolchain"]
|
||||
path = src/toolchain
|
||||
url = git@codeberg.org:distrust/toolchain.git
|
277
Makefile
277
Makefile
|
@ -1,195 +1,66 @@
|
|||
NAME := airgap
|
||||
IMAGE := local/$(NAME):latest
|
||||
ARCH := x86_64
|
||||
TARGET := $(ARCH)
|
||||
USER := $(shell id -u):$(shell id -g)
|
||||
CPUS := $(shell docker run -it debian nproc)
|
||||
GIT_REF := $(shell git log -1 --format=%H config)
|
||||
GIT_AUTHOR := $(shell git log -1 --format=%an config)
|
||||
GIT_KEY := $(shell git log -1 --format=%GP config)
|
||||
GIT_EPOCH := $(shell git log -1 --format=%at config)
|
||||
GIT_DATETIME := \
|
||||
$(shell git log -1 --format=%cd --date=format:'%Y-%m-%d %H:%M:%S' config)
|
||||
ifeq ($(strip $(shell git status --porcelain 2>/dev/null)),)
|
||||
GIT_STATE=clean
|
||||
else
|
||||
GIT_STATE=dirty
|
||||
endif
|
||||
VERSION := $(shell TZ=UTC0 git show --quiet --date='format-local:%Y%m%dT%H%M%SZ' --format="%cd")
|
||||
RELEASE_DIR := release/$(VERSION)
|
||||
CONFIG_DIR := config
|
||||
BR2_EXTERNAL := $(CONFIG_DIR)/buildroot
|
||||
HEADS_EXTERNAL := $(CONFIG_DIR)/heads
|
||||
CACHE_DIR := build
|
||||
SRC_DIR := src
|
||||
OUT_DIR := out
|
||||
docker = docker
|
||||
executables = $(docker) git patch
|
||||
include $(PWD)/src/toolchain/Makefile
|
||||
|
||||
include $(PWD)/config/config.env
|
||||
|
||||
## Use env vars from existing release if present
|
||||
ifneq (,$(wildcard $(RELEASE_DIR)/release.env))
|
||||
include $(RELEASE_DIR)/release.env
|
||||
export
|
||||
endif
|
||||
|
||||
.DEFAULT_GOAL := out/manifest.txt
|
||||
|
||||
## Primary Targets
|
||||
|
||||
.PHONY: fetch
|
||||
fetch: $(CACHE_DIR)/toolchain.tar
|
||||
mkdir -p build release
|
||||
$(call toolchain,$(USER),"fetch")
|
||||
.DEFAULT_GOAL := $(OUT_DIR)/airgap.iso
|
||||
|
||||
.PHONY: clean
|
||||
clean: $(CACHE_DIR)/toolchain.tar
|
||||
$(call toolchain,$(USER),"clean")
|
||||
clean: toolchain
|
||||
rm -f $(OUT_DIR) $(CACHE_DIR)/buildroot-ccache || :
|
||||
$(call toolchain,$(USER)," \
|
||||
cd $(CACHE_DIR)/buildroot; \
|
||||
make clean; \
|
||||
")
|
||||
|
||||
.PHONY: mrproper
|
||||
mrproper:
|
||||
docker image rm -f $(IMAGE)
|
||||
rm -rf $(CACHE_DIR) $(OUT_DIR)
|
||||
|
||||
## Release Targets
|
||||
|
||||
.PHONY: release
|
||||
release: | \
|
||||
$(OUT_DIR)/release.env \
|
||||
$(OUT_DIR)/airgap.iso \
|
||||
$(OUT_DIR)/manifest.txt
|
||||
mkdir -p $(RELEASE_DIR)
|
||||
cp out/release.env $(RELEASE_DIR)/release.env
|
||||
cp out/airgap.iso $(RELEASE_DIR)/airgap.iso
|
||||
cp out/manifest.txt $(RELEASE_DIR)/manifest.txt
|
||||
|
||||
.PHONY: attest
|
||||
attest:
|
||||
rm -rf $(CACHE_DIR) $(OUT_DIR)
|
||||
$(MAKE) $(OUT_DIR)/manifest.txt
|
||||
diff -q $(OUT_DIR)/manifest.txt release/$(VERSION)/manifest.txt;
|
||||
|
||||
.PHONY: sign
|
||||
sign:
|
||||
set -e; \
|
||||
git config --get user.signingkey 2>&1 >/dev/null || { \
|
||||
echo "Error: git user.signingkey is not defined"; \
|
||||
exit 1; \
|
||||
}; \
|
||||
fingerprint=$$(\
|
||||
git config --get user.signingkey \
|
||||
| sed 's/.*\([A-Z0-9]\{16\}\).*/\1/g' \
|
||||
); \
|
||||
gpg --armor \
|
||||
--detach-sig \
|
||||
--output $(RELEASE_DIR)/manifest.$${fingerprint}.asc \
|
||||
$(RELEASE_DIR)/manifest.txt
|
||||
|
||||
.PHONY: verify
|
||||
verify: | $(RELEASE_DIR)/manifest.txt
|
||||
set -e; \
|
||||
for file in $(RELEASE_DIR)/manifest.*.asc; do \
|
||||
echo "\nVerifying: $${file}\n"; \
|
||||
gpg --verify $${file} $(RELEASE_DIR)/manifest.txt; \
|
||||
done;
|
||||
|
||||
.PHONY: audit
|
||||
audit: $(CACHE_DIR)/toolchain.tar
|
||||
mkdir -p $(CACHE_DIR)/audit
|
||||
$(call toolchain,$(USER),"audit")
|
||||
|
||||
$(RELEASE_DIR):
|
||||
mkdir -p $(RELEASE_DIR)
|
||||
|
||||
$(RELEASE_DIR)/release.env: \
|
||||
$(RELEASE_DIR) \
|
||||
$(OUT_DIR)/release.env
|
||||
cp $(OUT_DIR)/release.env $(RELEASE_DIR)/release.env
|
||||
|
||||
$(RELEASE_DIR)/airgap.iso: \
|
||||
$(RELEASE_DIR) \
|
||||
$(OUT_DIR)/airgap.iso
|
||||
cp $(OUT_DIR)/airgap.iso $(RELEASE_DIR)/airgap.iso
|
||||
|
||||
$(RELEASE_DIR)/manifest.txt: \
|
||||
$(RELEASE_DIR) \
|
||||
$(OUT_DIR)/manifest.txt
|
||||
cp $(OUT_DIR)/manifest.txt $(RELEASE_DIR)/manifest.txt
|
||||
|
||||
## Development Targets
|
||||
|
||||
.PHONY: menuconfig
|
||||
menuconfig: $(CACHE_DIR)/toolchain.tar
|
||||
$(call toolchain,$(USER),"menuconfig")
|
||||
menuconfig: toolchain
|
||||
$(call toolchain,$(USER)," \
|
||||
cd $(CACHE_DIR)/buildroot; \
|
||||
make "airgap_$(TARGET)_defconfig"; \
|
||||
make menuconfig; \
|
||||
")
|
||||
cp $(CACHE_DIR)/buildroot/.config \
|
||||
"config/buildroot/configs/airgap_$(TARGET)_defconfig"
|
||||
|
||||
.PHONY: linux-menuconfig
|
||||
linux-menuconfig: $(CACHE_DIR)/toolchain.tar
|
||||
$(call toolchain,$(USER),"linux-menuconfig")
|
||||
linux-menuconfig: toolchain
|
||||
$(call toolchain,$(USER),"\
|
||||
cd $(CACHE_DIR)/buildroot; \
|
||||
make linux-menuconfig; \
|
||||
make linux-update-defconfig; \
|
||||
")
|
||||
|
||||
.PHONY: vm
|
||||
vm: $(CACHE_DIR)/toolchain.tar
|
||||
$(call toolchain,$(USER),"vm")
|
||||
vm: toolchain
|
||||
$(call toolchain,$(USER)," \
|
||||
qemu-system-i386 \
|
||||
-M pc \
|
||||
-nographic \
|
||||
-cdrom "${HOME}/release/${TARGET}/airgap.iso"; \
|
||||
")
|
||||
|
||||
# Launch a shell inside the toolchain container
|
||||
.PHONY: toolchain-shell
|
||||
toolchain-shell: $(CACHE_DIR)/toolchain.tar
|
||||
$(call toolchain,$(USER),"bash --norc")
|
||||
.PHONY: release
|
||||
release: | \
|
||||
$(OUT_DIR)/airgap.iso \
|
||||
$(OUT_DIR)/manifest.txt
|
||||
mkdir -p $(RELEASE_DIR)
|
||||
cp $(OUT_DIR)/release.env $(RELEASE_DIR)/release.env
|
||||
cp $(OUT_DIR)/airgap.iso $(RELEASE_DIR)/airgap.iso
|
||||
cp $(OUT_DIR)/manifest.txt $(RELEASE_DIR)/manifest.txt
|
||||
|
||||
# Pin all packages in toolchain container to latest versions
|
||||
.PHONY: toolchain-update
|
||||
toolchain-update:
|
||||
docker run \
|
||||
--rm \
|
||||
--env LOCAL_USER=$(USER) \
|
||||
--platform=linux/$(ARCH) \
|
||||
--volume $(PWD)/$(CONFIG_DIR):/config \
|
||||
--volume $(PWD)/$(SRC_DIR)/toolchain/scripts:/usr/local/bin \
|
||||
--env ARCH=$(ARCH) \
|
||||
--interactive \
|
||||
--tty \
|
||||
debian@sha256:$(DEBIAN_HASH) \
|
||||
bash -c /usr/local/bin/packages-update
|
||||
|
||||
## Real targets
|
||||
|
||||
$(CACHE_DIR)/toolchain.tar:
|
||||
mkdir -p $(CACHE_DIR)
|
||||
DOCKER_BUILDKIT=1 \
|
||||
docker build \
|
||||
--tag $(IMAGE) \
|
||||
--build-arg DEBIAN_HASH=$(DEBIAN_HASH) \
|
||||
--build-arg CONFIG_DIR=$(CONFIG_DIR) \
|
||||
--build-arg SCRIPTS_DIR=$(SRC_DIR)/toolchain/scripts \
|
||||
--platform=linux/$(ARCH) \
|
||||
-f $(SRC_DIR)/toolchain/Dockerfile \
|
||||
.
|
||||
docker save "$(IMAGE)" -o "$@"
|
||||
|
||||
$(CACHE_DIR)/buildroot: $(CACHE_DIR)/toolchain.tar
|
||||
$(CACHE_DIR)/buildroot: toolchain
|
||||
$(call git_clone,buildroot,$(BUILDROOT_REPO),$(BUILDROOT_REF))
|
||||
|
||||
$(CACHE_DIR)/heads: $(CACHE_DIR)/toolchain.tar
|
||||
$(call git_clone,heads,$(HEADS_REPO),$(HEADS_REF))
|
||||
|
||||
$(OUT_DIR):
|
||||
mkdir -p $(OUT_DIR)
|
||||
|
||||
$(OUT_DIR)/release.env: $(OUT_DIR)
|
||||
echo 'VERSION=$(VERSION)' > $(OUT_DIR)/release.env
|
||||
echo 'GIT_REF=$(GIT_REF)' >> $(OUT_DIR)/release.env
|
||||
echo 'GIT_AUTHOR=$(GIT_AUTHOR)' >> $(OUT_DIR)/release.env
|
||||
echo 'GIT_KEY=$(GIT_KEY)' >> $(OUT_DIR)/release.env
|
||||
echo 'GIT_DATETIME=$(GIT_DATETIME)' >> $(OUT_DIR)/release.env
|
||||
|
||||
$(OUT_DIR)/airgap.iso: \
|
||||
toolchain \
|
||||
$(CACHE_DIR)/buildroot \
|
||||
$(OUT_DIR)/release.env
|
||||
$(call apply_patches,buildroot,$(BR2_EXTERNAL)/patches)
|
||||
$(call apply_patches,$(CACHE_DIR)/buildroot,$(BR2_EXTERNAL)/patches)
|
||||
$(call toolchain,$(USER)," \
|
||||
cd buildroot; \
|
||||
cd $(CACHE_DIR)/buildroot; \
|
||||
make "airgap_$(TARGET)_defconfig"; \
|
||||
unset FAKETIME; \
|
||||
make source; \
|
||||
|
@ -198,73 +69,3 @@ $(OUT_DIR)/airgap.iso: \
|
|||
mkdir -p $(OUT_DIR)
|
||||
cp $(CACHE_DIR)/buildroot/output/images/rootfs.iso9660 \
|
||||
$(OUT_DIR)/airgap.iso
|
||||
|
||||
$(OUT_DIR)/manifest.txt: \
|
||||
$(OUT_DIR)/airgap.iso \
|
||||
$(OUT_DIR)/release.env
|
||||
cd $(OUT_DIR); \
|
||||
openssl sha256 -r release.env > manifest.txt; \
|
||||
openssl sha256 -r airgap.iso >> manifest.txt;
|
||||
|
||||
## Make Helpers
|
||||
|
||||
check_executables := $(foreach exec,$(executables),\$(if \
|
||||
$(shell which $(exec)),some string,$(error "No $(exec) in PATH")))
|
||||
|
||||
define git_clone
|
||||
[ -d $(CACHE_DIR)/$(1) ] || git clone $(2) $(CACHE_DIR)/$(1)
|
||||
git -C $(CACHE_DIR)/$(1) checkout $(3)
|
||||
git -C $(CACHE_DIR)/$(1) rev-parse --verify HEAD | grep -q $(3) || { \
|
||||
echo 'Error: Git ref/branch collision.'; exit 1; \
|
||||
};
|
||||
endef
|
||||
|
||||
define apply_patches
|
||||
[ -d $(2) ] && $(call toolchain,$(USER)," \
|
||||
cd $(1); \
|
||||
git restore .; \
|
||||
find /$(2) -type f -iname '*.patch' -print0 \
|
||||
| xargs -t -0 -n 1 patch -p1 --no-backup-if-mismatch -i ; \
|
||||
")
|
||||
endef
|
||||
|
||||
define toolchain
|
||||
docker load -i $(CACHE_DIR)/toolchain.tar
|
||||
docker run \
|
||||
--rm \
|
||||
--tty \
|
||||
--interactive \
|
||||
--user=$(1) \
|
||||
--platform=linux/$(ARCH) \
|
||||
--volume $(PWD)/config:/config \
|
||||
--volume $(PWD)/$(KEY_DIR):/keys \
|
||||
--volume $(PWD)/$(SRC_DIR):/src \
|
||||
--volume $(PWD)/$(CACHE_DIR):/home/build \
|
||||
--volume $(PWD)/scripts:/usr/local/bin \
|
||||
--cpus $(CPUS) \
|
||||
--workdir /home/build \
|
||||
--env HOME=/home/build \
|
||||
--env PS1="$(NAME)-toolchain" \
|
||||
--env GNUPGHOME=/cache/.gnupg \
|
||||
--env ARCH=$(ARCH) \
|
||||
--env TARGET="$(ARCH)" \
|
||||
--env GIT_REF="$(GIT_REF)" \
|
||||
--env GIT_AUTHOR="$(GIT_AUTHOR)" \
|
||||
--env GIT_KEY="$(GIT_KEY)" \
|
||||
--env GIT_DATETIME="$(GIT_DATETIME)" \
|
||||
--env GIT_EPOCH="$(GIT_EPOCH)" \
|
||||
--env KBUILD_BUILD_USER=$(KBUILD_BUILD_USER) \
|
||||
--env KBUILD_BUILD_HOST=$(KBUILD_BUILD_HOST) \
|
||||
--env KBUILD_BUILD_VERSION=$(KBUILD_BUILD_VERSION) \
|
||||
--env KBUILD_BUILD_TIMESTAMP=$(KBUILD_BUILD_TIMESTAMP) \
|
||||
--env KCONFIG_NOTIMESTAMP=$(KCONFIG_NOTIMESTAMP) \
|
||||
--env SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \
|
||||
--env FAKETIME_FMT=$(FAKETIME_FMT) \
|
||||
--env FAKETIME=$(FAKETIME) \
|
||||
--env BR2_EXTERNAL="/$(BR2_EXTERNAL)" \
|
||||
--env HEADS_EXTERNAL="/$(HEADS_EXTERNAL)" \
|
||||
--env UID="$(shell id -u)" \
|
||||
--env GID="$(shell id -g)" \
|
||||
$(IMAGE) \
|
||||
bash -c $(2)
|
||||
endef
|
||||
|
|
|
@ -117,7 +117,7 @@ BR2_LUAROCKS_MIRROR="http://rocks.moonscript.org"
|
|||
BR2_CPAN_MIRROR="http://cpan.metacpan.org"
|
||||
BR2_JLEVEL=0
|
||||
BR2_CCACHE=y
|
||||
BR2_CCACHE_DIR="$(HOME)/build/buildroot-ccache"
|
||||
BR2_CCACHE_DIR="$(HOME)/cache/buildroot-ccache"
|
||||
BR2_CCACHE_INITIAL_SETUP=""
|
||||
BR2_CCACHE_USE_BASEDIR=y
|
||||
# BR2_ENABLE_DEBUG is not set
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
# Buildroot 2022.02.8-dirty Configuration
|
||||
#
|
||||
BR2_HAVE_DOT_CONFIG=y
|
||||
BR2_EXTERNAL_Airgap_PATH="/config/buildroot"
|
||||
BR2_EXTERNAL_Airgap_PATH="/home/build/config/buildroot"
|
||||
BR2_HOST_GCC_AT_LEAST_4_9=y
|
||||
BR2_HOST_GCC_AT_LEAST_5=y
|
||||
BR2_HOST_GCC_AT_LEAST_6=y
|
||||
|
@ -129,7 +129,7 @@ BR2_LUAROCKS_MIRROR="http://rocks.moonscript.org"
|
|||
BR2_CPAN_MIRROR="http://cpan.metacpan.org"
|
||||
BR2_JLEVEL=0
|
||||
BR2_CCACHE=y
|
||||
BR2_CCACHE_DIR="$(HOME)/build/buildroot-ccache"
|
||||
BR2_CCACHE_DIR="$(HOME)/cache/buildroot-ccache"
|
||||
BR2_CCACHE_INITIAL_SETUP=""
|
||||
BR2_CCACHE_USE_BASEDIR=y
|
||||
# BR2_ENABLE_DEBUG is not set
|
||||
|
@ -4500,7 +4500,7 @@ BR2_TARGET_UBOOT_CUSTOM_PATCH_DIR=""
|
|||
#
|
||||
|
||||
#
|
||||
# Linux distribution for offline cryptography use cases (in /config/buildroot)
|
||||
# Linux distribution for offline cryptography use cases (in /home/build/config/buildroot)
|
||||
#
|
||||
|
||||
#
|
||||
|
|
|
@ -1,14 +0,0 @@
|
|||
export BUILDROOT_REF=ea51485ee9ab44f72f8b1cc019dcb17f276d1def
|
||||
export HEADS_REF=6e62c83e164231c629d77a45d37569b3bff43d3f
|
||||
export DEBIAN_HASH=48b28b354484a7f0e683e340fa0e6e4c4bce3dc3aa0146fc2f78f443fde2c55d
|
||||
export FAKETIME_FMT="%s"
|
||||
export FAKETIME="1"
|
||||
export SOURCE_DATE_EPOCH=1
|
||||
export KBUILD_BUILD_TIMESTAMP="1970-01-01 00:00:00 UTC"
|
||||
export KCONFIG_NOTIMESTAMP=1
|
||||
export KBUILD_BUILD_USER=root
|
||||
export KBUILD_BUILD_HOST=AirgapOS
|
||||
export KBUILD_BUILD_VERSION=1
|
||||
|
||||
export BUILDROOT_REPO=git://git.busybox.net/buildroot
|
||||
export HEADS_REPO=https://source.puri.sm/coreboot/purism-heads.git
|
|
@ -0,0 +1,7 @@
|
|||
DEBIAN_HASH=48b28b354484a7f0e683e340fa0e6e4c4bce3dc3aa0146fc2f78f443fde2c55d
|
||||
BUILDROOT_REF=ea51485ee9ab44f72f8b1cc019dcb17f276d1def
|
||||
HEADS_REF=6e62c83e164231c629d77a45d37569b3bff43d3f
|
||||
BUILDROOT_REPO=git://git.busybox.net/buildroot
|
||||
HEADS_REPO=https://source.puri.sm/coreboot/purism-heads.git
|
||||
BR2_EXTERNAL=/home/build/config/buildroot
|
||||
HEADS_EXTERNAL=/home/build/config/heads
|
|
@ -1,11 +0,0 @@
|
|||
#!/bin/bash
|
||||
[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; }
|
||||
set -e; source environment
|
||||
|
||||
devices=${DEVICES?}
|
||||
build_dir="${BUILD_DIR?}"
|
||||
heads_dir="${build_dir}/heads"
|
||||
|
||||
for device in ${devices}; do
|
||||
(cd "${heads_dir}"; make BOARD="$device")
|
||||
done
|
|
@ -1,8 +0,0 @@
|
|||
#!/bin/bash
|
||||
[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; }
|
||||
set -e; source environment
|
||||
unset FAKETIME
|
||||
|
||||
buildroot_dir="${HOME}/buildroot"
|
||||
|
||||
(cd "${buildroot_dir}"; make )
|
|
@ -1,11 +0,0 @@
|
|||
#!/bin/bash
|
||||
[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; }
|
||||
set -e; source environment
|
||||
|
||||
build_dir="${BUILD_DIR?}"
|
||||
release_dir="${RELEASE_DIR?}"
|
||||
|
||||
[ -d "${build_dir}/buildroot" ] && (cd ${build_dir}/buildroot && make clean)
|
||||
[ -d "${build_dir}/heads" ] && (cd ${build_dir}/heads && make real.clean)
|
||||
[ -d "${build_dir}/buildroot-ccache" ] && rm -rf ${build_dir}/buildroot-ccache
|
||||
[ -d "${release_dir}" ] && rm -rf ${release_dir}/develop
|
|
@ -1,12 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
target=${TARGET?}
|
||||
env_file=/config/config.env
|
||||
|
||||
source ${env_file}
|
||||
|
||||
export HOME=/home/build
|
||||
export RELEASE_DIR="${HOME}/release"
|
||||
|
||||
mkdir -p ${HOME}
|
||||
chown -R "${UID}:${GID}" /home/build/
|
|
@ -1,38 +0,0 @@
|
|||
#!/bin/bash
|
||||
[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; }
|
||||
set -e; source environment
|
||||
|
||||
heads_dir="${HOME}/heads"
|
||||
heads_repo="${HEADS_REPO?}"
|
||||
heads_ref=${HEADS_REF?}
|
||||
heads_external=${HEADS_EXTERNAL?}
|
||||
devices=${DEVICES?}
|
||||
target=${TARGET?}
|
||||
unset FAKETIME
|
||||
|
||||
[[ -f ~/.gitconfig ]] || \
|
||||
printf "[color]\nui=auto\n[user]\nemail=build@local\nname=Build User" \
|
||||
> ~/.gitconfig
|
||||
|
||||
[ "$(ls -A "${heads_dir}")" ] \
|
||||
|| git clone "$heads_repo" "$heads_dir"
|
||||
(
|
||||
cd "$heads_dir";
|
||||
git checkout "$heads_ref";
|
||||
git reset --hard;
|
||||
git tag airgap || :
|
||||
current_ref="$(git rev-parse --verify HEAD)"
|
||||
[ "$current_ref" == "$heads_ref" ] || {
|
||||
echo "Error: $heads_ref was not successfully checked out"; exit 1;
|
||||
}
|
||||
if [ "$(ls -A "${heads_external}/patches")" ]; then
|
||||
for patch in "${heads_external}"/patches/*; do
|
||||
echo "Applying patch: ${patch}";
|
||||
patch -p1 --no-backup-if-mismatch < "${patch}";
|
||||
done;
|
||||
fi
|
||||
[ -d "${heads_external}/boards" ] && \
|
||||
rsync -Pav "${heads_external}/boards/" "${heads_dir}/boards/"
|
||||
[[ "$devices" =~ "librem" ]] \
|
||||
&& (cd "$heads_dir/blobs/librem_kbl" && ./get_blobs.sh)
|
||||
)
|
|
@ -1,20 +0,0 @@
|
|||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
uid=${UID?}
|
||||
gid=${GID?}
|
||||
user=${USER:-"build"}
|
||||
export HOME="/home/${user}"
|
||||
|
||||
groupadd -g "$gid" "${user}"
|
||||
useradd \
|
||||
-g "$gid" \
|
||||
-u "$uid" \
|
||||
-md "/home/${user}" \
|
||||
-s /bin/bash \
|
||||
"${user}"
|
||||
|
||||
mkdir -p "$HOME"
|
||||
chown -R "$uid:$gid" "$HOME"
|
||||
cd "$HOME"
|
||||
setpriv --reuid="$uid" --regid="$gid" --init-groups "$@"
|
|
@ -1,9 +0,0 @@
|
|||
#!/bin/bash
|
||||
[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; }
|
||||
set -e; source environment
|
||||
|
||||
target=${TARGET?}
|
||||
|
||||
cd /home/build/build/buildroot
|
||||
make linux-menuconfig
|
||||
make linux-update-defconfig
|
|
@ -1,9 +0,0 @@
|
|||
#!/bin/bash
|
||||
[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; }
|
||||
set -e; source environment
|
||||
|
||||
target=${TARGET?}
|
||||
|
||||
cd /home/build/buildroot
|
||||
make "airgap_${TARGET}_defconfig"
|
||||
make menuconfig
|
|
@ -1,4 +0,0 @@
|
|||
#!/bin/bash --init-file
|
||||
[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; }
|
||||
source environment
|
||||
clear
|
|
@ -1,9 +0,0 @@
|
|||
#!/bin/bash
|
||||
[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; }
|
||||
source environment
|
||||
set -e
|
||||
|
||||
qemu-system-i386 \
|
||||
-M pc \
|
||||
-nographic \
|
||||
-cdrom "${HOME}/release/${TARGET}/airgap.iso"
|
|
@ -0,0 +1 @@
|
|||
Subproject commit 5191085576e4f9d043bbc2b0ca091d4bb81efaff
|
|
@ -1,18 +0,0 @@
|
|||
ARG DEBIAN_HASH
|
||||
FROM debian@sha256:${DEBIAN_HASH}
|
||||
|
||||
ENV DEBIAN_FRONTEND=noninteractive \
|
||||
LANG=C.UTF-8 \
|
||||
TZ=UTC \
|
||||
PATH=/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||
|
||||
ARG CONFIG_DIR
|
||||
ADD ${CONFIG_DIR} /config
|
||||
|
||||
ARG SCRIPTS_DIR
|
||||
ADD ${SCRIPTS_DIR} /usr/local/bin
|
||||
|
||||
RUN packages-install
|
||||
|
||||
RUN echo "/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1" \
|
||||
> /etc/ld.so.preload
|
|
@ -1,26 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
set -e;
|
||||
|
||||
ARCH=$(uname -m)
|
||||
|
||||
cp /config/toolchain/* /etc/apt/
|
||||
|
||||
apt-get update
|
||||
apt-get install debian-archive-keyring
|
||||
|
||||
until apt-get install --download-only --reinstall --allow-downgrades -y $(cat /etc/apt/packages-${ARCH}.list); do
|
||||
echo "apt install failed. Likely throttled. Retrying in 10 mins...";
|
||||
sleep 600;
|
||||
done;
|
||||
|
||||
(
|
||||
cd /var/cache/apt/archives \
|
||||
&& find . -type f \( -iname \*.deb \) -exec sha256sum {} \; \
|
||||
| sed 's/.\///g' \
|
||||
| LC_ALL=C sort
|
||||
) > /etc/apt/package-hashes-${ARCH}-compare.txt
|
||||
|
||||
diff /etc/apt/package-hashes-${ARCH}{,-compare}.txt
|
||||
|
||||
apt-get install --allow-downgrades -y $(cat /etc/apt/packages-${ARCH}.list)
|
||||
rm -rf /var/cache/apt/archives/* /var/lib/apt/lists/* /tmp/* /var/tmp/*;
|
|
@ -1,43 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; }
|
||||
set -e
|
||||
|
||||
snapshot_url="http://snapshot.debian.org/archive/debian"
|
||||
snapshot_date=$(date +"%Y%m%dT000000Z")
|
||||
cat <<-EOF > /etc/apt/sources.list
|
||||
deb http://deb.debian.org/debian bookworm main
|
||||
deb http://security.debian.org/debian-security bookworm-security main
|
||||
deb http://deb.debian.org/debian bookworm-updates main
|
||||
deb [check-valid-until=no] ${snapshot_url}/${snapshot_date} bookworm main
|
||||
deb [check-valid-until=no] ${snapshot_url}-security/${snapshot_date} bookworm-security main
|
||||
deb [check-valid-until=no] ${snapshot_url}/${snapshot_date} bookworm-updates main
|
||||
EOF
|
||||
cp /etc/apt/sources.list /config/toolchain/
|
||||
|
||||
ARCH=$(uname -m)
|
||||
|
||||
apt-get update
|
||||
apt-get install -y --download-only --reinstall $( \
|
||||
dpkg-query \
|
||||
-W \
|
||||
-f='${db:Status-Abbrev}\t${binary:Package} - ${binary:Summary}\n' \
|
||||
| awk -F'\t' '/^ii/ {print $2}' \
|
||||
| awk '{print $1}' \
|
||||
)
|
||||
apt-get install -y --download-only $(cat /config/toolchain/packages-base.list)
|
||||
|
||||
( cd /var/cache/apt/archives \
|
||||
&& find . -type f \( -iname \*.deb \) -exec sha256sum {} \; \
|
||||
| sed 's/.\///g' \
|
||||
| LC_ALL=C sort
|
||||
) > /config/toolchain/package-hashes-${ARCH}.txt
|
||||
|
||||
cp /dev/null /config/toolchain/packages-${ARCH}.list
|
||||
for deb in /var/cache/apt/archives/*.deb; do
|
||||
package=$(dpkg-deb -f $deb Package);
|
||||
version=$(dpkg --info ${deb} | grep "^ Version: " | sed 's/^ Version: //g');
|
||||
echo "${package}=${version}" >> /config/toolchain/packages-${ARCH}.list;
|
||||
done
|
||||
|
||||
chown -R $LOCAL_USER /config/toolchain
|
Loading…
Reference in New Issue