diff --git a/.circleci/config.yml b/.circleci/config.yml index 303e11219..3fd260dcd 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -11,15 +11,12 @@ commands: type: string steps: - run: - name: Install dependencies + name: Make Board (console logs not contiguous because multiple CPUS used to build under CircleCI, see logs in artifacts or Output build failing logs below in case of failed step) command: | - ln -fs /usr/share/zoneinfo/America/New_York /etc/localtime - apt update - apt install -y build-essential zlib1g-dev uuid-dev libdigest-sha-perl libelf-dev bc bzip2 bison flex git gnupg gawk iasl m4 nasm patch python python2 python3 wget gnat cpio ccache pkg-config cmake libusb-1.0-0-dev autoconf texinfo ncurses-dev doxygen graphviz udev libudev1 libudev-dev automake libtool rsync innoextract sudo libssl-dev device-tree-compiler u-boot-tools sharutils e2fsprogs parted curl unzip imagemagick libncurses5-dev zip - - run: - name: Make Board (FULL ORDERED BUILD LOGS HERE UNTIL JOB FAILED) - command: | - rm -rf build/<>/<>/* build/<>/log/* && make V=1 BOARD=<> <> || touch ./tmpDir/failed_build + echo "Sourcing /devenv.sh since docker entrypoint doesn't do it as expected" + source /devenv.sh + rm -rf build/<>/<>/* build/<>/log/* + make V=1 BOARD=<> <> || touch ./tmpDir/failed_build no_output_timeout: 3h - run: name: Output hashes @@ -32,93 +29,89 @@ commands: - run: name: Archiving build logs. command: | - tar zcvf build/<>/<>/logs.tar.gz $(find build/ -name "*.log") + tar zcvf build/<>/<>/logs.tar.gz $(find build/ -name "*.log") - run: name: Output build failing logs command: | - if [[ -f ./tmpDir/failed_build ]]; then find ./build/<>/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Step hasn't failed. Continuing with next step..."; fi \ + if [[ -f ./tmpDir/failed_build ]]; then + find "./build/<>/" -name "*.log" -type f -mmin -1 -exec tail -n +1 '{}' + + exit 1 + else + echo "Step hasn't failed. Continuing with next step..." + fi - store_artifacts: path: build/<>/<> jobs: prep_env: docker: - - image: debian:11 + - image: tlaurion/heads-dev-env:v0.1.4 resource_class: large working_directory: ~/heads steps: - - run: - name: Install dependencies - command: | - ln -fs /usr/share/zoneinfo/America/New_York /etc/localtime - apt update - apt install -y build-essential zlib1g-dev uuid-dev libdigest-sha-perl libelf-dev bc bzip2 bison flex git gnupg gawk iasl m4 nasm patch python python2 python3 wget gnat cpio ccache pkg-config cmake libusb-1.0-0-dev autoconf texinfo ncurses-dev doxygen graphviz udev libudev1 libudev-dev automake libtool rsync innoextract sudo imagemagick libncurses5-dev - checkout - run: name: git reset command: | - git reset --hard "$CIRCLE_SHA1" \ - + git reset --hard "$CIRCLE_SHA1" - run: name: Make tmp dir command: | - mkdir ./tmpDir \ - + mkdir ./tmpDir - run: name: Creating all modules and patches digest (All modules cache digest) command: | - find ./Makefile ./patches/ ./modules/ -type f | sort -h |xargs sha256sum > ./tmpDir/all_modules_and_patches.sha256sums \ - + find .circleci/config.yml ./Makefile ./flake.lock ./patches/ ./modules/ -type f | sort -h |xargs sha256sum > ./tmpDir/all_modules_and_patches.sha256sums - run: name: Creating coreboot (and associated patches) and musl-cross-make modules digest (musl-cross-make and coreboot cache digest) command: | - find ./Makefile ./modules/coreboot ./modules/musl-cross* ./patches/coreboot* -type f | sort -h | xargs sha256sum > ./tmpDir/coreboot_musl-cross.sha256sums \ - + find .circleci/config.yml ./Makefile ./flake.lock ./modules/coreboot ./modules/musl-cross* ./patches/coreboot* -type f | sort -h | xargs sha256sum > ./tmpDir/coreboot_musl-cross.sha256sums - run: name: Creating musl-cross-make and musl-cross-make patches digest (musl-cross-make cache digest) command: | - find ./Makefile modules/musl-cross* -type f | sort -h | xargs sha256sum > ./tmpDir/musl-cross.sha256sums \ - + find .circleci/config.yml ./Makefile ./flake.lock modules/musl-cross* -type f | sort -h | xargs sha256sum > ./tmpDir/musl-cross.sha256sums - restore_cache: + # First matched/found key wins and following keys are not tried keys: - #Restore existing cache for matching modules digest, validated to be exactly the same as in github current commit. - #This cache was made on top of below caches, if previously existing. If no module definition changed, we reuse this one. Otherwise... - - heads-modules-and-patches-{{ checksum "./tmpDir/all_modules_and_patches.sha256sums" }}{{ .Environment.CACHE_VERSION }} - #If precedent cache not found, restore cache for coreboot module (and patches) and musl-cross-make digests (coreboot: triannual release) - #Otehrwise.... - - heads-coreboot-musl-cross-{{ checksum "./tmpDir/coreboot_musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }} - #If precedent cache not found. Restore cache for musl-cross-make module digest (rarely modified). - #Otherwise, we build cleanly. - - heads-musl-cross-{{ checksum "./tmpDir/musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }} + # Cache for matching modules digest, validated to be exactly the same as in github current commit. + # This cache was made on top of below caches, if previously existing. + # If no module definition changed, we reuse this one + - nix-docker-heads-modules-and-patches-{{ checksum "./tmpDir/all_modules_and_patches.sha256sums" }}{{ .Environment.CACHE_VERSION }} + + # Cache for coreboot module (and patches) and musl-cross-make digests (coreboot: triannual release) + - nix-docker-heads-coreboot-musl-cross-{{ checksum "./tmpDir/coreboot_musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }} + + # Cache for musl-cross-make module digest (rarely modified). + - nix-docker-heads-musl-cross-{{ checksum "./tmpDir/musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }} - run: name: Download and neuter xx20 ME (keep generated GBE and extracted IFD in tree) command: | ./blobs/xx20/download_parse_me.sh - - run: - name: Download and neuter xx30 ME (keep generated GBE and extracted IFD in tree) # me_cleaner.py present under heads xx30 blobs dir comes from https://github.com/corna/me_cleaner/blob/43612a630c79f3bc6f2653bfe90dfe0b7b137e08/me_cleaner.py + name: Download and neuter xx30 ME (keep generated GBE and extracted IFD in tree) command: | ./blobs/xx30/download_clean_me_manually.sh -m $(readlink -f ./blobs/xx30/me_cleaner.py) - - run: name: Download and extract t530 vbios roms for dgpu boards command: | + echo skipping for now + exit 0 ./blobs/xx30/vbios_t530.sh - - run: name: Download and extract w530 vbios roms for dgpu boards command: | + echo skipping for now + exit 0 ./blobs/xx30/vbios_w530.sh - - persist_to_workspace: - root: ~/ + root: ~/heads paths: - . build_and_persist: docker: - - image: debian:11 + - image: tlaurion/heads-dev-env:v0.1.4 resource_class: large working_directory: ~/heads parameters: @@ -131,22 +124,22 @@ jobs: type: string steps: - attach_workspace: - at: ~/ + at: ~/heads - build_board: arch: <> target: <> subcommand: <> - persist_to_workspace: - root: ~/ + root: ~/heads paths: - - heads/packages/<> - - heads/build/<> - - heads/crossgcc/<> - - heads/install/<> + - packages/<> + - build/<> + - crossgcc/<> + - install/<> build: docker: - - image: debian:11 + - image: tlaurion/heads-dev-env:v0.1.4 resource_class: large working_directory: ~/heads parameters: @@ -159,55 +152,55 @@ jobs: type: string steps: - attach_workspace: - at: ~/ + at: ~/heads - build_board: arch: <> - target: <> + target: <> subcommand: <> save_cache: docker: - - image: debian:11 + - image: tlaurion/heads-dev-env:v0.1.4 resource_class: large working_directory: ~/heads steps: - attach_workspace: - at: ~/ + at: ~/heads - save_cache: - #Generate cache for the same musl-cross module definition if hash is not previously existing - #CircleCI removed their wildcard support, so we have to list precise versions to cache in directory names - key: heads-musl-cross-{{ checksum "./tmpDir/musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }} + # Generate cache for the same musl-cross module definition if hash is not previously existing + # CircleCI removed their wildcard support, so we have to list precise versions to cache in directory names + key: nix-docker-heads-musl-cross-{{ checksum "./tmpDir/musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }} paths: - - crossgcc - - build/x86/musl-cross-38e52db8358c043ae82b346a2e6e66bc86a53bc1 - build/ppc64/musl-cross-38e52db8358c043ae82b346a2e6e66bc86a53bc1 + - build/x86/musl-cross-38e52db8358c043ae82b346a2e6e66bc86a53bc1 + - crossgcc - packages - save_cache: - #Generate cache for the same coreboot mnd musl-cross-make modules definition if hash is not previously existing - #CircleCI removed their wildcard support, so we have to list precise versions to cache in directory names - key: heads-coreboot-musl-cross-{{ checksum "./tmpDir/coreboot_musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }} + # Generate cache for the same coreboot mnd musl-cross-make modules definition if hash is not previously existing + # CircleCI removed their wildcard support, so we have to list precise versions to cache in directory names + key: nix-docker-heads-coreboot-musl-cross-{{ checksum "./tmpDir/coreboot_musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }} paths: - - crossgcc - - build/x86/musl-cross-38e52db8358c043ae82b346a2e6e66bc86a53bc1 + - build/ppc64/coreboot-talos_2 - build/ppc64/musl-cross-38e52db8358c043ae82b346a2e6e66bc86a53bc1 - - packages - build/x86/coreboot-4.11 - build/x86/coreboot-4.13 - build/x86/coreboot-4.14 - build/x86/coreboot-4.15 - build/x86/coreboot-4.17 - build/x86/coreboot-4.22.01 - - build/x86/coreboot-purism - build/x86/coreboot-nitrokey - - build/ppc64/coreboot-talos_2 + - build/x86/coreboot-purism + - build/x86/musl-cross-38e52db8358c043ae82b346a2e6e66bc86a53bc1 + - crossgcc + - packages - save_cache: #Generate cache for the exact same modules definitions if hash is not previously existing - key: heads-modules-and-patches-{{ checksum "./tmpDir/all_modules_and_patches.sha256sums" }}{{ .Environment.CACHE_VERSION }} + key: nix-docker-heads-modules-and-patches-{{ checksum "./tmpDir/all_modules_and_patches.sha256sums" }}{{ .Environment.CACHE_VERSION }} paths: - - crossgcc - build - - packages + - crossgcc - install + - packages workflows: version: 2 @@ -215,9 +208,8 @@ workflows: jobs: - prep_env -# Below, sequentially build one board for each coreboot -# version. The last board in the sequence is the dependency -# for the parallel boards built at the end, and also save_cache. + # Below, sequentially build one board for each coreboot version. + # The last board in the sequence is the dependency for the parallel boards built at the end, and also save_cache. # coreboot 4.22.01 - build_and_persist: @@ -227,7 +219,7 @@ workflows: requires: - prep_env - # coreboot-git librems + # coreboot purism - build_and_persist: name: librem_14 target: librem_14 @@ -235,10 +227,11 @@ workflows: requires: - x230-hotp-maximized - # coreboot-git Nitropads depending on x230-hotp-maximized cache - # since kernel is 6.x and coreboot is git is unshared + # coreboot nitropad + # Nitropads depending on x230-hotp-maximized cache since kernel is 6.x and coreboot is git is unshared # We use nitropad's coreboot's fork crossgcc - # No need to wait further for other board's cache. + # No need to wait further for other board's cache + # We reuse built modules from x230-hotp-maximized cache only - build_and_persist: name: nitropad-nv41 target: nitropad-nv41 @@ -246,7 +239,7 @@ workflows: requires: - prep_env - # coreboot-git Talos II (PPC) + # coreboot talos_2 - build_and_persist: name: talos-2 arch: ppc64 @@ -255,18 +248,26 @@ workflows: requires: - prep_env - #Cache one workspace per architecture. Make sure workspace caches are chainloaded and the last in chain for an arch is saved. + # coreboot 4.11 + - build_and_persist: + name: UNMAINTAINED_kgpe-d16_workstation + target: UNMAINTAINED_kgpe-d16_workstation + subcommand: "" + requires: + - prep_env + + # Cache one workspace per architecture + # Make sure workspace caches are chainloaded and the last in chain for an arch is saved - save_cache: requires: - talos-2 - librem_14 -# -# Those onboarding new boards should add their entries below. -# -# + # + # Those onboarding new boards should add their entries below. + # -#Coreboot 4.22.01 boards + # coreboot 4.22.01 boards - build: name: x220-hotp-maximized target: x220-hotp-maximized @@ -377,7 +378,7 @@ workflows: target: t440p-maximized subcommand: "" requires: - - x230-hotp-maximized + - x230-hotp-maximized - build: name: t440p-hotp-maximized @@ -421,7 +422,8 @@ workflows: requires: - x230-hotp-maximized -#coreboot-git librem boards + # coreboot purism + # librem boards - build: name: librem_13v2 target: librem_13v2 @@ -464,7 +466,7 @@ workflows: requires: - librem_14 -#coreboot-git dasharo clevo_release + staging IASL patch + # dasharo release - build: name: nitropad-ns50 target: nitropad-ns50 @@ -472,6 +474,30 @@ workflows: requires: - nitropad-nv41 + # coreboot 4.11 + - build: + name: UNMAINTAINED_kgpe-d16_workstation-usb_keyboard + target: UNMAINTAINED_kgpe-d16_workstation-usb_keyboard + subcommand: "" + requires: + - UNMAINTAINED_kgpe-d16_workstation + + # coreboot 4.11 + - build: + name: UNMAINTAINED_kgpe-d16_server + target: UNMAINTAINED_kgpe-d16_server + subcommand: "" + requires: + - UNMAINTAINED_kgpe-d16_workstation + + # coreboot 4.11 + - build: + name: UNMAINTAINED_kgpe-d16_server-whiptail + target: UNMAINTAINED_kgpe-d16_server-whiptail + subcommand: "" + requires: + - UNMAINTAINED_kgpe-d16_workstation + # - build: # name: UNMAINTAINED_kgpe-d16_workstation-usb_keyboard # target: UNMAINTAINED_kgpe-d16_workstation-usb_keyboard @@ -499,34 +525,3 @@ workflows: # subcommand: "" # requires: # - librem_14 - -######################## -######################## -### OLD STUFF ### -######################## -######################## -# linuxboot steps need something to pass in the kernel header path -# skipping for now -# - run: -# name: UNMAINTAINED_qemu-linuxboot-edk2 -# command: | -# ./build/make-4.2.1/make \ -# CROSS=/cross/bin/x86_64-linux-musl- \ -# BOARD=UNMAINTAINED_qemu-linuxboot \ -# `/bin/pwd`/build/linuxboot-git/build/qemu/.configured \ -# # Run first to avoid too many processes -# -# - run: -# name: UNMAINTAINED_qemu-linuxboot -# command: | -# ./build/make-4.2.1/make \ -# CROSS=/cross/bin/x86_64-linux-musl- \ -# CPUS=16 \ -# V=1 \ -# BOARD=UNMAINTAINED_qemu-linuxboot \ -# -# - store-artifacts: -# path: build/UNMAINTAINED_qemu-linuxboot/linuxboot.rom -# - store-artifacts: -# path: build/UNMAINTAINED_qemu-linuxboot/hashes.txt - diff --git a/.envrc b/.envrc new file mode 100644 index 000000000..b85b26d14 --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +has nix && use flake diff --git a/.gitignore b/.gitignore index b41afbf1c..720f911aa 100644 --- a/.gitignore +++ b/.gitignore @@ -1,25 +1,25 @@ -.*.sw* -*.xz +*.bad *.bz2 +*.cpio +*.dep +*.ffs +*.fv *.gz -*.sign -*.rom -*.o -*.gz -*.tgz *.img -*.rom -*.cpio -typescript* -config/*.old *.log -*~ -crossgcc -clean +*.lz +*.o +*.rom *.sec -*.dep -*.ffs +*.sign +*.tgz *.vol -*.lz -*.fv -*.bad +*.xz +*~ +.*.sw* +/.direnv +clean +config/*.old +crossgcc +typescript* +result diff --git a/Makefile b/Makefile index 4f113d9c9..38cc9f685 100644 --- a/Makefile +++ b/Makefile @@ -25,11 +25,48 @@ INSTALL = $(pwd)/install/$(CONFIG_TARGET_ARCH) log_dir = $(build)/log board_build = $(build)/$(BOARD) + +# Estimated memory required per job in GB (e.g., 1GB for gcc) +MEM_PER_JOB_GB ?= 1 + # Controls how many parallel jobs are invoked in subshells -CPUS ?= $(shell nproc) -MAKE_JOBS ?= -j$(CPUS) --max-load 16 +CPUS ?= $(shell nproc) +AVAILABLE_MEM_GB ?= $(shell cat /proc/meminfo | grep MemAvailable | awk '{print int($$2 / 1024)}') + +# Calculate the maximum number of jobs based on available memory +MAX_JOBS_MEM := $(shell echo $$(( $(AVAILABLE_MEM_GB) / $(MEM_PER_JOB_GB) ))) + +# Use the minimum of the system's CPUs and the calculated max jobs based on memory +CPUS := $(shell echo $$(($(CPUS) < $(MAX_JOBS_MEM) ? $(CPUS) : $(MAX_JOBS_MEM)))) + +# Load average can be adjusted to be higher than CPUS to allow for some CPU overcommit +# Multiply by 3 and then divide by 2 to achieve the effect of multiplying by 1.5 using integer arithmetic +LOADAVG ?= $(shell echo $$(( ($(CPUS) * 3) / 2 ))) + +# Construct MAKE_JOBS with dynamic CPU count and load average +MAKE_JOBS := -j$(CPUS) --load-average=$(LOADAVG) # Add other flags as needed to be more adaptive to CIs + +# Print out the settings and compare system values with actual ones used +$(info ----------------------------------------------------------------------) +$(info !!!!!! BUILD SYSTEM INFO !!!!!!) +$(info System CPUS: $(shell nproc)) +$(info System Available Memory: $(AVAILABLE_MEM_GB) GB) +$(info System Load Average: $(shell uptime | awk '{print $$10}')) +$(info ----------------------------------------------------------------------) +$(info Used **CPUS**: $(CPUS)) +$(info Used **LOADAVG**: $(LOADAVG)) +$(info Used **AVAILABLE_MEM_GB**: $(AVAILABLE_MEM_GB) GB) +$(info ----------------------------------------------------------------------) +$(info **MAKE_JOBS**: $(MAKE_JOBS)) +$(info ) +$(info Variables available for override (use 'make VAR_NAME=value'):) +$(info **CPUS** (default: number of processors, e.g., 'make CPUS=4')) +$(info **LOADAVG** (default: 1.5 times CPUS, e.g., 'make LOADAVG=54')) +$(info **AVAILABLE_MEM_GB** (default: memory available on the system in GB, e.g., 'make AVAILABLE_MEM_GB=4')) +$(info **MEM_PER_JOB_GB** (default: 1GB per job, e.g., 'make MEM_PER_JOB_GB=2')) +$(info ----------------------------------------------------------------------) +$(info !!!!!! Build starts !!!!!!) -WGET ?= wget # Timestamps should be in ISO format DATE=`date --rfc-3339=seconds` @@ -162,6 +199,7 @@ heads_cc := $(CROSS)gcc \ -fdebug-prefix-map=$(pwd)=heads \ -gno-record-gcc-switches \ -D__MUSL__ \ + --sysroot $(INSTALL) \ -isystem $(INSTALL)/include \ -L$(INSTALL)/lib \ @@ -230,12 +268,10 @@ all payload: FORCE: # Copies config while replacing predefined placeholders with actual values +# This is used in a command like 'this && $(call install_config ...) && that' +# so it needs to evaluate to a shell command. define install_config = - sed -e 's!@BOARD_BUILD_DIR@!$(board_build)!g' \ - -e 's!@BLOB_DIR@!$(pwd)/blobs!g' \ - -e 's!@BRAND_DIR@!$(pwd)/branding/$(BRAND_NAME)!g' \ - -e 's!@BRAND_NAME@!$(BRAND_NAME)!g' \ - "$1" > "$2" + $(pwd)/bin/prepare_module_config.sh "$1" "$2" "$(board_build)" "$(BRAND_NAME)" endef # Make helpers to operate on lists of things @@ -783,6 +819,8 @@ $(board_build)/$(CB_OUTPUT_BASENAME)-gpg-injected.rom: $(board_build)/$(CB_OUTPU ./bin/inject_gpg_key.sh --cbfstool "$(build)/$(coreboot_dir)/cbfstool" \ "$(board_build)/$(CB_OUTPUT_FILE_GPG_INJ)" "$(PUBKEY_ASC)" + +#Dev cycles helpers: real.clean: for dir in \ $(module_dirs) \ @@ -794,4 +832,28 @@ real.clean: done cd install && rm -rf -- * real.gitclean: + @echo "Cleaning the repository using Git ignore file as a base..." + @echo "This will wipe everything not in the Git tree, but keep downloaded coreboot forks (detected as Git repos)." git clean -fxd + +real.gitclean_keep_packages: + @echo "Cleaning the repository using Git ignore file as a base..." + @echo "This will wipe everything not in the Git tree, but keep the 'packages' directory." + git clean -fxd -e "packages" + +real.remove_canary_files-extract_patch_rebuild_what_changed: + @echo "Removing 'canary' files to force Heads to restart building board configurations..." + @echo "This will check package integrity, extract them, redo patching on files, and rebuild what needs to be rebuilt." + @echo "It will also reinstall the necessary files under './install'." + @echo "Limitations: If a patch creates a file in an extracted package directory, this approach may fail without further manual actions." + @echo "In such cases, Git will inform you about the file that couldn't be created as expected. Simply delete those files and relaunch the build." + @echo "This approach economizes time since most build artifacts do not need to be rebuilt, as the file dates should be the same as when you originally built them." + @echo "Only a minimal time is needed for rebuilding, which is also good for your SSD." + @echo "*** USE THIS APPROACH FIRST ***" + find ./build/ -type f -name ".canary" -print -delete + find ./install/*/* -print -exec rm -rf {} + + +real.gitclean_keep_packages_and_build: + @echo "Cleaning the repository using Git ignore file as a base..." + @echo "This will wipe everything not in the Git tree, but keep the 'packages' and 'build' directories." + git clean -fxd -e "packages" -e "build" diff --git a/README.md b/README.md index a0819f48a..dbc082988 100644 --- a/README.md +++ b/README.md @@ -28,8 +28,87 @@ Please refer to [Heads-wiki](https://osresearch.net) for your Heads' documentati Building heads === + +Under QubesOS? +==== +* Setup nix persistent layer under QubesOS (Thanks @rapenne-s !) + * https://dataswamp.org/~solene/2023-05-15-qubes-os-install-nix.html +* Install docker under QubesOS (imperfect old article of mine. Better somewhere?) + * https://gist.github.com/tlaurion/9113983bbdead492735c8438cd14d6cd + +Build docker from nix develop layer locally +==== + +#### Set up Nix and flakes + +* If you don't already have Nix, install it: + * `[ -d /nix ] || sh <(curl -L https://nixos.org/nix/install) --no-daemon` + * `. /home/user/.nix-profile/etc/profile.d/nix.sh` +* Enable flake support in nix + * `mkdir -p ~/.config/nix` + * `echo 'experimental-features = nix-command flakes' >>~/.config/nix/nix.conf` + +#### Build image + +* Build nix developer local environment with flakes locked to specified versions + * `nix --print-build-logs --verbose develop --ignore-environment --command true` +* Build docker image with current develop created environment (this will take a while and create "linuxboot/heads:dev-env" local docker image: + * `nix build .#dockerImage && docker load < result` + +Done! + +Your local docker image "linuxboot/heads:dev-env" is ready to use, reproducible for the specific Heads commit used and will produce ROMs reproducible for that Heads commit ID. + +Jump into nix develop created docker image for interactive workflow +===== +`docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) linuxboot/heads:dev-env` + + +From there you can use the docker image interactively. + `make BOARD=board_name` where board_name is the name of the board directory under `./boards` directory. + +One such useful example is to build and test qemu board roms and test them through qemu/kvm/swtpm provided in the docker image. +Please refer to [qemu documentation](targets/qemu.md) for more information. + +Eg: +``` +make BOARD=qemu-coreboot-fbwhiptail-tpm2 # Build rom, export public key to emulated usb storage from qemu runtime +make BOARD=qemu-coreboot-fbwhiptail-tpm2 PUBKEY_ASC=~/pubkey.asc inject_gpg # Inject pubkey into rom image +make BOARD=qemu-coreboot-fbwhiptail-tpm2 USB_TOKEN=Nitrokey3NFC PUBKEY_ASC=~/pubkey.asc ROOT_DISK_IMG=~/qemu-disks/debian-9.cow2 INSTALL_IMG=~/Downloads/debian-9.13.0-amd64-xfce-CD-1.iso run # Install +``` + +Alternatively, you can use locally built docker image to build a board ROM image in a single call. + +Eg: +`docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) linuxboot/heads:dev-env -- make BOARD=nitropad-nv41` + + +Pull docker hub image to prepare reproducible ROMs as CircleCI in one call +==== +``` +docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=x230-hotp-maximized +docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=nitropad-nv41 +``` + +Maintenance notes on docker image +=== +Redo the steps above in case the flake.nix or nix.lock changes. Then publish on docker hub: + +``` +docker tag tlaurion/heads-dev-env:vx.y.z tlaurion/heads-dev-env:latest +docker push tlaurion/heads-dev-env:latest +``` + +Notes: +- Local builds can use ":latest" tag, which will use latest tested successful CircleCI run +- To reproduce CirlceCI results, make sure to use the same versioned tag declared under .circleci/config.yml's "image:" + + + +General notes on reproducible builds +=== In order to build reproducible firmware images, Heads builds a specific version of gcc and uses it to compile the Linux kernel and various tools that go into the initrd. Unfortunately this means the first step is a diff --git a/bin/cpio-clean b/bin/cpio-clean index c7e7ea51b..8eaa81f14 100755 --- a/bin/cpio-clean +++ b/bin/cpio-clean @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/bin/env perl # Clean all non-deterministric fields in a newc cpio file # # Items fixed: diff --git a/bin/prepare_module_config.sh b/bin/prepare_module_config.sh new file mode 100755 index 000000000..ba312ebfc --- /dev/null +++ b/bin/prepare_module_config.sh @@ -0,0 +1,27 @@ +#! /usr/bin/env bash + +TEMPLATE="$1" +RESULT="$2" +BOARD_BUILD="$3" +BRAND_NAME="$4" + +repo="$(realpath "$(dirname "${BASH_SOURCE[0]}")/..")" +# For both coreboot and Linux, the config file is in a board- +# specific build directory, but the build occurs from the +# parent of that directory. +module_dir="$(realpath "$(dirname "$2")/..")" + +# Use relative paths since the config may be part of the ROM +# artifacts, and relative paths won't depend on the workspace +# absolute path. +board_build_rel="$(realpath --relative-to "$module_dir" "$BOARD_BUILD")" +repo_rel="$(realpath --relative-to "$module_dir" "$repo")" + +echo "board_build_rel=$board_build_rel" +echo "repo_rel=$repo_rel" + +sed -e "s!@BOARD_BUILD_DIR@!${board_build_rel}!g" \ + -e "s!@BLOB_DIR@!${repo_rel}/blobs!g" \ + -e "s!@BRAND_DIR@!${repo_rel}/branding/$BRAND_NAME!g" \ + -e "s!@BRAND_NAME@!$BRAND_NAME!g" \ + "$TEMPLATE" > "$RESULT" diff --git a/bin/verity-sign b/bin/verity-sign index d616a0d37..2074555ee 100755 --- a/bin/verity-sign +++ b/bin/verity-sign @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/bin/env perl # Generate dm-verity hashes and sign the root hash # # Output looks like diff --git a/blobs/haswell/.gitignore b/blobs/haswell/.gitignore new file mode 100644 index 000000000..b3810c18c --- /dev/null +++ b/blobs/haswell/.gitignore @@ -0,0 +1 @@ +mrc.bin diff --git a/blobs/haswell/obtain-mrc b/blobs/haswell/obtain-mrc index 42a6daabd..3e87cab32 100755 --- a/blobs/haswell/obtain-mrc +++ b/blobs/haswell/obtain-mrc @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -e diff --git a/blobs/p8z77-m_pro/download_BIOS_clean.sh b/blobs/p8z77-m_pro/download_BIOS_clean.sh index 673a617e4..6f604106e 100755 --- a/blobs/p8z77-m_pro/download_BIOS_clean.sh +++ b/blobs/p8z77-m_pro/download_BIOS_clean.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # P7 ASUS function printusage { diff --git a/blobs/t420/extract.sh b/blobs/t420/extract.sh index 422924741..3c8920430 100755 --- a/blobs/t420/extract.sh +++ b/blobs/t420/extract.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash function printusage { echo "Usage: $0 -f -m (optional) -i (optional)" diff --git a/blobs/t440p/.gitignore b/blobs/t440p/.gitignore new file mode 100644 index 000000000..24d49395b --- /dev/null +++ b/blobs/t440p/.gitignore @@ -0,0 +1 @@ +me.bin diff --git a/blobs/t440p/download-clean-me b/blobs/t440p/download-clean-me index 26297d89e..37411a40f 100755 --- a/blobs/t440p/download-clean-me +++ b/blobs/t440p/download-clean-me @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -e diff --git a/blobs/t440p/extract b/blobs/t440p/extract index 0307b93b6..88a66bbc7 100755 --- a/blobs/t440p/extract +++ b/blobs/t440p/extract @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -e diff --git a/blobs/w541/.gitignore b/blobs/w541/.gitignore new file mode 100644 index 000000000..24d49395b --- /dev/null +++ b/blobs/w541/.gitignore @@ -0,0 +1 @@ +me.bin diff --git a/blobs/w541/download-clean-me b/blobs/w541/download-clean-me index 26297d89e..37411a40f 100755 --- a/blobs/w541/download-clean-me +++ b/blobs/w541/download-clean-me @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -e diff --git a/blobs/w541/extract b/blobs/w541/extract index 0307b93b6..88a66bbc7 100755 --- a/blobs/w541/extract +++ b/blobs/w541/extract @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -e diff --git a/blobs/x220/extract.sh b/blobs/x220/extract.sh index 422924741..3c8920430 100755 --- a/blobs/x220/extract.sh +++ b/blobs/x220/extract.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash function printusage { echo "Usage: $0 -f -m (optional) -i (optional)" diff --git a/blobs/xx20/.gitignore b/blobs/xx20/.gitignore new file mode 100644 index 000000000..24d49395b --- /dev/null +++ b/blobs/xx20/.gitignore @@ -0,0 +1 @@ +me.bin diff --git a/blobs/xx20/download_parse_me.sh b/blobs/xx20/download_parse_me.sh index 894a2e069..1289c66aa 100755 --- a/blobs/xx20/download_parse_me.sh +++ b/blobs/xx20/download_parse_me.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" diff --git a/blobs/xx20/me7_update_parser.py b/blobs/xx20/me7_update_parser.py index 8f201c26d..f862140d9 100644 --- a/blobs/xx20/me7_update_parser.py +++ b/blobs/xx20/me7_update_parser.py @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/env python """ME7 Update binary parser.""" diff --git a/blobs/xx30/.gitignore b/blobs/xx30/.gitignore new file mode 100644 index 000000000..24d49395b --- /dev/null +++ b/blobs/xx30/.gitignore @@ -0,0 +1 @@ +me.bin diff --git a/blobs/xx30/download_clean_me.sh b/blobs/xx30/download_clean_me.sh index a259a6477..994f1cdbc 100755 --- a/blobs/xx30/download_clean_me.sh +++ b/blobs/xx30/download_clean_me.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash function printusage { echo "Usage: $0 -m (optional)" diff --git a/blobs/xx30/download_clean_me_manually.sh b/blobs/xx30/download_clean_me_manually.sh index c2cfc9d36..d7e44d010 100755 --- a/blobs/xx30/download_clean_me_manually.sh +++ b/blobs/xx30/download_clean_me_manually.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash function printusage { echo "Usage: $0 -m (optional)" diff --git a/blobs/xx30/extract.sh b/blobs/xx30/extract.sh index f63c4d31e..3a5ee504a 100755 --- a/blobs/xx30/extract.sh +++ b/blobs/xx30/extract.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash function printusage { echo "Usage: $0 -f -m (optional) -i (optional)" diff --git a/blobs/xx30/me_cleaner.py b/blobs/xx30/me_cleaner.py index c2adf0e80..46f883e30 100755 --- a/blobs/xx30/me_cleaner.py +++ b/blobs/xx30/me_cleaner.py @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/env python # me_cleaner - Tool for partial deblobbing of Intel ME/TXE firmware images # Copyright (C) 2016-2018 Nicola Corna diff --git a/blobs/xx30/vbios_t530.sh b/blobs/xx30/vbios_t530.sh index 0669859d1..dae75f3f0 100755 --- a/blobs/xx30/vbios_t530.sh +++ b/blobs/xx30/vbios_t530.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" ROMPARSER="94a615302f89b94e70446270197e0f5138d678f3" diff --git a/blobs/xx30/vbios_w530.sh b/blobs/xx30/vbios_w530.sh index b5230e0a6..bbff9c8b5 100755 --- a/blobs/xx30/vbios_w530.sh +++ b/blobs/xx30/vbios_w530.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" ROMPARSER="94a615302f89b94e70446270197e0f5138d678f3" diff --git a/blobs/z220/.gitignore b/blobs/z220/.gitignore new file mode 100644 index 000000000..0aa573338 --- /dev/null +++ b/blobs/z220/.gitignore @@ -0,0 +1,2 @@ +ifd.bin +me.bin diff --git a/blobs/z220/download_BIOS_clean.sh b/blobs/z220/download_BIOS_clean.sh index 870574c78..b21ae3b2e 100755 --- a/blobs/z220/download_BIOS_clean.sh +++ b/blobs/z220/download_BIOS_clean.sh @@ -1,4 +1,5 @@ -#!/bin/bash +#!/usr/bin/env bash + # Z220 CMT HP function printusage { @@ -65,4 +66,4 @@ echo "$FINAL_ME_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verif echo "###Cleaning up..." cd - -rm -r "$extractdir" \ No newline at end of file +rm -r "$extractdir" diff --git a/unmaintained_boards/UNMAINTAINED_kgpe-d16_server-whiptail/UNMAINTAINED_kgpe-d16_server-whiptail.config b/boards/UNMAINTAINED_kgpe-d16_server-whiptail/UNMAINTAINED_kgpe-d16_server-whiptail.config similarity index 100% rename from unmaintained_boards/UNMAINTAINED_kgpe-d16_server-whiptail/UNMAINTAINED_kgpe-d16_server-whiptail.config rename to boards/UNMAINTAINED_kgpe-d16_server-whiptail/UNMAINTAINED_kgpe-d16_server-whiptail.config diff --git a/unmaintained_boards/UNMAINTAINED_kgpe-d16_server/UNMAINTAINED_kgpe-d16_server.config b/boards/UNMAINTAINED_kgpe-d16_server/UNMAINTAINED_kgpe-d16_server.config similarity index 100% rename from unmaintained_boards/UNMAINTAINED_kgpe-d16_server/UNMAINTAINED_kgpe-d16_server.config rename to boards/UNMAINTAINED_kgpe-d16_server/UNMAINTAINED_kgpe-d16_server.config diff --git a/unmaintained_boards/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config b/boards/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config similarity index 100% rename from unmaintained_boards/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config rename to boards/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config diff --git a/unmaintained_boards/UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config b/boards/UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config similarity index 100% rename from unmaintained_boards/UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config rename to boards/UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config diff --git a/flake.lock b/flake.lock new file mode 100644 index 000000000..491e53f71 --- /dev/null +++ b/flake.lock @@ -0,0 +1,61 @@ +{ + "nodes": { + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1711703276, + "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 000000000..94c947f63 --- /dev/null +++ b/flake.nix @@ -0,0 +1,152 @@ +{ + description = "Optimized heads flake for Docker image with garbage collection protection"; + + # Inputs define external dependencies and their sources. + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; # Using the unstable channel for the latest packages, while flake.lock fixates the commit reused until changed. + flake-utils.url = "github:numtide/flake-utils"; # Utilities for flake functionality. + }; + # Outputs are the result of the flake, including the development environment and Docker image. + outputs = { + self, + flake-utils, + nixpkgs, + ... + }: + flake-utils.lib.eachDefaultSystem (system: let + pkgs = nixpkgs.legacyPackages.${system}; # Accessing the legacy package set. + lib = pkgs.lib; # The standard Nix packages library. + + # Dependencies are the packages required for the Heads project. + # Organized into subsets for clarity and maintainability. + deps = with pkgs; [ + # Core build utilities + autoconf + automake + bashInteractive + coreutils + bc + bison # Generate flashmap descriptor parser + bzip2 + cacert + ccache + cmake + cpio + curl + diffutils + dtc + e2fsprogs + elfutils + findutils + flex + gawk + git + gnat + gnugrep + gnumake + gnused + gnutar + gzip + imagemagick # For bootsplash manipulation. + innoextract # ROM extraction for dGPU. + libtool + m4 + ncurses5 # make menuconfig and slang + openssl #needed for talos-2 kernel build + parted + patch + perl + pkg-config + python3 # me_cleaner, coreboot. + rsync # coreboot. + sharutils + texinfo + unzip + wget + which + xz + zip + zlib + zlib.dev + ] ++ [ + # Packages for qemu support with Canokey integration. + #qemu_full #Heavier but contains qemu-img, kvm and everything else needed to do development cycles under docker + qemu # To test make BOARD=qemu-coreboot-* boards and then call make BOARD=qemu-coreboot-* with inject_gpg statement, and then run statement. + qemu_kvm # kvm additional support for qemu without all the qemu-img and everything else under qemu_full + # + # TODO: make work qemu-canokey not existing in caches: + # Below are overrides to make canokey-qemu library availabe to qemu built derivative through override) + #canokey doesn't work still even if compiled in, so no reason to add 1Gb of stuff in the image (qemu -device canokey not exposed even if configured in) + #canokey-qemu # Canokey lib for qemu build-time compilation. + #(qemu.override { + # canokeySupport = true; # This override enables Canokey support in QEMU, resulting in -device canokey being available. + #}) + ] ++ [ + # Additional tools for debugging/editing/testing. + vim # Mostly used amongst us, sorry if you'd like something else, open issue. + swtpm # QEMU requirement to emulate tpm1/tpm2. + dosfstools # QEMU requirement to produce valid fs to store exported public key to be fused through inject_key on qemu (so qemu flashrom emulated SPI support). + ] ++ [ + # Tools for handling binary blobs in their compressed state. (blobs/xx30/vbios_[tw]530.sh) + bundler + p7zip + ruby + sudo # ( °-° ) + upx + ]; + in { + # The development shell includes all the dependencies. + devShell = pkgs.mkShellNoCC { + buildInputs = deps; + }; + + # myDevShell outputs environment variables necessary for development. + packages.myDevShell = + pkgs.runCommand "my-dev-shell" {} + #bash + '' + grep \ + -e CMAKE_PREFIX_PATH \ + -e NIX_CC_WRAPPER_TARGET_TARGET \ + -e NIX_CFLAGS_COMPILE_FOR_TARGET \ + -e NIX_LDFLAGS_FOR_TARGET \ + -e PKG_CONFIG_PATH_FOR_TARGET \ + -e ACLOCAL_PATH \ + ${self.devShell.${system}} >$out + ''; + + # Docker image configuration for the Heads project. + packages.dockerImage = pkgs.dockerTools.buildLayeredImage { + name = "linuxboot/heads"; + tag = "dev-env"; + config.Entrypoint = ["bash" "-c" ''source /devenv.sh; if (( $# == 0 )); then exec bash; else exec "$0" "$@"; fi'']; + contents = + deps + ++ [ + pkgs.dockerTools.binSh + pkgs.dockerTools.caCertificates + pkgs.dockerTools.usrBinEnv + ]; + enableFakechroot = true; + fakeRootCommands = + #bash + '' + set -e + + # Environment setup for the development shell. + grep \ + -e NIX_CC_WRAPPER_TARGET_TARGET \ + -e NIX_CFLAGS_COMPILE_FOR_TARGET \ + -e NIX_LDFLAGS_FOR_TARGET \ + -e NIX_PKG_CONFIG_WRAPPER_TARGET \ + -e PKG_CONFIG_PATH_FOR_TARGET \ + -e ACLOCAL_PATH \ + ${self.devShell.${system}} >/devenv.sh + + # Git configuration for safe directory access. + printf '[safe]\n\tdirectory = *\n' >/.gitconfig + mkdir /tmp; # Temporary directory for various operations. + ''; + }; + }); +} diff --git a/modules/bash b/modules/bash index e29fed726..62f063f93 100644 --- a/modules/bash +++ b/modules/bash @@ -14,16 +14,16 @@ bash_configure := CFLAGS="-g0 -Os" LDFLAGS="-s" ./configure \ $(CROSS_TOOLS) \ --host $(target) \ --prefix="/usr" \ - --enable-largefile \ - --infodir=/usr/share/info \ - --mandir=/usr/share/man \ - --without-bash-malloc \ + --infodir=/usr/share/info \ + --mandir=/usr/share/man \ --disable-coprocesses \ - --enable-debugger \ --disable-net-redirections \ - --enable-single-help-strings \ --disable-nls \ + --enable-debugger \ + --enable-largefile \ --enable-readline \ + --enable-single-help-strings \ + --without-bash-malloc bash_target := $(MAKE_JOBS) \ && $(MAKE) -C $(build)/$(bash_dir) \ diff --git a/modules/cairo b/modules/cairo index b4970652a..81d71e9a4 100644 --- a/modules/cairo +++ b/modules/cairo @@ -12,10 +12,16 @@ cairo_configure := \ ./configure \ --host $(MUSL_ARCH)-elf-linux \ --prefix="/" \ - --disable-xlib --disable-xcb --disable-pdf \ - --disable-ps --disable-svg --disable-script \ - --disable-ft --disable-fc --disable-pthread \ + --disable-fc \ + --disable-ft \ --disable-gobject \ + --disable-pdf \ + --disable-ps \ + --disable-pthread \ + --disable-script \ + --disable-svg \ + --disable-xcb \ + --disable-xlib \ && sed \ -e 's/^hardcode_libdir_flag_spec.*/hardcode_libdir_flag_spec=" -D__LIBTOOL_RPATH_DISABLE__ "/' \ < libtool \ diff --git a/modules/cryptsetup2 b/modules/cryptsetup2 index b7ffd8d43..6becf6db8 100644 --- a/modules/cryptsetup2 +++ b/modules/cryptsetup2 @@ -16,8 +16,8 @@ cryptsetup2_configure := \ ./configure \ --host $(MUSL_ARCH)-elf-linux \ --prefix "/" \ - --disable-rpath \ --disable-gcrypt-pbkdf2 \ + --disable-rpath \ --enable-cryptsetup-reencrypt \ --with-crypto_backend=kernel \ --with-tmpfilesdir=$(INSTALL)/lib/tmpfiles.d diff --git a/modules/dropbear b/modules/dropbear index 285f97bb7..ac32a59ca 100644 --- a/modules/dropbear +++ b/modules/dropbear @@ -11,8 +11,8 @@ dropbear_configure := ./configure \ $(CROSS_TOOLS) \ --host $(MUSL_ARCH)-elf-linux \ --prefix "/" \ - --disable-syslog \ --disable-lastlog \ + --disable-syslog \ --disable-utmp \ --disable-utmpx \ --disable-wtmp \ diff --git a/modules/flashrom b/modules/flashrom index c7ce3e949..63143d9dd 100644 --- a/modules/flashrom +++ b/modules/flashrom @@ -27,10 +27,13 @@ ifeq "$(CONFIG_FLASHROM_AST1100)" "y" flashrom_cfg += CONFIG_AST1100=yes endif - - flashrom_target := \ $(MAKE_JOBS) \ + CFLAGS="-Os -I$(INSTALL)/include/pci" \ + DESTDIR="$(INSTALL)" \ + INSTALL="$(INSTALL)" \ + LDFLAGS="-L$(INSTALL)/lib" \ + PREFIX="$(INSTALL)" \ $(CROSS_TOOLS) \ $(flashrom_cfg) \ flashrom diff --git a/modules/flashtools b/modules/flashtools index edbf136d9..94386ba7c 100644 --- a/modules/flashtools +++ b/modules/flashtools @@ -10,6 +10,7 @@ flashtools_hash := a68cdb4a2e312f96862119a6d829ac900b53d0cbc80caa5632efd43b5b7ee flashtools_target := \ $(CROSS_TOOLS) \ + $(MAKE_JOBS) \ CFLAGS="-Os -I$(INSTALL)/include" \ LDFLAGS="-L$(INSTALL)/lib" \ diff --git a/modules/gpg b/modules/gpg index e6b8f2c52..7bab72e71 100644 --- a/modules/gpg +++ b/modules/gpg @@ -23,20 +23,20 @@ gpg_configure := \ ./configure \ --build $(MUSL_ARCH)-elf-linux \ --host $(MUSL_ARCH)-linux-musl \ - --with-libusb="$(INSTALL)" \ --prefix "/" \ - --enable-card-support \ - --disable-bzip2 \ --disable-asm \ + --disable-bzip2 \ + --disable-dns-cert \ + --disable-dns-srv \ --disable-exec \ - --disable-photo-viewers \ + --disable-finger \ + --disable-hkp \ --disable-keyserver-helpers \ --disable-ldap \ - --disable-hkp \ - --disable-finger \ - --disable-dns-srv \ - --disable-dns-cert \ + --disable-photo-viewers \ --disable-regex \ + --enable-card-support \ + --with-libusb="$(INSTALL)" \ # Run one build to generate the executables with the pre-defined # exec_prefix and datarootdir, then a second make to install the binaries diff --git a/modules/gpg2 b/modules/gpg2 index 141dbeb3b..fe340c4ff 100644 --- a/modules/gpg2 +++ b/modules/gpg2 @@ -1,10 +1,10 @@ modules-$(CONFIG_GPG2) += gpg2 -gpg2_version := 2.4.0 +gpg2_version := 2.4.2 gpg2_dir := gnupg-$(gpg2_version) gpg2_tar := gnupg-$(gpg2_version).tar.bz2 gpg2_url := https://www.gnupg.org/ftp/gcrypt/gnupg/$(gpg2_tar) -gpg2_hash := 1d79158dd01d992431dd2e3facb89fdac97127f89784ea2cb610c600fb0c1483 +gpg2_hash := 97eb47df8ae5a3ff744f868005a090da5ab45cb48ee9836dbf5ee739a4e5cf49 gpg2_depends := libgpg-error libgcrypt libksba libassuan npth libusb $(musl_dep) # For reproducibility reasons we have to override the exec_prefix @@ -18,35 +18,32 @@ gpg2_configure := \ ./configure \ CPPFLAGS="-I$(INSTALL)/include/libusb-1.0" \ --host $(MUSL_ARCH)-linux-musl \ - --with-libusb="$(INSTALL)" \ - --with-gpg-error-prefix="$(INSTALL)" \ - --with-libgcrypt-prefix="$(INSTALL)" \ - --with-libassuan-prefix="$(INSTALL)" \ - --with-ksba-prefix="$(INSTALL)" \ - --with-npth-prefix="$(INSTALL)" \ --prefix "/" \ --libexecdir "/bin" \ - --enable-scdaemon \ - --enable-ccid-driver \ - --disable-tofu \ - --disable-rpath \ - --disable-regex \ - --disable-doc \ + --disable-all-tests \ --disable-bzip2 \ + --disable-dirmngr \ + --disable-doc \ --disable-exec \ - --disable-photo-viewers \ + --disable-gnutls \ + --disable-gpgsm \ --disable-ldap \ - --disable-regex \ + --disable-libdns \ --disable-nls \ - --disable-all-tests \ - --disable-wks-tools \ - --disable-gnutls \ - --disable-dirmngr \ --disable-ntbtls \ - --disable-libdns \ - --disable-zip \ + --disable-photo-viewers \ + --disable-rpath \ --disable-sqlite \ - --disable-gpgsm \ + --disable-tofu \ + --disable-wks-tools \ + --disable-zip \ + --enable-ccid-driver \ + --enable-scdaemon \ + --with-gpg-error-prefix="$(INSTALL)" \ + --with-ksba-prefix="$(INSTALL)" \ + --with-libassuan-prefix="$(INSTALL)" \ + --with-libgcrypt-prefix="$(INSTALL)" \ + --with-npth-prefix="$(INSTALL)" \ # Run one build to generate the executables with the pre-defined # exec_prefix and datarootdir, then a second make to install the binaries diff --git a/modules/ioport b/modules/ioport index 2d1c6b352..ab25c9299 100644 --- a/modules/ioport +++ b/modules/ioport @@ -8,8 +8,8 @@ ioport_hash := 7fac1c4b61eb9411275de0e1e7d7a8c3f34166f64f16413f50741e8fce2b8dc0 ioport_configure := CFLAGS=-Os ./configure \ $(CROSS_TOOLS) \ + --host i386-elf-linux \ --prefix "/" \ - --host i386-elf-linux ioport_target := \ $(MAKE_JOBS) $(CROSS_TOOLS) inb && \ diff --git a/modules/json-c b/modules/json-c index 158e320fd..cf310c3cf 100644 --- a/modules/json-c +++ b/modules/json-c @@ -31,7 +31,7 @@ json-c_configure := \ cmake .. -DCMAKE_INSTALL_PREFIX="$(INSTALL)" -DCMAKE_TOOLCHAIN_FILE=../toolchain -DCMAKE_BUILD_TYPE=minsizerel json-c_target := \ - $(CROSS_TOOLS) -C $(build)/$(json-c_dir)/build \ + $(CROSS_TOOLS) $(MAKE_JOBS) -C $(build)/$(json-c_dir)/build \ all install json-c_libraries := build/libjson-c.so.5 diff --git a/modules/kbd b/modules/kbd index f6d3f405a..2286e5cc7 100644 --- a/modules/kbd +++ b/modules/kbd @@ -16,11 +16,11 @@ kbd_hash := aaed530a1490d63d041448372e2ad4f38c3179042903251000b71d527c46e945 kbd_configure := CFLAGS=-Os ./configure \ $(CROSS_TOOLS) \ - --prefix "" \ --host i386-elf-linux \ - --disable-optional-progs \ + --prefix "" \ --disable-libkeymap \ --disable-libkfont \ + --disable-optional-progs \ --disable-vlock \ kbd_target := \ diff --git a/modules/libassuan b/modules/libassuan index a2536be7c..7143534d1 100644 --- a/modules/libassuan +++ b/modules/libassuan @@ -1,10 +1,10 @@ modules-$(CONFIG_GPG2) += libassuan -libassuan_version := 2.5.5 +libassuan_version := 2.5.6 libassuan_dir := libassuan-$(libassuan_version) libassuan_tar := libassuan-$(libassuan_version).tar.bz2 libassuan_url := https://gnupg.org/ftp/gcrypt/libassuan/$(libassuan_tar) -libassuan_hash := 8e8c2fcc982f9ca67dcbb1d95e2dc746b1739a4668bc20b3a3c5be632edb34e4 +libassuan_hash := e9fd27218d5394904e4e39788f9b1742711c3e6b41689a31aa3380bd5aa4f426 libassuan_configure := \ CFLAGS="-Os" \ @@ -12,9 +12,9 @@ libassuan_configure := \ ./configure \ --host $(MUSL_ARCH)-linux-musl \ --prefix "/" \ - --disable-static \ --disable-doc \ - --with-gpg-error-prefix="$(INSTALL)" \ + --disable-static \ + --with-libgpg-error-prefix="$(INSTALL)" \ libassuan_target := $(MAKE_JOBS) \ DESTDIR="$(INSTALL)" \ diff --git a/modules/libgcrypt b/modules/libgcrypt index c46fe6085..2b630c02d 100644 --- a/modules/libgcrypt +++ b/modules/libgcrypt @@ -1,10 +1,10 @@ modules-$(CONFIG_GPG2) += libgcrypt -libgcrypt_version := 1.10.1 +libgcrypt_version := 1.10.2 libgcrypt_dir := libgcrypt-$(libgcrypt_version) libgcrypt_tar := libgcrypt-$(libgcrypt_version).tar.bz2 libgcrypt_url := https://gnupg.org/ftp/gcrypt/libgcrypt/$(libgcrypt_tar) -libgcrypt_hash := ef14ae546b0084cd84259f61a55e07a38c3b53afc0f546bffcef2f01baffe9de +libgcrypt_hash := 3b9c02a004b68c256add99701de00b383accccf37177e0d6c58289664cce0c03 libgcrypt_configure := \ $(CROSS_TOOLS) \ @@ -12,9 +12,9 @@ libgcrypt_configure := \ ./configure \ --host=$(MUSL_ARCH)-linux-musl \ --prefix "/" \ - --disable-static \ - --with-gpg-error-prefix="$(INSTALL)" \ --disable-doc \ + --disable-static \ + --with-libgpg-error-prefix="$(INSTALL)" \ libgcrypt_target := $(MAKE_JOBS) \ DESTDIR="$(INSTALL)" \ diff --git a/modules/libgpg-error b/modules/libgpg-error index 28b01f32b..b24c9f74f 100644 --- a/modules/libgpg-error +++ b/modules/libgpg-error @@ -1,21 +1,21 @@ modules-$(CONFIG_GPG2) += libgpg-error -libgpg-error_version := 1.46 +libgpg-error_version := 1.47 libgpg-error_dir := libgpg-error-$(libgpg-error_version) libgpg-error_tar := libgpg-error-$(libgpg-error_version).tar.bz2 libgpg-error_url := https://gnupg.org/ftp/gcrypt/libgpg-error/$(libgpg-error_tar) -libgpg-error_hash := b7e11a64246bbe5ef37748de43b245abd72cfcd53c9ae5e7fc5ca59f1c81268d +libgpg-error_hash := 9e3c670966b96ecc746c28c2c419541e3bcb787d1a73930f5e5f5e1bcbbb9bdb libgpg-error_configure := \ $(CROSS_TOOLS) \ CFLAGS="-Os" \ ./configure \ - --prefix "/" \ --host=$(MUSL_ARCH)-linux-musl \ - --disable-static \ - --disable-nls \ - --disable-languages \ + --prefix "/" \ --disable-doc \ + --disable-languages \ + --disable-nls \ + --disable-static \ --disable-tests \ --enable-install-gpg-error-config \ diff --git a/modules/libksba b/modules/libksba index 7230237a7..99c226788 100644 --- a/modules/libksba +++ b/modules/libksba @@ -1,10 +1,10 @@ modules-$(CONFIG_GPG2) += libksba -libksba_version := 1.6.3 +libksba_version := 1.6.4 libksba_dir := libksba-$(libksba_version) libksba_tar := libksba-$(libksba_version).tar.bz2 libksba_url := https://gnupg.org/ftp/gcrypt/libksba/$(libksba_tar) -libksba_hash := 3f72c68db30971ebbf14367527719423f0a4d5f8103fc9f4a1c01a9fa440de5c +libksba_hash := bbb43f032b9164d86c781ffe42213a83bf4f2fee91455edfa4654521b8b03b6b libksba_configure := \ $(CROSS_TOOLS) \ @@ -13,7 +13,7 @@ libksba_configure := \ --host $(MUSL_ARCH)-linux-musl \ --prefix "/" \ --disable-static \ - --with-gpg-error-prefix="$(INSTALL)" \ + --with-libgpg-error-prefix="$(INSTALL)" \ libksba_target := $(MAKE_JOBS) \ DESTDIR="$(INSTALL)" \ diff --git a/modules/libnitrokey b/modules/libnitrokey index 455680f48..8bdb7116b 100644 --- a/modules/libnitrokey +++ b/modules/libnitrokey @@ -14,20 +14,20 @@ libnitrokey_hash := 4f3382b6193afe69c2001321038fce9490bc28803ed687152a397ccd8914 cmake_cross := "-DCMAKE_AR=$(CROSS)ar" \ -DCMAKE_CXX_COMPILER="$(CROSS)g++" \ - -DCMAKE_C_COMPILER="$(CROSS)gcc" \ + -DCMAKE_CXX_COMPILER_AR="$(CROSS)ar" \ -DCMAKE_CXX_FLAGS="-Os -fdata-sections -ffunction-sections -ffile-prefix-map=$(pwd)=heads -gno-record-gcc-switches -D__MUSL__ -I$(INSTALL)/include -L$(INSTALL)/lib " \ + -DCMAKE_C_COMPILER="$(CROSS)gcc" \ -DCMAKE_LINKER="$(CROSS)ld" - -DCMAKE_SHARED_LINKER_FLAGS="-gc-sections" - -DCMAKE_CXX_COMPILER_AR="$(CROSS)ar" \ -DCMAKE_NM="$(CROSS)nm" \ - -DCMAKE_OBJDUMP="$(CROSS)objdump" \ -DCMAKE_OBCOPY="$(CROSS)obcopy" \ + -DCMAKE_OBJDUMP="$(CROSS)objdump" \ + -DCMAKE_SHARED_LINKER_FLAGS="-gc-sections" -DCMAKE_STRIP="$(CROSS)strip" libnitrokey_configure := \ mkdir build -p && \ cd build && \ - $(CROSS_TOOLS) cmake .. -DNO_LOG=ON -DBUILD_SHARED_LIBS=OFF -DCOMPILE_TESTS=OFF -DCMAKE_INSTALL_PREFIX=/ -DCMAKE_INSTALL_LIBDIR=lib -DCMAKE_BUILD_TYPE=MinSizeRel $(cmake_cross) + $(CROSS_TOOLS) cmake .. -DBUILD_SHARED_LIBS=OFF -DCMAKE_BUILD_TYPE=MinSizeRel -DCMAKE_INSTALL_LIBDIR=lib -DCMAKE_INSTALL_PREFIX=/ -DCOMPILE_TESTS=OFF -DNO_LOG=ON $(cmake_cross) # install "by-hand" as INSTALL_PREFIX is not working as expected libnitrokey_target := $(CROSS_TOOLS) $(MAKE_JOBS) -C build DESTDIR="$(INSTALL)" && \ diff --git a/modules/libusb b/modules/libusb index a3d40c563..56dfc044e 100644 --- a/modules/libusb +++ b/modules/libusb @@ -12,11 +12,10 @@ libusb_hash := 7dce9cce9a81194b7065ee912bcd55eeffebab694ea403ffb91b67db66b1824b libusb_configure := \ CFLAGS="-Os" \ ./configure \ - $(CROSS_TOOLS)\ - --host $(MUSL_ARCH)-elf-linux\ - --prefix "/"\ - --disable-udev\ - --disable-tests\ + $(CROSS_TOOLS) \ + --host $(MUSL_ARCH)-elf-linux \ + --prefix "/" \ + --disable-udev \ # Run one build to generate the executables with the pre-defined # exec_prefix and datarootdir, then a second make to install the binaries diff --git a/modules/lvm2 b/modules/lvm2 index be1435a36..e51292d6d 100644 --- a/modules/lvm2 +++ b/modules/lvm2 @@ -18,20 +18,20 @@ lvm2_configure := \ ./configure \ --host $(MUSL_ARCH)-elf-linux \ --prefix "/" \ - --enable-devmapper \ - --disable-selinux \ - --disable-udev-systemd-background-jobs \ - --disable-realtime \ + --disable-blkid_wiping \ + --disable-cache_check_needs_check \ + --disable-cmirrord \ --disable-dmeventd \ --disable-lvmetad \ --disable-lvmpolld \ - --disable-use-lvmlockd \ + --disable-realtime \ + --disable-selinux \ + --disable-thin_check_needs_check \ + --disable-udev-systemd-background-jobs \ --disable-use-lvmetad \ + --disable-use-lvmlockd \ --disable-use-lvmpolld \ - --disable-blkid_wiping \ - --disable-cmirrord \ - --disable-cache_check_needs_check \ - --disable-thin_check_needs_check \ + --enable-devmapper \ --with-cluster=none \ --with-thin-check= \ diff --git a/modules/msrtools b/modules/msrtools index 8a9b6b5b2..25d2a3bc8 100644 --- a/modules/msrtools +++ b/modules/msrtools @@ -13,6 +13,7 @@ msrtools_url := https://github.com/osresearch/msr-tools/archive/$(msrtools_versi msrtools_hash := 80554790d0a404205fe215c9ae8d2de159e980ec23821d636f201f12550e6ac0 msrtools_target := \ + $(MAKE_JOBS) \ $(CROSS_TOOLS) \ CFLAGS="-I$(INSTALL)/include" \ LDFLAGS="-L$(INSTALL)/lib" \ diff --git a/modules/newt b/modules/newt index 3cd37658e..d9fb2c2d2 100644 --- a/modules/newt +++ b/modules/newt @@ -23,6 +23,6 @@ newt_libraries := \ newt_configure := \ ./autogen.sh && CFLAGS="-Os" ./configure \ $(CROSS_TOOLS) \ - --prefix "/" \ --host $(MUSL_ARCH)-elf-linux \ + --prefix "/" \ --without-tcl diff --git a/modules/npth b/modules/npth index b6bdb79db..1bbec1c03 100644 --- a/modules/npth +++ b/modules/npth @@ -11,7 +11,6 @@ npth_configure := ./configure \ --host $(MUSL_ARCH)-linux-musl \ --prefix "/" \ --disable-static \ - --with-gpg-error-prefix="$(INSTALL)" \ npth_target := $(MAKE_JOBS) \ DESTDIR="$(INSTALL)" \ diff --git a/modules/openssl b/modules/openssl index a9cbdcf5e..47072442b 100644 --- a/modules/openssl +++ b/modules/openssl @@ -7,6 +7,9 @@ openssl_tar := openssl-$(openssl_version).tar.gz openssl_url := https://www.openssl.org/source/$(openssl_tar) openssl_hash := 6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e +# hack to provide path to libgcc +LIBGCC_DIR := $(dir $(shell $(heads_cc) -print-libgcc-file-name)) + # The only optional algorithm that's enabled is SM3. tpm2-tss uses SHA, AES, # and SM3. openssl_configure := \ @@ -14,7 +17,6 @@ openssl_configure := \ CFLAGS="-Os" \ ./Configure \ --prefix="/" \ - no-tests \ linux-$(strip $(arch)) \ no-aria \ no-bf \ @@ -42,6 +44,7 @@ openssl_configure := \ no-siv \ no-sm2 \ no-sm4 \ + no-tests \ no-whirlpool \ openssl_target := $(MAKE_JOBS) \ diff --git a/modules/pinentry b/modules/pinentry index 7fa92cdfe..86ab96b6a 100644 --- a/modules/pinentry +++ b/modules/pinentry @@ -19,19 +19,18 @@ pinentry_configure := \ ./configure \ --host $(MUSL_ARCH)-linux-musl \ --prefix "/" \ - --enable-pinentry-tty \ - --disable-libsecret \ --disable-fallback-curses \ + --disable-libsecret \ --disable-pinentry-curses \ - --disable-pinentry-qt \ - --disable-pinentry-gtk2 \ - --disable-pinentry-gnome3 \ - --disable-pinentry-fltk \ --disable-pinentry-emacs \ - --disable-fallback-curses \ + --disable-pinentry-fltk \ + --disable-pinentry-gnome3 \ + --disable-pinentry-gtk2 \ + --disable-pinentry-qt \ --disable-pinentry-qt5 \ - --with-gpg-error-prefix="$(INSTALL)" \ + --enable-pinentry-tty \ --with-libassuan-prefix="$(INSTALL)" \ + --with-libgpg-error-prefix="$(INSTALL)" \ # Run one build to generate the executables with the pre-defined # exec_prefix and datarootdir, then a second make to install the binaries diff --git a/modules/popt b/modules/popt index 9a0ec319b..6e24422d6 100644 --- a/modules/popt +++ b/modules/popt @@ -8,9 +8,8 @@ popt_hash := c25a4838fc8e4c1c8aacb8bd620edb3084a3d63bf8987fdad3ca2758c63240f9 popt_configure := ./configure \ $(CROSS_TOOLS) \ - --prefix "/" \ --host $(MUSL_ARCH)-elf-linux \ - + --prefix "/" \ popt_target := \ $(MAKE_JOBS) \ diff --git a/modules/powerpc-utils b/modules/powerpc-utils index dc19d13f6..5526afd8b 100644 --- a/modules/powerpc-utils +++ b/modules/powerpc-utils @@ -13,8 +13,8 @@ powerpc-utils_configure := \ ./configure \ --host $(MUSL_ARCH)-elf-linux \ --prefix "/" \ + --without-librtas \ --without-systemd \ - --without-librtas powerpc-utils_target := \ $(MAKE_JOBS) \ diff --git a/modules/qrencode b/modules/qrencode index 565b98f64..fbfbb870c 100644 --- a/modules/qrencode +++ b/modules/qrencode @@ -12,9 +12,9 @@ qrencode_configure := \ CFLAGS="-Os" \ ./configure \ $(CROSS_TOOLS) \ + --host $(MUSL_ARCH)-elf-linux \ --prefix "/" \ --without-tools \ - --host $(MUSL_ARCH)-elf-linux \ qrencode_target := \ $(MAKE_JOBS) \ diff --git a/modules/slang b/modules/slang index 91c57402d..6a8f5d3c5 100644 --- a/modules/slang +++ b/modules/slang @@ -1,20 +1,21 @@ modules-$(CONFIG_SLANG) += slang -slang_version := 2.3.1a +slang_version := 2.3.3 slang_dir := slang-$(slang_version) slang_tar := slang-$(slang_version).tar.bz2 slang_url := https://www.jedsoft.org/releases/slang/$(slang_tar) -slang_hash := 54f0c3007fde918039c058965dffdfd6c5aec0bad0f4227192cc486021f08c36 +slang_hash := f9145054ae131973c61208ea82486d5dd10e3c5cdad23b7c4a0617743c8f5a18 slang_configure := ./configure \ $(CROSS_TOOLS) \ - ac_cv_path_nc5config=no \ - --prefix "/" \ + ac_cv_path_nc5config=ncurses-config \ --host $(MUSL_ARCH)-elf-linux \ - --with-z=no \ - --with-png=no \ - --with-pcre=no \ + --prefix "/" \ --with-onig=no \ + --with-pcre=no \ + --with-png=no \ + --with-z=no \ + --disable-termcap \ && mkdir -p src/elfobjs # Disable parallel make for the install target diff --git a/modules/tpm2-tools b/modules/tpm2-tools index bba25bc5d..0051a28a1 100644 --- a/modules/tpm2-tools +++ b/modules/tpm2-tools @@ -31,7 +31,7 @@ tpm2-tools_configure := \ --host $(MUSL_ARCH)-elf-linux \ --prefix "/" \ --disable-fapi \ - CFLAGS="-fdebug-prefix-map=$(INSTALL)=." \ + --with-sysroot=$(INSTALL) \ tpm2-tools_target := $(MAKE_JOBS) \ DESTDIR="$(INSTALL)" \ diff --git a/modules/tpm2-tss b/modules/tpm2-tss index 3795e21f5..91e1a26cd 100644 --- a/modules/tpm2-tss +++ b/modules/tpm2-tss @@ -21,10 +21,11 @@ tpm2-tss_configure := aclocal && automake --add-missing && autoreconf -fi \ $(CROSS_TOOLS) \ --host $(MUSL_ARCH)-elf-linux \ --prefix "/" \ + --with-sysroot=$(INSTALL) \ --disable-doxygen-doc \ + --disable-doxygen-html \ --disable-doxygen-man \ --disable-doxygen-rtf \ - --disable-doxygen-html \ --disable-fapi \ --disable-static \ diff --git a/modules/tpmtotp b/modules/tpmtotp index 57b3c54ae..eb52f03c6 100644 --- a/modules/tpmtotp +++ b/modules/tpmtotp @@ -10,6 +10,7 @@ tpmtotp_hash := eaac1e8f652f1da7f5a1ed6a8cfefb6511f1e5e1dabf93b44db3b29c18c5ae53 tpmtotp_target := \ $(CROSS_TOOLS) \ + $(MAKE_JOBS) \ CFLAGS="-I$(INSTALL)/include -Os" \ LDFLAGS="-L$(INSTALL)/lib" \ diff --git a/modules/util-linux b/modules/util-linux index 804ae56ea..9ab8dae55 100644 --- a/modules/util-linux +++ b/modules/util-linux @@ -13,16 +13,16 @@ util-linux_configure := \ --host $(MUSL_ARCH)-elf-linux \ --prefix "/" \ --oldincludedir "$(INSTALL)/include" \ + --disable-all-programs \ + --disable-bash-completion \ + --enable-agetty \ + --enable-libblkid \ + --enable-libuuid \ --without-ncurses \ --without-ncursesw \ + --without-python \ --without-tinfo \ --without-udev \ - --without-python \ - --disable-bash-completion \ - --disable-all-programs \ - --enable-libuuid \ - --enable-libblkid \ - --enable-agetty \ util-linux_target := \ diff --git a/patches/gpg2-2.4.0.patch b/patches/gpg2-2.4.2.patch similarity index 100% rename from patches/gpg2-2.4.0.patch rename to patches/gpg2-2.4.2.patch diff --git a/patches/libassuan-2.5.5.patch b/patches/libassuan-2.5.6.patch similarity index 100% rename from patches/libassuan-2.5.5.patch rename to patches/libassuan-2.5.6.patch diff --git a/patches/libgcrypt-1.8.3.patch b/patches/libgcrypt-1.10.2.patch similarity index 100% rename from patches/libgcrypt-1.8.3.patch rename to patches/libgcrypt-1.10.2.patch diff --git a/patches/libgpg-error-1.46.patch b/patches/libgpg-error-1.47.patch similarity index 100% rename from patches/libgpg-error-1.46.patch rename to patches/libgpg-error-1.47.patch diff --git a/patches/libksba-1.6.3.patch b/patches/libksba-1.6.4.patch similarity index 100% rename from patches/libksba-1.6.3.patch rename to patches/libksba-1.6.4.patch diff --git a/patches/linux-5.10.5/shebangs.patch b/patches/linux-5.10.5/shebangs.patch new file mode 100644 index 000000000..76a73b5d8 --- /dev/null +++ b/patches/linux-5.10.5/shebangs.patch @@ -0,0 +1,100 @@ +diff --git a/scripts/bloat-o-meter b/scripts/bloat-o-meter +index d7ca46c612b3..652e9542043f 100755 +--- a/scripts/bloat-o-meter ++++ b/scripts/bloat-o-meter +@@ -1,4 +1,4 @@ +-#!/usr/bin/python ++#!/usr/bin/env python + # + # Copyright 2004 Matt Mackall + # +diff --git a/scripts/check-sysctl-docs b/scripts/check-sysctl-docs +index 8bcb9e26c7bc..90137319c50a 100755 +--- a/scripts/check-sysctl-docs ++++ b/scripts/check-sysctl-docs +@@ -1,4 +1,4 @@ +-#!/usr/bin/gawk -f ++#!/usr/bin/env -S gawk -f + # SPDX-License-Identifier: GPL-2.0 + + # Script to check sysctl documentation against source files +diff --git a/scripts/diffconfig b/scripts/diffconfig +index 89abf777f197..627eba5849b5 100755 +--- a/scripts/diffconfig ++++ b/scripts/diffconfig +@@ -1,4 +1,4 @@ +-#!/usr/bin/python ++#!/usr/bin/env python + # SPDX-License-Identifier: GPL-2.0 + # + # diffconfig - a tool to compare .config files. +diff --git a/scripts/get_abi.pl b/scripts/get_abi.pl +index 68dab828a722..92d9aa6cc4f5 100755 +--- a/scripts/get_abi.pl ++++ b/scripts/get_abi.pl +@@ -1,4 +1,4 @@ +-#!/usr/bin/perl ++#!/usr/bin/env perl + # SPDX-License-Identifier: GPL-2.0 + + use strict; +diff --git a/scripts/ld-version.sh b/scripts/ld-version.sh +index f2be0ff9a738..7a5b546ece16 100755 +--- a/scripts/ld-version.sh ++++ b/scripts/ld-version.sh +@@ -1,4 +1,4 @@ +-#!/usr/bin/awk -f ++#!/usr/bin/env -S awk -f + # SPDX-License-Identifier: GPL-2.0 + # extract linker version number from stdin and turn into single number + { +diff --git a/scripts/parse-maintainers.pl b/scripts/parse-maintainers.pl +index 2ca4eb3f190d..9515765158fa 100755 +--- a/scripts/parse-maintainers.pl ++++ b/scripts/parse-maintainers.pl +@@ -1,4 +1,4 @@ +-#!/usr/bin/perl -w ++#!/usr/bin/env -S perl -w + # SPDX-License-Identifier: GPL-2.0 + + use strict; +diff --git a/scripts/show_delta b/scripts/show_delta +index 264399307c4f..28e67e178194 100755 +--- a/scripts/show_delta ++++ b/scripts/show_delta +@@ -1,4 +1,4 @@ +-#!/usr/bin/python ++#!/usr/bin/env python + # SPDX-License-Identifier: GPL-2.0-only + # + # show_deltas: Read list of printk messages instrumented with +diff --git a/scripts/sphinx-pre-install b/scripts/sphinx-pre-install +index 40fa6923e80a..828a8615a918 100755 +--- a/scripts/sphinx-pre-install ++++ b/scripts/sphinx-pre-install +@@ -1,4 +1,4 @@ +-#!/usr/bin/perl ++#!/usr/bin/env perl + # SPDX-License-Identifier: GPL-2.0-or-later + use strict; + +diff --git a/scripts/split-man.pl b/scripts/split-man.pl +index c3db607ee9ec..96bd99dc977a 100755 +--- a/scripts/split-man.pl ++++ b/scripts/split-man.pl +@@ -1,4 +1,4 @@ +-#!/usr/bin/perl ++#!/usr/bin/env perl + # SPDX-License-Identifier: GPL-2.0 + # + # Author: Mauro Carvalho Chehab +diff --git a/scripts/ver_linux b/scripts/ver_linux +index 0968a3070eff..345b92f71d2d 100755 +--- a/scripts/ver_linux ++++ b/scripts/ver_linux +@@ -1,4 +1,4 @@ +-#!/usr/bin/awk -f ++#!/usr/bin/env -S awk -f + # SPDX-License-Identifier: GPL-2.0 + # Before running this script please ensure that your PATH is + # typical as you use for compilation/installation. I use diff --git a/patches/linux-5.5-openpower/shebangs.patch b/patches/linux-5.5-openpower/shebangs.patch new file mode 100644 index 000000000..38f5cb533 --- /dev/null +++ b/patches/linux-5.5-openpower/shebangs.patch @@ -0,0 +1,190 @@ +diff --git a/scripts/bloat-o-meter b/scripts/bloat-o-meter +index 8c965f6a9881..bcd66a014453 100755 +--- a/scripts/bloat-o-meter ++++ b/scripts/bloat-o-meter +@@ -1,4 +1,4 @@ +-#!/usr/bin/python ++#!/usr/bin/env python + # + # Copyright 2004 Matt Mackall + # +diff --git a/scripts/coccicheck b/scripts/coccicheck +index e04d328210ac..851c3307ca74 100755 +--- a/scripts/coccicheck ++++ b/scripts/coccicheck +@@ -1,4 +1,4 @@ +-#!/bin/bash ++#!/usr/bin/env bash + # SPDX-License-Identifier: GPL-2.0 + # Linux kernel coccicheck + # +diff --git a/scripts/config b/scripts/config +index e0e39826dae9..ba11e350e8af 100755 +--- a/scripts/config ++++ b/scripts/config +@@ -1,4 +1,4 @@ +-#!/bin/bash ++#!/usr/bin/env bash + # SPDX-License-Identifier: GPL-2.0 + # Manipulate options in a .config file from the command line + +diff --git a/scripts/decode_stacktrace.sh b/scripts/decode_stacktrace.sh +index 13e5fbafdf2f..8c22ac90123b 100755 +--- a/scripts/decode_stacktrace.sh ++++ b/scripts/decode_stacktrace.sh +@@ -1,4 +1,4 @@ +-#!/bin/bash ++#!/usr/bin/env bash + # SPDX-License-Identifier: GPL-2.0 + # (c) 2014, Sasha Levin + #set -x +diff --git a/scripts/diffconfig b/scripts/diffconfig +index 89abf777f197..627eba5849b5 100755 +--- a/scripts/diffconfig ++++ b/scripts/diffconfig +@@ -1,4 +1,4 @@ +-#!/usr/bin/python ++#!/usr/bin/env python + # SPDX-License-Identifier: GPL-2.0 + # + # diffconfig - a tool to compare .config files. +diff --git a/scripts/faddr2line b/scripts/faddr2line +index 6c6439f69a72..5079957d4993 100755 +--- a/scripts/faddr2line ++++ b/scripts/faddr2line +@@ -1,4 +1,4 @@ +-#!/bin/bash ++#!/usr/bin/env bash + # SPDX-License-Identifier: GPL-2.0 + # + # Translate stack dump function offsets. +diff --git a/scripts/find-unused-docs.sh b/scripts/find-unused-docs.sh +index 3f46f8977dc4..363e7ecab554 100755 +--- a/scripts/find-unused-docs.sh ++++ b/scripts/find-unused-docs.sh +@@ -1,4 +1,4 @@ +-#!/bin/bash ++#!/usr/bin/env bash + # (c) 2017, Jonathan Corbet + # sayli karnik + # +diff --git a/scripts/get_abi.pl b/scripts/get_abi.pl +index c738cb795514..ba87b230fe0a 100755 +--- a/scripts/get_abi.pl ++++ b/scripts/get_abi.pl +@@ -1,4 +1,4 @@ +-#!/usr/bin/perl ++#!/usr/bin/env perl + # SPDX-License-Identifier: GPL-2.0 + + use strict; +diff --git a/scripts/gfp-translate b/scripts/gfp-translate +index b2ce416d944b..2fcea3e9afb3 100755 +--- a/scripts/gfp-translate ++++ b/scripts/gfp-translate +@@ -1,4 +1,4 @@ +-#!/bin/bash ++#!/usr/bin/env bash + # SPDX-License-Identifier: GPL-2.0-only + # Translate the bits making up a GFP mask + # (c) 2009, Mel Gorman +diff --git a/scripts/ld-version.sh b/scripts/ld-version.sh +index f2be0ff9a738..081efc679705 100755 +--- a/scripts/ld-version.sh ++++ b/scripts/ld-version.sh +@@ -1,4 +1,4 @@ +-#!/usr/bin/awk -f ++#!/usr/bin/env -S awk -f + # SPDX-License-Identifier: GPL-2.0 + # extract linker version number from stdin and turn into single number + { +diff --git a/scripts/mkuboot.sh b/scripts/mkuboot.sh +index 4b1fe09e9042..0b6df121a3b5 100755 +--- a/scripts/mkuboot.sh ++++ b/scripts/mkuboot.sh +@@ -1,4 +1,4 @@ +-#!/bin/bash ++#!/usr/bin/env bash + # SPDX-License-Identifier: GPL-2.0 + + # +diff --git a/scripts/objdiff b/scripts/objdiff +index 72b0b63c3fe1..95f087300637 100755 +--- a/scripts/objdiff ++++ b/scripts/objdiff +@@ -1,4 +1,4 @@ +-#!/bin/bash ++#!/usr/bin/env bash + # SPDX-License-Identifier: GPL-2.0-only + + # objdiff - a small script for validating that a commit or series of commits +diff --git a/scripts/parse-maintainers.pl b/scripts/parse-maintainers.pl +index 255cef1b098d..c2d11c87fdb4 100644 +--- a/scripts/parse-maintainers.pl ++++ b/scripts/parse-maintainers.pl +@@ -1,4 +1,4 @@ +-#!/usr/bin/perl -w ++#!/usr/bin/env -S perl -w + # SPDX-License-Identifier: GPL-2.0 + + use strict; +diff --git a/scripts/prune-kernel b/scripts/prune-kernel +index e8aa940bc0a9..620230f677bc 100755 +--- a/scripts/prune-kernel ++++ b/scripts/prune-kernel +@@ -1,4 +1,4 @@ +-#!/bin/bash ++#!/usr/bin/env bash + # SPDX-License-Identifier: GPL-2.0 + + # because I use CONFIG_LOCALVERSION_AUTO, not the same version again and +diff --git a/scripts/show_delta b/scripts/show_delta +index 264399307c4f..28e67e178194 100755 +--- a/scripts/show_delta ++++ b/scripts/show_delta +@@ -1,4 +1,4 @@ +-#!/usr/bin/python ++#!/usr/bin/env python + # SPDX-License-Identifier: GPL-2.0-only + # + # show_deltas: Read list of printk messages instrumented with +diff --git a/scripts/sphinx-pre-install b/scripts/sphinx-pre-install +index 470ccfe678aa..214ed660c0d0 100755 +--- a/scripts/sphinx-pre-install ++++ b/scripts/sphinx-pre-install +@@ -1,4 +1,4 @@ +-#!/usr/bin/perl ++#!/usr/bin/env perl + # SPDX-License-Identifier: GPL-2.0-or-later + use strict; + +diff --git a/scripts/split-man.pl b/scripts/split-man.pl +index c3db607ee9ec..96bd99dc977a 100755 +--- a/scripts/split-man.pl ++++ b/scripts/split-man.pl +@@ -1,4 +1,4 @@ +-#!/usr/bin/perl ++#!/usr/bin/env perl + # SPDX-License-Identifier: GPL-2.0 + # + # Author: Mauro Carvalho Chehab +diff --git a/scripts/tags.sh b/scripts/tags.sh +index 4e18ae5282a6..02c08d460997 100755 +--- a/scripts/tags.sh ++++ b/scripts/tags.sh +@@ -1,4 +1,4 @@ +-#!/bin/bash ++#!/usr/bin/env bash + # SPDX-License-Identifier: GPL-2.0-only + # Generate tags or cscope files + # Usage tags.sh +diff --git a/scripts/ver_linux b/scripts/ver_linux +index 85005d6b7f10..34e4530fd5b6 100755 +--- a/scripts/ver_linux ++++ b/scripts/ver_linux +@@ -1,4 +1,4 @@ +-#!/usr/bin/awk -f ++#!/usr/bin/env -S awk -f + # SPDX-License-Identifier: GPL-2.0 + # Before running this script please ensure that your PATH is + # typical as you use for compilation/installation. I use diff --git a/patches/slang-2.3.3/unhardcode-ln-in-Makefile.patch b/patches/slang-2.3.3/unhardcode-ln-in-Makefile.patch new file mode 100644 index 000000000..590e06915 --- /dev/null +++ b/patches/slang-2.3.3/unhardcode-ln-in-Makefile.patch @@ -0,0 +1,13 @@ +diff --git a/src/Makefile.in b/src/Makefile.in +index 7fe4dc2..38fe174 100644 +--- a/src/Makefile.in ++++ b/src/Makefile.in +@@ -75,7 +75,7 @@ RM = rm -f + RM_R = rm -rf + AR_CR = ar cr + RMDIR = rmdir +-LN = /bin/ln -sf ++LN = ln -sf + CP = cp + @SET_MAKE@ + #--------------------------------------------------------------------------- diff --git a/targets/qemu.md b/targets/qemu.md index 0dfdd63e3..1587fa882 100644 --- a/targets/qemu.md +++ b/targets/qemu.md @@ -1,4 +1,4 @@ -qemu-coreboot-(fb)whiptail-tpm[1,2](-hotp) boards +qemu-coreboot-(fb)whiptail-tpmX(-hotp) boards === The `qemu-coreboot-fbwhiptail-tpm1-hotp` configuration (and their variants) permits testing of most features of Heads. @@ -87,3 +87,14 @@ swtpm on Debian bookworm === 1. Install dependencies * `sudo apt install swtpm swtpm-tools` + +swtpm on nix docker image +=== +Nothing to do. Everything needed is in the docker image. + +Just make sure to pass DISPLAY environement variable on your docker command line. eg: +* Remotely downloaded docker image (doing make command only inside of docker example): + * `docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=qemu-coreboot-whiptail-tpm2` + * `docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=qemu-coreboot-whiptail-tpm2 run` +* Locally created docker image from nix develop environment (jumping into docker image variation of the above, where developer does what he wants within): + * `docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) linuxboot/heads:dev-env` diff --git a/targets/qemu.mk b/targets/qemu.mk index 59286a3e1..051361229 100644 --- a/targets/qemu.mk +++ b/targets/qemu.mk @@ -16,7 +16,7 @@ endif ifeq "$(CONFIG_TPM2_TSS)" "y" SWTPM_TPMVER := --tpm2 -SWTPM_PRESETUP := swtpm_setup --create-config-files skip-if-exist +SWTPM_PRESETUP := swtpm_setup --create-config-files root skip-if-exist else # TPM1 is the default SWTPM_TPMVER :=