aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBoris Kolpackov <boris@codesynthesis.com>2020-07-30 07:21:08 +0200
committerBoris Kolpackov <boris@codesynthesis.com>2020-07-30 07:21:08 +0200
commit9014df79b77b131eb45914c0cd5551d18b612045 (patch)
tree54d4aa428615e36d9377cd3f5902b1680cbfea4f
parent5845b11792e48c7841b6c0f43f453de57652c255 (diff)
Upgrade to latest Debian testing
One notable change is the switch from ntp to systemd-timesyncd. systemd/udev 245.6-2 qemu-system-x86 5.0-13 linux-image-amd64 5.7.6 g++ 9.3.0-15 initramfs-tools 0.137 debootstrap 1.0.123 Sizes (previous): buildos-image 5572672 (5466496) buildos-initrd 316454368 (307985422)
-rw-r--r--.gitignore1
-rw-r--r--README2
-rwxr-xr-xbootstrap58
-rw-r--r--bootstrap.txt11
-rwxr-xr-xinit8
5 files changed, 55 insertions, 25 deletions
diff --git a/.gitignore b/.gitignore
index 79f07d1..0158dea 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@
buildos-buildid
buildos-initrd
buildos-image
+bootstrap*.log
diff --git a/README b/README
index f1e1a55..379c062 100644
--- a/README
+++ b/README
@@ -1,4 +1,4 @@
-This package contains the build2 operating system bootstrap scripts.
+This package contains the build2 Build OS bootstrap scripts.
build2 is an open source, cross-platform toolchain for building and packaging
C++ code. Its aim is a modern build system and dependency manager for the C++
diff --git a/bootstrap b/bootstrap
index 7aec0f9..dc00947 100755
--- a/bootstrap
+++ b/bootstrap
@@ -45,19 +45,19 @@ root="$btrfs/$id/buildos"
#
release="testing"
components="main,contrib,non-free"
-mirror="http://deb.debian.org/debian/"
-#mirror="https://deb.debian.org/debian/"
+mirror="http://http.us.debian.org/debian/"
+#mirror="https://http.us.debian.org/debian/"
base_pkgs="locales,klibc-utils,sudo,systemd-container,udev"
base_pkgs+=",kmod,linux-base,firmware-linux-free,irqbalance"
base_pkgs+=",intel-microcode,amd64-microcode"
base_pkgs+=",pciutils,usbutils,dmidecode,cpuid"
base_pkgs+=",hdparm,btrfs-progs"
-base_pkgs+=",lm-sensors,smartmontools"
+base_pkgs+=",lm-sensors,smartmontools,linux-cpupower"
base_pkgs+=",psmisc"
base_pkgs+=",net-tools,iproute2,iptables,isc-dhcp-client"
-base_pkgs+=",ifupdown,bridge-utils,dnsmasq,ntp,postfix"
+base_pkgs+=",ifupdown,bridge-utils,dnsmasq,postfix"
base_pkgs+=",iputils-ping,wget,curl,ca-certificates"
base_pkgs+=",openssh-client,openssh-server"
base_pkgs+=",tftp-hpa,tftpd-hpa"
@@ -65,11 +65,11 @@ base_pkgs+=",tftp-hpa,tftpd-hpa"
base_pkgs+=",bzip2,xz-utils"
base_pkgs+=",less,nano,time"
-base_pkgs+=",qemu-kvm,qemu-utils,socat"
+base_pkgs+=",qemu-system-x86,qemu-utils,socat"
-base_pkgs+=",g++,make,pkg-config"
+base_pkgs+=",g++,make"
-extra_pkgs="linux-cpupower"
+extra_pkgs=""
owd="$(pwd)"
trap "{ cd '$owd'; exit 1; }" ERR
@@ -154,14 +154,28 @@ function nspawn () # <root> <systemd-nspawn-args>
local r="$1"
shift
+ # systemd-nspawn appears to carry over the root directory owner into the
+ # container which then causes other issues (Debian bug#950684).
+ #
+ # @@ Looking around didn't reveal any way (e.g., an option) to fix this.
+ # Perhaps newer systemd-nspawn does the right thing automatically?
+ #
+ ug="$(stat --format="%G:%U" "$r")"
+ sudo chown root:root "$r"
+
sudo systemd-nspawn --register=no -D "$r" "$@"
- # systemd-nspawn may create the /var/lib/machines subvolume which prevents
- # the deletion of the containing submodule. So we clean it up.
+ sudo chown "$ug" "$r"
+
+ # systemd-nspawn may create the /var/lib/{machines,portables} subvolumes
+ # which prevents the deletion of the containing submodule. So we clean'em
+ # up.
#
- if sudo btrfs subvol show "$r/var/lib/machines" 1>/dev/null 2>&1; then
- sudo btrfs subvol delete "$r/var/lib/machines"
- fi
+ for s in /var/lib/machines /var/lib/portables; do
+ if sudo btrfs subvol show "$r$s" 1>/dev/null 2>&1; then
+ sudo btrfs subvol delete "$r$s"
+ fi
+ done
}
# (Over)write or append to a file in the installation root, for example:
@@ -234,7 +248,7 @@ trap "exit 1" ERR
set -x
# Hack around systemd bug#79306 (changes /etc/localtime) by removing it now
-# and making readonly below.
+# and making readonly below. @@ See --timezone systemd-nspawn option?
#
rm /etc/localtime
@@ -354,9 +368,8 @@ EOF
# Create the kernel build snapshot, write the script that does the build
# from within the installation and boot it up via systemd-nspawn --boot.
#
- # Add this line before shutdown if need to debug/check things.
- #
- # setsid /bin/bash -c "exec /bin/bash -i <>/dev/console 1>&0 2>&1"
+ # Add `bash` before shutdown if need to debug/check things. But note that it
+ # does not work well with `... | tee bootstrap.log`!
#
subvol_delete "$root-3-kernel"
subvol_snapshot "$root" "$root-3-kernel"
@@ -375,6 +388,7 @@ apt-get install -y build-essential linux-source
apt-get install -y bison flex
apt-get install -y libelf-dev
apt-get install -y libssl-dev
+apt-get install -y rsync
cd /usr/src
tar xf linux-source-*
mv linux-source-*/ linux
@@ -383,14 +397,20 @@ cd linux
# Adjust configuration.
#
-echo 'CONFIG_SYSTEM_TRUSTED_KEYS=""' >>.config
-echo 'CONFIG_BUILD_SALT=""' >>.config
-echo 'CONFIG_MODULE_SIG=n' >>.config
+# Note that SECURITY_LOCKDOWN_LSM forces MODULE_SIG ('selects' in Kconfig).
+#
+scripts/config --disable SECURITY_LOCKDOWN_LSM
+scripts/config --disable MODULE_SIG
+scripts/config --set-str BUILD_SALT ''
+scripts/config --set-str SYSTEM_TRUSTED_KEYS ''
# Adjust kernel command line size limit.
#
sed -i -re 's/^(#define COMMAND_LINE_SIZE ).+\$/\1 4096/' arch/x86/include/asm/setup.h
+
+#bash
make oldconfig
+
scripts/config --disable DEBUG_INFO
make clean
diff --git a/bootstrap.txt b/bootstrap.txt
index 2554d43..d746c80 100644
--- a/bootstrap.txt
+++ b/bootstrap.txt
@@ -23,7 +23,7 @@
We currently only use init plus udev in scripts/init-{top,bottom}.
-* Grep for 'bug' in init and bootstrap scripts, see if any bugs have
+* Grep for 'bug' and @@ in init and bootstrap scripts, see if any bugs have
been fixed and corresponding workarounds can be removed.
* Upgrade to latest debootstrap and debian-archive-keyring from unstable
@@ -35,4 +35,13 @@
./bootstrap 2>&1 | tee bootstrap.log
+ NOTE: tee does not play well with bash prompt (used for troubleshooting).
+
+ NOTE: if during boostrap you need to but unable to delete an intermediate
+ btrfs submodules, then it most likely has nested submodules (see nspawn()
+ in bootstrap).
+
+ Save the log for later comparison (might have to redo a from-stage-1
+ bootstrap to get the complete log).
+
* Compare sizes to previous version for any abnormalities.
diff --git a/init b/init
index e9b59f7..6fb3840 100755
--- a/init
+++ b/init
@@ -244,7 +244,7 @@ priv_netbase="$(sed -e 's/^\(.*\)\.0\.0$/\1/' <<<"$priv_network")"
#
# While bridge_hw should be (and used to be) enough, something was broken (bug
# #945466) and now we set it manually and also pass it to DHCP (which runs
-# before post-up).
+# before post-up). Reportedly fixed in bridge-utils 1.6-3, testing the fix...
#
cat <<EOF >/etc/network/interfaces
auto lo
@@ -259,8 +259,8 @@ iface br0 inet dhcp
bridge_maxwait 0
bridge_fd 0
bridge_hw $gmac
- hwaddress $gmac
- post-up ip link set br0 address $gmac
+ #hwaddress $gmac
+ #post-up ip link set br0 address $gmac
post-up ip link set $eth txqueuelen 4000
post-up ip link set br0 txqueuelen 4000
@@ -275,7 +275,7 @@ iface br1 inet static
bridge_maxwait 0
bridge_fd 0
bridge_hw $lmac
- post-up ip link set br1 address $lmac
+ #post-up ip link set br1 address $lmac
post-up ip link set br1 txqueuelen 4000
post-up iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
post-up iptables -A FORWARD -i br0 -o br1 -m state --state RELATED,ESTABLISHED -j ACCEPT