In the past we started a proof-of-concept implementation of self-updating
OSTree-based LXC containers, but in the end the project which prompted this
development ended up updating containers from the host.

Since we have no planned use for them, they are not part of any formal release,
no test is performed on them and since they fell quite behind after the rebase
to Buster with several parts still commented out, let's drop them altogether.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Rhosydd had been re-enabled in the target, but not in the SDK or devroot
where it had also previously been installed. Re-enable it on the SDK, but
just in 1 place, deleting the second. On the devroot, we should really
have the relevant library headers rather than rhosydd its self, so add
libcroesor-0-dev and librhosydd-0-dev to that image instead.

Signed-off-by: Martyn Welch <martyn.welch@collabora.com>

Need to have 'fsck' tool in initramfs for all images variants.
Include 'fsck' overlay into ospacks.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>

In previous versions of Apertis we were using a modified iptables package
containing custom scripting/systemd unit to load iptables rules at boot.
Debian contains the iptables-persistent package which performs this task.

Use this instead of adding the custom scripts to the new version. Add the
custom rules to an overlay so we don't need to modify the package.

Signed-off-by: Martyn Welch <martyn.welch@collabora.com>

Signed-off-by: Martyn Welch <martyn.welch@collabora.com>

The chaiwala-apparmor-profiles contains some AppArmor abstractions in use in
some Apertis-specific profiles.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

The package has been introduced back into :sdk

Signed-off-by: Ritesh Raj Sarraf <ritesh.sarraf@collabora.com>

Emanuele Aina authored 6 years ago and Frédéric Dalleau committed 6 years ago

Add a description field on the step installing the GPLv3 coreutils.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Emanuele Aina authored 6 years ago and Frédéric Dalleau committed 6 years ago

Pass multiple components to apt_source.sh when applicable and don't call it
with components that have been set up already like `target`.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Jenkins is actually defining the full names for every artifact anyway and the
default is not particularly useful when building stuff locally without passing
any parameter so let's ensure the default names are sane and drop the
00000000.0 default.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

When opening a new session sudo tries to resolve the fqdn of the host, but that
introduces a sensible delay if the host does not have a fqdn set up
appropriately, as it is often the case with development board or when booting
images in QEMU.

We currently also ship libnss-myhostname which in theory could solve the issue
at the system level and not just for sudo, but upstream configures it to come
*after* dns resolution to avoid breaking `hostname --fqdn`, see
https://github.com/systemd/systemd/issues/1280



Our use-case is sligthly different and we may configure libnss-myhostname to
precede dns resolution, but in the meantime keep disabling this in sudo as the
apertis-customization package used to do.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Remove some packages that are meant for runtime development rather
than cross-building.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

UEFI images currently fail on `bootctl install`:

  bootctl --path=/boot/efi install | Failed to get machine id: No medium found
  Action `Install UEFI bootloader` failed at stage Run, error: exit status 1

This is due to bootctl using the machine-id to set the default entry in
/boot/loader/loader.conf and the kernel postinst script using the same value to
create the matching /boot/loader/entries entry.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Sjoerd Simons authored 6 years ago and Frédéric Dalleau committed 6 years ago

Update package names where appropriate and comment out packages not yet
available in the repositories. This allows a first round in building the
syysroot/devroot/sdk and basesdk ospacks.

Signed-off-by: Sjoerd Simons <sjoerd.simons@collabora.co.uk>

The old GPLv2 version of coreutils shipped in our :target repository does not
ship the truncate applet.

Use the truncate tool provided by the (dockerized) host instead.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Sjoerd Simons authored 6 years ago and Emanuele Aina committed 6 years ago

/etc/machine-id is expected to either contain a UUID or be *empty*.
using echo doesn't result in an empty file, it generates a file with
just a newline.

Switch to using truncate so it's actually an empty file. Fixes systemd
being unhappy about the content.

Signed-off-by: Sjoerd Simons <sjoerd.simons@collabora.co.uk>

Sjoerd Simons authored 6 years ago and Emanuele Aina committed 6 years ago

Make sure ospacks and images don't accidentally get build against 18.12

Signed-off-by: Sjoerd Simons <sjoerd.simons@collabora.co.uk>

When virtualization is available, Debos uses systemd-nspawn to run commands in
the "chroot".

systemd-nspawn automatically takes care of setting up a working
/etc/resolv.conf, usually by bind mounting the "host" one:

 https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--resolv-conf=

In our case, the host is the VM managed by fakemachine, which is configured to
use systemd-resolved.

The end result is that the stub /etc/resolv.conf pointing to 127.0.0.53 is
copied to our rootfs and included in the generated ospack.

This is arguably a weird corner of Debos, the resolv.conf file should really
not persist out of the chroot:

 https://phabricator.apertis.org/T4308



However, in the past ConnMan used to ship a tmpfiles.d snippet to overwrite
it with a link to /var/run/connman/resolv.conf but since commit 45ccde23a90c
shipped in ConnMan 1.36 the snippet has been changed to no longer overwrite
existing files, causing DNS resolution to fail on our images.

By dropping /etc/resolv.conf at the end of each recipe, after all the
chroot:true actions, we should be able to ensure that the final artifacts
don't ship it and at runtime the ConnMan tmpfiles.d snippet should work
 again as intended.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Subsume the unit mounting a tmpfs on /media that was formerly shipped by
apertis-customizations.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

The apertis-customization package used to ship in tmpfiles.d/apertis.conf a
link from /etc/machine-id to /var/lib/dbus/machine-id to ensure that the
machine-id is unique.

This is now done automatically provided that /etc/machine-id is a empty file.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Subsume the apertis-create-homedir systemd unit creating $HOME at boot time
that was formerly shipped by apertis-customizations.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

The `$arch-$platform` overlay mechanism was a relic of the old
`cb_build` pipeline. Split it up into semantic overlays and include them
only where appropriate.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

The catch-all arch-platform overlay was a relic of the old `cb_build`
pipeline. Split it up into semantic overlays and include them only
where appropriate.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Emanuele Aina authored 6 years ago and Andrej Shadura committed 6 years ago

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Emanuele Aina authored 6 years ago and Andrej Shadura committed 6 years ago

Now that the ospack recipes have been split they can default to the
correct type.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Emanuele Aina authored 6 years ago and Andrej Shadura committed 6 years ago

Add the timestamp as `BUILD_ID` and the image type as `VARIANT_ID`
in `/etc/os-release`, so at some point we'll be able to phase
out `/etc/image_version`.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

From now on, sysroots will be for debugging and related purposes,
devroot will be used for foreign archirecture compilation etc.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Ritesh Raj Sarraf authored 6 years ago and Andrej Shadura committed 6 years ago

This is a derivative of image type 'sdk' with 'ivitools' disabled
Apertis: T5428

Signed-off-by: Ritesh Raj Sarraf <ritesh.sarraf@collabora.com>

Use just a single board definition for both SDK images, and
symlinks for the overlay.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Once upon a time, when Apertis was still using live-build, scripts
had to indicate in their extension if they had to be run in the chroot
environment or outside of it.

With Debos this is no longer needed, so drop the weird extensions that
were cargo-culted in this repository. :)

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

The default demopack installs media files in `/home/shared`: by
including them only in the ospack they are unavailble on the ostree
images as the whole `/home` gets filtered out during `ostree commit`.

Moving the extraction of the demopack when the full filesystem gets
deployed to the images makes the media files available on ostree images
as well.

See https://phabricator.apertis.org/T5313



Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Emanuele Aina authored 6 years ago and Frédéric Dalleau committed 6 years ago

Split the filelist extraction from the pkglist as it may be useful to
insert a cleanup phase between the two.

Also rework the pkglist extraction to capture the whole dpkg status file
rather than only a subset of it, in order to preserve as much
information as possible.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Emanuele Aina authored 6 years ago and Frédéric Dalleau committed 6 years ago

Make ospack and sysroot recipes take a generic basename for the output
artifacts, to which the `.tar.gz` file extension is appended by the
recipe itself. The recipes for the images already works this way as it
works better when generating multiple artifacts.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Dash is great as a system shell, but it's pretty horrible as a user
shell as there is no tab completion or history. There are things that
the busybox ash applet does provide making it a lot more pleasant to
use, while only less then 500 kilobytes to the ospack.

As an added benefit this gives easy acces to the wget/nc/ip busybox
applets.

Signed-off-by: Sjoerd Simons <sjoerd.simons@collabora.co.uk>

Developers would benefit from pregenerated listings to avoid downloading
and unpacking all the ospacks just to check the version of a shipped
package or the availability of a file.

Being able to rely on pregenerated package and file listings would help
speed up the checks needed by T5042 to identify which images are
affected.

Signed-off-by: Andrew Lee (李健秋) <andrew.lee@collabora.co.uk>

Need `libelf-dev` package to be pre-installed for correct build of
VirtualBox guest additions.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>

Signed-off-by: Ritesh Raj Sarraf <ritesh.sarraf@collabora.co.uk>
Reviewed-by: Emanuele Aina <emanuele.aina@collabora.com>
Differential Revision: https://phabricator.apertis.org/D7911

Apertis: https://phabricator.apertis.org/T5035



Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

debos will soon by default let debootstrap check gpg keys. As the
apertis gpg key isn't typically in the hosts default set add it to the
recipe directly.

Signed-off-by: Sjoerd Simons <sjoerd.simons@collabora.co.uk>

The chaiwala-user-session-wayland package conflicts with lightdm and cause
issues such as the user being unable to mount vbox additions.

This fix updates the image recipe to only enable chaiwala-user-session-wayland
on target and development images.

Apertis: https://phabricator.apertis.org/T5017



Signed-off-by: Andre Moreira Magalhaes <andre.magalhaes@collabora.co.uk>