Do not try to build and install dependencies for the package's
architecture when compiling in the "native" mode. That mode is
described here in detail:
https://wiki.postmarketos.org/wiki/Build_internals#Cross-compile_types
This makes it possible to cross compile kernels again, which need to
be built with GCC6. We have switched to Alpine's GCC6 package, but it is
not available for armhf/aarch64 on edge yet, because Alpine's build bots
are stuck (right now armhf is not even listed):
http://build.alpinelinux.org/
Huge thanks to ryang2478/Decatf for posting this patch in pmaports#138!
Clearly state which version is being used, and also display the message
when using build --force.
- Old:
WARNING: Package 'ubuntu-app-launch' in your aports folder has version
0_git20180604-r0, but the binary package repositories already have version
0_p20181101174257-r0! See also: <https://postmarketos.org/warning-repo2>
- New:
WARNING: package hello-world: aport version 1-r4 is lower than 1-r5 from
the binary repository. 1-r5 will be used when installing hello-world.
See also: <https://postmarketos.org/warning-repo2>
Find the main package by assuming it is a prefix of the subpkgname. We
do that, because in some APKBUILDs the subpkgname="" variable gets
filled with a shell loop and the APKBUILD parser in pmbootstrap can't
parse this right. (Intentionally, we don't want to implement a full
shell parser.)
This covers most use cases and saves a lot of build time. Can be
changed on demand. Again, this simplifies package building as part of
the new build infrastructure effort.
Use the device's architecture instead of noarch. Because the device
packages should never be built for other architectures, even if all
depends can be built for other arches as well.
This simplifies package building as part of the new build
infrastructure effort.
All existing pmaports will be changed shortly, along with a test case
in pmaports.
Set HOME to /root for commands started with pmb.chroot.root() and to
/home/pmos for commands started with pmb.chroot.user().
POSIX requires this variable to be set, see:
<http://pubs.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap08.html>
And this prevents a crash in "adb", which takes and alternative code
path if HOME is not set, that does not work with musl (fixes#1638).
Thanks to @ryang2678 for figuring this out!
* create symlinks to the GCC8 patches (introduced in pmaports!35)
* link to the new vendorkernel reference wiki page
* use SPDX license in the license= field
* add comment above the compiler section of the APKBUILD
* remove empty line at the end of the APKBUILD
When the timeout occurs it is important to ensure clean up of child
processes. Killing only the direct process created by a command can
leave child processes running.
For example a pmbootstrap.py install will run apk add. This run command
creates multiple processes as follows:
(cmd line arguments snipped for readability)
$ ps -e -o pid,ppid,pgid,cmd
PID PPID PGID CMD
31738 23247 31738 python3 ./pmbootstrap.py -t 15 install --no-fde
31746 31738 31738 sudo env -i /bin/sh -c ... ;apk --no-progress add
31747 31746 31738 /bin/sh -c ... ;apk --no-progress add
31748 31747 31738 apk --no-progress add
The root process of the run command is PID 31746. We want to kill
the child processes too. Otherwise only running kill -9 31746 will leave
the processes 31747 and 31748 running.
* aportgen: modify code to allow generating gcc6-armhf and other gcc6
cross compiler packages
* package: when 'gcc6' is in the depends of a package, and the cross
compiling mode is "native" (as we do it with kernels), install the
gcc6 cross compiler instead of the usual one (gcc8)
Related: pmaports#103
Overview:
In order to execute foreign arch binaries on the host system, we are
using the Linux kernel's binfmt_misc feature in combination with
static builds of QEMU. Before this patch, the statically compiled
QEMU binaries were taken from Debian (mostly because I did not realize
that Alpine ships them as well). Now we can use the ones from the aport.
Benefits:
This allows us to easily update and patch the QEMU executables, we
don't need to be in sync with Debian's versions anymore.
Alpine's package is more modular, so we can save some download,
install, zap time, as well as disk space: setting up an armhf chroot
with pmbootstrap took ~102 MB before, now it's ~18 MB.
Detailed changes:
* Remove `cross/qemu-user-static-repack` aport
* Add `data/qemu-user-binfmt.txt` with the binfmt_misc flags for ELF
binaries of various arches (extracted from Debian's packaging)
* When parsing that file, don't write verbose messages to
`pmbootstrap log` anymore, only to the verbose log (can be enabled
with `pmbootstrap -v`)
* Rename `pmb.parse.arch.alpine_to_debian()` to ...`alpine_to_qemu()`
* Rename `arch_debian` to `arch_qemu`
This commit adds a test case, which makes sure that the KDE framework
and plasma framework version are always the same.
Additional changes:
* APKBUILD parser parses the URL now (that's the best way I found to
categorize the KDE aports in frameworks and other)
* Changed single quotes to double quotes in KDE APKBUILDs, so the
parser doesn't include the single quotes in the parsed result
* Added the test case to the gitlab CI config
With this patch, "pmbootstrap flasher" will fail with "the following
arguments are required: action_flasher". Without it, it just prints
"Done" and quits.
Overview:
Since Alpine updated to distcc 3.3 last week, pmbootstrap wasn't able to use
distcc for cross compilation anymore. It always falled back to running the
compiler in QEMU (which works, but is a lot slower). The reason for that is,
that distcc requires all compilers that are being used in a whitelist now.
This partially fixes CVE-2004-2687 in distccd, which allowed trivial remote
code execution by any process connecting to the distccd server. We only run
distccd on localhost, but still this can be used for privilege escalation of
sandboxed processes running on the host system (not part of pmbootstrap
chroots).
Because the CVE is only partially fixed (see the comment in
`pmb/chroot/distccd.py` for details), we make sure that only the building
chroots can talk to the distcc server by running distcc over ssh.
Details:
* Completely refactored `pmb/chroot/distccd.py` to run distcc over ssh
* Store the running distcc server's arguments as JSON now, not as INI
* Make debugging distcc issues easy:
* Set DISTCC_BACKOFF_PERIOD=0, so the distcc client will not ignore the
server after errors happened (this masks the original error!)
* New pmbootstrap parameters:
* `--distcc-nofallback`: avoids falling back to compiling with QEMU and not
throwing an error
* `--ccache-disable`: avoid ccache (when the compiler output is cached,
distcc does not get used)
* `--verbose` prints verbose output of the distcc too
* New test case, that uses the new pmbootstrap parameters to force
compilation through distcc, and shows the output of distcc and distccd in
verbose mode on error (as well as the log of sshd)
Alpine's `abuild` will uninstall all dependencies by default, when a
package build fails.
Leaving this configuration unchanged leads to unexpected behavior with
pmbootstrap: when executing `pmbootstrap build --strict` and pressing
`^C` during the build, pmbootstrap will stop, but an `apk` process
will be started in the background to remove the dependency packages.
Running `pmbootstrap shutdown` at this time will not work, because the
`apk` process is still running.
With this commit, dependencies don't get cleaned up from the chroots.
Follow-up to !1373, where `pmbootstrap flasher flash_system` was
replaced with `pmbootstrap flasher flash_rootfs`. We still had used
terms like "system partition" in a lot of places.
This commit replaces it everywhere, so it's clear that we're talking
about the pmOS rootfs (which may or may not be installed to Android's
system partition).
The test suite needed a `pmbootstrap shutdown` after running through,
before it could successfully run again.
Explanation:
This was caused by `test/test_pkgrel_bump.py`, which creates a
temporary work folder with every subfolder ("chroot_native",
"cache_apk_x86_64", ...) linked to the original work folder except for
the "packages" folder. At the end of the test case,
`pmbootstrap shutdown` gets executed and is expected to umount
everything as usual. But it does not umount anything because of the
symlinks, so `work/chroot_native/mnt/pmbootstrap-packages` points to
the fake packages folder of that test case, even after it is finished.
As a result, any test case that tries to access the packages folder in
the native chroot, will fail until `pmbootstrap shutdown` gets called.
Detailed Changes:
* Umount all folders inside the work folder, even if these are symlinks
* Remove obsolete reference to "disable timestamp based rebuilds" in a
comment in `test/test_pkgrel_bump.py`
* Run `pmbootstrap work_migrate` and `pmbootstrap shutdown` at the
beginning of `test/testcases_fast.sh`, in case the pkgrel_bump test
case was aborted before it could properly shutdown and to make it
more robust in general (user may have changed the mountpoints, work
folder may need to be migrated)
Prior to this commit, it was possible to type in packages with a
trailing comma in `pmbootstrap init` when asked for extra packages.
This leads to problems during `pmbootstrap install`, so now we disallow
it. Fixes#1540.
It is unexpected for quite a lot of people, that the chroot folders are
still mounted when a pmbootstrap command has finished. With this commit,
it will let the user know explicitly:
> NOTE: chroot is still active (use 'pmbootstrap shutdown' as necessary)
Close#1524
We are analyzing the `boot.img` with `file` before we send it to
`unpackbootimg`. File does not recognize all kinds of `boot.img` files,
which `unpackbootimg` can extract, so we need a way to skip this check.
Details:
* Add `-f` parameter, continues extraction with a warning if the file
seems to be invalid
* Tell the user that `-f` can be used if the `boot.img` is invalid and
it's not specified
* Consistent spelling of `boot.img` instead of `bootimg` in messages
Fixes#1608
* Travis and Coveralls badges
* aports: instead of <https://github.com/postmarketOS>, use
<https://postmarketos.org>
* References to full URLs to issues and pull requests replaced with
a hash and the number
* grsec check: simplify error message, remove link to github issue
(nobody is using that anymore anyway)
This allows the user to talk to networkmanager to manage the system
connections. As it is mentioned in networkmanager pre-install.
```
Executing networkmanager-1.10.6-r0.pre-install
*
* To setup system connections, regular users must be member of 'plugdev' group.
```
The plugdev group gets created in the post-install hook of
networkmanager. Not all UIs depend on networkmanager, which means that
the group may not exist at installation time when we try to add the
user to the group in the python code. Therefore we create the group
first.
The linux APKBUILDs write the kernel config either to `$builddir`
(default from the template) or `$srcdir/build` (legacy, and I reverted
to that in #1556, which was not the proper fix for this regression).
With this commit, `pmbootstrap kconfig edit` is able to edit both
versions, and prints a note when the APKBUILD is still using the old
style.
Alpine ships `mkbootimg` with the `android-tools` package now. This
conflicts with the `mkbootimg` fork from osm0sis (see #441).
Changes:
* Rename `mkbootimg` to `mkbootimg-osm0sis` (aport and binary name)
* `mkbootimg-osm0sis`: provides `mkbootimg` now (so we don't need to
change all the device aports), update version to 2018.05.10
* Adjust our `mkinitfs` script to call `mkbootimg-osm0sis`
* Better aport description
* pkgrel_bump testcase: don't fail on deleted aport
Some kernels have a different `KBUILD_OUTPUT` path (e.g. #1551). When
the output path is different from `$srcdir/build`, then
`pmbootstrap kconfig edit` will not work (same with the previous
`pmbootstrap menuconfig` implementation).
This commit forces the output path to be `$srcdir/build` in the template
for new kernel aports, so we won't have that issue with future ports.
It is important, that we have DEVTMPFS enabled in the kernel config. But
it does not hurt to have DEVTMPFS_MOUNT enabled as well, and some of
Alpine's kernel configs have that by default. This commit removes the
check that forbids the option in kernel configs, so we can fork the
raspberry pi kernel package from Alpine without changing unrelated
options.
* change "pmbootstrap kconfig_check" to "pmbootstrap kconfig check"
* change "pmbootstrap menuconfig" to "pmbootstrap kconfig edit [-x|-g]"
(with legacy alias, because the first syntax was referenced to a lot)
* enable X11 interfaces: -x: xconfig, -g: gconfig
* new function to copy the xauthority file:
pmb.chroot.other.copy_xauthority()
* remove menufconfig() function from the kernel template and all kernel
aports ([skip ci] because it would rebuild all kernels and run out of
time). Alpine has dropped this as well, and it wouldn't work with the
new code anyway.
This makes the flasher work when no flash_method attribute exists on
the args variable, which happens when it is invoked through the
pmbootstrap export --odin command. This is a regression introduced
in b29cc877a7
This fixes#1527
Due to changes in abuild, our `gcc-armhf` etc. packages did not build
when using strict mode (i.e. `pmbootstrap build --strict gcc-armhf`)
anymore.
Changes:
* Set `CBUILDDIR=/`, so apk can read a valid package index from there
* Directly set `_cross_configure`, so it does not use CBUILDDIR anymore
* Set `BOOTSTRAP="nobuildbase"` to prevent apk from installing
`build-base-armhf` etc. (these don't exist in pmOS)
* Remove legacy code for lazy reproducible builds that wrapped
`package()`
Prevent the "Run 'pmbootstrap log' for details" message from being
written to the log file that gets read with "pmbootstrap log". Because
when the output of "pmbootstrap log" is pasted somewhere and people
analyze it, the message sounds like this is not the output of
"pmbootstrap log" (like it happened the other day in #postmarketOS).
* Usage: pmbootstrap install --split
* Make obvious that export is the next step when split images are created
* Fix note for missing rootfs image on export
* Change wording from "system image" to "rootfs image"
* The idea was to show the note only when the rootfs image was not
generated yet. But this was broken, because the path we checked for
was missing the chroot path prefix (which is added now).
* Also don't display the message, when the split image files exist
Device nodes in the chroots get created in a tmpfs, so they can be
created even if the filesystem where the chroot resides does not
support device nodes (#1317). In "pmbootstrap shutdown" we umount the
`dev` folder, which means all device nodes that were created inside
this folder are gone. This commit changes the code to actually recreate
the device nodes when using the chroot again.
Details:
* move `pmb.chroot.init.create_device_nodes` to
`pmb.chroot.mount.crete_device_nodes`
* don't call it in `pmb.chroot.init()` anymore, but in
`pmb.chroot.mount_dev_tmpfs()`
* Create the `null` device as well (`apk --initdb` also creates it on
`init`, but we don't call it after `shutdown`)
We require binfmt_misc to run programs of foreign architectures (e.g.
armhf) with QEMU. This is set up by default in most distributions, but
in some (e.g. Alpine, Void) it needs to be configured manually (see
the troubleshooting page in the wiki).
We have a check in place, which points to that troubleshooting wiki
page. However, the check was flawed, because we assumed the binfmt_misc
folder would not exist.
Thanks to @fxkrait for making the fix and for testing it!
The `msm-fb-refresher` updates the screen for msm based devices. It is
not needed for all devices, so we had some extra code in the initramfs,
that would only add it when the `deviceinfo_msm_refresher` variable was
set. However, we are able now to add files to initramfs hooks, so this
hack can be removed and simplify everything.
Changes:
* Remove `deviceinfo_msm_refresher` from all deviceinfos
* Add sanity check for it
* Move all `deviceinfo` sanity checks to an extra function
* `postmarketos-mkinitfs`: remove code for msm refresher
* `msm-fb-refresher`: add initramfs hook
The postmarketos-base package used to make the user part of the "video"
and "audio" groups. However, this did not work reliably, and we were
adding the "wheel" group in "pmbootstrap install" anyway.
Now all groups get added in "pmbootstrap install", and the names of the
groups have been moved to `pmb.config.install_user_groups`.
Changes:
* `helpers/envkernel.sh`:
* installs everything needed for kernel compilation in the native
chroot
* mounts the kernel source to `/mnt/linux` inside the chroot
* creates `/mnt/linux/.output` and chowns it to the `pmos` user, that
folder will be used for the kernel build output
* sets up aliases for `make`, `pmbootstrap`, `pmbroot`, `kernelroot`
* new action `pmbootstrap work_migrate`: does the interactive work
folder migration if necessary, otherwise it doesn't output anything
* when calling this first, we can safely use all other commands
non-interactively without showing the output
Benefits:
* Fast setup (especially for people who are new to kernel
compilation
* No need to figure out distribution specific package names
(cross compilers!)
* No need to do a test build just to verify that the right
packages are installed
* Less error prone
* The right dependencies are always installed
* `ARCH` and `CROSS_COMPILE` variables always get set automatically
and based on `deviceinfo_arch`
* If the build environment is broken for some reason, just zap and
start over
* Easy to reproduce problems
Notes:
* `make menuconfig` works as well
* Sourcing was tested with `zsh`, `bash` and `fish`, it should be easy to
extend for other shells
Building packages without git installed caused error messages from git
appearing on the screen, and I patched it upstream (see #1209).
However, this introduced a regression: when git *is* installed and the
aport folder *is not* part of a git repository (like we do it with
pmbootstrap), the build gets aborted now with git complaining that
the folder is not a valid git folder.
But the only case where this happens is, when abuild is trying to
include the git repositories' commit hash for the APKINDEX description.
This pmbootstrap commit hardcodes "postmarketOS" as APKINDEX
description, so it does not fail anymore.
`pmbootstrap pkgrel_bump --auto` automatically increases the pkgrel for
packages linking against libraries, which don't exist anymore (because
the soname has been changed). The feature is explained in detail in
The previous implementation did not detect soname breakage, when a
subpackage linked against a certain library, but the main package
did not (e.g. `qt5-qtbase-mysql` and `qt5-qtbase`). This was, because
we iterated over the aports/* to find the packages to be checked.
To fix this, we are iterating over the packages found in the APKINDEX
files instead (of both the locally compiled packages and the downloaded
index from the pmOS mirror).
Details:
* `pmb/helpers/pkgrel_bump.py`:
* Rewrite `auto_apkindex_package()` to act upon a given parsed
`aport` and `apk` (from the index) instead of finding the `apk`
dict by itself (we need it earlier anyway).
* Rewrite `auto()` to iterate over APKINDEX files instead of aports
* Skip packages already found, so the `pkgrel` does not get
increased multiple times when the same package was found in
multipe index files.
* Put the package name at the beginning of the log messages to make
them more readable
* testdata: Create a new `testsubpkg` aport, where only the subpackage
links against `testlib`
* Adjust testing code to test everything with `testsubpkg` as well.
NOTE: This makes the command a bit slower, but we could improve
performance again by smart caching of `pmb.parse.apkindex.depends()`.
This could come in a future PR, the important part here is that the
command is bug-free again with this fix.
* As discussed in IRC/matrix, we're removing `linux-postmarketos-lts`
for now. The kernel isn't used right now, and we save lots of
maintenance effort with not updating it every week or so.
* new config option `"kernel"` with possible values:
`"downstream", "mainline", "stable"` (downstream is always
`linux-$devicename`)
* ask for the kernel during `pmbootstrap init` if the device package
has kernel subpackages and install it in `_install.py`
* postmarketos-mkinitfs: display note instead of exit with error when
the `deviceinfo_dtb` file is missing (because we expect it to be
missing for downstream kernels)
* device-sony-amami:
* add kernel subpackages for downstream, mainline
* set `deviceinfo_dtb`
* device-qemu-amd64: add kernel subpackages for stable, lts, mainline
* test cases and test data for new functions
* test case that checks all aports for right usage of the feature:
* don't mix specifying kernels in depends *and* subpackages
* 1 kernel in depends is maximum
* kernel subpackages must have a valid name
* Test if devices packages reference at least one kernel
* Remove `_build_device_depends_note()` which informs the user that
`--ignore-depends` can be used with device packages to avoid building
the kernel. The idea was to make the transition easier after a change
we did months ago, and now the kernel doesn't always get built before
building the device package so it's not relevant anymore.
* pmb/chroot/other.py:
* Add autoinstall=True to kernel_flavors_installed(). When the flag
is set, the function makes sure that at least one kernel for the
device is installed.
* Remove kernel_flavor_autodetect() function, wherever it was used,
it has been replaced with kernel_flavors_installed()[0].
* pmb.helpers.frontend.py: remove code to install at least one kernel,
kernel_flavors_installed() takes care of that now.
As noted in commit 255c715624
`/var/cache/distfiles` is writable by everyone. It is supposed to be
writable only by `root` and by the `abuild` group (in which we put the
`pmos` user already for building packages).
Changes:
* `pmb.build.init()`: make `/var/cache/distfiles` writable only by
members of the `abuild` group (and root)
* Increase workfolder version to 2
* Add migration code that fixes the permissions for existing work
folders
* Refactor the migration code a bit to make this possible
* Change `pmbootstrap flasher flash_system` command to
`pmbootstrap flasher flash_rootfs`
* The old command still works, but all references have been changed to
the new command
* Remove obsolete `pmbootstrap flasher export` (that was changed to
`pmbootstrap export` a few months ago)
* Update `README.md` and ZSH auto completion
* Change the description of the generated rootfs image (not talking
about a system image anymore, mention that it has subpartitions)
* Better description of `pmbootstrap flasher flash_rootfs --partition`
When the native arch (e.g. `x86_64`) `APKINDEX` files are outdated, and
`pmbootstrap` gets instructed to build a linux package for a foreign
arch, then the `APKINDEX` cache did not get used anymore for the
current session. This means that every lookup of a package in an
`APKINDEX` caused the whole `APKINDEX` file to get parsed again instead
of using the cached version. This slowed it down so much that it felt
like `pmbootstrap` was looping forever.
How this happens in detail:
* Whenever pmbootstrap parses an `APKINDEX`, it fills up the
`args.cache["apkindex"]` dict with the parsed information and the
last modified date of the file.
* `pmbootstrap` checks the last modified date of the `APKINDEX` files
and updates them if they are older than 4 hours.
* When the bug appeared, then the cache was already filled up, then an
update happened and then `pmbootstrap` tried to read from the cache.
* So when reading from the `APKINDEX`, the cache gets ignored because
the last modified date is different.
* Up to this commit, the cache does not get deleted and filled up
again!
How to test:
Try these commands once without this commit, and then with this commit
applied:
```
$ sudo touch -m -t 201801010000 \
~/.local/var/pmbootstrap/cache_apk_x86_64/APKINDEX.*
$ pmbootstrap -v build linux-postmarketos-mainline --arch=armhf
```
Without the patch, you can see in `pmbootstrap log` that it is
resolving the dependencies properly, but very slowly. With the patch
the resolving happens almost instantly.
When parsing the depends of entries in the APKINDEX file, we ignore
all operators (<, =, >). (This is enough for our use case, was we only
do the dependency resolving to check which packages need to be built
and `apk` does the dependency resolving again before installing
anything).
We did not ignore the ~ character for fuzzy version compares, this is
fixed with this commit.
* Save "" (empty string) in the user's config as hostname if the user
let it default to the name of the device. That way, when the device
gets changed, the user won't get the old device's name as hostname
by accident.
* Add a test case
* pmbootstrap newapkbuild: Properly parse arguments
The `pmbootstrap newapkbuild` action wraps Alpine's `newapkbuild`. We
used to directly pass all arguments to `newapkbuild` without verifying
in Python whether they make sense or not. However, as `newpakbuild`
doesn't do strict sanity checks on the arguments, it is easy to end up
with unexpected behavior when using the command for the first time.
For example, `newapkbuild` allows either specifying a PKGNAME or SRCURL
as last parameter, and also allows setting a PKGNAME with the `-n`
parameter. It only makes sense to use that option when passing a
SRCURL.
With this commit, we duplicate the optins that should be passed through
to `newapkbuild` and use argparse to fully sanitize the options and
display a help page (`pmbootstrap newapkbuild -h`) that is consistent
with the other help pages.
Details:
* The `-f` (force) flag does not get passed through anymore. Instead we
use it in Python to skip asking if an existing aport should be
overwritten (the aports are outside of the chroot, so `newapkbuild`
can't handle it in a way that makes sense for pmbootstrap).
* Output of `newapkbuild` gets redirected to the log file now, as we
don't need it to display a help page.
* Don't verify the pkgver while creating the new APKBUILD. When passing
a SRCURL, the pkgver gets extracted from the end of the URL and may
not have a valid format yet (but we want the APKBUILD anyway).
* Stored options passed through in `pmb/config/__init__.py` and use it
in both `pmb/parse/arguments.py` and `pmb/helpers/frontend.py`.
* Only allow `-n` with SRCURL
* The postmarketOS aports folder gets specified with `--folder` now.
That way the generated help page is much closer to the original one
from `newapkbuild`. The default is `main`.
* Made the package type flags (CMake, autotools, ...) exclusive so only
one of them can be specified
After initializing the build environment, the cache_distfiles folder
currently is writable by everyone (which is not ideal, fix following
soon). The aportgen code for `busybox-static-*` and `musl-*` copies
the foreign arch `.apk` file to the distfiles, but it executes this
action as regular user and not as root. This only works as long as
build initialization ran before (which may not be the case on Travis
and expecting this to run before is a bug in general).
With this commit, the copy action gets executed as root, so it works
in any case. I'm commiting this directly (without a PR), because it
is a super simple fix and it unblocks our continuous integration.
Local testing:
$ pmbootstrap -y zap
$ sudo rm -r ~/.local/var/pmbootstrap/cache_distfiles
$ pmbootstrap aportgen musl-armhf
In order to get cross-compilers, we generate a few aports (e.g.
binutils-armhf, gcc-armhf) automatically from Alpine's aports.
pmbootstrap was already able to perform a git checkout of Alpine's
aports repository. But it needed to be manually updated. Otherwise
the `pmbootstrap aportgen` command could actually downgrade the aport
instead of updating it to the current version.
After thinking about adding a dedicated pmbootstrap command for
updating git repositories, I thought it would be better to not open
that can of worms (pmbootstrap as general git wrapper? no thanks).
The solution implemented here compares the upstream aport version of
the git checkout of a certain package (e.g. gcc for gcc-armhf) with the
version in Alpine's binary package APKINDEX. When the aport version is
lower than the binary package version, it shows the user how to update
the git repository with just one command:
pmbootstrap chroot --add=git --user -- \
git -C /mnt/pmbootstrap-git/aports_upstream pull
Changes:
* `pmb.aportgen.core.get_upstream_aport()`: new function, that returns
the absolute path to the upstream aport on disk, after checking the
version of the aport against the binary package.
* Use that new function in pmb.aportgen.gcc and pmb.aportgen.binutils
* New function `pmb.helpers.repo.alpine_apkindex_path()`: updates the
APKINDEX if necessary and returns the absolute path to the APKINDEX.
This code was basically present already, but not as function, so now
we have a bit less overhead there.
* `pmbootstrap chroot`: new `--user` argument
* `pmb.parse.apkbuild`: make pkgname check optional, as it fails with
the official gcc APKBUILD before we modify it (the current APKBUILD
parser is not meant to be perfect, as this would require a full shell
parsing implementation).
* Extended `test_aportgen.py` and enabled it by default in
`testcases_fast.sh`. Previously it was disabled due to traffic
concerns (cloning the aports repo, but then again we do a full KDE
plasma mobile installation in Travis now, so that shouldn't matter
too much).
* `testcases_fast.sh`: With "test_aport_in_sync_with_git" removed
from the disabled-by-default list (left over from timestamp based
rebuilds), there were no more test cases disabled by default. I've
changed it, so now the qemu_running_processes test case is disabled,
and added an `--all` parameter to the script to disable no test
cases. Travis runs with the `--all` parameter while it's useful to
do a quick local test without `--all` in roughly 2 minutes instead of
10.
* `aports/cross/binutils-*`: Fix `_mirror` variable to point to current
default Alpine mirror (so the aportgen testcase runs through).
## Introduction
In #1302 we noticed that `pmb.chroot.user()` does not escape commands
properly: When passing one string with spaces, it would pass them as
two strings to the chroot. The use case is passing a description with
a space inside to `newapkbuild` with `pmboostrap newapkbuild`.
This is not a security issue, as we don't pass strings from untrusted
input to this function.
## Functions for running commands in pmbootstrap
To put the rest of the description in context: We have four high level
functions that run commands:
* `pmb.helpers.run.user()`
* `pmb.helpers.run.root()`
* `pmb.chroot.root()`
* `pmb.chroot.user()`
In addition, one low level function that the others invoke:
* `pmb.helpers.run.core()`
## Flawed test case
The issue described above did not get detected for so long, because we
have a test case in place since day one, which verifies that all of the
functions above escape everything properly:
* `test/test_shell_escape.py`
So the test case ran a given command through all these functions, and
compared the result each time. However, `pmb.chroot.root()`
modified the command variable (passed by reference) and did the
escaping already, which means `pmb.chroot.user()` running directly
afterwards only returns the right output when *not* doing any escaping.
Without questioning the accuracy of the test case, I've escaped
commands and environment variables with `shlex.quote()` *before*
passing them to `pmb.chroot.user()`. In retrospective this does not
make sense at all and is reverted with this commit.
## Environment variables
By coincidence, we have only passed custom environment variables to
`pmb.chroot.user()`, never to the other high level functions. This only
worked, because we did not do any escaping and the passed line gets
executed as shell command:
```
$ MYENV=test echo test2
test 2
```
If it was properly escaped as one shell command:
```
$ 'MYENV=test echo test2'
sh: MYENV=test echo test2: not found
```
So doing that clearly doesn't work anymore. I have added a new `env`
parameter to `pmb.chroot.user()` (and to all other high level functions
for consistency), where environment variables can be passed as a
dictionary. Then the function knows what to do and we end up with
properly escaped commands and environment variables.
## Details
* Add new `env` parameter to all high level command execution functions
* New `pmb.helpers.run.flat_cmd()` function, that takes a command as
list and environment variables as dict, and creates a properly escaped
flat string from the input.
* Use that function for proper escaping in all high level exec funcs
* Don't escape commands *before* passing them to `pmb.chroot.user()`
* Describe parameters of the command execution functions
* `pmbootstrap -v` writes the exact command to the log that was
executed (in addition to the simplified form we always write down for
readability)
* `test_shell_escape.py`: verify that the command passed by reference
has not been modified, add a new test for strings with spaces, add
tests for new function `pmb.helpers.run.flat_cmd()`
* Remove obsolete commend in `pmb.chroot.distccd` about environment
variables, because we don't use any there anymore
* Add `TERM=xterm` to default environment variables in the chroot,
so running ncurses applications like `menuconfig` and `nano` works out of
the box
Since PR #1247 we are using the virtual package `.pmbootstrap` to mark
packages as not explcitly installed. In case `pmbootstrap` doesn't
finish the installation because of a bug, the `.pmbootstrap` virtual
package may not get uninstalled.
As virtual packages don't have the "timestamp" attribute set in the
package database (which indicates when the package was built), the
APKINDEX parser fails to parse them.
Changes:
* pmb.parse.apkindex.parse_next_block(): don't require the "timestamp"
attribute to be set (but the arch attribute instead, which is always
present)
* pmb.parse.apkindex.parse(): when a block does not have a `timestamp`
attribute, skip it, because it must be a virtual package.
* add test cases for both functions with a package database that
contains a virtual package.
`-m` is for deleting local compiled packages, for which there is no
aport with the same version. Prior to this change, this only worked
for packages where no aport exists, or for packages that are newer
than the aports.
That is, because we used the usual APKINDEX parsing logic, which
ignores old packages in the APKINDEX and only returns the one with the
highest version (that makes sense during dependency resolution).
Changes:
* New `pmb.parse.apkindex.parse_blocks()` function that returns a raw
list of blocks, instead of the dict with removed duplicates with
lower version you get from the usual `.parse()` function.
* Renamed each of the zap flags and their descriptions to make clear
what they are doing now.
```
short long (old) long (new)
-p --packages --pkgs-local
-m --mismatch-bins --pkgs-local-mismatch
-o, --old-bins --pkgs-online-mismatch
```
Use case: `mkbootimg` provides the `unpackbootimg` package. When
running `pmb.chroot.apk.install(args,"unpackbootimg")`, it was not
able to properly build the package.
Reproducing the error:
```
sudo rm ~/.local/var/pmbootstrap/packages/x86_64/mkbootimg*
pmbootstrap index
pmbootstrap --mirror-pmOS="" chroot --add=unpackbootimg
```
Or alternatively (simpler but less illustrative):
```
pmbootstrap build unpackbootimg --force
```
The `suffix` argument was not specified in chroot commands executed in
`pmb.build._package.override_source()`. Because of that, it was not
possible to use "build --src" when compiling in a non-native chroot,
for example:
```
$ pmbootstrap build hello-world --arch=armhf
...
(native) % rm /tmp/APKBUILD.append
rm: can't remove '/tmp/APKBUILD.append': No such file or directory
```
### Only download APKINDEX for relevant architectures
We're downloading the APKINDEX files for all architectures supported by
postmarketOS currently (x86, x86_64, armhf, aarch64). Most of the time,
we only need it for the native and device arch, so this PR reduces the
downloaded files to what is really necessary.
### Intuitive pmbootstrap update logic
* pmb.helpers.repo.update():
* Default is updating all arches where the APKBUILD files exist
* Add existing_only parameter
* Return True when files have been downloaded
* Properly print which arches will be updated
* Print update reason only in verbose log
* Add and improve comments
* pmb.parse.arguments(), update action:
* Add --non-existing parameter
* Default for --arch is None (instead of arch.native)
* pmb.helpers.frontend.update():
* Inform about --non-existing if no APKBUILDs have been updated
In case the user does not specify for which arch packages should be
built with `pmbootstrap build`, we detect it automatically.
Previous logic was, that if the APKBUILD's arch is "all" or "noarch",
then prefer the native arch, and otherwise use the first one in the
list of available arches.
New behavior is, that we also check if the list of possible arches
contains the native arch (and if that fails, the device arch). If that
is the case, we return the native/device arch instead of the first one
in the list.
### Use case
The arch from `gcc-armhf` and similar packages (as generated by
`pmbootstrap aportgen`) used to be "all", but is nowadays a specific
list of arches. This means, that after updating the `gcc-armhf` and
`gcc-aarch64` packages, and calling `pmbootstrap build gcc-armhf`,
it will try to build `gcc-armhf` for `aarch64` instead of the native
architecture, because that is the first one listed.
And since compiling to `aarch64` requires `gcc-aarch64`, it will build
that for the native architecture first.
So you're asking for `gcc-armhf` and it compiles `gcc-aarch64`, which
is very confusing (see #1272).
pmbootstrap does dependency resolving on its own, and passes the list
of resolved packages to apk when we want it to install something. The
reason was outlined in #129:
> fixing #120: packages do not get updated in "pmbootstrap install"
> after they have been rebuilt. For this to work, we specify all
> packages explicitly for abuild, instead of letting abuild do the
> resolving.
This new PR fixes#1212 (which noted that all of these dependencies
were explicitly marked for installation) by doing the following:
1. All packages and dependencies get attached to the virtual package
.pmbootstrap instead of world
2. We install the packages (without depends) explcitly
3. .pmbootstrap gets removed, which means that all packages from 1.
stay installed, but are no longer marked as explicitly installed.
They will get removed automatically, when the depending packages get
removed.
In addition, the mechanism for replacing the package of locally built
packages with their full path, was broken and has been fixed in this
commit. This is necessary to update packages of the same version with
apk.
* device-*: add postmarketos-base to depends
* aportgen: add postmarketos-base to depends
* Add test case
* postmarketos-base: Don't depend on devicepkg
* msm-fb-refresher: Enable service in post-install
We don't use 'arch="all"' in our kernels anymore (that does not make sense,
since each arch needs its own kernel config). This patch fixes the menuconfig
code to work with multiple values in the "arch" field.
Here are the changes necessary in pmbootstrap to make proprietary
software installed onto the device (firmware and userspace drivers)
optional (#756). To full close the issue, we need to apply this concept
to all device packages we already have in a follow-up PR.
Changes:
* New config file options nonfree_firmware and nonfree_userland, which
we ask for during "pmbootstrap init" if there are non-free components
for the selected device.
* We find that out by checking the APKBUILD's subpakages: The non-free
packages are called $pkgname-nonfree-firmware and
$pkgname-nonfree-userland.
* During "pmbootstrap init" we also show the pkgdesc of these
subpackages. Parsing that is implemented in
pmb.parse._apkbuild.subpkgdesc(). It was not implemented as part of
the regular APKBUILD parsing, as this would need a change in the
output format, and it is a lot *less* code if done like in this
commit.
* pmb/parse/apkbuild.py was renamed to _apkbuild.py, and
pmb/install/install.py to _install.py: needed to call the function in
the usual way (e.g. pmb.parse.apkbuild()) but still being able to
test the individual functions from these files in the test suite.
We did the same thing for pmb/build/_package.py already.
* Install: New function get_nonfree_packages() returns the non-free
packages that will be installed, based on the user's choice in
"pmbootstrap init" and on the subpackages the device has.
* Added test cases and test data (APKBUILDs) for all new code,
refactored test/test_questions.py to have multiple functions for
testing the various questions / question types from
"pmbootstrap init" instead of having it all in one big function.
This allows to use another aport folder for testing the new
non-free related questions in init.
The message appears 20 or so times in a row when setting up a new
chroot. Right now we log it into the debug log (which is what
"pmbootstrap log" and "pmbootstrap --details-to-stdout" show). This
is annoying for normal pmbootstrap usage, and really clutters up the
Travis output.
This commit changes the log level to verbose, so it only shows up
when "-v" is passed to pmbootstrap.
Without this fix, `pmbootstrap zap -m` fails with:
File "/home/user/code/pmbootstrap/pmb/__init__.py", line 61, in main
getattr(frontend, args.action)(args)
File "/home/user/code/pmbootstrap/pmb/helpers/frontend.py", line 322, in zap
distfiles=args.distfiles)
File "/home/user/code/pmbootstrap/pmb/chroot/zap.py", line 54, in zap
zap_mismatch_bins(args, confirm, dry)
File "/home/user/code/pmbootstrap/pmb/chroot/zap.py", line 110, in zap_mismatch_bins
if pkgname != bin_data["pkgname"]:
KeyError: 'pkgname'
* The APKINDEX parser used to return a dictionary with one package for
a given package name. This works for the installed packages database,
because there can only be one provider for a package. But when
parsing packages from binary repositories, we need to support
multiple providers for one package. It is now possible to get a
dictionary with either multiple providers, or just a single provider
for each package.
* Dependency parsing logic has been adjusted, to support multiple
providers. For multiple providers, the one with the same package
name as the package we are looking up is prefered. If there is none
(eg. "so:libEGL.so.1" is provided by "mesa-egl"), it prefers packages
that will be installed anyway, and after that packages that are
already installed. When all else fails, it just picks the first one
and prints a note in the "pmbootstrap log".
* Added testcases for all functions in pmb.parse.apkindex and
pmb.parse.depends
* pmbootstrap chroot has a new "--add" parameter to specify packages
that pmbootstrap should build if neccessary, and install in the
chroot. This can be used to quickly test the depencency resolution
of pmbootstrap without doing a full "pmbootstrap install".
Fixes#1122.
* New "pmbootstrap build --src=/local/source/path hello-world" syntax
* The local source path gets mounted inside the chroot
* From there, a copy of the source code gets created with rsync (so
we can write into the source folder if necessary, for better
compatibility with all kinds of APKBUILDs)
* After the aport gets copied into the chroot before building (as
usually), we extend the APKBUILD with overrides to make it use
mountpoint's source instead of downloading the package's source
from the web as usually
* The package built with the local source gets _pYYYYMMDDHHMMSS
appended to the pkgver
* linux-postmarketos-mainline: use $builddir, fix patch checksum
The 'necessary_kconfig_options' dictionary in pmb/config/__init__.py
now has the different architectures (space separated) as the keys and
the dictionary, which matches kernel config options and their
expected value, as its value.
For that purpose, the 'check' function in pmb/parse/kconfig.py was
modified, so that it takes the architecture from the kconfig filename
and uses it to find the needed kernel config options.
Closes#1218.
Closes#441. Adjust bootimg_analyze code:
* Install mkbootimg (which now provides unpackbootimg) instead of
unpackbootimg. In theory, pmbootstrap should recognize this
automatically, however right now it does not yet handle this case.
* The file names of the extracted files have changed.
Right now, they appear on screen when using --details-to-stdout. This
does not work well with Travis CI and screws up the log.
Disabling the progress bars in abuild works just like Alpine does it in
their Travis CI script: Exporting SUDO_APK as
"abuild-apk --no-progress" instead of "abuild-apk".
test_check_checksums.py: Run "pmbootstrap build_init" before building
any packages, so it is a bit less verbose (downloading the APKINDEX
files etc.). Later we run the build init code again (because we use
--strict while building the packages), but then the APKINDEX files
are already present. So overall the log is a bit shorter before the
building starts. (It is still logged to the logfile, which gets
printed on error anyway.)
* Testsuite: Run UIs in Qemu and check running processes (and other changes)
* When `pmbootstrap qemu` gets killed, it now takes down the Qemu process with it
* `test/check_checksums.py` got a new optional `--build` parameter, which makes
it build all changed packages instead of just checking the checksums
* We run this before running the testsuite now, so all changed packages get
built before running tests (otherwise tests would hang without any output
while a changed package is building)
* New testcase, that zaps all chroots, installs a specific UI (xfce4 and
plasma-mobile currently, easy to extend), runs it via Qemu and checks the
running processes via SSH.
* Version checking testcase: rewritten to include Alpine's testsuite file in
our source tree, so we don't need to clone their git repo anymore. Now it
is enabled for Travis.
* All this gives us a nice 10% code coverage boost
* Increased the `hello-world` pkgrel to verify that the Travis job is working.
* Various fixes
* Build device-packages for the device arch and don't raise an
exception, but print a note if --ignore-depends is not specified
and therefore the kernel gets installed, too.
* Don't use --force when building in Travis (because abuild doesn't
check the checksums then. Bug report on the way.)
* Don't run the building process in the background, but wait for its
completion
* Exit with 1 when showing usage in check_checksums.py
It used to have an entry for /mnt/pmbootstrap-packages, which only
makes sense while working on the chroot with pmbootstrap. After the
installation on the device, there's no repo in that path.
Furthermore, empty lines were added to the recovery installer script
for readability (thanks @ata2001!)
Follow up to #1162.
* `pmb.build.buildinfo()`: Used to record the build environment. It is
flawed because it scans the repo APKINDEX files instead of using the
actually installed packages list. When it was implemented we were not
able to do the latter. After this is removed, `pmb.parse.depends` can
be simplified (it needs to be rewritten for #1122).
* `pmb.helpers.repo.diff()` and `pmb.helpers.repo.files()`: These were
used exclusively by `pmb.build.buildinfo()`, to learn about which
files have been changed in the local repository folder after a
package was built. The idea was, that we could find subpackages that
way. But this information is present in the installed package list as
well, which is a much cleaner approach.
Nowadays pmb.config.build_device_architectures holds the native
architecture as well, so we don't need to explicitly download the
native architecture APKINDEX.
* Fail if mkbootimg/uboot-tools are not installed, but creating a
boot.img file / u-boot legacy image was requested via deviceinfo
(fixes#312)
* Fail if /boot/dt.img is missing, but we have a qcdt device
* Fail if the dtb file specified in deviceinfo does not exist
* Fail if mkbootimg etc. exit with error code
* Don't try to add the ext4 module into the initramfs. We always
compile it into the kernel. Instead, kconfig_check makes sure it
is enabled now. (fixes#1037)
* Add a note that modprobe warnings can be ignored mostly
zap -m:
* APKINDEX parsing: parse the "origin" field as well, so we know
where a subpackage comes from
* pmbootstrap zap -m: properly delete all packages, that do not
have an aport or where the aport has another version. This also
works with subpackages now,
we use the origin field to resolve it.
* Only reindex when packages have been deleted in "zap -m"
zap in general:
* Show the amount of cleared up space after the deletion instead
of "Done"
* Print "Shutdown complete" to "pmbootstrap log" instead of stdout
(we need to call it twice during zap now to get the space
calculation right)
* Add `--dry` argument to `pmbootstrap zap` (this was very useful
for debugging) to list the packages/chroots that would get
deleted
* Roughly output the command that would get executed to delete
files, so it's obvious what's going on in --dry mode. (% rm ...)
If you want to build a package without changing the version number,
please use `--force` from now on. For example:
pmbootstrap build --force hello-world
Prior to this commit, changes were detected automatically (timestamp
based rebuilds). However, that feature does not work as expected with
the binary package repository we have now, and depending on how you use
git, it has never worked. Close#1167, close#1156, close#1023 and
close#985. This commit also mentions --force when a package is up to date,
but the user requested to build it.
Preparation for #1122.
* `pmb.parse.apkindex.parse()`, removed strict parameter: This used to raise
an exception when two entries in the apkindex provided the same package.
Turns out this is *not* invalid after all, two packages can provide the same
soname for example (e.g. libhybris, mesa-egl). In an APKINDEX, sonames are
listed as they were packages ("so:libjpeg.so.8" etc.).
* Remove `pmbootstrap challenge` leftover code from reproducible builds effort,
which was a dead end. This code uses the broken strict feature.
The message showed up, when you apk-static download could not be
verified. What the user needs to do instead is checking if openssl
is installed, and possibly delete the http cache ("zap -hc").
This PR makes the workflow faster and pmbootstrap will
produce less traffic. Details:
* Check if it's possible to create and read from a device
node directly when initializing a chroot (closes#472)
* Copy the Qemu binary into the forign-arch chroots
before initializing them, so the post-install script
directly work during the chroot setup and we don't need
to call apk fix afterwards
* Use pmb.helpers.repo.update(), which only updates the
APKINDEX files if they are older than 4 hours, instead
of using apk's repo update function which always
downloads the APKINDEX files
* Chroot initialization
* Getting the initial APKINDEX to download apk-tools-static
* Updating the APKINDEX at the start of pmbootstrap install
* Fixed a bug in from_chroot_suffix: the buildroot_x86_64 has
architecture x86_64, not x86.
Example: Building gcc-armhf for armhf does not make sense, so this
commit changes arch="all" to arch="aarch64 x86_64". This helps to
simplify the repository scripts (#970).
Also don't build "-repack" packages in native chroot anymore.
This was a legacy hack, which has no use anymore, and it prevented
the package from being built for different architectures.
Small improvements:
* Allow to specify multiple packages to `pmbootstrap parse_apkbuild`
* Specifying no package will parse all packages (like kconfig_check)
(also `parse_apkbuild`)
* JSON output is sorted of `parse_apkbuild`
* Make pkgver check optional, so we can disable it in the device wizard test case
* Parse_apk* -> apk*_parse
* Don't let the user mess with globs (disallow '*' in pkgname)
* pmbootstrap: __config_.py - update the deviceinfo_attributes table
Add missing attributes:
* "screen_width"
* "screen_height"
* "dev_touchscreen"
* "dev_touchscreen_calibration"
* "dev_keyboard"
* "bootimg_qcdt"
Reorder the list to correspond to pmb/aportgen/device.py
Add a comment in the aforementioned file to avoid forgetting to update
this list.
Signed-off-by: Mayeul Cantan <mayeul.cantan@gmail.com>
* pmbootstrap: add qcdt generation to the linux aportgen APKBUILDs
This checks the next box in #688
When the device has bootimg_qcdt set to true, the following is done to
the linux APKBUILD:
* Add dtbtool to makedepends
* Call dtbTool during build() to generate dt.img
* Add the generated dt.img in the package's boot/dt.img
Signed-off-by: Mayeul Cantan <mayeul.cantan@gmail.com>
Fixes#893. Changes:
* New action: "pmbootstrap pkgrel_bump"
* pmbootstrap detects missing soname depends when trying to install
anyting, and suggests "pkgrel_bump --auto" to fix it
* Testcase test_soname_bump.py checks the pmOS binary package repo
for soname breakage, so we see it when CI runs for new PRs
* libsamsung-ipc: bump pkgrel because of soname bump
* Don't ask for the mesa driver when the Qemu arch is not the
native arch and always use swrast in that case
* qemu-vexpress: use LTS kernel
* qemu-aarch64: use drm-backend for weston
This reverts commit 99d7b58ee5.
People usually add manufacturer name in the phone full name which
results in having manufacturer written double in pkdesc (e.g. `Samsung
Samsung Galaxy Mini 2`)
If pmbootstrap says your apk is outdated, just run...
pmbootstrap zap -hc
...as it advises, to clear your http cache which contains the old
apk-tools-static.
This fixes#1066, where pmbootstrap crashes with a permission error
when you run it for the first time (no work folder exists) and you
run the boot.img analyzer because you want to start a new device
port.
It also prints a more helpful message if pmbootstrap crashes before
the log file was generated (suggests to use --details-to-stdout).
* Changed usb-shell behavior, it wait for some user action before continue booting
* Rename usb-shell to debug-shell and changed port to 23
* Add `20-debug-shell.sh` script to static code analysis
* Enable eth0 interface in initramfs (qemu)
* Add additional script to run a shell in order to be able to kill it from a telnet session
* Rename deviceinfo variable flash_methods to flash_method
* Update pmb.config.deviceinfo_attributes / add sanity check
* Add test case that parses all deviceinfo files
* ccache: Fix for distcc cross-compiling / various improvements
* Make ccache work when cross-compiling with distcc (fix#716)
* Allow to configure the ccache size in "pmbootstrap init"
* Moved ccache stats code from pmb/build/other.py to
pmb/helpers/frontend.py
* Grouped job count, ccache size and timestamp based rebuilds
together to "build options" and allow to skip them
* Sorted config options that had to be modified anyway
alphabetically
* Improve comment in arch-bin-masquerade APKBUILD
Fixes#955. Previously we did not look through all APKINDEXes while
looking for the package with a given name and the highest version.
This caused pmbootstrap to build packages even if they are in the
binary repo and up to date.
Add qt5-qtbase with OpenGL ES2 enabled and adjust the
upstream compatibility test case.
* Test case: don't get the qt5-qtbase version from any APKINDEX, but
only from Alpine's community APKINDEX
* Test case: If the pkgver is 9999, look at _pkgver
On my system, /proc/mounts sometimes contains a line like
```
udev /media/zhuowei/redhd/pmbootstrap/chroot_native/dev/loop0p2\040(deleted)
devtmpfs rw,relatime,size=1959476k,nr_inodes=489869,mode=755 0 0
```
The "\040(deleted)" text confuses `pmbootstrap shutdown`. Remove the suffix
if we find it in a /proc/mounts entry. This fixes#545.
This is a follow-up to #935.
* fix regression #941: pmbootstrap doesn't automatically pick the
right architecture for building when none is specified
* remove obsolete --noarch-arch parameter
* Rename pmb/build/package.py to pmb/build/_package.py, so we can
access the functions it contains in testcases, and still use
pmb.build.package()
* Refactor the entire file. Instead of one big function that does
too many things, we have many small ones now, that are tested
in the testsuite and easier to modify
* Whenever building a package, pmbootstrap does not only build and
install the "makedepends" (like we did before), now it does the
same for the "depends". That's required to be compatible with
abuild. The old behavior can still be used with 'pmbootstrap
build --ignore-depends'.
* Because of that change, noarch packages can no longer be built in
the native chroot if we need them for a foreign chroot. A device-
package depending on a kernel would pull in the same kernel for
the native architecture otherwise.
* Running 'pmbootstrap build device-...' without '--ignore-depends'
and without a matching '--arch' displays a note that explains
this change to the user and tells how to use it instead.
* Noarch packages no longer get symlinked. That was only
implemented for packages built in the native chroot, and now that
is not always the case anymore. Symlinking these packages creates
packages with broken dependencies anyway (e.g.
device-samsung-i9100 can't be installed in x86_64, because
linux-samsung-i9100 is armhf only).
* Rename "carch" to "arch" wherever used. Naming it "carch"
sometimes is confusing with no benefit.
* Add a testcase for the aarch64 qemu workaround (because it failed
first and I needed to know for sure if it is working again).
* Improved some verbose logging, which helped with development of
this feature.
* Removed the old "build" test case (which was disabled in
testcases_fast.sh) as the new "build_package" test case covers its
functionallity.
* Only build indexes if the packages folder exists for that arch (Travis
couldn't run a test case otherwise)
* add my own build key
* enable the repo in the config
* update the README file
* Adjust testcase, that validates the keys and enable it in testcases_fast.sh
* Only save/load keys to/from the config file, which we ask for during
'pmbootstrap init', so the binary repo gets used even if a config file
already exists (this also removes a workaround, that deletes the work
folder path from the config dictionary before writing it)
* Download missing APKINDEX.tar.gz files with Python code, before
attempting to build packages (so we know which ones aleady exist in
the binary packages repository)
* Consider APKINDEX files older than 4 hours as outdated and download
them again (also in Python code)
* Provide 'pmbootstrap update' to force-update the APKINDEX files
* Travis: more logging output on failure
* Only allow keys from config_keys to be used by "pmbootstrap config"
If a user has a restrictive umask (for example 0077) set, it will be
inherited to sudo and thus files created with sudo where not readable by
the normal user. In that case, when setting up a new chroot, the
etc/apk/repositories file would have umask 600 and a os.path.exists()
(in update_repository_list) would return false. Setting the umask to 022
(octal) first, results in world readable files and directories, so the
user running `./pmbootstrap.py install` can read them.
This adds a new deviceinfo 'flash_fastboot_max_size' used for
preventing fastboot from flashing a system partition that is too
large. Some devices do not support flashing over a certain size
(e.g. 500MB).
When not specifying an architecture for `pmbootstrap build`, and the `APKBUILD`
says that it can't be built for the native arch, it gets built for the right
foreign arch. `pmbootstrap` did not properly detect if packages were already
built in that case, and tried to build them again.
(I've noticed that while building packages for the binary repo #871.)
Use any `linux-` package, that is not available for `x86_64` on a `x86_64` PC
and build it twice. It should get properly detected now:
```shell
pmbootstrap build linux-amazon-thor
pmbootstrap build linux-amazon-thor # should not get built again
```
The mesa driver, which ends up in the installation image, needs to be known
before the installation is done (in other words: when running the qemu action,
it is to late as the image has already been generated). That's why one can
choose the Qemu mesa driver in `pmbootstrap init` now:
```
Device [qemu-amd64]:
Which mesa driver do you prefer for your Qemu device? Only select something other
than the default if you are having graphical problems (such as glitches).
Mesa driver (dri-swrast/dri-virtio) [dri-virtio]:
```
It is still possible to select `dri-swrast`, because `dri-virtio` may not work
in all cases, and that way we could easily debug it or experiment with other
mesa drivers (e.g. the "vmware" one, which is supported by mesa and Qemu).
Other changes:
* `pmbootstrap qemu` accepts a `--display` variable now, which passes the value
directly to `qemu`'s `display` option. It defaults to `sdl,gl=on` (@PureTryOut
reported that to work best with plasma mobile on his PC). `--display` and
`--spice` (which is still working) are mutually exclusive.
* Removed obsolete telnet port pass-through: We only use the debug telnet port
since osk-sdl has been merged.
* Add show-cursor to the Qemu command line, so it shows a cursor in X11
* Refactored the spice code (`command_spice` only returns the spice command,
because it has all necessary information already) and the spice port can be
specified on the commandline now (previously it was hardcoded in one place and
then always looked up from there).
* Start comments with capital letters.
* Keep the log on the screen a bit shorter (e.g. Qemu command is written to the
"pmbootstrap log" anyway, so there's no need to display it again).
* linux-postmarketos-stable: Adjust kernel configs
x86_64, armhf: enable as modules:
CONFIG_DRM_VIRTIO_GPU, CONFIG_VIRTIO_PCI, CONFIG_VIRTIO_BALLOON
aarch64: all 3 options were already enabled as built-in (no change)
* Set '-vga virtio' for mesa-dri-virtio
This removes any existing symlinks (which always seem to be broken when
this is encountered) to <workdir>/chroot_native/etc/apk/cache before
creating the symlink.
* pmbootstrap init: Generate new port device- and linux-package
* adds `pmbootstrap aportgen device-*` and
`pmbootstrap aportgen linux-*`
* ask for confirmation when selecting a non-existing device
* generate the packages directly from init
* refactor aportgen code
* fixed some easy things in the linux- APKBUILD (more to come in
follow-up PRs!)
Testing:
* Test all questions to the user from pmb.config.init and pmb.aportgen.device
(except for the timezone question, because we would need to monkeypatch the
os.path.exists() function, which messes up pytest, so we'd need to refactor
the timezone function to be more testsuite friendly first)
* Run the device wizard in a testcase a few times and check the output, that
pmbootstrap.aportgen.device and pmbootstrap.aportgen.linux create by parsing
the resulting APKBUILDs and deviceinfo and checking its contents.
* Build the generated device package once in the same testcase
Thanks a lot to @drebrez for all the help with this one:
<https://github.com/postmarketOS/pmbootstrap/pull/821>
See also the updated porting guide:
<https://wiki.postmarketos.org/wiki/Porting_to_a_new_device>
* Add architecture argument for the buildroot chroot, defaults to device architecture
* Output pmbootstrap log file after failure to debug Travis failure
* Travis: disable timestamp based rebuilds
This caused builds to fail with a modern GCC at least once, and while it originally was meant as
security feature by Qualcomm, "it is unsupported by Qualcomm, and opens up to a wide range
of potential attack surfaces that has not been audited by anyone."
* Removed obsolete apkindex_files cache testcase (the corresponding
function has been removed in #345 already).
* Fix test_challenge_apk: It failed on Travis, because we're accessing
/etc/abuild.conf, which only exists after initializing the build environment.
It's a random dummy file anyway, so I've replaced it with another file.
* Fix test_folder_size: accept a tolerance in the result
The method of 'install detection' used here is to look for a partition with pmOS_boot in the partition label. It's not a guarantee, but it works when FDE is enabled without having to unlock the partition to read files within it.
This way we could give the user a rough idea what will be installed,
and also use this to display a short warning about long compile times
(e.g. until the plasma mobile stuff is upstreamed).
* Allow to specify a custom username in "pmbootstrap init"
* Build chroots have "pmos" instead of "user" as username now
* Installation user UID is 1000 now (as in all other Linux distributions)
* Adjust autologins
* postmarketos-base: enable wheel group for sudo, removed previous sudoers file
* Implement safe upgrade path:
We save the version of the work folder format now, in $WORK/version.
When this file does not exist, it defaults to 0.
In case it does not match the currently required version
(pmb.config.work_version), then ask the user if it should
automatically be upgraded.
* apkindex:
* Also parse the architecture field
* symlink_noarch_package:
* Renamed to symlink_noarch_packages
* Always work on all packages (so we don't need to guess which
subpackages have been generated after a certain build)
* Get invoked when running 'pmbootstrap index'
* Use 'apk index' to generate one index, where the architecture
does not get rewritten (abuild does that by default, due to
Alpine's repos not having a 'noarch' folder and diverging from
that doesn't make things easier for us). That goes super fast,
and then we know which packages are noarch packages and can
create the symlinks.
* Made output less verbose:
* Use -q for 'apk index' when calling it directly (when it gets
called by abuild we can't control that)
* Output that the APKINDEXes get reindexed only to the 'pmbootstrap
log'.
This checks for /sys/modules/loop before modprobing the loop module. My
understanding is that if this module is built into the kernel, that this
directory is still created. For a kernel without loop built in,
losetup.py will try to load the module using modprobe.
* pmb.helpers.run: support running processes in background
* enable QXL driver support in the linux kernel configurations so
that we can also use SPICE to connect to the VM.
QXL is a paravirtual graphics driver with 2D support
The SPICE project aims to provide a complete open source solution for remote
access to virtual machines in a seamless way.
Both DRM_QXL and DRM_BOCHS are enabled as modules.
According to [1], on Linux guests, the qxl and bochs_drm kernel modules
must be loaded in order to gain a decent performance
* qemu: add new option --spice to connect to VM using a SPICE client
If specified, 'pmbootstrap qemu' will look for some SPICE client in the
user's PATH and run qemu using the QXL driver.
Currently supported spice clients are 'spicy' and 'remote-viewer' but
adding support for more clients can be easily done.
qemu with qxl support will run on port 8077/tcp, which doesn't belong to
any well-known service and represents 'PM' in decimal.
References:
[0] https://www.linux-kvm.org/page/SPICE
[1] https://wiki.archlinux.org/index.php/QEMU#qxl
[2] https://wiki.archlinux.org/index.php/QEMU#SPICE
[3] https://github.com/postmarketOS/pmbootstrap/issues/453 (partially fixed)
We check if origin/HEAD is present. In case that reference is
missing, we show a meaningful error message now, with an explanation
on how to add it. Also moved find_out_of_sync_files_tracked() to
pmb.helpers.git
This only displays the ssh key note if no keys are found, since it's
confusing if a user has 1 key but not the other. In that case, the
message would be displayed despite copying one of the keys over.
This happens currently, when a makedepend is invalid:
ERROR: UnboundLocalError: local variable 'pkgname' referenced before assignment
With this patch, you get the meaning full error that should have been printed instead:
ERROR: Could not find package 'invalid-package' in the aports folder and could not find it in any APKINDEX
This is a workaround for #429, until the iteration count can be
specified directly in cryptsetup.
* Add default iter-time option, and option to override
* set SHA1 default hash for luksFormat, add option to override
* [RX51] load omap-sham in initramfs for HW accel. sha1
* Check kernel config
* Allow specifying multiple kernel packages, and also no packages
which defaults to scanning all kernel configs (it is super fast
anyway)
* Add the check to Travis CI
* Adjust existing kernel configs, so they pass the kconfig_check.
(We've had to put in a lot of defaults in the aarch64
linux-postmarketos configs, that's why the diff is a bit unclean.)
* Increase modified kernel pkgrels
Contrary to abuild, pmbootstrap only installs makedepends, and
keeps the installed packages around - both hacks save lots of time.
However, they may introduce missing makedepends in the APKBUILDs,
that the authors of the APKBUILDs do not notice because it works
for them.
This PR adss a strict mode, which will always clean the chroots
before building a package, and also remove all installed dependencies
after the package was built. You can use the following syntax to
only zap once, but build many packages at once:
`pmbootstrap build --strict hello-world 0xffff heimdall`
It also builds dependencies properly without leaving makedepends
behind.
* moved export code to pmb/export and split it up
* added deprecation notice to "pmbootstrap flasher export"
* made "pmbootstrap export" work
* adjusted the "pmbootstrap flasher export" hints in the code
This adds a new option to `zap`: `-m / --mismatch-bins`
When set, any binary apks in the work directory packages folder will be
removed if their version differs from the version in the relevant
APKBUILD in aports.
Parted often succeeds, but then returns a non-zero exit code, because
it can not inform the kernel of the changes.
In most cases this is not even necessary, so it really should not
fail there.
When the error was fatal, pmbootstrap will crash shortly afterwards
when it tried to mount or run mkfs on the partition anyway.
* Write custom os-release (closes#324)
* Return empty string instead of crashing when the directory is not a git repository
* Use https in homepage URL
The device chroot shouldn't exist yet anyways. Also add a 'device_exists'
variable that can be used to determine if the device entered earlier in
the init has a deviceinfo under aports/device/device-*
* Don't specify pkgnames from "provides" as dependencies
Always use the regular pkgname. That way, we avoid listing all
kinds of so: files as dependencies (because Alpine automatically
adds them as depends= to the package database). This fixes building
weston, and reproducing the build with `pmbootstrap challenge`.
Additional changes.
* Clear the parsed APKINDEX cache for the current pmbootstrap
session after building a package
* Avoid rebuilding a package, in case it was already built due to
circular dependencies
* The system image size is now calculated as: root size - home size.
* New function in `pmb/helpers/other.py`: `folder_size()`, with a
testcase.
* Instead of copying everything to the system image folder, and
deleting the home folder afterwards, do not copy the home folder
in the first place.
* Added `pmbootstrap -s` to skip generating the initramfs for faster
debugging.
* Set the default value in the "are you sure, that your partition has
at least..." to "y", so we can run `yes '' | pmbootstrap install`
to make it run through the whole installation process.
* Increase full size to 120%, boot partition gets 15 MB free space now
This extends zap() to add a 'no_confirm' option (False by default), and
zap() is now called by init with no_confirm=True to automatically zap
any existing chroots after the user runs init. This helps insure that
what is installed in the chroots is exactly what the user expects after
setting options in init.
Additionally, we create `cache_http` to verify write access to the work
folder instead of `chroot_native`. So we can ask for zapping only if
no chroot folder exists.
I've replaced all instances in the code of `os.path.abspath`
with `os.path.realpath`, as this does the same as `abspath`
plus resolving symlinks.
See also: https://stackoverflow.com/a/40311142
* Implement command to retrieve and set configuration values
* qemu: show advice to use "pmbootstrap config"
* Allow "pmbootstrap config" without positional arguments (prints the full config)
* Check valid variable names
This fixes https://github.com/postmarketOS/binary-package-repo/issues/1
GCC generates hardlinks between files `A` and `B` in its `make install` step. The problem is, that `tar` randomly packages `A` as full binary, and links `B` to `A`, or the other way around! I was able to reproduce this issue consistently when re-building `gcc-aarch64` on Travis CI (interestingly, this did not appear for `gcc-armhf`).
The fix is, to delete `B` and create a symlink `B` that points to `A` instead.
Previously, distutils.version.LooseVersion was used, because it was
sort of close enough to how Alpine parses versions.
This new version uses the exact same algorithm, as `apk` does, and
it passes *all* of `apk`'s testcases for version checking (previously
we simply skipped the ones, that did not pass).
* Remove pmb/helpers/version.py left-over (it is in parse now)
* Make asserts consistent, do not use unnecessary parenthesis
* aports: Use $install variable inside $source
So these files also get fingerprinted
* qemu: Use shutil.which instead of pmb.helpers.run.user
* Fix typo in comment
Thanks to Pablo Castellano and Martijn Braam!
In postmarketOS we are now able to generate system images with the
correct configuration so that they can boot already using qemu
This commit brings the `pmbootstrap qemu` action.
This command is very handy because you don't have to set all the
qemu parameters, pmbootstrap does it for you.
* device-qemu-vexpress: Added kernel command line according to wiki
* qemu: Added workaround for image writing permissions
* qemu: Added support to launch postmarketOS in a QEMU virtual machine
- Support for emulating these architectures in QEMU: arm, aarch64, x86_84
- Generate QEMU command correctly depending no guest architecture (arm/x86)
- Run QEMU in the same architecture as the host by default
- Refactoring in pmb.parse.arch and pmb.qemu.run
- Raise exception if DTB file or system image are not present
- Display more useful information when something fails (e.g. image not found)
- Run qemu version depending on arch (host or argument), not device configured
* device-qemu-amd64: set deviceinfo_kernel_cmdline to "PMOS_NO_OUTPUT_REDIRECT"
* qemu: added --memory argument to specific guest RAM
* device-qemu-amd64: adjusted deviceinfo_kernel_cmdline (console=tty1)
* Added /etc/network/interfaces for qemu-amd64
* qemu: Added KVM support if /dev/kvm if present
* Specify separate machines for architecture
* qemu: Check if QEMU is installed instead of crashing
* Added graphics driver to qemu-aarch64
- Use arm (as used in qemu) instead of armhf (used in Alpine)
- qemu argument is -dtb
- Follow same style to build the command + arguments
* qemu: Added SSH port redirection: ./pmbootstrap.py qemu -p 2222
Changes:
* Removed the apkindex_files cache. That particular cache caused
bug #189 and didn't bring any real-world performance improvements
(tested 3x with that cache and 3x without, no significant speed
difference). I decided to remove it instead of keeping it/adding
even more code to resolve the bug.
* Fix the check for already built packages: always use the architecture,
that the package should be built for instead of the architecture of
the build environment (e.g. use armhf, even when building a noarch
package in the x86_64 chroot). This partially resolves#341.
* Make pmb.chroot.apk.install_is_necessary() more robust: If the binary
package is missing, although it should be there, print a warning and
build it with force.
libstdc++.a from gcc-armhf was not reproducible on Travis (it was, when built locally!). These .a files are just archives of object files .o, and in this case it was caused by a random order of the .o files in the archive.
This PR patches the package() function of the APKBUILD when running pmbootstrap aportgen gcc-armhf (same for aarch64 of course), to extract all .a files, and repack them to be reproducible (by sorting the files before packing them).
As usually, we can still inherit everything from the upstream gcc aport from Alpine, and apply our changes on top of that.
Travis without the patch:
https://api.travis-ci.org/jobs/260402679/log.txt?deansi=true
> CHALLENGE FAILED for usr/armv6-alpine-linux-muslgnueabihf/lib/libstdc++.a:File 'usr/armv6-alpine-linux-muslgnueabihf/lib/libstdc++.a' is different!
Travis with the patch (I've instructed Travis to run off this branch to test it):
https://api.travis-ci.org/jobs/260806203/log.txt?deansi=true
> Done. Your build exited with 0.
* Automatically compute the minimum size for the partitions
* Automatically resize the pmOS_root partition during the boot process
* Resize root partition only if there is unallocated space at the end of the device.
* Added more echos to make debugging easier while looking at the pmOS_init.log.
* Updated static_code_analysis.sh script to run shellcheck with `-x` option.
When this parameter is set, `args.logfd` (the log file descriptor)
gets set to `sys.stdout`, so all logging gets directly sent to the
active pmbootstrap session, and not to a log file.
This will be used for Travis jobs, because they get killed after
10 minutes without any output (and builds may take longer).
* Packaged libsparse
libsparse from the Android project provides multiple tools like img2simg
and simg2img.
These are used to split a large image for the system partition into
separate smaller chunks with sparse headers
This is required for several devices (at least bullhead, fp2 and titan)
because it fixes the "Invalid sparse file format at header magi" error
https://github.com/postmarketOS/pmbootstrap/issues/299
* Added new variable deviceinfo_flash_sparse (fixes#299)
Right after the system image is generated, pmbootstrap checks this
variable. In case it is true, run img2simg on it
* motorola-titan: enable deviceinfo_flash_sparse
* libsparse: use source from github: anestisb/android-simg2img
It is not that easy to use the upstream archive because everytime
you download it, the files have the current date as creation date
and that makes the file have a different checksum every download
https://github.com/postmarketOS/pmbootstrap/pull/303#issuecomment-319017197
We can allow both ways:
* pmbootstrap menuconfig linux-motorola-titan
* pmbootstrap menuconfig motorola-titan
The former will show a tip about the second
This also prevents users from running menuconfig on aports like
'device-motorola-titan' or 'mkbootimg'
* Quote architecture in logging message for easier reading
* Added shortcut arguments for --rootfs, --buildroot and --suffix
* Simply remove beforehand link to nowhere if exists (fix#278)
Fixed crash when symlink already existed but pointed to a non-existing location
This was a regression from the improved input validation PR, which
created the chroot_native folder with the wrong permissions (to test
if we have write access to the work folder).
sjamaan found out, that this was the cause of the issue, and also
explained how to fix it, thanks a lot!
Huge thank you to @drebrez for his amazing work on this PR!
* Add generation of initramfs-extra with additional binaries
Extract both initramfs with `pmbootstrap initfs extract`
Add new splashscreens for missing partitions/files errors
Changes in init script:
- use busybox findfs applet to find boot partition
- mount boot partion
- extract initramfs-extra
- show error splashscreens accordingly and loop forever
- start usb unlock directly from unlock_root_partition (hook removed)
* Print out a text message for serial debugging in case of errors
Add initramfs-extra files to `pmbootstrap initfs ls` output
* Fix trailing whitespace in comment...
* ls: Indicate which initramfs we're looking at / add wiki link
I've rewritten the initramfs-development article to reflect the
changes made in this PR. It will be a good read for someone who
extracted the initramfs and wants to know why we have two files.
I've realized that truncate is provided by busybox anyway, so no
need to install coreutils for this.
This should fix creating system image files on ZFS, where fallocate
is not implemented.
If you really want to build busybox, I recommend turning the
"timestamp based rebuilds" feature off, otherwise it will build
for all architectures all the time whenever you change something,
even if you do not increase the version number (that's the idea
of that feature). This is, because busybox is a dependency for
basiscally everything, so it must get updated whenever you install
something, in case it was out of date.
It is easier to simply rename the package.
* Refactored `umount_all` to get the list of folders to be umounted from
`umount_all_list`, so we can test that function in a test case.
* Adjusted `umount_all_list` to return the deep folder levels first
* Added a testcase for that
* Remove redundant calls to `umount_all()` (which were from a time before
`pmbootstrap` was released, in which failing commands did not cause
`pmbootstrap` to raise an exception)
* Various improvements for 'pmbootstrap export' (Fix#232)
* Do not try to generate the system image, but print a notice that
it was not generated yet
* Display export path
* New default path: /tmp/postmarketOS-export (instead of current
working dir)
* Create the export folder, if it does not exist yet
* Prettier output in the export message
* Adjust export message in install for consistency
* postmarketos-splash: change arch from "all" to "noarch"
* lg-mako: use .tar.gz instead of .zip (because that's the reference
APKBUILD)
* #220: Allow specifying multiple packages for checksum, build,
aportgen
* #239: Add chroot shortcuts (--rootfs and --buildroot)
* Show chroot and command before entering chroot
* Validate all inputs from `pmbootstrap init`
* Add a new `confirm()` function, that validates input of yes/no
questions properly
* All questions loop until they have a valid answer now
The creates the linux-postmarketos package which for now supports the n900 (and probably the other maemo devices) and qemu with the vexpress-a9 machine simulation.
I've put the generated dtbs in /usr/share/dtb for now and set the dtb field in the deviceinfo for the n900 and my new qemu device.
* Introduced linux-postmarketos-omap
* Unified kernel progress
* Created kernel bootable with qemu
* Updated n900 deviceinfo for generic kernel
* Changed qemu device to vexpress
* Updated APK comments and added linux-postmarketos-dev package
* Append dtb in mkinitfs
* Fixed bootscript on n900 for the generic kernel
* Don't detect double flavors with -dtb appending
* Added graphics drivers for vexpress (qemu)
* Added more drivers for qemu
This adds virtio network support in qemu for the vexpress-a9 machine.
The keyboard and mouse don't work yet.
You can boot into weston if --no-fde is specified
Thanks, craftyguy!
- UI is selectable with `pmbootstrap init`. Currently only 'weston' and 'none' are options. It'll automatically pick up any new `postmarketos-ui-*` packages added at later dates.
- splits off weston packages install from postmarketos-base and puts
them into postmarketos-ui-weston. Also note that NO weston packages are
installed by "pmbootstrap install" by default unless the user selects a ui in the `init`
- configuration of weston is now in postmarketos-ui-weston.
- the demos have been spun off to `postmarketos-demos`, and `postmarketos-ui-weston` lists this package as a dependency.
This addresses #246 by not storing the aports directory in the config
file. The default location is still available (from config/__init__.py),
and can be overridden.
* Update runtime error message thrown for grsec/hardened kernels, saying that they are not supported right now, #107
* Remove unnecessary check for grsec enable/disable status - the build will not work in either case
Thanks, cmdr2! Here's the text from his PR:
Fixes an issue on alpine-vanilla, where `/dev/loop` is a directory (containing `/dev/loop/0`, `/dev/loop/1` ..etc), and causes `./pmbootstrap install` to fail.
Ignoring the `/dev/loop` directory works because `/dev/` also contains files named `/dev/loop0`, `/dev/loop1` ..etc, which the new code will still pick up.
The `install` command passes after this fix on my alpine-vanilla.
100% tested. Assuming that you don't need to test an obvious change,
because it only changes one line is dangerous. I will learn from this,
sorry for the inconvenience.
`gcc-armhf` compiles fine again with that change, and it is able to
cross-compile packages as it used to.
* Ignore `>`, `<`, `=` and `!` operators, when they are specified in
the dependencies. This was the desired behavior before, but it was
not implemented correctly (so it wouldn't ignore them everywhere).
Of course the real fix would be to honor these operators like apk
does. But this isn't feasible right now, and it should work for
most, if not all, our use-cases. I have documented this in the wiki
under build internals and if we happen to need correct operator
handling, we should do it then.
Minor other changes:
* `pmbootstrap parse_apkindex`: support optional package parameter to
only show the parsed content for one package.
* Support building most python APKBUILDs by replacing ${pkgname#py-}
properly
I've had a strange case where `cryptsetup status` did not work
inside the chroot anymore, and only zapping it would resolve it.
But I couldn't zap, because the status check was preventing shutdown
(on which zap depends) from working. This commit works around that.
I've done some refactoring while debugging #209.
* Unused file `pmb/build/crosscompiler.py` removed (that was a
left over from `_pmb_build_in_native_chroot` hack
* Do verbose logging in distccd, when `pmbootstrap --verbose` is
being invoked
* Restart distccd, when the commandline has changed (e.g. when the
currently running version was not verbose, and the new one is
verbose.) Prior to this change, it only got restarted, when the
architecture changed (so it did not allow changing the job count
on the fly for example).
* Insert missing whitespace in arguments help.
* Fix#145: add deviceinfo_flash_offset_base again
* Add default OFFSET_BASE value in flasher if deviceinfo_flash_offset_base variable is not set
...and set correct default base value in create_bootimg function
Thanks, Pablo Castellano!
* Fixed typo
* Guide user about what are the next steps after flashing kernel and password
* Increased postmarketos-mkinitfs' pkgver and rewording
Changes requested:
https://github.com/postmarketOS/pmbootstrap/pull/179
This properly exports the uImage kernel, which is used by u-boot, when
running 'flasher export'. Note the change to the uImage name to follow
the pattern "uImage-$flavor", which in the case of the RX 51 is
"uImage-nokia-rx51".
This is required for developing and testing the binary repository
scripts (see #64). Changes:
* When specified, the local folder gets mounted inside the chroots
as /mnt/postmarketos-mirror
* The apkindex_files() function outputs the correct path to the local
repository (it does *not* hash the URL in that case, which would
be wrong)
* /etc/apk/repositories: when the pmOS mirror is a local folder,
the path "/mnt/postmarketos-mirror" gets added to that file instead
of the outside path (so apk finds it properly inside the chroot)
This is important for the binary repository scripts, so it's feasible
to test the binary package build and challenge process locally without
setting up a new chroot whenever changing the repo URLs.
Also it behaves a bit more intuitively, because it really uses the
repo URL specified on the commandline, even when the chroot is already
set up.
TLDR: Always rebuild/install packages when something changed when executing "pmbootstrap install/initfs/flash", more speed in dependency resolution.
---
pmbootstrap has already gotten some support for "timestamp based rebuilds", which modifies the logic for when packages should be rebuilt. It doesn't only consider packages outdated with old pkgver/pkgrel combinations, but also packages, where a source file has a newer timestamp, than the built package has.
I've found out, that this can lead to more rebuilds than expected. For example, when you check out the pmbootstrap git repository again into another folder, although you have already built packages. Then all files have the timestamp of the checkout, and the packages will appear to be outdated. While this is not largely a concern now, this will become a problem once we have a binary package repository, because then the packages from the binary repo will always seem to be outdated, if you just freshly checked out the repository.
To combat this, git gets asked if the files from the aport we're looking at are in sync with upstream, or not. Only when the files are not in sync with upstream and the timestamps of the sources are newer, a rebuild gets triggered from now on.
In case this logic should fail, I've added an option during "pmbootstrap init" where you can enable or disable the "timestamp based rebuilds" option.
In addition to that, this commit also works on fixing #120: packages do not get updated in "pmbootstrap install" after they have been rebuilt. For this to work, we specify all packages explicitly for abuild, instead of letting abuild do the resolving. This feature will also work with the "timestamp based rebuilds".
This commit also fixes the working_dir argument in pmb.helpers.run.user, which was simply ignored before.
Finally, the performance of the dependency resolution is faster again (when compared to the current version in master), because the parsed apkbuilds and finding the aport by pkgname gets cached during one pmbootstrap call (in args.cache, which also makes it easy to put fake data there in testcases).
The new dependency resolution code can output lots of verbose messages for debugging by specifying the `-v` parameter. The meaning of that changed, it used to output the file names where log messages come from, but no one seemed to use that anyway.
...instead of running apk every time to get the list of installed
packages and their versions. The internal package database from
apk has the same format, as the extracted APKINDEX file (except
that it has more key-value pairs, which we ignore/do not need
right now). So the APKINDEX code has been extended to parse both
tar-packed APKINDEX files and regular text files in the APKINDEX
format.
This is required for #108, for a better detection of outdated
packages (because the internal package database saves the
package's timestamp, too). A nice benefit is, that this is faster
than calling apk every time and it doesn't fill up the log as much.
I've also used this improved function for determining the apk
version (for the outdated version check), and I've deleted
pmb.parse.other.package_split(), as it is not needed anymore.
* Fix: Do not swallow traces when crashing before log init (e.g.
during argument parsing)
* Show a link to the troubleshooting page, when an error happens
* (Formatting done by autopep8 in pmb/config/init.py)
Previously, if you passed something like ~/build to the init function
for work directory, it would create a directory, .\~/ in the current
working directory instead of resolving ~/ to the user's home directory.
This allow allows using ../ to specify a path.
* Minimum version: 2.7.2 (which fixes two CVEs)
* Check the minimum apk version before doing something with apk and
before entering the chroot manually (previously, it has just checked
the apk-tools-static version, which gets used to set up the chroot)
* Reword the message for an outdated APK version. Most likely it is
just the outdated http cache, instead of a man-in-the-middle attack.
See also:
b849b481a0
* New commandline parameter --mirror-pmOS, where the binary repository
URL for postmarketOS can be specified (empty by default as of now,
this will be filled with the real URL once the repo works)
* Do not build packages, when they are in the binary repository and
the version of the package in the binary repository is up-to-date.
* Add a testcase for pmb.build.is_necessary().
...even if the pkgver and pkgrel have *not* changed. This should
make development much more intuitive. The detection works by looking
at the last modified timestamps, just like `make` does it.
* pmb/challenge/apk.py had to be renamed to pmb/challenge/apk_file.py,
so the "internal" functions of that file could be accessed, while
still providing the short notation pmb.challenge.apk().
* zap asks for each buildroot_* chroot, if you want to remove it, not
only for the one with the device arch
* add new pmb.chroot.tempfolder() function, that creates a temporary
folder, that belongs to "user" and deletes it, if it already exists.
this function gets used in a few challenge testcases.
When an APKINDEX contained a package with multiple versions,
pmbootstrap did not use the last version to determine if the
package is out of date (regression from af8c9fcf5b).
Previously, it was only possible to get information about one
package inside the APKINDEX at a time.
This is needed for #64 to verify the APKINDEX.
Please note, that this implementation is actually slower, than
the previous one. But the code is more readable and it makes
caching possible (which will speed up the APKINDEX massively,
especially for the buildinfo.json file generation!)
...and some smaller fixes:
* make the diff output easier to read
* verify, that only .apk, .buildinfo.json and the APKINDEX have
changed inside the local repository folder. Because the file
names of these changes will be used to release files from
staging to release.
The following message will be printed out now, in case you attempt
to build a package for an architecture, that is not specified in
the "arch=..." line inside the APKBUILD:
ERROR: Architecture 'aarch64' is not supported for this package.
Please add it to the 'arch=' line inside the APKBUILD and try again:
/path/to/APKBUILD
* The supported architectures are inside the config now
* Symlinks get created for that list of supported architectures now.
* During initialization, the architecture from the selected device
gets checked against the list of supported architectures. When
it is not included, a meaningful exception gets raised.
* the aportgen and (cross-compiler) build tests make use of the
new variable now (they had armhf and aarch64 hardcoded previously).
* Fix hardcoded `armhf` in pmb/aportgen/binutils.py
* Generate aports: `binutils-aarch64`, `musl-aarch64`, `gcc-aarch64`
* Distccd: Remember the cross-compiler architecture (currently armhf
or aarch64), that the current distccd is running as, and restart
distccd with the correct architecture, in case a different arch
is needed than what it is currently running as. (Depending on the
cross-compiler arch, the PATH variable gets adjusted before
starting distccd)
* Testcases: add aport generation for aarch64, add cross-compiling
to aarch64
* pmb/parse/arch.py: Add aarch64 to the mapping
* Two new functions for getting a list of files and their timestamps
in the repo, and diffing that information to get a list of changed
files: pmb.helpers.repo.files() and pmb.helpers.repo.diff().
(I've put it in the helpers folder, because it is not specific to
one chroot, but to all chroots at once.)
* pmbootstrap challenge (new command introduced a few commits back to
verify, that the contents of an APK file are deterministic) uses
these functions to a) support subpackages and b) optionally
output a list of changed files (this gets used in the pmbuilder
script, which lives outside of this repository).
This commit is progress for #64 again.
We have "lazy reproducible builds" now. What I mean by that is, that
the resulting "apk" archive is not fully reproducible, but all binaries
inside it are. This is necessary to kick-off the binary repo, which is
in turn required to get the testsuite going on Travis. Read #64 for more
information.
Usage:
```
pmbootstrap build hello-world --buildinfo
pmbootstrap challenge /tmp/path/to/hello-world-1-r2.apk
```
The "--buildinfo" parameter generates a "buildinfo.json", which contains
the versions of all dependencies. It is not very optimizied, so this
is a performance bottleneck and takes 10 seconds (which is quite much
considering that the hello-world package builds in less than a second).
This can be improved in the future, and then the buildinfo parameter
may become the default.
* allows to build/extract/list initramfs, add/del hook
* rebuild the initfs whenever running install or trying to flash/boot it
* flasher flash/boot: automatically set up a minimal rootfs with kernel and initfs,
if it does not exist yet
pmb.chroot.apk.installed() used to return only the explicitly installed
packages. This is not good enough for the initfs check functions (and
especially for the "lazy reproducible builds", from which branch this
commit was cherry picked).
This commit introduces more noise for the logfile - if this becomes
a problem, raise your voice in the issues tracker and we'll do something
about it.
(This commit also changes minor code styling in other files, I did
not run autopep8 last time, because flake8 didn't complain...)
...also increase the default line count to 30, so it's easier to
spot an error if you didn't have the log open when it happened.
This parameter also works for 'pmbootstrap log_distccd', for consistency.
As reported in #53, it appears that older versions of eCryptfs don't
really create the device nodes, although `mknod` does not fail on
the commandline. That's fixed now with this extra check.
* The check for valid sdcard paths has been removed (because it
doesn't make sense for /dev/sd*, this might as well be a real
harddrive)
* New check: abort if any partition of the sdcard is mounted
* Automatically detect if the partitions are called "p1", "p2" etc.
or just "1", "2" etc. (/dev/sda1 vs. /dev/mmcblk0p1)
* pmb.helpers.mount.ismount(): check the source (new) and the target
path in /proc/mounts
This reverts commit 04aabd7d70.
I did not test this well enough, sorry! This introduced problems
such as interactive shell not working anymore (#40), cryptsetup partion
creating not working anymore etc.
This reverts commit 2a39d9c091.
I did not test this well enough, sorry! This introduced problems
such as interactive shell not working anymore (#40), cryptsetup partion
creating not working anymore etc.
This reverts commit c15bf48f77.
I did not test this well enough, sorry! This introduced problems
such as interactive shell not working anymore (#40), cryptsetup partion
creating not working anymore etc.
I did not test this well enough, sorry! This introduced problems
such as interactive shell not working anymore (#40), cryptsetup partion
creating not working anymore etc.
This reverts commit f39c1dae69.
* automatically find the chroot binary on Debian, even if it is not
in the user's PATH
* don't use subprocess.run anymore (remove related testcase, that explicitly
checked for subprocess.run usage, and used recursive globbing, another
post 3.4 Python feature, for the checks. A similar case can be added in the
future, but right now it's more important to get Debian 3.4 working and all
PRs are reviewed anyway.)
* pytest fixtures: don't use the newer "yield" feature, as this is only
supported in a newer version of pytest, than provided on Debian Jessie
From manually testing, most stuff works in Debian Jessie. However, the
testsuite does not run through - creating an empty .tar.gz with Python
fails for some reason (this is done in test_apk_static.py).
The `cli.ask` command would forcibly lowercase the whole string. This
made the script unusable on a non-FHS-compliant system, like mine, where
the users's directories are under `/Users/`.