Many of pmbootstrap's actions require root rights. When after requesting
sudo access pmbootstrap takes longer than the sudo timeout interval to finish
execution, the password will have to be entered again on the next sudo
action.
This change adds an opt-in feature to run sudo -v in a background loop
in order to prevent having to enter the password more than once for a single
pmbootstrap run. The loop runs as a daemon timer which automatically gets
canceled when pmbootstrap exits.
Closes: #1677
Replace the "kill_as_root" argument with a much simpler "sudo" argument
and remove the now obsolete check for the output mode of "kill_as_root".
"kill_as_root" would only get set to True if both conditions are met:
a) command is running with sudo
b) command is running with an output mode ("log" or "stdout") where
pmb.helpers.run_core would kill it if it does not output anything
before a timeout is reached
The new "sudo" argument just indicates if the command is running with
sudo (a), regardless of the output mode (b).
The sideload command runs the supplied names through the pmbootstrap
buildsystem to make sure they're up-to-date, then uses scp from the host
to copy the built apks to /tmp on the phone and installs them through
ssh.
If the --install-key option is set then it will also copy over the apk
key that's used for signing the packages built by pmbootstrap in case
the postmarketOS install on the device isn't build by the same machine
as you're sideloading from.
Before this commit, pmb.helpers.run_core.sanity_checks would raise
a runtime error when pmb.helpers.run.root was called with an output
mode that did not support timeouts (like background).
Adds checks for following kernel config options:
SAMSUNG_TUI:
TUI HW Handler - related to Samsung's security measures
Creates "secure frame buffer", results in bootloop
SEC_RESTRICT_ROOTING:
blocks gaining root permissions
TZDEV:
Samsung TZ Based Secure OS interface driver
(results in bootloops)
This adds a new commandline flag -E / --extra-space for
specifying the amount of additional space to be added to
the image size to work around cases where the automatically
determined size turns out to not actually be enough.
The value is also asked for in the "Additional options"
section of the interactive mode.
Fixes: #1904
Use the dtb-appended kernel file, e.g. postmarketos-exynos4-dtb instead
of postmarketos-exynos4, if it is available. This is needed to flash a
mainline kernel with appended dtb to isorec devices.
Use a deterministic mirror URL instead of CDN for aportgen. Otherwise we
may generate a pmaport that wraps an apk from Alpine (e.g. musl-armv7)
locally with one up-to-date mirror given by the CDN. But then the build
will fail if CDN picks an outdated mirror for CI or BPO.
Some Mediatek devices have a special 512-byte header around the zImage
which must be generated so the device boots.
Support for that exists for a while in postmarketOS but detection was
missing. Add that.
Replace dl-cdn mirror with dl-2 temporarily to avoid "BAD signature"
errors.
This is related to the rebuild of Alpine edge x86, armhf, armv7 packages
against musl-1.2, that is currently going on. The packages are rebuilt
without a version change and therefore have the same resulting file
name, but a different checksum. Due to caching of the CDN and due to the
same file name, users may get an old package from before the rebuild.
The APKINDEX has a checksum of the new package, and so the download will
fail with a "BAD signature" error.
Alpine developers clear the cache every now and then, but this issue
will happen over and over again, until all packages are rebuilt (some
packages are still not rebuilt and have been disabled).
Let's switch back in two months or so.
Let UI meta-packages specify apps in "pmb_recommends" to be explicitly
installed by default, and not implicitly as dependency of the UI
meta-package ("depends"). Therefore make these apps uninstallable,
without removing the meta-package.
Add pmbootstrap install --no-recommends to disable this feature.
Add a question at the end of "pmbootstrap init", to ask if the user
wants to build outdated packages during "pmbootstrap install". Store the
result in the new pmbootstrap.cfg key "build_pkgs_on_install". I've put it at
the end, because it is a rather complicated question compared to the rest.
This is useful to speed up the installation for casual users who can now
avoid compiling packages. But also for the official images where we only
want to ship the official binary packages and not build anything
on-the-fly.
Put a minimum version check for postmarketos-ondev in the pmbootstrap
install code and verify it before starting the installation. This avoids
using incompatible versions, similar to the pmaports.cfg version check
we already have. Set the minimum required version to 0.2.0.
"Chassis" defines the what kind of device a device is. Currently the
following standardized types exist:
"desktop", "laptop", "convertible", "server", "tablet", "handset",
"watch", "embedded", "vm", "container"
This property is exposed by org.freedesktop.hostname1 (e.g.
openrc-settingsd) and can be used by applications for example to display
appropriate strings instead of "About this phone" for non-phone devices.
Migrate to workdir version 5 and move already built packages into the edge
channel subdir, for example:
$WORK/packages/x86_64/hello-world-1-r5.apk
to:
$WORK/packages/edge/x86_64/hello-world-1-r5.apk
The build.postmarketos.org code has already been adjusted to find built
packages in either directory structure.
Use mirrordir_pmos and mirrordir_alpine from channels.cfg to generate
the mirror URLs for postmarketOS and Alpine, which get written to
/etc/apk/repositories and which postmarketOS uses to download the
APKINDEX files.
Remove hardcoded "master" at the end of the postmarketOS mirror and use
mirrordir_pmos instead (which is "master" for the edge channel). Let the
postmarketOS mirror end in a '/' for consistency with the Alpine mirror
in pmb/config/__init__.py.
Remove obsolete --alpine-version. To experiment with a different Alpine
version, one should pass a custom --config-channels from now on.
Ask for release channel and switch pmaports branch to the related branch
defined in channels.cfg.
Store in pmbootstrap.cfg whether the user chose a channel (boolean). If
the user did not choose a channel yet, suggest the recommended channel
from channels.cfg (currently "edge").
New pmaports.cfg has the "channel" key described in [1]. This will be
used in "pmbootstrap init" to determine on which release channel a
forked branch is.
[1] https://postmarketos.org/pmaports.cfg
Let apkbuild-lint check options again, and pass the pmbootstrap specific
options with the new CUSTOM_VALID_OPTIONS variable. Add a test case and
adjust pmb.helpers.lint.check to return the output of apkbuild-lint, so
we can properly test it.
Related: https://gitlab.alpinelinux.org/Leo/atools/-/merge_requests/28
Fixes: pmaports#553
At the moment we set samsung-i9100 as default device.
This is probably only for historical reasons.
For someone/something using pmbootstrap without a specific device in mind
(e.g. CI) it's really better to use a generic device. QEMU runs natively
in a virtual machine so everyone can use it for testing.
Flashes device vbmeta partition (can be overriden with
"flash_fastboot_partition_vbmeta" setting in deviceinfo)
with custom vbmeta.img which has verity flag disabled,
so device can boot postmarketOS with no problems.
Use the timestamp of .git/FETCH_HEAD in each git repository, to
determine if too much time has passed since the last fetch/pull.
Modify pmb.helpers.git.clone, so FETCH_HEAD is always created if it does
not exist (because "git clone" would not create it).
Related: #1829