Made changes to limit the line length in following files,
- pmb/parse/bootimg.py
- pmb/parse/depends.py
- pmb/parse/kconfig.py
- test/test_parse_depends.py
Added the above files in E501 flake8 command list.
Substitute f-string for string concatenation.
Made changes to limit the line length in following files,
- pmb/parse/_apkbuild.py
- pmb/parse/apkindex.py
- pmb/parse/binfmt_info.py
- pmb/parse/deviceinfo.py
- test/test_parse_apkbuild.py
Added the above files in E501 flake8 command list.
Substitute f-string for string concatenation.
When unmounting SD card after `pmbootstrap install --sdcard=...`
it takes a lot of time for kernel to sync filesystem cache
before actual umounting happehs. This looks like pmbootstrap is
stuck, so before doing unmount print a message to inform user of
what's happening, in case `--sdcard` was used.
The CDN was disabled, as packages from there often resulted in 'BAD
signature' after Alpine's big musl-1.2 rebuild for 32-bit arches. This
was almost half a year ago, so the CDN should have recovered.
This reverts commit 78f43d254e.
Support branches, so pmbootstrap won't fail if v20.05 is selected:
ERROR: You have an outdated version of the 'apk' package manager installed
(your version: 2.10.5-r1, expected at least: 2.12.1-r0).
Move the logic for this check to pmb.helpers.apk.check_outdated and
adjust the test.
This fixes the CI failure in test_crossdirect_rust, which uses the
stable channel. (My bad for not creating this patch earlier, while at
the same time explaining in the creating pmbootstrap release instructions,
that this minimum apk version should be adjusted.)
Remove "_static" from the variable name, as this version isn't just
used to compare apk-tools-static's version (used to set up chroot), but
also for regular apk-tools before entering chroots.
Add comments to two functions, that if they are changed, the logic also
needs to be updated in ondev-preapre-internal-storage.sh of
postmarketos-ondev.git.
With postmarketos-ondev >= 0.4.0, have a different label for the boot
partition in the installer OS, so the postmarketOS initramfs can find
the proper partition to boot. Even if the boot partition is available
twice (once installed on eMMC, once as part of installer OS on SD card).
pmOS_inst_boot instead of pmOS_install_boot because of character limit.
Replace "rootfs" with generic image, because the function will be used
for a second storage too. Refer to IMAGE_SIZE, as it is shown in the
help output.
Don't try to install the recently split up packages if the pmaports
branch is based on Alpine 3.12.
Fixes: 61845c93 ("pmb.run.qemu.install_depends: add new depends (MR 2007)")
Adds a list of locales user can choose from on init step.
If locale isn't default, then "lang" package is installed
and LANG is changed to the chosen locale.
Hide progress bars if --details-to-stdout is used, which redirects all
output that would land in the pmbootstrap log to stdout. This caused the
progress bar output to get mixed with the apk output. A new progress bar
would get drawn whenever a new package was installed, without removing
the previous progress bar.
Many of pmbootstrap's actions require root rights. When after requesting
sudo access pmbootstrap takes longer than the sudo timeout interval to finish
execution, the password will have to be entered again on the next sudo
action.
This change adds an opt-in feature to run sudo -v in a background loop
in order to prevent having to enter the password more than once for a single
pmbootstrap run. The loop runs as a daemon timer which automatically gets
canceled when pmbootstrap exits.
Closes: #1677
Replace the "kill_as_root" argument with a much simpler "sudo" argument
and remove the now obsolete check for the output mode of "kill_as_root".
"kill_as_root" would only get set to True if both conditions are met:
a) command is running with sudo
b) command is running with an output mode ("log" or "stdout") where
pmb.helpers.run_core would kill it if it does not output anything
before a timeout is reached
The new "sudo" argument just indicates if the command is running with
sudo (a), regardless of the output mode (b).
The sideload command runs the supplied names through the pmbootstrap
buildsystem to make sure they're up-to-date, then uses scp from the host
to copy the built apks to /tmp on the phone and installs them through
ssh.
If the --install-key option is set then it will also copy over the apk
key that's used for signing the packages built by pmbootstrap in case
the postmarketOS install on the device isn't build by the same machine
as you're sideloading from.
Get rid of hardcoded step numbers, even for the currently common steps.
With the upcoming --ondev --no-rootfs, we will need to skip the
hardcoded step 2 (create device rootfs).
Move related code from pmb/install/_install.py:install() to a new
create_device_rootfs() function in the same file, so it can be skipped
with the upcoming --no-rootfs parameter.
This adds a new output mode "pipe" that is identical to the existing
"background" mode except for that its stdout is redirected into a
pipe so that it can be retrieved.
Before this commit, pmb.helpers.run_core.sanity_checks would raise
a runtime error when pmb.helpers.run.root was called with an output
mode that did not support timeouts (like background).
Adds checks for following kernel config options:
SAMSUNG_TUI:
TUI HW Handler - related to Samsung's security measures
Creates "secure frame buffer", results in bootloop
SEC_RESTRICT_ROOTING:
blocks gaining root permissions
TZDEV:
Samsung TZ Based Secure OS interface driver
(results in bootloops)
Create an empty home dir if /etc/skel does not exist in the target
rootfs. Due to changes in packaging, this can happen now, previously
/etc/skel would always have existed.
Move the numerous "install" arguments into an own function (as it was
done with actions added later). Categorize the options and update the
help output, so the options are easier to understand.
Embed the firmware from the right chroot suffix. Previously it would
always use the rootfs_{args.device} chroot, which does not work anymore
with upcoming 'pmbootstrap install --ondev --no-rootfs' as there will
only be the installer_{args.device} chroot.
Adds QCDT templates for Spreadtrum and Exynos SoCs
When "pmbootstrap init" is executed, after the boot image analysis,
if the device is QCDT, then the user is asked about the SoC vendor.
Example:
[HH:MM:SS] SoC vendor (spreadtrum/exynos/other) [other]: exynos
After that, the corresponding template is picked.
Change 'cryptsetup luksFormat' arguments to use --use-random instead of
--use-urandom. urandom is not recommended for the generation of long-term
cryptographic keys, as it may generate weak keys in low entropy
situations.
With the default argument values removed, the step logic is more
centralized in the install method which makes the code a bit less
brittle and easier to follow.
This adds a new commandline flag -E / --extra-space for
specifying the amount of additional space to be added to
the image size to work around cases where the automatically
determined size turns out to not actually be enough.
The value is also asked for in the "Additional options"
section of the interactive mode.
Fixes: #1904
format_and_mount_root() => format_luks_root():
* Rename to reflect what it's actually doing
* Move the FDE check from format_luks_root to the only caller
* Make arguments to "cryptsetup luksFormat" more readable
format_and_mount_pm_crypt() => format_and_mount_root():
* Rename to reflect what it's actually doing
* Don't overwrite device if doing FDE; instead provide the proper device
in the caller
The old function names were for historic reasons, early on it was only
possible to create encrypted installations with pmbootstrap.
Use the dtb-appended kernel file, e.g. postmarketos-exynos4-dtb instead
of postmarketos-exynos4, if it is available. This is needed to flash a
mainline kernel with appended dtb to isorec devices.
Change the 'not value' condition raising the '...value for this variable
is None!' error to 'value is None' so it doesn't raise when the value is
something else that evaluates to boolean False, like an empty string.
Remove the special treatment for $KERNEL_CMDLINE here by making it
default to empty string.
Alpine indicates with arch="", that a package should temporarily not be
built for any architecture. Support this in postmarketOS too by not
complaining in the APKBUILD parser if arch is empty.
Adjust pmb.build.autodetect.arch and pmb.build.menuconfig.get_arch, so
both don't fail with an IndexError when encountering a disabled package.
Co-Authored-By: Luca Weiss <luca@z3ntu.xyz>
Do not verify that the architecture passed with --arch is part of the
arch variable in APKBUILD. This prepares to set 'arch=""' to temporarily
disable building packages. Users will still be able to run "pmbootstrap
menuconfig" on them by manually specifying the architecture.
Put all install_packages related lines into one block and fix up the
comments:
* The list of packages to be installed is not listed at this point (and
it does not make sense there, if we would want to list it, it should
be done in the next block at 'if args.build_pkgs_on_install).
* Remove "including the ones specified by --add", as it doesn't add any
value.
Don't have the set_user() call weirdly between multiple commands
building the install_packages list. Move it up, together with the log
message announcing that the device rootfs is being built.
Update the comment above set_user(): there is no 'build' user anymore,
and at this point we only call it before actually installing the
packages for legacy reasons.
Do not attempt to upgrade packages in the rootfs chroot when running
"pmbootstrap install".
This was responsible for placing every single package in /etc/apk/world
(which should only hold the packages explicitly installed), because the
upgrade function was literally implemented as getting a list of
installed packages and explicitly running pmb.chroot.apk.install on each
of them. The intention was to rebuild these packages if they were outdated,
I guess I didn't realize that this makes /etc/apk/world unusable when I
introduced this three years ago in 51bdc243 ("Properly rebuild/install
packages when something changed").
Remove pmb.chroot.apk.upgrade altogether, because:
1) pmb.install.install builds and upgrades outdated pmaports
2) pmb.install.install is the only user of pmb.chroot.apk.upgrade
3) 'pmbootstrap init' is warning that the chroots do not get upgraded
automatically, so let's not go against that expectation. users who
want an updated rootfs chroot can simply run zap and install again.
Replace it with a call to pmb.helpers.repo.update, because we still need
to update the APKINDEX files before attempting to build/install the
generated list of packages.
Let tail attempt to open the file again, if it becomes inaccessible.
This is useful, when writing a reproducer that deletes pmbootstrap's
log.txt while at the same time running 'pmbootstrap log'.
(027724) [17:57:34] Done
tail: '/home/user/.local/var/pmbootstrap/log.txt' has become inaccessible: No such file or directory
tail: '/home/user/.local/var/pmbootstrap/log.txt' has appeared; following new file
(003493) [17:57:35] % cd /home/user/.local/var/pmbootstrap/cache_git/pmaports; git remote -v
Packages like binutils-*, busybox-static-*, gcc-*, grub-efi-*, musl-*
are only needed for the native architecture during cross compilation.
Don't bother with trying to build them for other arches to save time and
to avoid getting stuck frequently at "armv7/binutils-aarch64" etc.
A few people like to use pmbootstrap on aarch64 hosts (e.g. PineBook
Pro), so let's make it available for aarch64 again when we can build
aarch64 packages natively in CI and bpo. (They do get stuck there right
now, because of qemu user emulation.)
Related: https://gitlab.com/postmarketOS/build.postmarketos.org/-/issues/75
Use a deterministic mirror URL instead of CDN for aportgen. Otherwise we
may generate a pmaport that wraps an apk from Alpine (e.g. musl-armv7)
locally with one up-to-date mirror given by the CDN. But then the build
will fail if CDN picks an outdated mirror for CI or BPO.
This adds support for specifying an arbitrary git ref (e.g. commits,
tags, branches) to upgrade to. This can be useful if a specific commit
needs to be packaged instead of the latest available. Alternatively you
can also specify a branch to be used if the default branch is 'stable'
but 'develop' should be packaged.
This also removes old code to use the 'bionic' branch for UBports Lomiri
(formerly Unity 8) packages.
The Nokia n900 XkbLayout is a bit peculiar and sometimes
join two keymaps into one, for example:
Option "XkbLayout" "fise"
For the combined finnish/swedish layout. Add the common
joined keymaps, even if not all of these countries are
yet supported.
For details see:
https://gitlab.freedesktop.org/xkeyboard-config/xkeyboard-config/-/blob/master/symbols/nokia_vndr/rx-51
I also include this link in the code so no-one gets confused.
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Some Mediatek devices have a special 512-byte header around the zImage
which must be generated so the device boots.
Support for that exists for a while in postmarketOS but detection was
missing. Add that.
Do not fail in "pmbootstrap setup" if a keymap was selected, but no
/etc/X11/xorg.conf.d path exists in the rootfs chroot. The grep output
is not empty in that case (it would be empty if the directory exists and
there are no matches), so we need to add this extra check:
(rootfs_nokia-n900) % grep -rl XkbLayout /etc/X11/xorg.conf.d/
grep: /etc/X11/xorg.conf.d/: No such file or directory
Replace dl-cdn mirror with dl-2 temporarily to avoid "BAD signature"
errors.
This is related to the rebuild of Alpine edge x86, armhf, armv7 packages
against musl-1.2, that is currently going on. The packages are rebuilt
without a version change and therefore have the same resulting file
name, but a different checksum. Due to caching of the CDN and due to the
same file name, users may get an old package from before the rebuild.
The APKINDEX has a checksum of the new package, and so the download will
fail with a "BAD signature" error.
Alpine developers clear the cache every now and then, but this issue
will happen over and over again, until all packages are rebuilt (some
packages are still not rebuilt and have been disabled).
Let's switch back in two months or so.
Before this fix tab completion of names with hyphens were not done:
try for example to complete UI package name in 'pmbootstrap init' with
hyphen, like "plasma-mobile" / "plasma-desktop". Now this is handled
correctly (hyphen is not considered as delimeter).
Let UI meta-packages specify apps in "pmb_recommends" to be explicitly
installed by default, and not implicitly as dependency of the UI
meta-package ("depends"). Therefore make these apps uninstallable,
without removing the meta-package.
Add pmbootstrap install --no-recommends to disable this feature.
Add a question at the end of "pmbootstrap init", to ask if the user
wants to build outdated packages during "pmbootstrap install". Store the
result in the new pmbootstrap.cfg key "build_pkgs_on_install". I've put it at
the end, because it is a rather complicated question compared to the rest.
This is useful to speed up the installation for casual users who can now
avoid compiling packages. But also for the official images where we only
want to ship the official binary packages and not build anything
on-the-fly.
This is likely to fail with the new default cryptsetup cipher of
aes-xts-plain64, as many downstream kernels used in recovery OS (like
TWRP) do not have CRYPTO_XTS set.
Put a minimum version check for postmarketos-ondev in the pmbootstrap
install code and verify it before starting the installation. This avoids
using incompatible versions, similar to the pmaports.cfg version check
we already have. Set the minimum required version to 0.2.0.
Do not pass the arguments to ondev-prepare as command-line arguments in
a specific order, but instead as environment variables. New arguments
will be added in a follow-up patch.
Checkout the aports.git branch for the current channel (e.g.
3.12-stable), before trying to find the APKBUILD.
I had tried to auto-unshallow the git repository earlier, but then the
tags were missing. I decided that it's not worth to provide a migration
path: "pmbootstrap aportgen" is only used by few advanced users (to
maintain the pmaports repo).
This made sense for Alpine's aports.git repository as we were only using
the master branch. But now that we are using more branches, we need the
entire git repository with all its branches cloned.
Add the Alpine mirrordir (e.g. "edge", "v3.12") to the distfile, so
musl-*.apk files of the same version and arch but from different
mirrordirs do not collide.
Let "abuild checksum" download these apks and generate the checksums,
instead of letting apk download them as side-effect of initializing
foreign arch chroots. The latter did not work anymore, because we would
copy the apk file with a glob that may matches the hash of either mirrordir.
Essentially:
glob.glob(f"{args.work}/cache_apk_{arch}/{subpkgname}-{version}.*.apk")[0]
In the context of the on-device installer, I found that calculating this
hash is not trivial, so let's just avoid it here as well.
While at it, order the imports of musl.py alphabetically.
Add initial support for the on-device installer in pmbootstrap. Let
pmbootstrap create a regular split image, then prepare a new installer
rootfs and copy the previously generated rootfs image into the installer
rootfs. Put the installer rootfs into a new image, with reserved space.
There is more to do from here, such as disabling the generation of the
user account when using --ondev. But this requires support in
postmarketos-ondev first, so let's build that iteratively.
Related: https://wiki.postmarketos.org/wiki/On-device_installer
Related: https://gitlab.com/postmarketOS/postmarketos-ondev/-/issues
Move code that prints flashing information from install_system_image()
to its own function. For the on-device installer, we'll need to call
install_system_image() twice, without printing the flashing information
each time. While at it, add "step" and "steps" parameters.