Replace "args.cache" with a global variable in order to
avoid passing "args" to all functions. This is a step to get rid of this
args-passed-to-all-functions pattern in pmbootstrap.
So I can finally run `pmbootstrap install --password 147147` and go and
make a cup of tea.
Based on MR 1919.
Co-Authored-By: Oliver Smith <ollieparanoid@postmarketos.org>
Support full linux-* package names in argument completion for
"pmbootstrap kconfig ..." command-lines and get rid of related PROTIP
messages:
PROTIP: You can simply do 'pmbootstrap kconfig check postmarketos-allwinner'
This improves consistency, as in other places we expect the user to
supply full package names as well (e.g. pmbootstrap build).
When running pmbootstrap on debian bullseye with the distro's
python3-argcomplete 1.8 from 2017, tab completion was broken. After
disabling stderr redirect to /dev/null, the error appeared:
TypeError: package_completer() missing 1 required positional argument: 'parser'
Support this ancient version of argcomplete too by setting None as
default value for parser (we don't use it anyway).
Related: https://wiki.postmarketos.org/wiki/Pmbootstrap_development_guide#Debugging_tab_completion_.28argparse.29
The provider selection for "pmbootstrap init" added in this commit
is a flexible way to offer UI/device-specific configuration options
in "pmbootstrap init", without hardcoding them in pmbootstrap.
Instead, the options are defined entirely in pmaports using APK's
virtual package provider mechanism. The code in pmbootstrap searches
for available providers and displays them together with their pkgdesc.
There are many possible use cases for this but I have tested two so far:
1. Selecting root provider (sudo vs doas). This can be defined entirely
in postmarketos-base, without having to handle this specifically in
pmbootstrap.
$ pmbootstrap init
[...]
Available providers for postmarketos-root (2):
* sudo: Use sudo to run root commands (**default**)
* doas: Use doas (minimal replacement for sudo) to run root commands
(Note: Does not support all functionality of sudo)
Provider [default]: doas
2. Device-specific options. My main motivation for working on this
feature is a new configuration option for the MSM8916-based devices.
It allows more control about which firmware to enable:
$ pmbootstrap init
[...]
Available providers for soc-qcom-msm8916-rproc (3):
* all: Enable all remote processors (audio goes through modem) (default)
* no-modem: Disable only modem (audio bypasses modem, ~80 MiB more RAM)
* none: Disable all remote processors (no WiFi/BT/modem, ~90 MiB more RAM)
Provider [default]: no-modem
The configuration prompts show up dynamically by defining
_pmb_select="<virtual packages>" in postmarketos-base, a UI PKGBUILD
or the device APKBUILD. Selecting "default" (just pressing enter)
means that no provider is selected. This allows APK to choose it
automatically based on the "provider_priority". It also provides
compatibility with existing installation; APK will just choose the
default provider when upgrading. The selection can still be changed
after installation by installing another provider using "apk".
Note that at the end this is just a more convenient interface for the
already existing "extra packages" prompt. When using pmbootstrap in
automated scripts the providers (e.g. "postmarketos-root-doas") can be
simply selected through the existing "extra_packages" option.
At the moment, "provides" are only checked in the root package and not
in subpackages of APKBUILDs. Fix this by looking through the subpackages
as well.
At the moment we have to parse all APKBUILDs to find subpackages,
even if they are guessed easily shortly after. To speed this up,
let's guess first but verify the guess by only parsing that particular
APKBUILD. If the subpackage/provides is in there we seem to have found it.
The current install code looks a bit confusing, there is an existing
if statement for the ui and ui-extras package but the recommended
packages are already installed before with a check in a completely
different file. Make this a bit more clear by moving this to the
ui if statement instead.
iwd seems like a promising alternative to wpa_supplicant. It uses crypto
implementations from the kernel, so let's make kconfig check aware of
the options it needs.
Extend the kconfig check code to not only support booleans and arrays,
but also strings. This will be used for CONFIG_LSM with apparmor where
it's important that "apparmor" has a certain spot in the list.
It's been 3 months since we switched to new mkinitfs
and we are still fixing consequences.
linux-lts and linux-virt used by qemu-amd64 device package
install vmlinuz-lts (vmlinuz-virt). And qemu run cmdline
passed -kernel vmlinuz which makes it impossible to run
qemu without this change.
With this change proper kernel arg is passed to qemu.
Co-Authored-By: Oliver Smith <ollieparanoid@postmarketos.org>
Signed-off-by: Alexey Min <alexeymin@postmarketos.org>
Replace "args.arch_native" with the direct function call in order to
avoid passing "args" to all functions. This is a step to get rid of this
args-passed-to-all-functions pattern in pmbootstrap.
Calculate the end of the reserved space properly. Instead of:
from size_boot to size_reserve
it is:
from size_boot to (size_reserve + size_boot)
The reserved space is used by the on-device installer. Without this
patch, the reserved space could easily end up being too small, resulting
in no space left errors during the installation.
The main option - CONFIG_ZRAM - was not checked.
Add it and its direct requirement - CONFIG_ZSMALLOC.
The other two (ZSMALLOC_STAT, ZRAM_MEMORY_TRACKING) are
for debugging information only.
Replace "args.logfd" with "pmb.helpers.logging.logfd" in order to avoid
passing "args" to all functions that only use it to write to logfd. This
is the first step to get rid of this args-passed-to-all-functions
pattern in pmbootstrap.
Follow-up to 09794ef832 -
initfs file does not have flavor now, too.
Without this 'pmbootstrap initfs extract' fails with:
(rootfs_samsung-klte) % cp /boot/initramfs-postmarketos-qcom-msm8974 /tmp/initfs-extracted/_initfs.gz
cp: cannot stat '/boot/initramfs-postmarketos-qcom-msm8974': No such file or directory
With this option you can run
$ pmbootstrap kconfig migrate --arch <arch> linux-postmarketos-xxx-xxx
to perform safe kconfig upgrades between kernel releases.
"make oldconfig" will ask question for every new/renamed kconfig option,
so you have no chance to miss anything.
Newly generated binutils package has file conflicsts with
non-cross binutils.
ERROR: binutils-2.37-r3: trying to overwrite usr/lib/bfd-plugins/libdep.so
owned by binutils-aarch64-2.37-r3.
Fix the generator to produce package that does not include these plugins.
Some Mediatek recovery images have headers named
"RECOVERY". Accept those too.
Signed-off-by: Boris Lysov <arzamas-16@mail.ee>
Co-Authored-By: Alexey Min <alexeymin@postmarketos.org>
Co-Authored-By: Oliver Smith <ollieparanoid@postmarketos.org>
Move all code that verifies the labels of the kernel and ramdisk inside
the boot.img file into a separate function, so it is easier to extend it
to allow recovery images too.
Fix the issue of having the postmarketOS binary repository key deleted
from the chroots after "abuild undeps" removes the postmarketos-keys
package. This happens if e.g. building two device packages in a row (as
they depend on postmarketos-base, which depends on postmarketos-keys in
current pmaports.git master).
I've also considered installing the postmarketos-keys next to
alpine-base in new chroots. But this would introduce a bootstrap
problem, since you can't install the postmarketos-keys package unless
it already exists in the repository. We'd run into that when building
the next release.
Move code to install Alpine and postmarketOS keys into its own function,
so it can be called outside of pmb.chroot.init too (next patch).
Describe why this is needed in the first place and, while at it, tweak
the function to only copy the key if it does not exist in the target
directory.
The -p arg is suppose to point to the folder where the dtc program
resides (if it is not found in PATH). If we use an _outdir, which the
template currently does, then the arg needs to be -p
$_outdir/scripts/dtc/, and not -p scripts/dtc/, as scripts/dtc/ only
contains the dtc source code.
The python variant of dtbTool, that we currently use, does not use
this arg as it does not run dtc in a shell. I suppose the argument
was added only for compatibility with other dtbtools.
Before this commit, package folders were copied into the chroot one by
one in order to run apkbuild-lint on them. This logic is replaced by
mounting pmaports.git into the chroot and using a single apkbuild-lint
invocation to lint the supplied packages.
Both of these changes result in a performance improvement, especially
when linting multiple packages at once.
Before this change:
$ time ./pmbootstrap.py -q lint $(cd ../pmaports/cross; echo *) \
> /dev/null
real 0m5,261s
user 0m7,046s
sys 0m1,842s
Using the pmaports.git mount but calling apkbuild-lint in a loop:
$ time ./pmbootstrap.py -q lint $(cd ../pmaports/cross; echo *) \
> /dev/null
real 0m4,089s
user 0m6,418s
sys 0m1,219s
After this change:
$ time ./pmbootstrap.py -q lint $(cd ../pmaports/cross; echo *) \
> /dev/null
real 0m3,518s
user 0m5,968s
sys 0m0,959s
Additionally, running apkbuild-lint from the pmaports.git mount point
has the benefit that every printed violation contains a nice source
identifier à la "./cross/grub-x86/APKBUILD". This makes it possible to
differentiate between different packages even though only a single
apkbuild-lint invocation is used.
Relates: postmarketOS/pmaports#564
kernel is named /boot/vmlinuz now, looking at the filename will no
longer tell us what flavor it is. This now will look at
/usr/share/kernel, which has always contained the kernel 'flavor', and
since we currently only install 1 kernel these days, guarding this with
pmaports.cfg should be unnecessary. In the worst case (if there are
multiple kernel 'flavors' installed), it'll just grab the first one and
return it.
The new mkinitfs does not have options for kernel flavor or version
A new pmaports.cfg variable, "supported_mkinitfs_without_flavors" is used to
determine how to invoke mkinitfs
This improves handling input in pmbootstrap init.
Various config options in "Additional options" are int, thus whole input
must be checked:
This fixes obvious error:
Jobs [9]: 5e
and less obvious errors:
Extra space size: 600.5
Extra space size: 600m
...
$ pmbootstrap install
[17:28:23] *** (3/4) PREPARE INSTALL BLOCKDEVICE ***
[17:28:23] ERROR: invalid literal for int() with base 10: '600.5'
NOTE: I suppose moving ^ $ to ReadlineTabCompleter.ask() would break
some of already defined regexes.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
gitlab runners seem to be registering binfmt now (?), so this fixes an
issue where register() might return immediately because the OS (or ??)
took care of registration, but the qemu-<arch> binary wasn't added to
the chroot.
It seems like the gitlab runners will now automatically register archs
when binfmt is mounted (I'm not completely sure, it's really
hard/annoying to confirm using gitlab CI jobs and no direct access to
the runner)
In any case, checking if it's already registered fixes a problem where
CI fails with "File exists" when it tries to register the arch.
While zram has uses outside of swap-on-zram, I would believe that the
main use of zram in postmarketOS is swap-on-zram. In addition to that,
I imagine many probably expect swap-on-zram to work if the zram kconfig
succeeds.
In order to support FAT32 as boot partition, the label is shortened from
pmOS_inst_boot to pmOS_i_boot. Read the value from pmaports.cfg and fall
back to the old value, so both are supported (-> building v21.06 and
v21.03 will use the old label).
Remove the old codepath that would set "pmOS_boot" as label for the
install partition, if the postmarketos-ondev package was older than
0.4.0. This is only the case on the long unsupported v20.05 branch.
Install osk-sdl in the installer OS's boot partition for now. I forgot
about a code path earlier, which could render an encrypted target OS
without osk-sdl in the initramfs (and being unable to boot).
The target OS gets embeded in the installer OS as image file. This can
happen in two formats:
a) a full image with partition header and the boot and root partition
This is what bpo is doing when building the official, pre-built images,
as this method allows having the exact same image available separately
without the installer. Basically:
pmbootstrap install \
--ondev \
--no-rootfs \
--cp path/to/rootfs:/var/lib/rootfs.img
b) an image with just the root partition, no partition header and no
boot partition. This is what you get when running regular
"pmbootstrap install --ondev". It's slightly smaller, as there is no
duplicate boot partition.
If b) was done, the installer will copy the contents of the installer's
boot partition to the target OS. And that means: if osk-sdl is missing
from the installer's boot partition (the initramfs generated there), it
will also be missing in the boot partition of the target OS!
I think we should get rid of the b) code path to avoid confusion in the
future/make maintenance. But until that is done, always install osk-sdl
into the installer OS.
Remove the "(y/n) " in the question:
Choose default locale for installation (y/n) [C.UTF-8]:
So it becomes:
Choose default locale for installation [C.UTF-8]:
Fix this weird help output:
-mp URL, --mirror-pmOS URL
postmarketOS mirror, disable with: -mp='', specify
multiple with: -mp='one' -mp='two', default: h, t, t,
p, :, /, /, m, i, r, r, o, r, ., p, o, s, t, m, a, r,
k, e, t, o, s, ., o, r, g, /, p, o, s, t, m, a, r, k,
e, t, o, s, /
Remove /in-pmbootstrap inside chroots in "pmbootstrap shutdown" instead
of having it at a specific part of "pmbootstrap install".
Reasoning:
* With current approach, it didn't get removed in the on-device
installer chroot.
* This is less error prone than calling it multiple times in
"pmbootstrap install"
Hides user interfaces which require GPU acceleration
for unsupported devices. Device support is identified
by deviceinfo property `deviceinfo_gpu_accelerated`.
UI which has GPU acceleration as requirement,
must have `pmb:gpu-accel` in APKBUILD's options.
I missed these when collecting the required kconfig options for
nftables, and it was a happy coincidence that the kernels I enabled the
nftables stuff on already had these enabled so that the initial kconfig
check passsed
test/kconfig: add missing nftables options
Allows user to choose one of the mirrors from
https://mirrors.postmarketos.org.
Example:
[1] Mirror 1 (Location 1)
[2] Mirror 2 (Location 2)
[3] Mirror 3 (Location 3)
Select a mirror [1]: 2
Co-Authored-By: Alexey Min <alexey.min@gmail.com>
Devices such as ODROIDs have binaries use which every single block for
embedding. Do not raise an error when binaries are touching, but not
overlapping, each other when embedding these binaries during installation.
Add a test for this scenario, which fails when reverting the change.
Co-Authored-By: Oliver Smith <ollieparanoid@postmarketos.org>
This adds osk-sdl to the rootfs when --fde is set, or when building a
rootfs for the ondev installer. Ideally the ondev installer would
selectively install osk-sdl if the user opted for fde at runtime, but
I haven't found a straight forward way to enable that yet, and this
behavior here is no different than the current behavior (where osk-sdl
is always installed in the rootfs by way of depends= in pmos-mkinitfs).
For images that are built without --fde, osk-sdl won't be installed at
all in the rootfs, once the dependency is dropped from pmos-mkinitfs.
Instead, a dummy package postmarketos-base-nofde will be installed
instead to satisfy the dependency that postmarketos-mkinitfs has on the
virtual package "postmarketos-fde-unlocker"
The option, --no-firewall, will disable nftables on boot in the image,
and print a warning message if it's being disabled in a device image
where the device's kernel should support running the firewall.
Co-Authored-By: Oliver Smith <ollieparanoid@postmarketos.org>
New ports shouldn't use that architecture; and devices whose CPU only
supports armhf aren't really useful for anything anyways.
This will also make the suggested/default architecture be armv7
(architectures[0]).
Previously it always used native (x84_64) arch for apkindex
version check.
As pmb.aportgen.core.alpine_apkindex_path() already has arch
parameter, use it to look up correct APKINDEX.
Also fixup test.
Touch the file /in-pmbootstrap in chroots so that we can avoid
performing automated actions that should only happen on a real device
(like flashing the kernel).
Adjust to mkbootimg-osm0sis 2021.04.27, where the output files have been
renamed:
"use correct output names matching mkbootimg args
(zImage=Image.gz=kernel, ramdisk.gz=ramdisk)"
Related: 5a01ae54a9
In the new initramfs creation for Nvidia blob files, we
move the newly created blob to be the normal boot image.
Therefore, no seperate boot image exists, it just overwrites
the old one and does not need a seperate symlink.
Let warnings like the following not get displayed in the regular
pmbootstrap output anymore, only in 'pmbootstrap log' if -v / --verbose
was used. This message informs the user that a package's dependencies
are newer than the package itself. But the WARNING makes it sound like
this is something to be concerned about, whereas in reality this is
fine. In this example, postmarketos-mkinitfs has gotten a new feature /
fix after postmarketos-base and there's no need to rebuild
postmarketos-base.
[18:02:59] WARNING: postmarketos-base depends on rebuilt package(s)
postmarketos-mkinitfs (use 'pmbootstrap build postmarketos-base --force'
if necessary!)
[skip ci] already built in CI, change is trivial
The default completer suggests files from the file system which we
really don't want here.
This can be tested with the 'Manufacturer' field for new devices.
Setting it to a custom lambda instead of None disables the completion
instead of using the default completer.
Qemu has been upgraded to 6.0.0 in Alpine edge. This version doesn't
only warn about -show-cursor, it refuses to start up with the option
set.
Fixes: issue 1995
This can be used for example to sideload packages to
pmbootstrap's QEMU which is running on the port 2222
by default, as follows:
pmbootstrap sideload --host localhost --port 2222 --user user <pkg>
This adds a `--port` parameter to sideload subcommand.
If not specified, port defaults to 22.
Fix issues occurring when using pmbootstrap qemu with proprietary
Nvidia drivers as well as mouse misalignment issues on Phosh UI.
Signed-off-by: Mark Hargreaves <clashclanacc2602@gmail.coM>
Do not attempt to install with a filesystem that is not supported by the
initramfs code in the checked out pmaports branch.
Previously we would have increased the pmaports.cfg version and require
that new version by pmbootstrap, however this will break compatibility
with release branches where we won't roll out this feature (v20.05).
Therefore don't change the version, but add a new
"supported_root_filesystems" key to pmaports.cfg, which defaults to
"ext4".
Related: https://postmarketos.org/pmaports.cfg
Install specific filesystem tools right before they are needed, instead
of installing all filesystem tools that we might need beforehand. This
is in preparation to support f2fs.
Co-Authored-By: Oliver Smith <ollieparanoid@postmarketos.org>
Fix error when CPU count is more than 8 while emulating a non-native
platform:
qemu-system-aarch64: Number of SMP CPUs requested (12) exceeds max CPUs supported by machine 'mach-virt' (8)
Signed-off-by: Mark Hargreaves <clashclanacc2602@gmail.coM>
Made changes to limit the line length in following files for #1986,
- pmb/install/_install.py
- pmb/install/blockdevice.py
- pmb/install/losetup.py
- pmb/install/partition.py
Added the above files in E501 flake8 command list.
Substitute f-string for string concatenation.
Increase the boot partition size from 128 MiB to 256 MiB, as we are
already close to reaching the current limit. By having twice the size,
it should be possible to have atomic replacements of all initramfs
related files.
Translate the pmaports channels "stable" to "v20.05" and "stable-next"
to "v21.03", so these have the same channel name as the pmaports.git
branch name.
The original plan was to switch the "stable" channel from the "v20.05"
branch to the "v21.03" branch when the release is done. However, now
that we are close to that, I'm realizing that this would not be useful.
It would lead to conflicts in the dir with locally built packages
(default: ~/.local/var/pmbootstrap/packages/$CHANNEL). And it would make
it awkward to go back to a previous branch (we may name it old-stable
for the time being, but what after that, old-old-stable?).
Split images have /dev/installp1 and /dev/installp2 but no
/dev/install to place the firmware, so it will actually create that file
in devfs where it might run out of space since it's only 1MB big
Leave some visual space before the flashing and ssh daemon information
blocks, so they don't get overlooked by the user:
[12:50:31] *** (4/4) FILL INSTALL BLOCKDEVICE ***
[12:50:31] (native) copy rootfs_qemu-amd64 to /mnt/install/
[12:50:36]
[12:50:36] *** FLASHING INFORMATION ***
[12:50:36] Refer to the installation instructions of your device, or the generic install instructions in the wiki.
[12:50:36] https://wiki.postmarketos.org/wiki/Installation_guide#pmbootstrap_flash
[12:50:36]
[12:50:36] *** SSH DAEMON INFORMATION ***
[12:50:36] SSH daemon is disabled (--no-sshd).
[12:50:36]
[12:50:36] NOTE: chroot is still active (use 'pmbootstrap shutdown' as necessary)
[12:50:36] Done
Change "configured" to "valid" in the error message:
Selected kernel (mainline_modem) is not configured for device bq-paella.
Please run 'pmbootstrap init' to select a valid kernel.
"configured" makes one think of "pmbootstrap init", but the valid
kernels are defined in the APKBUILD. Therefore I think "not valid" fits
better here.
Run setup_login() while creating the installer OS too, in order to
disable passwordless root login.
Note that this may sound like a security flaw, but it isn't.
* setup_login already ran for the target OS, meaning after the
installation is done, one is not be able to login as root without
password
* root login without password was only possible via serial console (or by
attaching a keyboard), not via SSH
* getting root rights via serial in the installer OS is actually desired
for debugging, we add a debug user with sudo set up by default:
https://wiki.postmarketos.org/wiki/On-device_installer#Debug_user
So even though this isn't a problem, disable it to avoid confusion.
Generate APKBUILDs with dependencies sorted and placed one per line.
The dependency lists changed are
- depends in pmb/aportgen/device.py
- makedepends in pmb/aportgen/linux.py
Sort dependency lists in test/test_aportgen_device_wizard.py
assertions.
Unmaintained devices are device packages that:
- Are known to be broken in some way without an active maintainer
who can investigate how to fix it, or
- Have not received any updates for a very long time, or
- Are discouraged from using because they are just intended for testing.
An example for this are ports using the downstream kernel for devices
which have a mainline port that is working quite well.
Unmaintained devices are still built by bpo (otherwise it would not make
sense to keep them), but they do not show up in "pmbootstrap init".
However, it is possible to manually select them by entering the name.
pmbootstrap will warn in that case.
Unmaintained packages should have a # Unmaintained: <reason> comment
in the APKBUILD, this comment is displayed in "pmbootstrap init"
so that the user knows why the device should not be used unless they
know what they are doing.
Made changes to limit the line length in following files,
- pmb/parse/bootimg.py
- pmb/parse/depends.py
- pmb/parse/kconfig.py
- test/test_parse_depends.py
Added the above files in E501 flake8 command list.
Substitute f-string for string concatenation.
Made changes to limit the line length in following files,
- pmb/parse/_apkbuild.py
- pmb/parse/apkindex.py
- pmb/parse/binfmt_info.py
- pmb/parse/deviceinfo.py
- test/test_parse_apkbuild.py
Added the above files in E501 flake8 command list.
Substitute f-string for string concatenation.
When unmounting SD card after `pmbootstrap install --sdcard=...`
it takes a lot of time for kernel to sync filesystem cache
before actual umounting happehs. This looks like pmbootstrap is
stuck, so before doing unmount print a message to inform user of
what's happening, in case `--sdcard` was used.
The CDN was disabled, as packages from there often resulted in 'BAD
signature' after Alpine's big musl-1.2 rebuild for 32-bit arches. This
was almost half a year ago, so the CDN should have recovered.
This reverts commit 78f43d254e.
Support branches, so pmbootstrap won't fail if v20.05 is selected:
ERROR: You have an outdated version of the 'apk' package manager installed
(your version: 2.10.5-r1, expected at least: 2.12.1-r0).
Move the logic for this check to pmb.helpers.apk.check_outdated and
adjust the test.
This fixes the CI failure in test_crossdirect_rust, which uses the
stable channel. (My bad for not creating this patch earlier, while at
the same time explaining in the creating pmbootstrap release instructions,
that this minimum apk version should be adjusted.)
Remove "_static" from the variable name, as this version isn't just
used to compare apk-tools-static's version (used to set up chroot), but
also for regular apk-tools before entering chroots.
Add comments to two functions, that if they are changed, the logic also
needs to be updated in ondev-preapre-internal-storage.sh of
postmarketos-ondev.git.
With postmarketos-ondev >= 0.4.0, have a different label for the boot
partition in the installer OS, so the postmarketOS initramfs can find
the proper partition to boot. Even if the boot partition is available
twice (once installed on eMMC, once as part of installer OS on SD card).
pmOS_inst_boot instead of pmOS_install_boot because of character limit.
Replace "rootfs" with generic image, because the function will be used
for a second storage too. Refer to IMAGE_SIZE, as it is shown in the
help output.
Don't try to install the recently split up packages if the pmaports
branch is based on Alpine 3.12.
Fixes: 61845c93 ("pmb.run.qemu.install_depends: add new depends (MR 2007)")
Adds a list of locales user can choose from on init step.
If locale isn't default, then "lang" package is installed
and LANG is changed to the chosen locale.
Hide progress bars if --details-to-stdout is used, which redirects all
output that would land in the pmbootstrap log to stdout. This caused the
progress bar output to get mixed with the apk output. A new progress bar
would get drawn whenever a new package was installed, without removing
the previous progress bar.
Many of pmbootstrap's actions require root rights. When after requesting
sudo access pmbootstrap takes longer than the sudo timeout interval to finish
execution, the password will have to be entered again on the next sudo
action.
This change adds an opt-in feature to run sudo -v in a background loop
in order to prevent having to enter the password more than once for a single
pmbootstrap run. The loop runs as a daemon timer which automatically gets
canceled when pmbootstrap exits.
Closes: #1677
Replace the "kill_as_root" argument with a much simpler "sudo" argument
and remove the now obsolete check for the output mode of "kill_as_root".
"kill_as_root" would only get set to True if both conditions are met:
a) command is running with sudo
b) command is running with an output mode ("log" or "stdout") where
pmb.helpers.run_core would kill it if it does not output anything
before a timeout is reached
The new "sudo" argument just indicates if the command is running with
sudo (a), regardless of the output mode (b).
The sideload command runs the supplied names through the pmbootstrap
buildsystem to make sure they're up-to-date, then uses scp from the host
to copy the built apks to /tmp on the phone and installs them through
ssh.
If the --install-key option is set then it will also copy over the apk
key that's used for signing the packages built by pmbootstrap in case
the postmarketOS install on the device isn't build by the same machine
as you're sideloading from.
Get rid of hardcoded step numbers, even for the currently common steps.
With the upcoming --ondev --no-rootfs, we will need to skip the
hardcoded step 2 (create device rootfs).
Move related code from pmb/install/_install.py:install() to a new
create_device_rootfs() function in the same file, so it can be skipped
with the upcoming --no-rootfs parameter.
This adds a new output mode "pipe" that is identical to the existing
"background" mode except for that its stdout is redirected into a
pipe so that it can be retrieved.
Before this commit, pmb.helpers.run_core.sanity_checks would raise
a runtime error when pmb.helpers.run.root was called with an output
mode that did not support timeouts (like background).
Adds checks for following kernel config options:
SAMSUNG_TUI:
TUI HW Handler - related to Samsung's security measures
Creates "secure frame buffer", results in bootloop
SEC_RESTRICT_ROOTING:
blocks gaining root permissions
TZDEV:
Samsung TZ Based Secure OS interface driver
(results in bootloops)
Create an empty home dir if /etc/skel does not exist in the target
rootfs. Due to changes in packaging, this can happen now, previously
/etc/skel would always have existed.
Move the numerous "install" arguments into an own function (as it was
done with actions added later). Categorize the options and update the
help output, so the options are easier to understand.
Embed the firmware from the right chroot suffix. Previously it would
always use the rootfs_{args.device} chroot, which does not work anymore
with upcoming 'pmbootstrap install --ondev --no-rootfs' as there will
only be the installer_{args.device} chroot.
Adds QCDT templates for Spreadtrum and Exynos SoCs
When "pmbootstrap init" is executed, after the boot image analysis,
if the device is QCDT, then the user is asked about the SoC vendor.
Example:
[HH:MM:SS] SoC vendor (spreadtrum/exynos/other) [other]: exynos
After that, the corresponding template is picked.
Change 'cryptsetup luksFormat' arguments to use --use-random instead of
--use-urandom. urandom is not recommended for the generation of long-term
cryptographic keys, as it may generate weak keys in low entropy
situations.
With the default argument values removed, the step logic is more
centralized in the install method which makes the code a bit less
brittle and easier to follow.
This adds a new commandline flag -E / --extra-space for
specifying the amount of additional space to be added to
the image size to work around cases where the automatically
determined size turns out to not actually be enough.
The value is also asked for in the "Additional options"
section of the interactive mode.
Fixes: #1904
format_and_mount_root() => format_luks_root():
* Rename to reflect what it's actually doing
* Move the FDE check from format_luks_root to the only caller
* Make arguments to "cryptsetup luksFormat" more readable
format_and_mount_pm_crypt() => format_and_mount_root():
* Rename to reflect what it's actually doing
* Don't overwrite device if doing FDE; instead provide the proper device
in the caller
The old function names were for historic reasons, early on it was only
possible to create encrypted installations with pmbootstrap.
Use the dtb-appended kernel file, e.g. postmarketos-exynos4-dtb instead
of postmarketos-exynos4, if it is available. This is needed to flash a
mainline kernel with appended dtb to isorec devices.
Change the 'not value' condition raising the '...value for this variable
is None!' error to 'value is None' so it doesn't raise when the value is
something else that evaluates to boolean False, like an empty string.
Remove the special treatment for $KERNEL_CMDLINE here by making it
default to empty string.
Alpine indicates with arch="", that a package should temporarily not be
built for any architecture. Support this in postmarketOS too by not
complaining in the APKBUILD parser if arch is empty.
Adjust pmb.build.autodetect.arch and pmb.build.menuconfig.get_arch, so
both don't fail with an IndexError when encountering a disabled package.
Co-Authored-By: Luca Weiss <luca@z3ntu.xyz>
Do not verify that the architecture passed with --arch is part of the
arch variable in APKBUILD. This prepares to set 'arch=""' to temporarily
disable building packages. Users will still be able to run "pmbootstrap
menuconfig" on them by manually specifying the architecture.
Put all install_packages related lines into one block and fix up the
comments:
* The list of packages to be installed is not listed at this point (and
it does not make sense there, if we would want to list it, it should
be done in the next block at 'if args.build_pkgs_on_install).
* Remove "including the ones specified by --add", as it doesn't add any
value.
Don't have the set_user() call weirdly between multiple commands
building the install_packages list. Move it up, together with the log
message announcing that the device rootfs is being built.
Update the comment above set_user(): there is no 'build' user anymore,
and at this point we only call it before actually installing the
packages for legacy reasons.
Do not attempt to upgrade packages in the rootfs chroot when running
"pmbootstrap install".
This was responsible for placing every single package in /etc/apk/world
(which should only hold the packages explicitly installed), because the
upgrade function was literally implemented as getting a list of
installed packages and explicitly running pmb.chroot.apk.install on each
of them. The intention was to rebuild these packages if they were outdated,
I guess I didn't realize that this makes /etc/apk/world unusable when I
introduced this three years ago in 51bdc243 ("Properly rebuild/install
packages when something changed").
Remove pmb.chroot.apk.upgrade altogether, because:
1) pmb.install.install builds and upgrades outdated pmaports
2) pmb.install.install is the only user of pmb.chroot.apk.upgrade
3) 'pmbootstrap init' is warning that the chroots do not get upgraded
automatically, so let's not go against that expectation. users who
want an updated rootfs chroot can simply run zap and install again.
Replace it with a call to pmb.helpers.repo.update, because we still need
to update the APKINDEX files before attempting to build/install the
generated list of packages.
Let tail attempt to open the file again, if it becomes inaccessible.
This is useful, when writing a reproducer that deletes pmbootstrap's
log.txt while at the same time running 'pmbootstrap log'.
(027724) [17:57:34] Done
tail: '/home/user/.local/var/pmbootstrap/log.txt' has become inaccessible: No such file or directory
tail: '/home/user/.local/var/pmbootstrap/log.txt' has appeared; following new file
(003493) [17:57:35] % cd /home/user/.local/var/pmbootstrap/cache_git/pmaports; git remote -v
Packages like binutils-*, busybox-static-*, gcc-*, grub-efi-*, musl-*
are only needed for the native architecture during cross compilation.
Don't bother with trying to build them for other arches to save time and
to avoid getting stuck frequently at "armv7/binutils-aarch64" etc.
A few people like to use pmbootstrap on aarch64 hosts (e.g. PineBook
Pro), so let's make it available for aarch64 again when we can build
aarch64 packages natively in CI and bpo. (They do get stuck there right
now, because of qemu user emulation.)
Related: https://gitlab.com/postmarketOS/build.postmarketos.org/-/issues/75
Use a deterministic mirror URL instead of CDN for aportgen. Otherwise we
may generate a pmaport that wraps an apk from Alpine (e.g. musl-armv7)
locally with one up-to-date mirror given by the CDN. But then the build
will fail if CDN picks an outdated mirror for CI or BPO.
This adds support for specifying an arbitrary git ref (e.g. commits,
tags, branches) to upgrade to. This can be useful if a specific commit
needs to be packaged instead of the latest available. Alternatively you
can also specify a branch to be used if the default branch is 'stable'
but 'develop' should be packaged.
This also removes old code to use the 'bionic' branch for UBports Lomiri
(formerly Unity 8) packages.
The Nokia n900 XkbLayout is a bit peculiar and sometimes
join two keymaps into one, for example:
Option "XkbLayout" "fise"
For the combined finnish/swedish layout. Add the common
joined keymaps, even if not all of these countries are
yet supported.
For details see:
https://gitlab.freedesktop.org/xkeyboard-config/xkeyboard-config/-/blob/master/symbols/nokia_vndr/rx-51
I also include this link in the code so no-one gets confused.
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Some Mediatek devices have a special 512-byte header around the zImage
which must be generated so the device boots.
Support for that exists for a while in postmarketOS but detection was
missing. Add that.