Merge branch 'sysimage-v3' into 'main'

System Image V3 Release

See merge request reform/reform-system-image!47

.gitlab-ci.yml

@@ -4,18 +4,17 @@ image: debian:bullseye-slim
 build:
   script:
     - sed -i 's|http://deb.|http://ftp.de.|g' /etc/apt/sources.list
+    - echo "deb http://ftp.de.debian.org/debian bookworm main" > /etc/apt/sources.list.d/bookworm.list
+    - "printf 'Package: *\\nPin: release n=bookworm\\nPin-Priority: 100\\n' > /etc/apt/preferences.d/bookworm.pref"
     - apt update
-    - apt-get -y install sudo gzip libext2fs2 pigz
-    - apt-get -y install bc parted multistrap udisks2 gcc-aarch64-linux-gnu make device-tree-compiler qemu-user-static binfmt-support build-essential bison flex libssl-dev bash git qemu-system-aarch64
+    - apt-get -y install -t bookworm mmdebstrap genext2fs
+    - apt-get -y install e2fsprogs pigz binfmt-support git mount arch-test qemu-user-static parted
     - cd reform2-imx8mq
     - bash mkimage.sh
     - pigz reform-system.img
     - pigz reform-rescue-system.img
   artifacts:
     paths:
-      - "reform2-imx8mq/linux/arch/arm64/boot/Image"
-      - "reform2-imx8mq/linux/arch/arm64/boot/dts/freescale/imx8mq-mnt-reform2.dtb"
-      - "reform2-imx8mq/linux/arch/arm64/boot/dts/freescale/imx8mq-mnt-reform2-hdmi.dtb"
       - "reform2-imx8mq/u-boot/flash.bin"
       - "reform2-imx8mq/u-boot/flash-rescue.bin"
       - "reform2-imx8mq/reform-system.img.gz"

reform2-imx8mq/mkimage.sh

@@ -4,7 +4,22 @@ set -x
 set -e
 
 # make sure build tools are installed
-sudo apt-get -y install parted multistrap udisks2 gcc-aarch64-linux-gnu make device-tree-compiler qemu-user-static binfmt-support build-essential bison flex libssl-dev mmdebstrap
+DEPS="mmdebstrap genext2fs e2fsprogs binfmt-support git mount arch-test qemu-user-static parted"
+if [ "$(dpkg-query --showformat '${db:Status-Status}\n' --show $DEPS | sort -u)" != "installed" ]; then
+	echo "Not all dependencies of this script are installed."
+	echo "Run the following command to install them:"
+	echo
+	echo "    sudo apt install $DEPS"
+	exit 1
+fi
+if dpkg --compare-versions "$(dpkg-query --showformat='${Version}\n' --show mmdebstrap)" lt "0.8.4-1"; then
+	echo "mmdebstrap version must be >= 0.8.4-1"
+	exit 1
+fi
+if dpkg --compare-versions "$(dpkg-query --showformat='${Version}\n' --show genext2fs)" lt "1.5.0-2"; then
+	echo "genext2fs version must be >= 1.5.0-2"
+	exit 1
+fi
 
 # if we are in a git repository and if SOURCE_DATE_EPOCH is not set, use the
 # timestamp of the latest git commit
@@ -15,47 +30,89 @@ else
 fi
 export SOURCE_DATE_EPOCH
 
-# build the linux kernel
-./mkkernel.sh
-# build u-boot
-./mkuboot.sh
+# /tmp might be too small for the full system, so we set a different TMPDIR
+export TMPDIR="$(pwd)"
+
+# We need a separate partition for /boot for two reasons:
+#
+# 1) To boot encrypted NVMe
+# 2) If we boot a system that is not on the SD-Card (even unencrypted) then we
+#    need to mount the partition containing kernel, initrd and dtb. If /boot is
+#    not in its own partition, then mounting that partition to /boot will
+#    result in the files being in /boot/boot. So we need to create a partition
+#    where kernel, initrd and dtb are at the root of the partition. Otherwise
+#    we cannot upgrade the kernel from the booted system.
+
+# debian-installer chooses 999424 sectors (= 488MB) by default
+BOOTSIZE=488
+ROOTSIZE=2048
+
+# download u-boot v3 from CI
+/usr/lib/apt/apt-helper download-file https://source.mnt.re/reform/reform-boundary-uboot/-/jobs/artifacts/v3/raw/flash.bin\?job\=build flash.bin
 
 # build the debian userland and configure it
-sudo ./mkuserland.sh
-# chroot into the userland and build custom packages (mesa, xserver...)
-sudo ./mkuserland2.sh
+./mkuserland.sh
 
 # Rescue System ---------------------------------------------------------
 
-SIZE=4096M
-# create ext4 partition from target root directory directly at 4MiB offset
-sudo /sbin/mke2fs -v -L 'MNTRESCUE' -N 0 -O 64bit -E offset=4194304 -d target-userland -m 5 -r 1 -t ext4 reform-rescue-system.img $SIZE
-
-sudo /sbin/parted -s reform-rescue-system.img "mklabel msdos"
-sudo /sbin/parted -s reform-rescue-system.img "mkpart primary ext4 4MiB -1s"
-sudo /sbin/parted -s reform-rescue-system.img print
+mmtarfilter --path-exclude='*' --path-include=/boot --path-include='/boot/*' --strip-components=2 < target-userland.tar \
+	| genext2fs --block-size 1024 --size-in-blocks $((BOOTSIZE*1024)) --bytes-per-inode 16384 --tarball - boot.img
+dd if=boot.img of=reform-rescue-system.img seek=1 bs=4194304
+rm boot.img
+mmtarfilter --path-exclude='/boot/*' < target-userland.tar \
+	| genext2fs --block-size 1024 --size-in-blocks $((ROOTSIZE*1024)) --bytes-per-inode 16384 --tarball - root.img
+dd if=root.img of=reform-rescue-system.img seek=$((((BOOTSIZE+4)*1024*1024)/4194304)) bs=4194304
+rm root.img
+dd if=/dev/zero bs=512 count=1 >> reform-rescue-system.img
+/sbin/parted -s reform-rescue-system.img "mklabel msdos"
+# reproducible disk signature
+printf mntr | dd of=reform-rescue-system.img seek=440 bs=1 conv=notrunc
+/sbin/parted -s reform-rescue-system.img "mkpart primary ext4 4MiB $((BOOTSIZE+4))MiB"
+/sbin/parted -s reform-rescue-system.img "mkpart primary ext4 $((BOOTSIZE+4))MiB $((BOOTSIZE+ROOTSIZE+4))MiB"
+/sbin/parted -s reform-rescue-system.img print
 
-# mkuboot.sh needs to run before. this creates flash.bin.
 # install u-boot for i.MX8MQ
-sudo dd if=./u-boot/flash.bin of=reform-rescue-system.img conv=notrunc bs=1k seek=33
+dd if=./flash.bin of=reform-rescue-system.img conv=notrunc bs=1k seek=33
 
 echo Reform Rescue System Image created: reform-rescue-system.img
-
 # Full System -----------------------------------------------------------
 
 # chroot into the userland and add extra applications
-sudo ./mkuserland3.sh
-
-SIZE=9000M
-# create ext4 partition from target root directory directly at 4MiB offset
-sudo /sbin/mke2fs -v -L 'MNTREFORM' -N 0 -O 64bit -E offset=4194304 -d target-userland -m 5 -r 1 -t ext4 reform-system.img $SIZE
-
-sudo /sbin/parted -s reform-system.img "mklabel msdos"
-sudo /sbin/parted -s reform-system.img "mkpart primary ext4 4MiB -1s"
-sudo /sbin/parted -s reform-system.img print
+./mkuserland3.sh
+
+ROOTSIZE=9000
+
+if [ $(id -u) -eq 0 ]; then
+	# genext2fs is very slow so if we run this script as root, we give up
+	# on reproducibility in favor of creating the image faster
+	mkdir target-userland
+	tar --directory target-userland --xattrs --xattrs-include='*' --extract --file target-userland-full.tar
+	/sbin/mke2fs -v -L 'MNTREFORMBOOT' -N 0 -E offset=4194304 -d target-userland/boot -t ext2 reform-system.img ${BOOTSIZE}M
+	rm -rf target-userland/boot/*
+	/sbin/mke2fs -v -L 'MNTREFORMROOT' -N 0 -O 64bit -E offset=$(((BOOTSIZE+4)*1024*1024)) -d target-userland -m 5 -r 1 -t ext4 reform-system.img ${ROOTSIZE}M
+	rm -rf target-userland
+else
+	# if we don't run as root, use the slow (but bit-by-bit reproducible)
+	# genext2fs instead
+	mmtarfilter --path-exclude='*' --path-include=/boot --path-include='/boot/*' --strip-components=2 < target-userland-full.tar \
+		| genext2fs --block-size 1024 --size-in-blocks $((BOOTSIZE*1024)) --bytes-per-inode 16384 --tarball - boot.img
+	dd if=boot.img of=reform-system.img seek=1 bs=4194304
+	rm boot.img
+	mmtarfilter --path-exclude='/boot/*' < target-userland-full.tar \
+		| genext2fs --block-size 1024 --size-in-blocks $((ROOTSIZE*1024)) --bytes-per-inode 16384 --tarball - root.img
+	dd if=root.img of=reform-system.img seek=$((((BOOTSIZE+4)*1024*1024)/4194304)) bs=4194304
+	rm root.img
+fi
+dd if=/dev/zero bs=512 count=1 >> reform-system.img
+/sbin/parted -s reform-system.img "mklabel msdos"
+# reproducible disk signature
+printf mntr | dd of=reform-system.img seek=440 bs=1 conv=notrunc
+/sbin/parted -s reform-system.img "mkpart primary ext4 4MiB $((BOOTSIZE+4))MiB"
+/sbin/parted -s reform-system.img "mkpart primary ext4 $((BOOTSIZE+4))MiB $((BOOTSIZE+ROOTSIZE+4))MiB"
+/sbin/parted -s reform-system.img print
 
 # install u-boot for i.MX8MQ
-sudo dd if=./u-boot/flash.bin of=reform-system.img conv=notrunc bs=1k seek=33
+dd if=./flash.bin of=reform-system.img conv=notrunc bs=1k seek=33
+rm flash.bin
 
 echo Reform Full System Image created: reform-system.img
-

reform2-imx8mq/mkkernel.sh

-#!/bin/bash
-
-set -x
-set -e
-
-export ARCH=arm64
-export CROSS_COMPILE=aarch64-linux-gnu-
-export KBUILD_BUILD_TIMESTAMP=$(date --date="@$SOURCE_DATE_EPOCH" --rfc-email)
-export KBUILD_BUILD_VERSION=1
-export KBUILD_BUILD_USER=reformuser
-export KBUILD_BUILD_HOST=reformhost
-
-if [ ! -d linux ]
-then
-  echo "Cloning Linux..."
-  git clone --depth 1 --branch v5.12 https://github.com/torvalds/linux.git
-fi
-
-cp ./template-kernel/*.dts ./linux/arch/arm64/boot/dts/freescale/
-cp ./template-kernel/kernel-config ./linux/.config
-
-cd linux
-
-echo "== kernel config =="
-cat .config
-echo "== end kernel config =="
-
-for PATCHFILE in ../template-kernel/patches/*.patch
-do
-  echo PATCH: $PATCHFILE
-  if git apply --check $PATCHFILE; then
-    git apply $PATCHFILE
-  else
-    echo "\e[1mKernel patch already applied or cannot apply: $PATCHFILE"
-  fi
-done
-
-make -j$(nproc) Image freescale/imx8mq-mnt-reform2.dtb freescale/imx8mq-mnt-reform2-hdmi.dtb
-
-cd ..

reform2-imx8mq/mkuboot.sh

-#!/bin/sh
-
-set -x
-set -e
-
-if [ ! -d u-boot ]
-then
-  echo "Cloning U-Boot..."
-  git clone --depth 1 https://source.mnt.re/reform/reform-boundary-uboot.git u-boot
-fi
-
-cd u-boot
-cp mntreform-config .config
-
-export CROSS_COMPILE=aarch64-linux-gnu-
-export ARCH=arm
-
-# build rescue u-boot first (loads kernel from eMMC)
-make -j$(nproc) flash.bin KCPPFLAGS='-DMNTREFORM_BOOT_EMMC'
-cp flash.bin flash-rescue.bin
-
-# build normal u-boot second (loads kernel from SD card)
-make -j$(nproc) flash.bin
-
-cd ..

reform2-imx8mq/mkuserland.sh

@@ -3,98 +3,57 @@
 set -e
 set -x
 
-ETC=./template-etc
-SKEL=./template-skel
-
-mmdebstrap --architectures=arm64 --components=main --variant="minbase" --include="apt apt-utils gnupg ca-certificates cpio bsdmainutils init-system-helpers procps gpgv debian-archive-keyring readline-common cron netbase iproute2 ifupdown isc-dhcp-client iptables iputils-ping locales less net-tools curl wget nano micro vim coreutils parted file git sudo console-setup console-data unicode-data kbd gpm systemd libpam-systemd systemd-sysv bash-completion ncurses-term alsa-utils brightnessctl brightness-udev usbutils pciutils fbset netcat-traditional nfacct traceroute wpasupplicant htop ncdu ntpdate ntp screen tmux telnet lm-sensors rfkill dosfstools e2fsprogs dialog rsync busybox pulseaudio  sway grim slurp xwayland xterm xfce4-terminal rofi arc-theme thunar policykit-1 libblockdev-dm2 libblockdev-crypto2 gnome-disk-utility cryptsetup openjdk-11-jre-headless  gnome-system-monitor eog evince mpv gedit engrampa connman-gtk gnome-icon-theme breeze-icon-theme fonts-noto-color-emoji lxpolkit mesa-utils w3m man-db pavucontrol python3-psutil ircii elinks  zlib1g-dev patch expat bison flex libunwind-dev libwayland-dev wayland-protocols libwayland-egl-backend-dev libx11-dev libx11-xcb-dev libxdamage-dev libxfixes-dev libxcb-dri3-dev libxcb-xfixes0-dev libxcb-sync-dev libxrandr-dev libxext-dev libxcb-glx0-dev libxcb-present-dev libxcb-dri2-0-dev gettext autopoint libpixman-1-dev libbsd-dev libxkbfile-dev libxcb-composite0-dev libxcb-xinput-dev libxcb-icccm4-dev libxfont-dev nettle-dev libdbus-1-dev libsystemd-dev libpciaccess-dev llvm-dev libudev-dev libmtdev-dev libevdev-dev libxshmfence-dev xutils-dev libdrm-dev libxxf86vm-dev meson gcc g++ python3-setuptools python3-mako xfonts-utils libepoxy-dev libjson-c-dev libpcre3-dev libpango1.0-dev libxkbcommon-dev libinput-dev autoconf make libtool intltool libxml2-dev libxfce4ui-2-dev libgarcon-1-dev xfce4-dev-tools libdbusmenu-gtk3-dev libfmt-dev libgirepository1.0-dev libgtkmm-3.0-dev libjsoncpp-dev libmpdclient-dev libnl-3-dev libnl-genl-3-dev libpulse-dev  libsigc++-2.0-dev libspdlog-dev  libsdl2-gfx-dev libsdl2-mixer-dev libsdl2-net-dev libsdl2-ttf-dev libsdl2-dev libsdl2-image-dev libflac-dev libmpg123-dev libpng-dev libmpeg2-4-dev" sid target-userland http://ftp.de.debian.org/debian
-
-# install kernel
-cp linux/arch/arm64/boot/Image target-userland/
-# install DTBs
-cp linux/arch/arm64/boot/dts/freescale/imx8mq-mnt-reform2.dtb target-userland/imx8mq-mnt-reform2-single-display.dtb
-cp linux/arch/arm64/boot/dts/freescale/imx8mq-mnt-reform2-hdmi.dtb target-userland/imx8mq-mnt-reform2-dual-display.dtb
-# default to single display (less flickery)
-cp linux/arch/arm64/boot/dts/freescale/imx8mq-mnt-reform2.dtb target-userland/imx8mq-mnt-reform2.dtb
-# provide a copy of u-boot for (re)flashing
-mkdir -p target-userland/boot
-cp ./u-boot/flash.bin target-userland/boot/
-cp ./u-boot/flash-rescue.bin target-userland/boot/
-cp ./u-boot/flash-rescue.sh target-userland/boot/
-
-# default audio settings, or PCM will be muted
-mkdir -p target-userland/var/lib/alsa
-cp $ETC/asound.state target-userland/var/lib/alsa/
-
-# populate root user and skel
-cp -RavT $SKEL target-userland/root/
-cp -RavT $SKEL target-userland/etc/skel/
-mkdir -p target-userland/etc/skel/Desktop
-mkdir -p target-userland/etc/skel/Documents
-mkdir -p target-userland/etc/skel/Downloads
-mkdir -p target-userland/etc/skel/Music
-mkdir -p target-userland/etc/skel/Pictures
-mkdir -p target-userland/etc/skel/Videos
-
-# populate /etc
-cp $ETC/ld.so.conf target-userland/etc # or our libraries won't be picked up
-mkdir -p target-userland/etc/dhcp
-cp $ETC/dhclient.conf target-userland/etc/dhcp
-cp $ETC/motd-rescue target-userland/etc/motd # we start with the rescue system
-cp $ETC/hostname target-userland/etc
-cp $ETC/hosts target-userland/etc
-cp $ETC/adduser.conf target-userland/etc # or else EXTRA_GROUPS doesn't work?!
-cp $ETC/reform-* target-userland/etc
-mkdir -p target-userland/etc/profile.d
-cp $ETC/profile.d/* target-userland/etc/profile.d/
-
-# copy pulse config files that will be moved inside the target fs later
-cp $ETC/pulse/* target-userland/
-
-# custom built libraries
-mkdir -p target-userland/root/src
-
-chroot target-userland /bin/bash <<EOF
-export DEBIAN_FRONTEND=noninteractive
-export DEBCONF_NONINTERACTIVE_SEEN=true
-export LC_ALL=C
-export LANGUAGE=C
-export LANG=C
-
-set -x
-set -e
-
-echo "root:root" | chpasswd
-passwd -d root # remove root password
-
-ln --force --symbolic /usr/share/zoneinfo/Europe/Berlin /etc/localtime
-dpkg --configure -a
-
-echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
-locale-gen
-echo "LANG=en_US.UTF-8" > /etc/default/locale
-
-# add MNT Research/Reform apt repository
-apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 376511EB67AD7BAF
-
-echo "deb https://mntre.com/reform-debian sid/" >>/etc/apt/sources.list
-apt update
-
-# install essential MNT Reform system management scripts and docs
-apt install -y reform-tools reform-handbook
-
-# move pulse config in place
-# FIXME: this is brittle and should go into a .deb
-mv /analog-input-reform.conf /usr/share/pulseaudio/alsa-mixer/paths/
-mv /default.conf /usr/share/pulseaudio/alsa-mixer/profile-sets/
-
-# move hardware setup one-shot service in place
-mv /etc/reform-hw-setup.service /etc/systemd/system/
-systemctl enable reform-hw-setup.service
-
-# remove some unnecessary stuff (apparmor slows down boot)
-apt remove -y ofono foot apparmor
-
-# disable built-in sleep targets in favor of reform-standby script
-systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
-
-EOF
+PKGSGUI="xwayland xterm xfce4-terminal sway waybar mesa-utils lxpolkit wayland-protocols"
+
+PKGSNET="iproute2 iptables iputils-ping ircii elinks isc-dhcp-client netcat-traditional net-tools network-manager nfacct ntp ntpdate rsync telnet traceroute wpasupplicant curl wget w3m rfkill ifupdown netbase"
+
+PKGSADMIN="apt apt-utils cron cryptsetup lvm2 dbus-bin e2fsprogs fbset init-system-helpers ncdu parted pciutils policykit-1 procps sudo systemd systemd-sysv tmux u-boot-tools screen"
+
+PKGSUTILS="busybox console-data console-setup cpio file flash-kernel gnupg gpgv htop kbd lm-sensors readline-common usbutils xdg-utils bsdmainutils less nano micro vim alsa-utils dosfstools python3-psutil"
+
+PKGSMISC="brightnessctl brightness-udev ca-certificates debian-archive-keyring dialog gpm ncurses-term locales bash-completion man-db cryptsetup-initramfs linux-image-arm64 reform-tools reform-handbook"
+
+mmdebstrap \
+	--architectures=arm64 \
+	--components=main \
+	--variant="minbase" \
+	--verbose \
+	--include="$PKGSGUI $PKGSNET $PKGSADMIN $PKGSUTILS $PKGSMISC" \
+	${comment#setup apt preferences} \
+	--setup-hook='{ echo "Package: *"; echo "Pin: release n=reform, l=reform"; echo "Pin-Priority: 990"; } > "$1"/etc/apt/preferences.d/reform.pref' \
+	${comment#setup flash-kernel} \
+	--essential-hook='mkdir -p "$1"/etc/flash-kernel/ubootenv.d' \
+	--essential-hook='mkdir -p "$1"/etc/flash-kernel/preboot.d' \
+	--essential-hook='echo "MNT Reform 2" > "$1"/etc/flash-kernel/machine' \
+	--essential-hook='{ echo /dev/mmcblk1p2 / auto errors=remount-ro 0 1; echo /dev/mmcblk1p1 /boot auto errors=remount-ro 0 1; } > "$1"/etc/fstab' \
+	--essential-hook='{ echo LINUX_KERNEL_CMDLINE=\"console=ttymxc0,115200 console=tty1\"; echo LINUX_KERNEL_CMDLINE_DEFAULTS=\"ro no_console_suspend cma=512M pci=nomsi\"; } > "$1"/etc/default/flash-kernel' \
+	${comment#select timezone} \
+	--essential-hook='echo tzdata tzdata/Areas select Europe | chroot "$1" debconf-set-selections' \
+	--essential-hook='echo tzdata tzdata/Zones/Europe select Berlin | chroot "$1" debconf-set-selections' \
+	${comment#select locales} \
+	--essential-hook='echo locales locales/default_environment_locale select en_US.UTF-8 | chroot "$1" debconf-set-selections' \
+	--essential-hook='echo locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8 | chroot "$1" debconf-set-selections' \
+	${comment#initramfs-tools} \
+	--essential-hook='mkdir -p "$1"/etc/initramfs-tools' \
+	--essential-hook='printf "pwm_imx27\nnwl-dsi\nti-sn65dsi86\nimx-dcss\npanel-edp\nmux-mmio\nmxsfb\nusbhid\nimx8mq-interconnect\n" > "$1"/etc/initramfs-tools/modules' \
+	${comment#set up motd} \
+	--customize-hook='rm -f "$1"/etc/motd' \
+	--customize-hook='ln -s motd-rescue "$1"/etc/motd' \
+	${comment#provide a copy of u-boot for (re)flashing} \
+	--customize-hook='copy-in flash.bin /boot' \
+	--customize-hook='chown -R root:root "$1"/boot/flash.bin' \
+	${comment#populate root user and skel} \
+	--customize-hook='echo '"'"'if [ $(whoami) == "root" ]; then cat /etc/reform-root-help; elif [ -z $WAYLAND_DISPLAY ]; then cat /etc/reform-help; fi'"'"' >> "$1"/etc/skel/.profile' \
+	--customize-hook='chroot "$1" sh -c "rsync -Pha /etc/skel/ /root"' \
+	${comment#populate /etc} \
+	--customize-hook='echo reform > "$1"/etc/hostname' \
+	--customize-hook='{ echo 127.0.0.1 localhost reform; echo ::1 localhost ip6-localhost ip6-loopback reform; echo ff02::1 ip6-allnodes; echo ff02::2 ip6-allrouters; } > "$1"/etc/hosts' \
+	${comment#or else EXTRA_GROUPS doesnt work?} \
+	--customize-hook='sed -i s/^#EXTRA_GROUPS=/EXTRA_GROUPS=/ "$1"/etc/adduser.conf' \
+	--customize-hook='sed -i s/^#ADD_EXTRA_GROUPS=1/ADD_EXTRA_GROUPS=1/ "$1"/etc/adduser.conf' \
+	${comment#remove root password -- using `passwd -d root` produces unreproducible output} \
+	--customize-hook='echo "root:root" | chroot "$1" chpasswd' \
+	--customize-hook='chroot "$1" sed -i "s/^root:[^:]\+:/root::/" /etc/shadow' \
+	--customize-hook='rm "$1"/etc/resolv.conf' \
+	--customize-hook='rm "$1"/var/lib/dbus/machine-id' ${comment#gets regenerated by dbus} \
+	unstable target-userland.tar http://deb.debian.org/debian "deb [trusted=yes] https://mntre.com/reform-debian-repo reform main"

reform2-imx8mq/mkuserland2.sh

-#!/bin/bash
-
-chroot target-userland /bin/bash <<EOF
-export LC_ALL=C
-export LANGUAGE=C
-export LANG=C
-
-set -e
-set -x
-
-cd /root
-mkdir -p src
-cd src
-
-git clone --depth 1 --branch libdrm-2.4.106 https://gitlab.freedesktop.org/mesa/drm.git
-
-# there's no tag yet for 21.1.3 which will probably include all patches we need
-# so fetch the most recent commit at the time of putting this script together.
-mkdir -p mesa
-cd mesa
-git init
-git remote add origin https://gitlab.freedesktop.org/mesa/mesa.git
-git fetch origin 2ebf4e984b51825c37562e0221bde327188e3eaf
-git reset --hard FETCH_HEAD
-cd ..
-
-mkdir -p xserver
-cd xserver
-git init
-git remote add origin https://gitlab.freedesktop.org/xorg/xserver.git
-git fetch origin f3eb1684fa5008ad7c881f798a5efb7441b23035
-git reset --hard FETCH_HEAD
-cd ..
-
-git clone https://github.com/swaywm/wlroots.git
-git clone https://github.com/swaywm/sway.git
-git clone --depth 1 --branch 0.9.7 https://github.com/Alexays/Waybar.git
-git clone --depth 1 --branch v0.4.0 https://github.com/any1/wayvnc.git
-git clone --depth 1 --branch v0.1.3 https://github.com/Hjdskes/cage.git
-
-cd drm
-meson build -Detnaviv=true -Dradeon=false -Damdgpu=false -Dvmwgfx=false -Dfreedreno=false -Dvc4=false -Dnouveau=false
-ninja -C build install
-cd ..
-rm -rf drm
-
-ldconfig
-
-cd mesa
-meson build -Dplatforms=x11,wayland -Ddri3=true -Dgallium-drivers=swrast,etnaviv,kmsro,virgl -Dgbm=enabled -Degl=enabled -Dbuildtype=release -Db_ndebug=true
-ninja -C build install
-cd ..
-rm -rf mesa
-
-ldconfig
-
-cd wlroots
-git checkout 0.13.0
-meson build
-ninja -C build install
-cd ..
-rm -rf wlroots
-
-ldconfig
-
-cd sway
-git checkout 1.6
-meson build
-ninja -C build install
-chmod +s /usr/local/bin/sway
-cd ..
-rm -rf sway
-
-cd xserver
-
-# patch to work around flickery GTK2 and other legacy X11 GUIs on etnaviv
-
-patch -p1 <<ENDPATCH
-diff --git a/glamor/glamor_render.c b/glamor/glamor_render.c
-index be0741a..1dd2876 100644
---- a/glamor/glamor_render.c
-+++ b/glamor/glamor_render.c
-@@ -1584,6 +1584,8 @@ glamor_composite_clipped_region(CARD8 op,
-     if (prect != rect)
-         free(prect);
-  out:
-+    glFinish();
-+
-     if (temp_src != source)
-         FreePicture(temp_src, 0);
-     if (temp_mask != mask)
-ENDPATCH
-
-meson build -Dxorg=true -Dxwayland=true -Dglamor=true -Dxwayland_eglstream=false -Dxnest=false -Ddmx=false -Dxvfb=true -Dxwin=false -Dxephyr=false -Ddri3=true
-ninja -C build install
-cd ..
-rm -rf xserver
-
-# overwrite /usr/bin/Xwayland with symlink to our Xwayland (FIXME: brittle)
-
-rm -f /usr/bin/Xwayland
-ln -s /usr/local/bin/Xwayland /usr/bin/Xwayland
-
-cd Waybar
-meson build
-ninja -C build install
-cd ..
-rm -rf Waybar
-
-cd wayvnc
-mkdir subprojects
-cd subprojects
-git clone https://github.com/any1/neatvnc.git
-git clone https://github.com/any1/aml.git
-cd ..
-meson build
-ninja -C build install
-cd ..
-rm -rf wayvnc
-
-cd cage
-meson build
-ninja -C build install
-cd ..
-rm -rf cage
-
-EOF

reform2-imx8mq/mkuserland3.sh

@@ -8,33 +8,30 @@ set -e
 ETC=./template-etc
 SKEL=./template-skel
 
-# populate /etc
-cp $ETC/motd target-userland/etc
-
-chroot target-userland /bin/bash <<EOF
-export DEBIAN_FRONTEND=noninteractive
-export DEBCONF_NONINTERACTIVE_SEEN=true
-export LC_ALL=C
-export LANGUAGE=C
-export LANG=C
-
-set -x
-set -e
-
-# install applications
-
-apt install -y libreoffice libreoffice-gtk3 inkscape firefox-esr emacs gimp wmaker x11-utils
-apt install -y chromium evolution freecad ardour sxiv neverball scummvm dosbox wf-recorder wev linphone-desktop
-
-# install patched software from mntre
-
-apt install -y kicad=5.1.9+dfsg1-1.1 minetest libjsoncpp1 blender=2.79b+mntreform-2
-
-# install a minimal gnome3
-
-apt install -y --no-install-recommends gnome-control-center gnome-session
-
-# remove apparmor (slows down boot)
-apt remove -y apparmor
-
-EOF
+mmdebstrap \
+	--architectures=arm64 \
+	--variant=custom \
+	--setup-hook='mmtarfilter "--path-exclude=/dev/*" < target-userland.tar | tar -C "$1" -x' \
+	${comment#set up motd} \
+	--customize-hook='rm -f "$1"/etc/motd' \
+	--customize-hook='ln -s motd-full "$1"/etc/motd' \
+	${comment#FIXME: network-manager fails to create this most of the time} \
+	${comment#which leads to a bad user experience. we\'ll gladly change this once} \
+	${comment#we figure out how to make DNS server discovery always work with nm.} \
+	--customize-hook='echo "nameserver 8.8.8.8" > "$1"/etc/resolv.conf' \
+	${comment#install applications} \
+	--customize-hook='chroot "$1" apt-get install --yes git libreoffice libreoffice-gtk3 inkscape firefox-esr chromium emacs gimp wmaker x11-utils imagemagick-6.q16' \
+	--customize-hook='chroot "$1" apt-get install --yes evolution freecad ardour sxiv minetest neverball scummvm dosbox wf-recorder wev linphone-desktop kicad' \
+	${comment#install patched software from mntre} \
+	--customize-hook='chroot "$1" apt-get install --yes blender=2.79.b+dfsg0-7+reform1 blender-data=2.79.b+dfsg0-7+reform1 cage wayvnc ffmpeg' \
+	${comment#install a minimal gnome desktop} \
+	--customize-hook='chroot "$1" apt-get install --yes --no-install-recommends gnome-control-center gnome-session openjdk-11-jre-headless gnome-disk-utility gnome-icon-theme breeze-icon-theme gnome-system-monitor gnome-settings-daemon mpv eog evince gedit thunar pavucontrol grim fonts-inter fonts-noto-color-emoji pulseaudio unicode-data engrampa rofi slurp arc-theme' \
+	${comment#enable suspend to RAM} \
+	--customize-hook='chroot "$1" systemctl unmask suspend.target' \
+	--customize-hook='chroot "$1" systemctl unmask sleep.target' \
+	${comment#workaround for minetest camera-in-head bug https://github.com/minetest/minetest/issues/11987} \
+	--customize-hook='chroot "$1" mogrify -fill black -colorize 255 -transparent black /usr/share/games/minetest/games/minetest_game/mods/player_api/models/character.png' \
+	${comment#remove broken gnome online accounts panel} \
+	--customize-hook='rm "$1"/usr/share/applications/gnome-online-accounts-panel.desktop' \
+	--customize-hook='rm "$1"/etc/ssl/certs/java/cacerts' ${comment#regenerate with update-ca-certificates -f} \
+	'' target-userland-full.tar

reform2-imx8mq/multistrap.conf

-[General]
-arch=arm64
-noauth=false
-unpack=true
-debootstrap=Debian
-aptsources=Debian
-allowrecommends=false
-cleanup=true
-
-# TODO deb-src missing!
-
-[Debian]
-packages=adduser apt apt-utils apt-file bsdmainutils procps gpgv debian-archive-keyring readline-common gnupg cpio init-system-helpers cron manpages netbase groff-base iproute2 ifupdown isc-dhcp-common isc-dhcp-client iptables iputils-ping kmod locales less net-tools netcat-traditional nfacct traceroute curl wget whiptail openssh-server openssh-client nano vim wpasupplicant htop ncdu ntpdate ntp usbutils fbset screen tmux brightnessctl coreutils alsa-utils sudo ca-certificates parted file git ed console-setup console-data unicode-data kbd gpm pciutils cryptsetup unzip telnet busybox lm-sensors systemd libpam-systemd systemd-sysv bash-completion ncurses-term sway grim slurp xwayland xterm xfce4-terminal rofi ircii mesa-utils w3m man-db pulseaudio pavucontrol           zlib1g-dev patch expat bison flex libunwind-dev libwayland-dev wayland-protocols libwayland-egl-backend-dev libx11-dev libx11-xcb-dev libxdamage-dev libxfixes-dev libxcb-dri3-dev libxcb-xfixes0-dev libxcb-sync-dev libxrandr-dev libxext-dev libxcb-glx0-dev libxcb-present-dev libxcb-dri2-0-dev gettext autopoint libpixman-1-dev libbsd-dev libxkbfile-dev libxcb-composite0-dev libxcb-xinput-dev libxcb-icccm4-dev libxfont-dev nettle-dev libdbus-1-dev libsystemd-dev libpciaccess-dev llvm-dev libudev-dev libmtdev-dev libevdev-dev libxshmfence-dev xutils-dev libdrm-dev libxxf86vm-dev meson gcc g++ python3-setuptools python3-mako xfonts-utils libepoxy-dev libjson-c-dev libpcre3-dev libpango1.0-dev libxkbcommon-dev libinput-dev autoconf make libtool intltool libxml2-dev libxfce4ui-2-dev libgarcon-1-dev xfce4-dev-tools      arc-theme thunar gnome-disk-utility gnome-system-monitor policykit-1 dconf-editor    eog evince mpv gedit engrampa    connman-gtk gnome-icon-theme breeze-icon-theme fonts-noto-color-emoji   libdbusmenu-gtk3-dev libfmt-dev libgirepository1.0-dev libgtkmm-3.0-dev libjsoncpp-dev libmpdclient-dev libnl-3-dev libnl-genl-3-dev libpulse-dev  libsigc++-2.0-dev libspdlog-dev gobject-introspection python3-psutil lxpolkit 
-# libblockdev-dm2 libblockdev-crypto2
-# libreoffice libreoffice-gtk3 inkscape firefox-esr emacs grafx2 milkytracker
-source=http://ftp.de.debian.org/debian
-keyring=debian-archive-keyring
-suite=bullseye
-omitdebsrc=false
-additional=
-reinstall=
-components=main contrib non-free

reform2-imx8mq/reform-tools_1.0-7/DEBIAN/conffiles

-/etc/reform-desktop-help
-/etc/reform-help
-/etc/reform-root-help

reform2-imx8mq/reform-tools_1.0-7/DEBIAN/control

-Package: reform-tools
-Version: 1.0-7
-Section: admin
-Priority: required
-Architecture: arm64
-Recommends: reform-handbook
-Depends: python3, python3-psutil, mount, rsync, alsa-utils, systemd, net-tools, pavucontrol, procps, connman-gtk, busybox
-Maintainer: Lukas F. Hartmann <lukas@mntre.com>
-Description: MNT Reform System Tools
- A number of scripts for managing boot media, displays, standby, plus a few
- help texts and gadgets for the customized sway desktop. Also contains
- /sbin/reform-init, a boot manager script that gets loaded by u-boot and which
- in turn launches the real /sbin/init after mounting an (encrypted) boot
- medium.

reform2-imx8mq/reform-tools_1.0-7/etc/apt/preferences.d/00reform.pref

-Explanation: install versions from mntre.com even if it doesn't come from the
-Explanation: target release
-Package: *
-Pin: origin "mntre.com"
-Pin-Priority: 999
-
-Explanation: never install the Debian versions of the binary packages belonging
-Explanation: to the source packages we patched
-Package: src:fontconfig src:xwayland src:blender
-Pin: release o=Debian
-Pin-Priority: -1

reform2-imx8mq/reform-tools_1.0-7/etc/reform-desktop-help

-This is sway, a tiled windowing system and compositor.
-Windows don't normally float around. Instead, a new window occupies
-the full screen or a division of the screen. For example, if you
-open another window now, both windows will take half of the screen.
-
-To open another terminal, press SUPER+ENTER.
-
-To go to a workspace, press SUPER+1 to SUPER+9.
-To move the focused window to another workspace, press the same
-combination, but together with SHIFT.
-
-To close a window, press SUPER+ESC.
-
-To launch the file manager thunar, press SUPER+T.
-
-To find a program by typing its name, press SUPER+D.
-
-To configure the network, click on NET in the title bar.
-
-You can make windows float, split vertically and more. 
-Check out the sway configuration file:
-gedit ~/.config/sway/config.
-
-To learn more about the command line, enter: reform-help.
-This help can be reached by entering: reform-desktop-help.
-Read the MNT Reform handbook in a browser: reform-handbook.
-

reform2-imx8mq/reform-tools_1.0-7/etc/reform-help

-Some useful commands to explore the system:
-
-Learn more about a command:        man name-of-command
-Move around:                       ls, cd, cd ..
-
-Start a graphical environment:     sway
-                                   gnome
-                                   reform-windowmaker
-
-See all running processes:         htop
-See system services:               systemctl
-Analyze disk usage:                ncdu /
-List hardware/peripherals:         lsblk
-                                   lsusb
-                                   lspci
-                                   ip a
-View this message again:           reform-help
-Read the Operator Handbook:        reform-handbook (press % to fix contrast, Q to quit)
-Set keyboard layout and timezone:  reform-config
-Chat in Reform community:          reform-chat
-Select boot device:                reform-boot-config
-Select display configuration:      reform-display-config
-Update / install software:         sudo apt update
-                                   apt search keyword
-                                   sudo apt install package
-View a text file:                  less filename
-Edit a text file:                  micro filename
-Log out:                           exit
-
-Most programs can be quit with Ctrl+C, Q, or Ctrl+Q.
-Exit the chat with /quit.
-

reform2-imx8mq/reform-tools_1.0-7/etc/reform-root-help

-You are logged in as root. This account
-can change anything in the system.
-To use the graphical environment sway,
-create a normal user account by entering:
-
-  adduser your-name
-
-Afterwards, to be able to become root by using sudo, enter:
-
-  adduser your-name sudo
-
-Then, log out using exit and log in as your-name.
-
-To read the MNT Reform Operator Handbook, enter:
-
-  reform-handbook   # (in the browser, press %
-                    # to fix contrast, Q to quit)
-

reform2-imx8mq/reform-tools_1.0-7/lib/systemd/system-shutdown/reform-poweroff

-#!/bin/bash
-#
-# MNT Reform: Send poweroff command to the system controller via the keyboard
-#
-
-sync
-
-if [[ "$1" == "halt" ]] || [[ "$1" == "poweroff" ]]
-then
-	echo 'xPWR0' > /dev/hidraw0
-fi
-

reform2-imx8mq/reform-tools_1.0-7/sbin/reform-init

-#!/bin/busybox sh
-
-sleep 1
-echo "MNT Reform: reform-init checking boot media..."
-
-/bin/mount -t proc /proc /proc
-
-# Read config file generated by reform-boot-config script
-BOOTPREF=$(cat /reform-boot-medium)
-# Default to SD card
-BOOTPART="/dev/mmcblk1p1"
-
-if [ "x$BOOTPREF" == "x" ]
-then
-	echo "Defaulting to SD card."
-	BOOTPREF="sd"
-fi
-
-echo "Your boot preference is: \"$BOOTPREF\""
-
-# Check config
-if [ "$BOOTPREF" == "usb" ]; then
-	echo "Booting from USB storage in 3 seconds."
-	BOOTPART="/dev/sda1"
-elif [ "$BOOTPREF" == "nvme" ]; then
-	echo "Booting from NVMe SSD."
-	BOOTPART="/dev/nvme0n1p1"
-else
-	# Default. Boot from SD card (already mounted by kernel).
-	echo "Booting from SD card (or eMMC)."
-	exec /sbin/init
-fi
-
-# Check if partition exists
-if [ ! -e $BOOTPART ]; then
-	echo "Partition \"$BOOTPART\" not found. Falling back to SD card."
-	read -r -p "Press ENTER to continue."
-	exec /sbin/init
-fi
-
-# Check if partition is encrypted
-if blkid | grep "$BOOTPART" | grep "crypto_LUKS"; then
-	echo "Attempting to mount encrypted partition \"$BOOTPART\"."
-	while :
-	do
-		/sbin/cryptsetup luksOpen "$BOOTPART" cryptroot && break
-	done
-	BOOTPART="/dev/mapper/cryptroot"
-fi
-
-# Mount
-echo "Trying to boot from partition \"$BOOTPART\"."
-if ! /bin/mount "$BOOTPART" "/mnt"; then
-	echo "Could not mount '$BOOTPART'. Falling back to SD card."
-	read -r -p "Press ENTER to continue."
-	exec /sbin/init
-fi
-
-# Fallback
-if [ ! -e /mnt/sbin/init ]; then
-	echo "No /sbin/init found on mounted disk. Falling back to SD card."
-	umount /mnt
-	read -r -p "Press ENTER to continue."
-	exec /sbin/init
-fi
-
-# Move root mount over to encrypted drive
-cd /mnt || exit 9
-mount --move . /
-exec chroot . /sbin/init

reform2-imx8mq/reform-tools_1.0-7/usr/bin/reform-chat

-#!/bin/bash
-
-irc -c '#mnt-reform' -p 6697 reform$RANDOM SSLIRC/irc.libera.chat

reform2-imx8mq/reform-tools_1.0-7/usr/bin/reform-compstat.py

-#!/usr/bin/python3
-import time, psutil, sys, getopt
-
-def draw_bar(val, maxval):
-	bars = ['▁','▁','▂','▂','▃','▄','▅','▆','▆','▇','█']
-	val = max(0, min(val/maxval, 0.99))
-	return bars[int(val*10)]
-
-def draw_chart(lst, maxval):
-	chart = ""
-	l = len(lst)
-	for x in range(l):
-		chart += draw_bar(lst[l-x-1], maxval)
-	return chart
-
-def history_insert(lst, item, depth):
-	lst.insert(0,item)
-	if (len(lst) > depth): lst.pop()
-	return lst
-
-def main(argv):
-	depth = 5
-	interval = 0.3
-
-	try:
-		opts, args = getopt.getopt(argv,"hd:i:")
-	except getopt.GetoptError:
-		print ('compstat -d <number of bars> -i <interval in seconds, float>')
-		sys.exit(2)
-	for opt, arg in opts:
-		if opt == '-d': depth = int(arg)
-		elif opt == "-i": interval = float(arg)
-
-	cpu_history = []
-	read_history = []
-	write_history = []
-	ldisk_activity = psutil.disk_io_counters()
-
-	while True:
-		cpu_usage = psutil.cpu_percent()
-		disk_activity = psutil.disk_io_counters()
-		
-		history_insert(cpu_history, cpu_usage, depth)	
-		history_insert(read_history, disk_activity.read_bytes - ldisk_activity.read_bytes, depth)	
-		history_insert(write_history, disk_activity.write_bytes - ldisk_activity.write_bytes, depth)
-		
-		print("CPU "+draw_chart(cpu_history, 100.0)+" R/W "+draw_chart(read_history, 1.0*1024*1024)+" "+draw_chart(write_history, 1.0*1024*1024), flush=True)
-		
-		ldisk_activity = disk_activity
-		time.sleep(interval)
-
-main(sys.argv[1:])
-
-

reform2-imx8mq/reform-tools_1.0-7/usr/bin/reform-compstat.sh

-#!/bin/bash
-
-# clean up any existing processes
-pkill -f 'python3.*compstat'
-
-/usr/bin/python3 /usr/bin/reform-compstat.py -d 1 -i 0.3
-

reform2-imx8mq/reform-tools_1.0-7/usr/bin/reform-connman-gtk.sh

-#!/bin/bash
-
-pkill 'connman-gtk$'
-connman-gtk
-