Merge branch 'mmdebstrap' into 'master'

RC1 of MNT Reform System Image and Rescue Image

See merge request reform/reform-system-image!12

.gitlab-ci.yml

+# Gitlab CI file to generate the system image .img file.
+#image: debian:bullseye-slim
+image: source.mnt.re:5050/reform/build-base-image-docker:latest
+
+build:
+  script:
+    - sed -i 's|http://deb.|http://ftp.de.|g' /etc/apt/sources.list
+    - apt update
+    - apt-get -y install sudo gzip libext2fs2 pigz
+    - apt-get -y install bc parted multistrap udisks2 gcc-aarch64-linux-gnu make device-tree-compiler qemu-user-static binfmt-support build-essential bison flex libssl-dev bash git
+    - cd reform2-imx8mq/
+    - bash mkimage.sh
+    - pigz reform-system.img
+  artifacts:
+    paths:
+      - "reform2-imx8mq/linux/arch/arm64/boot/Image"
+      - "reform2-imx8mq/u-boot/flash.bin"
+      - "reform2-imx8mq/reform-system.img.gz"

README.md

@@ -2,14 +2,13 @@
 
 This is a collection of scripts used to build an image file that can then be transferred to a SD Card using `dd`.
 
-To start the process, use `./mkreform.sh`. To start over, execute `./cleanup.sh` to delete the existing userland and image.
+To start the process, use `./mkimage.sh`. To start over, execute `./cleanup.sh` to delete the existing userland and image.
 
-## Reporting Issues
-
-Please check out the [guidelines in the main Reform repository](https://source.mntmn.com/MNT/reform/src/branch/master/README.md#how-to-report-issues--contribute). Thanks!
+The resulting file is `reform-system.img`.
 
 ## License
 
-Copyright 2018 Lukas F. Hartmann / MNT Media and Technology UG
+Copyright 2018-2020 Lukas F. Hartmann / MNT Research GmbH
 
 This project is licensed under the GPLv3 License - see the [LICENSE.md](LICENSE.md) file for details
+

etc-templates/common-account

-#
-# /etc/pam.d/common-account - authorization settings common to all services
-#
-# This file is included from other service-specific PAM config files,
-# and should contain a list of the authorization modules that define
-# the central access policy for use on the system.  The default is to
-# only deny service to users whose accounts are expired in /etc/shadow.
-#
-# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
-# To take advantage of this, it is recommended that you configure any
-# local modules either before or after the default block, and use
-# pam-auth-update to manage selection of other modules.  See
-# pam-auth-update(8) for details.
-#
-
-# here are the per-package modules (the "Primary" block)
-account	[success=1 new_authtok_reqd=done default=ignore]	pam_unix.so 
-# here's the fallback if no module succeeds
-account	requisite			pam_deny.so
-# prime the stack with a positive return value if there isn't one already;
-# this avoids us returning an error just because nothing sets a success code
-# since the modules above will each just jump around
-account	required			pam_permit.so
-# and here are more per-package modules (the "Additional" block)
-# end of pam-auth-update config

etc-templates/common-auth

-#
-# /etc/pam.d/common-auth - authentication settings common to all services
-#
-# This file is included from other service-specific PAM config files,
-# and should contain a list of the authentication modules that define
-# the central authentication scheme for use on the system
-# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
-# traditional Unix authentication mechanisms.
-#
-# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
-# To take advantage of this, it is recommended that you configure any
-# local modules either before or after the default block, and use
-# pam-auth-update to manage selection of other modules.  See
-# pam-auth-update(8) for details.
-
-# here are the per-package modules (the "Primary" block)
-auth	[success=1 default=ignore]	pam_unix.so nullok_secure
-# here's the fallback if no module succeeds
-auth	requisite			pam_deny.so
-# prime the stack with a positive return value if there isn't one already;
-# this avoids us returning an error just because nothing sets a success code
-# since the modules above will each just jump around
-auth	required			pam_permit.so
-# and here are more per-package modules (the "Additional" block)
-# end of pam-auth-update config

etc-templates/common-password

-#
-# /etc/pam.d/common-password - password-related modules common to all services
-#
-# This file is included from other service-specific PAM config files,
-# and should contain a list of modules that define the services to be
-# used to change user passwords.  The default is pam_unix.
-
-# Explanation of pam_unix options:
-#
-# The "sha512" option enables salted SHA512 passwords.  Without this option,
-# the default is Unix crypt.  Prior releases used the option "md5".
-#
-# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
-# login.defs.
-#
-# See the pam_unix manpage for other options.
-
-# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
-# To take advantage of this, it is recommended that you configure any
-# local modules either before or after the default block, and use
-# pam-auth-update to manage selection of other modules.  See
-# pam-auth-update(8) for details.
-
-# here are the per-package modules (the "Primary" block)
-password	[success=1 default=ignore]	pam_unix.so obscure sha512
-# here's the fallback if no module succeeds
-password	requisite			pam_deny.so
-# prime the stack with a positive return value if there isn't one already;
-# this avoids us returning an error just because nothing sets a success code
-# since the modules above will each just jump around
-password	required			pam_permit.so
-# and here are more per-package modules (the "Additional" block)
-# end of pam-auth-update config

etc-templates/common-session

-#
-# /etc/pam.d/common-session - session-related modules common to all services
-#
-# This file is included from other service-specific PAM config files,
-# and should contain a list of modules that define tasks to be performed
-# at the start and end of sessions of *any* kind (both interactive and
-# non-interactive).
-#
-# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
-# To take advantage of this, it is recommended that you configure any
-# local modules either before or after the default block, and use
-# pam-auth-update to manage selection of other modules.  See
-# pam-auth-update(8) for details.
-
-# here are the per-package modules (the "Primary" block)
-session	[default=1]			pam_permit.so
-# here's the fallback if no module succeeds
-session	requisite			pam_deny.so
-# prime the stack with a positive return value if there isn't one already;
-# this avoids us returning an error just because nothing sets a success code
-# since the modules above will each just jump around
-session	required			pam_permit.so
-# and here are more per-package modules (the "Additional" block)
-session	required	pam_unix.so 
-session	optional	pam_systemd.so 
-# end of pam-auth-update config

etc-templates/common-session-noninteractive

-#
-# /etc/pam.d/common-session-noninteractive - session-related modules
-# common to all non-interactive services
-#
-# This file is included from other service-specific PAM config files,
-# and should contain a list of modules that define tasks to be performed
-# at the start and end of all non-interactive sessions.
-#
-# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
-# To take advantage of this, it is recommended that you configure any
-# local modules either before or after the default block, and use
-# pam-auth-update to manage selection of other modules.  See
-# pam-auth-update(8) for details.
-
-# here are the per-package modules (the "Primary" block)
-session	[default=1]			pam_permit.so
-# here's the fallback if no module succeeds
-session	requisite			pam_deny.so
-# prime the stack with a positive return value if there isn't one already;
-# this avoids us returning an error just because nothing sets a success code
-# since the modules above will each just jump around
-session	required			pam_permit.so
-# and here are more per-package modules (the "Additional" block)
-session	required	pam_unix.so 
-# end of pam-auth-update config

etc-templates/fstab

-proc           /proc proc nosuid,noexec,nodev 0 0
-/dev/mmcblk0p1 /boot vfat defaults,rw         0 0

etc-templates/gshadow

-root:*::
-daemon:*::
-bin:*::
-sys:*::
-adm:*::
-tty:*::
-disk:*::
-lp:*::
-mail:*::
-news:*::
-uucp:*::
-man:*::
-proxy:*::
-kmem:*::
-dialout:*::
-fax:*::
-voice:*::
-cdrom:*::
-floppy:*::
-tape:*::
-sudo:*::
-audio:*::
-dip:*::
-www-data:*::
-backup:*::
-operator:*::
-list:*::
-irc:*::
-src:*::
-gnats:*::
-shadow:*::
-utmp:*::
-video:*::
-sasl:*::
-plugdev:*::
-staff:*::
-games:*::
-users:*::
-nogroup:*::

etc-templates/hosts

-127.0.0.1       localhost.localdomain localhost reform

etc-templates/i3_config

-# This file has been auto-generated by i3-config-wizard(1).
-# It will not be overwritten, so edit it as you like.
-#
-# Should you change your keyboard layout some time, delete
-# this file and re-run i3-config-wizard(1).
-#
-
-# i3 config file (v4)
-#
-# Please see https://i3wm.org/docs/userguide.html for a complete reference!
-
-set $mod Mod4
-
-# Font for window titles. Will also be used by the bar unless a different font
-# is used in the bar {} block below.
-font monospace 8
-
-# This font is widely installed, provides lots of unicode glyphs, right-to-left
-# text rendering and scalability on retina/hidpi displays (thanks to pango).
-#
-# REFORM note: pango fonts don't work at the moment for an unknown reason.
-#
-#font pango:DejaVu Sans Mono 8
-
-# Before i3 v4.8, we used to recommend this one as the default:
-# font -misc-fixed-medium-r-normal--13-120-75-75-C-70-iso10646-1
-# The font above is very space-efficient, that is, it looks good, sharp and
-# clear in small sizes. However, its unicode glyph coverage is limited, the old
-# X core fonts rendering does not support right-to-left and this being a bitmap
-# font, it doesn’t scale on retina/hidpi displays.
-
-# Use Mouse+$mod to drag floating windows to their wanted position
-floating_modifier $mod
-
-# start a terminal
-bindsym $mod+Return exec i3-sensible-terminal
-
-# kill focused window
-bindsym $mod+Shift+q kill
-
-# start dmenu (a program launcher)
-bindsym $mod+d exec dmenu_run
-# There also is the (new) i3-dmenu-desktop which only displays applications
-# shipping a .desktop file. It is a wrapper around dmenu, so you need that
-# installed.
-# bindsym $mod+d exec --no-startup-id i3-dmenu-desktop
-
-# change focus
-bindsym $mod+j focus left
-bindsym $mod+k focus down
-bindsym $mod+l focus up
-bindsym $mod+semicolon focus right
-
-# alternatively, you can use the cursor keys:
-#bindsym $mod+Left focus left
-#bindsym $mod+Down focus down
-#bindsym $mod+Up focus up
-#bindsym $mod+Right focus right
-
-# move focused window
-bindsym $mod+Shift+j move left
-bindsym $mod+Shift+k move down
-bindsym $mod+Shift+l move up
-bindsym $mod+Shift+semicolon move right
-
-# alternatively, you can use the cursor keys:
-bindsym $mod+Shift+Left move left
-bindsym $mod+Shift+Down move down
-bindsym $mod+Shift+Up move up
-bindsym $mod+Shift+Right move right
-
-# split in horizontal orientation
-bindsym $mod+h split h
-
-# split in vertical orientation
-bindsym $mod+v split v
-
-# enter fullscreen mode for the focused container
-bindsym $mod+f fullscreen toggle
-
-# change container layout (stacked, tabbed, toggle split)
-bindsym $mod+s layout stacking
-bindsym $mod+w layout tabbed
-bindsym $mod+e layout toggle split
-
-# toggle tiling / floating
-bindsym $mod+Shift+space floating toggle
-
-# change focus between tiling / floating windows
-bindsym $mod+space focus mode_toggle
-
-# focus the parent container
-bindsym $mod+a focus parent
-
-# focus the child container
-#bindsym $mod+d focus child
-
-# Define names for default workspaces for which we configure key bindings later on.
-# We use variables to avoid repeating the names in multiple places.
-set $ws1 "1"
-set $ws2 "2"
-set $ws3 "3"
-set $ws4 "4"
-set $ws5 "5"
-set $ws6 "6"
-set $ws7 "7"
-set $ws8 "8"
-set $ws9 "9"
-set $ws10 "10"
-
-# switch to workspace
-bindsym $mod+1 workspace $ws1
-bindsym $mod+2 workspace $ws2
-bindsym $mod+3 workspace $ws3
-bindsym $mod+4 workspace $ws4
-bindsym $mod+5 workspace $ws5
-bindsym $mod+6 workspace $ws6
-bindsym $mod+7 workspace $ws7
-bindsym $mod+8 workspace $ws8
-bindsym $mod+9 workspace $ws9
-bindsym $mod+0 workspace $ws10
-
-# move focused container to workspace
-bindsym $mod+Shift+1 move container to workspace $ws1
-bindsym $mod+Shift+2 move container to workspace $ws2
-bindsym $mod+Shift+3 move container to workspace $ws3
-bindsym $mod+Shift+4 move container to workspace $ws4
-bindsym $mod+Shift+5 move container to workspace $ws5
-bindsym $mod+Shift+6 move container to workspace $ws6
-bindsym $mod+Shift+7 move container to workspace $ws7
-bindsym $mod+Shift+8 move container to workspace $ws8
-bindsym $mod+Shift+9 move container to workspace $ws9
-bindsym $mod+Shift+0 move container to workspace $ws10
-
-# reload the configuration file
-bindsym $mod+Shift+c reload
-# restart i3 inplace (preserves your layout/session, can be used to upgrade i3)
-bindsym $mod+Shift+r restart
-# exit i3 (logs you out of your X session)
-bindsym $mod+Shift+e exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -b 'Yes, exit i3' 'i3-msg exit'"
-
-bindsym $mod+b border toggle
-
-# resize window (you can also use the mouse for that)
-mode "resize" {
-        # These bindings trigger as soon as you enter the resize mode
-
-        # Pressing left will shrink the window’s width.
-        # Pressing right will grow the window’s width.
-        # Pressing up will shrink the window’s height.
-        # Pressing down will grow the window’s height.
-        bindsym j resize shrink width 10 px or 10 ppt
-        bindsym k resize grow height 10 px or 10 ppt
-        bindsym l resize shrink height 10 px or 10 ppt
-        bindsym semicolon resize grow width 10 px or 10 ppt
-
-        # same bindings, but for the arrow keys
-        bindsym Left resize shrink width 10 px or 10 ppt
-        bindsym Down resize grow height 10 px or 10 ppt
-        bindsym Up resize shrink height 10 px or 10 ppt
-        bindsym Right resize grow width 10 px or 10 ppt
-
-        # back to normal: Enter or Escape or $mod+r
-        bindsym Return mode "default"
-        bindsym Escape mode "default"
-        bindsym $mod+r mode "default"
-}
-
-bindsym $mod+r mode "resize"
-
-# Start i3bar to display a workspace bar (plus the system information i3status
-# finds out, if available)
-bar {
-        status_command py3status -c ~/.config/i3status.conf
-}

etc-templates/i3status.conf

-# MNT Reform default i3 status conf for py3status
-
-general {
-    interval        = 1
-    colors          = true
-    color_good      = '#88b090'
-    color_degraded  = '#ccdc90'
-    color_bad       = '#e89393'
-}
-
-order += "external_script help"
-order += "time"
-order += "cpu_usage"
-order += "wireless wlp1s0"
-order += "disk /"
-order += "external_script reform"
-
-time {
-    format = "%H:%M"
-}
-
-cpu_usage {
-    format = "CPU %usage"
-}
-
-wireless wlp1s0 {
-    format_up = "WIFI %quality %essid %ip"
-    format_down = "No WIFI"
-    on_click 1 = "exec wicd-gtk"
-}
-
-ethernet eth0 {
-    format_up = "ETH %ip"
-    format_down = "No ETH"
-    on_click 1 = "exec wicd-gtk"
-}
-
-"disk /" {
-    on_click 1 = "exec pcmanfm"
-}
-
-external_script reform {
-    format = "{output}"
-    script_path = "/bin/sh /root/status-bar.sh"
-}
-
-external_script help {
-    format = "Click here for HELP"
-    script_path = "echo"
-    on_click 1 = "exec netsurf /root/reform-i3-help.html"
-} 
-

etc-templates/inittab

-# /etc/inittab: init(8) configuration.
-# $Id: inittab,v 1.91 2002/01/25 13:35:21 miquels Exp $
-
-# The default runlevel.
-id:2:initdefault:
-
-# Boot-time system configuration/initialization script.
-# This is run first except when booting in emergency (-b) mode.
-si::sysinit:/etc/init.d/rcS
-
-# What to do in single-user mode.
-~~:S:wait:/sbin/sulogin
-
-# /etc/init.d executes the S and K scripts upon change
-# of runlevel.
-#
-# Runlevel 0 is halt.
-# Runlevel 1 is single-user.
-# Runlevels 2-5 are multi-user.
-# Runlevel 6 is reboot.
-
-l0:0:wait:/etc/init.d/rc 0
-l1:1:wait:/etc/init.d/rc 1
-l2:2:wait:/etc/init.d/rc 2
-l3:3:wait:/etc/init.d/rc 3
-l4:4:wait:/etc/init.d/rc 4
-l5:5:wait:/etc/init.d/rc 5
-l6:6:wait:/etc/init.d/rc 6
-# Normally not reached, but fallthrough in case of emergency.
-z6:6:respawn:/sbin/sulogin
-
-# What to do when CTRL-ALT-DEL is pressed.
-ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now
-
-# /sbin/getty invocations for the runlevels.
-#
-# The "id" field MUST be the same as the last
-# characters of the device (after "tty").
-#
-# Format:
-#  <id>:<runlevels>:<action>:<process>
-#
-# Note that on most Debian systems tty7 is used by the X Window System,
-# so if you want to add more getty's go ahead but skip tty7 if you run X.
-#
-1:2345:respawn:/sbin/getty 38400 tty1
-2:23:respawn:/sbin/getty 38400 tty2
-3:23:respawn:/sbin/getty 38400 tty3
-4:23:respawn:/sbin/getty 38400 tty4
-5:23:respawn:/sbin/getty 38400 tty5
-6:23:respawn:/sbin/getty 38400 tty6
-
-# Console on Reform UART
-ua:2345:respawn:/sbin/getty -L ttymxc0 115200 vt100

etc-templates/motd

-
-  ______ _______ _______  _____   ______ _______
- |_____/ |______ |______ |     | |_____/ |  |  |
- |    \_ |______ |       |_____| |    \_ |  |  |
-                                                
- MNT Reform 0.4 System based on Debian GNU/Linux
- https://mntmn.com/reform
-

etc-templates/network-interfaces

-auto lo
-iface lo inet loopback
-
-auto eth0
-iface eth0 inet dhcp

etc-templates/passwd

-root:x:0:0:root:/root:/bin/bash
-daemon:*:1:1:daemon:/usr/sbin:/usr/sbin/nologin
-bin:*:2:2:bin:/bin:/usr/sbin/nologin
-sys:*:3:3:sys:/dev:/usr/sbin/nologin
-sync:*:4:65534:sync:/bin:/bin/sync
-games:*:5:60:games:/usr/games:/usr/sbin/nologin
-man:*:6:12:man:/var/cache/man:/usr/sbin/nologin
-lp:*:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
-mail:*:8:8:mail:/var/mail:/usr/sbin/nologin
-news:*:9:9:news:/var/spool/news:/usr/sbin/nologin
-uucp:*:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
-proxy:*:13:13:proxy:/bin:/usr/sbin/nologin
-www-data:*:33:33:www-data:/var/www:/usr/sbin/nologin
-backup:*:34:34:backup:/var/backups:/usr/sbin/nologin
-list:*:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
-irc:*:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
-gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
-nobody:*:65534:65534:nobody:/nonexistent:/usr/sbin/nologin

etc-templates/shadow

-root::16370:0:99999:7:::
-daemon:*:16370:0:99999:7:::
-bin:*:16370:0:99999:7:::
-sys:*:16370:0:99999:7:::
-sync:*:16370:0:99999:7:::
-games:*:16370:0:99999:7:::
-man:*:16370:0:99999:7:::
-lp:*:16370:0:99999:7:::
-mail:*:16370:0:99999:7:::
-news:*:16370:0:99999:7:::
-uucp:*:16370:0:99999:7:::
-proxy:*:16370:0:99999:7:::
-www-data:*:16370:0:99999:7:::
-backup:*:16370:0:99999:7:::
-list:*:16370:0:99999:7:::
-irc:*:16370:0:99999:7:::
-gnats:*:16370:0:99999:7:::
-nobody:*:16370:0:99999:7:::

mkdeps.sh

-#!/bin/sh
-
-set -x
-set -e
-
-if [ ! -f linux/Makefile ]; then
-  git clone --depth 1 git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
-fi
-
-if [ ! -f reform-linux/kernel-config ]; then
-  git clone https://github.com/mntmn/reform-linux
-fi
-
-if [ ! -f u-boot/Makefile ]; then
-  git clone --depth 1 https://github.com/mntmn/u-boot -b mntreform
-fi
-
-if [ ! -f reform/README.md ]; then
-  git clone https://source.mntmn.com/MNT/reform
-fi
-
-# TODO secure distribution
-if [ ! -f reform-usrlocal.tar.gz ]; then
-  wget -O reform-usrlocal.tar.gz http://dump.mntmn.com/reform-usrlocal-20181114.tar.gz
-fi

mkkernel.sh

-#!/bin/sh
-
-set -x
-set -e
-
-export ARCH=arm
-export LOADADDR=0x10008000
-export CROSS_COMPILE=arm-linux-gnueabihf-
-
-cp ./reform-linux/imx6qp-mntreform.dts ./linux/arch/arm/boot/dts/
-cp ./reform-linux/imx6qdl-mntreform.dtsi ./linux/arch/arm/boot/dts/
-cp ./reform-linux/kernel-config ./linux/.config
-
-cd linux
-
-#PATCHFILE=../reform-linux/drm-flip-done-timeout-workaround.patch
-#if ! patch -Rsfp1 --dry-run <$PATCHFILE; then
-#  patch -p1 <$PATCHFILE
-#else
-#  echo "Kernel already patched ($PATCHFILE)."
-#fi
-
-PATCHFILE=../reform-linux/0017-pci-fix-suspend-on-i.MX6.patch
-if ! patch -Rsfp1 --dry-run <$PATCHFILE; then
-  patch -p1 <$PATCHFILE
-else
-  echo "Kernel already patched ($PATCHFILE)."
-fi
-
-make -j4 zImage imx6qp-mntreform.dtb
-
-cd ..
-