TSGRain/yocto_os
1
0
Fork 0
Code Issues Pull requests Projects Releases Activity

Compare commits

base: TSGRain:05a08fb2e2d01325ca6a0c238abaaacc6517be61
Branches Tags
TSGRain:main
...
compare: TSGRain:33b4a05f45bdd75fa10c1864ad71930341a840d8
Branches Tags
TSGRain:main

2 commits
05a08fb2e2 ... 33b4a05f45

Author SHA1 Message Date
Theta-Dev
33b4a05f45 Add RAUC updater 2021-11-08 19:44:55 +01:00
Theta-Dev
d3f69818ac switch to 64bit arm 2021-11-05 21:44:46 +01:00
42 changed files with 796 additions and 23 deletions
Show stats Expand all files Collapse all files

6
.gitmodules vendored
View file

@ -5,7 +5,7 @@
[submodule "sources/bitbake"]
path = sources/bitbake
url = git://git.openembedded.org/bitbake
branch = 1.52
branch = 1.50.3
[submodule "sources/meta-openembedded"]
path = sources/meta-openembedded
url = git://git.openembedded.org/meta-openembedded
@ -14,3 +14,7 @@
path = sources/meta-raspberrypi
url = git://git.yoctoproject.org/meta-raspberrypi
branch = hardknott
[submodule "sources/meta-rauc"]
path = sources/meta-rauc
url = https://github.com/rauc/meta-rauc.git
branch = hardknott

201
LICENSE Normal file
View file

@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

34
README.md Normal file
View file

@ -0,0 +1,34 @@
# TSGRain yocto os
This is the yocto-based linux distribution that runs the TSGRain irrigation controller.
## Build image
```sh
# Use docker build environment
docker run -it --rm --user $(id -u):$(id -g) -v $(pwd):$(pwd) thetadev256/yoctobuild
. ./oe-init-build-env
bitbake tsgrain-image
```
## Provision package repository
Build the package index and run a webserver in the package directory
```sh
bitbake package-index
cd {BUILD_DIR}/tmp-glibc/deploy/ipk
sudo python -m http.server 80
```
On the Pi, add the server to the opkg package sources
```sh
# Add to /etc/opkg/opkg.conf
src/gz all http://{hostname}.local/all
src/gz cortexa53 http://{hostname}.local/cortexa53
src/gz raspberrypi3_64 http://{hostname}.local/raspberrypi3_64
opkg update
```

17
docker/Dockerfile Normal file
View file

@ -0,0 +1,17 @@
FROM debian:10
RUN apt-get update && apt-get install -y git nano tar locales \
gawk wget git-core diffstat unzip texinfo gcc-multilib \
build-essential chrpath socat cpio python python3 python3-pip python3-pexpect \
xz-utils debianutils iputils-ping libsdl1.2-dev xterm libmd0 && \
apt-get clean autoclean
RUN echo "ybuildr:x:1000:1000:ybuildr:/home:/bin/bash" >> /etc/passwd && \
echo "root:root" | chpasswd && \
echo "ybuildr:1234" | chpasswd && \
sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && \
locale-gen
ENV LANG en_US.UTF-8
ENV LANGUAGE en_US:en
ENV LC_ALL en_US.UTF-8

1
keys/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
dev

6
keys/deploy_certs.sh Executable file
View file

@ -0,0 +1,6 @@
#!/bin/bash
set -e
cd -- $( dirname -- "${BASH_SOURCE[0]}" )
cp dev/ca.cert.pem ../sources/meta-tsgrain/recipes-core/rauc/files/ca.cert.pem

31
keys/gen_dev_certs.sh Executable file
View file

@ -0,0 +1,31 @@
#!/bin/bash
set -e
cd -- $( dirname -- "${BASH_SOURCE[0]}" )
ORG="Hochschule Augsburg"
PROJ="TSGRain"
BASE_DEV="$(pwd)/dev"
export OPENSSL_CONF=$(pwd)/openssl.cnf
if [ -e $BASE_DEV ]; then
echo "CA already exists, creating new certificate"
cd $BASE_DEV
else
echo "Creating new CA"
mkdir -p $BASE_DEV/{private,certs}
touch $BASE_DEV/index.txt
echo 00 > $BASE_DEV/serial
cd $BASE_DEV
echo "Development CA"
openssl req -newkey rsa -keyout private/ca.key.pem -out ca.csr.pem -subj "/O=$ORG/CN=$PROJ Development CA"
openssl ca -batch -selfsign -extensions v3_ca -in ca.csr.pem -out ca.cert.pem -keyfile private/ca.key.pem
fi
SN=$(cat serial)
echo "Development Signing Keys 1"
openssl req -newkey rsa -keyout private/development-$SN.key.pem -out development-$SN.csr.pem -subj "/O=$ORG/CN=$PROJ Development-$SN"
openssl ca -batch -extensions v3_leaf -in development-$SN.csr.pem -out development-$SN.cert.pem

54
keys/openssl.cnf Normal file
View file

@ -0,0 +1,54 @@
[ ca ]
default_ca = CA_default # The default ca section
[ CA_default ]
dir = . # top dir
database = $dir/index.txt # index file.
new_certs_dir = $dir/certs # new certs dir
serial = $dir/serial # serial no file
RANDFILE = $dir/private/.rand # random number file
private_key = $dir/private/ca.key.pem# CA private key
certificate = $dir/ca.cert.pem # The CA cert
default_startdate = 19700101000000Z
default_enddate = 99991231235959Z
default_crl_days= 30 # how long before next CRL
default_md = sha256 # md to use
policy = policy_any # default policy
email_in_dn = no # Don't add the email into cert DN
name_opt = ca_default # Subject name display option
cert_opt = ca_default # Certificate display option
copy_extensions = none # Don't copy extensions from request
[ policy_any ]
organizationName = match
commonName = supplied
[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
x509_extensions = v3_leaf
encrypt_key = no
default_md = sha256
[ req_distinguished_name ]
commonName = Common Name (eg, YOUR name)
commonName_max = 64
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:TRUE
[ v3_inter ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:TRUE,pathlen:0
[ v3_leaf ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:FALSE

2
sample-files/bblayers.conf.sample
View file

@ -10,10 +10,10 @@ BBFILES ?= ""
BBLAYERS ?= " \
##OEROOT##/sources/meta-tsgrain \
##OEROOT##/sources/meta-rauc \
##OEROOT##/sources/meta-raspberrypi \
##OEROOT##/sources/meta-openembedded/meta-initramfs \
##OEROOT##/sources/meta-openembedded/meta-oe \
##OEROOT##/sources/meta-openembedded/meta-webserver \
##OEROOT##/sources/meta-openembedded/meta-networking \
##OEROOT##/sources/meta-openembedded/meta-python \
##OEROOT##/sources/meta-openembedded/meta-multimedia \

6
sample-files/local.conf.sample
View file

@ -1,9 +1,9 @@
DISTRO = "tsgrain"
#MACHINE = "raspberrypi3"
MACHINE = "raspberrypi3-64"
# This sets the default machine to be qemuarm if no other machine is selected:
MACHINE ??= "qemuarm"
MACHINE ??= "qemuarm64"
# BUILDFILE_DIR = "/buildfiles"
@ -14,8 +14,6 @@ TMPDIR = "${BUILDFILE_DIR}/tmp"
USER_CLASSES = "buildstats buildstats-summary image-mklibs image-prelink"
PACKAGE_CLASSES = "package_ipk"
PATCHRESOLVE = "noop"
# Don't generate the mirror tarball for SCM repos, the snapshot is enough

2
sources/meta-openembedded

@ -1 +1 @@
Subproject commit d378e4293d18e374f5d1494a88bfc3caee4d02df
Subproject commit 672a7420b28129aecdbf077505058b90d23c0919

1
sources/meta-rauc Submodule

@ -0,0 +1 @@
Subproject commit 64b84017dd07be1d9da76943b59d77028bb5ccc7

1
sources/meta-tsgrain/classes/rauc-integration.bbclass Normal file
View file

@ -0,0 +1 @@
OVERRIDES .= "${@bb.utils.contains('DISTRO_FEATURES', 'rauc', ':rauc-integration', '', d)}"

13
sources/meta-tsgrain/conf/distro/tsgrain.conf
View file

@ -11,7 +11,7 @@ LOCALCONF_VERSION = "1"
SDK_NAME = "${DISTRO}-${TCLIBC}-${SDKMACHINE}-${IMAGE_BASENAME}-${TUNE_PKGARCH}-${MACHINE}"
SDKPATHINSTALL = "/opt/${DISTRO}/${SDK_VERSION}"
TSGRAIN_DEFAULT_DISTRO_FEATURES = "systemd largefile wifi bluez5 bluetooth"
TSGRAIN_DEFAULT_DISTRO_FEATURES = "systemd largefile wifi bluez5 bluetooth rauc"
DISTRO_FEATURES ?= "${DISTRO_FEATURES_DEFAULT} ${TSGRAIN_DEFAULT_DISTRO_FEATURES}"
DISTRO_FEATURES_remove = "x11 sysvinit"
@ -20,5 +20,16 @@ VIRTUAL-RUNTIME_init_manager = "systemd"
VIRTUAL-RUNTIME_initscripts = ""
VIRTUAL-RUNTIME_dev_manager = "systemd"
PACKAGE_CLASSES = "package_ipk"
# Raspberry Pi specific settings
SDIMG_ROOTFS_TYPE = "ext4"
RPI_USE_U_BOOT = "1"
PREFERRED_PROVIDER_virtual/bootloader = "u-boot"
PREFERRED_PROVIDER_u-boot-fw-utils = "libubootenv"
ENABLE_UART = "1"
ENABLE_I2C = "1"
KERNEL_MODULE_AUTOLOAD:rpi += "i2c-dev i2c-bcm2708"
require conf/distro/include/yocto-uninative.inc
INHERIT += "uninative buildstats sstate license remove-libtool"

46
sources/meta-tsgrain/recipes-bsp/rpi-u-boot-scr/files/boot.cmd.in Normal file
View file

@ -0,0 +1,46 @@
fdt addr ${fdt_addr} && fdt get value bootargs /chosen bootargs
test -n "${BOOT_ORDER}" || setenv BOOT_ORDER "A B"
test -n "${BOOT_A_LEFT}" || setenv BOOT_A_LEFT 3
test -n "${BOOT_B_LEFT}" || setenv BOOT_B_LEFT 3
test -n "${BOOT_DEV}" || setenv BOOT_DEV "mmc 0:1"
setenv bootpart
setenv raucslot
for BOOT_SLOT in "${BOOT_ORDER}"; do
if test "x${bootpart}" != "x"; then
# skip remaining slots
elif test "x${BOOT_SLOT}" = "xA"; then
if test ${BOOT_A_LEFT} -gt 0; then
setexpr BOOT_A_LEFT ${BOOT_A_LEFT} - 1
echo "Found valid RAUC slot A"
setenv bootpart "/dev/mmcblk0p2"
setenv raucslot "A"
setenv BOOT_DEV "mmc 0:2"
fi
elif test "x${BOOT_SLOT}" = "xB"; then
if test ${BOOT_B_LEFT} -gt 0; then
setexpr BOOT_B_LEFT ${BOOT_B_LEFT} - 1
echo "Found valid RAUC slot B"
setenv bootpart "/dev/mmcblk0p3"
setenv raucslot "B"
setenv BOOT_DEV "mmc 0:3"
fi
fi
done
if test -n "${bootpart}"; then
setenv bootargs "${bootargs} root=${bootpart} rauc.slot=${raucslot}"
saveenv
else
echo "No valid RAUC slot found. Resetting tries to 3"
setenv BOOT_A_LEFT 3
setenv BOOT_B_LEFT 3
saveenv
reset
fi
fatload mmc 0:1 ${kernel_addr_r} @@KERNEL_IMAGETYPE@@
if test ! -e mmc 0:1 uboot.env; then saveenv; fi;
@@KERNEL_BOOTCMD@@ ${kernel_addr_r} - ${fdt_addr}

4
sources/meta-tsgrain/recipes-bsp/rpi-u-boot-scr/rpi-u-boot-scr.bbappend Normal file
View file

@ -0,0 +1,4 @@
inherit rauc-integration
FILESEXTRAPATHS:prepend:rauc-integration := "${THISDIR}/files:"
SRC_URI:append:rauc-integration = " file://boot.cmd.in"

0
sources/meta-tsgrain/recipes-core/dhcpcd/dhcpcd_%.bbappend → sources/meta-tsgrain/recipes-connectivity/dhcpcd/dhcpcd_%.bbappend
View file

0
sources/meta-tsgrain/recipes-core/dhcpcd/files/dhcpcd.conf → sources/meta-tsgrain/recipes-connectivity/dhcpcd/files/dhcpcd.conf
View file

1
sources/meta-tsgrain/recipes-connectivity/dnsmasq/dnsmasq_%.bbappend Normal file
View file

@ -0,0 +1 @@
FILESEXTRAPATHS_prepend := "${THISDIR}/files:"

0
sources/meta-tsgrain/recipes-core/dnsmasq/files/dnsmasq.conf → sources/meta-tsgrain/recipes-connectivity/dnsmasq/files/dnsmasq.conf
View file

0
sources/meta-tsgrain/recipes-core/hostapd/files/hostapd.conf → sources/meta-tsgrain/recipes-connectivity/hostapd/files/hostapd.conf
View file

11
sources/meta-tsgrain/recipes-connectivity/hostapd/files/hostapd.service Normal file
View file

@ -0,0 +1,11 @@
[Unit]
Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
After=network.target
[Service]
Type=forking
PIDFile=/run/hostapd.pid
ExecStart=@SBINDIR@/hostapd /app/hostapd/hostapd.conf -P /run/hostapd.pid -B
[Install]
WantedBy=multi-user.target

23
sources/meta-tsgrain/recipes-connectivity/hostapd/hostapd_%.bbappend Normal file
View file

@ -0,0 +1,23 @@
FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
SRC_URI_append = "\
file://hostapd.conf \
"
FILES_${PN} += "/app/hostapd/hostapd.conf"
SYSTEMD_AUTO_ENABLE_${PN} = "enable"
do_install_append() {
# Remove original config file
rm -rf ${D}${sysconfdir}
# Install config file to appfs
install -D -m 644 ${WORKDIR}/hostapd.conf ${D}/app/hostapd/hostapd.conf
# Change config file path
install -m 0644 ${WORKDIR}/hostapd.service ${D}${systemd_unitdir}/system/
sed -i -e 's,@SBINDIR@,${sbindir},g' -e 's,@SYSCONFDIR@,/app/hostapd,g' ${D}${systemd_unitdir}/system/hostapd.service
}
CONFFILES_${PN} = "/app/hostapd/hostapd.conf"

118
sources/meta-tsgrain/recipes-connectivity/openssh/files/sshd_config Normal file
View file

@ -0,0 +1,118 @@
# $OpenBSD: sshd_config,v 1.102 2018/02/16 02:32:40 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /app/ssh/ssh_host_rsa_key
HostKey /app/ssh/ssh_host_ecdsa_key
HostKey /app/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
Compression no
ClientAliveInterval 15
ClientAliveCountMax 4
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server

4
sources/meta-tsgrain/recipes-core/dnsmasq/dnsmasq_%.bbappend → sources/meta-tsgrain/recipes-connectivity/openssh/openssh_%.bbappend
View file

@ -1,9 +1,9 @@
FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
SRC_URI_append = "\
file://dnsmasq.conf \
file://sshd_config \
"
do_install_append() {
install -m 644 ${WORKDIR}/dnsmasq.conf ${D}${sysconfdir}
install -m 644 ${WORKDIR}/sshd_config ${D}${sysconfdir}/ssh
}

1
sources/meta-tsgrain/recipes-core/base-files/base-files_%.bbappend Normal file
View file

@ -0,0 +1 @@
FILESEXTRAPATHS:prepend:rpi := "${THISDIR}/files:"

10
sources/meta-tsgrain/recipes-core/base-files/files/fstab Normal file
View file

@ -0,0 +1,10 @@
# stock fstab - you probably want to override this with a machine specific one
/dev/root / auto defaults 1 1
proc /proc proc defaults 0 0
devpts /dev/pts devpts mode=0620,ptmxmode=0666,gid=5 0 0
tmpfs /run tmpfs mode=0755,nodev,nosuid,strictatime 0 0
tmpfs /var/volatile tmpfs defaults 0 0
/dev/mmcblk0p1 /boot vfat defaults 0 0
/dev/mmcblk0p4 /app ext4 defaults 0 0

14
sources/meta-tsgrain/recipes-core/bundles/tsgrain-update.bb Normal file
View file

@ -0,0 +1,14 @@
DESCRIPTION = "TSGRain RAUC bundle generator"
inherit bundle
RAUC_BUNDLE_COMPATIBLE = "TSGRain"
RAUC_BUNDLE_VERSION = "v0.0.1"
RAUC_BUNDLE_DESCRIPTION = "TSGRain update bundle"
RAUC_BUNDLE_SLOTS = "rootfs"
RAUC_SLOT_rootfs = "tsgrain-image"
RAUC_SLOT_rootfs[fstype] = "ext4"
RAUC_CERT_FILE = "${THISDIR}/../../../../keys/dev/development-01.cert.pem"
RAUC_KEY_FILE = "${THISDIR}/../../../../keys/dev/private/development-01.key.pem"
RAUC_KEYRING_FILE = "${THISDIR}/../../../../keys/dev/ca.cert.pem"

11
sources/meta-tsgrain/recipes-core/hostapd/hostapd_%.bbappend
View file

@ -1,11 +0,0 @@
FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
SRC_URI_append = "\
file://hostapd.conf \
"
SYSTEMD_AUTO_ENABLE_${PN} = "enable"
do_install_append() {
install -m 644 ${WORKDIR}/hostapd.conf ${D}${sysconfdir}
}

7
sources/meta-tsgrain/recipes-core/images/tsgrain-image.bb
View file

@ -7,6 +7,7 @@ IMAGE_INSTALL = "\
\
curl \
python3 \
i2c-tools \
"
IMAGE_FEATURES = "\
@ -16,7 +17,9 @@ IMAGE_FEATURES = "\
"
IMAGE_LINGUAS = ""
IMAGE_FSTYPES = "tar.bz2 ext3 ${@bb.utils.contains_any("MACHINE", "raspberrypi3", "rpi-sdimg", "", d)}"
LICENSE = "MIT"
IMAGE_FSTYPES="tar.bz2 ext4 wic.bz2"
WKS_FILE = "sdimage-tsgrain.wks"
LICENSE = "Apache-2.0"
inherit core-image

1
sources/meta-tsgrain/recipes-core/packagegroups/packagegroup-essential.bb
View file

@ -14,4 +14,5 @@ RRECOMMENDS_${PN} = "\
cpufrequtils \
htop \
bash-completion \
nano \
"

81
sources/meta-tsgrain/recipes-core/rauc/files/ca.cert.pem Normal file
View file

@ -0,0 +1,81 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: O=Hochschule Augsburg, CN=TSGRain Development CA
Validity
Not Before: Jan 1 00:00:00 1970 GMT
Not After : Dec 31 23:59:59 9999 GMT
Subject: O=Hochschule Augsburg, CN=TSGRain Development CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:04:cb:e9:c5:9a:07:90:57:60:70:29:ac:de:
ce:02:d1:63:11:8c:13:b1:92:31:d1:90:41:fb:2e:
29:43:1e:76:ea:1e:a1:d1:f5:50:c9:bc:fb:42:a9:
97:2c:f2:5c:05:2e:27:d1:bc:5d:c7:0f:fd:91:61:
2d:1c:6d:80:58:e3:0b:a7:66:57:d2:2b:48:4d:d6:
8b:f5:2b:ed:38:0d:54:b4:e5:4c:72:3f:6d:4e:c6:
f2:eb:93:13:9b:34:b7:da:47:34:06:72:a6:42:61:
94:aa:2e:13:f9:bd:6b:01:70:07:4c:01:7d:0e:0c:
c9:b1:8a:04:67:af:1b:d5:dd:72:d3:05:8a:d5:12:
0a:d7:d3:e8:d7:db:27:ac:3c:59:8d:8d:0d:6a:bd:
b0:55:73:ea:ba:59:c7:82:d6:1d:26:56:d3:20:c7:
7c:e2:2e:77:93:db:5e:05:dc:ef:03:da:69:db:86:
71:38:ce:c0:f5:91:98:ec:d1:30:3f:5b:6a:f6:62:
29:9f:31:16:67:b1:d1:08:8c:05:db:6f:fd:99:c7:
0b:e0:b6:8e:04:ef:59:51:33:ee:f0:85:86:a4:8e:
fd:70:70:01:91:49:f0:fb:9c:44:99:6b:8b:2b:70:
e5:7f:0b:ae:55:7f:8c:e9:ea:42:30:73:1a:2c:c5:
15:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:50:B7:B3:B3:07:F5:B0:4C:A0:A1:21:38:D3:02:70:8B:75:52:A9
X509v3 Authority Key Identifier:
keyid:46:50:B7:B3:B3:07:F5:B0:4C:A0:A1:21:38:D3:02:70:8B:75:52:A9
DirName:/O=Hochschule Augsburg/CN=TSGRain Development CA
serial:00
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
a3:b0:58:c2:c6:13:6d:b5:45:b8:fd:31:21:cb:4f:e0:51:e4:
8c:24:c9:bf:c6:f2:73:2e:1c:62:f0:71:dd:88:b2:eb:90:33:
12:33:ee:17:f3:3b:28:73:98:34:d9:85:d1:4f:25:a7:e7:51:
97:f1:48:b4:48:9e:7c:35:bf:dc:af:5b:8c:93:57:b1:f4:f9:
dc:6e:64:cd:83:97:96:51:c4:a3:10:cd:9d:cc:14:ef:dd:8d:
89:9e:6c:77:f9:06:26:84:13:e0:58:7b:49:32:48:0b:14:62:
c6:5e:6a:55:8d:85:16:ff:98:48:c4:10:03:c4:21:a3:ad:bd:
8d:ad:68:d4:1d:49:34:ee:13:07:fd:81:b2:22:67:48:a6:d9:
31:ed:e2:be:c8:2d:5e:3f:e4:58:95:b0:53:3e:42:91:f4:39:
3e:1c:15:5e:f8:a5:b0:d4:60:ac:ba:70:49:0c:95:96:52:1a:
41:6f:60:7c:d4:81:94:d1:db:66:73:07:0e:ed:6b:fa:34:13:
1b:24:bd:85:f4:4f:e0:dc:1d:dd:f1:d6:8c:f8:a5:f9:2d:23:
6a:7e:af:ca:66:b8:26:d0:dd:44:87:82:83:fa:5e:f6:41:0d:
2b:4b:83:34:19:a7:78:d6:9d:39:5f:36:cb:83:7e:2d:3b:86:
22:57:dc:c3
-----BEGIN CERTIFICATE-----
MIIDlTCCAn2gAwIBAgIBADANBgkqhkiG9w0BAQsFADA/MRwwGgYDVQQKDBNIb2No
c2NodWxlIEF1Z3NidXJnMR8wHQYDVQQDDBZUU0dSYWluIERldmVsb3BtZW50IENB
MCAXDTcwMDEwMTAwMDAwMFoYDzk5OTkxMjMxMjM1OTU5WjA/MRwwGgYDVQQKDBNI
b2Noc2NodWxlIEF1Z3NidXJnMR8wHQYDVQQDDBZUU0dSYWluIERldmVsb3BtZW50
IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwTL6cWaB5BXYHAp
rN7OAtFjEYwTsZIx0ZBB+y4pQx526h6h0fVQybz7QqmXLPJcBS4n0bxdxw/9kWEt
HG2AWOMLp2ZX0itITdaL9SvtOA1UtOVMcj9tTsby65MTmzS32kc0BnKmQmGUqi4T
+b1rAXAHTAF9DgzJsYoEZ68b1d1y0wWK1RIK19Po19snrDxZjY0Nar2wVXPqulnH
gtYdJlbTIMd84i53k9teBdzvA9pp24ZxOM7A9ZGY7NEwP1tq9mIpnzEWZ7HRCIwF
22/9mccL4LaOBO9ZUTPu8IWGpI79cHABkUnw+5xEmWuLK3DlfwuuVX+M6epCMHMa
LMUVuQIDAQABo4GZMIGWMB0GA1UdDgQWBBRGULezswf1sEygoSE40wJwi3VSqTBn
BgNVHSMEYDBegBRGULezswf1sEygoSE40wJwi3VSqaFDpEEwPzEcMBoGA1UECgwT
SG9jaHNjaHVsZSBBdWdzYnVyZzEfMB0GA1UEAwwWVFNHUmFpbiBEZXZlbG9wbWVu
dCBDQYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCjsFjCxhNt
tUW4/TEhy0/gUeSMJMm/xvJzLhxi8HHdiLLrkDMSM+4X8zsoc5g02YXRTyWn51GX
8Ui0SJ58Nb/cr1uMk1ex9PncbmTNg5eWUcSjEM2dzBTv3Y2Jnmx3+QYmhBPgWHtJ
MkgLFGLGXmpVjYUW/5hIxBADxCGjrb2NrWjUHUk07hMH/YGyImdIptkx7eK+yC1e
P+RYlbBTPkKR9Dk+HBVe+KWw1GCsunBJDJWWUhpBb2B81IGU0dtmcwcO7Wv6NBMb
JL2F9E/g3B3d8daM+KX5LSNqfq/KZrgm0N1Eh4KD+l72QQ0rS4M0Gad41p05XzbL
g34tO4YiV9zD
-----END CERTIFICATE-----

12
sources/meta-tsgrain/recipes-core/rauc/files/rauc-grow-data-partition.service Normal file
View file

@ -0,0 +1,12 @@
[Unit]
Description=Service to grow data partition size
DefaultDependencies=no
Before=home.mount
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/sbin/parted --script /dev/mmcblk0 resizepart 4 100%
[Install]
WantedBy=home.mount

16
sources/meta-tsgrain/recipes-core/rauc/files/system.conf Normal file
View file

@ -0,0 +1,16 @@
[system]
compatible=TSGRain
bootloader=uboot
[keyring]
path=/etc/rauc/ca.cert.pem
[slot.rootfs.0]
device=/dev/mmcblk0p2
type=ext4
bootname=A
[slot.rootfs.1]
device=/dev/mmcblk0p3
type=ext4
bootname=B

23
sources/meta-tsgrain/recipes-core/rauc/rauc_%.bbappend Normal file
View file

@ -0,0 +1,23 @@
FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
SRC_URI:append := " \
file://system.conf \
file://ca.cert.pem \
file://rauc-grow-data-partition.service \
"
# additional dependencies required to run RAUC on the target
RDEPENDS:${PN} += "u-boot-fw-utils u-boot-env"
inherit systemd
SYSTEMD_PACKAGES += "${PN}-grow-data-part"
SYSTEMD_SERVICE:${PN}-grow-data-part = "rauc-grow-data-partition.service"
PACKAGES += "rauc-grow-data-part"
RDEPENDS:${PN}-grow-data-part += "parted"
do_install:append() {
install -d ${D}${systemd_unitdir}/system/
install -m 0644 ${WORKDIR}/rauc-grow-data-partition.service ${D}${systemd_unitdir}/system/
}

4
sources/meta-tsgrain/recipes-core/udev/files/raspberrypi-rauc.rules Normal file
View file

@ -0,0 +1,4 @@
/dev/mmcblk0p1
/dev/mmcblk0p2
/dev/mmcblk0p3
/dev/mmcblk0p4

6
sources/meta-tsgrain/recipes-core/udev/udev-extraconf_%.bbappend Normal file
View file

@ -0,0 +1,6 @@
FILESEXTRAPATHS:prepend:rpi := "${THISDIR}/files:"
SRC_URI:append:rpi = " file://raspberrypi-rauc.rules"
do_install:append:rpi() {
install -m 0644 ${WORKDIR}/raspberrypi-rauc.rules ${D}${sysconfdir}/udev/mount.blacklist.d/
}

34
sources/meta-tsgrain/recipes-dev/opkg/files/opkg.conf Normal file
View file

@ -0,0 +1,34 @@
# Must have one or more source entries of the form:
#
# src <src-name> <source-url>
#
# and one or more destination entries of the form:
#
# dest <dest-name> <target-path>
#
# where <src-name> and <dest-names> are identifiers that
# should match [a-zA-Z0-9._-]+, <source-url> should be a
# URL that points to a directory containing a Familiar
# Packages file, and <target-path> should be a directory
# that exists on the target system.
# Proxy Support
#option http_proxy http://proxy.tld:3128
#option ftp_proxy http://proxy.tld:3128
#option proxy_username <username>
#option proxy_password <password>
# Enable GPGME signature
# option check_signature 1
# Offline mode (for use in constructing flash images offline)
#option offline_root target
# Default destination for installed packages
dest root /
src/gz all http://thetabook.local/all
src/gz cortexa7t2hf-neon-vfpv4 http://thetabook.local/cortexa7t2hf-neon-vfpv4
src/gz raspberrypi3 http://thetabook.local/raspberrypi3
#src/gz cortexa53 http://thetabook.local/cortexa53
#src/gz raspberrypi3_64 http://thetabook.local/raspberrypi3_64

1
sources/meta-tsgrain/recipes-dev/opkg/opkg_%.bbappend Normal file
View file

@ -0,0 +1 @@
FILESEXTRAPATHS_prepend := "${THISDIR}/files:"

6
sources/meta-tsgrain/recipes-kernel/linux/files/rauc.cfg Normal file
View file

@ -0,0 +1,6 @@
CONFIG_SQUASHFS=y
CONFIG_BLK_DEV_LOOP=y
CONFIG_SQUASHFS_FILE_CACHE=y
CONFIG_SQUASHFS_DECOMP_SINGLE=y
CONFIG_SQUASHFS_ZLIB=y
CONFIG_SQUASHFS_FRAGMENT_CACHE_SIZE=3

6
sources/meta-tsgrain/recipes-kernel/linux/linux-raspberrypi%.bbappend Normal file
View file

@ -0,0 +1,6 @@
FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
inherit rauc-integration
SRC_URI:append:rauc-integration = " file://rauc.cfg"
CMDLINE:remove:rauc-integration = "root=/dev/mmcblk0p2"

4
sources/meta-tsgrain/wic/sdimage-tsgrain.wks Normal file
View file

@ -0,0 +1,4 @@
part /boot --source bootimg-partition --ondisk mmcblk0 --fstype=vfat --label boot --active --align 4096 --size 100
part / --source rootfs --ondisk mmcblk0 --fstype=ext4 --label rootfs_A --align 4096
part / --source rootfs --ondisk mmcblk0 --fstype=ext4 --label rootfs_B --align 4096
part /app --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/app --ondisk mmcblk0 --fstype=ext4 --label appfs --align 1024 --size 500 --fsoptions "x-systemd.growfs"