From d3f69818aca5b69b91cef30c78d58afd868f631c Mon Sep 17 00:00:00 2001 From: Theta-Dev Date: Fri, 5 Nov 2021 21:44:46 +0100 Subject: [PATCH 1/2] switch to 64bit arm --- LICENSE | 201 ++++++++++++++++++ README.md | 34 +++ docker/Dockerfile | 17 ++ sample-files/bblayers.conf.sample | 1 - sample-files/local.conf.sample | 6 +- sources/meta-tsgrain/conf/distro/tsgrain.conf | 12 ++ .../recipes-core/images/tsgrain-image.bb | 4 +- 7 files changed, 268 insertions(+), 7 deletions(-) create mode 100644 LICENSE create mode 100644 README.md create mode 100644 docker/Dockerfile diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..261eeb9 --- /dev/null +++ b/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README.md b/README.md new file mode 100644 index 0000000..5574792 --- /dev/null +++ b/README.md @@ -0,0 +1,34 @@ +# TSGRain yocto os + +This is the yocto-based linux distribution that runs the TSGRain irrigation controller. + +## Build image + +```sh +# Use docker build environment +docker run -it --rm --user $(id -u):$(id -g) -v $(pwd):$(pwd) thetadev256/yoctobuild + +. ./oe-init-build-env +bitbake tsgrain-image +``` + +## Provision package repository + +Build the package index and run a webserver in the package directory + +```sh +bitbake package-index +cd {BUILD_DIR}/tmp-glibc/deploy/ipk +sudo python -m http.server 80 +``` + +On the Pi, add the server to the opkg package sources +```sh +# Add to /etc/opkg/opkg.conf +src/gz all http://{hostname}.local/all +src/gz cortexa53 http://{hostname}.local/cortexa53 +src/gz raspberrypi3_64 http://{hostname}.local/raspberrypi3_64 + +opkg update + +``` diff --git a/docker/Dockerfile b/docker/Dockerfile new file mode 100644 index 0000000..fc91cac --- /dev/null +++ b/docker/Dockerfile @@ -0,0 +1,17 @@ +FROM debian:10 + +RUN apt-get update && apt-get install -y git nano tar locales \ + gawk wget git-core diffstat unzip texinfo gcc-multilib \ + build-essential chrpath socat cpio python python3 python3-pip python3-pexpect \ + xz-utils debianutils iputils-ping libsdl1.2-dev xterm libmd0 && \ + apt-get clean autoclean + +RUN echo "ybuildr:x:1000:1000:ybuildr:/home:/bin/bash" >> /etc/passwd && \ + echo "root:root" | chpasswd && \ + echo "ybuildr:1234" | chpasswd && \ + sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && \ + locale-gen + +ENV LANG en_US.UTF-8 +ENV LANGUAGE en_US:en +ENV LC_ALL en_US.UTF-8 diff --git a/sample-files/bblayers.conf.sample b/sample-files/bblayers.conf.sample index 145e426..0e8c91a 100644 --- a/sample-files/bblayers.conf.sample +++ b/sample-files/bblayers.conf.sample @@ -13,7 +13,6 @@ BBLAYERS ?= " \ ##OEROOT##/sources/meta-raspberrypi \ ##OEROOT##/sources/meta-openembedded/meta-initramfs \ ##OEROOT##/sources/meta-openembedded/meta-oe \ - ##OEROOT##/sources/meta-openembedded/meta-webserver \ ##OEROOT##/sources/meta-openembedded/meta-networking \ ##OEROOT##/sources/meta-openembedded/meta-python \ ##OEROOT##/sources/meta-openembedded/meta-multimedia \ diff --git a/sample-files/local.conf.sample b/sample-files/local.conf.sample index f27e35f..fc65763 100644 --- a/sample-files/local.conf.sample +++ b/sample-files/local.conf.sample @@ -1,9 +1,9 @@ DISTRO = "tsgrain" -#MACHINE = "raspberrypi3" +MACHINE = "raspberrypi3-64" # This sets the default machine to be qemuarm if no other machine is selected: -MACHINE ??= "qemuarm" +MACHINE ??= "qemuarm64" # BUILDFILE_DIR = "/buildfiles" @@ -14,8 +14,6 @@ TMPDIR = "${BUILDFILE_DIR}/tmp" USER_CLASSES = "buildstats buildstats-summary image-mklibs image-prelink" -PACKAGE_CLASSES = "package_ipk" - PATCHRESOLVE = "noop" # Don't generate the mirror tarball for SCM repos, the snapshot is enough diff --git a/sources/meta-tsgrain/conf/distro/tsgrain.conf b/sources/meta-tsgrain/conf/distro/tsgrain.conf index 1d16773..38486f5 100644 --- a/sources/meta-tsgrain/conf/distro/tsgrain.conf +++ b/sources/meta-tsgrain/conf/distro/tsgrain.conf @@ -20,5 +20,17 @@ VIRTUAL-RUNTIME_init_manager = "systemd" VIRTUAL-RUNTIME_initscripts = "" VIRTUAL-RUNTIME_dev_manager = "systemd" +PACKAGE_CLASSES = "package_ipk" +IMAGE_FSTYPES = "tar.bz2 ${@oe.utils.conditional("SOC_FAMILY", "rpi", "rpi-sdimg ext4.gz", "ext4", d)}" + +# Raspberry Pi specific settings +SDIMG_ROOTFS_TYPE = "ext4.xz" +RPI_USE_U_BOOT = "1" +PREFERRED_PROVIDER_virtual/bootloader = "u-boot" +PREFERRED_PROVIDER_u-boot-fw-utils = "libubootenv" +ENABLE_UART = "1" +ENABLE_I2C = "1" +KERNEL_MODULE_AUTOLOAD:rpi += "i2c-dev i2c-bcm2708" + require conf/distro/include/yocto-uninative.inc INHERIT += "uninative buildstats sstate license remove-libtool" diff --git a/sources/meta-tsgrain/recipes-core/images/tsgrain-image.bb b/sources/meta-tsgrain/recipes-core/images/tsgrain-image.bb index d5faca9..6726ce0 100644 --- a/sources/meta-tsgrain/recipes-core/images/tsgrain-image.bb +++ b/sources/meta-tsgrain/recipes-core/images/tsgrain-image.bb @@ -7,6 +7,7 @@ IMAGE_INSTALL = "\ \ curl \ python3 \ + i2c-tools \ " IMAGE_FEATURES = "\ @@ -16,7 +17,6 @@ IMAGE_FEATURES = "\ " IMAGE_LINGUAS = "" -IMAGE_FSTYPES = "tar.bz2 ext3 ${@bb.utils.contains_any("MACHINE", "raspberrypi3", "rpi-sdimg", "", d)}" -LICENSE = "MIT" +LICENSE = "Apache-2.0" inherit core-image From 33b4a05f45bdd75fa10c1864ad71930341a840d8 Mon Sep 17 00:00:00 2001 From: Theta-Dev Date: Mon, 8 Nov 2021 19:44:55 +0100 Subject: [PATCH 2/2] Add RAUC updater --- .gitmodules | 6 +- keys/.gitignore | 1 + keys/deploy_certs.sh | 6 + keys/gen_dev_certs.sh | 31 +++++ keys/openssl.cnf | 54 ++++++++ sample-files/bblayers.conf.sample | 1 + sources/meta-openembedded | 2 +- sources/meta-rauc | 1 + .../classes/rauc-integration.bbclass | 1 + sources/meta-tsgrain/conf/distro/tsgrain.conf | 5 +- .../rpi-u-boot-scr/files/boot.cmd.in | 46 +++++++ .../rpi-u-boot-scr/rpi-u-boot-scr.bbappend | 4 + .../dhcpcd/dhcpcd_%.bbappend | 0 .../dhcpcd/files/dhcpcd.conf | 0 .../dnsmasq/dnsmasq_%.bbappend | 1 + .../dnsmasq/files/dnsmasq.conf | 0 .../hostapd/files/hostapd.conf | 0 .../hostapd/files/hostapd.service | 11 ++ .../hostapd/hostapd_%.bbappend | 23 ++++ .../openssh/files/sshd_config | 118 ++++++++++++++++++ .../openssh/openssh_%.bbappend} | 4 +- .../base-files/base-files_%.bbappend | 1 + .../recipes-core/base-files/files/fstab | 10 ++ .../recipes-core/bundles/tsgrain-update.bb | 14 +++ .../recipes-core/hostapd/hostapd_%.bbappend | 11 -- .../recipes-core/images/tsgrain-image.bb | 3 + .../packagegroups/packagegroup-essential.bb | 1 + .../recipes-core/rauc/files/ca.cert.pem | 81 ++++++++++++ .../files/rauc-grow-data-partition.service | 12 ++ .../recipes-core/rauc/files/system.conf | 16 +++ .../recipes-core/rauc/rauc_%.bbappend | 23 ++++ .../udev/files/raspberrypi-rauc.rules | 4 + .../udev/udev-extraconf_%.bbappend | 6 + .../recipes-dev/opkg/files/opkg.conf | 34 +++++ .../recipes-dev/opkg/opkg_%.bbappend | 1 + .../recipes-kernel/linux/files/rauc.cfg | 6 + .../linux/linux-raspberrypi%.bbappend | 6 + sources/meta-tsgrain/wic/sdimage-tsgrain.wks | 4 + 38 files changed, 530 insertions(+), 18 deletions(-) create mode 100644 keys/.gitignore create mode 100755 keys/deploy_certs.sh create mode 100755 keys/gen_dev_certs.sh create mode 100644 keys/openssl.cnf create mode 160000 sources/meta-rauc create mode 100644 sources/meta-tsgrain/classes/rauc-integration.bbclass create mode 100644 sources/meta-tsgrain/recipes-bsp/rpi-u-boot-scr/files/boot.cmd.in create mode 100644 sources/meta-tsgrain/recipes-bsp/rpi-u-boot-scr/rpi-u-boot-scr.bbappend rename sources/meta-tsgrain/{recipes-core => recipes-connectivity}/dhcpcd/dhcpcd_%.bbappend (100%) rename sources/meta-tsgrain/{recipes-core => recipes-connectivity}/dhcpcd/files/dhcpcd.conf (100%) create mode 100644 sources/meta-tsgrain/recipes-connectivity/dnsmasq/dnsmasq_%.bbappend rename sources/meta-tsgrain/{recipes-core => recipes-connectivity}/dnsmasq/files/dnsmasq.conf (100%) rename sources/meta-tsgrain/{recipes-core => recipes-connectivity}/hostapd/files/hostapd.conf (100%) create mode 100644 sources/meta-tsgrain/recipes-connectivity/hostapd/files/hostapd.service create mode 100644 sources/meta-tsgrain/recipes-connectivity/hostapd/hostapd_%.bbappend create mode 100644 sources/meta-tsgrain/recipes-connectivity/openssh/files/sshd_config rename sources/meta-tsgrain/{recipes-core/dnsmasq/dnsmasq_%.bbappend => recipes-connectivity/openssh/openssh_%.bbappend} (51%) create mode 100644 sources/meta-tsgrain/recipes-core/base-files/base-files_%.bbappend create mode 100644 sources/meta-tsgrain/recipes-core/base-files/files/fstab create mode 100644 sources/meta-tsgrain/recipes-core/bundles/tsgrain-update.bb delete mode 100644 sources/meta-tsgrain/recipes-core/hostapd/hostapd_%.bbappend create mode 100644 sources/meta-tsgrain/recipes-core/rauc/files/ca.cert.pem create mode 100644 sources/meta-tsgrain/recipes-core/rauc/files/rauc-grow-data-partition.service create mode 100644 sources/meta-tsgrain/recipes-core/rauc/files/system.conf create mode 100644 sources/meta-tsgrain/recipes-core/rauc/rauc_%.bbappend create mode 100644 sources/meta-tsgrain/recipes-core/udev/files/raspberrypi-rauc.rules create mode 100644 sources/meta-tsgrain/recipes-core/udev/udev-extraconf_%.bbappend create mode 100644 sources/meta-tsgrain/recipes-dev/opkg/files/opkg.conf create mode 100644 sources/meta-tsgrain/recipes-dev/opkg/opkg_%.bbappend create mode 100644 sources/meta-tsgrain/recipes-kernel/linux/files/rauc.cfg create mode 100644 sources/meta-tsgrain/recipes-kernel/linux/linux-raspberrypi%.bbappend create mode 100644 sources/meta-tsgrain/wic/sdimage-tsgrain.wks diff --git a/.gitmodules b/.gitmodules index dc1ab20..8e8bb9a 100644 --- a/.gitmodules +++ b/.gitmodules @@ -5,7 +5,7 @@ [submodule "sources/bitbake"] path = sources/bitbake url = git://git.openembedded.org/bitbake - branch = 1.52 + branch = 1.50.3 [submodule "sources/meta-openembedded"] path = sources/meta-openembedded url = git://git.openembedded.org/meta-openembedded @@ -14,3 +14,7 @@ path = sources/meta-raspberrypi url = git://git.yoctoproject.org/meta-raspberrypi branch = hardknott +[submodule "sources/meta-rauc"] + path = sources/meta-rauc + url = https://github.com/rauc/meta-rauc.git + branch = hardknott diff --git a/keys/.gitignore b/keys/.gitignore new file mode 100644 index 0000000..38f8e88 --- /dev/null +++ b/keys/.gitignore @@ -0,0 +1 @@ +dev diff --git a/keys/deploy_certs.sh b/keys/deploy_certs.sh new file mode 100755 index 0000000..cff5f0f --- /dev/null +++ b/keys/deploy_certs.sh @@ -0,0 +1,6 @@ +#!/bin/bash +set -e + +cd -- $( dirname -- "${BASH_SOURCE[0]}" ) + +cp dev/ca.cert.pem ../sources/meta-tsgrain/recipes-core/rauc/files/ca.cert.pem diff --git a/keys/gen_dev_certs.sh b/keys/gen_dev_certs.sh new file mode 100755 index 0000000..b6294b0 --- /dev/null +++ b/keys/gen_dev_certs.sh @@ -0,0 +1,31 @@ +#!/bin/bash +set -e +cd -- $( dirname -- "${BASH_SOURCE[0]}" ) + +ORG="Hochschule Augsburg" +PROJ="TSGRain" + +BASE_DEV="$(pwd)/dev" +export OPENSSL_CONF=$(pwd)/openssl.cnf + +if [ -e $BASE_DEV ]; then + echo "CA already exists, creating new certificate" + cd $BASE_DEV +else + echo "Creating new CA" + + mkdir -p $BASE_DEV/{private,certs} + touch $BASE_DEV/index.txt + echo 00 > $BASE_DEV/serial + cd $BASE_DEV + + echo "Development CA" + openssl req -newkey rsa -keyout private/ca.key.pem -out ca.csr.pem -subj "/O=$ORG/CN=$PROJ Development CA" + openssl ca -batch -selfsign -extensions v3_ca -in ca.csr.pem -out ca.cert.pem -keyfile private/ca.key.pem +fi + +SN=$(cat serial) + +echo "Development Signing Keys 1" +openssl req -newkey rsa -keyout private/development-$SN.key.pem -out development-$SN.csr.pem -subj "/O=$ORG/CN=$PROJ Development-$SN" +openssl ca -batch -extensions v3_leaf -in development-$SN.csr.pem -out development-$SN.cert.pem diff --git a/keys/openssl.cnf b/keys/openssl.cnf new file mode 100644 index 0000000..42acb51 --- /dev/null +++ b/keys/openssl.cnf @@ -0,0 +1,54 @@ +[ ca ] +default_ca = CA_default # The default ca section + +[ CA_default ] +dir = . # top dir +database = $dir/index.txt # index file. +new_certs_dir = $dir/certs # new certs dir +serial = $dir/serial # serial no file +RANDFILE = $dir/private/.rand # random number file + +private_key = $dir/private/ca.key.pem# CA private key +certificate = $dir/ca.cert.pem # The CA cert + +default_startdate = 19700101000000Z +default_enddate = 99991231235959Z + +default_crl_days= 30 # how long before next CRL + +default_md = sha256 # md to use +policy = policy_any # default policy +email_in_dn = no # Don't add the email into cert DN +name_opt = ca_default # Subject name display option +cert_opt = ca_default # Certificate display option +copy_extensions = none # Don't copy extensions from request + +[ policy_any ] +organizationName = match +commonName = supplied + +[ req ] +default_bits = 2048 +distinguished_name = req_distinguished_name +x509_extensions = v3_leaf +encrypt_key = no +default_md = sha256 + +[ req_distinguished_name ] +commonName = Common Name (eg, YOUR name) +commonName_max = 64 + +[ v3_ca ] +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always +basicConstraints = CA:TRUE + +[ v3_inter ] +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always +basicConstraints = CA:TRUE,pathlen:0 + +[ v3_leaf ] +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always +basicConstraints = CA:FALSE diff --git a/sample-files/bblayers.conf.sample b/sample-files/bblayers.conf.sample index 0e8c91a..438b742 100644 --- a/sample-files/bblayers.conf.sample +++ b/sample-files/bblayers.conf.sample @@ -10,6 +10,7 @@ BBFILES ?= "" BBLAYERS ?= " \ ##OEROOT##/sources/meta-tsgrain \ + ##OEROOT##/sources/meta-rauc \ ##OEROOT##/sources/meta-raspberrypi \ ##OEROOT##/sources/meta-openembedded/meta-initramfs \ ##OEROOT##/sources/meta-openembedded/meta-oe \ diff --git a/sources/meta-openembedded b/sources/meta-openembedded index d378e42..672a742 160000 --- a/sources/meta-openembedded +++ b/sources/meta-openembedded @@ -1 +1 @@ -Subproject commit d378e4293d18e374f5d1494a88bfc3caee4d02df +Subproject commit 672a7420b28129aecdbf077505058b90d23c0919 diff --git a/sources/meta-rauc b/sources/meta-rauc new file mode 160000 index 0000000..64b8401 --- /dev/null +++ b/sources/meta-rauc @@ -0,0 +1 @@ +Subproject commit 64b84017dd07be1d9da76943b59d77028bb5ccc7 diff --git a/sources/meta-tsgrain/classes/rauc-integration.bbclass b/sources/meta-tsgrain/classes/rauc-integration.bbclass new file mode 100644 index 0000000..db53ad1 --- /dev/null +++ b/sources/meta-tsgrain/classes/rauc-integration.bbclass @@ -0,0 +1 @@ +OVERRIDES .= "${@bb.utils.contains('DISTRO_FEATURES', 'rauc', ':rauc-integration', '', d)}" diff --git a/sources/meta-tsgrain/conf/distro/tsgrain.conf b/sources/meta-tsgrain/conf/distro/tsgrain.conf index 38486f5..ff4b315 100644 --- a/sources/meta-tsgrain/conf/distro/tsgrain.conf +++ b/sources/meta-tsgrain/conf/distro/tsgrain.conf @@ -11,7 +11,7 @@ LOCALCONF_VERSION = "1" SDK_NAME = "${DISTRO}-${TCLIBC}-${SDKMACHINE}-${IMAGE_BASENAME}-${TUNE_PKGARCH}-${MACHINE}" SDKPATHINSTALL = "/opt/${DISTRO}/${SDK_VERSION}" -TSGRAIN_DEFAULT_DISTRO_FEATURES = "systemd largefile wifi bluez5 bluetooth" +TSGRAIN_DEFAULT_DISTRO_FEATURES = "systemd largefile wifi bluez5 bluetooth rauc" DISTRO_FEATURES ?= "${DISTRO_FEATURES_DEFAULT} ${TSGRAIN_DEFAULT_DISTRO_FEATURES}" DISTRO_FEATURES_remove = "x11 sysvinit" @@ -21,10 +21,9 @@ VIRTUAL-RUNTIME_initscripts = "" VIRTUAL-RUNTIME_dev_manager = "systemd" PACKAGE_CLASSES = "package_ipk" -IMAGE_FSTYPES = "tar.bz2 ${@oe.utils.conditional("SOC_FAMILY", "rpi", "rpi-sdimg ext4.gz", "ext4", d)}" # Raspberry Pi specific settings -SDIMG_ROOTFS_TYPE = "ext4.xz" +SDIMG_ROOTFS_TYPE = "ext4" RPI_USE_U_BOOT = "1" PREFERRED_PROVIDER_virtual/bootloader = "u-boot" PREFERRED_PROVIDER_u-boot-fw-utils = "libubootenv" diff --git a/sources/meta-tsgrain/recipes-bsp/rpi-u-boot-scr/files/boot.cmd.in b/sources/meta-tsgrain/recipes-bsp/rpi-u-boot-scr/files/boot.cmd.in new file mode 100644 index 0000000..40e04a6 --- /dev/null +++ b/sources/meta-tsgrain/recipes-bsp/rpi-u-boot-scr/files/boot.cmd.in @@ -0,0 +1,46 @@ +fdt addr ${fdt_addr} && fdt get value bootargs /chosen bootargs + +test -n "${BOOT_ORDER}" || setenv BOOT_ORDER "A B" +test -n "${BOOT_A_LEFT}" || setenv BOOT_A_LEFT 3 +test -n "${BOOT_B_LEFT}" || setenv BOOT_B_LEFT 3 +test -n "${BOOT_DEV}" || setenv BOOT_DEV "mmc 0:1" + +setenv bootpart +setenv raucslot + +for BOOT_SLOT in "${BOOT_ORDER}"; do + if test "x${bootpart}" != "x"; then + # skip remaining slots + elif test "x${BOOT_SLOT}" = "xA"; then + if test ${BOOT_A_LEFT} -gt 0; then + setexpr BOOT_A_LEFT ${BOOT_A_LEFT} - 1 + echo "Found valid RAUC slot A" + setenv bootpart "/dev/mmcblk0p2" + setenv raucslot "A" + setenv BOOT_DEV "mmc 0:2" + fi + elif test "x${BOOT_SLOT}" = "xB"; then + if test ${BOOT_B_LEFT} -gt 0; then + setexpr BOOT_B_LEFT ${BOOT_B_LEFT} - 1 + echo "Found valid RAUC slot B" + setenv bootpart "/dev/mmcblk0p3" + setenv raucslot "B" + setenv BOOT_DEV "mmc 0:3" + fi + fi +done + +if test -n "${bootpart}"; then + setenv bootargs "${bootargs} root=${bootpart} rauc.slot=${raucslot}" + saveenv +else + echo "No valid RAUC slot found. Resetting tries to 3" + setenv BOOT_A_LEFT 3 + setenv BOOT_B_LEFT 3 + saveenv + reset +fi + +fatload mmc 0:1 ${kernel_addr_r} @@KERNEL_IMAGETYPE@@ +if test ! -e mmc 0:1 uboot.env; then saveenv; fi; +@@KERNEL_BOOTCMD@@ ${kernel_addr_r} - ${fdt_addr} diff --git a/sources/meta-tsgrain/recipes-bsp/rpi-u-boot-scr/rpi-u-boot-scr.bbappend b/sources/meta-tsgrain/recipes-bsp/rpi-u-boot-scr/rpi-u-boot-scr.bbappend new file mode 100644 index 0000000..3835283 --- /dev/null +++ b/sources/meta-tsgrain/recipes-bsp/rpi-u-boot-scr/rpi-u-boot-scr.bbappend @@ -0,0 +1,4 @@ +inherit rauc-integration + +FILESEXTRAPATHS:prepend:rauc-integration := "${THISDIR}/files:" +SRC_URI:append:rauc-integration = " file://boot.cmd.in" diff --git a/sources/meta-tsgrain/recipes-core/dhcpcd/dhcpcd_%.bbappend b/sources/meta-tsgrain/recipes-connectivity/dhcpcd/dhcpcd_%.bbappend similarity index 100% rename from sources/meta-tsgrain/recipes-core/dhcpcd/dhcpcd_%.bbappend rename to sources/meta-tsgrain/recipes-connectivity/dhcpcd/dhcpcd_%.bbappend diff --git a/sources/meta-tsgrain/recipes-core/dhcpcd/files/dhcpcd.conf b/sources/meta-tsgrain/recipes-connectivity/dhcpcd/files/dhcpcd.conf similarity index 100% rename from sources/meta-tsgrain/recipes-core/dhcpcd/files/dhcpcd.conf rename to sources/meta-tsgrain/recipes-connectivity/dhcpcd/files/dhcpcd.conf diff --git a/sources/meta-tsgrain/recipes-connectivity/dnsmasq/dnsmasq_%.bbappend b/sources/meta-tsgrain/recipes-connectivity/dnsmasq/dnsmasq_%.bbappend new file mode 100644 index 0000000..81fe7b7 --- /dev/null +++ b/sources/meta-tsgrain/recipes-connectivity/dnsmasq/dnsmasq_%.bbappend @@ -0,0 +1 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/files:" diff --git a/sources/meta-tsgrain/recipes-core/dnsmasq/files/dnsmasq.conf b/sources/meta-tsgrain/recipes-connectivity/dnsmasq/files/dnsmasq.conf similarity index 100% rename from sources/meta-tsgrain/recipes-core/dnsmasq/files/dnsmasq.conf rename to sources/meta-tsgrain/recipes-connectivity/dnsmasq/files/dnsmasq.conf diff --git a/sources/meta-tsgrain/recipes-core/hostapd/files/hostapd.conf b/sources/meta-tsgrain/recipes-connectivity/hostapd/files/hostapd.conf similarity index 100% rename from sources/meta-tsgrain/recipes-core/hostapd/files/hostapd.conf rename to sources/meta-tsgrain/recipes-connectivity/hostapd/files/hostapd.conf diff --git a/sources/meta-tsgrain/recipes-connectivity/hostapd/files/hostapd.service b/sources/meta-tsgrain/recipes-connectivity/hostapd/files/hostapd.service new file mode 100644 index 0000000..c8fce1e --- /dev/null +++ b/sources/meta-tsgrain/recipes-connectivity/hostapd/files/hostapd.service @@ -0,0 +1,11 @@ +[Unit] +Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator +After=network.target + +[Service] +Type=forking +PIDFile=/run/hostapd.pid +ExecStart=@SBINDIR@/hostapd /app/hostapd/hostapd.conf -P /run/hostapd.pid -B + +[Install] +WantedBy=multi-user.target diff --git a/sources/meta-tsgrain/recipes-connectivity/hostapd/hostapd_%.bbappend b/sources/meta-tsgrain/recipes-connectivity/hostapd/hostapd_%.bbappend new file mode 100644 index 0000000..424d8e0 --- /dev/null +++ b/sources/meta-tsgrain/recipes-connectivity/hostapd/hostapd_%.bbappend @@ -0,0 +1,23 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/files:" + +SRC_URI_append = "\ + file://hostapd.conf \ +" + +FILES_${PN} += "/app/hostapd/hostapd.conf" + +SYSTEMD_AUTO_ENABLE_${PN} = "enable" + +do_install_append() { + # Remove original config file + rm -rf ${D}${sysconfdir} + + # Install config file to appfs + install -D -m 644 ${WORKDIR}/hostapd.conf ${D}/app/hostapd/hostapd.conf + + # Change config file path + install -m 0644 ${WORKDIR}/hostapd.service ${D}${systemd_unitdir}/system/ + sed -i -e 's,@SBINDIR@,${sbindir},g' -e 's,@SYSCONFDIR@,/app/hostapd,g' ${D}${systemd_unitdir}/system/hostapd.service +} + +CONFFILES_${PN} = "/app/hostapd/hostapd.conf" diff --git a/sources/meta-tsgrain/recipes-connectivity/openssh/files/sshd_config b/sources/meta-tsgrain/recipes-connectivity/openssh/files/sshd_config new file mode 100644 index 0000000..e734f3f --- /dev/null +++ b/sources/meta-tsgrain/recipes-connectivity/openssh/files/sshd_config @@ -0,0 +1,118 @@ +# $OpenBSD: sshd_config,v 1.102 2018/02/16 02:32:40 djm Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +HostKey /app/ssh/ssh_host_rsa_key +HostKey /app/ssh/ssh_host_ecdsa_key +HostKey /app/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +#PermitRootLogin prohibit-password +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +#UsePAM no + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +#PermitUserEnvironment no +Compression no +ClientAliveInterval 15 +ClientAliveCountMax 4 +#UseDNS no +#PidFile /var/run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/libexec/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server diff --git a/sources/meta-tsgrain/recipes-core/dnsmasq/dnsmasq_%.bbappend b/sources/meta-tsgrain/recipes-connectivity/openssh/openssh_%.bbappend similarity index 51% rename from sources/meta-tsgrain/recipes-core/dnsmasq/dnsmasq_%.bbappend rename to sources/meta-tsgrain/recipes-connectivity/openssh/openssh_%.bbappend index c5b948f..fc93a08 100644 --- a/sources/meta-tsgrain/recipes-core/dnsmasq/dnsmasq_%.bbappend +++ b/sources/meta-tsgrain/recipes-connectivity/openssh/openssh_%.bbappend @@ -1,9 +1,9 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/files:" SRC_URI_append = "\ - file://dnsmasq.conf \ + file://sshd_config \ " do_install_append() { - install -m 644 ${WORKDIR}/dnsmasq.conf ${D}${sysconfdir} + install -m 644 ${WORKDIR}/sshd_config ${D}${sysconfdir}/ssh } diff --git a/sources/meta-tsgrain/recipes-core/base-files/base-files_%.bbappend b/sources/meta-tsgrain/recipes-core/base-files/base-files_%.bbappend new file mode 100644 index 0000000..50851ae --- /dev/null +++ b/sources/meta-tsgrain/recipes-core/base-files/base-files_%.bbappend @@ -0,0 +1 @@ +FILESEXTRAPATHS:prepend:rpi := "${THISDIR}/files:" diff --git a/sources/meta-tsgrain/recipes-core/base-files/files/fstab b/sources/meta-tsgrain/recipes-core/base-files/files/fstab new file mode 100644 index 0000000..facbb1f --- /dev/null +++ b/sources/meta-tsgrain/recipes-core/base-files/files/fstab @@ -0,0 +1,10 @@ +# stock fstab - you probably want to override this with a machine specific one + +/dev/root / auto defaults 1 1 +proc /proc proc defaults 0 0 +devpts /dev/pts devpts mode=0620,ptmxmode=0666,gid=5 0 0 +tmpfs /run tmpfs mode=0755,nodev,nosuid,strictatime 0 0 +tmpfs /var/volatile tmpfs defaults 0 0 + +/dev/mmcblk0p1 /boot vfat defaults 0 0 +/dev/mmcblk0p4 /app ext4 defaults 0 0 diff --git a/sources/meta-tsgrain/recipes-core/bundles/tsgrain-update.bb b/sources/meta-tsgrain/recipes-core/bundles/tsgrain-update.bb new file mode 100644 index 0000000..8eca1f3 --- /dev/null +++ b/sources/meta-tsgrain/recipes-core/bundles/tsgrain-update.bb @@ -0,0 +1,14 @@ +DESCRIPTION = "TSGRain RAUC bundle generator" + +inherit bundle + +RAUC_BUNDLE_COMPATIBLE = "TSGRain" +RAUC_BUNDLE_VERSION = "v0.0.1" +RAUC_BUNDLE_DESCRIPTION = "TSGRain update bundle" +RAUC_BUNDLE_SLOTS = "rootfs" +RAUC_SLOT_rootfs = "tsgrain-image" +RAUC_SLOT_rootfs[fstype] = "ext4" + +RAUC_CERT_FILE = "${THISDIR}/../../../../keys/dev/development-01.cert.pem" +RAUC_KEY_FILE = "${THISDIR}/../../../../keys/dev/private/development-01.key.pem" +RAUC_KEYRING_FILE = "${THISDIR}/../../../../keys/dev/ca.cert.pem" diff --git a/sources/meta-tsgrain/recipes-core/hostapd/hostapd_%.bbappend b/sources/meta-tsgrain/recipes-core/hostapd/hostapd_%.bbappend deleted file mode 100644 index a3f8c06..0000000 --- a/sources/meta-tsgrain/recipes-core/hostapd/hostapd_%.bbappend +++ /dev/null @@ -1,11 +0,0 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/files:" - -SRC_URI_append = "\ - file://hostapd.conf \ -" - -SYSTEMD_AUTO_ENABLE_${PN} = "enable" - -do_install_append() { - install -m 644 ${WORKDIR}/hostapd.conf ${D}${sysconfdir} -} diff --git a/sources/meta-tsgrain/recipes-core/images/tsgrain-image.bb b/sources/meta-tsgrain/recipes-core/images/tsgrain-image.bb index 6726ce0..9023a98 100644 --- a/sources/meta-tsgrain/recipes-core/images/tsgrain-image.bb +++ b/sources/meta-tsgrain/recipes-core/images/tsgrain-image.bb @@ -18,5 +18,8 @@ IMAGE_FEATURES = "\ IMAGE_LINGUAS = "" +IMAGE_FSTYPES="tar.bz2 ext4 wic.bz2" +WKS_FILE = "sdimage-tsgrain.wks" + LICENSE = "Apache-2.0" inherit core-image diff --git a/sources/meta-tsgrain/recipes-core/packagegroups/packagegroup-essential.bb b/sources/meta-tsgrain/recipes-core/packagegroups/packagegroup-essential.bb index 96c9dbc..f17f0bf 100644 --- a/sources/meta-tsgrain/recipes-core/packagegroups/packagegroup-essential.bb +++ b/sources/meta-tsgrain/recipes-core/packagegroups/packagegroup-essential.bb @@ -14,4 +14,5 @@ RRECOMMENDS_${PN} = "\ cpufrequtils \ htop \ bash-completion \ + nano \ " diff --git a/sources/meta-tsgrain/recipes-core/rauc/files/ca.cert.pem b/sources/meta-tsgrain/recipes-core/rauc/files/ca.cert.pem new file mode 100644 index 0000000..0e85f01 --- /dev/null +++ b/sources/meta-tsgrain/recipes-core/rauc/files/ca.cert.pem @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha256WithRSAEncryption + Issuer: O=Hochschule Augsburg, CN=TSGRain Development CA + Validity + Not Before: Jan 1 00:00:00 1970 GMT + Not After : Dec 31 23:59:59 9999 GMT + Subject: O=Hochschule Augsburg, CN=TSGRain Development CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:af:04:cb:e9:c5:9a:07:90:57:60:70:29:ac:de: + ce:02:d1:63:11:8c:13:b1:92:31:d1:90:41:fb:2e: + 29:43:1e:76:ea:1e:a1:d1:f5:50:c9:bc:fb:42:a9: + 97:2c:f2:5c:05:2e:27:d1:bc:5d:c7:0f:fd:91:61: + 2d:1c:6d:80:58:e3:0b:a7:66:57:d2:2b:48:4d:d6: + 8b:f5:2b:ed:38:0d:54:b4:e5:4c:72:3f:6d:4e:c6: + f2:eb:93:13:9b:34:b7:da:47:34:06:72:a6:42:61: + 94:aa:2e:13:f9:bd:6b:01:70:07:4c:01:7d:0e:0c: + c9:b1:8a:04:67:af:1b:d5:dd:72:d3:05:8a:d5:12: + 0a:d7:d3:e8:d7:db:27:ac:3c:59:8d:8d:0d:6a:bd: + b0:55:73:ea:ba:59:c7:82:d6:1d:26:56:d3:20:c7: + 7c:e2:2e:77:93:db:5e:05:dc:ef:03:da:69:db:86: + 71:38:ce:c0:f5:91:98:ec:d1:30:3f:5b:6a:f6:62: + 29:9f:31:16:67:b1:d1:08:8c:05:db:6f:fd:99:c7: + 0b:e0:b6:8e:04:ef:59:51:33:ee:f0:85:86:a4:8e: + fd:70:70:01:91:49:f0:fb:9c:44:99:6b:8b:2b:70: + e5:7f:0b:ae:55:7f:8c:e9:ea:42:30:73:1a:2c:c5: + 15:b9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 46:50:B7:B3:B3:07:F5:B0:4C:A0:A1:21:38:D3:02:70:8B:75:52:A9 + X509v3 Authority Key Identifier: + keyid:46:50:B7:B3:B3:07:F5:B0:4C:A0:A1:21:38:D3:02:70:8B:75:52:A9 + DirName:/O=Hochschule Augsburg/CN=TSGRain Development CA + serial:00 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + a3:b0:58:c2:c6:13:6d:b5:45:b8:fd:31:21:cb:4f:e0:51:e4: + 8c:24:c9:bf:c6:f2:73:2e:1c:62:f0:71:dd:88:b2:eb:90:33: + 12:33:ee:17:f3:3b:28:73:98:34:d9:85:d1:4f:25:a7:e7:51: + 97:f1:48:b4:48:9e:7c:35:bf:dc:af:5b:8c:93:57:b1:f4:f9: + dc:6e:64:cd:83:97:96:51:c4:a3:10:cd:9d:cc:14:ef:dd:8d: + 89:9e:6c:77:f9:06:26:84:13:e0:58:7b:49:32:48:0b:14:62: + c6:5e:6a:55:8d:85:16:ff:98:48:c4:10:03:c4:21:a3:ad:bd: + 8d:ad:68:d4:1d:49:34:ee:13:07:fd:81:b2:22:67:48:a6:d9: + 31:ed:e2:be:c8:2d:5e:3f:e4:58:95:b0:53:3e:42:91:f4:39: + 3e:1c:15:5e:f8:a5:b0:d4:60:ac:ba:70:49:0c:95:96:52:1a: + 41:6f:60:7c:d4:81:94:d1:db:66:73:07:0e:ed:6b:fa:34:13: + 1b:24:bd:85:f4:4f:e0:dc:1d:dd:f1:d6:8c:f8:a5:f9:2d:23: + 6a:7e:af:ca:66:b8:26:d0:dd:44:87:82:83:fa:5e:f6:41:0d: + 2b:4b:83:34:19:a7:78:d6:9d:39:5f:36:cb:83:7e:2d:3b:86: + 22:57:dc:c3 +-----BEGIN CERTIFICATE----- +MIIDlTCCAn2gAwIBAgIBADANBgkqhkiG9w0BAQsFADA/MRwwGgYDVQQKDBNIb2No +c2NodWxlIEF1Z3NidXJnMR8wHQYDVQQDDBZUU0dSYWluIERldmVsb3BtZW50IENB +MCAXDTcwMDEwMTAwMDAwMFoYDzk5OTkxMjMxMjM1OTU5WjA/MRwwGgYDVQQKDBNI +b2Noc2NodWxlIEF1Z3NidXJnMR8wHQYDVQQDDBZUU0dSYWluIERldmVsb3BtZW50 +IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwTL6cWaB5BXYHAp +rN7OAtFjEYwTsZIx0ZBB+y4pQx526h6h0fVQybz7QqmXLPJcBS4n0bxdxw/9kWEt +HG2AWOMLp2ZX0itITdaL9SvtOA1UtOVMcj9tTsby65MTmzS32kc0BnKmQmGUqi4T ++b1rAXAHTAF9DgzJsYoEZ68b1d1y0wWK1RIK19Po19snrDxZjY0Nar2wVXPqulnH +gtYdJlbTIMd84i53k9teBdzvA9pp24ZxOM7A9ZGY7NEwP1tq9mIpnzEWZ7HRCIwF +22/9mccL4LaOBO9ZUTPu8IWGpI79cHABkUnw+5xEmWuLK3DlfwuuVX+M6epCMHMa +LMUVuQIDAQABo4GZMIGWMB0GA1UdDgQWBBRGULezswf1sEygoSE40wJwi3VSqTBn +BgNVHSMEYDBegBRGULezswf1sEygoSE40wJwi3VSqaFDpEEwPzEcMBoGA1UECgwT +SG9jaHNjaHVsZSBBdWdzYnVyZzEfMB0GA1UEAwwWVFNHUmFpbiBEZXZlbG9wbWVu +dCBDQYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCjsFjCxhNt +tUW4/TEhy0/gUeSMJMm/xvJzLhxi8HHdiLLrkDMSM+4X8zsoc5g02YXRTyWn51GX +8Ui0SJ58Nb/cr1uMk1ex9PncbmTNg5eWUcSjEM2dzBTv3Y2Jnmx3+QYmhBPgWHtJ +MkgLFGLGXmpVjYUW/5hIxBADxCGjrb2NrWjUHUk07hMH/YGyImdIptkx7eK+yC1e +P+RYlbBTPkKR9Dk+HBVe+KWw1GCsunBJDJWWUhpBb2B81IGU0dtmcwcO7Wv6NBMb +JL2F9E/g3B3d8daM+KX5LSNqfq/KZrgm0N1Eh4KD+l72QQ0rS4M0Gad41p05XzbL +g34tO4YiV9zD +-----END CERTIFICATE----- diff --git a/sources/meta-tsgrain/recipes-core/rauc/files/rauc-grow-data-partition.service b/sources/meta-tsgrain/recipes-core/rauc/files/rauc-grow-data-partition.service new file mode 100644 index 0000000..bcba29b --- /dev/null +++ b/sources/meta-tsgrain/recipes-core/rauc/files/rauc-grow-data-partition.service @@ -0,0 +1,12 @@ +[Unit] +Description=Service to grow data partition size +DefaultDependencies=no +Before=home.mount + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/sbin/parted --script /dev/mmcblk0 resizepart 4 100% + +[Install] +WantedBy=home.mount diff --git a/sources/meta-tsgrain/recipes-core/rauc/files/system.conf b/sources/meta-tsgrain/recipes-core/rauc/files/system.conf new file mode 100644 index 0000000..fed60c9 --- /dev/null +++ b/sources/meta-tsgrain/recipes-core/rauc/files/system.conf @@ -0,0 +1,16 @@ +[system] +compatible=TSGRain +bootloader=uboot + +[keyring] +path=/etc/rauc/ca.cert.pem + +[slot.rootfs.0] +device=/dev/mmcblk0p2 +type=ext4 +bootname=A + +[slot.rootfs.1] +device=/dev/mmcblk0p3 +type=ext4 +bootname=B diff --git a/sources/meta-tsgrain/recipes-core/rauc/rauc_%.bbappend b/sources/meta-tsgrain/recipes-core/rauc/rauc_%.bbappend new file mode 100644 index 0000000..61514c2 --- /dev/null +++ b/sources/meta-tsgrain/recipes-core/rauc/rauc_%.bbappend @@ -0,0 +1,23 @@ +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" +SRC_URI:append := " \ + file://system.conf \ + file://ca.cert.pem \ + file://rauc-grow-data-partition.service \ +" + +# additional dependencies required to run RAUC on the target +RDEPENDS:${PN} += "u-boot-fw-utils u-boot-env" + +inherit systemd + +SYSTEMD_PACKAGES += "${PN}-grow-data-part" +SYSTEMD_SERVICE:${PN}-grow-data-part = "rauc-grow-data-partition.service" + +PACKAGES += "rauc-grow-data-part" + +RDEPENDS:${PN}-grow-data-part += "parted" + +do_install:append() { + install -d ${D}${systemd_unitdir}/system/ + install -m 0644 ${WORKDIR}/rauc-grow-data-partition.service ${D}${systemd_unitdir}/system/ +} diff --git a/sources/meta-tsgrain/recipes-core/udev/files/raspberrypi-rauc.rules b/sources/meta-tsgrain/recipes-core/udev/files/raspberrypi-rauc.rules new file mode 100644 index 0000000..e7f14aa --- /dev/null +++ b/sources/meta-tsgrain/recipes-core/udev/files/raspberrypi-rauc.rules @@ -0,0 +1,4 @@ +/dev/mmcblk0p1 +/dev/mmcblk0p2 +/dev/mmcblk0p3 +/dev/mmcblk0p4 diff --git a/sources/meta-tsgrain/recipes-core/udev/udev-extraconf_%.bbappend b/sources/meta-tsgrain/recipes-core/udev/udev-extraconf_%.bbappend new file mode 100644 index 0000000..371e391 --- /dev/null +++ b/sources/meta-tsgrain/recipes-core/udev/udev-extraconf_%.bbappend @@ -0,0 +1,6 @@ +FILESEXTRAPATHS:prepend:rpi := "${THISDIR}/files:" +SRC_URI:append:rpi = " file://raspberrypi-rauc.rules" + +do_install:append:rpi() { + install -m 0644 ${WORKDIR}/raspberrypi-rauc.rules ${D}${sysconfdir}/udev/mount.blacklist.d/ +} diff --git a/sources/meta-tsgrain/recipes-dev/opkg/files/opkg.conf b/sources/meta-tsgrain/recipes-dev/opkg/files/opkg.conf new file mode 100644 index 0000000..becb6e6 --- /dev/null +++ b/sources/meta-tsgrain/recipes-dev/opkg/files/opkg.conf @@ -0,0 +1,34 @@ +# Must have one or more source entries of the form: +# +# src +# +# and one or more destination entries of the form: +# +# dest +# +# where and are identifiers that +# should match [a-zA-Z0-9._-]+, should be a +# URL that points to a directory containing a Familiar +# Packages file, and should be a directory +# that exists on the target system. + +# Proxy Support +#option http_proxy http://proxy.tld:3128 +#option ftp_proxy http://proxy.tld:3128 +#option proxy_username +#option proxy_password + +# Enable GPGME signature +# option check_signature 1 + +# Offline mode (for use in constructing flash images offline) +#option offline_root target + +# Default destination for installed packages +dest root / + +src/gz all http://thetabook.local/all +src/gz cortexa7t2hf-neon-vfpv4 http://thetabook.local/cortexa7t2hf-neon-vfpv4 +src/gz raspberrypi3 http://thetabook.local/raspberrypi3 +#src/gz cortexa53 http://thetabook.local/cortexa53 +#src/gz raspberrypi3_64 http://thetabook.local/raspberrypi3_64 diff --git a/sources/meta-tsgrain/recipes-dev/opkg/opkg_%.bbappend b/sources/meta-tsgrain/recipes-dev/opkg/opkg_%.bbappend new file mode 100644 index 0000000..81fe7b7 --- /dev/null +++ b/sources/meta-tsgrain/recipes-dev/opkg/opkg_%.bbappend @@ -0,0 +1 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/files:" diff --git a/sources/meta-tsgrain/recipes-kernel/linux/files/rauc.cfg b/sources/meta-tsgrain/recipes-kernel/linux/files/rauc.cfg new file mode 100644 index 0000000..e4723bc --- /dev/null +++ b/sources/meta-tsgrain/recipes-kernel/linux/files/rauc.cfg @@ -0,0 +1,6 @@ +CONFIG_SQUASHFS=y +CONFIG_BLK_DEV_LOOP=y +CONFIG_SQUASHFS_FILE_CACHE=y +CONFIG_SQUASHFS_DECOMP_SINGLE=y +CONFIG_SQUASHFS_ZLIB=y +CONFIG_SQUASHFS_FRAGMENT_CACHE_SIZE=3 diff --git a/sources/meta-tsgrain/recipes-kernel/linux/linux-raspberrypi%.bbappend b/sources/meta-tsgrain/recipes-kernel/linux/linux-raspberrypi%.bbappend new file mode 100644 index 0000000..985eb2b --- /dev/null +++ b/sources/meta-tsgrain/recipes-kernel/linux/linux-raspberrypi%.bbappend @@ -0,0 +1,6 @@ +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +inherit rauc-integration + +SRC_URI:append:rauc-integration = " file://rauc.cfg" +CMDLINE:remove:rauc-integration = "root=/dev/mmcblk0p2" diff --git a/sources/meta-tsgrain/wic/sdimage-tsgrain.wks b/sources/meta-tsgrain/wic/sdimage-tsgrain.wks new file mode 100644 index 0000000..722f99d --- /dev/null +++ b/sources/meta-tsgrain/wic/sdimage-tsgrain.wks @@ -0,0 +1,4 @@ +part /boot --source bootimg-partition --ondisk mmcblk0 --fstype=vfat --label boot --active --align 4096 --size 100 +part / --source rootfs --ondisk mmcblk0 --fstype=ext4 --label rootfs_A --align 4096 +part / --source rootfs --ondisk mmcblk0 --fstype=ext4 --label rootfs_B --align 4096 +part /app --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/app --ondisk mmcblk0 --fstype=ext4 --label appfs --align 1024 --size 500 --fsoptions "x-systemd.growfs"