jeans/operating-system
jeans/operating-system
1
0
Fork 0
mirror of https://github.com/home-assistant/operating-system.git synced 2025-07-24 13:36:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #14 from home-assistant/dev

Browse Source 
Beta Release build 0.2
This commit is contained in:
Pascal Vizeli 2018-05-13 21:06:12 +02:00 committed by GitHub
commit 916809541a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
75 changed files with 850 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
.github/move.yml vendored Normal file
View File

@ -0,0 +1,13 @@
# Configuration for move-issues - https://github.com/dessant/move-issues
# Delete the command comment. Ignored when the comment also contains other content
deleteCommand: true
# Close the source issue after moving
closeSourceIssue: true
# Lock the source issue after moving
lockSourceIssue: false
# Set custom aliases for targets
# aliases:
# r: repo
# or: owner/repo

18
README.md
View File

@ -1,22 +1,25 @@
# WORK IN PROGRESS!
# Hass.io OS
Hass.io OS based on buildroot. It's a hypervisor for docker and support many kind of IoT hardware. It is also available as Virtual Appliance. It's optimazed for embedded system and high security. You can update the system simple with OTA updates or offline Updates.
Hass.io OS based on [buildroot](https://buildroot.org/). It's a hypervisor for Docker and supports various kind of IoT hardware. It is also available as virtual appliance. The whole system is optimized for embedded system and security. You can update the system simple with OTA updates or offline updates.
## Focus
- Linux kernel 4.15
- Barebox as bootloader
- RAUC for OTA updates
- SquashFS LZ4 for filesystem
- SquashFS LZ4 as filesystem
- Docker 17.12.1
- AppArmor protected
- ZRAM LZ4 for /tmp, /var, swap
- Run every supervisor
## Schemas
![](misc/hassio-os-partition.png?raw=true)
## Config
Create a USB stick with a partition "hassio-config". This partition can include follow files:
## Configuration
Create a USB stick with a partition named "hassio-config". This partition can include follow files:
- network-* (NetworkManager keyfiles)
- known_hosts (SSH)
@ -26,7 +29,8 @@ Create a USB stick with a partition "hassio-config". This partition can include
## Supervisor/Cli
Provide a `hassio.json` on your data partition they can/need follow struct:
Provide a file with the name `hassio.json` in your data partition and the following structure:
```json
{
"supervisor": "repo/image",
@ -37,10 +41,10 @@ Provide a `hassio.json` on your data partition they can/need follow struct:
```
# Building
Running sudo `./enter.sh` will get you into the build docker container.
Running `sudo ./enter.sh` will get you into the build Docker container.
`make -C /build/buildroot BR2_EXTERNAL=/build/buildroot-external xy_defconfig`
From outside the docker container, while it is still running you can use `./getimage.sh` to get the output image.
From outside the Docker container, while it is still running you can use `./getimage.sh` to get the output image.
## Helpers

2
buildroot-external/Config.in
View File

@ -1,2 +1,4 @@
source "$BR2_EXTERNAL_HASSIO_PATH/package/mingetty/Config.in"
source "$BR2_EXTERNAL_HASSIO_PATH/package/hassio/Config.in"
source "$BR2_EXTERNAL_HASSIO_PATH/package/libapparmor/Config.in"
source "$BR2_EXTERNAL_HASSIO_PATH/package/apparmor/Config.in"

75
buildroot-external/apparmor/hassio-supervisor Normal file
View File

@ -0,0 +1,75 @@
#include <tunables/global>
profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
#include <abstractions/python>
network,
deny network raw,
signal (send) set=(kill,term),
/bin/busybox ix,
/usr/bin/python{,3,3.[0-9]} ix,
/usr/bin/git cx,
/usr/bin/socat cx,
/usr/bin/gdbus cx,
deny /proc/** wl,
deny /root/** wl,
deny /sys/** wl,
/** r,
/tmp/** rw,
/data/** rw,
/{,var/}run/docker.sock rw,
capability net_bind_service,
profile /usr/bin/socat flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
network inet udp,
network inet tcp,
deny network raw,
deny network packet,
signal (receive) set=(kill,term),
capability net_bind_service,
/lib/* mr,
/usr/bin/socat mr,
}
profile /usr/bin/gdbus flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
#include <abstractions/dbus>
unix (send, receive) type=stream,
/usr/bin/gdbus mr,
/lib/* mr,
/{,var/}run/dbus/system_bus_socket rw,
}
profile /usr/bin/git flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
network,
deny network raw,
/bin/busybox ix,
/usr/bin/git mr,
/usr/libexec/git-core/* ix,
deny /data/homeassistant rw,
deny /data/ssl rw,
/** r,
/lib/* mr,
/data/addons/** lrw,
capability dac_override,
}
}

22
buildroot-external/barebox-env/bin/init
View File

@ -2,19 +2,10 @@
export PATH=/env/bin
global autoboot_timeout
global boot.default
global linux.bootargs.base
global linux.bootargs.console
#linux.bootargs.dyn.* will be cleared at the beginning of boot
global linux.bootargs.dyn.root
global editcmd
[ -z "${global.autoboot_timeout}" ] && global.autoboot_timeout=3
magicvar -a global.autoboot_timeout "timeout in seconds before automatic booting"
[ -z "${global.boot.default}" ] && global.boot.default="system0"
[ -z "${global.editcmd}" ] && global.editcmd=sedit
# Init board specific stuff
[ -e /env/config-board ] && /env/config-board
# Autostart
@ -22,11 +13,12 @@ for i in /env/init/*; do
. $i
done
echo -e -n "\nHit any key to stop autoboot: "
timeout -a $global.autoboot_timeout
autoboot="$?"
echo "- Hit m for menu or wait for autoboot -"
timeout -a 1 -s -v key
if [ "$autoboot" = 0 ]; then
boot
# Run menu
if [ "${key}" != "m" ]; then
boot
fi
menutree

3
buildroot-external/barebox-env/menu/00-boot-auto/action Normal file
View File

@ -0,0 +1,3 @@
#!/bin/sh
boot

1
buildroot-external/barebox-env/menu/00-boot-auto/title Normal file
View File

@ -0,0 +1 @@
Autoboot

3
buildroot-external/barebox-env/menu/10-boot-system0/action Normal file
View File

@ -0,0 +1,3 @@
#!/bin/sh
boot system0

1
buildroot-external/barebox-env/menu/10-boot-system0/title Normal file
View File

@ -0,0 +1 @@
Boot System 0

3
buildroot-external/barebox-env/menu/20-boot-system1/action Normal file
View File

@ -0,0 +1,3 @@
#!/bin/sh
boot system1

1
buildroot-external/barebox-env/menu/20-boot-system1/title Normal file
View File

@ -0,0 +1 @@
Boot System 1

5
buildroot-external/barebox-env/menu/30-shell/action Normal file
View File

@ -0,0 +1,5 @@
#!/bin/sh
echo "Enter 'exit' to get back to the menu"
sh

1
buildroot-external/barebox-env/menu/30-shell/title Normal file
View File

@ -0,0 +1 @@
Shell

1
buildroot-external/barebox-env/menu/title Normal file
View File

@ -0,0 +1 @@
Hass.io OS boot Menu:

1
buildroot-external/barebox-env/nv/autoboot_timeout
View File

@ -1 +0,0 @@
2

1
buildroot-external/barebox-env/nv/editcmd Normal file
View File

@ -0,0 +1 @@
sedit

2
buildroot-external/board/ova/barebox-env/boot/system0
View File

@ -1,5 +1,5 @@
#!/bin/sh
global bootm.image="/mnt/disk1/boot/bzImage"
global linux.bootargs.dyn.root="root=/dev/sda2 rootfstype=squashfs ro"
global linux.bootargs.dyn.root="root=PARTUUID=8d3d53e3-6d49-4c38-8349-aff6859e82fd rootfstype=squashfs ro"

2
buildroot-external/board/ova/barebox-env/boot/system1
View File

@ -1,4 +1,4 @@
#!/bin/sh
global bootm.image="/mnt/disk2/boot/bzImage"
global linux.bootargs.dyn.root="root=/dev/sda3 rootfstype=squashfs ro"
global linux.bootargs.dyn.root="root=PARTUUID=a3ec664e-32ce-4665-95ea-7ae90ce9aa20 rootfstype=squashfs ro"

BIN
buildroot-external/board/ova/barebox-state.dtb
View File

Binary file not shown.

5
buildroot-external/board/ova/barebox-state.dts
View File

@ -12,8 +12,7 @@
compatible = "barebox,state";
backend = <&backend_state>;
backend-type = "raw";
backend-stridesize = <1024>;
backend-storage-type = "direct";
backend-stridesize = <4048>;
bootstate {
#address-cells = <1>;
@ -39,7 +38,7 @@
remaining_attempts@8 {
reg = <0x8 0x4>;
type = "uint32";
default = <3>;
default = <0>;
};
priority@c {
reg = <0xc 0x4>;

8
buildroot-external/board/ova/barebox.config
View File

@ -3,12 +3,11 @@ CONFIG_MMU=y
CONFIG_MALLOC_SIZE=0x0
CONFIG_MALLOC_TLSF=y
CONFIG_PROMPT="hassio-os:"
CONFIG_GLOB=y
CONFIG_GLOB_SORT=y
CONFIG_CMDLINE_EDITING=y
CONFIG_AUTO_COMPLETE=y
CONFIG_MENU=y
# CONFIG_TIMESTAMP is not set
CONFIG_BOOTM_SHOW_TYPE=y
CONFIG_BOOTM_OFTREE=y
CONFIG_FLEXIBLE_BOOTARGS=y
# CONFIG_PARTITION_DISK_DOS is not set
CONFIG_PARTITION_DISK_EFI=y
@ -17,17 +16,18 @@ CONFIG_PARTITION_DISK_EFI=y
CONFIG_DEFAULT_ENVIRONMENT_PATH="/build/buildroot-external/board/ova/barebox-env /build/buildroot-external/barebox-env"
CONFIG_STATE=y
CONFIG_BOOTCHOOSER=y
# CONFIG_CMD_VERSION is not set
CONFIG_CMD_BOOT=y
CONFIG_CMD_UIMAGE=y
CONFIG_CMD_AUTOMOUNT=y
CONFIG_CMD_NV=y
CONFIG_CMD_EXPORT=y
CONFIG_CMD_GLOBAL=y
CONFIG_CMD_MAGICVAR=y
CONFIG_CMD_BASENAME=y
CONFIG_CMD_DIRNAME=y
CONFIG_CMD_READLINK=y
CONFIG_CMD_GETOPT=y
CONFIG_CMD_MENUTREE=y
CONFIG_CMD_TIMEOUT=y
CONFIG_CMD_DETECT=y
CONFIG_CMD_STATE=y

3
buildroot-external/board/ova/info Normal file
View File

@ -0,0 +1,3 @@
BOARD_ID=ova
BOARD_NAME="Open Virtual Appliance"
CHASSIS=vm

123
buildroot-external/board/ova/patches/dt-utils/0001-get-devicetree-from-file.patch Normal file
View File

@ -0,0 +1,123 @@
From 405590bdb7ae434798010458e810c415e4e99db4 Mon Sep 17 00:00:00 2001
From: Steffen Trumtrar <s.trumtrar@pengutronix.de>
Date: Fri, 30 Jun 2017 16:53:34 +0200
Subject: barebox-state: get devicetree from file
Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
diff --git a/src/barebox-state.c b/src/barebox-state.c
index e68b8cb..3622e76 100644
--- a/src/barebox-state.c
+++ b/src/barebox-state.c
@@ -308,7 +308,7 @@ static int state_set_var(struct state *state, const char *var, const char *val)
}
-struct state *state_get(const char *name, bool readonly, bool auth)
+struct state *state_get(const char *name, const char *filename, bool readonly, bool auth)
{
struct device_node *root, *node, *partition_node;
char *path;
@@ -320,11 +320,19 @@ struct state *state_get(const char *name, bool readonly, bool auth)
off_t offset;
size_t size;
- root = of_read_proc_devicetree();
- if (IS_ERR(root)) {
- pr_err("Unable to read devicetree. %s\n",
- strerror(-PTR_ERR(root)));
- return ERR_CAST(root);
+ if (filename) {
+ void *fdt;
+
+ fdt = read_file(filename, NULL);
+ if (fdt)
+ root = of_unflatten_dtb(fdt);
+ } else {
+ root = of_read_proc_devicetree();
+ if (IS_ERR(root)) {
+ pr_err("Unable to read devicetree. %s\n",
+ strerror(-PTR_ERR(root)));
+ return ERR_CAST(root);
+ }
}
of_set_root_node(root);
@@ -387,6 +395,7 @@ static struct option long_options[] = {
{"get", required_argument, 0, 'g' },
{"set", required_argument, 0, 's' },
{"name", required_argument, 0, 'n' },
+ {"input", required_argument, 0, 'i' },
{"dump", no_argument, 0, 'd' },
{"dump-shell", no_argument, 0, OPT_DUMP_SHELL },
{"verbose", no_argument, 0, 'v' },
@@ -402,6 +411,7 @@ static void usage(char *name)
"-g, --get <variable> get the value of a variable\n"
"-s, --set <variable>=<value> set the value of a variable\n"
"-n, --name <name> specify the state to use (default=\"state\"). Multiple states are allowed.\n"
+"-i, --input <name> load the devicetree from a file instead of using the system devicetree.\n"
"-d, --dump dump the state\n"
"--dump-shell dump the state suitable for shell sourcing\n"
"-v, --verbose increase verbosity\n"
@@ -439,12 +449,13 @@ int main(int argc, char *argv[])
bool readonly = true;
int pr_level = 5;
int auth = 1;
+ const char *dtb = NULL;
INIT_LIST_HEAD(&sg_list);
INIT_LIST_HEAD(&state_list.list);
while (1) {
- c = getopt_long(argc, argv, "hg:s:dvn:qf", long_options, &option_index);
+ c = getopt_long(argc, argv, "hg:s:i:dvn:qf", long_options, &option_index);
if (c < 0)
break;
switch (c) {
@@ -490,6 +501,9 @@ int main(int argc, char *argv[])
++nr_states;
break;
}
+ case 'i':
+ dtb = strdup(optarg);
+ break;
case ':':
case '?':
default:
@@ -530,7 +544,7 @@ int main(int argc, char *argv[])
}
list_for_each_entry(state, &state_list.list, list) {
- state->state = state_get(state->name, readonly, auth);
+ state->state = state_get(state->name, dtb, readonly, auth);
if (!IS_ERR(state->state) && !state->name)
state->name = state->state->name;
if (IS_ERR(state->state)) {
diff --git a/src/barebox-state.h b/src/barebox-state.h
index bd89cf4..a0f49a5 100644
--- a/src/barebox-state.h
+++ b/src/barebox-state.h
@@ -1,7 +1,7 @@
#ifndef __BAREBOX_STATE__
#define __BAREBOX_STATE__
-struct state *state_get(const char *name, bool readonly, bool auth);
+struct state *state_get(const char *name, const char *file, bool readonly, bool auth);
char *state_get_var(struct state *state, const char *var);
#endif /* __BAREBOX_STATE__ */
diff --git a/src/keystore-blob.c b/src/keystore-blob.c
index 028dd8b..4572431 100644
--- a/src/keystore-blob.c
+++ b/src/keystore-blob.c
@@ -30,7 +30,7 @@ int keystore_get_secret(const char *name, const unsigned char **key, int *key_le
if (!state) {
struct state *tmp;
- tmp = state_get(keystore_state_name, true, false);
+ tmp = state_get(keystore_state_name, NULL, true, false);
if (IS_ERR(tmp))
return PTR_ERR(tmp);
state = tmp;
--
cgit v0.10.2

33
buildroot-external/board/ova/patches/dt-utils/0002-support-finding-devices-by-partuuid.patch Normal file
View File

@ -0,0 +1,33 @@
From 26148417fab419a0c7f301fb8f2be015324d5374 Mon Sep 17 00:00:00 2001
From: Steffen Trumtrar <s.trumtrar@pengutronix.de>
Date: Fri, 30 Jun 2017 16:53:17 +0200
Subject: libdt: support finding devices by partuuid
Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
diff --git a/src/libdt.c b/src/libdt.c
index 3adeed2..2bc6cc1 100644
--- a/src/libdt.c
+++ b/src/libdt.c
@@ -2393,6 +2393,18 @@ int of_get_devicepath(struct device_node *partition_node, char **devpath, off_t
*/
node = partition_node->parent;
+ if (of_device_is_compatible(node, "fixed-partitions")) {
+ const char *uuid;
+
+ /* when partuuid is specified short-circuit the search for the cdev */
+ ret = of_property_read_string(partition_node, "partuuid", &uuid);
+ if (!ret) {
+ *devpath = basprintf("/dev/disk/by-partuuid/%s", uuid);
+
+ return 0;
+ }
+ }
+
/*
* Respect flash "partitions" subnode. Use parent of parent in this
* case.
--
cgit v0.10.2

36
buildroot-external/board/ova/patches/rauc/0001-add-i-argument-to.patch Normal file
View File

@ -0,0 +1,36 @@
From c9d56ea8fccf72e1c5d1f224f965e1a8e84d1b7f Mon Sep 17 00:00:00 2001
From: Pascal Vizeli <pvizeli@syshack.ch>
Date: Wed, 9 May 2018 21:54:58 +0200
Subject: [PATCH 1/1] add -i argument to barebox-state call
---
src/bootchooser.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/bootchooser.c b/src/bootchooser.c
index d5efc0c..c57c2f7 100644
--- a/src/bootchooser.c
+++ b/src/bootchooser.c
@@ -77,6 +77,9 @@ static gboolean barebox_state_get(const gchar* bootname, BareboxSlotState *bb_st
g_ptr_array_add(args, g_strdup_printf(BOOTSTATE_PREFIX ".%s.priority", bootname));
g_ptr_array_add(args, g_strdup("-g"));
g_ptr_array_add(args, g_strdup_printf(BOOTSTATE_PREFIX ".%s.remaining_attempts", bootname));
+
+ g_ptr_array_add(args, g_strdup("-i"));
+ g_ptr_array_add(args, g_strdup("/mnt/boot/EFI/barebox/state.dtb"));
g_ptr_array_add(args, NULL);
sub = g_subprocess_newv((const gchar * const *)args->pdata,
@@ -170,6 +173,9 @@ static gboolean barebox_state_set(GPtrArray *pairs, GError **error)
g_ptr_array_add(args, g_strdup("-s"));
g_ptr_array_add(args, g_strdup(pairs->pdata[i]));
}
+
+ g_ptr_array_add(args, g_strdup("-i"));
+ g_ptr_array_add(args, g_strdup("/mnt/boot/EFI/barebox/state.dtb"));
g_ptr_array_add(args, NULL);
sub = g_subprocess_newv((const gchar * const *)args->pdata,
--
2.7.4

13
buildroot-external/board/ova/post-build.sh
View File

@ -1,13 +0,0 @@
#!/bin/bash
set -e
SCRIPT_DIR=${BR2_EXTERNAL_HASSIO_PATH}/scripts
BOARD_DIR="$(dirname $0)"
. ${SCRIPT_DIR}/rootfs_layer.sh
# HassioOS tasks
fix_rootfs
install_hassio_cli
cp ${BOARD_DIR}/rauc.conf ${TARGET_DIR}/etc/rauc/system.conf

9
buildroot-external/board/ova/post-image.sh
View File

@ -2,10 +2,15 @@
set -e
SCRIPT_DIR=${BR2_EXTERNAL_HASSIO_PATH}/scripts
BOARD_DIR="$(dirname $0)"
BOARD_DIR=${2}
BOOT_DATA=${BINARIES_DIR}/boot
. ${SCRIPT_DIR}/hdd_image.sh
. ${BR2_EXTERNAL_HASSIO_PATH}/info
. ${BOARD_DIR}/info
# Filename
IMAGE_FILE=hassio-${BOARD_ID}_${VERSION_MAJOR}.${VERSION_BUILD}.vmdk
# Init boot data
rm -rf ${BOOT_DATA}
@ -21,4 +26,4 @@ hassio_overlay_image ${BINARIES_DIR}
hassio_hdd_image ${BINARIES_DIR} ${BINARIES_DIR}/harddisk.img 6
qemu-img convert -O vmdk ${BINARIES_DIR}/harddisk.img ${BINARIES_DIR}/hassio-os.vmdk
qemu-img convert -O vmdk ${BINARIES_DIR}/harddisk.img ${BINARIES_DIR}/${IMAGE_FILE}

2
buildroot-external/board/ova/rauc.conf → buildroot-external/board/ova/rootfs-overlay/etc/rauc.conf
View File

@ -1,5 +1,5 @@
[system]
compatible=Hass.io OS OVA
compatible=Hass.io-OS ova
bootloader=barebox
[keyring]

34
buildroot-external/busybox.config
View File

@ -1,7 +1,7 @@
#
# Automatically generated make config: don't edit
# Busybox version: 1.27.2
# Tue Apr 17 18:57:21 2018
# Tue May 1 14:34:48 2018
#
CONFIG_HAVE_DOT_CONFIG=y
@ -606,13 +606,13 @@ CONFIG_GETOPT=y
CONFIG_FEATURE_GETOPT_LONG=y
CONFIG_HEXDUMP=y
CONFIG_FEATURE_HEXDUMP_REVERSE=y
CONFIG_HD=y
CONFIG_XXD=y
CONFIG_HWCLOCK=y
CONFIG_FEATURE_HWCLOCK_LONG_OPTIONS=y
# CONFIG_HD is not set
# CONFIG_XXD is not set
# CONFIG_HWCLOCK is not set
# CONFIG_FEATURE_HWCLOCK_LONG_OPTIONS is not set
# CONFIG_FEATURE_HWCLOCK_ADJTIME_FHS is not set
CONFIG_IONICE=y
CONFIG_IPCRM=y
# CONFIG_IPCRM is not set
CONFIG_IPCS=y
# CONFIG_LAST is not set
# CONFIG_FEATURE_LAST_FANCY is not set
@ -648,9 +648,9 @@ CONFIG_FEATURE_MOUNT_FLAGS=y
# CONFIG_FEATURE_MOUNT_FSTAB is not set
# CONFIG_FEATURE_MOUNT_OTHERTAB is not set
# CONFIG_MOUNTPOINT is not set
CONFIG_NSENTER=y
CONFIG_FEATURE_NSENTER_LONG_OPTS=y
CONFIG_PIVOT_ROOT=y
# CONFIG_NSENTER is not set
# CONFIG_FEATURE_NSENTER_LONG_OPTS is not set
# CONFIG_PIVOT_ROOT is not set
CONFIG_RDATE=y
CONFIG_RDEV=y
CONFIG_READPROFILE=y
@ -674,14 +674,14 @@ CONFIG_FEATURE_TASKSET_FANCY=y
CONFIG_UEVENT=y
CONFIG_UMOUNT=y
CONFIG_FEATURE_UMOUNT_ALL=y
CONFIG_UNSHARE=y
# CONFIG_UNSHARE is not set
# CONFIG_WALL is not set
#
# Common options for mount/umount
#
CONFIG_FEATURE_MOUNT_LOOP=y
CONFIG_FEATURE_MOUNT_LOOP_CREATE=y
# CONFIG_FEATURE_MOUNT_LOOP_CREATE is not set
# CONFIG_FEATURE_MTAB_SUPPORT is not set
CONFIG_VOLUMEID=y
@ -750,10 +750,10 @@ CONFIG_FEATURE_CROND_DIR=""
# CONFIG_FLASHCP is not set
CONFIG_HDPARM=y
CONFIG_FEATURE_HDPARM_GET_IDENTITY=y
CONFIG_FEATURE_HDPARM_HDIO_SCAN_HWIF=y
CONFIG_FEATURE_HDPARM_HDIO_UNREGISTER_HWIF=y
CONFIG_FEATURE_HDPARM_HDIO_DRIVE_RESET=y
CONFIG_FEATURE_HDPARM_HDIO_TRISTATE_HWIF=y
# CONFIG_FEATURE_HDPARM_HDIO_SCAN_HWIF is not set
# CONFIG_FEATURE_HDPARM_HDIO_UNREGISTER_HWIF is not set
# CONFIG_FEATURE_HDPARM_HDIO_DRIVE_RESET is not set
# CONFIG_FEATURE_HDPARM_HDIO_TRISTATE_HWIF is not set
CONFIG_FEATURE_HDPARM_HDIO_GETSET_DMA=y
# CONFIG_I2CGET is not set
# CONFIG_I2CSET is not set
@ -780,7 +780,7 @@ CONFIG_FEATURE_LESS_MAXLINES=0
# CONFIG_MT is not set
CONFIG_NANDWRITE=y
CONFIG_NANDDUMP=y
CONFIG_PARTPROBE=y
# CONFIG_PARTPROBE is not set
# CONFIG_RAIDAUTORUN is not set
# CONFIG_READAHEAD is not set
# CONFIG_RFKILL is not set
@ -1069,7 +1069,7 @@ CONFIG_ASH_TEST=y
CONFIG_ASH_HELP=y
CONFIG_ASH_GETOPTS=y
CONFIG_ASH_CMDCMD=y
CONFIG_CTTYHACK=y
# CONFIG_CTTYHACK is not set
# CONFIG_HUSH is not set
# CONFIG_HUSH_BASH_COMPAT is not set
# CONFIG_HUSH_BRACE_EXPANSION is not set

19
buildroot-external/configs/ova_defconfig
View File

@ -1,18 +1,19 @@
BR2_x86_64=y
BR2_CCACHE=y
BR2_CCACHE_DIR="$(TOPDIR)/ccache"
BR2_GLOBAL_PATCH_DIR="$(BR2_EXTERNAL_HASSIO_PATH)/patches"
BR2_GLOBAL_PATCH_DIR="$(BR2_EXTERNAL_HASSIO_PATH)/patches $(BR2_EXTERNAL_HASSIO_PATH)/board/ova/patches"
BR2_TOOLCHAIN_BUILDROOT_GLIBC=y
BR2_GCC_VERSION_7_X=y
BR2_TOOLCHAIN_BUILDROOT_CXX=y
BR2_TARGET_GENERIC_HOSTNAME="hassio.local"
BR2_TARGET_GENERIC_HOSTNAME="hassio"
BR2_TARGET_GENERIC_ISSUE="Welcome to Hass.io"
BR2_INIT_SYSTEMD=y
BR2_TARGET_GENERIC_GETTY_PORT="tty1"
# BR2_TARGET_GENERIC_REMOUNT_ROOTFS_RW is not set
BR2_ROOTFS_OVERLAY="$(BR2_EXTERNAL_HASSIO_PATH)/rootfs-overlay/"
BR2_ROOTFS_POST_BUILD_SCRIPT="$(BR2_EXTERNAL_HASSIO_PATH)/board/ova/post-build.sh"
BR2_ROOTFS_OVERLAY="$(BR2_EXTERNAL_HASSIO_PATH)/rootfs-overlay $(BR2_EXTERNAL_HASSIO_PATH)/board/ova/rootfs-overlay"
BR2_ROOTFS_POST_BUILD_SCRIPT="$(BR2_EXTERNAL_HASSIO_PATH)/scripts/post-build.sh"
BR2_ROOTFS_POST_IMAGE_SCRIPT="$(BR2_EXTERNAL_HASSIO_PATH)/board/ova/post-image.sh"
BR2_ROOTFS_POST_SCRIPT_ARGS="$(BR2_EXTERNAL_HASSIO_PATH)/board/ova"
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="$(BR2_EXTERNAL_HASSIO_PATH)/board/ova/kernel.config"
@ -22,8 +23,6 @@ BR2_LINUX_KERNEL_NEEDS_HOST_LIBELF=y
BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
BR2_PACKAGE_BUSYBOX_CONFIG="$(BR2_EXTERNAL_HASSIO_PATH)/busybox.config"
BR2_PACKAGE_BUSYBOX_INDIVIDUAL_BINARIES=y
BR2_PACKAGE_ALSA_UTILS=y
BR2_PACKAGE_LZ4=y
BR2_PACKAGE_JQ=y
BR2_PACKAGE_DOSFSTOOLS=y
BR2_PACKAGE_E2FSPROGS=y
@ -67,7 +66,11 @@ BR2_PACKAGE_HOST_RAUC=y
BR2_PACKAGE_MINGETTY=y
BR2_PACKAGE_HASSIO=y
BR2_PACKAGE_HASSIO_SUPERVISOR="homeassistant/amd64-hassio-supervisor"
BR2_PACKAGE_HASSIO_SUPERVISOR_VERSION="0.101"
BR2_PACKAGE_HASSIO_SUPERVISOR_VERSION="103.3"
BR2_PACKAGE_HASSIO_SUPERVISOR_ARGS="-e HOMEASSISTANT_REPOSITORY=homeassistant/qemux86-64-homeassistant"
BR2_PACKAGE_HASSIO_SUPERVISOR_PROFILE="hassio-supervisor"
BR2_PACKAGE_HASSIO_CLI="homeassistant/amd64-hassio-cli"
BR2_PACKAGE_HASSIO_CLI_VERSION="0.1"
BR2_PACKAGE_HASSIO_CLI_VERSION="3"
BR2_PACKAGE_HASSIO_CLI_PROFILE="docker-default"
BR2_PACKAGE_HASSIO_APPARMOR_DIR="supervisor/apparmor"
BR2_PACKAGE_APPARMOR=y

6
buildroot-external/info Normal file
View File

@ -0,0 +1,6 @@
VERSION_MAJOR=0
VERSION_BUILD=2
HASSIO_NAME="Hass.io-OS"
DEPLOYMENT=development

9
buildroot-external/package/apparmor/Config.in Normal file
View File

@ -0,0 +1,9 @@
config BR2_PACKAGE_APPARMOR
bool "apparmor"
select BR2_PACKAGE_LIBAPPARMOR
help
AppArmor gives you network application security via mandatory
access control for programs, protecting against the exploitation
of software flaws and compromised systems.
http://apparmor.net

24
buildroot-external/package/apparmor/apparmor.mk Normal file
View File

@ -0,0 +1,24 @@
#############################################################
#
# apparmor
#
#############################################################
APPARMOR_VERSION = v2.13
APPARMOR_SITE = git://git.launchpad.net/apparmor
APPARMOR_LICENSE = GPL-2
APPARMOR_LICENSE_FILES = LICENSE
APPARMOR_DEPENDENCIES = libapparmor
define APPARMOR_BUILD_CMDS
$(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) PATH=$(BR_PATH) $(MAKE) -C $(@D)/parser USE_SYSTEM=1 YACC=bison LEX=flex
$(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/profiles
endef
define APPARMOR_INSTALL_TARGET_CMDS
$(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/parser DESTDIR=$(TARGET_DIR) USE_SYSTEM=1 PREFIX=/usr install
$(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/profiles DESTDIR=$(TARGET_DIR) PREFIX=/usr install
rm -rf $(TARGET_DIR)/usr/lib/apparmor
endef
$(eval $(generic-package))

17
buildroot-external/package/hassio/Config.in
View File

@ -1,4 +1,4 @@
config BR2_PACKAGE_HASSIO
menuconfig BR2_PACKAGE_HASSIO
bool "hassio-app"
help
This is the Application layer they build the
@ -23,6 +23,11 @@ config BR2_PACKAGE_HASSIO_SUPERVISOR_ARGS
help
Extended docker arguments to run the supervisor.
config BR2_PACKAGE_HASSIO_SUPERVISOR_PROFILE
string "AppArmor supervisor profile"
help
AppArmor profile for supervisor.
config BR2_PACKAGE_HASSIO_CLI
string "cli docker image"
help
@ -38,4 +43,14 @@ config BR2_PACKAGE_HASSIO_CLI_ARGS
help
Extended docker arguments to run the cli.
config BR2_PACKAGE_HASSIO_CLI_PROFILE
string "AppArmor cli profile"
help
AppArmor profile for cli.
config BR2_PACKAGE_HASSIO_APPARMOR_DIR
string "AppArmor profiles folder"
help
AppArmor profiles folder for supervisor.
endif

41
buildroot-external/package/hassio/builder/hostapp.sh
View File

@ -4,9 +4,12 @@ set -e
SUPERVISOR=""
SUPERVISOR_VERSION=""
SUPERVISOR_ARGS=""
SUPERVISOR_PROFILE=""
CLI=""
CLI_VERSION=""
CLI_ARGS=""
CLI_PROFILE=""
APPARMOR=""
DATA_IMG="/export/data.ext4"
# Parse
@ -25,6 +28,10 @@ while [[ $# -gt 0 ]]; do
SUPERVISOR_ARGS=$2
shift
;;
--supervisor-profile)
SUPERVISOR_PROFILE=$2
shift
;;
--cli)
CLI=$2
shift
@ -37,6 +44,14 @@ while [[ $# -gt 0 ]]; do
CLI_ARGS=$2
shift
;;
--cli-profile)
CLI_PROFILE=$2
shift
;;
--apparmor)
APPARMOR=$2
shift
;;
*)
exit 1
;;
@ -49,17 +64,16 @@ dd if=/dev/zero of=${DATA_IMG} bs=1G count=1
mkfs.ext4 -L "hassio-data" -E lazy_itable_init=0,lazy_journal_init=0 ${DATA_IMG}
# Mount / init file structs
mount -o loop ${DATA_IMG} /mnt
mkdir -p /mnt/docker
mkdir -p /mnt/supervisor
mkdir -p /mnt/cli
mkdir -p /mnt/data/
mount -o loop ${DATA_IMG} /mnt/data
mkdir -p /mnt/data/docker
# Run dockerd
dockerd -s overlay2 -g /mnt/docker 2> /dev/null &
dockerd -s overlay2 -g /mnt/data/docker &
DOCKER_PID=$!
DOCKER_COUNT=0
until docker info >/dev/null 2>&1; do
DOCKER_COUNT=0
if [ ${DOCKER_COUNT} -gt 30 ]; then
exit 1
fi
@ -77,14 +91,23 @@ docker pull "${CLI}:${CLI_VERSION}"
docker tag "${CLI}:${CLI_VERSION}" "${CLI}:latest"
# Write config
cat > /mnt/hassio.json <<- EOF
cat > /mnt/data/hassio.json <<- EOF
{
"supervisor": "${SUPERVISOR}",
"supervisor_args": "${SUPERVISOR_ARGS}",
"supervisor_apparmor": "${SUPERVISOR_PROFILE}",
"cli": "${CLI}",
"cli_args": "${CLI_ARGS}"
"cli_args": "${CLI_ARGS}",
"cli_apparmor": "${CLI_PROFILE}",
"apparmor": "${APPARMOR}"
}
EOF
# Setup AppArmor
if [ ! -z "${APPARMOR}" ]; then
mkdir -p /mnt/data/${APPARMOR}
cp -f /apparmor/* /mnt/data/${APPARMOR}/
fi
# Finish
kill -TERM $DOCKER_PID && wait $DOCKER_PID && umount /mnt
kill -TERM $DOCKER_PID && wait $DOCKER_PID && umount /mnt/data

20
buildroot-external/package/hassio/hassio.mk
View File

@ -15,13 +15,19 @@ define HASSIO_BUILD_CMDS
endef
define HASSIO_INSTALL_TARGET_CMDS
docker run --rm --privileged -v ${BINARIES_DIR}:/export hassio-hostapps \
--supervisor ${BR2_PACKAGE_HASSIO_SUPERVISOR} \
--supervisor-version ${BR2_PACKAGE_HASSIO_SUPERVISOR_VERSION} \
--supervisor-args ${BR2_PACKAGE_HASSIO_SUPERVISOR_ARGS} \
--cli ${BR2_PACKAGE_HASSIO_CLI} \
--cli-version ${BR2_PACKAGE_HASSIO_CLI_VERSION} \
--cli-args ${BR2_PACKAGE_HASSIO_CLI_ARGS}
docker run --rm --privileged \
-v $(BINARIES_DIR):/export \
-v $(BR2_EXTERNAL_HASSIO_PATH)/apparmor:/apparmor \
hassio-hostapps \
--supervisor $(BR2_PACKAGE_HASSIO_SUPERVISOR) \
--supervisor-version $(BR2_PACKAGE_HASSIO_SUPERVISOR_VERSION) \
--supervisor-args $(BR2_PACKAGE_HASSIO_SUPERVISOR_ARGS) \
--supervisor-profile $(BR2_PACKAGE_HASSIO_SUPERVISOR_PROFILE) \
--cli $(BR2_PACKAGE_HASSIO_CLI) \
--cli-version $(BR2_PACKAGE_HASSIO_CLI_VERSION) \
--cli-args $(BR2_PACKAGE_HASSIO_CLI_ARGS) \
--cli-profile $(BR2_PACKAGE_HASSIO_CLI_PROFILE) \
--apparmor $(BR2_PACKAGE_HASSIO_APPARMOR_DIR)
endef
$(eval $(generic-package))

8
buildroot-external/package/libapparmor/Config.in Normal file
View File

@ -0,0 +1,8 @@
config BR2_PACKAGE_LIBAPPARMOR
bool "libapparmor"
help
AppArmor gives you network application security via mandatory
access control for programs, protecting against the exploitation
of software flaws and compromised systems.
http://apparmor.net

18
buildroot-external/package/libapparmor/libapparmor.mk Normal file
View File

@ -0,0 +1,18 @@
#############################################################
#
# libapparmor
#
#############################################################
LIBAPPARMOR_VERSION = v2.13
LIBAPPARMOR_SITE = git://git.launchpad.net/apparmor
LIBAPPARMOR_LICENSE = GPL-2
LIBAPPARMOR_LICENSE_FILES = LICENSE
LIBAPPARMOR_INSTALL_STAGING = YES
LIBAPPARMOR_INSTALL_TARGET = NO
LIBAPPARMOR_DEPENDENCIES = host-flex
LIBAPPARMOR_SUBDIR = libraries/libapparmor
LIBAPPARMOR_CONF_ENV = ac_cv_func_reallocarray=no
LIBAPPARMOR_AUTORECONF = YES
LIBAPPARMOR_CONF_OPTS = --enable-static
$(eval $(autotools-package))

0
buildroot-external/patches/.ignore
View File

41
buildroot-external/patches/systemd/0001-Allow-hostname-on-ro.patch Normal file
View File

@ -0,0 +1,41 @@
From 525b60af3320de3cc1f1145fe31a2de07b61faf6 Mon Sep 17 00:00:00 2001
From: Pascal Vizeli <pvizeli@syshack.ch>
Date: Sat, 28 Apr 2018 00:20:08 +0200
Subject: [PATCH 1/1] Allow hostname on ro
---
src/hostname/hostnamed.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c
index d9ad2fb..87fae35 100644
--- a/src/hostname/hostnamed.c
+++ b/src/hostname/hostnamed.c
@@ -289,6 +289,7 @@ static int context_update_kernel_hostname(Context *c) {
static int context_write_data_static_hostname(Context *c) {
assert(c);
+ FILE *f = NULL;
if (isempty(c->data[PROP_STATIC_HOSTNAME])) {
@@ -297,7 +298,15 @@ static int context_write_data_static_hostname(Context *c) {
return 0;
}
- return write_string_file_atomic_label("/etc/hostname", c->data[PROP_STATIC_HOSTNAME]);
+
+ f = fopen("/etc/hostname", "w");
+ if (f == NULL)
+ return -ENOENT;
+
+ fputs(c->data[PROP_STATIC_HOSTNAME], f);
+ fclose(f);
+
+ return 0;
}
static int context_write_data_machine_info(Context *c) {
--
2.7.4

1
buildroot-external/rootfs-overlay/etc/apparmor.d/containers/.empty Normal file
View File

@ -0,0 +1 @@

1
buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-hostname.mount Symbolic link
View File

@ -0,0 +1 @@
/usr/lib/systemd/system/etc-hostname.mount

1
buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-hosts.mount Symbolic link
View File

@ -0,0 +1 @@
/usr/lib/systemd/system/etc-hosts.mount

2
buildroot-external/rootfs-overlay/etc/systemd/system/hassio-supervisor.service.d/rauc.conf Normal file
View File

@ -0,0 +1,2 @@
[Unit]
OnFailure=rauc-bad.service

1
buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/hassio-apparmor.service Symbolic link
View File

@ -0,0 +1 @@
/usr/lib/systemd/system/hassio-apparmor.service

1
buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/rauc.service Symbolic link
View File

@ -0,0 +1 @@
/usr/lib/systemd/system/rauc.service

1
buildroot-external/rootfs-overlay/etc/systemd/system/timers.target.wants/rauc-good.timer Symbolic link
View File

@ -0,0 +1 @@
/usr/lib/systemd/system/rauc-good.timer

2
buildroot-external/rootfs-overlay/etc/tmpfiles.d/data.conf Normal file
View File

@ -0,0 +1,2 @@
d /mnt/data/supervisor
d /mnt/data/cli

2
buildroot-external/rootfs-overlay/etc/tmpfiles.d/hostname.conf Normal file
View File

@ -0,0 +1,2 @@
C /mnt/overlay/etc/hostname - - - - /etc/hostname
C /mnt/overlay/etc/hosts - - - - /etc/hosts

14
buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-hostname.mount Normal file
View File

@ -0,0 +1,14 @@
[Unit]
Description=Hostname persistent configuration
Requires=mnt-overlay.mount
After=mnt-overlay.mount systemd-tmpfiles-setup.service
Before=network.target
[Mount]
What=/mnt/overlay/etc/hostname
Where=/etc/hostname
Type=none
Options=bind
[Install]
WantedBy=hassio-bind.target

14
buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-hosts.mount Normal file
View File

@ -0,0 +1,14 @@
[Unit]
Description=Hosts persistent configuration
Requires=mnt-overlay.mount
After=mnt-overlay.mount systemd-tmpfiles-setup.service
Before=network.target
[Mount]
What=/mnt/overlay/etc/hosts
Where=/etc/hosts
Type=none
Options=bind
[Install]
WantedBy=hassio-bind.target

13
buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-apparmor.service Normal file
View File

@ -0,0 +1,13 @@
[Unit]
Description=Hass.io AppArmor
Wants=hassio-supervisor.service
Before=docker.service hassio-supervisor.service
RequiresMountsFor=/mnt/data
[Service]
Type=oneshot
RemainAfterExit=true
ExecStart=/usr/sbin/hassio-apparmor
[Install]
WantedBy=multi-user.target

2
buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-expand.service
View File

@ -5,7 +5,7 @@ Before=mnt-data.mount
[Service]
Type=oneshot
ExecStart=-/sbin/hassio-expand
ExecStart=/sbin/hassio-expand
RemainAfterExit=true
[Install]

4
buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-supervisor.service
View File

@ -1,8 +1,10 @@
[Unit]
Description=Hass.io supervisor
Requires=docker.service
After=docker.service
After=docker.service dbus.socket
RequiresMountsFor=/mnt/data
StartLimitIntervalSec=60
StartLimitBurst=5
[Service]
Type=simple

4
buildroot-external/rootfs-overlay/usr/lib/systemd/system/mnt-data.mount
View File

@ -1,9 +1,9 @@
[Unit]
Description=Hassio data partition
Requires=hassio-expand.service
Wants=hassio-expand.service
DefaultDependencies=no
After=hassio-expand.service
Before=umount.target
Before=umount.target systemd-tmpfiles-setup.service
Conflicts=umount.target
[Mount]

2
buildroot-external/rootfs-overlay/usr/lib/systemd/system/mnt-overlay.mount
View File

@ -1,7 +1,7 @@
[Unit]
Description=Hassio overlay partition
DefaultDependencies=no
Before=umount.target
Before=umount.target systemd-tmpfiles-setup.service
Conflicts=umount.target
[Mount]

10
buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-bad.service Normal file
View File

@ -0,0 +1,10 @@
[Unit]
Description=Rauc mark bad
Requires=rauc.service
RefuseManualStart=true
RefuseManualStop=true
[Service]
Type=oneshot
ExecStart=/usr/bin/rauc status mark-bad
ExecStartPost=/usr/bin/systemctl reboot

9
buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-good.service Normal file
View File

@ -0,0 +1,9 @@
[Unit]
Description=Hassio rauc good
Requires=hassio-supervisor.service rauc.service
RefuseManualStart=true
RefuseManualStop=true
[Service]
Type=oneshot
ExecStart=/usr/bin/rauc status mark-good

8
buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-good.timer Normal file
View File

@ -0,0 +1,8 @@
[Unit]
Description=Rauc mark boot partition as good
[Timer]
OnBootSec=1min
[Install]
WantedBy=timers.target

47
buildroot-external/rootfs-overlay/usr/sbin/hassio-apparmor Executable file
View File

@ -0,0 +1,47 @@
#!/bin/sh
set -e
# Load configs
CONFIG_FILE=/mnt/data/hassio.json
# Read configs
PROFILES_DIR="$(jq --raw-output '.apparmor // empty' ${CONFIG_FILE})"
if [ -z "${PROFILES_DIR}" ]; then
exit 0
fi
PROFILES_DIR="/mnt/data/${PROFILES_DIR}"
CACHE_DIR="${PROFILES_DIR}/cache"
REMOVE_DIR="${PROFILES_DIR}/remove"
# Check folder structure
mkdir -p ${PROFILES_DIR}
mkdir -p ${CACHE_DIR}
mkdir -p ${REMOVE_DIR}
# Load/Update exists/new profiles
for profile in ${PROFILES_DIR}/*; do
if [ ! -f ${profile} ]; then
continue
fi
# Load Profile
if ! apparmor_parser -r -W -L ${CACHE_DIR} ${profile}; then
echo "[Error]: Can't load profile ${profile}"
fi
done
# Cleanup old profiles
for profile in ${REMOVE_DIR}/*; do
if [ ! -f ${profile} ]; then
continue
fi
# Unload Profile
if apparmor_parser -R -W -L ${CACHE_DIR} ${profile}; then
if rm ${profile}; then
continue
fi
fi
echo "[Error]: Can't remove profile ${profile}"
done

2
buildroot-external/rootfs-overlay/usr/bin/hassio-cli → buildroot-external/rootfs-overlay/usr/sbin/hassio-cli
View File

@ -5,6 +5,7 @@ CONFIG_FILE=/mnt/data/hassio.json
CLI="$(jq --raw-output '.cli' ${CONFIG_FILE})"
DOCKER_ARGS="$(jq --raw-output '.cli_args // empty' ${CONFIG_FILE})"
APPARMOR="$(jq --raw-output '.cli_apparmor // "docker-default"' ${CONFIG_FILE})"
CLI_DATA=/mnt/data/cli
mkdir -p ${CLI_DATA}
@ -12,6 +13,7 @@ mkdir -p ${CLI_DATA}
# Run CLI
docker run \
--rm -ti --init \
--security-opt apparmor="${APPARMOR}" \
-v ${CLI_DATA}:/data \
$DOCKER_ARGS \
${CLI}

7
buildroot-external/rootfs-overlay/usr/sbin/hassio-supervisor
View File

@ -6,15 +6,22 @@ CONFIG_FILE=/mnt/data/hassio.json
SUPERVISOR="$(jq --raw-output '.supervisor' ${CONFIG_FILE})"
DOCKER_ARGS="$(jq --raw-output '.supervisor_args // empty' ${CONFIG_FILE})"
APPARMOR="$(jq --raw-output '.supervisor_apparmor // "docker-default"' ${CONFIG_FILE})"
# Init supervisor
HASSIO_DATA=/mnt/data/supervisor
HASSIO_IMAGE_ID=$(docker inspect --format='{{.Id}}' ${SUPERVISOR})
HASSIO_CONTAINER_ID=$(docker inspect --format='{{.Image}}' hassio_supervisor || echo "")
# Fix wrong AppArmor profiles
if ! grep ${APPARMOR} /sys/kernel/security/apparmor/profiles > /dev/null; then
APPARMOR=docker-default
fi
runSupervisor() {
docker rm --force hassio_supervisor || true
docker run --name hassio_supervisor \
--security-opt apparmor="${APPARMOR}" \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /var/run/dbus:/var/run/dbus \
-v ${HASSIO_DATA}:/data \

18
buildroot-external/scripts/hdd_image.sh
View File

@ -1,7 +1,13 @@
#!/bin/bash
BOOT_SIZE=32M
BOOT_UUID="b3dd0952-733c-4c88-8cba-cab9b8b4377f"
BOOTSTATE_UUID="33236519-7F32-4DFF-8002-3390B62C309D"
SYSTEM0_UUID="8d3d53e3-6d49-4c38-8349-aff6859e82fd"
SYSTEM1_UUID="a3ec664e-32ce-4665-95ea-7ae90ce9aa20"
OVERLAY_UUID="f1326040-5236-40eb-b683-aaa100a9afcf"
DATA_UUID="a52a4597-fa3a-4851-aefd-2fbe9f849079"
BOOT_SIZE=32M
BOOTSTATE_SIZE=8M
SYSTEM_SIZE=256M
OVERLAY_SIZE=64M
@ -44,15 +50,15 @@ function hassio_hdd_image() {
# Partition layout
boot_offset="$(sgdisk -F ${hdd_img})"
sgdisk -n 1:0:+${BOOT_SIZE} -c 1:"hassio-boot" -t 1:"C12A7328-F81F-11D2-BA4B-00A0C93EC93B" ${hdd_img}
sgdisk -n 1:0:+${BOOT_SIZE} -c 1:"hassio-boot" -t 1:"C12A7328-F81F-11D2-BA4B-00A0C93EC93B" -u 1:${BOOT_UUID} ${hdd_img}
rootfs_offset="$(sgdisk -F ${hdd_img})"
sgdisk -n 2:0:+${SYSTEM_SIZE} -c 2:"hassio-system0" -t 2:"0FC63DAF-8483-4772-8E79-3D69D8477DE4" ${hdd_img}
sgdisk -n 3:0:+${SYSTEM_SIZE} -c 3:"hassio-system1" -t 3:"0FC63DAF-8483-4772-8E79-3D69D8477DE4" ${hdd_img}
sgdisk -n 2:0:+${SYSTEM_SIZE} -c 2:"hassio-system0" -t 2:"0FC63DAF-8483-4772-8E79-3D69D8477DE4" -u 2:${SYSTEM0_UUID} ${hdd_img}
sgdisk -n 3:0:+${SYSTEM_SIZE} -c 3:"hassio-system1" -t 3:"0FC63DAF-8483-4772-8E79-3D69D8477DE4" -u 3:${SYSTEM1_UUID} ${hdd_img}
sgdisk -n 4:0:+${BOOTSTATE_SIZE} -c 4:"hassio-bootstate" -u 4:${BOOTSTATE_UUID} ${hdd_img}
overlay_offset="$(sgdisk -F ${hdd_img})"
sgdisk -n 5:0:+${OVERLAY_SIZE} -c 5:"hassio-overlay" -t 5:"0FC63DAF-8483-4772-8E79-3D69D8477DE4" ${hdd_img}
sgdisk -n 5:0:+${OVERLAY_SIZE} -c 5:"hassio-overlay" -t 5:"0FC63DAF-8483-4772-8E79-3D69D8477DE4" -u 5:${OVERLAY_UUID} ${hdd_img}
data_offset="$(sgdisk -F ${hdd_img})"
sgdisk -n 6:0:+${DATA_SIZE} -c 6:"hassio-data" -t 6:"0FC63DAF-8483-4772-8E79-3D69D8477DE4" ${hdd_img}
sgdisk -n 6:0:+${DATA_SIZE} -c 6:"hassio-data" -t 6:"0FC63DAF-8483-4772-8E79-3D69D8477DE4" -u 6:${DATA_UUID} ${hdd_img}
sgdisk -v
# Write Images

32
buildroot-external/scripts/post-build.sh Executable file
View File

@ -0,0 +1,32 @@
#!/bin/bash
set -e
SCRIPT_DIR=${BR2_EXTERNAL_HASSIO_PATH}/scripts
BOARD_DIR=${2}
. ${SCRIPT_DIR}/rootfs_layer.sh
. ${BR2_EXTERNAL_HASSIO_PATH}/info
. ${BOARD_DIR}/info
# Hass.io OS tasks
fix_rootfs
install_hassio_cli
# Write os-release
(
echo "NAME=Hass.io"
echo "VERSION=\"${VERSION_MAJOR}.${VERSION_BUILD} (${BOARD_NAME})\""
echo "ID=hassio-os"
echo "VERSION_ID=${VERSION_MAJOR}.${VERSION_BUILD}"
echo "PRETTY_NAME=\"${HASSIO_NAME} ${VERSION_MAJOR}.${VERSION_BUILD}\""
echo "CPE_NAME=cpe:2.3:o:home_assistant:hassio:${VERSION_MAJOR}.${VERSION_BUILD}:*:${DEPLOYMENT}:*:*:*:${BOARD_ID}:*"
echo "HOME_URL=https://hass.io/"
echo "VARIANT=\"Hass.io ${BOARD_NAME}\""
echo "VARIANT_ID=${BOARD_ID}"
) > ${TARGET_DIR}/usr/lib/os-release
# Write machine-info
(
echo "CHASSIS=${CHASSIS}"
echo "DEPLOYMENT=${DEPLOYMENT}"
) > ${TARGET_DIR}/etc/machine-info

17
buildroot-external/scripts/rootfs_layer.sh
View File

@ -5,10 +5,25 @@ function fix_rootfs() {
# Cleanup DHCP service, we don't need this with NetworkManager
rm -rf ${TARGET_DIR}/etc/systemd/system/multi-user.target.wants/dhcpcd.service
rm -rf ${TARGET_DIR}/usr/lib/systemd/system/dhcpcd.service
# Cleanup etc
rm -rf ${TARGET_DIR}/etc/init.d
rm -rf ${TARGET_DIR}/etc/modules-load.d
rm -rf ${TARGET_DIR}/etc/network
rm -rf ${TARGET_DIR}/etc/X11
rm -rf ${TARGET_DIR}/etc/xdg
# Cleanup root
rm -rf ${TARGET_DIR}/media
rm -rf ${TARGET_DIR}/srv
rm -rf ${TARGET_DIR}/opt
# Fix tempfs
sed -i "/srv/d" ${TARGET_DIR}/usr/lib/tmpfiles.d/home.conf
}
function install_hassio_cli() {
sed -i "s|\(root.*\)/bin/sh|\1/usr/bin/hassio-cli|" ${TARGET_DIR}/etc/passwd
sed -i "s|\(root.*\)/bin/sh|\1/usr/sbin/hassio-cli|" ${TARGET_DIR}/etc/passwd
}

60
buildroot-patches/0013-Add-apparmor-support-to-docker.patch Normal file
View File

@ -0,0 +1,60 @@
From a5d50577d81efeccb4904e6b56793f84b7e3e89f Mon Sep 17 00:00:00 2001
From: Pascal Vizeli <pvizeli@syshack.ch>
Date: Tue, 1 May 2018 23:35:05 +0200
Subject: [PATCH 1/1] Add apparmor support to docker
---
package/docker-containerd/docker-containerd.mk | 1 +
package/docker-engine/docker-engine.mk | 2 +-
package/runc/runc.mk | 3 +--
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/docker-containerd/docker-containerd.mk b/package/docker-containerd/docker-containerd.mk
index 230307d..9be658d 100644
--- a/package/docker-containerd/docker-containerd.mk
+++ b/package/docker-containerd/docker-containerd.mk
@@ -18,6 +18,7 @@ DOCKER_CONTAINERD_MAKE_ENV = $(HOST_GO_TARGET_ENV) \
GOBIN="$(@D)/bin" \
GOPATH="$(DOCKER_CONTAINERD_GOPATH)"
+DOCKER_CONTAINERD_BUILD_TAGS = apparmor
DOCKER_CONTAINERD_GLDFLAGS = \
-X github.com/containerd/containerd.GitCommit=$(DOCKER_CONTAINERD_COMMIT)
diff --git a/package/docker-engine/docker-engine.mk b/package/docker-engine/docker-engine.mk
index e3dde03..d500e71 100644
--- a/package/docker-engine/docker-engine.mk
+++ b/package/docker-engine/docker-engine.mk
@@ -27,7 +27,7 @@ DOCKER_ENGINE_GLDFLAGS = \
-X github.com/docker/cli/cli.GitCommit=$(DOCKER_ENGINE_VERSION) \
-X github.com/docker/cli/cli.Version=$(DOCKER_ENGINE_VERSION)
-DOCKER_ENGINE_BUILD_TAGS = cgo exclude_graphdriver_zfs autogen
+DOCKER_ENGINE_BUILD_TAGS = cgo exclude_graphdriver_zfs autogen apparmor
DOCKER_ENGINE_BUILD_TARGETS = cli:docker
DOCKER_ENGINE_BUILD_TARGET_PARSE = \
export targetpkg=$$(echo $(target) | cut -d: -f1); \
diff --git a/package/runc/runc.mk b/package/runc/runc.mk
index f19fc5f..1ab0b70 100644
--- a/package/runc/runc.mk
+++ b/package/runc/runc.mk
@@ -18,6 +18,7 @@ RUNC_MAKE_ENV = $(HOST_GO_TARGET_ENV) \
GOPATH="$(RUNC_GOPATH)" \
PATH=$(BR_PATH)
+RUNC_GOTAGS = cgo apparmor
RUNC_GLDFLAGS = \
-X main.gitCommit=$(RUNC_VERSION)
@@ -26,8 +27,6 @@ RUNC_GLDFLAGS += -extldflags '-static'
RUNC_GOTAGS += static_build
endif
-RUNC_GOTAGS = cgo
-
ifeq ($(BR2_PACKAGE_LIBSECCOMP),y)
RUNC_GOTAGS += seccomp
RUNC_DEPENDENCIES += libseccomp host-pkgconf
--
2.7.4

34
buildroot-patches/0014-package-rauc-Version-bump-to-0.4.patch Normal file
View File

@ -0,0 +1,34 @@
Version 0.4 supports bootloader updates to eMMC boot partitions.
Signed-off-by: Jim Brennan <jbrennan at impinj.com>
---
package/rauc/rauc.hash | 4 ++--
package/rauc/rauc.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/rauc/rauc.hash b/package/rauc/rauc.hash
index 91d7c1d62e..a16340f185 100644
--- a/package/rauc/rauc.hash
+++ b/package/rauc/rauc.hash
@@ -1,3 +1,3 @@
# Locally calculated, after verifying against
-# https://github.com/rauc/rauc/releases/download/v0.3/rauc-0.3.tar.xz.asc
-sha256 dc01bfb08b1830376782f9a51cfec290171519267ab97cc909435da9ac6d6d98 rauc-0.3.tar.xz
+# https://github.com/rauc/rauc/releases/download/v0.4/rauc-0.4.tar.xz.asc
+sha256 89656b6330ac1f31293d450f5179896397c588ab52e77ec229382a6abd125d35 rauc-0.4.tar.xz
diff --git a/package/rauc/rauc.mk b/package/rauc/rauc.mk
index 63fbc53022..f1705a8c33 100644
--- a/package/rauc/rauc.mk
+++ b/package/rauc/rauc.mk
@@ -4,7 +4,7 @@
#
################################################################################
-RAUC_VERSION = 0.3
+RAUC_VERSION = 0.4
RAUC_SITE = https://github.com/rauc/rauc/releases/download/v$(RAUC_VERSION)
RAUC_SOURCE = rauc-$(RAUC_VERSION).tar.xz
RAUC_LICENSE = LGPL-2.1
--
2.11.0

1
buildroot/package/docker-containerd/docker-containerd.mk
View File

@ -18,6 +18,7 @@ DOCKER_CONTAINERD_MAKE_ENV = $(HOST_GO_TARGET_ENV) \
GOBIN="$(@D)/bin" \
GOPATH="$(DOCKER_CONTAINERD_GOPATH)"
DOCKER_CONTAINERD_BUILD_TAGS = apparmor
DOCKER_CONTAINERD_GLDFLAGS = \
-X github.com/containerd/containerd.GitCommit=$(DOCKER_CONTAINERD_COMMIT)

2
buildroot/package/docker-engine/docker-engine.mk
View File

@ -27,7 +27,7 @@ DOCKER_ENGINE_GLDFLAGS = \
-X github.com/docker/cli/cli.GitCommit=$(DOCKER_ENGINE_VERSION) \
-X github.com/docker/cli/cli.Version=$(DOCKER_ENGINE_VERSION)
DOCKER_ENGINE_BUILD_TAGS = cgo exclude_graphdriver_zfs autogen
DOCKER_ENGINE_BUILD_TAGS = cgo exclude_graphdriver_zfs autogen apparmor
DOCKER_ENGINE_BUILD_TARGETS = cli:docker
DOCKER_ENGINE_BUILD_TARGET_PARSE = \
export targetpkg=$$(echo $(target) | cut -d: -f1); \

4
buildroot/package/rauc/rauc.hash
View File

@ -1,3 +1,3 @@
# Locally calculated, after verifying against
# https://github.com/rauc/rauc/releases/download/v0.3/rauc-0.3.tar.xz.asc
sha256 dc01bfb08b1830376782f9a51cfec290171519267ab97cc909435da9ac6d6d98 rauc-0.3.tar.xz
# https://github.com/rauc/rauc/releases/download/v0.4/rauc-0.4.tar.xz.asc
sha256 89656b6330ac1f31293d450f5179896397c588ab52e77ec229382a6abd125d35 rauc-0.4.tar.xz

2
buildroot/package/rauc/rauc.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
RAUC_VERSION = 0.3
RAUC_VERSION = 0.4
RAUC_SITE = https://github.com/rauc/rauc/releases/download/v$(RAUC_VERSION)
RAUC_SOURCE = rauc-$(RAUC_VERSION).tar.xz
RAUC_LICENSE = LGPL-2.1

3
buildroot/package/runc/runc.mk
View File

@ -18,6 +18,7 @@ RUNC_MAKE_ENV = $(HOST_GO_TARGET_ENV) \
GOPATH="$(RUNC_GOPATH)" \
PATH=$(BR_PATH)
RUNC_GOTAGS = cgo apparmor
RUNC_GLDFLAGS = \
-X main.gitCommit=$(RUNC_VERSION)
@ -26,8 +27,6 @@ RUNC_GLDFLAGS += -extldflags '-static'
RUNC_GOTAGS += static_build
endif
RUNC_GOTAGS = cgo
ifeq ($(BR2_PACKAGE_LIBSECCOMP),y)
RUNC_GOTAGS += seccomp
RUNC_DEPENDENCIES += libseccomp host-pkgconf

1
scripts/enter.sh
View File

@ -1,3 +1,4 @@
#!/bin/bash
modprobe overlayfs
docker build -t hassbuildroot .
docker run -it --rm --privileged -v "$(pwd):/build" hassbuildroot bash

9
scripts/ovf-create.sh Executable file
View File

@ -0,0 +1,9 @@
#!/bin/bash
set -e
VboxManage createvm --name Hass.io --ostype Linux_64 --register
VBoxManage modifyvm Hass.io --cpus 2 --memory 1048 --firmware efi
VBoxManage modifyvm Hass.io --nic1 bridged
VBoxManage storageattach Hass.io --storagectl "SATA Controller" --device 0 --port 0 --type vmdk --medium $1
VBoxManage export Hass.io --ovf20 --vendor "Home Assistant" --vendorurl "http://hass.io" --output $2

3
scripts/update-dtb.sh Executable file
View File

@ -0,0 +1,3 @@
#!/bin/sh
dtc -O dtb -o buildroot-external/board/ova/barebox-state.dtb buildroot-external/board/ova/barebox-state.dts