diff --git a/.github/move.yml b/.github/move.yml new file mode 100644 index 000000000..e041083c9 --- /dev/null +++ b/.github/move.yml @@ -0,0 +1,13 @@ +# Configuration for move-issues - https://github.com/dessant/move-issues + +# Delete the command comment. Ignored when the comment also contains other content +deleteCommand: true +# Close the source issue after moving +closeSourceIssue: true +# Lock the source issue after moving +lockSourceIssue: false +# Set custom aliases for targets +# aliases: +# r: repo +# or: owner/repo + diff --git a/README.md b/README.md index f99ffd707..a47de1802 100644 --- a/README.md +++ b/README.md @@ -1,22 +1,25 @@ # WORK IN PROGRESS! # Hass.io OS -Hass.io OS based on buildroot. It's a hypervisor for docker and support many kind of IoT hardware. It is also available as Virtual Appliance. It's optimazed for embedded system and high security. You can update the system simple with OTA updates or offline Updates. +Hass.io OS based on [buildroot](https://buildroot.org/). It's a hypervisor for Docker and supports various kind of IoT hardware. It is also available as virtual appliance. The whole system is optimized for embedded system and security. You can update the system simple with OTA updates or offline updates. ## Focus + - Linux kernel 4.15 - Barebox as bootloader - RAUC for OTA updates -- SquashFS LZ4 for filesystem +- SquashFS LZ4 as filesystem - Docker 17.12.1 +- AppArmor protected - ZRAM LZ4 for /tmp, /var, swap - Run every supervisor ## Schemas ![](misc/hassio-os-partition.png?raw=true) -## Config -Create a USB stick with a partition "hassio-config". This partition can include follow files: +## Configuration + +Create a USB stick with a partition named "hassio-config". This partition can include follow files: - network-* (NetworkManager keyfiles) - known_hosts (SSH) @@ -26,7 +29,8 @@ Create a USB stick with a partition "hassio-config". This partition can include ## Supervisor/Cli -Provide a `hassio.json` on your data partition they can/need follow struct: +Provide a file with the name `hassio.json` in your data partition and the following structure: + ```json { "supervisor": "repo/image", @@ -37,10 +41,10 @@ Provide a `hassio.json` on your data partition they can/need follow struct: ``` # Building -Running sudo `./enter.sh` will get you into the build docker container. +Running `sudo ./enter.sh` will get you into the build Docker container. `make -C /build/buildroot BR2_EXTERNAL=/build/buildroot-external xy_defconfig` -From outside the docker container, while it is still running you can use `./getimage.sh` to get the output image. +From outside the Docker container, while it is still running you can use `./getimage.sh` to get the output image. ## Helpers diff --git a/buildroot-external/Config.in b/buildroot-external/Config.in index 61b6e032b..2df71695d 100644 --- a/buildroot-external/Config.in +++ b/buildroot-external/Config.in @@ -1,2 +1,4 @@ source "$BR2_EXTERNAL_HASSIO_PATH/package/mingetty/Config.in" source "$BR2_EXTERNAL_HASSIO_PATH/package/hassio/Config.in" +source "$BR2_EXTERNAL_HASSIO_PATH/package/libapparmor/Config.in" +source "$BR2_EXTERNAL_HASSIO_PATH/package/apparmor/Config.in" diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor new file mode 100644 index 000000000..267c3f5f1 --- /dev/null +++ b/buildroot-external/apparmor/hassio-supervisor @@ -0,0 +1,75 @@ +#include + +profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { + #include + #include + + network, + deny network raw, + + signal (send) set=(kill,term), + + /bin/busybox ix, + /usr/bin/python{,3,3.[0-9]} ix, + /usr/bin/git cx, + /usr/bin/socat cx, + /usr/bin/gdbus cx, + + deny /proc/** wl, + deny /root/** wl, + deny /sys/** wl, + + /** r, + /tmp/** rw, + /data/** rw, + /{,var/}run/docker.sock rw, + + capability net_bind_service, + + profile /usr/bin/socat flags=(attach_disconnected,mediate_deleted) { + #include + + network inet udp, + network inet tcp, + + deny network raw, + deny network packet, + + signal (receive) set=(kill,term), + capability net_bind_service, + + /lib/* mr, + /usr/bin/socat mr, + } + + profile /usr/bin/gdbus flags=(attach_disconnected,mediate_deleted) { + #include + #include + + unix (send, receive) type=stream, + + /usr/bin/gdbus mr, + /lib/* mr, + /{,var/}run/dbus/system_bus_socket rw, + } + + profile /usr/bin/git flags=(attach_disconnected,mediate_deleted) { + #include + + network, + deny network raw, + + /bin/busybox ix, + /usr/bin/git mr, + /usr/libexec/git-core/* ix, + + deny /data/homeassistant rw, + deny /data/ssl rw, + + /** r, + /lib/* mr, + /data/addons/** lrw, + + capability dac_override, + } +} diff --git a/buildroot-external/barebox-env/bin/init b/buildroot-external/barebox-env/bin/init index ea3252115..2ec2a484d 100644 --- a/buildroot-external/barebox-env/bin/init +++ b/buildroot-external/barebox-env/bin/init @@ -2,19 +2,10 @@ export PATH=/env/bin -global autoboot_timeout -global boot.default global linux.bootargs.base -global linux.bootargs.console -#linux.bootargs.dyn.* will be cleared at the beginning of boot global linux.bootargs.dyn.root -global editcmd - -[ -z "${global.autoboot_timeout}" ] && global.autoboot_timeout=3 -magicvar -a global.autoboot_timeout "timeout in seconds before automatic booting" -[ -z "${global.boot.default}" ] && global.boot.default="system0" -[ -z "${global.editcmd}" ] && global.editcmd=sedit +# Init board specific stuff [ -e /env/config-board ] && /env/config-board # Autostart @@ -22,11 +13,12 @@ for i in /env/init/*; do . $i done -echo -e -n "\nHit any key to stop autoboot: " -timeout -a $global.autoboot_timeout -autoboot="$?" +echo "- Hit m for menu or wait for autoboot -" +timeout -a 1 -s -v key -if [ "$autoboot" = 0 ]; then - boot +# Run menu +if [ "${key}" != "m" ]; then + boot fi +menutree diff --git a/buildroot-external/barebox-env/menu/00-boot-auto/action b/buildroot-external/barebox-env/menu/00-boot-auto/action new file mode 100644 index 000000000..f640fce9d --- /dev/null +++ b/buildroot-external/barebox-env/menu/00-boot-auto/action @@ -0,0 +1,3 @@ +#!/bin/sh + +boot diff --git a/buildroot-external/barebox-env/menu/00-boot-auto/title b/buildroot-external/barebox-env/menu/00-boot-auto/title new file mode 100644 index 000000000..115f326f8 --- /dev/null +++ b/buildroot-external/barebox-env/menu/00-boot-auto/title @@ -0,0 +1 @@ +Autoboot diff --git a/buildroot-external/barebox-env/menu/10-boot-system0/action b/buildroot-external/barebox-env/menu/10-boot-system0/action new file mode 100644 index 000000000..a33069898 --- /dev/null +++ b/buildroot-external/barebox-env/menu/10-boot-system0/action @@ -0,0 +1,3 @@ +#!/bin/sh + +boot system0 diff --git a/buildroot-external/barebox-env/menu/10-boot-system0/title b/buildroot-external/barebox-env/menu/10-boot-system0/title new file mode 100644 index 000000000..f3e92d424 --- /dev/null +++ b/buildroot-external/barebox-env/menu/10-boot-system0/title @@ -0,0 +1 @@ +Boot System 0 diff --git a/buildroot-external/barebox-env/menu/20-boot-system1/action b/buildroot-external/barebox-env/menu/20-boot-system1/action new file mode 100644 index 000000000..3fe3b33a8 --- /dev/null +++ b/buildroot-external/barebox-env/menu/20-boot-system1/action @@ -0,0 +1,3 @@ +#!/bin/sh + +boot system1 diff --git a/buildroot-external/barebox-env/menu/20-boot-system1/title b/buildroot-external/barebox-env/menu/20-boot-system1/title new file mode 100644 index 000000000..746b6d21e --- /dev/null +++ b/buildroot-external/barebox-env/menu/20-boot-system1/title @@ -0,0 +1 @@ +Boot System 1 diff --git a/buildroot-external/barebox-env/menu/30-shell/action b/buildroot-external/barebox-env/menu/30-shell/action new file mode 100644 index 000000000..fd5bc2b0c --- /dev/null +++ b/buildroot-external/barebox-env/menu/30-shell/action @@ -0,0 +1,5 @@ +#!/bin/sh + +echo "Enter 'exit' to get back to the menu" + +sh diff --git a/buildroot-external/barebox-env/menu/30-shell/title b/buildroot-external/barebox-env/menu/30-shell/title new file mode 100644 index 000000000..6567bb2d9 --- /dev/null +++ b/buildroot-external/barebox-env/menu/30-shell/title @@ -0,0 +1 @@ +Shell diff --git a/buildroot-external/barebox-env/menu/title b/buildroot-external/barebox-env/menu/title new file mode 100644 index 000000000..c1f4371f8 --- /dev/null +++ b/buildroot-external/barebox-env/menu/title @@ -0,0 +1 @@ +Hass.io OS boot Menu: diff --git a/buildroot-external/barebox-env/nv/autoboot_timeout b/buildroot-external/barebox-env/nv/autoboot_timeout deleted file mode 100644 index 0cfbf0888..000000000 --- a/buildroot-external/barebox-env/nv/autoboot_timeout +++ /dev/null @@ -1 +0,0 @@ -2 diff --git a/buildroot-external/barebox-env/nv/editcmd b/buildroot-external/barebox-env/nv/editcmd new file mode 100644 index 000000000..50fc2e706 --- /dev/null +++ b/buildroot-external/barebox-env/nv/editcmd @@ -0,0 +1 @@ +sedit diff --git a/buildroot-external/board/ova/barebox-env/boot/system0 b/buildroot-external/board/ova/barebox-env/boot/system0 index eece4af7d..4239b465c 100644 --- a/buildroot-external/board/ova/barebox-env/boot/system0 +++ b/buildroot-external/board/ova/barebox-env/boot/system0 @@ -1,5 +1,5 @@ #!/bin/sh global bootm.image="/mnt/disk1/boot/bzImage" -global linux.bootargs.dyn.root="root=/dev/sda2 rootfstype=squashfs ro" +global linux.bootargs.dyn.root="root=PARTUUID=8d3d53e3-6d49-4c38-8349-aff6859e82fd rootfstype=squashfs ro" diff --git a/buildroot-external/board/ova/barebox-env/boot/system1 b/buildroot-external/board/ova/barebox-env/boot/system1 index c917a2f05..3926d4112 100644 --- a/buildroot-external/board/ova/barebox-env/boot/system1 +++ b/buildroot-external/board/ova/barebox-env/boot/system1 @@ -1,4 +1,4 @@ #!/bin/sh global bootm.image="/mnt/disk2/boot/bzImage" -global linux.bootargs.dyn.root="root=/dev/sda3 rootfstype=squashfs ro" +global linux.bootargs.dyn.root="root=PARTUUID=a3ec664e-32ce-4665-95ea-7ae90ce9aa20 rootfstype=squashfs ro" diff --git a/buildroot-external/board/ova/barebox-state.dtb b/buildroot-external/board/ova/barebox-state.dtb index 77db21b89..fc1ead0cc 100644 Binary files a/buildroot-external/board/ova/barebox-state.dtb and b/buildroot-external/board/ova/barebox-state.dtb differ diff --git a/buildroot-external/board/ova/barebox-state.dts b/buildroot-external/board/ova/barebox-state.dts index 43400b1a6..927ff6624 100644 --- a/buildroot-external/board/ova/barebox-state.dts +++ b/buildroot-external/board/ova/barebox-state.dts @@ -12,8 +12,7 @@ compatible = "barebox,state"; backend = <&backend_state>; backend-type = "raw"; - backend-stridesize = <1024>; - backend-storage-type = "direct"; + backend-stridesize = <4048>; bootstate { #address-cells = <1>; @@ -39,7 +38,7 @@ remaining_attempts@8 { reg = <0x8 0x4>; type = "uint32"; - default = <3>; + default = <0>; }; priority@c { reg = <0xc 0x4>; diff --git a/buildroot-external/board/ova/barebox.config b/buildroot-external/board/ova/barebox.config index b90495680..e21b5997f 100644 --- a/buildroot-external/board/ova/barebox.config +++ b/buildroot-external/board/ova/barebox.config @@ -3,12 +3,11 @@ CONFIG_MMU=y CONFIG_MALLOC_SIZE=0x0 CONFIG_MALLOC_TLSF=y CONFIG_PROMPT="hassio-os:" -CONFIG_GLOB=y -CONFIG_GLOB_SORT=y CONFIG_CMDLINE_EDITING=y CONFIG_AUTO_COMPLETE=y +CONFIG_MENU=y +# CONFIG_TIMESTAMP is not set CONFIG_BOOTM_SHOW_TYPE=y -CONFIG_BOOTM_OFTREE=y CONFIG_FLEXIBLE_BOOTARGS=y # CONFIG_PARTITION_DISK_DOS is not set CONFIG_PARTITION_DISK_EFI=y @@ -17,17 +16,18 @@ CONFIG_PARTITION_DISK_EFI=y CONFIG_DEFAULT_ENVIRONMENT_PATH="/build/buildroot-external/board/ova/barebox-env /build/buildroot-external/barebox-env" CONFIG_STATE=y CONFIG_BOOTCHOOSER=y +# CONFIG_CMD_VERSION is not set CONFIG_CMD_BOOT=y CONFIG_CMD_UIMAGE=y CONFIG_CMD_AUTOMOUNT=y CONFIG_CMD_NV=y CONFIG_CMD_EXPORT=y CONFIG_CMD_GLOBAL=y -CONFIG_CMD_MAGICVAR=y CONFIG_CMD_BASENAME=y CONFIG_CMD_DIRNAME=y CONFIG_CMD_READLINK=y CONFIG_CMD_GETOPT=y +CONFIG_CMD_MENUTREE=y CONFIG_CMD_TIMEOUT=y CONFIG_CMD_DETECT=y CONFIG_CMD_STATE=y diff --git a/buildroot-external/board/ova/info b/buildroot-external/board/ova/info new file mode 100644 index 000000000..4d22261e2 --- /dev/null +++ b/buildroot-external/board/ova/info @@ -0,0 +1,3 @@ +BOARD_ID=ova +BOARD_NAME="Open Virtual Appliance" +CHASSIS=vm diff --git a/buildroot-external/board/ova/patches/dt-utils/0001-get-devicetree-from-file.patch b/buildroot-external/board/ova/patches/dt-utils/0001-get-devicetree-from-file.patch new file mode 100644 index 000000000..61f098523 --- /dev/null +++ b/buildroot-external/board/ova/patches/dt-utils/0001-get-devicetree-from-file.patch @@ -0,0 +1,123 @@ +From 405590bdb7ae434798010458e810c415e4e99db4 Mon Sep 17 00:00:00 2001 +From: Steffen Trumtrar +Date: Fri, 30 Jun 2017 16:53:34 +0200 +Subject: barebox-state: get devicetree from file + +Signed-off-by: Steffen Trumtrar + +diff --git a/src/barebox-state.c b/src/barebox-state.c +index e68b8cb..3622e76 100644 +--- a/src/barebox-state.c ++++ b/src/barebox-state.c +@@ -308,7 +308,7 @@ static int state_set_var(struct state *state, const char *var, const char *val) + } + + +-struct state *state_get(const char *name, bool readonly, bool auth) ++struct state *state_get(const char *name, const char *filename, bool readonly, bool auth) + { + struct device_node *root, *node, *partition_node; + char *path; +@@ -320,11 +320,19 @@ struct state *state_get(const char *name, bool readonly, bool auth) + off_t offset; + size_t size; + +- root = of_read_proc_devicetree(); +- if (IS_ERR(root)) { +- pr_err("Unable to read devicetree. %s\n", +- strerror(-PTR_ERR(root))); +- return ERR_CAST(root); ++ if (filename) { ++ void *fdt; ++ ++ fdt = read_file(filename, NULL); ++ if (fdt) ++ root = of_unflatten_dtb(fdt); ++ } else { ++ root = of_read_proc_devicetree(); ++ if (IS_ERR(root)) { ++ pr_err("Unable to read devicetree. %s\n", ++ strerror(-PTR_ERR(root))); ++ return ERR_CAST(root); ++ } + } + + of_set_root_node(root); +@@ -387,6 +395,7 @@ static struct option long_options[] = { + {"get", required_argument, 0, 'g' }, + {"set", required_argument, 0, 's' }, + {"name", required_argument, 0, 'n' }, ++ {"input", required_argument, 0, 'i' }, + {"dump", no_argument, 0, 'd' }, + {"dump-shell", no_argument, 0, OPT_DUMP_SHELL }, + {"verbose", no_argument, 0, 'v' }, +@@ -402,6 +411,7 @@ static void usage(char *name) + "-g, --get get the value of a variable\n" + "-s, --set = set the value of a variable\n" + "-n, --name specify the state to use (default=\"state\"). Multiple states are allowed.\n" ++"-i, --input load the devicetree from a file instead of using the system devicetree.\n" + "-d, --dump dump the state\n" + "--dump-shell dump the state suitable for shell sourcing\n" + "-v, --verbose increase verbosity\n" +@@ -439,12 +449,13 @@ int main(int argc, char *argv[]) + bool readonly = true; + int pr_level = 5; + int auth = 1; ++ const char *dtb = NULL; + + INIT_LIST_HEAD(&sg_list); + INIT_LIST_HEAD(&state_list.list); + + while (1) { +- c = getopt_long(argc, argv, "hg:s:dvn:qf", long_options, &option_index); ++ c = getopt_long(argc, argv, "hg:s:i:dvn:qf", long_options, &option_index); + if (c < 0) + break; + switch (c) { +@@ -490,6 +501,9 @@ int main(int argc, char *argv[]) + ++nr_states; + break; + } ++ case 'i': ++ dtb = strdup(optarg); ++ break; + case ':': + case '?': + default: +@@ -530,7 +544,7 @@ int main(int argc, char *argv[]) + } + + list_for_each_entry(state, &state_list.list, list) { +- state->state = state_get(state->name, readonly, auth); ++ state->state = state_get(state->name, dtb, readonly, auth); + if (!IS_ERR(state->state) && !state->name) + state->name = state->state->name; + if (IS_ERR(state->state)) { +diff --git a/src/barebox-state.h b/src/barebox-state.h +index bd89cf4..a0f49a5 100644 +--- a/src/barebox-state.h ++++ b/src/barebox-state.h +@@ -1,7 +1,7 @@ + #ifndef __BAREBOX_STATE__ + #define __BAREBOX_STATE__ + +-struct state *state_get(const char *name, bool readonly, bool auth); ++struct state *state_get(const char *name, const char *file, bool readonly, bool auth); + char *state_get_var(struct state *state, const char *var); + + #endif /* __BAREBOX_STATE__ */ +diff --git a/src/keystore-blob.c b/src/keystore-blob.c +index 028dd8b..4572431 100644 +--- a/src/keystore-blob.c ++++ b/src/keystore-blob.c +@@ -30,7 +30,7 @@ int keystore_get_secret(const char *name, const unsigned char **key, int *key_le + if (!state) { + struct state *tmp; + +- tmp = state_get(keystore_state_name, true, false); ++ tmp = state_get(keystore_state_name, NULL, true, false); + if (IS_ERR(tmp)) + return PTR_ERR(tmp); + state = tmp; +-- +cgit v0.10.2 diff --git a/buildroot-external/board/ova/patches/dt-utils/0002-support-finding-devices-by-partuuid.patch b/buildroot-external/board/ova/patches/dt-utils/0002-support-finding-devices-by-partuuid.patch new file mode 100644 index 000000000..31b8b2b6d --- /dev/null +++ b/buildroot-external/board/ova/patches/dt-utils/0002-support-finding-devices-by-partuuid.patch @@ -0,0 +1,33 @@ +From 26148417fab419a0c7f301fb8f2be015324d5374 Mon Sep 17 00:00:00 2001 +From: Steffen Trumtrar +Date: Fri, 30 Jun 2017 16:53:17 +0200 +Subject: libdt: support finding devices by partuuid + +Signed-off-by: Steffen Trumtrar + +diff --git a/src/libdt.c b/src/libdt.c +index 3adeed2..2bc6cc1 100644 +--- a/src/libdt.c ++++ b/src/libdt.c +@@ -2393,6 +2393,18 @@ int of_get_devicepath(struct device_node *partition_node, char **devpath, off_t + */ + node = partition_node->parent; + ++ if (of_device_is_compatible(node, "fixed-partitions")) { ++ const char *uuid; ++ ++ /* when partuuid is specified short-circuit the search for the cdev */ ++ ret = of_property_read_string(partition_node, "partuuid", &uuid); ++ if (!ret) { ++ *devpath = basprintf("/dev/disk/by-partuuid/%s", uuid); ++ ++ return 0; ++ } ++ } ++ + /* + * Respect flash "partitions" subnode. Use parent of parent in this + * case. +-- +cgit v0.10.2 + diff --git a/buildroot-external/board/ova/patches/rauc/0001-add-i-argument-to.patch b/buildroot-external/board/ova/patches/rauc/0001-add-i-argument-to.patch new file mode 100644 index 000000000..2337970a9 --- /dev/null +++ b/buildroot-external/board/ova/patches/rauc/0001-add-i-argument-to.patch @@ -0,0 +1,36 @@ +From c9d56ea8fccf72e1c5d1f224f965e1a8e84d1b7f Mon Sep 17 00:00:00 2001 +From: Pascal Vizeli +Date: Wed, 9 May 2018 21:54:58 +0200 +Subject: [PATCH 1/1] add -i argument to barebox-state call + +--- + src/bootchooser.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/bootchooser.c b/src/bootchooser.c +index d5efc0c..c57c2f7 100644 +--- a/src/bootchooser.c ++++ b/src/bootchooser.c +@@ -77,6 +77,9 @@ static gboolean barebox_state_get(const gchar* bootname, BareboxSlotState *bb_st + g_ptr_array_add(args, g_strdup_printf(BOOTSTATE_PREFIX ".%s.priority", bootname)); + g_ptr_array_add(args, g_strdup("-g")); + g_ptr_array_add(args, g_strdup_printf(BOOTSTATE_PREFIX ".%s.remaining_attempts", bootname)); ++ ++ g_ptr_array_add(args, g_strdup("-i")); ++ g_ptr_array_add(args, g_strdup("/mnt/boot/EFI/barebox/state.dtb")); + g_ptr_array_add(args, NULL); + + sub = g_subprocess_newv((const gchar * const *)args->pdata, +@@ -170,6 +173,9 @@ static gboolean barebox_state_set(GPtrArray *pairs, GError **error) + g_ptr_array_add(args, g_strdup("-s")); + g_ptr_array_add(args, g_strdup(pairs->pdata[i])); + } ++ ++ g_ptr_array_add(args, g_strdup("-i")); ++ g_ptr_array_add(args, g_strdup("/mnt/boot/EFI/barebox/state.dtb")); + g_ptr_array_add(args, NULL); + + sub = g_subprocess_newv((const gchar * const *)args->pdata, +-- +2.7.4 + diff --git a/buildroot-external/board/ova/post-build.sh b/buildroot-external/board/ova/post-build.sh deleted file mode 100755 index f2f5e4417..000000000 --- a/buildroot-external/board/ova/post-build.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -set -e - -SCRIPT_DIR=${BR2_EXTERNAL_HASSIO_PATH}/scripts -BOARD_DIR="$(dirname $0)" - -. ${SCRIPT_DIR}/rootfs_layer.sh - -# HassioOS tasks -fix_rootfs -install_hassio_cli - -cp ${BOARD_DIR}/rauc.conf ${TARGET_DIR}/etc/rauc/system.conf diff --git a/buildroot-external/board/ova/post-image.sh b/buildroot-external/board/ova/post-image.sh index 6b5579c30..f84a8fd91 100755 --- a/buildroot-external/board/ova/post-image.sh +++ b/buildroot-external/board/ova/post-image.sh @@ -2,10 +2,15 @@ set -e SCRIPT_DIR=${BR2_EXTERNAL_HASSIO_PATH}/scripts -BOARD_DIR="$(dirname $0)" +BOARD_DIR=${2} BOOT_DATA=${BINARIES_DIR}/boot . ${SCRIPT_DIR}/hdd_image.sh +. ${BR2_EXTERNAL_HASSIO_PATH}/info +. ${BOARD_DIR}/info + +# Filename +IMAGE_FILE=hassio-${BOARD_ID}_${VERSION_MAJOR}.${VERSION_BUILD}.vmdk # Init boot data rm -rf ${BOOT_DATA} @@ -21,4 +26,4 @@ hassio_overlay_image ${BINARIES_DIR} hassio_hdd_image ${BINARIES_DIR} ${BINARIES_DIR}/harddisk.img 6 -qemu-img convert -O vmdk ${BINARIES_DIR}/harddisk.img ${BINARIES_DIR}/hassio-os.vmdk +qemu-img convert -O vmdk ${BINARIES_DIR}/harddisk.img ${BINARIES_DIR}/${IMAGE_FILE} diff --git a/buildroot-external/board/ova/rauc.conf b/buildroot-external/board/ova/rootfs-overlay/etc/rauc.conf similarity index 90% rename from buildroot-external/board/ova/rauc.conf rename to buildroot-external/board/ova/rootfs-overlay/etc/rauc.conf index 0c31528c0..149ccd835 100644 --- a/buildroot-external/board/ova/rauc.conf +++ b/buildroot-external/board/ova/rootfs-overlay/etc/rauc.conf @@ -1,5 +1,5 @@ [system] -compatible=Hass.io OS OVA +compatible=Hass.io-OS ova bootloader=barebox [keyring] diff --git a/buildroot-external/busybox.config b/buildroot-external/busybox.config index fced55441..61ce69e48 100644 --- a/buildroot-external/busybox.config +++ b/buildroot-external/busybox.config @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit # Busybox version: 1.27.2 -# Tue Apr 17 18:57:21 2018 +# Tue May 1 14:34:48 2018 # CONFIG_HAVE_DOT_CONFIG=y @@ -606,13 +606,13 @@ CONFIG_GETOPT=y CONFIG_FEATURE_GETOPT_LONG=y CONFIG_HEXDUMP=y CONFIG_FEATURE_HEXDUMP_REVERSE=y -CONFIG_HD=y -CONFIG_XXD=y -CONFIG_HWCLOCK=y -CONFIG_FEATURE_HWCLOCK_LONG_OPTIONS=y +# CONFIG_HD is not set +# CONFIG_XXD is not set +# CONFIG_HWCLOCK is not set +# CONFIG_FEATURE_HWCLOCK_LONG_OPTIONS is not set # CONFIG_FEATURE_HWCLOCK_ADJTIME_FHS is not set CONFIG_IONICE=y -CONFIG_IPCRM=y +# CONFIG_IPCRM is not set CONFIG_IPCS=y # CONFIG_LAST is not set # CONFIG_FEATURE_LAST_FANCY is not set @@ -648,9 +648,9 @@ CONFIG_FEATURE_MOUNT_FLAGS=y # CONFIG_FEATURE_MOUNT_FSTAB is not set # CONFIG_FEATURE_MOUNT_OTHERTAB is not set # CONFIG_MOUNTPOINT is not set -CONFIG_NSENTER=y -CONFIG_FEATURE_NSENTER_LONG_OPTS=y -CONFIG_PIVOT_ROOT=y +# CONFIG_NSENTER is not set +# CONFIG_FEATURE_NSENTER_LONG_OPTS is not set +# CONFIG_PIVOT_ROOT is not set CONFIG_RDATE=y CONFIG_RDEV=y CONFIG_READPROFILE=y @@ -674,14 +674,14 @@ CONFIG_FEATURE_TASKSET_FANCY=y CONFIG_UEVENT=y CONFIG_UMOUNT=y CONFIG_FEATURE_UMOUNT_ALL=y -CONFIG_UNSHARE=y +# CONFIG_UNSHARE is not set # CONFIG_WALL is not set # # Common options for mount/umount # CONFIG_FEATURE_MOUNT_LOOP=y -CONFIG_FEATURE_MOUNT_LOOP_CREATE=y +# CONFIG_FEATURE_MOUNT_LOOP_CREATE is not set # CONFIG_FEATURE_MTAB_SUPPORT is not set CONFIG_VOLUMEID=y @@ -750,10 +750,10 @@ CONFIG_FEATURE_CROND_DIR="" # CONFIG_FLASHCP is not set CONFIG_HDPARM=y CONFIG_FEATURE_HDPARM_GET_IDENTITY=y -CONFIG_FEATURE_HDPARM_HDIO_SCAN_HWIF=y -CONFIG_FEATURE_HDPARM_HDIO_UNREGISTER_HWIF=y -CONFIG_FEATURE_HDPARM_HDIO_DRIVE_RESET=y -CONFIG_FEATURE_HDPARM_HDIO_TRISTATE_HWIF=y +# CONFIG_FEATURE_HDPARM_HDIO_SCAN_HWIF is not set +# CONFIG_FEATURE_HDPARM_HDIO_UNREGISTER_HWIF is not set +# CONFIG_FEATURE_HDPARM_HDIO_DRIVE_RESET is not set +# CONFIG_FEATURE_HDPARM_HDIO_TRISTATE_HWIF is not set CONFIG_FEATURE_HDPARM_HDIO_GETSET_DMA=y # CONFIG_I2CGET is not set # CONFIG_I2CSET is not set @@ -780,7 +780,7 @@ CONFIG_FEATURE_LESS_MAXLINES=0 # CONFIG_MT is not set CONFIG_NANDWRITE=y CONFIG_NANDDUMP=y -CONFIG_PARTPROBE=y +# CONFIG_PARTPROBE is not set # CONFIG_RAIDAUTORUN is not set # CONFIG_READAHEAD is not set # CONFIG_RFKILL is not set @@ -1069,7 +1069,7 @@ CONFIG_ASH_TEST=y CONFIG_ASH_HELP=y CONFIG_ASH_GETOPTS=y CONFIG_ASH_CMDCMD=y -CONFIG_CTTYHACK=y +# CONFIG_CTTYHACK is not set # CONFIG_HUSH is not set # CONFIG_HUSH_BASH_COMPAT is not set # CONFIG_HUSH_BRACE_EXPANSION is not set diff --git a/buildroot-external/configs/ova_defconfig b/buildroot-external/configs/ova_defconfig index 367aa44ca..d1f0d4107 100644 --- a/buildroot-external/configs/ova_defconfig +++ b/buildroot-external/configs/ova_defconfig @@ -1,18 +1,19 @@ BR2_x86_64=y BR2_CCACHE=y BR2_CCACHE_DIR="$(TOPDIR)/ccache" -BR2_GLOBAL_PATCH_DIR="$(BR2_EXTERNAL_HASSIO_PATH)/patches" +BR2_GLOBAL_PATCH_DIR="$(BR2_EXTERNAL_HASSIO_PATH)/patches $(BR2_EXTERNAL_HASSIO_PATH)/board/ova/patches" BR2_TOOLCHAIN_BUILDROOT_GLIBC=y BR2_GCC_VERSION_7_X=y BR2_TOOLCHAIN_BUILDROOT_CXX=y -BR2_TARGET_GENERIC_HOSTNAME="hassio.local" +BR2_TARGET_GENERIC_HOSTNAME="hassio" BR2_TARGET_GENERIC_ISSUE="Welcome to Hass.io" BR2_INIT_SYSTEMD=y BR2_TARGET_GENERIC_GETTY_PORT="tty1" # BR2_TARGET_GENERIC_REMOUNT_ROOTFS_RW is not set -BR2_ROOTFS_OVERLAY="$(BR2_EXTERNAL_HASSIO_PATH)/rootfs-overlay/" -BR2_ROOTFS_POST_BUILD_SCRIPT="$(BR2_EXTERNAL_HASSIO_PATH)/board/ova/post-build.sh" +BR2_ROOTFS_OVERLAY="$(BR2_EXTERNAL_HASSIO_PATH)/rootfs-overlay $(BR2_EXTERNAL_HASSIO_PATH)/board/ova/rootfs-overlay" +BR2_ROOTFS_POST_BUILD_SCRIPT="$(BR2_EXTERNAL_HASSIO_PATH)/scripts/post-build.sh" BR2_ROOTFS_POST_IMAGE_SCRIPT="$(BR2_EXTERNAL_HASSIO_PATH)/board/ova/post-image.sh" +BR2_ROOTFS_POST_SCRIPT_ARGS="$(BR2_EXTERNAL_HASSIO_PATH)/board/ova" BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="$(BR2_EXTERNAL_HASSIO_PATH)/board/ova/kernel.config" @@ -22,8 +23,6 @@ BR2_LINUX_KERNEL_NEEDS_HOST_LIBELF=y BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y BR2_PACKAGE_BUSYBOX_CONFIG="$(BR2_EXTERNAL_HASSIO_PATH)/busybox.config" BR2_PACKAGE_BUSYBOX_INDIVIDUAL_BINARIES=y -BR2_PACKAGE_ALSA_UTILS=y -BR2_PACKAGE_LZ4=y BR2_PACKAGE_JQ=y BR2_PACKAGE_DOSFSTOOLS=y BR2_PACKAGE_E2FSPROGS=y @@ -67,7 +66,11 @@ BR2_PACKAGE_HOST_RAUC=y BR2_PACKAGE_MINGETTY=y BR2_PACKAGE_HASSIO=y BR2_PACKAGE_HASSIO_SUPERVISOR="homeassistant/amd64-hassio-supervisor" -BR2_PACKAGE_HASSIO_SUPERVISOR_VERSION="0.101" +BR2_PACKAGE_HASSIO_SUPERVISOR_VERSION="103.3" BR2_PACKAGE_HASSIO_SUPERVISOR_ARGS="-e HOMEASSISTANT_REPOSITORY=homeassistant/qemux86-64-homeassistant" +BR2_PACKAGE_HASSIO_SUPERVISOR_PROFILE="hassio-supervisor" BR2_PACKAGE_HASSIO_CLI="homeassistant/amd64-hassio-cli" -BR2_PACKAGE_HASSIO_CLI_VERSION="0.1" +BR2_PACKAGE_HASSIO_CLI_VERSION="3" +BR2_PACKAGE_HASSIO_CLI_PROFILE="docker-default" +BR2_PACKAGE_HASSIO_APPARMOR_DIR="supervisor/apparmor" +BR2_PACKAGE_APPARMOR=y diff --git a/buildroot-external/info b/buildroot-external/info new file mode 100644 index 000000000..676f81002 --- /dev/null +++ b/buildroot-external/info @@ -0,0 +1,6 @@ +VERSION_MAJOR=0 +VERSION_BUILD=2 + +HASSIO_NAME="Hass.io-OS" + +DEPLOYMENT=development diff --git a/buildroot-external/package/apparmor/Config.in b/buildroot-external/package/apparmor/Config.in new file mode 100644 index 000000000..3703354c5 --- /dev/null +++ b/buildroot-external/package/apparmor/Config.in @@ -0,0 +1,9 @@ +config BR2_PACKAGE_APPARMOR + bool "apparmor" + select BR2_PACKAGE_LIBAPPARMOR + help + AppArmor gives you network application security via mandatory + access control for programs, protecting against the exploitation + of software flaws and compromised systems. + + http://apparmor.net diff --git a/buildroot-external/package/apparmor/apparmor.mk b/buildroot-external/package/apparmor/apparmor.mk new file mode 100644 index 000000000..3ccca7ed5 --- /dev/null +++ b/buildroot-external/package/apparmor/apparmor.mk @@ -0,0 +1,24 @@ +############################################################# +# +# apparmor +# +############################################################# +APPARMOR_VERSION = v2.13 +APPARMOR_SITE = git://git.launchpad.net/apparmor +APPARMOR_LICENSE = GPL-2 +APPARMOR_LICENSE_FILES = LICENSE +APPARMOR_DEPENDENCIES = libapparmor + +define APPARMOR_BUILD_CMDS + $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) PATH=$(BR_PATH) $(MAKE) -C $(@D)/parser USE_SYSTEM=1 YACC=bison LEX=flex + $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/profiles +endef + +define APPARMOR_INSTALL_TARGET_CMDS + $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/parser DESTDIR=$(TARGET_DIR) USE_SYSTEM=1 PREFIX=/usr install + $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/profiles DESTDIR=$(TARGET_DIR) PREFIX=/usr install + + rm -rf $(TARGET_DIR)/usr/lib/apparmor +endef + +$(eval $(generic-package)) diff --git a/buildroot-external/package/hassio/Config.in b/buildroot-external/package/hassio/Config.in index 303725a1b..b659ce4c4 100644 --- a/buildroot-external/package/hassio/Config.in +++ b/buildroot-external/package/hassio/Config.in @@ -1,4 +1,4 @@ -config BR2_PACKAGE_HASSIO +menuconfig BR2_PACKAGE_HASSIO bool "hassio-app" help This is the Application layer they build the @@ -23,6 +23,11 @@ config BR2_PACKAGE_HASSIO_SUPERVISOR_ARGS help Extended docker arguments to run the supervisor. +config BR2_PACKAGE_HASSIO_SUPERVISOR_PROFILE + string "AppArmor supervisor profile" + help + AppArmor profile for supervisor. + config BR2_PACKAGE_HASSIO_CLI string "cli docker image" help @@ -38,4 +43,14 @@ config BR2_PACKAGE_HASSIO_CLI_ARGS help Extended docker arguments to run the cli. +config BR2_PACKAGE_HASSIO_CLI_PROFILE + string "AppArmor cli profile" + help + AppArmor profile for cli. + +config BR2_PACKAGE_HASSIO_APPARMOR_DIR + string "AppArmor profiles folder" + help + AppArmor profiles folder for supervisor. + endif diff --git a/buildroot-external/package/hassio/builder/hostapp.sh b/buildroot-external/package/hassio/builder/hostapp.sh index 61e0f53d7..c226ba394 100755 --- a/buildroot-external/package/hassio/builder/hostapp.sh +++ b/buildroot-external/package/hassio/builder/hostapp.sh @@ -4,9 +4,12 @@ set -e SUPERVISOR="" SUPERVISOR_VERSION="" SUPERVISOR_ARGS="" +SUPERVISOR_PROFILE="" CLI="" CLI_VERSION="" CLI_ARGS="" +CLI_PROFILE="" +APPARMOR="" DATA_IMG="/export/data.ext4" # Parse @@ -25,6 +28,10 @@ while [[ $# -gt 0 ]]; do SUPERVISOR_ARGS=$2 shift ;; + --supervisor-profile) + SUPERVISOR_PROFILE=$2 + shift + ;; --cli) CLI=$2 shift @@ -37,6 +44,14 @@ while [[ $# -gt 0 ]]; do CLI_ARGS=$2 shift ;; + --cli-profile) + CLI_PROFILE=$2 + shift + ;; + --apparmor) + APPARMOR=$2 + shift + ;; *) exit 1 ;; @@ -49,17 +64,16 @@ dd if=/dev/zero of=${DATA_IMG} bs=1G count=1 mkfs.ext4 -L "hassio-data" -E lazy_itable_init=0,lazy_journal_init=0 ${DATA_IMG} # Mount / init file structs -mount -o loop ${DATA_IMG} /mnt -mkdir -p /mnt/docker -mkdir -p /mnt/supervisor -mkdir -p /mnt/cli +mkdir -p /mnt/data/ +mount -o loop ${DATA_IMG} /mnt/data +mkdir -p /mnt/data/docker # Run dockerd -dockerd -s overlay2 -g /mnt/docker 2> /dev/null & +dockerd -s overlay2 -g /mnt/data/docker & DOCKER_PID=$! +DOCKER_COUNT=0 until docker info >/dev/null 2>&1; do - DOCKER_COUNT=0 if [ ${DOCKER_COUNT} -gt 30 ]; then exit 1 fi @@ -77,14 +91,23 @@ docker pull "${CLI}:${CLI_VERSION}" docker tag "${CLI}:${CLI_VERSION}" "${CLI}:latest" # Write config -cat > /mnt/hassio.json <<- EOF +cat > /mnt/data/hassio.json <<- EOF { "supervisor": "${SUPERVISOR}", "supervisor_args": "${SUPERVISOR_ARGS}", + "supervisor_apparmor": "${SUPERVISOR_PROFILE}", "cli": "${CLI}", - "cli_args": "${CLI_ARGS}" + "cli_args": "${CLI_ARGS}", + "cli_apparmor": "${CLI_PROFILE}", + "apparmor": "${APPARMOR}" } EOF +# Setup AppArmor +if [ ! -z "${APPARMOR}" ]; then + mkdir -p /mnt/data/${APPARMOR} + cp -f /apparmor/* /mnt/data/${APPARMOR}/ +fi + # Finish -kill -TERM $DOCKER_PID && wait $DOCKER_PID && umount /mnt +kill -TERM $DOCKER_PID && wait $DOCKER_PID && umount /mnt/data diff --git a/buildroot-external/package/hassio/hassio.mk b/buildroot-external/package/hassio/hassio.mk index a41472a86..1d89ab7f8 100644 --- a/buildroot-external/package/hassio/hassio.mk +++ b/buildroot-external/package/hassio/hassio.mk @@ -15,13 +15,19 @@ define HASSIO_BUILD_CMDS endef define HASSIO_INSTALL_TARGET_CMDS - docker run --rm --privileged -v ${BINARIES_DIR}:/export hassio-hostapps \ - --supervisor ${BR2_PACKAGE_HASSIO_SUPERVISOR} \ - --supervisor-version ${BR2_PACKAGE_HASSIO_SUPERVISOR_VERSION} \ - --supervisor-args ${BR2_PACKAGE_HASSIO_SUPERVISOR_ARGS} \ - --cli ${BR2_PACKAGE_HASSIO_CLI} \ - --cli-version ${BR2_PACKAGE_HASSIO_CLI_VERSION} \ - --cli-args ${BR2_PACKAGE_HASSIO_CLI_ARGS} + docker run --rm --privileged \ + -v $(BINARIES_DIR):/export \ + -v $(BR2_EXTERNAL_HASSIO_PATH)/apparmor:/apparmor \ + hassio-hostapps \ + --supervisor $(BR2_PACKAGE_HASSIO_SUPERVISOR) \ + --supervisor-version $(BR2_PACKAGE_HASSIO_SUPERVISOR_VERSION) \ + --supervisor-args $(BR2_PACKAGE_HASSIO_SUPERVISOR_ARGS) \ + --supervisor-profile $(BR2_PACKAGE_HASSIO_SUPERVISOR_PROFILE) \ + --cli $(BR2_PACKAGE_HASSIO_CLI) \ + --cli-version $(BR2_PACKAGE_HASSIO_CLI_VERSION) \ + --cli-args $(BR2_PACKAGE_HASSIO_CLI_ARGS) \ + --cli-profile $(BR2_PACKAGE_HASSIO_CLI_PROFILE) \ + --apparmor $(BR2_PACKAGE_HASSIO_APPARMOR_DIR) endef $(eval $(generic-package)) diff --git a/buildroot-external/package/libapparmor/Config.in b/buildroot-external/package/libapparmor/Config.in new file mode 100644 index 000000000..f2188d078 --- /dev/null +++ b/buildroot-external/package/libapparmor/Config.in @@ -0,0 +1,8 @@ +config BR2_PACKAGE_LIBAPPARMOR + bool "libapparmor" + help + AppArmor gives you network application security via mandatory + access control for programs, protecting against the exploitation + of software flaws and compromised systems. + + http://apparmor.net diff --git a/buildroot-external/package/libapparmor/libapparmor.mk b/buildroot-external/package/libapparmor/libapparmor.mk new file mode 100644 index 000000000..0be91b1a7 --- /dev/null +++ b/buildroot-external/package/libapparmor/libapparmor.mk @@ -0,0 +1,18 @@ +############################################################# +# +# libapparmor +# +############################################################# +LIBAPPARMOR_VERSION = v2.13 +LIBAPPARMOR_SITE = git://git.launchpad.net/apparmor +LIBAPPARMOR_LICENSE = GPL-2 +LIBAPPARMOR_LICENSE_FILES = LICENSE +LIBAPPARMOR_INSTALL_STAGING = YES +LIBAPPARMOR_INSTALL_TARGET = NO +LIBAPPARMOR_DEPENDENCIES = host-flex +LIBAPPARMOR_SUBDIR = libraries/libapparmor +LIBAPPARMOR_CONF_ENV = ac_cv_func_reallocarray=no +LIBAPPARMOR_AUTORECONF = YES +LIBAPPARMOR_CONF_OPTS = --enable-static + +$(eval $(autotools-package)) diff --git a/buildroot-external/patches/.ignore b/buildroot-external/patches/.ignore deleted file mode 100644 index e69de29bb..000000000 diff --git a/buildroot-external/patches/systemd/0001-Allow-hostname-on-ro.patch b/buildroot-external/patches/systemd/0001-Allow-hostname-on-ro.patch new file mode 100644 index 000000000..71f85f32c --- /dev/null +++ b/buildroot-external/patches/systemd/0001-Allow-hostname-on-ro.patch @@ -0,0 +1,41 @@ +From 525b60af3320de3cc1f1145fe31a2de07b61faf6 Mon Sep 17 00:00:00 2001 +From: Pascal Vizeli +Date: Sat, 28 Apr 2018 00:20:08 +0200 +Subject: [PATCH 1/1] Allow hostname on ro + +--- + src/hostname/hostnamed.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c +index d9ad2fb..87fae35 100644 +--- a/src/hostname/hostnamed.c ++++ b/src/hostname/hostnamed.c +@@ -289,6 +289,7 @@ static int context_update_kernel_hostname(Context *c) { + static int context_write_data_static_hostname(Context *c) { + + assert(c); ++ FILE *f = NULL; + + if (isempty(c->data[PROP_STATIC_HOSTNAME])) { + +@@ -297,7 +298,15 @@ static int context_write_data_static_hostname(Context *c) { + + return 0; + } +- return write_string_file_atomic_label("/etc/hostname", c->data[PROP_STATIC_HOSTNAME]); ++ ++ f = fopen("/etc/hostname", "w"); ++ if (f == NULL) ++ return -ENOENT; ++ ++ fputs(c->data[PROP_STATIC_HOSTNAME], f); ++ fclose(f); ++ ++ return 0; + } + + static int context_write_data_machine_info(Context *c) { +-- +2.7.4 + diff --git a/buildroot-external/rootfs-overlay/etc/apparmor.d/containers/.empty b/buildroot-external/rootfs-overlay/etc/apparmor.d/containers/.empty new file mode 100644 index 000000000..8b1378917 --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/apparmor.d/containers/.empty @@ -0,0 +1 @@ + diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-hostname.mount b/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-hostname.mount new file mode 120000 index 000000000..173cae388 --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-hostname.mount @@ -0,0 +1 @@ +/usr/lib/systemd/system/etc-hostname.mount \ No newline at end of file diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-hosts.mount b/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-hosts.mount new file mode 120000 index 000000000..d22d22eb3 --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-hosts.mount @@ -0,0 +1 @@ +/usr/lib/systemd/system/etc-hosts.mount \ No newline at end of file diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-supervisor.service.d/rauc.conf b/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-supervisor.service.d/rauc.conf new file mode 100644 index 000000000..e001464d1 --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-supervisor.service.d/rauc.conf @@ -0,0 +1,2 @@ +[Unit] +OnFailure=rauc-bad.service diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/hassio-apparmor.service b/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/hassio-apparmor.service new file mode 120000 index 000000000..625edb930 --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/hassio-apparmor.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/hassio-apparmor.service \ No newline at end of file diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/rauc.service b/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/rauc.service new file mode 120000 index 000000000..c7ea83e7a --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/rauc.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/rauc.service \ No newline at end of file diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/timers.target.wants/rauc-good.timer b/buildroot-external/rootfs-overlay/etc/systemd/system/timers.target.wants/rauc-good.timer new file mode 120000 index 000000000..d010b7029 --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/systemd/system/timers.target.wants/rauc-good.timer @@ -0,0 +1 @@ +/usr/lib/systemd/system/rauc-good.timer \ No newline at end of file diff --git a/buildroot-external/rootfs-overlay/etc/tmpfiles.d/data.conf b/buildroot-external/rootfs-overlay/etc/tmpfiles.d/data.conf new file mode 100644 index 000000000..1e8e1e876 --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/tmpfiles.d/data.conf @@ -0,0 +1,2 @@ +d /mnt/data/supervisor +d /mnt/data/cli diff --git a/buildroot-external/rootfs-overlay/etc/tmpfiles.d/hostname.conf b/buildroot-external/rootfs-overlay/etc/tmpfiles.d/hostname.conf new file mode 100644 index 000000000..9d64a0516 --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/tmpfiles.d/hostname.conf @@ -0,0 +1,2 @@ +C /mnt/overlay/etc/hostname - - - - /etc/hostname +C /mnt/overlay/etc/hosts - - - - /etc/hosts diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-hostname.mount b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-hostname.mount new file mode 100644 index 000000000..be4a26bea --- /dev/null +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-hostname.mount @@ -0,0 +1,14 @@ +[Unit] +Description=Hostname persistent configuration +Requires=mnt-overlay.mount +After=mnt-overlay.mount systemd-tmpfiles-setup.service +Before=network.target + +[Mount] +What=/mnt/overlay/etc/hostname +Where=/etc/hostname +Type=none +Options=bind + +[Install] +WantedBy=hassio-bind.target diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-hosts.mount b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-hosts.mount new file mode 100644 index 000000000..366be9906 --- /dev/null +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-hosts.mount @@ -0,0 +1,14 @@ +[Unit] +Description=Hosts persistent configuration +Requires=mnt-overlay.mount +After=mnt-overlay.mount systemd-tmpfiles-setup.service +Before=network.target + +[Mount] +What=/mnt/overlay/etc/hosts +Where=/etc/hosts +Type=none +Options=bind + +[Install] +WantedBy=hassio-bind.target diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-apparmor.service b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-apparmor.service new file mode 100644 index 000000000..db8bf42a4 --- /dev/null +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-apparmor.service @@ -0,0 +1,13 @@ +[Unit] +Description=Hass.io AppArmor +Wants=hassio-supervisor.service +Before=docker.service hassio-supervisor.service +RequiresMountsFor=/mnt/data + +[Service] +Type=oneshot +RemainAfterExit=true +ExecStart=/usr/sbin/hassio-apparmor + +[Install] +WantedBy=multi-user.target diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-expand.service b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-expand.service index 5bcfa8c7c..f8b9ea15a 100644 --- a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-expand.service +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-expand.service @@ -5,7 +5,7 @@ Before=mnt-data.mount [Service] Type=oneshot -ExecStart=-/sbin/hassio-expand +ExecStart=/sbin/hassio-expand RemainAfterExit=true [Install] diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-supervisor.service b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-supervisor.service index 81dc66e42..03b3dd108 100644 --- a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-supervisor.service +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-supervisor.service @@ -1,8 +1,10 @@ [Unit] Description=Hass.io supervisor Requires=docker.service -After=docker.service +After=docker.service dbus.socket RequiresMountsFor=/mnt/data +StartLimitIntervalSec=60 +StartLimitBurst=5 [Service] Type=simple diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/mnt-data.mount b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/mnt-data.mount index 960979156..c439aacf3 100644 --- a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/mnt-data.mount +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/mnt-data.mount @@ -1,9 +1,9 @@ [Unit] Description=Hassio data partition -Requires=hassio-expand.service +Wants=hassio-expand.service DefaultDependencies=no After=hassio-expand.service -Before=umount.target +Before=umount.target systemd-tmpfiles-setup.service Conflicts=umount.target [Mount] diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/mnt-overlay.mount b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/mnt-overlay.mount index f648f6bfd..7af4b28a0 100644 --- a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/mnt-overlay.mount +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/mnt-overlay.mount @@ -1,7 +1,7 @@ [Unit] Description=Hassio overlay partition DefaultDependencies=no -Before=umount.target +Before=umount.target systemd-tmpfiles-setup.service Conflicts=umount.target [Mount] diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-bad.service b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-bad.service new file mode 100644 index 000000000..f93c5663a --- /dev/null +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-bad.service @@ -0,0 +1,10 @@ +[Unit] +Description=Rauc mark bad +Requires=rauc.service +RefuseManualStart=true +RefuseManualStop=true + +[Service] +Type=oneshot +ExecStart=/usr/bin/rauc status mark-bad +ExecStartPost=/usr/bin/systemctl reboot diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-good.service b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-good.service new file mode 100644 index 000000000..907ab3a26 --- /dev/null +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-good.service @@ -0,0 +1,9 @@ +[Unit] +Description=Hassio rauc good +Requires=hassio-supervisor.service rauc.service +RefuseManualStart=true +RefuseManualStop=true + +[Service] +Type=oneshot +ExecStart=/usr/bin/rauc status mark-good diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-good.timer b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-good.timer new file mode 100644 index 000000000..88671f8eb --- /dev/null +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-good.timer @@ -0,0 +1,8 @@ +[Unit] +Description=Rauc mark boot partition as good + +[Timer] +OnBootSec=1min + +[Install] +WantedBy=timers.target diff --git a/buildroot-external/rootfs-overlay/usr/sbin/hassio-apparmor b/buildroot-external/rootfs-overlay/usr/sbin/hassio-apparmor new file mode 100755 index 000000000..bba158658 --- /dev/null +++ b/buildroot-external/rootfs-overlay/usr/sbin/hassio-apparmor @@ -0,0 +1,47 @@ +#!/bin/sh +set -e + +# Load configs +CONFIG_FILE=/mnt/data/hassio.json + +# Read configs +PROFILES_DIR="$(jq --raw-output '.apparmor // empty' ${CONFIG_FILE})" +if [ -z "${PROFILES_DIR}" ]; then + exit 0 +fi + +PROFILES_DIR="/mnt/data/${PROFILES_DIR}" +CACHE_DIR="${PROFILES_DIR}/cache" +REMOVE_DIR="${PROFILES_DIR}/remove" + +# Check folder structure +mkdir -p ${PROFILES_DIR} +mkdir -p ${CACHE_DIR} +mkdir -p ${REMOVE_DIR} + +# Load/Update exists/new profiles +for profile in ${PROFILES_DIR}/*; do + if [ ! -f ${profile} ]; then + continue + fi + + # Load Profile + if ! apparmor_parser -r -W -L ${CACHE_DIR} ${profile}; then + echo "[Error]: Can't load profile ${profile}" + fi +done + +# Cleanup old profiles +for profile in ${REMOVE_DIR}/*; do + if [ ! -f ${profile} ]; then + continue + fi + + # Unload Profile + if apparmor_parser -R -W -L ${CACHE_DIR} ${profile}; then + if rm ${profile}; then + continue + fi + fi + echo "[Error]: Can't remove profile ${profile}" +done diff --git a/buildroot-external/rootfs-overlay/usr/bin/hassio-cli b/buildroot-external/rootfs-overlay/usr/sbin/hassio-cli similarity index 75% rename from buildroot-external/rootfs-overlay/usr/bin/hassio-cli rename to buildroot-external/rootfs-overlay/usr/sbin/hassio-cli index 81bf07757..02b682865 100755 --- a/buildroot-external/rootfs-overlay/usr/bin/hassio-cli +++ b/buildroot-external/rootfs-overlay/usr/sbin/hassio-cli @@ -5,6 +5,7 @@ CONFIG_FILE=/mnt/data/hassio.json CLI="$(jq --raw-output '.cli' ${CONFIG_FILE})" DOCKER_ARGS="$(jq --raw-output '.cli_args // empty' ${CONFIG_FILE})" +APPARMOR="$(jq --raw-output '.cli_apparmor // "docker-default"' ${CONFIG_FILE})" CLI_DATA=/mnt/data/cli mkdir -p ${CLI_DATA} @@ -12,6 +13,7 @@ mkdir -p ${CLI_DATA} # Run CLI docker run \ --rm -ti --init \ + --security-opt apparmor="${APPARMOR}" \ -v ${CLI_DATA}:/data \ $DOCKER_ARGS \ ${CLI} diff --git a/buildroot-external/rootfs-overlay/usr/sbin/hassio-supervisor b/buildroot-external/rootfs-overlay/usr/sbin/hassio-supervisor index 727289f4f..4b7bccdd3 100755 --- a/buildroot-external/rootfs-overlay/usr/sbin/hassio-supervisor +++ b/buildroot-external/rootfs-overlay/usr/sbin/hassio-supervisor @@ -6,15 +6,22 @@ CONFIG_FILE=/mnt/data/hassio.json SUPERVISOR="$(jq --raw-output '.supervisor' ${CONFIG_FILE})" DOCKER_ARGS="$(jq --raw-output '.supervisor_args // empty' ${CONFIG_FILE})" +APPARMOR="$(jq --raw-output '.supervisor_apparmor // "docker-default"' ${CONFIG_FILE})" # Init supervisor HASSIO_DATA=/mnt/data/supervisor HASSIO_IMAGE_ID=$(docker inspect --format='{{.Id}}' ${SUPERVISOR}) HASSIO_CONTAINER_ID=$(docker inspect --format='{{.Image}}' hassio_supervisor || echo "") +# Fix wrong AppArmor profiles +if ! grep ${APPARMOR} /sys/kernel/security/apparmor/profiles > /dev/null; then + APPARMOR=docker-default +fi + runSupervisor() { docker rm --force hassio_supervisor || true docker run --name hassio_supervisor \ + --security-opt apparmor="${APPARMOR}" \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /var/run/dbus:/var/run/dbus \ -v ${HASSIO_DATA}:/data \ diff --git a/buildroot-external/scripts/hdd_image.sh b/buildroot-external/scripts/hdd_image.sh index 5a7b284ee..befdb00ea 100755 --- a/buildroot-external/scripts/hdd_image.sh +++ b/buildroot-external/scripts/hdd_image.sh @@ -1,7 +1,13 @@ #!/bin/bash -BOOT_SIZE=32M +BOOT_UUID="b3dd0952-733c-4c88-8cba-cab9b8b4377f" BOOTSTATE_UUID="33236519-7F32-4DFF-8002-3390B62C309D" +SYSTEM0_UUID="8d3d53e3-6d49-4c38-8349-aff6859e82fd" +SYSTEM1_UUID="a3ec664e-32ce-4665-95ea-7ae90ce9aa20" +OVERLAY_UUID="f1326040-5236-40eb-b683-aaa100a9afcf" +DATA_UUID="a52a4597-fa3a-4851-aefd-2fbe9f849079" + +BOOT_SIZE=32M BOOTSTATE_SIZE=8M SYSTEM_SIZE=256M OVERLAY_SIZE=64M @@ -44,15 +50,15 @@ function hassio_hdd_image() { # Partition layout boot_offset="$(sgdisk -F ${hdd_img})" - sgdisk -n 1:0:+${BOOT_SIZE} -c 1:"hassio-boot" -t 1:"C12A7328-F81F-11D2-BA4B-00A0C93EC93B" ${hdd_img} + sgdisk -n 1:0:+${BOOT_SIZE} -c 1:"hassio-boot" -t 1:"C12A7328-F81F-11D2-BA4B-00A0C93EC93B" -u 1:${BOOT_UUID} ${hdd_img} rootfs_offset="$(sgdisk -F ${hdd_img})" - sgdisk -n 2:0:+${SYSTEM_SIZE} -c 2:"hassio-system0" -t 2:"0FC63DAF-8483-4772-8E79-3D69D8477DE4" ${hdd_img} - sgdisk -n 3:0:+${SYSTEM_SIZE} -c 3:"hassio-system1" -t 3:"0FC63DAF-8483-4772-8E79-3D69D8477DE4" ${hdd_img} + sgdisk -n 2:0:+${SYSTEM_SIZE} -c 2:"hassio-system0" -t 2:"0FC63DAF-8483-4772-8E79-3D69D8477DE4" -u 2:${SYSTEM0_UUID} ${hdd_img} + sgdisk -n 3:0:+${SYSTEM_SIZE} -c 3:"hassio-system1" -t 3:"0FC63DAF-8483-4772-8E79-3D69D8477DE4" -u 3:${SYSTEM1_UUID} ${hdd_img} sgdisk -n 4:0:+${BOOTSTATE_SIZE} -c 4:"hassio-bootstate" -u 4:${BOOTSTATE_UUID} ${hdd_img} overlay_offset="$(sgdisk -F ${hdd_img})" - sgdisk -n 5:0:+${OVERLAY_SIZE} -c 5:"hassio-overlay" -t 5:"0FC63DAF-8483-4772-8E79-3D69D8477DE4" ${hdd_img} + sgdisk -n 5:0:+${OVERLAY_SIZE} -c 5:"hassio-overlay" -t 5:"0FC63DAF-8483-4772-8E79-3D69D8477DE4" -u 5:${OVERLAY_UUID} ${hdd_img} data_offset="$(sgdisk -F ${hdd_img})" - sgdisk -n 6:0:+${DATA_SIZE} -c 6:"hassio-data" -t 6:"0FC63DAF-8483-4772-8E79-3D69D8477DE4" ${hdd_img} + sgdisk -n 6:0:+${DATA_SIZE} -c 6:"hassio-data" -t 6:"0FC63DAF-8483-4772-8E79-3D69D8477DE4" -u 6:${DATA_UUID} ${hdd_img} sgdisk -v # Write Images diff --git a/buildroot-external/scripts/post-build.sh b/buildroot-external/scripts/post-build.sh new file mode 100755 index 000000000..745de9bea --- /dev/null +++ b/buildroot-external/scripts/post-build.sh @@ -0,0 +1,32 @@ +#!/bin/bash +set -e + +SCRIPT_DIR=${BR2_EXTERNAL_HASSIO_PATH}/scripts +BOARD_DIR=${2} + +. ${SCRIPT_DIR}/rootfs_layer.sh +. ${BR2_EXTERNAL_HASSIO_PATH}/info +. ${BOARD_DIR}/info + +# Hass.io OS tasks +fix_rootfs +install_hassio_cli + +# Write os-release +( + echo "NAME=Hass.io" + echo "VERSION=\"${VERSION_MAJOR}.${VERSION_BUILD} (${BOARD_NAME})\"" + echo "ID=hassio-os" + echo "VERSION_ID=${VERSION_MAJOR}.${VERSION_BUILD}" + echo "PRETTY_NAME=\"${HASSIO_NAME} ${VERSION_MAJOR}.${VERSION_BUILD}\"" + echo "CPE_NAME=cpe:2.3:o:home_assistant:hassio:${VERSION_MAJOR}.${VERSION_BUILD}:*:${DEPLOYMENT}:*:*:*:${BOARD_ID}:*" + echo "HOME_URL=https://hass.io/" + echo "VARIANT=\"Hass.io ${BOARD_NAME}\"" + echo "VARIANT_ID=${BOARD_ID}" +) > ${TARGET_DIR}/usr/lib/os-release + +# Write machine-info +( + echo "CHASSIS=${CHASSIS}" + echo "DEPLOYMENT=${DEPLOYMENT}" +) > ${TARGET_DIR}/etc/machine-info diff --git a/buildroot-external/scripts/rootfs_layer.sh b/buildroot-external/scripts/rootfs_layer.sh index f8bcffccc..3b332aa2f 100644 --- a/buildroot-external/scripts/rootfs_layer.sh +++ b/buildroot-external/scripts/rootfs_layer.sh @@ -5,10 +5,25 @@ function fix_rootfs() { # Cleanup DHCP service, we don't need this with NetworkManager rm -rf ${TARGET_DIR}/etc/systemd/system/multi-user.target.wants/dhcpcd.service rm -rf ${TARGET_DIR}/usr/lib/systemd/system/dhcpcd.service + + # Cleanup etc + rm -rf ${TARGET_DIR}/etc/init.d + rm -rf ${TARGET_DIR}/etc/modules-load.d + rm -rf ${TARGET_DIR}/etc/network + rm -rf ${TARGET_DIR}/etc/X11 + rm -rf ${TARGET_DIR}/etc/xdg + + # Cleanup root + rm -rf ${TARGET_DIR}/media + rm -rf ${TARGET_DIR}/srv + rm -rf ${TARGET_DIR}/opt + + # Fix tempfs + sed -i "/srv/d" ${TARGET_DIR}/usr/lib/tmpfiles.d/home.conf } function install_hassio_cli() { - sed -i "s|\(root.*\)/bin/sh|\1/usr/bin/hassio-cli|" ${TARGET_DIR}/etc/passwd + sed -i "s|\(root.*\)/bin/sh|\1/usr/sbin/hassio-cli|" ${TARGET_DIR}/etc/passwd } diff --git a/buildroot-patches/0013-Add-apparmor-support-to-docker.patch b/buildroot-patches/0013-Add-apparmor-support-to-docker.patch new file mode 100644 index 000000000..6aeca9863 --- /dev/null +++ b/buildroot-patches/0013-Add-apparmor-support-to-docker.patch @@ -0,0 +1,60 @@ +From a5d50577d81efeccb4904e6b56793f84b7e3e89f Mon Sep 17 00:00:00 2001 +From: Pascal Vizeli +Date: Tue, 1 May 2018 23:35:05 +0200 +Subject: [PATCH 1/1] Add apparmor support to docker + +--- + package/docker-containerd/docker-containerd.mk | 1 + + package/docker-engine/docker-engine.mk | 2 +- + package/runc/runc.mk | 3 +-- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/package/docker-containerd/docker-containerd.mk b/package/docker-containerd/docker-containerd.mk +index 230307d..9be658d 100644 +--- a/package/docker-containerd/docker-containerd.mk ++++ b/package/docker-containerd/docker-containerd.mk +@@ -18,6 +18,7 @@ DOCKER_CONTAINERD_MAKE_ENV = $(HOST_GO_TARGET_ENV) \ + GOBIN="$(@D)/bin" \ + GOPATH="$(DOCKER_CONTAINERD_GOPATH)" + ++DOCKER_CONTAINERD_BUILD_TAGS = apparmor + DOCKER_CONTAINERD_GLDFLAGS = \ + -X github.com/containerd/containerd.GitCommit=$(DOCKER_CONTAINERD_COMMIT) + +diff --git a/package/docker-engine/docker-engine.mk b/package/docker-engine/docker-engine.mk +index e3dde03..d500e71 100644 +--- a/package/docker-engine/docker-engine.mk ++++ b/package/docker-engine/docker-engine.mk +@@ -27,7 +27,7 @@ DOCKER_ENGINE_GLDFLAGS = \ + -X github.com/docker/cli/cli.GitCommit=$(DOCKER_ENGINE_VERSION) \ + -X github.com/docker/cli/cli.Version=$(DOCKER_ENGINE_VERSION) + +-DOCKER_ENGINE_BUILD_TAGS = cgo exclude_graphdriver_zfs autogen ++DOCKER_ENGINE_BUILD_TAGS = cgo exclude_graphdriver_zfs autogen apparmor + DOCKER_ENGINE_BUILD_TARGETS = cli:docker + DOCKER_ENGINE_BUILD_TARGET_PARSE = \ + export targetpkg=$$(echo $(target) | cut -d: -f1); \ +diff --git a/package/runc/runc.mk b/package/runc/runc.mk +index f19fc5f..1ab0b70 100644 +--- a/package/runc/runc.mk ++++ b/package/runc/runc.mk +@@ -18,6 +18,7 @@ RUNC_MAKE_ENV = $(HOST_GO_TARGET_ENV) \ + GOPATH="$(RUNC_GOPATH)" \ + PATH=$(BR_PATH) + ++RUNC_GOTAGS = cgo apparmor + RUNC_GLDFLAGS = \ + -X main.gitCommit=$(RUNC_VERSION) + +@@ -26,8 +27,6 @@ RUNC_GLDFLAGS += -extldflags '-static' + RUNC_GOTAGS += static_build + endif + +-RUNC_GOTAGS = cgo +- + ifeq ($(BR2_PACKAGE_LIBSECCOMP),y) + RUNC_GOTAGS += seccomp + RUNC_DEPENDENCIES += libseccomp host-pkgconf +-- +2.7.4 + diff --git a/buildroot-patches/0014-package-rauc-Version-bump-to-0.4.patch b/buildroot-patches/0014-package-rauc-Version-bump-to-0.4.patch new file mode 100644 index 000000000..690bdd4c2 --- /dev/null +++ b/buildroot-patches/0014-package-rauc-Version-bump-to-0.4.patch @@ -0,0 +1,34 @@ +Version 0.4 supports bootloader updates to eMMC boot partitions. + +Signed-off-by: Jim Brennan +--- + package/rauc/rauc.hash | 4 ++-- + package/rauc/rauc.mk | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/package/rauc/rauc.hash b/package/rauc/rauc.hash +index 91d7c1d62e..a16340f185 100644 +--- a/package/rauc/rauc.hash ++++ b/package/rauc/rauc.hash +@@ -1,3 +1,3 @@ + # Locally calculated, after verifying against +-# https://github.com/rauc/rauc/releases/download/v0.3/rauc-0.3.tar.xz.asc +-sha256 dc01bfb08b1830376782f9a51cfec290171519267ab97cc909435da9ac6d6d98 rauc-0.3.tar.xz ++# https://github.com/rauc/rauc/releases/download/v0.4/rauc-0.4.tar.xz.asc ++sha256 89656b6330ac1f31293d450f5179896397c588ab52e77ec229382a6abd125d35 rauc-0.4.tar.xz +diff --git a/package/rauc/rauc.mk b/package/rauc/rauc.mk +index 63fbc53022..f1705a8c33 100644 +--- a/package/rauc/rauc.mk ++++ b/package/rauc/rauc.mk +@@ -4,7 +4,7 @@ + # + ################################################################################ + +-RAUC_VERSION = 0.3 ++RAUC_VERSION = 0.4 + RAUC_SITE = https://github.com/rauc/rauc/releases/download/v$(RAUC_VERSION) + RAUC_SOURCE = rauc-$(RAUC_VERSION).tar.xz + RAUC_LICENSE = LGPL-2.1 +-- +2.11.0 + diff --git a/buildroot/package/docker-containerd/docker-containerd.mk b/buildroot/package/docker-containerd/docker-containerd.mk index 230307d6b..9be658dc0 100644 --- a/buildroot/package/docker-containerd/docker-containerd.mk +++ b/buildroot/package/docker-containerd/docker-containerd.mk @@ -18,6 +18,7 @@ DOCKER_CONTAINERD_MAKE_ENV = $(HOST_GO_TARGET_ENV) \ GOBIN="$(@D)/bin" \ GOPATH="$(DOCKER_CONTAINERD_GOPATH)" +DOCKER_CONTAINERD_BUILD_TAGS = apparmor DOCKER_CONTAINERD_GLDFLAGS = \ -X github.com/containerd/containerd.GitCommit=$(DOCKER_CONTAINERD_COMMIT) diff --git a/buildroot/package/docker-engine/docker-engine.mk b/buildroot/package/docker-engine/docker-engine.mk index e3dde0318..d500e71b3 100644 --- a/buildroot/package/docker-engine/docker-engine.mk +++ b/buildroot/package/docker-engine/docker-engine.mk @@ -27,7 +27,7 @@ DOCKER_ENGINE_GLDFLAGS = \ -X github.com/docker/cli/cli.GitCommit=$(DOCKER_ENGINE_VERSION) \ -X github.com/docker/cli/cli.Version=$(DOCKER_ENGINE_VERSION) -DOCKER_ENGINE_BUILD_TAGS = cgo exclude_graphdriver_zfs autogen +DOCKER_ENGINE_BUILD_TAGS = cgo exclude_graphdriver_zfs autogen apparmor DOCKER_ENGINE_BUILD_TARGETS = cli:docker DOCKER_ENGINE_BUILD_TARGET_PARSE = \ export targetpkg=$$(echo $(target) | cut -d: -f1); \ diff --git a/buildroot/package/rauc/rauc.hash b/buildroot/package/rauc/rauc.hash index 91d7c1d62..a16340f18 100644 --- a/buildroot/package/rauc/rauc.hash +++ b/buildroot/package/rauc/rauc.hash @@ -1,3 +1,3 @@ # Locally calculated, after verifying against -# https://github.com/rauc/rauc/releases/download/v0.3/rauc-0.3.tar.xz.asc -sha256 dc01bfb08b1830376782f9a51cfec290171519267ab97cc909435da9ac6d6d98 rauc-0.3.tar.xz +# https://github.com/rauc/rauc/releases/download/v0.4/rauc-0.4.tar.xz.asc +sha256 89656b6330ac1f31293d450f5179896397c588ab52e77ec229382a6abd125d35 rauc-0.4.tar.xz diff --git a/buildroot/package/rauc/rauc.mk b/buildroot/package/rauc/rauc.mk index 63fbc5302..f1705a8c3 100644 --- a/buildroot/package/rauc/rauc.mk +++ b/buildroot/package/rauc/rauc.mk @@ -4,7 +4,7 @@ # ################################################################################ -RAUC_VERSION = 0.3 +RAUC_VERSION = 0.4 RAUC_SITE = https://github.com/rauc/rauc/releases/download/v$(RAUC_VERSION) RAUC_SOURCE = rauc-$(RAUC_VERSION).tar.xz RAUC_LICENSE = LGPL-2.1 diff --git a/buildroot/package/runc/runc.mk b/buildroot/package/runc/runc.mk index f19fc5f06..1ab0b70a5 100644 --- a/buildroot/package/runc/runc.mk +++ b/buildroot/package/runc/runc.mk @@ -18,6 +18,7 @@ RUNC_MAKE_ENV = $(HOST_GO_TARGET_ENV) \ GOPATH="$(RUNC_GOPATH)" \ PATH=$(BR_PATH) +RUNC_GOTAGS = cgo apparmor RUNC_GLDFLAGS = \ -X main.gitCommit=$(RUNC_VERSION) @@ -26,8 +27,6 @@ RUNC_GLDFLAGS += -extldflags '-static' RUNC_GOTAGS += static_build endif -RUNC_GOTAGS = cgo - ifeq ($(BR2_PACKAGE_LIBSECCOMP),y) RUNC_GOTAGS += seccomp RUNC_DEPENDENCIES += libseccomp host-pkgconf diff --git a/scripts/enter.sh b/scripts/enter.sh index 0be4cb7ed..1ca96ced3 100755 --- a/scripts/enter.sh +++ b/scripts/enter.sh @@ -1,3 +1,4 @@ #!/bin/bash +modprobe overlayfs docker build -t hassbuildroot . docker run -it --rm --privileged -v "$(pwd):/build" hassbuildroot bash diff --git a/scripts/ovf-create.sh b/scripts/ovf-create.sh new file mode 100755 index 000000000..df370c517 --- /dev/null +++ b/scripts/ovf-create.sh @@ -0,0 +1,9 @@ +#!/bin/bash +set -e + +VboxManage createvm --name Hass.io --ostype Linux_64 --register +VBoxManage modifyvm Hass.io --cpus 2 --memory 1048 --firmware efi +VBoxManage modifyvm Hass.io --nic1 bridged +VBoxManage storageattach Hass.io --storagectl "SATA Controller" --device 0 --port 0 --type vmdk --medium $1 + +VBoxManage export Hass.io --ovf20 --vendor "Home Assistant" --vendorurl "http://hass.io" --output $2 diff --git a/scripts/update-dtb.sh b/scripts/update-dtb.sh new file mode 100755 index 000000000..1417d7026 --- /dev/null +++ b/scripts/update-dtb.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +dtc -O dtb -o buildroot-external/board/ova/barebox-state.dtb buildroot-external/board/ova/barebox-state.dts