From 5a6b8c5bbe065ded5d0e6138f5059a1c2549c5d6 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Tue, 24 Apr 2018 00:14:43 +0200 Subject: [PATCH 001/100] Add OVA script (#4) --- scripts/ovf-create.sh | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 scripts/ovf-create.sh diff --git a/scripts/ovf-create.sh b/scripts/ovf-create.sh new file mode 100644 index 000000000..8160c9746 --- /dev/null +++ b/scripts/ovf-create.sh @@ -0,0 +1,9 @@ +#!/bin/bash +set -e + +VboxManage createvm --name Hass.io --ostype Linux_64 --register +VBoxManage modifyvm Hass.io --cpus 2 --memory 1048 --firmware efi +VBoxManage modifyvm Hass.io --nic1 bridged +VBoxManage storageattach Hass.io --storagectl "SATA Controller" --device 0 --port 0 --type vmdk --medium $1 + +VBoxManage export Hass.io --ovf20 --vendor "Home-Assistant" --vendorurl "http://hass.io" --output $2 From e544c14d3dc1263333694c0c776d59c4c9a74821 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Fri, 27 Apr 2018 18:20:06 +0200 Subject: [PATCH 002/100] Layering hostname/hosts (#5) * Layering hostname/hosts * Fix build * Use origin files on new overlay --- .../package/hassio/builder/hostapp.sh | 4 ++-- .../hassio-bind.target.wants/etc-hostname.mount | 1 + .../hassio-bind.target.wants/etc-hosts.mount | 1 + .../rootfs-overlay/etc/tmpfiles.d/hostname.conf | 2 ++ .../usr/lib/systemd/system/etc-hostname.mount | 14 ++++++++++++++ .../usr/lib/systemd/system/etc-hosts.mount | 14 ++++++++++++++ .../usr/lib/systemd/system/mnt-overlay.mount | 2 +- scripts/enter.sh | 1 + 8 files changed, 36 insertions(+), 3 deletions(-) create mode 120000 buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-hostname.mount create mode 120000 buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-hosts.mount create mode 100644 buildroot-external/rootfs-overlay/etc/tmpfiles.d/hostname.conf create mode 100644 buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-hostname.mount create mode 100644 buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-hosts.mount diff --git a/buildroot-external/package/hassio/builder/hostapp.sh b/buildroot-external/package/hassio/builder/hostapp.sh index 61e0f53d7..2a7806624 100755 --- a/buildroot-external/package/hassio/builder/hostapp.sh +++ b/buildroot-external/package/hassio/builder/hostapp.sh @@ -55,11 +55,11 @@ mkdir -p /mnt/supervisor mkdir -p /mnt/cli # Run dockerd -dockerd -s overlay2 -g /mnt/docker 2> /dev/null & +dockerd -s overlay2 -g /mnt/docker & DOCKER_PID=$! +DOCKER_COUNT=0 until docker info >/dev/null 2>&1; do - DOCKER_COUNT=0 if [ ${DOCKER_COUNT} -gt 30 ]; then exit 1 fi diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-hostname.mount b/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-hostname.mount new file mode 120000 index 000000000..173cae388 --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-hostname.mount @@ -0,0 +1 @@ +/usr/lib/systemd/system/etc-hostname.mount \ No newline at end of file diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-hosts.mount b/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-hosts.mount new file mode 120000 index 000000000..d22d22eb3 --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-hosts.mount @@ -0,0 +1 @@ +/usr/lib/systemd/system/etc-hosts.mount \ No newline at end of file diff --git a/buildroot-external/rootfs-overlay/etc/tmpfiles.d/hostname.conf b/buildroot-external/rootfs-overlay/etc/tmpfiles.d/hostname.conf new file mode 100644 index 000000000..9d64a0516 --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/tmpfiles.d/hostname.conf @@ -0,0 +1,2 @@ +C /mnt/overlay/etc/hostname - - - - /etc/hostname +C /mnt/overlay/etc/hosts - - - - /etc/hosts diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-hostname.mount b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-hostname.mount new file mode 100644 index 000000000..be4a26bea --- /dev/null +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-hostname.mount @@ -0,0 +1,14 @@ +[Unit] +Description=Hostname persistent configuration +Requires=mnt-overlay.mount +After=mnt-overlay.mount systemd-tmpfiles-setup.service +Before=network.target + +[Mount] +What=/mnt/overlay/etc/hostname +Where=/etc/hostname +Type=none +Options=bind + +[Install] +WantedBy=hassio-bind.target diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-hosts.mount b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-hosts.mount new file mode 100644 index 000000000..366be9906 --- /dev/null +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-hosts.mount @@ -0,0 +1,14 @@ +[Unit] +Description=Hosts persistent configuration +Requires=mnt-overlay.mount +After=mnt-overlay.mount systemd-tmpfiles-setup.service +Before=network.target + +[Mount] +What=/mnt/overlay/etc/hosts +Where=/etc/hosts +Type=none +Options=bind + +[Install] +WantedBy=hassio-bind.target diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/mnt-overlay.mount b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/mnt-overlay.mount index f648f6bfd..7af4b28a0 100644 --- a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/mnt-overlay.mount +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/mnt-overlay.mount @@ -1,7 +1,7 @@ [Unit] Description=Hassio overlay partition DefaultDependencies=no -Before=umount.target +Before=umount.target systemd-tmpfiles-setup.service Conflicts=umount.target [Mount] diff --git a/scripts/enter.sh b/scripts/enter.sh index 0be4cb7ed..1ca96ced3 100755 --- a/scripts/enter.sh +++ b/scripts/enter.sh @@ -1,3 +1,4 @@ #!/bin/bash +modprobe overlayfs docker build -t hassbuildroot . docker run -it --rm --privileged -v "$(pwd):/build" hassbuildroot bash From 34f58015b4a42037f773db327c46b4832e2cc0dd Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 28 Apr 2018 00:35:26 +0200 Subject: [PATCH 003/100] Cleanup busybox & fix systemd (#6) --- buildroot-external/busybox.config | 34 +++++++-------- .../systemd/0001-Allow-hostname-on-ro.patch | 41 +++++++++++++++++++ 2 files changed, 58 insertions(+), 17 deletions(-) create mode 100644 buildroot-external/patches/systemd/0001-Allow-hostname-on-ro.patch diff --git a/buildroot-external/busybox.config b/buildroot-external/busybox.config index fced55441..a867d39f0 100644 --- a/buildroot-external/busybox.config +++ b/buildroot-external/busybox.config @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit # Busybox version: 1.27.2 -# Tue Apr 17 18:57:21 2018 +# Fri Apr 27 16:47:10 2018 # CONFIG_HAVE_DOT_CONFIG=y @@ -606,13 +606,13 @@ CONFIG_GETOPT=y CONFIG_FEATURE_GETOPT_LONG=y CONFIG_HEXDUMP=y CONFIG_FEATURE_HEXDUMP_REVERSE=y -CONFIG_HD=y -CONFIG_XXD=y -CONFIG_HWCLOCK=y -CONFIG_FEATURE_HWCLOCK_LONG_OPTIONS=y +# CONFIG_HD is not set +# CONFIG_XXD is not set +# CONFIG_HWCLOCK is not set +# CONFIG_FEATURE_HWCLOCK_LONG_OPTIONS is not set # CONFIG_FEATURE_HWCLOCK_ADJTIME_FHS is not set CONFIG_IONICE=y -CONFIG_IPCRM=y +# CONFIG_IPCRM is not set CONFIG_IPCS=y # CONFIG_LAST is not set # CONFIG_FEATURE_LAST_FANCY is not set @@ -648,9 +648,9 @@ CONFIG_FEATURE_MOUNT_FLAGS=y # CONFIG_FEATURE_MOUNT_FSTAB is not set # CONFIG_FEATURE_MOUNT_OTHERTAB is not set # CONFIG_MOUNTPOINT is not set -CONFIG_NSENTER=y -CONFIG_FEATURE_NSENTER_LONG_OPTS=y -CONFIG_PIVOT_ROOT=y +# CONFIG_NSENTER is not set +# CONFIG_FEATURE_NSENTER_LONG_OPTS is not set +# CONFIG_PIVOT_ROOT is not set CONFIG_RDATE=y CONFIG_RDEV=y CONFIG_READPROFILE=y @@ -674,14 +674,14 @@ CONFIG_FEATURE_TASKSET_FANCY=y CONFIG_UEVENT=y CONFIG_UMOUNT=y CONFIG_FEATURE_UMOUNT_ALL=y -CONFIG_UNSHARE=y +# CONFIG_UNSHARE is not set # CONFIG_WALL is not set # # Common options for mount/umount # CONFIG_FEATURE_MOUNT_LOOP=y -CONFIG_FEATURE_MOUNT_LOOP_CREATE=y +# CONFIG_FEATURE_MOUNT_LOOP_CREATE is not set # CONFIG_FEATURE_MTAB_SUPPORT is not set CONFIG_VOLUMEID=y @@ -750,10 +750,10 @@ CONFIG_FEATURE_CROND_DIR="" # CONFIG_FLASHCP is not set CONFIG_HDPARM=y CONFIG_FEATURE_HDPARM_GET_IDENTITY=y -CONFIG_FEATURE_HDPARM_HDIO_SCAN_HWIF=y -CONFIG_FEATURE_HDPARM_HDIO_UNREGISTER_HWIF=y -CONFIG_FEATURE_HDPARM_HDIO_DRIVE_RESET=y -CONFIG_FEATURE_HDPARM_HDIO_TRISTATE_HWIF=y +# CONFIG_FEATURE_HDPARM_HDIO_SCAN_HWIF is not set +# CONFIG_FEATURE_HDPARM_HDIO_UNREGISTER_HWIF is not set +# CONFIG_FEATURE_HDPARM_HDIO_DRIVE_RESET is not set +# CONFIG_FEATURE_HDPARM_HDIO_TRISTATE_HWIF is not set CONFIG_FEATURE_HDPARM_HDIO_GETSET_DMA=y # CONFIG_I2CGET is not set # CONFIG_I2CSET is not set @@ -780,7 +780,7 @@ CONFIG_FEATURE_LESS_MAXLINES=0 # CONFIG_MT is not set CONFIG_NANDWRITE=y CONFIG_NANDDUMP=y -CONFIG_PARTPROBE=y +# CONFIG_PARTPROBE is not set # CONFIG_RAIDAUTORUN is not set # CONFIG_READAHEAD is not set # CONFIG_RFKILL is not set @@ -1069,7 +1069,7 @@ CONFIG_ASH_TEST=y CONFIG_ASH_HELP=y CONFIG_ASH_GETOPTS=y CONFIG_ASH_CMDCMD=y -CONFIG_CTTYHACK=y +# CONFIG_CTTYHACK is not set # CONFIG_HUSH is not set # CONFIG_HUSH_BASH_COMPAT is not set # CONFIG_HUSH_BRACE_EXPANSION is not set diff --git a/buildroot-external/patches/systemd/0001-Allow-hostname-on-ro.patch b/buildroot-external/patches/systemd/0001-Allow-hostname-on-ro.patch new file mode 100644 index 000000000..71f85f32c --- /dev/null +++ b/buildroot-external/patches/systemd/0001-Allow-hostname-on-ro.patch @@ -0,0 +1,41 @@ +From 525b60af3320de3cc1f1145fe31a2de07b61faf6 Mon Sep 17 00:00:00 2001 +From: Pascal Vizeli +Date: Sat, 28 Apr 2018 00:20:08 +0200 +Subject: [PATCH 1/1] Allow hostname on ro + +--- + src/hostname/hostnamed.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c +index d9ad2fb..87fae35 100644 +--- a/src/hostname/hostnamed.c ++++ b/src/hostname/hostnamed.c +@@ -289,6 +289,7 @@ static int context_update_kernel_hostname(Context *c) { + static int context_write_data_static_hostname(Context *c) { + + assert(c); ++ FILE *f = NULL; + + if (isempty(c->data[PROP_STATIC_HOSTNAME])) { + +@@ -297,7 +298,15 @@ static int context_write_data_static_hostname(Context *c) { + + return 0; + } +- return write_string_file_atomic_label("/etc/hostname", c->data[PROP_STATIC_HOSTNAME]); ++ ++ f = fopen("/etc/hostname", "w"); ++ if (f == NULL) ++ return -ENOENT; ++ ++ fputs(c->data[PROP_STATIC_HOSTNAME], f); ++ fclose(f); ++ ++ return 0; + } + + static int context_write_data_machine_info(Context *c) { +-- +2.7.4 + From d10d21ba08afa804bf9bc7c3e5e4504e17541c69 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 28 Apr 2018 00:36:01 +0200 Subject: [PATCH 004/100] Delete .ignore --- buildroot-external/patches/.ignore | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 buildroot-external/patches/.ignore diff --git a/buildroot-external/patches/.ignore b/buildroot-external/patches/.ignore deleted file mode 100644 index e69de29bb..000000000 From 14f9fc3eebb871b6f4bb2fa6bdc5ddf21d9c7308 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 28 Apr 2018 10:54:05 +0200 Subject: [PATCH 005/100] Update ova_defconfig --- buildroot-external/configs/ova_defconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/configs/ova_defconfig b/buildroot-external/configs/ova_defconfig index 367aa44ca..943d957e5 100644 --- a/buildroot-external/configs/ova_defconfig +++ b/buildroot-external/configs/ova_defconfig @@ -5,7 +5,7 @@ BR2_GLOBAL_PATCH_DIR="$(BR2_EXTERNAL_HASSIO_PATH)/patches" BR2_TOOLCHAIN_BUILDROOT_GLIBC=y BR2_GCC_VERSION_7_X=y BR2_TOOLCHAIN_BUILDROOT_CXX=y -BR2_TARGET_GENERIC_HOSTNAME="hassio.local" +BR2_TARGET_GENERIC_HOSTNAME="hassio" BR2_TARGET_GENERIC_ISSUE="Welcome to Hass.io" BR2_INIT_SYSTEMD=y BR2_TARGET_GENERIC_GETTY_PORT="tty1" From 6515947a3c19e030e24a4d0c9d2b54136fd06aa4 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 28 Apr 2018 11:53:31 +0200 Subject: [PATCH 006/100] Cleanup old stuff --- buildroot-external/configs/ova_defconfig | 2 -- 1 file changed, 2 deletions(-) diff --git a/buildroot-external/configs/ova_defconfig b/buildroot-external/configs/ova_defconfig index 943d957e5..4a9d10356 100644 --- a/buildroot-external/configs/ova_defconfig +++ b/buildroot-external/configs/ova_defconfig @@ -22,8 +22,6 @@ BR2_LINUX_KERNEL_NEEDS_HOST_LIBELF=y BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y BR2_PACKAGE_BUSYBOX_CONFIG="$(BR2_EXTERNAL_HASSIO_PATH)/busybox.config" BR2_PACKAGE_BUSYBOX_INDIVIDUAL_BINARIES=y -BR2_PACKAGE_ALSA_UTILS=y -BR2_PACKAGE_LZ4=y BR2_PACKAGE_JQ=y BR2_PACKAGE_DOSFSTOOLS=y BR2_PACKAGE_E2FSPROGS=y From 53e0d22875729e30bb36d21eb07483ab10479c52 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Sun, 29 Apr 2018 00:05:56 +0200 Subject: [PATCH 007/100] Fix typos and layout --- README.md | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index f99ffd707..ff0b9697d 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,14 @@ # WORK IN PROGRESS! # Hass.io OS -Hass.io OS based on buildroot. It's a hypervisor for docker and support many kind of IoT hardware. It is also available as Virtual Appliance. It's optimazed for embedded system and high security. You can update the system simple with OTA updates or offline Updates. +Hass.io OS based on [buildroot](https://buildroot.org/). It's a hypervisor for Docker and supports various kind of IoT hardware. It is also available as virtual appliance. The whole system is optimized for embedded system and security. You can update the system simple with OTA updates or offline updates. ## Focus + - Linux kernel 4.15 - Barebox as bootloader - RAUC for OTA updates -- SquashFS LZ4 for filesystem +- SquashFS LZ4 as filesystem - Docker 17.12.1 - ZRAM LZ4 for /tmp, /var, swap - Run every supervisor @@ -15,8 +16,9 @@ Hass.io OS based on buildroot. It's a hypervisor for docker and support many kin ## Schemas ![](misc/hassio-os-partition.png?raw=true) -## Config -Create a USB stick with a partition "hassio-config". This partition can include follow files: +## Configuration + +Create a USB stick with a partition named "hassio-config". This partition can include follow files: - network-* (NetworkManager keyfiles) - known_hosts (SSH) @@ -26,7 +28,8 @@ Create a USB stick with a partition "hassio-config". This partition can include ## Supervisor/Cli -Provide a `hassio.json` on your data partition they can/need follow struct: +Provide a file with the name `hassio.json` in your data partition and the following structure: + ```json { "supervisor": "repo/image", @@ -37,10 +40,10 @@ Provide a `hassio.json` on your data partition they can/need follow struct: ``` # Building -Running sudo `./enter.sh` will get you into the build docker container. +Running `sudo ./enter.sh` will get you into the build Docker container. `make -C /build/buildroot BR2_EXTERNAL=/build/buildroot-external xy_defconfig` -From outside the docker container, while it is still running you can use `./getimage.sh` to get the output image. +From outside the Docker container, while it is still running you can use `./getimage.sh` to get the output image. ## Helpers From 258717c412d07fcc0c59604cba6d6360ea132f28 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Sun, 29 Apr 2018 10:22:11 +0200 Subject: [PATCH 008/100] Enable move bot (#8) --- .github/move.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 .github/move.yml diff --git a/.github/move.yml b/.github/move.yml new file mode 100644 index 000000000..e041083c9 --- /dev/null +++ b/.github/move.yml @@ -0,0 +1,13 @@ +# Configuration for move-issues - https://github.com/dessant/move-issues + +# Delete the command comment. Ignored when the comment also contains other content +deleteCommand: true +# Close the source issue after moving +closeSourceIssue: true +# Lock the source issue after moving +lockSourceIssue: false +# Set custom aliases for targets +# aliases: +# r: repo +# or: owner/repo + From 1e62743b1e7ee908a259f2d61d29029e4c202ef6 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sun, 29 Apr 2018 14:01:07 +0200 Subject: [PATCH 009/100] Apparmor (#9) * Create Config.in * Update Config.in * Create apparmor.mk * Update Config.in * Create apparmor.hash * Update and rename buildroot-external/package/apparmor/Config.in to buildroot-external/package/libapparmor/Config.in * Create Config.in * Delete Config.in * Update Config.in * Update Config.in * Update apparmor.mk * Update apparmor.mk * Update apparmor.mk * Update Config.in * Update apparmor.mk * Update apparmor.mk * Delete apparmor.hash * Update apparmor.mk * Update apparmor.mk * Update apparmor.mk * Update apparmor.mk * Update apparmor.mk * test 1 * Fix stuff --- buildroot-external/Config.in | 2 ++ buildroot-external/configs/ova_defconfig | 2 ++ buildroot-external/package/apparmor/Config.in | 9 ++++++++ .../package/apparmor/apparmor.mk | 22 +++++++++++++++++++ .../package/libapparmor/Config.in | 8 +++++++ .../package/libapparmor/libapparmor.mk | 18 +++++++++++++++ 6 files changed, 61 insertions(+) create mode 100644 buildroot-external/package/apparmor/Config.in create mode 100644 buildroot-external/package/apparmor/apparmor.mk create mode 100644 buildroot-external/package/libapparmor/Config.in create mode 100644 buildroot-external/package/libapparmor/libapparmor.mk diff --git a/buildroot-external/Config.in b/buildroot-external/Config.in index 61b6e032b..2df71695d 100644 --- a/buildroot-external/Config.in +++ b/buildroot-external/Config.in @@ -1,2 +1,4 @@ source "$BR2_EXTERNAL_HASSIO_PATH/package/mingetty/Config.in" source "$BR2_EXTERNAL_HASSIO_PATH/package/hassio/Config.in" +source "$BR2_EXTERNAL_HASSIO_PATH/package/libapparmor/Config.in" +source "$BR2_EXTERNAL_HASSIO_PATH/package/apparmor/Config.in" diff --git a/buildroot-external/configs/ova_defconfig b/buildroot-external/configs/ova_defconfig index 4a9d10356..9d6db2837 100644 --- a/buildroot-external/configs/ova_defconfig +++ b/buildroot-external/configs/ova_defconfig @@ -69,3 +69,5 @@ BR2_PACKAGE_HASSIO_SUPERVISOR_VERSION="0.101" BR2_PACKAGE_HASSIO_SUPERVISOR_ARGS="-e HOMEASSISTANT_REPOSITORY=homeassistant/qemux86-64-homeassistant" BR2_PACKAGE_HASSIO_CLI="homeassistant/amd64-hassio-cli" BR2_PACKAGE_HASSIO_CLI_VERSION="0.1" +BR2_PACKAGE_APPARMOR=y +BR2_PACKAGE_LIBAPPARMOR=y diff --git a/buildroot-external/package/apparmor/Config.in b/buildroot-external/package/apparmor/Config.in new file mode 100644 index 000000000..6ba44321a --- /dev/null +++ b/buildroot-external/package/apparmor/Config.in @@ -0,0 +1,9 @@ +config BR2_PACKAGE_APPARMOR + bool "apparmor" + depends on BR2_PACKAGE_LIBAPPARMOR + help + AppArmor gives you network application security via mandatory + access control for programs, protecting against the exploitation + of software flaws and compromised systems. + + http://apparmor.net diff --git a/buildroot-external/package/apparmor/apparmor.mk b/buildroot-external/package/apparmor/apparmor.mk new file mode 100644 index 000000000..67a7eeb1f --- /dev/null +++ b/buildroot-external/package/apparmor/apparmor.mk @@ -0,0 +1,22 @@ +############################################################# +# +# apparmor +# +############################################################# +APPARMOR_VERSION = v2.13 +APPARMOR_SITE = git://git.launchpad.net/apparmor +APPARMOR_LICENSE = GPL-2 +APPARMOR_LICENSE_FILES = LICENSE +APPARMOR_DEPENDENCIES = libapparmor + +define APPARMOR_BUILD_CMDS + $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) PATH=$(BR_PATH) $(MAKE) -C $(@D)/parser USE_SYSTEM=1 YACC=bison LEX=flex + $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/profiles +endef + +define APPARMOR_INSTALL_TARGET_CMDS + $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/parser DESTDIR=$(TARGET_DIR) USE_SYSTEM=1 PREFIX=/usr install + $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/profiles DESTDIR=$(TARGET_DIR) PREFIX=/usr install +endef + +$(eval $(generic-package)) diff --git a/buildroot-external/package/libapparmor/Config.in b/buildroot-external/package/libapparmor/Config.in new file mode 100644 index 000000000..f2188d078 --- /dev/null +++ b/buildroot-external/package/libapparmor/Config.in @@ -0,0 +1,8 @@ +config BR2_PACKAGE_LIBAPPARMOR + bool "libapparmor" + help + AppArmor gives you network application security via mandatory + access control for programs, protecting against the exploitation + of software flaws and compromised systems. + + http://apparmor.net diff --git a/buildroot-external/package/libapparmor/libapparmor.mk b/buildroot-external/package/libapparmor/libapparmor.mk new file mode 100644 index 000000000..0be91b1a7 --- /dev/null +++ b/buildroot-external/package/libapparmor/libapparmor.mk @@ -0,0 +1,18 @@ +############################################################# +# +# libapparmor +# +############################################################# +LIBAPPARMOR_VERSION = v2.13 +LIBAPPARMOR_SITE = git://git.launchpad.net/apparmor +LIBAPPARMOR_LICENSE = GPL-2 +LIBAPPARMOR_LICENSE_FILES = LICENSE +LIBAPPARMOR_INSTALL_STAGING = YES +LIBAPPARMOR_INSTALL_TARGET = NO +LIBAPPARMOR_DEPENDENCIES = host-flex +LIBAPPARMOR_SUBDIR = libraries/libapparmor +LIBAPPARMOR_CONF_ENV = ac_cv_func_reallocarray=no +LIBAPPARMOR_AUTORECONF = YES +LIBAPPARMOR_CONF_OPTS = --enable-static + +$(eval $(autotools-package)) From 93357c71ff8e79c0378996ff6517365f9a36765e Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sun, 29 Apr 2018 20:41:53 +0200 Subject: [PATCH 010/100] Install apparmor systemd --- buildroot-external/package/apparmor/apparmor.mk | 1 + 1 file changed, 1 insertion(+) diff --git a/buildroot-external/package/apparmor/apparmor.mk b/buildroot-external/package/apparmor/apparmor.mk index 67a7eeb1f..2d1ddf99d 100644 --- a/buildroot-external/package/apparmor/apparmor.mk +++ b/buildroot-external/package/apparmor/apparmor.mk @@ -16,6 +16,7 @@ endef define APPARMOR_INSTALL_TARGET_CMDS $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/parser DESTDIR=$(TARGET_DIR) USE_SYSTEM=1 PREFIX=/usr install + $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/parser DESTDIR=$(TARGET_DIR) USE_SYSTEM=1 PREFIX=/usr install-systemd $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/profiles DESTDIR=$(TARGET_DIR) PREFIX=/usr install endef From f2fa29357fcb90776bf26f66694b10c72c895c37 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sun, 29 Apr 2018 20:46:41 +0200 Subject: [PATCH 011/100] cleanup apparmor systemd --- buildroot-external/package/apparmor/apparmor.mk | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/buildroot-external/package/apparmor/apparmor.mk b/buildroot-external/package/apparmor/apparmor.mk index 2d1ddf99d..5ebff566a 100644 --- a/buildroot-external/package/apparmor/apparmor.mk +++ b/buildroot-external/package/apparmor/apparmor.mk @@ -15,8 +15,7 @@ define APPARMOR_BUILD_CMDS endef define APPARMOR_INSTALL_TARGET_CMDS - $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/parser DESTDIR=$(TARGET_DIR) USE_SYSTEM=1 PREFIX=/usr install - $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/parser DESTDIR=$(TARGET_DIR) USE_SYSTEM=1 PREFIX=/usr install-systemd + $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/parser DESTDIR=$(TARGET_DIR) USE_SYSTEM=1 PREFIX=/usr install install-systemd $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/profiles DESTDIR=$(TARGET_DIR) PREFIX=/usr install endef From 69db31ba2e0e52f4677c008b84ad2cddddfd998e Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Mon, 30 Apr 2018 00:09:43 +0200 Subject: [PATCH 012/100] Extend AppArmor / hassio --- buildroot-external/busybox.config | 4 ++-- buildroot-external/configs/ova_defconfig | 3 ++- buildroot-external/package/hassio/builder/hostapp.sh | 1 + buildroot-external/rootfs-overlay/etc/apparmor/parser.conf | 2 ++ .../systemd/system/multi-user.target.wants/apparmor.service | 1 + 5 files changed, 8 insertions(+), 3 deletions(-) create mode 100644 buildroot-external/rootfs-overlay/etc/apparmor/parser.conf create mode 120000 buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/apparmor.service diff --git a/buildroot-external/busybox.config b/buildroot-external/busybox.config index a867d39f0..c4a156b3a 100644 --- a/buildroot-external/busybox.config +++ b/buildroot-external/busybox.config @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit # Busybox version: 1.27.2 -# Fri Apr 27 16:47:10 2018 +# Sun Apr 29 21:50:21 2018 # CONFIG_HAVE_DOT_CONFIG=y @@ -452,7 +452,7 @@ CONFIG_FEATURE_VI_UNDO_QUEUE_MAX=256 # CONFIG_FEATURE_FIND_CONTEXT is not set # CONFIG_FEATURE_FIND_LINKS is not set CONFIG_GREP=y -# CONFIG_EGREP is not set +CONFIG_EGREP=y # CONFIG_FGREP is not set # CONFIG_FEATURE_GREP_CONTEXT is not set # CONFIG_XARGS is not set diff --git a/buildroot-external/configs/ova_defconfig b/buildroot-external/configs/ova_defconfig index 9d6db2837..1e3020268 100644 --- a/buildroot-external/configs/ova_defconfig +++ b/buildroot-external/configs/ova_defconfig @@ -32,6 +32,7 @@ BR2_PACKAGE_GPTFDISK_SGDISK=y BR2_PACKAGE_CA_CERTIFICATES=y BR2_PACKAGE_LIBCGROUP=y BR2_PACKAGE_LIBCGROUP_TOOLS=y +BR2_PACKAGE_LIBSECCOMP=y BR2_PACKAGE_AVAHI=y BR2_PACKAGE_AVAHI_DAEMON=y BR2_PACKAGE_AVAHI_LIBDNSSD_COMPATIBILITY=y @@ -69,5 +70,5 @@ BR2_PACKAGE_HASSIO_SUPERVISOR_VERSION="0.101" BR2_PACKAGE_HASSIO_SUPERVISOR_ARGS="-e HOMEASSISTANT_REPOSITORY=homeassistant/qemux86-64-homeassistant" BR2_PACKAGE_HASSIO_CLI="homeassistant/amd64-hassio-cli" BR2_PACKAGE_HASSIO_CLI_VERSION="0.1" -BR2_PACKAGE_APPARMOR=y BR2_PACKAGE_LIBAPPARMOR=y +BR2_PACKAGE_APPARMOR=y diff --git a/buildroot-external/package/hassio/builder/hostapp.sh b/buildroot-external/package/hassio/builder/hostapp.sh index 2a7806624..3609a184a 100755 --- a/buildroot-external/package/hassio/builder/hostapp.sh +++ b/buildroot-external/package/hassio/builder/hostapp.sh @@ -53,6 +53,7 @@ mount -o loop ${DATA_IMG} /mnt mkdir -p /mnt/docker mkdir -p /mnt/supervisor mkdir -p /mnt/cli +mkdir -p /mnt/apparmor # Run dockerd dockerd -s overlay2 -g /mnt/docker & diff --git a/buildroot-external/rootfs-overlay/etc/apparmor/parser.conf b/buildroot-external/rootfs-overlay/etc/apparmor/parser.conf new file mode 100644 index 000000000..fde0152ad --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/apparmor/parser.conf @@ -0,0 +1,2 @@ +Include /etc/apparmor.d/ +Include /mnt/data/apparmor/ diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/apparmor.service b/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/apparmor.service new file mode 120000 index 000000000..f9a498ed8 --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/apparmor.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/apparmor.service \ No newline at end of file From 7eedd8c6c7ade3594ff51a6d0d78f2a8af7dd184 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Mon, 30 Apr 2018 12:01:36 +0200 Subject: [PATCH 013/100] Update apparmor.mk --- buildroot-external/package/apparmor/apparmor.mk | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/buildroot-external/package/apparmor/apparmor.mk b/buildroot-external/package/apparmor/apparmor.mk index 5ebff566a..2d1ddf99d 100644 --- a/buildroot-external/package/apparmor/apparmor.mk +++ b/buildroot-external/package/apparmor/apparmor.mk @@ -15,7 +15,8 @@ define APPARMOR_BUILD_CMDS endef define APPARMOR_INSTALL_TARGET_CMDS - $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/parser DESTDIR=$(TARGET_DIR) USE_SYSTEM=1 PREFIX=/usr install install-systemd + $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/parser DESTDIR=$(TARGET_DIR) USE_SYSTEM=1 PREFIX=/usr install + $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/parser DESTDIR=$(TARGET_DIR) USE_SYSTEM=1 PREFIX=/usr install-systemd $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/profiles DESTDIR=$(TARGET_DIR) PREFIX=/usr install endef From e816808382092208dc152799d1791e545b6c5915 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Mon, 30 Apr 2018 12:09:29 +0200 Subject: [PATCH 014/100] Update mnt-data.mount --- .../rootfs-overlay/usr/lib/systemd/system/mnt-data.mount | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/mnt-data.mount b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/mnt-data.mount index 960979156..c439aacf3 100644 --- a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/mnt-data.mount +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/mnt-data.mount @@ -1,9 +1,9 @@ [Unit] Description=Hassio data partition -Requires=hassio-expand.service +Wants=hassio-expand.service DefaultDependencies=no After=hassio-expand.service -Before=umount.target +Before=umount.target systemd-tmpfiles-setup.service Conflicts=umount.target [Mount] From 90b7c9f0d1881d4658126824cb97859f9e7069a1 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Mon, 30 Apr 2018 12:10:17 +0200 Subject: [PATCH 015/100] Update hassio-expand.service --- .../rootfs-overlay/usr/lib/systemd/system/hassio-expand.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-expand.service b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-expand.service index 5bcfa8c7c..f8b9ea15a 100644 --- a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-expand.service +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-expand.service @@ -5,7 +5,7 @@ Before=mnt-data.mount [Service] Type=oneshot -ExecStart=-/sbin/hassio-expand +ExecStart=/sbin/hassio-expand RemainAfterExit=true [Install] From 48d7fafd39727020bc1faddace7cbaf3923f52bf Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Mon, 30 Apr 2018 12:12:31 +0200 Subject: [PATCH 016/100] Create data.conf --- buildroot-external/rootfs-overlay/etc/tmpfiles.d/data.conf | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 buildroot-external/rootfs-overlay/etc/tmpfiles.d/data.conf diff --git a/buildroot-external/rootfs-overlay/etc/tmpfiles.d/data.conf b/buildroot-external/rootfs-overlay/etc/tmpfiles.d/data.conf new file mode 100644 index 000000000..76d1ffe7c --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/tmpfiles.d/data.conf @@ -0,0 +1,3 @@ +d /mnt/data/supervisor +d /mnt/data/cli +d /mnt/data/apparmor From e81898b701a94a3b7d75cbb69482b567b0ed7780 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Mon, 30 Apr 2018 12:13:07 +0200 Subject: [PATCH 017/100] Update hostapp.sh --- buildroot-external/package/hassio/builder/hostapp.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/buildroot-external/package/hassio/builder/hostapp.sh b/buildroot-external/package/hassio/builder/hostapp.sh index 3609a184a..952406dbe 100755 --- a/buildroot-external/package/hassio/builder/hostapp.sh +++ b/buildroot-external/package/hassio/builder/hostapp.sh @@ -51,9 +51,6 @@ mkfs.ext4 -L "hassio-data" -E lazy_itable_init=0,lazy_journal_init=0 ${DATA_IMG} # Mount / init file structs mount -o loop ${DATA_IMG} /mnt mkdir -p /mnt/docker -mkdir -p /mnt/supervisor -mkdir -p /mnt/cli -mkdir -p /mnt/apparmor # Run dockerd dockerd -s overlay2 -g /mnt/docker & From c356987ae54d9b1a7a03d9f2f34200c1a81623c9 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Mon, 30 Apr 2018 12:22:23 +0200 Subject: [PATCH 018/100] Delete parser.conf --- buildroot-external/rootfs-overlay/etc/apparmor/parser.conf | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 buildroot-external/rootfs-overlay/etc/apparmor/parser.conf diff --git a/buildroot-external/rootfs-overlay/etc/apparmor/parser.conf b/buildroot-external/rootfs-overlay/etc/apparmor/parser.conf deleted file mode 100644 index fde0152ad..000000000 --- a/buildroot-external/rootfs-overlay/etc/apparmor/parser.conf +++ /dev/null @@ -1,2 +0,0 @@ -Include /etc/apparmor.d/ -Include /mnt/data/apparmor/ From 67a3f643dacf7aab3531b730e56ab20d358f2203 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Mon, 30 Apr 2018 12:23:58 +0200 Subject: [PATCH 019/100] Create .empty --- .../rootfs-overlay/etc/apparmor.d/containers/.empty | 1 + 1 file changed, 1 insertion(+) create mode 100644 buildroot-external/rootfs-overlay/etc/apparmor.d/containers/.empty diff --git a/buildroot-external/rootfs-overlay/etc/apparmor.d/containers/.empty b/buildroot-external/rootfs-overlay/etc/apparmor.d/containers/.empty new file mode 100644 index 000000000..8b1378917 --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/apparmor.d/containers/.empty @@ -0,0 +1 @@ + From f7c980fcc25251c7cca7d36b5fb6137681c3026d Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Mon, 30 Apr 2018 12:26:39 +0200 Subject: [PATCH 020/100] Create etc-apparmor.d-containers.mount --- .../systemd/system/etc-apparmor.d-containers.mount | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-apparmor.d-containers.mount diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-apparmor.d-containers.mount b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-apparmor.d-containers.mount new file mode 100644 index 000000000..4fa1b8b56 --- /dev/null +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-apparmor.d-containers.mount @@ -0,0 +1,14 @@ +[Unit] +Description=Supervisor persistent apparmor profiles +Requires=mnt-data.mount apparmor.service +After=mnt-data.mount +Before=apparmor.service + +[Mount] +What=/mnt/data/apparmor +Where=/etc/apparmor.d/containers +Type=none +Options=bind + +[Install] +WantedBy=hassio-bind.target From aafaf2b8efb069387afcbea5d70f3a7a7f6fd8c4 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Mon, 30 Apr 2018 13:46:07 +0200 Subject: [PATCH 021/100] Autostart --- .../etc/systemd/system/apparmor.service.d/hassio.conf | 2 ++ .../hassio-bind.target.wants/etc-apparmor.d-containers.mount | 1 + 2 files changed, 3 insertions(+) create mode 100644 buildroot-external/rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf create mode 120000 buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-apparmor.d-containers.mount diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf b/buildroot-external/rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf new file mode 100644 index 000000000..13ed578b5 --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf @@ -0,0 +1,2 @@ +[Unit] +RequiresMountsFor=/etc/apparmor.d/containers diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-apparmor.d-containers.mount b/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-apparmor.d-containers.mount new file mode 120000 index 000000000..834306a17 --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-apparmor.d-containers.mount @@ -0,0 +1 @@ +/usr/lib/systemd/system/etc-apparmor.d-containers.mount \ No newline at end of file From 508d84b97bb31d9468566a9a4acc8ffda6915fbd Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Mon, 30 Apr 2018 23:24:59 +0200 Subject: [PATCH 022/100] Bugfix permission --- .../package/apparmor/0001-Autostart.patch | 31 +++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 buildroot-external/package/apparmor/0001-Autostart.patch diff --git a/buildroot-external/package/apparmor/0001-Autostart.patch b/buildroot-external/package/apparmor/0001-Autostart.patch new file mode 100644 index 000000000..ed24ddc44 --- /dev/null +++ b/buildroot-external/package/apparmor/0001-Autostart.patch @@ -0,0 +1,31 @@ +From aafaf2b8efb069387afcbea5d70f3a7a7f6fd8c4 Mon Sep 17 00:00:00 2001 +From: Pascal Vizeli +Date: Mon, 30 Apr 2018 13:46:07 +0200 +Subject: [PATCH 1/1] Autostart + +--- + .../rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf | 2 ++ + .../system/hassio-bind.target.wants/etc-apparmor.d-containers.mount | 1 + + 2 files changed, 3 insertions(+) + create mode 100644 buildroot-external/rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf + create mode 120000 buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-apparmor.d-containers.mount + +diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf b/buildroot-external/rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf +new file mode 100644 +index 0000000..13ed578 +--- /dev/null ++++ b/buildroot-external/rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf +@@ -0,0 +1,2 @@ ++[Unit] ++RequiresMountsFor=/etc/apparmor.d/containers +diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-apparmor.d-containers.mount b/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-apparmor.d-containers.mount +new file mode 120000 +index 0000000..834306a +--- /dev/null ++++ b/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-apparmor.d-containers.mount +@@ -0,0 +1 @@ ++/usr/lib/systemd/system/etc-apparmor.d-containers.mount +\ No newline at end of file +-- +2.7.4 + From 862bc04173f7e7278d8702b41a565638394c8ac0 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Mon, 30 Apr 2018 23:42:22 +0200 Subject: [PATCH 023/100] Add fix permission patch --- .../package/apparmor/0001-Autostart.patch | 42 ++++++++----------- 1 file changed, 18 insertions(+), 24 deletions(-) diff --git a/buildroot-external/package/apparmor/0001-Autostart.patch b/buildroot-external/package/apparmor/0001-Autostart.patch index ed24ddc44..4b3369084 100644 --- a/buildroot-external/package/apparmor/0001-Autostart.patch +++ b/buildroot-external/package/apparmor/0001-Autostart.patch @@ -1,31 +1,25 @@ -From aafaf2b8efb069387afcbea5d70f3a7a7f6fd8c4 Mon Sep 17 00:00:00 2001 +From 78ceb52ff4e5d4dbe003651b2193979114152763 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli -Date: Mon, 30 Apr 2018 13:46:07 +0200 -Subject: [PATCH 1/1] Autostart +Date: Mon, 30 Apr 2018 23:40:27 +0200 +Subject: [PATCH 1/1] Fix permission --- - .../rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf | 2 ++ - .../system/hassio-bind.target.wants/etc-apparmor.d-containers.mount | 1 + - 2 files changed, 3 insertions(+) - create mode 100644 buildroot-external/rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf - create mode 120000 buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-apparmor.d-containers.mount + parser/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf b/buildroot-external/rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf -new file mode 100644 -index 0000000..13ed578 ---- /dev/null -+++ b/buildroot-external/rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf -@@ -0,0 +1,2 @@ -+[Unit] -+RequiresMountsFor=/etc/apparmor.d/containers -diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-apparmor.d-containers.mount b/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-apparmor.d-containers.mount -new file mode 120000 -index 0000000..834306a ---- /dev/null -+++ b/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-apparmor.d-containers.mount -@@ -0,0 +1 @@ -+/usr/lib/systemd/system/etc-apparmor.d-containers.mount -\ No newline at end of file +diff --git a/parser/Makefile b/parser/Makefile +index b18cfe4..7b7b519 100644 +--- a/parser/Makefile ++++ b/parser/Makefile +@@ -383,7 +383,7 @@ install-indep: indep + install-systemd: + install -m 755 -d $(SYSTEMD_UNIT_DIR) + install -m 644 apparmor.service $(SYSTEMD_UNIT_DIR) +- install -m 644 apparmor.systemd $(APPARMOR_BIN_PREFIX) ++ install -m 755 apparmor.systemd $(APPARMOR_BIN_PREFIX) + install -m 755 -d $(DESTDIR)/sbin + install -m 755 aa-teardown $(DESTDIR)/sbin + -- 2.7.4 From b0212beec3eb5343e6f3a728e684257558590af8 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Tue, 1 May 2018 22:39:30 +0200 Subject: [PATCH 024/100] Apparmor hassio (#10) * Delete 0001-Autostart.patch * Update apparmor.mk * Update Config.in * Create hassio-apparmor * Update hassio-apparmor * Update data.conf * Delete etc-apparmor.d-containers.mount * Delete etc-apparmor.d-containers.mount * Delete hassio.conf * Update hassio-apparmor * Update Config.in * Update Config.in * Update hassio.mk * Update hostapp.sh * Update Config.in * Update hassio.mk * Update hassio.mk * Create hassio-supervisor * Update hassio-apparmor * Update hassio-apparmor * Update hassio-apparmor * Update hassio-supervisor * Update hassio-cli * Update hassio-apparmor * Update hassio-apparmor * Create hassio-apparmor.service * Update hassio-apparmor.service * Delete apparmor.service * Update local stuff * Profile for CLI * Update hassio.mk * Update hassio.mk * Update hassio-supervisor * Update hassio-apparmor --- buildroot-external/apparmor/hassio-supervisor | 59 +++++++++++++++++++ buildroot-external/busybox.config | 4 +- buildroot-external/configs/ova_defconfig | 4 +- .../package/apparmor/0001-Autostart.patch | 25 -------- buildroot-external/package/apparmor/Config.in | 2 +- .../package/apparmor/apparmor.mk | 3 +- buildroot-external/package/hassio/Config.in | 17 +++++- .../package/hassio/builder/hostapp.sh | 37 ++++++++++-- buildroot-external/package/hassio/hassio.mk | 20 ++++--- .../system/apparmor.service.d/hassio.conf | 2 - .../etc-apparmor.d-containers.mount | 1 - .../multi-user.target.wants/apparmor.service | 1 - .../hassio-apparmor.service | 1 + .../rootfs-overlay/etc/tmpfiles.d/data.conf | 1 - .../rootfs-overlay/usr/bin/hassio-cli | 2 + .../system/etc-apparmor.d-containers.mount | 14 ----- .../systemd/system/hassio-apparmor.service | 13 ++++ .../rootfs-overlay/usr/sbin/hassio-apparmor | 47 +++++++++++++++ .../rootfs-overlay/usr/sbin/hassio-supervisor | 2 + 19 files changed, 192 insertions(+), 63 deletions(-) create mode 100644 buildroot-external/apparmor/hassio-supervisor delete mode 100644 buildroot-external/package/apparmor/0001-Autostart.patch delete mode 100644 buildroot-external/rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf delete mode 120000 buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-apparmor.d-containers.mount delete mode 120000 buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/apparmor.service create mode 120000 buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/hassio-apparmor.service delete mode 100644 buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-apparmor.d-containers.mount create mode 100644 buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-apparmor.service create mode 100755 buildroot-external/rootfs-overlay/usr/sbin/hassio-apparmor diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor new file mode 100644 index 000000000..b3332acae --- /dev/null +++ b/buildroot-external/apparmor/hassio-supervisor @@ -0,0 +1,59 @@ +#include + + +profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { + #include + #include + + network inet tcp, + + deny network raw, + deny network packet, + + /usr/bin/python3 ix, + /usr/bin/socat cx, + /usr/bin/gdbus cx, + + deny /bin/** wl, + deny /boot/** wl, + deny /dev/** wl, + deny /etc/** wl, + deny /home/** wl, + deny /lib/** wl, + deny /mnt/** wl, + deny /proc/** wl, + deny /root/** wl, + deny /sbin/** wl, + deny /tmp/** wl, + deny /sys/** wl, + deny /usr/** wl, + + /data/** rw, + /var/run/docker.sock rw, + + /proc/** r, + /sys/** r, + + profile /usr/bin/socat { + #include + + network inet udp, + network inet tcp, + + deny network raw, + deny network packet, + + deny /data/** r, + } + + profile /usr/bin/gdbus { + #include + #include + + deny network inet, + + /var/run/dbus/system_bus_socket rw, + + deny /data/** r, + } +} diff --git a/buildroot-external/busybox.config b/buildroot-external/busybox.config index c4a156b3a..61ce69e48 100644 --- a/buildroot-external/busybox.config +++ b/buildroot-external/busybox.config @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit # Busybox version: 1.27.2 -# Sun Apr 29 21:50:21 2018 +# Tue May 1 14:34:48 2018 # CONFIG_HAVE_DOT_CONFIG=y @@ -452,7 +452,7 @@ CONFIG_FEATURE_VI_UNDO_QUEUE_MAX=256 # CONFIG_FEATURE_FIND_CONTEXT is not set # CONFIG_FEATURE_FIND_LINKS is not set CONFIG_GREP=y -CONFIG_EGREP=y +# CONFIG_EGREP is not set # CONFIG_FGREP is not set # CONFIG_FEATURE_GREP_CONTEXT is not set # CONFIG_XARGS is not set diff --git a/buildroot-external/configs/ova_defconfig b/buildroot-external/configs/ova_defconfig index 1e3020268..1f8a4b1dc 100644 --- a/buildroot-external/configs/ova_defconfig +++ b/buildroot-external/configs/ova_defconfig @@ -68,7 +68,9 @@ BR2_PACKAGE_HASSIO=y BR2_PACKAGE_HASSIO_SUPERVISOR="homeassistant/amd64-hassio-supervisor" BR2_PACKAGE_HASSIO_SUPERVISOR_VERSION="0.101" BR2_PACKAGE_HASSIO_SUPERVISOR_ARGS="-e HOMEASSISTANT_REPOSITORY=homeassistant/qemux86-64-homeassistant" +BR2_PACKAGE_HASSIO_SUPERVISOR_PROFILE="hassio-supervisor" BR2_PACKAGE_HASSIO_CLI="homeassistant/amd64-hassio-cli" BR2_PACKAGE_HASSIO_CLI_VERSION="0.1" -BR2_PACKAGE_LIBAPPARMOR=y +BR2_PACKAGE_HASSIO_CLI_PROFILE="docker-default" +BR2_PACKAGE_HASSIO_APPARMOR_DIR="supervisor/apparmor" BR2_PACKAGE_APPARMOR=y diff --git a/buildroot-external/package/apparmor/0001-Autostart.patch b/buildroot-external/package/apparmor/0001-Autostart.patch deleted file mode 100644 index 4b3369084..000000000 --- a/buildroot-external/package/apparmor/0001-Autostart.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 78ceb52ff4e5d4dbe003651b2193979114152763 Mon Sep 17 00:00:00 2001 -From: Pascal Vizeli -Date: Mon, 30 Apr 2018 23:40:27 +0200 -Subject: [PATCH 1/1] Fix permission - ---- - parser/Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/parser/Makefile b/parser/Makefile -index b18cfe4..7b7b519 100644 ---- a/parser/Makefile -+++ b/parser/Makefile -@@ -383,7 +383,7 @@ install-indep: indep - install-systemd: - install -m 755 -d $(SYSTEMD_UNIT_DIR) - install -m 644 apparmor.service $(SYSTEMD_UNIT_DIR) -- install -m 644 apparmor.systemd $(APPARMOR_BIN_PREFIX) -+ install -m 755 apparmor.systemd $(APPARMOR_BIN_PREFIX) - install -m 755 -d $(DESTDIR)/sbin - install -m 755 aa-teardown $(DESTDIR)/sbin - --- -2.7.4 - diff --git a/buildroot-external/package/apparmor/Config.in b/buildroot-external/package/apparmor/Config.in index 6ba44321a..3703354c5 100644 --- a/buildroot-external/package/apparmor/Config.in +++ b/buildroot-external/package/apparmor/Config.in @@ -1,6 +1,6 @@ config BR2_PACKAGE_APPARMOR bool "apparmor" - depends on BR2_PACKAGE_LIBAPPARMOR + select BR2_PACKAGE_LIBAPPARMOR help AppArmor gives you network application security via mandatory access control for programs, protecting against the exploitation diff --git a/buildroot-external/package/apparmor/apparmor.mk b/buildroot-external/package/apparmor/apparmor.mk index 2d1ddf99d..3ccca7ed5 100644 --- a/buildroot-external/package/apparmor/apparmor.mk +++ b/buildroot-external/package/apparmor/apparmor.mk @@ -16,8 +16,9 @@ endef define APPARMOR_INSTALL_TARGET_CMDS $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/parser DESTDIR=$(TARGET_DIR) USE_SYSTEM=1 PREFIX=/usr install - $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/parser DESTDIR=$(TARGET_DIR) USE_SYSTEM=1 PREFIX=/usr install-systemd $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/profiles DESTDIR=$(TARGET_DIR) PREFIX=/usr install + + rm -rf $(TARGET_DIR)/usr/lib/apparmor endef $(eval $(generic-package)) diff --git a/buildroot-external/package/hassio/Config.in b/buildroot-external/package/hassio/Config.in index 303725a1b..b659ce4c4 100644 --- a/buildroot-external/package/hassio/Config.in +++ b/buildroot-external/package/hassio/Config.in @@ -1,4 +1,4 @@ -config BR2_PACKAGE_HASSIO +menuconfig BR2_PACKAGE_HASSIO bool "hassio-app" help This is the Application layer they build the @@ -23,6 +23,11 @@ config BR2_PACKAGE_HASSIO_SUPERVISOR_ARGS help Extended docker arguments to run the supervisor. +config BR2_PACKAGE_HASSIO_SUPERVISOR_PROFILE + string "AppArmor supervisor profile" + help + AppArmor profile for supervisor. + config BR2_PACKAGE_HASSIO_CLI string "cli docker image" help @@ -38,4 +43,14 @@ config BR2_PACKAGE_HASSIO_CLI_ARGS help Extended docker arguments to run the cli. +config BR2_PACKAGE_HASSIO_CLI_PROFILE + string "AppArmor cli profile" + help + AppArmor profile for cli. + +config BR2_PACKAGE_HASSIO_APPARMOR_DIR + string "AppArmor profiles folder" + help + AppArmor profiles folder for supervisor. + endif diff --git a/buildroot-external/package/hassio/builder/hostapp.sh b/buildroot-external/package/hassio/builder/hostapp.sh index 952406dbe..c226ba394 100755 --- a/buildroot-external/package/hassio/builder/hostapp.sh +++ b/buildroot-external/package/hassio/builder/hostapp.sh @@ -4,9 +4,12 @@ set -e SUPERVISOR="" SUPERVISOR_VERSION="" SUPERVISOR_ARGS="" +SUPERVISOR_PROFILE="" CLI="" CLI_VERSION="" CLI_ARGS="" +CLI_PROFILE="" +APPARMOR="" DATA_IMG="/export/data.ext4" # Parse @@ -25,6 +28,10 @@ while [[ $# -gt 0 ]]; do SUPERVISOR_ARGS=$2 shift ;; + --supervisor-profile) + SUPERVISOR_PROFILE=$2 + shift + ;; --cli) CLI=$2 shift @@ -37,6 +44,14 @@ while [[ $# -gt 0 ]]; do CLI_ARGS=$2 shift ;; + --cli-profile) + CLI_PROFILE=$2 + shift + ;; + --apparmor) + APPARMOR=$2 + shift + ;; *) exit 1 ;; @@ -49,11 +64,12 @@ dd if=/dev/zero of=${DATA_IMG} bs=1G count=1 mkfs.ext4 -L "hassio-data" -E lazy_itable_init=0,lazy_journal_init=0 ${DATA_IMG} # Mount / init file structs -mount -o loop ${DATA_IMG} /mnt -mkdir -p /mnt/docker +mkdir -p /mnt/data/ +mount -o loop ${DATA_IMG} /mnt/data +mkdir -p /mnt/data/docker # Run dockerd -dockerd -s overlay2 -g /mnt/docker & +dockerd -s overlay2 -g /mnt/data/docker & DOCKER_PID=$! DOCKER_COUNT=0 @@ -75,14 +91,23 @@ docker pull "${CLI}:${CLI_VERSION}" docker tag "${CLI}:${CLI_VERSION}" "${CLI}:latest" # Write config -cat > /mnt/hassio.json <<- EOF +cat > /mnt/data/hassio.json <<- EOF { "supervisor": "${SUPERVISOR}", "supervisor_args": "${SUPERVISOR_ARGS}", + "supervisor_apparmor": "${SUPERVISOR_PROFILE}", "cli": "${CLI}", - "cli_args": "${CLI_ARGS}" + "cli_args": "${CLI_ARGS}", + "cli_apparmor": "${CLI_PROFILE}", + "apparmor": "${APPARMOR}" } EOF +# Setup AppArmor +if [ ! -z "${APPARMOR}" ]; then + mkdir -p /mnt/data/${APPARMOR} + cp -f /apparmor/* /mnt/data/${APPARMOR}/ +fi + # Finish -kill -TERM $DOCKER_PID && wait $DOCKER_PID && umount /mnt +kill -TERM $DOCKER_PID && wait $DOCKER_PID && umount /mnt/data diff --git a/buildroot-external/package/hassio/hassio.mk b/buildroot-external/package/hassio/hassio.mk index a41472a86..1d89ab7f8 100644 --- a/buildroot-external/package/hassio/hassio.mk +++ b/buildroot-external/package/hassio/hassio.mk @@ -15,13 +15,19 @@ define HASSIO_BUILD_CMDS endef define HASSIO_INSTALL_TARGET_CMDS - docker run --rm --privileged -v ${BINARIES_DIR}:/export hassio-hostapps \ - --supervisor ${BR2_PACKAGE_HASSIO_SUPERVISOR} \ - --supervisor-version ${BR2_PACKAGE_HASSIO_SUPERVISOR_VERSION} \ - --supervisor-args ${BR2_PACKAGE_HASSIO_SUPERVISOR_ARGS} \ - --cli ${BR2_PACKAGE_HASSIO_CLI} \ - --cli-version ${BR2_PACKAGE_HASSIO_CLI_VERSION} \ - --cli-args ${BR2_PACKAGE_HASSIO_CLI_ARGS} + docker run --rm --privileged \ + -v $(BINARIES_DIR):/export \ + -v $(BR2_EXTERNAL_HASSIO_PATH)/apparmor:/apparmor \ + hassio-hostapps \ + --supervisor $(BR2_PACKAGE_HASSIO_SUPERVISOR) \ + --supervisor-version $(BR2_PACKAGE_HASSIO_SUPERVISOR_VERSION) \ + --supervisor-args $(BR2_PACKAGE_HASSIO_SUPERVISOR_ARGS) \ + --supervisor-profile $(BR2_PACKAGE_HASSIO_SUPERVISOR_PROFILE) \ + --cli $(BR2_PACKAGE_HASSIO_CLI) \ + --cli-version $(BR2_PACKAGE_HASSIO_CLI_VERSION) \ + --cli-args $(BR2_PACKAGE_HASSIO_CLI_ARGS) \ + --cli-profile $(BR2_PACKAGE_HASSIO_CLI_PROFILE) \ + --apparmor $(BR2_PACKAGE_HASSIO_APPARMOR_DIR) endef $(eval $(generic-package)) diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf b/buildroot-external/rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf deleted file mode 100644 index 13ed578b5..000000000 --- a/buildroot-external/rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf +++ /dev/null @@ -1,2 +0,0 @@ -[Unit] -RequiresMountsFor=/etc/apparmor.d/containers diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-apparmor.d-containers.mount b/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-apparmor.d-containers.mount deleted file mode 120000 index 834306a17..000000000 --- a/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-apparmor.d-containers.mount +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/systemd/system/etc-apparmor.d-containers.mount \ No newline at end of file diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/apparmor.service b/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/apparmor.service deleted file mode 120000 index f9a498ed8..000000000 --- a/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/apparmor.service +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/systemd/system/apparmor.service \ No newline at end of file diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/hassio-apparmor.service b/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/hassio-apparmor.service new file mode 120000 index 000000000..625edb930 --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/hassio-apparmor.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/hassio-apparmor.service \ No newline at end of file diff --git a/buildroot-external/rootfs-overlay/etc/tmpfiles.d/data.conf b/buildroot-external/rootfs-overlay/etc/tmpfiles.d/data.conf index 76d1ffe7c..1e8e1e876 100644 --- a/buildroot-external/rootfs-overlay/etc/tmpfiles.d/data.conf +++ b/buildroot-external/rootfs-overlay/etc/tmpfiles.d/data.conf @@ -1,3 +1,2 @@ d /mnt/data/supervisor d /mnt/data/cli -d /mnt/data/apparmor diff --git a/buildroot-external/rootfs-overlay/usr/bin/hassio-cli b/buildroot-external/rootfs-overlay/usr/bin/hassio-cli index 81bf07757..02b682865 100755 --- a/buildroot-external/rootfs-overlay/usr/bin/hassio-cli +++ b/buildroot-external/rootfs-overlay/usr/bin/hassio-cli @@ -5,6 +5,7 @@ CONFIG_FILE=/mnt/data/hassio.json CLI="$(jq --raw-output '.cli' ${CONFIG_FILE})" DOCKER_ARGS="$(jq --raw-output '.cli_args // empty' ${CONFIG_FILE})" +APPARMOR="$(jq --raw-output '.cli_apparmor // "docker-default"' ${CONFIG_FILE})" CLI_DATA=/mnt/data/cli mkdir -p ${CLI_DATA} @@ -12,6 +13,7 @@ mkdir -p ${CLI_DATA} # Run CLI docker run \ --rm -ti --init \ + --security-opt apparmor="${APPARMOR}" \ -v ${CLI_DATA}:/data \ $DOCKER_ARGS \ ${CLI} diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-apparmor.d-containers.mount b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-apparmor.d-containers.mount deleted file mode 100644 index 4fa1b8b56..000000000 --- a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-apparmor.d-containers.mount +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=Supervisor persistent apparmor profiles -Requires=mnt-data.mount apparmor.service -After=mnt-data.mount -Before=apparmor.service - -[Mount] -What=/mnt/data/apparmor -Where=/etc/apparmor.d/containers -Type=none -Options=bind - -[Install] -WantedBy=hassio-bind.target diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-apparmor.service b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-apparmor.service new file mode 100644 index 000000000..db8bf42a4 --- /dev/null +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-apparmor.service @@ -0,0 +1,13 @@ +[Unit] +Description=Hass.io AppArmor +Wants=hassio-supervisor.service +Before=docker.service hassio-supervisor.service +RequiresMountsFor=/mnt/data + +[Service] +Type=oneshot +RemainAfterExit=true +ExecStart=/usr/sbin/hassio-apparmor + +[Install] +WantedBy=multi-user.target diff --git a/buildroot-external/rootfs-overlay/usr/sbin/hassio-apparmor b/buildroot-external/rootfs-overlay/usr/sbin/hassio-apparmor new file mode 100755 index 000000000..bba158658 --- /dev/null +++ b/buildroot-external/rootfs-overlay/usr/sbin/hassio-apparmor @@ -0,0 +1,47 @@ +#!/bin/sh +set -e + +# Load configs +CONFIG_FILE=/mnt/data/hassio.json + +# Read configs +PROFILES_DIR="$(jq --raw-output '.apparmor // empty' ${CONFIG_FILE})" +if [ -z "${PROFILES_DIR}" ]; then + exit 0 +fi + +PROFILES_DIR="/mnt/data/${PROFILES_DIR}" +CACHE_DIR="${PROFILES_DIR}/cache" +REMOVE_DIR="${PROFILES_DIR}/remove" + +# Check folder structure +mkdir -p ${PROFILES_DIR} +mkdir -p ${CACHE_DIR} +mkdir -p ${REMOVE_DIR} + +# Load/Update exists/new profiles +for profile in ${PROFILES_DIR}/*; do + if [ ! -f ${profile} ]; then + continue + fi + + # Load Profile + if ! apparmor_parser -r -W -L ${CACHE_DIR} ${profile}; then + echo "[Error]: Can't load profile ${profile}" + fi +done + +# Cleanup old profiles +for profile in ${REMOVE_DIR}/*; do + if [ ! -f ${profile} ]; then + continue + fi + + # Unload Profile + if apparmor_parser -R -W -L ${CACHE_DIR} ${profile}; then + if rm ${profile}; then + continue + fi + fi + echo "[Error]: Can't remove profile ${profile}" +done diff --git a/buildroot-external/rootfs-overlay/usr/sbin/hassio-supervisor b/buildroot-external/rootfs-overlay/usr/sbin/hassio-supervisor index 727289f4f..726484d87 100755 --- a/buildroot-external/rootfs-overlay/usr/sbin/hassio-supervisor +++ b/buildroot-external/rootfs-overlay/usr/sbin/hassio-supervisor @@ -6,6 +6,7 @@ CONFIG_FILE=/mnt/data/hassio.json SUPERVISOR="$(jq --raw-output '.supervisor' ${CONFIG_FILE})" DOCKER_ARGS="$(jq --raw-output '.supervisor_args // empty' ${CONFIG_FILE})" +APPARMOR="$(jq --raw-output '.supervisor_apparmor // "docker-default"' ${CONFIG_FILE})" # Init supervisor HASSIO_DATA=/mnt/data/supervisor @@ -15,6 +16,7 @@ HASSIO_CONTAINER_ID=$(docker inspect --format='{{.Image}}' hassio_supervisor || runSupervisor() { docker rm --force hassio_supervisor || true docker run --name hassio_supervisor \ + --security-opt apparmor="${APPARMOR}" \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /var/run/dbus:/var/run/dbus \ -v ${HASSIO_DATA}:/data \ From 3566873d08d281e4e293e284c5d8bf762db24143 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Wed, 2 May 2018 01:01:38 +0200 Subject: [PATCH 025/100] Fix docker apparmor --- .../0013-Add-apparmor-support-to-docker.patch | 60 +++++++++++++++++++ .../docker-containerd/docker-containerd.mk | 1 + .../package/docker-engine/docker-engine.mk | 2 +- buildroot/package/runc/runc.mk | 3 +- 4 files changed, 63 insertions(+), 3 deletions(-) create mode 100644 buildroot-patches/0013-Add-apparmor-support-to-docker.patch diff --git a/buildroot-patches/0013-Add-apparmor-support-to-docker.patch b/buildroot-patches/0013-Add-apparmor-support-to-docker.patch new file mode 100644 index 000000000..6aeca9863 --- /dev/null +++ b/buildroot-patches/0013-Add-apparmor-support-to-docker.patch @@ -0,0 +1,60 @@ +From a5d50577d81efeccb4904e6b56793f84b7e3e89f Mon Sep 17 00:00:00 2001 +From: Pascal Vizeli +Date: Tue, 1 May 2018 23:35:05 +0200 +Subject: [PATCH 1/1] Add apparmor support to docker + +--- + package/docker-containerd/docker-containerd.mk | 1 + + package/docker-engine/docker-engine.mk | 2 +- + package/runc/runc.mk | 3 +-- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/package/docker-containerd/docker-containerd.mk b/package/docker-containerd/docker-containerd.mk +index 230307d..9be658d 100644 +--- a/package/docker-containerd/docker-containerd.mk ++++ b/package/docker-containerd/docker-containerd.mk +@@ -18,6 +18,7 @@ DOCKER_CONTAINERD_MAKE_ENV = $(HOST_GO_TARGET_ENV) \ + GOBIN="$(@D)/bin" \ + GOPATH="$(DOCKER_CONTAINERD_GOPATH)" + ++DOCKER_CONTAINERD_BUILD_TAGS = apparmor + DOCKER_CONTAINERD_GLDFLAGS = \ + -X github.com/containerd/containerd.GitCommit=$(DOCKER_CONTAINERD_COMMIT) + +diff --git a/package/docker-engine/docker-engine.mk b/package/docker-engine/docker-engine.mk +index e3dde03..d500e71 100644 +--- a/package/docker-engine/docker-engine.mk ++++ b/package/docker-engine/docker-engine.mk +@@ -27,7 +27,7 @@ DOCKER_ENGINE_GLDFLAGS = \ + -X github.com/docker/cli/cli.GitCommit=$(DOCKER_ENGINE_VERSION) \ + -X github.com/docker/cli/cli.Version=$(DOCKER_ENGINE_VERSION) + +-DOCKER_ENGINE_BUILD_TAGS = cgo exclude_graphdriver_zfs autogen ++DOCKER_ENGINE_BUILD_TAGS = cgo exclude_graphdriver_zfs autogen apparmor + DOCKER_ENGINE_BUILD_TARGETS = cli:docker + DOCKER_ENGINE_BUILD_TARGET_PARSE = \ + export targetpkg=$$(echo $(target) | cut -d: -f1); \ +diff --git a/package/runc/runc.mk b/package/runc/runc.mk +index f19fc5f..1ab0b70 100644 +--- a/package/runc/runc.mk ++++ b/package/runc/runc.mk +@@ -18,6 +18,7 @@ RUNC_MAKE_ENV = $(HOST_GO_TARGET_ENV) \ + GOPATH="$(RUNC_GOPATH)" \ + PATH=$(BR_PATH) + ++RUNC_GOTAGS = cgo apparmor + RUNC_GLDFLAGS = \ + -X main.gitCommit=$(RUNC_VERSION) + +@@ -26,8 +27,6 @@ RUNC_GLDFLAGS += -extldflags '-static' + RUNC_GOTAGS += static_build + endif + +-RUNC_GOTAGS = cgo +- + ifeq ($(BR2_PACKAGE_LIBSECCOMP),y) + RUNC_GOTAGS += seccomp + RUNC_DEPENDENCIES += libseccomp host-pkgconf +-- +2.7.4 + diff --git a/buildroot/package/docker-containerd/docker-containerd.mk b/buildroot/package/docker-containerd/docker-containerd.mk index 230307d6b..9be658dc0 100644 --- a/buildroot/package/docker-containerd/docker-containerd.mk +++ b/buildroot/package/docker-containerd/docker-containerd.mk @@ -18,6 +18,7 @@ DOCKER_CONTAINERD_MAKE_ENV = $(HOST_GO_TARGET_ENV) \ GOBIN="$(@D)/bin" \ GOPATH="$(DOCKER_CONTAINERD_GOPATH)" +DOCKER_CONTAINERD_BUILD_TAGS = apparmor DOCKER_CONTAINERD_GLDFLAGS = \ -X github.com/containerd/containerd.GitCommit=$(DOCKER_CONTAINERD_COMMIT) diff --git a/buildroot/package/docker-engine/docker-engine.mk b/buildroot/package/docker-engine/docker-engine.mk index e3dde0318..d500e71b3 100644 --- a/buildroot/package/docker-engine/docker-engine.mk +++ b/buildroot/package/docker-engine/docker-engine.mk @@ -27,7 +27,7 @@ DOCKER_ENGINE_GLDFLAGS = \ -X github.com/docker/cli/cli.GitCommit=$(DOCKER_ENGINE_VERSION) \ -X github.com/docker/cli/cli.Version=$(DOCKER_ENGINE_VERSION) -DOCKER_ENGINE_BUILD_TAGS = cgo exclude_graphdriver_zfs autogen +DOCKER_ENGINE_BUILD_TAGS = cgo exclude_graphdriver_zfs autogen apparmor DOCKER_ENGINE_BUILD_TARGETS = cli:docker DOCKER_ENGINE_BUILD_TARGET_PARSE = \ export targetpkg=$$(echo $(target) | cut -d: -f1); \ diff --git a/buildroot/package/runc/runc.mk b/buildroot/package/runc/runc.mk index f19fc5f06..1ab0b70a5 100644 --- a/buildroot/package/runc/runc.mk +++ b/buildroot/package/runc/runc.mk @@ -18,6 +18,7 @@ RUNC_MAKE_ENV = $(HOST_GO_TARGET_ENV) \ GOPATH="$(RUNC_GOPATH)" \ PATH=$(BR_PATH) +RUNC_GOTAGS = cgo apparmor RUNC_GLDFLAGS = \ -X main.gitCommit=$(RUNC_VERSION) @@ -26,8 +27,6 @@ RUNC_GLDFLAGS += -extldflags '-static' RUNC_GOTAGS += static_build endif -RUNC_GOTAGS = cgo - ifeq ($(BR2_PACKAGE_LIBSECCOMP),y) RUNC_GOTAGS += seccomp RUNC_DEPENDENCIES += libseccomp host-pkgconf From 18b86fad5903942e3bc935924ba66a4eabf378b4 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Wed, 2 May 2018 09:58:16 +0200 Subject: [PATCH 026/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index b3332acae..62a3830c0 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -10,6 +10,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny network raw, deny network packet, + /bin/busybox ix, /usr/bin/python3 ix, /usr/bin/socat cx, /usr/bin/gdbus cx, @@ -28,11 +29,10 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny /sys/** wl, deny /usr/** wl, - /data/** rw, - /var/run/docker.sock rw, - /proc/** r, /sys/** r, + /data/** rw, + /var/run/docker.sock rw, profile /usr/bin/socat { #include From 43e48dec6efb100cc8c9d78d314e2e588b3da8cf Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Wed, 2 May 2018 11:02:03 +0200 Subject: [PATCH 027/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index 62a3830c0..bbdf1e73e 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -11,7 +11,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny network packet, /bin/busybox ix, - /usr/bin/python3 ix, + /usr/bin/python{,3,3.6} ix, /usr/bin/socat cx, /usr/bin/gdbus cx, From f881df3aa0611b2ec59758bd3abf093cbf5e9670 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Wed, 2 May 2018 11:03:36 +0200 Subject: [PATCH 028/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index bbdf1e73e..aa4eac236 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -11,7 +11,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny network packet, /bin/busybox ix, - /usr/bin/python{,3,3.6} ix, + /usr/bin/python{,3,3.[0-9]} ix, /usr/bin/socat cx, /usr/bin/gdbus cx, From 9415e7f8ee988ebb45e43b93ae462509345be24e Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Wed, 2 May 2018 11:52:24 +0200 Subject: [PATCH 029/100] Update to next gen supervisor --- buildroot-external/configs/ova_defconfig | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/buildroot-external/configs/ova_defconfig b/buildroot-external/configs/ova_defconfig index 1f8a4b1dc..9601749a8 100644 --- a/buildroot-external/configs/ova_defconfig +++ b/buildroot-external/configs/ova_defconfig @@ -66,11 +66,11 @@ BR2_PACKAGE_HOST_RAUC=y BR2_PACKAGE_MINGETTY=y BR2_PACKAGE_HASSIO=y BR2_PACKAGE_HASSIO_SUPERVISOR="homeassistant/amd64-hassio-supervisor" -BR2_PACKAGE_HASSIO_SUPERVISOR_VERSION="0.101" +BR2_PACKAGE_HASSIO_SUPERVISOR_VERSION="103" BR2_PACKAGE_HASSIO_SUPERVISOR_ARGS="-e HOMEASSISTANT_REPOSITORY=homeassistant/qemux86-64-homeassistant" BR2_PACKAGE_HASSIO_SUPERVISOR_PROFILE="hassio-supervisor" BR2_PACKAGE_HASSIO_CLI="homeassistant/amd64-hassio-cli" -BR2_PACKAGE_HASSIO_CLI_VERSION="0.1" +BR2_PACKAGE_HASSIO_CLI_VERSION="2" BR2_PACKAGE_HASSIO_CLI_PROFILE="docker-default" BR2_PACKAGE_HASSIO_APPARMOR_DIR="supervisor/apparmor" BR2_PACKAGE_APPARMOR=y From 84c51a0169353634b65f031be3bc10087fc7ae71 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Wed, 2 May 2018 19:21:23 +0200 Subject: [PATCH 030/100] Update CLI --- buildroot-external/configs/ova_defconfig | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/buildroot-external/configs/ova_defconfig b/buildroot-external/configs/ova_defconfig index 9601749a8..06be6a5fa 100644 --- a/buildroot-external/configs/ova_defconfig +++ b/buildroot-external/configs/ova_defconfig @@ -32,7 +32,6 @@ BR2_PACKAGE_GPTFDISK_SGDISK=y BR2_PACKAGE_CA_CERTIFICATES=y BR2_PACKAGE_LIBCGROUP=y BR2_PACKAGE_LIBCGROUP_TOOLS=y -BR2_PACKAGE_LIBSECCOMP=y BR2_PACKAGE_AVAHI=y BR2_PACKAGE_AVAHI_DAEMON=y BR2_PACKAGE_AVAHI_LIBDNSSD_COMPATIBILITY=y @@ -70,7 +69,7 @@ BR2_PACKAGE_HASSIO_SUPERVISOR_VERSION="103" BR2_PACKAGE_HASSIO_SUPERVISOR_ARGS="-e HOMEASSISTANT_REPOSITORY=homeassistant/qemux86-64-homeassistant" BR2_PACKAGE_HASSIO_SUPERVISOR_PROFILE="hassio-supervisor" BR2_PACKAGE_HASSIO_CLI="homeassistant/amd64-hassio-cli" -BR2_PACKAGE_HASSIO_CLI_VERSION="2" +BR2_PACKAGE_HASSIO_CLI_VERSION="3" BR2_PACKAGE_HASSIO_CLI_PROFILE="docker-default" BR2_PACKAGE_HASSIO_APPARMOR_DIR="supervisor/apparmor" BR2_PACKAGE_APPARMOR=y From c05d027732fea2bb856e08341df9912d4c04a612 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Wed, 2 May 2018 19:22:10 +0200 Subject: [PATCH 031/100] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index ff0b9697d..a47de1802 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,7 @@ Hass.io OS based on [buildroot](https://buildroot.org/). It's a hypervisor for D - RAUC for OTA updates - SquashFS LZ4 as filesystem - Docker 17.12.1 +- AppArmor protected - ZRAM LZ4 for /tmp, /var, swap - Run every supervisor From 2d75a978a5b1dfb65495ea9b12846c2349aa0806 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Wed, 2 May 2018 21:53:15 +0200 Subject: [PATCH 032/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index aa4eac236..298e9265c 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -10,7 +10,6 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny network raw, deny network packet, - /bin/busybox ix, /usr/bin/python{,3,3.[0-9]} ix, /usr/bin/socat cx, /usr/bin/gdbus cx, @@ -28,9 +27,8 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny /tmp/** wl, deny /sys/** wl, deny /usr/** wl, + /** r, - /proc/** r, - /sys/** r, /data/** rw, /var/run/docker.sock rw, @@ -42,8 +40,6 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny network raw, deny network packet, - - deny /data/** r, } profile /usr/bin/gdbus { @@ -53,7 +49,5 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny network inet, /var/run/dbus/system_bus_socket rw, - - deny /data/** r, } } From afc36dbabc7a3849b1dd1836f4acb1d93e67c88c Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Wed, 2 May 2018 22:43:05 +0200 Subject: [PATCH 033/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 1 + 1 file changed, 1 insertion(+) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index 298e9265c..e934e6806 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -11,6 +11,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny network packet, /usr/bin/python{,3,3.[0-9]} ix, + /usr/bin/git ix, /usr/bin/socat cx, /usr/bin/gdbus cx, From 8414161527dbec467fe077e147f18fe76c3a45e7 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Wed, 2 May 2018 22:50:19 +0200 Subject: [PATCH 034/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index e934e6806..9602b922d 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -10,6 +10,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny network raw, deny network packet, + /bin/busybox ix, /usr/bin/python{,3,3.[0-9]} ix, /usr/bin/git ix, /usr/bin/socat cx, @@ -17,7 +18,6 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny /bin/** wl, deny /boot/** wl, - deny /dev/** wl, deny /etc/** wl, deny /home/** wl, deny /lib/** wl, From b944251a3e7f139a44769eb442383ba3ff019914 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Wed, 2 May 2018 23:55:45 +0200 Subject: [PATCH 035/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index 9602b922d..d0e66c116 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -5,14 +5,12 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { #include #include - network inet tcp, - + network, deny network raw, - deny network packet, /bin/busybox ix, /usr/bin/python{,3,3.[0-9]} ix, - /usr/bin/git ix, + /usr/bin/git cx, /usr/bin/socat cx, /usr/bin/gdbus cx, @@ -47,8 +45,17 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { #include #include - deny network inet, - + /usr/bin/gdbus mr, /var/run/dbus/system_bus_socket rw, } + + profile /usr/bin/git { + #include + + network, + deny network raw, + + /usr/libexec/git-core/* ix, + /data/addons/** rw, + } } From 9cfa86d1a3c17a8290df868ad23d08863ddc62d6 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 3 May 2018 00:08:35 +0200 Subject: [PATCH 036/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 1 + 1 file changed, 1 insertion(+) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index d0e66c116..2a5ba5df9 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -55,6 +55,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { network, deny network raw, + /usr/bin/git mr, /usr/libexec/git-core/* ix, /data/addons/** rw, } From 13e328a86fdea000dea7e575280e2c4384fb5ff0 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 3 May 2018 00:12:58 +0200 Subject: [PATCH 037/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index 2a5ba5df9..33401cc6a 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -1,6 +1,5 @@ #include - profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { #include #include @@ -57,6 +56,8 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { /usr/bin/git mr, /usr/libexec/git-core/* ix, + /lib/* mr, + /data/addons/** rw, } } From 1567f4e0519f0a7a409443bcb3addb9f1647b985 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 3 May 2018 00:17:46 +0200 Subject: [PATCH 038/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 1 + 1 file changed, 1 insertion(+) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index 33401cc6a..79977ac61 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -56,6 +56,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { /usr/bin/git mr, /usr/libexec/git-core/* ix, + /usr/share/git-core/** r, /lib/* mr, /data/addons/** rw, From 92cf29b0a1f66bd77dee2d5afc412097de3532d7 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 3 May 2018 00:21:17 +0200 Subject: [PATCH 039/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 2 ++ 1 file changed, 2 insertions(+) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index 79977ac61..05a685912 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -38,6 +38,8 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny network raw, deny network packet, + + /usr/bin/socat mr, } profile /usr/bin/gdbus { From c4338b1330c3e98278e8132cccb961ad041c3edb Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 3 May 2018 00:31:05 +0200 Subject: [PATCH 040/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index 05a685912..231d3a06a 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -30,6 +30,8 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { /data/** rw, /var/run/docker.sock rw, + capability net_bind_service, + profile /usr/bin/socat { #include @@ -40,6 +42,8 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny network packet, /usr/bin/socat mr, + + capability net_bind_service, } profile /usr/bin/gdbus { From 58bc4f8bbdadf6308e9d2a488fbc02f8a7f90fb3 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 3 May 2018 00:33:17 +0200 Subject: [PATCH 041/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 1 + 1 file changed, 1 insertion(+) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index 231d3a06a..4d276478a 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -42,6 +42,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny network packet, /usr/bin/socat mr, + /lib/* mr, capability net_bind_service, } From 72fc4d6addc001ea015afc0bb520f843f1447f82 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 3 May 2018 00:42:30 +0200 Subject: [PATCH 042/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index 4d276478a..71093026f 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -52,6 +52,8 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { #include /usr/bin/gdbus mr, + /lib/* mr, + /var/run/dbus/system_bus_socket rw, } @@ -63,8 +65,8 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { /usr/bin/git mr, /usr/libexec/git-core/* ix, - /usr/share/git-core/** r, /lib/* mr, + /** r, /data/addons/** rw, } From 054f6aa4fc3233e14a6ff8d38a0e75a7aca81f92 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 3 May 2018 00:46:04 +0200 Subject: [PATCH 043/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index 71093026f..50283887d 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -63,11 +63,15 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { network, deny network raw, + /bin/busybox ix, /usr/bin/git mr, /usr/libexec/git-core/* ix, /lib/* mr, /** r, /data/addons/** rw, + + deny /data/homeassistant rw, + deny /data/ssl rw, } } From 0d7cb228ae0e275081fa0429e7691a9a4d56f681 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 3 May 2018 11:13:39 +0200 Subject: [PATCH 044/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 19 +++++-------------- 1 file changed, 5 insertions(+), 14 deletions(-) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index 50283887d..60edfff1c 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -13,20 +13,11 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { /usr/bin/socat cx, /usr/bin/gdbus cx, - deny /bin/** wl, - deny /boot/** wl, - deny /etc/** wl, - deny /home/** wl, - deny /lib/** wl, - deny /mnt/** wl, deny /proc/** wl, deny /root/** wl, - deny /sbin/** wl, - deny /tmp/** wl, deny /sys/** wl, - deny /usr/** wl, - /** r, + /** r, /data/** rw, /var/run/docker.sock rw, @@ -66,12 +57,12 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { /bin/busybox ix, /usr/bin/git mr, /usr/libexec/git-core/* ix, - /lib/* mr, - /** r, - - /data/addons/** rw, deny /data/homeassistant rw, deny /data/ssl rw, + + /lib/* mr, + /** r, + /data/addons/** rw, } } From 7ec66438f520c0b8063c6c718badbb386ccdfdb2 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Fri, 4 May 2018 23:25:10 +0200 Subject: [PATCH 045/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index 60edfff1c..636281b1d 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -19,7 +19,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { /** r, /data/** rw, - /var/run/docker.sock rw, + /{,var/}run/docker.sock rw, capability net_bind_service, @@ -45,7 +45,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { /usr/bin/gdbus mr, /lib/* mr, - /var/run/dbus/system_bus_socket rw, + /{,var/}run/dbus/system_bus_socket rw, } profile /usr/bin/git { From b89d1ff5e42cfef323c59aa9888dca0583f8e96d Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Fri, 4 May 2018 23:33:17 +0200 Subject: [PATCH 046/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 2 ++ 1 file changed, 2 insertions(+) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index 636281b1d..d5cd72691 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -64,5 +64,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { /lib/* mr, /** r, /data/addons/** rw, + + capability dac_override } } From ddf6ad7798abcc7850f28e6811917b11468544e0 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Fri, 4 May 2018 23:36:18 +0200 Subject: [PATCH 047/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index d5cd72691..c88d4b779 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -61,9 +61,9 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny /data/homeassistant rw, deny /data/ssl rw, - /lib/* mr, /** r, - /data/addons/** rw, + /lib/* mr, + /data/addons/** lrw, capability dac_override } From d4ab833721ec36399a2f5513ae97896ae9358b91 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Fri, 4 May 2018 23:49:35 +0200 Subject: [PATCH 048/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index c88d4b779..47ac2b13b 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -65,6 +65,6 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { /lib/* mr, /data/addons/** lrw, - capability dac_override + capability dac_override, } } From 23cb9783fd3eed2244e2531d6eaefcc2fb75df0d Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 5 May 2018 00:22:07 +0200 Subject: [PATCH 049/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 2 ++ 1 file changed, 2 insertions(+) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index 47ac2b13b..cd5c41562 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -42,6 +42,8 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { #include #include + unix (send, receive) type=stream, + /usr/bin/gdbus mr, /lib/* mr, From e4d7dc28fe8724b33c2e646e4fdcec16e6db6bdd Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 5 May 2018 00:41:14 +0200 Subject: [PATCH 050/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index cd5c41562..b2843d3f0 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -23,7 +23,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { capability net_bind_service, - profile /usr/bin/socat { + profile /usr/bin/socat flags=(attach_disconnected,mediate_deleted) { #include network inet udp, @@ -38,7 +38,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { capability net_bind_service, } - profile /usr/bin/gdbus { + profile /usr/bin/gdbus flags=(attach_disconnected,mediate_deleted) { #include #include @@ -50,7 +50,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { /{,var/}run/dbus/system_bus_socket rw, } - profile /usr/bin/git { + profile /usr/bin/git flags=(attach_disconnected,mediate_deleted) { #include network, From 36c76e3295ea5b0f41091946e82a358462a32081 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 5 May 2018 00:48:31 +0200 Subject: [PATCH 051/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index b2843d3f0..d44e6c42d 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -7,6 +7,8 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { network, deny network raw, + signal (send) set=(kill,term), + /bin/busybox ix, /usr/bin/python{,3,3.[0-9]} ix, /usr/bin/git cx, @@ -32,6 +34,8 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny network raw, deny network packet, + signal (receive) set=(kill,term), + /usr/bin/socat mr, /lib/* mr, From a260468d526668fe2e47036d38eb019762254eec Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 5 May 2018 00:55:58 +0200 Subject: [PATCH 052/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index d44e6c42d..1b52e1d91 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -35,11 +35,9 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny network packet, signal (receive) set=(kill,term), + capability net_bind_service, /usr/bin/socat mr, - /lib/* mr, - - capability net_bind_service, } profile /usr/bin/gdbus flags=(attach_disconnected,mediate_deleted) { @@ -49,8 +47,6 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { unix (send, receive) type=stream, /usr/bin/gdbus mr, - /lib/* mr, - /{,var/}run/dbus/system_bus_socket rw, } @@ -68,7 +64,6 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny /data/ssl rw, /** r, - /lib/* mr, /data/addons/** lrw, capability dac_override, From 359f6862f63c4e079db962d57ab91422d9808cd3 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sun, 6 May 2018 22:30:01 +0200 Subject: [PATCH 053/100] Update hassio-supervisor (#11) --- buildroot-external/rootfs-overlay/usr/sbin/hassio-supervisor | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/buildroot-external/rootfs-overlay/usr/sbin/hassio-supervisor b/buildroot-external/rootfs-overlay/usr/sbin/hassio-supervisor index 726484d87..12accb617 100755 --- a/buildroot-external/rootfs-overlay/usr/sbin/hassio-supervisor +++ b/buildroot-external/rootfs-overlay/usr/sbin/hassio-supervisor @@ -13,6 +13,11 @@ HASSIO_DATA=/mnt/data/supervisor HASSIO_IMAGE_ID=$(docker inspect --format='{{.Id}}' ${SUPERVISOR}) HASSIO_CONTAINER_ID=$(docker inspect --format='{{.Image}}' hassio_supervisor || echo "") +# Fix wrong AppArmor profiles +if ! grep ${APPARMOR} /sys/kernel/security/apparmor/profiles > /dev/null; then + APPARMOR=docker-default +if + runSupervisor() { docker rm --force hassio_supervisor || true docker run --name hassio_supervisor \ From f942d63fbc474f29eb2991f2ab4380c71efb796e Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sun, 6 May 2018 23:22:12 +0200 Subject: [PATCH 054/100] Update hassio-supervisor --- buildroot-external/rootfs-overlay/usr/sbin/hassio-supervisor | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/rootfs-overlay/usr/sbin/hassio-supervisor b/buildroot-external/rootfs-overlay/usr/sbin/hassio-supervisor index 12accb617..4b7bccdd3 100755 --- a/buildroot-external/rootfs-overlay/usr/sbin/hassio-supervisor +++ b/buildroot-external/rootfs-overlay/usr/sbin/hassio-supervisor @@ -16,7 +16,7 @@ HASSIO_CONTAINER_ID=$(docker inspect --format='{{.Image}}' hassio_supervisor || # Fix wrong AppArmor profiles if ! grep ${APPARMOR} /sys/kernel/security/apparmor/profiles > /dev/null; then APPARMOR=docker-default -if +fi runSupervisor() { docker rm --force hassio_supervisor || true From 0513cb9a84f546a59da106ebb1006be5deae9bec Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sun, 6 May 2018 23:59:38 +0200 Subject: [PATCH 055/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 3 +++ 1 file changed, 3 insertions(+) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index 1b52e1d91..3c267e56a 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -37,6 +37,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { signal (receive) set=(kill,term), capability net_bind_service, + /lib/* rm, /usr/bin/socat mr, } @@ -47,6 +48,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { unix (send, receive) type=stream, /usr/bin/gdbus mr, + /lib/* rm, /{,var/}run/dbus/system_bus_socket rw, } @@ -64,6 +66,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny /data/ssl rw, /** r, + /lib/* rm, /data/addons/** lrw, capability dac_override, From 264041d9bfe68e541ba0a53b6fd453dfdba4acf5 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Mon, 7 May 2018 09:04:24 +0200 Subject: [PATCH 056/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index 3c267e56a..d926b7245 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -37,7 +37,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { signal (receive) set=(kill,term), capability net_bind_service, - /lib/* rm, + /lib/* mr, /usr/bin/socat mr, } @@ -48,7 +48,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { unix (send, receive) type=stream, /usr/bin/gdbus mr, - /lib/* rm, + /lib/* mr, /{,var/}run/dbus/system_bus_socket rw, } @@ -66,7 +66,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny /data/ssl rw, /** r, - /lib/* rm, + /lib/* mr, /data/addons/** lrw, capability dac_override, From 155049569918aad59710c10f8c7d653821dc15ec Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Mon, 7 May 2018 16:53:20 +0200 Subject: [PATCH 057/100] Create .empty --- buildroot-external/rootfs-overlay/mnt/rauc/.empty | 1 + 1 file changed, 1 insertion(+) create mode 100644 buildroot-external/rootfs-overlay/mnt/rauc/.empty diff --git a/buildroot-external/rootfs-overlay/mnt/rauc/.empty b/buildroot-external/rootfs-overlay/mnt/rauc/.empty new file mode 100644 index 000000000..8b1378917 --- /dev/null +++ b/buildroot-external/rootfs-overlay/mnt/rauc/.empty @@ -0,0 +1 @@ + From cc9009654f438f33c4ec7434a288cd7965706383 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Mon, 7 May 2018 21:26:36 +0200 Subject: [PATCH 058/100] Delete .empty --- buildroot-external/rootfs-overlay/mnt/rauc/.empty | 1 - 1 file changed, 1 deletion(-) delete mode 100644 buildroot-external/rootfs-overlay/mnt/rauc/.empty diff --git a/buildroot-external/rootfs-overlay/mnt/rauc/.empty b/buildroot-external/rootfs-overlay/mnt/rauc/.empty deleted file mode 100644 index 8b1378917..000000000 --- a/buildroot-external/rootfs-overlay/mnt/rauc/.empty +++ /dev/null @@ -1 +0,0 @@ - From 4424f5ab6b0376b5e7d16d513831f8552ceeef2b Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 01:11:07 +0200 Subject: [PATCH 059/100] Barebox Update (#12) * Create hassio-rauc.service * Update hassio-supervisor.service * Update hassio-rauc.service * Update hassio-supervisor.service * Update and rename hassio-rauc.service to rauc-good.service * Update rauc-good.service * Create rauc-bad.service * Update rauc-bad.service * Update rauc-good.service * Update hassio-supervisor.service * Fix barebox recovery * Create title * Create title * Create action * Create title * Create action * Create 20-boot-system1 * Rename buildroot-external/barebox-env/menu/20-boot-system1/title to buildroot-external/barebox-env/menu/20-boot-system2title * Update and rename buildroot-external/barebox-env/menu/20-boot-system2title to buildroot-external/barebox-env/menu/20-boot-system1/title * Create title * Create action * Create action * Delete autoboot_timeout * Create editcmd * Update init * Update init * Fix barebox config * Update init * Update system0 * Update system1 * Barebox cleanups * Update init * Update init * Create 0001-get-devicetree-from-file.patch * Update ova_defconfig * Update system0 * Update system1 * Create 0001-add-i-argument-to.patch * Update barebox.config * Update rauc * Rename buildroot-external/board/ova/patches/dt-util/0001-get-devicetree-from-file.patch to buildroot-external/board/ova/patches/dt-utils/0001-get-devicetree-from-file.patch * Add script * fix barebox-state --- buildroot-external/barebox-env/bin/init | 22 +--- .../barebox-env/menu/00-boot-auto/action | 3 + .../barebox-env/menu/00-boot-auto/title | 1 + .../barebox-env/menu/10-boot-system0/action | 3 + .../barebox-env/menu/10-boot-system0/title | 1 + .../barebox-env/menu/20-boot-system1/action | 3 + .../barebox-env/menu/20-boot-system1/title | 1 + .../barebox-env/menu/30-shell/action | 5 + .../barebox-env/menu/30-shell/title | 1 + buildroot-external/barebox-env/menu/title | 1 + .../barebox-env/nv/autoboot_timeout | 1 - buildroot-external/barebox-env/nv/editcmd | 1 + .../board/ova/barebox-state.dtb | Bin 1085 -> 1097 bytes .../board/ova/barebox-state.dts | 3 +- buildroot-external/board/ova/barebox.config | 8 +- .../0001-get-devicetree-from-file.patch | 123 ++++++++++++++++++ ...-support-finding-devices-by-partuuid.patch | 33 +++++ .../patches/rauc/0001-add-i-argument-to.patch | 36 +++++ buildroot-external/configs/ova_defconfig | 2 +- .../multi-user.target.wants/rauc-good.service | 1 + .../systemd/system/hassio-supervisor.service | 5 +- .../usr/lib/systemd/system/rauc-bad.service | 14 ++ .../usr/lib/systemd/system/rauc-good.service | 14 ++ ...014-package-rauc-Version-bump-to-0.4.patch | 34 +++++ buildroot/package/rauc/rauc.hash | 4 +- buildroot/package/rauc/rauc.mk | 2 +- scripts/ovf-create.sh | 0 scripts/update-dtb.sh | 3 + 28 files changed, 298 insertions(+), 27 deletions(-) create mode 100644 buildroot-external/barebox-env/menu/00-boot-auto/action create mode 100644 buildroot-external/barebox-env/menu/00-boot-auto/title create mode 100644 buildroot-external/barebox-env/menu/10-boot-system0/action create mode 100644 buildroot-external/barebox-env/menu/10-boot-system0/title create mode 100644 buildroot-external/barebox-env/menu/20-boot-system1/action create mode 100644 buildroot-external/barebox-env/menu/20-boot-system1/title create mode 100644 buildroot-external/barebox-env/menu/30-shell/action create mode 100644 buildroot-external/barebox-env/menu/30-shell/title create mode 100644 buildroot-external/barebox-env/menu/title delete mode 100644 buildroot-external/barebox-env/nv/autoboot_timeout create mode 100644 buildroot-external/barebox-env/nv/editcmd create mode 100644 buildroot-external/board/ova/patches/dt-utils/0001-get-devicetree-from-file.patch create mode 100644 buildroot-external/board/ova/patches/dt-utils/0002-support-finding-devices-by-partuuid.patch create mode 100644 buildroot-external/board/ova/patches/rauc/0001-add-i-argument-to.patch create mode 120000 buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/rauc-good.service create mode 100644 buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-bad.service create mode 100644 buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-good.service create mode 100644 buildroot-patches/0014-package-rauc-Version-bump-to-0.4.patch mode change 100644 => 100755 scripts/ovf-create.sh create mode 100755 scripts/update-dtb.sh diff --git a/buildroot-external/barebox-env/bin/init b/buildroot-external/barebox-env/bin/init index ea3252115..7c3d67cde 100644 --- a/buildroot-external/barebox-env/bin/init +++ b/buildroot-external/barebox-env/bin/init @@ -2,19 +2,10 @@ export PATH=/env/bin -global autoboot_timeout -global boot.default global linux.bootargs.base -global linux.bootargs.console -#linux.bootargs.dyn.* will be cleared at the beginning of boot global linux.bootargs.dyn.root -global editcmd - -[ -z "${global.autoboot_timeout}" ] && global.autoboot_timeout=3 -magicvar -a global.autoboot_timeout "timeout in seconds before automatic booting" -[ -z "${global.boot.default}" ] && global.boot.default="system0" -[ -z "${global.editcmd}" ] && global.editcmd=sedit +# Init board specific stuff [ -e /env/config-board ] && /env/config-board # Autostart @@ -22,11 +13,12 @@ for i in /env/init/*; do . $i done -echo -e -n "\nHit any key to stop autoboot: " -timeout -a $global.autoboot_timeout -autoboot="$?" +echo "- Hit m for menu or wait for autoboot -" +timeout -a 1 -v key -if [ "$autoboot" = 0 ]; then - boot +# Run menu +if [ "${key}" != "m" ]; then + boot fi +menutree diff --git a/buildroot-external/barebox-env/menu/00-boot-auto/action b/buildroot-external/barebox-env/menu/00-boot-auto/action new file mode 100644 index 000000000..f640fce9d --- /dev/null +++ b/buildroot-external/barebox-env/menu/00-boot-auto/action @@ -0,0 +1,3 @@ +#!/bin/sh + +boot diff --git a/buildroot-external/barebox-env/menu/00-boot-auto/title b/buildroot-external/barebox-env/menu/00-boot-auto/title new file mode 100644 index 000000000..115f326f8 --- /dev/null +++ b/buildroot-external/barebox-env/menu/00-boot-auto/title @@ -0,0 +1 @@ +Autoboot diff --git a/buildroot-external/barebox-env/menu/10-boot-system0/action b/buildroot-external/barebox-env/menu/10-boot-system0/action new file mode 100644 index 000000000..a33069898 --- /dev/null +++ b/buildroot-external/barebox-env/menu/10-boot-system0/action @@ -0,0 +1,3 @@ +#!/bin/sh + +boot system0 diff --git a/buildroot-external/barebox-env/menu/10-boot-system0/title b/buildroot-external/barebox-env/menu/10-boot-system0/title new file mode 100644 index 000000000..f3e92d424 --- /dev/null +++ b/buildroot-external/barebox-env/menu/10-boot-system0/title @@ -0,0 +1 @@ +Boot System 0 diff --git a/buildroot-external/barebox-env/menu/20-boot-system1/action b/buildroot-external/barebox-env/menu/20-boot-system1/action new file mode 100644 index 000000000..3fe3b33a8 --- /dev/null +++ b/buildroot-external/barebox-env/menu/20-boot-system1/action @@ -0,0 +1,3 @@ +#!/bin/sh + +boot system1 diff --git a/buildroot-external/barebox-env/menu/20-boot-system1/title b/buildroot-external/barebox-env/menu/20-boot-system1/title new file mode 100644 index 000000000..746b6d21e --- /dev/null +++ b/buildroot-external/barebox-env/menu/20-boot-system1/title @@ -0,0 +1 @@ +Boot System 1 diff --git a/buildroot-external/barebox-env/menu/30-shell/action b/buildroot-external/barebox-env/menu/30-shell/action new file mode 100644 index 000000000..fd5bc2b0c --- /dev/null +++ b/buildroot-external/barebox-env/menu/30-shell/action @@ -0,0 +1,5 @@ +#!/bin/sh + +echo "Enter 'exit' to get back to the menu" + +sh diff --git a/buildroot-external/barebox-env/menu/30-shell/title b/buildroot-external/barebox-env/menu/30-shell/title new file mode 100644 index 000000000..6567bb2d9 --- /dev/null +++ b/buildroot-external/barebox-env/menu/30-shell/title @@ -0,0 +1 @@ +Shell diff --git a/buildroot-external/barebox-env/menu/title b/buildroot-external/barebox-env/menu/title new file mode 100644 index 000000000..c1f4371f8 --- /dev/null +++ b/buildroot-external/barebox-env/menu/title @@ -0,0 +1 @@ +Hass.io OS boot Menu: diff --git a/buildroot-external/barebox-env/nv/autoboot_timeout b/buildroot-external/barebox-env/nv/autoboot_timeout deleted file mode 100644 index 0cfbf0888..000000000 --- a/buildroot-external/barebox-env/nv/autoboot_timeout +++ /dev/null @@ -1 +0,0 @@ -2 diff --git a/buildroot-external/barebox-env/nv/editcmd b/buildroot-external/barebox-env/nv/editcmd new file mode 100644 index 000000000..50fc2e706 --- /dev/null +++ b/buildroot-external/barebox-env/nv/editcmd @@ -0,0 +1 @@ +sedit diff --git a/buildroot-external/board/ova/barebox-state.dtb b/buildroot-external/board/ova/barebox-state.dtb index 77db21b89bd06e57f04b8be1570df552e5067b91..bd29d50ae506b848f98e5babd786a857483789fd 100644 GIT binary patch delta 77 zcmdnXagsye0`I@K3=Axu3=9kw3=GU?CJKl%PMN52h>8Eg#5YAO4h9Silj9h@m>f(d guVQRraR4fstj7f8Cr_?o3S@CGG+@|#nyH8p0B0T*X#fBK delta 62 zcmX@fv6n;O0`I@K3=Ax`3=9kw3=GT%CJKl%c1+Yb#Kgfc@lDa>Bt|bL28PM&7+WTr QF@c#)Oo5xPGZirc062aT<^TWy diff --git a/buildroot-external/board/ova/barebox-state.dts b/buildroot-external/board/ova/barebox-state.dts index 43400b1a6..4938b03d8 100644 --- a/buildroot-external/board/ova/barebox-state.dts +++ b/buildroot-external/board/ova/barebox-state.dts @@ -12,8 +12,7 @@ compatible = "barebox,state"; backend = <&backend_state>; backend-type = "raw"; - backend-stridesize = <1024>; - backend-storage-type = "direct"; + backend-stridesize = <4048>; bootstate { #address-cells = <1>; diff --git a/buildroot-external/board/ova/barebox.config b/buildroot-external/board/ova/barebox.config index b90495680..e21b5997f 100644 --- a/buildroot-external/board/ova/barebox.config +++ b/buildroot-external/board/ova/barebox.config @@ -3,12 +3,11 @@ CONFIG_MMU=y CONFIG_MALLOC_SIZE=0x0 CONFIG_MALLOC_TLSF=y CONFIG_PROMPT="hassio-os:" -CONFIG_GLOB=y -CONFIG_GLOB_SORT=y CONFIG_CMDLINE_EDITING=y CONFIG_AUTO_COMPLETE=y +CONFIG_MENU=y +# CONFIG_TIMESTAMP is not set CONFIG_BOOTM_SHOW_TYPE=y -CONFIG_BOOTM_OFTREE=y CONFIG_FLEXIBLE_BOOTARGS=y # CONFIG_PARTITION_DISK_DOS is not set CONFIG_PARTITION_DISK_EFI=y @@ -17,17 +16,18 @@ CONFIG_PARTITION_DISK_EFI=y CONFIG_DEFAULT_ENVIRONMENT_PATH="/build/buildroot-external/board/ova/barebox-env /build/buildroot-external/barebox-env" CONFIG_STATE=y CONFIG_BOOTCHOOSER=y +# CONFIG_CMD_VERSION is not set CONFIG_CMD_BOOT=y CONFIG_CMD_UIMAGE=y CONFIG_CMD_AUTOMOUNT=y CONFIG_CMD_NV=y CONFIG_CMD_EXPORT=y CONFIG_CMD_GLOBAL=y -CONFIG_CMD_MAGICVAR=y CONFIG_CMD_BASENAME=y CONFIG_CMD_DIRNAME=y CONFIG_CMD_READLINK=y CONFIG_CMD_GETOPT=y +CONFIG_CMD_MENUTREE=y CONFIG_CMD_TIMEOUT=y CONFIG_CMD_DETECT=y CONFIG_CMD_STATE=y diff --git a/buildroot-external/board/ova/patches/dt-utils/0001-get-devicetree-from-file.patch b/buildroot-external/board/ova/patches/dt-utils/0001-get-devicetree-from-file.patch new file mode 100644 index 000000000..61f098523 --- /dev/null +++ b/buildroot-external/board/ova/patches/dt-utils/0001-get-devicetree-from-file.patch @@ -0,0 +1,123 @@ +From 405590bdb7ae434798010458e810c415e4e99db4 Mon Sep 17 00:00:00 2001 +From: Steffen Trumtrar +Date: Fri, 30 Jun 2017 16:53:34 +0200 +Subject: barebox-state: get devicetree from file + +Signed-off-by: Steffen Trumtrar + +diff --git a/src/barebox-state.c b/src/barebox-state.c +index e68b8cb..3622e76 100644 +--- a/src/barebox-state.c ++++ b/src/barebox-state.c +@@ -308,7 +308,7 @@ static int state_set_var(struct state *state, const char *var, const char *val) + } + + +-struct state *state_get(const char *name, bool readonly, bool auth) ++struct state *state_get(const char *name, const char *filename, bool readonly, bool auth) + { + struct device_node *root, *node, *partition_node; + char *path; +@@ -320,11 +320,19 @@ struct state *state_get(const char *name, bool readonly, bool auth) + off_t offset; + size_t size; + +- root = of_read_proc_devicetree(); +- if (IS_ERR(root)) { +- pr_err("Unable to read devicetree. %s\n", +- strerror(-PTR_ERR(root))); +- return ERR_CAST(root); ++ if (filename) { ++ void *fdt; ++ ++ fdt = read_file(filename, NULL); ++ if (fdt) ++ root = of_unflatten_dtb(fdt); ++ } else { ++ root = of_read_proc_devicetree(); ++ if (IS_ERR(root)) { ++ pr_err("Unable to read devicetree. %s\n", ++ strerror(-PTR_ERR(root))); ++ return ERR_CAST(root); ++ } + } + + of_set_root_node(root); +@@ -387,6 +395,7 @@ static struct option long_options[] = { + {"get", required_argument, 0, 'g' }, + {"set", required_argument, 0, 's' }, + {"name", required_argument, 0, 'n' }, ++ {"input", required_argument, 0, 'i' }, + {"dump", no_argument, 0, 'd' }, + {"dump-shell", no_argument, 0, OPT_DUMP_SHELL }, + {"verbose", no_argument, 0, 'v' }, +@@ -402,6 +411,7 @@ static void usage(char *name) + "-g, --get get the value of a variable\n" + "-s, --set = set the value of a variable\n" + "-n, --name specify the state to use (default=\"state\"). Multiple states are allowed.\n" ++"-i, --input load the devicetree from a file instead of using the system devicetree.\n" + "-d, --dump dump the state\n" + "--dump-shell dump the state suitable for shell sourcing\n" + "-v, --verbose increase verbosity\n" +@@ -439,12 +449,13 @@ int main(int argc, char *argv[]) + bool readonly = true; + int pr_level = 5; + int auth = 1; ++ const char *dtb = NULL; + + INIT_LIST_HEAD(&sg_list); + INIT_LIST_HEAD(&state_list.list); + + while (1) { +- c = getopt_long(argc, argv, "hg:s:dvn:qf", long_options, &option_index); ++ c = getopt_long(argc, argv, "hg:s:i:dvn:qf", long_options, &option_index); + if (c < 0) + break; + switch (c) { +@@ -490,6 +501,9 @@ int main(int argc, char *argv[]) + ++nr_states; + break; + } ++ case 'i': ++ dtb = strdup(optarg); ++ break; + case ':': + case '?': + default: +@@ -530,7 +544,7 @@ int main(int argc, char *argv[]) + } + + list_for_each_entry(state, &state_list.list, list) { +- state->state = state_get(state->name, readonly, auth); ++ state->state = state_get(state->name, dtb, readonly, auth); + if (!IS_ERR(state->state) && !state->name) + state->name = state->state->name; + if (IS_ERR(state->state)) { +diff --git a/src/barebox-state.h b/src/barebox-state.h +index bd89cf4..a0f49a5 100644 +--- a/src/barebox-state.h ++++ b/src/barebox-state.h +@@ -1,7 +1,7 @@ + #ifndef __BAREBOX_STATE__ + #define __BAREBOX_STATE__ + +-struct state *state_get(const char *name, bool readonly, bool auth); ++struct state *state_get(const char *name, const char *file, bool readonly, bool auth); + char *state_get_var(struct state *state, const char *var); + + #endif /* __BAREBOX_STATE__ */ +diff --git a/src/keystore-blob.c b/src/keystore-blob.c +index 028dd8b..4572431 100644 +--- a/src/keystore-blob.c ++++ b/src/keystore-blob.c +@@ -30,7 +30,7 @@ int keystore_get_secret(const char *name, const unsigned char **key, int *key_le + if (!state) { + struct state *tmp; + +- tmp = state_get(keystore_state_name, true, false); ++ tmp = state_get(keystore_state_name, NULL, true, false); + if (IS_ERR(tmp)) + return PTR_ERR(tmp); + state = tmp; +-- +cgit v0.10.2 diff --git a/buildroot-external/board/ova/patches/dt-utils/0002-support-finding-devices-by-partuuid.patch b/buildroot-external/board/ova/patches/dt-utils/0002-support-finding-devices-by-partuuid.patch new file mode 100644 index 000000000..31b8b2b6d --- /dev/null +++ b/buildroot-external/board/ova/patches/dt-utils/0002-support-finding-devices-by-partuuid.patch @@ -0,0 +1,33 @@ +From 26148417fab419a0c7f301fb8f2be015324d5374 Mon Sep 17 00:00:00 2001 +From: Steffen Trumtrar +Date: Fri, 30 Jun 2017 16:53:17 +0200 +Subject: libdt: support finding devices by partuuid + +Signed-off-by: Steffen Trumtrar + +diff --git a/src/libdt.c b/src/libdt.c +index 3adeed2..2bc6cc1 100644 +--- a/src/libdt.c ++++ b/src/libdt.c +@@ -2393,6 +2393,18 @@ int of_get_devicepath(struct device_node *partition_node, char **devpath, off_t + */ + node = partition_node->parent; + ++ if (of_device_is_compatible(node, "fixed-partitions")) { ++ const char *uuid; ++ ++ /* when partuuid is specified short-circuit the search for the cdev */ ++ ret = of_property_read_string(partition_node, "partuuid", &uuid); ++ if (!ret) { ++ *devpath = basprintf("/dev/disk/by-partuuid/%s", uuid); ++ ++ return 0; ++ } ++ } ++ + /* + * Respect flash "partitions" subnode. Use parent of parent in this + * case. +-- +cgit v0.10.2 + diff --git a/buildroot-external/board/ova/patches/rauc/0001-add-i-argument-to.patch b/buildroot-external/board/ova/patches/rauc/0001-add-i-argument-to.patch new file mode 100644 index 000000000..2337970a9 --- /dev/null +++ b/buildroot-external/board/ova/patches/rauc/0001-add-i-argument-to.patch @@ -0,0 +1,36 @@ +From c9d56ea8fccf72e1c5d1f224f965e1a8e84d1b7f Mon Sep 17 00:00:00 2001 +From: Pascal Vizeli +Date: Wed, 9 May 2018 21:54:58 +0200 +Subject: [PATCH 1/1] add -i argument to barebox-state call + +--- + src/bootchooser.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/bootchooser.c b/src/bootchooser.c +index d5efc0c..c57c2f7 100644 +--- a/src/bootchooser.c ++++ b/src/bootchooser.c +@@ -77,6 +77,9 @@ static gboolean barebox_state_get(const gchar* bootname, BareboxSlotState *bb_st + g_ptr_array_add(args, g_strdup_printf(BOOTSTATE_PREFIX ".%s.priority", bootname)); + g_ptr_array_add(args, g_strdup("-g")); + g_ptr_array_add(args, g_strdup_printf(BOOTSTATE_PREFIX ".%s.remaining_attempts", bootname)); ++ ++ g_ptr_array_add(args, g_strdup("-i")); ++ g_ptr_array_add(args, g_strdup("/mnt/boot/EFI/barebox/state.dtb")); + g_ptr_array_add(args, NULL); + + sub = g_subprocess_newv((const gchar * const *)args->pdata, +@@ -170,6 +173,9 @@ static gboolean barebox_state_set(GPtrArray *pairs, GError **error) + g_ptr_array_add(args, g_strdup("-s")); + g_ptr_array_add(args, g_strdup(pairs->pdata[i])); + } ++ ++ g_ptr_array_add(args, g_strdup("-i")); ++ g_ptr_array_add(args, g_strdup("/mnt/boot/EFI/barebox/state.dtb")); + g_ptr_array_add(args, NULL); + + sub = g_subprocess_newv((const gchar * const *)args->pdata, +-- +2.7.4 + diff --git a/buildroot-external/configs/ova_defconfig b/buildroot-external/configs/ova_defconfig index 06be6a5fa..17b914de8 100644 --- a/buildroot-external/configs/ova_defconfig +++ b/buildroot-external/configs/ova_defconfig @@ -1,7 +1,7 @@ BR2_x86_64=y BR2_CCACHE=y BR2_CCACHE_DIR="$(TOPDIR)/ccache" -BR2_GLOBAL_PATCH_DIR="$(BR2_EXTERNAL_HASSIO_PATH)/patches" +BR2_GLOBAL_PATCH_DIR="$(BR2_EXTERNAL_HASSIO_PATH)/patches $(BR2_EXTERNAL_HASSIO_PATH)/board/ova/patches" BR2_TOOLCHAIN_BUILDROOT_GLIBC=y BR2_GCC_VERSION_7_X=y BR2_TOOLCHAIN_BUILDROOT_CXX=y diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/rauc-good.service b/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/rauc-good.service new file mode 120000 index 000000000..3ff40f746 --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/rauc-good.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/rauc-good.service \ No newline at end of file diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-supervisor.service b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-supervisor.service index 81dc66e42..373cb9b55 100644 --- a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-supervisor.service +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-supervisor.service @@ -1,8 +1,11 @@ [Unit] Description=Hass.io supervisor Requires=docker.service -After=docker.service +After=docker.service dbus.socket RequiresMountsFor=/mnt/data +StartLimitIntervalSec=60 +StartLimitBurst=5 +OnFailure=rauc-bad.service [Service] Type=simple diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-bad.service b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-bad.service new file mode 100644 index 000000000..04e009b36 --- /dev/null +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-bad.service @@ -0,0 +1,14 @@ +[Unit] +Description=Rauc mark bad +Requires=rauc.service +After=rauc.service +RefuseManualStart=true +RefuseManualStop=true + +[Service] +Type=oneshot +ExecStart=/usr/bin/rauc status mark-bad +ExecStartPost=/usr/bin/systemctl reboot + +[Install] +WantedBy=multi-user.target diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-good.service b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-good.service new file mode 100644 index 000000000..4af9b0984 --- /dev/null +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-good.service @@ -0,0 +1,14 @@ +[Unit] +Description=Hassio rauc good +Requires=hassio-supervisor.service +After=rauc.service hassio-supervisor.service +RefuseManualStart=true +RefuseManualStop=true + +[Service] +Type=oneshot +ExecStartPre=/bin/sleep 80 +ExecStart=/usr/bin/rauc status mark-good + +[Install] +WantedBy=multi-user.target diff --git a/buildroot-patches/0014-package-rauc-Version-bump-to-0.4.patch b/buildroot-patches/0014-package-rauc-Version-bump-to-0.4.patch new file mode 100644 index 000000000..690bdd4c2 --- /dev/null +++ b/buildroot-patches/0014-package-rauc-Version-bump-to-0.4.patch @@ -0,0 +1,34 @@ +Version 0.4 supports bootloader updates to eMMC boot partitions. + +Signed-off-by: Jim Brennan +--- + package/rauc/rauc.hash | 4 ++-- + package/rauc/rauc.mk | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/package/rauc/rauc.hash b/package/rauc/rauc.hash +index 91d7c1d62e..a16340f185 100644 +--- a/package/rauc/rauc.hash ++++ b/package/rauc/rauc.hash +@@ -1,3 +1,3 @@ + # Locally calculated, after verifying against +-# https://github.com/rauc/rauc/releases/download/v0.3/rauc-0.3.tar.xz.asc +-sha256 dc01bfb08b1830376782f9a51cfec290171519267ab97cc909435da9ac6d6d98 rauc-0.3.tar.xz ++# https://github.com/rauc/rauc/releases/download/v0.4/rauc-0.4.tar.xz.asc ++sha256 89656b6330ac1f31293d450f5179896397c588ab52e77ec229382a6abd125d35 rauc-0.4.tar.xz +diff --git a/package/rauc/rauc.mk b/package/rauc/rauc.mk +index 63fbc53022..f1705a8c33 100644 +--- a/package/rauc/rauc.mk ++++ b/package/rauc/rauc.mk +@@ -4,7 +4,7 @@ + # + ################################################################################ + +-RAUC_VERSION = 0.3 ++RAUC_VERSION = 0.4 + RAUC_SITE = https://github.com/rauc/rauc/releases/download/v$(RAUC_VERSION) + RAUC_SOURCE = rauc-$(RAUC_VERSION).tar.xz + RAUC_LICENSE = LGPL-2.1 +-- +2.11.0 + diff --git a/buildroot/package/rauc/rauc.hash b/buildroot/package/rauc/rauc.hash index 91d7c1d62..a16340f18 100644 --- a/buildroot/package/rauc/rauc.hash +++ b/buildroot/package/rauc/rauc.hash @@ -1,3 +1,3 @@ # Locally calculated, after verifying against -# https://github.com/rauc/rauc/releases/download/v0.3/rauc-0.3.tar.xz.asc -sha256 dc01bfb08b1830376782f9a51cfec290171519267ab97cc909435da9ac6d6d98 rauc-0.3.tar.xz +# https://github.com/rauc/rauc/releases/download/v0.4/rauc-0.4.tar.xz.asc +sha256 89656b6330ac1f31293d450f5179896397c588ab52e77ec229382a6abd125d35 rauc-0.4.tar.xz diff --git a/buildroot/package/rauc/rauc.mk b/buildroot/package/rauc/rauc.mk index 63fbc5302..f1705a8c3 100644 --- a/buildroot/package/rauc/rauc.mk +++ b/buildroot/package/rauc/rauc.mk @@ -4,7 +4,7 @@ # ################################################################################ -RAUC_VERSION = 0.3 +RAUC_VERSION = 0.4 RAUC_SITE = https://github.com/rauc/rauc/releases/download/v$(RAUC_VERSION) RAUC_SOURCE = rauc-$(RAUC_VERSION).tar.xz RAUC_LICENSE = LGPL-2.1 diff --git a/scripts/ovf-create.sh b/scripts/ovf-create.sh old mode 100644 new mode 100755 diff --git a/scripts/update-dtb.sh b/scripts/update-dtb.sh new file mode 100755 index 000000000..1417d7026 --- /dev/null +++ b/scripts/update-dtb.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +dtc -O dtb -o buildroot-external/board/ova/barebox-state.dtb buildroot-external/board/ova/barebox-state.dts From 37d1c995b7682d0d7bba992d8ce5371c99ded15b Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 10:02:46 +0200 Subject: [PATCH 060/100] disable counter on boot --- buildroot-external/barebox-env/bin/init | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/barebox-env/bin/init b/buildroot-external/barebox-env/bin/init index 7c3d67cde..2ec2a484d 100644 --- a/buildroot-external/barebox-env/bin/init +++ b/buildroot-external/barebox-env/bin/init @@ -14,7 +14,7 @@ for i in /env/init/*; do done echo "- Hit m for menu or wait for autoboot -" -timeout -a 1 -v key +timeout -a 1 -s -v key # Run menu if [ "${key}" != "m" ]; then From 1385cc28cd3d0db19e1ad4bf5023e22f41f9bf9b Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 21:52:27 +0200 Subject: [PATCH 061/100] Set fix UUIDs for partition --- buildroot-external/scripts/hdd_image.sh | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/buildroot-external/scripts/hdd_image.sh b/buildroot-external/scripts/hdd_image.sh index 5a7b284ee..befdb00ea 100755 --- a/buildroot-external/scripts/hdd_image.sh +++ b/buildroot-external/scripts/hdd_image.sh @@ -1,7 +1,13 @@ #!/bin/bash -BOOT_SIZE=32M +BOOT_UUID="b3dd0952-733c-4c88-8cba-cab9b8b4377f" BOOTSTATE_UUID="33236519-7F32-4DFF-8002-3390B62C309D" +SYSTEM0_UUID="8d3d53e3-6d49-4c38-8349-aff6859e82fd" +SYSTEM1_UUID="a3ec664e-32ce-4665-95ea-7ae90ce9aa20" +OVERLAY_UUID="f1326040-5236-40eb-b683-aaa100a9afcf" +DATA_UUID="a52a4597-fa3a-4851-aefd-2fbe9f849079" + +BOOT_SIZE=32M BOOTSTATE_SIZE=8M SYSTEM_SIZE=256M OVERLAY_SIZE=64M @@ -44,15 +50,15 @@ function hassio_hdd_image() { # Partition layout boot_offset="$(sgdisk -F ${hdd_img})" - sgdisk -n 1:0:+${BOOT_SIZE} -c 1:"hassio-boot" -t 1:"C12A7328-F81F-11D2-BA4B-00A0C93EC93B" ${hdd_img} + sgdisk -n 1:0:+${BOOT_SIZE} -c 1:"hassio-boot" -t 1:"C12A7328-F81F-11D2-BA4B-00A0C93EC93B" -u 1:${BOOT_UUID} ${hdd_img} rootfs_offset="$(sgdisk -F ${hdd_img})" - sgdisk -n 2:0:+${SYSTEM_SIZE} -c 2:"hassio-system0" -t 2:"0FC63DAF-8483-4772-8E79-3D69D8477DE4" ${hdd_img} - sgdisk -n 3:0:+${SYSTEM_SIZE} -c 3:"hassio-system1" -t 3:"0FC63DAF-8483-4772-8E79-3D69D8477DE4" ${hdd_img} + sgdisk -n 2:0:+${SYSTEM_SIZE} -c 2:"hassio-system0" -t 2:"0FC63DAF-8483-4772-8E79-3D69D8477DE4" -u 2:${SYSTEM0_UUID} ${hdd_img} + sgdisk -n 3:0:+${SYSTEM_SIZE} -c 3:"hassio-system1" -t 3:"0FC63DAF-8483-4772-8E79-3D69D8477DE4" -u 3:${SYSTEM1_UUID} ${hdd_img} sgdisk -n 4:0:+${BOOTSTATE_SIZE} -c 4:"hassio-bootstate" -u 4:${BOOTSTATE_UUID} ${hdd_img} overlay_offset="$(sgdisk -F ${hdd_img})" - sgdisk -n 5:0:+${OVERLAY_SIZE} -c 5:"hassio-overlay" -t 5:"0FC63DAF-8483-4772-8E79-3D69D8477DE4" ${hdd_img} + sgdisk -n 5:0:+${OVERLAY_SIZE} -c 5:"hassio-overlay" -t 5:"0FC63DAF-8483-4772-8E79-3D69D8477DE4" -u 5:${OVERLAY_UUID} ${hdd_img} data_offset="$(sgdisk -F ${hdd_img})" - sgdisk -n 6:0:+${DATA_SIZE} -c 6:"hassio-data" -t 6:"0FC63DAF-8483-4772-8E79-3D69D8477DE4" ${hdd_img} + sgdisk -n 6:0:+${DATA_SIZE} -c 6:"hassio-data" -t 6:"0FC63DAF-8483-4772-8E79-3D69D8477DE4" -u 6:${DATA_UUID} ${hdd_img} sgdisk -v # Write Images From e317e742fe1d562a4777ce4864a014b53bccae33 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 21:54:53 +0200 Subject: [PATCH 062/100] Update and rename buildroot-external/board/ova/rauc.conf to buildroot-external/board/ova/rootfs-overlay/etc/rauc.conf --- buildroot-external/board/ova/{ => rootfs-overlay/etc}/rauc.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename buildroot-external/board/ova/{ => rootfs-overlay/etc}/rauc.conf (90%) diff --git a/buildroot-external/board/ova/rauc.conf b/buildroot-external/board/ova/rootfs-overlay/etc/rauc.conf similarity index 90% rename from buildroot-external/board/ova/rauc.conf rename to buildroot-external/board/ova/rootfs-overlay/etc/rauc.conf index 0c31528c0..253491574 100644 --- a/buildroot-external/board/ova/rauc.conf +++ b/buildroot-external/board/ova/rootfs-overlay/etc/rauc.conf @@ -1,5 +1,5 @@ [system] -compatible=Hass.io OS OVA +compatible=Hass.io OVA bootloader=barebox [keyring] From b19045e2130c60ca50e2ec3760d3ba3a1e954924 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 21:57:01 +0200 Subject: [PATCH 063/100] Update ova_defconfig --- buildroot-external/configs/ova_defconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/configs/ova_defconfig b/buildroot-external/configs/ova_defconfig index 17b914de8..383ba8294 100644 --- a/buildroot-external/configs/ova_defconfig +++ b/buildroot-external/configs/ova_defconfig @@ -10,7 +10,7 @@ BR2_TARGET_GENERIC_ISSUE="Welcome to Hass.io" BR2_INIT_SYSTEMD=y BR2_TARGET_GENERIC_GETTY_PORT="tty1" # BR2_TARGET_GENERIC_REMOUNT_ROOTFS_RW is not set -BR2_ROOTFS_OVERLAY="$(BR2_EXTERNAL_HASSIO_PATH)/rootfs-overlay/" +BR2_ROOTFS_OVERLAY="$(BR2_EXTERNAL_HASSIO_PATH)/rootfs-overlay/ $(BR2_EXTERNAL_HASSIO_PATH)/board/ova/rootfs-overlay/" BR2_ROOTFS_POST_BUILD_SCRIPT="$(BR2_EXTERNAL_HASSIO_PATH)/board/ova/post-build.sh" BR2_ROOTFS_POST_IMAGE_SCRIPT="$(BR2_EXTERNAL_HASSIO_PATH)/board/ova/post-image.sh" BR2_LINUX_KERNEL=y From 89dd86f943c14fac35e74df582ba535231818b1f Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 21:58:29 +0200 Subject: [PATCH 064/100] cleanup --- buildroot-external/configs/ova_defconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/configs/ova_defconfig b/buildroot-external/configs/ova_defconfig index 383ba8294..4415acbdf 100644 --- a/buildroot-external/configs/ova_defconfig +++ b/buildroot-external/configs/ova_defconfig @@ -10,7 +10,7 @@ BR2_TARGET_GENERIC_ISSUE="Welcome to Hass.io" BR2_INIT_SYSTEMD=y BR2_TARGET_GENERIC_GETTY_PORT="tty1" # BR2_TARGET_GENERIC_REMOUNT_ROOTFS_RW is not set -BR2_ROOTFS_OVERLAY="$(BR2_EXTERNAL_HASSIO_PATH)/rootfs-overlay/ $(BR2_EXTERNAL_HASSIO_PATH)/board/ova/rootfs-overlay/" +BR2_ROOTFS_OVERLAY="$(BR2_EXTERNAL_HASSIO_PATH)/rootfs-overlay $(BR2_EXTERNAL_HASSIO_PATH)/board/ova/rootfs-overlay" BR2_ROOTFS_POST_BUILD_SCRIPT="$(BR2_EXTERNAL_HASSIO_PATH)/board/ova/post-build.sh" BR2_ROOTFS_POST_IMAGE_SCRIPT="$(BR2_EXTERNAL_HASSIO_PATH)/board/ova/post-image.sh" BR2_LINUX_KERNEL=y From 0bd750c6913d81ed0a0606b46ff9868533a4ba49 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 22:01:15 +0200 Subject: [PATCH 065/100] Update post-build.sh --- buildroot-external/board/ova/post-build.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/buildroot-external/board/ova/post-build.sh b/buildroot-external/board/ova/post-build.sh index f2f5e4417..d0d71ed75 100755 --- a/buildroot-external/board/ova/post-build.sh +++ b/buildroot-external/board/ova/post-build.sh @@ -9,5 +9,3 @@ BOARD_DIR="$(dirname $0)" # HassioOS tasks fix_rootfs install_hassio_cli - -cp ${BOARD_DIR}/rauc.conf ${TARGET_DIR}/etc/rauc/system.conf From 404e861a272ae45cff37592fe6e89cf5a4f33463 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 22:33:18 +0200 Subject: [PATCH 066/100] some cleanups --- buildroot-external/board/ova/post-build.sh | 11 ----------- buildroot-external/configs/ova_defconfig | 3 ++- .../rootfs-overlay/usr/{bin => sbin}/hassio-cli | 0 buildroot-external/scripts/post-build.sh | 7 +++++++ buildroot-external/scripts/rootfs_layer.sh | 15 ++++++++++++++- 5 files changed, 23 insertions(+), 13 deletions(-) delete mode 100755 buildroot-external/board/ova/post-build.sh rename buildroot-external/rootfs-overlay/usr/{bin => sbin}/hassio-cli (100%) create mode 100755 buildroot-external/scripts/post-build.sh diff --git a/buildroot-external/board/ova/post-build.sh b/buildroot-external/board/ova/post-build.sh deleted file mode 100755 index d0d71ed75..000000000 --- a/buildroot-external/board/ova/post-build.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -set -e - -SCRIPT_DIR=${BR2_EXTERNAL_HASSIO_PATH}/scripts -BOARD_DIR="$(dirname $0)" - -. ${SCRIPT_DIR}/rootfs_layer.sh - -# HassioOS tasks -fix_rootfs -install_hassio_cli diff --git a/buildroot-external/configs/ova_defconfig b/buildroot-external/configs/ova_defconfig index 4415acbdf..62f4d4ca0 100644 --- a/buildroot-external/configs/ova_defconfig +++ b/buildroot-external/configs/ova_defconfig @@ -11,8 +11,9 @@ BR2_INIT_SYSTEMD=y BR2_TARGET_GENERIC_GETTY_PORT="tty1" # BR2_TARGET_GENERIC_REMOUNT_ROOTFS_RW is not set BR2_ROOTFS_OVERLAY="$(BR2_EXTERNAL_HASSIO_PATH)/rootfs-overlay $(BR2_EXTERNAL_HASSIO_PATH)/board/ova/rootfs-overlay" -BR2_ROOTFS_POST_BUILD_SCRIPT="$(BR2_EXTERNAL_HASSIO_PATH)/board/ova/post-build.sh" +BR2_ROOTFS_POST_BUILD_SCRIPT="$(BR2_EXTERNAL_HASSIO_PATH)/scripts/post-build.sh" BR2_ROOTFS_POST_IMAGE_SCRIPT="$(BR2_EXTERNAL_HASSIO_PATH)/board/ova/post-image.sh" +BR2_ROOTFS_POST_SCRIPT_ARGS="ova" BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="$(BR2_EXTERNAL_HASSIO_PATH)/board/ova/kernel.config" diff --git a/buildroot-external/rootfs-overlay/usr/bin/hassio-cli b/buildroot-external/rootfs-overlay/usr/sbin/hassio-cli similarity index 100% rename from buildroot-external/rootfs-overlay/usr/bin/hassio-cli rename to buildroot-external/rootfs-overlay/usr/sbin/hassio-cli diff --git a/buildroot-external/scripts/post-build.sh b/buildroot-external/scripts/post-build.sh new file mode 100755 index 000000000..81eb1a233 --- /dev/null +++ b/buildroot-external/scripts/post-build.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +. rootfs_layer.sh + +# Hass.io OS tasks +fix_rootfs +install_hassio_cli diff --git a/buildroot-external/scripts/rootfs_layer.sh b/buildroot-external/scripts/rootfs_layer.sh index f8bcffccc..f23375d17 100644 --- a/buildroot-external/scripts/rootfs_layer.sh +++ b/buildroot-external/scripts/rootfs_layer.sh @@ -5,10 +5,23 @@ function fix_rootfs() { # Cleanup DHCP service, we don't need this with NetworkManager rm -rf ${TARGET_DIR}/etc/systemd/system/multi-user.target.wants/dhcpcd.service rm -rf ${TARGET_DIR}/usr/lib/systemd/system/dhcpcd.service + + # Cleanup etc + rm -rf ${TARGET_DIR}/etc/init.d + rm -rf ${TARGET_DIR}/etc/modules-load.d + rm -rf ${TARGET_DIR}/etc/network + rm -rf ${TARGET_DIR}/etc/X11 + rm -rf ${TARGET_DIR}/etc/xdg + rm -f ${TARGET_DIR}/etc/mtab + + # Cleanup root + rm -rf ${TARGET_DIR}/media + rm -rf ${TARGET_DIR}/srv + rm -rf ${TARGET_DIR}/opt } function install_hassio_cli() { - sed -i "s|\(root.*\)/bin/sh|\1/usr/bin/hassio-cli|" ${TARGET_DIR}/etc/passwd + sed -i "s|\(root.*\)/bin/sh|\1/usr/sbin/hassio-cli|" ${TARGET_DIR}/etc/passwd } From 7d3f2a6804cbecf7f1c0a2f1444215212c3c2e1f Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 22:36:00 +0200 Subject: [PATCH 067/100] Update ova_defconfig --- buildroot-external/configs/ova_defconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/configs/ova_defconfig b/buildroot-external/configs/ova_defconfig index 62f4d4ca0..99988a579 100644 --- a/buildroot-external/configs/ova_defconfig +++ b/buildroot-external/configs/ova_defconfig @@ -13,7 +13,7 @@ BR2_TARGET_GENERIC_GETTY_PORT="tty1" BR2_ROOTFS_OVERLAY="$(BR2_EXTERNAL_HASSIO_PATH)/rootfs-overlay $(BR2_EXTERNAL_HASSIO_PATH)/board/ova/rootfs-overlay" BR2_ROOTFS_POST_BUILD_SCRIPT="$(BR2_EXTERNAL_HASSIO_PATH)/scripts/post-build.sh" BR2_ROOTFS_POST_IMAGE_SCRIPT="$(BR2_EXTERNAL_HASSIO_PATH)/board/ova/post-image.sh" -BR2_ROOTFS_POST_SCRIPT_ARGS="ova" +BR2_ROOTFS_POST_SCRIPT_ARGS="$(BR2_EXTERNAL_HASSIO_PATH)/board/ova" BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="$(BR2_EXTERNAL_HASSIO_PATH)/board/ova/kernel.config" From 94a6198066d0ef10fc9d1103977cfeb2b0599a7c Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 22:42:21 +0200 Subject: [PATCH 068/100] Create info --- buildroot-external/info | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 buildroot-external/info diff --git a/buildroot-external/info b/buildroot-external/info new file mode 100644 index 000000000..e2fa4ce41 --- /dev/null +++ b/buildroot-external/info @@ -0,0 +1,5 @@ +# Include version data +VERSION_MAJOR=0 +VERSION_BUILD=2 + +HASSIO_NAME="Hass.io-OS" From 90d0bf609aa6900cbc94dfdd3940176c6490ba0c Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 22:50:52 +0200 Subject: [PATCH 069/100] Update rauc.conf --- buildroot-external/board/ova/rootfs-overlay/etc/rauc.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/board/ova/rootfs-overlay/etc/rauc.conf b/buildroot-external/board/ova/rootfs-overlay/etc/rauc.conf index 253491574..149ccd835 100644 --- a/buildroot-external/board/ova/rootfs-overlay/etc/rauc.conf +++ b/buildroot-external/board/ova/rootfs-overlay/etc/rauc.conf @@ -1,5 +1,5 @@ [system] -compatible=Hass.io OVA +compatible=Hass.io-OS ova bootloader=barebox [keyring] From 9c8f58276d053ddc94631d4143843c536f1eb74b Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 23:08:45 +0200 Subject: [PATCH 070/100] Update info --- buildroot-external/info | 1 - 1 file changed, 1 deletion(-) diff --git a/buildroot-external/info b/buildroot-external/info index e2fa4ce41..5bc340c9a 100644 --- a/buildroot-external/info +++ b/buildroot-external/info @@ -1,4 +1,3 @@ -# Include version data VERSION_MAJOR=0 VERSION_BUILD=2 From d4135c29d170eb937b79ef43ff345edb1cc3c095 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 23:09:19 +0200 Subject: [PATCH 071/100] Create info --- buildroot-external/board/ova/info | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 buildroot-external/board/ova/info diff --git a/buildroot-external/board/ova/info b/buildroot-external/board/ova/info new file mode 100644 index 000000000..8c7f1372b --- /dev/null +++ b/buildroot-external/board/ova/info @@ -0,0 +1,2 @@ +BOARD_ID=ova +BOARD_NAME=OVA From eac5e0ebbb814648b7160a4af246c8edac9d9e29 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 23:10:34 +0200 Subject: [PATCH 072/100] Update post-image.sh --- buildroot-external/board/ova/post-image.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/board/ova/post-image.sh b/buildroot-external/board/ova/post-image.sh index 6b5579c30..e0e1e72c0 100755 --- a/buildroot-external/board/ova/post-image.sh +++ b/buildroot-external/board/ova/post-image.sh @@ -2,7 +2,7 @@ set -e SCRIPT_DIR=${BR2_EXTERNAL_HASSIO_PATH}/scripts -BOARD_DIR="$(dirname $0)" +BOARD_DIR=${2} BOOT_DATA=${BINARIES_DIR}/boot . ${SCRIPT_DIR}/hdd_image.sh From ba713bc1b8a843b4b2eb86f4bfbb0703ba9a8f96 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 23:11:44 +0200 Subject: [PATCH 073/100] Update post-build.sh --- buildroot-external/scripts/post-build.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/buildroot-external/scripts/post-build.sh b/buildroot-external/scripts/post-build.sh index 81eb1a233..6239b4fb2 100755 --- a/buildroot-external/scripts/post-build.sh +++ b/buildroot-external/scripts/post-build.sh @@ -1,7 +1,23 @@ #!/bin/bash +BOARD_DIR=${2} + . rootfs_layer.sh +. ../info +. ${BOARD_DIR}/info # Hass.io OS tasks fix_rootfs install_hassio_cli + +( + echo "NAME=Hass.io" + echo "VERSION=\"${BOARD} ${VERSION_MAJOR}.${VERSION_BUILD}\"" + echo "ID=hassio-os" + echo "VERSION_ID=${VERSION_MAJOR}.${VERSION_BUILD}" + echo "PRETTY_NAME=\"${HASSIO_NAME} ${VERSION_MAJOR}.${VERSION_BUILD}\"" + echo "CPE_NAME=" + echo "HOME_URL=https://hass.io/" + echo "VARIANT=\"Hass.io ${BOARD_NAME}\"" + echo "VARIANT_ID=${BOARD_ID}" +) > /etc/os-release From ab2def733d4c07c866a96f161adeeef2cac4a801 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 23:13:49 +0200 Subject: [PATCH 074/100] Update rootfs_layer.sh --- buildroot-external/scripts/rootfs_layer.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/buildroot-external/scripts/rootfs_layer.sh b/buildroot-external/scripts/rootfs_layer.sh index f23375d17..f2618f7f8 100644 --- a/buildroot-external/scripts/rootfs_layer.sh +++ b/buildroot-external/scripts/rootfs_layer.sh @@ -18,6 +18,9 @@ function fix_rootfs() { rm -rf ${TARGET_DIR}/media rm -rf ${TARGET_DIR}/srv rm -rf ${TARGET_DIR}/opt + + # Other stuff + rm -f ${TARGET_DIR}/usr/lib/os-release } From 3f5c73f87d4fe7d724b6e3dc182e2ffcd5c83a3f Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 23:17:42 +0200 Subject: [PATCH 075/100] Update info --- buildroot-external/board/ova/info | 1 + 1 file changed, 1 insertion(+) diff --git a/buildroot-external/board/ova/info b/buildroot-external/board/ova/info index 8c7f1372b..5504e1047 100644 --- a/buildroot-external/board/ova/info +++ b/buildroot-external/board/ova/info @@ -1,2 +1,3 @@ BOARD_ID=ova BOARD_NAME=OVA +CHASSIS=vm From 77bf239b098c155a12de9814894768eec41ef7e1 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 23:18:21 +0200 Subject: [PATCH 076/100] Update info --- buildroot-external/info | 2 ++ 1 file changed, 2 insertions(+) diff --git a/buildroot-external/info b/buildroot-external/info index 5bc340c9a..676f81002 100644 --- a/buildroot-external/info +++ b/buildroot-external/info @@ -2,3 +2,5 @@ VERSION_MAJOR=0 VERSION_BUILD=2 HASSIO_NAME="Hass.io-OS" + +DEPLOYMENT=development From cbd8f536f567d3cd95cd6574c5bdf2cac0b89733 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 23:22:52 +0200 Subject: [PATCH 077/100] Update post-build.sh --- buildroot-external/scripts/post-build.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/buildroot-external/scripts/post-build.sh b/buildroot-external/scripts/post-build.sh index 6239b4fb2..14ebfc25f 100755 --- a/buildroot-external/scripts/post-build.sh +++ b/buildroot-external/scripts/post-build.sh @@ -10,6 +10,7 @@ BOARD_DIR=${2} fix_rootfs install_hassio_cli +# Write os-release ( echo "NAME=Hass.io" echo "VERSION=\"${BOARD} ${VERSION_MAJOR}.${VERSION_BUILD}\"" @@ -21,3 +22,9 @@ install_hassio_cli echo "VARIANT=\"Hass.io ${BOARD_NAME}\"" echo "VARIANT_ID=${BOARD_ID}" ) > /etc/os-release + +# Write machine-info +( + echo "CHASSIS=${CHASSIS}" + echo "DEPLOYMENT=${DEPLOYMENT}" +) > /etc/machine-info From a10446daef9490d91bab0474f80085faca720739 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 23:32:38 +0200 Subject: [PATCH 078/100] Update post-build.sh --- buildroot-external/scripts/post-build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/scripts/post-build.sh b/buildroot-external/scripts/post-build.sh index 14ebfc25f..d08c3d2ed 100755 --- a/buildroot-external/scripts/post-build.sh +++ b/buildroot-external/scripts/post-build.sh @@ -17,7 +17,7 @@ install_hassio_cli echo "ID=hassio-os" echo "VERSION_ID=${VERSION_MAJOR}.${VERSION_BUILD}" echo "PRETTY_NAME=\"${HASSIO_NAME} ${VERSION_MAJOR}.${VERSION_BUILD}\"" - echo "CPE_NAME=" + echo "CPE_NAME=cpe:2.3:o:home_assistant:hassio:${VERSION_MAJOR}.${VERSION_BUILD}:*:${DEPLOYMENT}:*:*:*:${BOARD_ID}:*" echo "HOME_URL=https://hass.io/" echo "VARIANT=\"Hass.io ${BOARD_NAME}\"" echo "VARIANT_ID=${BOARD_ID}" From 40a1ba8d7f2912e799a3d15bd533be9b22f44024 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Fri, 11 May 2018 22:52:30 +0200 Subject: [PATCH 079/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 1 + 1 file changed, 1 insertion(+) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index d926b7245..267c3f5f1 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -20,6 +20,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny /sys/** wl, /** r, + /tmp/** rw, /data/** rw, /{,var/}run/docker.sock rw, From ef92d7a894a0036fb714b66750eb836a81f8c2f3 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Fri, 11 May 2018 23:14:08 +0200 Subject: [PATCH 080/100] Update info --- buildroot-external/board/ova/info | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/board/ova/info b/buildroot-external/board/ova/info index 5504e1047..4d22261e2 100644 --- a/buildroot-external/board/ova/info +++ b/buildroot-external/board/ova/info @@ -1,3 +1,3 @@ BOARD_ID=ova -BOARD_NAME=OVA +BOARD_NAME="Open Virtual Appliance" CHASSIS=vm From 497c5365af5dcd9175f2a3c9b651a9b4058be347 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Fri, 11 May 2018 23:17:05 +0200 Subject: [PATCH 081/100] Cleanup version strings --- buildroot-external/scripts/post-build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/scripts/post-build.sh b/buildroot-external/scripts/post-build.sh index d08c3d2ed..be9f1f61b 100755 --- a/buildroot-external/scripts/post-build.sh +++ b/buildroot-external/scripts/post-build.sh @@ -13,7 +13,7 @@ install_hassio_cli # Write os-release ( echo "NAME=Hass.io" - echo "VERSION=\"${BOARD} ${VERSION_MAJOR}.${VERSION_BUILD}\"" + echo "VERSION=\"${VERSION_MAJOR}.${VERSION_BUILD} (${BOARD_NAME})\"" echo "ID=hassio-os" echo "VERSION_ID=${VERSION_MAJOR}.${VERSION_BUILD}" echo "PRETTY_NAME=\"${HASSIO_NAME} ${VERSION_MAJOR}.${VERSION_BUILD}\"" From 9dd46dd4868e4ffd3f5e6d9f78850d7a4ef40899 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 12 May 2018 00:27:40 +0200 Subject: [PATCH 082/100] Enable rauc on start --- .../etc/systemd/system/multi-user.target.wants/rauc.service | 1 + 1 file changed, 1 insertion(+) create mode 120000 buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/rauc.service diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/rauc.service b/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/rauc.service new file mode 120000 index 000000000..c7ea83e7a --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/rauc.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/rauc.service \ No newline at end of file From 08991f67635c33017690911eb26fac874853f90d Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 12 May 2018 10:04:11 +0200 Subject: [PATCH 083/100] automate output image --- buildroot-external/board/ova/post-image.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/buildroot-external/board/ova/post-image.sh b/buildroot-external/board/ova/post-image.sh index e0e1e72c0..f84a8fd91 100755 --- a/buildroot-external/board/ova/post-image.sh +++ b/buildroot-external/board/ova/post-image.sh @@ -6,6 +6,11 @@ BOARD_DIR=${2} BOOT_DATA=${BINARIES_DIR}/boot . ${SCRIPT_DIR}/hdd_image.sh +. ${BR2_EXTERNAL_HASSIO_PATH}/info +. ${BOARD_DIR}/info + +# Filename +IMAGE_FILE=hassio-${BOARD_ID}_${VERSION_MAJOR}.${VERSION_BUILD}.vmdk # Init boot data rm -rf ${BOOT_DATA} @@ -21,4 +26,4 @@ hassio_overlay_image ${BINARIES_DIR} hassio_hdd_image ${BINARIES_DIR} ${BINARIES_DIR}/harddisk.img 6 -qemu-img convert -O vmdk ${BINARIES_DIR}/harddisk.img ${BINARIES_DIR}/hassio-os.vmdk +qemu-img convert -O vmdk ${BINARIES_DIR}/harddisk.img ${BINARIES_DIR}/${IMAGE_FILE} From 455f99e83fa24f5b6a55f1f1ac5953b06da68cb8 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 12 May 2018 11:26:26 +0200 Subject: [PATCH 084/100] Boot system0 with partition UUID --- buildroot-external/board/ova/barebox-env/boot/system0 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/board/ova/barebox-env/boot/system0 b/buildroot-external/board/ova/barebox-env/boot/system0 index eece4af7d..4239b465c 100644 --- a/buildroot-external/board/ova/barebox-env/boot/system0 +++ b/buildroot-external/board/ova/barebox-env/boot/system0 @@ -1,5 +1,5 @@ #!/bin/sh global bootm.image="/mnt/disk1/boot/bzImage" -global linux.bootargs.dyn.root="root=/dev/sda2 rootfstype=squashfs ro" +global linux.bootargs.dyn.root="root=PARTUUID=8d3d53e3-6d49-4c38-8349-aff6859e82fd rootfstype=squashfs ro" From 1bfefec008eb13b4ed9de917221a355ef8074578 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 12 May 2018 11:27:05 +0200 Subject: [PATCH 085/100] Boot system1 with partition UUID --- buildroot-external/board/ova/barebox-env/boot/system1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/board/ova/barebox-env/boot/system1 b/buildroot-external/board/ova/barebox-env/boot/system1 index c917a2f05..3926d4112 100644 --- a/buildroot-external/board/ova/barebox-env/boot/system1 +++ b/buildroot-external/board/ova/barebox-env/boot/system1 @@ -1,4 +1,4 @@ #!/bin/sh global bootm.image="/mnt/disk2/boot/bzImage" -global linux.bootargs.dyn.root="root=/dev/sda3 rootfstype=squashfs ro" +global linux.bootargs.dyn.root="root=PARTUUID=a3ec664e-32ce-4665-95ea-7ae90ce9aa20 rootfstype=squashfs ro" From fdab2193766a5e43f9bf289955befa1f2261f174 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 12 May 2018 11:33:55 +0200 Subject: [PATCH 086/100] Create rauc-good.timer --- .../rootfs-overlay/usr/lib/systemd/system/rauc-good.timer | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-good.timer diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-good.timer b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-good.timer new file mode 100644 index 000000000..88671f8eb --- /dev/null +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-good.timer @@ -0,0 +1,8 @@ +[Unit] +Description=Rauc mark boot partition as good + +[Timer] +OnBootSec=1min + +[Install] +WantedBy=timers.target From dfb13b5d40dc02c07ae1fe351291e4f6ec879337 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 12 May 2018 11:35:28 +0200 Subject: [PATCH 087/100] Update rauc-good.service --- .../usr/lib/systemd/system/rauc-good.service | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-good.service b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-good.service index 4af9b0984..907ab3a26 100644 --- a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-good.service +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-good.service @@ -1,14 +1,9 @@ [Unit] Description=Hassio rauc good -Requires=hassio-supervisor.service -After=rauc.service hassio-supervisor.service +Requires=hassio-supervisor.service rauc.service RefuseManualStart=true RefuseManualStop=true [Service] Type=oneshot -ExecStartPre=/bin/sleep 80 ExecStart=/usr/bin/rauc status mark-good - -[Install] -WantedBy=multi-user.target From 44f90cae13a52a6b50ad63ce3d64faa8c5bfb9ed Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 12 May 2018 11:36:17 +0200 Subject: [PATCH 088/100] Update rauc-bad.service --- .../rootfs-overlay/usr/lib/systemd/system/rauc-bad.service | 4 ---- 1 file changed, 4 deletions(-) diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-bad.service b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-bad.service index 04e009b36..f93c5663a 100644 --- a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-bad.service +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-bad.service @@ -1,7 +1,6 @@ [Unit] Description=Rauc mark bad Requires=rauc.service -After=rauc.service RefuseManualStart=true RefuseManualStop=true @@ -9,6 +8,3 @@ RefuseManualStop=true Type=oneshot ExecStart=/usr/bin/rauc status mark-bad ExecStartPost=/usr/bin/systemctl reboot - -[Install] -WantedBy=multi-user.target From 387d932392dfb18028fc8a178626b357b5218583 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 12 May 2018 11:36:47 +0200 Subject: [PATCH 089/100] Update hassio-supervisor.service --- .../usr/lib/systemd/system/hassio-supervisor.service | 1 - 1 file changed, 1 deletion(-) diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-supervisor.service b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-supervisor.service index 373cb9b55..03b3dd108 100644 --- a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-supervisor.service +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-supervisor.service @@ -5,7 +5,6 @@ After=docker.service dbus.socket RequiresMountsFor=/mnt/data StartLimitIntervalSec=60 StartLimitBurst=5 -OnFailure=rauc-bad.service [Service] Type=simple From c507e7064130d0620980865d6011b63f3712a55b Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 12 May 2018 11:37:54 +0200 Subject: [PATCH 090/100] Create rauc.conf --- .../etc/systemd/system/hassio-supervisor.service.d/rauc.conf | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 buildroot-external/rootfs-overlay/etc/systemd/system/hassio-supervisor.service.d/rauc.conf diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-supervisor.service.d/rauc.conf b/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-supervisor.service.d/rauc.conf new file mode 100644 index 000000000..e001464d1 --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-supervisor.service.d/rauc.conf @@ -0,0 +1,2 @@ +[Unit] +OnFailure=rauc-bad.service From 18f47062859b361e50739e18188bab37d43bd5bf Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 12 May 2018 22:37:46 +0200 Subject: [PATCH 091/100] Enable Timer + disable system1 --- .../board/ova/barebox-state.dtb | Bin 1097 -> 1097 bytes .../board/ova/barebox-state.dts | 2 +- .../timers.target.wants/rauc-good.timer | 1 + 3 files changed, 2 insertions(+), 1 deletion(-) create mode 120000 buildroot-external/rootfs-overlay/etc/systemd/system/timers.target.wants/rauc-good.timer diff --git a/buildroot-external/board/ova/barebox-state.dtb b/buildroot-external/board/ova/barebox-state.dtb index bd29d50ae506b848f98e5babd786a857483789fd..fc1ead0ccf8780baad5e1276f0b4106a3e9b01fc 100644 GIT binary patch delta 14 VcmX@fagt+0J`*Fu<^rahi~uJN1jGOU delta 16 YcmX@fagt+0KGWpcj6$0mnNBbQ05>NF1ONa4 diff --git a/buildroot-external/board/ova/barebox-state.dts b/buildroot-external/board/ova/barebox-state.dts index 4938b03d8..927ff6624 100644 --- a/buildroot-external/board/ova/barebox-state.dts +++ b/buildroot-external/board/ova/barebox-state.dts @@ -38,7 +38,7 @@ remaining_attempts@8 { reg = <0x8 0x4>; type = "uint32"; - default = <3>; + default = <0>; }; priority@c { reg = <0xc 0x4>; diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/timers.target.wants/rauc-good.timer b/buildroot-external/rootfs-overlay/etc/systemd/system/timers.target.wants/rauc-good.timer new file mode 120000 index 000000000..d010b7029 --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/systemd/system/timers.target.wants/rauc-good.timer @@ -0,0 +1 @@ +/usr/lib/systemd/system/rauc-good.timer \ No newline at end of file From 5c1fc0768dd7f18da2bf84fbc708492fb07d205f Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 12 May 2018 23:07:15 +0200 Subject: [PATCH 092/100] Update supervisor --- buildroot-external/configs/ova_defconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/configs/ova_defconfig b/buildroot-external/configs/ova_defconfig index 99988a579..d1f0d4107 100644 --- a/buildroot-external/configs/ova_defconfig +++ b/buildroot-external/configs/ova_defconfig @@ -66,7 +66,7 @@ BR2_PACKAGE_HOST_RAUC=y BR2_PACKAGE_MINGETTY=y BR2_PACKAGE_HASSIO=y BR2_PACKAGE_HASSIO_SUPERVISOR="homeassistant/amd64-hassio-supervisor" -BR2_PACKAGE_HASSIO_SUPERVISOR_VERSION="103" +BR2_PACKAGE_HASSIO_SUPERVISOR_VERSION="103.3" BR2_PACKAGE_HASSIO_SUPERVISOR_ARGS="-e HOMEASSISTANT_REPOSITORY=homeassistant/qemux86-64-homeassistant" BR2_PACKAGE_HASSIO_SUPERVISOR_PROFILE="hassio-supervisor" BR2_PACKAGE_HASSIO_CLI="homeassistant/amd64-hassio-cli" From 3b7ca0190780fbe02731acd6aea39a0d20efed19 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sun, 13 May 2018 09:50:02 +0200 Subject: [PATCH 093/100] fix post build --- buildroot-external/scripts/post-build.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/buildroot-external/scripts/post-build.sh b/buildroot-external/scripts/post-build.sh index be9f1f61b..224bb7e44 100755 --- a/buildroot-external/scripts/post-build.sh +++ b/buildroot-external/scripts/post-build.sh @@ -1,9 +1,11 @@ #!/bin/bash +set -e +SCRIPT_DIR=${BR2_EXTERNAL_HASSIO_PATH}/scripts BOARD_DIR=${2} -. rootfs_layer.sh -. ../info +. ${SCRIPT_DIR}/rootfs_layer.sh +. ${BR2_EXTERNAL_HASSIO_PATH}/info . ${BOARD_DIR}/info # Hass.io OS tasks From b0825e17d59c23ea1c6b8393b46bfd3972274cfb Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sun, 13 May 2018 09:52:01 +0200 Subject: [PATCH 094/100] Cleanup old stuff --- .../etc/systemd/system/multi-user.target.wants/rauc-good.service | 1 - 1 file changed, 1 deletion(-) delete mode 120000 buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/rauc-good.service diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/rauc-good.service b/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/rauc-good.service deleted file mode 120000 index 3ff40f746..000000000 --- a/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/rauc-good.service +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/systemd/system/rauc-good.service \ No newline at end of file From c30367a29a6c3fa1b626c8d0a0c144197a61a79e Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sun, 13 May 2018 10:08:35 +0200 Subject: [PATCH 095/100] Update rootfs_layer.sh --- buildroot-external/scripts/rootfs_layer.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/buildroot-external/scripts/rootfs_layer.sh b/buildroot-external/scripts/rootfs_layer.sh index f2618f7f8..a46b62365 100644 --- a/buildroot-external/scripts/rootfs_layer.sh +++ b/buildroot-external/scripts/rootfs_layer.sh @@ -12,7 +12,6 @@ function fix_rootfs() { rm -rf ${TARGET_DIR}/etc/network rm -rf ${TARGET_DIR}/etc/X11 rm -rf ${TARGET_DIR}/etc/xdg - rm -f ${TARGET_DIR}/etc/mtab # Cleanup root rm -rf ${TARGET_DIR}/media From 979af0c8bc7eb6dc4f2ff6703a7698f74a5fe9f9 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sun, 13 May 2018 16:11:04 +0200 Subject: [PATCH 096/100] fix os-release --- buildroot-external/scripts/post-build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/scripts/post-build.sh b/buildroot-external/scripts/post-build.sh index 224bb7e44..691d52357 100755 --- a/buildroot-external/scripts/post-build.sh +++ b/buildroot-external/scripts/post-build.sh @@ -23,7 +23,7 @@ install_hassio_cli echo "HOME_URL=https://hass.io/" echo "VARIANT=\"Hass.io ${BOARD_NAME}\"" echo "VARIANT_ID=${BOARD_ID}" -) > /etc/os-release +) > /usr/lib/os-release # Write machine-info ( From 13a736d4bd749e7ec5d1b5c8fb09c13dbedef7d3 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sun, 13 May 2018 16:21:37 +0200 Subject: [PATCH 097/100] Update rootfs_layer.sh --- buildroot-external/scripts/rootfs_layer.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/buildroot-external/scripts/rootfs_layer.sh b/buildroot-external/scripts/rootfs_layer.sh index a46b62365..e281858ce 100644 --- a/buildroot-external/scripts/rootfs_layer.sh +++ b/buildroot-external/scripts/rootfs_layer.sh @@ -20,6 +20,9 @@ function fix_rootfs() { # Other stuff rm -f ${TARGET_DIR}/usr/lib/os-release + + # Fix tempfs + sed -i "/srv/d" ${TARGET_DIR}/usr/lib/tmpfiles.d/home.conf } From 0143c267a1ddc4a607b588c7067b30c989854f09 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sun, 13 May 2018 16:23:30 +0200 Subject: [PATCH 098/100] Update rootfs_layer.sh --- buildroot-external/scripts/rootfs_layer.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/buildroot-external/scripts/rootfs_layer.sh b/buildroot-external/scripts/rootfs_layer.sh index e281858ce..3b332aa2f 100644 --- a/buildroot-external/scripts/rootfs_layer.sh +++ b/buildroot-external/scripts/rootfs_layer.sh @@ -18,9 +18,6 @@ function fix_rootfs() { rm -rf ${TARGET_DIR}/srv rm -rf ${TARGET_DIR}/opt - # Other stuff - rm -f ${TARGET_DIR}/usr/lib/os-release - # Fix tempfs sed -i "/srv/d" ${TARGET_DIR}/usr/lib/tmpfiles.d/home.conf } From cf99b446ec3e2c70ad2cabba41e5ce0a4216beb1 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sun, 13 May 2018 19:44:31 +0200 Subject: [PATCH 099/100] Update post-build.sh --- buildroot-external/scripts/post-build.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/buildroot-external/scripts/post-build.sh b/buildroot-external/scripts/post-build.sh index 691d52357..745de9bea 100755 --- a/buildroot-external/scripts/post-build.sh +++ b/buildroot-external/scripts/post-build.sh @@ -23,10 +23,10 @@ install_hassio_cli echo "HOME_URL=https://hass.io/" echo "VARIANT=\"Hass.io ${BOARD_NAME}\"" echo "VARIANT_ID=${BOARD_ID}" -) > /usr/lib/os-release +) > ${TARGET_DIR}/usr/lib/os-release # Write machine-info ( echo "CHASSIS=${CHASSIS}" echo "DEPLOYMENT=${DEPLOYMENT}" -) > /etc/machine-info +) > ${TARGET_DIR}/etc/machine-info From 9f79e421c190a647f6c0d1dec5d00dbb147f5c62 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sun, 13 May 2018 21:03:29 +0200 Subject: [PATCH 100/100] Update ovf-create.sh --- scripts/ovf-create.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ovf-create.sh b/scripts/ovf-create.sh index 8160c9746..df370c517 100755 --- a/scripts/ovf-create.sh +++ b/scripts/ovf-create.sh @@ -6,4 +6,4 @@ VBoxManage modifyvm Hass.io --cpus 2 --memory 1048 --firmware efi VBoxManage modifyvm Hass.io --nic1 bridged VBoxManage storageattach Hass.io --storagectl "SATA Controller" --device 0 --port 0 --type vmdk --medium $1 -VBoxManage export Hass.io --ovf20 --vendor "Home-Assistant" --vendorurl "http://hass.io" --output $2 +VBoxManage export Hass.io --ovf20 --vendor "Home Assistant" --vendorurl "http://hass.io" --output $2