ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2024-12-18 20:47:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'osresearch/master' into pr/tlaurion/1662

Browse Source
This commit is contained in:
Thierry Laurion 2024-05-13 09:23:20 -04:00
commit 3a7292018e
No known key found for this signature in database
GPG Key ID: 9A53E1BB3FF00461
78 changed files with 997 additions and 288 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

231
.circleci/config.yml
View File

@ -11,15 +11,12 @@ commands:
type: string
steps:
- run:
name: Install dependencies
name: Make Board (console logs not contiguous because multiple CPUS used to build under CircleCI, see logs in artifacts or Output build failing logs below in case of failed step)
command: |
ln -fs /usr/share/zoneinfo/America/New_York /etc/localtime
apt update
apt install -y build-essential zlib1g-dev uuid-dev libdigest-sha-perl libelf-dev bc bzip2 bison flex git gnupg gawk iasl m4 nasm patch python python2 python3 wget gnat cpio ccache pkg-config cmake libusb-1.0-0-dev autoconf texinfo ncurses-dev doxygen graphviz udev libudev1 libudev-dev automake libtool rsync innoextract sudo libssl-dev device-tree-compiler u-boot-tools sharutils e2fsprogs parted curl unzip imagemagick libncurses5-dev zip
- run:
name: Make Board (FULL ORDERED BUILD LOGS HERE UNTIL JOB FAILED)
command: |
rm -rf build/<<parameters.arch>>/<<parameters.target>>/* build/<<parameters.arch>>/log/* && make V=1 BOARD=<<parameters.target>> <<parameters.subcommand>> || touch ./tmpDir/failed_build
echo "Sourcing /devenv.sh since docker entrypoint doesn't do it as expected"
source /devenv.sh
rm -rf build/<<parameters.arch>>/<<parameters.target>>/* build/<<parameters.arch>>/log/*
make V=1 BOARD=<<parameters.target>> <<parameters.subcommand>> || touch ./tmpDir/failed_build
no_output_timeout: 3h
- run:
name: Output hashes
@ -32,93 +29,89 @@ commands:
- run:
name: Archiving build logs.
command: |
tar zcvf build/<<parameters.arch>>/<<parameters.target>>/logs.tar.gz $(find build/ -name "*.log")
tar zcvf build/<<parameters.arch>>/<<parameters.target>>/logs.tar.gz $(find build/ -name "*.log")
- run:
name: Output build failing logs
command: |
if [[ -f ./tmpDir/failed_build ]]; then find ./build/<<parameters.arch>>/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Step hasn't failed. Continuing with next step..."; fi \
if [[ -f ./tmpDir/failed_build ]]; then
find "./build/<<parameters.arch>>/" -name "*.log" -type f -mmin -1 -exec tail -n +1 '{}' +
exit 1
else
echo "Step hasn't failed. Continuing with next step..."
fi
- store_artifacts:
path: build/<<parameters.arch>>/<<parameters.target>>
jobs:
prep_env:
docker:
- image: debian:11
- image: tlaurion/heads-dev-env:v0.1.4
resource_class: large
working_directory: ~/heads
steps:
- run:
name: Install dependencies
command: |
ln -fs /usr/share/zoneinfo/America/New_York /etc/localtime
apt update
apt install -y build-essential zlib1g-dev uuid-dev libdigest-sha-perl libelf-dev bc bzip2 bison flex git gnupg gawk iasl m4 nasm patch python python2 python3 wget gnat cpio ccache pkg-config cmake libusb-1.0-0-dev autoconf texinfo ncurses-dev doxygen graphviz udev libudev1 libudev-dev automake libtool rsync innoextract sudo imagemagick libncurses5-dev
- checkout
- run:
name: git reset
command: |
git reset --hard "$CIRCLE_SHA1" \
git reset --hard "$CIRCLE_SHA1"
- run:
name: Make tmp dir
command: |
mkdir ./tmpDir \
mkdir ./tmpDir
- run:
name: Creating all modules and patches digest (All modules cache digest)
command: |
find ./Makefile ./patches/ ./modules/ -type f | sort -h |xargs sha256sum > ./tmpDir/all_modules_and_patches.sha256sums \
find .circleci/config.yml ./Makefile ./flake.lock ./patches/ ./modules/ -type f | sort -h |xargs sha256sum > ./tmpDir/all_modules_and_patches.sha256sums
- run:
name: Creating coreboot (and associated patches) and musl-cross-make modules digest (musl-cross-make and coreboot cache digest)
command: |
find ./Makefile ./modules/coreboot ./modules/musl-cross* ./patches/coreboot* -type f | sort -h | xargs sha256sum > ./tmpDir/coreboot_musl-cross.sha256sums \
find .circleci/config.yml ./Makefile ./flake.lock ./modules/coreboot ./modules/musl-cross* ./patches/coreboot* -type f | sort -h | xargs sha256sum > ./tmpDir/coreboot_musl-cross.sha256sums
- run:
name: Creating musl-cross-make and musl-cross-make patches digest (musl-cross-make cache digest)
command: |
find ./Makefile modules/musl-cross* -type f | sort -h | xargs sha256sum > ./tmpDir/musl-cross.sha256sums \
find .circleci/config.yml ./Makefile ./flake.lock modules/musl-cross* -type f | sort -h | xargs sha256sum > ./tmpDir/musl-cross.sha256sums
- restore_cache:
# First matched/found key wins and following keys are not tried
keys:
#Restore existing cache for matching modules digest, validated to be exactly the same as in github current commit.
#This cache was made on top of below caches, if previously existing. If no module definition changed, we reuse this one. Otherwise...
- heads-modules-and-patches-{{ checksum "./tmpDir/all_modules_and_patches.sha256sums" }}{{ .Environment.CACHE_VERSION }}
#If precedent cache not found, restore cache for coreboot module (and patches) and musl-cross-make digests (coreboot: triannual release)
#Otehrwise....
- heads-coreboot-musl-cross-{{ checksum "./tmpDir/coreboot_musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }}
#If precedent cache not found. Restore cache for musl-cross-make module digest (rarely modified).
#Otherwise, we build cleanly.
- heads-musl-cross-{{ checksum "./tmpDir/musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }}
# Cache for matching modules digest, validated to be exactly the same as in github current commit.
# This cache was made on top of below caches, if previously existing.
# If no module definition changed, we reuse this one
- nix-docker-heads-modules-and-patches-{{ checksum "./tmpDir/all_modules_and_patches.sha256sums" }}{{ .Environment.CACHE_VERSION }}
# Cache for coreboot module (and patches) and musl-cross-make digests (coreboot: triannual release)
- nix-docker-heads-coreboot-musl-cross-{{ checksum "./tmpDir/coreboot_musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }}
# Cache for musl-cross-make module digest (rarely modified).
- nix-docker-heads-musl-cross-{{ checksum "./tmpDir/musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }}
- run:
name: Download and neuter xx20 ME (keep generated GBE and extracted IFD in tree)
command: |
./blobs/xx20/download_parse_me.sh
- run:
name: Download and neuter xx30 ME (keep generated GBE and extracted IFD in tree)
# me_cleaner.py present under heads xx30 blobs dir comes from https://github.com/corna/me_cleaner/blob/43612a630c79f3bc6f2653bfe90dfe0b7b137e08/me_cleaner.py
name: Download and neuter xx30 ME (keep generated GBE and extracted IFD in tree)
command: |
./blobs/xx30/download_clean_me_manually.sh -m $(readlink -f ./blobs/xx30/me_cleaner.py)
- run:
name: Download and extract t530 vbios roms for dgpu boards
command: |
echo skipping for now
exit 0
./blobs/xx30/vbios_t530.sh
- run:
name: Download and extract w530 vbios roms for dgpu boards
command: |
echo skipping for now
exit 0
./blobs/xx30/vbios_w530.sh
- persist_to_workspace:
root: ~/
root: ~/heads
paths:
- .
build_and_persist:
docker:
- image: debian:11
- image: tlaurion/heads-dev-env:v0.1.4
resource_class: large
working_directory: ~/heads
parameters:
@ -131,22 +124,22 @@ jobs:
type: string
steps:
- attach_workspace:
at: ~/
at: ~/heads
- build_board:
arch: <<parameters.arch>>
target: <<parameters.target>>
subcommand: <<parameters.subcommand>>
- persist_to_workspace:
root: ~/
root: ~/heads
paths:
- heads/packages/<<parameters.arch>>
- heads/build/<<parameters.arch>>
- heads/crossgcc/<<parameters.arch>>
- heads/install/<<parameters.arch>>
- packages/<<parameters.arch>>
- build/<<parameters.arch>>
- crossgcc/<<parameters.arch>>
- install/<<parameters.arch>>
build:
docker:
- image: debian:11
- image: tlaurion/heads-dev-env:v0.1.4
resource_class: large
working_directory: ~/heads
parameters:
@ -159,55 +152,55 @@ jobs:
type: string
steps:
- attach_workspace:
at: ~/
at: ~/heads
- build_board:
arch: <<parameters.arch>>
target: <<parameters.target>>
target: <<parameters.target>>
subcommand: <<parameters.subcommand>>
save_cache:
docker:
- image: debian:11
- image: tlaurion/heads-dev-env:v0.1.4
resource_class: large
working_directory: ~/heads
steps:
- attach_workspace:
at: ~/
at: ~/heads
- save_cache:
#Generate cache for the same musl-cross module definition if hash is not previously existing
#CircleCI removed their wildcard support, so we have to list precise versions to cache in directory names
key: heads-musl-cross-{{ checksum "./tmpDir/musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }}
# Generate cache for the same musl-cross module definition if hash is not previously existing
# CircleCI removed their wildcard support, so we have to list precise versions to cache in directory names
key: nix-docker-heads-musl-cross-{{ checksum "./tmpDir/musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }}
paths:
- crossgcc
- build/x86/musl-cross-38e52db8358c043ae82b346a2e6e66bc86a53bc1
- build/ppc64/musl-cross-38e52db8358c043ae82b346a2e6e66bc86a53bc1
- build/x86/musl-cross-38e52db8358c043ae82b346a2e6e66bc86a53bc1
- crossgcc
- packages
- save_cache:
#Generate cache for the same coreboot mnd musl-cross-make modules definition if hash is not previously existing
#CircleCI removed their wildcard support, so we have to list precise versions to cache in directory names
key: heads-coreboot-musl-cross-{{ checksum "./tmpDir/coreboot_musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }}
# Generate cache for the same coreboot mnd musl-cross-make modules definition if hash is not previously existing
# CircleCI removed their wildcard support, so we have to list precise versions to cache in directory names
key: nix-docker-heads-coreboot-musl-cross-{{ checksum "./tmpDir/coreboot_musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }}
paths:
- crossgcc
- build/x86/musl-cross-38e52db8358c043ae82b346a2e6e66bc86a53bc1
- build/ppc64/coreboot-talos_2
- build/ppc64/musl-cross-38e52db8358c043ae82b346a2e6e66bc86a53bc1
- packages
- build/x86/coreboot-4.11
- build/x86/coreboot-4.13
- build/x86/coreboot-4.14
- build/x86/coreboot-4.15
- build/x86/coreboot-4.17
- build/x86/coreboot-4.22.01
- build/x86/coreboot-purism
- build/x86/coreboot-nitrokey
- build/ppc64/coreboot-talos_2
- build/x86/coreboot-purism
- build/x86/musl-cross-38e52db8358c043ae82b346a2e6e66bc86a53bc1
- crossgcc
- packages
- save_cache:
#Generate cache for the exact same modules definitions if hash is not previously existing
key: heads-modules-and-patches-{{ checksum "./tmpDir/all_modules_and_patches.sha256sums" }}{{ .Environment.CACHE_VERSION }}
key: nix-docker-heads-modules-and-patches-{{ checksum "./tmpDir/all_modules_and_patches.sha256sums" }}{{ .Environment.CACHE_VERSION }}
paths:
- crossgcc
- build
- packages
- crossgcc
- install
- packages
workflows:
version: 2
@ -215,9 +208,8 @@ workflows:
jobs:
- prep_env
# Below, sequentially build one board for each coreboot
# version. The last board in the sequence is the dependency
# for the parallel boards built at the end, and also save_cache.
# Below, sequentially build one board for each coreboot version.
# The last board in the sequence is the dependency for the parallel boards built at the end, and also save_cache.
# coreboot 4.22.01
- build_and_persist:
@ -227,7 +219,7 @@ workflows:
requires:
- prep_env
# coreboot-git librems
# coreboot purism
- build_and_persist:
name: librem_14
target: librem_14
@ -235,10 +227,11 @@ workflows:
requires:
- x230-hotp-maximized
# coreboot-git Nitropads depending on x230-hotp-maximized cache
# since kernel is 6.x and coreboot is git is unshared
# coreboot nitropad
# Nitropads depending on x230-hotp-maximized cache since kernel is 6.x and coreboot is git is unshared
# We use nitropad's coreboot's fork crossgcc
# No need to wait further for other board's cache.
# No need to wait further for other board's cache
# We reuse built modules from x230-hotp-maximized cache only
- build_and_persist:
name: nitropad-nv41
target: nitropad-nv41
@ -246,7 +239,7 @@ workflows:
requires:
- prep_env
# coreboot-git Talos II (PPC)
# coreboot talos_2
- build_and_persist:
name: talos-2
arch: ppc64
@ -255,18 +248,26 @@ workflows:
requires:
- prep_env
#Cache one workspace per architecture. Make sure workspace caches are chainloaded and the last in chain for an arch is saved.
# coreboot 4.11
- build_and_persist:
name: UNMAINTAINED_kgpe-d16_workstation
target: UNMAINTAINED_kgpe-d16_workstation
subcommand: ""
requires:
- prep_env
# Cache one workspace per architecture
# Make sure workspace caches are chainloaded and the last in chain for an arch is saved
- save_cache:
requires:
- talos-2
- librem_14
#
# Those onboarding new boards should add their entries below.
#
#
#
# Those onboarding new boards should add their entries below.
#
#Coreboot 4.22.01 boards
# coreboot 4.22.01 boards
- build:
name: x220-hotp-maximized
target: x220-hotp-maximized
@ -377,7 +378,7 @@ workflows:
target: t440p-maximized
subcommand: ""
requires:
- x230-hotp-maximized
- x230-hotp-maximized
- build:
name: t440p-hotp-maximized
@ -421,7 +422,8 @@ workflows:
requires:
- x230-hotp-maximized
#coreboot-git librem boards
# coreboot purism
# librem boards
- build:
name: librem_13v2
target: librem_13v2
@ -464,7 +466,7 @@ workflows:
requires:
- librem_14
#coreboot-git dasharo clevo_release + staging IASL patch
# dasharo release
- build:
name: nitropad-ns50
target: nitropad-ns50
@ -472,6 +474,30 @@ workflows:
requires:
- nitropad-nv41
# coreboot 4.11
- build:
name: UNMAINTAINED_kgpe-d16_workstation-usb_keyboard
target: UNMAINTAINED_kgpe-d16_workstation-usb_keyboard
subcommand: ""
requires:
- UNMAINTAINED_kgpe-d16_workstation
# coreboot 4.11
- build:
name: UNMAINTAINED_kgpe-d16_server
target: UNMAINTAINED_kgpe-d16_server
subcommand: ""
requires:
- UNMAINTAINED_kgpe-d16_workstation
# coreboot 4.11
- build:
name: UNMAINTAINED_kgpe-d16_server-whiptail
target: UNMAINTAINED_kgpe-d16_server-whiptail
subcommand: ""
requires:
- UNMAINTAINED_kgpe-d16_workstation
# - build:
# name: UNMAINTAINED_kgpe-d16_workstation-usb_keyboard
# target: UNMAINTAINED_kgpe-d16_workstation-usb_keyboard
@ -499,34 +525,3 @@ workflows:
# subcommand: ""
# requires:
# - librem_14
########################
########################
### OLD STUFF ###
########################
########################
# linuxboot steps need something to pass in the kernel header path
# skipping for now
# - run:
# name: UNMAINTAINED_qemu-linuxboot-edk2
# command: |
# ./build/make-4.2.1/make \
# CROSS=/cross/bin/x86_64-linux-musl- \
# BOARD=UNMAINTAINED_qemu-linuxboot \
# `/bin/pwd`/build/linuxboot-git/build/qemu/.configured \
# # Run first to avoid too many processes
#
# - run:
# name: UNMAINTAINED_qemu-linuxboot
# command: |
# ./build/make-4.2.1/make \
# CROSS=/cross/bin/x86_64-linux-musl- \
# CPUS=16 \
# V=1 \
# BOARD=UNMAINTAINED_qemu-linuxboot \
#
# - store-artifacts:
# path: build/UNMAINTAINED_qemu-linuxboot/linuxboot.rom
# - store-artifacts:
# path: build/UNMAINTAINED_qemu-linuxboot/hashes.txt

1
.envrc Normal file
View File

@ -0,0 +1 @@
has nix && use flake

40
.gitignore vendored
View File

@ -1,25 +1,25 @@
.*.sw*
*.xz
*.bad
*.bz2
*.gz
*.sign
*.rom
*.o
*.gz
*.tgz
*.img
*.rom
*.cpio
typescript*
config/*.old
*.log
*~
crossgcc
clean
*.sec
*.dep
*.ffs
*.vol
*.lz
*.fv
*.bad
*.gz
*.img
*.log
*.lz
*.o
*.rom
*.sec
*.sign
*.tgz
*.vol
*.xz
*~
.*.sw*
/.direnv
clean
config/*.old
crossgcc
typescript*
result

80
Makefile
View File

@ -25,11 +25,48 @@ INSTALL = $(pwd)/install/$(CONFIG_TARGET_ARCH)
log_dir = $(build)/log
board_build = $(build)/$(BOARD)
# Controls how many parallel jobs are invoked in subshells
CPUS ?= $(shell nproc)
MAKE_JOBS ?= -j$(CPUS) --max-load 16
WGET ?= wget
# Estimated memory required per job in GB (e.g., 1GB for gcc)
MEM_PER_JOB_GB ?= 1
# Controls how many parallel jobs are invoked in subshells
CPUS ?= $(shell nproc)
AVAILABLE_MEM_GB ?= $(shell cat /proc/meminfo | grep MemAvailable | awk '{print int($$2 / 1024)}')
# Calculate the maximum number of jobs based on available memory
MAX_JOBS_MEM := $(shell echo $$(( $(AVAILABLE_MEM_GB) / $(MEM_PER_JOB_GB) )))
# Use the minimum of the system's CPUs and the calculated max jobs based on memory
CPUS := $(shell echo $$(($(CPUS) < $(MAX_JOBS_MEM) ? $(CPUS) : $(MAX_JOBS_MEM))))
# Load average can be adjusted to be higher than CPUS to allow for some CPU overcommit
# Multiply by 3 and then divide by 2 to achieve the effect of multiplying by 1.5 using integer arithmetic
LOADAVG ?= $(shell echo $$(( ($(CPUS) * 3) / 2 )))
# Construct MAKE_JOBS with dynamic CPU count and load average
MAKE_JOBS := -j$(CPUS) --load-average=$(LOADAVG) # Add other flags as needed to be more adaptive to CIs
# Print out the settings and compare system values with actual ones used
$(info ----------------------------------------------------------------------)
$(info !!!!!! BUILD SYSTEM INFO !!!!!!)
$(info System CPUS: $(shell nproc))
$(info System Available Memory: $(AVAILABLE_MEM_GB) GB)
$(info System Load Average: $(shell uptime | awk '{print $$10}'))
$(info ----------------------------------------------------------------------)
$(info Used **CPUS**: $(CPUS))
$(info Used **LOADAVG**: $(LOADAVG))
$(info Used **AVAILABLE_MEM_GB**: $(AVAILABLE_MEM_GB) GB)
$(info ----------------------------------------------------------------------)
$(info **MAKE_JOBS**: $(MAKE_JOBS))
$(info )
$(info Variables available for override (use 'make VAR_NAME=value'):)
$(info **CPUS** (default: number of processors, e.g., 'make CPUS=4'))
$(info **LOADAVG** (default: 1.5 times CPUS, e.g., 'make LOADAVG=54'))
$(info **AVAILABLE_MEM_GB** (default: memory available on the system in GB, e.g., 'make AVAILABLE_MEM_GB=4'))
$(info **MEM_PER_JOB_GB** (default: 1GB per job, e.g., 'make MEM_PER_JOB_GB=2'))
$(info ----------------------------------------------------------------------)
$(info !!!!!! Build starts !!!!!!)
# Timestamps should be in ISO format
DATE=`date --rfc-3339=seconds`
@ -162,6 +199,7 @@ heads_cc := $(CROSS)gcc \
-fdebug-prefix-map=$(pwd)=heads \
-gno-record-gcc-switches \
-D__MUSL__ \
--sysroot $(INSTALL) \
-isystem $(INSTALL)/include \
-L$(INSTALL)/lib \
@ -230,12 +268,10 @@ all payload:
FORCE:
# Copies config while replacing predefined placeholders with actual values
# This is used in a command like 'this && $(call install_config ...) && that'
# so it needs to evaluate to a shell command.
define install_config =
sed -e 's!@BOARD_BUILD_DIR@!$(board_build)!g' \
-e 's!@BLOB_DIR@!$(pwd)/blobs!g' \
-e 's!@BRAND_DIR@!$(pwd)/branding/$(BRAND_NAME)!g' \
-e 's!@BRAND_NAME@!$(BRAND_NAME)!g' \
"$1" > "$2"
$(pwd)/bin/prepare_module_config.sh "$1" "$2" "$(board_build)" "$(BRAND_NAME)"
endef
# Make helpers to operate on lists of things
@ -783,6 +819,8 @@ $(board_build)/$(CB_OUTPUT_BASENAME)-gpg-injected.rom: $(board_build)/$(CB_OUTPU
./bin/inject_gpg_key.sh --cbfstool "$(build)/$(coreboot_dir)/cbfstool" \
"$(board_build)/$(CB_OUTPUT_FILE_GPG_INJ)" "$(PUBKEY_ASC)"
#Dev cycles helpers:
real.clean:
for dir in \
$(module_dirs) \
@ -794,4 +832,28 @@ real.clean:
done
cd install && rm -rf -- *
real.gitclean:
@echo "Cleaning the repository using Git ignore file as a base..."
@echo "This will wipe everything not in the Git tree, but keep downloaded coreboot forks (detected as Git repos)."
git clean -fxd
real.gitclean_keep_packages:
@echo "Cleaning the repository using Git ignore file as a base..."
@echo "This will wipe everything not in the Git tree, but keep the 'packages' directory."
git clean -fxd -e "packages"
real.remove_canary_files-extract_patch_rebuild_what_changed:
@echo "Removing 'canary' files to force Heads to restart building board configurations..."
@echo "This will check package integrity, extract them, redo patching on files, and rebuild what needs to be rebuilt."
@echo "It will also reinstall the necessary files under './install'."
@echo "Limitations: If a patch creates a file in an extracted package directory, this approach may fail without further manual actions."
@echo "In such cases, Git will inform you about the file that couldn't be created as expected. Simply delete those files and relaunch the build."
@echo "This approach economizes time since most build artifacts do not need to be rebuilt, as the file dates should be the same as when you originally built them."
@echo "Only a minimal time is needed for rebuilding, which is also good for your SSD."
@echo "*** USE THIS APPROACH FIRST ***"
find ./build/ -type f -name ".canary" -print -delete
find ./install/*/* -print -exec rm -rf {} +
real.gitclean_keep_packages_and_build:
@echo "Cleaning the repository using Git ignore file as a base..."
@echo "This will wipe everything not in the Git tree, but keep the 'packages' and 'build' directories."
git clean -fxd -e "packages" -e "build"

79
README.md
View File

@ -28,8 +28,87 @@ Please refer to [Heads-wiki](https://osresearch.net) for your Heads' documentati
Building heads
===
Under QubesOS?
====
* Setup nix persistent layer under QubesOS (Thanks @rapenne-s !)
* https://dataswamp.org/~solene/2023-05-15-qubes-os-install-nix.html
* Install docker under QubesOS (imperfect old article of mine. Better somewhere?)
* https://gist.github.com/tlaurion/9113983bbdead492735c8438cd14d6cd
Build docker from nix develop layer locally
====
#### Set up Nix and flakes
* If you don't already have Nix, install it:
* `[ -d /nix ] || sh <(curl -L https://nixos.org/nix/install) --no-daemon`
* `. /home/user/.nix-profile/etc/profile.d/nix.sh`
* Enable flake support in nix
* `mkdir -p ~/.config/nix`
* `echo 'experimental-features = nix-command flakes' >>~/.config/nix/nix.conf`
#### Build image
* Build nix developer local environment with flakes locked to specified versions
* `nix --print-build-logs --verbose develop --ignore-environment --command true`
* Build docker image with current develop created environment (this will take a while and create "linuxboot/heads:dev-env" local docker image:
* `nix build .#dockerImage && docker load < result`
Done!
Your local docker image "linuxboot/heads:dev-env" is ready to use, reproducible for the specific Heads commit used and will produce ROMs reproducible for that Heads commit ID.
Jump into nix develop created docker image for interactive workflow
=====
`docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) linuxboot/heads:dev-env`
From there you can use the docker image interactively.
`make BOARD=board_name` where board_name is the name of the board directory under `./boards` directory.
One such useful example is to build and test qemu board roms and test them through qemu/kvm/swtpm provided in the docker image.
Please refer to [qemu documentation](targets/qemu.md) for more information.
Eg:
```
make BOARD=qemu-coreboot-fbwhiptail-tpm2 # Build rom, export public key to emulated usb storage from qemu runtime
make BOARD=qemu-coreboot-fbwhiptail-tpm2 PUBKEY_ASC=~/pubkey.asc inject_gpg # Inject pubkey into rom image
make BOARD=qemu-coreboot-fbwhiptail-tpm2 USB_TOKEN=Nitrokey3NFC PUBKEY_ASC=~/pubkey.asc ROOT_DISK_IMG=~/qemu-disks/debian-9.cow2 INSTALL_IMG=~/Downloads/debian-9.13.0-amd64-xfce-CD-1.iso run # Install
```
Alternatively, you can use locally built docker image to build a board ROM image in a single call.
Eg:
`docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) linuxboot/heads:dev-env -- make BOARD=nitropad-nv41`
Pull docker hub image to prepare reproducible ROMs as CircleCI in one call
====
```
docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=x230-hotp-maximized
docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=nitropad-nv41
```
Maintenance notes on docker image
===
Redo the steps above in case the flake.nix or nix.lock changes. Then publish on docker hub:
```
docker tag tlaurion/heads-dev-env:vx.y.z tlaurion/heads-dev-env:latest
docker push tlaurion/heads-dev-env:latest
```
Notes:
- Local builds can use ":latest" tag, which will use latest tested successful CircleCI run
- To reproduce CirlceCI results, make sure to use the same versioned tag declared under .circleci/config.yml's "image:"
General notes on reproducible builds
===
In order to build reproducible firmware images, Heads builds a specific
version of gcc and uses it to compile the Linux kernel and various tools
that go into the initrd. Unfortunately this means the first step is a

2
bin/cpio-clean
View File

@ -1,4 +1,4 @@
#!/usr/bin/perl
#!/usr/bin/env perl
# Clean all non-deterministric fields in a newc cpio file
#
# Items fixed:

27
bin/prepare_module_config.sh Executable file
View File

@ -0,0 +1,27 @@
#! /usr/bin/env bash
TEMPLATE="$1"
RESULT="$2"
BOARD_BUILD="$3"
BRAND_NAME="$4"
repo="$(realpath "$(dirname "${BASH_SOURCE[0]}")/..")"
# For both coreboot and Linux, the config file is in a board-
# specific build directory, but the build occurs from the
# parent of that directory.
module_dir="$(realpath "$(dirname "$2")/..")"
# Use relative paths since the config may be part of the ROM
# artifacts, and relative paths won't depend on the workspace
# absolute path.
board_build_rel="$(realpath --relative-to "$module_dir" "$BOARD_BUILD")"
repo_rel="$(realpath --relative-to "$module_dir" "$repo")"
echo "board_build_rel=$board_build_rel"
echo "repo_rel=$repo_rel"
sed -e "s!@BOARD_BUILD_DIR@!${board_build_rel}!g" \
-e "s!@BLOB_DIR@!${repo_rel}/blobs!g" \
-e "s!@BRAND_DIR@!${repo_rel}/branding/$BRAND_NAME!g" \
-e "s!@BRAND_NAME@!$BRAND_NAME!g" \
"$TEMPLATE" > "$RESULT"

2
bin/verity-sign
View File

@ -1,4 +1,4 @@
#!/usr/bin/perl
#!/usr/bin/env perl
# Generate dm-verity hashes and sign the root hash
#
# Output looks like

1
blobs/haswell/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
mrc.bin

2
blobs/haswell/obtain-mrc
View File

@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
set -e

2
blobs/p8z77-m_pro/download_BIOS_clean.sh
View File

@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
# P7 ASUS
function printusage {

2
blobs/t420/extract.sh
View File

@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
function printusage {
echo "Usage: $0 -f <romdump> -m <me_cleaner>(optional) -i <ifdtool>(optional)"

1
blobs/t440p/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
me.bin

2
blobs/t440p/download-clean-me
View File

@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
set -e

2
blobs/t440p/extract
View File

@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
set -e

1
blobs/w541/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
me.bin

2
blobs/w541/download-clean-me
View File

@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
set -e

2
blobs/w541/extract
View File

@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
set -e

2
blobs/x220/extract.sh
View File

@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
function printusage {
echo "Usage: $0 -f <romdump> -m <me_cleaner>(optional) -i <ifdtool>(optional)"

1
blobs/xx20/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
me.bin

2
blobs/xx20/download_parse_me.sh
View File

@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"

2
blobs/xx20/me7_update_parser.py
View File

@ -1,4 +1,4 @@
#!/usr/bin/python
#!/usr/bin/env python
"""ME7 Update binary parser."""

1
blobs/xx30/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
me.bin

2
blobs/xx30/download_clean_me.sh
View File

@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
function printusage {
echo "Usage: $0 -m <me_cleaner>(optional)"

2
blobs/xx30/download_clean_me_manually.sh
View File

@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
function printusage {
echo "Usage: $0 -m <me_cleaner>(optional)"

2
blobs/xx30/extract.sh
View File

@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
function printusage {
echo "Usage: $0 -f <romdump> -m <me_cleaner>(optional) -i <ifdtool>(optional)"

2
blobs/xx30/me_cleaner.py
View File

@ -1,4 +1,4 @@
#!/usr/bin/python
#!/usr/bin/env python
# me_cleaner - Tool for partial deblobbing of Intel ME/TXE firmware images
# Copyright (C) 2016-2018 Nicola Corna <nicola@corna.info>

2
blobs/xx30/vbios_t530.sh
View File

@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
ROMPARSER="94a615302f89b94e70446270197e0f5138d678f3"

2
blobs/xx30/vbios_w530.sh
View File

@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
ROMPARSER="94a615302f89b94e70446270197e0f5138d678f3"

2
blobs/z220/.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
ifd.bin
me.bin

5
blobs/z220/download_BIOS_clean.sh
View File

@ -1,4 +1,5 @@
#!/bin/bash
#!/usr/bin/env bash
# Z220 CMT HP
function printusage {
@ -65,4 +66,4 @@ echo "$FINAL_ME_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verif
echo "###Cleaning up..."
cd -
rm -r "$extractdir"
rm -r "$extractdir"

0
unmaintained_boards/UNMAINTAINED_kgpe-d16_server-whiptail/UNMAINTAINED_kgpe-d16_server-whiptail.config → boards/UNMAINTAINED_kgpe-d16_server-whiptail/UNMAINTAINED_kgpe-d16_server-whiptail.config
View File

0
unmaintained_boards/UNMAINTAINED_kgpe-d16_server/UNMAINTAINED_kgpe-d16_server.config → boards/UNMAINTAINED_kgpe-d16_server/UNMAINTAINED_kgpe-d16_server.config
View File

0
unmaintained_boards/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config → boards/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config
View File

0
unmaintained_boards/UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config → boards/UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config
View File

61
flake.lock generated Normal file
View File

@ -0,0 +1,61 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1711703276,
"narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d8fe5e6c92d0d190646fb9f1056741a229980089",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

152
flake.nix Normal file
View File

@ -0,0 +1,152 @@
{
description = "Optimized heads flake for Docker image with garbage collection protection";
# Inputs define external dependencies and their sources.
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; # Using the unstable channel for the latest packages, while flake.lock fixates the commit reused until changed.
flake-utils.url = "github:numtide/flake-utils"; # Utilities for flake functionality.
};
# Outputs are the result of the flake, including the development environment and Docker image.
outputs = {
self,
flake-utils,
nixpkgs,
...
}:
flake-utils.lib.eachDefaultSystem (system: let
pkgs = nixpkgs.legacyPackages.${system}; # Accessing the legacy package set.
lib = pkgs.lib; # The standard Nix packages library.
# Dependencies are the packages required for the Heads project.
# Organized into subsets for clarity and maintainability.
deps = with pkgs; [
# Core build utilities
autoconf
automake
bashInteractive
coreutils
bc
bison # Generate flashmap descriptor parser
bzip2
cacert
ccache
cmake
cpio
curl
diffutils
dtc
e2fsprogs
elfutils
findutils
flex
gawk
git
gnat
gnugrep
gnumake
gnused
gnutar
gzip
imagemagick # For bootsplash manipulation.
innoextract # ROM extraction for dGPU.
libtool
m4
ncurses5 # make menuconfig and slang
openssl #needed for talos-2 kernel build
parted
patch
perl
pkg-config
python3 # me_cleaner, coreboot.
rsync # coreboot.
sharutils
texinfo
unzip
wget
which
xz
zip
zlib
zlib.dev
] ++ [
# Packages for qemu support with Canokey integration.
#qemu_full #Heavier but contains qemu-img, kvm and everything else needed to do development cycles under docker
qemu # To test make BOARD=qemu-coreboot-* boards and then call make BOARD=qemu-coreboot-* with inject_gpg statement, and then run statement.
qemu_kvm # kvm additional support for qemu without all the qemu-img and everything else under qemu_full
#
# TODO: make work qemu-canokey not existing in caches:
# Below are overrides to make canokey-qemu library availabe to qemu built derivative through override)
#canokey doesn't work still even if compiled in, so no reason to add 1Gb of stuff in the image (qemu -device canokey not exposed even if configured in)
#canokey-qemu # Canokey lib for qemu build-time compilation.
#(qemu.override {
# canokeySupport = true; # This override enables Canokey support in QEMU, resulting in -device canokey being available.
#})
] ++ [
# Additional tools for debugging/editing/testing.
vim # Mostly used amongst us, sorry if you'd like something else, open issue.
swtpm # QEMU requirement to emulate tpm1/tpm2.
dosfstools # QEMU requirement to produce valid fs to store exported public key to be fused through inject_key on qemu (so qemu flashrom emulated SPI support).
] ++ [
# Tools for handling binary blobs in their compressed state. (blobs/xx30/vbios_[tw]530.sh)
bundler
p7zip
ruby
sudo # ( °-° )
upx
];
in {
# The development shell includes all the dependencies.
devShell = pkgs.mkShellNoCC {
buildInputs = deps;
};
# myDevShell outputs environment variables necessary for development.
packages.myDevShell =
pkgs.runCommand "my-dev-shell" {}
#bash
''
grep \
-e CMAKE_PREFIX_PATH \
-e NIX_CC_WRAPPER_TARGET_TARGET \
-e NIX_CFLAGS_COMPILE_FOR_TARGET \
-e NIX_LDFLAGS_FOR_TARGET \
-e PKG_CONFIG_PATH_FOR_TARGET \
-e ACLOCAL_PATH \
${self.devShell.${system}} >$out
'';
# Docker image configuration for the Heads project.
packages.dockerImage = pkgs.dockerTools.buildLayeredImage {
name = "linuxboot/heads";
tag = "dev-env";
config.Entrypoint = ["bash" "-c" ''source /devenv.sh; if (( $# == 0 )); then exec bash; else exec "$0" "$@"; fi''];
contents =
deps
++ [
pkgs.dockerTools.binSh
pkgs.dockerTools.caCertificates
pkgs.dockerTools.usrBinEnv
];
enableFakechroot = true;
fakeRootCommands =
#bash
''
set -e
# Environment setup for the development shell.
grep \
-e NIX_CC_WRAPPER_TARGET_TARGET \
-e NIX_CFLAGS_COMPILE_FOR_TARGET \
-e NIX_LDFLAGS_FOR_TARGET \
-e NIX_PKG_CONFIG_WRAPPER_TARGET \
-e PKG_CONFIG_PATH_FOR_TARGET \
-e ACLOCAL_PATH \
${self.devShell.${system}} >/devenv.sh
# Git configuration for safe directory access.
printf '[safe]\n\tdirectory = *\n' >/.gitconfig
mkdir /tmp; # Temporary directory for various operations.
'';
};
});
}

12
modules/bash
View File

@ -14,16 +14,16 @@ bash_configure := CFLAGS="-g0 -Os" LDFLAGS="-s" ./configure \
$(CROSS_TOOLS) \
--host $(target) \
--prefix="/usr" \
--enable-largefile \
--infodir=/usr/share/info \
--mandir=/usr/share/man \
--without-bash-malloc \
--infodir=/usr/share/info \
--mandir=/usr/share/man \
--disable-coprocesses \
--enable-debugger \
--disable-net-redirections \
--enable-single-help-strings \
--disable-nls \
--enable-debugger \
--enable-largefile \
--enable-readline \
--enable-single-help-strings \
--without-bash-malloc
bash_target := $(MAKE_JOBS) \
&& $(MAKE) -C $(build)/$(bash_dir) \

12
modules/cairo
View File

@ -12,10 +12,16 @@ cairo_configure := \
./configure \
--host $(MUSL_ARCH)-elf-linux \
--prefix="/" \
--disable-xlib --disable-xcb --disable-pdf \
--disable-ps --disable-svg --disable-script \
--disable-ft --disable-fc --disable-pthread \
--disable-fc \
--disable-ft \
--disable-gobject \
--disable-pdf \
--disable-ps \
--disable-pthread \
--disable-script \
--disable-svg \
--disable-xcb \
--disable-xlib \
&& sed \
-e 's/^hardcode_libdir_flag_spec.*/hardcode_libdir_flag_spec=" -D__LIBTOOL_RPATH_DISABLE__ "/' \
< libtool \

2
modules/cryptsetup2
View File

@ -16,8 +16,8 @@ cryptsetup2_configure := \
./configure \
--host $(MUSL_ARCH)-elf-linux \
--prefix "/" \
--disable-rpath \
--disable-gcrypt-pbkdf2 \
--disable-rpath \
--enable-cryptsetup-reencrypt \
--with-crypto_backend=kernel \
--with-tmpfilesdir=$(INSTALL)/lib/tmpfiles.d

2
modules/dropbear
View File

@ -11,8 +11,8 @@ dropbear_configure := ./configure \
$(CROSS_TOOLS) \
--host $(MUSL_ARCH)-elf-linux \
--prefix "/" \
--disable-syslog \
--disable-lastlog \
--disable-syslog \
--disable-utmp \
--disable-utmpx \
--disable-wtmp \

7
modules/flashrom
View File

@ -27,10 +27,13 @@ ifeq "$(CONFIG_FLASHROM_AST1100)" "y"
flashrom_cfg += CONFIG_AST1100=yes
endif
flashrom_target := \
$(MAKE_JOBS) \
CFLAGS="-Os -I$(INSTALL)/include/pci" \
DESTDIR="$(INSTALL)" \
INSTALL="$(INSTALL)" \
LDFLAGS="-L$(INSTALL)/lib" \
PREFIX="$(INSTALL)" \
$(CROSS_TOOLS) \
$(flashrom_cfg) \
flashrom

1
modules/flashtools
View File

@ -10,6 +10,7 @@ flashtools_hash := a68cdb4a2e312f96862119a6d829ac900b53d0cbc80caa5632efd43b5b7ee
flashtools_target := \
$(CROSS_TOOLS) \
$(MAKE_JOBS) \
CFLAGS="-Os -I$(INSTALL)/include" \
LDFLAGS="-L$(INSTALL)/lib" \

16
modules/gpg
View File

@ -23,20 +23,20 @@ gpg_configure := \
./configure \
--build $(MUSL_ARCH)-elf-linux \
--host $(MUSL_ARCH)-linux-musl \
--with-libusb="$(INSTALL)" \
--prefix "/" \
--enable-card-support \
--disable-bzip2 \
--disable-asm \
--disable-bzip2 \
--disable-dns-cert \
--disable-dns-srv \
--disable-exec \
--disable-photo-viewers \
--disable-finger \
--disable-hkp \
--disable-keyserver-helpers \
--disable-ldap \
--disable-hkp \
--disable-finger \
--disable-dns-srv \
--disable-dns-cert \
--disable-photo-viewers \
--disable-regex \
--enable-card-support \
--with-libusb="$(INSTALL)" \
# Run one build to generate the executables with the pre-defined
# exec_prefix and datarootdir, then a second make to install the binaries

49
modules/gpg2
View File

@ -1,10 +1,10 @@
modules-$(CONFIG_GPG2) += gpg2
gpg2_version := 2.4.0
gpg2_version := 2.4.2
gpg2_dir := gnupg-$(gpg2_version)
gpg2_tar := gnupg-$(gpg2_version).tar.bz2
gpg2_url := https://www.gnupg.org/ftp/gcrypt/gnupg/$(gpg2_tar)
gpg2_hash := 1d79158dd01d992431dd2e3facb89fdac97127f89784ea2cb610c600fb0c1483
gpg2_hash := 97eb47df8ae5a3ff744f868005a090da5ab45cb48ee9836dbf5ee739a4e5cf49
gpg2_depends := libgpg-error libgcrypt libksba libassuan npth libusb $(musl_dep)
# For reproducibility reasons we have to override the exec_prefix
@ -18,35 +18,32 @@ gpg2_configure := \
./configure \
CPPFLAGS="-I$(INSTALL)/include/libusb-1.0" \
--host $(MUSL_ARCH)-linux-musl \
--with-libusb="$(INSTALL)" \
--with-gpg-error-prefix="$(INSTALL)" \
--with-libgcrypt-prefix="$(INSTALL)" \
--with-libassuan-prefix="$(INSTALL)" \
--with-ksba-prefix="$(INSTALL)" \
--with-npth-prefix="$(INSTALL)" \
--prefix "/" \
--libexecdir "/bin" \
--enable-scdaemon \
--enable-ccid-driver \
--disable-tofu \
--disable-rpath \
--disable-regex \
--disable-doc \
--disable-bzip2 \
--disable-exec \
--disable-photo-viewers \
--disable-ldap \
--disable-regex \
--disable-nls \
--disable-all-tests \
--disable-wks-tools \
--disable-gnutls \
--disable-bzip2 \
--disable-dirmngr \
--disable-ntbtls \
--disable-libdns \
--disable-zip \
--disable-sqlite \
--disable-doc \
--disable-exec \
--disable-gnutls \
--disable-gpgsm \
--disable-ldap \
--disable-libdns \
--disable-nls \
--disable-ntbtls \
--disable-photo-viewers \
--disable-rpath \
--disable-sqlite \
--disable-tofu \
--disable-wks-tools \
--disable-zip \
--enable-ccid-driver \
--enable-scdaemon \
--with-gpg-error-prefix="$(INSTALL)" \
--with-ksba-prefix="$(INSTALL)" \
--with-libassuan-prefix="$(INSTALL)" \
--with-libgcrypt-prefix="$(INSTALL)" \
--with-npth-prefix="$(INSTALL)" \
# Run one build to generate the executables with the pre-defined
# exec_prefix and datarootdir, then a second make to install the binaries

2
modules/ioport
View File

@ -8,8 +8,8 @@ ioport_hash := 7fac1c4b61eb9411275de0e1e7d7a8c3f34166f64f16413f50741e8fce2b8dc0
ioport_configure := CFLAGS=-Os ./configure \
$(CROSS_TOOLS) \
--host i386-elf-linux \
--prefix "/" \
--host i386-elf-linux
ioport_target := \
$(MAKE_JOBS) $(CROSS_TOOLS) inb && \

2
modules/json-c
View File

@ -31,7 +31,7 @@ json-c_configure := \
cmake .. -DCMAKE_INSTALL_PREFIX="$(INSTALL)" -DCMAKE_TOOLCHAIN_FILE=../toolchain -DCMAKE_BUILD_TYPE=minsizerel
json-c_target := \
$(CROSS_TOOLS) -C $(build)/$(json-c_dir)/build \
$(CROSS_TOOLS) $(MAKE_JOBS) -C $(build)/$(json-c_dir)/build \
all install
json-c_libraries := build/libjson-c.so.5

4
modules/kbd
View File

@ -16,11 +16,11 @@ kbd_hash := aaed530a1490d63d041448372e2ad4f38c3179042903251000b71d527c46e945
kbd_configure := CFLAGS=-Os ./configure \
$(CROSS_TOOLS) \
--prefix "" \
--host i386-elf-linux \
--disable-optional-progs \
--prefix "" \
--disable-libkeymap \
--disable-libkfont \
--disable-optional-progs \
--disable-vlock \
kbd_target := \

8
modules/libassuan
View File

@ -1,10 +1,10 @@
modules-$(CONFIG_GPG2) += libassuan
libassuan_version := 2.5.5
libassuan_version := 2.5.6
libassuan_dir := libassuan-$(libassuan_version)
libassuan_tar := libassuan-$(libassuan_version).tar.bz2
libassuan_url := https://gnupg.org/ftp/gcrypt/libassuan/$(libassuan_tar)
libassuan_hash := 8e8c2fcc982f9ca67dcbb1d95e2dc746b1739a4668bc20b3a3c5be632edb34e4
libassuan_hash := e9fd27218d5394904e4e39788f9b1742711c3e6b41689a31aa3380bd5aa4f426
libassuan_configure := \
CFLAGS="-Os" \
@ -12,9 +12,9 @@ libassuan_configure := \
./configure \
--host $(MUSL_ARCH)-linux-musl \
--prefix "/" \
--disable-static \
--disable-doc \
--with-gpg-error-prefix="$(INSTALL)" \
--disable-static \
--with-libgpg-error-prefix="$(INSTALL)" \
libassuan_target := $(MAKE_JOBS) \
DESTDIR="$(INSTALL)" \

8
modules/libgcrypt
View File

@ -1,10 +1,10 @@
modules-$(CONFIG_GPG2) += libgcrypt
libgcrypt_version := 1.10.1
libgcrypt_version := 1.10.2
libgcrypt_dir := libgcrypt-$(libgcrypt_version)
libgcrypt_tar := libgcrypt-$(libgcrypt_version).tar.bz2
libgcrypt_url := https://gnupg.org/ftp/gcrypt/libgcrypt/$(libgcrypt_tar)
libgcrypt_hash := ef14ae546b0084cd84259f61a55e07a38c3b53afc0f546bffcef2f01baffe9de
libgcrypt_hash := 3b9c02a004b68c256add99701de00b383accccf37177e0d6c58289664cce0c03
libgcrypt_configure := \
$(CROSS_TOOLS) \
@ -12,9 +12,9 @@ libgcrypt_configure := \
./configure \
--host=$(MUSL_ARCH)-linux-musl \
--prefix "/" \
--disable-static \
--with-gpg-error-prefix="$(INSTALL)" \
--disable-doc \
--disable-static \
--with-libgpg-error-prefix="$(INSTALL)" \
libgcrypt_target := $(MAKE_JOBS) \
DESTDIR="$(INSTALL)" \

12
modules/libgpg-error
View File

@ -1,21 +1,21 @@
modules-$(CONFIG_GPG2) += libgpg-error
libgpg-error_version := 1.46
libgpg-error_version := 1.47
libgpg-error_dir := libgpg-error-$(libgpg-error_version)
libgpg-error_tar := libgpg-error-$(libgpg-error_version).tar.bz2
libgpg-error_url := https://gnupg.org/ftp/gcrypt/libgpg-error/$(libgpg-error_tar)
libgpg-error_hash := b7e11a64246bbe5ef37748de43b245abd72cfcd53c9ae5e7fc5ca59f1c81268d
libgpg-error_hash := 9e3c670966b96ecc746c28c2c419541e3bcb787d1a73930f5e5f5e1bcbbb9bdb
libgpg-error_configure := \
$(CROSS_TOOLS) \
CFLAGS="-Os" \
./configure \
--prefix "/" \
--host=$(MUSL_ARCH)-linux-musl \
--disable-static \
--disable-nls \
--disable-languages \
--prefix "/" \
--disable-doc \
--disable-languages \
--disable-nls \
--disable-static \
--disable-tests \
--enable-install-gpg-error-config \

6
modules/libksba
View File

@ -1,10 +1,10 @@
modules-$(CONFIG_GPG2) += libksba
libksba_version := 1.6.3
libksba_version := 1.6.4
libksba_dir := libksba-$(libksba_version)
libksba_tar := libksba-$(libksba_version).tar.bz2
libksba_url := https://gnupg.org/ftp/gcrypt/libksba/$(libksba_tar)
libksba_hash := 3f72c68db30971ebbf14367527719423f0a4d5f8103fc9f4a1c01a9fa440de5c
libksba_hash := bbb43f032b9164d86c781ffe42213a83bf4f2fee91455edfa4654521b8b03b6b
libksba_configure := \
$(CROSS_TOOLS) \
@ -13,7 +13,7 @@ libksba_configure := \
--host $(MUSL_ARCH)-linux-musl \
--prefix "/" \
--disable-static \
--with-gpg-error-prefix="$(INSTALL)" \
--with-libgpg-error-prefix="$(INSTALL)" \
libksba_target := $(MAKE_JOBS) \
DESTDIR="$(INSTALL)" \

12
modules/libnitrokey
View File

@ -14,20 +14,20 @@ libnitrokey_hash := 4f3382b6193afe69c2001321038fce9490bc28803ed687152a397ccd8914
cmake_cross := "-DCMAKE_AR=$(CROSS)ar" \
-DCMAKE_CXX_COMPILER="$(CROSS)g++" \
-DCMAKE_C_COMPILER="$(CROSS)gcc" \
-DCMAKE_CXX_FLAGS="-Os -fdata-sections -ffunction-sections -ffile-prefix-map=$(pwd)=heads -gno-record-gcc-switches -D__MUSL__ -I$(INSTALL)/include -L$(INSTALL)/lib " \
-DCMAKE_LINKER="$(CROSS)ld"
-DCMAKE_SHARED_LINKER_FLAGS="-gc-sections"
-DCMAKE_CXX_COMPILER_AR="$(CROSS)ar" \
-DCMAKE_CXX_FLAGS="-Os -fdata-sections -ffunction-sections -ffile-prefix-map=$(pwd)=heads -gno-record-gcc-switches -D__MUSL__ -I$(INSTALL)/include -L$(INSTALL)/lib " \
-DCMAKE_C_COMPILER="$(CROSS)gcc" \
-DCMAKE_LINKER="$(CROSS)ld"
-DCMAKE_NM="$(CROSS)nm" \
-DCMAKE_OBJDUMP="$(CROSS)objdump" \
-DCMAKE_OBCOPY="$(CROSS)obcopy" \
-DCMAKE_OBJDUMP="$(CROSS)objdump" \
-DCMAKE_SHARED_LINKER_FLAGS="-gc-sections"
-DCMAKE_STRIP="$(CROSS)strip"
libnitrokey_configure := \
mkdir build -p && \
cd build && \
$(CROSS_TOOLS) cmake .. -DNO_LOG=ON -DBUILD_SHARED_LIBS=OFF -DCOMPILE_TESTS=OFF -DCMAKE_INSTALL_PREFIX=/ -DCMAKE_INSTALL_LIBDIR=lib -DCMAKE_BUILD_TYPE=MinSizeRel $(cmake_cross)
$(CROSS_TOOLS) cmake .. -DBUILD_SHARED_LIBS=OFF -DCMAKE_BUILD_TYPE=MinSizeRel -DCMAKE_INSTALL_LIBDIR=lib -DCMAKE_INSTALL_PREFIX=/ -DCOMPILE_TESTS=OFF -DNO_LOG=ON $(cmake_cross)
# install "by-hand" as INSTALL_PREFIX is not working as expected
libnitrokey_target := $(CROSS_TOOLS) $(MAKE_JOBS) -C build DESTDIR="$(INSTALL)" && \

9
modules/libusb
View File

@ -12,11 +12,10 @@ libusb_hash := 7dce9cce9a81194b7065ee912bcd55eeffebab694ea403ffb91b67db66b1824b
libusb_configure := \
CFLAGS="-Os" \
./configure \
$(CROSS_TOOLS)\
--host $(MUSL_ARCH)-elf-linux\
--prefix "/"\
--disable-udev\
--disable-tests\
$(CROSS_TOOLS) \
--host $(MUSL_ARCH)-elf-linux \
--prefix "/" \
--disable-udev \
# Run one build to generate the executables with the pre-defined
# exec_prefix and datarootdir, then a second make to install the binaries

20
modules/lvm2
View File

@ -18,20 +18,20 @@ lvm2_configure := \
./configure \
--host $(MUSL_ARCH)-elf-linux \
--prefix "/" \
--enable-devmapper \
--disable-selinux \
--disable-udev-systemd-background-jobs \
--disable-realtime \
--disable-blkid_wiping \
--disable-cache_check_needs_check \
--disable-cmirrord \
--disable-dmeventd \
--disable-lvmetad \
--disable-lvmpolld \
--disable-use-lvmlockd \
--disable-use-lvmetad \
--disable-use-lvmpolld \
--disable-blkid_wiping \
--disable-cmirrord \
--disable-cache_check_needs_check \
--disable-realtime \
--disable-selinux \
--disable-thin_check_needs_check \
--disable-udev-systemd-background-jobs \
--disable-use-lvmetad \
--disable-use-lvmlockd \
--disable-use-lvmpolld \
--enable-devmapper \
--with-cluster=none \
--with-thin-check= \

1
modules/msrtools
View File

@ -13,6 +13,7 @@ msrtools_url := https://github.com/osresearch/msr-tools/archive/$(msrtools_versi
msrtools_hash := 80554790d0a404205fe215c9ae8d2de159e980ec23821d636f201f12550e6ac0
msrtools_target := \
$(MAKE_JOBS) \
$(CROSS_TOOLS) \
CFLAGS="-I$(INSTALL)/include" \
LDFLAGS="-L$(INSTALL)/lib" \

2
modules/newt
View File

@ -23,6 +23,6 @@ newt_libraries := \
newt_configure := \
./autogen.sh && CFLAGS="-Os" ./configure \
$(CROSS_TOOLS) \
--prefix "/" \
--host $(MUSL_ARCH)-elf-linux \
--prefix "/" \
--without-tcl

1
modules/npth
View File

@ -11,7 +11,6 @@ npth_configure := ./configure \
--host $(MUSL_ARCH)-linux-musl \
--prefix "/" \
--disable-static \
--with-gpg-error-prefix="$(INSTALL)" \
npth_target := $(MAKE_JOBS) \
DESTDIR="$(INSTALL)" \

5
modules/openssl
View File

@ -7,6 +7,9 @@ openssl_tar := openssl-$(openssl_version).tar.gz
openssl_url := https://www.openssl.org/source/$(openssl_tar)
openssl_hash := 6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e
# hack to provide path to libgcc
LIBGCC_DIR := $(dir $(shell $(heads_cc) -print-libgcc-file-name))
# The only optional algorithm that's enabled is SM3. tpm2-tss uses SHA, AES,
# and SM3.
openssl_configure := \
@ -14,7 +17,6 @@ openssl_configure := \
CFLAGS="-Os" \
./Configure \
--prefix="/" \
no-tests \
linux-$(strip $(arch)) \
no-aria \
no-bf \
@ -42,6 +44,7 @@ openssl_configure := \
no-siv \
no-sm2 \
no-sm4 \
no-tests \
no-whirlpool \
openssl_target := $(MAKE_JOBS) \

15
modules/pinentry
View File

@ -19,19 +19,18 @@ pinentry_configure := \
./configure \
--host $(MUSL_ARCH)-linux-musl \
--prefix "/" \
--enable-pinentry-tty \
--disable-fallback-curses \
--disable-libsecret \
--disable-fallback-curses \
--disable-pinentry-curses \
--disable-pinentry-qt \
--disable-pinentry-gtk2 \
--disable-pinentry-gnome3 \
--disable-pinentry-fltk \
--disable-pinentry-emacs \
--disable-fallback-curses \
--disable-pinentry-fltk \
--disable-pinentry-gnome3 \
--disable-pinentry-gtk2 \
--disable-pinentry-qt \
--disable-pinentry-qt5 \
--with-gpg-error-prefix="$(INSTALL)" \
--enable-pinentry-tty \
--with-libassuan-prefix="$(INSTALL)" \
--with-libgpg-error-prefix="$(INSTALL)" \
# Run one build to generate the executables with the pre-defined
# exec_prefix and datarootdir, then a second make to install the binaries

3
modules/popt
View File

@ -8,9 +8,8 @@ popt_hash := c25a4838fc8e4c1c8aacb8bd620edb3084a3d63bf8987fdad3ca2758c63240f9
popt_configure := ./configure \
$(CROSS_TOOLS) \
--prefix "/" \
--host $(MUSL_ARCH)-elf-linux \
--prefix "/" \
popt_target := \
$(MAKE_JOBS) \

2
modules/powerpc-utils
View File

@ -13,8 +13,8 @@ powerpc-utils_configure := \
./configure \
--host $(MUSL_ARCH)-elf-linux \
--prefix "/" \
--without-librtas \
--without-systemd \
--without-librtas
powerpc-utils_target := \
$(MAKE_JOBS) \

2
modules/qrencode
View File

@ -12,9 +12,9 @@ qrencode_configure := \
CFLAGS="-Os" \
./configure \
$(CROSS_TOOLS) \
--host $(MUSL_ARCH)-elf-linux \
--prefix "/" \
--without-tools \
--host $(MUSL_ARCH)-elf-linux \
qrencode_target := \
$(MAKE_JOBS) \

15
modules/slang
View File

@ -1,20 +1,21 @@
modules-$(CONFIG_SLANG) += slang
slang_version := 2.3.1a
slang_version := 2.3.3
slang_dir := slang-$(slang_version)
slang_tar := slang-$(slang_version).tar.bz2
slang_url := https://www.jedsoft.org/releases/slang/$(slang_tar)
slang_hash := 54f0c3007fde918039c058965dffdfd6c5aec0bad0f4227192cc486021f08c36
slang_hash := f9145054ae131973c61208ea82486d5dd10e3c5cdad23b7c4a0617743c8f5a18
slang_configure := ./configure \
$(CROSS_TOOLS) \
ac_cv_path_nc5config=no \
--prefix "/" \
ac_cv_path_nc5config=ncurses-config \
--host $(MUSL_ARCH)-elf-linux \
--with-z=no \
--with-png=no \
--with-pcre=no \
--prefix "/" \
--with-onig=no \
--with-pcre=no \
--with-png=no \
--with-z=no \
--disable-termcap \
&& mkdir -p src/elfobjs
# Disable parallel make for the install target

2
modules/tpm2-tools
View File

@ -31,7 +31,7 @@ tpm2-tools_configure := \
--host $(MUSL_ARCH)-elf-linux \
--prefix "/" \
--disable-fapi \
CFLAGS="-fdebug-prefix-map=$(INSTALL)=." \
--with-sysroot=$(INSTALL) \
tpm2-tools_target := $(MAKE_JOBS) \
DESTDIR="$(INSTALL)" \

3
modules/tpm2-tss
View File

@ -21,10 +21,11 @@ tpm2-tss_configure := aclocal && automake --add-missing && autoreconf -fi \
$(CROSS_TOOLS) \
--host $(MUSL_ARCH)-elf-linux \
--prefix "/" \
--with-sysroot=$(INSTALL) \
--disable-doxygen-doc \
--disable-doxygen-html \
--disable-doxygen-man \
--disable-doxygen-rtf \
--disable-doxygen-html \
--disable-fapi \
--disable-static \

1
modules/tpmtotp
View File

@ -10,6 +10,7 @@ tpmtotp_hash := eaac1e8f652f1da7f5a1ed6a8cfefb6511f1e5e1dabf93b44db3b29c18c5ae53
tpmtotp_target := \
$(CROSS_TOOLS) \
$(MAKE_JOBS) \
CFLAGS="-I$(INSTALL)/include -Os" \
LDFLAGS="-L$(INSTALL)/lib" \

12
modules/util-linux
View File

@ -13,16 +13,16 @@ util-linux_configure := \
--host $(MUSL_ARCH)-elf-linux \
--prefix "/" \
--oldincludedir "$(INSTALL)/include" \
--disable-all-programs \
--disable-bash-completion \
--enable-agetty \
--enable-libblkid \
--enable-libuuid \
--without-ncurses \
--without-ncursesw \
--without-python \
--without-tinfo \
--without-udev \
--without-python \
--disable-bash-completion \
--disable-all-programs \
--enable-libuuid \
--enable-libblkid \
--enable-agetty \
util-linux_target := \

0
patches/gpg2-2.4.0.patch → patches/gpg2-2.4.2.patch
View File

0
patches/libassuan-2.5.5.patch → patches/libassuan-2.5.6.patch
View File

0
patches/libgcrypt-1.8.3.patch → patches/libgcrypt-1.10.2.patch
View File

0
patches/libgpg-error-1.46.patch → patches/libgpg-error-1.47.patch
View File

0
patches/libksba-1.6.3.patch → patches/libksba-1.6.4.patch
View File

100
patches/linux-5.10.5/shebangs.patch Normal file
View File

@ -0,0 +1,100 @@
diff --git a/scripts/bloat-o-meter b/scripts/bloat-o-meter
index d7ca46c612b3..652e9542043f 100755
--- a/scripts/bloat-o-meter
+++ b/scripts/bloat-o-meter
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python
#
# Copyright 2004 Matt Mackall <mpm@selenic.com>
#
diff --git a/scripts/check-sysctl-docs b/scripts/check-sysctl-docs
index 8bcb9e26c7bc..90137319c50a 100755
--- a/scripts/check-sysctl-docs
+++ b/scripts/check-sysctl-docs
@@ -1,4 +1,4 @@
-#!/usr/bin/gawk -f
+#!/usr/bin/env -S gawk -f
# SPDX-License-Identifier: GPL-2.0
# Script to check sysctl documentation against source files
diff --git a/scripts/diffconfig b/scripts/diffconfig
index 89abf777f197..627eba5849b5 100755
--- a/scripts/diffconfig
+++ b/scripts/diffconfig
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python
# SPDX-License-Identifier: GPL-2.0
#
# diffconfig - a tool to compare .config files.
diff --git a/scripts/get_abi.pl b/scripts/get_abi.pl
index 68dab828a722..92d9aa6cc4f5 100755
--- a/scripts/get_abi.pl
+++ b/scripts/get_abi.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
# SPDX-License-Identifier: GPL-2.0
use strict;
diff --git a/scripts/ld-version.sh b/scripts/ld-version.sh
index f2be0ff9a738..7a5b546ece16 100755
--- a/scripts/ld-version.sh
+++ b/scripts/ld-version.sh
@@ -1,4 +1,4 @@
-#!/usr/bin/awk -f
+#!/usr/bin/env -S awk -f
# SPDX-License-Identifier: GPL-2.0
# extract linker version number from stdin and turn into single number
{
diff --git a/scripts/parse-maintainers.pl b/scripts/parse-maintainers.pl
index 2ca4eb3f190d..9515765158fa 100755
--- a/scripts/parse-maintainers.pl
+++ b/scripts/parse-maintainers.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl -w
+#!/usr/bin/env -S perl -w
# SPDX-License-Identifier: GPL-2.0
use strict;
diff --git a/scripts/show_delta b/scripts/show_delta
index 264399307c4f..28e67e178194 100755
--- a/scripts/show_delta
+++ b/scripts/show_delta
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python
# SPDX-License-Identifier: GPL-2.0-only
#
# show_deltas: Read list of printk messages instrumented with
diff --git a/scripts/sphinx-pre-install b/scripts/sphinx-pre-install
index 40fa6923e80a..828a8615a918 100755
--- a/scripts/sphinx-pre-install
+++ b/scripts/sphinx-pre-install
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
# SPDX-License-Identifier: GPL-2.0-or-later
use strict;
diff --git a/scripts/split-man.pl b/scripts/split-man.pl
index c3db607ee9ec..96bd99dc977a 100755
--- a/scripts/split-man.pl
+++ b/scripts/split-man.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
# SPDX-License-Identifier: GPL-2.0
#
# Author: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
diff --git a/scripts/ver_linux b/scripts/ver_linux
index 0968a3070eff..345b92f71d2d 100755
--- a/scripts/ver_linux
+++ b/scripts/ver_linux
@@ -1,4 +1,4 @@
-#!/usr/bin/awk -f
+#!/usr/bin/env -S awk -f
# SPDX-License-Identifier: GPL-2.0
# Before running this script please ensure that your PATH is
# typical as you use for compilation/installation. I use

190
patches/linux-5.5-openpower/shebangs.patch Normal file
View File

@ -0,0 +1,190 @@
diff --git a/scripts/bloat-o-meter b/scripts/bloat-o-meter
index 8c965f6a9881..bcd66a014453 100755
--- a/scripts/bloat-o-meter
+++ b/scripts/bloat-o-meter
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python
#
# Copyright 2004 Matt Mackall <mpm@selenic.com>
#
diff --git a/scripts/coccicheck b/scripts/coccicheck
index e04d328210ac..851c3307ca74 100755
--- a/scripts/coccicheck
+++ b/scripts/coccicheck
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
# SPDX-License-Identifier: GPL-2.0
# Linux kernel coccicheck
#
diff --git a/scripts/config b/scripts/config
index e0e39826dae9..ba11e350e8af 100755
--- a/scripts/config
+++ b/scripts/config
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
# SPDX-License-Identifier: GPL-2.0
# Manipulate options in a .config file from the command line
diff --git a/scripts/decode_stacktrace.sh b/scripts/decode_stacktrace.sh
index 13e5fbafdf2f..8c22ac90123b 100755
--- a/scripts/decode_stacktrace.sh
+++ b/scripts/decode_stacktrace.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
# SPDX-License-Identifier: GPL-2.0
# (c) 2014, Sasha Levin <sasha.levin@oracle.com>
#set -x
diff --git a/scripts/diffconfig b/scripts/diffconfig
index 89abf777f197..627eba5849b5 100755
--- a/scripts/diffconfig
+++ b/scripts/diffconfig
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python
# SPDX-License-Identifier: GPL-2.0
#
# diffconfig - a tool to compare .config files.
diff --git a/scripts/faddr2line b/scripts/faddr2line
index 6c6439f69a72..5079957d4993 100755
--- a/scripts/faddr2line
+++ b/scripts/faddr2line
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
# SPDX-License-Identifier: GPL-2.0
#
# Translate stack dump function offsets.
diff --git a/scripts/find-unused-docs.sh b/scripts/find-unused-docs.sh
index 3f46f8977dc4..363e7ecab554 100755
--- a/scripts/find-unused-docs.sh
+++ b/scripts/find-unused-docs.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
# (c) 2017, Jonathan Corbet <corbet@lwn.net>
# sayli karnik <karniksayli1995@gmail.com>
#
diff --git a/scripts/get_abi.pl b/scripts/get_abi.pl
index c738cb795514..ba87b230fe0a 100755
--- a/scripts/get_abi.pl
+++ b/scripts/get_abi.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
# SPDX-License-Identifier: GPL-2.0
use strict;
diff --git a/scripts/gfp-translate b/scripts/gfp-translate
index b2ce416d944b..2fcea3e9afb3 100755
--- a/scripts/gfp-translate
+++ b/scripts/gfp-translate
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
# SPDX-License-Identifier: GPL-2.0-only
# Translate the bits making up a GFP mask
# (c) 2009, Mel Gorman <mel@csn.ul.ie>
diff --git a/scripts/ld-version.sh b/scripts/ld-version.sh
index f2be0ff9a738..081efc679705 100755
--- a/scripts/ld-version.sh
+++ b/scripts/ld-version.sh
@@ -1,4 +1,4 @@
-#!/usr/bin/awk -f
+#!/usr/bin/env -S awk -f
# SPDX-License-Identifier: GPL-2.0
# extract linker version number from stdin and turn into single number
{
diff --git a/scripts/mkuboot.sh b/scripts/mkuboot.sh
index 4b1fe09e9042..0b6df121a3b5 100755
--- a/scripts/mkuboot.sh
+++ b/scripts/mkuboot.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
# SPDX-License-Identifier: GPL-2.0
#
diff --git a/scripts/objdiff b/scripts/objdiff
index 72b0b63c3fe1..95f087300637 100755
--- a/scripts/objdiff
+++ b/scripts/objdiff
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
# SPDX-License-Identifier: GPL-2.0-only
# objdiff - a small script for validating that a commit or series of commits
diff --git a/scripts/parse-maintainers.pl b/scripts/parse-maintainers.pl
index 255cef1b098d..c2d11c87fdb4 100644
--- a/scripts/parse-maintainers.pl
+++ b/scripts/parse-maintainers.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl -w
+#!/usr/bin/env -S perl -w
# SPDX-License-Identifier: GPL-2.0
use strict;
diff --git a/scripts/prune-kernel b/scripts/prune-kernel
index e8aa940bc0a9..620230f677bc 100755
--- a/scripts/prune-kernel
+++ b/scripts/prune-kernel
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
# SPDX-License-Identifier: GPL-2.0
# because I use CONFIG_LOCALVERSION_AUTO, not the same version again and
diff --git a/scripts/show_delta b/scripts/show_delta
index 264399307c4f..28e67e178194 100755
--- a/scripts/show_delta
+++ b/scripts/show_delta
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python
# SPDX-License-Identifier: GPL-2.0-only
#
# show_deltas: Read list of printk messages instrumented with
diff --git a/scripts/sphinx-pre-install b/scripts/sphinx-pre-install
index 470ccfe678aa..214ed660c0d0 100755
--- a/scripts/sphinx-pre-install
+++ b/scripts/sphinx-pre-install
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
# SPDX-License-Identifier: GPL-2.0-or-later
use strict;
diff --git a/scripts/split-man.pl b/scripts/split-man.pl
index c3db607ee9ec..96bd99dc977a 100755
--- a/scripts/split-man.pl
+++ b/scripts/split-man.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
# SPDX-License-Identifier: GPL-2.0
#
# Author: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
diff --git a/scripts/tags.sh b/scripts/tags.sh
index 4e18ae5282a6..02c08d460997 100755
--- a/scripts/tags.sh
+++ b/scripts/tags.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
# SPDX-License-Identifier: GPL-2.0-only
# Generate tags or cscope files
# Usage tags.sh <mode>
diff --git a/scripts/ver_linux b/scripts/ver_linux
index 85005d6b7f10..34e4530fd5b6 100755
--- a/scripts/ver_linux
+++ b/scripts/ver_linux
@@ -1,4 +1,4 @@
-#!/usr/bin/awk -f
+#!/usr/bin/env -S awk -f
# SPDX-License-Identifier: GPL-2.0
# Before running this script please ensure that your PATH is
# typical as you use for compilation/installation. I use

13
patches/slang-2.3.3/unhardcode-ln-in-Makefile.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/src/Makefile.in b/src/Makefile.in
index 7fe4dc2..38fe174 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -75,7 +75,7 @@ RM = rm -f
RM_R = rm -rf
AR_CR = ar cr
RMDIR = rmdir
-LN = /bin/ln -sf
+LN = ln -sf
CP = cp
@SET_MAKE@
#---------------------------------------------------------------------------

13
targets/qemu.md
View File

@ -1,4 +1,4 @@
qemu-coreboot-(fb)whiptail-tpm[1,2](-hotp) boards
qemu-coreboot-(fb)whiptail-tpmX(-hotp) boards
===
The `qemu-coreboot-fbwhiptail-tpm1-hotp` configuration (and their variants) permits testing of most features of Heads.
@ -87,3 +87,14 @@ swtpm on Debian bookworm
===
1. Install dependencies
* `sudo apt install swtpm swtpm-tools`
swtpm on nix docker image
===
Nothing to do. Everything needed is in the docker image.
Just make sure to pass DISPLAY environement variable on your docker command line. eg:
* Remotely downloaded docker image (doing make command only inside of docker example):
* `docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=qemu-coreboot-whiptail-tpm2`
* `docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=qemu-coreboot-whiptail-tpm2 run`
* Locally created docker image from nix develop environment (jumping into docker image variation of the above, where developer does what he wants within):
* `docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) linuxboot/heads:dev-env`

2
targets/qemu.mk
View File

@ -16,7 +16,7 @@ endif
ifeq "$(CONFIG_TPM2_TSS)" "y"
SWTPM_TPMVER := --tpm2
SWTPM_PRESETUP := swtpm_setup --create-config-files skip-if-exist
SWTPM_PRESETUP := swtpm_setup --create-config-files root skip-if-exist
else
# TPM1 is the default
SWTPM_TPMVER :=