ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2025-01-05 12:44:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #1688 from 123ahaha/updated-instruction-ptrace_scope

Browse Source 
Updated README.md for kernel.yama.ptrace_scope issues
This commit is contained in:
Thierry Laurion 2024-06-07 12:38:38 -04:00 committed by GitHub
commit 64730d9507
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
README.md
View File

@ -48,13 +48,27 @@ Build docker from nix develop layer locally
* `mkdir -p ~/.config/nix` * `mkdir -p ~/.config/nix`
* `echo 'experimental-features = nix-command flakes' >>~/.config/nix/nix.conf` * `echo 'experimental-features = nix-command flakes' >>~/.config/nix/nix.conf`
#### Build image #### Build image
* Build nix developer local environment with flakes locked to specified versions * Build nix developer local environment with flakes locked to specified versions
* `nix --print-build-logs --verbose develop --ignore-environment --command true` * `nix --print-build-logs --verbose develop --ignore-environment --command true`
* Build docker image with current develop created environment (this will take a while and create "linuxboot/heads:dev-env" local docker image: * Build docker image with current develop created environment (this will take a while and create "linuxboot/heads:dev-env" local docker image):
* `nix build .#dockerImage && docker load < result` * `nix build .#dockerImage && docker load < result`
On some hardened OSes, you may encounter problems with ptrace.
```
> proot error: ptrace(TRACEME): Operation not permitted
```
The most likely reason is that your [kernel.yama.ptrace_scope](https://www.kernel.org/doc/Documentation/security/Yama.txt) variable is too high and doesn't allow docker+nix to run properly.
You'll need to set kernel.yama.ptrace_scope to 1 while you build the heads binary.
```
sudo sysctl kernel.yama.ptrace_scope #show you the actual value, probably 2 or 3
sudo sysctl -w kernel.yama.ptrace_scope=1 #setup the value to let nix+docker run properly
```
(don't forget to put back the value you had after finishing build head)
Done! Done!
Your local docker image "linuxboot/heads:dev-env" is ready to use, reproducible for the specific Heads commit used and will produce ROMs reproducible for that Heads commit ID. Your local docker image "linuxboot/heads:dev-env" is ready to use, reproducible for the specific Heads commit used and will produce ROMs reproducible for that Heads commit ID.