Remove fixmac

MAC setup magic should not be installed by default in all our images Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Ban weston-init from our images
2020-06-04 11:51:54 +02:00 · 2020-06-04 11:51:54 +02:00 · 2020-05-10 13:22:54 +02:00 · 2020-03-18 18:15:28 +01:00 · 2020-03-18 18:12:04 +01:00 · 2019-09-19 12:42:53 +02:00
12 changed files with 120 additions and 9 deletions
--- a/appends/meta-gnome/network-manager-applet_%.bbappend
+++ b/appends/meta-gnome/network-manager-applet_%.bbappend
@@ -0,0 +1,3 @@
+EXTRA_OECONF_append = " \
+    --with-libnm-gtk \
+"
--- a/appends/meta-networking/networkmanager-openvpn_%.bbappend
+++ b/appends/meta-networking/networkmanager-openvpn_%.bbappend
@@ -0,0 +1,12 @@
+PACKAGECONFIG_append = " gnome"
+DEPENDS_append = " gtk+3 networkmanager network-manager-applet"
+
+do_configure_append() {
+    # network-manager-openvpn.metainfo.xml is created in source folder but
+    # compile expects it in build folder. As long as nobody comes up with a
+    # better solution just support build:
+    if [ -e ${S}/appdata/network-manager-openvpn.metainfo.xml ]; then
+        mkdir -p ${B}/appdata
+        cp -f ${S}/appdata/network-manager-openvpn.metainfo.xml ${B}/appdata/
+    fi
+}
--- a/appends/oe-core/openssh_%.bbappend
+++ b/appends/oe-core/openssh_%.bbappend
@@ -0,0 +1,2 @@
+RRECOMMENDS_${PN}-sshd_remove_class-target = "rng-tools"
+
--- a/appends/oe-core/weston%.bbappend
+++ b/appends/oe-core/weston%.bbappend
@@ -0,0 +1,2 @@
+# A root session without password activated by just two keys - honestly..
+RRECOMMENDS_${PN}_remove = "weston-init"
--- a/classes/instant-sysroot-target.bbclass
+++ b/classes/instant-sysroot-target.bbclass
@@ -38,10 +38,10 @@
 #   4. Set sysroot (see INSTANT_TARGET_PATH in instant-path.bbclass):
 #      ${TMPDIR}/sysroot-instant-target-${MACHINE_ARCH}
 #   5. Select compilers (it is not necessary for debug but without QTCreator won't enable Kit) for C and C++ e.g:
-#      C:   '<TMDIR>/sysroot-instant-native/usr/bin/arm-mortsgna-linux-gnueabi/arm-mortsgna-linux-gnueabi-gcc'
-#      C++: '<TMDIR>/sysroot-instant-native/usr/bin/arm-mortsgna-linux-gnueabi/arm-mortsgna-linux-gnueabi-g++'
+#      C:   '${TMPDIR}/sysroot-instant-native/usr/bin/arm-mortsgna-linux-gnueabi/arm-mortsgna-linux-gnueabi-gcc'
+#      C++: '${TMPDIR}/sysroot-instant-native/usr/bin/arm-mortsgna-linux-gnueabi/arm-mortsgna-linux-gnueabi-g++'
 #   6. Select debugger e.g:
-#      GDB: '<TMDIR>/sysroot-instant-native/usr/bin/arm-mortsgna-linux-gnueabi/arm-mortsgna-linux-gnueabi-gdb'
+#      GDB: '${TMPDIR}/sysroot-instant-native/usr/bin/arm-mortsgna-linux-gnueabi/arm-mortsgna-linux-gnueabi-gdb'
 #   7. To avoid qtcreator stopping on certain signals Select 'Debugger' in left list and in
 #      * 'GDB'-tab unselect 'Show a message box when reciving a signal'
 #      * 'Locals & Expressions' add in 'Debugging Helper Customization' lines as
@@ -49,7 +49,7 @@
 #         running int breaks
 #   8. Select 'OK' in Options dialog -> 'Start Debugger' should be back on top
 # * Make sure 'OE' Kit is selected
-# * Browse for executable e.g '<TMDIR>/sysroot-instant-target/usr/bin/thunar'
+# * Browse for executable e.g '${TMPDIR}/sysroot-instant-target-${MACHINE_ARCH}/usr/bin/thunar'
 # * Set IP:Port of target machine e.g '192.168.2.108:5000'
 # * Select 'OK'
 #
--- a/conf/distro/mortsgna.conf
+++ b/conf/distro/mortsgna.conf
@@ -114,8 +114,10 @@ ENABLE_BINARY_LOCALE_GENERATION_ep9312 = "0"
 ENABLE_BINARY_LOCALE_GENERATION_armeb = "0"

 # blacklist policy
-PNBLACKLIST[pn-fso-apm]       = "regular apmd is good enough"
+PNBLACKLIST[pn-fso-apm] = "regular apmd is good enough"

+# warrior specific - on master there might come times they do the right thing...
+PNBLACKLIST[rng-tools] = "blocks shutdown and no issues found for openssl"

 ###############################################################################
 # Quality & security hardening
@@ -140,6 +142,7 @@ WARN_TO_ERROR_QA = " \
 WARN_QA_remove = "${WARN_TO_ERROR_QA}"
 ERROR_QA_append = " ${WARN_TO_ERROR_QA}"

+PNBLACKLIST[weston-init]       = "A passwordless root session reachable by two keys - security???"

 ###############################################################################
 # Image defaults
@@ -193,6 +196,7 @@ EXTRA_IMAGE_FEATURES += " \
    empty-root-password \
    allow-empty-password \
    post-install-logging \
+    volatile-log \
 "

 # make x11-base a valid IMAGE_FEATURES
--- a/conf/layer.conf
+++ b/conf/layer.conf
@@ -22,6 +22,8 @@ BBFILES_DYNAMIC += " \
    \
    multimedia-layer:${LAYERDIR}/appends/meta-multimedia/*.bbappend \
    \
+    networking-layer:${LAYERDIR}/appends/meta-networking/*.bbappend \
+    \
    openembedded-layer:${LAYERDIR}/appends/meta-oe/*.bbappend \
    \
    qt5-layer:${LAYERDIR}/appends/meta-qt5/*.bbappend \
--- a/recipes-image/console/console-base-image.bb
+++ b/recipes-image/console/console-base-image.bb
@@ -13,7 +13,6 @@ IMAGE_INSTALL += " \
    systemd-analyze \
    cpufrequtils \
    htop \
-    fixmac \
    util-linux-lsblk \
    nano \
 "
--- a/recipes-image/console/console-net-image.bb
+++ b/recipes-image/console/console-net-image.bb
@@ -5,6 +5,7 @@ NETWORKPACKS ?= " \
    avahi-autoipd \
    iputils \
    networkmanager \
+    networkmanager-openvpn \
    networkmanager-bash-completion \
 "

--- a/recipes-image/xfce4/xfce4-music-image.bb
+++ b/recipes-image/xfce4/xfce4-music-image.bb
@@ -4,9 +4,6 @@ export IMAGE_BASENAME = "xfce4-music-image"

 XFCE_DM = "sddm sddm-morona-autologin"

-# Saving to SDCard creates delays/underruns
-IMAGE_FEATURES += "volatile-log"
-
 IMAGE_INSTALL += " \
    packagegroup-gui-musicians \
    \
--- a/scripts/bbone-card-write.sh
+++ b/scripts/bbone-card-write.sh
@@ -0,0 +1,14 @@
+#! /bin/bash
+
+# bbone-card-write.sh
+# (c) Copyright 2019 Andreas Müller <schnitzeltony@gmail.com>
+# Licensed under terms of GPLv2
+#
+# This script writes image to sdcard and aligns rootfs partition to max size.
+
+# Includes
+. `dirname $0`/include/common-helpers.inc
+. `dirname $0`/include/card-helpers.inc
+. `dirname $0`/include/machine-bbone.inc
+
+StartCardWrite
--- a/scripts/include/machine-bbone.inc
+++ b/scripts/include/machine-bbone.inc
@@ -0,0 +1,75 @@
+#! /bin/bash
+
+# machine-bbone.inc
+# (c) Copyright 2019 Andreas Müller <schnitzeltony@gmail.com>
+# Licensed under terms of GPLv2
+#
+# This script contains settings and callbacks for TI beagle boards
+
+# default settings
+DEFAULT_MACHINE_FAMILY='*bone*'
+DEFAULT_FIND_ROOTFS='-name *.wic -o -name *.wic.gz -type l'
+DEFAULT_KERNEL_IMAGE_TYPE='zImage'
+
+# callback for card-write
+RootCardWriteCallback() {
+    # rootfs write/resize to card fit
+    time(
+        # evt. write partition table
+        CheckPartitionTable "$DevicePath"
+        # write
+        StartMessage="\nWrite $DeployedFile to $DevicePath..."
+        if echo $DeployedFile | grep -q '.wic.gz'; then
+            EvalExAuto "gunzip -c $DeployedFile | dd of=$DevicePath oflag=nocache bs=1024K" "$StartMessage"
+        elif echo $DeployedFile | grep -q '.wic.xz'; then
+            EvalExAuto "tar -x -f $DeployedFile --to-stdout | dd of=$DevicePath oflag=nocache bs=1024K" "$StartMessage"
+        else
+            EvalExAuto "dd of=$DevicePath oflag=nocache if=$DeployedFile bs=1024K" "$StartMessage"
+        fi
+        # resize I
+        EvalExAuto "parted -s $DevicePath -- resizepart 2 -0" "\nResize I ${DevicePath}2..."
+        # resize II
+        EvalExAuto "resize2fs ${DevicePath}2" "\nResize II ${DevicePath}2..."
+     )
+}
+
+# callback for card-kernel-write (WIP)
+RootCardKernelWriteCallback() {
+    tmpdir=`mktemp -d`
+
+    # mount boot partition
+    EvalExAuto "mount ${DevicePath}1 $tmpdir" "\nMount boot partition ${DevicePath}1 to $tmpdir..."
+    # initial kernel
+    EvalExAuto "rm -f $tmpdir/${KernelImageType}*" "\nRemove old kernels..."
+    EvalExAuto "cp $DeployedFile $tmpdir/$KernelImageType" "\nCopy new kernel $KernelImageType..."
+    # devicetrees
+    EvalExAuto "rm -f $tmpdir/*.dtb" "\nRemove old devicetrees..."
+    echo
+    for dtb in `find ${DeployFileDir} -name "${KernelImageType}*.dtb" -type l`; do
+        dtbname=`basename $dtb | sed 's:'${KernelImageType}'-::'`
+        EvalExAuto "cp $dtb $tmpdir/${dtbname}" "Copy $dtb -> $tmpdir/${dtbname}..."
+    done
+    # unmount boot partition
+    EvalExAuto "sleep 1 && umount ${DevicePath}1" "\nUnmount boot partition..."
+
+    # mount rootfs
+    EvalExAuto "mount ${DevicePath}2 $tmpdir" "\nMount rootfs ${DevicePath}2 to $tmpdir..."
+    # rootfs/boot kernel
+    EvalExAuto "rm -f $tmpdir/boot/${KernelImageType}*" "\nRemove old kernels..."
+    EvalExAuto "cp $DeployedFile $tmpdir/boot/$KernelWithAbiName" "\nCopy new kernel to /boot/$KernelWithAbiName..."
+    EvalExAuto "ln -sf $KernelWithAbiName $tmpdir/boot/$KernelImageType" "\nLink kernel to /boot/$KernelImageType -> $KernelWithAbiName..."
+    # kernel modules
+    CopyKernelModules
+    RegisterKernelModules
+    # unmount rootfs
+    EvalExAuto "sleep 1 && umount ${DevicePath}2" "\nUnmount rootfs..."
+
+    rm -rf $tmpdir
+}
+
+CheckPrerequisite "time"
+CheckPrerequisite "gunzip"
+CheckPrerequisite "tar"
+CheckPrerequisite "dd"
+CheckPrerequisite "parted"
+CheckPrerequisite "resize2fs"
Author	SHA1	Message	Date
Andreas Müller	5346b3baa8	Remove fixmac MAC setup magic should not be installed by default in all our images Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>	2020-06-04 11:51:54 +02:00
Andreas Müller	903d753fc0	Ban weston-init from our images Maybe I missed something: * Although disabled by default it is started automatically * A passwordless root account reached by two keys - NOT ACCECTABLE!!! * Weston ships sessions that are the preferred way to start weston as unpriviledged user Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>	2020-06-04 11:51:54 +02:00
Andreas Müller	5e4b883bc2	Let all our images log volatile (not only xfce4-music-image) should have done this much earlier: * Don't ruin sd-cards on machines running 24/7 * On Raspi4 it buys us boot time reduced by ~2s * Was never happy about the misleading entries in journal from boots long ago Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>	2020-05-10 13:22:54 +02:00
Andreas Müller	7e3a5954e5	network-manager-applet/-openvpn: Add missing bits to import vpn-config This is more or less a backport of what will be send to master soon. Since there is no hope to get backports added to stable branches, adjust recipes here. Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>	2020-03-18 18:15:28 +01:00
Andreas Müller	eca422e4a7	console-net-image: add networkmanager-openvpn In times of home-office users might want to tunnel to copmpany's network Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>	2020-03-18 18:12:04 +01:00
Andreas Müller	babc8fbe27	scripts: prepare scipts to write bbone images based upon wic Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>	2019-09-19 12:42:53 +02:00
Andreas Müller	eb55623c66	instant-sysroot-target.bbclass: Minor corrections on remote debug instructions Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>	2019-09-10 22:06:16 +02:00
Andreas Müller	c921e73d35	Ensure rng-tools does not find it's way into images It blocks shutdown for ages. [1] helps to see [ 232.089805] systemd-shutdown[1]: Sending SIGTERM to remaining processes... [ 232.128654] systemd-journald[188]: Received SIGTERM from PID 1 (systemd-shutdow). [ 322.127531] systemd-shutdown[1]: Sending SIGKILL to remaining processes... [ 322.166520] systemd-shutdown[1]: Sending SIGKILL to PID 178 (rngd). [1] https://freedesktop.org/wiki/Software/systemd/Debugging/#index2h1 Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>	2019-07-10 09:53:34 +02:00
				`@@ -0,0 +1,2 @@`
				`RRECOMMENDS_${PN}-sshd_remove_class-target = "rng-tools"`