Merge pull request #14 from home-assistant/dev

Beta Release build 0.2

.github/move.yml

@@ -0,0 +1,13 @@
+# Configuration for move-issues - https://github.com/dessant/move-issues
+
+# Delete the command comment. Ignored when the comment also contains other content
+deleteCommand: true
+# Close the source issue after moving
+closeSourceIssue: true
+# Lock the source issue after moving
+lockSourceIssue: false
+# Set custom aliases for targets
+# aliases:
+#   r: repo
+#   or: owner/repo
+

README.md

@@ -1,22 +1,25 @@
 # WORK IN PROGRESS!
 
 # Hass.io OS
-Hass.io OS based on buildroot. It's a hypervisor for docker and support many kind of IoT hardware. It is also available as Virtual Appliance. It's optimazed for embedded system and high security. You can update the system simple with OTA updates or offline Updates.
+Hass.io OS based on [buildroot](https://buildroot.org/). It's a hypervisor for Docker and supports various kind of IoT hardware. It is also available as virtual appliance. The whole system is optimized for embedded system and  security. You can update the system simple with OTA updates or offline updates.
 
 ## Focus
+
 - Linux kernel 4.15
 - Barebox as bootloader
 - RAUC for OTA updates
-- SquashFS LZ4 for filesystem
+- SquashFS LZ4 as filesystem
 - Docker 17.12.1
+- AppArmor protected
 - ZRAM LZ4 for /tmp, /var, swap
 - Run every supervisor
 
 ## Schemas
 ![](misc/hassio-os-partition.png?raw=true)
 
-## Config
-Create a USB stick with a partition "hassio-config". This partition can include follow files:
+## Configuration
+
+Create a USB stick with a partition named "hassio-config". This partition can include follow files:
 
 - network-* (NetworkManager keyfiles)
 - known_hosts (SSH)
@@ -26,7 +29,8 @@ Create a USB stick with a partition "hassio-config". This partition can include
 
 ## Supervisor/Cli
 
-Provide a `hassio.json` on your data partition they can/need follow struct:
+Provide a file with the name `hassio.json` in your data partition and the following structure:
+
 ```json
 {
   "supervisor": "repo/image",
@@ -37,10 +41,10 @@ Provide a `hassio.json` on your data partition they can/need follow struct:
 ```
 
 # Building
-Running sudo `./enter.sh` will get you into the build docker container.   
+Running `sudo ./enter.sh` will get you into the build Docker container.   
 `make -C /build/buildroot BR2_EXTERNAL=/build/buildroot-external xy_defconfig`
 
-From outside the docker container, while it is still running you can use `./getimage.sh` to get the output image.
+From outside the Docker container, while it is still running you can use `./getimage.sh` to get the output image.
 
 ## Helpers
 

buildroot-external/Config.in

@@ -1,2 +1,4 @@
 source "$BR2_EXTERNAL_HASSIO_PATH/package/mingetty/Config.in"
 source "$BR2_EXTERNAL_HASSIO_PATH/package/hassio/Config.in"
+source "$BR2_EXTERNAL_HASSIO_PATH/package/libapparmor/Config.in"
+source "$BR2_EXTERNAL_HASSIO_PATH/package/apparmor/Config.in"

buildroot-external/apparmor/hassio-supervisor

@@ -0,0 +1,75 @@
+#include <tunables/global>
+
+profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) {
+  #include <abstractions/base>
+  #include <abstractions/python>
+
+  network,
+  deny network raw,
+
+  signal (send) set=(kill,term),
+
+  /bin/busybox ix,
+  /usr/bin/python{,3,3.[0-9]} ix,
+  /usr/bin/git cx,
+  /usr/bin/socat cx,
+  /usr/bin/gdbus cx,
+
+  deny /proc/** wl,
+  deny /root/** wl,
+  deny /sys/** wl,
+
+  /** r,
+  /tmp/** rw,
+  /data/** rw,
+  /{,var/}run/docker.sock rw,
+
+  capability net_bind_service,
+
+  profile /usr/bin/socat flags=(attach_disconnected,mediate_deleted) {
+    #include <abstractions/base>
+
+    network inet udp,
+    network inet tcp,
+
+    deny network raw,
+    deny network packet,
+
+    signal (receive) set=(kill,term),
+    capability net_bind_service,
+
+    /lib/* mr,
+    /usr/bin/socat mr,
+  }
+
+  profile /usr/bin/gdbus flags=(attach_disconnected,mediate_deleted) {
+    #include <abstractions/base>
+    #include <abstractions/dbus>
+
+    unix (send, receive) type=stream,
+
+    /usr/bin/gdbus mr,
+    /lib/* mr,
+    /{,var/}run/dbus/system_bus_socket rw,
+  }
+
+  profile /usr/bin/git flags=(attach_disconnected,mediate_deleted) {
+    #include <abstractions/base>
+
+    network,
+    deny network raw,
+
+    /bin/busybox ix,
+    /usr/bin/git mr,
+    /usr/libexec/git-core/* ix,
+
+    deny /data/homeassistant rw,
+    deny /data/ssl rw,
+
+    /** r,
+    /lib/* mr,
+    /data/addons/** lrw,
+
+    capability dac_override,
+  }
+}

buildroot-external/barebox-env/bin/init

@@ -2,31 +2,23 @@
 
 export PATH=/env/bin
 
-global autoboot_timeout
-global boot.default
 global linux.bootargs.base
-global linux.bootargs.console
-#linux.bootargs.dyn.* will be cleared at the beginning of boot
 global linux.bootargs.dyn.root
-global editcmd
-
-[ -z "${global.autoboot_timeout}" ] && global.autoboot_timeout=3
-magicvar -a global.autoboot_timeout "timeout in seconds before automatic booting"
-[ -z "${global.boot.default}" ] && global.boot.default="system0"
-[ -z "${global.editcmd}" ] && global.editcmd=sedit
 
+# Init board specific stuff
 [ -e /env/config-board ] && /env/config-board
 
 # Autostart
 for i in /env/init/*; do
 	. $i
 done
 
-echo -e -n "\nHit any key to stop autoboot: "
-timeout -a $global.autoboot_timeout
-autoboot="$?"
+echo "- Hit m for menu or wait for autoboot -"
+timeout -a 1 -s -v key
 
-if [ "$autoboot" = 0 ]; then
-	boot
+# Run menu
+if [ "${key}" != "m" ]; then
+    boot
 fi
 
+menutree

buildroot-external/barebox-env/menu/00-boot-auto/action

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+boot

buildroot-external/barebox-env/menu/00-boot-auto/title

@@ -0,0 +1 @@
+Autoboot

buildroot-external/barebox-env/menu/10-boot-system0/action

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+boot system0

buildroot-external/barebox-env/menu/10-boot-system0/title

@@ -0,0 +1 @@
+Boot System 0

buildroot-external/barebox-env/menu/20-boot-system1/action

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+boot system1

buildroot-external/barebox-env/menu/20-boot-system1/title

@@ -0,0 +1 @@
+Boot System 1

buildroot-external/barebox-env/menu/30-shell/action

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+echo "Enter 'exit' to get back to the menu"
+
+sh

buildroot-external/barebox-env/menu/30-shell/title

@@ -0,0 +1 @@
+Shell

buildroot-external/barebox-env/menu/title

@@ -0,0 +1 @@
+Hass.io OS boot Menu:

buildroot-external/barebox-env/nv/editcmd

@@ -0,0 +1 @@
+sedit

buildroot-external/board/ova/barebox-env/boot/system0

@@ -1,5 +1,5 @@
 #!/bin/sh
 
 global bootm.image="/mnt/disk1/boot/bzImage"
-global linux.bootargs.dyn.root="root=/dev/sda2 rootfstype=squashfs ro"
+global linux.bootargs.dyn.root="root=PARTUUID=8d3d53e3-6d49-4c38-8349-aff6859e82fd rootfstype=squashfs ro"
 

buildroot-external/board/ova/barebox-env/boot/system1

@@ -1,4 +1,4 @@
 #!/bin/sh
 
 global bootm.image="/mnt/disk2/boot/bzImage"
-global linux.bootargs.dyn.root="root=/dev/sda3 rootfstype=squashfs ro"
+global linux.bootargs.dyn.root="root=PARTUUID=a3ec664e-32ce-4665-95ea-7ae90ce9aa20 rootfstype=squashfs ro"

buildroot-external/board/ova/barebox-state.dts

@@ -12,8 +12,7 @@
                 compatible = "barebox,state";
                 backend = <&backend_state>;
                 backend-type = "raw";
-                backend-stridesize = <1024>;
-		backend-storage-type = "direct";
+                backend-stridesize = <4048>;
 
 		bootstate {
 			#address-cells = <1>;
@@ -39,7 +38,7 @@
 				remaining_attempts@8 {
 					reg = <0x8 0x4>;
 					type = "uint32";
-					default = <3>;
+					default = <0>;
 				};
 				priority@c {
 					reg = <0xc 0x4>;

buildroot-external/board/ova/barebox.config

@@ -3,12 +3,11 @@ CONFIG_MMU=y
 CONFIG_MALLOC_SIZE=0x0
 CONFIG_MALLOC_TLSF=y
 CONFIG_PROMPT="hassio-os:"
-CONFIG_GLOB=y
-CONFIG_GLOB_SORT=y
 CONFIG_CMDLINE_EDITING=y
 CONFIG_AUTO_COMPLETE=y
+CONFIG_MENU=y
+# CONFIG_TIMESTAMP is not set
 CONFIG_BOOTM_SHOW_TYPE=y
-CONFIG_BOOTM_OFTREE=y
 CONFIG_FLEXIBLE_BOOTARGS=y
 # CONFIG_PARTITION_DISK_DOS is not set
 CONFIG_PARTITION_DISK_EFI=y
@@ -17,17 +16,18 @@ CONFIG_PARTITION_DISK_EFI=y
 CONFIG_DEFAULT_ENVIRONMENT_PATH="/build/buildroot-external/board/ova/barebox-env /build/buildroot-external/barebox-env"
 CONFIG_STATE=y
 CONFIG_BOOTCHOOSER=y
+# CONFIG_CMD_VERSION is not set
 CONFIG_CMD_BOOT=y
 CONFIG_CMD_UIMAGE=y
 CONFIG_CMD_AUTOMOUNT=y
 CONFIG_CMD_NV=y
 CONFIG_CMD_EXPORT=y
 CONFIG_CMD_GLOBAL=y
-CONFIG_CMD_MAGICVAR=y
 CONFIG_CMD_BASENAME=y
 CONFIG_CMD_DIRNAME=y
 CONFIG_CMD_READLINK=y
 CONFIG_CMD_GETOPT=y
+CONFIG_CMD_MENUTREE=y
 CONFIG_CMD_TIMEOUT=y
 CONFIG_CMD_DETECT=y
 CONFIG_CMD_STATE=y

buildroot-external/board/ova/info

@@ -0,0 +1,3 @@
+BOARD_ID=ova
+BOARD_NAME="Open Virtual Appliance"
+CHASSIS=vm