From 5a6b8c5bbe065ded5d0e6138f5059a1c2549c5d6 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Tue, 24 Apr 2018 00:14:43 +0200 Subject: [PATCH 001/100] Add OVA script (#4) --- scripts/ovf-create.sh | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 scripts/ovf-create.sh diff --git a/scripts/ovf-create.sh b/scripts/ovf-create.sh new file mode 100644 index 00000000000..8160c974645 --- /dev/null +++ b/scripts/ovf-create.sh @@ -0,0 +1,9 @@ +#!/bin/bash +set -e + +VboxManage createvm --name Hass.io --ostype Linux_64 --register +VBoxManage modifyvm Hass.io --cpus 2 --memory 1048 --firmware efi +VBoxManage modifyvm Hass.io --nic1 bridged +VBoxManage storageattach Hass.io --storagectl "SATA Controller" --device 0 --port 0 --type vmdk --medium $1 + +VBoxManage export Hass.io --ovf20 --vendor "Home-Assistant" --vendorurl "http://hass.io" --output $2 From e544c14d3dc1263333694c0c776d59c4c9a74821 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Fri, 27 Apr 2018 18:20:06 +0200 Subject: [PATCH 002/100] Layering hostname/hosts (#5) * Layering hostname/hosts * Fix build * Use origin files on new overlay --- .../package/hassio/builder/hostapp.sh | 4 ++-- .../hassio-bind.target.wants/etc-hostname.mount | 1 + .../hassio-bind.target.wants/etc-hosts.mount | 1 + .../rootfs-overlay/etc/tmpfiles.d/hostname.conf | 2 ++ .../usr/lib/systemd/system/etc-hostname.mount | 14 ++++++++++++++ .../usr/lib/systemd/system/etc-hosts.mount | 14 ++++++++++++++ .../usr/lib/systemd/system/mnt-overlay.mount | 2 +- scripts/enter.sh | 1 + 8 files changed, 36 insertions(+), 3 deletions(-) create mode 120000 buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-hostname.mount create mode 120000 buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-hosts.mount create mode 100644 buildroot-external/rootfs-overlay/etc/tmpfiles.d/hostname.conf create mode 100644 buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-hostname.mount create mode 100644 buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-hosts.mount diff --git a/buildroot-external/package/hassio/builder/hostapp.sh b/buildroot-external/package/hassio/builder/hostapp.sh index 61e0f53d720..2a7806624a3 100755 --- a/buildroot-external/package/hassio/builder/hostapp.sh +++ b/buildroot-external/package/hassio/builder/hostapp.sh @@ -55,11 +55,11 @@ mkdir -p /mnt/supervisor mkdir -p /mnt/cli # Run dockerd -dockerd -s overlay2 -g /mnt/docker 2> /dev/null & +dockerd -s overlay2 -g /mnt/docker & DOCKER_PID=$! +DOCKER_COUNT=0 until docker info >/dev/null 2>&1; do - DOCKER_COUNT=0 if [ ${DOCKER_COUNT} -gt 30 ]; then exit 1 fi diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-hostname.mount b/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-hostname.mount new file mode 120000 index 00000000000..173cae38889 --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-hostname.mount @@ -0,0 +1 @@ +/usr/lib/systemd/system/etc-hostname.mount \ No newline at end of file diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-hosts.mount b/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-hosts.mount new file mode 120000 index 00000000000..d22d22eb3ed --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-hosts.mount @@ -0,0 +1 @@ +/usr/lib/systemd/system/etc-hosts.mount \ No newline at end of file diff --git a/buildroot-external/rootfs-overlay/etc/tmpfiles.d/hostname.conf b/buildroot-external/rootfs-overlay/etc/tmpfiles.d/hostname.conf new file mode 100644 index 00000000000..9d64a05167a --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/tmpfiles.d/hostname.conf @@ -0,0 +1,2 @@ +C /mnt/overlay/etc/hostname - - - - /etc/hostname +C /mnt/overlay/etc/hosts - - - - /etc/hosts diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-hostname.mount b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-hostname.mount new file mode 100644 index 00000000000..be4a26beabd --- /dev/null +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-hostname.mount @@ -0,0 +1,14 @@ +[Unit] +Description=Hostname persistent configuration +Requires=mnt-overlay.mount +After=mnt-overlay.mount systemd-tmpfiles-setup.service +Before=network.target + +[Mount] +What=/mnt/overlay/etc/hostname +Where=/etc/hostname +Type=none +Options=bind + +[Install] +WantedBy=hassio-bind.target diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-hosts.mount b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-hosts.mount new file mode 100644 index 00000000000..366be99064f --- /dev/null +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-hosts.mount @@ -0,0 +1,14 @@ +[Unit] +Description=Hosts persistent configuration +Requires=mnt-overlay.mount +After=mnt-overlay.mount systemd-tmpfiles-setup.service +Before=network.target + +[Mount] +What=/mnt/overlay/etc/hosts +Where=/etc/hosts +Type=none +Options=bind + +[Install] +WantedBy=hassio-bind.target diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/mnt-overlay.mount b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/mnt-overlay.mount index f648f6bfd47..7af4b28a0c8 100644 --- a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/mnt-overlay.mount +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/mnt-overlay.mount @@ -1,7 +1,7 @@ [Unit] Description=Hassio overlay partition DefaultDependencies=no -Before=umount.target +Before=umount.target systemd-tmpfiles-setup.service Conflicts=umount.target [Mount] diff --git a/scripts/enter.sh b/scripts/enter.sh index 0be4cb7edd2..1ca96ced3ad 100755 --- a/scripts/enter.sh +++ b/scripts/enter.sh @@ -1,3 +1,4 @@ #!/bin/bash +modprobe overlayfs docker build -t hassbuildroot . docker run -it --rm --privileged -v "$(pwd):/build" hassbuildroot bash From 34f58015b4a42037f773db327c46b4832e2cc0dd Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 28 Apr 2018 00:35:26 +0200 Subject: [PATCH 003/100] Cleanup busybox & fix systemd (#6) --- buildroot-external/busybox.config | 34 +++++++-------- .../systemd/0001-Allow-hostname-on-ro.patch | 41 +++++++++++++++++++ 2 files changed, 58 insertions(+), 17 deletions(-) create mode 100644 buildroot-external/patches/systemd/0001-Allow-hostname-on-ro.patch diff --git a/buildroot-external/busybox.config b/buildroot-external/busybox.config index fced55441ae..a867d39f0ad 100644 --- a/buildroot-external/busybox.config +++ b/buildroot-external/busybox.config @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit # Busybox version: 1.27.2 -# Tue Apr 17 18:57:21 2018 +# Fri Apr 27 16:47:10 2018 # CONFIG_HAVE_DOT_CONFIG=y @@ -606,13 +606,13 @@ CONFIG_GETOPT=y CONFIG_FEATURE_GETOPT_LONG=y CONFIG_HEXDUMP=y CONFIG_FEATURE_HEXDUMP_REVERSE=y -CONFIG_HD=y -CONFIG_XXD=y -CONFIG_HWCLOCK=y -CONFIG_FEATURE_HWCLOCK_LONG_OPTIONS=y +# CONFIG_HD is not set +# CONFIG_XXD is not set +# CONFIG_HWCLOCK is not set +# CONFIG_FEATURE_HWCLOCK_LONG_OPTIONS is not set # CONFIG_FEATURE_HWCLOCK_ADJTIME_FHS is not set CONFIG_IONICE=y -CONFIG_IPCRM=y +# CONFIG_IPCRM is not set CONFIG_IPCS=y # CONFIG_LAST is not set # CONFIG_FEATURE_LAST_FANCY is not set @@ -648,9 +648,9 @@ CONFIG_FEATURE_MOUNT_FLAGS=y # CONFIG_FEATURE_MOUNT_FSTAB is not set # CONFIG_FEATURE_MOUNT_OTHERTAB is not set # CONFIG_MOUNTPOINT is not set -CONFIG_NSENTER=y -CONFIG_FEATURE_NSENTER_LONG_OPTS=y -CONFIG_PIVOT_ROOT=y +# CONFIG_NSENTER is not set +# CONFIG_FEATURE_NSENTER_LONG_OPTS is not set +# CONFIG_PIVOT_ROOT is not set CONFIG_RDATE=y CONFIG_RDEV=y CONFIG_READPROFILE=y @@ -674,14 +674,14 @@ CONFIG_FEATURE_TASKSET_FANCY=y CONFIG_UEVENT=y CONFIG_UMOUNT=y CONFIG_FEATURE_UMOUNT_ALL=y -CONFIG_UNSHARE=y +# CONFIG_UNSHARE is not set # CONFIG_WALL is not set # # Common options for mount/umount # CONFIG_FEATURE_MOUNT_LOOP=y -CONFIG_FEATURE_MOUNT_LOOP_CREATE=y +# CONFIG_FEATURE_MOUNT_LOOP_CREATE is not set # CONFIG_FEATURE_MTAB_SUPPORT is not set CONFIG_VOLUMEID=y @@ -750,10 +750,10 @@ CONFIG_FEATURE_CROND_DIR="" # CONFIG_FLASHCP is not set CONFIG_HDPARM=y CONFIG_FEATURE_HDPARM_GET_IDENTITY=y -CONFIG_FEATURE_HDPARM_HDIO_SCAN_HWIF=y -CONFIG_FEATURE_HDPARM_HDIO_UNREGISTER_HWIF=y -CONFIG_FEATURE_HDPARM_HDIO_DRIVE_RESET=y -CONFIG_FEATURE_HDPARM_HDIO_TRISTATE_HWIF=y +# CONFIG_FEATURE_HDPARM_HDIO_SCAN_HWIF is not set +# CONFIG_FEATURE_HDPARM_HDIO_UNREGISTER_HWIF is not set +# CONFIG_FEATURE_HDPARM_HDIO_DRIVE_RESET is not set +# CONFIG_FEATURE_HDPARM_HDIO_TRISTATE_HWIF is not set CONFIG_FEATURE_HDPARM_HDIO_GETSET_DMA=y # CONFIG_I2CGET is not set # CONFIG_I2CSET is not set @@ -780,7 +780,7 @@ CONFIG_FEATURE_LESS_MAXLINES=0 # CONFIG_MT is not set CONFIG_NANDWRITE=y CONFIG_NANDDUMP=y -CONFIG_PARTPROBE=y +# CONFIG_PARTPROBE is not set # CONFIG_RAIDAUTORUN is not set # CONFIG_READAHEAD is not set # CONFIG_RFKILL is not set @@ -1069,7 +1069,7 @@ CONFIG_ASH_TEST=y CONFIG_ASH_HELP=y CONFIG_ASH_GETOPTS=y CONFIG_ASH_CMDCMD=y -CONFIG_CTTYHACK=y +# CONFIG_CTTYHACK is not set # CONFIG_HUSH is not set # CONFIG_HUSH_BASH_COMPAT is not set # CONFIG_HUSH_BRACE_EXPANSION is not set diff --git a/buildroot-external/patches/systemd/0001-Allow-hostname-on-ro.patch b/buildroot-external/patches/systemd/0001-Allow-hostname-on-ro.patch new file mode 100644 index 00000000000..71f85f32c0f --- /dev/null +++ b/buildroot-external/patches/systemd/0001-Allow-hostname-on-ro.patch @@ -0,0 +1,41 @@ +From 525b60af3320de3cc1f1145fe31a2de07b61faf6 Mon Sep 17 00:00:00 2001 +From: Pascal Vizeli +Date: Sat, 28 Apr 2018 00:20:08 +0200 +Subject: [PATCH 1/1] Allow hostname on ro + +--- + src/hostname/hostnamed.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c +index d9ad2fb..87fae35 100644 +--- a/src/hostname/hostnamed.c ++++ b/src/hostname/hostnamed.c +@@ -289,6 +289,7 @@ static int context_update_kernel_hostname(Context *c) { + static int context_write_data_static_hostname(Context *c) { + + assert(c); ++ FILE *f = NULL; + + if (isempty(c->data[PROP_STATIC_HOSTNAME])) { + +@@ -297,7 +298,15 @@ static int context_write_data_static_hostname(Context *c) { + + return 0; + } +- return write_string_file_atomic_label("/etc/hostname", c->data[PROP_STATIC_HOSTNAME]); ++ ++ f = fopen("/etc/hostname", "w"); ++ if (f == NULL) ++ return -ENOENT; ++ ++ fputs(c->data[PROP_STATIC_HOSTNAME], f); ++ fclose(f); ++ ++ return 0; + } + + static int context_write_data_machine_info(Context *c) { +-- +2.7.4 + From d10d21ba08afa804bf9bc7c3e5e4504e17541c69 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 28 Apr 2018 00:36:01 +0200 Subject: [PATCH 004/100] Delete .ignore --- buildroot-external/patches/.ignore | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 buildroot-external/patches/.ignore diff --git a/buildroot-external/patches/.ignore b/buildroot-external/patches/.ignore deleted file mode 100644 index e69de29bb2d..00000000000 From 14f9fc3eebb871b6f4bb2fa6bdc5ddf21d9c7308 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 28 Apr 2018 10:54:05 +0200 Subject: [PATCH 005/100] Update ova_defconfig --- buildroot-external/configs/ova_defconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/configs/ova_defconfig b/buildroot-external/configs/ova_defconfig index 367aa44cafc..943d957e57c 100644 --- a/buildroot-external/configs/ova_defconfig +++ b/buildroot-external/configs/ova_defconfig @@ -5,7 +5,7 @@ BR2_GLOBAL_PATCH_DIR="$(BR2_EXTERNAL_HASSIO_PATH)/patches" BR2_TOOLCHAIN_BUILDROOT_GLIBC=y BR2_GCC_VERSION_7_X=y BR2_TOOLCHAIN_BUILDROOT_CXX=y -BR2_TARGET_GENERIC_HOSTNAME="hassio.local" +BR2_TARGET_GENERIC_HOSTNAME="hassio" BR2_TARGET_GENERIC_ISSUE="Welcome to Hass.io" BR2_INIT_SYSTEMD=y BR2_TARGET_GENERIC_GETTY_PORT="tty1" From 6515947a3c19e030e24a4d0c9d2b54136fd06aa4 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 28 Apr 2018 11:53:31 +0200 Subject: [PATCH 006/100] Cleanup old stuff --- buildroot-external/configs/ova_defconfig | 2 -- 1 file changed, 2 deletions(-) diff --git a/buildroot-external/configs/ova_defconfig b/buildroot-external/configs/ova_defconfig index 943d957e57c..4a9d1035604 100644 --- a/buildroot-external/configs/ova_defconfig +++ b/buildroot-external/configs/ova_defconfig @@ -22,8 +22,6 @@ BR2_LINUX_KERNEL_NEEDS_HOST_LIBELF=y BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y BR2_PACKAGE_BUSYBOX_CONFIG="$(BR2_EXTERNAL_HASSIO_PATH)/busybox.config" BR2_PACKAGE_BUSYBOX_INDIVIDUAL_BINARIES=y -BR2_PACKAGE_ALSA_UTILS=y -BR2_PACKAGE_LZ4=y BR2_PACKAGE_JQ=y BR2_PACKAGE_DOSFSTOOLS=y BR2_PACKAGE_E2FSPROGS=y From 53e0d22875729e30bb36d21eb07483ab10479c52 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Sun, 29 Apr 2018 00:05:56 +0200 Subject: [PATCH 007/100] Fix typos and layout --- README.md | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index f99ffd7077a..ff0b9697d37 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,14 @@ # WORK IN PROGRESS! # Hass.io OS -Hass.io OS based on buildroot. It's a hypervisor for docker and support many kind of IoT hardware. It is also available as Virtual Appliance. It's optimazed for embedded system and high security. You can update the system simple with OTA updates or offline Updates. +Hass.io OS based on [buildroot](https://buildroot.org/). It's a hypervisor for Docker and supports various kind of IoT hardware. It is also available as virtual appliance. The whole system is optimized for embedded system and security. You can update the system simple with OTA updates or offline updates. ## Focus + - Linux kernel 4.15 - Barebox as bootloader - RAUC for OTA updates -- SquashFS LZ4 for filesystem +- SquashFS LZ4 as filesystem - Docker 17.12.1 - ZRAM LZ4 for /tmp, /var, swap - Run every supervisor @@ -15,8 +16,9 @@ Hass.io OS based on buildroot. It's a hypervisor for docker and support many kin ## Schemas ![](misc/hassio-os-partition.png?raw=true) -## Config -Create a USB stick with a partition "hassio-config". This partition can include follow files: +## Configuration + +Create a USB stick with a partition named "hassio-config". This partition can include follow files: - network-* (NetworkManager keyfiles) - known_hosts (SSH) @@ -26,7 +28,8 @@ Create a USB stick with a partition "hassio-config". This partition can include ## Supervisor/Cli -Provide a `hassio.json` on your data partition they can/need follow struct: +Provide a file with the name `hassio.json` in your data partition and the following structure: + ```json { "supervisor": "repo/image", @@ -37,10 +40,10 @@ Provide a `hassio.json` on your data partition they can/need follow struct: ``` # Building -Running sudo `./enter.sh` will get you into the build docker container. +Running `sudo ./enter.sh` will get you into the build Docker container. `make -C /build/buildroot BR2_EXTERNAL=/build/buildroot-external xy_defconfig` -From outside the docker container, while it is still running you can use `./getimage.sh` to get the output image. +From outside the Docker container, while it is still running you can use `./getimage.sh` to get the output image. ## Helpers From 258717c412d07fcc0c59604cba6d6360ea132f28 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Sun, 29 Apr 2018 10:22:11 +0200 Subject: [PATCH 008/100] Enable move bot (#8) --- .github/move.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 .github/move.yml diff --git a/.github/move.yml b/.github/move.yml new file mode 100644 index 00000000000..e041083c9ae --- /dev/null +++ b/.github/move.yml @@ -0,0 +1,13 @@ +# Configuration for move-issues - https://github.com/dessant/move-issues + +# Delete the command comment. Ignored when the comment also contains other content +deleteCommand: true +# Close the source issue after moving +closeSourceIssue: true +# Lock the source issue after moving +lockSourceIssue: false +# Set custom aliases for targets +# aliases: +# r: repo +# or: owner/repo + From 1e62743b1e7ee908a259f2d61d29029e4c202ef6 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sun, 29 Apr 2018 14:01:07 +0200 Subject: [PATCH 009/100] Apparmor (#9) * Create Config.in * Update Config.in * Create apparmor.mk * Update Config.in * Create apparmor.hash * Update and rename buildroot-external/package/apparmor/Config.in to buildroot-external/package/libapparmor/Config.in * Create Config.in * Delete Config.in * Update Config.in * Update Config.in * Update apparmor.mk * Update apparmor.mk * Update apparmor.mk * Update Config.in * Update apparmor.mk * Update apparmor.mk * Delete apparmor.hash * Update apparmor.mk * Update apparmor.mk * Update apparmor.mk * Update apparmor.mk * Update apparmor.mk * test 1 * Fix stuff --- buildroot-external/Config.in | 2 ++ buildroot-external/configs/ova_defconfig | 2 ++ buildroot-external/package/apparmor/Config.in | 9 ++++++++ .../package/apparmor/apparmor.mk | 22 +++++++++++++++++++ .../package/libapparmor/Config.in | 8 +++++++ .../package/libapparmor/libapparmor.mk | 18 +++++++++++++++ 6 files changed, 61 insertions(+) create mode 100644 buildroot-external/package/apparmor/Config.in create mode 100644 buildroot-external/package/apparmor/apparmor.mk create mode 100644 buildroot-external/package/libapparmor/Config.in create mode 100644 buildroot-external/package/libapparmor/libapparmor.mk diff --git a/buildroot-external/Config.in b/buildroot-external/Config.in index 61b6e032bf7..2df71695d2c 100644 --- a/buildroot-external/Config.in +++ b/buildroot-external/Config.in @@ -1,2 +1,4 @@ source "$BR2_EXTERNAL_HASSIO_PATH/package/mingetty/Config.in" source "$BR2_EXTERNAL_HASSIO_PATH/package/hassio/Config.in" +source "$BR2_EXTERNAL_HASSIO_PATH/package/libapparmor/Config.in" +source "$BR2_EXTERNAL_HASSIO_PATH/package/apparmor/Config.in" diff --git a/buildroot-external/configs/ova_defconfig b/buildroot-external/configs/ova_defconfig index 4a9d1035604..9d6db2837fb 100644 --- a/buildroot-external/configs/ova_defconfig +++ b/buildroot-external/configs/ova_defconfig @@ -69,3 +69,5 @@ BR2_PACKAGE_HASSIO_SUPERVISOR_VERSION="0.101" BR2_PACKAGE_HASSIO_SUPERVISOR_ARGS="-e HOMEASSISTANT_REPOSITORY=homeassistant/qemux86-64-homeassistant" BR2_PACKAGE_HASSIO_CLI="homeassistant/amd64-hassio-cli" BR2_PACKAGE_HASSIO_CLI_VERSION="0.1" +BR2_PACKAGE_APPARMOR=y +BR2_PACKAGE_LIBAPPARMOR=y diff --git a/buildroot-external/package/apparmor/Config.in b/buildroot-external/package/apparmor/Config.in new file mode 100644 index 00000000000..6ba44321ac8 --- /dev/null +++ b/buildroot-external/package/apparmor/Config.in @@ -0,0 +1,9 @@ +config BR2_PACKAGE_APPARMOR + bool "apparmor" + depends on BR2_PACKAGE_LIBAPPARMOR + help + AppArmor gives you network application security via mandatory + access control for programs, protecting against the exploitation + of software flaws and compromised systems. + + http://apparmor.net diff --git a/buildroot-external/package/apparmor/apparmor.mk b/buildroot-external/package/apparmor/apparmor.mk new file mode 100644 index 00000000000..67a7eeb1f4a --- /dev/null +++ b/buildroot-external/package/apparmor/apparmor.mk @@ -0,0 +1,22 @@ +############################################################# +# +# apparmor +# +############################################################# +APPARMOR_VERSION = v2.13 +APPARMOR_SITE = git://git.launchpad.net/apparmor +APPARMOR_LICENSE = GPL-2 +APPARMOR_LICENSE_FILES = LICENSE +APPARMOR_DEPENDENCIES = libapparmor + +define APPARMOR_BUILD_CMDS + $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) PATH=$(BR_PATH) $(MAKE) -C $(@D)/parser USE_SYSTEM=1 YACC=bison LEX=flex + $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/profiles +endef + +define APPARMOR_INSTALL_TARGET_CMDS + $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/parser DESTDIR=$(TARGET_DIR) USE_SYSTEM=1 PREFIX=/usr install + $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/profiles DESTDIR=$(TARGET_DIR) PREFIX=/usr install +endef + +$(eval $(generic-package)) diff --git a/buildroot-external/package/libapparmor/Config.in b/buildroot-external/package/libapparmor/Config.in new file mode 100644 index 00000000000..f2188d07837 --- /dev/null +++ b/buildroot-external/package/libapparmor/Config.in @@ -0,0 +1,8 @@ +config BR2_PACKAGE_LIBAPPARMOR + bool "libapparmor" + help + AppArmor gives you network application security via mandatory + access control for programs, protecting against the exploitation + of software flaws and compromised systems. + + http://apparmor.net diff --git a/buildroot-external/package/libapparmor/libapparmor.mk b/buildroot-external/package/libapparmor/libapparmor.mk new file mode 100644 index 00000000000..0be91b1a79b --- /dev/null +++ b/buildroot-external/package/libapparmor/libapparmor.mk @@ -0,0 +1,18 @@ +############################################################# +# +# libapparmor +# +############################################################# +LIBAPPARMOR_VERSION = v2.13 +LIBAPPARMOR_SITE = git://git.launchpad.net/apparmor +LIBAPPARMOR_LICENSE = GPL-2 +LIBAPPARMOR_LICENSE_FILES = LICENSE +LIBAPPARMOR_INSTALL_STAGING = YES +LIBAPPARMOR_INSTALL_TARGET = NO +LIBAPPARMOR_DEPENDENCIES = host-flex +LIBAPPARMOR_SUBDIR = libraries/libapparmor +LIBAPPARMOR_CONF_ENV = ac_cv_func_reallocarray=no +LIBAPPARMOR_AUTORECONF = YES +LIBAPPARMOR_CONF_OPTS = --enable-static + +$(eval $(autotools-package)) From 93357c71ff8e79c0378996ff6517365f9a36765e Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sun, 29 Apr 2018 20:41:53 +0200 Subject: [PATCH 010/100] Install apparmor systemd --- buildroot-external/package/apparmor/apparmor.mk | 1 + 1 file changed, 1 insertion(+) diff --git a/buildroot-external/package/apparmor/apparmor.mk b/buildroot-external/package/apparmor/apparmor.mk index 67a7eeb1f4a..2d1ddf99db6 100644 --- a/buildroot-external/package/apparmor/apparmor.mk +++ b/buildroot-external/package/apparmor/apparmor.mk @@ -16,6 +16,7 @@ endef define APPARMOR_INSTALL_TARGET_CMDS $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/parser DESTDIR=$(TARGET_DIR) USE_SYSTEM=1 PREFIX=/usr install + $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/parser DESTDIR=$(TARGET_DIR) USE_SYSTEM=1 PREFIX=/usr install-systemd $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/profiles DESTDIR=$(TARGET_DIR) PREFIX=/usr install endef From f2fa29357fcb90776bf26f66694b10c72c895c37 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sun, 29 Apr 2018 20:46:41 +0200 Subject: [PATCH 011/100] cleanup apparmor systemd --- buildroot-external/package/apparmor/apparmor.mk | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/buildroot-external/package/apparmor/apparmor.mk b/buildroot-external/package/apparmor/apparmor.mk index 2d1ddf99db6..5ebff566a81 100644 --- a/buildroot-external/package/apparmor/apparmor.mk +++ b/buildroot-external/package/apparmor/apparmor.mk @@ -15,8 +15,7 @@ define APPARMOR_BUILD_CMDS endef define APPARMOR_INSTALL_TARGET_CMDS - $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/parser DESTDIR=$(TARGET_DIR) USE_SYSTEM=1 PREFIX=/usr install - $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/parser DESTDIR=$(TARGET_DIR) USE_SYSTEM=1 PREFIX=/usr install-systemd + $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/parser DESTDIR=$(TARGET_DIR) USE_SYSTEM=1 PREFIX=/usr install install-systemd $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/profiles DESTDIR=$(TARGET_DIR) PREFIX=/usr install endef From 69db31ba2e0e52f4677c008b84ad2cddddfd998e Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Mon, 30 Apr 2018 00:09:43 +0200 Subject: [PATCH 012/100] Extend AppArmor / hassio --- buildroot-external/busybox.config | 4 ++-- buildroot-external/configs/ova_defconfig | 3 ++- buildroot-external/package/hassio/builder/hostapp.sh | 1 + buildroot-external/rootfs-overlay/etc/apparmor/parser.conf | 2 ++ .../systemd/system/multi-user.target.wants/apparmor.service | 1 + 5 files changed, 8 insertions(+), 3 deletions(-) create mode 100644 buildroot-external/rootfs-overlay/etc/apparmor/parser.conf create mode 120000 buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/apparmor.service diff --git a/buildroot-external/busybox.config b/buildroot-external/busybox.config index a867d39f0ad..c4a156b3aaa 100644 --- a/buildroot-external/busybox.config +++ b/buildroot-external/busybox.config @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit # Busybox version: 1.27.2 -# Fri Apr 27 16:47:10 2018 +# Sun Apr 29 21:50:21 2018 # CONFIG_HAVE_DOT_CONFIG=y @@ -452,7 +452,7 @@ CONFIG_FEATURE_VI_UNDO_QUEUE_MAX=256 # CONFIG_FEATURE_FIND_CONTEXT is not set # CONFIG_FEATURE_FIND_LINKS is not set CONFIG_GREP=y -# CONFIG_EGREP is not set +CONFIG_EGREP=y # CONFIG_FGREP is not set # CONFIG_FEATURE_GREP_CONTEXT is not set # CONFIG_XARGS is not set diff --git a/buildroot-external/configs/ova_defconfig b/buildroot-external/configs/ova_defconfig index 9d6db2837fb..1e30202681a 100644 --- a/buildroot-external/configs/ova_defconfig +++ b/buildroot-external/configs/ova_defconfig @@ -32,6 +32,7 @@ BR2_PACKAGE_GPTFDISK_SGDISK=y BR2_PACKAGE_CA_CERTIFICATES=y BR2_PACKAGE_LIBCGROUP=y BR2_PACKAGE_LIBCGROUP_TOOLS=y +BR2_PACKAGE_LIBSECCOMP=y BR2_PACKAGE_AVAHI=y BR2_PACKAGE_AVAHI_DAEMON=y BR2_PACKAGE_AVAHI_LIBDNSSD_COMPATIBILITY=y @@ -69,5 +70,5 @@ BR2_PACKAGE_HASSIO_SUPERVISOR_VERSION="0.101" BR2_PACKAGE_HASSIO_SUPERVISOR_ARGS="-e HOMEASSISTANT_REPOSITORY=homeassistant/qemux86-64-homeassistant" BR2_PACKAGE_HASSIO_CLI="homeassistant/amd64-hassio-cli" BR2_PACKAGE_HASSIO_CLI_VERSION="0.1" -BR2_PACKAGE_APPARMOR=y BR2_PACKAGE_LIBAPPARMOR=y +BR2_PACKAGE_APPARMOR=y diff --git a/buildroot-external/package/hassio/builder/hostapp.sh b/buildroot-external/package/hassio/builder/hostapp.sh index 2a7806624a3..3609a184a3e 100755 --- a/buildroot-external/package/hassio/builder/hostapp.sh +++ b/buildroot-external/package/hassio/builder/hostapp.sh @@ -53,6 +53,7 @@ mount -o loop ${DATA_IMG} /mnt mkdir -p /mnt/docker mkdir -p /mnt/supervisor mkdir -p /mnt/cli +mkdir -p /mnt/apparmor # Run dockerd dockerd -s overlay2 -g /mnt/docker & diff --git a/buildroot-external/rootfs-overlay/etc/apparmor/parser.conf b/buildroot-external/rootfs-overlay/etc/apparmor/parser.conf new file mode 100644 index 00000000000..fde0152add7 --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/apparmor/parser.conf @@ -0,0 +1,2 @@ +Include /etc/apparmor.d/ +Include /mnt/data/apparmor/ diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/apparmor.service b/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/apparmor.service new file mode 120000 index 00000000000..f9a498ed8b3 --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/apparmor.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/apparmor.service \ No newline at end of file From 7eedd8c6c7ade3594ff51a6d0d78f2a8af7dd184 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Mon, 30 Apr 2018 12:01:36 +0200 Subject: [PATCH 013/100] Update apparmor.mk --- buildroot-external/package/apparmor/apparmor.mk | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/buildroot-external/package/apparmor/apparmor.mk b/buildroot-external/package/apparmor/apparmor.mk index 5ebff566a81..2d1ddf99db6 100644 --- a/buildroot-external/package/apparmor/apparmor.mk +++ b/buildroot-external/package/apparmor/apparmor.mk @@ -15,7 +15,8 @@ define APPARMOR_BUILD_CMDS endef define APPARMOR_INSTALL_TARGET_CMDS - $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/parser DESTDIR=$(TARGET_DIR) USE_SYSTEM=1 PREFIX=/usr install install-systemd + $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/parser DESTDIR=$(TARGET_DIR) USE_SYSTEM=1 PREFIX=/usr install + $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/parser DESTDIR=$(TARGET_DIR) USE_SYSTEM=1 PREFIX=/usr install-systemd $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/profiles DESTDIR=$(TARGET_DIR) PREFIX=/usr install endef From e816808382092208dc152799d1791e545b6c5915 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Mon, 30 Apr 2018 12:09:29 +0200 Subject: [PATCH 014/100] Update mnt-data.mount --- .../rootfs-overlay/usr/lib/systemd/system/mnt-data.mount | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/mnt-data.mount b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/mnt-data.mount index 96097915684..c439aacf3fc 100644 --- a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/mnt-data.mount +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/mnt-data.mount @@ -1,9 +1,9 @@ [Unit] Description=Hassio data partition -Requires=hassio-expand.service +Wants=hassio-expand.service DefaultDependencies=no After=hassio-expand.service -Before=umount.target +Before=umount.target systemd-tmpfiles-setup.service Conflicts=umount.target [Mount] From 90b7c9f0d1881d4658126824cb97859f9e7069a1 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Mon, 30 Apr 2018 12:10:17 +0200 Subject: [PATCH 015/100] Update hassio-expand.service --- .../rootfs-overlay/usr/lib/systemd/system/hassio-expand.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-expand.service b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-expand.service index 5bcfa8c7c9a..f8b9ea15a63 100644 --- a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-expand.service +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-expand.service @@ -5,7 +5,7 @@ Before=mnt-data.mount [Service] Type=oneshot -ExecStart=-/sbin/hassio-expand +ExecStart=/sbin/hassio-expand RemainAfterExit=true [Install] From 48d7fafd39727020bc1faddace7cbaf3923f52bf Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Mon, 30 Apr 2018 12:12:31 +0200 Subject: [PATCH 016/100] Create data.conf --- buildroot-external/rootfs-overlay/etc/tmpfiles.d/data.conf | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 buildroot-external/rootfs-overlay/etc/tmpfiles.d/data.conf diff --git a/buildroot-external/rootfs-overlay/etc/tmpfiles.d/data.conf b/buildroot-external/rootfs-overlay/etc/tmpfiles.d/data.conf new file mode 100644 index 00000000000..76d1ffe7c07 --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/tmpfiles.d/data.conf @@ -0,0 +1,3 @@ +d /mnt/data/supervisor +d /mnt/data/cli +d /mnt/data/apparmor From e81898b701a94a3b7d75cbb69482b567b0ed7780 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Mon, 30 Apr 2018 12:13:07 +0200 Subject: [PATCH 017/100] Update hostapp.sh --- buildroot-external/package/hassio/builder/hostapp.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/buildroot-external/package/hassio/builder/hostapp.sh b/buildroot-external/package/hassio/builder/hostapp.sh index 3609a184a3e..952406dbe65 100755 --- a/buildroot-external/package/hassio/builder/hostapp.sh +++ b/buildroot-external/package/hassio/builder/hostapp.sh @@ -51,9 +51,6 @@ mkfs.ext4 -L "hassio-data" -E lazy_itable_init=0,lazy_journal_init=0 ${DATA_IMG} # Mount / init file structs mount -o loop ${DATA_IMG} /mnt mkdir -p /mnt/docker -mkdir -p /mnt/supervisor -mkdir -p /mnt/cli -mkdir -p /mnt/apparmor # Run dockerd dockerd -s overlay2 -g /mnt/docker & From c356987ae54d9b1a7a03d9f2f34200c1a81623c9 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Mon, 30 Apr 2018 12:22:23 +0200 Subject: [PATCH 018/100] Delete parser.conf --- buildroot-external/rootfs-overlay/etc/apparmor/parser.conf | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 buildroot-external/rootfs-overlay/etc/apparmor/parser.conf diff --git a/buildroot-external/rootfs-overlay/etc/apparmor/parser.conf b/buildroot-external/rootfs-overlay/etc/apparmor/parser.conf deleted file mode 100644 index fde0152add7..00000000000 --- a/buildroot-external/rootfs-overlay/etc/apparmor/parser.conf +++ /dev/null @@ -1,2 +0,0 @@ -Include /etc/apparmor.d/ -Include /mnt/data/apparmor/ From 67a3f643dacf7aab3531b730e56ab20d358f2203 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Mon, 30 Apr 2018 12:23:58 +0200 Subject: [PATCH 019/100] Create .empty --- .../rootfs-overlay/etc/apparmor.d/containers/.empty | 1 + 1 file changed, 1 insertion(+) create mode 100644 buildroot-external/rootfs-overlay/etc/apparmor.d/containers/.empty diff --git a/buildroot-external/rootfs-overlay/etc/apparmor.d/containers/.empty b/buildroot-external/rootfs-overlay/etc/apparmor.d/containers/.empty new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/apparmor.d/containers/.empty @@ -0,0 +1 @@ + From f7c980fcc25251c7cca7d36b5fb6137681c3026d Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Mon, 30 Apr 2018 12:26:39 +0200 Subject: [PATCH 020/100] Create etc-apparmor.d-containers.mount --- .../systemd/system/etc-apparmor.d-containers.mount | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-apparmor.d-containers.mount diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-apparmor.d-containers.mount b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-apparmor.d-containers.mount new file mode 100644 index 00000000000..4fa1b8b568e --- /dev/null +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-apparmor.d-containers.mount @@ -0,0 +1,14 @@ +[Unit] +Description=Supervisor persistent apparmor profiles +Requires=mnt-data.mount apparmor.service +After=mnt-data.mount +Before=apparmor.service + +[Mount] +What=/mnt/data/apparmor +Where=/etc/apparmor.d/containers +Type=none +Options=bind + +[Install] +WantedBy=hassio-bind.target From aafaf2b8efb069387afcbea5d70f3a7a7f6fd8c4 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Mon, 30 Apr 2018 13:46:07 +0200 Subject: [PATCH 021/100] Autostart --- .../etc/systemd/system/apparmor.service.d/hassio.conf | 2 ++ .../hassio-bind.target.wants/etc-apparmor.d-containers.mount | 1 + 2 files changed, 3 insertions(+) create mode 100644 buildroot-external/rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf create mode 120000 buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-apparmor.d-containers.mount diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf b/buildroot-external/rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf new file mode 100644 index 00000000000..13ed578b51a --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf @@ -0,0 +1,2 @@ +[Unit] +RequiresMountsFor=/etc/apparmor.d/containers diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-apparmor.d-containers.mount b/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-apparmor.d-containers.mount new file mode 120000 index 00000000000..834306a177e --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-apparmor.d-containers.mount @@ -0,0 +1 @@ +/usr/lib/systemd/system/etc-apparmor.d-containers.mount \ No newline at end of file From 508d84b97bb31d9468566a9a4acc8ffda6915fbd Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Mon, 30 Apr 2018 23:24:59 +0200 Subject: [PATCH 022/100] Bugfix permission --- .../package/apparmor/0001-Autostart.patch | 31 +++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 buildroot-external/package/apparmor/0001-Autostart.patch diff --git a/buildroot-external/package/apparmor/0001-Autostart.patch b/buildroot-external/package/apparmor/0001-Autostart.patch new file mode 100644 index 00000000000..ed24ddc44dc --- /dev/null +++ b/buildroot-external/package/apparmor/0001-Autostart.patch @@ -0,0 +1,31 @@ +From aafaf2b8efb069387afcbea5d70f3a7a7f6fd8c4 Mon Sep 17 00:00:00 2001 +From: Pascal Vizeli +Date: Mon, 30 Apr 2018 13:46:07 +0200 +Subject: [PATCH 1/1] Autostart + +--- + .../rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf | 2 ++ + .../system/hassio-bind.target.wants/etc-apparmor.d-containers.mount | 1 + + 2 files changed, 3 insertions(+) + create mode 100644 buildroot-external/rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf + create mode 120000 buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-apparmor.d-containers.mount + +diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf b/buildroot-external/rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf +new file mode 100644 +index 0000000..13ed578 +--- /dev/null ++++ b/buildroot-external/rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf +@@ -0,0 +1,2 @@ ++[Unit] ++RequiresMountsFor=/etc/apparmor.d/containers +diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-apparmor.d-containers.mount b/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-apparmor.d-containers.mount +new file mode 120000 +index 0000000..834306a +--- /dev/null ++++ b/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-apparmor.d-containers.mount +@@ -0,0 +1 @@ ++/usr/lib/systemd/system/etc-apparmor.d-containers.mount +\ No newline at end of file +-- +2.7.4 + From 862bc04173f7e7278d8702b41a565638394c8ac0 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Mon, 30 Apr 2018 23:42:22 +0200 Subject: [PATCH 023/100] Add fix permission patch --- .../package/apparmor/0001-Autostart.patch | 42 ++++++++----------- 1 file changed, 18 insertions(+), 24 deletions(-) diff --git a/buildroot-external/package/apparmor/0001-Autostart.patch b/buildroot-external/package/apparmor/0001-Autostart.patch index ed24ddc44dc..4b3369084d4 100644 --- a/buildroot-external/package/apparmor/0001-Autostart.patch +++ b/buildroot-external/package/apparmor/0001-Autostart.patch @@ -1,31 +1,25 @@ -From aafaf2b8efb069387afcbea5d70f3a7a7f6fd8c4 Mon Sep 17 00:00:00 2001 +From 78ceb52ff4e5d4dbe003651b2193979114152763 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli -Date: Mon, 30 Apr 2018 13:46:07 +0200 -Subject: [PATCH 1/1] Autostart +Date: Mon, 30 Apr 2018 23:40:27 +0200 +Subject: [PATCH 1/1] Fix permission --- - .../rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf | 2 ++ - .../system/hassio-bind.target.wants/etc-apparmor.d-containers.mount | 1 + - 2 files changed, 3 insertions(+) - create mode 100644 buildroot-external/rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf - create mode 120000 buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-apparmor.d-containers.mount + parser/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf b/buildroot-external/rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf -new file mode 100644 -index 0000000..13ed578 ---- /dev/null -+++ b/buildroot-external/rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf -@@ -0,0 +1,2 @@ -+[Unit] -+RequiresMountsFor=/etc/apparmor.d/containers -diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-apparmor.d-containers.mount b/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-apparmor.d-containers.mount -new file mode 120000 -index 0000000..834306a ---- /dev/null -+++ b/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-apparmor.d-containers.mount -@@ -0,0 +1 @@ -+/usr/lib/systemd/system/etc-apparmor.d-containers.mount -\ No newline at end of file +diff --git a/parser/Makefile b/parser/Makefile +index b18cfe4..7b7b519 100644 +--- a/parser/Makefile ++++ b/parser/Makefile +@@ -383,7 +383,7 @@ install-indep: indep + install-systemd: + install -m 755 -d $(SYSTEMD_UNIT_DIR) + install -m 644 apparmor.service $(SYSTEMD_UNIT_DIR) +- install -m 644 apparmor.systemd $(APPARMOR_BIN_PREFIX) ++ install -m 755 apparmor.systemd $(APPARMOR_BIN_PREFIX) + install -m 755 -d $(DESTDIR)/sbin + install -m 755 aa-teardown $(DESTDIR)/sbin + -- 2.7.4 From b0212beec3eb5343e6f3a728e684257558590af8 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Tue, 1 May 2018 22:39:30 +0200 Subject: [PATCH 024/100] Apparmor hassio (#10) * Delete 0001-Autostart.patch * Update apparmor.mk * Update Config.in * Create hassio-apparmor * Update hassio-apparmor * Update data.conf * Delete etc-apparmor.d-containers.mount * Delete etc-apparmor.d-containers.mount * Delete hassio.conf * Update hassio-apparmor * Update Config.in * Update Config.in * Update hassio.mk * Update hostapp.sh * Update Config.in * Update hassio.mk * Update hassio.mk * Create hassio-supervisor * Update hassio-apparmor * Update hassio-apparmor * Update hassio-apparmor * Update hassio-supervisor * Update hassio-cli * Update hassio-apparmor * Update hassio-apparmor * Create hassio-apparmor.service * Update hassio-apparmor.service * Delete apparmor.service * Update local stuff * Profile for CLI * Update hassio.mk * Update hassio.mk * Update hassio-supervisor * Update hassio-apparmor --- buildroot-external/apparmor/hassio-supervisor | 59 +++++++++++++++++++ buildroot-external/busybox.config | 4 +- buildroot-external/configs/ova_defconfig | 4 +- .../package/apparmor/0001-Autostart.patch | 25 -------- buildroot-external/package/apparmor/Config.in | 2 +- .../package/apparmor/apparmor.mk | 3 +- buildroot-external/package/hassio/Config.in | 17 +++++- .../package/hassio/builder/hostapp.sh | 37 ++++++++++-- buildroot-external/package/hassio/hassio.mk | 20 ++++--- .../system/apparmor.service.d/hassio.conf | 2 - .../etc-apparmor.d-containers.mount | 1 - .../multi-user.target.wants/apparmor.service | 1 - .../hassio-apparmor.service | 1 + .../rootfs-overlay/etc/tmpfiles.d/data.conf | 1 - .../rootfs-overlay/usr/bin/hassio-cli | 2 + .../system/etc-apparmor.d-containers.mount | 14 ----- .../systemd/system/hassio-apparmor.service | 13 ++++ .../rootfs-overlay/usr/sbin/hassio-apparmor | 47 +++++++++++++++ .../rootfs-overlay/usr/sbin/hassio-supervisor | 2 + 19 files changed, 192 insertions(+), 63 deletions(-) create mode 100644 buildroot-external/apparmor/hassio-supervisor delete mode 100644 buildroot-external/package/apparmor/0001-Autostart.patch delete mode 100644 buildroot-external/rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf delete mode 120000 buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-apparmor.d-containers.mount delete mode 120000 buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/apparmor.service create mode 120000 buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/hassio-apparmor.service delete mode 100644 buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-apparmor.d-containers.mount create mode 100644 buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-apparmor.service create mode 100755 buildroot-external/rootfs-overlay/usr/sbin/hassio-apparmor diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor new file mode 100644 index 00000000000..b3332acaed2 --- /dev/null +++ b/buildroot-external/apparmor/hassio-supervisor @@ -0,0 +1,59 @@ +#include + + +profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { + #include + #include + + network inet tcp, + + deny network raw, + deny network packet, + + /usr/bin/python3 ix, + /usr/bin/socat cx, + /usr/bin/gdbus cx, + + deny /bin/** wl, + deny /boot/** wl, + deny /dev/** wl, + deny /etc/** wl, + deny /home/** wl, + deny /lib/** wl, + deny /mnt/** wl, + deny /proc/** wl, + deny /root/** wl, + deny /sbin/** wl, + deny /tmp/** wl, + deny /sys/** wl, + deny /usr/** wl, + + /data/** rw, + /var/run/docker.sock rw, + + /proc/** r, + /sys/** r, + + profile /usr/bin/socat { + #include + + network inet udp, + network inet tcp, + + deny network raw, + deny network packet, + + deny /data/** r, + } + + profile /usr/bin/gdbus { + #include + #include + + deny network inet, + + /var/run/dbus/system_bus_socket rw, + + deny /data/** r, + } +} diff --git a/buildroot-external/busybox.config b/buildroot-external/busybox.config index c4a156b3aaa..61ce69e4829 100644 --- a/buildroot-external/busybox.config +++ b/buildroot-external/busybox.config @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit # Busybox version: 1.27.2 -# Sun Apr 29 21:50:21 2018 +# Tue May 1 14:34:48 2018 # CONFIG_HAVE_DOT_CONFIG=y @@ -452,7 +452,7 @@ CONFIG_FEATURE_VI_UNDO_QUEUE_MAX=256 # CONFIG_FEATURE_FIND_CONTEXT is not set # CONFIG_FEATURE_FIND_LINKS is not set CONFIG_GREP=y -CONFIG_EGREP=y +# CONFIG_EGREP is not set # CONFIG_FGREP is not set # CONFIG_FEATURE_GREP_CONTEXT is not set # CONFIG_XARGS is not set diff --git a/buildroot-external/configs/ova_defconfig b/buildroot-external/configs/ova_defconfig index 1e30202681a..1f8a4b1dc7e 100644 --- a/buildroot-external/configs/ova_defconfig +++ b/buildroot-external/configs/ova_defconfig @@ -68,7 +68,9 @@ BR2_PACKAGE_HASSIO=y BR2_PACKAGE_HASSIO_SUPERVISOR="homeassistant/amd64-hassio-supervisor" BR2_PACKAGE_HASSIO_SUPERVISOR_VERSION="0.101" BR2_PACKAGE_HASSIO_SUPERVISOR_ARGS="-e HOMEASSISTANT_REPOSITORY=homeassistant/qemux86-64-homeassistant" +BR2_PACKAGE_HASSIO_SUPERVISOR_PROFILE="hassio-supervisor" BR2_PACKAGE_HASSIO_CLI="homeassistant/amd64-hassio-cli" BR2_PACKAGE_HASSIO_CLI_VERSION="0.1" -BR2_PACKAGE_LIBAPPARMOR=y +BR2_PACKAGE_HASSIO_CLI_PROFILE="docker-default" +BR2_PACKAGE_HASSIO_APPARMOR_DIR="supervisor/apparmor" BR2_PACKAGE_APPARMOR=y diff --git a/buildroot-external/package/apparmor/0001-Autostart.patch b/buildroot-external/package/apparmor/0001-Autostart.patch deleted file mode 100644 index 4b3369084d4..00000000000 --- a/buildroot-external/package/apparmor/0001-Autostart.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 78ceb52ff4e5d4dbe003651b2193979114152763 Mon Sep 17 00:00:00 2001 -From: Pascal Vizeli -Date: Mon, 30 Apr 2018 23:40:27 +0200 -Subject: [PATCH 1/1] Fix permission - ---- - parser/Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/parser/Makefile b/parser/Makefile -index b18cfe4..7b7b519 100644 ---- a/parser/Makefile -+++ b/parser/Makefile -@@ -383,7 +383,7 @@ install-indep: indep - install-systemd: - install -m 755 -d $(SYSTEMD_UNIT_DIR) - install -m 644 apparmor.service $(SYSTEMD_UNIT_DIR) -- install -m 644 apparmor.systemd $(APPARMOR_BIN_PREFIX) -+ install -m 755 apparmor.systemd $(APPARMOR_BIN_PREFIX) - install -m 755 -d $(DESTDIR)/sbin - install -m 755 aa-teardown $(DESTDIR)/sbin - --- -2.7.4 - diff --git a/buildroot-external/package/apparmor/Config.in b/buildroot-external/package/apparmor/Config.in index 6ba44321ac8..3703354c5dc 100644 --- a/buildroot-external/package/apparmor/Config.in +++ b/buildroot-external/package/apparmor/Config.in @@ -1,6 +1,6 @@ config BR2_PACKAGE_APPARMOR bool "apparmor" - depends on BR2_PACKAGE_LIBAPPARMOR + select BR2_PACKAGE_LIBAPPARMOR help AppArmor gives you network application security via mandatory access control for programs, protecting against the exploitation diff --git a/buildroot-external/package/apparmor/apparmor.mk b/buildroot-external/package/apparmor/apparmor.mk index 2d1ddf99db6..3ccca7ed508 100644 --- a/buildroot-external/package/apparmor/apparmor.mk +++ b/buildroot-external/package/apparmor/apparmor.mk @@ -16,8 +16,9 @@ endef define APPARMOR_INSTALL_TARGET_CMDS $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/parser DESTDIR=$(TARGET_DIR) USE_SYSTEM=1 PREFIX=/usr install - $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/parser DESTDIR=$(TARGET_DIR) USE_SYSTEM=1 PREFIX=/usr install-systemd $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/profiles DESTDIR=$(TARGET_DIR) PREFIX=/usr install + + rm -rf $(TARGET_DIR)/usr/lib/apparmor endef $(eval $(generic-package)) diff --git a/buildroot-external/package/hassio/Config.in b/buildroot-external/package/hassio/Config.in index 303725a1ba7..b659ce4c421 100644 --- a/buildroot-external/package/hassio/Config.in +++ b/buildroot-external/package/hassio/Config.in @@ -1,4 +1,4 @@ -config BR2_PACKAGE_HASSIO +menuconfig BR2_PACKAGE_HASSIO bool "hassio-app" help This is the Application layer they build the @@ -23,6 +23,11 @@ config BR2_PACKAGE_HASSIO_SUPERVISOR_ARGS help Extended docker arguments to run the supervisor. +config BR2_PACKAGE_HASSIO_SUPERVISOR_PROFILE + string "AppArmor supervisor profile" + help + AppArmor profile for supervisor. + config BR2_PACKAGE_HASSIO_CLI string "cli docker image" help @@ -38,4 +43,14 @@ config BR2_PACKAGE_HASSIO_CLI_ARGS help Extended docker arguments to run the cli. +config BR2_PACKAGE_HASSIO_CLI_PROFILE + string "AppArmor cli profile" + help + AppArmor profile for cli. + +config BR2_PACKAGE_HASSIO_APPARMOR_DIR + string "AppArmor profiles folder" + help + AppArmor profiles folder for supervisor. + endif diff --git a/buildroot-external/package/hassio/builder/hostapp.sh b/buildroot-external/package/hassio/builder/hostapp.sh index 952406dbe65..c226ba39415 100755 --- a/buildroot-external/package/hassio/builder/hostapp.sh +++ b/buildroot-external/package/hassio/builder/hostapp.sh @@ -4,9 +4,12 @@ set -e SUPERVISOR="" SUPERVISOR_VERSION="" SUPERVISOR_ARGS="" +SUPERVISOR_PROFILE="" CLI="" CLI_VERSION="" CLI_ARGS="" +CLI_PROFILE="" +APPARMOR="" DATA_IMG="/export/data.ext4" # Parse @@ -25,6 +28,10 @@ while [[ $# -gt 0 ]]; do SUPERVISOR_ARGS=$2 shift ;; + --supervisor-profile) + SUPERVISOR_PROFILE=$2 + shift + ;; --cli) CLI=$2 shift @@ -37,6 +44,14 @@ while [[ $# -gt 0 ]]; do CLI_ARGS=$2 shift ;; + --cli-profile) + CLI_PROFILE=$2 + shift + ;; + --apparmor) + APPARMOR=$2 + shift + ;; *) exit 1 ;; @@ -49,11 +64,12 @@ dd if=/dev/zero of=${DATA_IMG} bs=1G count=1 mkfs.ext4 -L "hassio-data" -E lazy_itable_init=0,lazy_journal_init=0 ${DATA_IMG} # Mount / init file structs -mount -o loop ${DATA_IMG} /mnt -mkdir -p /mnt/docker +mkdir -p /mnt/data/ +mount -o loop ${DATA_IMG} /mnt/data +mkdir -p /mnt/data/docker # Run dockerd -dockerd -s overlay2 -g /mnt/docker & +dockerd -s overlay2 -g /mnt/data/docker & DOCKER_PID=$! DOCKER_COUNT=0 @@ -75,14 +91,23 @@ docker pull "${CLI}:${CLI_VERSION}" docker tag "${CLI}:${CLI_VERSION}" "${CLI}:latest" # Write config -cat > /mnt/hassio.json <<- EOF +cat > /mnt/data/hassio.json <<- EOF { "supervisor": "${SUPERVISOR}", "supervisor_args": "${SUPERVISOR_ARGS}", + "supervisor_apparmor": "${SUPERVISOR_PROFILE}", "cli": "${CLI}", - "cli_args": "${CLI_ARGS}" + "cli_args": "${CLI_ARGS}", + "cli_apparmor": "${CLI_PROFILE}", + "apparmor": "${APPARMOR}" } EOF +# Setup AppArmor +if [ ! -z "${APPARMOR}" ]; then + mkdir -p /mnt/data/${APPARMOR} + cp -f /apparmor/* /mnt/data/${APPARMOR}/ +fi + # Finish -kill -TERM $DOCKER_PID && wait $DOCKER_PID && umount /mnt +kill -TERM $DOCKER_PID && wait $DOCKER_PID && umount /mnt/data diff --git a/buildroot-external/package/hassio/hassio.mk b/buildroot-external/package/hassio/hassio.mk index a41472a863c..1d89ab7f827 100644 --- a/buildroot-external/package/hassio/hassio.mk +++ b/buildroot-external/package/hassio/hassio.mk @@ -15,13 +15,19 @@ define HASSIO_BUILD_CMDS endef define HASSIO_INSTALL_TARGET_CMDS - docker run --rm --privileged -v ${BINARIES_DIR}:/export hassio-hostapps \ - --supervisor ${BR2_PACKAGE_HASSIO_SUPERVISOR} \ - --supervisor-version ${BR2_PACKAGE_HASSIO_SUPERVISOR_VERSION} \ - --supervisor-args ${BR2_PACKAGE_HASSIO_SUPERVISOR_ARGS} \ - --cli ${BR2_PACKAGE_HASSIO_CLI} \ - --cli-version ${BR2_PACKAGE_HASSIO_CLI_VERSION} \ - --cli-args ${BR2_PACKAGE_HASSIO_CLI_ARGS} + docker run --rm --privileged \ + -v $(BINARIES_DIR):/export \ + -v $(BR2_EXTERNAL_HASSIO_PATH)/apparmor:/apparmor \ + hassio-hostapps \ + --supervisor $(BR2_PACKAGE_HASSIO_SUPERVISOR) \ + --supervisor-version $(BR2_PACKAGE_HASSIO_SUPERVISOR_VERSION) \ + --supervisor-args $(BR2_PACKAGE_HASSIO_SUPERVISOR_ARGS) \ + --supervisor-profile $(BR2_PACKAGE_HASSIO_SUPERVISOR_PROFILE) \ + --cli $(BR2_PACKAGE_HASSIO_CLI) \ + --cli-version $(BR2_PACKAGE_HASSIO_CLI_VERSION) \ + --cli-args $(BR2_PACKAGE_HASSIO_CLI_ARGS) \ + --cli-profile $(BR2_PACKAGE_HASSIO_CLI_PROFILE) \ + --apparmor $(BR2_PACKAGE_HASSIO_APPARMOR_DIR) endef $(eval $(generic-package)) diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf b/buildroot-external/rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf deleted file mode 100644 index 13ed578b51a..00000000000 --- a/buildroot-external/rootfs-overlay/etc/systemd/system/apparmor.service.d/hassio.conf +++ /dev/null @@ -1,2 +0,0 @@ -[Unit] -RequiresMountsFor=/etc/apparmor.d/containers diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-apparmor.d-containers.mount b/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-apparmor.d-containers.mount deleted file mode 120000 index 834306a177e..00000000000 --- a/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-bind.target.wants/etc-apparmor.d-containers.mount +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/systemd/system/etc-apparmor.d-containers.mount \ No newline at end of file diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/apparmor.service b/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/apparmor.service deleted file mode 120000 index f9a498ed8b3..00000000000 --- a/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/apparmor.service +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/systemd/system/apparmor.service \ No newline at end of file diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/hassio-apparmor.service b/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/hassio-apparmor.service new file mode 120000 index 00000000000..625edb930f0 --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/hassio-apparmor.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/hassio-apparmor.service \ No newline at end of file diff --git a/buildroot-external/rootfs-overlay/etc/tmpfiles.d/data.conf b/buildroot-external/rootfs-overlay/etc/tmpfiles.d/data.conf index 76d1ffe7c07..1e8e1e87601 100644 --- a/buildroot-external/rootfs-overlay/etc/tmpfiles.d/data.conf +++ b/buildroot-external/rootfs-overlay/etc/tmpfiles.d/data.conf @@ -1,3 +1,2 @@ d /mnt/data/supervisor d /mnt/data/cli -d /mnt/data/apparmor diff --git a/buildroot-external/rootfs-overlay/usr/bin/hassio-cli b/buildroot-external/rootfs-overlay/usr/bin/hassio-cli index 81bf0775719..02b68286575 100755 --- a/buildroot-external/rootfs-overlay/usr/bin/hassio-cli +++ b/buildroot-external/rootfs-overlay/usr/bin/hassio-cli @@ -5,6 +5,7 @@ CONFIG_FILE=/mnt/data/hassio.json CLI="$(jq --raw-output '.cli' ${CONFIG_FILE})" DOCKER_ARGS="$(jq --raw-output '.cli_args // empty' ${CONFIG_FILE})" +APPARMOR="$(jq --raw-output '.cli_apparmor // "docker-default"' ${CONFIG_FILE})" CLI_DATA=/mnt/data/cli mkdir -p ${CLI_DATA} @@ -12,6 +13,7 @@ mkdir -p ${CLI_DATA} # Run CLI docker run \ --rm -ti --init \ + --security-opt apparmor="${APPARMOR}" \ -v ${CLI_DATA}:/data \ $DOCKER_ARGS \ ${CLI} diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-apparmor.d-containers.mount b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-apparmor.d-containers.mount deleted file mode 100644 index 4fa1b8b568e..00000000000 --- a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-apparmor.d-containers.mount +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=Supervisor persistent apparmor profiles -Requires=mnt-data.mount apparmor.service -After=mnt-data.mount -Before=apparmor.service - -[Mount] -What=/mnt/data/apparmor -Where=/etc/apparmor.d/containers -Type=none -Options=bind - -[Install] -WantedBy=hassio-bind.target diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-apparmor.service b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-apparmor.service new file mode 100644 index 00000000000..db8bf42a4a3 --- /dev/null +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-apparmor.service @@ -0,0 +1,13 @@ +[Unit] +Description=Hass.io AppArmor +Wants=hassio-supervisor.service +Before=docker.service hassio-supervisor.service +RequiresMountsFor=/mnt/data + +[Service] +Type=oneshot +RemainAfterExit=true +ExecStart=/usr/sbin/hassio-apparmor + +[Install] +WantedBy=multi-user.target diff --git a/buildroot-external/rootfs-overlay/usr/sbin/hassio-apparmor b/buildroot-external/rootfs-overlay/usr/sbin/hassio-apparmor new file mode 100755 index 00000000000..bba158658b3 --- /dev/null +++ b/buildroot-external/rootfs-overlay/usr/sbin/hassio-apparmor @@ -0,0 +1,47 @@ +#!/bin/sh +set -e + +# Load configs +CONFIG_FILE=/mnt/data/hassio.json + +# Read configs +PROFILES_DIR="$(jq --raw-output '.apparmor // empty' ${CONFIG_FILE})" +if [ -z "${PROFILES_DIR}" ]; then + exit 0 +fi + +PROFILES_DIR="/mnt/data/${PROFILES_DIR}" +CACHE_DIR="${PROFILES_DIR}/cache" +REMOVE_DIR="${PROFILES_DIR}/remove" + +# Check folder structure +mkdir -p ${PROFILES_DIR} +mkdir -p ${CACHE_DIR} +mkdir -p ${REMOVE_DIR} + +# Load/Update exists/new profiles +for profile in ${PROFILES_DIR}/*; do + if [ ! -f ${profile} ]; then + continue + fi + + # Load Profile + if ! apparmor_parser -r -W -L ${CACHE_DIR} ${profile}; then + echo "[Error]: Can't load profile ${profile}" + fi +done + +# Cleanup old profiles +for profile in ${REMOVE_DIR}/*; do + if [ ! -f ${profile} ]; then + continue + fi + + # Unload Profile + if apparmor_parser -R -W -L ${CACHE_DIR} ${profile}; then + if rm ${profile}; then + continue + fi + fi + echo "[Error]: Can't remove profile ${profile}" +done diff --git a/buildroot-external/rootfs-overlay/usr/sbin/hassio-supervisor b/buildroot-external/rootfs-overlay/usr/sbin/hassio-supervisor index 727289f4f95..726484d87bf 100755 --- a/buildroot-external/rootfs-overlay/usr/sbin/hassio-supervisor +++ b/buildroot-external/rootfs-overlay/usr/sbin/hassio-supervisor @@ -6,6 +6,7 @@ CONFIG_FILE=/mnt/data/hassio.json SUPERVISOR="$(jq --raw-output '.supervisor' ${CONFIG_FILE})" DOCKER_ARGS="$(jq --raw-output '.supervisor_args // empty' ${CONFIG_FILE})" +APPARMOR="$(jq --raw-output '.supervisor_apparmor // "docker-default"' ${CONFIG_FILE})" # Init supervisor HASSIO_DATA=/mnt/data/supervisor @@ -15,6 +16,7 @@ HASSIO_CONTAINER_ID=$(docker inspect --format='{{.Image}}' hassio_supervisor || runSupervisor() { docker rm --force hassio_supervisor || true docker run --name hassio_supervisor \ + --security-opt apparmor="${APPARMOR}" \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /var/run/dbus:/var/run/dbus \ -v ${HASSIO_DATA}:/data \ From 3566873d08d281e4e293e284c5d8bf762db24143 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Wed, 2 May 2018 01:01:38 +0200 Subject: [PATCH 025/100] Fix docker apparmor --- .../0013-Add-apparmor-support-to-docker.patch | 60 +++++++++++++++++++ .../docker-containerd/docker-containerd.mk | 1 + .../package/docker-engine/docker-engine.mk | 2 +- buildroot/package/runc/runc.mk | 3 +- 4 files changed, 63 insertions(+), 3 deletions(-) create mode 100644 buildroot-patches/0013-Add-apparmor-support-to-docker.patch diff --git a/buildroot-patches/0013-Add-apparmor-support-to-docker.patch b/buildroot-patches/0013-Add-apparmor-support-to-docker.patch new file mode 100644 index 00000000000..6aeca9863c8 --- /dev/null +++ b/buildroot-patches/0013-Add-apparmor-support-to-docker.patch @@ -0,0 +1,60 @@ +From a5d50577d81efeccb4904e6b56793f84b7e3e89f Mon Sep 17 00:00:00 2001 +From: Pascal Vizeli +Date: Tue, 1 May 2018 23:35:05 +0200 +Subject: [PATCH 1/1] Add apparmor support to docker + +--- + package/docker-containerd/docker-containerd.mk | 1 + + package/docker-engine/docker-engine.mk | 2 +- + package/runc/runc.mk | 3 +-- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/package/docker-containerd/docker-containerd.mk b/package/docker-containerd/docker-containerd.mk +index 230307d..9be658d 100644 +--- a/package/docker-containerd/docker-containerd.mk ++++ b/package/docker-containerd/docker-containerd.mk +@@ -18,6 +18,7 @@ DOCKER_CONTAINERD_MAKE_ENV = $(HOST_GO_TARGET_ENV) \ + GOBIN="$(@D)/bin" \ + GOPATH="$(DOCKER_CONTAINERD_GOPATH)" + ++DOCKER_CONTAINERD_BUILD_TAGS = apparmor + DOCKER_CONTAINERD_GLDFLAGS = \ + -X github.com/containerd/containerd.GitCommit=$(DOCKER_CONTAINERD_COMMIT) + +diff --git a/package/docker-engine/docker-engine.mk b/package/docker-engine/docker-engine.mk +index e3dde03..d500e71 100644 +--- a/package/docker-engine/docker-engine.mk ++++ b/package/docker-engine/docker-engine.mk +@@ -27,7 +27,7 @@ DOCKER_ENGINE_GLDFLAGS = \ + -X github.com/docker/cli/cli.GitCommit=$(DOCKER_ENGINE_VERSION) \ + -X github.com/docker/cli/cli.Version=$(DOCKER_ENGINE_VERSION) + +-DOCKER_ENGINE_BUILD_TAGS = cgo exclude_graphdriver_zfs autogen ++DOCKER_ENGINE_BUILD_TAGS = cgo exclude_graphdriver_zfs autogen apparmor + DOCKER_ENGINE_BUILD_TARGETS = cli:docker + DOCKER_ENGINE_BUILD_TARGET_PARSE = \ + export targetpkg=$$(echo $(target) | cut -d: -f1); \ +diff --git a/package/runc/runc.mk b/package/runc/runc.mk +index f19fc5f..1ab0b70 100644 +--- a/package/runc/runc.mk ++++ b/package/runc/runc.mk +@@ -18,6 +18,7 @@ RUNC_MAKE_ENV = $(HOST_GO_TARGET_ENV) \ + GOPATH="$(RUNC_GOPATH)" \ + PATH=$(BR_PATH) + ++RUNC_GOTAGS = cgo apparmor + RUNC_GLDFLAGS = \ + -X main.gitCommit=$(RUNC_VERSION) + +@@ -26,8 +27,6 @@ RUNC_GLDFLAGS += -extldflags '-static' + RUNC_GOTAGS += static_build + endif + +-RUNC_GOTAGS = cgo +- + ifeq ($(BR2_PACKAGE_LIBSECCOMP),y) + RUNC_GOTAGS += seccomp + RUNC_DEPENDENCIES += libseccomp host-pkgconf +-- +2.7.4 + diff --git a/buildroot/package/docker-containerd/docker-containerd.mk b/buildroot/package/docker-containerd/docker-containerd.mk index 230307d6b42..9be658dc0aa 100644 --- a/buildroot/package/docker-containerd/docker-containerd.mk +++ b/buildroot/package/docker-containerd/docker-containerd.mk @@ -18,6 +18,7 @@ DOCKER_CONTAINERD_MAKE_ENV = $(HOST_GO_TARGET_ENV) \ GOBIN="$(@D)/bin" \ GOPATH="$(DOCKER_CONTAINERD_GOPATH)" +DOCKER_CONTAINERD_BUILD_TAGS = apparmor DOCKER_CONTAINERD_GLDFLAGS = \ -X github.com/containerd/containerd.GitCommit=$(DOCKER_CONTAINERD_COMMIT) diff --git a/buildroot/package/docker-engine/docker-engine.mk b/buildroot/package/docker-engine/docker-engine.mk index e3dde03188d..d500e71b3d1 100644 --- a/buildroot/package/docker-engine/docker-engine.mk +++ b/buildroot/package/docker-engine/docker-engine.mk @@ -27,7 +27,7 @@ DOCKER_ENGINE_GLDFLAGS = \ -X github.com/docker/cli/cli.GitCommit=$(DOCKER_ENGINE_VERSION) \ -X github.com/docker/cli/cli.Version=$(DOCKER_ENGINE_VERSION) -DOCKER_ENGINE_BUILD_TAGS = cgo exclude_graphdriver_zfs autogen +DOCKER_ENGINE_BUILD_TAGS = cgo exclude_graphdriver_zfs autogen apparmor DOCKER_ENGINE_BUILD_TARGETS = cli:docker DOCKER_ENGINE_BUILD_TARGET_PARSE = \ export targetpkg=$$(echo $(target) | cut -d: -f1); \ diff --git a/buildroot/package/runc/runc.mk b/buildroot/package/runc/runc.mk index f19fc5f068a..1ab0b70a56e 100644 --- a/buildroot/package/runc/runc.mk +++ b/buildroot/package/runc/runc.mk @@ -18,6 +18,7 @@ RUNC_MAKE_ENV = $(HOST_GO_TARGET_ENV) \ GOPATH="$(RUNC_GOPATH)" \ PATH=$(BR_PATH) +RUNC_GOTAGS = cgo apparmor RUNC_GLDFLAGS = \ -X main.gitCommit=$(RUNC_VERSION) @@ -26,8 +27,6 @@ RUNC_GLDFLAGS += -extldflags '-static' RUNC_GOTAGS += static_build endif -RUNC_GOTAGS = cgo - ifeq ($(BR2_PACKAGE_LIBSECCOMP),y) RUNC_GOTAGS += seccomp RUNC_DEPENDENCIES += libseccomp host-pkgconf From 18b86fad5903942e3bc935924ba66a4eabf378b4 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Wed, 2 May 2018 09:58:16 +0200 Subject: [PATCH 026/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index b3332acaed2..62a3830c0c5 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -10,6 +10,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny network raw, deny network packet, + /bin/busybox ix, /usr/bin/python3 ix, /usr/bin/socat cx, /usr/bin/gdbus cx, @@ -28,11 +29,10 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny /sys/** wl, deny /usr/** wl, - /data/** rw, - /var/run/docker.sock rw, - /proc/** r, /sys/** r, + /data/** rw, + /var/run/docker.sock rw, profile /usr/bin/socat { #include From 43e48dec6efb100cc8c9d78d314e2e588b3da8cf Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Wed, 2 May 2018 11:02:03 +0200 Subject: [PATCH 027/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index 62a3830c0c5..bbdf1e73e47 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -11,7 +11,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny network packet, /bin/busybox ix, - /usr/bin/python3 ix, + /usr/bin/python{,3,3.6} ix, /usr/bin/socat cx, /usr/bin/gdbus cx, From f881df3aa0611b2ec59758bd3abf093cbf5e9670 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Wed, 2 May 2018 11:03:36 +0200 Subject: [PATCH 028/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index bbdf1e73e47..aa4eac23602 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -11,7 +11,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny network packet, /bin/busybox ix, - /usr/bin/python{,3,3.6} ix, + /usr/bin/python{,3,3.[0-9]} ix, /usr/bin/socat cx, /usr/bin/gdbus cx, From 9415e7f8ee988ebb45e43b93ae462509345be24e Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Wed, 2 May 2018 11:52:24 +0200 Subject: [PATCH 029/100] Update to next gen supervisor --- buildroot-external/configs/ova_defconfig | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/buildroot-external/configs/ova_defconfig b/buildroot-external/configs/ova_defconfig index 1f8a4b1dc7e..9601749a80e 100644 --- a/buildroot-external/configs/ova_defconfig +++ b/buildroot-external/configs/ova_defconfig @@ -66,11 +66,11 @@ BR2_PACKAGE_HOST_RAUC=y BR2_PACKAGE_MINGETTY=y BR2_PACKAGE_HASSIO=y BR2_PACKAGE_HASSIO_SUPERVISOR="homeassistant/amd64-hassio-supervisor" -BR2_PACKAGE_HASSIO_SUPERVISOR_VERSION="0.101" +BR2_PACKAGE_HASSIO_SUPERVISOR_VERSION="103" BR2_PACKAGE_HASSIO_SUPERVISOR_ARGS="-e HOMEASSISTANT_REPOSITORY=homeassistant/qemux86-64-homeassistant" BR2_PACKAGE_HASSIO_SUPERVISOR_PROFILE="hassio-supervisor" BR2_PACKAGE_HASSIO_CLI="homeassistant/amd64-hassio-cli" -BR2_PACKAGE_HASSIO_CLI_VERSION="0.1" +BR2_PACKAGE_HASSIO_CLI_VERSION="2" BR2_PACKAGE_HASSIO_CLI_PROFILE="docker-default" BR2_PACKAGE_HASSIO_APPARMOR_DIR="supervisor/apparmor" BR2_PACKAGE_APPARMOR=y From 84c51a0169353634b65f031be3bc10087fc7ae71 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Wed, 2 May 2018 19:21:23 +0200 Subject: [PATCH 030/100] Update CLI --- buildroot-external/configs/ova_defconfig | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/buildroot-external/configs/ova_defconfig b/buildroot-external/configs/ova_defconfig index 9601749a80e..06be6a5fa9e 100644 --- a/buildroot-external/configs/ova_defconfig +++ b/buildroot-external/configs/ova_defconfig @@ -32,7 +32,6 @@ BR2_PACKAGE_GPTFDISK_SGDISK=y BR2_PACKAGE_CA_CERTIFICATES=y BR2_PACKAGE_LIBCGROUP=y BR2_PACKAGE_LIBCGROUP_TOOLS=y -BR2_PACKAGE_LIBSECCOMP=y BR2_PACKAGE_AVAHI=y BR2_PACKAGE_AVAHI_DAEMON=y BR2_PACKAGE_AVAHI_LIBDNSSD_COMPATIBILITY=y @@ -70,7 +69,7 @@ BR2_PACKAGE_HASSIO_SUPERVISOR_VERSION="103" BR2_PACKAGE_HASSIO_SUPERVISOR_ARGS="-e HOMEASSISTANT_REPOSITORY=homeassistant/qemux86-64-homeassistant" BR2_PACKAGE_HASSIO_SUPERVISOR_PROFILE="hassio-supervisor" BR2_PACKAGE_HASSIO_CLI="homeassistant/amd64-hassio-cli" -BR2_PACKAGE_HASSIO_CLI_VERSION="2" +BR2_PACKAGE_HASSIO_CLI_VERSION="3" BR2_PACKAGE_HASSIO_CLI_PROFILE="docker-default" BR2_PACKAGE_HASSIO_APPARMOR_DIR="supervisor/apparmor" BR2_PACKAGE_APPARMOR=y From c05d027732fea2bb856e08341df9912d4c04a612 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Wed, 2 May 2018 19:22:10 +0200 Subject: [PATCH 031/100] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index ff0b9697d37..a47de180275 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,7 @@ Hass.io OS based on [buildroot](https://buildroot.org/). It's a hypervisor for D - RAUC for OTA updates - SquashFS LZ4 as filesystem - Docker 17.12.1 +- AppArmor protected - ZRAM LZ4 for /tmp, /var, swap - Run every supervisor From 2d75a978a5b1dfb65495ea9b12846c2349aa0806 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Wed, 2 May 2018 21:53:15 +0200 Subject: [PATCH 032/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index aa4eac23602..298e9265c47 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -10,7 +10,6 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny network raw, deny network packet, - /bin/busybox ix, /usr/bin/python{,3,3.[0-9]} ix, /usr/bin/socat cx, /usr/bin/gdbus cx, @@ -28,9 +27,8 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny /tmp/** wl, deny /sys/** wl, deny /usr/** wl, + /** r, - /proc/** r, - /sys/** r, /data/** rw, /var/run/docker.sock rw, @@ -42,8 +40,6 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny network raw, deny network packet, - - deny /data/** r, } profile /usr/bin/gdbus { @@ -53,7 +49,5 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny network inet, /var/run/dbus/system_bus_socket rw, - - deny /data/** r, } } From afc36dbabc7a3849b1dd1836f4acb1d93e67c88c Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Wed, 2 May 2018 22:43:05 +0200 Subject: [PATCH 033/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 1 + 1 file changed, 1 insertion(+) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index 298e9265c47..e934e680604 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -11,6 +11,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny network packet, /usr/bin/python{,3,3.[0-9]} ix, + /usr/bin/git ix, /usr/bin/socat cx, /usr/bin/gdbus cx, From 8414161527dbec467fe077e147f18fe76c3a45e7 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Wed, 2 May 2018 22:50:19 +0200 Subject: [PATCH 034/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index e934e680604..9602b922d4c 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -10,6 +10,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny network raw, deny network packet, + /bin/busybox ix, /usr/bin/python{,3,3.[0-9]} ix, /usr/bin/git ix, /usr/bin/socat cx, @@ -17,7 +18,6 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny /bin/** wl, deny /boot/** wl, - deny /dev/** wl, deny /etc/** wl, deny /home/** wl, deny /lib/** wl, From b944251a3e7f139a44769eb442383ba3ff019914 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Wed, 2 May 2018 23:55:45 +0200 Subject: [PATCH 035/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index 9602b922d4c..d0e66c11689 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -5,14 +5,12 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { #include #include - network inet tcp, - + network, deny network raw, - deny network packet, /bin/busybox ix, /usr/bin/python{,3,3.[0-9]} ix, - /usr/bin/git ix, + /usr/bin/git cx, /usr/bin/socat cx, /usr/bin/gdbus cx, @@ -47,8 +45,17 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { #include #include - deny network inet, - + /usr/bin/gdbus mr, /var/run/dbus/system_bus_socket rw, } + + profile /usr/bin/git { + #include + + network, + deny network raw, + + /usr/libexec/git-core/* ix, + /data/addons/** rw, + } } From 9cfa86d1a3c17a8290df868ad23d08863ddc62d6 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 3 May 2018 00:08:35 +0200 Subject: [PATCH 036/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 1 + 1 file changed, 1 insertion(+) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index d0e66c11689..2a5ba5df964 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -55,6 +55,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { network, deny network raw, + /usr/bin/git mr, /usr/libexec/git-core/* ix, /data/addons/** rw, } From 13e328a86fdea000dea7e575280e2c4384fb5ff0 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 3 May 2018 00:12:58 +0200 Subject: [PATCH 037/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index 2a5ba5df964..33401cc6a17 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -1,6 +1,5 @@ #include - profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { #include #include @@ -57,6 +56,8 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { /usr/bin/git mr, /usr/libexec/git-core/* ix, + /lib/* mr, + /data/addons/** rw, } } From 1567f4e0519f0a7a409443bcb3addb9f1647b985 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 3 May 2018 00:17:46 +0200 Subject: [PATCH 038/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 1 + 1 file changed, 1 insertion(+) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index 33401cc6a17..79977ac6101 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -56,6 +56,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { /usr/bin/git mr, /usr/libexec/git-core/* ix, + /usr/share/git-core/** r, /lib/* mr, /data/addons/** rw, From 92cf29b0a1f66bd77dee2d5afc412097de3532d7 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 3 May 2018 00:21:17 +0200 Subject: [PATCH 039/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 2 ++ 1 file changed, 2 insertions(+) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index 79977ac6101..05a685912e9 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -38,6 +38,8 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny network raw, deny network packet, + + /usr/bin/socat mr, } profile /usr/bin/gdbus { From c4338b1330c3e98278e8132cccb961ad041c3edb Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 3 May 2018 00:31:05 +0200 Subject: [PATCH 040/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index 05a685912e9..231d3a06a1f 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -30,6 +30,8 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { /data/** rw, /var/run/docker.sock rw, + capability net_bind_service, + profile /usr/bin/socat { #include @@ -40,6 +42,8 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny network packet, /usr/bin/socat mr, + + capability net_bind_service, } profile /usr/bin/gdbus { From 58bc4f8bbdadf6308e9d2a488fbc02f8a7f90fb3 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 3 May 2018 00:33:17 +0200 Subject: [PATCH 041/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 1 + 1 file changed, 1 insertion(+) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index 231d3a06a1f..4d276478afb 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -42,6 +42,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny network packet, /usr/bin/socat mr, + /lib/* mr, capability net_bind_service, } From 72fc4d6addc001ea015afc0bb520f843f1447f82 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 3 May 2018 00:42:30 +0200 Subject: [PATCH 042/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index 4d276478afb..71093026fff 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -52,6 +52,8 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { #include /usr/bin/gdbus mr, + /lib/* mr, + /var/run/dbus/system_bus_socket rw, } @@ -63,8 +65,8 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { /usr/bin/git mr, /usr/libexec/git-core/* ix, - /usr/share/git-core/** r, /lib/* mr, + /** r, /data/addons/** rw, } From 054f6aa4fc3233e14a6ff8d38a0e75a7aca81f92 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 3 May 2018 00:46:04 +0200 Subject: [PATCH 043/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index 71093026fff..50283887dfa 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -63,11 +63,15 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { network, deny network raw, + /bin/busybox ix, /usr/bin/git mr, /usr/libexec/git-core/* ix, /lib/* mr, /** r, /data/addons/** rw, + + deny /data/homeassistant rw, + deny /data/ssl rw, } } From 0d7cb228ae0e275081fa0429e7691a9a4d56f681 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 3 May 2018 11:13:39 +0200 Subject: [PATCH 044/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 19 +++++-------------- 1 file changed, 5 insertions(+), 14 deletions(-) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index 50283887dfa..60edfff1cf0 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -13,20 +13,11 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { /usr/bin/socat cx, /usr/bin/gdbus cx, - deny /bin/** wl, - deny /boot/** wl, - deny /etc/** wl, - deny /home/** wl, - deny /lib/** wl, - deny /mnt/** wl, deny /proc/** wl, deny /root/** wl, - deny /sbin/** wl, - deny /tmp/** wl, deny /sys/** wl, - deny /usr/** wl, - /** r, + /** r, /data/** rw, /var/run/docker.sock rw, @@ -66,12 +57,12 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { /bin/busybox ix, /usr/bin/git mr, /usr/libexec/git-core/* ix, - /lib/* mr, - /** r, - - /data/addons/** rw, deny /data/homeassistant rw, deny /data/ssl rw, + + /lib/* mr, + /** r, + /data/addons/** rw, } } From 7ec66438f520c0b8063c6c718badbb386ccdfdb2 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Fri, 4 May 2018 23:25:10 +0200 Subject: [PATCH 045/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index 60edfff1cf0..636281b1d02 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -19,7 +19,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { /** r, /data/** rw, - /var/run/docker.sock rw, + /{,var/}run/docker.sock rw, capability net_bind_service, @@ -45,7 +45,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { /usr/bin/gdbus mr, /lib/* mr, - /var/run/dbus/system_bus_socket rw, + /{,var/}run/dbus/system_bus_socket rw, } profile /usr/bin/git { From b89d1ff5e42cfef323c59aa9888dca0583f8e96d Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Fri, 4 May 2018 23:33:17 +0200 Subject: [PATCH 046/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 2 ++ 1 file changed, 2 insertions(+) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index 636281b1d02..d5cd72691ef 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -64,5 +64,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { /lib/* mr, /** r, /data/addons/** rw, + + capability dac_override } } From ddf6ad7798abcc7850f28e6811917b11468544e0 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Fri, 4 May 2018 23:36:18 +0200 Subject: [PATCH 047/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index d5cd72691ef..c88d4b7793c 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -61,9 +61,9 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny /data/homeassistant rw, deny /data/ssl rw, - /lib/* mr, /** r, - /data/addons/** rw, + /lib/* mr, + /data/addons/** lrw, capability dac_override } From d4ab833721ec36399a2f5513ae97896ae9358b91 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Fri, 4 May 2018 23:49:35 +0200 Subject: [PATCH 048/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index c88d4b7793c..47ac2b13bea 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -65,6 +65,6 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { /lib/* mr, /data/addons/** lrw, - capability dac_override + capability dac_override, } } From 23cb9783fd3eed2244e2531d6eaefcc2fb75df0d Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 5 May 2018 00:22:07 +0200 Subject: [PATCH 049/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 2 ++ 1 file changed, 2 insertions(+) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index 47ac2b13bea..cd5c415627b 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -42,6 +42,8 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { #include #include + unix (send, receive) type=stream, + /usr/bin/gdbus mr, /lib/* mr, From e4d7dc28fe8724b33c2e646e4fdcec16e6db6bdd Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 5 May 2018 00:41:14 +0200 Subject: [PATCH 050/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index cd5c415627b..b2843d3f0be 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -23,7 +23,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { capability net_bind_service, - profile /usr/bin/socat { + profile /usr/bin/socat flags=(attach_disconnected,mediate_deleted) { #include network inet udp, @@ -38,7 +38,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { capability net_bind_service, } - profile /usr/bin/gdbus { + profile /usr/bin/gdbus flags=(attach_disconnected,mediate_deleted) { #include #include @@ -50,7 +50,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { /{,var/}run/dbus/system_bus_socket rw, } - profile /usr/bin/git { + profile /usr/bin/git flags=(attach_disconnected,mediate_deleted) { #include network, From 36c76e3295ea5b0f41091946e82a358462a32081 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 5 May 2018 00:48:31 +0200 Subject: [PATCH 051/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index b2843d3f0be..d44e6c42deb 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -7,6 +7,8 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { network, deny network raw, + signal (send) set=(kill,term), + /bin/busybox ix, /usr/bin/python{,3,3.[0-9]} ix, /usr/bin/git cx, @@ -32,6 +34,8 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny network raw, deny network packet, + signal (receive) set=(kill,term), + /usr/bin/socat mr, /lib/* mr, From a260468d526668fe2e47036d38eb019762254eec Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 5 May 2018 00:55:58 +0200 Subject: [PATCH 052/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index d44e6c42deb..1b52e1d91ed 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -35,11 +35,9 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny network packet, signal (receive) set=(kill,term), + capability net_bind_service, /usr/bin/socat mr, - /lib/* mr, - - capability net_bind_service, } profile /usr/bin/gdbus flags=(attach_disconnected,mediate_deleted) { @@ -49,8 +47,6 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { unix (send, receive) type=stream, /usr/bin/gdbus mr, - /lib/* mr, - /{,var/}run/dbus/system_bus_socket rw, } @@ -68,7 +64,6 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny /data/ssl rw, /** r, - /lib/* mr, /data/addons/** lrw, capability dac_override, From 359f6862f63c4e079db962d57ab91422d9808cd3 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sun, 6 May 2018 22:30:01 +0200 Subject: [PATCH 053/100] Update hassio-supervisor (#11) --- buildroot-external/rootfs-overlay/usr/sbin/hassio-supervisor | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/buildroot-external/rootfs-overlay/usr/sbin/hassio-supervisor b/buildroot-external/rootfs-overlay/usr/sbin/hassio-supervisor index 726484d87bf..12accb6177f 100755 --- a/buildroot-external/rootfs-overlay/usr/sbin/hassio-supervisor +++ b/buildroot-external/rootfs-overlay/usr/sbin/hassio-supervisor @@ -13,6 +13,11 @@ HASSIO_DATA=/mnt/data/supervisor HASSIO_IMAGE_ID=$(docker inspect --format='{{.Id}}' ${SUPERVISOR}) HASSIO_CONTAINER_ID=$(docker inspect --format='{{.Image}}' hassio_supervisor || echo "") +# Fix wrong AppArmor profiles +if ! grep ${APPARMOR} /sys/kernel/security/apparmor/profiles > /dev/null; then + APPARMOR=docker-default +if + runSupervisor() { docker rm --force hassio_supervisor || true docker run --name hassio_supervisor \ From f942d63fbc474f29eb2991f2ab4380c71efb796e Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sun, 6 May 2018 23:22:12 +0200 Subject: [PATCH 054/100] Update hassio-supervisor --- buildroot-external/rootfs-overlay/usr/sbin/hassio-supervisor | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/rootfs-overlay/usr/sbin/hassio-supervisor b/buildroot-external/rootfs-overlay/usr/sbin/hassio-supervisor index 12accb6177f..4b7bccdd395 100755 --- a/buildroot-external/rootfs-overlay/usr/sbin/hassio-supervisor +++ b/buildroot-external/rootfs-overlay/usr/sbin/hassio-supervisor @@ -16,7 +16,7 @@ HASSIO_CONTAINER_ID=$(docker inspect --format='{{.Image}}' hassio_supervisor || # Fix wrong AppArmor profiles if ! grep ${APPARMOR} /sys/kernel/security/apparmor/profiles > /dev/null; then APPARMOR=docker-default -if +fi runSupervisor() { docker rm --force hassio_supervisor || true From 0513cb9a84f546a59da106ebb1006be5deae9bec Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sun, 6 May 2018 23:59:38 +0200 Subject: [PATCH 055/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 3 +++ 1 file changed, 3 insertions(+) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index 1b52e1d91ed..3c267e56a2f 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -37,6 +37,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { signal (receive) set=(kill,term), capability net_bind_service, + /lib/* rm, /usr/bin/socat mr, } @@ -47,6 +48,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { unix (send, receive) type=stream, /usr/bin/gdbus mr, + /lib/* rm, /{,var/}run/dbus/system_bus_socket rw, } @@ -64,6 +66,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny /data/ssl rw, /** r, + /lib/* rm, /data/addons/** lrw, capability dac_override, From 264041d9bfe68e541ba0a53b6fd453dfdba4acf5 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Mon, 7 May 2018 09:04:24 +0200 Subject: [PATCH 056/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index 3c267e56a2f..d926b7245c0 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -37,7 +37,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { signal (receive) set=(kill,term), capability net_bind_service, - /lib/* rm, + /lib/* mr, /usr/bin/socat mr, } @@ -48,7 +48,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { unix (send, receive) type=stream, /usr/bin/gdbus mr, - /lib/* rm, + /lib/* mr, /{,var/}run/dbus/system_bus_socket rw, } @@ -66,7 +66,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny /data/ssl rw, /** r, - /lib/* rm, + /lib/* mr, /data/addons/** lrw, capability dac_override, From 155049569918aad59710c10f8c7d653821dc15ec Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Mon, 7 May 2018 16:53:20 +0200 Subject: [PATCH 057/100] Create .empty --- buildroot-external/rootfs-overlay/mnt/rauc/.empty | 1 + 1 file changed, 1 insertion(+) create mode 100644 buildroot-external/rootfs-overlay/mnt/rauc/.empty diff --git a/buildroot-external/rootfs-overlay/mnt/rauc/.empty b/buildroot-external/rootfs-overlay/mnt/rauc/.empty new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/buildroot-external/rootfs-overlay/mnt/rauc/.empty @@ -0,0 +1 @@ + From cc9009654f438f33c4ec7434a288cd7965706383 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Mon, 7 May 2018 21:26:36 +0200 Subject: [PATCH 058/100] Delete .empty --- buildroot-external/rootfs-overlay/mnt/rauc/.empty | 1 - 1 file changed, 1 deletion(-) delete mode 100644 buildroot-external/rootfs-overlay/mnt/rauc/.empty diff --git a/buildroot-external/rootfs-overlay/mnt/rauc/.empty b/buildroot-external/rootfs-overlay/mnt/rauc/.empty deleted file mode 100644 index 8b137891791..00000000000 --- a/buildroot-external/rootfs-overlay/mnt/rauc/.empty +++ /dev/null @@ -1 +0,0 @@ - From 4424f5ab6b0376b5e7d16d513831f8552ceeef2b Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 01:11:07 +0200 Subject: [PATCH 059/100] Barebox Update (#12) * Create hassio-rauc.service * Update hassio-supervisor.service * Update hassio-rauc.service * Update hassio-supervisor.service * Update and rename hassio-rauc.service to rauc-good.service * Update rauc-good.service * Create rauc-bad.service * Update rauc-bad.service * Update rauc-good.service * Update hassio-supervisor.service * Fix barebox recovery * Create title * Create title * Create action * Create title * Create action * Create 20-boot-system1 * Rename buildroot-external/barebox-env/menu/20-boot-system1/title to buildroot-external/barebox-env/menu/20-boot-system2title * Update and rename buildroot-external/barebox-env/menu/20-boot-system2title to buildroot-external/barebox-env/menu/20-boot-system1/title * Create title * Create action * Create action * Delete autoboot_timeout * Create editcmd * Update init * Update init * Fix barebox config * Update init * Update system0 * Update system1 * Barebox cleanups * Update init * Update init * Create 0001-get-devicetree-from-file.patch * Update ova_defconfig * Update system0 * Update system1 * Create 0001-add-i-argument-to.patch * Update barebox.config * Update rauc * Rename buildroot-external/board/ova/patches/dt-util/0001-get-devicetree-from-file.patch to buildroot-external/board/ova/patches/dt-utils/0001-get-devicetree-from-file.patch * Add script * fix barebox-state --- buildroot-external/barebox-env/bin/init | 22 +--- .../barebox-env/menu/00-boot-auto/action | 3 + .../barebox-env/menu/00-boot-auto/title | 1 + .../barebox-env/menu/10-boot-system0/action | 3 + .../barebox-env/menu/10-boot-system0/title | 1 + .../barebox-env/menu/20-boot-system1/action | 3 + .../barebox-env/menu/20-boot-system1/title | 1 + .../barebox-env/menu/30-shell/action | 5 + .../barebox-env/menu/30-shell/title | 1 + buildroot-external/barebox-env/menu/title | 1 + .../barebox-env/nv/autoboot_timeout | 1 - buildroot-external/barebox-env/nv/editcmd | 1 + .../board/ova/barebox-state.dtb | Bin 1085 -> 1097 bytes .../board/ova/barebox-state.dts | 3 +- buildroot-external/board/ova/barebox.config | 8 +- .../0001-get-devicetree-from-file.patch | 123 ++++++++++++++++++ ...-support-finding-devices-by-partuuid.patch | 33 +++++ .../patches/rauc/0001-add-i-argument-to.patch | 36 +++++ buildroot-external/configs/ova_defconfig | 2 +- .../multi-user.target.wants/rauc-good.service | 1 + .../systemd/system/hassio-supervisor.service | 5 +- .../usr/lib/systemd/system/rauc-bad.service | 14 ++ .../usr/lib/systemd/system/rauc-good.service | 14 ++ ...014-package-rauc-Version-bump-to-0.4.patch | 34 +++++ buildroot/package/rauc/rauc.hash | 4 +- buildroot/package/rauc/rauc.mk | 2 +- scripts/ovf-create.sh | 0 scripts/update-dtb.sh | 3 + 28 files changed, 298 insertions(+), 27 deletions(-) create mode 100644 buildroot-external/barebox-env/menu/00-boot-auto/action create mode 100644 buildroot-external/barebox-env/menu/00-boot-auto/title create mode 100644 buildroot-external/barebox-env/menu/10-boot-system0/action create mode 100644 buildroot-external/barebox-env/menu/10-boot-system0/title create mode 100644 buildroot-external/barebox-env/menu/20-boot-system1/action create mode 100644 buildroot-external/barebox-env/menu/20-boot-system1/title create mode 100644 buildroot-external/barebox-env/menu/30-shell/action create mode 100644 buildroot-external/barebox-env/menu/30-shell/title create mode 100644 buildroot-external/barebox-env/menu/title delete mode 100644 buildroot-external/barebox-env/nv/autoboot_timeout create mode 100644 buildroot-external/barebox-env/nv/editcmd create mode 100644 buildroot-external/board/ova/patches/dt-utils/0001-get-devicetree-from-file.patch create mode 100644 buildroot-external/board/ova/patches/dt-utils/0002-support-finding-devices-by-partuuid.patch create mode 100644 buildroot-external/board/ova/patches/rauc/0001-add-i-argument-to.patch create mode 120000 buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/rauc-good.service create mode 100644 buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-bad.service create mode 100644 buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-good.service create mode 100644 buildroot-patches/0014-package-rauc-Version-bump-to-0.4.patch mode change 100644 => 100755 scripts/ovf-create.sh create mode 100755 scripts/update-dtb.sh diff --git a/buildroot-external/barebox-env/bin/init b/buildroot-external/barebox-env/bin/init index ea32521153a..7c3d67cde2d 100644 --- a/buildroot-external/barebox-env/bin/init +++ b/buildroot-external/barebox-env/bin/init @@ -2,19 +2,10 @@ export PATH=/env/bin -global autoboot_timeout -global boot.default global linux.bootargs.base -global linux.bootargs.console -#linux.bootargs.dyn.* will be cleared at the beginning of boot global linux.bootargs.dyn.root -global editcmd - -[ -z "${global.autoboot_timeout}" ] && global.autoboot_timeout=3 -magicvar -a global.autoboot_timeout "timeout in seconds before automatic booting" -[ -z "${global.boot.default}" ] && global.boot.default="system0" -[ -z "${global.editcmd}" ] && global.editcmd=sedit +# Init board specific stuff [ -e /env/config-board ] && /env/config-board # Autostart @@ -22,11 +13,12 @@ for i in /env/init/*; do . $i done -echo -e -n "\nHit any key to stop autoboot: " -timeout -a $global.autoboot_timeout -autoboot="$?" +echo "- Hit m for menu or wait for autoboot -" +timeout -a 1 -v key -if [ "$autoboot" = 0 ]; then - boot +# Run menu +if [ "${key}" != "m" ]; then + boot fi +menutree diff --git a/buildroot-external/barebox-env/menu/00-boot-auto/action b/buildroot-external/barebox-env/menu/00-boot-auto/action new file mode 100644 index 00000000000..f640fce9d82 --- /dev/null +++ b/buildroot-external/barebox-env/menu/00-boot-auto/action @@ -0,0 +1,3 @@ +#!/bin/sh + +boot diff --git a/buildroot-external/barebox-env/menu/00-boot-auto/title b/buildroot-external/barebox-env/menu/00-boot-auto/title new file mode 100644 index 00000000000..115f326f8e1 --- /dev/null +++ b/buildroot-external/barebox-env/menu/00-boot-auto/title @@ -0,0 +1 @@ +Autoboot diff --git a/buildroot-external/barebox-env/menu/10-boot-system0/action b/buildroot-external/barebox-env/menu/10-boot-system0/action new file mode 100644 index 00000000000..a33069898c3 --- /dev/null +++ b/buildroot-external/barebox-env/menu/10-boot-system0/action @@ -0,0 +1,3 @@ +#!/bin/sh + +boot system0 diff --git a/buildroot-external/barebox-env/menu/10-boot-system0/title b/buildroot-external/barebox-env/menu/10-boot-system0/title new file mode 100644 index 00000000000..f3e92d424e2 --- /dev/null +++ b/buildroot-external/barebox-env/menu/10-boot-system0/title @@ -0,0 +1 @@ +Boot System 0 diff --git a/buildroot-external/barebox-env/menu/20-boot-system1/action b/buildroot-external/barebox-env/menu/20-boot-system1/action new file mode 100644 index 00000000000..3fe3b33a8eb --- /dev/null +++ b/buildroot-external/barebox-env/menu/20-boot-system1/action @@ -0,0 +1,3 @@ +#!/bin/sh + +boot system1 diff --git a/buildroot-external/barebox-env/menu/20-boot-system1/title b/buildroot-external/barebox-env/menu/20-boot-system1/title new file mode 100644 index 00000000000..746b6d21ea7 --- /dev/null +++ b/buildroot-external/barebox-env/menu/20-boot-system1/title @@ -0,0 +1 @@ +Boot System 1 diff --git a/buildroot-external/barebox-env/menu/30-shell/action b/buildroot-external/barebox-env/menu/30-shell/action new file mode 100644 index 00000000000..fd5bc2b0c40 --- /dev/null +++ b/buildroot-external/barebox-env/menu/30-shell/action @@ -0,0 +1,5 @@ +#!/bin/sh + +echo "Enter 'exit' to get back to the menu" + +sh diff --git a/buildroot-external/barebox-env/menu/30-shell/title b/buildroot-external/barebox-env/menu/30-shell/title new file mode 100644 index 00000000000..6567bb2d9eb --- /dev/null +++ b/buildroot-external/barebox-env/menu/30-shell/title @@ -0,0 +1 @@ +Shell diff --git a/buildroot-external/barebox-env/menu/title b/buildroot-external/barebox-env/menu/title new file mode 100644 index 00000000000..c1f4371f8ab --- /dev/null +++ b/buildroot-external/barebox-env/menu/title @@ -0,0 +1 @@ +Hass.io OS boot Menu: diff --git a/buildroot-external/barebox-env/nv/autoboot_timeout b/buildroot-external/barebox-env/nv/autoboot_timeout deleted file mode 100644 index 0cfbf08886f..00000000000 --- a/buildroot-external/barebox-env/nv/autoboot_timeout +++ /dev/null @@ -1 +0,0 @@ -2 diff --git a/buildroot-external/barebox-env/nv/editcmd b/buildroot-external/barebox-env/nv/editcmd new file mode 100644 index 00000000000..50fc2e70694 --- /dev/null +++ b/buildroot-external/barebox-env/nv/editcmd @@ -0,0 +1 @@ +sedit diff --git a/buildroot-external/board/ova/barebox-state.dtb b/buildroot-external/board/ova/barebox-state.dtb index 77db21b89bd06e57f04b8be1570df552e5067b91..bd29d50ae506b848f98e5babd786a857483789fd 100644 GIT binary patch delta 77 zcmdnXagsye0`I@K3=Axu3=9kw3=GU?CJKl%PMN52h>8Eg#5YAO4h9Silj9h@m>f(d guVQRraR4fstj7f8Cr_?o3S@CGG+@|#nyH8p0B0T*X#fBK delta 62 zcmX@fv6n;O0`I@K3=Ax`3=9kw3=GT%CJKl%c1+Yb#Kgfc@lDa>Bt|bL28PM&7+WTr QF@c#)Oo5xPGZirc062aT<^TWy diff --git a/buildroot-external/board/ova/barebox-state.dts b/buildroot-external/board/ova/barebox-state.dts index 43400b1a6f9..4938b03d817 100644 --- a/buildroot-external/board/ova/barebox-state.dts +++ b/buildroot-external/board/ova/barebox-state.dts @@ -12,8 +12,7 @@ compatible = "barebox,state"; backend = <&backend_state>; backend-type = "raw"; - backend-stridesize = <1024>; - backend-storage-type = "direct"; + backend-stridesize = <4048>; bootstate { #address-cells = <1>; diff --git a/buildroot-external/board/ova/barebox.config b/buildroot-external/board/ova/barebox.config index b90495680fb..e21b5997fd7 100644 --- a/buildroot-external/board/ova/barebox.config +++ b/buildroot-external/board/ova/barebox.config @@ -3,12 +3,11 @@ CONFIG_MMU=y CONFIG_MALLOC_SIZE=0x0 CONFIG_MALLOC_TLSF=y CONFIG_PROMPT="hassio-os:" -CONFIG_GLOB=y -CONFIG_GLOB_SORT=y CONFIG_CMDLINE_EDITING=y CONFIG_AUTO_COMPLETE=y +CONFIG_MENU=y +# CONFIG_TIMESTAMP is not set CONFIG_BOOTM_SHOW_TYPE=y -CONFIG_BOOTM_OFTREE=y CONFIG_FLEXIBLE_BOOTARGS=y # CONFIG_PARTITION_DISK_DOS is not set CONFIG_PARTITION_DISK_EFI=y @@ -17,17 +16,18 @@ CONFIG_PARTITION_DISK_EFI=y CONFIG_DEFAULT_ENVIRONMENT_PATH="/build/buildroot-external/board/ova/barebox-env /build/buildroot-external/barebox-env" CONFIG_STATE=y CONFIG_BOOTCHOOSER=y +# CONFIG_CMD_VERSION is not set CONFIG_CMD_BOOT=y CONFIG_CMD_UIMAGE=y CONFIG_CMD_AUTOMOUNT=y CONFIG_CMD_NV=y CONFIG_CMD_EXPORT=y CONFIG_CMD_GLOBAL=y -CONFIG_CMD_MAGICVAR=y CONFIG_CMD_BASENAME=y CONFIG_CMD_DIRNAME=y CONFIG_CMD_READLINK=y CONFIG_CMD_GETOPT=y +CONFIG_CMD_MENUTREE=y CONFIG_CMD_TIMEOUT=y CONFIG_CMD_DETECT=y CONFIG_CMD_STATE=y diff --git a/buildroot-external/board/ova/patches/dt-utils/0001-get-devicetree-from-file.patch b/buildroot-external/board/ova/patches/dt-utils/0001-get-devicetree-from-file.patch new file mode 100644 index 00000000000..61f0985234f --- /dev/null +++ b/buildroot-external/board/ova/patches/dt-utils/0001-get-devicetree-from-file.patch @@ -0,0 +1,123 @@ +From 405590bdb7ae434798010458e810c415e4e99db4 Mon Sep 17 00:00:00 2001 +From: Steffen Trumtrar +Date: Fri, 30 Jun 2017 16:53:34 +0200 +Subject: barebox-state: get devicetree from file + +Signed-off-by: Steffen Trumtrar + +diff --git a/src/barebox-state.c b/src/barebox-state.c +index e68b8cb..3622e76 100644 +--- a/src/barebox-state.c ++++ b/src/barebox-state.c +@@ -308,7 +308,7 @@ static int state_set_var(struct state *state, const char *var, const char *val) + } + + +-struct state *state_get(const char *name, bool readonly, bool auth) ++struct state *state_get(const char *name, const char *filename, bool readonly, bool auth) + { + struct device_node *root, *node, *partition_node; + char *path; +@@ -320,11 +320,19 @@ struct state *state_get(const char *name, bool readonly, bool auth) + off_t offset; + size_t size; + +- root = of_read_proc_devicetree(); +- if (IS_ERR(root)) { +- pr_err("Unable to read devicetree. %s\n", +- strerror(-PTR_ERR(root))); +- return ERR_CAST(root); ++ if (filename) { ++ void *fdt; ++ ++ fdt = read_file(filename, NULL); ++ if (fdt) ++ root = of_unflatten_dtb(fdt); ++ } else { ++ root = of_read_proc_devicetree(); ++ if (IS_ERR(root)) { ++ pr_err("Unable to read devicetree. %s\n", ++ strerror(-PTR_ERR(root))); ++ return ERR_CAST(root); ++ } + } + + of_set_root_node(root); +@@ -387,6 +395,7 @@ static struct option long_options[] = { + {"get", required_argument, 0, 'g' }, + {"set", required_argument, 0, 's' }, + {"name", required_argument, 0, 'n' }, ++ {"input", required_argument, 0, 'i' }, + {"dump", no_argument, 0, 'd' }, + {"dump-shell", no_argument, 0, OPT_DUMP_SHELL }, + {"verbose", no_argument, 0, 'v' }, +@@ -402,6 +411,7 @@ static void usage(char *name) + "-g, --get get the value of a variable\n" + "-s, --set = set the value of a variable\n" + "-n, --name specify the state to use (default=\"state\"). Multiple states are allowed.\n" ++"-i, --input load the devicetree from a file instead of using the system devicetree.\n" + "-d, --dump dump the state\n" + "--dump-shell dump the state suitable for shell sourcing\n" + "-v, --verbose increase verbosity\n" +@@ -439,12 +449,13 @@ int main(int argc, char *argv[]) + bool readonly = true; + int pr_level = 5; + int auth = 1; ++ const char *dtb = NULL; + + INIT_LIST_HEAD(&sg_list); + INIT_LIST_HEAD(&state_list.list); + + while (1) { +- c = getopt_long(argc, argv, "hg:s:dvn:qf", long_options, &option_index); ++ c = getopt_long(argc, argv, "hg:s:i:dvn:qf", long_options, &option_index); + if (c < 0) + break; + switch (c) { +@@ -490,6 +501,9 @@ int main(int argc, char *argv[]) + ++nr_states; + break; + } ++ case 'i': ++ dtb = strdup(optarg); ++ break; + case ':': + case '?': + default: +@@ -530,7 +544,7 @@ int main(int argc, char *argv[]) + } + + list_for_each_entry(state, &state_list.list, list) { +- state->state = state_get(state->name, readonly, auth); ++ state->state = state_get(state->name, dtb, readonly, auth); + if (!IS_ERR(state->state) && !state->name) + state->name = state->state->name; + if (IS_ERR(state->state)) { +diff --git a/src/barebox-state.h b/src/barebox-state.h +index bd89cf4..a0f49a5 100644 +--- a/src/barebox-state.h ++++ b/src/barebox-state.h +@@ -1,7 +1,7 @@ + #ifndef __BAREBOX_STATE__ + #define __BAREBOX_STATE__ + +-struct state *state_get(const char *name, bool readonly, bool auth); ++struct state *state_get(const char *name, const char *file, bool readonly, bool auth); + char *state_get_var(struct state *state, const char *var); + + #endif /* __BAREBOX_STATE__ */ +diff --git a/src/keystore-blob.c b/src/keystore-blob.c +index 028dd8b..4572431 100644 +--- a/src/keystore-blob.c ++++ b/src/keystore-blob.c +@@ -30,7 +30,7 @@ int keystore_get_secret(const char *name, const unsigned char **key, int *key_le + if (!state) { + struct state *tmp; + +- tmp = state_get(keystore_state_name, true, false); ++ tmp = state_get(keystore_state_name, NULL, true, false); + if (IS_ERR(tmp)) + return PTR_ERR(tmp); + state = tmp; +-- +cgit v0.10.2 diff --git a/buildroot-external/board/ova/patches/dt-utils/0002-support-finding-devices-by-partuuid.patch b/buildroot-external/board/ova/patches/dt-utils/0002-support-finding-devices-by-partuuid.patch new file mode 100644 index 00000000000..31b8b2b6d1d --- /dev/null +++ b/buildroot-external/board/ova/patches/dt-utils/0002-support-finding-devices-by-partuuid.patch @@ -0,0 +1,33 @@ +From 26148417fab419a0c7f301fb8f2be015324d5374 Mon Sep 17 00:00:00 2001 +From: Steffen Trumtrar +Date: Fri, 30 Jun 2017 16:53:17 +0200 +Subject: libdt: support finding devices by partuuid + +Signed-off-by: Steffen Trumtrar + +diff --git a/src/libdt.c b/src/libdt.c +index 3adeed2..2bc6cc1 100644 +--- a/src/libdt.c ++++ b/src/libdt.c +@@ -2393,6 +2393,18 @@ int of_get_devicepath(struct device_node *partition_node, char **devpath, off_t + */ + node = partition_node->parent; + ++ if (of_device_is_compatible(node, "fixed-partitions")) { ++ const char *uuid; ++ ++ /* when partuuid is specified short-circuit the search for the cdev */ ++ ret = of_property_read_string(partition_node, "partuuid", &uuid); ++ if (!ret) { ++ *devpath = basprintf("/dev/disk/by-partuuid/%s", uuid); ++ ++ return 0; ++ } ++ } ++ + /* + * Respect flash "partitions" subnode. Use parent of parent in this + * case. +-- +cgit v0.10.2 + diff --git a/buildroot-external/board/ova/patches/rauc/0001-add-i-argument-to.patch b/buildroot-external/board/ova/patches/rauc/0001-add-i-argument-to.patch new file mode 100644 index 00000000000..2337970a903 --- /dev/null +++ b/buildroot-external/board/ova/patches/rauc/0001-add-i-argument-to.patch @@ -0,0 +1,36 @@ +From c9d56ea8fccf72e1c5d1f224f965e1a8e84d1b7f Mon Sep 17 00:00:00 2001 +From: Pascal Vizeli +Date: Wed, 9 May 2018 21:54:58 +0200 +Subject: [PATCH 1/1] add -i argument to barebox-state call + +--- + src/bootchooser.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/bootchooser.c b/src/bootchooser.c +index d5efc0c..c57c2f7 100644 +--- a/src/bootchooser.c ++++ b/src/bootchooser.c +@@ -77,6 +77,9 @@ static gboolean barebox_state_get(const gchar* bootname, BareboxSlotState *bb_st + g_ptr_array_add(args, g_strdup_printf(BOOTSTATE_PREFIX ".%s.priority", bootname)); + g_ptr_array_add(args, g_strdup("-g")); + g_ptr_array_add(args, g_strdup_printf(BOOTSTATE_PREFIX ".%s.remaining_attempts", bootname)); ++ ++ g_ptr_array_add(args, g_strdup("-i")); ++ g_ptr_array_add(args, g_strdup("/mnt/boot/EFI/barebox/state.dtb")); + g_ptr_array_add(args, NULL); + + sub = g_subprocess_newv((const gchar * const *)args->pdata, +@@ -170,6 +173,9 @@ static gboolean barebox_state_set(GPtrArray *pairs, GError **error) + g_ptr_array_add(args, g_strdup("-s")); + g_ptr_array_add(args, g_strdup(pairs->pdata[i])); + } ++ ++ g_ptr_array_add(args, g_strdup("-i")); ++ g_ptr_array_add(args, g_strdup("/mnt/boot/EFI/barebox/state.dtb")); + g_ptr_array_add(args, NULL); + + sub = g_subprocess_newv((const gchar * const *)args->pdata, +-- +2.7.4 + diff --git a/buildroot-external/configs/ova_defconfig b/buildroot-external/configs/ova_defconfig index 06be6a5fa9e..17b914de861 100644 --- a/buildroot-external/configs/ova_defconfig +++ b/buildroot-external/configs/ova_defconfig @@ -1,7 +1,7 @@ BR2_x86_64=y BR2_CCACHE=y BR2_CCACHE_DIR="$(TOPDIR)/ccache" -BR2_GLOBAL_PATCH_DIR="$(BR2_EXTERNAL_HASSIO_PATH)/patches" +BR2_GLOBAL_PATCH_DIR="$(BR2_EXTERNAL_HASSIO_PATH)/patches $(BR2_EXTERNAL_HASSIO_PATH)/board/ova/patches" BR2_TOOLCHAIN_BUILDROOT_GLIBC=y BR2_GCC_VERSION_7_X=y BR2_TOOLCHAIN_BUILDROOT_CXX=y diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/rauc-good.service b/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/rauc-good.service new file mode 120000 index 00000000000..3ff40f7463f --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/rauc-good.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/rauc-good.service \ No newline at end of file diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-supervisor.service b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-supervisor.service index 81dc66e423a..373cb9b5565 100644 --- a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-supervisor.service +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-supervisor.service @@ -1,8 +1,11 @@ [Unit] Description=Hass.io supervisor Requires=docker.service -After=docker.service +After=docker.service dbus.socket RequiresMountsFor=/mnt/data +StartLimitIntervalSec=60 +StartLimitBurst=5 +OnFailure=rauc-bad.service [Service] Type=simple diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-bad.service b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-bad.service new file mode 100644 index 00000000000..04e009b361c --- /dev/null +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-bad.service @@ -0,0 +1,14 @@ +[Unit] +Description=Rauc mark bad +Requires=rauc.service +After=rauc.service +RefuseManualStart=true +RefuseManualStop=true + +[Service] +Type=oneshot +ExecStart=/usr/bin/rauc status mark-bad +ExecStartPost=/usr/bin/systemctl reboot + +[Install] +WantedBy=multi-user.target diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-good.service b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-good.service new file mode 100644 index 00000000000..4af9b098463 --- /dev/null +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-good.service @@ -0,0 +1,14 @@ +[Unit] +Description=Hassio rauc good +Requires=hassio-supervisor.service +After=rauc.service hassio-supervisor.service +RefuseManualStart=true +RefuseManualStop=true + +[Service] +Type=oneshot +ExecStartPre=/bin/sleep 80 +ExecStart=/usr/bin/rauc status mark-good + +[Install] +WantedBy=multi-user.target diff --git a/buildroot-patches/0014-package-rauc-Version-bump-to-0.4.patch b/buildroot-patches/0014-package-rauc-Version-bump-to-0.4.patch new file mode 100644 index 00000000000..690bdd4c2d1 --- /dev/null +++ b/buildroot-patches/0014-package-rauc-Version-bump-to-0.4.patch @@ -0,0 +1,34 @@ +Version 0.4 supports bootloader updates to eMMC boot partitions. + +Signed-off-by: Jim Brennan +--- + package/rauc/rauc.hash | 4 ++-- + package/rauc/rauc.mk | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/package/rauc/rauc.hash b/package/rauc/rauc.hash +index 91d7c1d62e..a16340f185 100644 +--- a/package/rauc/rauc.hash ++++ b/package/rauc/rauc.hash +@@ -1,3 +1,3 @@ + # Locally calculated, after verifying against +-# https://github.com/rauc/rauc/releases/download/v0.3/rauc-0.3.tar.xz.asc +-sha256 dc01bfb08b1830376782f9a51cfec290171519267ab97cc909435da9ac6d6d98 rauc-0.3.tar.xz ++# https://github.com/rauc/rauc/releases/download/v0.4/rauc-0.4.tar.xz.asc ++sha256 89656b6330ac1f31293d450f5179896397c588ab52e77ec229382a6abd125d35 rauc-0.4.tar.xz +diff --git a/package/rauc/rauc.mk b/package/rauc/rauc.mk +index 63fbc53022..f1705a8c33 100644 +--- a/package/rauc/rauc.mk ++++ b/package/rauc/rauc.mk +@@ -4,7 +4,7 @@ + # + ################################################################################ + +-RAUC_VERSION = 0.3 ++RAUC_VERSION = 0.4 + RAUC_SITE = https://github.com/rauc/rauc/releases/download/v$(RAUC_VERSION) + RAUC_SOURCE = rauc-$(RAUC_VERSION).tar.xz + RAUC_LICENSE = LGPL-2.1 +-- +2.11.0 + diff --git a/buildroot/package/rauc/rauc.hash b/buildroot/package/rauc/rauc.hash index 91d7c1d62eb..a16340f185f 100644 --- a/buildroot/package/rauc/rauc.hash +++ b/buildroot/package/rauc/rauc.hash @@ -1,3 +1,3 @@ # Locally calculated, after verifying against -# https://github.com/rauc/rauc/releases/download/v0.3/rauc-0.3.tar.xz.asc -sha256 dc01bfb08b1830376782f9a51cfec290171519267ab97cc909435da9ac6d6d98 rauc-0.3.tar.xz +# https://github.com/rauc/rauc/releases/download/v0.4/rauc-0.4.tar.xz.asc +sha256 89656b6330ac1f31293d450f5179896397c588ab52e77ec229382a6abd125d35 rauc-0.4.tar.xz diff --git a/buildroot/package/rauc/rauc.mk b/buildroot/package/rauc/rauc.mk index 63fbc530223..f1705a8c33f 100644 --- a/buildroot/package/rauc/rauc.mk +++ b/buildroot/package/rauc/rauc.mk @@ -4,7 +4,7 @@ # ################################################################################ -RAUC_VERSION = 0.3 +RAUC_VERSION = 0.4 RAUC_SITE = https://github.com/rauc/rauc/releases/download/v$(RAUC_VERSION) RAUC_SOURCE = rauc-$(RAUC_VERSION).tar.xz RAUC_LICENSE = LGPL-2.1 diff --git a/scripts/ovf-create.sh b/scripts/ovf-create.sh old mode 100644 new mode 100755 diff --git a/scripts/update-dtb.sh b/scripts/update-dtb.sh new file mode 100755 index 00000000000..1417d7026d7 --- /dev/null +++ b/scripts/update-dtb.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +dtc -O dtb -o buildroot-external/board/ova/barebox-state.dtb buildroot-external/board/ova/barebox-state.dts From 37d1c995b7682d0d7bba992d8ce5371c99ded15b Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 10:02:46 +0200 Subject: [PATCH 060/100] disable counter on boot --- buildroot-external/barebox-env/bin/init | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/barebox-env/bin/init b/buildroot-external/barebox-env/bin/init index 7c3d67cde2d..2ec2a484df0 100644 --- a/buildroot-external/barebox-env/bin/init +++ b/buildroot-external/barebox-env/bin/init @@ -14,7 +14,7 @@ for i in /env/init/*; do done echo "- Hit m for menu or wait for autoboot -" -timeout -a 1 -v key +timeout -a 1 -s -v key # Run menu if [ "${key}" != "m" ]; then From 1385cc28cd3d0db19e1ad4bf5023e22f41f9bf9b Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 21:52:27 +0200 Subject: [PATCH 061/100] Set fix UUIDs for partition --- buildroot-external/scripts/hdd_image.sh | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/buildroot-external/scripts/hdd_image.sh b/buildroot-external/scripts/hdd_image.sh index 5a7b284eeb3..befdb00ea7c 100755 --- a/buildroot-external/scripts/hdd_image.sh +++ b/buildroot-external/scripts/hdd_image.sh @@ -1,7 +1,13 @@ #!/bin/bash -BOOT_SIZE=32M +BOOT_UUID="b3dd0952-733c-4c88-8cba-cab9b8b4377f" BOOTSTATE_UUID="33236519-7F32-4DFF-8002-3390B62C309D" +SYSTEM0_UUID="8d3d53e3-6d49-4c38-8349-aff6859e82fd" +SYSTEM1_UUID="a3ec664e-32ce-4665-95ea-7ae90ce9aa20" +OVERLAY_UUID="f1326040-5236-40eb-b683-aaa100a9afcf" +DATA_UUID="a52a4597-fa3a-4851-aefd-2fbe9f849079" + +BOOT_SIZE=32M BOOTSTATE_SIZE=8M SYSTEM_SIZE=256M OVERLAY_SIZE=64M @@ -44,15 +50,15 @@ function hassio_hdd_image() { # Partition layout boot_offset="$(sgdisk -F ${hdd_img})" - sgdisk -n 1:0:+${BOOT_SIZE} -c 1:"hassio-boot" -t 1:"C12A7328-F81F-11D2-BA4B-00A0C93EC93B" ${hdd_img} + sgdisk -n 1:0:+${BOOT_SIZE} -c 1:"hassio-boot" -t 1:"C12A7328-F81F-11D2-BA4B-00A0C93EC93B" -u 1:${BOOT_UUID} ${hdd_img} rootfs_offset="$(sgdisk -F ${hdd_img})" - sgdisk -n 2:0:+${SYSTEM_SIZE} -c 2:"hassio-system0" -t 2:"0FC63DAF-8483-4772-8E79-3D69D8477DE4" ${hdd_img} - sgdisk -n 3:0:+${SYSTEM_SIZE} -c 3:"hassio-system1" -t 3:"0FC63DAF-8483-4772-8E79-3D69D8477DE4" ${hdd_img} + sgdisk -n 2:0:+${SYSTEM_SIZE} -c 2:"hassio-system0" -t 2:"0FC63DAF-8483-4772-8E79-3D69D8477DE4" -u 2:${SYSTEM0_UUID} ${hdd_img} + sgdisk -n 3:0:+${SYSTEM_SIZE} -c 3:"hassio-system1" -t 3:"0FC63DAF-8483-4772-8E79-3D69D8477DE4" -u 3:${SYSTEM1_UUID} ${hdd_img} sgdisk -n 4:0:+${BOOTSTATE_SIZE} -c 4:"hassio-bootstate" -u 4:${BOOTSTATE_UUID} ${hdd_img} overlay_offset="$(sgdisk -F ${hdd_img})" - sgdisk -n 5:0:+${OVERLAY_SIZE} -c 5:"hassio-overlay" -t 5:"0FC63DAF-8483-4772-8E79-3D69D8477DE4" ${hdd_img} + sgdisk -n 5:0:+${OVERLAY_SIZE} -c 5:"hassio-overlay" -t 5:"0FC63DAF-8483-4772-8E79-3D69D8477DE4" -u 5:${OVERLAY_UUID} ${hdd_img} data_offset="$(sgdisk -F ${hdd_img})" - sgdisk -n 6:0:+${DATA_SIZE} -c 6:"hassio-data" -t 6:"0FC63DAF-8483-4772-8E79-3D69D8477DE4" ${hdd_img} + sgdisk -n 6:0:+${DATA_SIZE} -c 6:"hassio-data" -t 6:"0FC63DAF-8483-4772-8E79-3D69D8477DE4" -u 6:${DATA_UUID} ${hdd_img} sgdisk -v # Write Images From e317e742fe1d562a4777ce4864a014b53bccae33 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 21:54:53 +0200 Subject: [PATCH 062/100] Update and rename buildroot-external/board/ova/rauc.conf to buildroot-external/board/ova/rootfs-overlay/etc/rauc.conf --- buildroot-external/board/ova/{ => rootfs-overlay/etc}/rauc.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename buildroot-external/board/ova/{ => rootfs-overlay/etc}/rauc.conf (90%) diff --git a/buildroot-external/board/ova/rauc.conf b/buildroot-external/board/ova/rootfs-overlay/etc/rauc.conf similarity index 90% rename from buildroot-external/board/ova/rauc.conf rename to buildroot-external/board/ova/rootfs-overlay/etc/rauc.conf index 0c31528c02a..25349157472 100644 --- a/buildroot-external/board/ova/rauc.conf +++ b/buildroot-external/board/ova/rootfs-overlay/etc/rauc.conf @@ -1,5 +1,5 @@ [system] -compatible=Hass.io OS OVA +compatible=Hass.io OVA bootloader=barebox [keyring] From b19045e2130c60ca50e2ec3760d3ba3a1e954924 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 21:57:01 +0200 Subject: [PATCH 063/100] Update ova_defconfig --- buildroot-external/configs/ova_defconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/configs/ova_defconfig b/buildroot-external/configs/ova_defconfig index 17b914de861..383ba8294ed 100644 --- a/buildroot-external/configs/ova_defconfig +++ b/buildroot-external/configs/ova_defconfig @@ -10,7 +10,7 @@ BR2_TARGET_GENERIC_ISSUE="Welcome to Hass.io" BR2_INIT_SYSTEMD=y BR2_TARGET_GENERIC_GETTY_PORT="tty1" # BR2_TARGET_GENERIC_REMOUNT_ROOTFS_RW is not set -BR2_ROOTFS_OVERLAY="$(BR2_EXTERNAL_HASSIO_PATH)/rootfs-overlay/" +BR2_ROOTFS_OVERLAY="$(BR2_EXTERNAL_HASSIO_PATH)/rootfs-overlay/ $(BR2_EXTERNAL_HASSIO_PATH)/board/ova/rootfs-overlay/" BR2_ROOTFS_POST_BUILD_SCRIPT="$(BR2_EXTERNAL_HASSIO_PATH)/board/ova/post-build.sh" BR2_ROOTFS_POST_IMAGE_SCRIPT="$(BR2_EXTERNAL_HASSIO_PATH)/board/ova/post-image.sh" BR2_LINUX_KERNEL=y From 89dd86f943c14fac35e74df582ba535231818b1f Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 21:58:29 +0200 Subject: [PATCH 064/100] cleanup --- buildroot-external/configs/ova_defconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/configs/ova_defconfig b/buildroot-external/configs/ova_defconfig index 383ba8294ed..4415acbdf1d 100644 --- a/buildroot-external/configs/ova_defconfig +++ b/buildroot-external/configs/ova_defconfig @@ -10,7 +10,7 @@ BR2_TARGET_GENERIC_ISSUE="Welcome to Hass.io" BR2_INIT_SYSTEMD=y BR2_TARGET_GENERIC_GETTY_PORT="tty1" # BR2_TARGET_GENERIC_REMOUNT_ROOTFS_RW is not set -BR2_ROOTFS_OVERLAY="$(BR2_EXTERNAL_HASSIO_PATH)/rootfs-overlay/ $(BR2_EXTERNAL_HASSIO_PATH)/board/ova/rootfs-overlay/" +BR2_ROOTFS_OVERLAY="$(BR2_EXTERNAL_HASSIO_PATH)/rootfs-overlay $(BR2_EXTERNAL_HASSIO_PATH)/board/ova/rootfs-overlay" BR2_ROOTFS_POST_BUILD_SCRIPT="$(BR2_EXTERNAL_HASSIO_PATH)/board/ova/post-build.sh" BR2_ROOTFS_POST_IMAGE_SCRIPT="$(BR2_EXTERNAL_HASSIO_PATH)/board/ova/post-image.sh" BR2_LINUX_KERNEL=y From 0bd750c6913d81ed0a0606b46ff9868533a4ba49 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 22:01:15 +0200 Subject: [PATCH 065/100] Update post-build.sh --- buildroot-external/board/ova/post-build.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/buildroot-external/board/ova/post-build.sh b/buildroot-external/board/ova/post-build.sh index f2f5e44173c..d0d71ed7550 100755 --- a/buildroot-external/board/ova/post-build.sh +++ b/buildroot-external/board/ova/post-build.sh @@ -9,5 +9,3 @@ BOARD_DIR="$(dirname $0)" # HassioOS tasks fix_rootfs install_hassio_cli - -cp ${BOARD_DIR}/rauc.conf ${TARGET_DIR}/etc/rauc/system.conf From 404e861a272ae45cff37592fe6e89cf5a4f33463 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 22:33:18 +0200 Subject: [PATCH 066/100] some cleanups --- buildroot-external/board/ova/post-build.sh | 11 ----------- buildroot-external/configs/ova_defconfig | 3 ++- .../rootfs-overlay/usr/{bin => sbin}/hassio-cli | 0 buildroot-external/scripts/post-build.sh | 7 +++++++ buildroot-external/scripts/rootfs_layer.sh | 15 ++++++++++++++- 5 files changed, 23 insertions(+), 13 deletions(-) delete mode 100755 buildroot-external/board/ova/post-build.sh rename buildroot-external/rootfs-overlay/usr/{bin => sbin}/hassio-cli (100%) create mode 100755 buildroot-external/scripts/post-build.sh diff --git a/buildroot-external/board/ova/post-build.sh b/buildroot-external/board/ova/post-build.sh deleted file mode 100755 index d0d71ed7550..00000000000 --- a/buildroot-external/board/ova/post-build.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -set -e - -SCRIPT_DIR=${BR2_EXTERNAL_HASSIO_PATH}/scripts -BOARD_DIR="$(dirname $0)" - -. ${SCRIPT_DIR}/rootfs_layer.sh - -# HassioOS tasks -fix_rootfs -install_hassio_cli diff --git a/buildroot-external/configs/ova_defconfig b/buildroot-external/configs/ova_defconfig index 4415acbdf1d..62f4d4ca06c 100644 --- a/buildroot-external/configs/ova_defconfig +++ b/buildroot-external/configs/ova_defconfig @@ -11,8 +11,9 @@ BR2_INIT_SYSTEMD=y BR2_TARGET_GENERIC_GETTY_PORT="tty1" # BR2_TARGET_GENERIC_REMOUNT_ROOTFS_RW is not set BR2_ROOTFS_OVERLAY="$(BR2_EXTERNAL_HASSIO_PATH)/rootfs-overlay $(BR2_EXTERNAL_HASSIO_PATH)/board/ova/rootfs-overlay" -BR2_ROOTFS_POST_BUILD_SCRIPT="$(BR2_EXTERNAL_HASSIO_PATH)/board/ova/post-build.sh" +BR2_ROOTFS_POST_BUILD_SCRIPT="$(BR2_EXTERNAL_HASSIO_PATH)/scripts/post-build.sh" BR2_ROOTFS_POST_IMAGE_SCRIPT="$(BR2_EXTERNAL_HASSIO_PATH)/board/ova/post-image.sh" +BR2_ROOTFS_POST_SCRIPT_ARGS="ova" BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="$(BR2_EXTERNAL_HASSIO_PATH)/board/ova/kernel.config" diff --git a/buildroot-external/rootfs-overlay/usr/bin/hassio-cli b/buildroot-external/rootfs-overlay/usr/sbin/hassio-cli similarity index 100% rename from buildroot-external/rootfs-overlay/usr/bin/hassio-cli rename to buildroot-external/rootfs-overlay/usr/sbin/hassio-cli diff --git a/buildroot-external/scripts/post-build.sh b/buildroot-external/scripts/post-build.sh new file mode 100755 index 00000000000..81eb1a23322 --- /dev/null +++ b/buildroot-external/scripts/post-build.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +. rootfs_layer.sh + +# Hass.io OS tasks +fix_rootfs +install_hassio_cli diff --git a/buildroot-external/scripts/rootfs_layer.sh b/buildroot-external/scripts/rootfs_layer.sh index f8bcffccca5..f23375d1765 100644 --- a/buildroot-external/scripts/rootfs_layer.sh +++ b/buildroot-external/scripts/rootfs_layer.sh @@ -5,10 +5,23 @@ function fix_rootfs() { # Cleanup DHCP service, we don't need this with NetworkManager rm -rf ${TARGET_DIR}/etc/systemd/system/multi-user.target.wants/dhcpcd.service rm -rf ${TARGET_DIR}/usr/lib/systemd/system/dhcpcd.service + + # Cleanup etc + rm -rf ${TARGET_DIR}/etc/init.d + rm -rf ${TARGET_DIR}/etc/modules-load.d + rm -rf ${TARGET_DIR}/etc/network + rm -rf ${TARGET_DIR}/etc/X11 + rm -rf ${TARGET_DIR}/etc/xdg + rm -f ${TARGET_DIR}/etc/mtab + + # Cleanup root + rm -rf ${TARGET_DIR}/media + rm -rf ${TARGET_DIR}/srv + rm -rf ${TARGET_DIR}/opt } function install_hassio_cli() { - sed -i "s|\(root.*\)/bin/sh|\1/usr/bin/hassio-cli|" ${TARGET_DIR}/etc/passwd + sed -i "s|\(root.*\)/bin/sh|\1/usr/sbin/hassio-cli|" ${TARGET_DIR}/etc/passwd } From 7d3f2a6804cbecf7f1c0a2f1444215212c3c2e1f Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 22:36:00 +0200 Subject: [PATCH 067/100] Update ova_defconfig --- buildroot-external/configs/ova_defconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/configs/ova_defconfig b/buildroot-external/configs/ova_defconfig index 62f4d4ca06c..99988a579ab 100644 --- a/buildroot-external/configs/ova_defconfig +++ b/buildroot-external/configs/ova_defconfig @@ -13,7 +13,7 @@ BR2_TARGET_GENERIC_GETTY_PORT="tty1" BR2_ROOTFS_OVERLAY="$(BR2_EXTERNAL_HASSIO_PATH)/rootfs-overlay $(BR2_EXTERNAL_HASSIO_PATH)/board/ova/rootfs-overlay" BR2_ROOTFS_POST_BUILD_SCRIPT="$(BR2_EXTERNAL_HASSIO_PATH)/scripts/post-build.sh" BR2_ROOTFS_POST_IMAGE_SCRIPT="$(BR2_EXTERNAL_HASSIO_PATH)/board/ova/post-image.sh" -BR2_ROOTFS_POST_SCRIPT_ARGS="ova" +BR2_ROOTFS_POST_SCRIPT_ARGS="$(BR2_EXTERNAL_HASSIO_PATH)/board/ova" BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="$(BR2_EXTERNAL_HASSIO_PATH)/board/ova/kernel.config" From 94a6198066d0ef10fc9d1103977cfeb2b0599a7c Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 22:42:21 +0200 Subject: [PATCH 068/100] Create info --- buildroot-external/info | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 buildroot-external/info diff --git a/buildroot-external/info b/buildroot-external/info new file mode 100644 index 00000000000..e2fa4ce41de --- /dev/null +++ b/buildroot-external/info @@ -0,0 +1,5 @@ +# Include version data +VERSION_MAJOR=0 +VERSION_BUILD=2 + +HASSIO_NAME="Hass.io-OS" From 90d0bf609aa6900cbc94dfdd3940176c6490ba0c Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 22:50:52 +0200 Subject: [PATCH 069/100] Update rauc.conf --- buildroot-external/board/ova/rootfs-overlay/etc/rauc.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/board/ova/rootfs-overlay/etc/rauc.conf b/buildroot-external/board/ova/rootfs-overlay/etc/rauc.conf index 25349157472..149ccd835dc 100644 --- a/buildroot-external/board/ova/rootfs-overlay/etc/rauc.conf +++ b/buildroot-external/board/ova/rootfs-overlay/etc/rauc.conf @@ -1,5 +1,5 @@ [system] -compatible=Hass.io OVA +compatible=Hass.io-OS ova bootloader=barebox [keyring] From 9c8f58276d053ddc94631d4143843c536f1eb74b Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 23:08:45 +0200 Subject: [PATCH 070/100] Update info --- buildroot-external/info | 1 - 1 file changed, 1 deletion(-) diff --git a/buildroot-external/info b/buildroot-external/info index e2fa4ce41de..5bc340c9ac9 100644 --- a/buildroot-external/info +++ b/buildroot-external/info @@ -1,4 +1,3 @@ -# Include version data VERSION_MAJOR=0 VERSION_BUILD=2 From d4135c29d170eb937b79ef43ff345edb1cc3c095 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 23:09:19 +0200 Subject: [PATCH 071/100] Create info --- buildroot-external/board/ova/info | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 buildroot-external/board/ova/info diff --git a/buildroot-external/board/ova/info b/buildroot-external/board/ova/info new file mode 100644 index 00000000000..8c7f1372b40 --- /dev/null +++ b/buildroot-external/board/ova/info @@ -0,0 +1,2 @@ +BOARD_ID=ova +BOARD_NAME=OVA From eac5e0ebbb814648b7160a4af246c8edac9d9e29 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 23:10:34 +0200 Subject: [PATCH 072/100] Update post-image.sh --- buildroot-external/board/ova/post-image.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/board/ova/post-image.sh b/buildroot-external/board/ova/post-image.sh index 6b5579c3041..e0e1e72c0b9 100755 --- a/buildroot-external/board/ova/post-image.sh +++ b/buildroot-external/board/ova/post-image.sh @@ -2,7 +2,7 @@ set -e SCRIPT_DIR=${BR2_EXTERNAL_HASSIO_PATH}/scripts -BOARD_DIR="$(dirname $0)" +BOARD_DIR=${2} BOOT_DATA=${BINARIES_DIR}/boot . ${SCRIPT_DIR}/hdd_image.sh From ba713bc1b8a843b4b2eb86f4bfbb0703ba9a8f96 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 23:11:44 +0200 Subject: [PATCH 073/100] Update post-build.sh --- buildroot-external/scripts/post-build.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/buildroot-external/scripts/post-build.sh b/buildroot-external/scripts/post-build.sh index 81eb1a23322..6239b4fb2a8 100755 --- a/buildroot-external/scripts/post-build.sh +++ b/buildroot-external/scripts/post-build.sh @@ -1,7 +1,23 @@ #!/bin/bash +BOARD_DIR=${2} + . rootfs_layer.sh +. ../info +. ${BOARD_DIR}/info # Hass.io OS tasks fix_rootfs install_hassio_cli + +( + echo "NAME=Hass.io" + echo "VERSION=\"${BOARD} ${VERSION_MAJOR}.${VERSION_BUILD}\"" + echo "ID=hassio-os" + echo "VERSION_ID=${VERSION_MAJOR}.${VERSION_BUILD}" + echo "PRETTY_NAME=\"${HASSIO_NAME} ${VERSION_MAJOR}.${VERSION_BUILD}\"" + echo "CPE_NAME=" + echo "HOME_URL=https://hass.io/" + echo "VARIANT=\"Hass.io ${BOARD_NAME}\"" + echo "VARIANT_ID=${BOARD_ID}" +) > /etc/os-release From ab2def733d4c07c866a96f161adeeef2cac4a801 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 23:13:49 +0200 Subject: [PATCH 074/100] Update rootfs_layer.sh --- buildroot-external/scripts/rootfs_layer.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/buildroot-external/scripts/rootfs_layer.sh b/buildroot-external/scripts/rootfs_layer.sh index f23375d1765..f2618f7f8f8 100644 --- a/buildroot-external/scripts/rootfs_layer.sh +++ b/buildroot-external/scripts/rootfs_layer.sh @@ -18,6 +18,9 @@ function fix_rootfs() { rm -rf ${TARGET_DIR}/media rm -rf ${TARGET_DIR}/srv rm -rf ${TARGET_DIR}/opt + + # Other stuff + rm -f ${TARGET_DIR}/usr/lib/os-release } From 3f5c73f87d4fe7d724b6e3dc182e2ffcd5c83a3f Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 23:17:42 +0200 Subject: [PATCH 075/100] Update info --- buildroot-external/board/ova/info | 1 + 1 file changed, 1 insertion(+) diff --git a/buildroot-external/board/ova/info b/buildroot-external/board/ova/info index 8c7f1372b40..5504e104773 100644 --- a/buildroot-external/board/ova/info +++ b/buildroot-external/board/ova/info @@ -1,2 +1,3 @@ BOARD_ID=ova BOARD_NAME=OVA +CHASSIS=vm From 77bf239b098c155a12de9814894768eec41ef7e1 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 23:18:21 +0200 Subject: [PATCH 076/100] Update info --- buildroot-external/info | 2 ++ 1 file changed, 2 insertions(+) diff --git a/buildroot-external/info b/buildroot-external/info index 5bc340c9ac9..676f81002aa 100644 --- a/buildroot-external/info +++ b/buildroot-external/info @@ -2,3 +2,5 @@ VERSION_MAJOR=0 VERSION_BUILD=2 HASSIO_NAME="Hass.io-OS" + +DEPLOYMENT=development From cbd8f536f567d3cd95cd6574c5bdf2cac0b89733 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 23:22:52 +0200 Subject: [PATCH 077/100] Update post-build.sh --- buildroot-external/scripts/post-build.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/buildroot-external/scripts/post-build.sh b/buildroot-external/scripts/post-build.sh index 6239b4fb2a8..14ebfc25fb2 100755 --- a/buildroot-external/scripts/post-build.sh +++ b/buildroot-external/scripts/post-build.sh @@ -10,6 +10,7 @@ BOARD_DIR=${2} fix_rootfs install_hassio_cli +# Write os-release ( echo "NAME=Hass.io" echo "VERSION=\"${BOARD} ${VERSION_MAJOR}.${VERSION_BUILD}\"" @@ -21,3 +22,9 @@ install_hassio_cli echo "VARIANT=\"Hass.io ${BOARD_NAME}\"" echo "VARIANT_ID=${BOARD_ID}" ) > /etc/os-release + +# Write machine-info +( + echo "CHASSIS=${CHASSIS}" + echo "DEPLOYMENT=${DEPLOYMENT}" +) > /etc/machine-info From a10446daef9490d91bab0474f80085faca720739 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Thu, 10 May 2018 23:32:38 +0200 Subject: [PATCH 078/100] Update post-build.sh --- buildroot-external/scripts/post-build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/scripts/post-build.sh b/buildroot-external/scripts/post-build.sh index 14ebfc25fb2..d08c3d2edd5 100755 --- a/buildroot-external/scripts/post-build.sh +++ b/buildroot-external/scripts/post-build.sh @@ -17,7 +17,7 @@ install_hassio_cli echo "ID=hassio-os" echo "VERSION_ID=${VERSION_MAJOR}.${VERSION_BUILD}" echo "PRETTY_NAME=\"${HASSIO_NAME} ${VERSION_MAJOR}.${VERSION_BUILD}\"" - echo "CPE_NAME=" + echo "CPE_NAME=cpe:2.3:o:home_assistant:hassio:${VERSION_MAJOR}.${VERSION_BUILD}:*:${DEPLOYMENT}:*:*:*:${BOARD_ID}:*" echo "HOME_URL=https://hass.io/" echo "VARIANT=\"Hass.io ${BOARD_NAME}\"" echo "VARIANT_ID=${BOARD_ID}" From 40a1ba8d7f2912e799a3d15bd533be9b22f44024 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Fri, 11 May 2018 22:52:30 +0200 Subject: [PATCH 079/100] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 1 + 1 file changed, 1 insertion(+) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index d926b7245c0..267c3f5f126 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -20,6 +20,7 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { deny /sys/** wl, /** r, + /tmp/** rw, /data/** rw, /{,var/}run/docker.sock rw, From ef92d7a894a0036fb714b66750eb836a81f8c2f3 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Fri, 11 May 2018 23:14:08 +0200 Subject: [PATCH 080/100] Update info --- buildroot-external/board/ova/info | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/board/ova/info b/buildroot-external/board/ova/info index 5504e104773..4d22261e2bf 100644 --- a/buildroot-external/board/ova/info +++ b/buildroot-external/board/ova/info @@ -1,3 +1,3 @@ BOARD_ID=ova -BOARD_NAME=OVA +BOARD_NAME="Open Virtual Appliance" CHASSIS=vm From 497c5365af5dcd9175f2a3c9b651a9b4058be347 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Fri, 11 May 2018 23:17:05 +0200 Subject: [PATCH 081/100] Cleanup version strings --- buildroot-external/scripts/post-build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/scripts/post-build.sh b/buildroot-external/scripts/post-build.sh index d08c3d2edd5..be9f1f61b01 100755 --- a/buildroot-external/scripts/post-build.sh +++ b/buildroot-external/scripts/post-build.sh @@ -13,7 +13,7 @@ install_hassio_cli # Write os-release ( echo "NAME=Hass.io" - echo "VERSION=\"${BOARD} ${VERSION_MAJOR}.${VERSION_BUILD}\"" + echo "VERSION=\"${VERSION_MAJOR}.${VERSION_BUILD} (${BOARD_NAME})\"" echo "ID=hassio-os" echo "VERSION_ID=${VERSION_MAJOR}.${VERSION_BUILD}" echo "PRETTY_NAME=\"${HASSIO_NAME} ${VERSION_MAJOR}.${VERSION_BUILD}\"" From 9dd46dd4868e4ffd3f5e6d9f78850d7a4ef40899 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 12 May 2018 00:27:40 +0200 Subject: [PATCH 082/100] Enable rauc on start --- .../etc/systemd/system/multi-user.target.wants/rauc.service | 1 + 1 file changed, 1 insertion(+) create mode 120000 buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/rauc.service diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/rauc.service b/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/rauc.service new file mode 120000 index 00000000000..c7ea83e7aa8 --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/rauc.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/rauc.service \ No newline at end of file From 08991f67635c33017690911eb26fac874853f90d Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 12 May 2018 10:04:11 +0200 Subject: [PATCH 083/100] automate output image --- buildroot-external/board/ova/post-image.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/buildroot-external/board/ova/post-image.sh b/buildroot-external/board/ova/post-image.sh index e0e1e72c0b9..f84a8fd918e 100755 --- a/buildroot-external/board/ova/post-image.sh +++ b/buildroot-external/board/ova/post-image.sh @@ -6,6 +6,11 @@ BOARD_DIR=${2} BOOT_DATA=${BINARIES_DIR}/boot . ${SCRIPT_DIR}/hdd_image.sh +. ${BR2_EXTERNAL_HASSIO_PATH}/info +. ${BOARD_DIR}/info + +# Filename +IMAGE_FILE=hassio-${BOARD_ID}_${VERSION_MAJOR}.${VERSION_BUILD}.vmdk # Init boot data rm -rf ${BOOT_DATA} @@ -21,4 +26,4 @@ hassio_overlay_image ${BINARIES_DIR} hassio_hdd_image ${BINARIES_DIR} ${BINARIES_DIR}/harddisk.img 6 -qemu-img convert -O vmdk ${BINARIES_DIR}/harddisk.img ${BINARIES_DIR}/hassio-os.vmdk +qemu-img convert -O vmdk ${BINARIES_DIR}/harddisk.img ${BINARIES_DIR}/${IMAGE_FILE} From 455f99e83fa24f5b6a55f1f1ac5953b06da68cb8 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 12 May 2018 11:26:26 +0200 Subject: [PATCH 084/100] Boot system0 with partition UUID --- buildroot-external/board/ova/barebox-env/boot/system0 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/board/ova/barebox-env/boot/system0 b/buildroot-external/board/ova/barebox-env/boot/system0 index eece4af7da8..4239b465cdb 100644 --- a/buildroot-external/board/ova/barebox-env/boot/system0 +++ b/buildroot-external/board/ova/barebox-env/boot/system0 @@ -1,5 +1,5 @@ #!/bin/sh global bootm.image="/mnt/disk1/boot/bzImage" -global linux.bootargs.dyn.root="root=/dev/sda2 rootfstype=squashfs ro" +global linux.bootargs.dyn.root="root=PARTUUID=8d3d53e3-6d49-4c38-8349-aff6859e82fd rootfstype=squashfs ro" From 1bfefec008eb13b4ed9de917221a355ef8074578 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 12 May 2018 11:27:05 +0200 Subject: [PATCH 085/100] Boot system1 with partition UUID --- buildroot-external/board/ova/barebox-env/boot/system1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/board/ova/barebox-env/boot/system1 b/buildroot-external/board/ova/barebox-env/boot/system1 index c917a2f052f..3926d411215 100644 --- a/buildroot-external/board/ova/barebox-env/boot/system1 +++ b/buildroot-external/board/ova/barebox-env/boot/system1 @@ -1,4 +1,4 @@ #!/bin/sh global bootm.image="/mnt/disk2/boot/bzImage" -global linux.bootargs.dyn.root="root=/dev/sda3 rootfstype=squashfs ro" +global linux.bootargs.dyn.root="root=PARTUUID=a3ec664e-32ce-4665-95ea-7ae90ce9aa20 rootfstype=squashfs ro" From fdab2193766a5e43f9bf289955befa1f2261f174 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 12 May 2018 11:33:55 +0200 Subject: [PATCH 086/100] Create rauc-good.timer --- .../rootfs-overlay/usr/lib/systemd/system/rauc-good.timer | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-good.timer diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-good.timer b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-good.timer new file mode 100644 index 00000000000..88671f8eb64 --- /dev/null +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-good.timer @@ -0,0 +1,8 @@ +[Unit] +Description=Rauc mark boot partition as good + +[Timer] +OnBootSec=1min + +[Install] +WantedBy=timers.target From dfb13b5d40dc02c07ae1fe351291e4f6ec879337 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 12 May 2018 11:35:28 +0200 Subject: [PATCH 087/100] Update rauc-good.service --- .../usr/lib/systemd/system/rauc-good.service | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-good.service b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-good.service index 4af9b098463..907ab3a26d3 100644 --- a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-good.service +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-good.service @@ -1,14 +1,9 @@ [Unit] Description=Hassio rauc good -Requires=hassio-supervisor.service -After=rauc.service hassio-supervisor.service +Requires=hassio-supervisor.service rauc.service RefuseManualStart=true RefuseManualStop=true [Service] Type=oneshot -ExecStartPre=/bin/sleep 80 ExecStart=/usr/bin/rauc status mark-good - -[Install] -WantedBy=multi-user.target From 44f90cae13a52a6b50ad63ce3d64faa8c5bfb9ed Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 12 May 2018 11:36:17 +0200 Subject: [PATCH 088/100] Update rauc-bad.service --- .../rootfs-overlay/usr/lib/systemd/system/rauc-bad.service | 4 ---- 1 file changed, 4 deletions(-) diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-bad.service b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-bad.service index 04e009b361c..f93c5663a47 100644 --- a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-bad.service +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/rauc-bad.service @@ -1,7 +1,6 @@ [Unit] Description=Rauc mark bad Requires=rauc.service -After=rauc.service RefuseManualStart=true RefuseManualStop=true @@ -9,6 +8,3 @@ RefuseManualStop=true Type=oneshot ExecStart=/usr/bin/rauc status mark-bad ExecStartPost=/usr/bin/systemctl reboot - -[Install] -WantedBy=multi-user.target From 387d932392dfb18028fc8a178626b357b5218583 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 12 May 2018 11:36:47 +0200 Subject: [PATCH 089/100] Update hassio-supervisor.service --- .../usr/lib/systemd/system/hassio-supervisor.service | 1 - 1 file changed, 1 deletion(-) diff --git a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-supervisor.service b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-supervisor.service index 373cb9b5565..03b3dd108db 100644 --- a/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-supervisor.service +++ b/buildroot-external/rootfs-overlay/usr/lib/systemd/system/hassio-supervisor.service @@ -5,7 +5,6 @@ After=docker.service dbus.socket RequiresMountsFor=/mnt/data StartLimitIntervalSec=60 StartLimitBurst=5 -OnFailure=rauc-bad.service [Service] Type=simple From c507e7064130d0620980865d6011b63f3712a55b Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 12 May 2018 11:37:54 +0200 Subject: [PATCH 090/100] Create rauc.conf --- .../etc/systemd/system/hassio-supervisor.service.d/rauc.conf | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 buildroot-external/rootfs-overlay/etc/systemd/system/hassio-supervisor.service.d/rauc.conf diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-supervisor.service.d/rauc.conf b/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-supervisor.service.d/rauc.conf new file mode 100644 index 00000000000..e001464d1c3 --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/systemd/system/hassio-supervisor.service.d/rauc.conf @@ -0,0 +1,2 @@ +[Unit] +OnFailure=rauc-bad.service From 18f47062859b361e50739e18188bab37d43bd5bf Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 12 May 2018 22:37:46 +0200 Subject: [PATCH 091/100] Enable Timer + disable system1 --- .../board/ova/barebox-state.dtb | Bin 1097 -> 1097 bytes .../board/ova/barebox-state.dts | 2 +- .../timers.target.wants/rauc-good.timer | 1 + 3 files changed, 2 insertions(+), 1 deletion(-) create mode 120000 buildroot-external/rootfs-overlay/etc/systemd/system/timers.target.wants/rauc-good.timer diff --git a/buildroot-external/board/ova/barebox-state.dtb b/buildroot-external/board/ova/barebox-state.dtb index bd29d50ae506b848f98e5babd786a857483789fd..fc1ead0ccf8780baad5e1276f0b4106a3e9b01fc 100644 GIT binary patch delta 14 VcmX@fagt+0J`*Fu<^rahi~uJN1jGOU delta 16 YcmX@fagt+0KGWpcj6$0mnNBbQ05>NF1ONa4 diff --git a/buildroot-external/board/ova/barebox-state.dts b/buildroot-external/board/ova/barebox-state.dts index 4938b03d817..927ff662425 100644 --- a/buildroot-external/board/ova/barebox-state.dts +++ b/buildroot-external/board/ova/barebox-state.dts @@ -38,7 +38,7 @@ remaining_attempts@8 { reg = <0x8 0x4>; type = "uint32"; - default = <3>; + default = <0>; }; priority@c { reg = <0xc 0x4>; diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/timers.target.wants/rauc-good.timer b/buildroot-external/rootfs-overlay/etc/systemd/system/timers.target.wants/rauc-good.timer new file mode 120000 index 00000000000..d010b7029a5 --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/systemd/system/timers.target.wants/rauc-good.timer @@ -0,0 +1 @@ +/usr/lib/systemd/system/rauc-good.timer \ No newline at end of file From 5c1fc0768dd7f18da2bf84fbc708492fb07d205f Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sat, 12 May 2018 23:07:15 +0200 Subject: [PATCH 092/100] Update supervisor --- buildroot-external/configs/ova_defconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/configs/ova_defconfig b/buildroot-external/configs/ova_defconfig index 99988a579ab..d1f0d4107ff 100644 --- a/buildroot-external/configs/ova_defconfig +++ b/buildroot-external/configs/ova_defconfig @@ -66,7 +66,7 @@ BR2_PACKAGE_HOST_RAUC=y BR2_PACKAGE_MINGETTY=y BR2_PACKAGE_HASSIO=y BR2_PACKAGE_HASSIO_SUPERVISOR="homeassistant/amd64-hassio-supervisor" -BR2_PACKAGE_HASSIO_SUPERVISOR_VERSION="103" +BR2_PACKAGE_HASSIO_SUPERVISOR_VERSION="103.3" BR2_PACKAGE_HASSIO_SUPERVISOR_ARGS="-e HOMEASSISTANT_REPOSITORY=homeassistant/qemux86-64-homeassistant" BR2_PACKAGE_HASSIO_SUPERVISOR_PROFILE="hassio-supervisor" BR2_PACKAGE_HASSIO_CLI="homeassistant/amd64-hassio-cli" From 3b7ca0190780fbe02731acd6aea39a0d20efed19 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sun, 13 May 2018 09:50:02 +0200 Subject: [PATCH 093/100] fix post build --- buildroot-external/scripts/post-build.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/buildroot-external/scripts/post-build.sh b/buildroot-external/scripts/post-build.sh index be9f1f61b01..224bb7e4462 100755 --- a/buildroot-external/scripts/post-build.sh +++ b/buildroot-external/scripts/post-build.sh @@ -1,9 +1,11 @@ #!/bin/bash +set -e +SCRIPT_DIR=${BR2_EXTERNAL_HASSIO_PATH}/scripts BOARD_DIR=${2} -. rootfs_layer.sh -. ../info +. ${SCRIPT_DIR}/rootfs_layer.sh +. ${BR2_EXTERNAL_HASSIO_PATH}/info . ${BOARD_DIR}/info # Hass.io OS tasks From b0825e17d59c23ea1c6b8393b46bfd3972274cfb Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sun, 13 May 2018 09:52:01 +0200 Subject: [PATCH 094/100] Cleanup old stuff --- .../etc/systemd/system/multi-user.target.wants/rauc-good.service | 1 - 1 file changed, 1 deletion(-) delete mode 120000 buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/rauc-good.service diff --git a/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/rauc-good.service b/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/rauc-good.service deleted file mode 120000 index 3ff40f7463f..00000000000 --- a/buildroot-external/rootfs-overlay/etc/systemd/system/multi-user.target.wants/rauc-good.service +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/systemd/system/rauc-good.service \ No newline at end of file From c30367a29a6c3fa1b626c8d0a0c144197a61a79e Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sun, 13 May 2018 10:08:35 +0200 Subject: [PATCH 095/100] Update rootfs_layer.sh --- buildroot-external/scripts/rootfs_layer.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/buildroot-external/scripts/rootfs_layer.sh b/buildroot-external/scripts/rootfs_layer.sh index f2618f7f8f8..a46b6236597 100644 --- a/buildroot-external/scripts/rootfs_layer.sh +++ b/buildroot-external/scripts/rootfs_layer.sh @@ -12,7 +12,6 @@ function fix_rootfs() { rm -rf ${TARGET_DIR}/etc/network rm -rf ${TARGET_DIR}/etc/X11 rm -rf ${TARGET_DIR}/etc/xdg - rm -f ${TARGET_DIR}/etc/mtab # Cleanup root rm -rf ${TARGET_DIR}/media From 979af0c8bc7eb6dc4f2ff6703a7698f74a5fe9f9 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sun, 13 May 2018 16:11:04 +0200 Subject: [PATCH 096/100] fix os-release --- buildroot-external/scripts/post-build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildroot-external/scripts/post-build.sh b/buildroot-external/scripts/post-build.sh index 224bb7e4462..691d523579b 100755 --- a/buildroot-external/scripts/post-build.sh +++ b/buildroot-external/scripts/post-build.sh @@ -23,7 +23,7 @@ install_hassio_cli echo "HOME_URL=https://hass.io/" echo "VARIANT=\"Hass.io ${BOARD_NAME}\"" echo "VARIANT_ID=${BOARD_ID}" -) > /etc/os-release +) > /usr/lib/os-release # Write machine-info ( From 13a736d4bd749e7ec5d1b5c8fb09c13dbedef7d3 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sun, 13 May 2018 16:21:37 +0200 Subject: [PATCH 097/100] Update rootfs_layer.sh --- buildroot-external/scripts/rootfs_layer.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/buildroot-external/scripts/rootfs_layer.sh b/buildroot-external/scripts/rootfs_layer.sh index a46b6236597..e281858ce89 100644 --- a/buildroot-external/scripts/rootfs_layer.sh +++ b/buildroot-external/scripts/rootfs_layer.sh @@ -20,6 +20,9 @@ function fix_rootfs() { # Other stuff rm -f ${TARGET_DIR}/usr/lib/os-release + + # Fix tempfs + sed -i "/srv/d" ${TARGET_DIR}/usr/lib/tmpfiles.d/home.conf } From 0143c267a1ddc4a607b588c7067b30c989854f09 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sun, 13 May 2018 16:23:30 +0200 Subject: [PATCH 098/100] Update rootfs_layer.sh --- buildroot-external/scripts/rootfs_layer.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/buildroot-external/scripts/rootfs_layer.sh b/buildroot-external/scripts/rootfs_layer.sh index e281858ce89..3b332aa2fff 100644 --- a/buildroot-external/scripts/rootfs_layer.sh +++ b/buildroot-external/scripts/rootfs_layer.sh @@ -18,9 +18,6 @@ function fix_rootfs() { rm -rf ${TARGET_DIR}/srv rm -rf ${TARGET_DIR}/opt - # Other stuff - rm -f ${TARGET_DIR}/usr/lib/os-release - # Fix tempfs sed -i "/srv/d" ${TARGET_DIR}/usr/lib/tmpfiles.d/home.conf } From cf99b446ec3e2c70ad2cabba41e5ce0a4216beb1 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sun, 13 May 2018 19:44:31 +0200 Subject: [PATCH 099/100] Update post-build.sh --- buildroot-external/scripts/post-build.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/buildroot-external/scripts/post-build.sh b/buildroot-external/scripts/post-build.sh index 691d523579b..745de9bea2c 100755 --- a/buildroot-external/scripts/post-build.sh +++ b/buildroot-external/scripts/post-build.sh @@ -23,10 +23,10 @@ install_hassio_cli echo "HOME_URL=https://hass.io/" echo "VARIANT=\"Hass.io ${BOARD_NAME}\"" echo "VARIANT_ID=${BOARD_ID}" -) > /usr/lib/os-release +) > ${TARGET_DIR}/usr/lib/os-release # Write machine-info ( echo "CHASSIS=${CHASSIS}" echo "DEPLOYMENT=${DEPLOYMENT}" -) > /etc/machine-info +) > ${TARGET_DIR}/etc/machine-info From 9f79e421c190a647f6c0d1dec5d00dbb147f5c62 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Sun, 13 May 2018 21:03:29 +0200 Subject: [PATCH 100/100] Update ovf-create.sh --- scripts/ovf-create.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ovf-create.sh b/scripts/ovf-create.sh index 8160c974645..df370c51778 100755 --- a/scripts/ovf-create.sh +++ b/scripts/ovf-create.sh @@ -6,4 +6,4 @@ VBoxManage modifyvm Hass.io --cpus 2 --memory 1048 --firmware efi VBoxManage modifyvm Hass.io --nic1 bridged VBoxManage storageattach Hass.io --storagectl "SATA Controller" --device 0 --port 0 --type vmdk --medium $1 -VBoxManage export Hass.io --ovf20 --vendor "Home-Assistant" --vendorurl "http://hass.io" --output $2 +VBoxManage export Hass.io --ovf20 --vendor "Home Assistant" --vendorurl "http://hass.io" --output $2