Commit d6c99cd1 authored by iv's avatar iv

nayuos: Modifications:

  modify bashrc to setup git correctly,
  add some test for verifying image content after build finished,
  remove --noenable_rootfs_verification flag (get some security back!),
  clean a bit,
  update README.
parent 2c799533
...@@ -40,4 +40,6 @@ The script that download the sources and build is located in ...@@ -40,4 +40,6 @@ The script that download the sources and build is located in
* [ crouton for chroot ](https://github.com/dnschneid/crouton) ([warning about verified boot](https://github.com/dnschneid/crouton/blob/2a1fc9da380650f47e2bcf37d00962bfb68c4830/installer/main.sh#L517-L536)) * [ crouton for chroot ](https://github.com/dnschneid/crouton) ([warning about verified boot](https://github.com/dnschneid/crouton/blob/2a1fc9da380650f47e2bcf37d00962bfb68c4830/installer/main.sh#L517-L536))
## Notes for possible improvements ## Notes for possible improvements
* [ Running virtual machines on your chromebook ](https://www.chromium.org/chromium-os/developer-information-for-chrome-os-devices/running-virtual-machines-on-your-chromebook) * [ Running virtual machines on your chromebook ](https://www.chromium.org/chromium-os/developer-information-for-chrome-os-devices/running-virtual-machines-on-your-chromebook)
\ No newline at end of file
* to have a more common User Agent (the one of ChromiumOS/NayuOS is quite rare and identifies the user, see [studies of the EFF](https://panopticlick.eff.org/static/browser-uniqueness.pdf)), it seems possible to change the User-Agent flag for guest mode in the getOffTheRecord function, and adding a line (key "kUserAgent" , value "some common user agent" string). Then rebuild Chromium and [add it to NayuOS](https://www.chromium.org/chromium-os/developer-guide#TOC-Making-changes-to-the-Chromium-web-).
...@@ -48,7 +48,7 @@ logo_dir = {{ logo_dir }} ...@@ -48,7 +48,7 @@ logo_dir = {{ logo_dir }}
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
template = {{ scripts_dir }}/cros_full_build.in template = {{ scripts_dir }}/cros_full_build.in
rendered = ${directory:run}/cros_full_build rendered = ${directory:run}/cros_full_build
md5sum = ce2c5c5caf51ff5311f238538a52da40 md5sum = 7de043b33367048e78b835a0ff0a4d55
mode = 0770 mode = 0770
context = context =
# for access to the eggs from the instance # for access to the eggs from the instance
......
...@@ -22,6 +22,7 @@ repo sync >> $DL_LOG ...@@ -22,6 +22,7 @@ repo sync >> $DL_LOG
############################## Prepare chroot environment ################################### ############################## Prepare chroot environment ###################################
BUILD_LOG={{ instance_log_dir }}/cros_build.log BUILD_LOG={{ instance_log_dir }}/cros_build.log
TEST_LOG={{ instance_log_dir }}/tests_nayuos_image.log
{{ depot_tools_export_path_cmd }} {{ depot_tools_export_path_cmd }}
cd {{ cros_location }}/{{ branch }} cd {{ cros_location }}/{{ branch }}
...@@ -47,6 +48,8 @@ for category in $( ls {{ ebuilds_dir }} ); do ...@@ -47,6 +48,8 @@ for category in $( ls {{ ebuilds_dir }} ); do
cp -R {{ ebuilds_dir }}/${category}/* ${CHROMIUM_OVERLAY}/${category}/ cp -R {{ ebuilds_dir }}/${category}/* ${CHROMIUM_OVERLAY}/${category}/
done done
install -m 770 "{{ scripts_dir }}/test_nayuos_image" "{{ cros_location }}/{{ branch }}/src/scripts/test_nayuos_image"
### packages management ### ### packages management ###
BASE_CHROMEOS_DEV_ROOT_EBUILD=${CHROMIUM_OVERLAY}/chromeos-base/chromeos-dev-root/chromeos-dev-root-0.0.1.ebuild BASE_CHROMEOS_DEV_ROOT_EBUILD=${CHROMIUM_OVERLAY}/chromeos-base/chromeos-dev-root/chromeos-dev-root-0.0.1.ebuild
...@@ -56,7 +59,7 @@ VIRTUAL_CHROMEOS_OS_DEV_EBUILD=${CHROMIUM_OVERLAY}/virtual/target-chromium-os-de ...@@ -56,7 +59,7 @@ VIRTUAL_CHROMEOS_OS_DEV_EBUILD=${CHROMIUM_OVERLAY}/virtual/target-chromium-os-de
# needed for NayuOS # needed for NayuOS
for package in {{ nayu_dev_packages }} ; do for package in {{ nayu_dev_packages }} ; do
echo $package echo $package
if [[ $( cat "${VIRTUAL_CHROMEOS_OS_DEV_EBUILD}" | grep "${package}" ) ]] ; then if [[ $( grep "${package}" "${VIRTUAL_CHROMEOS_OS_DEV_EBUILD}" ) ]] ; then
echo "no need to change ${VIRTUAL_CHROMEOS_OS_DEV_EBUILD} file to add ${package}..." >> "${BUILD_LOG}" echo "no need to change ${VIRTUAL_CHROMEOS_OS_DEV_EBUILD} file to add ${package}..." >> "${BUILD_LOG}"
else else
printf "\n\nRDEPEND=\"\${RDEPEND}\n ${package}\"\n">> ${VIRTUAL_CHROMEOS_OS_DEV_EBUILD} printf "\n\nRDEPEND=\"\${RDEPEND}\n ${package}\"\n">> ${VIRTUAL_CHROMEOS_OS_DEV_EBUILD}
...@@ -64,14 +67,41 @@ for package in {{ nayu_dev_packages }} ; do ...@@ -64,14 +67,41 @@ for package in {{ nayu_dev_packages }} ; do
done done
# do not install the Upstart init script that starts ssh daemon at boot time # do not install the Upstart init script that starts ssh daemon at boot time
sed -i '/openssh-server-init/ d' ${BASE_CHROMEOS_DEV_ROOT_EBUILD} rm ${CHROMIUM_OVERLAY}/chromeos-base/chromeos-sshd-init/files/openssh-server.conf
sed -i -n '/src_install/q;p' ${CHROMIUM_OVERLAY}/chromeos-base/openssh-server-init/openssh-server-init-0.0.1.ebuild
sed -i -n '/src_install/q;p' ${CHROMIUM_OVERLAY}/chromeos-base/chromeos-sshd-init/chromeos-sshd-init-0.0.1.ebuild
# increase the revision number (XXX: is there a problem with md5-cache otherwise?)
# XXX: remove hardcoded revision numbers
cd ${CHROMIUM_OVERLAY}/chromeos-base/openssh-server-init/
mv openssh-server-init-0.0.1-r24.ebuild openssh-server-init-0.0.1-r25.ebuild
cd ${CHROMIUM_OVERLAY}/chromeos-base/chromeos-sshd-init/
mv chromeos-sshd-init-0.0.1-r5.ebuild chromeos-sshd-init-0.0.1-r6.ebuild
# bashrc modifications
BASH_EBUILD={{ cros_location }}/{{ branch }}/src/third_party/portage-stable/app-shells/bash
if [[ $(grep "git --exec-path" "${BASH_EBUILD}/files/dot-bashrc") ]] ; then
echo "git alias already set"
else
echo "# git quickfix for finding right git executables
if [ -d /usr/local/libexec/git-core/ ] ; then
alias git='git --exec-path=/usr/local/libexec/git-core/'
fi
# git quickfix for finding 'less' and using it as pager
if [ $(which less) ] ; then
git config --global core.pager $(which less)
fi
" >> ${BASH_EBUILD}/files/dot-bashrc
fi
#XXX: change bash ebuild revision number (as it is made for sshd removal)
######################################## Build ############################################## ######################################## Build ##############################################
BOARDS="{{ boards_list }}" BOARDS="{{ boards_list }}"
KEEP_CACHE="{{ keep_cache }}" KEEP_CACHE="{{ keep_cache }}"
for board in ${BOARDS}; do for board in ${BOARDS} ; do
echo ${board} echo ${board}
if [ ${board} == daisy ]; then if [ ${board} == daisy ] ; then
echo "daisy board: accepting license for Mali drivers..." echo "daisy board: accepting license for Mali drivers..."
cros_sdk -- sudo sh -c "cp /etc/make.conf.user /etc/make.conf.user.save" cros_sdk -- sudo sh -c "cp /etc/make.conf.user /etc/make.conf.user.save"
cros_sdk -- sudo sh -c "echo 'ACCEPT_LICENSE=\"*\"' >> /etc/make.conf.user" cros_sdk -- sudo sh -c "echo 'ACCEPT_LICENSE=\"*\"' >> /etc/make.conf.user"
...@@ -91,7 +121,6 @@ for board in ${BOARDS}; do ...@@ -91,7 +121,6 @@ for board in ${BOARDS}; do
cp {{ logo_dir }}/* {{ cros_location }}/{{ branch }}/src/platform/chromiumos-assets/images_200_percent/ cp {{ logo_dir }}/* {{ cros_location }}/{{ branch }}/src/platform/chromiumos-assets/images_200_percent/
#cros_sdk -- git commit -a -m "Changing boot pictures." # TODO: should not be necessary #cros_sdk -- git commit -a -m "Changing boot pictures." # TODO: should not be necessary
IMAGE_LOCATION=${board}.chromiumos.img
NAYU_IMAGE_LOCATION=${board}.nayuos.img NAYU_IMAGE_LOCATION=${board}.nayuos.img
# rebuild packages with boot pictures # rebuild packages with boot pictures
...@@ -99,17 +128,18 @@ for board in ${BOARDS}; do ...@@ -99,17 +128,18 @@ for board in ${BOARDS}; do
# NayuOS # NayuOS
date >> "${BUILD_LOG}" date >> "${BUILD_LOG}"
echo "rebuilding image with noenable_rootfs_verification" >> "${BUILD_LOG}" echo "building image" >> "${BUILD_LOG}"
cros_sdk -- ./build_image --noenable_rootfs_verification --board=${board} dev >> "${BUILD_LOG}" \ cros_sdk -- ./build_image --board=${board} dev >> "${BUILD_LOG}" \
&& cros_sdk -- rm -f $NAYU_IMAGE_LOCATION && cros_sdk -- touch $NAYU_IMAGE_LOCATION \ && cros_sdk -- rm -f $NAYU_IMAGE_LOCATION && cros_sdk -- touch $NAYU_IMAGE_LOCATION \
&& cros_sdk -- cros flash --board=${board} file://$NAYU_IMAGE_LOCATION >> "${BUILD_LOG}" \ && cros_sdk -- cros flash --board=${board} file://$NAYU_IMAGE_LOCATION >> "${BUILD_LOG}" \
&& cros_sdk -- ./test_nayuos_image ${board} > "${TEST_LOG}" \
|| exit 1 || exit 1
# TODO: test produced image (ex: make a diff of grandenet script from ebuild dir, # TODO: test produced image (ex: make a diff of grandenet script from ebuild dir,
# check that <mountpoint>/usr/local is not empty, ...) # check that <mountpoint>/usr/local is not empty, ...)
# save ~15Go/device but delete cache (next build will be as long) # save ~15Go/device but delete cache (next build will be as long)
if [ !${KEEP_CACHE} -o ${KEEP_CACHE,,} == "no" ] ; then if [ ${KEEP_CACHE,,} == "no" ] ; then
cros_sdk -- sudo rm -R /var/cache/chromeos-chrome/chrome-src/src/out_${board} cros_sdk -- sudo rm -R /var/cache/chromeos-chrome/chrome-src/src/out_${board}
fi fi
......
#!/bin/bash
FAILURE="FAILURE"
SUCCESS="SUCCESS"
if [ -z "$1" ] ; then
echo "Missing board argument. Exiting."
exit 1
fi
BOARD=$1
MOUNTPOINT="/tmp/${BOARD}"
ORIGINAL_GRANDENET_SCRIPT=~/trunk/src/third_party/chromiumos-overlay/net-misc/re6stnet/files/grandenet
GRANDENET_SCRIPT="usr/local/bin/grandenet"
INIT_SSH_SERVER="etc/init/openssh-server.conf"
BASHRC="etc/skel/.bashrc"
EXPECTED_ALIAS="alias git='git --exec-path=/usr/local/libexec/git-core/'"
HAS_FAILED=0
function print_result() {
test_result=$1
message=$2
printf "\t${test_result}: "
printf "${message}\n"
if [[ ${test_result} == ${FAILURE} ]] ; then
HAS_FAILED=1
fi
}
# MOUNT IMAGE AND GET INFO
install -d ${MOUNTPOINT}
./mount_gpt_image.sh --safe -f $( ./get_latest_image.sh --board=${BOARD} ) -r ${MOUNTPOINT}
echo $(ls "${MOUNTPOINT}/usr/local")
if [[ $(ls "${MOUNTPOINT}/usr/local") ]] ; then
my_diff=$(diff ${ORIGINAL_GRANDENET_SCRIPT} "${MOUNTPOINT}/${GRANDENET_SCRIPT}")
opensshd_config=$(ls "${MOUNTPOINT}/${INIT_SSH_SERVER}")
gitalias=$(grep "${EXPECTED_ALIAS}" "${MOUNTPOINT}/${BASHRC}")
else
is_empty=1
fi
./mount_gpt_image.sh --safe -f $( ./get_latest_image.sh --board=${BOARD} ) -r ${MOUNTPOINT} -u
rmdir ${MOUNTPOINT}
# PRINT RESULTS
echo "* test if /usr/local exists"
if [[ ${is_empty} == 1 ]] ; then
print_result ${FAILURE} "/usr/local is empty."
else
print_result ${SUCCESS} "/usr/local is not empty."
echo "* test grandenet script existence and content"
if [[ ${no_grandenet_script} == 1 ]] ; then
print_result ${FAILURE} "grandenet script is missing (no file at ${GRANDENET_SCRIPT})."
elif [[ ${my_diff} != "" ]] ; then
print_result ${FAILURE} "grandenet scripts differs:\n${my_diff}"
else
print_result ${SUCCESS} "${GRANDENET_SCRIPT} exists and contains what is expected."
fi
echo "* test openssh server init script absence"
if [[ ${opensshd_config} ]] ; then
print_result ${FAILURE} "opensshd config exists: ${opensshd_config}"
else
print_result ${SUCCESS} "opensshd config removed."
fi
echo "* test git quick fix for option --exec-path"
if [[ ${gitalias} == "" ]] ; then
print_result ${FAILURE} "Expected alias for git command not present in ${MOUNTPOINT}/${BASHRC}. Should be: ${EXPECTED_ALIAS}"
else
print_result ${SUCCESS} "git alias is correct."
fi
fi
exit ${HAS_FAILED}
...@@ -35,7 +35,7 @@ command = sudo -V ...@@ -35,7 +35,7 @@ command = sudo -V
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
template = ${:_profile_base_location_}/instance.cfg template = ${:_profile_base_location_}/instance.cfg
rendered = ${buildout:directory}/instance.cfg rendered = ${buildout:directory}/instance.cfg
md5sum = e8de561564b53357e0932b3f017c6ece md5sum = 0b11860d6cab4112fe83721ab9550627
mode = 0644 mode = 0644
scripts_dir = ${:_profile_base_location_}/scripts scripts_dir = ${:_profile_base_location_}/scripts
ebuilds_dir = ${:_profile_base_location_}/custom_ebuilds ebuilds_dir = ${:_profile_base_location_}/custom_ebuilds
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment