Compare commits
23 Commits
cb7e0a5819
...
289827ee00
| Author | SHA1 | Date |
|---|---|---|
 Dustin
|
289827ee00 | |
|
Dustin
|
e42f10051c | |
|
Dustin
|
7293415b40 | |
|
Dustin
|
82e835e450 | |
|
Dustin
|
6abf1de348 | |
|
Dustin
|
ee408805e2 | |
|
Dustin
|
6b262ca0fb | |
|
Dustin
|
469cbb28c2 | |
|
Dustin
|
1280f406f8 | |
|
Dustin
|
2eb225f0fc | |
|
Dustin
|
2b40255a61 | |
|
Dustin
|
5e8b69d659 | |
|
Dustin
|
a4baa58563 | |
|
Dustin
|
749d5b818a | |
|
Dustin
|
b38f48b72f | |
|
Dustin
|
7c3738d067 | |
|
Dustin
|
eb8f4c3b40 | |
|
Dustin
|
c259aad165 | |
|
Dustin
|
292a4d2268 | |
|
Dustin
|
31d8a98f64 | |
|
Dustin
|
1914b3aba0 | |
|
Dustin
|
2b6b777282 | |
|
Dustin
|
e9b21b0ca0 |
|
|
@ -1,10 +1,7 @@
|
|||
/images
|
||||
/linux
|
||||
/output
|
||||
/portage/config/*/etc/portage/make.profile
|
||||
/portage/config/*/etc/portage/repos.conf
|
||||
/portage/config/target/etc/portage/make.conf/10-crossdev.conf
|
||||
/portage/repos/x-portage
|
||||
/repos/x-portage
|
||||
/.built
|
||||
/.prepared
|
||||
/.host-tools
|
||||
|
|
|
|||
19
Makefile
19
Makefile
|
|
@ -1,5 +1,8 @@
|
|||
O ?= .
|
||||
IMAGESDIR ?= $(O)/images
|
||||
CONFIGDIR ?= .
|
||||
|
||||
export CONFIGDIR
|
||||
|
||||
update.tar: $(IMAGESDIR)/update.tar.zstd
|
||||
|
||||
|
|
@ -17,7 +20,7 @@ prepare: $(O)/.prepared
|
|||
$(O)/.host-tools: \
|
||||
build-host-tools.sh \
|
||||
host-tools.packages \
|
||||
$(shell find portage/config/host -type f) \
|
||||
$(shell find $(CONFIGDIR)/portage/host -type f) \
|
||||
$(O)/.prepared
|
||||
./build-host-tools.sh
|
||||
touch $(O)/.host-tools
|
||||
|
|
@ -28,7 +31,9 @@ $(O)/.built: \
|
|||
build.sh \
|
||||
build.packages \
|
||||
install.packages \
|
||||
$(shell find portage/config/target -type f) \
|
||||
$(CONFIGDIR)/build.packages \
|
||||
$(CONFIGDIR)/install.packages \
|
||||
$(shell find $(CONFIGDIR)/portage/target -type f) \
|
||||
$(O)/.host-tools \
|
||||
$(O)/.prepared
|
||||
./build.sh
|
||||
|
|
@ -37,10 +42,12 @@ $(O)/.built: \
|
|||
$(O)/.ready: \
|
||||
build-rootfs.sh \
|
||||
install.packages \
|
||||
installonly.packages \
|
||||
busybox.symlinks \
|
||||
$(CONFIGDIR)/install.packages \
|
||||
$(CONFIGDIR)/installonly.packages \
|
||||
$(CONFIGDIR)/busybox.symlinks \
|
||||
$(O)/linux/arch/arm64/boot/Image.gz \
|
||||
$(shell find overlay -type f) \
|
||||
$(shell find $(CONFIGDIR)/overlay -type f 2>/dev/null) \
|
||||
$(O)/.host-tools \
|
||||
$(O)/.built
|
||||
./build-rootfs.sh
|
||||
|
|
@ -48,7 +55,7 @@ $(O)/.ready: \
|
|||
|
||||
$(IMAGESDIR)/rootfs.squashfs: \
|
||||
build-squashfs.sh \
|
||||
squashfs.exclude \
|
||||
$(CONFIGDIR)/squashfs.exclude \
|
||||
$(O)/.ready
|
||||
./build-squashfs.sh "$(IMAGESDIR)"
|
||||
|
||||
|
|
@ -56,7 +63,7 @@ squashfs: $(IMAGESDIR)/rootfs.squashfs
|
|||
|
||||
$(O)/linux/arch/arm64/boot/Image.gz: \
|
||||
build-kernel.sh \
|
||||
linux.config \
|
||||
$(CONFIGDIR)/linux.config \
|
||||
$(O)/.host-tools \
|
||||
$(O)/.prepared
|
||||
./build-kernel.sh "$(O)"
|
||||
|
|
|
|||
21
build-all.sh
21
build-all.sh
|
|
@ -1,21 +0,0 @@
|
|||
#!/bin/sh
|
||||
# vim: set sw=4 ts=4 sts=4 et :
|
||||
|
||||
set -e
|
||||
|
||||
. ./config
|
||||
|
||||
./prepare.sh
|
||||
./config-portage.sh
|
||||
./setup-local-repo.sh
|
||||
./build.sh
|
||||
./build-host-tools.sh
|
||||
./build-rootfs.sh
|
||||
./build-uboot.sh
|
||||
./build-grub.sh
|
||||
./build-kernel.sh
|
||||
./build-squashfs.sh
|
||||
./post-build.sh
|
||||
|
||||
./genimage.sh
|
||||
./build-update.sh
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
set -e
|
||||
|
||||
. ./config
|
||||
. "${CONFIGDIR:=${PWD}}"/config
|
||||
|
||||
O="${1}"
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/sh
|
||||
# vim: set sw=4 ts=4 sts=4 et :
|
||||
|
||||
PORTAGE_CONFIGROOT="${PWD}"/portage/config/host \
|
||||
PORTAGE_CONFIGROOT="${CONFIGDIR:=${PWD}}"/portage/host \
|
||||
< host-tools.packages xargs -ro \
|
||||
emerge -vnUj
|
||||
emerge -vnuUj --rebuilt-binaries=y
|
||||
|
|
|
|||
|
|
@ -5,9 +5,9 @@ set -e
|
|||
|
||||
O="${1}"
|
||||
|
||||
. ./config
|
||||
. "${CONFIGDIR:=${PWD}}"/config
|
||||
|
||||
PORTAGE_CONFIGROOT="${PWD}"/portage/config/host \
|
||||
PORTAGE_CONFIGROOT="${CONFIGDIR}"/portage/host \
|
||||
emerge -vnj ${kernel_pkg}
|
||||
|
||||
export ARCH=arm64 CROSS_COMPILE=${target}-
|
||||
|
|
@ -16,7 +16,7 @@ mkdir -p "${O}"/linux
|
|||
/usr/src/linux/scripts/kconfig/merge_config.sh -m \
|
||||
-O "${O}"/linux \
|
||||
/usr/src/linux/arch/*/configs/${kernel_defconfig}_defconfig \
|
||||
linux.config
|
||||
"${CONFIGDIR}"/linux.config
|
||||
cd "${O}"/linux
|
||||
make -C /usr/src/linux O=${PWD} olddefconfig
|
||||
make -j$(nproc)
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
set -e
|
||||
|
||||
. ./config
|
||||
. "${CONFIGDIR:=${PWD}}"/config
|
||||
|
||||
mkdir -p \
|
||||
/mnt/gentoo/usr/bin \
|
||||
|
|
@ -20,17 +20,22 @@ mkdir -p /mnt/gentoo/etc/portage
|
|||
ln -snf \
|
||||
/var/db/repos/gentoo/profiles/${profile} \
|
||||
/mnt/gentoo/etc/portage/make.profile
|
||||
cp -r portage/. /mnt/gentoo/etc/portage/
|
||||
|
||||
ROOT=/mnt/gentoo \
|
||||
PORTAGE_CONFIGROOT="${PWD}"/portage/config/target \
|
||||
< install.packages xargs -ro \
|
||||
${target}-emerge -KvnuUDj --rebuilt-binaries=y
|
||||
cat \
|
||||
install.packages \
|
||||
"${CONFIGDIR}"/install.packages \
|
||||
| xargs -ro \
|
||||
${target}-emerge \
|
||||
--root=/mnt/gentoo \
|
||||
--config-root="${CONFIGDIR}"/portage/target \
|
||||
-KvnuUDj \
|
||||
--rebuilt-binaries=y
|
||||
|
||||
ROOT=/mnt/gentoo \
|
||||
PORTAGE_CONFIGROOT="${PWD}"/portage/config/target \
|
||||
< installonly.packages xargs -ro \
|
||||
${target}-emerge -vnuUDj
|
||||
< "${CONFIGDIR}"/installonly.packages xargs -ro \
|
||||
${target}-emerge \
|
||||
--root=/mnt/gentoo \
|
||||
--config-root="${CONFIGDIR}"/portage/target \
|
||||
-vnuUDj
|
||||
|
||||
ROOT=/mnt/gentoo \
|
||||
locale-gen
|
||||
|
|
@ -51,22 +56,26 @@ while read name; do
|
|||
ln -snf busybox /mnt/gentoo/bin/"${name}" \
|
||||
|| printf 'Failed to create busybox symlink for %s\n' "${name}"
|
||||
fi
|
||||
done < busybox.symlinks
|
||||
done < "${CONFIGDIR}"/busybox.symlinks
|
||||
|
||||
rsync -rltpDO overlay/ /mnt/gentoo/
|
||||
if [ -d "${CONFIGDIR}"/overlay ]; then
|
||||
rsync -rltpDO "${CONFIGDIR}"/overlay/ /mnt/gentoo/
|
||||
fi
|
||||
|
||||
cp -uv /usr/${target}/usr/bin/grub-editenv /mnt/gentoo/usr/bin/
|
||||
|
||||
find /mnt/gentoo/usr/${target}/usr/lib/udev/rules.d \
|
||||
if [ -d /mnt/gentoo/usr/${target}/usr/lib/udev/rules.d ]; then
|
||||
find /mnt/gentoo/usr/${target}/usr/lib/udev/rules.d \
|
||||
-name '*.rules' \
|
||||
-exec mv -t /mnt/gentoo/usr/lib/udev/rules.d/ {} +
|
||||
fi
|
||||
|
||||
if [ -f /mnt/gentoo/etc/udev/hwdb.bin ]; then
|
||||
mv /mnt/gentoo/etc/udev/hwdb.bin /mnt/gentoo/usr/lib/udev/
|
||||
fi
|
||||
|
||||
rm -f /mnt/gentoo/lib/tmpfiles.d/provision.conf
|
||||
sed -i 's:d /var/log :v /var/log :' /mnt/gentoo/lib/tmpfiles.d/var.conf
|
||||
systemd-tmpfiles --root=/mnt/gentoo -E --exclude-prefix=/var --create
|
||||
|
||||
systemctl preset-all --root=/mnt/gentoo
|
||||
|
|
@ -100,10 +109,10 @@ setfiles \
|
|||
-F \
|
||||
-m \
|
||||
-r /mnt/gentoo \
|
||||
-c /mnt/gentoo/etc/selinux/strict/policy/policy.* \
|
||||
-c /mnt/gentoo/etc/selinux/mcs/policy/policy.* \
|
||||
-e /mnt/gentoo/var/db/pkg \
|
||||
-e /mnt/gentoo/etc/portage \
|
||||
/mnt/gentoo/etc/selinux/strict/contexts/files/file_contexts \
|
||||
/mnt/gentoo/etc/selinux/mcs/contexts/files/file_contexts \
|
||||
/mnt/gentoo
|
||||
|
||||
touch /mnt/gentoo/usr
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
set -e
|
||||
|
||||
. ./config
|
||||
. "${CONFIGDIR:=${PWD}}"/config
|
||||
|
||||
IMAGESDIR="${1}"
|
||||
|
||||
|
|
@ -12,7 +12,7 @@ mksquashfs \
|
|||
/mnt/gentoo \
|
||||
"${IMAGESDIR}"/rootfs.squashfs \
|
||||
-comp gzip \
|
||||
-ef squashfs.exclude \
|
||||
-ef "${CONFIGDIR}"/squashfs.exclude \
|
||||
-no-exports \
|
||||
-noappend \
|
||||
-wildcards
|
||||
|
|
|
|||
|
|
@ -1,18 +0,0 @@
|
|||
#!/bin/sh
|
||||
# vim: set sw=4 ts=4 sts=4 et :
|
||||
|
||||
set -e
|
||||
|
||||
. ./config
|
||||
|
||||
O="${1}"
|
||||
|
||||
./patch-uboot.sh
|
||||
cd u-boot
|
||||
cat configs/rpi_4_defconfig ../u-boot.config > configs/yellow_defconfig
|
||||
make O="${O}"/u-boot yellow_defconfig
|
||||
CROSS_COMPILE=${target}- make O="${O}"/u-boot -j$(nproc)
|
||||
cd ..
|
||||
|
||||
mkdir -p "${O}"/efi-part
|
||||
cp -u "${O}"/u-boot/u-boot.bin "${O}"/efi-part
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
set -e
|
||||
|
||||
. ./config
|
||||
. "${CONFIGDIR:=${PWD}}"/config
|
||||
|
||||
IMAGESDIR="$1"
|
||||
|
||||
|
|
|
|||
|
|
@ -1,3 +1,2 @@
|
|||
sys-boot/grub
|
||||
sys-boot/raspberrypi-firmware
|
||||
sys-boot/u-boot
|
||||
|
|
|
|||
6
build.sh
6
build.sh
|
|
@ -3,17 +3,19 @@
|
|||
|
||||
set -e
|
||||
|
||||
. ./config
|
||||
. "${CONFIGDIR}"/config
|
||||
|
||||
unset MAKEFLAGS MAKEOVERRIDES MAKELEVEL
|
||||
|
||||
export PORTAGE_CONFIGROOT="${PWD}"/portage/config/target
|
||||
export PORTAGE_CONFIGROOT="${CONFIGDIR}"/portage/target
|
||||
|
||||
${target}-emerge -vuUDj sys-apps/util-linux
|
||||
|
||||
cat \
|
||||
build.packages \
|
||||
install.packages \
|
||||
"${CONFIGDIR}"/build.packages \
|
||||
"${CONFIGDIR}"/install.packages \
|
||||
| xargs -ro \
|
||||
${target}-emerge -vnuUDj
|
||||
${target}-emerge -v @preserved-rebuild
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ cleanup() {
|
|||
fi
|
||||
}
|
||||
|
||||
. ./config
|
||||
. "${CONFIGDIR:=${PWD}}"/config
|
||||
|
||||
O="${1}"
|
||||
IMAGESDIR="${2}"
|
||||
|
|
|
|||
2
ocivm.sh
2
ocivm.sh
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
set -e
|
||||
|
||||
. ./config
|
||||
. "${CONFIGDIR:=${PWD}}"/config
|
||||
|
||||
name=build_yellow
|
||||
if ! ocivm list | grep -q localhost/cross-${target}; then
|
||||
|
|
|
|||
|
|
@ -12,4 +12,4 @@ SELINUX=enforcing
|
|||
# mls - Full SELinux protection with Multi-Level Security
|
||||
# mcs - Full SELinux protection with Multi-Category Security
|
||||
# (mls, but only one sensitivity level)
|
||||
SELINUXTYPE=strict
|
||||
SELINUXTYPE=mcs
|
||||
|
|
|
|||
|
|
@ -0,0 +1,56 @@
|
|||
#!/bin/sh
|
||||
# vim: set sw=4 ts=4 sts=4 et :
|
||||
|
||||
if [ -z "${_UNSHARED}" ]; then
|
||||
export _UNSHARED=1
|
||||
exec unshare -m "$0" "$@"
|
||||
fi
|
||||
unset _UNSHARED
|
||||
|
||||
cleanup() {
|
||||
if is_mount -q /etc; then
|
||||
umount -R /etc
|
||||
fi
|
||||
if [ -n "${tmpdir}" ] && [ "${tmpdir}" != / ]; then
|
||||
if is_mount "${tmpdir}"; then
|
||||
umount -R "${tmpdir}"
|
||||
fi
|
||||
rm -rf "${tmpdir}"
|
||||
fi
|
||||
unset tmpdir
|
||||
}
|
||||
|
||||
is_mount() {
|
||||
awk '
|
||||
BEGIN { rc = 1 }
|
||||
$5 == "'"${1}"'" { rc = 0 }
|
||||
END { exit rc }
|
||||
' /proc/self/mountinfo
|
||||
}
|
||||
|
||||
tmpdir=$(mktemp -d)
|
||||
trap 'cleanup' INT QUIT TERM EXIT
|
||||
mount \
|
||||
-t tmpfs \
|
||||
-o private,rootcontext=system_u:object_r:etc_t:s0 \
|
||||
tmpfs \
|
||||
"${tmpdir}" \
|
||||
|| exit
|
||||
|
||||
mkdir -p \
|
||||
"${tmpdir}"/etc \
|
||||
"${tmpdir}"/etc/pam.d \
|
||||
"${tmpdir}"/etc/security \
|
||||
"${tmpdir}"/etc/selinux \
|
||||
|| exit
|
||||
cp -a /etc/passwd /etc/shadow "${tmpdir}"/etc || exit
|
||||
mount -o bind /etc/pam.d "${tmpdir}"/etc/pam.d || exit
|
||||
mount -o bind /etc/security "${tmpdir}"/etc/security || exit
|
||||
mount -o bind /etc/selinux "${tmpdir}"/etc/selinux || exit
|
||||
mount --rbind "${tmpdir}"/etc /etc || exit
|
||||
|
||||
passwd || exit
|
||||
|
||||
mv /etc/shadow "${tmpdir}"/shadow || exit
|
||||
umount -R /etc || exit
|
||||
cat "${tmpdir}"/shadow > /etc/shadow || exit
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
[Unit]
|
||||
Description=Restore SELinux file contexts in /var
|
||||
ConditionNeedsUpdate=/var
|
||||
DefaultDependencies=no
|
||||
After=local-fs.target
|
||||
Before=sysinit.target
|
||||
Before=systemd-tmpfiles-setup.service
|
||||
Before=systemd-update-done.service
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/sbin/restorecon -RFv /var
|
||||
|
||||
[Install]
|
||||
WantedBy=sysinit.target
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
[Service]
|
||||
Environment=SYSTEMD_TMPFILES_FORCE_SUBVOL=1
|
||||
|
|
@ -1,9 +1,7 @@
|
|||
#!/bin/sh
|
||||
# vim: set sw=4 ts=4 sts=4 et :
|
||||
|
||||
DATAPART=PARTLABEL=dch-data
|
||||
|
||||
seq 1 30
|
||||
DATAPART=$(awk '$2=="/var"{print $1}' /etc/fstab)
|
||||
|
||||
dev=$(findfs "${DATAPART}")
|
||||
if [ -z "${dev}" ]; then
|
||||
|
|
|
|||
|
|
@ -1,6 +1,13 @@
|
|||
#!/bin/sh
|
||||
# vim: set sw=4 ts=4 sts=4 et :
|
||||
|
||||
SUBVOLUMES='
|
||||
/var
|
||||
/var/log
|
||||
/var/tmp
|
||||
/etc
|
||||
'
|
||||
|
||||
cleanup() {
|
||||
if [ -n "${tmpdir}" ] && [ "${tmpdir}" != / ]; then
|
||||
if mountpoint -q "${tmpdir}"; then
|
||||
|
|
@ -16,7 +23,7 @@ copy_var() {
|
|||
|
||||
echo 'Copying /var contents to data volume'
|
||||
mount -o subvol=var "${dev}" "${tmpdir}" || exit
|
||||
cp -auv /var/. "${tmpdir}" || exit
|
||||
cp -acuv /var/. "${tmpdir}" || exit
|
||||
umount "${tmpdir}"
|
||||
}
|
||||
|
||||
|
|
@ -26,8 +33,11 @@ format_dev() {
|
|||
mkfs.btrfs "${dev}" || exit
|
||||
|
||||
mount "${dev}" "${tmpdir}" || exit
|
||||
btrfs subvolume create "${tmpdir}"/var || exit
|
||||
chcon -t var_t "${tmpdir}"/var || exit
|
||||
for vol in ${SUBVOLUMES}; do
|
||||
mkdir -p "${tmpdir}${vol%/*}" || exit
|
||||
btrfs subvolume create "${tmpdir}${vol}" || exit
|
||||
done
|
||||
relabel_all
|
||||
umount "${dev}" || exit
|
||||
}
|
||||
|
||||
|
|
@ -37,7 +47,51 @@ has_fs() {
|
|||
[ -n "${fstype}" ]
|
||||
}
|
||||
|
||||
datapart=$(findfs PARTLABEL=dch-data)
|
||||
relabel_all() {
|
||||
selinuxtype=$(. /etc/selinux/config && echo ${SELINUXTYPE})
|
||||
find "${tmpdir}" | \
|
||||
setfiles \
|
||||
-v \
|
||||
-F \
|
||||
-m \
|
||||
-r "${tmpdir}" \
|
||||
-s \
|
||||
/etc/selinux/${selinuxtype}/contexts/files/file_contexts
|
||||
}
|
||||
|
||||
setup_etc() {
|
||||
dev="$1"
|
||||
|
||||
echo 'Initializing writable paths in /etc'
|
||||
mount -o subvol=etc "${dev}" "${tmpdir}" || exit
|
||||
if [ ! -f "${tmpdir}"/shadow ]; then
|
||||
cp -ca /etc/shadow "${tmpdir}"/shadow || exit
|
||||
fi
|
||||
mount -o bind "${tmpdir}"/shadow /etc/shadow || exit
|
||||
if [ -f /etc/aimee-os/writable-etc ]; then
|
||||
while read type path; do
|
||||
if [ ! -e "${tmpdir}/${path}" ]; then
|
||||
if [ -e /etc/"${path}" ]; then
|
||||
cp -ca /etc/"${path}" "${tmpdir}/${path}"
|
||||
elif [ "${type}" = d ]; then
|
||||
mkdir -p "${tmpdir}/${path}"
|
||||
elif [ "${type}" = f ]; then
|
||||
: > "${tmpdir}/${path}"
|
||||
else
|
||||
printf 'Invalid path type %s for %s\n' \
|
||||
"${type}" \
|
||||
"${path}" \
|
||||
>&2
|
||||
continue
|
||||
fi
|
||||
fi
|
||||
mount -o bind "${tmpdir}/${path}" /etc/"${path}"
|
||||
done < /etc/aimee-os/writable-etc
|
||||
fi
|
||||
umount "${tmpdir}"
|
||||
}
|
||||
|
||||
datapart=$(findfs $(awk '$2=="/var"{print $1}' /etc/fstab))
|
||||
if [ -b "${datapart}" ]; then
|
||||
printf 'Found data partition: %s\n' "${datapart}"
|
||||
else
|
||||
|
|
@ -53,4 +107,5 @@ if ! has_fs "${datapart}"; then
|
|||
format_dev "${datapart}"
|
||||
fi
|
||||
|
||||
setup_etc "${datapart}"
|
||||
copy_var "${datapart}"
|
||||
|
|
|
|||
|
|
@ -1,17 +0,0 @@
|
|||
#!/bin/sh
|
||||
# vim: set sw=4 ts=4 sts=4 et :
|
||||
|
||||
if [ -f u-boot/.patched ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
rc=0
|
||||
cd u-boot || exit
|
||||
for x in ../patches/uboot/*.patch; do
|
||||
[ -f "${x}" ] || continue
|
||||
printf 'Applying patch %s ...\n' "${x##*/}"
|
||||
patch -p1 < "${x}" || rc=$?
|
||||
done
|
||||
if [ $rc -eq 0 ]; then
|
||||
: > .patched
|
||||
fi
|
||||
|
|
@ -1 +0,0 @@
|
|||
ACCEPT_KEYWORDS="~${ARCH} ${ARCH}"
|
||||
|
|
@ -1 +0,0 @@
|
|||
sys-kernel/linux-firmware compress savedconfig
|
||||
|
|
@ -1 +0,0 @@
|
|||
app-admin/setools-4.4.0-r3
|
||||
|
|
@ -1,47 +0,0 @@
|
|||
## <summary>Policy for Aimee OS utilities.</summary>
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute system-update in the aimee_sysupdate_t
|
||||
## domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`aimee_os_system_update_domtrans',`
|
||||
gen_require(`
|
||||
type aimee_sysupdate_t, aimee_sysupdate_exec_t;
|
||||
')
|
||||
|
||||
domtrans_pattern($1, aimee_sysupdate_exec_t, aimee_sysupdate_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute system-update in the aimee_sysupdate_t
|
||||
## domain, and allow the specified role the
|
||||
## aimee_sysupdate_t domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="role">
|
||||
## <summary>
|
||||
## Role allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`aimee_os_run_system_update',`
|
||||
gen_require(`
|
||||
type aimee_sysupdate_t;
|
||||
')
|
||||
|
||||
aimee_os_system_update_domtrans($1)
|
||||
role $2 types aimee_sysupdate_t;
|
||||
')
|
||||
|
|
@ -3,12 +3,8 @@
|
|||
|
||||
set -e
|
||||
|
||||
. ./config
|
||||
. "${CONFIGDIR:=${PWD}}"/config
|
||||
|
||||
cp -uv \
|
||||
/usr/${target}/boot/*.bin \
|
||||
/usr/${target}/boot/*.dat \
|
||||
/usr/${target}/boot/*.elf \
|
||||
/usr/${target}/usr/share/u-boot/u-boot.bin \
|
||||
config.txt \
|
||||
"$1"/efi-part/
|
||||
if [ -f "${CONFIGDIR}"/post-build.sh ]; then
|
||||
. "${CONFIGDIR}"/post-build.sh
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
set -e
|
||||
|
||||
. ./config
|
||||
. "${CONFIGDIR:=${PWD}}"/config
|
||||
|
||||
# Ensure we have a Portage repo
|
||||
if [ ! -f /var/db/repos/gentoo/metadata/timestamp ]; then
|
||||
|
|
@ -35,7 +35,7 @@ if [ ! -f portage/make.conf/10-crossdev.conf ]; then
|
|||
-e 's: ?-pam::' \
|
||||
-e '/PKGDIR=/d' \
|
||||
/usr/${target}/etc/portage/make.conf \
|
||||
> portage/config/target/etc/portage/make.conf/10-crossdev.conf
|
||||
> "${CONFIGDIR}"/portage/target/etc/portage/make.conf/10-crossdev.conf
|
||||
fi
|
||||
|
||||
ln -snf /var/db/repos/gentoo/profiles/default/linux/${ARCH}/17.0 \
|
||||
|
|
@ -58,7 +58,7 @@ merge-usr --root=/usr/${target}
|
|||
# Set the Portage profile
|
||||
ln -snf \
|
||||
/var/db/repos/gentoo/profiles/${profile} \
|
||||
portage/config/target/etc/portage/make.profile
|
||||
${CONFIGDIR}/portage/target/etc/portage/make.profile
|
||||
ln -snf \
|
||||
$(realpath /etc/portage/make.profile) \
|
||||
portage/config/host/etc/portage/make.profile
|
||||
${CONFIGDIR}/portage/host/etc/portage/make.profile
|
||||
|
|
|
|||
|
|
@ -3,10 +3,10 @@
|
|||
|
||||
set -e
|
||||
|
||||
. ./config
|
||||
. "${CONFIGDIR:=${PWD}}"/config
|
||||
|
||||
unset MAKEFLAGS MAKEOVERRIDES MAKELEVEL
|
||||
|
||||
export PORTAGE_CONFIGROOT="${PWD}"/portage/config/target
|
||||
export PORTAGE_CONFIGROOT="${CONFIGDIR}"/portage/target
|
||||
|
||||
${target}-emerge -bv1j --usepkg-exclude="$*" "$@"
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
/usr/bin/system-update -- gen_context(system_u:object_r:aimee_sysupdate_exec_t,s0)
|
||||
/usr/bin/set-root-password -- gen_context(system_u:object_r:aimee_set_root_password_exec_t,s0)
|
||||
/usr/libexec/factory-reset -- gen_context(system_u:object_r:aimee_factory_reset_exec_t,s0)
|
||||
/usr/libexec/init-storage -- gen_context(system_u:object_r:aimee_storinit_exec_t,s0)
|
||||
|
||||
|
|
@ -0,0 +1,135 @@
|
|||
## <summary>Policy for Aimee OS utilities.</summary>
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute system-update in the aimee_sysupdate_t
|
||||
## domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`aimee_os_system_update_domtrans',`
|
||||
gen_require(`
|
||||
type aimee_sysupdate_t, aimee_sysupdate_exec_t;
|
||||
')
|
||||
|
||||
domtrans_pattern($1, aimee_sysupdate_exec_t, aimee_sysupdate_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute system-update in the aimee_sysupdate_t
|
||||
## domain, and allow the specified role the
|
||||
## aimee_sysupdate_t domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="role">
|
||||
## <summary>
|
||||
## Role allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`aimee_os_run_system_update',`
|
||||
gen_require(`
|
||||
type aimee_sysupdate_t;
|
||||
')
|
||||
|
||||
aimee_os_system_update_domtrans($1)
|
||||
role $2 types aimee_sysupdate_t;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute set-root-password in the
|
||||
## aimee_set_root_password_t domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`aimee_os_set_root_password_domtrans',`
|
||||
gen_require(`
|
||||
type aimee_set_root_password_t, aimee_set_root_password_exec_t;
|
||||
')
|
||||
|
||||
domtrans_pattern($1, aimee_set_root_password_exec_t, aimee_set_root_password_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute set-root-password in the
|
||||
## aimee_set_root_password_t domain, and
|
||||
## allow the specified role the
|
||||
## aimee_set_root_password_t domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="role">
|
||||
## <summary>
|
||||
## Role allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`aimee_os_run_set_root_password',`
|
||||
gen_require(`
|
||||
type aimee_set_root_password_t;
|
||||
')
|
||||
|
||||
aimee_os_set_root_password_domtrans($1)
|
||||
role $2 types aimee_set_root_password_t;
|
||||
mount_run(aimee_set_root_password_t, $2)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute set-root-password in the caller
|
||||
## domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`aimee_os_set_root_password_exec',`
|
||||
gen_require(`
|
||||
type aimee_set_root_password_exec_t;
|
||||
')
|
||||
|
||||
corecmd_search_bin($1)
|
||||
can_exec($1, aimee_set_root_password_exec_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Create, read, write, and delete temporary
|
||||
## files used by Aimee OS set-root-password.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`aimee_os_manage_set_root_password_tmp_files',`
|
||||
gen_require(`
|
||||
type aimee_set_root_password_tmp_t;
|
||||
')
|
||||
|
||||
manage_files_pattern($1, aimee_set_root_password_tmp_t, aimee_set_root_password_tmp_t)
|
||||
read_lnk_files_pattern($1, aimee_set_root_password_tmp_t, aimee_set_root_password_tmp_t)
|
||||
')
|
||||
|
|
@ -23,6 +23,13 @@ type aimee_factory_reset_t;
|
|||
type aimee_factory_reset_exec_t;
|
||||
init_daemon_domain(aimee_factory_reset_t, aimee_factory_reset_exec_t)
|
||||
|
||||
type aimee_set_root_password_t;
|
||||
type aimee_set_root_password_exec_t;
|
||||
userdom_user_application_domain(aimee_set_root_password_t, aimee_set_root_password_exec_t)
|
||||
|
||||
type aimee_set_root_password_tmp_t;
|
||||
files_tmp_file(aimee_set_root_password_tmp_t)
|
||||
|
||||
########################################
|
||||
#
|
||||
# init-storage local policy
|
||||
|
|
@ -30,6 +37,7 @@ init_daemon_domain(aimee_factory_reset_t, aimee_factory_reset_exec_t)
|
|||
|
||||
allow aimee_storinit_t self:fifo_file rw_fifo_file_perms;
|
||||
allow aimee_storinit_t self:capability { chown fsetid sys_admin };
|
||||
allow aimee_storinit_t self:process { setfscreate };
|
||||
|
||||
manage_dirs_pattern(aimee_storinit_t, aimee_storinit_runtime_t, aimee_storinit_runtime_t)
|
||||
manage_files_pattern(aimee_storinit_t, aimee_storinit_runtime_t, aimee_storinit_runtime_t)
|
||||
|
|
@ -37,6 +45,7 @@ files_runtime_filetrans(aimee_storinit_t, aimee_storinit_runtime_t, dir)
|
|||
|
||||
corecmd_exec_bin(aimee_storinit_t)
|
||||
|
||||
files_read_etc_files(aimee_storinit_t)
|
||||
storage_raw_read_fixed_disk(aimee_storinit_t)
|
||||
fstools_domtrans(aimee_storinit_t)
|
||||
mount_exec(aimee_storinit_t)
|
||||
|
|
@ -55,44 +64,32 @@ gen_require(`
|
|||
')
|
||||
dontaudit aimee_storinit_t mount_runtime_t:dir write;
|
||||
|
||||
files_manage_var_dirs(aimee_storinit_t)
|
||||
files_manage_var_files(aimee_storinit_t)
|
||||
files_manage_var_symlinks(aimee_storinit_t)
|
||||
seutil_read_config(aimee_storinit_t)
|
||||
seutil_read_file_contexts(aimee_storinit_t)
|
||||
seutil_read_bin_policy(aimee_storinit_t)
|
||||
seutil_domtrans_setfiles(aimee_storinit_t)
|
||||
|
||||
kernel_manage_unlabeled_dirs(aimee_storinit_t)
|
||||
|
||||
files_manage_non_security_dirs(aimee_storinit_t)
|
||||
files_relabel_non_security_dirs(aimee_storinit_t)
|
||||
files_manage_non_security_files(aimee_storinit_t)
|
||||
files_relabel_non_security_files(aimee_storinit_t)
|
||||
logging_manage_audit_log(aimee_storinit_t)
|
||||
gen_require(`
|
||||
type var_lib_t, var_lock_t, var_run_t;
|
||||
type semanage_store_t;
|
||||
type semanage_read_lock_t, semanage_trans_lock_t;
|
||||
type system_dbusd_var_lib_t;
|
||||
type init_var_lib_t;
|
||||
type auditd_log_t;
|
||||
type tmp_t;
|
||||
attribute logfile;
|
||||
attribute non_security_file_type;
|
||||
')
|
||||
manage_dirs_pattern(aimee_storinit_t, var_lib_t, var_lib_t)
|
||||
manage_files_pattern(aimee_storinit_t, var_lib_t, var_lib_t)
|
||||
manage_lnk_files_pattern(aimee_storinit_t, var_lib_t, var_lib_t)
|
||||
manage_lnk_files_pattern(aimee_storinit_t, var_lock_t, var_lock_t)
|
||||
manage_dirs_pattern(aimee_storinit_t, var_run_t, var_run_t)
|
||||
manage_files_pattern(aimee_storinit_t, var_run_t, var_run_t)
|
||||
manage_lnk_files_pattern(aimee_storinit_t, var_run_t, var_run_t)
|
||||
manage_dirs_pattern(aimee_storinit_t, semanage_store_t, semanage_store_t)
|
||||
manage_files_pattern(aimee_storinit_t, semanage_store_t, semanage_store_t)
|
||||
manage_dirs_pattern(aimee_storinit_t, semanage_read_lock_t, semanage_read_lock_t)
|
||||
manage_files_pattern(aimee_storinit_t, semanage_read_lock_t, semanage_read_lock_t)
|
||||
manage_dirs_pattern(aimee_storinit_t, semanage_trans_lock_t, semanage_trans_lock_t)
|
||||
manage_files_pattern(aimee_storinit_t, semanage_trans_lock_t, semanage_trans_lock_t)
|
||||
manage_dirs_pattern(aimee_storinit_t, system_dbusd_var_lib_t, system_dbusd_var_lib_t)
|
||||
manage_files_pattern(aimee_storinit_t, system_dbusd_var_lib_t, system_dbusd_var_lib_t)
|
||||
manage_lnk_files_pattern(aimee_storinit_t, system_dbusd_var_lib_t, system_dbusd_var_lib_t)
|
||||
manage_dirs_pattern(aimee_storinit_t, init_var_lib_t, init_var_lib_t)
|
||||
manage_files_pattern(aimee_storinit_t, init_var_lib_t, init_var_lib_t)
|
||||
manage_dirs_pattern(aimee_storinit_t, logfile, logfile)
|
||||
manage_files_pattern(aimee_storinit_t, logfile, logfile)
|
||||
manage_dirs_pattern(aimee_storinit_t, auditd_log_t, auditd_log_t)
|
||||
manage_files_pattern(aimee_storinit_t, auditd_log_t, auditd_log_t)
|
||||
manage_dirs_pattern(aimee_storinit_t, tmp_t, tmp_t)
|
||||
manage_files_pattern(aimee_storinit_t, tmp_t, tmp_t)
|
||||
manage_lnk_files_pattern(aimee_storinit_t, non_security_file_type, non_security_file_type)
|
||||
relabel_lnk_files_pattern(aimee_storinit_t, non_security_file_type, non_security_file_type)
|
||||
|
||||
auth_manage_shadow(aimee_storinit_t)
|
||||
auth_relabel_shadow(aimee_storinit_t)
|
||||
gen_require(`
|
||||
type shadow_t;
|
||||
attribute configfile;
|
||||
')
|
||||
allow aimee_storinit_t shadow_t:file mounton;
|
||||
allow aimee_storinit_t configfile:{file dir} mounton;
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -153,11 +150,70 @@ allow aimee_factory_reset_t self:fifo_file rw_fifo_file_perms;
|
|||
corecmd_exec_bin(aimee_factory_reset_t)
|
||||
dev_read_sysfs(aimee_factory_reset_t)
|
||||
kernel_read_system_state(aimee_factory_reset_t)
|
||||
files_read_etc_files(aimee_factory_reset_t)
|
||||
fstools_exec(aimee_factory_reset_t)
|
||||
fstools_manage_runtime_files(aimee_factory_reset_t)
|
||||
miscfiles_read_localization(aimee_factory_reset_t)
|
||||
storage_raw_rw_fixed_disk(aimee_factory_reset_t)
|
||||
|
||||
########################################
|
||||
#
|
||||
# set-root-password local policy
|
||||
#
|
||||
|
||||
gen_require(`
|
||||
class passwd { passwd };
|
||||
')
|
||||
|
||||
allow aimee_set_root_password_t self:capability { sys_admin };
|
||||
allow aimee_set_root_password_t self:fifo_file rw_fifo_file_perms;
|
||||
allow aimee_set_root_password_t self:process setfscreate;
|
||||
allow aimee_set_root_password_t self:process { ptrace sigkill sigstop signal };
|
||||
allow aimee_set_root_password_t self:passwd passwd;
|
||||
|
||||
files_tmp_filetrans(aimee_set_root_password_t, aimee_set_root_password_tmp_t, dir)
|
||||
manage_dirs_pattern(aimee_set_root_password_t, aimee_set_root_password_tmp_t, aimee_set_root_password_tmp_t)
|
||||
manage_files_pattern(aimee_set_root_password_t, aimee_set_root_password_tmp_t, aimee_set_root_password_tmp_t)
|
||||
relabel_files_pattern(aimee_set_root_password_t, aimee_set_root_password_tmp_t, aimee_set_root_password_tmp_t)
|
||||
|
||||
domain_use_interactive_fds(aimee_set_root_password_t)
|
||||
userdom_use_inherited_user_terminals(aimee_set_root_password_t)
|
||||
userdom_search_user_home_dirs(aimee_set_root_password_t)
|
||||
corecmd_exec_bin(aimee_set_root_password_t)
|
||||
selinux_get_fs_mount(aimee_set_root_password_t)
|
||||
seutil_read_config(aimee_set_root_password_t)
|
||||
miscfiles_read_localization(aimee_set_root_password_t)
|
||||
files_mounton_root(aimee_set_root_password_t)
|
||||
aimee_os_set_root_password_exec(aimee_set_root_password_t)
|
||||
mount_list_runtime(aimee_set_root_password_t)
|
||||
fs_getattr_all_fs(aimee_set_root_password_t)
|
||||
fs_mount_all_fs(aimee_set_root_password_t)
|
||||
fs_unmount_all_fs(aimee_set_root_password_t)
|
||||
files_read_var_lib_files(aimee_set_root_password_t)
|
||||
files_manage_etc_files(aimee_set_root_password_t)
|
||||
files_relabel_etc_files(aimee_set_root_password_t)
|
||||
files_manage_etc_dirs(aimee_set_root_password_t)
|
||||
auth_manage_shadow(aimee_set_root_password_t)
|
||||
auth_relabel_shadow(aimee_set_root_password_t)
|
||||
files_mounton_etc_dirs(aimee_set_root_password_t)
|
||||
usermanage_domtrans_passwd(aimee_set_root_password_t)
|
||||
dev_read_sysfs(aimee_set_root_password_t)
|
||||
aimee_os_manage_set_root_password_tmp_files(aimee_set_root_password_t)
|
||||
|
||||
gen_require(`
|
||||
type mount_t;
|
||||
type passwd_t;
|
||||
')
|
||||
allow aimee_set_root_password_t aimee_set_root_password_tmp_t:dir mounton;
|
||||
allow mount_t aimee_set_root_password_tmp_t:dir mounton;
|
||||
aimee_os_manage_set_root_password_tmp_files(passwd_t)
|
||||
|
||||
gen_require(`
|
||||
type sysadm_t;
|
||||
role sysadm_r;
|
||||
')
|
||||
aimee_os_run_set_root_password(sysadm_t, sysadm_r)
|
||||
|
||||
########################################
|
||||
#
|
||||
# Additional policy rules for Aimee OS-specific behavior
|
||||
|
|
@ -170,3 +226,15 @@ gen_require(`
|
|||
')
|
||||
allow ssh_keygen_t var_lib_t:dir rw_dir_perms;
|
||||
filetrans_pattern(ssh_keygen_t, var_lib_t, sshd_key_t, file)
|
||||
|
||||
# Allow login to execute /bin/busybox (via /bin/sh symlink)
|
||||
gen_require(`
|
||||
type local_login_t;
|
||||
')
|
||||
corecmd_exec_bin(local_login_t)
|
||||
|
||||
# Allow root to log in on the serial console
|
||||
gen_require(`
|
||||
type sysadm_t;
|
||||
')
|
||||
init_use_fds(sysadm_t)
|
||||
|
|
@ -3,30 +3,40 @@
|
|||
|
||||
set -e
|
||||
|
||||
. ./config
|
||||
. "${CONFIGDIR:=${PWD}}"/config
|
||||
|
||||
mkdir -p portage/config/target/etc/portage/repos.conf
|
||||
mkdir -p "${CONFIGDIR}"/portage/target/etc/portage/repos.conf
|
||||
|
||||
cat > portage/config/target/etc/portage/repos.conf/aimee-os.conf <<EOF
|
||||
cat > "${CONFIGDIR}"/portage/target/etc/portage/repos.conf/aimee-os.conf <<EOF
|
||||
[aimee-os]
|
||||
location = ${PWD}/portage/repos/aimee-os
|
||||
location = ${PWD}/repos/aimee-os
|
||||
auto-sync = no
|
||||
EOF
|
||||
|
||||
cat > portage/config/target/etc/portage/repos.conf/x-portage.conf <<EOF
|
||||
cat > "${CONFIGDIR}"/portage/target/etc/portage/repos.conf/x-portage.conf <<EOF
|
||||
[x-portage]
|
||||
location = ${PWD}/portage/repos/x-portage
|
||||
location = ${PWD}/repos/x-portage
|
||||
auto-sync = no
|
||||
EOF
|
||||
|
||||
find repos/x-portage \
|
||||
-mindepth 1 \
|
||||
-maxdepth 1 \
|
||||
-type d \
|
||||
-not -name metadata \
|
||||
-not -name profiles \
|
||||
| xargs rm -rfv
|
||||
|
||||
for patch in patches/ebuilds/*/*/*.patch; do
|
||||
[ -f "${patch}" ] || continue
|
||||
cp=${patch#patches/ebuilds/}
|
||||
cp=${cp%/*.patch}
|
||||
printf 'Applying patch %s for %s ...\n' "${patch##*/}" "${cp}"
|
||||
mkdir -p portage/repos/x-portage/${cp}
|
||||
cp -r /var/db/repos/gentoo/${cp}/. portage/repos/x-portage/${cp}
|
||||
for f in portage/repos/x-portage/${cp}/*.ebuild; do
|
||||
if [ ! -d repos/x-portage/${cp} ]; then
|
||||
mkdir -p repos/x-portage/${cp}
|
||||
cp -r /var/db/repos/gentoo/${cp}/. repos/x-portage/${cp}
|
||||
fi
|
||||
for f in repos/x-portage/${cp}/*.ebuild; do
|
||||
patch "${f}" "${patch}"
|
||||
ebuild "${f}" digest
|
||||
done
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
set -e
|
||||
|
||||
. ./config
|
||||
. "${CONFIGDIR:=${PWD}}"/config
|
||||
|
||||
podman run \
|
||||
--tmpfs /var/tmp \
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
portage/*/etc/portage/make.profile
|
||||
portage/*/etc/portage/repos.conf
|
||||
portage/target/etc/portage/make.conf/10-crossdev.conf
|
||||
|
|
@ -0,0 +1 @@
|
|||
sys-boot/grub
|
||||
|
|
@ -0,0 +1 @@
|
|||
ACCEPT_KEYWORDS="${ARCH}"
|
||||
|
|
@ -0,0 +1 @@
|
|||
/var/db/repos/gentoo/profiles/default/linux/amd64/17.1/no-multilib
|
||||
|
|
@ -0,0 +1 @@
|
|||
sys-fs/genimage ~amd64
|
||||
|
|
@ -0,0 +1,22 @@
|
|||
# Note: profile variables are set/overridden in profile/ files:
|
||||
# etc/portage/profile/use.force (overrides kernel_* USE variables)
|
||||
# etc/portage/profile/make.defaults (overrides ARCH, KERNEL, ELIBC variables)
|
||||
|
||||
CHOST=aarch64-unknown-linux-gnu
|
||||
CBUILD=x86_64-pc-linux-gnu
|
||||
|
||||
ROOT=/usr/${CHOST}/
|
||||
|
||||
ACCEPT_KEYWORDS="${ARCH} ~${ARCH}"
|
||||
|
||||
USE="${ARCH}"
|
||||
|
||||
CFLAGS="-O2 -pipe -fomit-frame-pointer"
|
||||
CXXFLAGS="${CFLAGS}"
|
||||
|
||||
FEATURES="-collision-protect sandbox buildpkg noman noinfo nodoc"
|
||||
# Be sure we dont overwrite pkgs from another repo..
|
||||
PORTAGE_TMPDIR=${ROOT}tmp/
|
||||
|
||||
PKG_CONFIG_PATH="${ROOT}usr/lib/pkgconfig/"
|
||||
#PORTDIR_OVERLAY="/var/db/repos/local/"
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
USE="${USE} -unconfined"
|
||||
POLICY_TYPES=mcs
|
||||
|
|
@ -0,0 +1 @@
|
|||
/var/db/repos/gentoo/profiles/default/linux/arm64/17.0/systemd/selinux/merged-usr
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue