portage: Install-mask systemd-ssh-generator

This is pointless.

build.packages

@@ -1,2 +1,5 @@
 sys-boot/raspberrypi-firmware
 sys-boot/u-boot
+x11-libs/gtk+
+media-libs/mesa
+media-video/ffmpeg

ci/Jenkinsfile

@@ -34,5 +34,10 @@ pipeline {
                 archiveArtifacts '*'
             }
         }
+        failure {
+            dir('/var/tmp/portage') {
+                archiveArtifacts '*/*/temp/*.log'
+            }
+        }
     }
 }

ci/podTemplate.yaml

@@ -32,6 +32,9 @@ spec:
       subPath: distfiles
     - mountPath: /var/db/repos/gentoo
       name: portage
+    - mountPath: /var/tmp
+      name: workspace-volume
+      subPath: tmp
   hostUsers: false
   volumes:
   - name: binpkgs

config

@@ -2,5 +2,5 @@ target=aarch64-unknown-linux-gnu
 profile=default/linux/arm64/23.0/systemd
 kernel_pkg=sys-kernel/raspberrypi-sources
 kernel_defconfig=bcm2835
-device_tree=broadcom/bcm2711-rpi-4-b.dtb
+device_tree=broadcom/*.dtb
 rootflags='ro rootwait=4'

config.txt

@@ -1,12 +1,10 @@
+# dch: Tested working 2025-01-01 08:28 CST
+
 arm_64bit=1
+arm_boost=1
 
 start_x=1
 
-bootcode_delay=0
-boot_delay=0
-
-gpu_mem=32
-
 kernel=u-boot.bin
 
 enable_uart=1
@@ -14,4 +12,10 @@ dtoverlay=miniuart-bt
 
 dtparam i2c_arm=on
 
-device_tree=bcm2711-rpi-4-b.dtb
+display_auto_detect=1
+dtoverlay=vc4-kms-v3d
+dtoverlay=vc4-kms-dsi-ili9881-7inch
+max_framebuffers=2
+disable_fw_kms_setup=1
+disable_overscan=1
+dtparam=audio=on

customize.sh

@@ -1,6 +1,19 @@
 #!/bin/sh
 # vim: set sw=4 ts=4 sts=4 et :
 
+. "${CONFIGDIR:=${PWD}}"/config
+
+O=$1
+
+export PORTAGE_CONFIGROOT="$O"/portage
+
+${target}-emerge -vbknuUDj --onlydeps --with-bdeps=n www-client/firefox:esr
+PORTAGE_BINHOST=https://distfiles.gentoo.org/releases/arm64/binpackages/23.0/arm64 \
+${target}-emerge -vgKnj --root=/mnt/gentoo www-client/firefox:esr
+
 passwd -R /mnt/gentoo -d root
 
+groupadd -R /mnt/gentoo -r kiosk
+useradd -R /mnt/gentoo -r -m -d /home/kiosk -g kiosk kiosk
+
 systemctl --root=/mnt/gentoo enable wpa_supplicant@wlan0

install.packages

@@ -1,2 +1,3 @@
+gui-wm/sway
 net-wireless/wpa_supplicant
-www-client/firefox
+media-video/pipewire

linux.config

@@ -45,12 +45,64 @@ CONFIG_IPV6=y
 CONFIG_IPV6_SIT=m
 CONFIG_IPV6_SIT_6RD=m
 
+CONFIG_INPUT_TOUCHSCREEN=y
+CONFIG_TOUCHSCREEN_EDT_FT5X06=m
+CONFIG_TOUCHSCREEN_RASPBERRYPI_FW=m
+
+CONFIG_REGULATOR_RASPBERRYPI_TOUCHSCREEN_ATTINY=m
+CONFIG_REGULATOR_RASPBERRYPI_TOUCHSCREEN_V2=m
 # CONFIG_MEDIA_CEC_SUPPORT is not set
 # CONFIG_MEDIA_SUPPORT is not set
 
-# CONFIG_SOUND is not set
-# CONFIG_SND is not set
-# CONFIG_SND_SOC is not set
+CONFIG_DRM=m
+CONFIG_DRM_KMS_HELPER=m
+CONFIG_DRM_LOAD_EDID_FIRMWARE=y
+CONFIG_DRM_DISPLAY_HELPER=m
+CONFIG_DRM_GEM_SHMEM_HELPER=m
+CONFIG_DRM_SCHED=m
+CONFIG_DRM_PANEL_SIMPLE=m
+CONFIG_DRM_PANEL_ILITEK_ILI9806E=m
+CONFIG_DRM_PANEL_ILITEK_ILI9881C=m
+CONFIG_DRM_PANEL_RASPBERRYPI_TOUCHSCREEN=y
+CONFIG_DRM_DISPLAY_CONNECTOR=m
+CONFIG_DRM_TOSHIBA_TC358762=m
+CONFIG_DRM_SIMPLE_BRIDGE=m
+CONFIG_DRM_V3D=m
+CONFIG_VC4=m
+CONFIG_DRM_VC4_HDMI_CEC=y
+CONFIG_DRM_RP1_DSI=m
+CONFIG_DRM_RP1_DPI=m
+CONFIG_DRM_RP1_VEC=m
+CONFIG_DRM_PANEL_ORIENTATION_QUIRKS=m
+CONFIG_FB_BCM2708=y
+CONFIG_FB_SIMPLE=y
+CONFIG_FB_SSD1307=m
+CONFIG_FB_RPISENSE=m
+CONFIG_FB_CFB_FILLRECT=y
+CONFIG_FB_CFB_COPYAREA=y
+CONFIG_FB_CFB_IMAGEBLIT=y
+CONFIG_FB_IOMEM_HELPERS=y
+CONFIG_FB_BACKLIGHT=m
+CONFIG_BACKLIGHT_CLASS_DEVICE=m
+CONFIG_BACKLIGHT_PWM=m
+CONFIG_BACKLIGHT_RPI=m
+CONFIG_BACKLIGHT_LM3630A=m
+CONFIG_BACKLIGHT_GPIO=m
+CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y
+CONFIG_BCM_VC_SM_CMA=m
+
+CONFIG_SOUND=y
+CONFIG_SND=m
+# CONFIG_SND_PCM_TIMER is not set
+# CONFIG_SND_SUPPORT_OLD_API is not set
+# CONFIG_SND_PROC_FS is not set
+# CONFIG_SND_CTL_FAST_LOOKUP is not set
+# CONFIG_SND_DRIVERS is not set
+# CONFIG_SND_PCI is not set
+# CONFIG_SND_SPI is not set
+# CONFIG_SND_USB is not set
+CONFIG_SND_SOC=m
+CONFIG_SND_BCM2835_SOC_I2S=m
 
 CONFIG_AUDIT=y
 CONFIG_SECURITY=y
@@ -59,9 +111,11 @@ CONFIG_SECURITY_SELINUX=y
 CONFIG_DEFAULT_SECURITY_SELINUX=y
 # DEFAULT_SECURITY_DAC is not set
 
+CONFIG_BPF_SYSCALL=y
 CONFIG_POSIX_MQUEUE=y
 CONFIG_MEMCG=y
 CONFIG_CGROUP_PIDS=y
+CONFIG_CGROUP_BPF=y
 CONFIG_BLK_CGROUP=y
 
 CONFIG_USB_DWC2=m

overlay/etc/pam.d/kiosk

@@ -0,0 +1,8 @@
+account required pam_localuser.so
+
+session optional pam_loginuid.so
+session required pam_env.so envfile=/etc/profile.env
+session required pam_limits.so
+session required pam_env.so
+session required pam_unix.so
+session required pam_systemd.so

overlay/usr/lib/systemd/system/kiosk.service

@@ -0,0 +1,25 @@
+[Unit]
+After=systemd-user-sessions.service plymouth-quit-wait.service
+Before=graphical.target
+ConditionPathExists=/dev/tty1
+Wants=dbus.socket systemd-logind.service
+After=dbus.socket systemd-logind.service
+Conflicts=getty@tty1.service
+After=getty@tty1.service
+Wants=time-sync.target
+After=time-sync.target
+
+[Service]
+ExecStart=/usr/bin/sway -d
+User=kiosk
+Environment=WLR_LIBINPUT_NO_DEVICES=1
+StandardInput=tty
+StandardOutput=tty
+StandardError=journal
+TTYPath=/dev/tty1
+TTYReset=yes
+TTYVHangup=yes
+TTYVTDisallocate=yes
+PAMName=kiosk
+UtmpMode=user
+UtmpIdentifier=tty1

portage/make.conf/systemd.conf

@@ -1 +1,9 @@
-INSTALL_MASK="${INSTALL_MASK} /usr/lib/systemd/systemd-nsresourced* /usr/lib/systemd/system/systemd-nsresourced.*"
+INSTALL_MASK="
+${INSTALL_MASK}
+/etc/ssh/ssh*_config.d/*systemd*
+/usr/lib/systemd/ssh_config.d
+/usr/lib/systemd/sshd_config.d
+/usr/lib/systemd/system-generators/systemd-ssh-generator
+/usr/lib/systemd/system/systemd-nsresourced.*
+/usr/lib/systemd/systemd-nsresourced*
+"

portage/make.conf/wayland.conf

@@ -1 +1 @@
-USE="${USE} -X wayland"
+USE="${USE} wayland"

portage/package.accept_keywords/firefox

@@ -1 +0,0 @@
-dev-libs/nss ~amd64

portage/package.use/firefox

@@ -2,5 +2,14 @@ media-libs/harfbuzz -cairo
 media-libs/libvpx postproc
 media-libs/mesa -llvm wayland
 media-video/ffmpeg openssl -gnutls
-www-client/firefox -clang -telemetry dbus wayland
+
+# Must match USE flags of the www-client/firefox package on the
+# offical Gentoo binhost
+www-client/firefox X clang dbus gmp-autoupdate gnome-shell jumbo-build pulseaudio system-av1 system-harfbuzz system-icu system-jpeg system-libevent system-libvpx system-webp telemetry wayland LLVM_SLOT: 19 -17 -18
+x11-libs/cairo X
 x11-libs/gtk+ wayland
+media-libs/libglvnd X
+
+# Firefox requires a PulseAudio-compatible sound server; we use Pipewire
+media-video/pipewire sound-server
+media-libs/libcanberra udev alsa

prepare.sh

@@ -1,5 +1,7 @@
 #!/bin/sh
 
+. "${CONFIGDIR:=${PWD}}"/config
+
 if [ ! -f /var/db/repos/gentoo/metadata/timestamp ]; then
     emerge-webrsync
 fi
@@ -9,6 +11,7 @@ fi
 
 mkdir -p /etc/portage/package.use
 mkdir -p /etc/portage/make.conf
+echo 'virtual/libudev systemd' >> /etc/portage/package.use/systemd
 cp portage/package.use/firefox /etc/portage/package.use/
 cp portage/make.conf/introspection.conf /etc/portage/make.conf/
 cp portage/make.conf/wayland.conf /etc/portage/make.conf/
@@ -17,3 +20,5 @@ echo 'VIDEO_CARDS=""' > /etc/portage/make.conf/videocards.conf
 xargs -r emerge -vbknuUj --rebuilt-binaries=y --color=y <<EOF
 dev-libs/nss
 EOF
+
+[ -d /etc/portage/gnupg ] || getuto -v