portage: Install-mask systemd-ssh-generator

This is pointless.
wip: systemd bpf firewall
2025-01-01 10:16:57 -06:00 · 2025-01-01 10:16:57 -06:00 · 2025-01-01 10:16:57 -06:00 · 2025-01-01 10:16:57 -06:00 · 2025-01-01 10:16:57 -06:00 · 2025-01-01 10:16:57 -06:00
15 changed files with 30 additions and 102 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit b43e8319f4655ccef463100f198e45c30401c27b
+Subproject commit 36429459e1f40de0989189d2b8296e73be81a602
--- a/2
+++ b/2
@ -2,5 +2,5 @@ target=aarch64-unknown-linux-gnu
 profile=default/linux/arm64/23.0/systemd
 kernel_pkg=sys-kernel/raspberrypi-sources
 kernel_defconfig=bcm2835
-device_tree=broadcom/bcm2711-rpi-4-b.dtb
+device_tree=broadcom/*.dtb
 rootflags='ro rootwait=4'
--- a/config.txt
+++ b/config.txt
@ -1,3 +1,5 @@
+# dch: Tested working 2025-01-01 08:28 CST
+
 arm_64bit=1
 arm_boost=1

--- a/customize.sh
+++ b/customize.sh
@ -7,12 +7,13 @@ O=$1

 export PORTAGE_CONFIGROOT="$O"/portage

-if [ ! -f /mnt/gentoo/usr/lib64/firefox/firefox ]; then
-    ${target}-emerge -vbknuUDj --onlydeps --with-bdeps=n www-client/firefox:esr
-    PORTAGE_BINHOST=https://distfiles.gentoo.org/releases/arm64/binpackages/23.0/arm64 \
-    ${target}-emerge -vgKnj --root=/mnt/gentoo www-client/firefox:esr
-fi
+${target}-emerge -vbknuUDj --onlydeps --with-bdeps=n www-client/firefox:esr
+PORTAGE_BINHOST=https://distfiles.gentoo.org/releases/arm64/binpackages/23.0/arm64 \
+${target}-emerge -vgKnj --root=/mnt/gentoo www-client/firefox:esr

 passwd -R /mnt/gentoo -d root

-systemctl --root=/mnt/gentoo set-default graphical.target
+groupadd -R /mnt/gentoo -r kiosk
+useradd -R /mnt/gentoo -r -m -d /home/kiosk -g kiosk kiosk
+
+systemctl --root=/mnt/gentoo enable wpa_supplicant@wlan0
--- a/linux.config
+++ b/linux.config
@ -46,7 +46,6 @@ CONFIG_IPV6_SIT=m
 CONFIG_IPV6_SIT_6RD=m

 CONFIG_INPUT_TOUCHSCREEN=y
-CONFIG_TOUCHSCREEN_GOODIX=m
 CONFIG_TOUCHSCREEN_EDT_FT5X06=m
 CONFIG_TOUCHSCREEN_RASPBERRYPI_FW=m

@ -118,9 +117,7 @@ CONFIG_MEMCG=y
 CONFIG_CGROUP_PIDS=y
 CONFIG_CGROUP_BPF=y
 CONFIG_BLK_CGROUP=y
-CONFIG_USER_NS=y

-CONFIG_I2C_HID_OF_GOODIX=m
 CONFIG_USB_DWC2=m
 CONFIG_USB_DWC2_PCI=m
 CONFIG_USB_ACM=m
--- a/overlay/etc/firefox/policies/policies.json
+++ b/overlay/etc/firefox/policies/policies.json
@ -1,54 +0,0 @@
-{
-  "policies": {
-    "BlockAboutAddons": true,
-    "BlockAboutConfig": true,
-    "BlockAboutProfiles": true,
-    "CaptivePortal": false,
-    "DisableDeveloperTools": true,
-    "DisableFeedbackCommands": true,
-    "DisableFirefoxScreenshots": true,
-    "DisableFirefoxSutudies": true,
-    "DisableFormHistory": true,
-    "DisableMasterPasswordCreation": true,
-    "DisablePasswordReveal": true,
-    "DisablePocket": true,
-    "DisablePrivateBrowsing": true,
-    "DisableProfileImport": true,
-    "DisableProfileRefresh": true,
-    "DisableSecurityBypass": true,
-    "DisableSetDesktopBackground": true,
-    "DNSOverHTTPS": {
-      "Enabled": false,
-      "Locked": true
-    },
-    "DontCheckDefaultBrowser": true,
-    "Homepage": {
-      "URL": "https://homeassistant.pyrocufflink.blue/dashboard-rosalina",
-      "Locked": true,
-      "StartPage": "homepage-locked"
-    },
-    "NewTabPage": false,
-    "NoDefaultBookmarks": true,
-    "OfferToSaveLogins": false,
-    "OverrideFirstRunPage": "",
-    "OverridePostUpdatePage": "",
-    "PasswordManagerEnabled": false,
-    "Preferences": {
-      "browser.sessionstore.resume_from_crash": {
-        "Value": false
-      },
-      "datareporting.policy.dataSubmissionPolicyBypassNotification": {
-        "Value": true
-      },
-      "extensions.activeThemeID": {
-        "Value": "firefox-compact-dark@mozilla.org"
-      }
-    },
-    "WebsiteFilter": {
-      "Block": ["<all_urls>"],
-      "Exceptions": [
-        "https://*.pyrocufflink.blue/*"
-      ]
-    }
-  }
-}
--- a/overlay/etc/pam.d/kiosk
+++ b/overlay/etc/pam.d/kiosk
@ -4,4 +4,5 @@ session optional pam_loginuid.so
 session required pam_env.so envfile=/etc/profile.env
 session required pam_limits.so
 session required pam_env.so
+session required pam_unix.so
 session required pam_systemd.so
--- a/overlay/etc/sway/kiosk.conf
+++ b/overlay/etc/sway/kiosk.conf
@ -1,14 +0,0 @@
-# vim: set ft=swayconfig :
-
-output DSI-1 resolution 720x1280 transform 90
-
-input * {
-    map_to_output DSI-1
-}
-
-exec gsettings set org.gnome.desktop.interface gtk-theme Adwaita-dark
-exec gsettings set org.gnome.desktop.interface color-scheme prefer-dark
-
-exec /usr/lib64/firefox/firefox
-
-for_window [title="Mozilla Firefox"] fullscreen
--- a/overlay/root/.ssh/authorized_keys
+++ b/overlay/root/.ssh/authorized_keys
@ -1,4 +0,0 @@
-sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINZCN2cxMDwedJ1Ke23Z3CZRcOYjqW8fFqsooRus7RK0AAAABHNzaDo= dustin@rosalina.p
-yrocufflink.blue
-sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAB6xTCSNz+AcQCWcyVKs84tThXN4wpLgCo2Lc48L6EsAAAABHNzaDo= dustin@luma.pyroc
-ufflink.blue
--- a/overlay/usr/lib/systemd/system-preset/70-kiosk.preset
+++ b/overlay/usr/lib/systemd/system-preset/70-kiosk.preset
@ -1,3 +0,0 @@
-enable wpa_supplicant@.service wlan0
-
-enable kiosk.service
--- a/overlay/usr/lib/systemd/system/kiosk.service
+++ b/overlay/usr/lib/systemd/system/kiosk.service
@ -10,11 +10,9 @@ Wants=time-sync.target
 After=time-sync.target

 [Service]
-StateDirectory=%N
-CacheDirectory=%N
-Environment=XDG_CACHE_HOME=%C/%N
-ExecStart=/usr/bin/sway -c /etc/sway/kiosk.conf
+ExecStart=/usr/bin/sway -d
 User=kiosk
+Environment=WLR_LIBINPUT_NO_DEVICES=1
 StandardInput=tty
 StandardOutput=tty
 StandardError=journal
@ -25,7 +23,3 @@ TTYVTDisallocate=yes
 PAMName=kiosk
 UtmpMode=user
 UtmpIdentifier=tty1
-
-[Install]
-WantedBy=graphical.target
-Alias=display-manager.service
--- a/overlay/usr/lib/sysusers.d/kiosk.conf
+++ b/overlay/usr/lib/sysusers.d/kiosk.conf
@ -1,2 +0,0 @@
-g kiosk -
-u kiosk - "Kiosk User" /var/lib/kiosk /bin/sh
--- a/portage/make.conf/systemd.conf
+++ b/portage/make.conf/systemd.conf
@ -1 +1,9 @@
-INSTALL_MASK="${INSTALL_MASK} /usr/lib/systemd/systemd-nsresourced* /usr/lib/systemd/system/systemd-nsresourced.*"
+INSTALL_MASK="
+${INSTALL_MASK}
+/etc/ssh/ssh*_config.d/*systemd*
+/usr/lib/systemd/ssh_config.d
+/usr/lib/systemd/sshd_config.d
+/usr/lib/systemd/system-generators/systemd-ssh-generator
+/usr/lib/systemd/system/systemd-nsresourced.*
+/usr/lib/systemd/systemd-nsresourced*
+"
--- a/prepare.sh
+++ b/prepare.sh
@ -2,6 +2,13 @@

 . "${CONFIGDIR:=${PWD}}"/config

+if [ ! -f /var/db/repos/gentoo/metadata/timestamp ]; then
+    emerge-webrsync
+fi
+if [ "$(find /var/db/repos/gentoo/metadata -newermt '-24 hours' | wc -l)" -eq 0 ]; then
+    emaint sync
+fi
+
 mkdir -p /etc/portage/package.use
 mkdir -p /etc/portage/make.conf
 echo 'virtual/libudev systemd' >> /etc/portage/package.use/systemd
--- a/squashfs.exclude
+++ b/squashfs.exclude
@ -1,5 +0,0 @@
-etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf
-etc/ssh/sshd_config.d/20-systemd-userdb.conf
-usr/lib/systemd/ssh_config.d
-usr/lib/systemd/sshd_config.d
-usr/lib/systemd/system-generators/systemd-ssh-generator
Author	SHA1	Message	Date
Dustin	b2a7b2345c	portage: Install-mask systemd-ssh-generator dustin/photoframe2/pipeline/pr-main This commit looks good Details This is pointless.	2025-01-01 10:16:57 -06:00
Dustin	4daf98816c	wip: systemd bpf firewall	2025-01-01 10:16:57 -06:00
Dustin	b8b33c8d20	wip: vc4 gpu support	2025-01-01 10:16:57 -06:00
Dustin	3a6d89df4c	Update Aimee OS	2025-01-01 10:16:57 -06:00
Dustin	d05b9ee098	wip: Install Sway WM	2025-01-01 10:16:57 -06:00
Dustin	3da17134f2	ci: archive build logs on failure	2025-01-01 10:16:57 -06:00
Dustin	f74daa8e22	Install Firefox from Gentoo binpkg Unfortunately, even building Firefox with GCC fails: > 3:30.02 [gecko-profiler 0.1.0] /../lib/gcc/aarch64-unknown-linux-gnu/14/include/g++-v14/cstdlib:79:15: fatal error: 'stdlib.h' file not found > 3:30.02 [gecko-profiler 0.1.0] thread 'main' panicked at tools/profiler/rust-api/build.rs:104:10: > 3:30.02 [gecko-profiler 0.1.0] Unable to generate bindings: ClangDiagnostic("/../lib/gcc/aarch64-unknown-linux-gnu/14/include/g++-v14/cstdlib:79:15: fatal error: 'stdlib.h' file not found\n") Clearly, something is misconfigured, because `stdlib.h` does indeed exist. I am not sure what, though, and I am getting tired of messing with this. Fortunately, the official Gentoo binary package project has a build of _www-client/firefox_ for ARM64. It has a rather different USE flag configuration than what we did, though, so we have to pull in quite a few more dependencies. We can't just add _www-client/firefox_ to `install.packages` because Aimee OS runs `emerge` with `--getbinpkgonly`, which implies `--binpkg-changed-deps=y`. This since we want to build everything _except_ Firefox locally, the dependency graph is quite a bit different, so Portage ignores the binary package and will try to build _www-client/firefox_ from source. To work around this limitation, we need to install Firefox manually in the `customize.sh` script in two phases. First, we install all of its dependencies in the build root (`/usr/aarch64-…`), but not Firefox itself, to get binpkgs for them. Then, we install _www-client/firefox_ in the target root (`/mnt/gentoo`) with the `--getbinpkg` and `--usepkgonly` flags. Hopefully, one day I can figure out how to cross-compile Firefox (and it doesn't take days to build once I do), and we can remove this hackery.	2025-01-01 10:16:57 -06:00