diff --git a/aimee-os b/aimee-os index 554063e..b43e831 160000 --- a/aimee-os +++ b/aimee-os @@ -1 +1 @@ -Subproject commit 554063e1f4e316a6d3087a27076e0c6d5a34fca1 +Subproject commit b43e8319f4655ccef463100f198e45c30401c27b diff --git a/build.packages b/build.packages index 9677552..26ab468 100644 --- a/build.packages +++ b/build.packages @@ -1,2 +1,5 @@ sys-boot/raspberrypi-firmware sys-boot/u-boot +x11-libs/gtk+ +media-libs/mesa +media-video/ffmpeg diff --git a/ci/Jenkinsfile b/ci/Jenkinsfile index 1270b8c..124de5c 100644 --- a/ci/Jenkinsfile +++ b/ci/Jenkinsfile @@ -8,6 +8,11 @@ pipeline { } } + options { + disableConcurrentBuilds() + lock 'aimee-os' + } + stages { stage('Prepare') { steps { @@ -29,5 +34,10 @@ pipeline { archiveArtifacts '*' } } + failure { + dir('/var/tmp/portage') { + archiveArtifacts '*/*/temp/*.log' + } + } } } diff --git a/ci/podTemplate.yaml b/ci/podTemplate.yaml index 51cd9d8..a0f1c5c 100644 --- a/ci/podTemplate.yaml +++ b/ci/podTemplate.yaml @@ -32,6 +32,9 @@ spec: subPath: distfiles - mountPath: /var/db/repos/gentoo name: portage + - mountPath: /var/tmp + name: workspace-volume + subPath: tmp hostUsers: false volumes: - name: binpkgs diff --git a/config.txt b/config.txt index 4670275..f0b1528 100644 --- a/config.txt +++ b/config.txt @@ -1,12 +1,8 @@ arm_64bit=1 +arm_boost=1 start_x=1 -bootcode_delay=0 -boot_delay=0 - -gpu_mem=32 - kernel=u-boot.bin enable_uart=1 @@ -14,4 +10,10 @@ dtoverlay=miniuart-bt dtparam i2c_arm=on -device_tree=bcm2711-rpi-4-b.dtb +display_auto_detect=1 +dtoverlay=vc4-kms-v3d +dtoverlay=vc4-kms-dsi-ili9881-7inch +max_framebuffers=2 +disable_fw_kms_setup=1 +disable_overscan=1 +dtparam=audio=on diff --git a/customize.sh b/customize.sh index f0bc12a..447106c 100755 --- a/customize.sh +++ b/customize.sh @@ -1,6 +1,18 @@ #!/bin/sh # vim: set sw=4 ts=4 sts=4 et : +. "${CONFIGDIR:=${PWD}}"/config + +O=$1 + +export PORTAGE_CONFIGROOT="$O"/portage + +if [ ! -f /mnt/gentoo/usr/lib64/firefox/firefox ]; then + ${target}-emerge -vbknuUDj --onlydeps --with-bdeps=n www-client/firefox:esr + PORTAGE_BINHOST=https://distfiles.gentoo.org/releases/arm64/binpackages/23.0/arm64 \ + ${target}-emerge -vgKnj --root=/mnt/gentoo www-client/firefox:esr +fi + passwd -R /mnt/gentoo -d root -systemctl --root=/mnt/gentoo enable wpa_supplicant@wlan0 +systemctl --root=/mnt/gentoo set-default graphical.target diff --git a/install.packages b/install.packages index 31638b0..600e5b5 100644 --- a/install.packages +++ b/install.packages @@ -1 +1,6 @@ +gui-apps/swayidle +gui-wm/sway +media-gfx/feh +media-video/pipewire +net-misc/curl net-wireless/wpa_supplicant diff --git a/linux.config b/linux.config index 169ff93..3d8dcd9 100644 --- a/linux.config +++ b/linux.config @@ -45,12 +45,65 @@ CONFIG_IPV6=y CONFIG_IPV6_SIT=m CONFIG_IPV6_SIT_6RD=m +CONFIG_INPUT_TOUCHSCREEN=y +CONFIG_TOUCHSCREEN_GOODIX=m +CONFIG_TOUCHSCREEN_EDT_FT5X06=m +CONFIG_TOUCHSCREEN_RASPBERRYPI_FW=m + +CONFIG_REGULATOR_RASPBERRYPI_TOUCHSCREEN_ATTINY=m +CONFIG_REGULATOR_RASPBERRYPI_TOUCHSCREEN_V2=m # CONFIG_MEDIA_CEC_SUPPORT is not set # CONFIG_MEDIA_SUPPORT is not set -# CONFIG_SOUND is not set -# CONFIG_SND is not set -# CONFIG_SND_SOC is not set +CONFIG_DRM=m +CONFIG_DRM_KMS_HELPER=m +CONFIG_DRM_LOAD_EDID_FIRMWARE=y +CONFIG_DRM_DISPLAY_HELPER=m +CONFIG_DRM_GEM_SHMEM_HELPER=m +CONFIG_DRM_SCHED=m +CONFIG_DRM_PANEL_SIMPLE=m +CONFIG_DRM_PANEL_ILITEK_ILI9806E=m +CONFIG_DRM_PANEL_ILITEK_ILI9881C=m +CONFIG_DRM_PANEL_RASPBERRYPI_TOUCHSCREEN=y +CONFIG_DRM_DISPLAY_CONNECTOR=m +CONFIG_DRM_TOSHIBA_TC358762=m +CONFIG_DRM_SIMPLE_BRIDGE=m +CONFIG_DRM_V3D=m +CONFIG_VC4=m +CONFIG_DRM_VC4_HDMI_CEC=y +CONFIG_DRM_RP1_DSI=m +CONFIG_DRM_RP1_DPI=m +CONFIG_DRM_RP1_VEC=m +CONFIG_DRM_PANEL_ORIENTATION_QUIRKS=m +CONFIG_FB_BCM2708=y +CONFIG_FB_SIMPLE=y +CONFIG_FB_SSD1307=m +CONFIG_FB_RPISENSE=m +CONFIG_FB_CFB_FILLRECT=y +CONFIG_FB_CFB_COPYAREA=y +CONFIG_FB_CFB_IMAGEBLIT=y +CONFIG_FB_IOMEM_HELPERS=y +CONFIG_FB_BACKLIGHT=m +CONFIG_BACKLIGHT_CLASS_DEVICE=m +CONFIG_BACKLIGHT_PWM=m +CONFIG_BACKLIGHT_RPI=m +CONFIG_BACKLIGHT_LM3630A=m +CONFIG_BACKLIGHT_GPIO=m +CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y +CONFIG_BCM_VC_SM_CMA=m + +CONFIG_SOUND=y +CONFIG_SND=m +# CONFIG_SND_PCM_TIMER is not set +# CONFIG_SND_SUPPORT_OLD_API is not set +# CONFIG_SND_PROC_FS is not set +# CONFIG_SND_CTL_FAST_LOOKUP is not set +# CONFIG_SND_DRIVERS is not set +# CONFIG_SND_PCI is not set +# CONFIG_SND_SPI is not set +# CONFIG_SND_USB is not set +CONFIG_SND_SOC=m +CONFIG_SND_BCM2835_SOC_I2S=m CONFIG_AUDIT=y CONFIG_SECURITY=y @@ -59,11 +112,15 @@ CONFIG_SECURITY_SELINUX=y CONFIG_DEFAULT_SECURITY_SELINUX=y # DEFAULT_SECURITY_DAC is not set +CONFIG_BPF_SYSCALL=y CONFIG_POSIX_MQUEUE=y CONFIG_MEMCG=y CONFIG_CGROUP_PIDS=y +CONFIG_CGROUP_BPF=y CONFIG_BLK_CGROUP=y +CONFIG_USER_NS=y +CONFIG_I2C_HID_OF_GOODIX=m CONFIG_USB_DWC2=m CONFIG_USB_DWC2_PCI=m CONFIG_USB_ACM=m diff --git a/overlay/etc/firefox/policies/policies.json b/overlay/etc/firefox/policies/policies.json new file mode 100644 index 0000000..a1aeb90 --- /dev/null +++ b/overlay/etc/firefox/policies/policies.json @@ -0,0 +1,57 @@ +{ + "policies": { + "BlockAboutAddons": true, + "BlockAboutConfig": true, + "BlockAboutProfiles": true, + "CaptivePortal": false, + "DisableDeveloperTools": true, + "DisableFeedbackCommands": true, + "DisableFirefoxScreenshots": true, + "DisableFirefoxSutudies": true, + "DisableFormHistory": true, + "DisableMasterPasswordCreation": true, + "DisablePasswordReveal": true, + "DisablePocket": true, + "DisablePrivateBrowsing": true, + "DisableProfileImport": true, + "DisableProfileRefresh": true, + "DisableSecurityBypass": true, + "DisableSetDesktopBackground": true, + "DNSOverHTTPS": { + "Enabled": false, + "Locked": true + }, + "DontCheckDefaultBrowser": true, + "Homepage": { + "URL": "https://homeassistant.pyrocufflink.blue/", + "Locked": true, + "StartPage": "homepage-locked" + }, + "NewTabPage": false, + "NoDefaultBookmarks": true, + "OfferToSaveLogins": false, + "OverrideFirstRunPage": "", + "OverridePostUpdatePage": "", + "PasswordManagerEnabled": false, + "Preferences": { + "browser.sessionstore.resume_from_crash": { + "Value": false + }, + "browser.startup.couldRestoreSession.count": { + "Value": -1 + }, + "datareporting.policy.dataSubmissionPolicyBypassNotification": { + "Value": true + }, + "extensions.activeThemeID": { + "Value": "firefox-compact-dark@mozilla.org" + } + }, + "WebsiteFilter": { + "Block": [""], + "Exceptions": [ + "https://*.pyrocufflink.blue/*" + ] + } + } +} diff --git a/overlay/etc/pam.d/kiosk b/overlay/etc/pam.d/kiosk new file mode 100644 index 0000000..e36c548 --- /dev/null +++ b/overlay/etc/pam.d/kiosk @@ -0,0 +1,7 @@ +account required pam_localuser.so + +session optional pam_loginuid.so +session required pam_env.so envfile=/etc/profile.env +session required pam_limits.so +session required pam_env.so +session required pam_systemd.so diff --git a/overlay/etc/sway/kiosk.conf b/overlay/etc/sway/kiosk.conf new file mode 100644 index 0000000..956f768 --- /dev/null +++ b/overlay/etc/sway/kiosk.conf @@ -0,0 +1,19 @@ +# vim: set ft=swayconfig : + +output DSI-1 resolution 720x1280 transform 90 + +input * { + map_to_output DSI-1 +} + +exec /usr/lib64/firefox/firefox +exec /usr/bin/photoframe stream + +exec swayidle -w \ + timeout 120 'photoframe show' resume 'photoframe hide' + +for_window [title="Mozilla Firefox"] fullscreen +for_window [class="photoframe"] fullscreen + +assign [title="Mozilla Firefox"] 1 +assign [class="photoframe"] 2 diff --git a/overlay/etc/systemd/network/95-default.network b/overlay/etc/systemd/network/95-default.network index 3a1192d..ccd31c5 100644 --- a/overlay/etc/systemd/network/95-default.network +++ b/overlay/etc/systemd/network/95-default.network @@ -5,6 +5,7 @@ Type=ether wlan DHCP=yes [DHCPv4] +ClientIdentifier=mac UseDomains=yes [DHCPv6] diff --git a/overlay/root/.ssh/authorized_keys b/overlay/root/.ssh/authorized_keys new file mode 100644 index 0000000..40c9995 --- /dev/null +++ b/overlay/root/.ssh/authorized_keys @@ -0,0 +1,4 @@ +sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINZCN2cxMDwedJ1Ke23Z3CZRcOYjqW8fFqsooRus7RK0AAAABHNzaDo= dustin@rosalina.p +yrocufflink.blue +sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAB6xTCSNz+AcQCWcyVKs84tThXN4wpLgCo2Lc48L6EsAAAABHNzaDo= dustin@luma.pyroc +ufflink.blue diff --git a/overlay/usr/bin/photoframe b/overlay/usr/bin/photoframe new file mode 100755 index 0000000..d1ebdab --- /dev/null +++ b/overlay/usr/bin/photoframe @@ -0,0 +1,46 @@ +#!/bin/sh + +photoframe_hide() { + swaymsg 'workspace 1' +} + +photoframe_show() { + # Run on a separate workspace so Firefox can stay fullscreen, too + swaymsg 'workspace 2' + if [ -f /tmp/photoframe.pid ]; then + # feh is already running + return 0 + fi + if [ ! -f /tmp/photoframe-current ]; then + cp /usr/share/feh/images/feh.png /tmp/photoframe-current + fi + feh -FZ --draw-exif --class photoframe /tmp/photoframe-current & + # Wait for the feh window to actually appear ... + swaymsg -t subscribe '["window"]' + # Sometimes, Sway's `for_window ... fullscreen` doesn't work? + swaymsg fullscreen + echo $! > /tmp/photoframe.pid +} + +photoframe_stream() { + while :; do + curl -NsS https://photos.pyrocufflink.blue/stream | + while read url; do + curl -fsL -o /tmp/photoframe-next "${url}" || continue + mv /tmp/photoframe-next /tmp/photoframe-current + done + sleep 30 + done +} + +case $1 in +show) + photoframe_show + ;; +hide) + photoframe_hide + ;; +stream) + photoframe_stream + ;; +esac diff --git a/overlay/usr/lib/systemd/system-preset/70-kiosk.preset b/overlay/usr/lib/systemd/system-preset/70-kiosk.preset new file mode 100644 index 0000000..8d571ce --- /dev/null +++ b/overlay/usr/lib/systemd/system-preset/70-kiosk.preset @@ -0,0 +1,3 @@ +enable wpa_supplicant@.service wlan0 + +enable kiosk.service diff --git a/overlay/usr/lib/systemd/system/kiosk.service b/overlay/usr/lib/systemd/system/kiosk.service new file mode 100644 index 0000000..3eaf046 --- /dev/null +++ b/overlay/usr/lib/systemd/system/kiosk.service @@ -0,0 +1,31 @@ +[Unit] +After=systemd-user-sessions.service plymouth-quit-wait.service +Before=graphical.target +ConditionPathExists=/dev/tty1 +Wants=dbus.socket systemd-logind.service +After=dbus.socket systemd-logind.service +Conflicts=getty@tty1.service +After=getty@tty1.service +Wants=time-sync.target +After=time-sync.target + +[Service] +StateDirectory=%N +CacheDirectory=%N +Environment=XDG_CACHE_HOME=%C/%N +ExecStart=/usr/bin/sway -c /etc/sway/kiosk.conf +User=kiosk +StandardInput=tty +StandardOutput=tty +StandardError=journal +TTYPath=/dev/tty1 +TTYReset=yes +TTYVHangup=yes +TTYVTDisallocate=yes +PAMName=kiosk +UtmpMode=user +UtmpIdentifier=tty1 + +[Install] +WantedBy=graphical.target +Alias=display-manager.service diff --git a/overlay/usr/lib/sysusers.d/kiosk.conf b/overlay/usr/lib/sysusers.d/kiosk.conf new file mode 100644 index 0000000..6cfac69 --- /dev/null +++ b/overlay/usr/lib/sysusers.d/kiosk.conf @@ -0,0 +1,2 @@ +g kiosk - +u kiosk - "Kiosk User" /var/lib/kiosk /bin/sh diff --git a/portage/make.conf/60-use.conf b/portage/make.conf/60-use.conf new file mode 100644 index 0000000..ad110bb --- /dev/null +++ b/portage/make.conf/60-use.conf @@ -0,0 +1 @@ +USE="${USE} -python -readline" diff --git a/portage/make.conf/introspection.conf b/portage/make.conf/introspection.conf new file mode 100644 index 0000000..63c418a --- /dev/null +++ b/portage/make.conf/introspection.conf @@ -0,0 +1,4 @@ +# Disable GObject introspection because it cannot be cross-compiled +# https://bugs.gentoo.org/850895 +# https://bugs.gentoo.org/751325 +USE="${USE} -introspection -vala" diff --git a/portage/make.conf/videocore.conf b/portage/make.conf/videocore.conf new file mode 100644 index 0000000..05c0c2b --- /dev/null +++ b/portage/make.conf/videocore.conf @@ -0,0 +1 @@ +VIDEO_CARDS='v3d vc4' diff --git a/portage/make.conf/wayland.conf b/portage/make.conf/wayland.conf new file mode 100644 index 0000000..624b840 --- /dev/null +++ b/portage/make.conf/wayland.conf @@ -0,0 +1 @@ +USE="${USE} wayland" diff --git a/portage/package.use/firefox b/portage/package.use/firefox new file mode 100644 index 0000000..d877364 --- /dev/null +++ b/portage/package.use/firefox @@ -0,0 +1,15 @@ +media-libs/harfbuzz -cairo +media-libs/libvpx postproc +media-libs/mesa -llvm wayland +media-video/ffmpeg openssl -gnutls + +# Must match USE flags of the www-client/firefox package on the +# offical Gentoo binhost +www-client/firefox X clang dbus gmp-autoupdate gnome-shell jumbo-build pulseaudio system-av1 system-harfbuzz system-icu system-jpeg system-libevent system-libvpx system-webp telemetry wayland LLVM_SLOT: 19 -17 -18 +x11-libs/cairo X +x11-libs/gtk+ wayland +media-libs/libglvnd X + +# Firefox requires a PulseAudio-compatible sound server; we use Pipewire +media-video/pipewire sound-server +media-libs/libcanberra udev alsa diff --git a/portage/package.use/photoframe b/portage/package.use/photoframe new file mode 100644 index 0000000..9888bdf --- /dev/null +++ b/portage/package.use/photoframe @@ -0,0 +1,5 @@ +gui-apps/swayidle -systemd +gui-libs/wlroots X +gui-wm/sway X +media-gfx/feh exif inotify +net-misc/curl -alt-svc -ftp -hsts -http3 -imap -pop3 -progress-meter -psl -quic -smtp -tftp -websockets -adns -http2 CURL_QUIC: -* diff --git a/portage/patches/gnome-base/librsvg/do-not-build-rsvg-convert.patch b/portage/patches/gnome-base/librsvg/do-not-build-rsvg-convert.patch new file mode 100644 index 0000000..4e2775e --- /dev/null +++ b/portage/patches/gnome-base/librsvg/do-not-build-rsvg-convert.patch @@ -0,0 +1,48 @@ +--- a/Makefile.in 2024-12-13 12:17:08.339616211 -0600 ++++ b/Makefile.in 2024-12-13 12:18:30.301517960 -0600 +@@ -641,12 +641,6 @@ + rsvg/src/test_utils/reference_utils.rs \ + rsvg-bench/Cargo.toml \ + rsvg-bench/src/main.rs \ +- rsvg_convert/tests/internal_predicates/file.rs \ +- rsvg_convert/tests/internal_predicates/mod.rs \ +- rsvg_convert/tests/internal_predicates/pdf.rs \ +- rsvg_convert/tests/internal_predicates/png.rs \ +- rsvg_convert/tests/internal_predicates/svg.rs \ +- rsvg_convert/tests/rsvg_convert.rs \ + librsvg-c/tests/legacy_sizing.rs \ + gdk-pixbuf-loader/Cargo.toml \ + gdk-pixbuf-loader/src/lib.rs \ +@@ -685,15 +679,6 @@ + librsvgincdir = $(includedir)/librsvg-$(RSVG_API_VERSION)/librsvg + librsvginc_HEADERS = $(librsvg_public_headers) + +-# Use SCRIPTS instead of PROGRAMS since we build it on our own +-bin_SCRIPTS = rsvg-convert$(EXEEXT) +-RSVG_CONVERT_BIN = $(CARGO_TARGET_DIR)/$(RUST_TARGET_SUBDIR)/rsvg-convert$(EXEEXT) +-RSVG_CONVERT_SRC = \ +- rsvg_convert/Cargo.toml \ +- rsvg_convert/build.rs \ +- rsvg_convert/src/main.rs \ +- $(NULL) +- + @HAVE_RST2MAN_TRUE@man1_MANS = rsvg-convert.1 + dist_doc_DATA = \ + README.md \ +@@ -1643,16 +1628,6 @@ + $(CARGO) --locked build $(CARGO_VERBOSE) $(CARGO_TARGET_ARGS) $(CARGO_RELEASE_ARGS) --package librsvg-c \ + && cd $(LIBRSVG_BUILD_DIR) && $(LINK) $< && cp $(RUST_LIB) .libs/librsvg_c_api.a + +-$(RSVG_CONVERT_BIN): $(RSVG_CONVERT_SRC) | librsvg_c_api.la +- +cd $(top_srcdir) && \ +- PKG_CONFIG_ALLOW_CROSS=1 \ +- PKG_CONFIG='$(PKG_CONFIG)' \ +- CARGO_TARGET_DIR=$(CARGO_TARGET_DIR) \ +- $(CARGO) --locked build $(CARGO_VERBOSE) $(CARGO_TARGET_ARGS) $(CARGO_RELEASE_ARGS) --package rsvg_convert +- +-rsvg-convert$(EXEEXT): $(RSVG_CONVERT_BIN) +- cd $(LIBRSVG_BUILD_DIR) && cp $(RSVG_CONVERT_BIN) rsvg-convert$(EXEEXT) +- + rsvg-convert.1: rsvg-convert.rst + @HAVE_RST2MAN_TRUE@ $(RST2MAN) $(top_srcdir)/rsvg-convert.rst rsvg-convert.1 + @HAVE_RST2MAN_FALSE@ @echo "========================================" diff --git a/prepare.sh b/prepare.sh index aa4d100..48408d9 100644 --- a/prepare.sh +++ b/prepare.sh @@ -1,8 +1,17 @@ #!/bin/sh -if [ ! -f /var/db/repos/gentoo/metadata/timestamp ]; then - emerge-webrsync -fi -if [ "$(find /var/db/repos/gentoo/metadata -newermt '-24 hours' | wc -l)" -eq 0 ]; then - emaint sync -fi +. "${CONFIGDIR:=${PWD}}"/config + +mkdir -p /etc/portage/package.use +mkdir -p /etc/portage/make.conf +echo 'virtual/libudev systemd' >> /etc/portage/package.use/systemd +cp portage/package.use/firefox /etc/portage/package.use/ +cp portage/make.conf/introspection.conf /etc/portage/make.conf/ +cp portage/make.conf/wayland.conf /etc/portage/make.conf/ +echo 'VIDEO_CARDS=""' > /etc/portage/make.conf/videocards.conf + +xargs -r emerge -vbknuUj --rebuilt-binaries=y --color=y <