aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xbootstrap31
-rw-r--r--bootstrap.txt6
-rwxr-xr-xinit9
3 files changed, 34 insertions, 12 deletions
diff --git a/bootstrap b/bootstrap
index 22a1fe8..72aeb5a 100755
--- a/bootstrap
+++ b/bootstrap
@@ -41,6 +41,7 @@ root="$btrfs/$id/buildos"
#
# - some packages (such as CPU microcode updates) are in non-free.
# - systemd-container seems to be required by host systemd-nspawn.
+# - must explicitly select between dbus and dbus-broker
# - not installing linux-image-amd64 since building custom below
#
release="testing"
@@ -48,7 +49,8 @@ components="main,contrib,non-free"
mirror="http://http.us.debian.org/debian/"
#mirror="https://http.us.debian.org/debian/"
-base_pkgs="locales,klibc-utils,sudo,systemd-container,udev"
+base_pkgs="locales,klibc-utils,sudo"
+base_pkgs+=",udev,dbus,systemd-timesyncd,systemd-container"
base_pkgs+=",kmod,linux-base,firmware-linux-free,irqbalance"
base_pkgs+=",intel-microcode,amd64-microcode"
base_pkgs+=",pciutils,usbutils,dmidecode,cpuid"
@@ -62,14 +64,14 @@ base_pkgs+=",iputils-ping,wget,curl,ca-certificates"
base_pkgs+=",openssh-client,openssh-server"
base_pkgs+=",tftp-hpa,tftpd-hpa"
-base_pkgs+=",bzip2,xz-utils"
+base_pkgs+=",zstd,xz-utils"
base_pkgs+=",less,nano,time"
base_pkgs+=",qemu-system-x86,qemu-utils,socat"
base_pkgs+=",g++,make"
-extra_pkgs="systemd-timesyncd"
+extra_pkgs=""
owd="$(pwd)"
trap "{ cd '$owd'; exit 1; }" ERR
@@ -419,6 +421,7 @@ apt-get install -y bison flex
apt-get install -y libelf-dev
apt-get install -y libssl-dev
apt-get install -y rsync
+apt-get install -y dwarves
cd /usr/src
tar xf linux-source-*
mv linux-source-*/ linux
@@ -427,7 +430,11 @@ cd linux
# Adjust configuration.
#
-# Note that SECURITY_LOCKDOWN_LSM forces MODULE_SIG ('selects' in Kconfig).
+# Note that SECURITY_LOCKDOWN_LSM forces MODULE_SIG ('select' in Kconfig).
+#
+# Generally, if you disable an option but it still appears enabled after
+# the kernel build, search for 'select XXX' in Kconfig* and also disable
+# any found symbols.
#
scripts/config --disable KCSAN
scripts/config --disable SECURITY_LOCKDOWN_LSM
@@ -435,6 +442,13 @@ scripts/config --disable MODULE_SIG
scripts/config --set-str BUILD_SALT ''
scripts/config --set-str SYSTEM_TRUSTED_KEYS ''
+scripts/config --enable INIT_STACK_NONE
+scripts/config --disable INIT_STACK_ALL_PATTERN
+scripts/config --disable INIT_STACK_ALL_ZERO
+
+scripts/config --enable DEBUG_INFO_NONE
+scripts/config --disable DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT
+
# Adjust kernel command line size limit.
#
sed -i -re 's/^(#define COMMAND_LINE_SIZE).+\$/\1 4096/' arch/x86/include/asm/setup.h
@@ -462,8 +476,6 @@ EOP
#bash
make oldconfig
-scripts/config --disable DEBUG_INFO
-
make clean
make deb-pkg LOCALVERSION=-buildos KDEB_PKGVERSION=1-1 -j 8
@@ -538,7 +550,7 @@ systemctl disable smartd
# consistent across builds.
#
addgroup --gid 2000 build
-adduser --uid 2000 --gid 2000 --home /build --gecos "" --disabled-password build
+adduser --uid 2000 --ingroup build --home /build --gecos "" --disabled-password build
adduser build kvm
echo "build ALL=(ALL) NOPASSWD:ALL" >/etc/sudoers.d/build
echo "Defaults:build !syslog" >>/etc/sudoers.d/build
@@ -549,9 +561,10 @@ chmod 0440 /etc/sudoers.d/build
apt-get clean
rm -rf /var/lib/apt/lists
-# Strip GCC executables (Debian bug #998841).
+# Strip GCC executables (Debian bug #998841). Fixed but let's keep the command
+# around in case it pops up again.
#
-strip \$(find /usr/lib/gcc -type f -executable)
+#strip \$(find /usr/lib/gcc -type f -executable)
# Clean up /bootstrap.
#
diff --git a/bootstrap.txt b/bootstrap.txt
index c7057e1..5489a72 100644
--- a/bootstrap.txt
+++ b/bootstrap.txt
@@ -21,7 +21,8 @@
diff -urw <old> <new>
- We currently only use init plus udev in scripts/init-{top,bottom}.
+ We currently only use init plus udev in scripts/init-{top,bottom} (but
+ the latter may use functions form other files).
* Grep for 'bug' and @@ in init and bootstrap scripts, see if any bugs have
been fixed and corresponding workarounds can be removed.
@@ -49,4 +50,5 @@
Save the log for later comparison (might have to redo a from-stage-1
bootstrap to get the complete log).
-* Compare sizes to previous version for any abnormalities.
+* Compare sizes to previous version for any abnormalities (if a lot larger,
+ check if GCC executables are stripped).
diff --git a/init b/init
index eb0c939..429c87d 100755
--- a/init
+++ b/init
@@ -41,7 +41,14 @@ mount -t proc -o nodev,noexec,nosuid proc /proc
info "init starting up..."
mount -t devtmpfs -o nosuid,mode=0755 udev /dev
+
+# Prepare the /dev directory.
+#
ln -s /proc/self/fd /dev/fd
+ln -s /proc/self/fd/0 /dev/stdin
+ln -s /proc/self/fd/1 /dev/stdout
+ln -s /proc/self/fd/2 /dev/stderr
+
mkdir -p /dev/pts
mount -t devpts -o noexec,nosuid,gid=5,mode=0620 devpts /dev/pts || true
@@ -77,7 +84,7 @@ sensors-detect --auto
# Initialize KVM.
#
-#if ! (modprobe kvm_intel || modprobe kvm_amd); then
+#if ! (/sbin/modprobe kvm_intel || /sbin/modprobe kvm_amd); then
# error "no virtualization support available (is it disabled in BIOS?)"
#fi