diff options
-rwxr-xr-x | bootstrap | 31 | ||||
-rw-r--r-- | bootstrap.txt | 6 | ||||
-rwxr-xr-x | init | 9 |
3 files changed, 34 insertions, 12 deletions
@@ -41,6 +41,7 @@ root="$btrfs/$id/buildos" # # - some packages (such as CPU microcode updates) are in non-free. # - systemd-container seems to be required by host systemd-nspawn. +# - must explicitly select between dbus and dbus-broker # - not installing linux-image-amd64 since building custom below # release="testing" @@ -48,7 +49,8 @@ components="main,contrib,non-free" mirror="http://http.us.debian.org/debian/" #mirror="https://http.us.debian.org/debian/" -base_pkgs="locales,klibc-utils,sudo,systemd-container,udev" +base_pkgs="locales,klibc-utils,sudo" +base_pkgs+=",udev,dbus,systemd-timesyncd,systemd-container" base_pkgs+=",kmod,linux-base,firmware-linux-free,irqbalance" base_pkgs+=",intel-microcode,amd64-microcode" base_pkgs+=",pciutils,usbutils,dmidecode,cpuid" @@ -62,14 +64,14 @@ base_pkgs+=",iputils-ping,wget,curl,ca-certificates" base_pkgs+=",openssh-client,openssh-server" base_pkgs+=",tftp-hpa,tftpd-hpa" -base_pkgs+=",bzip2,xz-utils" +base_pkgs+=",zstd,xz-utils" base_pkgs+=",less,nano,time" base_pkgs+=",qemu-system-x86,qemu-utils,socat" base_pkgs+=",g++,make" -extra_pkgs="systemd-timesyncd" +extra_pkgs="" owd="$(pwd)" trap "{ cd '$owd'; exit 1; }" ERR @@ -419,6 +421,7 @@ apt-get install -y bison flex apt-get install -y libelf-dev apt-get install -y libssl-dev apt-get install -y rsync +apt-get install -y dwarves cd /usr/src tar xf linux-source-* mv linux-source-*/ linux @@ -427,7 +430,11 @@ cd linux # Adjust configuration. # -# Note that SECURITY_LOCKDOWN_LSM forces MODULE_SIG ('selects' in Kconfig). +# Note that SECURITY_LOCKDOWN_LSM forces MODULE_SIG ('select' in Kconfig). +# +# Generally, if you disable an option but it still appears enabled after +# the kernel build, search for 'select XXX' in Kconfig* and also disable +# any found symbols. # scripts/config --disable KCSAN scripts/config --disable SECURITY_LOCKDOWN_LSM @@ -435,6 +442,13 @@ scripts/config --disable MODULE_SIG scripts/config --set-str BUILD_SALT '' scripts/config --set-str SYSTEM_TRUSTED_KEYS '' +scripts/config --enable INIT_STACK_NONE +scripts/config --disable INIT_STACK_ALL_PATTERN +scripts/config --disable INIT_STACK_ALL_ZERO + +scripts/config --enable DEBUG_INFO_NONE +scripts/config --disable DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT + # Adjust kernel command line size limit. # sed -i -re 's/^(#define COMMAND_LINE_SIZE).+\$/\1 4096/' arch/x86/include/asm/setup.h @@ -462,8 +476,6 @@ EOP #bash make oldconfig -scripts/config --disable DEBUG_INFO - make clean make deb-pkg LOCALVERSION=-buildos KDEB_PKGVERSION=1-1 -j 8 @@ -538,7 +550,7 @@ systemctl disable smartd # consistent across builds. # addgroup --gid 2000 build -adduser --uid 2000 --gid 2000 --home /build --gecos "" --disabled-password build +adduser --uid 2000 --ingroup build --home /build --gecos "" --disabled-password build adduser build kvm echo "build ALL=(ALL) NOPASSWD:ALL" >/etc/sudoers.d/build echo "Defaults:build !syslog" >>/etc/sudoers.d/build @@ -549,9 +561,10 @@ chmod 0440 /etc/sudoers.d/build apt-get clean rm -rf /var/lib/apt/lists -# Strip GCC executables (Debian bug #998841). +# Strip GCC executables (Debian bug #998841). Fixed but let's keep the command +# around in case it pops up again. # -strip \$(find /usr/lib/gcc -type f -executable) +#strip \$(find /usr/lib/gcc -type f -executable) # Clean up /bootstrap. # diff --git a/bootstrap.txt b/bootstrap.txt index c7057e1..5489a72 100644 --- a/bootstrap.txt +++ b/bootstrap.txt @@ -21,7 +21,8 @@ diff -urw <old> <new> - We currently only use init plus udev in scripts/init-{top,bottom}. + We currently only use init plus udev in scripts/init-{top,bottom} (but + the latter may use functions form other files). * Grep for 'bug' and @@ in init and bootstrap scripts, see if any bugs have been fixed and corresponding workarounds can be removed. @@ -49,4 +50,5 @@ Save the log for later comparison (might have to redo a from-stage-1 bootstrap to get the complete log). -* Compare sizes to previous version for any abnormalities. +* Compare sizes to previous version for any abnormalities (if a lot larger, + check if GCC executables are stripped). @@ -41,7 +41,14 @@ mount -t proc -o nodev,noexec,nosuid proc /proc info "init starting up..." mount -t devtmpfs -o nosuid,mode=0755 udev /dev + +# Prepare the /dev directory. +# ln -s /proc/self/fd /dev/fd +ln -s /proc/self/fd/0 /dev/stdin +ln -s /proc/self/fd/1 /dev/stdout +ln -s /proc/self/fd/2 /dev/stderr + mkdir -p /dev/pts mount -t devpts -o noexec,nosuid,gid=5,mode=0620 devpts /dev/pts || true @@ -77,7 +84,7 @@ sensors-detect --auto # Initialize KVM. # -#if ! (modprobe kvm_intel || modprobe kvm_amd); then +#if ! (/sbin/modprobe kvm_intel || /sbin/modprobe kvm_amd); then # error "no virtualization support available (is it disabled in BIOS?)" #fi |