diff options
Diffstat (limited to 'bootstrap')
-rwxr-xr-x | bootstrap | 31 |
1 files changed, 22 insertions, 9 deletions
@@ -41,6 +41,7 @@ root="$btrfs/$id/buildos" # # - some packages (such as CPU microcode updates) are in non-free. # - systemd-container seems to be required by host systemd-nspawn. +# - must explicitly select between dbus and dbus-broker # - not installing linux-image-amd64 since building custom below # release="testing" @@ -48,7 +49,8 @@ components="main,contrib,non-free" mirror="http://http.us.debian.org/debian/" #mirror="https://http.us.debian.org/debian/" -base_pkgs="locales,klibc-utils,sudo,systemd-container,udev" +base_pkgs="locales,klibc-utils,sudo" +base_pkgs+=",udev,dbus,systemd-timesyncd,systemd-container" base_pkgs+=",kmod,linux-base,firmware-linux-free,irqbalance" base_pkgs+=",intel-microcode,amd64-microcode" base_pkgs+=",pciutils,usbutils,dmidecode,cpuid" @@ -62,14 +64,14 @@ base_pkgs+=",iputils-ping,wget,curl,ca-certificates" base_pkgs+=",openssh-client,openssh-server" base_pkgs+=",tftp-hpa,tftpd-hpa" -base_pkgs+=",bzip2,xz-utils" +base_pkgs+=",zstd,xz-utils" base_pkgs+=",less,nano,time" base_pkgs+=",qemu-system-x86,qemu-utils,socat" base_pkgs+=",g++,make" -extra_pkgs="systemd-timesyncd" +extra_pkgs="" owd="$(pwd)" trap "{ cd '$owd'; exit 1; }" ERR @@ -419,6 +421,7 @@ apt-get install -y bison flex apt-get install -y libelf-dev apt-get install -y libssl-dev apt-get install -y rsync +apt-get install -y dwarves cd /usr/src tar xf linux-source-* mv linux-source-*/ linux @@ -427,7 +430,11 @@ cd linux # Adjust configuration. # -# Note that SECURITY_LOCKDOWN_LSM forces MODULE_SIG ('selects' in Kconfig). +# Note that SECURITY_LOCKDOWN_LSM forces MODULE_SIG ('select' in Kconfig). +# +# Generally, if you disable an option but it still appears enabled after +# the kernel build, search for 'select XXX' in Kconfig* and also disable +# any found symbols. # scripts/config --disable KCSAN scripts/config --disable SECURITY_LOCKDOWN_LSM @@ -435,6 +442,13 @@ scripts/config --disable MODULE_SIG scripts/config --set-str BUILD_SALT '' scripts/config --set-str SYSTEM_TRUSTED_KEYS '' +scripts/config --enable INIT_STACK_NONE +scripts/config --disable INIT_STACK_ALL_PATTERN +scripts/config --disable INIT_STACK_ALL_ZERO + +scripts/config --enable DEBUG_INFO_NONE +scripts/config --disable DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT + # Adjust kernel command line size limit. # sed -i -re 's/^(#define COMMAND_LINE_SIZE).+\$/\1 4096/' arch/x86/include/asm/setup.h @@ -462,8 +476,6 @@ EOP #bash make oldconfig -scripts/config --disable DEBUG_INFO - make clean make deb-pkg LOCALVERSION=-buildos KDEB_PKGVERSION=1-1 -j 8 @@ -538,7 +550,7 @@ systemctl disable smartd # consistent across builds. # addgroup --gid 2000 build -adduser --uid 2000 --gid 2000 --home /build --gecos "" --disabled-password build +adduser --uid 2000 --ingroup build --home /build --gecos "" --disabled-password build adduser build kvm echo "build ALL=(ALL) NOPASSWD:ALL" >/etc/sudoers.d/build echo "Defaults:build !syslog" >>/etc/sudoers.d/build @@ -549,9 +561,10 @@ chmod 0440 /etc/sudoers.d/build apt-get clean rm -rf /var/lib/apt/lists -# Strip GCC executables (Debian bug #998841). +# Strip GCC executables (Debian bug #998841). Fixed but let's keep the command +# around in case it pops up again. # -strip \$(find /usr/lib/gcc -type f -executable) +#strip \$(find /usr/lib/gcc -type f -executable) # Clean up /bootstrap. # |