aboutsummaryrefslogtreecommitdiff
path: root/bootstrap
diff options
context:
space:
mode:
Diffstat (limited to 'bootstrap')
-rwxr-xr-xbootstrap31
1 files changed, 22 insertions, 9 deletions
diff --git a/bootstrap b/bootstrap
index 22a1fe8..72aeb5a 100755
--- a/bootstrap
+++ b/bootstrap
@@ -41,6 +41,7 @@ root="$btrfs/$id/buildos"
#
# - some packages (such as CPU microcode updates) are in non-free.
# - systemd-container seems to be required by host systemd-nspawn.
+# - must explicitly select between dbus and dbus-broker
# - not installing linux-image-amd64 since building custom below
#
release="testing"
@@ -48,7 +49,8 @@ components="main,contrib,non-free"
mirror="http://http.us.debian.org/debian/"
#mirror="https://http.us.debian.org/debian/"
-base_pkgs="locales,klibc-utils,sudo,systemd-container,udev"
+base_pkgs="locales,klibc-utils,sudo"
+base_pkgs+=",udev,dbus,systemd-timesyncd,systemd-container"
base_pkgs+=",kmod,linux-base,firmware-linux-free,irqbalance"
base_pkgs+=",intel-microcode,amd64-microcode"
base_pkgs+=",pciutils,usbutils,dmidecode,cpuid"
@@ -62,14 +64,14 @@ base_pkgs+=",iputils-ping,wget,curl,ca-certificates"
base_pkgs+=",openssh-client,openssh-server"
base_pkgs+=",tftp-hpa,tftpd-hpa"
-base_pkgs+=",bzip2,xz-utils"
+base_pkgs+=",zstd,xz-utils"
base_pkgs+=",less,nano,time"
base_pkgs+=",qemu-system-x86,qemu-utils,socat"
base_pkgs+=",g++,make"
-extra_pkgs="systemd-timesyncd"
+extra_pkgs=""
owd="$(pwd)"
trap "{ cd '$owd'; exit 1; }" ERR
@@ -419,6 +421,7 @@ apt-get install -y bison flex
apt-get install -y libelf-dev
apt-get install -y libssl-dev
apt-get install -y rsync
+apt-get install -y dwarves
cd /usr/src
tar xf linux-source-*
mv linux-source-*/ linux
@@ -427,7 +430,11 @@ cd linux
# Adjust configuration.
#
-# Note that SECURITY_LOCKDOWN_LSM forces MODULE_SIG ('selects' in Kconfig).
+# Note that SECURITY_LOCKDOWN_LSM forces MODULE_SIG ('select' in Kconfig).
+#
+# Generally, if you disable an option but it still appears enabled after
+# the kernel build, search for 'select XXX' in Kconfig* and also disable
+# any found symbols.
#
scripts/config --disable KCSAN
scripts/config --disable SECURITY_LOCKDOWN_LSM
@@ -435,6 +442,13 @@ scripts/config --disable MODULE_SIG
scripts/config --set-str BUILD_SALT ''
scripts/config --set-str SYSTEM_TRUSTED_KEYS ''
+scripts/config --enable INIT_STACK_NONE
+scripts/config --disable INIT_STACK_ALL_PATTERN
+scripts/config --disable INIT_STACK_ALL_ZERO
+
+scripts/config --enable DEBUG_INFO_NONE
+scripts/config --disable DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT
+
# Adjust kernel command line size limit.
#
sed -i -re 's/^(#define COMMAND_LINE_SIZE).+\$/\1 4096/' arch/x86/include/asm/setup.h
@@ -462,8 +476,6 @@ EOP
#bash
make oldconfig
-scripts/config --disable DEBUG_INFO
-
make clean
make deb-pkg LOCALVERSION=-buildos KDEB_PKGVERSION=1-1 -j 8
@@ -538,7 +550,7 @@ systemctl disable smartd
# consistent across builds.
#
addgroup --gid 2000 build
-adduser --uid 2000 --gid 2000 --home /build --gecos "" --disabled-password build
+adduser --uid 2000 --ingroup build --home /build --gecos "" --disabled-password build
adduser build kvm
echo "build ALL=(ALL) NOPASSWD:ALL" >/etc/sudoers.d/build
echo "Defaults:build !syslog" >>/etc/sudoers.d/build
@@ -549,9 +561,10 @@ chmod 0440 /etc/sudoers.d/build
apt-get clean
rm -rf /var/lib/apt/lists
-# Strip GCC executables (Debian bug #998841).
+# Strip GCC executables (Debian bug #998841). Fixed but let's keep the command
+# around in case it pops up again.
#
-strip \$(find /usr/lib/gcc -type f -executable)
+#strip \$(find /usr/lib/gcc -type f -executable)
# Clean up /bootstrap.
#