firmware-qcom-msm8916-wcnss is a virtual package used for MSM8916
devices without secure boot (i.e. device that do not require signed
firmware). For those it's best to install more recent firmware by
default rather than using the firmware on the firmware partition.
firmware-qcom-msm8916-wcnss is provided by firmware-qcom-db410c-wcnss
by default, however it's still useful to make it possible to switch to
the stock firmware on the firmware partition if needed. To allow that,
add a dummy msm-firmware-loader-wcnss package that provides the virtual
package using the msm-firmware-loader.
# apk add msm-firmware-loader-wcnss
(1/2) Purging firmware-qcom-db410c-wcnss (1034.2.1-r2)
(2/2) Installing msm-firmware-loader-wcnss (1-r1)
* xts, libaes & aes are required for root partition FDE unlocking
* evdev is required by osk-sdl for input
[ci:skip-build] already built successfully in CI
This seems to fix the last missing piece to getting the hotspot stuff
working, at least when it's set up with networkmanager (I haven't tested
other methods, but assume this rule is still needed there too...)
fixes#1198
Installing postmarketos-base currently changes the file permissions
of /etc/sudoers:
# apk add sudo
# stat /etc/sudoers
Access: (0440/-r--r-----) Uid: ( 0/ root) Gid: ( 0/ root)
# apk add postmarketos-base
# stat /etc/sudoers
Access: (0044/----r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
The file mode 0044 decodes to:
- User *cannot* read
- Group can read
- Other can read
which does not make any sense. The "sudoers" man page makes it very
clear that this file should have a file mode of 0440 [1]
("readable by owner and group, writable by none").
This looks like a bad typo. However, given that only read permissions
were given out this shouldn't have major security implications
(except allowing all users to see who can use sudo).
Install the file with 0440 instead of 0044 to fix this:
# apk add postmarketos-base
# stat /etc/sudoers
Access: (0440/-r--r-----) Uid: ( 0/ root) Gid: ( 0/ root)
[1]: https://www.sudo.ws/man/1.9.8/sudoers.man.html#Error_log_entries
This used to be in Alpine but they don't want what is basically a giant
unknown blob, and for good reasons. However we do want to provide these
images for ease of install and quality-control, so let's ship it in pmOS
instead
When building from tarball git tag is not available.
We need to pass version number manually.
This chnage is cosmetic, but will allow users to easily
identify version and source of their bootloader.
Package secondary LK bootloader for some Qualcomm devices
(for now: msm8916, msm8974, msm8226).
Bootloader binary is built from source in x86_64 chroot.
Two targets are built in a sequence. Then package is split
into 2 subpackages, each of them installs `/boot/lk2nd.img`.
So the end result is - lk2nd-msm8916 and lk2nd-msm8974 can't
be installed at the same time.
Device- packages then can depend on specific subpackage of this
package and have proxy-bootloader image ready to use in /boot.
This can improve user experience with installing postmarketOS on
several devices using only pmbootstrap tool.
At the very least, pmbootstrap can suggest user to flash lk2nd
immediately after `pmbootstrap install` or even offer some kind
of `pmbootstrap flasher` integration.
This will also open possibilities to automatically update and flash
lk2nd using package manager, it we ever want this.
Improvements from xfce4-phone source:
- Add screenshot to README.md
- Enable screen locking
- Disable Desktop icons "Home", "File System", "Trash"
- Enable single-click on Desktop
- Enable single-click in Thunar
- Change clock format
- Set postmarketos wallpaper
Additional changes in postmarketos-ui-xfce4:
- Installing greybird-themes (which is already set as default theme in
/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml).
- Changing /etc/skel/.config/autostart/onboard-autostart.desktop to
slightly speed up keysboard startup (overriding startup-delay of
/etc/xdg/autostart/onboard-autostart.desktop).
- Enabling scrollbars by /etc/profile.d/enable-scrollbars.sh, this is
helpful where touch-scrolling doesn't work like e.g. in whiskermenu.
(And re-ordered network-manager-applet in APKBUILD _pmb_recommends
section.)
Also removing xfce4 subpackages of device-qemu-amd64,
device-qemu-aarch64 and device-nokia-n900. The device specific monitor
to set the wallpaper will now be automatically derived from "monitor0"
in file xfce4-desktop.xml.
Additionally taking maintainership as discussed in merge request
(!2506).
Many devices need proprietary firmware blobs. So far those blobs were
packaged and installed from the repository but this approach has many
drawbacks:
- The rootfs can only be used on a single device model.
- If a model has multiple variants that have diferent secire-boot key,
each must have it's own firmware blobs.
This makes maintaining packaged firmware very hard and outweights the
benefits of having a repeatable installation in most cases.
Instead we can load blobs dynamically from preexisting firmware
partitions that usually have same structure and contain the blobs we are
interested in.
The proposed scripts place symlinks to the blobs in a special dir that
then given to the kernel. Blobs from firmware/postmarketos (or another
dir that was set as extra path prior the script execution) will take
priority which allows to override some blobs (e.g. for deviecs with no
secure-boot)
Also add patches from the Replicant project to fix so that charging
works, and patches from the linux-pm list to fix the SOC INTR message
that has been spamming our dmesg (issue
https://gitlab.com/postmarketOS/pmaports/-/issues/1214).
Add kernel flags needed for Anbox and Waydroid to work
[ci:skip-build] Already built successfully on CI
Signed-off-by: Raffaele Tranquillini <raffaele.tranquillini@gmail.com>
Also add patches that should fix backlight control, add reboot modes,
and work around a nasty eMMC corruption issue.
[ci:skip-build]: already built successfully in CI
- Update to Linux 5.14
- Enable new RPMSG WWAN CTRL driver that is now used to communicate
with the modem through the new WWAN subsystem in Linux
- Minor fixes for ARM32
- Enable some additional options in kernel config (F2FS, UHID, LED triggers)
- Add TravMurav as second maintainer
The text color in mate-terminal is currently dark brown on black
background. Therefore hardly readable.
Changing text color to light gray on black background.
* Idol3 panel have been renamed, so update the defconfig to
reflect that.
* add finduitls to makedepends (MR 2519)
Gets rid of "find: unrecognized: -printf" in build log.
Fixes 80a70aab92
[ci:skip-build] Already built on CI in MR
This is needed for devices such as Xiaomi Mi 5 (gemini), having backlight embedded in the panel controller
Signed-off-by: Raffaele Tranquillini <raffaele.tranquillini@gmail.com>
Fixes an issue where /dev/video2 can't be used by Megapixels (and thus
Megapixels crashing) when having PipeWire installed. The problem was
that the node could only be used by a single application, which was
PipeWire in that case.
[ci:skip-build]: just built successfully in CI
Adjust post-upgrade script to not remove vmlinuz-*. This causes problems
with devices using kernels from Alpine, where the kernel is not
installed to /boot/vmlinuz, as it is now the case in postmarketOS, but
e.g. in /boot/vmlinuz-rpi. The intention was to clean up files when
migrating from the old postmarketos-mkinitfs to the new one (>= 1.0.0).
However, the /boot/vmlinuz* files are managed by apk, so they should
already get removed.
Add -v, so it prints a message when removing a file from /boot.
kernel filename must now be /boot/vmlinuz
[ci:skip-build]: ollie is pretty sure that this will work. it's a
critical fix, so let's not delay it by waiting for two kernels to build.
Kernel file names will be generic (/boot/vmlinuz).
Release path still has the 'flavor' in it so that pmbootstrap can still
get a reference to which kernel package is installed
This replaces the mkinitfs script with a re-write (in Go). The
re-written mkinitfs will atomically replace the initfs in /boot, check
for free space before doing so, and try to do whatever it can to not
leave the system in an unbootable state by botching the initfs
creation/installation.
pmb:cross-native with go cross compiling doesn't work exactly, it makes
the correct binary, but on Alpine go uses -buildmode=pie which creates a
dynamic thing, and the interpreter is wrong (e.g. it it set to use the
host arch's interpreter, like /lib/ld-musl-x86_64 even though
GOARCH=arm64)
The init.sh script is no longer a template, "initramfs-extra" is used.
Fixes https://gitlab.com/postmarketOS/pmaports/-/issues/1019
fixes https://gitlab.com/postmarketOS/pmaports/-/issues/660
This tool is used by the new mkinitfs to finalize/install boot files.
It's based on the old mkinitfs_functions.sh, but includes some
improvements like verifying free space in target directory, and trying
to atomically mv files.
This fix was pending since before charging-sdl was deprecated and still
provides value should anyone wish to pickup and improve charging-sdl
again.
charging-sdl currently does not check for devices using mesa, even
though it supports it in the same way as osk-sdl. Check for msa support
and set SDL_VIDEODRIVER in that case.
Also fix the font path, as it was reading both keyboard-font and
keyboard-font-size from osk.conf.
Installing "onboard" onscreen keyboard and enabling autostart.
Option "Don't auto-show while external keyboards are connected" is
activated.
[ci:skip-build] already built successfully in CI
Changes:
- Kernel side support for ModemManager
- Picked upcoming patch series for 5.15 + fixes, theoretically
improving GPU perf
- Updated patch series from lists
- Enabled options needed to support WayDroid (network stuff maybe still
missing???)
- Fixes venus fw paths, firmware packages need to updated to support it
but this will enable HW video decoding!
- Cleanup the defconfigs
- Rebase on v5.14-rc7
- Upstreamed more patches
- Enable Jack detection kctls for msm8916 devices
- Probably many other things I forgot :)
Device changes:
- gt5 family:
- Added fuel-gauge support
- Added sensors (Accelerometer, Light)
- gt510 - wifi variant reworked to use multiple common layers
- gt510lte - Added support for LTE variant
- gt58 - New device
- gt58lte - Support for LTE variant
- Feature parity with gt510
- wingtech-wt88047 (Xioami Redmi 2):
- Add additional boe-nt35521s panel driver
- longcheer-l8150: Fix Jack detection
Disable the hostname management feature of NetworkManager. This isn't
useful for the postmarketOS use case, where we set one hostname in
/etc/hostname via pmbootstrap and want it to be used. (It makes more
sense for normal PCs, which may just have the hostname 'localhost' at
the end of the installation and then not be unique in the network.)
NetworkManager is supposed to only change the hostname if it is set to
localhost, however this detection does not work properly in
postmarketOS. I've skimmed through sources of elogind, NetworkManager
and OpenRC a bit and found that in OpenRC the definitive location to put
the hostname is /etc/hostname. The other path, /etc/conf.d/hostname, is
just a fallback. Experiments show that setting something in
/etc/conf.d/hostname does prevent NM from setting a hostname offered by
the DHCP server, but it's not clear to my why this happens. I suspect
elogind + dbus. Disabling this feature we don't need anyway seems like a
good approach to me without wasting too much time here.
Previously it was assumed that with the counter and the sleep 0.1 the
process would take about 10 seconds to complete. On newer devices with
tens or even hundreds of partitions going through all partitions already
takes a significant amount of time, so change the logic to measure the
time elapsed instead.
This fixes DNS when a system is connected to a pmOS device as a hotspot.
The rule is in the default set of firewall rules, instead of a
subpackage.. I think this is OK. I don't believe anything should be
listening on port 53 except when the hotspot is running...
This directory is specified by the XDG Base Directory specification
(https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html).
Quoting:
> User-specific executable files may be stored in $HOME/.local/bin.
> Distributions should ensure this directory shows up in the UNIX $PATH environment variable, at an appropriate place.
So let's actually do this. This way also binaries installed by e.g. Pip
or Cargo will be usable out-of-the-box rather than that the user has to
figure out why it's not appearing in their PATH.
plasma-nm-mobile is already a dep of plasma-phone-components
ofono is already a dep of plasma-phone-components
ofono-openrc already gets pulled in automatically through openrc and
ofono
networkmanager is already pulled in by plasma-nm-mobile
qt5-qtvirtualkeyboard has been replaced by maliit ages ago
[ci:skip-build] already built successfully in CI
The flavor string was naively parsed using sed by removing everything
before the first hyphen, this breaks for -rc kernels. Instead lets glob
/usr/share/kernel for the installed kernel flavor. This will also
prevent the kernel being flashed if the running kernel has a different
localversion than the updated one.
[ci:skip-build] already built successfully in CI
Allow users in group "input" to control the tm2-touchkey leds.
Additionally correcting the udev rule for disabling the tm2-touchkey leds by default.
[ci:skip-build] already built successfully in CI
Add ttyescape, a script and triggerhappy configuration to allow mobile device
users to access and use a shell without having to plug in to a computer.
One of the largest limitations with a mobile device is the lack of keyboard, for
mainstream OSs like Android and iOS, this is a non-issue as the whole OS stack
is built to automatically recover in case of a crash / hang, hiding the internal
state of affairs from users and making use of careful design to minimise the
impact. When bringing Linux to mobile, we carry not only the benefits of the
Linux desktop but also it's limitations. In the event that your desktop manager
goes haywire or hangs completely, or your graphics drivers get unhappy, the
ability to quickly jump to a tty and start killing bad behaving programs or
reset your display manager is one that most of us take for granted. But when
hit by similar errors on a mobile device there is no such recourse available,
users either have to reboot and hope that the issue doesn't occur again, or pull
out a laptop and pull up a shell (assuming ssh is enabled and the rndis
interface comes up).
ttyescape proposes to solve this issues by pieceing together several already
available tools, notably:
- triggerhappy, a tool used to perform actions when
certain buttons or key combinations are pressed with no dependencies on the
display manager in use.
- fbkeyboard, a framebuffer keyboard for tty's, it
renders on top of the current tty and uses the device touchscreen as input.
gzip results in a boot.img that's too big (over 8 MB) for e.g.
samsung-i9300, so let's replace it with something that produces
smaller kernels. With this, the entire boot.img is 6,3 MB (down
from 8MiB, or 8.5458944 MB) which leaves plenty of space on the
8 MB partition and prevents the recovery from being overwritten
when this kernel is flashed.
Tested and works on samsung-i9300.
[ci:skip-build] already built successfully in CI
This provides a mobile-friendly music player in the default
installation which is something that's currently lacking.
[ci:skip-vercheck]: _pmb_recommends change doesn't need pkgrel bump
The networkmanager hotspot needs to have DHCP input enabled on the wifi
interfaces so the temporary dnsmasq instance can work. The
networkmanager backend is also switched to the nftables one so it can
create the ad-hoc hotspot forwarding/masquerade table.
Proper fix for the monospace fonts seen when postmarketos-ondev is
installed without also installing osk-sdl. This doesn't happen anymore
with pmbootstrap install --ondev, because it will always pull in osk-sdl
again for other reasons. However, since postmarketos-ondev is using this
font, let's directly depend on it instead of having it pulled in as side
effect of also having osk-sdl installed.
And extend bootloader CMDLINE per default, giving us the option to
change the CMDLINE both via the kernel config and from samsung's
S-BOOT shell.
Note: the default console in exynos_defconfig (which this config is
based on) is ttySAC1, but all midas devices uses ttySAC2, so set it to
ttySAC2 instead. Also remove all other variables. They are not needed,
and (at least) root=/dev/ram0 seem to prevent us from booting pmos.
[ci:skip-build] already built successfully in CI
NymphCast is a FOSS Chromecast replacement (not a drop-in one though)
and allows you to "cast" audio and video to your device running the
nymphcast server. Plasma Bigscreen seems like an ideal use-case for this
so let's install and launch it by default. People can always uninstall
it anyways
This allows using lm_sensors to read temperature data on the pinebook
pro (and probably other devices too)
❯ sensors
gpu_thermal-virtual-0
Adapter: Virtual device
temp1: +41.1°C (crit = +95.0°C)
tcpm_source_psy_4_0022-i2c-4-22
Adapter: rk3x-i2c
in0: 5.00 V (min = +5.00 V, max = +5.00 V)
curr1: 2.50 A (max = +2.50 A)
cw2015_battery-i2c-4-62
Adapter: rk3x-i2c
in0: 4.24 V
curr1: 0.00 A
cpu_thermal-virtual-0
Adapter: Virtual device
temp1: +47.5°C (crit = +95.0°C)
nvme-pci-0100
Adapter: PCI adapter
Composite: +31.9°C (low = -273.1°C, high = +80.8°C)
(crit = +80.8°C)
Sensor 1: +31.9°C (low = -273.1°C, high = +65261.8°C)
Sensor 2: +37.9°C (low = -273.1°C, high = +65261.8°C)
[ci:skip-build] Already built on CI
5.13.5 had some rockchip-related fixes in the changelog, so I figured
why not upgrade to it.
These patches from Manjaro seem to be the bare minimum required to get
usb-c charging and device peripherial support working again (external
display still doesn't work)
[ci:skip-build] already built successfully in CI
llvm was left over from Martijn's efforts to reduce the kernel size
The drivers for external DP are enabled here, but all patches from
manjaro that deal with DP/typec alt mode, etc are dropped since they do
not solve anything on their own and may cause display instability
issues...
[ci:skip-build]: already built successfully in CI
prevent the creation of a fake NUMA node
saving a few CPU cycles each DRAM access:
[ 0.000000] NUMA: No NUMA configuration found
[ 0.000000] NUMA: Faking a node at ...
[ 0.000000] NUMA: NODE_DATA [mem 0xff9c2100-0xff9c3fff]
if you boot on QEMU make sure to review vCPU topology:
set socket to 1
This is needed to get ethernet working on most 64-bit sunxi boards.
Basically just synced with armv7 config a bit.
[ci:skip-build] already built successfully in CI
Install obex-capabilities and a modified DBus Service
for BlueZ's obexd when BlueZ OBEX support is installed.
UIs depending on BlueZ are now also depending on
bluez-obexd for OBEX support through various MRs at Alpine.
Anbox, nftables, and containers aren't set up for now because I'm not
sure how useful Anbox would be on devices using this SoC given that most
(all?) of them have around 1 GB of RAM, aren't very fast, and I have
heard that Anbox isn't very well-Asupported on ARMv7. As for nftables,
I don't want debug it at this time in case breaks something. Setting up
container support made the phone hang while booting, however that might
have been due to that I only booted the new kernel without getting the
new modules in the rootfs.
[ci:skip-build] already built successfully in CI
Pulseaudio is used by other graphical UIs to manage audio, so having it
installed for sway is useful for having audio working "out of the box"
[ci:skip-build] already built successfully in CI
This package used to be installed through osk-sdl, but now osk-sdl is only
installed when FDE is enabled, and so when it is not enabled the system has no
fonts to use, which means UIs like Sway and Weston have broken fonts. This
commit fixes the issue.
[ci:skip-build] already built successfully in CI
This adds a new 'UI' that includes networking support (network manager), firewall (by way
of postmarketos-base-ui), and anything else that will give a basic,
working image without any graphical UI.
The intention is for bpo to build this instead of the 'none' UI. 'none'
UI will continue to be around for mainlining and testing purposes.
This switches the config over to one based on Alpine's linux-gru which
is for an rk3399 chromebook. It produces way smaller kernels and has
more general purpose hardware support.
The udev file "20-tm2-touchkey-leds.rules" disables the leds of
tm2-touchkey by default because they are in an unconfigured state.
The udev file "95-rt5033-battery-refresh.rules" triggers a refresh
of the rt5033-battery information within UPower 5 secs after
initialization. This avoids a wrong battery icon after boot.
The udev file "50-firmware.rules" was moved from /etc/udev/rules.d
to /lib/udev/rules.d.
Related: https://wiki.postmarketos.org/wiki/Packaging#Device_specific_quirks
Adds pmb:gpu-accel option to Phosh, Plasma Mobile/Bigscreen, Sway,
Glacier and Kodi APKBUILDs to hide the UIs at `pmbootstrap init`
for devices without GPU acceleration support.
Related: pmbootstrap!2043
[ci:skip-build]: already built successfully in CI
[ci:skip-vercheck]
Should work same as before.
Slightly tweaked kernel config options:
* default cpufreq governor is now "conservative" instead of "performance", which should be better for devices running on battery. Not that it matters, MSM8974 does not have cpufreq support anyway.
* enabled CONFIG_ARM_QCOM_SPM_CPUIDLE, which was missing! At least some cpuide is better than none at all.
* 2 missing options for nftables: CONFIG_IP6_NF_FILTER, CONFIG_IP6_NF_TARGET_REJECT
* few missing options for wg-quick: CONFIG_IPV6_MULTIPLE_TABLES, CONFIG_IP_MULTIPLE_TABLES, CONFIG_IP6_NF_RAW, CONFIG_IP_NF_RAW
WWAN subsystem is not enabled.
BAM-DMUX upgraded to version "v3" (subnode of modem remoteproc)
Mark kernel package as supporting anbox, containers (in addition to nftables)
[ci:skip-build] Already built successfully twice on CI
Phosh 0.12.0 introduces filtering when the device is of a mobile type
and the app is not explicitly 'adaptive'. This means a lot of apps that
might otherwise work ok-ish are gone from the list.
This change disables the filtering for now.
Currently, shut down and reboot as a user does not work (sudo shutdown
from terminal required). polkit-elogind needs to be installed. lxpolkit
is not needed.
This:
1. fixes the UI not showing up on boot by installing polkit-elogind
2. makes for fancy password popups when root rights are needed rather
than just fail silently
Move the package back from aports to pmaports and fix fall out from
postmarketos-base-ui related breakage:
* add the subset of depends from postmarketos-base-ui that are used in
postmarketos-ondev
* upgrade to postmarketos-ondev 0.7.1, where I made it compatible with
using the default tinydm config (not just the one overridden in
postmarketos-base-ui-tinydm)
Reasoning for moving it from alpine to pmaports, in line with our new
guidelines (that were written after the package was moved to aports):
* has postmarketOS branding
* enables services in post-install (similar to postmarketos-ui-* packages)
Related: https://wiki.postmarketos.org/wiki/Packaging#Should_my_package_be_in_postmarketOS_or_Alpine.3F
* use tinydm instead of lightdm
* set default term to foot, as alacritty needs a recent opengl version
(issue 984)
* override sway config to actually use foot (there is no
sway-sensible-terminal and upstream isn't interested in adding it)
* set the pmOS wallpaper in the overridden sway config
* add a subpackage that allows changing $mod to Alt, so it's easier to
test this in QEMU while running i3/sway on the host with $mod set to
Mod4
* re-enable previously disabled architectures
* set myself as maintainer
Currently, this only sets Firefox to run in Wayland mode, but in the
future it might be used to make e.g. SDL applications run in Wayland
mode.
SDL applications are not set to run in Wayland mode right no as
SDL 1.2 uses the same environment variable as SDL 2.0 for
controlling video driver (SDL_VIDEODRIVER) and SDL 1.2 does not
support Wayland and crashes if an invalid value is provided for
SDL_VIDEODRIVER, and as such setting SDL_VIDEODRIVER=wayland
globally would break all SDL 1.2 applications. This will however be
fixed once SDL 1.2 is replaced by sdl12-compat in Alpine, as
sdl12-compat implements the SDL 1.2 API and ABI via SDL 2.0 and as
such supports Wayland. As such, once this happens we can start
setting SDL_VIDEODRIVER=wayland.
[ci:skip-build] already built successfully in CI
This causes issues with some programs, chiefly that gsd-xsetttings
does not start properly. GDK_BACKEND=wayland is only really
necessary to make Firefox run in Wayland mode anyway - other GTK 3/4
apps use it automatically. Firefox will be set to use Wayland via a
following commit.
- Update to Linux 5.13
- Upstreamed many more patches
- Various cleanup to BAM-DMUX driver to prepare for upstreaming
- Enable support for virtualization/KVM via https://github.com/msm8916-mainline/qhypstub
- Probably many other things I forgot :)
- Add tons of kernel config options for containers and nftables
- Add WireGuard to kernel config
Device changes:
- huawei-g7: Initial support for Huawei Ascend G7
- USB
- Storage (eMMC, SD card)
- Display
- Touchscreen, Buttons, Vibrator
- Notification LED
- WiFi/Bluetooth
- Accelerometer, Magnetometer, Proximity
- Audio
- NFC
- lg-c50: Initial support for LG Leon LTE
- USB
- Storage (eMMC, SD card)
- Buttons
- WiFi/Bluetooth
- Vibrator
- Display
- longcheer-l8150 (wileyfox-crackling): Fix proximity sensor
- motorola-surnia: Add audio and modem
- samsung-j5nlte: Add buttons
- samsung-j5xlte: Initial support for Samsung Galaxy J5 (2016)
- USB
- Storage (eMMC, SD card)
- Buttons
- samsung-serranovelte: Add USB-OTG detection
[ci:skip-build] already built successfully in CI
This replaces the dependency on osk-sdl with a dependency on a
postmarketos-fde-unlocker virt. package
osk-sdl and its dependencies are also added contitionally to the initfs,
based on whether the osk-sdl exe is installed in the rootfs
Also see:
https://gitlab.com/postmarketOS/pmbootstrap/-/merge_requests/2066
This rule is installed by default, since users that need usb inet won't
have an easy way to install a subpackage.
This is meant to facilitate:
https://wiki.postmarketos.org/wiki/USB_Internet
The old rule would result in nftables failing to load if the iface
doesn't exist. Using `iifname` will match on any future ifaces if they
don't exist when the firewall starts.
1. Fixes touchscreen input not working in Poco F1 (Tianma variant) in osk-sdl
2. Basic dts support for Xiaomi Mi 8 Pro(Equuleus)
3. Basic dts support for LG G7 and LG V35
Anbox needs a specific set of nftables rules to allow incoming and
outgoing traffic. Anbox makes it easy to allow the specific traffic due
to the established `anbox0` bridge network interface.
UIs that depend on networkmanager also have an added dependency on
dnsmasq since this was removed from postmarketos-base
[ci:ignore-count] lots of packages, but no code compilation..