All devices that use downstream kernels should depend on this package.
We will to start with use it to fix so that lightdm+x11 work again
when using downstream kernels.
See also https://gitlab.com/postmarketOS/pmaports/-/issues/2102.
The only new thing in this version is the addition of a deprecation warning
when osk-sdl is installed in the initramfs.
Also see: https://gitlab.com/postmarketOS/pmaports/-/issues/2319
[ci:skip-build]: already built successfully in CI
EFI bootloader from systemd, with hacks to build it on Alpine/pmOS.
Cross compilation (using a meson cross file) is used for building
32-bit version on x86_64, for systems that have a 32-bit EFI. Everything
else assumes that the EFI arch matches the CPU arch.
Besides supporting all the archs we need, another major goal was to
minimize the number of changes to systemd's build system required to
build only the bootloader, so that maintaining/rebasing isn't *too*
painful...
I am adding this to the "main" category, because I don't think there's a
way to add it to Alpine. It requires cross compiling to x86 on x86_64
(to support 32-bit EFI on this arch), and Alpine doesn't support this.
It requires stuff in pmaports/cross.
--- Research notes ---
I started looking at all of this because I wanted to come up with a
single way to boot Linux via EFI, that supports all (or as many as possible)
devices in pmaports. I looked at quite a few different options, and have
some notes below about my observations and conclusions for each.
Of everything I looked at, systemd-boot was the clear winner that met
the most requirements ("pro" below) with the fewest downsides ("con"
below).
Using a Unified Kernel Image (UKI) was a close second place, however
systemd-boot can also support booting UKI images quite easily (while
also giving us more flexibility to boot other things easily too), so I
think it wins over UKI.
The capitalization (or lack thereof) of the "pro" and "con" markers
below is significant: "PRO" / "CON" are major pros or cons for each
point (e.g. a major downside that blocks using the option), and
"pro"/"con" are minor (e.g. a downside that I'm willing to overlook.)
---- Requirements ----
- Arch support:
- x86_64
- x86 (nice to have, but not sure if necessary...)
- armv7
- aarch64
- riscv64
- EFI support:
- support 32-bit EFI on x86_64 CPU (includes being able to build
32-bit .efi app on x86_64)
- Easy to configure
- Easy to maintain
- Any changes to the bootloader required to get it working in
pmOS
- Config for it
---- Evaluated options ----
------ grub ------
- (PRO) can target all required archs
- (CON) grub can't be installed in pmb chroot, it calls grub-install and
that fails due to something missing in /dev. Maybe this could be worked
around in pmb?
- (CON) grub-mkimage exe is integrated in grub package, grub-efi depends on
grub
- don't want to install all of grub just for 1 exe and/or the EFI modules
- downsides of installing all of grub is that I think it can mislead
users into thinking we use grub the "normal way". this might cause them
to have the wrong expectations and break pmOS boot on their
system
- have POC "fixing" this
- I'm not sure upstream Alpine will like this, it's ugly
- (CON) grub x86 EFI support for x86_64 is currently in pmaports, that's
pretty ugly.
- IMHO forking grub (or grub components) for this purpose signals
to me that grub is the wrong tool for this job
------- kernel's efistub -------
- (PRO) already included in the kernel, nothing else required
- (pro) initrd and dtb can be passed in the kernel cmdline...
however....
- (CON) kernel cmdline can only be set at compile time
- (con) not all kernels may have EFISTUB set?
- (con) can't do measured/secure boot
- (con) requires a fairly recent kernel on aarch w/ efi_zboot support
enabled since we compress the kernel
------- UKI -------
- (PRO) very simple, 1 file thing
- (PRO) supports adding dtb, setting kernel cmdline and so on
- (pro) can do measured/secure boot
- (CON) requires an EFI stub loader
- can't find a stub loader that meets all requirements (other than
the one from systemd-boot...)
- (con) requires efi-mkuki or dealing with objcopy directly (eww)
- (con) requires a fairly recent kernel on aarch w/ efi_zboot support
------- limine -------
- (PRO) easy to install/configure, already have boot-deploy and pmaports
patches
- (PRO) can be cross compiled easily
- evidence is in aports
- ...but I couldn't reproduce building aarch64 and riscv64 on x86_64
- (pro) can do measured/secure boot (I think?)
- (CON) doesn't target all required archs
- can't do "linux boot" on aarch64, only "chainload"
- what about using chainload everywhere?
- requires using efistub in kernel
- what about dtb= and upstream recommendation to not use it except for
debug?
- no kernel compression support on aarch64
- see efi-stub.txt kernel doc
- (CON) vendors libgcc to support cross compilation
- probably not a good idea to trust binaries produced in microsoft
github's CI for some random project
------- stubbyboot -------
- (PRO) a straight forward stub loader
- (pro) can do measured/secure boot
- (CON) doesn't target all required archs
- (CON) cross compiling doesn't work.
- gcc can't do 32-bit on x86_64 Alpine...
- gnu-efi-dev needs to be fixed to package both 32-bit and 64-bit on x86_64...
- have patch in ~/src/aports that kinda does it.. but needs to be
fixed/finished
- maybe limine-efi works with it?
- tried, but fails due to missing efilib.h in limine-efi
------- systemd-stub -------
- (PRO) another straight forward stub loader
- (PRO) many (many) people using it, as part of systemd-boot
- (pro) can do measured/secure boot
- (con) requires a fairly recent kernel on aarch w/ efi_zboot support
enabled since we compress the kernel
- (con) doesn't target all required archs
- but does claim to support most... missing armv7.. maybe it
works?
- (con) will end up maintaining some downstream patch to build it
- hopefully the patch (if I can even make a working one!) is not too
complex!
- (CON) can't be built outside of systemd's silly large build system.
- UPDATE: largely resolved this in pmaports
- was able to build for native arch!
- can't build 32-bit on x86_64, no gcc multilib support in Alpine...
Couldn't get clang to work properly, but maybe it can somehow...
- https://github.com/mintsuki/libgcc-binaries ? NO! (don't want
bootloader binaries that depend on code compiled by microsoft /
github...)
------- DIY stub / bootloader -----
- (PRO) **might** target all required archs and other meet
requirements
- (CON) lots of time required to learn, design, do, debug, test
- (CON) lots of time required to learn, design, do, debug, test
- (CON) lots of time required to learn, design, do, debug, test
- (CON) (get the hint yet???)
- (CON) written in C, probably (there's a rust EFI lib, lol...)
[ci:skip-build]: Already built successfully in CI
htc-memul needs a special build with a different scratch address set. So
generalize the build function so we can make multiple builds with
parameters without duplicating too much code.
Adjust the trigger script to only check for the new deviceinfo path. The
purpose of this check is to make sure that a full device package is
installed, and only in that case run mkinitfs. Otherwise, it will fail
because e.g. no kernels may be installed.
With recent changes, /etc/deviceinfo is a part of devicepkg-utils and
only /usr/share/deviceinfo/deviceinfo really indicates that a device
package is installed.
Remove the "exit 0" at the end while at it, it did not do anything since
the script runs with "/bin/sh -e". Add a comment to make this clear.
[ci:skip-build]: already built successfully in CI
Previously, every device package would package its own /etc/deviceinfo
file, generating a conflict with every other device package. In a
previous commit we have moved the path to /usr/share/deviceinfo, but
we still want to install a sample "/etc/deviceinfo" file to guide
users on how to use the new features. This has the additional benefit
that there is only one of those files in the whole distro. However,
there is no dependency ordering between the device packages and
devicepkg-utils, so there's no warranty of which will be installed
first. Therefore, to avoid a conflict on most likely every user
upgrade, we use postmarketos-mvcfg.
In the process, add some tests and do some renaming on the existing ones, and
remove the workaround for #2228, will be solved appropriately in a follow-up
commit.
Fixes#1836
The port 7236 for TCP is registered with IANA by the
Wi-Fi Alliance for use for the Wi-Fi Display Protocol,
a.k.a. Miracast.
To establish the connection, the local DHCP server has to
be allowed to respond to requests on peer-to-peer Wi-Fi
networks.
Signed-off-by: Markus Göllnitz <camelcasenick@bewares.it>
[ci:skip-build]: already built successfully in CI
`url` and `pkgdesc` do affect the resulting package and as such
`pkgver` should be incremented, but it wasn't.
Fixes 0dfb1219f8
[ci:skip-build]: already built successfully in CI
Some change (I think some tools switching from the coreutils to busybox
versions?) subtly broke debug-shell behaviour. Try to fix it.
Signed-off-by: Caleb Connolly <caleb@connolly.tech>
[ci:skip-build]: already built successfully in CI
Hides this error when FDE is *not* enabled, and ultimately skips the
block of logic for detecting the luks partition:
/init: line 437: cryptsetup: not found
This error has confused some users in the past, who were reporting
issues with the initramfs.
There's probably a minor speedup on non-FDE systems as well from
bailing early.
If a file exists in the initramfs at runtime, cpio won't overwrite it
by default when extracting the initramfs-extra archive. This adds the -u
option to cpio, to overwrite any existing files in the destination.
This is meant to fix issues where the -extra archive has an app that is
meant to replace a busybox app, busybox --install creates it in the
initramfs and gzip will skip it since it's newer than what is in the
archive.
With full-fat mdev supporting by-partlabel lookups, there is a small
delay during startup. As mdev and dynamic partitions aren't actually
needed for the framebuffer device, move show_splash earlier.
Furthermore, slightly rework setup_framebuffer to not dump the verbose
message about waiting for the framebuffer unless the framebuffer isn't
found.
Signed-off-by: Caleb Connolly <caleb@connolly.tech>
This removes the possibility that multiple resize root partition methods
could be invoked. I'm not sure how likely this is in practice, but it
seems like we should avoid the possiblity altogether.
This also adds some more helpful printing to stdout when the partition
resize is skipped / not done.
findfs might produce a block device path like /dev/dm-3, these can
change across boots and devices. Make things more readable and
consistent by mapping from the /dev/dm-* path to the equivalent
/dev/mapper/xyz path. Combined with invoking kpartx from a
/dev/disk/by-partlabel/abc symlink, this results in the final block
device having a name like /dev/mapper/userdata2 on an Android device.
Whilst this is just nicer to work with, this will be especially useful for
the upcoming ondev2 postmarketOS installer to make device-specific
configuration and detection easier.
Save the root/boot partition paths once found, and optimise a few loops.
Additionally, fall-back to other search methods when the pmos_boot or
pmos_uuid_boot cmdline args are set but fail.
Co-authored-by: Clayton Craft <clayton@craftyguy.net>
Drop in mdev.conf and the /lib/mdev/persistent-storage script, these
cause /dev/disk/by-* to be populated in the ramdisk, making it
possible to do look up partition by-label and by-partlabel for free,
compared to findfs which can take some time.
As a first optimisation based on this, check for some partitions using
these paths and prioritise them when looking for subpartitions. Drop the
first find_boot_partition call as it doesn't really save time over the
call in the while loop.
The mdev config also handles setting up /dev/null, /dev/random, etc, so
these don't have to be done manually.
These files aren't owned by mkinitfs, or used to configure mkinitfs, so
I think it makes sense that they belong in a dir specific to this
package instead of cluttering up mkinitfs's config dirs.
Mount /dev (and /run) in initramfs so util-linux switch_root can move
the mounts over to the new sysroot before changing root.
BusyBox switch_root doesn't even attempt to move anything so use
util-linux's switch_root for this.
Explicitly disable tests too...
While a lot of Phosh development still happens on and for the Librem 5
we (thankfully) have lots of users and contributors using other devices.
Update the description to reflect that.
Ideally we'd emphasize that this is GNOME technology based and uses
wlroots but let's not make the description too long.
Instead of Purism's generic home page point the URL to phosh.mobi which
has some more details. An alternative URL would be
https://puri.sm/pureos/phosh/ but that points to a page that is a
currently a bit dated.
[ci:skip-vercheck]
[ci:skip-build] already built successfully in CI
* Don't use "cargo install", as it leads to building a second time.
* Make the build very verbose, as this package is mainly used to debug
and develop the crossdirect scripts for rust.
A welcoming application. It can be extended with custom pages which
we'll do later for a pmOS specific page, but for now it at least tells
the user a bit about Plasma
[ci:skip-vercheck]
Fix a bug where find_dtb() would fail if find encounters any errors,
even if it correctly found the dtb.
Signed-off-by: Caleb Connolly <caleb@connolly.tech>
In some cases, the dispatcher script fails if unudhcpd is already running.
Forcefully killing unudhcpd resolves the issue.
Fixes#2267.
Tested-by: Sicelo A. Mhlongo <absicsz@gmail.com>
[ci:skip-build]: already built successfully in CI
With the recent changes in commit 80fff9242, it's possible that the
client IP address is customized. Use the same code as in
init_functions.sh to get the this potentially customized IP address to
use for the nbd-client.
[ci:skip-build]: already built successfully in CI
With the recent changes in commit 80fff9242, there's no longer an $IP
variable we can use. Use the same code as in init_functions.sh to get
the potentially customized IP address to use for telnet.
The dependency xdg-desktop-portal-gnome has been reenabled in Alpine:
902360a184
> The linking issue was caused by libudev-zero being pulled in as
> dependency instead of eudev. This has been fixed in the meantime.
This reverts commit a48d4dac62.
[ci:skip-vercheck]
[ci:skip-build]: already built successfully in CI
See previous commit for rationale.
[ci:skip-vercheck]: No need to increment pkgrel when only changing
_pmb_recommends.
[ci:skip-build]: already built successfully in CI
Loupe is the new image viewer for GNOME. It also works better on phones
than Eye of GNOME and does not require any gschema overrides to fit the
narrow screens of phones.
So that old installations that run setup-timezone without "-i" do not
need to execute manual steps to get sensible timezone configurations.
See https://gitlab.com/postmarketOS/pmaports/-/issues/2168 for more context
Fixes#2168
[ci:skip-build]: already built successfully in CI
Since the modules are going to be installed into the initfs, it makes
sense to use a more verbose naming for the file. Otherwise there's the
risk of getting confused with other type of module files that exist in
device packages.
Fixes 65be0d7e81
In some situations, like when building a device package with pmb,
deviceinfo may not exist in the rootfs. mkinitfs 2.2's behavior changed
slightly to fail if it can't find a deviceinfo, and this avoids calling
it in those cases.
[ci:skip-build]: Already built successfully in CI
1. Move all configs from /etc/NetworkManager/conf.d to
/usr/lib/NetworkManager/conf.d since the latter is more appropriate for
distribution-provided config files. In particular this means apk will
update them when the package file is changed rather than creating
`.apk-new` files. If a user wants to override such a file, they can create
a file with the same name under /etc/NetworkManager/conf.d
2. Move all dispatcher scripts from /etc/NetworkManager/dispatcher.d to
/usr/lib/NetworkManager/dispatcher.d for the same reason.
3. Rename all configs to have a "50-" prefix so that users can add their own
"99-" overrides with a guarantee that they'll be processed after
distribution-provided configs.
4. Rename dispatcher scripts to have a "50-" prefix instead of "85-" and "99-"
since they're distribution-provided files.
5. Move 50-tethering.conf from the base-ui package to
the base-ui-networkmanager package.
There are also some device packages that put config files without a numeric
prefix in /etc/NetworkManager/conf.d . This MR doesn't change those.
[ci:skip-build] already built successfully in CI
Configure NetworkManager to randomize the MAC address during WLAN scans
and of WLAN and Ethernet ifaces per connection. This reduces the
possible tracking that might occur based on MAC addresses with WiFi
hotspots. This matches the behavior of Android: it uses a random MAC
address during a WLAN scan and a random one per connection.
[ci:skip-build]: already built successfully in CI
Make it possible to load modules from the file installed by devicepkg-dev,
that will be there when extra modules are needed. This is coded in a
backwards-compatible way, so that it can be independent of the main modules
MR.
The code changes create a new function which takes a list of modules
and possibly a file (that should contain a list of modules too). The
idea is to be able to support also loading modules for initramfs-extra
in the future, and having a similar file would be more convenient than
extracting all the modules each time. In addition, the "[ -d /lib/modules]"
check has been removed. If there's no modules directory, as all
modules might be built-in, modprobe will fail, but that will not be
fatal. This will most likely only exclusively happen in some android
downstream kernel, so it should not be a big concern.
Since we've now finally removed telnetd from the main initramfs but we
still need telnetd for the debug-shell, add it to the files for that
hook.
Also make sure the list of files is sorted.
This appears to be an ancient leftover from the telnet-based FDE
unlocking mechanism that has been present many many years ago.
But since this was removed a while ago, it's time to also finally remove
telnetd from the initramfs.
Nvidia Tegra devices have APX mode which allows to flash/debrick
a device even with broken bootloader. It also allows to sideload
bootloader which is useful when porting a new bootloader.
Some devices have a key combination to enter this mode, some devices
don't have one. This hook alters two Tegra PMC registers which
causes device to enter APX mode. It works on the most devices
including some of those that don't have a key combination for APX.
Usage:
pmbootstrap initfs hook_add apx
pmbootstrap flasher boot
[ci:skip-build]: already built successfully in CI
The ovos package is now available in Alpine for aarch64 too. Enabling
the package for aarch64 again fixes the currently failing bpo images for
master:pine64-rockpro64:plasma-bigscreen.
[ci:skip-vercheck]: modifying arches only
[ci:skip-build]: already built successfully in CI
Since the original "Loading..." splash is being shown before the hooks
is being run, we should go back to the "Loading..." splash once we're
done in the hook.
[ci:skip-build]: already built successfully in CI
Since the original "Loading..." splash is being shown before the hooks
is being run, we should go back to the "Loading..." splash once we're
done in the hook.
MyCroft has seized development and the package has been removed from
aports. The OpenVoiceOS community has taken over development and has
with ovos a drop-in replacement.
Most UIs already implicitly depend on this in some way, and from the
user-facing point of view, it is sensible to have the full DB of timezones
available, in case the user wants to swap timezone or requires working
with them in different ways. Having it as a explicit dependency makes more
sense than relying on backward dependencies.
Background: https://gitlab.com/postmarketOS/pmaports/-/issues/2168#note_1426261355
[ci:skip-build]: already built successfully in CI
Add GNOME specific wallpapers with a good contrast, so lables for
launchers on top of the wallpaper can be read nicely.
Also set myself as maintainer since the original maintainer didn't
change the package since 2018.
Due to an issue, probably in bluez, the bluetooth service often fails to
start on boot. Restarting the service later make bluez start correctly.
While adding the service supervisor for just this issue isn't a great
solution, in any case having a supervisor on such an important system
service is good, and it fixes this issue also by restarting the
bluetooth service after the first failure on boot.
May 30 08:05:56 fairphone-fp4 daemon.info bluetoothd[1420]: Bluetooth daemon 5.66
May 30 08:05:56 fairphone-fp4 daemon.err bluetoothd[1420]: src/main.c:main() Unable to get on D-Bus
Also while we're editing the list of subpackages make sure they're
ordered alphabetically.
[ci:skip-build]: already built successfully in CI
Since codeaurora.org has been shut down and this project seemingly
hasn't been migrated to git.codelinaro.org, let's switch to a source
found on GitHub.
USB tethering allows users to use their phone's WiFi or WWAN interface
as an access point for the device they connect the phone with over USB.
This way, they can use their data plan with a laptop or desktop when
regular Internet access is absent.
Configure NetworkManager to manage the usb0 iface from initfs so users
can configure it in GNOME Settings or KDE. Include a NetworkManager
dispatcher script as well to handle postmarketOS' setup with unudhcpd as
we want to provide an SSH login over USB when tethering is disabled. If
tethering is enabled, unudhpcd is stopped and its functionality is taken
over by NetworkManager through an instance of dnsmasq. NetworkManager
will also configure the necessary settings to allow IP forwarding and
firewall rules during tethering. Once disabled, NetworkManager cleans up
these settings and our dispatcher script starts unudhcpd again.
Due to upstream changes, NetworkManager requires networkmanager-dnsmasq
subpackage as dependency as dnsmasq needs DBus support for
NetworkManager. Without it, NetworkManager will silently fail spawning
dnsmasq instances.
[ci:skip-build]: already built successfully in CI
GNOME Console can now launch command-line applications from .desktop
files, so they are no longer "useless" in Phosh.
gnome-extensions-app hasn't been pulled in automatically in Phosh for
long. If users install this manually, it would be confusing for it to
not show up. The app itself has an error message that explains they
need to be logged into GNOME for it to work when launched in e.g.
Phosh, so I think that should take care of UX concerns. Additionally,
this package is installed in gnome-mobile as well, where
gnome-extensions-app actually is useful.
firefox-safe-mode has been removed in Alpine:
- https://git.alpinelinux.org/aports/commit/community/firefox?id=438ee43621e1a83c8309bf7e5e14ba9fce0532ff
- https://git.alpinelinux.org/aports/commit/community/firefox-esr?id=0f324c8b39ab08cc3f504e4ae959425bec472791
Considering all of this, postmarketos-hidden-desktop-entries no longer
serves a purpose, so let's remove it.
All Asteroid apps are launched with the "invoker" which needs the
booster running. Make sure this happens when the UI starts.
Alternatively we could use superd to launch it but for a single
executable this is good enough for now.
0.8.1:
Fixes:
- get_free_space: always return an integer (MR 31)
0.8:
Features:
- Add support for gummiboot
- Many internal code improvements and bug fixes, see git log for
details
Fixes:
- Fix destination space calculation (MR 28)
- Support destination paths with spaces
[ci:skip-build] already built successfully in CI
Needed by GNOME Software since
https://gitlab.alpinelinux.org/Cogitri/apk-polkit-rs/-/merge_requests/45
GNOME Software is often installed in GNOME UI's through pmb_recommends,
but it's not a dependency in any way. To avoid spilling this service
enablement everywhere, add just the openrc subpackage from the daemon.
That means that if GNOME Software is not installed or gets uninstalled,
the daemon will crash on startup. That should not be a big deal though.
[ci:skip-build] already built successfully in CI
This uses a dispatcher script to configure filtering A and AAAA records
based on which IP versions are routable on the NM primary connection.
gojq is preferred over the 'standard' jq because it's considerably
faster... the dispatcher script took 0.89s on my L5 with jq, and 0.07s
with gojq. the difference is probably greater on slower phones... so it
seemed worth installing it.
fixes#1430
Co-authored-by: Arnavion <me@arnavion.dev>
As a preparation for #1836, move the sourcing of deviceinfo to its own
function. This should allow to have a single point in the whole of the
initramfs for the sourcing of the deviceinfo, instead of every script
that needs it sourcing it. This allows to change the way deviceinfo is
sourced in the future with a lot less effort.