basic Helium distro config

2023-10-19 13:46:00 +02:00 · 2023-10-19 13:46:00 +02:00 · b5a3287410
commit b5a3287410
parent 022217c1e2
6 changed files with 159 additions and 0 deletions
--- a/conf/distro/helium.conf
+++ b/conf/distro/helium.conf
@ -0,0 +1,39 @@
+DISTRO = "helium"
+DISTRO_NAME = "helium-linux"
+DISTRO_VERSION = "0.0.1"
+DISTRO_CODENAME = "abisko"
+
+TARGET_VENDOR = "-helium"
+MACHINE_SANE = "${@d.getVar('MACHINE').replace('-', '_')}"
+SDK_VENDOR = "-helium.${MACHINE_SANE}_sdk"
+SDK_VERSION = "${@d.getVar('DISTRO_VERSION').replace('snapshot-${METADATA_REVISION}', 'snapshot')}"
+SDK_VERSION[vardepvalue] = "${SDK_VERSION}"
+
+MAINTAINER = "Grzegorz Kowalski <g.kowalski@isbt.se>"
+
+IMAGE_FSTYPES = "cpio.gz"
+QB_DEFAULT_FSTYPE = "cpio.gz"
+
+# C Library 
+TCLIBC = "musl"
+TCLIBCAPPEND = ""
+
+# drop native language support
+USE_NLS="no"
+IMAGE_LINGUAS = ""
+
+VIRTUAL-RUNTIME_init_manager ?= "busybox"
+VIRTUAL-RUNTIME_login_manager ?= "busybox"
+
+# distro config
+DISTRO_FEATURES += "ipv4 ipv6 nfs seccomp ldconfig"
+PACKAGE_CLASSES ?= "package_ipk"
+require conf/distro/include/no-static-libs.inc
+require conf/distro/include/security_flags.inc
+require conf/distro/include/yocto-uninative.inc
+INHERIT += "uninative"
+
+# SDK
+SDK_NAME = "${DISTRO}-${MACHINE}-${SDK_ARCH}-${TARGET_ARCH}"
+SDKPATHINSTALL = "/opt/isbt/${DISTRO}-sdk/${MACHINE}/${SDK_VERSION}"
+SDKMACHINE ?= "x86_64"
--- a/conf/layer.conf
+++ b/conf/layer.conf
@ -0,0 +1,18 @@
+# We have a conf and classes directory, add to BBPATH
+BBPATH .= ":${LAYERDIR}"
+
+# We have recipes-* directories, add to BBFILES
+BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \
+			${LAYERDIR}/recipes-*/*/*.bbappend"
+
+BBFILE_COLLECTIONS += "helium"
+BBFILE_PATTERN_helium = "^${LAYERDIR}/"
+BBFILE_PRIORITY_helium = "6"
+
+# This should only be incremented on significant changes that will
+# cause compatibility issues with other layers
+LAYERVERSION_helium = "2"
+
+
+LAYERDEPENDS_helium = "core openembedded-layer networking-layer"
+LAYERSERIES_COMPAT_helium = "langdale mickledore"
--- a/recipes-connectivity/networkmanager/networkmanager_%.bbappend
+++ b/recipes-connectivity/networkmanager/networkmanager_%.bbappend
@ -0,0 +1,5 @@
+# Missing dependency
+DEPENDS += " nss"
+
+# WiFi is machine feature, not distro one
+PACKAGECONFIG += "${@bb.utils.contains('MACHINE_FEATURES', 'wifi', ' wifi', '', d)}"
--- a/recipes-core/images/helium-image-default.bb
+++ b/recipes-core/images/helium-image-default.bb
@ -0,0 +1,75 @@
+SUMMARY = "Helium default image"
+LICENSE = "MIT"
+
+#DISTRO := "helium"
+
+inherit core-image
+inherit image-buildinfo
+
+# base system packages
+OS_BASE = " \
+	base-files \
+	base-passwd \
+	busybox \
+	busybox-syslog \
+	initscripts \
+	netbase \
+	networkmanager \
+	networkmanager-nmtui \
+	init-ifupdown \
+	tzdata \
+"
+
+# standard userspace tools
+OS_TOOLS = " \
+	dropbear \
+	less \
+	htop \
+	screen \
+	nano \
+"
+
+# helium base packages
+HELIUM_BASE = " \
+"
+
+# helium extra tools
+HELIUM_TOOLS = " \
+"
+
+IMAGE_INSTALL += " \
+	${OS_BASE} \
+	${OS_TOOLS} \
+	${HELIUM_BASE} \
+	${HELIUM_TOOLS} \
+"
+
+
+
+IMAGE_FEATURES += "\
+	ssh-server-dropbear \
+	package-management \
+"
+
+# default user/password config
+inherit extrausers
+HELIUM_UID = "1000"
+HELIUM_GID = "1000"
+HELIUM_PASSWD = "\$1\$BFS1T2Yb\$umbig5XRyIOVrFGS1phly0"
+HELIUM_ROOT_PASSWD = "\$1\$IgVsR0cM\$WUkg3Nd.1bAGLWjf9.t.3/"
+EXTRA_USERS_PARAMS = "\
+	groupadd -g ${HELIUM_GID} helium; \
+	useradd -p '${HELIUM_PASSWD}' -g helium -u ${HELIUM_UID} helium; \
+	usermod -p '${HELIUM_ROOT_PASSWD}' root; \
+"
+
+# image manifest - list of installed packages
+ROOTFS_POSTUNINSTALL_COMMAND += ";add_image_manifest"
+add_image_manifest() {
+	cp ${IMAGE_MANIFEST} ${IMAGE_ROOTFS}/etc/image_manifest
+}
+
+IMAGE_FSTYPES = "cpio.gz"
+# Apparently we're using initamfs as rootfs (?)
+# Allow it to grow big (limited to 4GB for now)
+INITRAMFS_MAXSIZE = "4194304"
--- a/recipes-core/initscripts/initscripts/hidepid.sh
+++ b/recipes-core/initscripts/initscripts/hidepid.sh
@ -0,0 +1,13 @@
+#!/bin/sh
+. /etc/init.d/functions
+
+# remount /proc with hidepid option making other users' processes invisible
+# additionaly harden /proc a little bit more
+PROCOPTS="rw,nosuid,nodev,noexec,relatime,hidepid=2"
+if mount -o remount,$PROCOPTS /proc; then
+	success()
+	echo " /proc remouted with $PROCOPTS"
+else
+	failure()
+	echo "/proc not remounted, hidepid not enabled"
+fi
--- a/recipes-core/initscripts/initscripts_%.bbappend
+++ b/recipes-core/initscripts/initscripts_%.bbappend
@ -0,0 +1,9 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
+
+SRC_URI = "file://hidepid.sh"
+S = "${WORKDIR}"
+
+do_install:append () {
+	install -m 0755 ${WORKDIR}/hidepid.sh ${D}${sysconfdir}/init.d
+	update-rc.d -r ${D} hidepid.sh start 10 S .
+}