update upstream to scarthgap

conf/distro/helium.conf

@@ -0,0 +1,39 @@
+DISTRO = "helium"
+DISTRO_NAME = "helium-linux"
+DISTRO_VERSION = "0.0.1"
+DISTRO_CODENAME = "abisko"
+
+TARGET_VENDOR = "-helium"
+MACHINE_SANE = "${@d.getVar('MACHINE').replace('-', '_')}"
+SDK_VENDOR = "-helium.${MACHINE_SANE}_sdk"
+SDK_VERSION = "${@d.getVar('DISTRO_VERSION').replace('snapshot-${METADATA_REVISION}', 'snapshot')}"
+SDK_VERSION[vardepvalue] = "${SDK_VERSION}"
+
+MAINTAINER = "Grzegorz Kowalski <g.kowalski@helium-embedded.org>"
+
+IMAGE_FSTYPES = "cpio.gz"
+QB_DEFAULT_FSTYPE = "cpio.gz"
+
+# C Library 
+TCLIBC = "musl"
+TCLIBCAPPEND = ""
+
+# drop native language support
+USE_NLS="no"
+IMAGE_LINGUAS = ""
+
+VIRTUAL-RUNTIME_init_manager ?= "busybox"
+VIRTUAL-RUNTIME_login_manager ?= "busybox"
+
+# distro config
+DISTRO_FEATURES += "ipv4 ipv6 nfs seccomp ldconfig"
+PACKAGE_CLASSES ?= "package_ipk"
+require conf/distro/include/no-static-libs.inc
+require conf/distro/include/security_flags.inc
+require conf/distro/include/yocto-uninative.inc
+INHERIT += "uninative"
+
+# SDK
+SDK_NAME = "${DISTRO}-${MACHINE}-${SDK_ARCH}-${TARGET_ARCH}"
+SDKPATHINSTALL = "/opt/isbt/${DISTRO}-sdk/${MACHINE}/${SDK_VERSION}"
+SDKMACHINE ?= "x86_64"

conf/layer.conf

@@ -0,0 +1,18 @@
+# We have a conf and classes directory, add to BBPATH
+BBPATH .= ":${LAYERDIR}"
+
+# We have recipes-* directories, add to BBFILES
+BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \
+			${LAYERDIR}/recipes-*/*/*.bbappend"
+
+BBFILE_COLLECTIONS += "helium"
+BBFILE_PATTERN_helium = "^${LAYERDIR}/"
+BBFILE_PRIORITY_helium = "6"
+
+# This should only be incremented on significant changes that will
+# cause compatibility issues with other layers
+LAYERVERSION_helium = "2"
+
+
+LAYERDEPENDS_helium = "core openembedded-layer networking-layer"
+LAYERSERIES_COMPAT_helium = "scarthgap"

recipes-config/helium-repos/helium-repos/helium-devices.conf

@@ -0,0 +1,3 @@
+src/gz	devices-@CPU@		https://packages.helium-embedded.org/@DISTRO@/@CODENAME@/devices/@CPU@
+src/gz	devices-@MACHINE@	https://packages.helium-embedded.org/@DISTRO@/@CODENAME@/devices/@MACHINE@
+src/gz	devices-all			https://packages.helium-embedded.org/@DISTRO@/@CODENAME@/devices/all

recipes-config/helium-repos/helium-repos/helium-extra.conf

@@ -0,0 +1,3 @@
+src/gz	extra-@CPU@			https://packages.helium-embedded.org/@DISTRO@/@CODENAME@/extra/@CPU@
+src/gz	extra-@MACHINE@		https://packages.helium-embedded.org/@DISTRO@/@CODENAME@/extra/@MACHINE@
+src/gz	extra-all			https://packages.helium-embedded.org/@DISTRO@/@CODENAME@/extra/all

recipes-config/helium-repos/helium-repos/helium-main.conf

@@ -0,0 +1,3 @@
+src/gz	main-@CPU@			https://packages.helium-embedded.org/@DISTRO@/@CODENAME@/main/@CPU@
+src/gz	main-@MACHINE@		https://packages.helium-embedded.org/@DISTRO@/@CODENAME@/main/@MACHINE@
+src/gz	main-all			https://packages.helium-embedded.org/@DISTRO@/@CODENAME@/main/all

recipes-config/helium-repos/helium-repos_1.0.bb

@@ -0,0 +1,29 @@
+SUMMARY = "Helium package repositories"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+
+SRC_URI = " \
+	file://helium-main.conf \
+	file://helium-devices.conf \
+	file://helium-extra.conf \
+"
+CONF_FILES = "helium-main.conf helium-devices.conf helium-extra.conf"
+
+PACKAGE_ARCH = "${MACHINE_ARCH}"
+
+do_configure() {
+	for conf in ${CONF_FILES}; do
+		cat ${WORKDIR}/$conf | \
+			sed -e "s/@DISTRO@/${DISTRO}/g" | \
+			sed -e "s/@CODENAME@/${DISTRO_CODENAME}/g" | \
+			sed -e "s/@CPU@/${TUNE_PKGARCH}/g" | \
+			sed -e "s/@MACHINE@/${MACHINE_ARCH}/g" \
+		 > ${B}/$conf
+	done
+}
+
+do_install() {
+	for conf in ${CONF_FILES}; do
+		install -D -m 0644 ${B}/$conf ${D}${sysconfdir}/opkg/$conf
+	done
+}

recipes-config/htoprc/htoprc/common.htoprc.in

@@ -0,0 +1,39 @@
+htop_version=3.2.2
+config_reader_min_version=3
+fields=0 48 17 18 38 39 40 2 46 47 49 1
+hide_kernel_threads=0
+hide_userland_threads=0
+hide_running_in_container=0
+shadow_other_users=0
+show_thread_names=0
+show_program_path=1
+highlight_base_name=1
+highlight_deleted_exe=1
+shadow_distribution_path_prefix=1
+highlight_megabytes=1
+highlight_threads=1
+highlight_changes=1
+highlight_changes_delay_secs=5
+find_comm_in_cmdline=1
+strip_exe_from_cmdline=1
+show_merged_command=0
+header_margin=1
+screen_tabs=1
+detailed_cpu_time=1
+cpu_count_from_one=0
+show_cpu_usage=1
+show_cpu_frequency=1
+update_process_names=0
+account_guest_in_cpu_meter=1
+color_scheme=0
+enable_mouse=1
+delay=15
+hide_function_bar=0
+header_layout=two_50_50
+tree_view=1
+sort_key=46
+tree_sort_key=0
+sort_direction=-1
+tree_sort_direction=1
+tree_view_always_by_pid=0
+all_branches_collapsed=0

recipes-config/htoprc/htoprc/meters_singlecore_no_swap.htoprc.in

@@ -0,0 +1,4 @@
+column_meters_0=Hostname AllCPUs AllCPUs
+column_meter_modes_0=2 3 1
+column_meters_1=Tasks LoadAverage Uptime Memory DiskIO NetworkIO
+column_meter_modes_1=2 2 2 1 1 1

recipes-config/htoprc/htoprc/meters_singlecore_with_swap.htoprc.in

@@ -0,0 +1,4 @@
+column_meters_0=Hostname AllCPUs AllCPUs
+column_meter_modes_0=2 3 1
+column_meters_1=Tasks LoadAverage Uptime MemorySwap DiskIO NetworkIO
+column_meter_modes_1=2 2 2 1 1 1

recipes-config/htoprc/htoprc/screens_multicore.htoprc.in

@@ -0,0 +1,16 @@
+screen:Main=PROCESSOR PID USER PRIORITY NICE M_VIRT M_RESIDENT M_SHARE STATE PERCENT_CPU PERCENT_MEM TIME Command
+.sort_key=PERCENT_CPU
+.tree_sort_key=PID
+.tree_view=1
+.tree_view_always_by_pid=0
+.sort_direction=-1
+.tree_sort_direction=1
+.all_branches_collapsed=0
+screen:I/O=PROCESSOR PID USER IO_PRIORITY IO_RATE IO_READ_RATE IO_WRITE_RATE PERCENT_SWAP_DELAY PERCENT_IO_DELAY Command
+.sort_key=IO_RATE
+.tree_sort_key=PID
+.tree_view=0
+.tree_view_always_by_pid=0
+.sort_direction=-1
+.tree_sort_direction=1
+.all_branches_collapsed=0

recipes-config/htoprc/htoprc/screens_singlecore.htoprc.in

@@ -0,0 +1,16 @@
+screen:Main=PID USER PRIORITY NICE M_VIRT M_RESIDENT M_SHARE STATE PERCENT_CPU PERCENT_MEM TIME Command
+.sort_key=PERCENT_CPU
+.tree_sort_key=PID
+.tree_view=1
+.tree_view_always_by_pid=0
+.sort_direction=-1
+.tree_sort_direction=1
+.all_branches_collapsed=0
+screen:I/O=PID USER IO_PRIORITY IO_RATE IO_READ_RATE IO_WRITE_RATE PERCENT_SWAP_DELAY PERCENT_IO_DELAY Command
+.sort_key=IO_RATE
+.tree_sort_key=PID
+.tree_view=0
+.tree_view_always_by_pid=0
+.sort_direction=-1
+.tree_sort_direction=1
+.all_branches_collapsed=0

recipes-config/htoprc/htoprc_1.0.bb

@@ -0,0 +1,46 @@
+SUMMARY = "htoprc - global htop configuration"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+
+SRC_URI = " \
+	file://common.htoprc.in \
+	file://meters_singlecore_no_swap.htoprc.in \
+	file://meters_singlecore_with_swap.htoprc.in \
+	file://screens_singlecore.htoprc.in \
+	file://screens_multicore.htoprc.in \
+"
+
+DEPENDS = "htop"
+PREFERRED_VERSION_htop = "3.2.2"
+
+PACKAGE_ARCH = "${MACHINE_ARCH}"
+
+# Sensible(?) defaults
+MACHINE_NUM_CORES ??= "1"
+HAS_SWAP ??= "0"
+
+do_compile() {
+	T=${B}/htoprc
+	cat ${WORKDIR}/common.htoprc.in > $T
+
+	if [ "${MACHINE_NUM_CORES}" -eq "1" ]; then
+		cat ${WORKDIR}/screens_singlecore.htoprc.in >> $T
+		if [ "${HAS_SWAP}" -eq "0" ]; then
+			cat ${WORKDIR}/meters_singlecore_no_swap.htoprc.in >> $T
+		else
+			cat ${WORKDIR}/meters_singlecore_with_swap.htoprc.in >> $T
+		fi
+	else
+		cat ${WORKDIR}/screens_multicore.htoprc.in >> $T
+		# TODO: these files do not exist yet
+		if [ "${HAS_SWAP}" -eq "0" ]; then
+			cat ${WORKDIR}/meters_multicore_no_swap.htoprc.in >> $T
+		else
+			cat ${WORKDIR}/meters_multicore_with_swap.htoprc.in >> $T
+		fi
+	fi
+}
+
+do_install() {
+	install -D -m 0644 ${B}/htoprc ${D}${sysconfdir}/htoprc
+}

recipes-connectivity/networkmanager/networkmanager_%.bbappend

@@ -0,0 +1,8 @@
+# Missing dependency
+DEPENDS += " nss"
+
+# WiFi is machine feature, not distro one
+PACKAGECONFIG += "${@bb.utils.contains('MACHINE_FEATURES', 'wifi', ' wifi', '', d)}"
+
+# build and install nmtui
+PACKAGECONFIG += "nmtui"

recipes-core/base-files/base-files/motd

@@ -0,0 +1,13 @@
+
+
+░▒▓█▓▒░░▒▓█▓▒░▒▓████████▓▒░▒▓█▓▒░      ░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓██████████████▓▒░  
+░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░      ░▒▓█▓▒░      ░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░░▒▓█▓▒░ 
+░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░      ░▒▓█▓▒░      ░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░░▒▓█▓▒░ 
+░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓█▓▒░      ░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░░▒▓█▓▒░ 
+░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░      ░▒▓█▓▒░      ░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░░▒▓█▓▒░ 
+░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░      ░▒▓█▓▒░      ░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░░▒▓█▓▒░ 
+░▒▓█▓▒░░▒▓█▓▒░▒▓████████▓▒░▒▓████████▓▒░▒▓█▓▒░░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░░▒▓█▓▒░ 
+                                                                                
+              @VERSION@ (@CODENAME@) @@MACHINE@
+
+

recipes-core/base-files/base-files_%.bbappend

@@ -0,0 +1,11 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
+
+# Sensible default value
+MACHINE_FRIENDLY_NAME ??= "${MACHINE}"
+
+do_configure:prepend() {
+	T=${WORKDIR}/motd
+	sed -i "s/@VERSION@/${DISTRO_VERSION}/" $T
+	sed -i "s/@CODENAME@/${DISTRO_CODENAME}/" $T
+	sed -i "s/@MACHINE@/${MACHINE_FRIENDLY_NAME}/" $T
+}

recipes-core/images/helium-image-default.bb

@@ -0,0 +1,45 @@
+SUMMARY = "Helium default image"
+LICENSE = "MIT"
+
+#DISTRO := "helium"
+
+inherit core-image
+inherit image-buildinfo
+
+IMAGE_INSTALL += " \
+	packagegroup-system-base \
+	packagegroup-system-tools \
+	packagegroup-hardening \
+	packagegroup-helium-base \
+	packagegroup-helium-tools \
+"
+
+IMAGE_FEATURES += " \
+	ssh-server-dropbear \
+	package-management \
+"
+# debug-tweaks are enabled by default in local.conf, disable this for Helium images
+IMAGE_FEATURES:remove = "debug-tweaks"
+
+# default user/password config
+inherit extrausers
+HELIUM_UID = "1000"
+HELIUM_GID = "1000"
+HELIUM_PASSWD = "\$1\$BFS1T2Yb\$umbig5XRyIOVrFGS1phly0"
+HELIUM_ROOT_PASSWD = "\$1\$IgVsR0cM\$WUkg3Nd.1bAGLWjf9.t.3/"
+EXTRA_USERS_PARAMS = "\
+	groupadd -g ${HELIUM_GID} helium; \
+	useradd -p '${HELIUM_PASSWD}' -g helium -u ${HELIUM_UID} helium; \
+	usermod -p '${HELIUM_ROOT_PASSWD}' root; \
+"
+
+# image manifest - list of installed packages
+ROOTFS_POSTUNINSTALL_COMMAND += ";add_image_manifest"
+add_image_manifest() {
+	cp ${IMAGE_MANIFEST} ${IMAGE_ROOTFS}/etc/image_manifest
+}
+
+IMAGE_FSTYPES = "cpio.gz"
+# Apparently we're using initamfs as rootfs (?)
+# Allow it to grow big (limited to 4GB for now)
+INITRAMFS_MAXSIZE = "4194304"

recipes-core/packagegroups/helium-packagegroup.inc

@@ -0,0 +1,5 @@
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+
+PACKAGE_ARCH = "${MACHINE_ARCH}"
+inherit packagegroup

recipes-core/packagegroups/packagegroup-hardening.bb

@@ -0,0 +1,6 @@
+DESCRIPTION = "System hardening package group"
+require helium-packagegroup.inc
+
+RDEPENDS:${PN} = " \
+	hidepid \
+"

recipes-core/packagegroups/packagegroup-helium-base.bb

@@ -0,0 +1,7 @@
+DESCRIPTION = "Helium base package group"
+require helium-packagegroup.inc
+
+RDEPENDS:${PN} = " \
+	helium-repos \
+	htoprc \
+"

recipes-core/packagegroups/packagegroup-helium-tools.bb

@@ -0,0 +1,5 @@
+DESCRIPTION = "Helium tools package group"
+require helium-packagegroup.inc
+
+RDEPENDS:${PN} = " \
+"

recipes-core/packagegroups/packagegroup-system-base.bb

@@ -0,0 +1,15 @@
+DESCRIPTION = "Base system package group"
+require helium-packagegroup.inc
+
+RDEPENDS:${PN} = " \
+	base-files \
+	base-passwd \
+	busybox \
+	busybox-syslog \
+	initscripts \
+	netbase \
+	networkmanager \
+	init-ifupdown \
+	tzdata \
+	dropbear \
+"

recipes-core/packagegroups/packagegroup-system-tools.bb

@@ -0,0 +1,9 @@
+DESCRIPTION = "System tools package group"
+require helium-packagegroup.inc
+
+RDEPENDS:${PN} = " \
+	less \
+	htop \
+	screen \
+	nano \
+"

recipes-hardening/hidepid/hidepid/hidepid.sh

@@ -0,0 +1,11 @@
+#!/bin/sh
+. /etc/init.d/functions
+
+# remount /proc with hidepid option making other users' processes invisible
+# additionaly harden /proc a little bit more
+PROCOPTS="rw,nosuid,nodev,noexec,relatime,hidepid=2"
+if mount -o remount,$PROCOPTS /proc; then
+	success; echo " /proc remouted with $PROCOPTS"
+else
+	failure; echo " /proc not remounted, hidepid not enabled"
+fi

recipes-hardening/hidepid/hidepid_1.0.bb

@@ -0,0 +1,15 @@
+SUMMARY = "hidepid - hide other users' processes from /proc"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+
+SRC_URI = "file://hidepid.sh"
+
+inherit allarch
+
+INITSCRIPT_NAME = "hidepid"
+INITSCRIPT_PARAMS = "start 10 S ."
+inherit update-rc.d
+
+do_install() {
+	install -D -m 0755 ${WORKDIR}/hidepid.sh ${D}${sysconfdir}/init.d/hidepid
+}