brl/citadel
1
0
Fork 3
Code Issues Pull Requests 6 Packages Projects Releases Wiki Activity

Compare commits

merge into: brl:master
Branches Tags
brl:master brl:poky-zeus isa:updates isa:master isa:installer isa:timezone isa:reproducibility isa:miscellaneous isa:fix isa:apt-cacher isa:internet isa:build_system isa:poky-zeus
...
pull from: isa:updates
Branches Tags
isa:updates isa:master isa:installer isa:timezone isa:reproducibility isa:miscellaneous isa:fix isa:apt-cacher isa:internet isa:build_system isa:poky-zeus brl:master brl:poky-zeus

3 Commits

Author SHA1 Message Date
isa
52f0caaeb8 Fix typo in kernel version 2025-08-29 02:04:02 -04:00
isa
75e16dc2bd Add basic update tooling 2025-08-29 02:00:42 -04:00
isa
74dcaddcba Convert images version to use semver 2025-08-29 01:57:33 -04:00
16 changed files with 315 additions and 546 deletions
Expand all files Collapse all files

4
meta-citadel/classes/citadel-image.bbclass
View File

@@ -15,13 +15,13 @@ do_citadel_mkimage() {
cat > ${B}/mkimage.conf << EOF cat > ${B}/mkimage.conf << EOF
image-type = "${CITADEL_IMAGE_TYPE}" image-type = "${CITADEL_IMAGE_TYPE}"
channel = "${CITADEL_IMAGE_CHANNEL}" channel = "${CITADEL_IMAGE_CHANNEL}"
version = ${CITADEL_IMAGE_VERSION} version = "${CITADEL_IMAGE_VERSION}"
timestamp = "${DATETIME}" timestamp = "${DATETIME}"
source = "${IMGDEPLOYDIR}/${IMAGE_LINK_NAME}.ext4" source = "${IMGDEPLOYDIR}/${IMAGE_LINK_NAME}.ext4"
compress = ${CITADEL_IMAGE_COMPRESS} compress = ${CITADEL_IMAGE_COMPRESS}
EOF EOF
ver=$(printf "%03d" ${CITADEL_IMAGE_VERSION}) ver=${CITADEL_IMAGE_VERSION}
if [ "${CITADEL_IMAGE_TYPE}" = "kernel" ]; then if [ "${CITADEL_IMAGE_TYPE}" = "kernel" ]; then
KERNEL_ID=$(generate_kernel_id) KERNEL_ID=$(generate_kernel_id)

11
meta-citadel/conf/distro/citadel-distro.conf
View File

@@ -46,3 +46,14 @@ INHERIT += "buildhistory"
PREFERRED_RPROVIDER_libdevmapper-native = "libdevmapper-native" PREFERRED_RPROVIDER_libdevmapper-native = "libdevmapper-native"
require conf/distro/include/security_flags.inc require conf/distro/include/security_flags.inc
# --- Citadel Update Configuration ---
# Single source of truth for update client, channel, and component versions.
CITADEL_CLIENT = "public"
CITADEL_CHANNEL = "dev"
CITADEL_PUBLISHER = "Subgraph"
CITADEL_ROOTFS_VERSION = "0.1.0"
CITADEL_KERNEL_VERSION = "6.14.0"
CITADEL_EXTRA_VERSION = "0.1.0"
CITADEL_REALMFS_VERSION = "0.1.0"

1
meta-citadel/recipes-citadel/bbappends/iptables/iptables.rules
View File

@@ -6,4 +6,5 @@
-A OUTPUT -p udp -m udp --sport 68 --dport 67 -j ACCEPT -A OUTPUT -p udp -m udp --sport 68 --dport 67 -j ACCEPT
-A OUTPUT -p udp -m owner --uid-owner systemd-timesync -j ACCEPT -A OUTPUT -p udp -m owner --uid-owner systemd-timesync -j ACCEPT
-A OUTPUT -j LOG --log-uid --log-prefix 'iptables' -A OUTPUT -j LOG --log-uid --log-prefix 'iptables'
-A OUTPUT -p tcp -m owner --uid-owner citadel-tool --dports 443 -j ACCEPT
COMMIT COMMIT

19
meta-citadel/recipes-citadel/citadel-config/citadel-config.bb
View File

@@ -27,6 +27,8 @@ UDEV_RULES = "\
file://udev/udisks2-hide.rules \ file://udev/udisks2-hide.rules \
" "
DEFAULT_PASSWORD = "\ DEFAULT_PASSWORD = "\
file://citadel-create-config.sh \
file://systemd/citadel-create-config.service \
file://citadel-setpassword.sh \ file://citadel-setpassword.sh \
file://systemd/citadel-setpassword.service \ file://systemd/citadel-setpassword.service \
" "
@@ -60,7 +62,9 @@ SRC_URI = "\
file://apt-cacher-ng/acng.conf \ file://apt-cacher-ng/acng.conf \
file://apt-cacher-ng/security.conf \ file://apt-cacher-ng/security.conf \
file://iwd/main.conf \ file://iwd/main.conf \
file://citadel-fetch/update_server_key.pub \
file://pulse/cookie \ file://pulse/cookie \
file://citadel.conf.in \
${DEFAULT_REALM_UNITS} \ ${DEFAULT_REALM_UNITS} \
${MODPROBE_CONFIG} \ ${MODPROBE_CONFIG} \
${SYSCTL_CONFIG} \ ${SYSCTL_CONFIG} \
@@ -77,7 +81,7 @@ RDEPENDS:${PN} = "bash"
inherit allarch systemd useradd inherit allarch systemd useradd
SYSTEMD_SERVICE:${PN} = "zram-swap.service citadel-launch-default-realm.path x11-session-switcher.service citadel-installer-backend.service installer-session-switcher.service citadel-setpassword.service watch-resolvconf.service watch-resolvconf.path" SYSTEMD_SERVICE:${PN} = "zram-swap.service citadel-launch-default-realm.path x11-session-switcher.service citadel-installer-backend.service installer-session-switcher.service citadel-setpassword.service watch-resolvconf.service watch-resolvconf.path citadel-create-config.service"
do_install() { do_install() {
install -m 0755 -d ${D}/storage install -m 0755 -d ${D}/storage
@@ -124,6 +128,9 @@ do_install() {
install -m 644 ${UNPACKDIR}/systemd/watch-resolvconf.service ${D}${systemd_system_unitdir} install -m 644 ${UNPACKDIR}/systemd/watch-resolvconf.service ${D}${systemd_system_unitdir}
install -m 644 ${UNPACKDIR}/systemd/watch-resolvconf.path ${D}${systemd_system_unitdir} install -m 644 ${UNPACKDIR}/systemd/watch-resolvconf.path ${D}${systemd_system_unitdir}
install -m 644 ${UNPACKDIR}/systemd/citadel-create-config.service ${D}${systemd_system_unitdir}
install -m 0754 ${UNPACKDIR}/citadel-create-config.sh ${D}${libexecdir}
install -m 644 ${UNPACKDIR}/systemd/citadel-setpassword.service ${D}${systemd_system_unitdir} install -m 644 ${UNPACKDIR}/systemd/citadel-setpassword.service ${D}${systemd_system_unitdir}
install -m 0754 ${UNPACKDIR}/citadel-setpassword.sh ${D}${libexecdir} install -m 0754 ${UNPACKDIR}/citadel-setpassword.sh ${D}${libexecdir}
install -d ${D}${systemd_user_unitdir}/gnome-session@citadel-installer.target.d install -d ${D}${systemd_user_unitdir}/gnome-session@citadel-installer.target.d
@@ -174,6 +181,9 @@ do_install() {
install -m 0644 ${UNPACKDIR}/iwd/main.conf ${D}${sysconfdir}/iwd/ install -m 0644 ${UNPACKDIR}/iwd/main.conf ${D}${sysconfdir}/iwd/
install -d ${D}${sysconfdir}/citadel
install -m 0644 ${UNPACKDIR}/citadel-fetch/update_server_key.pub ${D}${sysconfdir}/citadel/
install -d ${D}${datadir}/apt-cacher-ng/conf install -d ${D}${datadir}/apt-cacher-ng/conf
install -m 0644 ${UNPACKDIR}/apt-cacher-ng/acng.conf ${D}${datadir}/apt-cacher-ng/conf/ install -m 0644 ${UNPACKDIR}/apt-cacher-ng/acng.conf ${D}${datadir}/apt-cacher-ng/conf/
install -m 0644 ${UNPACKDIR}/apt-cacher-ng/security.conf ${D}${datadir}/apt-cacher-ng/conf/ install -m 0644 ${UNPACKDIR}/apt-cacher-ng/security.conf ${D}${datadir}/apt-cacher-ng/conf/
@@ -186,6 +196,13 @@ do_install() {
ln -s /dev/null ${D}${sysconfdir}/tmpfiles.d/etc.conf ln -s /dev/null ${D}${sysconfdir}/tmpfiles.d/etc.conf
ln -s /dev/null ${D}${sysconfdir}/tmpfiles.d/home.conf ln -s /dev/null ${D}${sysconfdir}/tmpfiles.d/home.conf
# Process citadel.conf.in template
install -d ${D}${datadir}/factory/storage/citadel-state
sed -e 's/@CITADEL_CLIENT@/${CITADEL_CLIENT}/g' \
-e 's/@CITADEL_CHANNEL@/${CITADEL_CHANNEL}/g' \
-e 's/@CITADEL_PUBLISHER@/${CITADEL_PUBLISHER}/g' \
< ${UNPACKDIR}/citadel.conf.in > ${D}${datadir}/factory/storage/citadel-state/citadel.conf
install -d ${D}${datadir}/themes install -d ${D}${datadir}/themes
install -d ${D}${datadir}/icons install -d ${D}${datadir}/icons
install -d ${D}${libdir}/modules install -d ${D}${libdir}/modules

12
meta-citadel/recipes-citadel/citadel-config/citadel-config/citadel-create-config.sh Normal file
View File

@@ -0,0 +1,12 @@
#!/bin/sh
set -e
CONFIG_FILE="/storage/citadel-state/citadel.conf"
FACTORY_CONFIG_FILE="/usr/share/factory/storage/citadel-state/citadel.conf"
if [ ! -f "${CONFIG_FILE}" ]; then
if [ -f "${FACTORY_CONFIG_FILE}" ]; then
cp "${FACTORY_CONFIG_FILE}" "${CONFIG_FILE}"
chmod 0644 "${CONFIG_FILE}"
fi
fi

7
meta-citadel/recipes-citadel/citadel-config/citadel-config/citadel.conf.in Normal file
View File

@@ -0,0 +1,7 @@
# Citadel OS Configuration
# This file contains persistent settings for the OS.
# It is generated from a template during the Yocto build.
CITADEL_CLIENT="@CITADEL_CLIENT@"
CITADEL_CHANNEL="@CITADEL_CHANNEL@"
CITADEL_PUBLISHER="@CITADEL_PUBLISHER@"

10
meta-citadel/recipes-citadel/citadel-config/citadel-config/systemd/citadel-create-config.service Normal file
View File

@@ -0,0 +1,10 @@
[Unit]
Description=Create Citadel config file from factory default
ConditionPathExists=!/storage/citadel-state/citadel.conf
[Service]
Type=oneshot
ExecStart=/usr/libexec/citadel-create-config.sh
[Install]
WantedBy=multi-user.target

3
meta-citadel/recipes-citadel/citadel-config/files/citadel-fetch/update_server_key.pub Normal file
View File

@@ -0,0 +1,3 @@
-----BEGIN PUBLIC KEY-----
BLABLABLABLABLABLABLABLABLABLA
-----END PUBLIC KEY-----

10
meta-citadel/recipes-citadel/images/base-realmfs-image.bb
View File

@@ -9,12 +9,12 @@ inherit deploy
require citadel-image.inc require citadel-image.inc
REALMFS_DIR = "${TOPDIR}/realmfs" REALMFS_DIR = "${TOPDIR}/realmfs"
CITADEL_IMAGE_VERSION = "1" CITADEL_IMAGE_VERSION = "${CITADEL_REALMFS_VERSION}"
do_realmfs_mkimage() { do_realmfs_mkimage() {
cat > ${B}/mkimage.conf << EOF cat > ${B}/mkimage.conf << EOF
image-type = "realmfs" image-type = "realmfs"
channel = "${CITADEL_IMAGE_CHANNEL}" channel = "${CITADEL_CHANNEL}"
version = 1 version = "${CITADEL_IMAGE_VERSION}"
timestamp = "${DATETIME}" timestamp = "${DATETIME}"
source = "${REALMFS_DIR}/citadel-realmfs.ext4" source = "${REALMFS_DIR}/citadel-realmfs.ext4"
realmfs-name = "base" realmfs-name = "base"
@@ -28,8 +28,8 @@ do_realmfs_mkimage[vardepsexclude] = "DATETIME"
do_realmfs_mkimage[cleandirs] = "${B}" do_realmfs_mkimage[cleandirs] = "${B}"
do_deploy() { do_deploy() {
ver=$(printf "%03d" ${CITADEL_IMAGE_VERSION}) ver=${CITADEL_IMAGE_VERSION}
fname="citadel-realmfs-${CITADEL_IMAGE_CHANNEL}-${ver}.img" fname="citadel-realmfs-${CITADEL_CHANNEL}-${ver}.img"
install -m 644 -T ${B}/${fname} ${DEPLOYDIR}/base-realmfs.img install -m 644 -T ${B}/${fname} ${DEPLOYDIR}/base-realmfs.img
} }
addtask do_deploy after do_realmfs_mkimage before do_build addtask do_deploy after do_realmfs_mkimage before do_build

2
meta-citadel/recipes-citadel/images/citadel-extra-image.bb
View File

@@ -14,7 +14,7 @@ PACKAGE_INSTALL = "\
adwaita-icon-theme-symbolic \ adwaita-icon-theme-symbolic \
" "
CITADEL_IMAGE_VERSION = "${CITADEL_IMAGE_VERSION_extra}" CITADEL_IMAGE_VERSION = "${CITADEL_EXTRA_VERSION}"
CITADEL_IMAGE_TYPE = "extra" CITADEL_IMAGE_TYPE = "extra"
require citadel-image.inc require citadel-image.inc

7
meta-citadel/recipes-citadel/images/citadel-image.inc
View File

@@ -1,10 +1,3 @@
CITADEL_IMAGE_CHANNEL = "dev"
CITADEL_IMAGE_VERSION_rootfs = "1"
CITADEL_IMAGE_VERSION_extra = "1"
CITADEL_IMAGE_VERSION_kernel = "1"
CITADEL_KERNEL_VERSION = "6.14.0" CITADEL_KERNEL_VERSION = "6.14.0"
CITADEL_KERNEL_CONFIG = "${COREBASE}/../meta-citadel/recipes-kernel/citadel-kernel/files/defconfig" CITADEL_KERNEL_CONFIG = "${COREBASE}/../meta-citadel/recipes-kernel/citadel-kernel/files/defconfig"

12
meta-citadel/recipes-citadel/images/citadel-installer-image.bb
View File

@@ -53,9 +53,9 @@ install_syslinux_files() {
install_image_files() { install_image_files() {
install -d ${IMAGE_ROOTFS}/images install -d ${IMAGE_ROOTFS}/images
install_resource_image "rootfs" ${CITADEL_IMAGE_VERSION_rootfs} install_resource_image "rootfs" ${CITADEL_ROOTFS_VERSION}
install_resource_image "extra" ${CITADEL_IMAGE_VERSION_extra} install_resource_image "extra" ${CITADEL_EXTRA_VERSION}
install_resource_image "kernel" ${CITADEL_IMAGE_VERSION_kernel} install_resource_image "kernel" ${CITADEL_KERNEL_VERSION}
install ${DEPLOY_DIR_IMAGE}/base-realmfs.img ${IMAGE_ROOTFS}/images/ install ${DEPLOY_DIR_IMAGE}/base-realmfs.img ${IMAGE_ROOTFS}/images/
} }
@@ -95,13 +95,13 @@ EOF
} }
install_resource_image() { install_resource_image() {
version=$(printf "%03d" ${2}) version=${2}
if [ "${1}" = "kernel" ]; then if [ "${1}" = "kernel" ]; then
src_fname="citadel-kernel-${CITADEL_KERNEL_VERSION}-${CITADEL_IMAGE_CHANNEL}-${version}.img" src_fname="citadel-kernel-${CITADEL_KERNEL_VERSION}-${CITADEL_CHANNEL}-${version}.img"
dst_fname="citadel-kernel-${CITADEL_KERNEL_VERSION}.img" dst_fname="citadel-kernel-${CITADEL_KERNEL_VERSION}.img"
else else
src_fname="citadel-${1}-${CITADEL_IMAGE_CHANNEL}-${version}.img" src_fname="citadel-${1}-${CITADEL_CHANNEL}-${version}.img"
dst_fname="citadel-${1}.img" dst_fname="citadel-${1}.img"
fi fi

2
meta-citadel/recipes-citadel/images/citadel-kernel-image.bb
View File

@@ -3,7 +3,7 @@ LICENSE = "MIT"
PACKAGE_INSTALL = "kernel-modules" PACKAGE_INSTALL = "kernel-modules"
CITADEL_IMAGE_VERSION = "${CITADEL_IMAGE_VERSION_kernel}" CITADEL_IMAGE_VERSION = "${CITADEL_KERNEL_VERSION}"
CITADEL_IMAGE_TYPE = "kernel" CITADEL_IMAGE_TYPE = "kernel"
require citadel-image.inc require citadel-image.inc

8
meta-citadel/recipes-citadel/images/citadel-rootfs-image.bb
View File

@@ -2,6 +2,7 @@
SUMMARY = "Subgraph OS Citadel image builder" SUMMARY = "Subgraph OS Citadel image builder"
LICENSE = "MIT" LICENSE = "MIT"
SYSTEMD_DEFAULT_TARGET = "graphical.target" SYSTEMD_DEFAULT_TARGET = "graphical.target"
ROOTFS_POSTPROCESS_COMMAND += "set_disable_root_password; symlink_lib64; setup_var; append_os_release;" ROOTFS_POSTPROCESS_COMMAND += "set_disable_root_password; symlink_lib64; setup_var; append_os_release;"
@@ -11,7 +12,7 @@ IMAGE_INSTALL += "\
packagegroup-citadel \ packagegroup-citadel \
" "
CITADEL_IMAGE_VERSION = "${CITADEL_IMAGE_VERSION_rootfs}" CITADEL_IMAGE_VERSION = "${CITADEL_ROOTFS_VERSION}"
CITADEL_IMAGE_TYPE = "rootfs" CITADEL_IMAGE_TYPE = "rootfs"
require citadel-image.inc require citadel-image.inc
@@ -54,8 +55,9 @@ setup_var() {
} }
append_os_release() { append_os_release() {
echo "CITADEL_CHANNEL=\"${CITADEL_IMAGE_CHANNEL}\"" >> ${IMAGE_ROOTFS}/etc/os-release echo "CITADEL_CHANNEL=\"${CITADEL_CHANNEL}\"" >> ${IMAGE_ROOTFS}/etc/os-release
echo "CITADEL_ROOTFS_VERSION=\"${CITADEL_IMAGE_VERSION_rootfs}\"" >> ${IMAGE_ROOTFS}/etc/os-release echo "CITADEL_ROOTFS_VERSION=${CITADEL_ROOTFS_VERSION}" >> ${IMAGE_ROOTFS}/etc/os-release
echo "PRETTY_NAME=\"Citadel ${DISTRO_VERSION}\"" >> ${IMAGE_ROOTFS}/etc/os-release
} }
do_rm_var_link() { do_rm_var_link() {

742
meta-citadel/recipes-core/citadel-tools/citadel-tools-crates.inc
View File

File diff suppressed because it is too large Load Diff

11
meta-citadel/recipes-core/citadel-tools/citadel-tools_0.1.0.bb
View File

@@ -3,7 +3,7 @@ HOMEPAGE = "http://github.com/subgraph/citadel"
LICENSE = "CLOSED" LICENSE = "CLOSED"
LIC_FILES_CHKSUM="" LIC_FILES_CHKSUM=""
inherit cargo cargo-update-recipe-crates systemd gsettings pkgconfig inherit cargo cargo-update-recipe-crates systemd gsettings pkgconfig useradd
# DONUT USE CARGO BITBAKE ANYMORE! # DONUT USE CARGO BITBAKE ANYMORE!
# #
@@ -14,7 +14,7 @@ require citadel-tools-crates.inc
# #
# Update this when changes are pushed to github # Update this when changes are pushed to github
# #
SRCREV = "39ac0948ef4695f4f3de815d2920c372d00028b4" SRCREV = "08460b3d5e9b1c81492168d3d1031dc538b1c117"
# get git repo owner from citadel to find the correct citadel-tools repo path # get git repo owner from citadel to find the correct citadel-tools repo path
python () { python () {
@@ -54,11 +54,15 @@ FILES:${PN} = "\
${bindir}/citadel-image \ ${bindir}/citadel-image \
${bindir}/citadel-realmfs \ ${bindir}/citadel-realmfs \
${bindir}/citadel-update \ ${bindir}/citadel-update \
${bindir}/citadel-fetch \
${systemd_system_unitdir} \ ${systemd_system_unitdir} \
${sysconfdir}/dbus-1/system.d \ ${sysconfdir}/dbus-1/system.d \
${datadir}/applications \ ${datadir}/applications \
" "
USERADD_PACKAGES = "${PN}"
USERADD_PARAM:${PN} = "-m -u 700 -s /bin/nologin citadel-tool"
SYSTEMD_SERVICE:${PN} = "citadel-current-watcher.path citadel-realmsd.service citadel-boot-automount.service" SYSTEMD_SERVICE:${PN} = "citadel-current-watcher.path citadel-realmsd.service citadel-boot-automount.service"
TARGET_BIN = "${B}/target/${CARGO_TARGET_SUBDIR}" TARGET_BIN = "${B}/target/${CARGO_TARGET_SUBDIR}"
@@ -89,6 +93,8 @@ do_install() {
# /usr/libexec/citadel-tool # /usr/libexec/citadel-tool
install -m 755 ${TARGET_BIN}/citadel-tool ${D}${libexecdir} install -m 755 ${TARGET_BIN}/citadel-tool ${D}${libexecdir}
# Change ownership of the main tool executable for citadel-fetch
chown 700 ${D}${libexecdir}/citadel-tool
# citadel-realms as /usr/bin/realms # citadel-realms as /usr/bin/realms
install -m 755 -T ${TARGET_BIN}/citadel-realms ${D}${bindir}/realms install -m 755 -T ${TARGET_BIN}/citadel-realms ${D}${bindir}/realms
@@ -108,6 +114,7 @@ do_install() {
ln ${D}${libexecdir}/citadel-tool ${D}${bindir}/citadel-mkimage ln ${D}${libexecdir}/citadel-tool ${D}${bindir}/citadel-mkimage
ln ${D}${libexecdir}/citadel-tool ${D}${bindir}/citadel-realmfs ln ${D}${libexecdir}/citadel-tool ${D}${bindir}/citadel-realmfs
ln ${D}${libexecdir}/citadel-tool ${D}${bindir}/citadel-update ln ${D}${libexecdir}/citadel-tool ${D}${bindir}/citadel-update
ln ${D}${libexecdir}/citadel-tool ${D}${bindir}/citadel-fetch
} }
# #