isa/citadel
1
0
Fork 0
forked from brl/citadel
Code Pull Requests Activity

Compare commits

merge into: isa:master
Branches Tags
isa:master isa:updates isa:installer isa:timezone isa:reproducibility isa:miscellaneous isa:fix isa:apt-cacher isa:internet isa:build_system isa:poky-zeus brl:master brl:poky-zeus
...
pull from: isa:updates
Branches Tags
isa:updates isa:master isa:installer isa:timezone isa:reproducibility isa:miscellaneous isa:fix isa:apt-cacher isa:internet isa:build_system isa:poky-zeus brl:master brl:poky-zeus

4 Commits
master ... updates

Author SHA1 Message Date
isa
a38e8a91ac Add channel and per-channel signing 2025-09-26 02:25:45 -04:00
isa
52f0caaeb8 Fix typo in kernel version 2025-08-29 02:04:02 -04:00
isa
75e16dc2bd Add basic update tooling 2025-08-29 02:00:42 -04:00
isa
74dcaddcba Convert images version to use semver 2025-08-29 01:57:33 -04:00
20 changed files with 440 additions and 551 deletions
Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -1,3 +1,5 @@
build/ build/
bitbake-cookerdaemon.log bitbake-cookerdaemon.log
*~ *~
*.priv
*.pub

59
meta-citadel/classes/citadel-image.bbclass
View File

@@ -1,35 +1,77 @@
DEPENDS:append = " citadel-tools-native mtools-native cryptsetup-native coreutils-native" DEPENDS:append = " citadel-tools-native mtools-native cryptsetup-native coreutils-native"
inherit image
require conf/distro/citadel-distro.conf
# Block size must be 4096 or dm-verity won't work # Block size must be 4096 or dm-verity won't work
EXTRA_IMAGECMD:ext4 = "-i 4096 -b 4096" EXTRA_IMAGECMD:ext4 = "-i 4096 -b 4096"
IMAGE_FSTYPES = "ext4" IMAGE_FSTYPES = "ext4"
IMAGE_OVERHEAD_FACTOR = "1.2" IMAGE_OVERHEAD_FACTOR = "1.2"
inherit image
CITADEL_IMAGE_CHANNEL ??= "dev" python () {
import os
import re
import bb
recipe_file = d.getVar('FILE')
if recipe_file is None:
bb.fatal("FILE variable is not set. This indicates a problem with the build environment.")
# Derive layerdir from recipe_file
# recipe_file is something like /home/builder/citadel/poky/../meta-citadel/recipes-citadel/images/base-realmfs-image.bb
# We need to get /home/builder/citadel/meta-citadel
meta_citadel_index = recipe_file.find('meta-citadel')
if meta_citadel_index == -1:
bb.fatal("Could not find 'meta-citadel' in recipe file path.")
layerdir = os.path.abspath(recipe_file[:meta_citadel_index + len('meta-citadel')])
# Manually parse citadel-distro.conf to get CITADEL_CHANNEL
citadel_distro_conf_path = os.path.join(layerdir, 'conf', 'distro', 'citadel-distro.conf')
citadel_channel = None
try:
with open(citadel_distro_conf_path, 'r') as f:
for line in f:
match = re.match(r'CITADEL_CHANNEL\s*=\s*"(.*)"', line)
if match:
citadel_channel = match.group(1)
break
except FileNotFoundError:
bb.fatal(f"citadel-distro.conf not found at {citadel_distro_conf_path}")
if citadel_channel is None:
bb.fatal(f"CITADEL_CHANNEL not found in {citadel_distro_conf_path}. Please ensure it is set.")
private_key_path = os.path.join(layerdir, 'recipes-citadel', 'citadel-keys', 'files', citadel_channel + '.priv')
d.setVar('PRIVATE_KEY_PATH_ABS', private_key_path)
}
CITADEL_CHANNEL ??= "dev"
CITADEL_IMAGE_COMPRESS ??= "true" CITADEL_IMAGE_COMPRESS ??= "true"
do_citadel_mkimage() { do_citadel_mkimage() {
set -x
cat > ${B}/mkimage.conf << EOF cat > ${B}/mkimage.conf << EOF
image-type = "${CITADEL_IMAGE_TYPE}" image-type = "${CITADEL_IMAGE_TYPE}"
channel = "${CITADEL_IMAGE_CHANNEL}" channel = "${CITADEL_CHANNEL}"
version = ${CITADEL_IMAGE_VERSION} version = "${CITADEL_IMAGE_VERSION}"
timestamp = "${DATETIME}" timestamp = "${DATETIME}"
source = "${IMGDEPLOYDIR}/${IMAGE_LINK_NAME}.ext4" source = "${IMGDEPLOYDIR}/${IMAGE_LINK_NAME}.ext4"
compress = ${CITADEL_IMAGE_COMPRESS} compress = ${CITADEL_IMAGE_COMPRESS}
EOF EOF
if [ "${CITADEL_CHANNEL}" != "dev" ]; then
ver=$(printf "%03d" ${CITADEL_IMAGE_VERSION}) echo 'private-key-path = "${PRIVATE_KEY_PATH_ABS}"' >> ${B}/mkimage.conf
fi
ver=${CITADEL_IMAGE_VERSION}
if [ "${CITADEL_IMAGE_TYPE}" = "kernel" ]; then if [ "${CITADEL_IMAGE_TYPE}" = "kernel" ]; then
KERNEL_ID=$(generate_kernel_id) KERNEL_ID=$(generate_kernel_id)
echo "kernel-version = \"${CITADEL_KERNEL_VERSION}\"" >> ${B}/mkimage.conf echo "kernel-version = \"${CITADEL_KERNEL_VERSION}\"" >> ${B}/mkimage.conf
echo "kernel-id = \"${KERNEL_ID}\"" >> ${B}/mkimage.conf echo "kernel-id = \"${KERNEL_ID}\"" >> ${B}/mkimage.conf
fname="citadel-kernel-${CITADEL_KERNEL_VERSION}-${CITADEL_IMAGE_CHANNEL}-${ver}.img" fname="citadel-kernel-${CITADEL_KERNEL_VERSION}-${CITADEL_CHANNEL}-${ver}.img"
else else
fname="citadel-${CITADEL_IMAGE_TYPE}-${CITADEL_IMAGE_CHANNEL}-${ver}.img" fname="citadel-${CITADEL_IMAGE_TYPE}-${CITADEL_CHANNEL}-${ver}.img"
fi fi
citadel-mkimage ${B} citadel-mkimage ${B}
mv ${B}/${fname} ${IMGDEPLOYDIR} mv ${B}/${fname} ${IMGDEPLOYDIR}
@@ -38,6 +80,7 @@ EOF
addtask do_citadel_mkimage after do_image_ext4 before do_image_complete addtask do_citadel_mkimage after do_image_ext4 before do_image_complete
do_citadel_mkimage[cleandirs] = "${B}" do_citadel_mkimage[cleandirs] = "${B}"
do_citadel_mkimage[vardepsexclude] = "DATETIME" do_citadel_mkimage[vardepsexclude] = "DATETIME"
do_citadel_mkimage[vardeps] += "CITADEL_CHANNEL"
IMAGE_POSTPROCESS_COMMAND += " generate_shasum_buildhistory ;" IMAGE_POSTPROCESS_COMMAND += " generate_shasum_buildhistory ;"

11
meta-citadel/conf/distro/citadel-distro.conf
View File

@@ -46,3 +46,14 @@ INHERIT += "buildhistory"
PREFERRED_RPROVIDER_libdevmapper-native = "libdevmapper-native" PREFERRED_RPROVIDER_libdevmapper-native = "libdevmapper-native"
require conf/distro/include/security_flags.inc require conf/distro/include/security_flags.inc
# --- Citadel Update Configuration ---
# Single source of truth for update client, channel, and component versions.
CITADEL_CLIENT = "public"
CITADEL_CHANNEL = "dev"
CITADEL_PUBLISHER = "Subgraph"
CITADEL_ROOTFS_VERSION = "0.1.0"
CITADEL_KERNEL_VERSION = "6.14.0"
CITADEL_EXTRA_VERSION = "0.1.0"
CITADEL_REALMFS_VERSION = "0.1.0"

1
meta-citadel/recipes-citadel/bbappends/iptables/iptables.rules
View File

@@ -6,4 +6,5 @@
-A OUTPUT -p udp -m udp --sport 68 --dport 67 -j ACCEPT -A OUTPUT -p udp -m udp --sport 68 --dport 67 -j ACCEPT
-A OUTPUT -p udp -m owner --uid-owner systemd-timesync -j ACCEPT -A OUTPUT -p udp -m owner --uid-owner systemd-timesync -j ACCEPT
-A OUTPUT -j LOG --log-uid --log-prefix 'iptables' -A OUTPUT -j LOG --log-uid --log-prefix 'iptables'
-A OUTPUT -p tcp -m owner --uid-owner citadel-tool --dports 443 -j ACCEPT
COMMIT COMMIT

19
meta-citadel/recipes-citadel/citadel-config/citadel-config.bb
View File

@@ -27,6 +27,8 @@ UDEV_RULES = "\
file://udev/udisks2-hide.rules \ file://udev/udisks2-hide.rules \
" "
DEFAULT_PASSWORD = "\ DEFAULT_PASSWORD = "\
file://citadel-create-config.sh \
file://systemd/citadel-create-config.service \
file://citadel-setpassword.sh \ file://citadel-setpassword.sh \
file://systemd/citadel-setpassword.service \ file://systemd/citadel-setpassword.service \
" "
@@ -60,7 +62,9 @@ SRC_URI = "\
file://apt-cacher-ng/acng.conf \ file://apt-cacher-ng/acng.conf \
file://apt-cacher-ng/security.conf \ file://apt-cacher-ng/security.conf \
file://iwd/main.conf \ file://iwd/main.conf \
file://citadel-fetch/update_server_key.pub \
file://pulse/cookie \ file://pulse/cookie \
file://citadel.conf.in \
${DEFAULT_REALM_UNITS} \ ${DEFAULT_REALM_UNITS} \
${MODPROBE_CONFIG} \ ${MODPROBE_CONFIG} \
${SYSCTL_CONFIG} \ ${SYSCTL_CONFIG} \
@@ -77,7 +81,7 @@ RDEPENDS:${PN} = "bash"
inherit allarch systemd useradd inherit allarch systemd useradd
SYSTEMD_SERVICE:${PN} = "zram-swap.service citadel-launch-default-realm.path x11-session-switcher.service citadel-installer-backend.service installer-session-switcher.service citadel-setpassword.service watch-resolvconf.service watch-resolvconf.path" SYSTEMD_SERVICE:${PN} = "zram-swap.service citadel-launch-default-realm.path x11-session-switcher.service citadel-installer-backend.service installer-session-switcher.service citadel-setpassword.service watch-resolvconf.service watch-resolvconf.path citadel-create-config.service"
do_install() { do_install() {
install -m 0755 -d ${D}/storage install -m 0755 -d ${D}/storage
@@ -124,6 +128,9 @@ do_install() {
install -m 644 ${UNPACKDIR}/systemd/watch-resolvconf.service ${D}${systemd_system_unitdir} install -m 644 ${UNPACKDIR}/systemd/watch-resolvconf.service ${D}${systemd_system_unitdir}
install -m 644 ${UNPACKDIR}/systemd/watch-resolvconf.path ${D}${systemd_system_unitdir} install -m 644 ${UNPACKDIR}/systemd/watch-resolvconf.path ${D}${systemd_system_unitdir}
install -m 644 ${UNPACKDIR}/systemd/citadel-create-config.service ${D}${systemd_system_unitdir}
install -m 0754 ${UNPACKDIR}/citadel-create-config.sh ${D}${libexecdir}
install -m 644 ${UNPACKDIR}/systemd/citadel-setpassword.service ${D}${systemd_system_unitdir} install -m 644 ${UNPACKDIR}/systemd/citadel-setpassword.service ${D}${systemd_system_unitdir}
install -m 0754 ${UNPACKDIR}/citadel-setpassword.sh ${D}${libexecdir} install -m 0754 ${UNPACKDIR}/citadel-setpassword.sh ${D}${libexecdir}
install -d ${D}${systemd_user_unitdir}/gnome-session@citadel-installer.target.d install -d ${D}${systemd_user_unitdir}/gnome-session@citadel-installer.target.d
@@ -174,6 +181,9 @@ do_install() {
install -m 0644 ${UNPACKDIR}/iwd/main.conf ${D}${sysconfdir}/iwd/ install -m 0644 ${UNPACKDIR}/iwd/main.conf ${D}${sysconfdir}/iwd/
install -d ${D}${sysconfdir}/citadel
install -m 0644 ${UNPACKDIR}/citadel-fetch/update_server_key.pub ${D}${sysconfdir}/citadel/
install -d ${D}${datadir}/apt-cacher-ng/conf install -d ${D}${datadir}/apt-cacher-ng/conf
install -m 0644 ${UNPACKDIR}/apt-cacher-ng/acng.conf ${D}${datadir}/apt-cacher-ng/conf/ install -m 0644 ${UNPACKDIR}/apt-cacher-ng/acng.conf ${D}${datadir}/apt-cacher-ng/conf/
install -m 0644 ${UNPACKDIR}/apt-cacher-ng/security.conf ${D}${datadir}/apt-cacher-ng/conf/ install -m 0644 ${UNPACKDIR}/apt-cacher-ng/security.conf ${D}${datadir}/apt-cacher-ng/conf/
@@ -186,6 +196,13 @@ do_install() {
ln -s /dev/null ${D}${sysconfdir}/tmpfiles.d/etc.conf ln -s /dev/null ${D}${sysconfdir}/tmpfiles.d/etc.conf
ln -s /dev/null ${D}${sysconfdir}/tmpfiles.d/home.conf ln -s /dev/null ${D}${sysconfdir}/tmpfiles.d/home.conf
# Process citadel.conf.in template
install -d ${D}${datadir}/factory/storage/citadel-state
sed -e 's/@CITADEL_CLIENT@/${CITADEL_CLIENT}/g' \
-e 's/@CITADEL_CHANNEL@/${CITADEL_CHANNEL}/g' \
-e 's/@CITADEL_PUBLISHER@/${CITADEL_PUBLISHER}/g' \
< ${UNPACKDIR}/citadel.conf.in > ${D}${datadir}/factory/storage/citadel-state/citadel.conf
install -d ${D}${datadir}/themes install -d ${D}${datadir}/themes
install -d ${D}${datadir}/icons install -d ${D}${datadir}/icons
install -d ${D}${libdir}/modules install -d ${D}${libdir}/modules

12
meta-citadel/recipes-citadel/citadel-config/citadel-config/citadel-create-config.sh Normal file
View File

@@ -0,0 +1,12 @@
#!/bin/sh
set -e
CONFIG_FILE="/storage/citadel-state/citadel.conf"
FACTORY_CONFIG_FILE="/usr/share/factory/storage/citadel-state/citadel.conf"
if [ ! -f "${CONFIG_FILE}" ]; then
if [ -f "${FACTORY_CONFIG_FILE}" ]; then
cp "${FACTORY_CONFIG_FILE}" "${CONFIG_FILE}"
chmod 0644 "${CONFIG_FILE}"
fi
fi

7
meta-citadel/recipes-citadel/citadel-config/citadel-config/citadel.conf.in Normal file
View File

@@ -0,0 +1,7 @@
# Citadel OS Configuration
# This file contains persistent settings for the OS.
# It is generated from a template during the Yocto build.
CITADEL_CLIENT="@CITADEL_CLIENT@"
CITADEL_CHANNEL="@CITADEL_CHANNEL@"
CITADEL_PUBLISHER="@CITADEL_PUBLISHER@"

10
meta-citadel/recipes-citadel/citadel-config/citadel-config/systemd/citadel-create-config.service Normal file
View File

@@ -0,0 +1,10 @@
[Unit]
Description=Create Citadel config file from factory default
ConditionPathExists=!/storage/citadel-state/citadel.conf
[Service]
Type=oneshot
ExecStart=/usr/libexec/citadel-create-config.sh
[Install]
WantedBy=multi-user.target

3
meta-citadel/recipes-citadel/citadel-config/files/citadel-fetch/update_server_key.pub Normal file
View File

@@ -0,0 +1,3 @@
-----BEGIN PUBLIC KEY-----
BLABLABLABLABLABLABLABLABLABLA
-----END PUBLIC KEY-----

26
meta-citadel/recipes-citadel/citadel-keys/citadel-keys.bb Normal file
View File

@@ -0,0 +1,26 @@
SUMMARY = "Installs the single public key for Citadel image verification"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
PV = "1.0"
NO_STAGING_AREA = "1"
# S = "${WORKDIR}"
# SRC_URI is still needed for dependency tracking
FILES:${PN} += "/usr/share/citadel/keys/"
do_install() {
if [ -f "${THISDIR}/files/dev.pub" ] || [ -f "${THISDIR}/files/dev.priv" ]; then
bbfatal "dev.pub or dev.priv should not exist. The dev channel must not have a pre-set key."
fi
install -d ${D}/usr/share/citadel/keys/
if [ "${CITADEL_CHANNEL}" != "dev" ]; then
KEY_FILE="${THISDIR}/files/${CITADEL_CHANNEL}.pub"
if [ ! -f "${KEY_FILE}" ]; then
bbfatal "Public key for channel '${CITADEL_CHANNEL}' not found at ${KEY_FILE}"
fi
install -m 0644 "${KEY_FILE}" ${D}/usr/share/citadel/keys/${CITADEL_CHANNEL}.pub
fi
}

53
meta-citadel/recipes-citadel/images/base-realmfs-image.bb
View File

@@ -7,32 +7,75 @@ PACKAGE_ARCH = "${MACHINE_ARCH}"
inherit deploy inherit deploy
require citadel-image.inc require citadel-image.inc
require conf/distro/citadel-distro.conf
REALMFS_DIR = "${TOPDIR}/realmfs" REALMFS_DIR = "${TOPDIR}/realmfs"
CITADEL_IMAGE_VERSION = "1" CITADEL_IMAGE_VERSION = "${CITADEL_REALMFS_VERSION}"
python () {
import os
import re
import bb
recipe_file = d.getVar('FILE')
if recipe_file is None:
bb.fatal("FILE variable is not set. This indicates a problem with the build environment.")
# Derive layerdir from recipe_file
# recipe_file is something like /home/builder/citadel/poky/../meta-citadel/recipes-citadel/images/base-realmfs-image.bb
# We need to get /home/builder/citadel/meta-citadel
meta_citadel_index = recipe_file.find('meta-citadel')
if meta_citadel_index == -1:
bb.fatal("Could not find 'meta-citadel' in recipe file path.")
layerdir = os.path.abspath(recipe_file[:meta_citadel_index + len('meta-citadel')])
# Manually parse citadel-distro.conf to get CITADEL_CHANNEL
citadel_distro_conf_path = os.path.join(layerdir, 'conf', 'distro', 'citadel-distro.conf')
citadel_channel = None
try:
with open(citadel_distro_conf_path, 'r') as f:
for line in f:
match = re.match(r'CITADEL_CHANNEL\s*=\s*"(.*)"', line)
if match:
citadel_channel = match.group(1)
break
except FileNotFoundError:
bb.fatal(f"citadel-distro.conf not found at {citadel_distro_conf_path}")
if citadel_channel is None:
bb.fatal(f"CITADEL_CHANNEL not found in {citadel_distro_conf_path}. Please ensure it is set.")
private_key_path = os.path.join(layerdir, 'recipes-citadel', 'citadel-keys', 'files', citadel_channel + '.priv')
d.setVar('PRIVATE_KEY_PATH_ABS', private_key_path)
}
do_realmfs_mkimage() { do_realmfs_mkimage() {
cat > ${B}/mkimage.conf << EOF cat > ${B}/mkimage.conf << EOF
image-type = "realmfs" image-type = "realmfs"
channel = "${CITADEL_IMAGE_CHANNEL}" channel = "${CITADEL_CHANNEL}"
version = 1 version = "${CITADEL_IMAGE_VERSION}"
timestamp = "${DATETIME}" timestamp = "${DATETIME}"
source = "${REALMFS_DIR}/citadel-realmfs.ext4" source = "${REALMFS_DIR}/citadel-realmfs.ext4"
realmfs-name = "base" realmfs-name = "base"
compress = true compress = true
private-key-path = "${PRIVATE_KEY_PATH_ABS}"
EOF EOF
citadel-mkimage ${B} citadel-mkimage ${B}
} }
addtask do_realmfs_mkimage after do_configure before do_build addtask do_realmfs_mkimage after do_configure before do_build
do_realmfs_mkimage[vardepsexclude] = "DATETIME" do_realmfs_mkimage[vardepsexclude] = "DATETIME"
do_realmfs_mkimage[vardeps] += "CITADEL_CHANNEL"
do_realmfs_mkimage[cleandirs] = "${B}" do_realmfs_mkimage[cleandirs] = "${B}"
do_deploy() { do_deploy() {
ver=$(printf "%03d" ${CITADEL_IMAGE_VERSION}) ver=${CITADEL_IMAGE_VERSION}
fname="citadel-realmfs-${CITADEL_IMAGE_CHANNEL}-${ver}.img" fname="citadel-realmfs-${CITADEL_CHANNEL}-${ver}.img"
install -m 644 -T ${B}/${fname} ${DEPLOYDIR}/base-realmfs.img install -m 644 -T ${B}/${fname} ${DEPLOYDIR}/base-realmfs.img
} }
addtask do_deploy after do_realmfs_mkimage before do_build addtask do_deploy after do_realmfs_mkimage before do_build
do_deploy[vardeps] += "CITADEL_CHANNEL"
do_fetch[noexec] = "1" do_fetch[noexec] = "1"
do_unpack[noexec] = "1" do_unpack[noexec] = "1"

2
meta-citadel/recipes-citadel/images/citadel-extra-image.bb
View File

@@ -14,7 +14,7 @@ PACKAGE_INSTALL = "\
adwaita-icon-theme-symbolic \ adwaita-icon-theme-symbolic \
" "
CITADEL_IMAGE_VERSION = "${CITADEL_IMAGE_VERSION_extra}" CITADEL_IMAGE_VERSION = "${CITADEL_EXTRA_VERSION}"
CITADEL_IMAGE_TYPE = "extra" CITADEL_IMAGE_TYPE = "extra"
require citadel-image.inc require citadel-image.inc

7
meta-citadel/recipes-citadel/images/citadel-image.inc
View File

@@ -1,10 +1,3 @@
CITADEL_IMAGE_CHANNEL = "dev"
CITADEL_IMAGE_VERSION_rootfs = "1"
CITADEL_IMAGE_VERSION_extra = "1"
CITADEL_IMAGE_VERSION_kernel = "1"
CITADEL_KERNEL_VERSION = "6.14.0" CITADEL_KERNEL_VERSION = "6.14.0"
CITADEL_KERNEL_CONFIG = "${COREBASE}/../meta-citadel/recipes-kernel/citadel-kernel/files/defconfig" CITADEL_KERNEL_CONFIG = "${COREBASE}/../meta-citadel/recipes-kernel/citadel-kernel/files/defconfig"

12
meta-citadel/recipes-citadel/images/citadel-installer-image.bb
View File

@@ -53,9 +53,9 @@ install_syslinux_files() {
install_image_files() { install_image_files() {
install -d ${IMAGE_ROOTFS}/images install -d ${IMAGE_ROOTFS}/images
install_resource_image "rootfs" ${CITADEL_IMAGE_VERSION_rootfs} install_resource_image "rootfs" ${CITADEL_ROOTFS_VERSION}
install_resource_image "extra" ${CITADEL_IMAGE_VERSION_extra} install_resource_image "extra" ${CITADEL_EXTRA_VERSION}
install_resource_image "kernel" ${CITADEL_IMAGE_VERSION_kernel} install_resource_image "kernel" ${CITADEL_KERNEL_VERSION}
install ${DEPLOY_DIR_IMAGE}/base-realmfs.img ${IMAGE_ROOTFS}/images/ install ${DEPLOY_DIR_IMAGE}/base-realmfs.img ${IMAGE_ROOTFS}/images/
} }
@@ -95,13 +95,13 @@ EOF
} }
install_resource_image() { install_resource_image() {
version=$(printf "%03d" ${2}) version=${2}
if [ "${1}" = "kernel" ]; then if [ "${1}" = "kernel" ]; then
src_fname="citadel-kernel-${CITADEL_KERNEL_VERSION}-${CITADEL_IMAGE_CHANNEL}-${version}.img" src_fname="citadel-kernel-${CITADEL_KERNEL_VERSION}-${CITADEL_CHANNEL}-${version}.img"
dst_fname="citadel-kernel-${CITADEL_KERNEL_VERSION}.img" dst_fname="citadel-kernel-${CITADEL_KERNEL_VERSION}.img"
else else
src_fname="citadel-${1}-${CITADEL_IMAGE_CHANNEL}-${version}.img" src_fname="citadel-${1}-${CITADEL_CHANNEL}-${version}.img"
dst_fname="citadel-${1}.img" dst_fname="citadel-${1}.img"
fi fi

2
meta-citadel/recipes-citadel/images/citadel-kernel-image.bb
View File

@@ -3,7 +3,7 @@ LICENSE = "MIT"
PACKAGE_INSTALL = "kernel-modules" PACKAGE_INSTALL = "kernel-modules"
CITADEL_IMAGE_VERSION = "${CITADEL_IMAGE_VERSION_kernel}" CITADEL_IMAGE_VERSION = "${CITADEL_KERNEL_VERSION}"
CITADEL_IMAGE_TYPE = "kernel" CITADEL_IMAGE_TYPE = "kernel"
require citadel-image.inc require citadel-image.inc

8
meta-citadel/recipes-citadel/images/citadel-rootfs-image.bb
View File

@@ -2,6 +2,7 @@
SUMMARY = "Subgraph OS Citadel image builder" SUMMARY = "Subgraph OS Citadel image builder"
LICENSE = "MIT" LICENSE = "MIT"
SYSTEMD_DEFAULT_TARGET = "graphical.target" SYSTEMD_DEFAULT_TARGET = "graphical.target"
ROOTFS_POSTPROCESS_COMMAND += "set_disable_root_password; symlink_lib64; setup_var; append_os_release;" ROOTFS_POSTPROCESS_COMMAND += "set_disable_root_password; symlink_lib64; setup_var; append_os_release;"
@@ -11,7 +12,7 @@ IMAGE_INSTALL += "\
packagegroup-citadel \ packagegroup-citadel \
" "
CITADEL_IMAGE_VERSION = "${CITADEL_IMAGE_VERSION_rootfs}" CITADEL_IMAGE_VERSION = "${CITADEL_ROOTFS_VERSION}"
CITADEL_IMAGE_TYPE = "rootfs" CITADEL_IMAGE_TYPE = "rootfs"
require citadel-image.inc require citadel-image.inc
@@ -54,8 +55,9 @@ setup_var() {
} }
append_os_release() { append_os_release() {
echo "CITADEL_CHANNEL=\"${CITADEL_IMAGE_CHANNEL}\"" >> ${IMAGE_ROOTFS}/etc/os-release echo "CITADEL_CHANNEL=\"${CITADEL_CHANNEL}\"" >> ${IMAGE_ROOTFS}/etc/os-release
echo "CITADEL_ROOTFS_VERSION=\"${CITADEL_IMAGE_VERSION_rootfs}\"" >> ${IMAGE_ROOTFS}/etc/os-release echo "CITADEL_ROOTFS_VERSION=${CITADEL_ROOTFS_VERSION}" >> ${IMAGE_ROOTFS}/etc/os-release
echo "PRETTY_NAME=\"Citadel ${DISTRO_VERSION}\"" >> ${IMAGE_ROOTFS}/etc/os-release
} }
do_rm_var_link() { do_rm_var_link() {

1
meta-citadel/recipes-citadel/packagegroups/packagegroup-citadel-base.bb
View File

@@ -16,6 +16,7 @@ BASH_COMPLETION = "\
RDEPENDS:${PN} = "\ RDEPENDS:${PN} = "\
keyutils \ keyutils \
citadel-config \ citadel-config \
citadel-keys \
base-files \ base-files \
base-passwd \ base-passwd \
systemd \ systemd \

742
meta-citadel/recipes-core/citadel-tools/citadel-tools-crates.inc
View File

File diff suppressed because it is too large Load Diff

11
meta-citadel/recipes-core/citadel-tools/citadel-tools_0.1.0.bb
View File

@@ -3,7 +3,7 @@ HOMEPAGE = "http://github.com/subgraph/citadel"
LICENSE = "CLOSED" LICENSE = "CLOSED"
LIC_FILES_CHKSUM="" LIC_FILES_CHKSUM=""
inherit cargo cargo-update-recipe-crates systemd gsettings pkgconfig inherit cargo cargo-update-recipe-crates systemd gsettings pkgconfig useradd
# DONUT USE CARGO BITBAKE ANYMORE! # DONUT USE CARGO BITBAKE ANYMORE!
# #
@@ -14,7 +14,7 @@ require citadel-tools-crates.inc
# #
# Update this when changes are pushed to github # Update this when changes are pushed to github
# #
SRCREV = "39ac0948ef4695f4f3de815d2920c372d00028b4" SRCREV = "43f0e3ff98ac7b40838c00615f0445c4a7ed7ce7"
# get git repo owner from citadel to find the correct citadel-tools repo path # get git repo owner from citadel to find the correct citadel-tools repo path
python () { python () {
@@ -54,11 +54,15 @@ FILES:${PN} = "\
${bindir}/citadel-image \ ${bindir}/citadel-image \
${bindir}/citadel-realmfs \ ${bindir}/citadel-realmfs \
${bindir}/citadel-update \ ${bindir}/citadel-update \
${bindir}/citadel-fetch \
${systemd_system_unitdir} \ ${systemd_system_unitdir} \
${sysconfdir}/dbus-1/system.d \ ${sysconfdir}/dbus-1/system.d \
${datadir}/applications \ ${datadir}/applications \
" "
USERADD_PACKAGES = "${PN}"
USERADD_PARAM:${PN} = "-m -u 700 -s /bin/nologin citadel-tool"
SYSTEMD_SERVICE:${PN} = "citadel-current-watcher.path citadel-realmsd.service citadel-boot-automount.service" SYSTEMD_SERVICE:${PN} = "citadel-current-watcher.path citadel-realmsd.service citadel-boot-automount.service"
TARGET_BIN = "${B}/target/${CARGO_TARGET_SUBDIR}" TARGET_BIN = "${B}/target/${CARGO_TARGET_SUBDIR}"
@@ -89,6 +93,8 @@ do_install() {
# /usr/libexec/citadel-tool # /usr/libexec/citadel-tool
install -m 755 ${TARGET_BIN}/citadel-tool ${D}${libexecdir} install -m 755 ${TARGET_BIN}/citadel-tool ${D}${libexecdir}
# Change ownership of the main tool executable for citadel-fetch
chown 700 ${D}${libexecdir}/citadel-tool
# citadel-realms as /usr/bin/realms # citadel-realms as /usr/bin/realms
install -m 755 -T ${TARGET_BIN}/citadel-realms ${D}${bindir}/realms install -m 755 -T ${TARGET_BIN}/citadel-realms ${D}${bindir}/realms
@@ -108,6 +114,7 @@ do_install() {
ln ${D}${libexecdir}/citadel-tool ${D}${bindir}/citadel-mkimage ln ${D}${libexecdir}/citadel-tool ${D}${bindir}/citadel-mkimage
ln ${D}${libexecdir}/citadel-tool ${D}${bindir}/citadel-realmfs ln ${D}${libexecdir}/citadel-tool ${D}${bindir}/citadel-realmfs
ln ${D}${libexecdir}/citadel-tool ${D}${bindir}/citadel-update ln ${D}${libexecdir}/citadel-tool ${D}${bindir}/citadel-update
ln ${D}${libexecdir}/citadel-tool ${D}${bindir}/citadel-fetch
} }
# #

3
meta-citadel/recipes-initrd/images/citadel-initramfs-image.bb
View File

@@ -4,6 +4,7 @@ NO_RECOMMENDATIONS = "1"
PACKAGE_INSTALL = "\ PACKAGE_INSTALL = "\
citadel-initramfs \ citadel-initramfs \
citadel-keys \
citadel-tools-boot \ citadel-tools-boot \
cryptsetup \ cryptsetup \
lvm2 \ lvm2 \
@@ -182,7 +183,6 @@ SYSTEMD_UNITS = "\
umount.target \ umount.target \
" "
remove_systemd_wants() { remove_systemd_wants() {
for path in ${IMAGE_ROOTFS}${systemd_system_unitdir}/*; do for path in ${IMAGE_ROOTFS}${systemd_system_unitdir}/*; do
if [ -d ${path} ]; then if [ -d ${path} ]; then
@@ -229,5 +229,6 @@ append_initrd_release() {
cat >> ${IMAGE_ROOTFS}/etc/initrd-release << EOF cat >> ${IMAGE_ROOTFS}/etc/initrd-release << EOF
CITADEL_KERNEL_VERSION="${CITADEL_KERNEL_VERSION}" CITADEL_KERNEL_VERSION="${CITADEL_KERNEL_VERSION}"
CITADEL_KERNEL_ID="${KERNEL_ID}" CITADEL_KERNEL_ID="${KERNEL_ID}"
CITADEL_CHANNEL="${CITADEL_CHANNEL}"
EOF EOF
} }