diff --git a/.github/build-canary-i386 b/.github/build-canary-i386 new file mode 100644 index 0000000..56a6051 --- /dev/null +++ b/.github/build-canary-i386 @@ -0,0 +1 @@ +1 \ No newline at end of file diff --git a/.github/build-canary-v3 b/.github/build-canary-v3 new file mode 100644 index 0000000..56a6051 --- /dev/null +++ b/.github/build-canary-v3 @@ -0,0 +1 @@ +1 \ No newline at end of file diff --git a/.github/build-nest-i386 b/.github/build-nest-i386 new file mode 100644 index 0000000..56a6051 --- /dev/null +++ b/.github/build-nest-i386 @@ -0,0 +1 @@ +1 \ No newline at end of file diff --git a/.github/build-nest-v3 b/.github/build-nest-v3 new file mode 100644 index 0000000..56a6051 --- /dev/null +++ b/.github/build-nest-v3 @@ -0,0 +1 @@ +1 \ No newline at end of file diff --git a/.github/release-canary-i386 b/.github/release-canary-i386 new file mode 100644 index 0000000..56a6051 --- /dev/null +++ b/.github/release-canary-i386 @@ -0,0 +1 @@ +1 \ No newline at end of file diff --git a/.github/release-canary-v3 b/.github/release-canary-v3 new file mode 100644 index 0000000..56a6051 --- /dev/null +++ b/.github/release-canary-v3 @@ -0,0 +1 @@ +1 \ No newline at end of file diff --git a/.github/release-nest-i386 b/.github/release-nest-i386 new file mode 100644 index 0000000..56a6051 --- /dev/null +++ b/.github/release-nest-i386 @@ -0,0 +1 @@ +1 \ No newline at end of file diff --git a/.github/release-nest-v3 b/.github/release-nest-v3 new file mode 100644 index 0000000..56a6051 --- /dev/null +++ b/.github/release-nest-v3 @@ -0,0 +1 @@ +1 \ No newline at end of file diff --git a/.github/workflows/build-canaryi386.yml b/.github/workflows/build-canaryi386.yml new file mode 100644 index 0000000..5d3fcb7 --- /dev/null +++ b/.github/workflows/build-canaryi386.yml @@ -0,0 +1,37 @@ +name: PikaOS Package Build Only (Canary) (i386) + +on: + push: + branches: + - main + paths: + - '.github/build-canary-i386' + +jobs: + build: + runs-on: ubuntu-latest + container: + image: ghcr.io/pikaos-linux/pikaos-builder:canaryi386 + volumes: + - /proc:/proc + options: --privileged -it + + steps: + - uses: actions/checkout@v3 + + - name: Install SSH key + uses: shimataro/ssh-key-action@v2 + with: + key: ${{ secrets.SSH_KEY }} + name: id_rsa + known_hosts: ${{ secrets.KNOWN_HOSTS }} + if_key_exists: replace + + - name: Update APT Cache + run: apt-get update -y + + - name: Set Build Config + run: cp -vf ./pika-build-config/i386.sh ./pika-build-config.sh + + - name: Build Package + run: ./main.sh diff --git a/.github/workflows/build-canaryv3.yml b/.github/workflows/build-canaryv3.yml new file mode 100644 index 0000000..bff3d86 --- /dev/null +++ b/.github/workflows/build-canaryv3.yml @@ -0,0 +1,37 @@ +name: PikaOS Package Build Only (Canary) (amd64-v3) + +on: + push: + branches: + - main + paths: + - '.github/build-canary-v3' + +jobs: + build: + runs-on: ubuntu-latest + container: + image: ghcr.io/pikaos-linux/pikaos-builder:canaryv3 + volumes: + - /proc:/proc + options: --privileged -it + + steps: + - uses: actions/checkout@v3 + + - name: Install SSH key + uses: shimataro/ssh-key-action@v2 + with: + key: ${{ secrets.SSH_KEY }} + name: id_rsa + known_hosts: ${{ secrets.KNOWN_HOSTS }} + if_key_exists: replace + + - name: Update APT Cache + run: apt-get update -y + + - name: Set Build Config + run: cp -vf ./pika-build-config/amd64-v3.sh ./pika-build-config.sh + + - name: Build Package + run: ./main.sh diff --git a/.github/workflows/build-nesti386.yml b/.github/workflows/build-nesti386.yml new file mode 100644 index 0000000..10c1653 --- /dev/null +++ b/.github/workflows/build-nesti386.yml @@ -0,0 +1,37 @@ +name: PikaOS Package Build Only (i386) + +on: + push: + branches: + - main + paths: + - '.github/build-nest-i386' + +jobs: + build: + runs-on: ubuntu-latest + container: + image: ghcr.io/pikaos-linux/pikaos-builder:nesti386 + volumes: + - /proc:/proc + options: --privileged -it + + steps: + - uses: actions/checkout@v3 + + - name: Install SSH key + uses: shimataro/ssh-key-action@v2 + with: + key: ${{ secrets.SSH_KEY }} + name: id_rsa + known_hosts: ${{ secrets.KNOWN_HOSTS }} + if_key_exists: replace + + - name: Update APT Cache + run: apt-get update -y + + - name: Set Build Config + run: cp -vf ./pika-build-config/i386.sh ./pika-build-config.sh + + - name: Build Package + run: ./main.sh diff --git a/.github/workflows/build-nestv3.yml b/.github/workflows/build-nestv3.yml new file mode 100644 index 0000000..64fa5ad --- /dev/null +++ b/.github/workflows/build-nestv3.yml @@ -0,0 +1,43 @@ +name: PikaOS Package Build Only (amd64-v3) + +on: + push: + branches: + - main + paths: + - '.github/build-nest-v3' + +jobs: + build: + runs-on: ubuntu-latest + container: + image: ghcr.io/pikaos-linux/pikaos-builder:nestv3 + volumes: + - /proc:/proc + options: --privileged -it + + steps: + - uses: actions/checkout@v3 + + - name: Install SSH key + uses: shimataro/ssh-key-action@v2 + with: + key: ${{ secrets.SSH_KEY }} + name: id_rsa + known_hosts: ${{ secrets.KNOWN_HOSTS }} + if_key_exists: replace + + - name: Update APT Cache + run: apt-get update -y + + - name: Set Build Config + run: cp -vf ./pika-build-config/amd64-v3.sh ./pika-build-config.sh + + - name: Build Package + run: ./main.sh + + #- uses: actions/upload-artifact@v3 + # with: + # name: sbctl-all + # path: | + # output/sbctl*.deb diff --git a/.github/workflows/release-canaryi386.yml b/.github/workflows/release-canaryi386.yml new file mode 100644 index 0000000..653861d --- /dev/null +++ b/.github/workflows/release-canaryi386.yml @@ -0,0 +1,40 @@ +name: PikaOS Package Build & Release (Canary) (i386) + +on: + push: + branches: + - main + paths: + - '.github/release-canary-i386' + +jobs: + build: + runs-on: ubuntu-latest + container: + image: ghcr.io/pikaos-linux/pikaos-builder:canaryi386 + volumes: + - /proc:/proc + options: --privileged -it + + steps: + - uses: actions/checkout@v3 + + - name: Install SSH key + uses: shimataro/ssh-key-action@v2 + with: + key: ${{ secrets.SSH_KEY }} + name: id_rsa + known_hosts: ${{ secrets.KNOWN_HOSTS }} + if_key_exists: replace + + - name: Update APT Cache + run: apt-get update -y + + - name: Set Build Config + run: cp -vf ./pika-build-config/i386.sh ./pika-build-config.sh + + - name: Build Package + run: ./main.sh + + - name: Release Package + run: ./release.sh diff --git a/.github/workflows/release-canaryv3.yml b/.github/workflows/release-canaryv3.yml new file mode 100644 index 0000000..436c8ff --- /dev/null +++ b/.github/workflows/release-canaryv3.yml @@ -0,0 +1,40 @@ +name: PikaOS Package Build & Release (Canary) (amd64-v3) + +on: + push: + branches: + - main + paths: + - '.github/release-canary-v3' + +jobs: + build: + runs-on: ubuntu-latest + container: + image: ghcr.io/pikaos-linux/pikaos-builder:canaryv3 + volumes: + - /proc:/proc + options: --privileged -it + + steps: + - uses: actions/checkout@v3 + + - name: Install SSH key + uses: shimataro/ssh-key-action@v2 + with: + key: ${{ secrets.SSH_KEY }} + name: id_rsa + known_hosts: ${{ secrets.KNOWN_HOSTS }} + if_key_exists: replace + + - name: Update APT Cache + run: apt-get update -y + + - name: Set Build Config + run: cp -vf ./pika-build-config/amd64-v3.sh ./pika-build-config.sh + + - name: Build Package + run: ./main.sh + + - name: Release Package + run: ./release.sh diff --git a/.github/workflows/release-nesti386.yml b/.github/workflows/release-nesti386.yml new file mode 100644 index 0000000..126d643 --- /dev/null +++ b/.github/workflows/release-nesti386.yml @@ -0,0 +1,40 @@ +name: PikaOS Package Build & Release (i386) + +on: + push: + branches: + - main + paths: + - '.github/release-nest-i386' + +jobs: + build: + runs-on: ubuntu-latest + container: + image: ghcr.io/pikaos-linux/pikaos-builder:nesti386 + volumes: + - /proc:/proc + options: --privileged -it + + steps: + - uses: actions/checkout@v3 + + - name: Install SSH key + uses: shimataro/ssh-key-action@v2 + with: + key: ${{ secrets.SSH_KEY }} + name: id_rsa + known_hosts: ${{ secrets.KNOWN_HOSTS }} + if_key_exists: replace + + - name: Update APT Cache + run: apt-get update -y + + - name: Set Build Config + run: cp -vf ./pika-build-config/i386.sh ./pika-build-config.sh + + - name: Build Package + run: ./main.sh + + - name: Release Package + run: ./release.sh diff --git a/.github/workflows/release-nestv3.yml b/.github/workflows/release-nestv3.yml new file mode 100644 index 0000000..ed42bb7 --- /dev/null +++ b/.github/workflows/release-nestv3.yml @@ -0,0 +1,40 @@ +name: PikaOS Package Build & Release (amd64-v3) + +on: + push: + branches: + - main + paths: + - '.github/release-nest-v3' + +jobs: + build: + runs-on: ubuntu-latest + container: + image: ghcr.io/pikaos-linux/pikaos-builder:nestv3 + volumes: + - /proc:/proc + options: --privileged -it + + steps: + - uses: actions/checkout@v3 + + - name: Install SSH key + uses: shimataro/ssh-key-action@v2 + with: + key: ${{ secrets.SSH_KEY }} + name: id_rsa + known_hosts: ${{ secrets.KNOWN_HOSTS }} + if_key_exists: replace + + - name: Update APT Cache + run: apt-get update -y + + - name: Set Build Config + run: cp -vf ./pika-build-config/amd64-v3.sh ./pika-build-config.sh + + - name: Build Package + run: ./main.sh + + - name: Release Package + run: ./release.sh diff --git a/LICENSE.md b/LICENSE.md new file mode 100644 index 0000000..16ff30b --- /dev/null +++ b/LICENSE.md @@ -0,0 +1,24 @@ +MIT License (With DPKG packaging compatibility) + +Copyright (c) 2024 PikaOS + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +Notes: +The files covered by this license are any files and directories in the root of this repository (including but not limited to: `main.sh`, `release.sh`, and `.github`), with the exception of the `debian` directory and its contents if `debian/copyright` exists, and declares any files or directories as a different LICENSE/COPYRIGHT. diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..9a16186 --- /dev/null +++ b/Makefile @@ -0,0 +1,9 @@ +all: + true + +install: + find . + install -Dp -m755 ./packaging/pikaos/regenerate_uki "$(DESTDIR)/usr/sbin/regenerate_uki" + install -Dp -m755 ./packaging/pikaos/regenerate_uki-prerm "$(DESTDIR)/etc/kernel/prerm.d/regenerate_uki" + install -Dp -m755 ./packaging/pikaos/regenerate_uki-postinst "$(DESTDIR)/etc/kernel/postinst.d/zzz-regenerate_uki" + install -Dp -m755 ./packaging/pikaos/regenerate_uki-pkexec "$(DESTDIR)/usr/bin/regenerate_uki" diff --git a/README.md b/README.md index e39d03d..a2dcfba 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# sbctl-extra +# sbctl-booster-extra Contains extra files and package config for sbctl. diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..0a3dd50 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +sbctl-booster-extra (0.0.1-101pika1) pika; urgency=low + + * Initial release. + + -- cybik Fri, 30 Oct 2024 13:37:00 -0700 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..cafb88f --- /dev/null +++ b/debian/control @@ -0,0 +1,30 @@ +Source: sbctl-booster-extra +Section: admin +Priority: optional +Maintainer: cybik +Standards-Version: 4.6.1 +Build-Depends: + debhelper-compat (= 13), asciidoc +Rules-Requires-Root: no + +Package: sbctl-booster-extra +Architecture: linux-any +Depends: + ${misc:Depends}, ${shlibs:Depends}, util-linux, binutils, sbctl, booster, pciutils, systemd-boot-efi, jq, systemd-ukify +Provides: sbctl-extra +Homepage: https://sauce.cybik.moe/pikaos/sbctl-booster-extra +Vcs-Browser: https://sauce.cybik.moe/pikaos/sbctl-booster-extra +Vcs-Git: https://sauce.cybik.moe/pikaos/sbctl-booster-extra.git +Description: SecureBoot + Booster - Integration files + The sbctl tool allows one to create keys for secure boot, + securely enroll them, and keep track of files to sign + and/or that have been signed. + + The booster package is a fast initramfs builder used by + PikaOS. + + This package contains extra files for sbctl and booster + integration into PikaOS systems, namely for: + + * Automatic SecureBoot signing and cleanup when installing + or updating kernels diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..e69de29 diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..cfe82af --- /dev/null +++ b/debian/rules @@ -0,0 +1,76 @@ +#! /usr/bin/make -f + +## See debhelper(7) (uncomment to enable). +## Output every command that modifies files on the build system. +export DH_VERBOSE = 1 +export PIKA_BUILD_ARCH = $(shell cat ../pika-build-arch) + +## === the chain of command === +## debuild runs a chain of dh functions in the following order: +## dh_testdir +## dh_clean +## dh_auto_clean +## dh_update_autotools_config +## dh_autoreconf +## dh_auto_configure +## dh_prep +## dh_build +## dh_auto_build +## dh_install +## dh_auto_install +## dh_installdocs +## dh_installchangelogs +## dh_perl +## dh_link +## dh_strip_nondeterminism +## dh_compress +## dh_fixperms +## dh_missing +## dh_dwz +## dh_strip +## dh_makeshlibs +## dh_shlibdeps +## dh_installdeb +## dh_gencontrol +## but you are most likely to only need to override the following: +## dh_clean +## dh_auto_configure +## dh_build +## dh_install + +## === End end of region === + +## === overriding dh functions === +## by default all dh functions will run a specific command based on the build system selected by "dh $@" +## if you have a makefile that does everything you need this is fine, +## but most likely you have no MakeFile and you want to add your own commands +## Note : overrides must be places above %: +## So here's a few examples: + +## overriding dh_clean to make it not delete rust vendor files: +#override_dh_clean: +# echo "disabled" + +#override_dh_auto_install: +# dh_auto_install + +override_dh_usrlocal: + echo "disabled" + +override_dh_dwz: + echo "disabled" + +## overriding dh_auto_configure to add custom configs: +#override_dh_auto_configure: +# $(srcdir)/configure -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_DATADIR=/usr/share -DCMAKE_LIBRARY_PATH=/usr/lib/x86_64-linux-gnu -DBUILD_PLUGIN=OFF + +## overriding dh_install to install files to a package: +#override_dh_auto_configure: +# mkdir -p debian/pikman/usr/bin +# cp pikman debian/pikman/usr/bin/ + +## === End end of region === + +## This here will start the build: +%: + dh $@ diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/main.sh b/main.sh new file mode 100755 index 0000000..c35cc1a --- /dev/null +++ b/main.sh @@ -0,0 +1,39 @@ +#! /bin/bash + +set -e + +. ./pika-build-config.sh + +echo "$PIKA_BUILD_ARCH" > pika-build-arch + +VERSION="0.15.4" + +# Who are we +PACKAGE_NAME="sbctl-booster-extra" + +# Clone Upstream +UPSTREAM_NAME="booster" + +# Checkout and munch +git clone https://github.com/ferrreo/booster.git "${UPSTREAM_NAME}" +cp -rvf ./debian ./${UPSTREAM_NAME}/ + +# easier than figuring out the right way to override the prefix in the makefile +#sed -i "s/usr\/local/usr/" "${UPSTREAM_NAME}/Makefile" +#sed -i "s/\$(PREFIX)\/bin/\$(PREFIX)\/sbin/" "${UPSTREAM_NAME}/Makefile" + +# Get in there. +pushd "./${UPSTREAM_NAME}/" || exit 1 + +# Get build deps +LOGNAME=root dh_make --createorig -y -l -p ${PACKAGE_NAME}_"$VERSION" || echo "dh-make: Ignoring Last Error" +apt-get build-dep ./ -y + +# Build package +dpkg-buildpackage --no-sign + +popd || exit 2 + +# Move the debs to output +mkdir -p ./output +mv ./*.deb ./output/ diff --git a/pika-build-config/amd64-v3.sh b/pika-build-config/amd64-v3.sh new file mode 100755 index 0000000..10285b4 --- /dev/null +++ b/pika-build-config/amd64-v3.sh @@ -0,0 +1,10 @@ +#! /bin/bash +export PIKA_BUILD_ARCH="amd64-v3" +export DEBIAN_FRONTEND="noninteractive" +export DEB_BUILD_MAINT_OPTIONS="optimize=+lto -march=x86-64-v3 -O3 -flto -fuse-linker-plugin -falign-functions=32" +export DEB_CFLAGS_MAINT_APPEND="-march=x86-64-v3 -O3 -flto -fuse-linker-plugin -falign-functions=32" +export DEB_CPPFLAGS_MAINT_APPEND="-march=x86-64-v3 -O3 -flto -fuse-linker-plugin -falign-functions=32" +export DEB_CXXFLAGS_MAINT_APPEND="-march=x86-64-v3 -O3 -flto -fuse-linker-plugin -falign-functions=32" +export DEB_LDFLAGS_MAINT_APPEND="-march=x86-64-v3 -O3 -flto -fuse-linker-plugin -falign-functions=32" +export DEB_BUILD_OPTIONS="nocheck notest terse" +export DPKG_GENSYMBOLS_CHECK_LEVEL=0 diff --git a/pika-build-config/i386.sh b/pika-build-config/i386.sh new file mode 100755 index 0000000..7629d66 --- /dev/null +++ b/pika-build-config/i386.sh @@ -0,0 +1,5 @@ +#! /bin/bash +export PIKA_BUILD_ARCH="i386" +export DEBIAN_FRONTEND="noninteractive" +export DEB_BUILD_OPTIONS="nocheck notest terse" +export DPKG_GENSYMBOLS_CHECK_LEVEL=0 diff --git a/release.sh b/release.sh new file mode 100755 index 0000000..2b121d4 --- /dev/null +++ b/release.sh @@ -0,0 +1,3 @@ +# send debs to server +rsync -azP --include './' --include '*.deb' --exclude '*' ./output/ ferreo@direct.pika-os.com:/srv/www/cockatiel-incoming/ +