Split repo: remove generic Aimee OS

Splitting the Home Assistant Yellow configuration into its own
repository; the generic Aimee OS build system and configuration are now
tracked in a separate repository.

.gitignore

@@ -1,7 +1,3 @@
-/images
+portage/*/etc/portage/make.profile
-/linux
+portage/*/etc/portage/repos.conf
-/output
+portage/target/etc/portage/make.conf/10-crossdev.conf
-/repos/x-portage
-/.built
-/.prepared
-/.host-tools

Makefile

@@ -1,134 +0,0 @@
-O ?= .
-IMAGESDIR ?= $(O)/images
-CONFIGDIR ?= .
-
-export CONFIGDIR
-
-update.tar: $(IMAGESDIR)/update.tar.zstd
-
-$(O)/.prepared: \
-		prepare.sh \
-		setup-local-repo.sh \
-		$(shell find patches/ebuilds -type f)
-	./prepare.sh
-	./setup-local-repo.sh
-	mkdir -p $(O)
-	touch $(O)/.prepared
-
-prepare: $(O)/.prepared
-
-$(O)/.host-tools: \
-		build-host-tools.sh \
-		host-tools.packages \
-		$(shell find $(CONFIGDIR)/portage/host -type f) \
-		$(O)/.prepared
-	./build-host-tools.sh
-	touch $(O)/.host-tools
-
-host-tools: $(O)/.host-tools
-
-$(O)/.built: \
-		build.sh \
-		build.packages \
-		install.packages \
-		$(CONFIGDIR)/build.packages \
-		$(CONFIGDIR)/install.packages \
-		$(shell find $(CONFIGDIR)/portage/target -type f) \
-		$(O)/.host-tools \
-		$(O)/.prepared
-	./build.sh
-	touch $(O)/.built
-
-build: $(O)/.built
-
-$(O)/semanage.mods: \
-		semanage.mods \
-		$(wildcard $(CONFIGDIR)/semanage.mods)
-	cat $^ > $@
-
-$(O)/.ready: \
-		build-rootfs.sh \
-		install.packages \
-		$(CONFIGDIR)/install.packages \
-		$(CONFIGDIR)/installonly.packages \
-		$(CONFIGDIR)/busybox.symlinks \
-		$(O)/linux/arch/arm64/boot/Image.gz \
-		$(O)/semanage.mods \
-		$(shell find overlay -type f) \
-		$(shell find $(CONFIGDIR)/overlay -type f 2>/dev/null) \
-		$(O)/.host-tools \
-		$(O)/.built
-	./build-rootfs.sh "$(O)"
-	touch $(O)/.ready
-
-$(O)/squashfs.exclude: \
-		squashfs.exclude \
-		$(shell test -f $(CONFIGDIR)/squashfs.exclude && echo $(CONFIGDIR)/squashfs.exclude)
-	mkdir -p $(O)
-	sort $^ > $@
-
-$(O)/squashfs.pseudo: \
-		$(wildcard $(CONFIGDIR)/squashfs.pseudo)
-	sort /dev/null $^ > $@
-
-$(IMAGESDIR)/rootfs.squashfs: \
-		build-squashfs.sh \
-		$(O)/squashfs.exclude \
-		$(O)/squashfs.pseudo \
-		$(O)/.ready
-	./build-squashfs.sh "$(O)" "$(IMAGESDIR)"
-
-squashfs: $(IMAGESDIR)/rootfs.squashfs
-
-$(O)/linux/arch/arm64/boot/Image.gz: \
-		build-kernel.sh \
-		$(CONFIGDIR)/linux.config \
-		$(O)/.host-tools \
-		$(O)/.prepared
-	./build-kernel.sh "$(O)"
-
-kernel: $(O)/linux/arch/arm64/boot/Image.gz
-
-$(O)/efi-part/EFI/BOOT/BOOTAA64.efi: \
-		build-grub.sh \
-		grub.cfg \
-		$(O)/.host-tools \
-		$(O)/.prepared
-	./build-grub.sh "$(O)"
-
-grub: $(O)/efi-part/EFI/BOOT/BOOTAA64.efi
-
-$(IMAGESDIR)/sdcard.img: \
-		genimage.cfg \
-		genimage.sh \
-		post-build.sh \
-		$(O)/efi-part/EFI/BOOT/BOOTAA64.efi \
-		$(IMAGESDIR)/rootfs.squashfs
-	./post-build.sh "$(O)"
-	./genimage.sh "$(O)" "$(IMAGESDIR)"
-
-sdcard.img: $(IMAGESDIR)/sdcard.img
-
-$(IMAGESDIR)/firmware.img: $(IMAGESDIR)/sdcard.img
-
-$(IMAGESDIR)/update.tar.zstd: \
-		$(IMAGESDIR)/rootfs.squashfs \
-		$(IMAGESDIR)/firmware.img \
-		install-update.sh \
-		$(O)/.host-tools \
-		$(O)/.prepared
-	./build-update.sh "$(IMAGESDIR)"
-
-clean:
-	rm -rf $(O)/linux $(O)/output $(IMAGESDIR) $(O)/tmp
-	rm -f $(O)/.prepared $(O)/.host-tools
-
-.PHONY: \
-	build \
-	grub \
-	host-tools \
-	kernel \
-	prepare \
-	sdcard.img \
-	squashfs \
-	update.tar

README.md

@@ -1,18 +0,0 @@
-## Errors
-
-### SWIOTLB Buffer
-
-> OF: reserved mem: failed to allocate memory for node
-> …
-> Can not allocate SWIOTLB buffer earlier and can't now provide you with the
-> DMA bounce buffer
-
-Ensure `start_x=1` is in `config.txt` and `start_file`/`fixup_file` are not
-specified.
-
-
-### U-Boot: Overwrite Reserved Memory
-
-> ** Reading file would overwrite reserved memory **
-
-Set `CONFIG_LMB_MAX_REGIONS=16` in `u-boot/.config`

build-grub.sh

@@ -1,44 +0,0 @@
-#!/bin/sh
-# vim: set sw=4 ts=4 sts=4 et :
-
-set -e
-
-. "${CONFIGDIR:=${PWD}}"/config
-
-O="${1}"
-
-GRUB_MODULES='
-boot
-echo
-efi_gop
-eval
-fat
-gzio
-linux
-loadenv
-normal
-part_gpt
-probe
-regexp
-serial
-squash4
-test
-xzio
-zstd
-'
-
-echo 'Creating GRUB image ...'
-mkdir -p "${O}"/efi-part/EFI/BOOT
-grub-mkimage \
-    -O arm64-efi \
-    -o "${O}"/efi-part/EFI/BOOT/BOOTAA64.efi \
-    -d /usr/${target}/usr/lib/grub/arm64-efi \
-    -p /EFI/gentoo \
-    ${GRUB_MODULES}
-
-echo 'Generating GRUB configuration file ...'
-mkdir -p "${O}"/efi-part/EFI/gentoo
-cp -uv grub.cfg "${O}"/efi-part/EFI/gentoo
-grub-editenv "${O}"/efi-part/EFI/gentoo/grubenv set rootflags='ro'
-grub-editenv "${O}"/efi-part/EFI/gentoo/grubenv set default=0
-grub-editenv "${O}"/efi-part/EFI/gentoo/grubenv set timeout=5

build-host-tools.sh

@@ -1,6 +0,0 @@
-#!/bin/sh
-# vim: set sw=4 ts=4 sts=4 et :
-
-PORTAGE_CONFIGROOT="${CONFIGDIR:=${PWD}}"/portage/host \
-< host-tools.packages xargs -ro \
-emerge -vnuUj --rebuilt-binaries=y

build-kernel.sh

@@ -1,40 +0,0 @@
-#!/bin/sh
-# vim: set sw=4 ts=4 sts=4 et :
-
-set -e
-
-O="${1}"
-
-. "${CONFIGDIR:=${PWD}}"/config
-
-PORTAGE_CONFIGROOT="${CONFIGDIR}"/portage/host \
-emerge -vnj ${kernel_pkg}
-
-export ARCH=arm64 CROSS_COMPILE=${target}-
-unset MAKEFLAGS MAKEOVERRIDES MAKELEVEL
-mkdir -p "${O}"/linux
-/usr/src/linux/scripts/kconfig/merge_config.sh -m \
-    -O "${O}"/linux \
-    /usr/src/linux/arch/*/configs/${kernel_defconfig}_defconfig \
-    "${CONFIGDIR}"/linux.config
-cd "${O}"/linux
-make -C /usr/src/linux O=${PWD} olddefconfig
-make -j$(nproc)
-touch arch/arm64/boot/Image.gz
-kver=$(make -s kernelversion)
-make modules_install INSTALL_MOD_PATH=/mnt/gentoo/usr
-cd -
-
-printf 'Installing Kernel %s ...\n' "${kver}"
-mkdir -p /mnt/gentoo/boot
-cp -au "${O}"/linux/arch/arm64/boot/Image.gz /mnt/gentoo/boot/vmlinuz-${kver}
-cp -au "${O}"/linux/.config /mnt/gentoo/boot/config-${kver}
-cp -au "${O}"/linux/System.map /mnt/gentoo/boot/System.map-${kver}
-
-printf 'Installing device tree binaries ...\n'
-mkdir -p "${O}"/efi-part/overlays
-cp -u "${O}"/linux/arch/arm64/boot/dts/${device_tree} "${O}"/efi-part/
-cp -u \
-    "${O}"/linux/arch/arm64/boot/dts/overlays/*.dtb \
-    "${O}"/linux/arch/arm64/boot/dts/overlays/*.dtbo \
-    "${O}"/efi-part/overlays/

build-rootfs.sh

@@ -1,116 +0,0 @@
-#!/bin/sh
-# vim: set sw=4 ts=4 sts=4 et :
-
-set -e
-
-. "${CONFIGDIR:=${PWD}}"/config
-
-O="${1}"
-
-mkdir -p \
-    /mnt/gentoo/usr/bin \
-    /mnt/gentoo/usr/lib \
-    /mnt/gentoo/usr/lib64 \
-    || exit
-[ -h /mnt/gentoo/bin ] || ln -s usr/bin /mnt/gentoo/bin
-[ -h /mnt/gentoo/sbin ] || ln -s usr/sbin /mnt/gentoo/sbin
-[ -h /mnt/gentoo/usr/sbin ] || ln -s bin /mnt/gentoo/usr/sbin
-[ -h /mnt/gentoo/lib ] || ln -s usr/lib /mnt/gentoo/lib
-[ -h /mnt/gentoo/lib64 ] || ln -s usr/lib64 /mnt/gentoo/lib64
-
-mkdir -p /mnt/gentoo/etc/portage
-ln -snf \
-    /var/db/repos/gentoo/profiles/${profile} \
-    /mnt/gentoo/etc/portage/make.profile
-
-cat \
-    install.packages \
-    "${CONFIGDIR}"/install.packages \
-    | xargs -ro \
-${target}-emerge \
-    --root=/mnt/gentoo \
-    --config-root="${CONFIGDIR}"/portage/target \
-    -KvnuUDj \
-    --rebuilt-binaries=y
-
-< "${CONFIGDIR}"/installonly.packages xargs -ro \
-${target}-emerge \
-    --root=/mnt/gentoo \
-    --config-root="${CONFIGDIR}"/portage/target \
-    -vnuUDj
-
-ROOT=/mnt/gentoo \
-locale-gen
-
-mkdir -p \
-    /mnt/gentoo/boot/efi \
-    /mnt/gentoo/dev \
-    /mnt/gentoo/home \
-    /mnt/gentoo/proc \
-    /mnt/gentoo/sys \
-    || exit
-
-: > /mnt/gentoo/etc/machine-id
-
-while read name; do
-    if [ ! -h /mnt/gentoo/bin/"${name}" ]; then
-        printf "'/bin/%s' -> 'busybox'\n" "${name}"
-        ln -snf busybox /mnt/gentoo/bin/"${name}" \
-            || printf 'Failed to create busybox symlink for %s\n' "${name}"
-    fi
-done < "${CONFIGDIR}"/busybox.symlinks
-
-rsync -rltpDO overlay/ /mnt/gentoo/
-if [ -d "${CONFIGDIR}"/overlay ]; then
-    rsync -rltpDO "${CONFIGDIR}"/overlay/ /mnt/gentoo/
-fi
-
-cp -uv /usr/${target}/usr/bin/grub-editenv /mnt/gentoo/usr/bin/
-
-if [ -d /mnt/gentoo/usr/${target} ]; then
-    rsync -aO /mnt/gentoo/usr/${target}/ /mnt/gentoo/
-fi
-
-if [ -f /mnt/gentoo/etc/udev/hwdb.bin ]; then
-    mv /mnt/gentoo/etc/udev/hwdb.bin /mnt/gentoo/usr/lib/udev/
-fi
-
-rm -f /mnt/gentoo/lib/tmpfiles.d/provision.conf
-systemd-tmpfiles --root=/mnt/gentoo -E --exclude-prefix=/var --create
-
-systemctl preset-all --root=/mnt/gentoo
-rm -f /mnt/gentoo/lib/systemd/system/sysinit.target.wants/ldconfig.service
-
-systemd-sysusers --root=/mnt/gentoo
-if grep -q '^root:.*/bin/bash$' /mnt/gentoo/etc/passwd; then
-    sed -ri 's@(root:.*):/bin/bash@\1:/bin/sh@' /mnt/gentoo/etc/passwd
-fi
-
-if ! grep -q Include /mnt/gentoo/etc/ssh/sshd_config; then
-    echo 'Include /etc/ssh/sshd_config.d/*.conf' \
-        >> /mnt/gentoo/etc/ssh/sshd_config
-fi
-
-# Although `semanage` accepts a `--store` argument that supposedly
-# instructs it to operate on an alternate SELinux policy store, it
-# doesn't actually work.  As such, we have to run `semanage` in an
-# alternate mount namespace with the target policy store bind-mounted
-# at the default location so `semanage` can operate on it.
-unshare -m sh -e <<EOF
-mount -o bind /mnt/gentoo/var/lib/selinux /var/lib/selinux
-mount -o bind /mnt/gentoo/etc/selinux /etc/selinux
-semanage import -N -f "${O}"/semanage.mods
-EOF
-
-setfiles \
-    -p \
-    -F \
-    -m \
-    -r /mnt/gentoo \
-    -c /mnt/gentoo/etc/selinux/mcs/policy/policy.* \
-    -e /mnt/gentoo/var/db/pkg \
-    -e /mnt/gentoo/etc/portage \
-    /mnt/gentoo/etc/selinux/mcs/contexts/files/file_contexts \
-    /mnt/gentoo
-
-touch /mnt/gentoo/usr

build-squashfs.sh

@@ -1,20 +0,0 @@
-#!/bin/sh
-# vim: set sw=4 ts=4 sts=4 et :
-
-set -e
-
-. "${CONFIGDIR:=${PWD}}"/config
-
-O="${1}"
-IMAGESDIR="${2}"
-
-mkdir -p "${IMAGESDIR}"
-mksquashfs \
-    /mnt/gentoo \
-    "${IMAGESDIR}"/rootfs.squashfs \
-    -comp gzip \
-    -ef "${O}"/squashfs.exclude \
-    -pf "${O}"/squashfs.pseudo \
-    -no-exports \
-    -noappend \
-    -wildcards

build-update.sh

@@ -1,20 +0,0 @@
-#!/bin/sh
-# vim: set sw=4 ts=4 sts=4 et :
-
-set -e
-
-. "${CONFIGDIR:=${PWD}}"/config
-
-IMAGESDIR="$1"
-
-cd "${IMAGESDIR}"
-sha256sum firmware.img > digests
-sha256sum rootfs.squashfs >> digests
-cp -u "${OLDPWD}"/install-update.sh install
-tar -c --zstd -f update.tar.zstd \
-    digests \
-    firmware.img \
-    rootfs.squashfs \
-    install \
-    || exit
-rm install

build.packages

@@ -1,2 +1 @@
-sys-boot/raspberrypi-firmware
+sys-boot/grub
-sys-boot/u-boot

build.sh

@@ -1,21 +0,0 @@
-#!/bin/sh
-# vim: set sw=4 ts=4 sts=4 et :
-
-set -e
-
-. "${CONFIGDIR}"/config
-
-unset MAKEFLAGS MAKEOVERRIDES MAKELEVEL
-
-export PORTAGE_CONFIGROOT="${CONFIGDIR}"/portage/target
-
-${target}-emerge -vuUDj sys-apps/util-linux
-
-cat \
-    build.packages \
-    install.packages \
-    "${CONFIGDIR}"/build.packages \
-    "${CONFIGDIR}"/install.packages \
-    | xargs -rot \
-${target}-emerge -bkvnuUDj
-${target}-emerge -bv @preserved-rebuild

flash.sh

@@ -1,20 +0,0 @@
-#!/bin/sh
-# vim: set sw=4 ts=4 sts=4 et :
-
-dev=$(readlink -f "$1")
-wipefs -fa "${dev}"
-pv images/sdcard.img \
-    | dd of="${dev}" bs=1M conv=sparse oflag=sync
-sync; sync; sync
-sleep 1
-for p in /sys/class/block/${dev##*/}/*/partition; do
-    [ -f "${p}" ] || continue
-    case $(cat "${p}") in
-    1|2)
-        ;;
-    *)
-        p=${p%/*}
-        wipefs -fa /dev/${p##*/}
-        ;;
-    esac
-done

genimage.cfg

@@ -1,41 +0,0 @@
-# vim: set sw=4 ts=4 sts=4 :
-
-image firmware.img {
-	vfat {
-	}
-
-	srcpath = "efi-part"
-	size = 32M
-}
-
-image sdcard.img {
-	hdimage {
-		partition-table-type = hybrid
-		align = 1M
-	}
-
-	partition "EFI System Partition" {
-		partition-type = 0xC
-		partition-type-uuid = "U"
-		bootable = true
-		image = "firmware.img"
-	}
-
-	partition rootfs-a {
-		partition-type-uuid = "L"
-		image = "rootfs.squashfs"
-		size = 512M
-	}
-
-	partition rootfs-b {
-		partition-type-uuid = "L"
-		size = 512M
-	}
-
-	partition dch-data {
-		partition-type-uuid = "L"
-		autoresize = true
-	}
-
-	size = 4G
-}

genimage.sh

@@ -1,31 +0,0 @@
-#!/bin/sh
-# vim: set sw=4 ts=4 sts=4 et :
-
-set -e
-
-cleanup() {
-    if [ -n "${tmproot}" ]; then
-        if [ "${tmproot}" != / ]; then
-            rm -rf "${tmproot}"
-        fi
-        unset tmproot
-    fi
-}
-
-. "${CONFIGDIR:=${PWD}}"/config
-
-O="${1}"
-IMAGESDIR="${2}"
-
-trap cleanup INT TERM QUIT EXIT
-tmproot=$(mktemp -d)
-tmppath=$(mktemp -d)
-
-cd "${O}"
-genimage \
-    --rootpath "${tmproot}" \
-    --tmppath "${tmppath}" \
-    --inputpath "${IMAGESDIR}" \
-    --outputpath "${IMAGESDIR}" \
-    --mkdosfs mkfs.vfat \
-    --config "${OLDPWD}"/genimage.cfg

grub.cfg

@@ -1,19 +0,0 @@
-# vim: set ft=sh :
-# vim: set sw=4 ts=4 sts=4 et:
-
-load_env
-regexp --set 1:disk '(.*),.*' $root
-for dev in ($disk,gpt*); do
-    probe --set partuuid --part-uuid $dev
-    for path in $dev/boot/vmlinuz-*; do
-        if [ -f $path ]; then
-            regexp --set 1:kernel '.*/(vmlinuz-.*)' $path
-            regexp --set 1:kver 'vmlinuz-(.*)' $kernel
-            menuentry "Gentoo Linux $kver on $dev" --class gnu-linux --id "id-$partuuid-$kver" "$dev" "$kernel" $partuuid {
-                set root="$2"
-                linux "/boot/$3" root=PARTUUID=$4 $rootflags
-            }
-        fi
-    done
-done
-

host-tools.packages

@@ -1,9 +0,0 @@
-sec-policy/selinux-base
-sys-apps/policycoreutils
-sys-apps/systemd
-sys-boot/grub
-sys-fs/btrfs-progs
-sys-fs/dosfstools
-sys-fs/genimage
-sys-fs/mtools
-sys-fs/squashfs-tools

install-update.sh

@@ -1,94 +0,0 @@
-#!/bin/sh
-# vim: set sw=4 ts=4 sts=4 et :
-
-. /lib/gentoo/functions.sh
-
-die() {
-    rc=$?
-    if [ $rc -eq 0 ]; then
-        rc=1
-    fi
-    eerror "$@"
-    exit $rc
-}
-
-get_partuuid() {
-    blkid -o value -s PARTUUID "$1"
-}
-
-set_default_boot() {
-    _rc=0
-    mkdir -p newroot || return
-    mount -oro "$1" newroot || return
-    _kernel=$(find newroot/boot -name 'vmlinuz-*' -printf '%P\n' \
-        | sort -V \
-        | tail -n1
-    )
-    _kver=${_kernel#vmlinuz-}
-    _partuuid=$(get_partuuid "$1")
-    _id=id-${_partuuid}-${_kver}
-    ebegin 'Setting default boot entry'
-    veindent
-    veinfo "Menu entry ID: ${_id}"
-    veoutdent
-    grub-editenv /boot/efi/EFI/gentoo/grubenv set "default=${_id}" || _rc=$?
-    eend $_rc
-    umount newroot
-    return $_rc
-}
-
-write_firmware() {
-    _rc=0
-    _esp=$(findfs PARTLABEL='EFI System Partition')
-    if [ -z "${_esp}" ]; then
-        eerror 'Could not identify EFI System Partition'
-        return 1
-    fi
-    if ! mountpoint -q /boot/efi; then
-        mount -o ro "${_esp}" /boot/efi \
-            || ewarn 'Failed to mount EFI System Partition'
-    fi
-    if [ -f /boot/efi/EFI/gentoo/grubenv ]; then
-        ebegin 'Saving current GRUB environment'
-        cp /boot/efi/EFI/gentoo/grubenv .
-        ewend $? 'Failed to save GRUB environment'
-    fi
-    if mountpoint -q /boot/efi; then
-        umount /boot/efi || return
-    fi
-    ebegin "Writing firmware image to EFI System Partition (${_esp})"
-    dd if=firmware.img of="${_esp}" bs=1M || _rc=$?
-    if [ $_rc -eq 0 ]; then
-        mount -orw "${_esp}" /boot/efi || rc=$?
-    fi
-    if [ $_rc -eq 0 ]; then
-        if [ -f grubenv ]; then
-            ebegin 'Restoring GRUB environment'
-            cp grubenv /boot/efi/EFI/gentoo/grubenv || _rc=$?
-            eend $_rc
-        fi
-    fi
-    return $_rc
-}
-
-write_rootfs() {
-    _rc=0
-    ebegin "Writing rootfs image to $1"
-    dd if=rootfs.squashfs of="$1" bs=1M || _rc=$?
-    eend $_rc
-}
-
-rc=0
-newroot="$1"
-
-write_rootfs "${newroot}" || die 'Failed to write new rootfs image to disk'
-write_firmware || die 'Failed to write new firmware image to disk'
-if ! set_default_boot "${newroot}"; then
-    rc=$?
-    eerror 'Failed to set default boot option'
-fi
-
-if [ $rc -eq 0 ]; then
-    einfo 'Successfully installed update'
-fi
-exit $rc

install.packages

@@ -1,6 +1,4 @@
-net-misc/openssh
+acct-group/nginx
-net-misc/wget
+acct-user/nginx
-sec-policy/selinux-aimee-os
+app-backup/burp
-sys-apps/busybox
+app-containers/podman
-sys-apps/systemd
-sys-fs/btrfs-progs

ocivm.sh

@@ -1,23 +0,0 @@
-#!/bin/sh
-
-set -e
-
-. "${CONFIGDIR:=${PWD}}"/config
-
-name=build_yellow
-if ! ocivm list | grep -q localhost/cross-${target}; then
-    ocivm import localhost/cross-${target}
-fi
-ocivm \
-    --log-level DEBUG \
-    run \
-    -n ${name} \
-    -w /tmp/src \
-    -v "${PWD}":/tmp/src \
-    -v distfiles:/var/cache/distfiles:size=4G \
-    -v packages:/var/cache/binpkgs \
-    -v portage:/var/db/repos/gentoo:size=4G \
-    --tmpfs /usr/aarch64-unknown-linux-gnu/tmp \
-    --tmpfs /var/tmp \
-    localhost/cross-aarch64-unknown-linux-gnu \
-    "$@"

overlay/etc/fstab

@@ -1 +0,0 @@
-PARTLABEL=dch-data /var btrfs subvol=var,nosuid,noexec,nodev 0 2

overlay/etc/locale.conf

@@ -1 +0,0 @@
-LANG=en_US.UTF-8

overlay/etc/locale.gen

@@ -1 +0,0 @@
-en_US.UTF-8 UTF-8

overlay/etc/resolv.conf

@@ -1 +0,0 @@
-../run/systemd/resolve/resolv.conf

overlay/etc/selinux/config

@@ -1,15 +0,0 @@
-# This file controls the state of SELinux on the system on boot.
-
-# SELINUX can take one of these three values:
-#	enforcing - SELinux security policy is enforced.
-#	permissive - SELinux prints warnings instead of enforcing.
-#	disabled - No SELinux policy is loaded.
-SELINUX=enforcing
-
-# SELINUXTYPE can take one of these four values:
-#	targeted - Only targeted network daemons are protected.
-#	strict   - Full SELinux protection.
-#	mls      - Full SELinux protection with Multi-Level Security
-#	mcs      - Full SELinux protection with Multi-Category Security 
-#	           (mls, but only one sensitivity level)
-SELINUXTYPE=mcs

overlay/etc/ssh/sshd_config

@@ -1,16 +0,0 @@
-PasswordAuthentication no
-
-UsePAM yes
-PrintMotd no
-PrintLastLog no
-
-Subsystem	sftp	/usr/lib64/misc/sftp-server
-
-AcceptEnv LANG LC_ALL LC_COLLATE LC_CTYPE LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME LANGUAGE LC_ADDRESS LC_IDENTIFICATION LC_MEASUREMENT LC_NAME LC_PAPER LC_TELEPHONE
-AcceptEnv COLORTERM
-
-HostKey /var/lib/ssh/ssh_host_rsa_key
-HostKey /var/lib/ssh/ssh_host_ecdsa_key
-HostKey /var/lib/ssh/ssh_host_ed25519_key
-
-Include /etc/ssh/sshd_config.d/*.conf

overlay/etc/ssh/sshd_config.d/authorized-keys-command.conf

@@ -1,2 +0,0 @@
-AuthorizedKeysCommand /usr/libexec/ssh-authorized-keys %u %t
-AuthorizedKeysCommandUser nobody

overlay/etc/systemd/network/90-default.network

@@ -1,5 +0,0 @@
-[Match]
-Type=ether
-
-[Network]
-DHCP=yes

overlay/usr/bin/factory-reset

@@ -1,27 +0,0 @@
-#!/bin/sh
-# vim: set sw=4 ts=4 sts=4 et :
-
-. /lib/gentoo/functions.sh
-
-confirm() {
-    unset _confirm
-    printf '%s [y/N] ' "${1-Do you want to continue?}"
-    read _confirm
-    case "${_confirm}" in
-    [Yy]|[Yy][Ee][Ss])
-        return 0
-        ;;
-    *)
-        return 1
-        ;;
-    esac
-}
-
-printf "${WARN}"
-printf 'This operation will COMPLETELY ERASE all data and information '
-printf 'stored on this system!\n'
-printf "${NORMAL}"
-confirm || exit 9
-ewarn 'The system will now reboot and wipe all data.'
-systemctl enable --runtime factory-reset.service
-systemctl reboot

overlay/usr/bin/set-root-password

@@ -1,56 +0,0 @@
-#!/bin/sh
-# vim: set sw=4 ts=4 sts=4 et :
-
-if [ -z "${_UNSHARED}" ]; then
-    export _UNSHARED=1
-    exec unshare -m "$0" "$@"
-fi
-unset _UNSHARED
-
-cleanup() {
-    if is_mount -q /etc; then
-        umount -R /etc
-    fi
-    if [ -n "${tmpdir}" ] && [ "${tmpdir}" != / ]; then
-        if is_mount "${tmpdir}"; then
-            umount -R "${tmpdir}"
-        fi
-        rm -rf "${tmpdir}"
-    fi
-    unset tmpdir
-}
-
-is_mount() {
-    awk '
-        BEGIN { rc = 1 }
-        $5 == "'"${1}"'" { rc = 0 }
-        END { exit rc }
-    ' /proc/self/mountinfo
-}
-
-tmpdir=$(mktemp -d)
-trap 'cleanup' INT QUIT TERM EXIT
-mount \
-    -t tmpfs \
-    -o private,rootcontext=system_u:object_r:etc_t:s0 \
-    tmpfs \
-    "${tmpdir}" \
-    || exit
-
-mkdir -p \
-    "${tmpdir}"/etc \
-    "${tmpdir}"/etc/pam.d \
-    "${tmpdir}"/etc/security \
-    "${tmpdir}"/etc/selinux \
-    || exit
-cp -a /etc/passwd /etc/shadow "${tmpdir}"/etc || exit
-mount -o bind /etc/pam.d "${tmpdir}"/etc/pam.d || exit
-mount -o bind /etc/security "${tmpdir}"/etc/security || exit
-mount -o bind /etc/selinux "${tmpdir}"/etc/selinux || exit
-mount --rbind "${tmpdir}"/etc /etc || exit
-
-passwd || exit
-
-mv /etc/shadow "${tmpdir}"/shadow || exit
-umount -R /etc || exit
-cat "${tmpdir}"/shadow > /etc/shadow || exit

overlay/usr/bin/system-update

@@ -1,135 +0,0 @@
-#!/bin/sh
-# vim: set sw=4 ts=4 sts=4 et :
-
-cleanup() {
-    cd /
-    if [ -n "${workdir}" ] && [ "${workdir}" != / ]; then
-        rm -rf "${workdir}"
-    fi
-    unset workdir
-}
-
-die() {
-    rc=$?
-    if [ $rc -eq 0 ]; then
-        rc=1
-    fi
-    error "$@"
-    exit $rc
-}
-
-error() {
-    if [ $# -eq 1 ]; then
-        echo "$1" >&2
-    elif [ $# -gt 1 ]; then
-        printf "$@" >&2
-    fi
-}
-
-extract_update() {
-    zstd -dc update.tar.zstd | tar -x \
-        || die 'Could not extract update source'
-    sha256sum -c digests \
-        || die 'Invalid update source: checksum mismatch'
-}
-
-fetch_update() {
-    wget -O update.tar.zstd "$1"
-}
-
-get_root() {
-    set -- $(cat /proc/cmdline)
-    while [ $# -gt 0 ]; do
-        case "$1" in
-            root=*)
-                _root=${1#root=}
-                ;;
-        esac
-        shift
-    done
-    echo $(findfs "${_root}")
-}
-
-get_partlabel() {
-    blkid -o value -s PARTLABEL "$1"
-}
-
-help() {
-    usage
-}
-
-info() {
-    if [ $# -eq 1 ]; then
-        echo "$1" >&2
-    elif [ $# -gt 1 ]; then
-        printf "$@" >&2
-    fi
-}
-
-usage() {
-    printf 'usage: %s source_url\n' "${0##*/}"
-}
-
-while [ $# -gt 0 ]; do
-    case "$1" in
-    --help)
-        help
-        exit 0
-        ;;
-    *)
-        if [ -z "${source_url}" ]; then
-            source_url="$1"
-        else
-            usage >&2
-            exit 2
-        fi
-        ;;
-    esac
-    shift
-done
-
-if [ -z "${source_url}" ]; then
-    usage >&2
-    exit 2
-fi
-
-root=$(get_root)
-partlabel=$(get_partlabel "${root}")
-
-case "${partlabel}" in
-rootfs-a)
-    newpartlabel=rootfs-b
-    ;;
-rootfs-b)
-    newpartlabel=rootfs-a
-    ;;
-*)
-    die \
-        'Unsupported system configuration: invalid rootfs partition label: %s\n' \
-        "${partlabel}" >&2
-esac
-newroot=$(findfs PARTLABEL="${newpartlabel}")
-if [ -z "${newroot}" ]; then
-    die 'Could not find partition with label %s\n' "${partlabel}"
-fi
-info 'Current rootfs: %s (%s)\n' "${partlabel}" "${root}"
-info 'New rootfs: %s (%s)\n' "${newpartlabel}" "${newroot}"
-
-trap cleanup INT TERM QUIT EXIT
-workdir=$(mktemp -d)
-cd "${workdir}"
-
-fetch_update "${source_url}" || die 'Failed to fetch update source'
-extract_update || die 'Failed to extact update source'
-./install "${newroot}" || die 'Error installing system update'
-
-printf 'Do you want to reboot now? [y/N] '
-read confirm
-case "${confirm}" in
-[yY]|[yY][eE][sS])
-    systemctl reboot
-    ;;
-*)
-    info 'A reboot is required to complete the update'
-    ;;
-esac

overlay/usr/lib/firmware/brcm/brcmfmac43455-sdio.raspberrypi,4-compute-module-ha-yellow.bin.xz

@@ -1 +0,0 @@
-../cypress/cyfmac43455-sdio.bin.xz

overlay/usr/lib/firmware/brcm/brcmfmac43455-sdio.raspberrypi,4-compute-module-ha-yellow.txt.xz

@@ -1 +0,0 @@
-brcmfmac43455-sdio.raspberrypi,4-model-b.txt.xz

overlay/usr/lib/systemd/system-preset/80-local-default.preset

@@ -1,19 +0,0 @@
-enable auditd.service
-
-enable restorecon.service
-
-disable ldconfig.service
-
-disable systemd-userdbd.service
-disable systemd-userdbd.socket
-
-enable systemd-networkd-wait-online.service
-enable systemd-networkd.service
-enable systemd-networkd.socket
-
-#enable systemd-time-wait-sync.service
-
-disable getty@.service
-
-enable sshd.socket
-enable ssh-keygen.target

overlay/usr/lib/systemd/system/auditd.service.d/augenrules.conf

@@ -1,5 +0,0 @@
-[Service]
-# Do not run augenrules; read audit rules from the audit.rules file as
-# it exists already.  Audit rules are generated at build time.
-ExecStartPost=
-ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules

overlay/usr/lib/systemd/system/factory-reset.service

@@ -1,13 +0,0 @@
-[Unit]
-Description=Perform a factory reset
-DefaultDependencies=no
-After=umount.target
-Before=systemd-reboot.service
-
-[Service]
-Type=oneshot
-ExecStart=/usr/libexec/factory-reset
-StandardOutput=kmsg+console
-
-[Install]
-WantedBy=final.target

overlay/usr/lib/systemd/system/init-storage.service

@@ -1,15 +0,0 @@
-[Unit]
-Description=Initialize persistent data storage
-DefaultDependencies=no
-Before=local-fs-pre.target
-After=systemd-journald.service
-After=systemd-remount-fs.service
-After=systemd-sysctl.service
-After=systemd-udev-trigger.service
-
-[Service]
-Type=oneshot
-ExecStart=/usr/libexec/init-storage
-StandardInput=null
-StandardOutput=journal+console
-StandardError=journal+console

overlay/usr/lib/systemd/system/ssh-keygen.target

@@ -1,7 +0,0 @@
-[Unit]
-Wants=ssh-keygen@rsa.service
-Wants=ssh-keygen@ecdsa.service
-Wants=ssh-keygen@ed25519.service
-
-[Install]
-WantedBy=multi-user.target

overlay/usr/lib/systemd/system/ssh-keygen@.service

@@ -1,11 +0,0 @@
-[Unit]
-Description=Generate SSH %I host key
-ConditionPathExists=!%S/ssh/ssh_host_%I_key
-
-[Service]
-Type=oneshot
-StateDirectory=ssh
-ExecStart=/usr/bin/ssh-keygen -t %I -f %S/ssh/ssh_host_%I_key -N ''
-
-[Install]
-WantedBy=sshd-keygen.target

overlay/usr/lib/systemd/system/sysinit.target.wants/init-storage.service

@@ -1 +0,0 @@
-../init-storage.service

overlay/usr/lib/systemd/system/systemd-tmpfiles-setup.service.d/force-subvol.conf

@@ -1,2 +0,0 @@
-[Service]
-Environment=SYSTEMD_TMPFILES_FORCE_SUBVOL=1

overlay/usr/libexec/factory-reset

@@ -1,11 +0,0 @@
-#!/bin/sh
-# vim: set sw=4 ts=4 sts=4 et :
-
-DATAPART=$(awk '$2=="/var"{print $1}' /etc/fstab)
-
-dev=$(findfs "${DATAPART}")
-if [ -z "${dev}" ]; then
-    printf 'Could not find data partition (%s)\n' "${DATAPART}" >&2
-    exit 1
-fi
-wipefs -fa "${dev}"

overlay/usr/libexec/init-storage

@@ -1,180 +0,0 @@
-#!/bin/sh
-# vim: set sw=4 ts=4 sts=4 et :
-
-SUBVOLUMES='
-    /var
-    /var/log
-    /var/tmp
-    /etc
-'
-
-cleanup() {
-    if [ -n "${tmpdir}" ] && [ "${tmpdir}" != / ]; then
-        if mountpoint -q "${tmpdir}"; then
-            umount "${tmpdir}"
-        fi
-        rm -rf "${tmpdir}"
-        unset tmpdir
-    fi
-}
-
-copy_var() {
-    dev="$1"
-
-    echo 'Copying /var contents to data volume'
-    mount -o subvol=var "${dev}" "${tmpdir}" || exit
-    cp -acuv /var/. "${tmpdir}" || exit
-    umount "${tmpdir}"
-}
-
-format_dev() {
-    dev="$1"
-    partno=$(partition_number "${dev}")
-    if [ -n "${partno}" ]; then
-        disk="$(get_disk "${dev}")"
-        if [ -n "${disk}" ]; then
-            printf 'Resizing partition %d on disk %s\n' \
-                "${partno}" \
-                "${disk}" \
-                >&2
-            resize_partition "${disk}" "${partno}"
-        else
-            printf 'Could not find disk for device %s\n' \
-                "${dev}" \
-                >&2
-        fi
-    fi
-
-    printf 'Creating BTRFS filesystem on %s\n' "${dev}"
-    mkfs.btrfs "${dev}" || exit
-
-    mount "${dev}" "${tmpdir}" || exit
-    for vol in ${SUBVOLUMES}; do
-        mkdir -p "${tmpdir}${vol%/*}" || exit
-        btrfs subvolume create "${tmpdir}${vol}" || exit
-    done
-    relabel_all
-    umount "${dev}" || exit
-}
-
-get_disk() {
-    _syspath=/sys/class/block/${1##*/}
-    [ -d "${_syspath}" ] || return 1
-    if [ ! -f "${_syspath}"/partition ]; then
-        readlink -f "${1}"
-        return $?
-    fi
-    _disk=$(readlink -f "${_syspath}"/..)
-    if [ -n "${_disk}" ]; then
-        printf '/dev/%s\n' "${_disk##*/}"
-        return 0
-    fi
-    return 1
-}
-
-has_fs() {
-    dev="$1"
-    fstype=$(blkid -o value -s TYPE "${dev}")
-    [ -n "${fstype}" ]
-}
-
-last_partition() {
-    cat /sys/class/block/"${1##*/}"/*/partition \
-        | sort -n \
-        | tail -n1
-}
-
-partition_number() {
-    cat /sys/class/block/${1##*/}/partition
-}
-
-relabel_all() {
-    selinuxtype=$(. /etc/selinux/config && echo ${SELINUXTYPE})
-    find "${tmpdir}" | \
-    setfiles \
-        -v \
-        -F \
-        -m \
-        -r "${tmpdir}" \
-        -s \
-        /etc/selinux/${selinuxtype}/contexts/files/file_contexts
-}
-
-resize_partition() {
-    _disk="${1}"
-    _part="${2}"
-    _lastpart=$(last_partition "${_disk}")
-    if [ "${_part}" -ne "${_lastpart}" ]; then
-        printf 'Cannot resize %s, it is not the last partition on the disk\n' \
-            "${_dev}" \
-            >&2
-        return 1
-    fi
-    _uuid=$(sfdisk --part-uuid "${_disk}" "${_part}") || return $?
-    _type=$(sfdisk --part-type "${_disk}" "${_part}") || return $?
-    _label=$(sfdisk --part-label "${_disk}" "${_part}") || return $?
-    sfdisk --delete "${_disk}" "${_part}" || return $?
-    printf 'type=%s, uuid=%s, name="%s"\n' \
-        "${_type}" \
-        "${_uuid}" \
-        "${_label}" \
-        | sfdisk -N "${_part}" "${_disk}" --force \
-        || return $?
-    partx -u "${_disk}"
-}
-
-setup_etc() {
-    dev="$1"
-
-    echo 'Initializing writable paths in /etc'
-    mount -o subvol=etc "${dev}" "${tmpdir}" || exit
-    if [ ! -f "${tmpdir}"/shadow ]; then
-        cp -ca /etc/shadow "${tmpdir}"/shadow || exit
-    fi
-    mount -o bind "${tmpdir}"/shadow /etc/shadow || exit
-    if [ -f /etc/aimee-os/writable-etc ]; then
-        while read type path; do
-            if [ ! -e "${tmpdir}/${path}" ]; then
-                if [ -e /etc/"${path}" ]; then
-                    case "${path}" in
-                    */*)
-                        mkdir -p "${tmpdir}/${path%/*}"
-                        ;;
-                    esac
-                    cp -ca /etc/"${path}" "${tmpdir}/${path}"
-                elif [ "${type}" = d ]; then
-                    mkdir -p "${tmpdir}/${path}"
-                elif [ "${type}" = f ]; then
-                    : > "${tmpdir}/${path}"
-                else
-                    printf 'Invalid path type %s for %s\n' \
-                        "${type}" \
-                        "${path}" \
-                        >&2
-                    continue
-                fi
-            fi
-            mount -o bind "${tmpdir}/${path}" /etc/"${path}"
-        done < /etc/aimee-os/writable-etc
-    fi
-    umount "${tmpdir}"
-}
-
-datapart=$(findfs $(awk '$2=="/var"{print $1}' /etc/fstab))
-if [ -b "${datapart}" ]; then
-    printf 'Found data partition: %s\n' "${datapart}"
-else
-    echo 'Could not identify data partition' >&2
-    exit 1
-fi
-
-trap cleanup INT TERM QUIT EXIT
-tmpdir=/run/storinit
-mkdir -p "${tmpdir}"
-
-if ! has_fs "${datapart}"; then
-    format_dev "${datapart}"
-fi
-
-setup_etc "${datapart}"
-copy_var "${datapart}"

overlay/usr/libexec/ssh-authorized-keys

@@ -1,4 +0,0 @@
-#!/bin/sh
-# vim: set sw=4 ts=4 sts=4 et :
-
-exec wget -q -O - https://sshkeys.pyrocufflink.blue/"$1"/"$2".pub

patches/ebuilds/app-containers/conmon/bdepend-go-md2man.patch

@@ -1,13 +0,0 @@
---- a/conmon-2.1.6.ebuild	2023-02-22 01:40:17.000000000 -0000
-+++ b/conmon-2.1.6.ebuild	2023-03-17 15:27:37.119865995 -0000
-@@ -18,8 +18,8 @@
- RDEPEND="dev-libs/glib:=
- 	sys-libs/libseccomp
- 	systemd? ( sys-apps/systemd:= )"
--DEPEND="${RDEPEND}
--	dev-go/go-md2man"
-+DEPEND="${RDEPEND}"
-+BDEPEND="dev-go/go-md2man"
- 
- src_prepare() {
- 	default

patches/ebuilds/app-containers/conmon/cross-pkg-config.patch

@@ -1,11 +0,0 @@
---- a/conmon-2.1.6.ebuild	2023-03-16 15:02:17.213375763 -0000
-+++ b/conmon-2.1.6.ebuild	2023-03-16 15:02:46.337375763 -0000
-@@ -34,7 +34,7 @@
- }
- 
- src_compile() {
--	tc-export CC
-+	tc-export CC PKG_CONFIG
- 	emake GIT_COMMIT="v${PV}" \
- 		all
- }

patches/ebuilds/app-containers/podman/go-md2man.patch

@@ -1,13 +0,0 @@
---- a/podman-4.4.1.ebuild	2023-03-22 01:23:44.252387512 -0000
-+++ b/podman-4.4.1.ebuild	2023-03-22 01:36:23.424387512 -0000
-@@ -37,8 +37,8 @@
- 	selinux? ( sys-libs/libselinux:= )
- "
- DEPEND="
--	${COMMON_DEPEND}
--	dev-go/go-md2man"
-+	${COMMON_DEPEND}"
-+BDEPEND="dev-go/go-md2man"
- RDEPEND="${COMMON_DEPEND}
- 	fuse? ( sys-fs/fuse-overlayfs )
- 	selinux? ( sec-policy/selinux-podman )"

patches/ebuilds/app-containers/podman/tc-export.patch

@@ -1,11 +0,0 @@
---- a/podman-4.4.1-r1.ebuild	2023-03-23 16:15:10.845405285 -0000
-+++ b/podman-4.4.1-r1.ebuild	2023-03-23 16:15:54.433405285 -0000
-@@ -60,6 +60,8 @@
- 	has_version -b '>=dev-lang/go-1.13.9' || makefile_sed_args+=(-e 's:GO111MODULE=off:GO111MODULE=on:')
- 
- 	sed "${makefile_sed_args[@]}" -i Makefile || die
-+
-+        tc-export CC LD
- }
- 
- src_compile() {

patches/ebuilds/sys-boot/grub/no-efibootmgr.patch

@@ -1,14 +0,0 @@
-diff -ruN a/grub-2.06-r5.ebuild b/grub-2.06-r5.ebuild
---- a/grub-2.06-r5.ebuild	2023-02-07 10:43:00.106060206 -0600
-+++ b/grub-2.06-r5.ebuild	2023-02-07 10:43:21.884298259 -0600
-@@ -128,10 +128,6 @@
- 	ppc64? ( >=sys-apps/ibm-powerpc-utils-1.3.5 )
- "
- RDEPEND="${DEPEND}
--	kernel_linux? (
--		grub_platforms_efi-32? ( sys-boot/efibootmgr )
--		grub_platforms_efi-64? ( sys-boot/efibootmgr )
--	)
- 	!sys-boot/grub:0
- 	nls? ( sys-devel/gettext )
- "

podman-build.sh

@@ -1,13 +0,0 @@
-#!/bin/sh
-# vim: set sw=4 ts=4 sts=4 et :
-
-set -e
-
-cid=$(./start-container.sh)
-
-./patch-uboot.sh
-
-podman exec -it ${cid} make
-
-podman stop ${cid}
-podman rm ${cid}