- in preparation for tightening the shellcheck severity level
- it needs to be able to follow all sources; dynamic ones are ignored, static ones need root-relative prefix
* reload-or-restart ssh prevents botching if sshd is started by a systemd socket
* restart ssh prevents botching if sshd is started by a systemd socket
* move sshd activation from ssh.service to ssh.socket:
- more realiable, avoids possible race condition on first boot
- supplementary to PR#6586 - and commits ffee50a8a6 and 6725032191
* Add display_alert explaining the change in SSH activation
* main-config: fix: avoid errors when BRANCH contains a dash; convert to underscore
* rockchip64_common: shellfmt, no changes
* rockchip64_common: move SERIALCON defaulting logic to a (verbose) hook for flexibility
* config: allow to build BRANCHes not listed in KERNEL_TARGET as long as the config is valid
- useful for `collabora` and other experimental kernels, we don't want to have to add it to each individual board's KERNEL_TARGES one by one
- but we don't want to allow typos in BRANCH to emit very strange unrelated errors
* extensions: mesa-oibaf extension by @monkaBlyat - mainline mesa PPA for Ubuntu
- does nothing on Debian
* extensions: (v3) amazingfated-rk35xx, now `rk-multimedia-amazingfate` - panfork-free
- simply skips if not on Jammy
- deploys Chromium + Widevine if desktop
* rockchip-rk3588: introduce `vendor-boogie-panthor` experimental BRANCH/kernel
- original: https://github.com/hbiyik/linux-rockchip.git (branch `rk-6.1-rkr1-panthor-v6`)
- I picked the commits on top of clean armbian/linux-rockchip `6.1-rkr1` as of 2024-04-01
- At https://github.com/rpardini/armbian-linux-rockchip-rk3588/tree/armbian-rk-6.1-rkr1-plus-boogie-panthor-v6
- Diff: https://github.com/armbian/linux-rockchip/compare/rk-6.1-rkr1...rpardini:armbian-linux-rockchip-rk3588:armbian-rk-6.1-rkr1-plus-boogie-panthor-v6
- rockchip-rk3588: introduce `boogie-bsp` BRANCH
- rockchip-rk3588: copy linux-rk35xx-vendor.config into linux-rk35xx-boogie-bsp.config
- rockchip-rk3588: update linux-rk35xx-boogie-bsp.config, no changes
- rockchip-rk3588: linux-rk35xx-boogie-bsp.config: `CONFIG_DRM_PANTHOR=m`
- rockchip-rk3588: linux-rk35xx-boogie-bsp.config: convert to defconfig
- rockchip-rk3588: rename to `BRANCH=vendor-boogie-panthor` for "clarity" (lol)
- rockchip-rk3588: vendor-boogie-panthor: force SERIALCON, full firmware (for blob needed for panthor) & mesa-oibaf extension
- rockchip-rk3588: vendor-boogie-panthor: enable amazingfated-rk35xx extension sans-panfork
- `DEBOOTSTRAP_DIR` must be set during the 1st stage, but NOT the second stage
- latest devel versions might be missing scripts for old releases; just symlink to the default one if so
- this hopefully should _end_ the debootstrap madness we've been handling, at least until we get around to mmdebstrap (Perl) one day
Sometimes we need to fix minor issues like changing the key or fixing other small problem on live OS. We can ship this as a part of BSP package, but its handling should be made easy.
This downloads script from CDN, verify its signature and executes after apt upgrade starts installing packages.
* Record patch output to syslog
* Enable armbian-live-patch as additional service and run patch mechanism at startup
* Additional security check
> tl-dr:
> - maximize OCI cache hit ratio across nightlies/releases/PRs/etc;
> - publish simple `Version:`'s that don't include a crazy hash in repo and images
> - introduce `output/packages-hashed` directory
> - radically change the `output/debs` directory structure
- simplify artifact's `prepare_version()` method for `deb` and `deb-tar` artifacts:
- `artifact_base_dir` and `artifact_final_file` will now be auto-calculated; thus removed from each artifact (except `rootfs`)
- `artifact_deb_repo` ("global", "jammy", "bookworm") is now required; "global" means common across all RELEASES
- `artifact_deb_arch` is now required, "all" is arch-independent, otherwise use `${ARCH}`
- `artifact_map_debs` is now auto-calculated based on the above, and shouldn't be specified manually
- `artifact_final_version_reversioned` is optional, and can force the final version of the artifact (specific for the `base-files` case)
- artifacts that need special handling for reversioning can add function names to `artifact_debs_reversion_functions` array (`base-files` and `bsp-cli` cases)
- artifacts `prepare_version()` should set `artifact_version`, but _never_ include it in other variables; `artifact_version` is now changed by framework after `prepare_version()` returns
- no longer use/refer/mention `${REVISION}` when building packages. All packages should be `${REVISION}`-agnostic.
- `${REVISION}` (actually, `artifact_final_version_reversioned`) will be automatically swapped in the `control` file during reversioning
- `fakeroot_dpkg_deb_build()` now takes exactly two arguments: the directory to pack, and the deb ID (key of `artifact_map_packages` dict); add this change in all the artifact's code for this
- `obtain_complete_artifact()`:
- automatically adds `-Rxxxx` "revisioning-hash" to `artifact_version`, by hashing the revisioning functions and any `artifact_debs_reversion_functions` set
- calculates more complex subdirectory paths for both the `output/packages-hashed` and `output/debs`/`output/debs-beta` directories
- with the new subdirectories we can be sure a re-version is already done correctly and can skip it (eg, for partial `download-debs` re-runs)
- in the future we can automatically clean/remove old versions that are no longer relevant based on the dir structure
- exports a lot more information to JSON, including the new subdirectory paths
- comment-out code that implemented `skip_unpack_if_found_in_caches`, I'm very unsure why we had this in the first place
- `obtain_artifact_from_remote_cache()`
- for `deb` type artifacts, OCI won't preserve the subdirectory structure, so move downloaded files to the correct subdirectory manually
- this is not needed for `deb-tar`, since that can preserve the dir structure itself
- introduce `artifacts-reversion.sh` and its main function `artifact_reversion_for_deployment()`
- this has the logic for reversioning .deb's, by `ar`-unpacking them, changing `control.tar` (and possibly `data.tar`), handling `.xz` compression, etc.
- also handles hashing those functions, for consistency. Any changes in reversioning code actually change the artifact itself so we're not caught by surprise
- by default, it changes `control` file only:
- replace `Version:` (which is the hash-version originally) with `artifact_final_version_reversioned` (which is mostly just `${REVISION}`)
- add a custom field `Armbian-Original-Hash:` with the original hash-version
- `artifact_reversion_for_deployment()` is called by
- new CLI wrapper `cli_obtain_complete_artifact()`, used for CLI building of specific artifact, but also for `download-artifact`
- `build_artifact_for_image()` used during image build
- `armbian-bsp-cli-deb.sh`: move `${REVISION}` related stuff from the main package build to new reversioning functions.
- `artifact-armbian-base-files.sh`: move `${REVISION}` related stuff from the main package build to new reversioning functions.
- `kernel`:
- add some custom fields to `DEBIAN/control`:
- `Armbian-Kernel-Version:` / `Armbian-Kernel-Version-Family:` (for future use: cleanup of usage of `Source: ` field which should be removed)
- declutter the `Description:` field, moving long description out of the first line
- obtain `IMAGE_INSTALLED_KERNEL_VERSION` from the reversioned deb (this is still a hack and has not been fixed)
- `uboot`:
- declutter the `Description:` field, moving long description out of the first line
- use the reversioned .deb when deploying u-boot to the image
- `main_default_build_packages()` now stores reversioned values and complete paths to reversioned .deb's
- `list_installed_packages()` now compares custom field `Armbian-Original-Hash: `, and not the `Version:` to make sure debs in the image are the ones we want
- `install_artifact_deb_chroot()` is a new wrapper around `install_deb_chroot()` for easy handling of reversioned debs
- use it everywhere `install_deb_chroot()` was used in `distro-agnostic.sh` and `distro-specific.sh`
- split `image` apt .list deployment into `image-early` (after rootfs extract, before building) and `image-late` (after building)
- rationale: having the repo enabled during the image build can cause 'apt upgrade' and others to do inconsistent stuff depending on the (possibly random) state of the repo
- bsp-cli: now depends on `base-files (>= ${REVISION})`, this way upgrading the bsp-cli causes our base-files to be installed
- bsp-cli no longer does gymnastics with /etc/os-release et al, all done in armbian-base-files now
- general/apt-utils.sh: introduce `apt_find_upstream_package_version_and_download_url()`
- base-files: add release to version, in order to comply with repo restrictions (valid repos can't have two different debs with same name and version, md5 must match)
- rationale: we don't want an eternal chicken-egg problem with rootfs vs repo.
- but, desktop rootfs require some parts of repo. case in point: `system-monitoring-center`
- so only add certain components of repo (-desktop, -utils) to rootfs so that is honored
- introduce `custom_apt_repo()` hook for extensions to add their repos as well
- same chicken-egg-avoiding is possible via param `CUSTOM_REPO_WHEN`
