Commit Graph

271 Commits

Author SHA1 Message Date
Cyril Brulebois 74be632539 Delete raspi3-firmware tweaks.
raspi3-firmware was buster-only.
2023-06-13 21:19:49 +02:00
Cyril Brulebois 5a28d3fe99 Simplify raspi-firmware management.
raspi3-firmware was buster-only.
2023-06-13 21:18:01 +02:00
Cyril Brulebois 1b8275894e Simplify security suite management.
All supported suites (bullseye+) are using the new naming scheme.
2023-06-13 21:16:31 +02:00
Cyril Brulebois d43ee7b1b8 Delete support for buster.
Bookworm was just released, bullseye is now oldstable, and buster is now
oldoldstable. It doesn't seem to be worth it to keep building images for
it, so let's drop support for it right away.
2023-06-13 21:09:47 +02:00
Cyril Brulebois 36ad6638a9 Add basic support for trixie.
In passing: the _clean_yaml target should definitely leverage
BUILD_RELEASES instead of duplicating it.
2023-06-13 21:02:39 +02:00
Diederik de Haas cfce727f4b Merge branch 'increase-image-size' into 'master'
Increase image size to 2.5GB

See merge request raspi-team/image-specs!76
2022-12-21 23:33:25 +00:00
Diederik de Haas c125c400db
Increase image size to 2.5GB
The builds on Bookworm for RPi 3 & 4 fail because there wasn't enough
free space to continue package installation.
2022-12-22 00:15:40 +01:00
Diederik de Haas 9dde6e09e0 Merge branch 'fix-machine-id' into 'master'
Fix /etc/machine-id generation for first-boot

Closes #52

See merge request raspi-team/image-specs!75
2022-12-08 17:51:06 +00:00
Diederik de Haas d8e23c6a30
Fix /etc/machine-id generation for first-boot
In Bullseye and later, the `/etc/machine-id` file needs to have the
value `uninitialized` for it to be recognized as first boot and
therefor trigger the generation of a new machine-id.

Fixes: #52
2022-12-08 18:37:12 +01:00
Diederik de Haas 31224b7907 Merge branch 'resize-rootfs-improvements' into 'master'
Several rpi-resizerootfs improvements

See merge request raspi-team/image-specs!73
2022-12-08 17:16:25 +00:00
Diederik de Haas 8fbe0ac9e3
Recheck the root filesystem after expanding it.
Checking the root filesystem before mounting it is always a good idea.
But after changing the root filesystem, it is especially important to
(re-)check it to ensure everything went fine. So add that check.
2022-12-01 18:30:28 +01:00
Diederik de Haas 82dfcf25ff
Explicitly copy 'fsck*' into the initramfs
While fsck.ext4 and fsck.vfat are part of the initramfs, it turns out
that fsck itself isn't!
While it normally gets included in the initramfs, for some reason that
doesn't happen with our image creation, so it isn't available on first
boot, so explicitly copy 'fsck' so that it will be included.
For that to work, 'logsave' is needed too, so include that as well.

During boot up, initramfs wants to check the filesystems and it does so
via `fsck`, which then (presumably) checks the filesystem being used
and calls the appropriate fsck.* to do the actual checking.
But when `fsck` itself isn't available you get the following warning:
"Warning: fsck not present, so skipping root file system"
When it is available, you'll get a message like this:
"Begin: Will now check root file system ... fsck from util-linux 2.38.1"

Let's also follow our own advise and not *assume* the needed fsck
programs are present in initramfs, but add them explicitly.

Now we can start the resize operations while knowing the current
filesystem is in a proper/clean state.
2022-12-01 18:29:17 +01:00
Diederik de Haas 205dc21718
Document and complete rpi-resizerootfs hook
The main trigger was a missing program in the initramfs, which probably
everyone assumed was there ... but wasn't. (See next commit ...)

So instead list every program that we need/call, so that we *know* that
that program is included in the initramfs.
Also document this new 'policy'.

Also group the programs by the package which has them and sort the list
alphabetically by the package names.
2022-11-15 15:46:38 +01:00
Diederik de Haas 1b194afcc9
Fix bug introduced when 'fixing' SC2086 (quotes)
The 'ROOTFLAGS' parameter should NOT be quoted as it then introduces an
(empty) extra argument to 'mount', causing a boot failure.
Thanks to 'mjt' for the help and identifying the issue.

Lessons learned:
1) Don't blindly follow the *suggestions* that shellcheck makes
2) Test your changes (properly) before submitting/merging them

ad 1) I find shellcheck a very useful tool, but it doesn't (and likely
can't) understand the full context. The developer does (or should) and
should evaluate each suggestion whether it's applicable in this case.

ad 2) This should've been obvious and certainly for me.
I'm normally very dilligent and test all my changes, but I got sloppy
this time and did not. With logical consequences.
2022-11-15 15:17:40 +01:00
Diederik de Haas 422832740b
Fix shellcheck issue SC2086 (quotes)
SC2086: Double quote to prevent globbing and word splitting.

Also remove it from the exclude list in the CI config file.
2022-11-14 22:38:56 +01:00
Diederik de Haas 9bb0488096
Fix shellcheck issue SC2154
SC2154: var is referenced but not assigned.

The 'rootmnt' variable is set in /usr/share/initramfs-tools/init and if
it's not available, that would be bad.
According to SC2154 you can fix that issue by using '${var:?}' so it
would fail if unset or empty.
So apply that and reference that SC item in the comments.

Also remove it from the exclude list in the CI config file.
2022-11-14 22:38:47 +01:00
Diederik de Haas cf2eb655d9
Simplify and fix 'build yamls' job
To build the yaml files, we only need python3 and make.
All the other/old packages that got installed are needed for building
actual images, so get rid of them.
This should also significantly speed up the job.

While checking the 'artifacts' I noticed that git operations didn't
produce the output as expected, both in top comment as at the end where
build information is written to /etc/raspi-image-id.
That was caused by git not working as it wasn't installed.
2022-11-14 18:00:40 +01:00
Diederik de Haas 58a3ee3f68
ci: Add 'shellcheck' job to 'check input' stage
Check all the scripts, under 'rootfs/etc/initramfs-tools' (for now) with
'shellcheck'.
A couple of checks are excluded of which SC1090 and SC1091 will remain.
But SC2086 and especially SC2154 should be fixed! And when they are
fixed in the current code, those should be enabled again for checking.

Also rename 'check yamls' job to 'yamllint', so that's directly clear
which tool is being used.
2022-11-11 23:51:17 +01:00
Diederik de Haas 08db2e948a
Fix issues reported by 'yamllint'
This is mainly indentation issues and also a '---' at the top.
2022-11-11 20:50:40 +01:00
Diederik de Haas 76fb71f4b1
ci: Add 'check yamls' job in (new) 'check input' stage
Add a new stage 'check input' to our CI configuration to check whether
our input files contain errors.
The first check is for the YAML files whether they contain errors or
warnings according to 'yamllint'.

Add 'yamllint' config file to not consider too long lines as errors.
And fix the errors/warnings in 'salsa-ci.yml' itself.

Apparently job names can contain space, so rename 'build-yamls' to
'build yamls'.
2022-11-11 19:52:12 +01:00
Diederik de Haas 90cc651d17 Merge branch 'add-bluez-firmware' into 'master'
Add 'bluez-firmware' package to images

See merge request raspi-team/image-specs!69
2022-11-11 15:59:30 +00:00
Diederik de Haas 6f016aa1ab
Add 'bluez-firmware' package to images
All RPi models which have wireless, also have bluetooth, so add the
firmware package to those images so that the hardware is supported.

Also remove the 'Extra' from the wireless firmware comment.
2022-11-11 12:53:54 +01:00
Diederik de Haas e522ff5f15
Remove unused/empty files
The `compress.sh` file hasn't been used for a long time.
The `.gitmodules` file was emptied as it wasn't used any more.

Just get rid of both of them.
2022-11-06 19:21:14 +01:00
Diederik de Haas b5ad7ef916
Upgrade pkgs separately before installing new ones
Upgrade the existing packages before installing new ones.
It's better to have a fully up-to-date system to work on and it could
also fix/prevent an installation issue if a package depends on an
existing, but un-upgraded one. With this change we get
"and 0 not upgraded", which was not always the case before.

Also add a '/' after the 'build' directory to make it clear it is a dir.
2022-11-05 12:48:22 +01:00
Diederik de Haas ab0c16505b Merge branch 'ci-use-eatmydata-for-apt-install' into 'master'
Use 'eatmydata' to speed up package install

See merge request raspi-team/image-specs!66
2022-11-04 21:53:43 +00:00
Diederik de Haas e8cd143468 Merge branch 'nuke-debos-stuff' into 'master'
Get rid of debos dir/stuff

Closes #18

See merge request raspi-team/image-specs!63
2022-11-04 21:48:48 +00:00
Diederik de Haas f11c05bf28
Use 'eatmydata' to speed up package install
The 'eatmydata' program is "designed to disable fsync and friends" and
can speed up tasks at the risk of potential data loss.
The speed up is welcome and the data loss not important as it would only
make the pipeline fail (most likely), but you can run it again.
2022-11-04 19:10:35 +01:00
Diederik de Haas 477ccf080b Merge branch 'ci-remove-only-keyword-statements' into 'master'
CI: Remove 'only' keyword statements

See merge request raspi-team/image-specs!65
2022-11-04 16:09:32 +00:00
Diederik de Haas 87fca3ceed
Remove 'only' keyword statements
It's unclear (to me) what they filter out. And why.

https://salsa.debian.org/help/ci/yaml/index#only-except says:
"NOTE: only and except are not being actively developed. rules is
the preferred keyword to control when to add jobs to pipelines."

So if filtering is desired, it should be added using the 'rules' keyword
and the reasoning behind it should be clarified in comments and/or
commit messages.
2022-11-04 16:07:58 +01:00
Diederik de Haas 8b680b005a
Get rid of debos dir/stuff
It's out of date, essentially unmaintained and we don't use it,
so lets get rid of it.
2022-11-04 14:04:33 +01:00
Diederik de Haas 11382958c5 Merge branch 'improve-salsa-ci' into 'master'
Various salsa CI improvements

See merge request raspi-team/image-specs!64
2022-11-04 13:00:52 +00:00
Diederik de Haas 02567af307
Don't retry on failure
As we're just starting out using CI, it is especially important to be
aware of any failure, so that we can fix it.

Such a workaround can be added later in case it is deemed necessary.
2022-11-04 13:52:34 +01:00
Diederik de Haas 8b06d14925
Rename 'build' job to 'build-yamls'
This is more describtive and also to distinguish from the build stage.
2022-11-04 13:52:34 +01:00
Diederik de Haas ad77890ede
Switch to using images maintained by salsa ci team
Debian's Salsa team has their own registry of images they maintain, so
use them instead of ones maintained by gitlab.
At https://salsa.debian.org/salsa-ci-team/pipeline/container_registry
one can view the various images they maintain.

Switch to using 'unstable' instead of 'sid'. The idea is to later also
add steps based on 'stable' and then 'unstable' matches better.
2022-11-04 13:52:34 +01:00
Diederik de Haas 5e42c6360a
Move some lines to other position in the file
It's common to define variables/constants in the top of a file, so do
that here too.

Move 'stage' field directly under step name as it's quite significant
and seen in other salsa-ci.yml as well.

Move 'image' line after 'stage' line as it's quite important as well.
2022-11-04 13:52:33 +01:00
Diederik de Haas b7df4bf849
Move .gitlab-ci.yml to debian/salsa-ci.yml
This seems to be the standard location for Salsa's CI.
2022-11-04 13:52:33 +01:00
Diederik de Haas 758b72391c Merge branch 'rename-partition-tags' into 'master'
Replace 'path' tags with 'tag-X'

See merge request raspi-team/image-specs!61
2022-11-04 12:51:38 +00:00
Diederik de Haas 55246ca61a
Replace '/boot' tag with 'tag-firmware'
This was the initial trigger for the tag-rename 'operation' as it caused
confusion (with me) as it was also a mislabeled tag, so remove the
ambiguity by renaming it to 'tag-firmware'.
2022-11-04 13:45:49 +01:00
Diederik de Haas a7d78af8a3
Replace '/' tag with 'tag-root'
Using path identifiers for tag names causes ambiguity as it's not
(immediately) clear whether a reference to it is a path or a tagname.
This causes hard to read/interpret log files and can lead to subtle and
hard to detect bugs.

The same tag can refer to different things based on the context
(partition/device/mountpoint/etc), so just use the 'tag-' prefix.

On the previous 'mount: /' step, I also added that it's to be mounted on
"dirname: '/'" to make it (more) explicit.
And removed it again as it seems you need to specify both 'dirname' AND
'mount-on' or neither. See https://bugs.debian.org/1023321
2022-11-04 13:45:49 +01:00
Diederik de Haas 189a145e0e Merge branch 'add_basic_ci' into 'master'
Add basic .gitlab-ci.yml

See merge request raspi-team/image-specs!55
2022-11-03 20:43:19 +00:00
Anton Gladky 3d9acc17d1 Add basic .gitlab-ci.yml 2022-11-03 20:43:17 +00:00
Ansgar 105c2a7621
add __RELEASE__-updates to sources.list
Closes: #62
2022-11-01 23:54:06 +01:00
Diederik de Haas b81aa80301
Enlarge firmware partition to 508MB
The firmware partition holds a copy of the initramfs and the kernel and
over the years we have seen a steady increase in its sizes.
Resizing the firmware partition later on is cumbersome as the root
partition follows directly, so it's better to make the firmware
partition not too small. A size of 508MB should be enough to accommodate
4-5 kernels+initramfs, which seems desirable.
2022-11-01 23:51:45 +01:00
Diederik de Haas 05bb2b3557
Switch to MiB units for partition sizes.
Previously one had to calculate how large the /boot/firmware partition
would be, but expressing it directly in MiB units is much clearer.

This also has the benefit that the /boot/firmware partition's size would
not change if the total image size would be changed.
Such a change should be a deliberate decision and not some side-effect.
As that 'side-effect' did happen since first submitting this patch,
revert the /boot/firmware partition's size back to 300MB.

Signed-off-by: Diederik de Haas <didi.debian@cknow.org>
2022-11-01 23:51:35 +01:00
Diederik de Haas 0f80bfa650
Remove unneeded apt-get update step.
Vmdb2 already does more then enough 'apt-get update', so no need to add
one ourselves.

Signed-off-by: Diederik de Haas <didi.debian@cknow.org>
2022-11-01 16:50:40 +01:00
Diederik de Haas a712206f62
Add raspi_*_bookworm.yaml to .gitignore 2022-11-01 16:05:31 +01:00
Diederik de Haas dc7558eb3f
Re-add 'non-free' to sources till all firmware is moved
The wireless firmware is in the firmware-brcm80211 package, but that is
still in 'non-free', so add 'non-free' back to the sources until all
the needed firmware packages are in 'non-free-firmware'.

https://salsa.debian.org/kernel-team/firmware-nonfree/-/merge_requests/36
is where the move to non-free-firmware is proposed, but not yet merged.
2022-10-31 01:32:47 +01:00
Diederik de Haas d71140b08a
Move 'contrib' removal comment to git commit msg
Previous commit not only replaced 'non-free' with 'non-free-firmware',
it also removed the 'contrib' archive area from the sources.list.
It added a note about it in the code comments, which I think is the
wrong place. The 'why' of a change belongs in a git commit message,
where one can be as verbose as needed.
Code comments should be used to clarify the 'what' (it does) in case it
would not be immediately obvious.

The removal of 'contrib' totally makes sense though.
We did not use it and 'contrib' and 'non-free' are not part of
(official) Debian, whereas 'non-free-firmware' is now part of Debian
(official media) as a consequence of the change to the Debian Social
Contract following the GR vote.
With this change, we only use what Debian itself would only use.

Fixes: 1ffce8e6bb
2022-10-30 23:56:51 +01:00
Gunnar Wolf 1ffce8e6bb For Bookworm, use the new non-free-firmware section instead of non-free 2022-10-12 10:25:53 -05:00
Diederik de Haas 1211f8af04
Add buildtime to raspi-image-id in the image itself
When the image was build also determines which package versions got
installed in the generated image and could help explain why a user has
problems with the downloaded image.

Signed-off-by: Diederik de Haas <didi.debian@cknow.org>
2022-01-14 00:19:57 +01:00