diff --git a/README.md b/README.md new file mode 100644 index 0000000..64e2129 --- /dev/null +++ b/README.md @@ -0,0 +1,81 @@ +This is the Buildroot repoistory used to build system images and updates for the MynaPlayer project. + +BUILDING +-------- + +Building MynaPlayer is a process, though it requires decent hardware. + +Set up the required source code: + +``` +mkdir MYNA && cd MYNA +git clone -b v3.0.7 'https://github.com/OpenVPN/easy-rsa' +git clone -b 2020.05.x 'https://git.buildroot.net/buildroot' +git clone 'https://git.lumina-sensum.com/git/LuminaSensum/buildroot-MynaPlayer.git' +export BR2_EXTERNAL="$PWD/buildroot-MynaPlayer" +cd buildroot +git am ../buildroot-MynaPlayer/buildroot-patches/*.patch +cd .. +``` + +Create keys for RAUC updates: + +``` +cd easy-rsa +sed -i "s/extendedKeyUsage/#extendedKeyUsage/g" easy-rsa/easyrsa3/x509-types/code-signing +./easyrsa3/easyrsa init-pki +./easyrsa3/easyrsa build-ca +./easyrsa3/easyrsa gen-req rauc +./easyrsa3/easyrsa sign-req code-signing rauc +cd .. +echo "Certificate authority: $PWD/easy-rsa/pki/ca.crt" > certs.txt +echo "Private key: $PWD/easy-rsa/pki/private/rauc.key" >> certs.txt +echo "Public key: $PWD/easy-rsa/pki/issued/rauc.crt" >> certs.txt +mv certs.txt buildroot-MynaPlayer/board/myna-player-odyssey/utilities/certs.txt +``` + +Build the image: + +``` +cd buildroot +utils/brmake O=output_initramfs myna_player_odyssey_initramfs_defconfig +utils/brmake O=output_initramfs toolchain +utils/brmake O=output_initramfs -j8 +# If you get errors, run 'make O=output_initramfs -j1' to see the messages +utils/brmake O=output_rootfs myna_player_odyssey_defconfig +utils/brmake O=output_rootfs toolchain +utils/brmake O=output_rootfs -j8 +# If you get errors, run 'make O=output_rootfs -j1' to see the messages +cd .. +``` + +Copy RAUC bundles and keys to a server (jookia.org in this example): + +``` +ls buildroot/output_rootfs/images/ +# Find the file ending in *.raucb +# You can also just flash MynaPlayer.img using dd but it takes a long time +mv buildroot/output_rootfs/images/bundle-MynaPlayer-2020-08-06.fe2ca3ce-be36-4f33-94d4-e295cd0518be.raucb /usr/local/webapps/jookia/ +cp $PWD/easy-rsa/pki/ca.crt /usr/local/webapps/jookia +``` + +Install the update on the device from the server (jookia.org in this example): + +``` +wget 'https://www.jookia.org/ca.crt' +cp /etc/rauc/keyring.pem{,.bak} +mv ca.crt /etc/rauc/keyring.pem +rauc install https://www.jookia.org/bundle-MynaPlayer-2020-08-06.6d113d3a-f77f-447a-ad7d-b8d605824c00.raucb +mv /etc/rauc/keyring.pem{.bak,} +reboot +``` + +Future updates won't need to copy the keyring, a single 'rauc install' +invocation should download and install the image without trouble. + +You should now be running a system you've just built (check the kernel build date): + +``` +uname -a +# Linux MynaPlayer 5.8.0 #3 SMP PREEMPT Thu Aug 6 03:21:30 EDT 2020 armv7l GNU/Linux +``` diff --git a/buildroot-patches/0001-boot-arm-trusted-firmware-allow-to-select-ATF-with-barebox.patch b/buildroot-patches/0001-boot-arm-trusted-firmware-allow-to-select-ATF-with-barebox.patch new file mode 100644 index 0000000..af69f93 --- /dev/null +++ b/buildroot-patches/0001-boot-arm-trusted-firmware-allow-to-select-ATF-with-barebox.patch @@ -0,0 +1,25 @@ +From 1cd770b534550b588864223d2c99a01317bc4bb0 Mon Sep 17 00:00:00 2001 +From: Xogium +Date: Fri, 31 Jul 2020 05:20:57 -0400 +Subject: [PATCH] boot/arm-trusted-firmware: allow to select ATF with barebox. + +--- + boot/arm-trusted-firmware/Config.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/boot/arm-trusted-firmware/Config.in b/boot/arm-trusted-firmware/Config.in +index b1ca5d7ea1..28769131c9 100644 +--- a/boot/arm-trusted-firmware/Config.in ++++ b/boot/arm-trusted-firmware/Config.in +@@ -1,7 +1,7 @@ + config BR2_TARGET_ARM_TRUSTED_FIRMWARE + bool "ARM Trusted Firmware (ATF)" + depends on (BR2_ARM_CPU_ARMV8A || BR2_ARM_CPU_ARMV7A) && \ +- BR2_TARGET_UBOOT ++ BR2_TARGET_UBOOT || BR2_TARGET_BAREBOX + help + Enable this option if you want to build the ATF for your ARM + based embedded device. +-- +2.27.0 + diff --git a/buildroot-patches/0001-package-systemd-use-polkit-duktape.patch b/buildroot-patches/0001-package-systemd-use-polkit-duktape.patch new file mode 100644 index 0000000..b41f651 --- /dev/null +++ b/buildroot-patches/0001-package-systemd-use-polkit-duktape.patch @@ -0,0 +1,45 @@ +From 65c59d46db7c3070f6547603ff0e11d3dcfe3c4f Mon Sep 17 00:00:00 2001 +From: Xogium +Date: Thu, 11 Jun 2020 02:41:23 -0400 +Subject: [PATCH] package/systemd: use polkit-duktape. + +--- + package/systemd/Config.in | 7 +------ + package/systemd/systemd.mk | 2 +- + 2 files changed, 2 insertions(+), 7 deletions(-) + +diff --git a/package/systemd/Config.in b/package/systemd/Config.in +index dd3b8c534d..1614d484ee 100644 +--- a/package/systemd/Config.in ++++ b/package/systemd/Config.in +@@ -302,13 +302,8 @@ config BR2_PACKAGE_SYSTEMD_NETWORKD + + config BR2_PACKAGE_SYSTEMD_POLKIT + bool "enable polkit support" +- depends on BR2_HOST_GCC_AT_LEAST_4_9 # polkit +- depends on BR2_INSTALL_LIBSTDCPP # polkit +- depends on BR2_PACKAGE_SPIDERMONKEY_ARCH_SUPPORTS # polkit +- depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 # polkit +- depends on BR2_TOOLCHAIN_HAS_THREADS_NPTL # polkit + depends on BR2_USE_WCHAR # libglib2 +- select BR2_PACKAGE_POLKIT ++ select BR2_PACKAGE_POLKIT_DUKTAPE + help + If enabled, systemd is built with polkit support and policy + files for its services are generated and installed. It is +diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk +index 92de540725..021a084565 100644 +--- a/package/systemd/systemd.mk ++++ b/package/systemd/systemd.mk +@@ -370,7 +370,7 @@ endif + + ifeq ($(BR2_PACKAGE_SYSTEMD_POLKIT),y) + SYSTEMD_CONF_OPTS += -Dpolkit=true +-SYSTEMD_DEPENDENCIES += polkit ++SYSTEMD_DEPENDENCIES += polkit-duktape + else + SYSTEMD_CONF_OPTS += -Dpolkit=false + endif +-- +2.27.0 +