| Age | Commit message (Collapse) | Author |
|---|
|
The security schulung has an example involving capabilities
assigned via PAM login. This package is needed for it.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
The linaro toolchain creates files with some obscure user/group.
Instead of trusting the owners/permissions of the downloaded
archives, recursively set all /opt to root:root. If for some
reason any files are setuid, this will also clear that bit.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
If building the image from a machine other than nereus, the name
nereus (used in fine-tuning wget) cannot be resolved. Use the
FQDN instead. That works (as long as you are in the Linutronix
network).
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
This is the wireless tool to use for the future. iwlist/iwconfig
are old.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
Normally the console font and keyboard is setup on first boot.
But this can be done in the finetuning so that we do not rely on
a "first boot" for the console to be setup correctly.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
Most of the firmware packages have versions in stretch backports
that support more hardware. Use these in an attempt to work for
all laptops.
NOTE: There are a few firmware packages that are not in stretch
backports. These are still taking from stretch.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
During a training I needed these tools. Especially tftp is useful
for verifying that the tftp server is available.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
It seems that calling umount directly after mount can lead to a
busy error. With strace on umount the problem goes away. It must
be a very small window. Someone should debug the umount syscall
on this. It is reproducable with:
./dd-multi.sh lx-trainer.img /dev/sdx
(i.e. regular training image and no layers)
Implement a workaround for this for now.
From the comments...
If there were no layer files added, umount might return a busy
error since we just mounted. (Possibly a kernel bug.) By
accessing the filesytem before unmounting it, the mount/umount
problem seems to go away. Use "ls" to access the filesystem.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
In the last 2 trainings I've had participants with batteries going
dead because there was no display for the battery status. The mate
power manager provides this feature. Add it to the image.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
During the audio schulung, we needed to manually install:
qjackctl
libjack-dev
Also, compiling the new kernels now requires:
libelf-dev
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
JUCE itself is not installed (it is broken in stretch). Instead,
all JUCE dependencies are installed and the upstream JUCE will
be used for the workshop.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
For the yocto training, some important packages are missing.
Toaster requires pip for python3. The documentation requires
xsltproc and fop. Install them.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
Use the image/device argument now passed to the script.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
Rather than assuming the image file lx-trainer.img in the current
working directory, require an argument that specifies this. Also,
allow this argument to be a block device to perform the secure
boot preparation on devices already prepared with the image.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
Start the untar processes in parallel. This will take advantage
of file caching and should max out the USB bandwidth.
This is important because some trainings (like Yocto) have huge
layers.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
/home shouldn't be empty, but check just in case. Getting an
error in the middle of the script is very annoying.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
It is very annoying if the script aborts in the middle because
of something like missing files. Check for them in the beginnning.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
... from neon-3 to oxygen-3a.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
Eventually the lx-trainer image will come with secure boot
automatically. But for now, we have to manually adjust the image.
Here is a script to do that.
Also update the README.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
Tarballs are copied to the USB drives and then unpacked in a
chroot. However, this means the data will travel across the bus
three times! For large layers this is craziness.
Since --numeric-owner is used anyway, just unpack the tarballs
directly.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
- require gpt images and expect partition layout
and sizes from lx-trainer-vm.xml
- cleanup output
- use dd instead of cat (to allow progress status)
- use parted instead of fdisk (necessary to fix gpt table)
- remove unnecessary partprobe's
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
Debian will mount debugfs by default. Do not explicitly specify
it in /etc/fstab.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
This requires devel/elbe-3.0 branch to build! In
particular, commit 79adee34de55 ("Add support for hybrid
images (UEFI+Bios)")
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
Creating this tarball takes a long time and a lot of space on the
initvm. Since this file is not needed, stop creating it.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
When partitioning many devices, it is possible that partprobe
returns with a "EBUSY" error. Loop until partprobe succeeds.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
In order for the qemu arm vm's to nfs root out-of-the-box, either
the client must specify v3 or the server must restrict itself to
version 2. Rather than expecting special arguments from the client,
force the lx-trainer image to use nfs server version 2.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
There is a latency between when partprobe is called and when udev
actually creates the device nodes. Wait for the desired device
nodes to appear before continuing.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
Use 'basename' to isolate the layer tarball filename in case
they are specified in a directory other than the current working
directory.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
Initially write 10MB of 0's instead of 1MB to make sure any tables
at the beginning are really gone.
Rather than calling 'partprobe' with no arguments, explicitly pass
the list of devices to re-read.
'fdisk' is used to create the 2nd (/home) partition. Do not do that
in the background but instead synchronously for each device. Add a
'sync' afterwards to hopefully create a barrier before rescanning
the devices. This is should address a problem where 'partprobe' is
run too early and the kernel does not find the 2nd partition of the
last device.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
There is no wireshark group by default.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
using lttng-ust, perf and tshark
traces can be shown in tracecompass
Signed-off-by: Manuel Traut <manut@linutronix.de>
|
|
dd-multi.sh now supports layers so there is no need for the
example/archived extra scripts.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
Clarify what the different finetuning steps are doing. Since some
of the steps are complicated, a description helps users to
determine if the finetuning steps are correct.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
ntfs-3g: some users need to read/write mount ntfs partitions
netcat-traditional: critical tool for testing network connections
geeqie: simple yet effective image viewer
gnuplot: generate graphical cyclictest latency graphs
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
The use of httpredir might cause problems with elbe. Use servers
that are known to work reliably.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
Years ago dengler needed the i386 libs for his security schulung.
He has confirmed he no longer needs these, so remove them. The
main motivation for the removal is to simplify local mirrors, no
longer requiring i386.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
Layers can now be specified using: --layer=tarball
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
Since elbe should be run in a container, we need the name.
|
|
- removed extra dd-variation scripts
- updated script for general usage (src/dest as arguments)
- adjusted script to support modifying new image
- moves /home/* from part1 to part2
- adds /home entry to /etc/fstab
- moved manut's update-home.sh to "extra" directory
(may still be in use? until a general replacement exists)
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
- when run from nereus, the image will be complete out-of-the-box
Signed-off-by: John Ogness <john.ogness@linutronix.de>
|
|
|
|
- analysis: john the ripper, nmap
- application security: lxc, libcap-dev
- crypto: xca
Signed-off-by: Holger Dengler <dengler@linutronix.de>
|
|
Signed-off-by: Holger Dengler <dengler@linutronix.de>
|
|
it's a simple example for a class
Signed-off-by: Manuel Traut <manut@linutronix.de>
|
|
Signed-off-by: Manuel Traut <manut@linutronix.de>
|
|
Signed-off-by: Manuel Traut <manut@linutronix.de>
|
