TheInternetBox · USA-RedDragon · Jan 17, 2022 · Jan 17, 2022 · Jan 17, 2022 · Jan 17, 2022
diff --git a/.github/workflows/build-and-test.yaml b/.github/workflows/build-and-test.yaml
@@ -21,7 +21,7 @@ jobs:
       uses: actions/checkout@v3.1.0
       with:
         token: ${{ secrets.GITHUB_TOKEN }}
-        submodules: true
+        submodules: recursive
 
     - name: Cache ccache
       uses: actions/cache@v3.0.11
@@ -33,7 +33,7 @@ jobs:
     - name: Setup build dependencies
       run: |
         sudo apt update
-        sudo apt install -y lsb-release wget software-properties-common build-essential python gcc-aarch64-linux-gnu python3 xz-utils libusb-1.0-0-dev ccache
+        sudo apt install -y cmake ninja-build lsb-release wget software-properties-common build-essential python gcc-aarch64-linux-gnu python3 xz-utils libusb-1.0-0-dev ccache
         python3 -m pip install pycryptodomex
         ccache -M 2G
         ccache -F 0
@@ -96,7 +96,15 @@ jobs:
 
     - name: Build system image
       run: |
-        echo "We're not quite to system images yet. :)"
+        cd $GITHUB_WORKSPACE/system
+        ./create-system-image.sh
+
+    - name: Build debug system image
+      env:
+        DEBUG: 'true'
+      run: |
+        cd $GITHUB_WORKSPACE/system
+        ./create-system-image.sh
 
     - name: Collect artifacts
       run: |
@@ -109,6 +117,8 @@ jobs:
         cp $GITHUB_WORKSPACE/boot-image/boot.sig /tmp/artifacts/boot.sig
         cp $GITHUB_WORKSPACE/boot-image/boot-debug.img /tmp/artifacts/boot-debug.img
         cp $GITHUB_WORKSPACE/boot-image/boot-debug.sig /tmp/artifacts/boot-debug.sig
+        cp $GITHUB_WORKSPACE/system/system.img.xz /tmp/artifacts/system.img.xz
+        cp $GITHUB_WORKSPACE/system/system-debug.img.xz /tmp/artifacts/system-debug.img.xz
 
     - name: Release artifacts
       if: ${{ github.event_name == 'push' }}
@@ -127,6 +137,8 @@ jobs:
           /tmp/artifacts/boot.sig
           /tmp/artifacts/boot-debug.img
           /tmp/artifacts/boot-debug.sig
+          /tmp/artifacts/system.img.xz
+          /tmp/artifacts/system-debug.img.xz
 
     ### Begin Tests
 

diff --git a/.github/workflows/submodule-sync.yaml b/.github/workflows/submodule-sync.yaml
@@ -26,7 +26,7 @@ jobs:
       uses: actions/checkout@v3.1.0
       with:
         token: ${{ secrets.PAT_TOKEN }}
-        submodules: true
+        submodules: recursive
 
     # Update references
     - name: Git submodule update

diff --git a/.github/workflows/update-github-actions.yaml b/.github/workflows/update-github-actions.yaml
@@ -21,7 +21,7 @@ jobs:
       uses: actions/checkout@v3.1.0
       with:
         token: ${{ secrets.PAT_TOKEN }}
-        submodules: true
+        submodules: recursive
 
     - name: Install ghacu
       run: |

diff --git a/.gitmodules b/.gitmodules
@@ -1,3 +1,4 @@
+# CI requires branch to be defined
 [submodule "rpi-usbboot"]
 	path = rpi-usbboot
 	url = https://github.com/raspberrypi/usbboot
@@ -9,10 +10,14 @@
 	shallow = true
 [submodule "boot-image_linux"]
 	path = boot-image/linux
-	url = https://github.com/USA-RedDragon/linux
-	branch = rpi-router
+	url = https://github.com/TheInternetBox/linux
+	branch = internetbox
 	shallow = true
 [submodule "busybox"]
 	path = busybox
 	url = https://git.busybox.net/busybox/
 	branch = refs/tags/1_35_0
+[submodule "system_packages"]
+	path = system/packages
+	url = https://github.com/TheInternetBox/packages
+	branch = main
diff --git a/README.md b/README.md
@@ -36,6 +36,10 @@ This is a POC, but a predecessor of this appliance has been running in my networ
   - `eeprom` - Contains eeprom programming and configuration
   - `keys` - Contains secure boot keys. Generate your own in the PEM format :)
   - `lockdown` - Burns the eeprom with `program_pubkey` and `revoke_devkey`, and `program_jtag_lock`. Only use this if you want to lock the bootloader
+- `system` - Contains the actual system components, including packages
+  - `build-scripts` - Contains the scripts used to build various components of the OS
+    - `stage1` - Scripts pertaining to building a toolchain appropriate for cross-compiling the rest of the OS
+    - `stage2` - Scripts pertaining to using the stage1 toolchain to build OS packages
 
 ## Security Enhancments
 
@@ -74,6 +78,14 @@ cd <cloned repo>
 git submodule update --recursive --init
 ```
 
+### Required Host Software
+
+- cmake
+- ninja
+- xz-utils
+- clang
+- ccache
+
 ### Building the imges
 
 Note: If you want to build the debuggable version with kernel console via uart on GPIO pins, run `export DEBUG=true` in your shell before running any scripts.
@@ -101,3 +113,12 @@ Note: If you want to build the debuggable version with kernel console via uart o
    - This will build the `boot.img` and `boot.sig`. These will need to be placed in the `emmc` FAT32 boot partition.
 
 3. The `system.img` must be placed onto the `emmc` system partition.
+
+   - Build the `system.img.xz` image:
+
+       ```bash
+         cd system
+         ./create-system-image.sh
+       ```
+
+   - This will build the `system.img.xz`. This will need to be flashed in the `emmc`. It contains an ext4 system partition.
diff --git a/boot-image/linux b/boot-image/linux
diff --git a/system/.gitignore b/system/.gitignore
@@ -0,0 +1,3 @@
+*.img.xz
+system-mount/*
+tmp-system*
diff --git a/system/create-system-image.sh b/system/create-system-image.sh
@@ -0,0 +1,54 @@
+#!/bin/bash
+
+# Loosely based on LFS systemd
+
+set -e
+
+if [ -n "$DEBUG" ]; then
+    DEBUG=-debug
+fi
+
+TMPFILE=tmp-system
+
+# Create 2gb raw ext4 image file
+dd if=/dev/zero of=${TMPFILE} bs=1M count=2048
+mkfs.ext4 ${TMPFILE}
+
+# Grab blkid for dm-verity
+SYSTEM_PARTITION_UUID=$(blkid ${TMPFILE} | awk '{ print $2 }' | sed -E 's/UUID="(.*)"/\1/g')
+export MAKEFLAGS="-j$(nproc)"
+
+# Mount ext4 image
+sudo mkdir -p system-mount
+LOOP=$(sudo losetup -f)
+sudo losetup -f ${TMPFILE}
+sudo mount ${LOOP} system-mount/
+
+LFS=$(pwd)/system-mount
+LFS_HOST="x86_64-pc-linux-gnu"
+LFS_TARGET="aarch64-linux-gnu"
+
+# Create folder structure
+sudo mkdir -pv $LFS/{etc,var,tmp} $LFS/usr/{bin,lib,sbin}
+sudo ln -sv lib $LFS/usr/lib64
+
+for i in bin lib lib64 sbin; do
+  sudo ln -sv usr/$i $LFS/$i
+done
+
+# Kernel Headers
+DEFCONFIG="rpi_cm4_io_router_defconfig"
+KBUILD_BUILD_TIMESTAMP='' make -C ../boot-image/linux ARCH=arm64 CC="ccache clang" LLVM=1 CROSS_COMPILE=aarch64-linux-gnu- ${DEFCONFIG}
+KBUILD_BUILD_TIMESTAMP='' sudo make -C ../boot-image/linux ARCH=arm64 CC="ccache clang" LLVM=1 CROSS_COMPILE=aarch64-linux-gnu- INSTALL_HDR_PATH=$LFS/usr headers_install
+
+# Bootstrap packages
+cd packages
+sudo env LFS_TARGET=$LFS_TARGET LFS_HOST=$LFS_HOST LFS=$LFS ./build.sh
+cd -
+
+# Unmount image
+sudo umount system-mount
+sudo losetup -d ${LOOP}
+
+xz -T0 -e -9 ${TMPFILE}
+mv ${TMPFILE}.xz system${DEBUG}.img.xz
diff --git a/system/packages b/system/packages