initial buildroot for linux 5.15

This commit is contained in:
Huan.Feng
2021-12-06 14:12:13 +08:00
parent d7767d594e
commit 7b6fc358fa
12736 changed files with 508822 additions and 0 deletions
+42
View File
@@ -0,0 +1,42 @@
config BR2_PACKAGE_MENDER
bool "mender"
depends on BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS
depends on BR2_PACKAGE_HOST_GO_TARGET_CGO_LINKING_SUPPORTS
depends on BR2_TOOLCHAIN_HAS_THREADS
select BR2_PACKAGE_OPENSSL
select BR2_PACKAGE_LIBOPENSSL_ENABLE_MD4 if BR2_PACKAGE_LIBOPENSSL
select BR2_PACKAGE_LIBOPENSSL_ENABLE_RMD160 if BR2_PACKAGE_LIBOPENSSL
help
Mender is an open source over-the-air (OTA) software updater
for embedded Linux devices. Mender comprises a client
running at the embedded device, as well as a server that
manages deployments across many devices.
Notes:
For systems using uboot as the bootloader:
- uboot must have the mender uboot patches applied.
- uboot-tools must be selected.
- fw_printenv must be functional on the device.
The Mender Uboot patches are at:
https://github.com/mendersoftware/meta-mender/
For more information on Manual U-Boot integration, see:
https://docs.mender.io/2.6/system-updates-yocto-project/board-integration/bootloader-support/u-boot/manual-u-boot-integration
For systems using Grub2 as the bootloader:
- Mender depends on the mender-grubenv package.
- The mender-grubenv package provides a fw_printenv script,
which is not compatible with the uboot-tools fw_printenv
script.
The mender project recommends using uboot to load Grub2 as a
secondary bootloader whenever possible. Using Grub2 as a
secondary bootloader prevents users from porting the patches
for uboot to each new device.
https://github.com/mendersoftware/mender
comment "mender needs a toolchain w/ threads"
depends on BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS
depends on BR2_PACKAGE_HOST_GO_TARGET_CGO_LINKING_SUPPORTS
depends on !BR2_TOOLCHAIN_HAS_THREADS
+56
View File
@@ -0,0 +1,56 @@
#!/bin/sh
#
# Starts mender service.
#
start() {
# If /var/lib/mender is a symlink to /var/run/mender, and
# - the filesystem is RO (i.e. we can not rm the symlink),
# create the directory pointed to by the symlink.
# - the filesystem is RW (i.e. we can rm the symlink),
# replace the symlink with an actual directory
if [ -L /var/lib/mender \
-a "$(readlink /var/lib/mender)" = "/var/run/mender" ]
then
if rm -f /var/lib/mender >/dev/null 2>&1; then
mkdir -p /var/lib/mender
else
echo "No persistent location to store mender data. Data will be lost"
echo "at reboot. Are you sure this is what you want to do?"
mkdir -p "$(readlink /var/lib/mender)"
fi
fi
printf "Starting mender service: "
umask 077
start-stop-daemon -S -q -b -m -p /var/run/mender.pid \
--exec /usr/bin/mender -- -daemon
[ $? = 0 ] && echo "OK" || echo "FAIL"
}
stop() {
printf "Stopping mender service: "
start-stop-daemon -K -q -p /var/run/mender.pid
[ $? = 0 ] && echo "OK" || echo "FAIL"
}
restart() {
stop
start
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart|reload)
restart
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit $?
+1
View File
@@ -0,0 +1 @@
artifact_name=BUILDROOT_ARTIFACT
+1
View File
@@ -0,0 +1 @@
device_type=BUILDROOT_DEVICE
+24
View File
@@ -0,0 +1,24 @@
[Unit]
Description=Mender OTA update service
After=systemd-resolved.service
[Service]
Type=idle
User=root
Group=root
ExecStartPre=/bin/sh -c '\
if [ -L /var/lib/mender \
-a "$(readlink /var/lib/mender)" = "/var/run/mender" ]; then \
if rm -f /var/lib/mender >/dev/null 2>&1; then \
mkdir -p /var/lib/mender; \
else \
echo "No persistent location to store mender data. Data will be lost" \
echo "at reboot. Are you sure this is what you want to do?"; \
mkdir -p "$(readlink /var/lib/mender)"; \
fi; \
fi'
ExecStart=/usr/bin/mender -daemon
Restart=on-abort
[Install]
WantedBy=multi-user.target
+10
View File
@@ -0,0 +1,10 @@
{
"InventoryPollIntervalSeconds": 1800,
"UpdatePollIntervalSeconds": 1800,
"RetryPollIntervalSeconds": 300,
"RootfsPartA": "/dev/mmcblk0p2",
"RootfsPartB": "/dev/mmcblk0p3",
"ServerCertificate": "/etc/mender/server.crt",
"ServerURL": "https://docker.mender.io",
"TenantToken": "dummy"
}
+44
View File
@@ -0,0 +1,44 @@
# Locally computed:
sha256 716ba7110dd68cdafc5caa989706ff67bbac0617c284d666aa81605850be5763 3.1.0.tar.gz
# Vendor licenses
# Generated with sed '/^[A-Za-z0-9_]/s/^/sha256 /' LIC_FILES_CHKSUM.sha256
# Apache-2.0 license.
sha256 b4acfcfa2a0ba1a8c82ec3965fbcee886cff8394ca4214e0ddac0a36beb1e05a LICENSE
sha256 32714818ad6f98ee0185a52e23a475d89122e3efd2b2c26c733781c28e798c99 vendor/github.com/mendersoftware/mender-artifact/LICENSE
sha256 73ba74dfaa520b49a401b5d21459a8523a146f3b7518a833eea5efa85130bf68 vendor/github.com/mendersoftware/openssl/LICENSE
sha256 cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30 vendor/github.com/minio/sha256-simd/LICENSE
sha256 8f5d89b47d7a05a199b77b7e0f362dad391d451ebda4ef48ba11c50c071564c7 vendor/github.com/mendersoftware/progressbar/LICENSE
#
# BSD 2 Clause license.
sha256 8d427fd87bc9579ea368fde3d49f9ca22eac857f91a9dec7e3004bdfab7dee86 vendor/github.com/pkg/errors/LICENSE
sha256 e4646a82a976369d7ae8f6ed5c11d35dc0af18433a8ccc24c85b459ad8b95128 vendor/github.com/godbus/dbus/LICENSE
#
# BSD 3 Clause license.
sha256 16f848582e4b276a7392cd34496b7a33d6f65c0e190c163ff3a056a7c61219ce vendor/github.com/klauspost/compress/LICENSE
sha256 2eb550be6801c1ea434feba53bf6d12e7c71c90253e0a9de4a4f46cf88b56477 vendor/github.com/pmezard/go-difflib/LICENSE
sha256 2d36597f7117c38b006835ae7f537487207d8ec407aa9d9980794b2030cbc067 vendor/golang.org/x/crypto/LICENSE
sha256 2d36597f7117c38b006835ae7f537487207d8ec407aa9d9980794b2030cbc067 vendor/golang.org/x/sys/LICENSE
sha256 0634b008cee55ca01f0888d2f5aba2d34e66c3f52c31a4e16a5d5d33d0c2a03e vendor/github.com/bmatsuo/lmdb-go/LICENSE.md
sha256 87640bc4df2ceb1559f268a3db1ba859ab780f7ba5b1b4545173d4680a3d918b vendor/github.com/remyoudompheng/go-liblzma/LICENSE
#
# ISC license.
sha256 1b93a317849ee09d3d7e4f1d20c2b78ddb230b4becb12d7c224c927b9d470251 vendor/github.com/davecgh/go-spew/LICENSE
#
# MIT license.
sha256 6d2de1cde19c4d2bd8bcd9aaa1d581f4cfa3db9cf71896140330eaa2f2687685 vendor/github.com/klauspost/pgzip/LICENSE
sha256 51a0c9ec7f8b7634181b8d4c03e5b5d204ac21d6e72f46c313973424664b2e6b vendor/github.com/sirupsen/logrus/LICENSE
sha256 f8e536c1c7b695810427095dc85f5f80d44ff7c10535e8a9486cf393e2599189 vendor/github.com/stretchr/testify/LICENSE
sha256 ffa15bdce332058a03a1d923910864fb6e58bf6df66a0e3914284725b327183e vendor/github.com/ungerik/go-sysfs/LICENSE
sha256 da277af11b85227490377fbcac6afccc68be560c4fff36ac05ca62de55345fd7 vendor/github.com/urfave/cli/v2/LICENSE
sha256 b2663894033a05fd80261176cd8da1d72546e25842d5c1abcc852ca23b6b61b0 vendor/github.com/stretchr/objx/LICENSE
sha256 95b8ef9c4137a8f75ddd3101ffdc4cfd594fa875b261697b68baddc16b0e537c vendor/github.com/konsorten/go-windows-terminal-sequences/LICENSE
sha256 d18f6323b71b0b768bb5e9616e36da390fbd39369a81807cca352de4e4e6aa0b vendor/gopkg.in/yaml.v3/LICENSE
sha256 08eab1118c80885fa1fa6a6dd7303f65a379fcb3733e063d20d1bbc2c76e6fa1 vendor/github.com/mattn/go-isatty/LICENSE
#
# OpenLDAP Public License
sha256 310fe25c858a9515fc8c8d7d1f24a67c9496f84a91e0a0e41ea9975b1371e569 vendor/github.com/bmatsuo/lmdb-go/LICENSE.mdb.md
# sha256 of all the vendor licenses combined
sha256 4f3541ea69b9b6e3959679576c146b42ba9a840a9dc4e593bff43e5e3a313d24 LIC_FILES_CHKSUM.sha256
+114
View File
@@ -0,0 +1,114 @@
################################################################################
#
# mender
#
################################################################################
MENDER_VERSION = 3.1.0
MENDER_SITE = https://github.com/mendersoftware/mender/archive
MENDER_SOURCE = $(MENDER_VERSION).tar.gz
MENDER_LICENSE = Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, MIT, OLDAP-2.8
# Vendor license paths generated with:
# awk '{print $2}' LIC_FILES_CHKSUM.sha256 | grep vendor
MENDER_LICENSE_FILES = \
LICENSE \
LIC_FILES_CHKSUM.sha256 \
vendor/github.com/mendersoftware/mender-artifact/LICENSE \
vendor/github.com/mendersoftware/openssl/LICENSE \
vendor/github.com/minio/sha256-simd/LICENSE \
vendor/github.com/mendersoftware/progressbar/LICENSE \
vendor/github.com/pkg/errors/LICENSE \
vendor/github.com/godbus/dbus/LICENSE \
vendor/github.com/klauspost/compress/LICENSE \
vendor/github.com/pmezard/go-difflib/LICENSE \
vendor/golang.org/x/crypto/LICENSE \
vendor/golang.org/x/sys/LICENSE \
vendor/github.com/bmatsuo/lmdb-go/LICENSE.md \
vendor/github.com/remyoudompheng/go-liblzma/LICENSE \
vendor/github.com/davecgh/go-spew/LICENSE \
vendor/github.com/klauspost/pgzip/LICENSE \
vendor/github.com/sirupsen/logrus/LICENSE \
vendor/github.com/stretchr/testify/LICENSE \
vendor/github.com/ungerik/go-sysfs/LICENSE \
vendor/github.com/urfave/cli/v2/LICENSE \
vendor/github.com/stretchr/objx/LICENSE \
vendor/github.com/konsorten/go-windows-terminal-sequences/LICENSE \
vendor/gopkg.in/yaml.v3/LICENSE \
vendor/github.com/mattn/go-isatty/LICENSE \
vendor/github.com/bmatsuo/lmdb-go/LICENSE.mdb.md
MENDER_DEPENDENCIES = host-pkgconf openssl
MENDER_LDFLAGS = -X github.com/mendersoftware/mender/conf.Version=$(MENDER_VERSION)
MENDER_UPDATE_MODULES_FILES = \
directory \
script \
single-file \
$(if $(BR2_PACKAGE_DOCKER_CLI),docker) \
$(if $(BR2_PACKAGE_RPM),rpm)
define MENDER_INSTALL_CONFIG_FILES
$(INSTALL) -d -m 755 $(TARGET_DIR)/etc/mender/scripts
echo -n "3" > $(TARGET_DIR)/etc/mender/scripts/version
$(INSTALL) -D -m 0644 $(MENDER_PKGDIR)/mender.conf \
$(TARGET_DIR)/etc/mender/mender.conf
$(INSTALL) -D -m 0644 $(MENDER_PKGDIR)/server.crt \
$(TARGET_DIR)/etc/mender/server.crt
$(INSTALL) -D -m 0755 $(@D)/support/mender-device-identity \
$(TARGET_DIR)/usr/share/mender/identity/mender-device-identity
$(foreach f,hostinfo network os rootfs-type, \
$(INSTALL) -D -m 0755 $(@D)/support/mender-inventory-$(f) \
$(TARGET_DIR)/usr/share/mender/inventory/mender-inventory-$(f)
)
$(INSTALL) -D -m 0755 $(MENDER_PKGDIR)/artifact_info \
$(TARGET_DIR)/etc/mender/artifact_info
$(INSTALL) -D -m 0755 $(MENDER_PKGDIR)/device_type \
$(TARGET_DIR)/etc/mender/device_type
mkdir -p $(TARGET_DIR)/var/lib
ln -snf /var/run/mender $(TARGET_DIR)/var/lib/mender
$(foreach f,$(MENDER_UPDATE_MODULES_FILES), \
$(INSTALL) -D -m 0755 $(@D)/support/modules/$(notdir $(f)) \
$(TARGET_DIR)/usr/share/mender/modules/v3/$(notdir $(f))
)
endef
MENDER_POST_INSTALL_TARGET_HOOKS += MENDER_INSTALL_CONFIG_FILES
ifeq ($(BR2_PACKAGE_XZ),y)
MENDER_DEPENDENCIES += xz
else
MENDER_TAGS += nolzma
endif
ifeq ($(BR2_PACKAGE_DBUS)$(BR2_PACKAGE_LIBGLIB2),yy)
MENDER_DEPENDENCIES += libglib2
define MENDER_INSTALL_DBUS_AUTHENTICATION_MANAGER_CONF
$(INSTALL) -D -m 0755 $(@D)/support/dbus/io.mender.AuthenticationManager.conf \
$(TARGET_DIR)/etc/dbus-1/system.d/io.mender.AuthenticationManager.conf
$(INSTALL) -D -m 0755 $(@D)/support/dbus/io.mender.UpdateManager.conf \
$(TARGET_DIR)/etc/dbus-1/system.d/io.mender.UpdateManager.conf
endef
MENDER_POST_INSTALL_TARGET_HOOKS += MENDER_INSTALL_DBUS_AUTHENTICATION_MANAGER_CONF
else
MENDER_TAGS += nodbus
endif
define MENDER_INSTALL_INIT_SYSTEMD
$(INSTALL) -D -m 0644 $(MENDER_PKGDIR)/mender-client.service \
$(TARGET_DIR)/usr/lib/systemd/system/mender-client.service
endef
define MENDER_INSTALL_INIT_SYSV
$(INSTALL) -D -m 755 $(MENDER_PKGDIR)/S42mender \
$(TARGET_DIR)/etc/init.d/S42mender
endef
$(eval $(golang-package))
+154
View File
@@ -0,0 +1,154 @@
=== Notes on using Mender on Buildroot
======================================
Mender is an open source over-the-air (OTA) software updater for
embedded Linux devices. Mender comprises a client running at the
embedded device, as well as a server that manages deployments across
many devices. There is also various tooling around the Mender project,
such as 'mender-artifact' which is used to create Mender Artifacts
that are compatible with the Mender client and server.
Mender aims to address this challenge with a robust and easy to use
updater for embedded Linux devices, which is open source and available
to anyone.
Robustness is ensured with atomic image-based deployments using a dual
A/B rootfs partition layout. This makes it always possible to roll
back to a working state, even when losing power at any time during the
update process.
The official documentation is a good resource to get an in depth
understanding of how Mender works:
https://docs.mender.io
In Buildroot the following packages are provided:
- BR2_PACKAGE_MENDER
- This will install the client on target rootfs
- BR2_PACKAGE_HOST_MENDER_ARTIFACT
- This will install the 'mender-artifact' tool in host rootfs.
To fully utilize atomic image-based deployments using the A/B update
strategy, additional integration is required in the bootloader. This
integration is board specific.
Currently supported bootloaders are GRUB and U-boot, and for reference
integrations please visit:
https://github.com/mendersoftware/buildroot-mender
Default configurations files
----------------------------
Buildroot comes with a default configuration and there a couple of
files that need your attention:
- /etc/mender/mender.conf
- main configuration file for the Mender client
- https://docs.mender.io/client-configuration/configuration-file/configuration-options
- /etc/mender/artifact_info
- The name of the image or update that will be built. This is what the
device will report that it is running, and different updates must have
different names
- /var/lib/mender/device_type
- A string that defines the type of device
Mender server configuration
---------------------------
The Mender server can be setup in different ways, and how you
configure the Mender client differs slightly depending on which server
environment is used.
- Mender demo environment
This is if you have followed the Getting started documentation where
you launch a Mender server locally and to configure your environment
to connect to this local server you need to provide the IP address of
the server on the local network.
By default the demo environment will connect to 'docker.mender.io' and
's3.docker.mender.io' and we need to make sure that these are resolved
to the local IP address of the running server by adding the following
entry to '/etc/hosts'
<ip address of demo environment> docker.mender.io s3.docker.mender.io
This is required because the communication between client and server
is utilizing TLS and the provided demo server certificate (server.crt)
is only valid for 'docker.mender.io' and 's3.docker.mender.io'
domains.
- Hosted Mender
To authenticate the Mender client with the Hosted Mender server you
need a tenant token.
To get your tenant token:
- log in to https://hosted.mender.io
- click your email at the top right and then “My organization”
- press the “COPY TO CLIPBOARD”
- assign content of clipboard to TenantToken
Example mender.conf options for Hosted Mender:
{
...
"ServerURL": "https://hosted.mender.io",
"TenantToken": "<paste tenant token here>"
...
}
Creating Mender Artifacts
-------------------------
To create Mender Artifacts based on Buildroot build output you must
include BR2_PACKAGE_HOST_MENDER_ARTIFACT in your configuration, and
then you would typically create the Mender Artifact in a post image
script (BR2_ROOTFS_POST_IMAGE_SCRIPT). Below is an example of such a
script:
#!/bin/sh
set -e
set -x
device_type=$(cat ${TARGET_DIR}/var/lib/mender/device_type | sed 's/[^=]*=//')
artifact_name=$(cat ${TARGET_DIR}/etc/mender/artifact_info | sed 's/[^=]*=//')
if [ -z "${device_type}" ] || [ -z "${artifact_name}" ]; then
echo "missing files required by Mender"
exit 1
fi
${HOST_DIR}/usr/bin/mender-artifact write rootfs-image \
--update ${BINARIES_DIR}/rootfs.ext4 \
--output-path ${BINARIES_DIR}/${artifact_name}.mender \
--artifact-name ${artifact_name} \
--device-type ${device_type}
As you can see some properties are extracted from target rootfs, and
this is because these values are used for compatibility checks,
meaning that the information must be present in both rootfs and in
Mender Artifact meta data.
- device_type - must be an exact match between rootfs and Mender
Artifact meta-data to apply update. You can set an
array of devices here as well, e.g if your image is
compatible with multiple hardware revisions
- artifact_name - must be an exact match between rootfs and Mender
Artifact meta-data to apply update.
Configuring Mender with certificates
------------------------------------
Mender uses TLS to communicate with the management server, and if you
use a CA-signed certificate on the server, you must include
BR2_PACKAGE_CA_CERTIFICATES in your configuration to authenticate TLS
connections.
+22
View File
@@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIBfTCCASOgAwIBAgIJAJOS76a0qWuZMAoGCCqGSM49BAMCMBsxGTAXBgNVBAMM
EGRvY2tlci5tZW5kZXIuaW8wHhcNMTYxMjE0MTk1MjQ2WhcNMjYxMjEyMTk1MjQ2
WjAbMRkwFwYDVQQDDBBkb2NrZXIubWVuZGVyLmlvMFkwEwYHKoZIzj0CAQYIKoZI
zj0DAQcDQgAE7AVYis6MWGPGQYU1/tlLEnskRifDIhvkRb8Y4nQPekRkLkiBYYT3
iJ46wHrnejbHaLstU9GRdKWOmOuU6HGdO6NQME4wHQYDVR0OBBYEFGOIU4q++Vz8
9HuT1jg9V+wFeJcyMB8GA1UdIwQYMBaAFGOIU4q++Vz89HuT1jg9V+wFeJcyMAwG
A1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAPLnEeWPNeN7eDCEYRitBfyO
X1yf2kzOm4ohBE5GY9gzAiBCq7HOSkzQDkelmQCCCpGXf/UwYNgQJjSoeGfk0j1a
TQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIBhDCCASmgAwIBAgIJALQrf4QDot4IMAoGCCqGSM49BAMCMB4xHDAaBgNVBAMM
E3MzLmRvY2tlci5tZW5kZXIuaW8wHhcNMTYxMjE0MTk1MjQ2WhcNMjYxMjEyMTk1
MjQ2WjAeMRwwGgYDVQQDDBNzMy5kb2NrZXIubWVuZGVyLmlvMFkwEwYHKoZIzj0C
AQYIKoZIzj0DAQcDQgAEEc/Y3T+l3DvINePkpvVZORMIdHVs29jgsl48ia7z/NRX
HlKtKxVGJyFN5Y7sBZeLgBYH3F4Bo3KfmxI7ad0tI6NQME4wHQYDVR0OBBYEFIUm
cip00QZYpe4ULflbGNJan+Y9MB8GA1UdIwQYMBaAFIUmcip00QZYpe4ULflbGNJa
n+Y9MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhANHij9VZBDHOUPaC
pFiagnWnYL2HBR72W1xTKQbrLLTXAiEAvpwA4HzSnGmLd3010+jqQuMRHArN5WaX
h0fy7niBbIQ=
-----END CERTIFICATE-----