Permalink
Browse files

HBSD: Teach hbsd-update-build to cross-build

This allows us to support non-amd64 architectures with hbsd-update. Of
main interest is arm64, which can use the same kernel config for all
devices.

While testing this work, I came across the inability to create unsigned
updates due to strong post-build sanity checking. Fix unsigned builds.
Unsigned builds should only be done in the case of testing and should
not be used in production (as was the case here).

Signed-off-by:	Shawn Webb <shawn.webb@hardenedbsd.org>
github-issue:	#224
MFC-to:		10-STABLE
MFC-to:		11-STABLE
  • Loading branch information...
1 parent 18c3f5c commit d9664605c173dcb9816d388252408661f49c248d @lattera lattera committed Dec 23, 2016
Showing with 63 additions and 12 deletions.
  1. +63 −12 usr.sbin/hbsd-update/hbsd-update-build
@@ -63,6 +63,8 @@ setup_environment() {
INTEGRIFORCE=1
BUILDSRCSET=1
VERBOSE=0
+ TARGET=$(uname -m)
+ TARGET_ARCH=$(uname -p)
}
cleanup_chroot() {
@@ -185,7 +187,41 @@ create_src_conf() {
fi
}
+install_binutils() {
+ local res
+
+ debug_print "[*] Cross-build detected. Installing ${TARGET_ARCH}-binutils."
+
+ if [ -f /etc/resolv.conf ]; then
+ cp /etc/resolv.conf ${CHROOTDIR}/etc/resolv.conf
+ fi
+
+ chroot ${CHROOTDIR} \
+ env ASSUME_ALWAYS_YES=yes \
+ pkg bootstrap -y
+ res=${?}
+ if [ ${res} -gt 0 ]; then
+ return ${res}
+ fi
+
+ chroot ${CHROOTDIR} \
+ env ASSUME_ALWAYS_YES=yes \
+ pkg update
+ res=${?}
+ if [ ${res} -gt 0 ]; then
+ return ${res}
+ fi
+
+ chroot ${CHROOTDIR} \
+ env ASSUME_ALWAYS_YES=yes \
+ pkg install -y ${TARGET_ARCH}-binutils
+
+ return ${?}
+}
+
prep_release() {
+ local res
+
chroot ${CHROOTDIR} \
make -s \
-C /usr/src/release \
@@ -511,9 +547,11 @@ sanity_check_archive() {
return 1
fi
- if [ ! -f ${STAGEDIR}/base.txz.sig ]; then
- debug_print "[-] Could not find ${STAGEDIR}/base.txz.sig"
- return 1
+ if [ ${UNSIGNED} -eq 0 ]; then
+ if [ ! -f ${STAGEDIR}/base.txz.sig ]; then
+ debug_print "[-] Could not find ${STAGEDIR}/base.txz.sig"
+ return 1
+ fi
fi
for kernel in ${KERNELS}; do
@@ -522,9 +560,11 @@ sanity_check_archive() {
return 1
fi
- if [ ! -f ${STAGEDIR}/kernel-${kernel}.txz.sig ]; then
- debug_print "[-] Could not find ${STAGEDIR}/kernel-${kernel}.txz.sig"
- return 1
+ if [ ${UNSIGNED} -eq 0 ]; then
+ if [ ! -f ${STAGEDIR}/kernel-${kernel}.txz.sig ]; then
+ debug_print "[-] Could not find ${STAGEDIR}/kernel-${kernel}.txz.sig"
+ return 1
+ fi
fi
done
@@ -533,19 +573,23 @@ sanity_check_archive() {
return 1
fi
- if [ ! -f ${STAGEDIR}/etcupdate.tbz.sig ]; then
- debug_print "[-] Could not find ${STAGEDIR}/etcupdate.tbz.sig"
- return 1
+ if [ ${UNSIGNED} -eq 0 ]; then
+ if [ ! -f ${STAGEDIR}/etcupdate.tbz.sig ]; then
+ debug_print "[-] Could not find ${STAGEDIR}/etcupdate.tbz.sig"
+ return 1
+ fi
fi
if [ ! -f ${STAGEDIR}/skip.txt ]; then
debug_print "[-] Could not find ${STAGEDIR}/skip.txt"
return 1
fi
- if [ ! -f ${STAGEDIR}/skip.txt.sig ]; then
- debug_print "[-] Could not find ${STAGEDIR}/skip.txt.sig"
- return 1
+ if [ ${UNSIGNED} -eq 0 ]; then
+ if [ ! -f ${STAGEDIR}/skip.txt.sig ]; then
+ debug_print "[-] Could not find ${STAGEDIR}/skip.txt.sig"
+ return 1
+ fi
fi
return 0
@@ -595,8 +639,15 @@ main() {
if [ ${USE_EXISTING} -eq 0 ]; then
cleanup_chroot || exit 1
setup_chroot || exit 1
+ if [ ! $(uname -m) = "${TARGET}" ]; then
+ install_binutils || exit 1
+ fi
clone_source || exit 1
create_src_conf || exit 1
+
+ export TARGET
+ export TARGET_ARCH
+
build_source || exit 1
prep_release || exit 1

0 comments on commit d966460

Please sign in to comment.