commit 2a1e2046a009bb267bfb135df3acbe2c9f254461
parent 9276a48d163284f6ddb409a98995b31024a7bd9a
Author: Jan Pobrislo <ccx@te2000.cz>
Date: Fri, 9 May 2025 22:48:28 +0000
update README, pthbs
Diffstat:
| M | README | | | 210 | +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------------------- |
1 file changed, 157 insertions(+), 53 deletions(-)
diff --git a/README b/README
@@ -20,66 +20,170 @@ See:
Requirements
------------
-The bootstrap is done by compiling musl-cross-make.
-Ideally you should not need anything above requirements of that project but
-currently the reproducible build checks are implemented using explicit calls to
-busybox binary. (TODO: sandbox.py needs to be rewritten to C and bootstrapped)
+The bootstrap is done by compiling musl-cross-make, GNU make and busybox.
+The goal is not to need anything above requirements of these packages,
+however several non-critical components are not yet implemented in a
+bootstrapped fashion:
-For regenerating the package build scripts from templates you will also need
-Python3 and Jinja2.
+Package generation
+~~~~~~~~~~~~~~~~~~
-Packages
---------
+As of now package scripts are generated from Jinja2 templates and Python3.
+The pthbs_genpkgpy submodule will create venv for it's dependencies using current
+`python3` executable when missing.
+See `pthbs_genpkgpy/genpkgpy.mk` for details.
+This is not needed for package builds, but it's needed when any package is altered
+(including system configuration).
+
+Build sandbox
+~~~~~~~~~~~~~
+
+* pthbs/sandbox/ns_sandbox.py (root)
+
+ Isolates build using Linux namespaces.
+ Requires Python3 (for now) and rootfs tarball.
+
+* pthbs/sandbox/ns_sandbox.py (user namespaces)
+
+ As above, but can be run under regular user provided user namespaces are enabled.
+
+* syd-lock (unprivileged user with landlock)
-Packaged software
-~~~~~~~~~~~~~~~~~
-
-* busybox
-* execline
-* gnu-make
-* mdevd
-* musl-cross-make
- * including gmp, intl, mpc, mpfr, zlib
-* s6
-* s6-dns
-* s6-linux-init
-* s6-linux-utils
-* s6-portable-utils
-* s6-rc
-* skalibs
-* popt
-* m4
-* flex
-* bison
-* patch
-* diffutils
-* netbsd-curses
-* s6-networking
-* libressl
-* curl
-* zsh
-* git
-* apk
-* xbps
-* zstd
+ From https://gitlab.exherbo.org/sydbox/sydbox
+ Isolates build using Landlock without remounting.
+ Requires argv0exec trampoline at /bin/sh and /usr/bin/env.
Work in progress
-~~~~~~~~~~~~~~~~
+----------------
+* bootstrap argv0exec and sandbox chroot image
* versioned system configuration including init
- * statically link more modules
-* rsync
- * add acl and xattr support
-* linux
- * build fully-featured kernel for real hardware
-* libelf
-* consider openssl for env-specific certificate lists
-
-Planned packages
-~~~~~~~~~~~~~~~~
-
-* TLS certificates
+* TLS certificates (currently messy, do not trust it to be secure)
* cgroup-tools (cgconfigparser)
* libcap (execcap tool)
-* ... more iff needed
+Packages
+--------
+
+first-party
+~~~~~~~~~~~
+
+ * aat | git submodule
+ * alpine-keys | git submodule
+ * applyuidgid-caps | bundled | files/applyuidgid-caps.c
+ * ccx-utils | git submodule
+ * confz | git submodule
+ * container-bin-image | composition of other packages
+ * containers | git submodule
+ * fileset | git submodule
+ * logincaps | git submodule
+ * pthbs-banginstall | bundled | files/pthbs-banginstall
+ * snaprep | git submodule
+ * system-config | git submodule
+ * system-config-scripts | git submodule
+ * system-config-zsh | git submodule
+ * user-env | bundled | files/user-env
+
+third-party
+~~~~~~~~~~~
+
+ * musl-cross-make | git | v0.9.10-19-g6f3701d
+ * binutils-2.33.1.tar.xz
+ * gcc-11.2.0.tar.xz
+ * gmp-6.1.2.tar.bz2
+ * linux-6.5.4.tar.xz
+ * linux-6.5.4/0001-no-rsync-headers.diff
+ * mpc-1.1.0.tar.gz
+ * mpfr-4.0.2.tar.bz2
+ * musl-1.2.5.tar.gz
+
+ * acl | tar.gz | acl-2.3.2
+ * acl | UNUSED
+ * apk-tools | git | v2.14.10
+ * argp-standalone | tar.gz (github tag) | argp-standalone-1.5.0
+ * attr | tar.gz | attr-2.5.2
+ * attr | UNUSED
+ * bison | tar.xz | bison-3.8.2
+ * busybox | git | 1_37_0-62-g887295686
+ * subpackage: busybox-diffutils
+ * subpackage: busybox-kbd | UNUSED
+ * subpackage: busybox-login
+ * ca-certificates-wip-donotuse | tar.bz2 (Alpine) | ca-certificates-20241121
+ * certdata2pem
+ * containers
+ * curl | tar.xz | curl-8.6.0
+ * diffutils | tar.xz | diffutils-3.10
+ * easyseccomp | git | TODO
+ * error-standalone | tar.gz | error-standalone-2.0
+ * execline | git | v2.9.6.1-3-g7390d0e
+ * fileset
+ * flex | tar.gz | flex-2.6.4
+ * getconf | https://dev.gentoo.org/~blueness/musl-misc/getconf.c
+ * getent | https://gitlab.alpinelinux.org/alpine/aports/-/raw/93a08815f8598db442d8b766b463d0150ed8e2ab/main/musl/getent.c
+ * git | git | v2.49.0
+ * gnu-make | tar.gz | make-4.4.1
+ * gperf | tar.gz | gperf-3.1
+ * iconv | https://dev.gentoo.org/~blueness/musl-misc/iconv.c
+ * kbd | tar.gz | kbd-2.6.4
+ * libarchive | tar.xz | libarchive-3.7.2
+ * libbsd | tar.xz | libbsd-0.11.8
+ * libcap | git | cap/v1.2.76-rc3-1-g4425764
+ * libcap | tar.xz | libcap-2.69
+ * libcgroup | tar.gz | libcgroup-3.0.0
+ * libcgroup | UNUSED
+ * libelf | git | v0.193
+ * libmd | tar.xz | libmd-1.1.0
+ * libressl | tar.gz | libressl-3.8.2
+ * libretls | UNUSED
+ * libseccomp | tar.gz | libseccomp-2.6.0
+ * libunwind | tar.gz | libunwind-1.8.1
+ * linux kernel | linux-6.1.34 | TODO: build fully-featured kernel for real hardware
+ * m4 | tar.gz | m4-1.4.19 --disable-nls
+ * mdev-conf | git | 4.7-3-g3956343
+ * mdev-scripts | TODO
+ * mdevd | git | v0.1.6.5
+ * musl-fts | tar.gz | musl-fts-1.2.7 | https://github.com/void-linux/musl-fts/archive/refs/tags/v1.2.7.tar.gz
+ * musl-fts | UNUSED
+ * netbsd-curses | git | v0.3.2-8-g51d179d
+ * openssl | UNUSED
+ * openssl | tar.gz | openssl-3.3.3
+ * patch | tar.xz | patch-2.7.6
+ * patchelf | git | 0.18.0-45-g523f401
+ * pkgconf | tar.xz | pkgconf-2.1.1
+ * subpackage: pkgconf-pkg-config
+ * popt | tar.xz | popt-1.19
+ * rsync | tar.gz | rsync-3.2.7 | TODO: add acl and xattr support
+ * s6 | git | v2.13.1.0-1-g8e22cbe
+ * s6-dns | git | v2.4.0.0-1-g2498773
+ * s6-linux-init | git | v1.1.2.1
+ * s6-linux-utils | git | v2.6.2.1
+ * s6-networking | git | v2.7.0.4
+ * s6-portable-utils | git | v2.3.0.4
+ * s6-rc | git | v0.5.5.0-3-g8f29b68
+ * skalibs | git | v2.14.3.0-2-g715b046
+ * strace | tar.xz | strace-6.13
+ * tcb | git | tcb-1.2-43-g0381211
+ * xbps | tar.gz | xbps-0.59.2
+ * zsh | git | zsh-5.9-532-g435cb1b74 | UNUSED
+ * zsh | tar.gz | zsh-5.9 | TODO: statically link more modules
+ * zstd | tar.gz | zstd-1.5.5
+
+ * patchelf:bootstrap | UNUSED
+ * busybox:bootstrap
+ * gnu-make:bootstrap
+ * musl-cross-make:bootstrap-0
+ * binutils-2.33.1.tar.xz
+ * gcc-9.4.0.tar.xz
+ * gmp-6.1.2.tar.bz2
+ * linux-headers-4.19.88-2.tar.xz
+ * mpc-1.1.0.tar.gz
+ * mpfr-4.0.2.tar.bz2
+ * musl-1.2.5.tar.gz
+ * musl-cross-make:bootstrap-1
+ * binutils-2.33.1.tar.xz
+ * gcc-11.2.0.tar.xz
+ * gmp-6.1.2.tar.bz2
+ * linux-headers-4.19.88-2.tar.xz
+ * mpc-1.1.0.tar.gz
+ * mpfr-4.0.2.tar.bz2
+ * musl-1.2.5.tar.gz
