make.sh: Drop stripping

This will massively improve the build process because we will only strip
the files that we need. The build system will remain as is.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Correctly pass ZSTD_OPT

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Use --long for Zstandard compression

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

flash-images: Collect files again instead of relying on the tarball

This has always been an ugly hack.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

flash-images: There is no need to for the mount check any more

We always start with a fresh mount namespace, so there cannot be
anything left.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Config: Create common functions to create archives

The compression code is very messy because it has changed so many times.
This cleans this up and creates common functions that can be used for
the ISO images as well as packages.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

cdrom: Fix syntax error

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

archive.files: Make this slightly more efficient

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Config: Remove debugging code

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Create Core Update packages, too

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Create loop devices as block devices

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Don't drop into the lfs/ directory when entering a shell

This is not a very useful place to be.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Refactor building packages

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Simplify the initial configuration a little bit more

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Change execute() so that it can be used outside the namespaces, too

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Use the new package function to download sources

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: tail on the preparation log file, too

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Explicitely download packages when building the toolchain

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Don't revalidate the images all the time

Calling b2 causes make to verify all source which creates a lot of IO.

This is not really necessary because install will do the same and the
build would fail if the source checksums didn't match.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Refactor the execute function

The first version was a little bit messy with all the checks in all
sorts of places. We now create one large array and update it whenever
the configuration changes.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Create a large unified function to run commands

This now includes the toolchain for which we need to set up the same
environment, except slightly differently.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

cdrom+flash-images: Write images to the images directory

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Split environment and make variables

This got very messed up in the past and I think we would benefit greatly
from splitting this again for a less cluttered environment in the build
chroot and reusability of the make commands for the different stages.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Call the correct target for checksum check

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Bind-mount the QEMU helper instead of copying the binary

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Install the QEMU helper only once

This needs to be done only once when we initialize the environment.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Pass variables before the commands

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Correctly pass the command return code in run_command

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

flash-images: No need to sleep for automount any more

I am not sure whether automount is being used at all any more, but since
we are now running in our own namespace, it certainly has no business
here.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Create and mount and images directory

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Add a tail command to stream any logs

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Pass on individual build arguments

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Don't generate any documentation in the source directory

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Kill all child processes if unshare terminates

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Update the runtime after the interrupt

This is a lot better because this puts the code where it is being
executed and allows us to run run_command in a subshell, too.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Build the entire distribution in one go

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Fix indentation

No functional changes.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Move a comment to where it should be

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Launch the timer only when we need it

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Have the background timer update the process runtime

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Create a timer co-process

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Don't export loads of variables in the main script

We clear and reset the environment when we launch any build commands and
therefore don't need to do this here.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Don't mess with Bash's command hashing

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Refactor downloading sources

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: run_command: Fix basedir in and outside the chroot

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Disconnect standard input from make commands

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Move download and check to lfsmake2 and out of the common check

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Add --quiet to run_command

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Allow run_command to execute multiple actions at a time

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Move lfscommoncheck out of run_command

We would quite likely create an infinite loop here later and so should
rather treat run_command as a low-level function.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Remove some dead code

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Show total runtime of commands after they are finished

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Add helper function to run a make command

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Fix checking if we have a fake environment

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Config: Drop toolchain URL

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Refactor uploading sources

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Make the disk space check optional

There is little value in running this when entering a shell...

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Mount the log directory for the correct architecture

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Refactor compression the toolchain

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Create a custom log function

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Use path variables for cleanup

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Refactor downloading the toolchain

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

.gitignore: Ignore architecture directories

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Forward the architecture to the namespace

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Refactor the toolchain extraction

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Build in a separate directory for each architecture

This allows running multiple builds in the same working directory.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Use LOG_DIR for logs

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Check free space in the base directory

This makes more sense if we want to support building multiple
architectures and if we consider cache and ccache, too.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Create all bind-mounts as read-only where possible

This way, the build environment can no longer modify any source any
more. This was not a huge integrity problem before as Git would have
shown differences, but it might cause damage to the build system which
need to manually be recovered.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Create /dev and /sys in the build environment

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

perl-Device-SerialPort: Use /dev/null as test port

The build failed with the new minimal /dev it is looking for some TTY
devices which are no longer present. This patch fixes the build.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Create /proc in the chroot environment before mounting it

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Move PS1 to the header

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Remove TARGET_ARCH compatibility

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Remove option to make /usr/src a ramdisk

I am not sure this is helping in any way these days that we have SSDs
everywhere...

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Remove docker stuff

This is basically unused for years. I even forgot we had this.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Tidy up LOGFILE

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Refactor determining BASEDIR

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Group variables and initialization together

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Set the CCACHE_DIR with the ccache to use

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Refactor the root user check

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Tidy up the environment creation function

NFC

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Refactor the space check

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: No longer export LFS as it is not being used

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Replace LFS with BUILD_DIR

This is probably a more specific name for this.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Always mount a separate /tmp

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Make BUILD_DIR a mountpoint

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Create a new, minimal /dev in the build environment

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Don't bind-mount the host's /proc

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Create the second mount namespace as slave

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Don't create a new IPC namespace

If we do this, we no longer can interrupt the build process on the
console.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Create lots more namespaces when we enter the chroot

This allows us to protect the host system a little bit more from the
host system by decoupling all namespaces.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Ensure that we enter the chroot only in our own NS

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Remove the fragile cleanup code

Since we now mount everything in a new namespace, there is no need to
clean up ourselves. This will be done when the last process leaves the
namespace.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Launch build and shell commands in a new mount namespace

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Remove superfluous image check

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

squid: Comment out access.log in rootfile

- Everytime an update has been done on squid the access.log file has been replaced with an
   empty file, losing whatever messages have been in the log.
- This has been the case since squid was implemented in IPFire.
- Update of rootfile to comment out var/log/squid/access.log

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

apache: Update to 2.4.61

For details see:
https://dlcdn.apache.org/httpd/CHANGES_2.4.61

"Changes with Apache 2.4.61

  *) SECURITY: CVE-2024-39884: Apache HTTP Server: source code
     disclosure with handlers configured via AddType (cve.mitre.org)
     A regression in the core of Apache HTTP Server 2.4.60 ignores
     some use of the legacy content-type based configuration of
     handlers.   "AddType" and similar configuration, under some
     circumstances where files are requested indirectly, result in
     source code disclosure of local content. For example, PHP
     scripts may be served instead of interpreted.
     Users are recommended to upgrade to version 2.4.61, which fixes
     this issue."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

samba: Update to version 4.20.2

- Update from version 4.20.1 to 4.20.2
- Update of rootfile for both x86_64 and aarch64
- After doing a grep into the config directories I realised that the xxxMACHINExxx phrase
   is only added into rootfiles in the main common or package directories and not in the
   x86_64 and aarch64
- In the past I have submitted the samba rootfile with x86_64 replaced by xxxMACHINExxx.
   It seems to have worked, so the replacement probably occurs even in the architecture
   specific directories but it doesn't need to be used there as the directory is clearly
   only for that one architecture.
- Changelog
    4.20.2
   * BUG 15662: vfs_widelinks with DFS shares breaks case insensitivity.
   * BUG 13213: Samba build is not reproducible.
   * BUG 15569: ldb qsort might r/w out of bounds with an intransitive compare
     function.
   * BUG 15625: Many qsort() comparison functions are non-transitive, which can
     lead to out-of-bounds access in some circumstances.
   * BUG 15638: Need to change gitlab-ci.yml tags in all branches to avoid CI
     bill.
   * BUG 15654: We have added new options --vendor-name and --vendor-patch-
     revision arguments to ./configure to allow distributions and packagers to
     put their name in the Samba version string so that when debugging Samba the
     source of the binary is obvious.
   * BUG 15665: CTDB RADOS mutex helper misses namespace support.
   * BUG 13019: Dynamic DNS updates with the internal DNS are not working.
   * BUG 14981: netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with
     SysvolReady=0.
   * BUG 15412: Anonymous smb3 signing/encryption should be allowed (similar to
     Windows Server 2022).
   * BUG 15573: Panic in dreplsrv_op_pull_source_apply_changes_trigger.
   * BUG 15620: s4:nbt_server: does not provide unexpected handling, so winbindd
     can't use nmb requests instead cldap.
   * BUG 15642: winbindd, net ads join and other things don't work on an ipv6
     only host.
   * BUG 15659: Segmentation fault when deleting files in vfs_recycle.
   * BUG 15664: Panic in vfs_offload_token_db_fetch_fsp().
   * BUG 15666: "client use kerberos" and --use-kerberos is ignored for the
     machine account.
   * BUG 15435: Regression DFS not working with widelinks = true.
   * BUG 15633: samba-gpupdate - Invalid NtVer in netlogon_samlogon_response.
   * BUG 15653: idmap_ad creates an incorrect local krb5.conf in case of trusted
     domain lookups.
   * BUG 15660: The images don't build after the git security release and CentOS
     8 Stream is EOL.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ruby: Add rootfile for all architectures

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>