Implement board/product config schema

- build needs a pair of product and board name
 - some products can only be built for some boards
 - Config files in product/<name> directory override those in board/<name>
 - For some config files, like LDPATH or ROOTFS, the files are merged
 - product/common provides defaults

Add default config for various services:
 - Add default config for unbound
 - Add default config for dnsmasq

Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>

board/alix/ROOTFS

@@ -1,32 +1,9 @@
-coreutils
-bash
-bash-completion
 linux_modules
-nano
-util-linux
 kmod
-grep
-less
-xz
-gzip
-bzip2
-tar
-diffutils
-findutils
-sed
-gawk
 inetutils
 ethtool
 iproute2
-unbound
-dnsmasq
-shadow
-openrc
-procps-ng
-psmisc
-file
 iana-etc
 btrfs-progs
 dosfstools
-openssh
 nftables

board/rpi3/ROOTFS

@@ -1,34 +1,11 @@
-coreutils
-bash
-bash-completion
 linux_modules
-firmware-rpi3
-nano
-util-linux
 kmod
-grep
-less
-xz
-gzip
-bzip2
-tar
-diffutils
-findutils
-sed
-gawk
 inetutils
 ethtool
 iproute2
-unbound
-dnsmasq
-shadow
-openrc
-procps-ng
-psmisc
-file
 iana-etc
 btrfs-progs
 dosfstools
-kbd
-openssh
 nftables
+kbd
+firmware-rpi3

mk.sh

@@ -2,12 +2,13 @@
 
 set -e
 
-if [ ! $# -eq 1 ]; then
-	echo "usage: $0 <config>"
+if [ ! $# -eq 2 ]; then
+	echo "usage: $0 <board> <product>"
 	exit 1
 fi
 
 BOARD="$1"
+PRODUCT="$2"
 
 ################################ basic setup ################################
 BUILDROOT=$(pwd)
@@ -15,14 +16,31 @@ SCRIPTDIR=$(cd $(dirname "${BASH_SOURCE[0]}") && pwd)
 NUMJOBS=$(grep -e "^processor" /proc/cpuinfo | wc -l)
 HOSTTUPLE=$($SCRIPTDIR/util/config.guess)
 
-TCDIR="$BUILDROOT/$BOARD/toolchain"
-PKGBUILDDIR="$BUILDROOT/$BOARD/build"
+if [ ! -d "$SCRIPTDIR/product/$PRODUCT" ]; then
+	echo "No configuration for this product: $PRODUCT"
+	exit 1
+fi
+
+if [ ! -d "$SCRIPTDIR/board/$BOARD" ]; then
+	echo "No configuration for this board: $BOARD"
+	exit 1
+fi
+
+if [ -e "$SCRIPTDIR/product/$PRODUCT/BOARDS" ]; then
+	if ! grep -q "$BOARD" "$SCRIPTDIR/product/$PRODUCT/BOARDS"; then
+		echo "Error, $PRODUCT cannot be built for $BOARD"
+		exit 1
+	fi
+fi
+
+TCDIR="$BUILDROOT/${BOARD}-${PRODUCT}/toolchain"
+PKGBUILDDIR="$BUILDROOT/${BOARD}-${PRODUCT}/build"
 PKGSRCDIR="$BUILDROOT/src"
-PKGDEPLOYDIR="$BUILDROOT/$BOARD/deploy"
-PKGDEVDEPLOYDIR="$BUILDROOT/$BOARD/deploy-dev"
-PKGLOGDIR="$BUILDROOT/$BOARD/log"
+PKGDEPLOYDIR="$BUILDROOT/${BOARD}-${PRODUCT}/deploy"
+PKGDEVDEPLOYDIR="$BUILDROOT/${BOARD}-${PRODUCT}/deploy-dev"
+PKGLOGDIR="$BUILDROOT/${BOARD}-${PRODUCT}/log"
 PKGDOWNLOADDIR="$BUILDROOT/download"
-PACKAGELIST="$BUILDROOT/$BOARD/pkglist"
+PACKAGELIST="$BUILDROOT/${BOARD}-${PRODUCT}/pkglist"
 
 mkdir -p "$PKGDOWNLOADDIR" "$PKGSRCDIR" "$PKGLOGDIR"
 mkdir -p "$PKGDEPLOYDIR" "$PKGDEVDEPLOYDIR" "$TCDIR/bin"

pkg/dnsmasq/build

@@ -26,5 +26,12 @@ deploy() {
 	rm -r "$DEPLOY/share"
 
 	mkdir -p "$DEPLOY/etc"
-	cp "$SOURCE/dnsmasq.conf.example" "$DEPLOY/etc/dnsmasq.conf"
+
+	cat_file_override "dnsmasq.conf" > "$DEPLOY/etc/dnsmasq.conf"
+
+	if [ ! -s "$DEPLOY/etc/dnsmasq.conf" ]; then
+		cp "$SOURCE/dnsmasq.conf.example" "$DEPLOY/etc/dnsmasq.conf"
+	fi
+
+	mkdir -p "$DEPLOY/etc/dnsmasq.d"
 }

pkg/linux-rpi3/build

@@ -15,7 +15,7 @@ build() {
 	export KBUILD_OUTPUT="$PKGBUILDDIR"
 	make -C "$1" O="$PKGBUILDDIR" ARCH="arm" CROSS_COMPILE="${TARGET}-" mrproper
 
-	cp "$SCRIPTDIR/board/$BOARD/linux.config" "$PKGBUILDDIR/.config"
+	cat_file_override "linux.config" > "$PKGBUILDDIR/.config"
 	sed -i "$PKGBUILDDIR/.config" -e 's,^CONFIG_CROSS_COMPILE=.*,CONFIG_CROSS_COMPILE="'$TARGET'-",'
 	sed -i "$PKGBUILDDIR/.config" -e 's,^CONFIG_INITRAMFS_SOURCE=.*,CONFIG_INITRAMFS_SOURCE="'$INITRDLIST'",'
 	make -C "$1" O="$PKGBUILDDIR" ARCH="arm" CROSS_COMPILE="${TARGET}-" oldconfig

pkg/linux/build

@@ -14,13 +14,12 @@ prepare() {
 }
 
 build() {
-	local CFGFILE="$SCRIPTDIR/board/$BOARD/linux.config"
 	local INITRDLIST="$PKGDEPLOYDIR/initrd/initrd.list"
 
 	export KBUILD_OUTPUT="$PKGBUILDDIR"
 
 	make -C "$1" O="$PKGBUILDDIR" ARCH="$LINUX_CPU" CROSS_COMPILE="${TARGET}-" mrproper
-	cp "$CFGFILE" "$PKGBUILDDIR/.config"
+	cat_file_override "linux.config" > "$PKGBUILDDIR/.config"
 
 	make -C "$1" O="$PKGBUILDDIR" ARCH="$LINUX_CPU" CROSS_COMPILE="${TARGET}-" oldconfig
 	sed -i "$PKGBUILDDIR/.config" -e 's,^CONFIG_CROSS_COMPILE=.*,CONFIG_CROSS_COMPILE="'$TARGET'-",'

pkg/linux_modules/build

@@ -5,7 +5,7 @@ DEPENDS="toolchain"
 build() {
 	export KBUILD_OUTPUT="$PKGBUILDDIR"
 	make -C "$1" O="$PKGBUILDDIR" ARCH="$LINUX_CPU" CROSS_COMPILE="${TARGET}-" mrproper
-	cp "$SCRIPTDIR/board/$BOARD/linux.config" "$PKGBUILDDIR/.config"
+	cat_file_override "linux.config" > "$PKGBUILDDIR/.config"
 
 	make -C "$1" O="$PKGBUILDDIR" ARCH="$LINUX_CPU" CROSS_COMPILE="${TARGET}-" oldconfig
 	sed -i "$PKGBUILDDIR/.config" -e 's,^CONFIG_CROSS_COMPILE=.*,CONFIG_CROSS_COMPILE="'$TARGET'-",'

pkg/musl/build

@@ -28,11 +28,7 @@ deploy() {
 
 	mkdir -p "$DEPLOY/etc"
 
-	echo "/lib" > "$DEPLOY/etc/ld-musl-${MUSL_CPU}.path"
-
-	if [ -e "$SCRIPTDIR/board/$BOARD/LDPATH" ]; then
-		cat "$SCRIPTDIR/board/$BOARD/LDPATH" >> "$DEPLOY/etc/ld-musl-${MUSL_CPU}.path"
-	fi
+	cat_file_merge "LDPATH" > "$DEPLOY/etc/ld-musl-${MUSL_CPU}.path"
 
 	strip_files ${DEPLOY}/lib/*
 }

pkg/openrc/build

@@ -51,7 +51,12 @@ deploy() {
 	mkdir -p ${DEPLOY}/etc/runlevels/{boot,sysinit,shutdown,default}
 	cp -R "$SCRIPTDIR/pkg/$PKGNAME/etc" "$DEPLOY"
 
-	source "$SCRIPTDIR/board/$BOARD/INIT"
+	if [ -e "$SCRIPTDIR/board/$BOARD/INIT" ]; then
+		source "$SCRIPTDIR/board/$BOARD/INIT"
+	fi
+	if [ -e "$SCRIPTDIR/product/$PRODUCT/INIT" ]; then
+		source "$SCRIPTDIR/product/$PRODUCT/INIT"
+	fi
 
 	for i in $GETTY_TTY; do
 		cat > "$DEPLOY/etc/conf.d/agetty.$i" << _EOF

pkg/rootfs/build

@@ -1,5 +1,4 @@
-DEPENDS=$(cat "$SCRIPTDIR/board/$BOARD/ROOTFS")
-DEPENDS="$DEPENDS toolchain"
+DEPENDS=$(cat_file_merge "ROOTFS" | sort -u)
 
 build() {
 	local SOURCE="$1"

pkg/rootfs/etc/group

@@ -21,4 +21,6 @@ wheel:x:19:
 input:x:24:
 mail:x:34:
 sshd:x:50:
+dnsmasq:x:51:
+unbound:x:52:
 nogroup:x:99:

pkg/rootfs/etc/passwd

@@ -3,4 +3,6 @@ bin:x:1:1:bin:/dev/null:/bin/false
 daemon:x:6:6:Daemon User:/dev/null:/bin/false
 messagebus:x:18:18:D-Bus Message Daemon User:/var/run/dbus:/bin/false
 sshd:x:50:50:sshd PrivSep:/var/lib/sshd:/bin/false
+dnsmasq:x:51:51:dnsmasq user:/dev/null:/bin/false
+unbound:x:52:52:unbound user:/dev/null:/bin/false
 nobody:x:99:99:Unprivileged User:/dev/null:/bin/false

pkg/rootfs/etc/shadow

@@ -2,4 +2,7 @@ root:$6$.Y7Zj/e9QeCB$XwqV/48JBr7DmicnnuB/n8LWV6uzBU.r/fYIlEpzQPvM.q59t1Yw4MJePLf
 bin:x:17569:0:99999:7:::
 daemon:x:17569:0:99999:7:::
 messagebus:x:17569:0:99999:7:::
+sshd:x:17569:0:99999:7:::
+dnsmasq:x:17569:0:99999:7:::
+unbound:x:17569:0:99999:7:::
 nobody:x:17569:0:99999:7:::

pkg/unbound/build

@@ -27,6 +27,16 @@ deploy() {
 
 	rm -r "$DEPLOY/share"
 
+	mkdir -p "$DEPLOY/etc/unbound/unbound.conf.d"
+	mkdir -p "$DEPLOY/var/lib/unbound"
+
+	cat > "$DEPLOY/etc/unbound/unbound.conf" << _EOF
+include: "/etc/unbound/unbound.conf.d/*.conf"
+_EOF
+
+	cat_file_override "unbound.conf" > \
+		"$DEPLOY/etc/unbound/unbound.conf.d/server.conf"
+
 	split_dev_deploy "$DEPLOY" "$DEVDEPLOY"
 	strip_files ${DEPLOY}/{bin,lib}/*
 }

product/common/LDPATH

@@ -0,0 +1 @@
+/lib

product/common/ROOTFS

@@ -0,0 +1,20 @@
+coreutils
+bash
+bash-completion
+nano
+util-linux
+grep
+less
+xz
+gzip
+bzip2
+tar
+diffutils
+findutils
+sed
+gawk
+shadow
+openrc
+procps-ng
+psmisc
+file

product/router/BOARDS

@@ -0,0 +1,2 @@
+rpi3
+alix

product/router/ROOTFS

@@ -0,0 +1,3 @@
+unbound
+dnsmasq
+openssh

product/router/dnsmasq.conf.alix

@@ -0,0 +1,27 @@
+domain-needed
+bogus-priv
+no-hosts
+no-resolv
+dhcp-lease-max=150
+dhcp-leasefile=/var/lib/dnsmasq.leases
+conf-dir=/etc/dnsmasq.d/,*.conf
+user=dnsmasq
+group=dnsmasq
+except-interface=lo
+dhcp-authoritative
+enable-ra
+
+# forward to unbound
+server=127.0.0.1#5353
+
+interface=eth0
+dhcp-range=set:if0,192.168.0.2,192.168.0.254,255.255.255.0,12h
+dhcp-option=tag:if0,option:dns-server,192.168.0.1
+
+interface=eth1
+dhcp-range=set:if1,192.168.1.2,192.168.1.254,255.255.255.0,12h
+dhcp-option=tag:if1,option:dns-server,192.168.1.1
+
+interface=eth2
+dhcp-range=set:if2,192.168.2.2,192.168.2.254,255.255.255.0,12h
+dhcp-option=tag:if2,option:dns-server,192.168.2.1

product/router/dnsmasq.conf.rpi3

@@ -0,0 +1,19 @@
+domain-needed
+bogus-priv
+no-hosts
+no-resolv
+dhcp-lease-max=150
+dhcp-leasefile=/var/lib/dnsmasq.leases
+conf-dir=/etc/dnsmasq.d/,*.conf
+user=dnsmasq
+group=dnsmasq
+except-interface=lo
+dhcp-authoritative
+enable-ra
+
+# forward to unbound
+server=127.0.0.1#5353
+
+interface=eth0
+dhcp-range=set:if0,192.168.0.2,192.168.0.254,255.255.255.0,12h
+dhcp-option=tag:if0,option:dns-server,192.168.0.1

product/router/unbound.conf

@@ -0,0 +1,13 @@
+server:
+	pidfile: "/tmp/unbound.pid"
+
+	# allow only queries from local machine on port 5353
+	interface: 127.0.0.1
+	access-control: 127.0.0.0/8 allow
+	port: 5353
+
+	# See RFC 7816 "DNS Query Name Minimisation to Improve Privacy"
+	qname-minimisation: yes
+
+	# Root trust anchor key file for DNSSEC validation.
+	auto-trust-anchor-file: "/var/lib/unbound/root.key"

util/misc.sh

@@ -1,3 +1,40 @@
+cat_file_override() {
+	local fname="$1"
+
+	if [ -e "$SCRIPTDIR/product/$PRODUCT/${fname}.${BOARD}" ]; then
+		cat "$SCRIPTDIR/product/$PRODUCT/${fname}.${BOARD}"
+		return
+	fi
+	if [ -e "$SCRIPTDIR/product/$PRODUCT/$fname" ]; then
+		cat "$SCRIPTDIR/product/$PRODUCT/$fname"
+		return
+	fi
+	if [ -e "$SCRIPTDIR/board/$BOARD/$fname" ]; then
+		cat "$SCRIPTDIR/board/$BOARD/$fname"
+		return
+	fi
+	if [ -e "$SCRIPTDIR/product/common/$fname" ]; then
+		cat "$SCRIPTDIR/product/common/$fname"
+	fi
+}
+
+cat_file_merge() {
+	local fname="$1"
+
+	if [ -e "$SCRIPTDIR/product/$PRODUCT/${fname}.${BOARD}" ]; then
+		cat "$SCRIPTDIR/product/$PRODUCT/${fname}.${BOARD}"
+	fi
+	if [ -e "$SCRIPTDIR/product/$PRODUCT/$fname" ]; then
+		cat "$SCRIPTDIR/product/$PRODUCT/$fname"
+	fi
+	if [ -e "$SCRIPTDIR/board/$BOARD/$fname" ]; then
+		cat "$SCRIPTDIR/board/$BOARD/$fname"
+	fi
+	if [ -e "$SCRIPTDIR/product/common/$fname" ]; then
+		cat "$SCRIPTDIR/product/common/$fname"
+	fi
+}
+
 apply_patches() {
 	local PATCH