Difference between revisions of "Building novena firmware"

From Studio Kousagi Wiki
Jump to: navigation, search
(Accessing the cloud image)
(Cloud Image)
Line 158: Line 158:
  
 
If you don't want to deal with managing a cloud instance, bunnie can also start an instance for you and load it with your ssh public key. In which case, the only thing you need to give him is a username/password combo for a VPN. The VPN is implemented using PPTP on DD-WRT. Yes, it's insecure, but the router currently installed can't run OpenVPN. Perhaps future equipment upgrades will change this, but for now the only login method allowed to internal machines in the VPN is ssh with no passwords (pubkey-only).
 
If you don't want to deal with managing a cloud instance, bunnie can also start an instance for you and load it with your ssh public key. In which case, the only thing you need to give him is a username/password combo for a VPN. The VPN is implemented using PPTP on DD-WRT. Yes, it's insecure, but the router currently installed can't run OpenVPN. Perhaps future equipment upgrades will change this, but for now the only login method allowed to internal machines in the VPN is ssh with no passwords (pubkey-only).
 +
 +
==Administrative notes==
 +
 +
===To copy a private cloud root instance to EC2===
 +
To duplicate an instance on the kosagi private cloud into EC2:
 +
 +
* you must have admin privileges on hexapod.
 +
* you must have an EC2 certificate with matching private key, and your ID and shared secret. These are accessed by going to your EC2 console, and clicking your username in the upper right hand corner, and selecting "Security Credentials". Everything except the private key can be downloaded. If you lack a private key for your certificate, you can create a new certificate on the spot and download a new private key. Note that if you already have two certificates, you can't create another one, so you have to permanently delete/revoke one of the certs to make a new one.
 +
* You need to create an S3 bucket to hold the image as it is uploaded. Remember the availability zone and bucket name.
 +
 +
First create a snapshot on the local cloud: Go to "instances", and under "Actions" click "create snapshot".
 +
 +
Then, under images & snapshots, find the snapshot you made and click on the image name. There will be an ID code. Take note of the code.
 +
 +
On the private cloud server (hexapod), change the access permission on /mnt/openstack/glance/<image ID> to a+r. Otherwise, the next commands will fail.
 +
 +
On hexapod, send the volume into EC2:
 +
 +
ec2-import-volume -o <Access key ID> -w <Secret Access Key> --cert cert-XXXXXXXXXXXXXXXXXXXXXXXXXXX.pem --private-key pk-XXXXXXXXXXXXXXXXXXXXXXXXXXX.pem -f RAW  -b <bucket-name> --region <region>  --description "insert descriptive name here" -z <availability zone> /mnt/openstack/glance/<image ID>
 +
 +
Now, log into your EC2 dashboard, and check in the availability zone that you've uploaded to, in the "Elastic Block Store->Volumes" section that a new volume has been created. If the volume is there, go to S3 and empty the bucket (otherwise you'll just end up paying for the storage of that bucket for no good reason).
 +
 +
Select the volume you've just uploaded, right-click, and "create snapshot"
 +
 +
Go to "Elastic Block Store->Snapshots"
 +
 +
Select the new snapshot, right-click, and "Create image from snapshot"
 +
 +
This will start a wizard that asks you for a kernel ID. The UI for this sucks. Basically, go to the canonical website and pull up the list of ubuntu kernel IDs for your region, and find the one that should be on the list. It's a long pull-down list. For ap-southeast-1a, I used aki-fe1354ac for a 12.04LTS image.
 +
 +
Once this is done, you'll have a new AMI. Go to "Images->AMIs". Right-click your new image, and select "Launch Instance". Configure the keypair, security group, etc.
 +
 +
Finally, you should be able to go to "Instances->Instances" and see your new instance running.

Revision as of 17:20, 21 February 2013

Before you begin

The build environment should not be on an encrypted partition. These tend to have much lower path lengths, which can break the build in mysterious and hard-to-track-down ways.

You should not use have a symlink in the path of the build system. This can also break things.

Packages you may need

These are packages you may need over a base ubuntu 12.04 install:

git
gawk
make 
gcc 
g++ 
diffstat 
texi2html 
chrpath
build-essential
texinfo     (for makeinfo)
subversion
gettext     (for msgfmt)
lzop
device-tree-compiler
u-boot-tools
zip

Furthermore, you will want to change the symlink for /bin/sh to /bin/bash, instead of /bin/dash (which is the default in Ubuntu 12.04)

Setting up the environment

To set up the environment, first you must fetch the repos, then you must perform initial, one-time configuration. All of these steps only need to be run the first time you set up your build environment.

Fetching source code from scratch

Note that these steps are very similar to the generic Building Angstrom steps.

Configure the build environment

First, perform initial setup. This creates an environment file you'll use every time you want to do development.

  1. Configure OE
    • ./oebb.sh config novena
    • ./oebb.sh update

Next, edit conf/local.conf. Particularly important variables you might want to change are:

  • PARALLEL_MAKE – This tells "make" how many threads to spawn. A good rule of thumb is 1.5 times the number of cores present. Be sure to include "-j" before the number.
  • BB_NUMBER_THREADS – This tells bitbake how many tasks to run at parallel. Set this equal to around the number of cores present.

Building an image

Set up your session by sourcing the OE environment file:

. ~/.oe/environment-angstromv2012.05

There are many images available. To list them all, run:

find sources/meta-* sources/openembedded-core -name '*image*.bb'

There is a Novena bringup image that contains many useful system tools for determining system performance, communicating with various peripherals, and generally bringing up the system. To build this image, run:

bitbake novena-bringup-image

Troubleshooting

  • Bitbake failure when downloading the kernel

There is an issue with the long-running git fetch that bitbake does when it first pulls down the kernel source code. The error looks like:

ERROR: Fetcher failure: Fetch command ...
Cloning into bare repository ...

To work around this, manually run the command listed and then retry the bitbake command.

Writing an image to a card

When an image is built, various files are added to the deploy/images/novena/ directory. The image name is embedded within the resulting compressed ROM file. For example, the image for novena-bringup-image is located at oe/build/tmp-angstrom_2010_x-eglibc/deploy/images/novena/rom-novena-hw-bringup.img.gz.

Making kernel changes

If you modify the linux kernel source tree, you need to bump the PR inside the buildbot recipe in order for the changes to be absorbed into the build. This is done by incrementing MACHINE_KERNEL_PR in sources/meta-kosagi/conf/machine/include/imx61.inc

Getting the kernel

 git clone git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
 cd linux-next
 git checkout f59b51fe3d3092c08d7d554ecb40db24011b2ebc # taken from linux-novena_git.bb
 wget -O .config https://raw.github.com/sutajiokousagi/meta-kosagi/novena/recipes-kernel/linux/linux-novena/defconfig
 git clone https://github.com/sutajiokousagi/meta-kosagi/tree/novena/recipes-kernel/linux/linux-novena

Building the kernel

Note to build the kernel, the command line must specify uimage and the LOADADDR:

make uImage LOADADDR=10008000  -j 4   # -j 4 is just to use more concurrent threads, adjust as needed

Once the kernel is built, you should copy it onto partition 1 of the disk image. Partition 1 is a FAT partition that can be mounted on almost any machine. There will be a file called uImage-novena.bin. You will want to copy arch/arm/boot/uImage over that file; u-boot will automatically load and configure that kernel using the .dtb file. Note that since device tree (dts => dtb) is used, if you make modifications to the device tree you'll also want to copy that onto partition 1.

To build the .dtb file, make sure you are in the linux-next directory and run this command:

 scripts/dtc/dtc -O dtb -o novena.dtb -b 0 arch/arm/boot/dts/novena.dts

This assumes you have already copied or symlinked novena.dts into the dts directory (from the meta-kosagi repo)

Getting your changes to show up in OE

Just because you built a kernel and tested it doesn't mean the changes are automatically absorbed into OE.

the .config file and any device tree changes have to be checked into meta-kosagi. Then, you will need to bump the package revision inside imx61.inc:

increment MACHINE_KERNEL_PR in sources/meta-kosagi/conf/machine/include/imx61.inc

Source changes currently have to be overlaid on top of the existing kernel (ugly). This is because we haven't branched the kernel yet and the commit that is pulled in OE is fixed to something on the mainline.

So, for now, edit

sources/meta-kosagi/recipes-kernel/linux/linux-novena_git.bb

and modify these two areas:

SRC_URI  (add the files you need to overlay)

and

do_install_append() (copy the lines starting with cp -f, changing the reference to your file and the final location you need it to end up for the overlay)

This needs to be fixed, but it's what works for now.

Getting and building u-boot

 git clone git://github.com/sutajiokousagi/u-boot-imx6.git
 # make sure you have installed the local tooclhain and sourced the environment file (see below)
 cd u-boot-imx6
 make novena_config   # sets up u-boot for novena configuration
 make

To copy u-boot onto the disk, you need to use a linux machine with dd:

sudo dd if=u-boot.imx of=/dev/sdX seek=2

Replace /dev/sdX with the drive node of your SD card. seek=2 locates u-boot in the expected location for loading.

Local toolchain

A local toolchain is needed to build u-boot and the kernel, in the absence of an OE tree.

 bitbake meta-toolchain
 # Extract build/tmp-*/deploy/sdk/toolchain to /
 # Edit /usr/local/oe*/environment* and add:
 # export ARCH=arm 
 # export CROSS_COMPILE=arm-angstrom-linux-gnueabi-

Cloud Image

The pre-built cloud image comes with the following pre-built and installed:

  • OE directory with packages and image ready-to-go
  • local toolchain built and installed
  • u-boot image configured and built
  • kernel image configured and built (note: config & devtree items are symlinked to git repo, beware!):
    • inside ~/linux-next/:
lrwxrwxrwx   1 ubuntu ubuntu     79 Feb 17 09:52 .config -> /home/ubuntu/oe/sources/meta-kosagi/recipes-kernel/linux/linux-novena/defconfig
    • inside ~/linux-next/arch/arm/boot/dts:
lrwxrwxrwx 1 ubuntu ubuntu    80 Feb 17 09:54 imx6q.dtsi -> /home/ubuntu/oe/sources/meta-kosagi/recipes-kernel/linux/linux-novena/imx6q.dtsi
lrwxrwxrwx 1 ubuntu ubuntu    80 Feb 17 09:54 novena.dts -> /home/ubuntu/oe/sources/meta-kosagi/recipes-kernel/linux/linux-novena/novena.dts
  • when building the kernel, don't forget to specify uImage and LOADADDR (see above)

Accessing the cloud image

Access to the cloud image is granted by emailing bunnie. He will create for you a username and password. You will need two of them, one for VPN access (to get to your machine via ssh), and one for the cloud management interface.

If you don't want to deal with managing a cloud instance, bunnie can also start an instance for you and load it with your ssh public key. In which case, the only thing you need to give him is a username/password combo for a VPN. The VPN is implemented using PPTP on DD-WRT. Yes, it's insecure, but the router currently installed can't run OpenVPN. Perhaps future equipment upgrades will change this, but for now the only login method allowed to internal machines in the VPN is ssh with no passwords (pubkey-only).

Administrative notes

To copy a private cloud root instance to EC2

To duplicate an instance on the kosagi private cloud into EC2:

  • you must have admin privileges on hexapod.
  • you must have an EC2 certificate with matching private key, and your ID and shared secret. These are accessed by going to your EC2 console, and clicking your username in the upper right hand corner, and selecting "Security Credentials". Everything except the private key can be downloaded. If you lack a private key for your certificate, you can create a new certificate on the spot and download a new private key. Note that if you already have two certificates, you can't create another one, so you have to permanently delete/revoke one of the certs to make a new one.
  • You need to create an S3 bucket to hold the image as it is uploaded. Remember the availability zone and bucket name.

First create a snapshot on the local cloud: Go to "instances", and under "Actions" click "create snapshot".

Then, under images & snapshots, find the snapshot you made and click on the image name. There will be an ID code. Take note of the code.

On the private cloud server (hexapod), change the access permission on /mnt/openstack/glance/<image ID> to a+r. Otherwise, the next commands will fail.

On hexapod, send the volume into EC2:

ec2-import-volume -o <Access key ID> -w <Secret Access Key> --cert cert-XXXXXXXXXXXXXXXXXXXXXXXXXXX.pem --private-key pk-XXXXXXXXXXXXXXXXXXXXXXXXXXX.pem -f RAW  -b <bucket-name> --region <region>  --description "insert descriptive name here" -z <availability zone> /mnt/openstack/glance/<image ID>

Now, log into your EC2 dashboard, and check in the availability zone that you've uploaded to, in the "Elastic Block Store->Volumes" section that a new volume has been created. If the volume is there, go to S3 and empty the bucket (otherwise you'll just end up paying for the storage of that bucket for no good reason).

Select the volume you've just uploaded, right-click, and "create snapshot"

Go to "Elastic Block Store->Snapshots"

Select the new snapshot, right-click, and "Create image from snapshot"

This will start a wizard that asks you for a kernel ID. The UI for this sucks. Basically, go to the canonical website and pull up the list of ubuntu kernel IDs for your region, and find the one that should be on the list. It's a long pull-down list. For ap-southeast-1a, I used aki-fe1354ac for a 12.04LTS image.

Once this is done, you'll have a new AMI. Go to "Images->AMIs". Right-click your new image, and select "Launch Instance". Configure the keypair, security group, etc.

Finally, you should be able to go to "Instances->Instances" and see your new instance running.