Building novena firmware
Contents
Before you begin
The build environment should not be on an encrypted partition. These tend to have much lower path lengths, which can break the build in mysterious and hard-to-track-down ways.
You should not use have a symlink in the path of the build system. This can also break things.
Packages you may need
These are packages you may need over a base ubuntu 12.04 install:
git gawk make gcc g++ diffstat texi2html chrpath build-essential texinfo (for makeinfo) subversion gettext (for msgfmt) lzop device-tree-compiler u-boot-tools zip
Furthermore, you will want to change the symlink for /bin/sh to /bin/bash, instead of /bin/dash (which is the default in Ubuntu 12.04)
Setting up the environment
To set up the environment, first you must fetch the repos, then you must perform initial, one-time configuration. All of these steps only need to be run the first time you set up your build environment.
Fetching source code from scratch
Note that these steps are very similar to the generic Building Angstrom steps.
- git clone https://github.com/sutajiokousagi/setup-scripts-novena oe
- cd oe
Configure the build environment
First, perform initial setup. This creates an environment file you'll use every time you want to do development.
- Configure OE
- ./oebb.sh config novena
- ./oebb.sh update
Next, edit conf/local.conf. Particularly important variables you might want to change are:
- PARALLEL_MAKE – This tells "make" how many threads to spawn. A good rule of thumb is 1.5 times the number of cores present. Be sure to include "-j" before the number.
- BB_NUMBER_THREADS – This tells bitbake how many tasks to run at parallel. Set this equal to around the number of cores present.
Building an image
Set up your session by sourcing the OE environment file:
. ~/.oe/environment-angstromv2012.05
There are many images available. To list them all, run:
find sources/meta-* sources/openembedded-core -name '*image*.bb'
There is a Novena bringup image that contains many useful system tools for determining system performance, communicating with various peripherals, and generally bringing up the system. To build this image, run:
bitbake novena-bringup-image
Troubleshooting
- Bitbake failure when downloading the kernel
There is an issue with the long-running git fetch that bitbake does when it first pulls down the kernel source code. The error looks like:
ERROR: Fetcher failure: Fetch command ... Cloning into bare repository ...
To work around this, manually run the command listed and then retry the bitbake command.
Writing an image to a card
When an image is built, various files are added to the deploy/images/novena/ directory. The image name is embedded within the resulting compressed ROM file. For example, the image for novena-bringup-image is located at oe/build/tmp-angstrom_2010_x-eglibc/deploy/images/novena/rom-novena-hw-bringup.img.gz.
Making kernel changes
If you modify the linux kernel source tree, you need to bump the PR inside the buildbot recipe in order for the changes to be absorbed into the build. This is done by incrementing MACHINE_KERNEL_PR in sources/meta-kosagi/conf/machine/include/imx61.inc
Getting the kernel
git clone git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git cd linux-next git checkout f59b51fe3d3092c08d7d554ecb40db24011b2ebc # taken from linux-novena_git.bb wget -O .config https://raw.github.com/sutajiokousagi/meta-kosagi/novena/recipes-kernel/linux/linux-novena/defconfig
git clone https://github.com/sutajiokousagi/meta-kosagi/tree/novena/recipes-kernel/linux/linux-novena
Building the kernel
Note to build the kernel, the command line must specify uimage and the LOADADDR:
make uImage LOADADDR=10008000 -j 4 # -j 4 is just to use more concurrent threads, adjust as needed
Once the kernel is built, you should copy it onto partition 1 of the disk image. Partition 1 is a FAT partition that can be mounted on almost any machine. There will be a file called uImage-novena.bin. You will want to copy arch/arm/boot/uImage over that file; u-boot will automatically load and configure that kernel using the .dtb file. Note that since device tree (dts => dtb) is used, if you make modifications to the device tree you'll also want to copy that onto partition 1.
To build the .dtb file, make sure you are in the linux-next directory and run this command:
scripts/dtc/dtc -O dtb -o novena.dtb -b 0 arch/arm/boot/dts/novena.dts
This assumes you have already copied or symlinked novena.dts into the dts directory (from the meta-kosagi repo)
Getting your changes to show up in OE
Just because you built a kernel and tested it doesn't mean the changes are automatically absorbed into OE.
the .config file and any device tree changes have to be checked into meta-kosagi. Then, you will need to bump the package revision inside imx61.inc:
increment MACHINE_KERNEL_PR in sources/meta-kosagi/conf/machine/include/imx61.inc
Source changes currently have to be overlaid on top of the existing kernel (ugly). This is because we haven't branched the kernel yet and the commit that is pulled in OE is fixed to something on the mainline.
So, for now, edit
sources/meta-kosagi/recipes-kernel/linux/linux-novena_git.bb
and modify these two areas:
SRC_URI (add the files you need to overlay)
and
do_install_append() (copy the lines starting with cp -f, changing the reference to your file and the final location you need it to end up for the overlay)
This needs to be fixed, but it's what works for now.
Getting and building u-boot
git clone git://github.com/sutajiokousagi/u-boot-imx6.git # make sure you have installed the local tooclhain and sourced the environment file (see below) cd u-boot-imx6 make novena_config # sets up u-boot for novena configuration make
To copy u-boot onto the disk, you need to use a linux machine with dd:
sudo dd if=u-boot.imx of=/dev/sdX seek=2
Replace /dev/sdX with the drive node of your SD card. seek=2 locates u-boot in the expected location for loading.
Local toolchain
A local toolchain is needed to build u-boot and the kernel, in the absence of an OE tree.
bitbake meta-toolchain # Extract build/tmp-*/deploy/sdk/toolchain to / # Edit /usr/local/oe*/environment* and add: # export ARCH=arm # export CROSS_COMPILE=arm-angstrom-linux-gnueabi-
Cloud Image
This section moved to Novena Cloud Image
The pre-built cloud image comes with the following pre-built and installed:
- OE directory with packages and image ready-to-go
- local toolchain built and installed
- u-boot image configured and built
- kernel image configured and built (note: config & devtree items are symlinked to git repo, beware!):
- inside ~/linux-next/:
lrwxrwxrwx 1 ubuntu ubuntu 79 Feb 17 09:52 .config -> /home/ubuntu/oe/sources/meta-kosagi/recipes-kernel/linux/linux-novena/defconfig
- inside ~/linux-next/arch/arm/boot/dts:
lrwxrwxrwx 1 ubuntu ubuntu 80 Feb 17 09:54 imx6q.dtsi -> /home/ubuntu/oe/sources/meta-kosagi/recipes-kernel/linux/linux-novena/imx6q.dtsi lrwxrwxrwx 1 ubuntu ubuntu 80 Feb 17 09:54 novena.dts -> /home/ubuntu/oe/sources/meta-kosagi/recipes-kernel/linux/linux-novena/novena.dts
- when building the kernel, don't forget to specify uImage and LOADADDR (see above)
Accessing the cloud image
Access to the cloud image is granted by emailing bunnie. He will create for you a username and password. You will need two of them, one for VPN access (to get to your machine via ssh), and one for the cloud management interface.
If you don't want to deal with managing a cloud instance, bunnie can also start an instance for you and load it with your ssh public key. In which case, the only thing you need to give him is a username/password combo for a VPN. The VPN is implemented using PPTP on DD-WRT. Yes, it's insecure, but the router currently installed can't run OpenVPN. Perhaps future equipment upgrades will change this, but for now the only login method allowed to internal machines in the VPN is ssh with no passwords (pubkey-only).
Administrative notes
To copy a private cloud root instance to EC2
To duplicate an instance on the kosagi private cloud into EC2:
- you must have admin privileges on hexapod.
- you must have an EC2 certificate with matching private key, and your ID and shared secret. These are accessed by going to your EC2 console, and clicking your username in the upper right hand corner, and selecting "Security Credentials". Everything except the private key can be downloaded. If you lack a private key for your certificate, you can create a new certificate on the spot and download a new private key. Note that if you already have two certificates, you can't create another one, so you have to permanently delete/revoke one of the certs to make a new one.
- You need to create an S3 bucket to hold the image as it is uploaded. Remember the availability zone and bucket name.
First create a snapshot on the local cloud: Go to "instances", and under "Actions" click "create snapshot".
Then, under images & snapshots, find the snapshot you made and click on the image name. There will be an ID code. Take note of the code.
On the private cloud server (hexapod), change the access permission on /mnt/openstack/glance/<image ID> to a+r. Otherwise, the next commands will fail with obscure error messages that don't really inform you of that problem.
On hexapod, send the volume into EC2:
ec2-import-volume -o <Access key ID> -w <Secret Access Key> --cert cert-XXXXXXXXXXXXXXXXXXXXXXXXXXX.pem --private-key pk-XXXXXXXXXXXXXXXXXXXXXXXXXXX.pem -f RAW -b <bucket-name> --region <region> --description "insert descriptive name here" -z <availability zone> /mnt/openstack/glance/<image ID>
If this command succeeds, don't forget to change the permission on the image to o-r. If it fails, use the --debug and -v flags. The most likely problems you'll have are with the credentials. If you're having troubles try using simpler ec2 commands like ec2-describe-availability-zones; this will require your X.509 certificate and you can at least test that out. I found that making your own cert doesn't always work (it sometimes does, and when it fails, the error messages are not helpful), you should really use the ones created by the amazon interface.
Now, log into your EC2 dashboard, and check in the availability zone that you've uploaded to, in the "Elastic Block Store->Volumes" section that a new volume has been created. If the volume is there, go to S3 and empty the bucket (otherwise you'll just end up paying for the storage of that bucket for no good reason).
Select the volume you've just uploaded, right-click, and "create snapshot"
Go to "Elastic Block Store->Snapshots"
Select the new snapshot, right-click, and "Create image from snapshot"
This will start a wizard that asks you for a kernel ID. The UI for this sucks. Basically, go to the canonical website and pull up the list of ubuntu kernel IDs for your region, and find the one that should be on the list. It's a long pull-down list. For ap-southeast-1a, I used aki-fe1354ac for a 12.04LTS image.
Once this is done, you'll have a new AMI. Go to "Images->AMIs". Right-click your new image, and select "Launch Instance". Configure the keypair, security group, etc.
Finally, you should be able to go to "Instances->Instances" and see your new instance running.
debugging
- credential issues: try running a "simple" command like ec2-describe-availability-zones to work out X.509 issues, this is the biggest headache. Worst case, make a new X.509 cert from the amazon UI; you can have up to two certs, if you have two already nuke one and you'll get a link to make a new one.
- if your imports fail, you *must* cancel them. Use ec2-describe-conversion-tasks (don't forget to specify --region, otherwise it just defaults to us-east) to list the tasks, and then use ec2-cancel-conversion-task to remove it from the queue. Otherwise, you'll get this error eventually: "Client.ResourceLimitExceeded: Task failed to initialize - conversion task limit (5) exceeded."
- --debug and -v are your friends
- check permissions on volumes you're trying to upload. The ec2 tools don't give helpful error reports when you can't read the file -- it makes it look like it was a network connection error, not a file access error.