-
Notifications
You must be signed in to change notification settings - Fork 39
Building OpenEmbedded
DO NOT EDIT: This page has been migrated to Confluence: https://openxt.atlassian.net/wiki/display/OD/How+to+build+OpenXT
OpenEmbedded (OE) is used to build the OpenXT installer ISO and all of the VMs that make up the OpenXT system. Currently, due to our dependency on the older 6.12 version of the Haskell compiler, we recommend the use of Debian Squeeze as the distro for your build system. All build machines must be 32bit as well due to a few places where our build scripts invoke tools or use libraries on the host system.
There are other distros that can be made to work but they require some ugly hacks in places. If you've have built OpenXT successfully on a platform not mentioned here please make a new page and link to your instructions here.
Follow the instructions for debian at OEandYourDistro on the OpenEmbedded wiki for installing a few packages required to get OpenEmbedded going. OpenEmbedded itself will download and install a lot of toolchain materials (e.g. specific compiler versions).
On Squeeze, install these additional packages:
ghc guilt iasl quilt bin86 bcc libsdl1.2-dev liburi-perl genisoimage policycoreutils unzip
On Wheezy, follow the additional instructions here: Debian Wheezy packages.
Be sure that your build system is using bash as the default system shell. Both Debian and Ubuntu use dash instead and the 'bashisms' in a lot of the build metadata will cause failures unless /bin/sh is a symlink to /bin/bash. The Ubuntu section of of the OE and Your Distro describes a work-around for this issue.
The first build scripts exist in openxt.git (along with this README.md file), so clone that:
git clone git://github.com/OpenXT/openxt.git
You can of course clone your own fork. Be aware that there are another approximately 60 OpenXT repositories that will be checked out next.
cd openxt # the directory created by the clone command above
cp example-config .config
You should review the .config file and edit it as appropriate.
NOTE: there is an effort in progress as of 18 June 2014 to simplify this such that those who are concerned with building signing get a simple auto-generated dev signing certificate.
For now you do need to create certificates. You need to protect these; someone with read access to these files can potentially get any devices running your build of OpenXT to upgrade themselves to their malicious software by triggering an "Over The Air" upgrade, though this should require local access to each device to point it at a server that offers the new version.
If you are intending to distribute the results of your build you should look into how the OpenXT release signing system works and figure out how you are going to handle your certifcates. Otherwise, run these commands:
mkdir certs # make a certs directory inside the openxt directory
openssl genrsa -out certs/prod-cakey.pem 2048
openssl genrsa -out certs/dev-cakey.pem 2048
openssl req -new -x509 -key certs/prod-cakey.pem -out certs/prod-cacert.pem -days 1095
openssl req -new -x509 -key certs/dev-cakey.pem -out certs/dev-cacert.pem -days 1095
Then edit your .config file and find the variable initializations for keys, and set:
- REPO_PROD_CACERT to the absolute path to your openxt/certs/prod-cacert.pem file.
- REPO_DEV_CACERT to the absolute path to your openxt/certs/dev-cacert.pem file.
- REPO_DEV_SIGNING_CERT to the absolute path to your openxt/certs/dev-cacert.pem file.
- REPO_DEV_SIGNING_KEY to the absolute path to your openxt/certs/dev-cakey.pem file.
By default, the .config is setup to build the master branch. You can change this by first checking out the branch in the openxt.git repository where you are working, doing something like this:
git checkout -b branch-to-build --track origin/branch-to-build
Then switch the target branch in the .config file:
# Branch to build.
BRANCH="branch-to-build"
This would be the steps for building a specific release of OpenXT too, since they are branches.
./do_build.sh # run within the openxt directory
See Phil Tricca's "First OpenXT build" for more discussion, especially on the signing certificates work.