This is the last LTS version buildable using GCC 4.0.x. The next one,
version 4.19, requires at least GCC 4.6.
Fortunately, this is also the first version of the Linux kernel
without firmware blobs being included in /firmware, so the FSFLA
deblob scripts aren't needed anymore to ensure a fully auditable
kernel - the 3 remaining drivers that do include blobs masquerading
as source code are removed via a patch, avoiding all the other side
effects of the deblob scripts.
This doesn't compromise the trustworthiness of the bootstrapped
environment, since all the other drivers deblob would remove use
the firmware loader mechanism, which does nothing when the actual
firmware blobs aren't installed on the system separately. Features
dependent on firmware still won't work, but many drivers that load
firmware do so only optionally. This includes r8169, the driver for
the Realtek gigabit NICs found on many x86 motherboards.
This kernel is considerably larger than 4.9.10, and we build more
of it (including drivers that would previously get stripped away by
the deblob script, such as r8169), so to accommodate that, Fiwix
initrd size is increased by 64MiB, while lowering kexec space by
the same amount to ensure enough userspace memory available in Fiwix.
Fiwix's maximum open file count is also bumped from 1.5K to 2.5K.
The Documentation folder is deleted before build, to further save
space in the ramdisk.
Parts built before bash and the repo system are available aren't
stored in a clean repository tarball, so if any early file is
overwritten, it's lost. Fix this by creating a base.tar.bz2 right
after the repo is set up, to hold reference copies of early files.
This tarball isn't checksummed, since it varies considerably with
bootstrap options, but the binaries inside are protected by their
own checksums.
In kernel bootstrap mode, the kernel (builder-hex0) includes the
ability to assemble hex0 source code, and to execute basic commands,
obviating the need for the bootstrap-seeds subdirectory.
With the bootstrap-seeds directory excluded, the image consists of
purely source code, with the exception of the boot sector, which is
assembled from hex0 code by rootfs.py, and delivered ready for BIOS
to boot.
This extends make_fiwix_initrd and kexec-fiwix to support command
line parameters, instead of hardcoding relevant values within the
C sources. This way, it becomes possible to alter e.g. ramdisk size
without affecting checksums.
While we're at it, also support loading a memory map from file.
And while we're at it, use a more sustainable way of getting the
address of the next file to be written to.
Since builder-hex0 doesn't distinguish directories from zero-length
files, this has a limitation that it won't copy any zero-length
files or empty directories. Only one such file is important for the
bootstrap process (mes/config.h), which is recreated using an
improve step.
By wrapping $(cat) in an eval, redirections and other advanced
syntax can now work in the early prompts.
Also, since "set -E" is broken is the early bash, fall back to
using "set -e" and an EXIT trap, until we can upgrade to a bash
version that already has working "set -E", or perhaps backport
it to 2.05b.
This is needed to make the monitoring/recovery shell on tty2 work,
as the default console is tty0, which will just print to whichever
virtual console is active at the moment, making the shell unusable.
We spawn a shell:
- When Bash is first built, on tty2. This shell uses the old Bash,
so interactive mode needs to be emulated using redirection. Thus,
entering commands needs to be done using Enter followed by Ctrl+D,
and certain redirection features are unavailable.
- After moving the system to disk, on tty2. Old Bash, same limitations.
- After 2nd Bash is built, on tty3. This is a fully functional shell.
This is disabled in chroot-like bootstrap modes, or when -i is not set.