CI system documentation

f468b583 · Bob Mottram · 4aa77579 · f468b583 · f468b583 · f468b583
Commit f468b583 authored 6 years ago by Bob Mottram
--- a/doc/EN/devguide.org
+++ b/doc/EN/devguide.org
@@ -217,3 +217,6 @@ If you need particular /dconf/ commands to alter desktop appearance or behavior

 #+attr_html: :width 10% :height 2% :align center
 [[file:fdl-1.3.txt][file:images/gfdl.png]]
+
+* Continuous Integration system
+You can set up a CI system to create image builds and test for breakages. Instructions on how to do that can be [[./devguide_ci.html][found here]].
--- a/doc/EN/devguide_ci.org
+++ b/doc/EN/devguide_ci.org
+#+TITLE: Freedombone
+#+AUTHOR: Bob Mottram
+#+EMAIL: bob@freedombone.net
+#+KEYWORDS: freedombone, developers
+#+DESCRIPTION: Freedombone developers guide
+#+OPTIONS: ^:nil toc:nil
+#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
+
+#+attr_html: :width 80% :height 10% :align center
+[[file:images/logo.png]]
+
+* Developers Guide
+
+#+BEGIN_CENTER
+#+ATTR_HTML: :border -1
+| [[Why Rock64]]                      |
+| [[Inventory]]                       |
+| [[Setup of image]]                  |
+| [[Install Freedombone build tools]] |
+| [[Setup the CI system]]             |
+
+#+END_CENTER
+
+What follows are instructions for how to set up a Rock64 ARM board to do continuous builds of [[https://freedombone.net][Freedombone]] images. At present this only works for ARM images, since some Debian packages are only available for x86.
+
+** Why Rock64?
+
+It's cheap. It has a reasonably powerful CPU which isn't vulnerable to spectre. You can get a version of it with 4GB RAM.
+
+The down side is that like all 64bit ARM boards currently it has proprietary boot blobs (see [[https://github.com/ayufan-rock64/rkbin][Rockchip firmware]]). There isn't really any escaping from that at present. This system won't be especially security sensitive and will usually only be available within the local network.
+
+Having a fairly powerful CPU means that it can build multi-gigabyte images within a reasonable amount of time, rather than taking days as it would on slower systems. And being an ARM board electrical power consumption is still low, so it's not going to put much of a ding in anyone's solarpunk energy budget.
+
+** Inventory
+The hardware you'll need is:
+
+ * Rock64 (preferably not the Pro version which is Spectre vulnerable)
+ * SSD
+ * USB3 to SATA adaptor
+ * 5v 2-3A Mains power supply with 3.5mm barrel plug
+ * Cat5/6 ethernet patch cable
+
+A 64GB SSD is about the smallest you can get away with if you want to build all of the images. If you just want to build one or two images then you could go lower than that.
+
+In the below image there's also an Atheros wifi dongle plugged in, but you don't need that for the this system.
+
+#+attr_html: :width 50% :align center
+[[file:images/rock64_ci.jpg]]
+
+** Setup of image
+
+Download the SPI flash utility and copy it to a microSD card, replacing /dev/sdX with the drive corresponding to the microSD.
+
+#+BEGIN_SRC bash
+wget https://github.com/ayufan-rock64/linux-u-boot/releases/download/2017.09-rockchip-ayufan-1033-gdf02018479/u-boot-flash-spi-rock64.img.xz
+unxz u-boot-flash-spi-rock64.img.xz
+sudo dd bs=1M if=u-boot-flash-spi-rock64.img of=/dev/sdX conv=fdatasync,sync,noerror
+#+END_SRC
+
+Now you will need to obtain the debian stretch image for the Rock64 and copy it to the SSD. There are various ways to do this. If you have a desktop machine you can connect the SSD that way, or you can use the USB to SATA adaptor with a laptop. Replace /dev/sdX with the drive for the SSD.
+
+#+BEGIN_SRC bash
+image_version='0.7.8'
+image_build_version=1061
+wget https://github.com/ayufan-rock64/linux-build/releases/download/$image_version/stretch-minimal-rock64-$image_version-$image_build_version-arm64.img.xz
+unxz stretch-minimal-rock64-$image_version-$image_build_version-arm64.img.xz
+sudo dd bs=1M if=stretch-minimal-rock64-$image_version-$image_build_version-arm64.img of=/dev/sdX conv=fdatasync,sync,noerror
+#+END_SRC
+
+Plug the microSD card into the Rock64.
+
+Connect the SSD via the adaptor and plug it into the USB3 socket.
+
+Connect the Rock64 to your internet router using the ethernet cable.
+
+Plug in the power lead.
+
+You will notice the white LED blink off and then on again for one second.
+
+Now the SPI has been flashed. Unplug the power and remove the microSD card.
+
+Reconnect the power. The board should now boot from the SSD.
+
+From another system - maybe your laptop - login with:
+
+#+BEGIN_SRC bash
+ssh rock64@rock64
+#+END_SRC
+
+username: rock64
+password: rock64
+
+Then change the password:
+
+#+BEGIN_SRC bash
+passwd
+#+END_SRC
+
+Set an ssh key to login with, which is more secure than using a password:
+
+#+BEGIN_SRC bash
+mkdir ~/.ssh
+nano ~/.ssh/authorized_keys
+#+END_SRC
+
+Paste in your ssh public key and save.
+
+Then disable password logins.
+
+#+BEGIN_SRC bash
+sudo su
+nano /etc/ssh/ssh_config
+#+END_SRC
+
+Uncomment and set:
+
+#+BEGIN_SRC bash
+ForwardX11 no
+PasswordAuthentication no
+#+END_SRC
+
+Now update the system:
+
+#+BEGIN_SRC bash
+apt-get update
+apt-get upgrade
+#+END_SRC
+
+Install the basic packages you'll need. Possibly you might want vim instead of emacs, or just stick with nano.
+
+#+BEGIN_SRC bash
+apt-get install git build-essential nginx python-xmpp emacs man unattended-upgrades xz-utils apt-listchanges
+#+END_SRC
+
+To avoid possible attacks where the adversary knows the default ssh host keys, regenerate them as follows:
+
+#+BEGIN_SRC bash
+rm -f /etc/ssh/ssh_host_*
+dpkg-reconfigure openssh-server
+awk '$5 > 2000' /etc/ssh/moduli > ~/moduli
+mv ~/moduli /etc/ssh/moduli
+systemctl restart ssh
+#+END_SRC
+
+Then reboot
+
+#+BEGIN_SRC bash
+reboot
+#+END_SRC
+
+** Install Freedombone build tools
+
+Prepare your system to make freedombone images:
+
+#+BEGIN_SRC bash
+cd ~/
+git clone https://code.freedombone.net/bashrc/freedombone
+cd ~/freedombone
+git checkout stretch
+sudo make install
+freedombone-image --setup debian
+#+END_SRC
+
+** Setup the CI system
+
+If you just want to test the system with a single build then run:
+
+#+BEGIN_SRC bash
+sudo freedombone-ci setuptest
+#+END_SRC
+
+Otherwise to install the full build system:
+
+#+BEGIN_SRC bash
+sudo freedombone-ci setup
+#+END_SRC
+
+To view build results in a non-Tor browser navigate to http://rock64. Selecting the icon on the left side of the page will go to the downloads section so that you can download images.
--- a/img/rock64_ssd.jpg
+++ b/img/rock64_ssd.jpg
--- a/website/EN/devguide.html
+++ b/website/EN/devguide.html
@@ -4,7 +4,7 @@
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
 <title>Freedombone</title>
-<!-- 2018-09-27 Thu 13:57 -->
+<!-- 2018-10-08 Mon 12:21 -->
 <meta  http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta  name="generator" content="Org-mode" />
 <meta  name="author" content="Bob Mottram" />
@@ -557,6 +557,15 @@ If you need particular <i>dconf</i> commands to alter desktop appearance or beha
 </div>
 </div>
 </div>
+
+<div id="outline-container-sec-10" class="outline-2">
+<h2 id="sec-10">Continuous Integration system</h2>
+<div class="outline-text-2" id="text-10">
+<p>
+You can set up a CI system to create image builds and test for breakages. Instructions on how to do that can be <a href="./devguide_ci.html">found here</a>.
+</p>
+</div>
+</div>
 </div>
 <div id="postamble" class="status">