Commit 5a7a53c9 authored by intrigeri's avatar intrigeri

Switch to a 64-bit userspace: first steps.

refs: #8183
parent f4c586f6
......@@ -28,6 +28,10 @@ if grep -qs -E '^Pin:\s+release\s+.*o=Debian Backports' \
echo "in config/chroot_apt/preferences. Use o=Debian instead. Exiting."
exit 1
fi
if [ $(dpkg --print-architecture) != amd64 ] ; then
echo "Only amd64 build systems are supported"
exit 1
fi
# init variables
RUN_LB_CONFIG="lb config noauto"
......@@ -57,6 +61,7 @@ perl -pi \
$RUN_LB_CONFIG \
--verbose \
--apt-recommends false \
--architecture amd64 \
--backports false \
--binary-images iso \
--binary-indices false \
......@@ -69,6 +74,7 @@ $RUN_LB_CONFIG \
--iso-application="The Amnesic Incognito Live System" \
--iso-publisher="https://tails.boum.org/" \
--iso-volume="TAILS ${AMNESIA_FULL_VERSION}" \
--linux-flavours amd64 \
--memtest none \
--mirror-binary "$DEBIAN_MIRROR" \
--mirror-bootstrap "$DEBIAN_MIRROR" \
......@@ -84,21 +90,6 @@ $RUN_LB_CONFIG \
--initramfs=live-boot \
${@}
# build i386 images on amd64 as well, include a bunch of kernels
hw_arch="`dpkg --print-architecture`"
if [ "$hw_arch" = i386 -o "$hw_arch" = amd64 ]; then
$RUN_LB_CONFIG \
--architecture i386 \
--linux-flavours "686" \
${@}
# build powerpc images on powerpc64 as well, include only powerpc kernel
elif [ "$hw_arch" = powerpc -o "$hw_arch" = powerpc64 ]; then
$RUN_LB_CONFIG \
--architecture powerpc \
--linux-flavours powerpc \
${@}
fi
install -d config/chroot_local-includes/etc/amnesia/
# environment
......
#!/bin/bash
set -e
# Including common functions
. "${LB_BASE:-/usr/share/live/build}"/scripts/build.sh
# Setting static variables
DESCRIPTION="$(Echo 'renaming amd64 kernel')"
HELP=""
USAGE="${PROGRAM}"
# Reading configuration files
Read_conffiles config/all config/common config/binary
Set_defaults
Echo_message "Renaming amd64 kernel"
mv binary/live/vmlinuz-*-amd64 binary/live/vmlinuz2
mv binary/live/initrd.img-*-amd64 binary/live/initrd2.img
......@@ -15,14 +15,8 @@ Read_conffiles config/all config/bootstrap config/common config/binary
Set_defaults
# Safeguards
if [ "${LB_BOOTLOADER}" != "syslinux" ]
then
exit 0
fi
if [ "${LB_ARCHITECTURE}" != "i386" ]
then
exit 0
fi
[ "${LB_BOOTLOADER}" = "syslinux" ] || exit 0
[ "${LB_ARCHITECTURE}" = "amd64" ] || exit 0
# Seems like we'll have work to do
Echo_message "adding CPU autodetection to the syslinux menu"
......@@ -83,18 +77,16 @@ EOF
# state to the defaults
sed -i -e "1i prompt 0\ntimeout 40\n" "${SYSLINUX_MENU_CFG}"
# Copy and adapt live.cfg for each kernel
# Generate a live$arch.cfg for each architecture
for arch in 486 amd64
do
(
echo "include menu.cfg"
if [ $arch = 486 ]; then
append=""
: # XXX: #11638
else
append=2
echo "include menu.cfg"
cat "${SYSLINUX_LIVE_CFG}"
fi
sed -e "s,/vmlinuz$,/vmlinuz${append}, ; s,initrd\.img,initrd${append}.img," "${SYSLINUX_LIVE_CFG}"
) | sed -n -e '/^label live-amd64.*/ { q } ; p' \
> "${SYSLINUX_PATH}/live${arch}.cfg"
done
......
......@@ -16,7 +16,7 @@ Set_defaults
# Safeguards
[ "${LB_BOOTLOADER}" = "syslinux" ] || exit 0
[ "${LB_ARCHITECTURE}" = "i386" ] || exit 0
[ "${LB_ARCHITECTURE}" = "amd64" ] || exit 0
# Seems like we'll have work to do
Echo_message "fixing syslinux installation"
......
......@@ -16,7 +16,7 @@ Set_defaults
# Safeguards
[ "${LB_BOOTLOADER}" = "syslinux" ] || exit 0
[ "${LB_ARCHITECTURE}" = "i386" ] || exit 0
[ "${LB_ARCHITECTURE}" = "amd64" ] || exit 0
# Seems like we'll have work to do
Echo_message 'including syslinux in the ISO filesystem'
......
......@@ -71,7 +71,7 @@ Read_conffiles config/all config/bootstrap config/common config/binary
Set_defaults
# Safeguards
[ "${LB_ARCHITECTURE}" = "i386" ] || exit 0
[ "${LB_ARCHITECTURE}" = "amd64" ] || exit 0
# Seems like we'll have work to do
Echo_message 'including GRUB EFI for ia32 in the ISO filesystem'
......
......@@ -16,7 +16,7 @@ Set_defaults
# Safeguards
[ "${LB_BOOTLOADER}" = "syslinux" ] || exit 0
[ "${LB_ARCHITECTURE}" = "i386" ] || exit 0
[ "${LB_ARCHITECTURE}" = "amd64" ] || exit 0
# Seems like we'll have work to do
Echo_message "installing syslinux UEFI bootloader"
......
......@@ -6,6 +6,6 @@
packages:
binary:
- package: squashfs-tools
arch: i386
arch: amd64
version: 1:4.2+20130409-2
explanation: pulled by lb_binary_rootfs, outside of the reach of our apt-get wrapper
APT::Architectures {"i386"; "amd64";};
#! /bin/sh
set -e
echo "Configuring dpkg architectures"
dpkg --add-architecture amd64
......@@ -187,11 +187,11 @@ create_default_profile() {
}
TBB_SHA256SUMS_FILE=/usr/share/tails/tbb-sha256sums.txt
TBB_TARBALLS="$(grep "\<tor-browser-linux32-.*\.tar.xz$" "${TBB_SHA256SUMS_FILE}")"
TBB_TARBALLS="$(grep "\<tor-browser-linux64-.*\.tar.xz$" "${TBB_SHA256SUMS_FILE}")"
# We'll use the en-US bundle as our basis; only langpacks will be
# installed from the other bundles.
MAIN_TARBALL="$(echo "${TBB_TARBALLS}" | grep -o "tor-browser-linux32-.*_en-US.tar.xz")"
MAIN_TARBALL="$(echo "${TBB_TARBALLS}" | grep -o "tor-browser-linux64-.*_en-US.tar.xz")"
TBB_DIST_URL_FILE=/usr/share/tails/tbb-dist-url.txt
TBB_TARBALLS_BASE_URL="$(cat "${TBB_DIST_URL_FILE}")"
......
#!/bin/sh
set -e
echo "Installing amd64 Linux kernel"
apt-get --yes install linux-image-amd64:amd64
......@@ -16,15 +16,18 @@ apt-get install --yes \
tar --directory=/usr/src \
-xf "/usr/src/linux-source-${KERNEL_SOURCE_VERSION}.tar."*
for arch in 686 amd64 ; do
# XXX: drop the loop once #8183 is almost ready to be merged;
# meanwhile, let's simplify merges by keeping the code bases as close
# as possible to each other
for arch in amd64 ; do
case "$arch" in
686)
linux_headers_arch_pkg="linux-headers-${KERNEL_VERSION}-686"
linux_headers_common_pkg="linux-headers-${KERNEL_VERSION}-common"
;;
amd64)
linux_headers_arch_pkg="linux-headers-${KERNEL_VERSION}-amd64:amd64"
linux_headers_common_pkg="linux-headers-${KERNEL_VERSION}-common:amd64"
linux_headers_arch_pkg="linux-headers-${KERNEL_VERSION}-amd64"
linux_headers_common_pkg="linux-headers-${KERNEL_VERSION}-common"
;;
*)
exit 1
......
......@@ -5,24 +5,14 @@ set -u
echo "Building VirtualBox guest modules"
hw_arch="`dpkg --print-architecture`"
if [ "$hw_arch" != i386 -a "$hw_arch" != amd64 ]; then
exit 0
fi
. /usr/share/amnesia/build/variables
# the -dkms package must be installed *after* dkms to be properly registered
apt-get install --yes build-essential dkms
# Note: we only build for the 32-bit kernel, since building for 64-bit is too painful
# with multiarch; and anyway, the 64-bit kernel module doesn't play well with
# a 32-bit userspace (https://www.virtualbox.org/ticket/8336), which is why
# we instruct users to set up a 32-bit VM.
# Installing the headers triggers the building of the modules for that kernel
apt-get install --yes \
"linux-headers-${KERNEL_VERSION}-686" \
"linux-headers-${KERNEL_VERSION}-amd64" \
virtualbox-guest-dkms
# clean the build directory
......
......@@ -14,7 +14,6 @@ echo "Removing unwanted packages"
apt-get --yes purge \
'^linux-kbuild-*' \
'^linux-headers-*' \
'^linux-headers-*:amd64' \
'^linux-source-*' \
build-essential debhelper dkms dpatch dpkg-dev \
gcc gcc-4.8 gcc-4.8-base gcc-4.9 gcc-4.9-base gcc-5 gcc-5-base gcc-6 \
......
#!/bin/sh
running_amd64_kernel() {
uname -r | grep -qs 'amd64$'
}
case "$1" in
kernel)
boot_kernel="$2"
if running_amd64_kernel ; then
echo "$boot_kernel" | sed -e 's,/vmlinuz$,/vmlinuz2,'
else
echo "$boot_kernel"
fi
;;
initrd)
boot_initrd="$2"
if running_amd64_kernel ; then
echo "$boot_initrd" | sed -e 's,/initrd\.img$,/initrd2.img,'
else
echo "$boot_initrd"
fi
;;
*)
echo "Usage: $0 kernel|initrd" >&2
exit 3
esac
exit 0
......@@ -6,8 +6,8 @@ set -u
PATH="/usr/local/bin:${PATH}"
KEXEC_CONF=/etc/default/kexec
KERNEL_IMAGE=$(tails-boot-to-kexec kernel $(tails-get-bootinfo kernel))
INITRD=$(tails-boot-to-kexec initrd $(tails-get-bootinfo initrd))
KERNEL_IMAGE=$(tails-get-bootinfo kernel)
INITRD=$(tails-get-bootinfo initrd)
echo "KERNEL_IMAGE=\"${KERNEL_IMAGE}\"" >> "$KEXEC_CONF"
echo "INITRD=\"${INITRD}\"" >> "$KEXEC_CONF"
......
......@@ -6,5 +6,5 @@ set -u
PATH="/usr/local/bin:${PATH}"
MEMLOCKD_CONF=/etc/memlockd.cfg
tails-boot-to-kexec kernel $(tails-get-bootinfo kernel) >> "$MEMLOCKD_CONF"
tails-boot-to-kexec initrd $(tails-get-bootinfo initrd) >> "$MEMLOCKD_CONF"
tails-get-bootinfo kernel >> "$MEMLOCKD_CONF"
tails-get-bootinfo initrd >> "$MEMLOCKD_CONF"
......@@ -112,7 +112,7 @@ gnupg2
gobi-loader
gobby
## breaks lb because of desktop-base.postinst (see Debian bug #467620)
#if ARCHITECTURE i386 amd64
#if ARCHITECTURE amd64
# grub
grub-efi-ia32
#endif
......@@ -235,7 +235,7 @@ xul-ext-torbirdy
# needed for initramfs-tools' COMPRESS=xz
xz-utils
#if ARCHITECTURE i386 amd64
#if ARCHITECTURE amd64
open-vm-tools
#endif
......@@ -259,9 +259,6 @@ firmware-b43legacy-installer
### Xorg
xorg
xserver-xorg-input-all
#if ARCHITECTURE i386
xserver-xorg-video-geode
#endif
xserver-xorg-video-all
xserver-xorg-video-cirrus
xserver-xorg-video-modesetting
......
......@@ -34,34 +34,3 @@ Feature: System memory erasure on shutdown
When I fill the guest's memory with a known pattern
And I shutdown and wait for Tails to finish wiping the memory
Then I find very few patterns in the guest's memory
Scenario: Anti-test: no memory erasure on an old computer
Given a computer
And the computer is an old pentium without the PAE extension
And the computer has 8 GiB of RAM
And I set Tails to boot with options "debug=wipemem"
And I start Tails from DVD with network unplugged and I login
Then the non-PAE kernel is running
And at least 3 GiB of RAM was detected
And process "memlockd" is running
And process "udev-watchdog" is running
And udev-watchdog is monitoring the correct device
When I fill the guest's memory with a known pattern without verifying
And I reboot without wiping the memory
And I stop the boot at the bootloader menu
Then I find many patterns in the guest's memory
Scenario: Memory erasure on an old computer
Given a computer
And the computer is an old pentium without the PAE extension
And the computer has 8 GiB of RAM
And I set Tails to boot with options "debug=wipemem"
And I start Tails from DVD with network unplugged and I login
And the non-PAE kernel is running
And at least 3 GiB of RAM was detected
And process "memlockd" is running
And process "udev-watchdog" is running
And udev-watchdog is monitoring the correct device
When I fill the guest's memory with a known pattern
And I shutdown and wait for Tails to finish wiping the memory
Then I find very few patterns in the guest's memory
......@@ -96,11 +96,6 @@ Then /^no unexpected services are listening for network connections$/ do
end
end
When /^Tails has booted a 32-bit kernel$/ do
assert(! $vm.execute("uname -r | grep -qs 'amd64$'").success?,
"Tails has not booted a 32-bit kernel.")
end
When /^Tails has booted a 64-bit kernel$/ do
assert($vm.execute("uname -r | grep -qs 'amd64$'").success?,
"Tails has not booted a 64-bit kernel.")
......
......@@ -1343,11 +1343,9 @@ Backports](http://backports.debian.org/) as a compromise between
stability and recent hardware support. Recent Intel and AMD microcode
are included as well.
The x86 hardware architecture is the main supported one.
The x86-64 hardware architecture is the only supported one.
A 64-bit Linux kernel (*amd64* flavour) and a 32-bit one (*486*
flavor, for maximal backward-compatibility) are provided. The best
supported one is used.
A 64-bit Linux kernel (*amd64* flavour) and userspace are included.
* [[!tails_gitweb auto/config]]
* [[!tails_gitweb config/binary_local-hooks/20-syslinux_detect_cpu]]
......
......@@ -4,7 +4,7 @@ Tails should work on any reasonably recent computer, say manufactured after 2005
Here is a detailed list of requirements:
- Either **an internal or external DVD reader** or the possibility to **boot from a USB stick or SD card**.
- Tails requires an <span class="definition">[[!wikipedia x86]]</span>
- Tails requires a 64-bit <span class="definition">[[!wikipedia x86]]</span>
compatible processor: **<span class="definition">[[!wikipedia
IBM_PC_compatible]]</span>** and others but not <span
class="definition">[[!wikipedia PowerPC]]</span> nor <span
......
......@@ -71,7 +71,7 @@ To create a new virtual machine:
1. In the **Name and operating system** screen, specify:
- A name of your choice.
- **Type**: **Linux**.
- **Version**: **Other Linux (32 bit)**.
- **Version**: **Other Linux (64 bit)**.
- Click **Next**.
<div class="bug"><p><span class="application">VirtualBox</span> guest
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment