Fix kernel dependency on glibc backtrace

build/build-image.sh

@@ -31,7 +31,7 @@ if [  "$SECURESYS" == "true"  ]; then echo "Intact"
 else echo "Degraded"; fi
 echo "================================"
 
-set -x
+#set -x
 
 export DISTPATH=$DISTPATH
 mkdir -p "$DISTPATH"
@@ -44,6 +44,8 @@ eselect profile set default/linux/amd64/23.0/musl/hardened/selinux
 # STOP TELLING ME ABOUT THE NEWS
 eselect news read new > /dev/null
 
+#id -nu 250 | tee > /build/artifacts/test
+
 # Copy in host configs
 cp -r /build/include-host/* /
 
@@ -54,9 +56,9 @@ cp -r /build/include-host/* /
 
 # We have to ensure use.disable contains at least one flag
 # Otherwise euse -D will disable all global use flags
-if [[ "$(cat /etc/portage/use.disable)" = *[![:space:]]* ]]; then
-    euse -D "$(cat /etc/portage/use.disable)"
-fi
+#if [[ "$(cat /etc/portage/use.disable)" = *[![:space:]]* ]]; then
+#    euse -D "$(cat /etc/portage/use.disable)"
+#fi
 
 # Set install location
 export ROOT="$DISTPATH"
@@ -65,9 +67,9 @@ export ROOT="$DISTPATH"
 #emerge -j "$NPROC" --quiet --update --deep --newuse @world
 
 # Emerge all packages
-emerge -j "$NPROC" --quiet --noreplace @halogenos-image
-emerge -j "$NPROC" --quiet --update --deep --noreplace @world
-emerge -j "$NPROC" --quiet --autounmask=y sys-kernel/vanilla-kernel
+#emerge -j "$NPROC" --quiet --autounmask=y --autounmask-write --noreplace @halogenos-image
+#emerge -j "$NPROC" --quiet --update --deep --noreplace @world
+emerge -j "$NPROC" --quiet --autounmask=y --autounmask-write =sys-kernel/gentoo-kernel-6.15.4 | tee /build/artifacts/linux-build-log
 emerge --depclean
 emerge --unmerge --nodeps portage perl-cleaner
 

build/include-host/etc/portage/package.accept_keywords/cmake

@@ -0,0 +1 @@
+=dev-build/cmake-3.31.7-r1::gentoo ~amd64

build/include-host/etc/portage/package.accept_keywords/ecryptfs-utils

@@ -0,0 +1 @@
+=sys-fs/ecryptfs-utils-111_p20170609-r1 ~amd64

build/include-host/etc/portage/package.accept_keywords/kernel

@@ -0,0 +1,2 @@
+=virtual/dist-kernel-6.15.4 ~amd64
+=sys-kernel/gentoo-kernel-6.15.4 ~amd64

build/include-host/etc/portage/package.use/kernel

@@ -1 +1 @@
-sys-kernel/vanilla-kernel amd64
+sys-kernel/installkernel dracut

build/include-host/etc/portage/patches/sys-kernel/gentoo-kernel/fix-musl.patch

@@ -0,0 +1,18 @@
+--- a/tools/include/linux/kallsyms.h
++++ b/tools/include/linux/kallsyms.h
+@@ -18,6 +18,7 @@ static inline const char *kallsyms_lookup(unsigned long addr,
+ 	return NULL;
+ }
+ 
++#ifdef HAVE_BACKTRACE_SUPPORT
+ #include <execinfo.h>
+ #include <stdlib.h>
+ static inline void print_ip_sym(const char *loglvl, unsigned long ip)
+@@ -30,5 +31,8 @@ static inline void print_ip_sym(const char *loglvl, unsigned long ip)
+ 
+ 	free(name);
+ }
++#else
++static inline void print_ip_sym(const char *loglvl, unsigned long ip) {}
++#endif
+--

build/include-host/etc/portage/patches/sys-libs/libselinux/fix-musl.patch

@@ -0,0 +1,20 @@
+--- libselinux-3.6.old/src/selinux_restorecon.c	2023-12-13 10:46:22.000000000 -0400
++++ libselinux-3.6/src/selinux_restorecon.c	2024-02-17 12:08:29.352291673 -0400
+@@ -436,7 +436,7 @@
+ 	file_spec_t *prevfl, *fl;
+ 	uint32_t h;
+ 	int ret;
+-	struct stat64 sb;
++	struct stat sb;
+ 
+ 	__pthread_mutex_lock(&fl_mutex);
+ 
+@@ -450,7 +450,7 @@
+ 	for (prevfl = &fl_head[h], fl = fl_head[h].next; fl;
+ 	     prevfl = fl, fl = fl->next) {
+ 		if (ino == fl->ino) {
+-			ret = lstat64(fl->file, &sb);
++			ret = lstat(fl->file, &sb);
+ 			if (ret < 0 || sb.st_ino != ino) {
+ 				freecon(fl->con);
+ 				free(fl->file);

build/include-host/etc/portage/sets/halogenos-host

@@ -1,3 +1,4 @@
+=dev-build/cmake-3.31.7-r1::gentoo
 app-portage/gentoolkit
 sys-apps/busybox
 sys-fs/btrfs-progs

build/include-host/etc/portage/sets/halogenos-image

@@ -7,5 +7,7 @@ sys-apps/bubblewrap
 sys-apps/flatpak
 sys-apps/fwupd
 sys-apps/shadow
+sys-fs/ecryptfs-utils
+sys-kernel/linux-firmware
 sys-libs/musl
 virtual/tmpfiles

build/include-host/etc/portage/use.disable

@@ -1 +1 @@
-
+initramfs

compose.yml

@@ -12,16 +12,16 @@ services:
       REQSIG: ${REQSIG}
       DISTURL: ${DISTURL}
     secrets:
-      - signing_key_public
+      - pgp_key_public
     volumes:
       - ./build:/build
   sign:
     image: docker.io/vladgh/gpg
-    command: --batch --import /run/secrets/signing_key_private --passphrase-file /run/secrets/signing_key_password
+    command: --batch --import /run/secrets/signing_key_private --passphrase-file /run/secrets/pgp_key_password
     secrets:
-     - signing_key_password
-     - signing_key_private
-     - signing_key_public
+     - pgp_key_password
+     - pgp_key_private
+     - pgp_key_public
     volumes:
      - ./build/images:/images
   serve:
@@ -30,9 +30,20 @@ services:
      - ./build/images:/images
 
 secrets:
-  signing_key_password:
-    file: secrets/signing_key_password.txt
-  signing_key_private:
-    file: secrets/HalogenOS_private.asc
-  signing_key_public:
-    file: secrets/HalogenOS_public.asc
+  # PGP keys: For signing image files, overlays, and other release artifacts.
+  pgp_key_password:
+    file: secrets/HalogenOS_pgp_key_password.txt
+  pgp_key_private:
+    file: secrets/HalogenOS_pgp_key_private.asc
+  pgp_key_public:
+    file: secrets/HalogenOS_pgp_key_public.asc
+  # X509 keys: For signing kernel modules. Unused for now.
+  # Unless keys are synced across builds, kernel modules cannot be used in
+  # overlays, because by default new keys are automatically generated on each
+  # build.
+  x509_key_password:
+    file: secrets/HalogenOS_x509_key_password.txt
+  x509_key_private:
+    file: secrets/HalogenOS_x509_key_private.pfx
+  x509_key_public:
+    file: secrets/HalogenOS_x509_key_public.cer