Skip to content

Building OpenEmbedded

Ross Philipson edited this page Mar 12, 2015 · 25 revisions

Building OpenEmbedded

OpenEmbedded (OE) is used to build the OpenXT installer ISO and all of the VMs that make up the OpenXT system. Currently, due to our dependency on the older 6.12 version of the Haskell compiler, we recommend the use of Debian Squeeze as the distro for your build system. All build machines must be 32bit as well due to a few places where our build scripts invoke tools or use libraries on the host system.

There are other distros that can be made to work but they require some ugly hacks in places. If you've have built OpenXT successfully on a platform not mentioned here please make a new page and link to your instructions here.

Basic OpenEmbedded build machine setup

Follow the instructions for debian at OEandYourDistro on the OpenEmbedded wiki for installing a few packages required to get OpenEmbedded going. OpenEmbedded itself will download and install a lot of toolchain materials (e.g. specific compiler versions).

Additional OpenXT specific packages

On Squeeze, install these additional packages:

ghc guilt iasl quilt bin86 bcc libsdl1.2-dev liburi-perl genisoimage policycoreutils unzip

On Wheezy, follow the additional instructions here: Debian Wheezy packages.

Bash vs Bourne

Be sure that your build system is using bash as the default system shell. Both Debian and Ubuntu use dash instead and the 'bashisms' in a lot of the build metadata will cause failures unless /bin/sh is a symlink to /bin/bash. The Ubuntu section of of the OE and Your Distro describes a work-around for this issue.

Clone openxt.git

The first build scripts exist in openxt.git (along with this README.md file), so clone that:

git clone git://github.com/OpenXT/openxt.git

You can of course clone your own fork. Be aware that there are another approximately 60 OpenXT repositories that will be checked out next.

Configure your build tree

cd openxt    # the directory created by the clone command above
cp example-config .config

You should review the .config file and edit it as appropriate.

Configure signing certificates

NOTE: there is an effort in progress as of 18 June 2014 to simplify this such that those who are concerned with building signing get a simple auto-generated dev signing certificate.

For now you do need to create certificates. You need to protect these; someone with read access to these files can potentially get any devices running your build of OpenXT to upgrade themselves to their malicious software by triggering an "Over The Air" upgrade, though this should require local access to each device to point it at a server that offers the new version.

If you are intending to distribute the results of your build you should look into how the OpenXT release signing system works and figure out how you are going to handle your certifcates. Otherwise, run these commands:

mkdir certs  # make a certs directory inside the openxt directory
openssl genrsa -out certs/prod-cakey.pem 2048
openssl genrsa -out certs/dev-cakey.pem 2048
openssl req -new -x509 -key certs/prod-cakey.pem -out certs/prod-cacert.pem -days 1095
openssl req -new -x509 -key certs/dev-cakey.pem -out certs/dev-cacert.pem -days 1095

Then edit your .config file and find the variable initializations for keys, and set:

  1. REPO_PROD_CACERT to the absolute path to your openxt/certs/prod-cacert.pem file.
  2. REPO_DEV_CACERT to the absolute path to your openxt/certs/dev-cacert.pem file.
  3. REPO_DEV_SIGNING_CERT to the absolute path to your openxt/certs/dev-cacert.pem file.
  4. REPO_DEV_SIGNING_KEY to the absolute path to your openxt/certs/dev-cakey.pem file.

Optionally change the branch to build

By default, the .config is setup to build the master branch. You can change this by first checking out the branch in the openxt.git repository where you are working, doing something like this:

git checkout -b branch-to-build --track origin/branch-to-build

Then switch the target branch in the .config file:

# Branch to build.
BRANCH="branch-to-build"

This would be the steps for building a specific release of OpenXT too, since they are branches.

Run the build

./do_build.sh # run within the openxt directory

Notes

See Phil Tricca's "First OpenXT build" for more discussion, especially on the signing certificates work.