BumbaBumba Posted November 2, 2019 Posted November 2, 2019 (edited) Hi Armbian fans and developers, I want to introduce ARM single board computers into one traditional organization with corporate IT that doesn't like changes. I already know what I get from the security team if I ask to deploy Armbian that is build by a relatively small number or volunteers. Security team is OK with Debian (that is not run by commercial company) but they won't be happy with Armbian regardless my recommendation even that I personally trust the Armbian team. The solution is to build the image from source and luckily that can be done thanks to the amazing https://github.com/armbian/build. I've just tried to build image for OrangePi Zero and it works! Really great project. My goal is to build it from source, deploy it and then push the organization for financially contribute to the project ;-). The challenge I have is to understand the build process and be able to explain what is going on. I'm worried about any non-source code files (compiled files) that are downloaded outside of Debian main repo (Debian is OK). I checked the compile.sh and lib/general.sh and it seems that following assets are downloaded, instead of compiled from source: archives https://dl.armbian.com/_toolchains/gcc-*, is this just downloaded or is that actually in active use? something from http://repo.aptly.info/ (repo is added so I guess it's used) root FS? I found $ROOT_FS_CREATE_ONLY option in https://docs.armbian.com/Developer-Guide_Build-Options/ anything else? Could you please confirm? Thank you! Robert Bumba Edited November 2, 2019 by BumbaBumba
Igor Posted November 2, 2019 Posted November 2, 2019 1 hour ago, BumbaBumba said: Really great project. Thank you. 1 hour ago, BumbaBumba said: Security team is OK with Debian We know hardware more in details. The rest, user land, is from Debian ... or (Stallmanised) Ubuntu if you choose that flavour. Debian (and any other distribution) is a (major) step back if you look to the ARM single board computers. 1 hour ago, BumbaBumba said: The challenge I have is to understand the build process and be able to explain what is going on. One user write a very good analysis but can't find it ... This is ours: https://docs.armbian.com/Developer-Guide_Build-Process/ but its several years old. 1. Cross-compilers are essential for building from sources and for building on a generic x86 platform. They came from Linaro or ARM and are PGP signed (by Linaro / ARM). https://releases.linaro.org/components/toolchain/binaries/ If you don't trust them, you can build compilers from sources ... with another C compiler you trust We have as many compilers we need to build all sources. Debian trusts Linaro. 2. Aptly is one of many Debian repository management tools. We choose to use this one. It's open source https://github.com/aptly-dev/aptly and works well. 3. Rootfs, applications and scripts, are cached, PGP signed (by me) and securely uploaded to our servers, like the rest of the stuff. This only shorten the build process in this task section (from 20 minutes down to 10-30 sec or whatever time you need to download 300-500Mb) which you can recreate with Debian debootstrap if you like. Packs are identical to all builds, only divided on package base (Stretch, Buster, Bionic, Buster-minimum, Buster-desktop ... ) and arhitecture - arm / arm64 in our case. We merge this with freshly compiled board support packages, u-boot, kernel and export ISO image which you can merge to the boot media. 4. Ask with more questions. Not sure if I remember everything you might need to know ... It's a big project by now. I was full time for few years and we would like to hire if there will be enough income. There is plenty of work. 1 hour ago, BumbaBumba said: I'm worried about any non-source code files (compiled files) that are downloaded outside of Debian main repo (Debian is OK). All binary code which we use is stored here: - https://github.com/armbian/build/tree/master/packages/blobs (various open stuff plus some bootloader blobs. some hw is not possible to bring up without) - https://github.com/armbian/rkbin (rockchip bootloaders, essential for rockchip) - https://github.com/armbian/firmware (wireless firmware, not essential) 1 hour ago, BumbaBumba said: for OrangePi Zero If you are happy with this, which is the cheapest hardware, how happy you will be with something which is not that limited BTW. Wireless on this chip is garbage beyond repair. 1
BumbaBumba Posted November 4, 2019 Author Posted November 4, 2019 On 11/2/2019 at 7:34 PM, Igor said: One user write a very good analysis but can't find it ... This is ours: https://docs.armbian.com/Developer-Guide_Build-Process/ but its several years old. Yes, I read the official docs but it was not enough. I'll try to find the analysis you're referring to. Could you please remember when was it written? Anyway, your writeup is excellent! You may consider to copy+paste it into the Docs. Thank you. On 11/2/2019 at 7:34 PM, Igor said: from Linaro or ARM and are PGP signed (by Linaro / ARM). great On 11/2/2019 at 7:34 PM, Igor said: Rootfs ... PGP signed (by me) and securely uploaded to our servers fantastic Also I finally found it in the code in lib/debootstrap.sh file and I see that ROOT_FS_CREATE_ONLY='force" will force running "debootstrap" command which will essentially rebuild rootfs from DEB packages downloaded from Debian / Ubuntu. On 11/2/2019 at 7:34 PM, Igor said: If you are happy with this, which is the cheapest hardware, how happy you will be with something which is not that limited BTW. Wireless on this chip is garbage beyond repair. I run Orange Pi Zero at home since I'm a cheap bastard ;-). I have very simple applications for my single board computers. Simple enough to use Arduino so Orange Pi Zero works fine and I'm happy that I don't pay for VGA / HDMI output. And yes, Wireless sucks - that's why I use RJ45. The company that I mentioned has bigger budget than my household so I'll take a look at supported boards and recommend something more expensive and reliable. Thank you very much Igor! 1
Werner Posted November 5, 2019 Posted November 5, 2019 15 hours ago, BumbaBumba said: I run Orange Pi Zero at home since I'm a cheap bastard ;-). You may want to consider buying an OrangePi One. The 512MB configuration is even a tiny bit cheaper than the 512MB OPi Zero, no (useless anyways) wireless onboard, offering HDMI and H3 instead of balls-cut-off-H2+ SoC. It cannot be powered from microUSB though. Barrel plug has to be used. 1
sfx2000 Posted November 13, 2019 Posted November 13, 2019 On 11/2/2019 at 11:13 AM, BumbaBumba said: I want to introduce ARM single board computers into one traditional organization with corporate IT that doesn't like changes. I already know what I get from the security team if I ask to deploy Armbian that is build by a relatively small number or volunteers. Security team is OK with Debian (that is not run by commercial company) but they won't be happy with Armbian regardless my recommendation even that I personally trust the Armbian team. I'd ask for what purpose are SBC's going to be used for - and to that end, the full-scope of that purpose. That's putting on the IT groups hat - I've been on both sides, so it's useful to step into their shoes, as IT supports the business, not the employees or their special projects. There's a lot of projects where they might be useful, but how would that fit within the larger organizations business. If you're on the engineering side - yes, we like to tinker, but find a good purpose, and then someone that can support the business side, and let them pull the project through... Easier to pull a string than to push a rope.
Recommended Posts