updated README.md
This commit is contained in:
parent
bf8d1e9549
commit
539c4383de
631
BTC.sh
631
BTC.sh
|
|
@ -1,398 +1,407 @@
|
|||
#!/bin/bash
|
||||
# ==============================================================================
|
||||
# BTC-0.3.0.sh - Sovereign Sentry Forge
|
||||
# Identity: dcosnet / dcos.net | Swarm: Broadwell-HS / Haswell-EP
|
||||
# License: GNU Affero General Public License v3 (AGPL-3.0)
|
||||
#
|
||||
# Notwithstanding any other provision of this License, if you modify
|
||||
# the Program, your modified version must prominently offer all users
|
||||
# interacting with it remotely through a computer network an
|
||||
# opportunity to receive the Corresponding Source of your version.
|
||||
#
|
||||
# Profile: Ghost / Virt / Base - Multi-Target Hardened Kernel & eBPF
|
||||
# Security: CVE-2026-31431 Mitigated | PATH-Pinned | Static-Trust Ready
|
||||
# Persistence: /opt/BTC | Volatile: ramfs
|
||||
# BTC-0.3.1.sh - Build Tool Chain (Sovereign Forge Edition)
|
||||
# Identity: dcosnet / dcos.net | Target: Broadwell-HS / Haswell-EP
|
||||
# Version: 0.3.1 | Persistence: /opt/BTC | Volatile: ramfs
|
||||
# License: GNU AGPLv3 Mandatory Prominent Interactive Notice
|
||||
# Copyright (C) 2012-2026 Jeremy Anderson (info@dcos.net)
|
||||
# ==============================================================================
|
||||
|
||||
# --- 1. AGPL COMPLIANCE & IDENTITY ---
|
||||
set -euo pipefail
|
||||
export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES
|
||||
|
||||
# --- 1. AGPL INTERACTIVE LICENSE COMPLIANCE ---
|
||||
function f_agpl_header() {
|
||||
cat <<EOF
|
||||
>> BTC-0.3.0 "Sovereign Sentry"
|
||||
>> Copyright (C) 2026 Jeremy Anderson
|
||||
>> Licensed under GNU AGPLv3. NO WARRANTY.
|
||||
>> SOURCE: https://git.dcos.net/jeremy/btc (Official Mirror)
|
||||
>> -----------------------------------------------------
|
||||
clear
|
||||
cat << 'EOF'
|
||||
===========================================================================
|
||||
BTC-0.3.1: SOVEREIGN FORGE PIPELINE (AGPLv3 PROTECTED)
|
||||
===========================================================================
|
||||
This program is free software: you can redistribute it and/or modify it
|
||||
under the terms of the GNU Affero General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License.
|
||||
|
||||
REMOTE INTERACTION NOTICE: Per Section 13 of the GNU AGPLv3, if you modify
|
||||
this script and offer its toolchain-building capabilities as a service over
|
||||
a network, you MUST make your complete modified source code available.
|
||||
===========================================================================
|
||||
EOF
|
||||
if [[ ! -f /var/tmp/BTC-AGPL-ACCEPTED ]]; then
|
||||
echo -n "Do you accept the network-sovereignty terms of the AGPLv3? (y/N): "
|
||||
read -r reply
|
||||
if [[ "${reply}" =~ ^[Yy]$ ]]; then
|
||||
touch /var/tmp/BTC-AGPL-ACCEPTED
|
||||
else
|
||||
echo ">> Build aborted: AGPLv3 acceptance is mandatory for execution."
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
# --- 2. HARDENED ENVIRONMENT ---
|
||||
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||
set -euo pipefail
|
||||
set -f
|
||||
|
||||
# Expand aliases for non-interactive bash to ensure absolute paths run correctly
|
||||
shopt -s expand_aliases
|
||||
|
||||
alias rsync='/usr/bin/rsync'
|
||||
alias tar='/usr/bin/tar'
|
||||
alias gcc='/usr/bin/gcc'
|
||||
alias sha256sum='/usr/bin/sha256sum'
|
||||
|
||||
# --- 3. RECOVERY & CLEANUP ---
|
||||
trap "echo '>> Interrupt: Cleaning ramfs...'; cd / && umount -l ${SOURCES_ACTIVE} 2>/dev/null || true; exit 1" INT TERM
|
||||
|
||||
# --- 4. GLOBAL CONFIG ---
|
||||
export BTC_DEBUG_LEVEL=1
|
||||
export BTC_STRIP_MODE=1
|
||||
export BTC_ARCHIVE=/opt/BTC
|
||||
export SOURCES_ACTIVE=/usr/src
|
||||
export SOURCE_CACHE=${BTC_ARCHIVE}/src
|
||||
export v_glibc='glibc-2.41'
|
||||
export v_gcc='gcc-14.2.0'
|
||||
export v_binutils='binutils-2.46'
|
||||
export v_linux='linux-7.1'
|
||||
export NEWROOT=${SOURCES_ACTIVE}/BTC-Forge
|
||||
export LOGS=${NEWROOT}/LOGS
|
||||
export DISTRO="DCOSNET-LEAD"
|
||||
|
||||
# --- 5. SILICON IDENTITY & MITIGATION ---
|
||||
# --- 2. SILICON IDENTITY & SAFE RESOURCE MANAGEMENT ---
|
||||
function f_silicon_probe() {
|
||||
echo ">> [IDENTITY] Interrogating Silicon..."
|
||||
echo ">> Interrogating Core Topology and Instruction Extensions..."
|
||||
local RAW_ARCH
|
||||
RAW_ARCH=$(gcc -march=native -Q --help=target | grep -m1 "march=" | awk '{print $2}')
|
||||
|
||||
if [[ -f /proc/modules ]] && grep -q "algif_aead" /proc/modules; then
|
||||
echo ">> [SECURITY] Disabling algif_aead (Copy Fail mitigation)..."
|
||||
rmmod algif_aead || true
|
||||
if [[ -z "${RAW_ARCH}" || "${RAW_ARCH}" == "x86-64" ]]; then
|
||||
export TARGET_ARCH="haswell"
|
||||
else
|
||||
export TARGET_ARCH="${RAW_ARCH}"
|
||||
fi
|
||||
|
||||
local RAW_ARCH=$(/usr/bin/gcc -march=native -Q --help=target | grep -m1 "march=" | awk '{print $2}')
|
||||
[[ -z "$RAW_ARCH" || "$RAW_ARCH" == "x86-64" ]] && export TARGET_ARCH="hsw" || export TARGET_ARCH="bdw"
|
||||
|
||||
export ISA_TAG="AVX2"
|
||||
export OPT_TAG="LTO"
|
||||
export SYS_LABEL="DCOSNET-${TARGET_ARCH^^}-${ISA_TAG}-${OPT_TAG}"
|
||||
export TARGET="x86_64-dcosnet-linux-gnu"
|
||||
export TARGET="x86_64-dcosnet-linux-gnu"
|
||||
|
||||
local total_ram=$(/usr/bin/free -m | awk '/^Mem:/{print $2}')
|
||||
export v_threads="-j$(( (total_ram / 2048) < $(nproc) ? (total_ram / 2048) : $(nproc) ))"
|
||||
|
||||
export GLOBAL_CFLAGS="-O3 -march=native -flto=$(nproc) -fstack-protector-strong -D_FORTIFY_SOURCE=2 --sysroot=${NEWROOT} -pipe"
|
||||
export GLOBAL_LDFLAGS="-Wl,-O1 -Wl,--as-needed -flto=$(nproc) --sysroot=${NEWROOT}"
|
||||
# Resource-Safe Threading: Allocate 2GB RAM per core floor to prevent LTO thrashing
|
||||
local total_cpus
|
||||
total_cpus=$(nproc)
|
||||
local free_gb
|
||||
free_gb=$(free -g | awk '/^Mem:/{print $7}')
|
||||
local safe_threads=$(( free_gb / 2 ))
|
||||
|
||||
export CCACHE_DIR="${BTC_ARCHIVE}/cache/${SYS_LABEL}"
|
||||
mkdir -p "${CCACHE_DIR}"
|
||||
if [[ ${safe_threads} -lt 1 ]]; then safe_threads=1; fi
|
||||
if [[ ${safe_threads} -gt ${total_cpus} ]]; then safe_threads=${total_cpus}; fi
|
||||
export v_threads="-j${safe_threads}"
|
||||
|
||||
echo ">> [IDENTITY STAMP] ${SYS_LABEL}"
|
||||
echo ">> [THREAD ALLOCATION] Probed ${total_cpus} cores -> Throttled to ${v_threads} for LTO Safety."
|
||||
}
|
||||
|
||||
# --- 6. DCOSNET FORENSIC STAMPING (ELF & XATTR) ---
|
||||
function f_stamp_binary() {
|
||||
local target_bin="$1"
|
||||
local log_base="$2"
|
||||
|
||||
cat <<EOF > btc_stamp.s
|
||||
.section .note.BTC,"a"
|
||||
.align 4
|
||||
.long 4f - 1f
|
||||
.long 3f - 2f
|
||||
.long 1
|
||||
1: .asciz "DCOSNET"
|
||||
2: .ascii "Org: dcos.net|K:7.1|I:${ISA_TAG}|O:${OPT_TAG}|T:${DISTRO}|F:${HOSTNAME}"
|
||||
3: .align 4
|
||||
4:
|
||||
EOF
|
||||
/usr/bin/gcc -c btc_stamp.s -o btc_stamp.o
|
||||
objcopy --add-section .note.BTC=btc_stamp.o "${target_bin}"
|
||||
rm btc_stamp.s btc_stamp.o
|
||||
# --- 3. SYSTEM PATHS & STAGING MATRIX ---
|
||||
export SOURCES_ACTIVE=/usr/src
|
||||
export BTC_ARCHIVE=/opt/BTC
|
||||
export SOURCE_CACHE=${BTC_ARCHIVE}/src
|
||||
export RAMDISK_SIZE="12gb"
|
||||
|
||||
local bin_hash=$(sha256sum "${target_bin}" | awk '{print $1}')
|
||||
setfattr -n user.btc.identity -v "BTC-${SYS_LABEL}-${v_linux}-dcosnet" "${target_bin}"
|
||||
setfattr -n user.btc.hash -v "${bin_hash}" "${target_bin}"
|
||||
|
||||
if [[ "${BTC_STRIP_MODE}" -eq 1 ]]; then
|
||||
mkdir -p "${BTC_ARCHIVE}/symbols/${SYS_LABEL}"
|
||||
objcopy --only-keep-debug "${target_bin}" "${BTC_ARCHIVE}/symbols/${SYS_LABEL}/${log_base}.debug"
|
||||
strip --strip-unneeded "${target_bin}"
|
||||
objcopy --add-gnu-debuglink="${BTC_ARCHIVE}/symbols/${SYS_LABEL}/${log_base}.debug" "${target_bin}"
|
||||
fi
|
||||
}
|
||||
# Upstream Production Matrices
|
||||
export v_linux='linux-7.1'
|
||||
export v_binutils='binutils-2.46'
|
||||
export v_gcc='gcc-14.2.0'
|
||||
export v_glibc='glibc-2.41'
|
||||
export v_libxcrypt='4.4.36'
|
||||
export v_gmp='gmp-6.3.0'
|
||||
export v_mpfr='mpfr-4.2.1'
|
||||
export v_mpc='mpc-1.3.1'
|
||||
|
||||
# --- 7. THE INVISIBLE GUARD ---
|
||||
export NEWROOT="${SOURCES_ACTIVE}/${SYS_LABEL}-cleanroom"
|
||||
export LOGS="${BTC_ARCHIVE}/logs/${SYS_LABEL}"
|
||||
export HOST_ARCH="x86_64-pc-linux-gnu"
|
||||
|
||||
# Optimization Ensembles
|
||||
export GLOBAL_CFLAGS="-O3 -march=${TARGET_ARCH} -flto -ffat-lto-objects --sysroot=${NEWROOT} -pipe"
|
||||
export GLOBAL_LDFLAGS="-Wl,-O1 -Wl,--as-needed -flto --sysroot=${NEWROOT}"
|
||||
|
||||
# --- 4. HARDWARE SENTINEL & TELEMETRY MODULES ---
|
||||
function f_guard() {
|
||||
local max_temp=85
|
||||
local min_mem=800
|
||||
while true; do
|
||||
local cur_temp=$(cat /sys/class/thermal/thermal_zone*/temp | head -n1 | awk '{print $1/1000}')
|
||||
local cur_mem=$(/usr/bin/free -m | awk '/^Mem:/{print $7}')
|
||||
if (( cur_temp > max_temp )); then
|
||||
echo ">> [THERMAL PAUSE] ${cur_temp}°C - Cooling..."
|
||||
sleep 10
|
||||
elif (( cur_mem < min_mem )); then
|
||||
echo ">> [MEMORY PAUSE] ${cur_mem}MB - Waiting for LTO clearance (RDIMM)..."
|
||||
sleep 30
|
||||
else
|
||||
break
|
||||
fi
|
||||
done
|
||||
}
|
||||
local cur_temp
|
||||
local cur_mem
|
||||
|
||||
function f_entropy_shield() {
|
||||
local cur_ent=$(cat /proc/sys/kernel/random/entropy_avail)
|
||||
if (( cur_ent < 250 )); then
|
||||
echo ">> [ENTROPY SHIELD] Low Pool. Generating Jitter for 7.1 Signing..."
|
||||
find /bin /sbin -type f -exec ls -l {} + > /dev/null 2>&1 &
|
||||
sleep 2 && kill $! 2>/dev/null || true
|
||||
cur_temp=$(cat /sys/class/thermal/thermal_zone*/temp | head -n1 | awk '{print $1/1000}')
|
||||
cur_mem=$(free -m | awk '/^Mem:/{print $7}')
|
||||
|
||||
if (( ${cur_temp%.*} > max_temp )); then
|
||||
echo ">> [WARNING: THERMAL SPIKE] Temp at ${cur_temp}°C. Throttling build for cooling phase..."
|
||||
sleep 15
|
||||
fi
|
||||
if [[ ${cur_mem} -lt ${min_mem} ]]; then
|
||||
echo ">> [WARNING: MEMORY SATURATION] Free memory at ${cur_mem}MB. Yielding pipeline execution..."
|
||||
sleep 20
|
||||
fi
|
||||
}
|
||||
|
||||
function f_entropy_shield() {
|
||||
local min_entropy=1000
|
||||
local cur_entropy
|
||||
cur_entropy=$(cat /proc/sys/kernel/random/entropy_avail)
|
||||
|
||||
if [[ ${cur_entropy} -lt ${min_entropy} ]]; then
|
||||
echo ">> [ENTROPY DEFICIT] Pool dropped to ${cur_entropy}. Injecting safe hardware-jitter..."
|
||||
find /bin /sbin -type f -exec ls -l {} + > /dev/null 2>&1 &
|
||||
sleep 2
|
||||
kill $! 2>/dev/null || true
|
||||
fi
|
||||
}
|
||||
|
||||
# --- 8. EXECUTION ENGINE (FORENSIC) ---
|
||||
function f_exec_log() {
|
||||
local cmd="$1"
|
||||
local log_base="$2"
|
||||
local mode="${3:-build}"
|
||||
|
||||
f_entropy_shield
|
||||
f_guard
|
||||
|
||||
if [[ "$mode" == "install" ]]; then
|
||||
stdbuf -oL -eL installwatch -o "${LOGS}/${log_base}.iw" bash -c "$cmd" | \
|
||||
pv -t -r -b -N "${log_base}" >> "${LOGS}/${log_base}.log" 2>&1
|
||||
|
||||
find ${NEWROOT} -type f -executable -exec bash -c '
|
||||
file "$1" | grep -q "ELF" && f_stamp_binary "$1" "'"${log_base}"'"
|
||||
' _ {} \;
|
||||
else
|
||||
stdbuf -oL -eL bash -c "${cmd}" | \
|
||||
echo ">> Executing: ${log_base}"
|
||||
stdbuf -oL -eL bash -c "${cmd}" 2>&1 | \
|
||||
pv -t -r -b -N "${log_base}" | \
|
||||
tee -a "${LOGS}/${log_base}.log" > /dev/null \
|
||||
2> >(tee -a "${LOGS}/${log_base}.err" >> "${LOGS}/${log_base}.log")
|
||||
fi
|
||||
tee -a "${LOGS}/${log_base}.log" > /dev/null
|
||||
}
|
||||
|
||||
function f_setup() {
|
||||
local ram_kb=$(grep MemTotal /proc/meminfo | awk '{print $2}')
|
||||
mount -t ramfs -o size=$((ram_kb/2/1024))M ramfs ${SOURCES_ACTIVE}
|
||||
mkdir -p ${NEWROOT}/{bin,lib,lib64,sbin,etc,usr,boot} ${LOGS}
|
||||
ln -sf lib ${NEWROOT}/lib64
|
||||
|
||||
function f_tmux_dashboard() {
|
||||
if [[ -n "${TMUX:-}" ]]; then
|
||||
tmux split-window -h -p 35 "tail -F ${LOGS}/*.log 2>/dev/null"
|
||||
tmux split-window -v -p 66 "watch -n 2 'ss -tunp | grep -E \"gcc|make|configure|ld\" | grep -v \"127.0.0.1\"'"
|
||||
tmux split-window -v -p 50 "watch -n 2 'echo \"ENTROPY: \$(cat /proc/sys/kernel/random/entropy_avail)\"; iostat -dx 1 2 | awk \"/avg-cpu/ {getline; print \\\$4 \\\"% iowait\\\"}\"'"
|
||||
tmux select-pane -t 0
|
||||
echo ">> BTC Dashboard Synchronized..."
|
||||
echo ">> Active Tmux session identified. Splitting target tracking matrix..."
|
||||
tmux split-window -h -p 35 "tail -F ${LOGS}/*.log" || true
|
||||
tmux split-window -v -p 50 "watch -n 2 'echo \"=== ENTROPY POOL ===\"; cat /proc/sys/kernel/random/entropy_avail; echo \"=== NETWORK BOUND MATRIX ===\"; ss -tunp | grep -v 127.0.0.1'" || true
|
||||
tmux select-pane -t 0 || true
|
||||
fi
|
||||
}
|
||||
|
||||
# --- 9. PERSISTENCE BRIDGE (PACKAGING) ---
|
||||
function f_package() {
|
||||
local PKG_NAME="dcosnet-baseline-${SYS_LABEL}-${v_linux}.tar.xz"
|
||||
local PKG_PATH="${BTC_ARCHIVE}/completed"
|
||||
mkdir -p "${PKG_PATH}"
|
||||
|
||||
echo ">> [AGPL-EXPORT] Compressing Forge State to Archive..."
|
||||
tar -cJpf "${PKG_PATH}/${PKG_NAME}" -C "${NEWROOT}" .
|
||||
|
||||
local pkg_hash=$(sha256sum "${PKG_PATH}/${PKG_NAME}" | awk '{print $1}')
|
||||
setfattr -n user.btc.pkg_hash -v "${pkg_hash}" "${PKG_PATH}/${PKG_NAME}"
|
||||
|
||||
mkdir -p "${BTC_ARCHIVE}/logs"
|
||||
cp -rv "${LOGS}" "${BTC_ARCHIVE}/logs/${SYS_LABEL}_$(date +%Y%m%d)"
|
||||
echo ">> [SUCCESS] Artifact preserved at ${PKG_PATH}/${PKG_NAME}"
|
||||
}
|
||||
# --- 5. FORENSIC IDENTITY STAMPING LAYER ---
|
||||
function f_stamp_binary() {
|
||||
local target_bin="$1"
|
||||
local log_base="$2"
|
||||
|
||||
function f_set_exports() {
|
||||
export CC="ccache ${NEWROOT}/bin/${TARGET}-gcc-${SYS_LABEL}"
|
||||
export CXX="ccache ${NEWROOT}/bin/${TARGET}-g++-${SYS_LABEL}"
|
||||
export AR="${NEWROOT}/bin/${TARGET}-gcc-ar-${SYS_LABEL}"
|
||||
export NM="${NEWROOT}/bin/${TARGET}-gcc-nm-${SYS_LABEL}"
|
||||
export RANLIB="${NEWROOT}/bin/${TARGET}-gcc-ranlib-${SYS_LABEL}"
|
||||
export CFLAGS="${GLOBAL_CFLAGS}"
|
||||
export CXXFLAGS="${GLOBAL_CFLAGS}"
|
||||
export LDFLAGS="${GLOBAL_LDFLAGS}"
|
||||
}
|
||||
if [[ -f "${target_bin}" && ! -L "${target_bin}" ]]; then
|
||||
# 1. Inject ELF Object Note
|
||||
cat << EOF > btc_stamp.s
|
||||
.section .note.BTC,"a",@note
|
||||
.long 2f - 1f
|
||||
.long 4f - 3f
|
||||
.long 1
|
||||
1: .asciz "DCOSNET"
|
||||
2: .align 4
|
||||
3: .ascii "Org: dcos.net|K:7.1|Arch:${TARGET_ARCH}|Label:${SYS_LABEL}|Forge:${log_base}"
|
||||
4: .align 4
|
||||
EOF
|
||||
gcc -c btc_stamp.s -o btc_stamp.o
|
||||
objcopy --add-section .note.BTC=btc_stamp.o "${target_bin}"
|
||||
rm -f btc_stamp.s btc_stamp.o
|
||||
|
||||
# --- 10. KERNEL PROFILE INJECTION ---
|
||||
function f_ghost_opts() {
|
||||
echo ">> [PROFILE] Applying Ghost Hardening (Physical/Tuned)..."
|
||||
{
|
||||
echo "CONFIG_MODULES=n"
|
||||
echo "CONFIG_KALLSYMS=n"
|
||||
echo "CONFIG_COMPAT=n"
|
||||
echo "CONFIG_PROC_KCORE=n"
|
||||
echo "CONFIG_CIFS=n"
|
||||
echo "CONFIG_NFS_FS=n"
|
||||
echo "CONFIG_SUNRPC=n"
|
||||
echo "CONFIG_ATM=n"
|
||||
echo "CONFIG_SYSVIPC=n"
|
||||
echo "CONFIG_SECURITY_SELINUX=n"
|
||||
echo "CONFIG_SECURITY_APPARMOR=n"
|
||||
echo "CONFIG_LSM=\"bpf,capability\""
|
||||
echo "CONFIG_BPF_LSM=y"
|
||||
echo "CONFIG_DEBUG_INFO_BTF=y"
|
||||
echo "CONFIG_E1000E=y"
|
||||
echo "CONFIG_R8169=y"
|
||||
} >> .config
|
||||
make olddefconfig > /dev/null
|
||||
}
|
||||
# 2. Append Extended Filesystem Attributes Ledger
|
||||
local bin_hash
|
||||
bin_hash=$(sha256sum "${target_bin}" | awk '{print $1}')
|
||||
setfattr -n user.btc.identity -v "BTC-${SYS_LABEL}-${v_linux}-sovereign" "${target_bin}" 2>/dev/null || true
|
||||
setfattr -n user.btc.hash -v "${bin_hash}" "${target_bin}" 2>/dev/null || true
|
||||
|
||||
function f_virt_opts() {
|
||||
echo ">> [PROFILE] Applying Weightless Profile (VirtIO/Classic Guest)..."
|
||||
{
|
||||
echo "CONFIG_VIRTIO_PCI=y"
|
||||
echo "CONFIG_VIRTIO_NET=y"
|
||||
echo "CONFIG_VIRTIO_BLK=y"
|
||||
echo "CONFIG_DRM_VIRTIO_GPU=y"
|
||||
echo "CONFIG_DRM_CIRRUS_QEMU=y"
|
||||
echo "CONFIG_DRM_VMWGFX=y"
|
||||
echo "CONFIG_DEBUG_INFO_BTF=y"
|
||||
echo "CONFIG_BPF_LSM=y"
|
||||
echo "CONFIG_LSM=\"bpf,capability\""
|
||||
} >> .config
|
||||
make olddefconfig > /dev/null
|
||||
}
|
||||
|
||||
function gen_vmlinux_h() {
|
||||
local EBPF_DIR="${NEWROOT}/ebpf"
|
||||
mkdir -p "$EBPF_DIR"
|
||||
|
||||
if command -v bpftool >/dev/null 2>&1 && [ -f "./vmlinux" ]; then
|
||||
echo ">> [EBPF] Generating vmlinux.h for CO-RE portability..."
|
||||
bpftool btf dump file ./vmlinux format c > "$EBPF_DIR/vmlinux.h" 2>/dev/null || echo ">> [WARN] BTF dump failed."
|
||||
else
|
||||
echo ">> [WARN] Skipping vmlinux.h: tool or vmlinux binary missing."
|
||||
# 3. Separate Debug Symbols & Create External Links
|
||||
if [[ "${BTC_STRIP_MODE:-1}" -eq 1 ]]; then
|
||||
mkdir -p "${BTC_ARCHIVE}/symbols/${SYS_LABEL}"
|
||||
objcopy --only-keep-debug "${target_bin}" "${BTC_ARCHIVE}/symbols/${SYS_LABEL}/${log_base}.debug"
|
||||
strip --strip-unneeded "${target_bin}"
|
||||
objcopy --add-gnu-debuglink="${BTC_ARCHIVE}/symbols/${SYS_LABEL}/${log_base}.debug" "${target_bin}"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
# --- 11. CORE BUILD STAGES ---
|
||||
# --- 6. CLEANROOM MATRIX CONFIGURATION ---
|
||||
function f_setup() {
|
||||
echo ">> Preparing Virtualized Cleanroom Environment..."
|
||||
mkdir -p "${SOURCE_CACHE}" "${LOGS}" "${BTC_ARCHIVE}/symbols/${SYS_LABEL}"
|
||||
|
||||
if ! mountpoint -q "${SOURCES_ACTIVE}"; then
|
||||
mount -t ramfs -o size=${RAMDISK_SIZE} ramfs "${SOURCES_ACTIVE}"
|
||||
echo ">> Ramfs Cleanroom mounted at ${SOURCES_ACTIVE} with ceiling ${RAMDISK_SIZE}."
|
||||
fi
|
||||
|
||||
mkdir -p "${NEWROOT}"
|
||||
cd "${NEWROOT}"
|
||||
mkdir -p bin etc lib lib64 sbin usr var include
|
||||
|
||||
case $(uname -m) in
|
||||
x86_64) ln -sfv lib "${NEWROOT}/lib64" ;;
|
||||
esac
|
||||
|
||||
export PATH="${NEWROOT}/bin:${PATH}"
|
||||
}
|
||||
|
||||
# --- 7. MONOLITHIC STEP-BY-STEP FORGE PIPELINE ---
|
||||
function f_binutils() {
|
||||
cd ${SOURCES_ACTIVE}
|
||||
tar -axf ${SOURCE_CACHE}/${v_binutils}*
|
||||
cd binutils-* && mkdir -p build && cd build
|
||||
f_exec_log "../configure --prefix=${NEWROOT} --target=${TARGET} --with-sysroot=${NEWROOT} --program-suffix=-${SYS_LABEL} --disable-nls --disable-multilib" "binutils-conf"
|
||||
cd "${SOURCES_ACTIVE}"
|
||||
tar -xf "${SOURCE_CACHE}/${v_binutils}.tar.xz"
|
||||
mkdir -p "${v_binutils}-build" && cd "${v_binutils}-build"
|
||||
|
||||
local build_cmd="../${v_binutils}/configure \
|
||||
--prefix=${NEWROOT} \
|
||||
--with-sysroot=${NEWROOT} \
|
||||
--target=${TARGET} \
|
||||
--disable-nls \
|
||||
--enable-gprofng=no \
|
||||
--disable-werror \
|
||||
--enable-default-hash-style=gnu"
|
||||
|
||||
f_exec_log "${build_cmd}" "binutils-configure"
|
||||
f_exec_log "make ${v_threads}" "binutils-make"
|
||||
f_exec_log "make install" "binutils-install" "install"
|
||||
f_exec_log "make install" "binutils-install"
|
||||
}
|
||||
|
||||
function f_kernel_headers() {
|
||||
cd ${SOURCES_ACTIVE}
|
||||
tar -axf ${SOURCE_CACHE}/${v_linux}*
|
||||
cd linux-*
|
||||
f_exec_log "make mrproper && make headers" "kernel-headers"
|
||||
cp -rv usr/include/* ${NEWROOT}/include
|
||||
cd "${SOURCES_ACTIVE}"
|
||||
tar -xf "${SOURCE_CACHE}/${v_linux}.tar.xz"
|
||||
cd "${v_linux}"
|
||||
|
||||
f_exec_log "make mrproper" "kernel-headers-clean"
|
||||
f_exec_log "make headers" "kernel-headers-generate"
|
||||
|
||||
find usr/include -type f ! -name '*.h' -delete
|
||||
mkdir -p "${NEWROOT}/usr/include"
|
||||
cp -rv usr/include/* "${NEWROOT}/usr/include"
|
||||
}
|
||||
|
||||
function f_gcc_p1() {
|
||||
cd ${SOURCES_ACTIVE}
|
||||
tar -axf ${SOURCE_CACHE}/${v_gcc}*
|
||||
cd gcc-*
|
||||
for lib in gmp mpfr mpc; do tar -xf ${SOURCE_CACHE}/${lib}*; mv -v ${lib}-* ${lib}; done
|
||||
mkdir -p build && cd build
|
||||
f_exec_log "../configure --target=${TARGET} --prefix=${NEWROOT} --with-sysroot=${NEWROOT} --program-suffix=-${SYS_LABEL} --without-headers --disable-shared --disable-threads --enable-languages=c,c++" "gcc1-conf"
|
||||
f_exec_log "make ${v_threads}" "gcc1-make"
|
||||
f_exec_log "make install" "gcc1-install" "install"
|
||||
cd "${SOURCES_ACTIVE}"
|
||||
tar -xf "${SOURCE_CACHE}/${v_gcc}.tar.xz"
|
||||
cd "${v_gcc}"
|
||||
|
||||
# Nesting Support Libraries internally for Stage-1 execution isolation
|
||||
tar -xf "${SOURCE_CACHE}/${v_gmp}.tar.xz" && mv -v "${v_gmp}" gmp
|
||||
tar -xf "${SOURCE_CACHE}/${v_mpfr}.tar.xz" && mv -v "${v_mpfr}" mpfr
|
||||
tar -xf "${SOURCE_CACHE}/${v_mpc}.tar.gz" && mv -v "${v_mpc}" mpc
|
||||
|
||||
# Enforce 64-bit dynamic linker structural target pathing
|
||||
sed -e '/m64=/s/lib64/lib/' -i.bak gcc/config/i386/t-linux64
|
||||
|
||||
mkdir -p "${SOURCES_ACTIVE}/${v_gcc}-phase1" && cd "${SOURCES_ACTIVE}/${v_gcc}-phase1"
|
||||
|
||||
local build_cmd="../${v_gcc}/configure \
|
||||
--target=${TARGET} \
|
||||
--prefix=${NEWROOT} \
|
||||
--with-glibc-version=${v_glibc#*-} \
|
||||
--with-sysroot=${NEWROOT} \
|
||||
--with-newlib \
|
||||
--without-headers \
|
||||
--enable-default-pie \
|
||||
--enable-default-ssp \
|
||||
--disable-nls \
|
||||
--disable-shared \
|
||||
--disable-multilib \
|
||||
--disable-threads \
|
||||
--disable-libatomic \
|
||||
--disable-libgomp \
|
||||
--disable-libquadmath \
|
||||
--disable-libssp \
|
||||
--disable-libvtv \
|
||||
--disable-libstdcxx \
|
||||
--enable-languages=c,c++"
|
||||
|
||||
f_exec_log "${build_cmd}" "gcc-p1-configure"
|
||||
f_exec_log "make ${v_threads}" "gcc-p1-make"
|
||||
f_exec_log "make install" "gcc-p1-install"
|
||||
}
|
||||
|
||||
function f_glibc() {
|
||||
f_set_exports
|
||||
cd ${SOURCES_ACTIVE}/glibc-*
|
||||
mkdir -p build && cd build
|
||||
f_exec_log "../configure --prefix=${NEWROOT} --host=${TARGET} --with-headers=${NEWROOT}/include libc_cv_slibdir=${NEWROOT}/lib" "glibc-conf"
|
||||
cd "${SOURCES_ACTIVE}"
|
||||
tar -xf "${SOURCE_CACHE}/${v_glibc}.tar.xz"
|
||||
mkdir -p "${v_glibc}-build" && cd "${v_glibc}-build"
|
||||
|
||||
local build_cmd="../${v_glibc}/configure \
|
||||
--prefix=/usr \
|
||||
--host=${TARGET} \
|
||||
--build=${HOST_ARCH} \
|
||||
--enable-kernel=4.19 \
|
||||
--with-headers=${NEWROOT}/usr/include \
|
||||
--disable-profile \
|
||||
--enable-stack-protector=strong \
|
||||
--disable-werror \
|
||||
libc_cv_slibdir=/usr/lib"
|
||||
|
||||
f_exec_log "${build_cmd}" "glibc-configure"
|
||||
f_exec_log "make ${v_threads}" "glibc-make"
|
||||
f_exec_log "make DESTDIR=${NEWROOT} install" "glibc-install" "install"
|
||||
f_exec_log "make DESTDIR=${NEWROOT} install" "glibc-install"
|
||||
|
||||
# Sanitize hardcoded host system configurations from dynamic script linkage
|
||||
sed -i "s|${NEWROOT}||g" "${NEWROOT}/usr/bin/ldd"
|
||||
}
|
||||
|
||||
function f_libxcrypt() {
|
||||
cd "${SOURCES_ACTIVE}"
|
||||
tar -xf "${SOURCE_CACHE}/libxcrypt-${v_libxcrypt}.tar.xz"
|
||||
cd "libxcrypt-${v_libxcrypt}"
|
||||
|
||||
local build_cmd="./configure \
|
||||
--prefix=/usr \
|
||||
--host=${TARGET} \
|
||||
--build=${HOST_ARCH} \
|
||||
--enable-hashes=strong,glibc \
|
||||
--enable-obsolete-api=no \
|
||||
--disable-static"
|
||||
|
||||
f_exec_log "${build_cmd}" "libxcrypt-configure"
|
||||
f_exec_log "make ${v_threads}" "libxcrypt-make"
|
||||
f_exec_log "make DESTDIR=${NEWROOT} install" "libxcrypt-install"
|
||||
}
|
||||
|
||||
function f_gcc_p2() {
|
||||
f_set_exports
|
||||
cd ${SOURCES_ACTIVE}/gcc-*/build && rm -rf *
|
||||
f_exec_log "../configure --prefix=${NEWROOT} --target=${TARGET} --program-suffix=-${SYS_LABEL} --enable-languages=c,c++ --with-build-sysroot=${NEWROOT}" "gcc2-conf"
|
||||
f_exec_log "make ${v_threads}" "gcc2-make"
|
||||
f_exec_log "make install" "gcc2-install" "install"
|
||||
cd "${SOURCES_ACTIVE}"
|
||||
# Re-use existing directory with static parameters attached
|
||||
cd "${v_gcc}"
|
||||
|
||||
tar -xf "${SOURCE_CACHE}/${v_gmp}.tar.xz" --skip-old-files || true
|
||||
tar -xf "${SOURCE_CACHE}/${v_mpfr}.tar.xz" --skip-old-files || true
|
||||
tar -xf "${SOURCE_CACHE}/${v_mpc}.tar.gz" --skip-old-files || true
|
||||
|
||||
mkdir -p "${SOURCES_ACTIVE}/${v_gcc}-phase2" && cd "${SOURCES_ACTIVE}/${v_gcc}-phase2"
|
||||
|
||||
local build_cmd="../${v_gcc}/configure \
|
||||
--prefix=/usr \
|
||||
--host=${TARGET} \
|
||||
--build=${HOST_ARCH} \
|
||||
--enable-languages=c,c++ \
|
||||
--enable-default-pie \
|
||||
--enable-default-ssp \
|
||||
--disable-multilib \
|
||||
--disable-bootstrap"
|
||||
|
||||
f_exec_log "${build_cmd}" "gcc-p2-configure"
|
||||
f_exec_log "make ${v_threads}" "gcc-p2-make"
|
||||
f_exec_log "make DESTDIR=${NEWROOT} install" "gcc-p2-install"
|
||||
}
|
||||
|
||||
function f_kernel_binary() {
|
||||
f_set_exports
|
||||
cd ${SOURCES_ACTIVE}/linux-*
|
||||
make defconfig > /dev/null
|
||||
cd "${SOURCES_ACTIVE}/${v_linux}"
|
||||
|
||||
# Kernel Profile Routing
|
||||
case ${KERNEL_PROFILE} in
|
||||
ghost) f_ghost_opts ;;
|
||||
virt) f_virt_opts ;;
|
||||
base) echo ">> [PROFILE] Baseline Discovery Active" ;;
|
||||
esac
|
||||
|
||||
echo "-dcosnet-${SYS_LABEL}" > .scmversion
|
||||
echo ">> Instantiating Silicon Optimized Monolithic Configuration Matrix..."
|
||||
make defconfig
|
||||
|
||||
# Inject Custom Enterprise Swarm Labels & Architecture Parameters
|
||||
sed -i "s/CONFIG_LOCALVERSION=\"\"/CONFIG_LOCALVERSION=\"-dcosnet-${SYS_LABEL}\"/" .config
|
||||
|
||||
# Modern Hardening Optimization Suite Injection
|
||||
sed -i "s/# CONFIG_MODULES is not set/CONFIG_MODULES=n/" .config || true
|
||||
echo "CONFIG_MODULES=n" >> .config
|
||||
echo "CONFIG_KALLSYMS=n" >> .config
|
||||
echo "CONFIG_DEBUG_FS=n" >> .config
|
||||
|
||||
f_exec_log "make olddefconfig" "kernel-bin-config-merge"
|
||||
f_exec_log "make ${v_threads} LOCALVERSION=-dcosnet-${SYS_LABEL} bzImage" "kernel-bin-make"
|
||||
|
||||
# Generate eBPF structural maps for the resulting kernel layout
|
||||
gen_vmlinux_h
|
||||
mkdir -p "${NEWROOT}/boot"
|
||||
cp -v arch/x86/boot/bzImage "${NEWROOT}/boot/vmlinuz-${v_linux}-${SYS_LABEL}-sovereign"
|
||||
|
||||
cp -v arch/x86/boot/bzImage ${NEWROOT}/boot/vmlinuz-${v_linux}-${SYS_LABEL}-dcosnet
|
||||
|
||||
echo "--- FINAL KERNEL AUDIT ---"
|
||||
grep -E "CONFIG_(MODULES|CIFS|NFS|SUNRPC|SECURITY_SELINUX|DEBUG_INFO_BTF)" .config | sed 's/^/[AUDIT] /'
|
||||
# Apply Forensic Engine Analysis Verification Stamps to Core Cross-Compiler Tooling
|
||||
find "${NEWROOT}/bin" "${NEWROOT}/usr/bin" -type f -exec bash -c 'f_stamp_binary "$1" "$(basename "$1")"' _ {} \; || true
|
||||
}
|
||||
|
||||
# --- 12. DEPLOYMENT TARGETING ---
|
||||
function f_install_target() {
|
||||
local TARGET_PART="${1}"
|
||||
local MNT_POINT="/mnt/btc_target"
|
||||
mkdir -p ${MNT_POINT} && mount ${TARGET_PART} ${MNT_POINT}
|
||||
|
||||
local DISTRO="Generic-Source"
|
||||
[[ -f "${MNT_POINT}/etc/lunar/version" ]] && DISTRO="Lunar"
|
||||
[[ -f "${MNT_POINT}/etc/sorcery/version" ]] && DISTRO="SourceMage"
|
||||
[[ -f "${MNT_POINT}/etc/openwrt_version" ]] && DISTRO="OpenWrt"
|
||||
[[ -d "${MNT_POINT}/etc/portage" ]] && DISTRO="Gentoo"
|
||||
[[ -f "${MNT_POINT}/etc/exherbo-release" ]] && DISTRO="Exherbo"
|
||||
[[ -f "${MNT_POINT}/etc/cruxversion" ]] && DISTRO="CRUX"
|
||||
|
||||
echo ">> [DCOSNET SWARM] Deploying Silicon-Identity to Dell Optiplex 3050 Micro Variants / ${DISTRO} target..."
|
||||
|
||||
# Kernel Handoff
|
||||
mkdir -p ${MNT_POINT}/boot
|
||||
cp -v ${NEWROOT}/boot/vmlinuz-* ${MNT_POINT}/boot/
|
||||
|
||||
# Binary Sync with safe-links
|
||||
local bin_dest="/usr/local/bin"
|
||||
[[ "$DISTRO" == "OpenWrt" ]] && bin_dest="/usr/bin"
|
||||
|
||||
f_exec_log "rsync -avzX --safe-links ${NEWROOT}/bin/ ${MNT_POINT}${bin_dest}/" "${DISTRO}_deploy" "install"
|
||||
umount ${MNT_POINT}
|
||||
echo ">> [SUCCESS] Swarm Node Seeded: ${DISTRO}"
|
||||
function f_package() {
|
||||
echo ">> Packaging Production Golden Image Artifact Target Matrix..."
|
||||
cd "${NEWROOT}"
|
||||
tar -cf - . | xz -9 -T 0 > "${BTC_ARCHIVE}/${SYS_LABEL}-toolchain-golden.tar.xz"
|
||||
echo ">> [SUCCESS] Archive deployed cleanly to: ${BTC_ARCHIVE}/${SYS_LABEL}-toolchain-golden.tar.xz"
|
||||
}
|
||||
|
||||
# --- 13. MAIN ORCHESTRATION ---
|
||||
# --- 8. MAIN ENTRY RUNTIME MATRIX ---
|
||||
function f_main() {
|
||||
[[ $EUID -ne 0 ]] && { echo ">> Root Required."; exit 1; }
|
||||
[[ ${EUID} -ne 0 ]] && { echo ">> Error: Root privileges required."; exit 1; }
|
||||
|
||||
# Parsing Profile and Target Device (Usage: ./btc.sh [ghost|virt|base] [/dev/sdX])
|
||||
export KERNEL_PROFILE="${1:-ghost}"
|
||||
local TARGET_DEV="${2:-}"
|
||||
|
||||
f_agpl_header
|
||||
f_agpl_header
|
||||
f_silicon_probe
|
||||
f_setup
|
||||
|
||||
# Forge Pipeline
|
||||
f_tmux_dashboard
|
||||
|
||||
# Linear Forge Execution Sequence
|
||||
f_binutils
|
||||
f_kernel_headers
|
||||
f_gcc_p1
|
||||
f_glibc
|
||||
f_libxcrypt
|
||||
f_gcc_p2
|
||||
f_kernel_binary
|
||||
|
||||
# Mandatory Persistence (Archive)
|
||||
f_package
|
||||
|
||||
# Optional Physical Seed deployment
|
||||
if [[ -n "${TARGET_DEV}" ]]; then
|
||||
f_install_target "${TARGET_DEV}"
|
||||
fi
|
||||
f_package
|
||||
|
||||
# Zero-Footprint Cleanup: Unmount ramfs
|
||||
cd / && umount -l ${SOURCES_ACTIVE}
|
||||
echo ">> [SUCCESS] BTC-0.3.0-AGPL: Sovereign Forge Complete. Profile: ${KERNEL_PROFILE}"
|
||||
# Clear volatile memory cleanrooms
|
||||
cd /
|
||||
umount -l "${SOURCES_ACTIVE}" 2>/dev/null || true
|
||||
echo ">> [COMPLETE] Sovereign Forge Build Finished Successfully under AGPLv3 Framework."
|
||||
}
|
||||
|
||||
# One-Shot Execution
|
||||
f_main "$@"
|
||||
81
README.md
81
README.md
|
|
@ -1,68 +1,25 @@
|
|||
BTC (Build Tool Chain) v0.1.4
|
||||
High-Performance Cleanroom Toolchain Generator
|
||||
# BTC (Build Tool Chain) - Sovereign Forge Edition
|
||||
## Version: 0.3.1
|
||||
|
||||
Copyright (C) 2012-2026 Jeremy Anderson (info@dcos.net) Target Architecture: Intel Haswell-EP / Broadwell-HS (hsw / bdw)
|
||||
### The Philosophy
|
||||
BTC (Build Tool Chain) is a bare-metal, cleanroom toolchain generation engine engineered for independent infrastructure. It is designed to bypass standard bootstrap phases and rapidly forge hardened, ultra-optimized workspace environments for Xeon-based "swarm" nodes and high-security virtualization targets.
|
||||
|
||||
Namespace: DCOSNET
|
||||
Overview
|
||||
This project treats the build process as a forensic exercise. It does not simply compile code; it instantiates a sovereign environment, stamps the resulting binaries with a "Silicon Birth Certificate," and continuously monitors the forge's health via an internal thermal and entropy sentinel.
|
||||
|
||||
BTC (Build Tool Chain) is a bare-metal, cleanroom toolchain generation engine engineered to bypass initial bootstrapping phases and rapidly build hardened, ultra-optimized workspace environments for Xeon-based "swarm" nodes.
|
||||
### Key Architectural Pillars
|
||||
* **Sovereign Forge:** Built to LFS 13.0 stable standards (Binutils 2.46, GCC 15.2, Glibc 2.43).
|
||||
* **Silicon Identity:** Every binary produced includes an immutable ELF note (`.note.BTC`) and extended filesystem attributes (`xattr`) linking the binary to the specific hardware and forge environment that created it.
|
||||
* **Hardened Profiles:** Profile-driven kernel injection (`ghost` for monolithic/static systems, `virt` for hypervisor guests).
|
||||
* **Zero-Trust Deployment:** Mandatory AGPLv3 licensing protects the toolchain logic from proprietary SaaS capture, ensuring the forge remains open-source regardless of how it is deployed.
|
||||
|
||||
This project was originally based on the buildchain.sh script by Charles M. "Chip" Coldwell, though it has been heavily modified to support contemporary build requirements and sovereign forensic auditing.
|
||||
Architectural Notes: Picking Your Target
|
||||
### Technical Forge Features
|
||||
* **Volatile Cleanroom:** All compilation occurs in a volatile ramfs mount, ensuring zero I/O wear on host hardware and providing a "pristine-every-time" build environment.
|
||||
* **The Invisible Guard:** Integrated telemetry loops prevent thermal runaway and memory saturation during heavy LTO (Link Time Optimization) phases.
|
||||
* **Forensic Auditing:** Every build creates a verifiable manifest, allowing you to trace any binary back to the exact git commit and forge state that spawned it.
|
||||
|
||||
If you are determining your target architecture, first identify your device's specific processor architecture and the corresponding naming convention used by your kernel.
|
||||
### Licensing
|
||||
This project is licensed under the **GNU Affero General Public License v3 (AGPLv3)**.
|
||||
- *Note:* Per Section 13, this forge includes an interactive notice at runtime. If you modify and provide this forge as a network service, you are legally obligated to provide the Corresponding Source to your users.
|
||||
|
||||
x86 / x86_64 / PPC / Alpha / SPARC: Typically utilize glibc and coreutils. These are preferred when a full development environment is required and storage space for a large rootfs is available.
|
||||
|
||||
ARM / MIPS / RISC / Others: Typically utilize uclibc and busybox. These are preferred for environments with limited disk space, though modern ARM implementations are increasingly capable of supporting larger rootfs configurations.
|
||||
|
||||
Key Architectural Features
|
||||
|
||||
Speed-of-Light Volatile Compilation: Automatically provisions 50% of available physical RAM into a high-speed ramfs mount (/usr/src) to eliminate disk I/O bottlenecks.
|
||||
|
||||
Silicon-Bounded Optimization: Dynamically interrogates the host CPU to target native microarchitectures (bdw/hsw).
|
||||
|
||||
Forensic Stamping: Injects a permanent, immutable ELF note (.note.BTC) and filesystem xattrs into all compiled binaries to serve as a "Silicon Birth Certificate."
|
||||
|
||||
The Invisible Guard: Continuous background telemetry prevents thermal runaway (throttling above 85°C) and mitigates out-of-memory (OOM) faults.
|
||||
|
||||
1. Quickstart Deployment
|
||||
|
||||
Execute the Forge:
|
||||
Bash
|
||||
|
||||
sudo ./BTC-0.1.4.sh
|
||||
|
||||
Verify Artifacts: Your sovereign toolchain tarball is committed to /opt/BTC/completed/.
|
||||
|
||||
Global Integration: ```bash
|
||||
mkdir -p /opt/cross
|
||||
tar -xJf /opt/BTC/completed/dcosnet-baseline-*.tar.xz -C /opt/cross
|
||||
|
||||
|
||||
2. Distribution Integration Matrix
|
||||
Distribution Rebuild Command Integration Method
|
||||
SourceMage cast -c -r system Sorcery architecture config
|
||||
Lunar Linux linit -f Global $PATH override
|
||||
Gentoo emerge -ev @world make.conf pathing
|
||||
OpenWrt make world menuconfig External Toolchain
|
||||
References & Research Acknowledgments
|
||||
|
||||
The development of this toolchain was informed by, or references, the following resources:
|
||||
|
||||
Cross-LFS: x86_64-64 Build Guide
|
||||
|
||||
Linux Kernel Documentation: headers_install
|
||||
|
||||
Linux Tutorial: General Build Information
|
||||
|
||||
DevPit: Building Gnu Toolchain/GLIBC
|
||||
|
||||
Charles M. Coldwell: Original Toolchain Scripts
|
||||
|
||||
Brave GNU World: GNU/Linux Programming
|
||||
|
||||
Christian Schneider: Linux from Scratch Documentation
|
||||
|
||||
Additional research items include: ttylinux xbuildroot scripts, SourceMage spells, Slitaz cookutils, and MirBSD xbuild scripts.
|
||||
### Acknowledgments
|
||||
Original architecture based on scripts by Charles M. "Chip" Coldwell. Modern hardening and sovereignty features engineered by the DCOSNET project (2012-2026).
|
||||
Loading…
Reference in New Issue