#!/bin/bash # BTC-0.3.1.sh - Build Tool Chain (Sovereign Forge Edition) # Identity: dcosnet / dcos.net | Target: Broadwell-HS / Haswell-EP # Version: 0.3.1 | Persistence: /opt/BTC | Volatile: ramfs # License: GNU AGPLv3 Mandatory Prominent Interactive Notice # Copyright (C) 2012-2026 Jeremy Anderson (info@dcos.net) set -euo pipefail export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES # --- 1. AGPL INTERACTIVE LICENSE COMPLIANCE --- function f_agpl_header() { clear cat << 'EOF' =========================================================================== BTC-0.3.1.sh - Build Tool Chain (AGPLv3 PROTECTED) =========================================================================== This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License. REMOTE INTERACTION NOTICE: Per Section 13 of the GNU AGPLv3, if you modify this script and offer its toolchain-building capabilities as a service over a network, you MUST make your complete modified source code available. =========================================================================== EOF if [[ ! -f /var/tmp/BTC-AGPL-ACCEPTED ]]; then echo -n "Do you accept the network-sovereignty terms of the AGPLv3? (y/N): " read -r reply if [[ "${reply}" =~ ^[Yy]$ ]]; then touch /var/tmp/BTC-AGPL-ACCEPTED else echo ">> Build aborted: AGPLv3 acceptance is mandatory for execution." exit 1 fi fi } # --- 2. SILICON IDENTITY & SAFE RESOURCE MANAGEMENT --- function f_silicon_probe() { echo ">> Interrogating Core Topology and Instruction Extensions..." local RAW_ARCH RAW_ARCH=$(gcc -march=native -Q --help=target | grep -m1 "march=" | awk '{print $2}') if [[ -z "${RAW_ARCH}" || "${RAW_ARCH}" == "x86-64" ]]; then export TARGET_ARCH="haswell" else export TARGET_ARCH="${RAW_ARCH}" fi export ISA_TAG="AVX2" export OPT_TAG="LTO" export SYS_LABEL="DCOSNET-${TARGET_ARCH^^}-${ISA_TAG}-${OPT_TAG}" export TARGET="x86_64-dcosnet-linux-gnu" # Resource-Safe Threading: Allocate 2GB RAM per core floor to prevent LTO thrashing local total_cpus total_cpus=$(nproc) local free_gb free_gb=$(free -g | awk '/^Mem:/{print $7}') local safe_threads=$(( free_gb / 2 )) if [[ ${safe_threads} -lt 1 ]]; then safe_threads=1; fi if [[ ${safe_threads} -gt ${total_cpus} ]]; then safe_threads=${total_cpus}; fi export v_threads="-j${safe_threads}" echo ">> [IDENTITY STAMP] ${SYS_LABEL}" echo ">> [THREAD ALLOCATION] Probed ${total_cpus} cores -> Throttled to ${v_threads} for LTO Safety." } # --- 3. SYSTEM PATHS & STAGING MATRIX --- export SOURCES_ACTIVE=/usr/src export BTC_ARCHIVE=/opt/BTC export SOURCE_CACHE=${BTC_ARCHIVE}/src export RAMDISK_SIZE="12gb" # Upstream Production Matrices export v_linux='linux-7.1' export v_binutils='binutils-2.46' export v_gcc='gcc-14.2.0' export v_glibc='glibc-2.41' export v_libxcrypt='4.4.36' export v_gmp='gmp-6.3.0' export v_mpfr='mpfr-4.2.1' export v_mpc='mpc-1.3.1' export NEWROOT="${SOURCES_ACTIVE}/${SYS_LABEL}-cleanroom" export LOGS="${BTC_ARCHIVE}/logs/${SYS_LABEL}" export HOST_ARCH="x86_64-pc-linux-gnu" # Optimization Ensembles export GLOBAL_CFLAGS="-O3 -march=${TARGET_ARCH} -flto -ffat-lto-objects --sysroot=${NEWROOT} -pipe" export GLOBAL_LDFLAGS="-Wl,-O1 -Wl,--as-needed -flto --sysroot=${NEWROOT}" # --- 4. HARDWARE SENTINEL & TELEMETRY MODULES --- function f_guard() { local max_temp=85 local min_mem=800 local cur_temp local cur_mem cur_temp=$(cat /sys/class/thermal/thermal_zone*/temp | head -n1 | awk '{print $1/1000}') cur_mem=$(free -m | awk '/^Mem:/{print $7}') if (( ${cur_temp%.*} > max_temp )); then echo ">> [WARNING: THERMAL SPIKE] Temp at ${cur_temp}°C. Throttling build for cooling phase..." sleep 15 fi if [[ ${cur_mem} -lt ${min_mem} ]]; then echo ">> [WARNING: MEMORY SATURATION] Free memory at ${cur_mem}MB. Yielding pipeline execution..." sleep 20 fi } function f_entropy_shield() { local min_entropy=1000 local cur_entropy cur_entropy=$(cat /proc/sys/kernel/random/entropy_avail) if [[ ${cur_entropy} -lt ${min_entropy} ]]; then echo ">> [ENTROPY DEFICIT] Pool dropped to ${cur_entropy}. Injecting safe hardware-jitter..." find /bin /sbin -type f -exec ls -l {} + > /dev/null 2>&1 & sleep 2 kill $! 2>/dev/null || true fi } function f_exec_log() { local cmd="$1" local log_base="$2" f_entropy_shield f_guard echo ">> Executing: ${log_base}" stdbuf -oL -eL bash -c "${cmd}" 2>&1 | \ pv -t -r -b -N "${log_base}" | \ tee -a "${LOGS}/${log_base}.log" > /dev/null } function f_tmux_dashboard() { if [[ -n "${TMUX:-}" ]]; then echo ">> Active Tmux session identified. Splitting target tracking matrix..." tmux split-window -h -p 35 "tail -F ${LOGS}/*.log" || true tmux split-window -v -p 50 "watch -n 2 'echo \"=== ENTROPY POOL ===\"; cat /proc/sys/kernel/random/entropy_avail; echo \"=== NETWORK BOUND MATRIX ===\"; ss -tunp | grep -v 127.0.0.1'" || true tmux select-pane -t 0 || true fi } # --- 5. FORENSIC IDENTITY STAMPING LAYER --- function f_stamp_binary() { local target_bin="$1" local log_base="$2" if [[ -f "${target_bin}" && ! -L "${target_bin}" ]]; then # 1. Inject ELF Object Note cat << EOF > btc_stamp.s .section .note.BTC,"a",@note .long 2f - 1f .long 4f - 3f .long 1 1: .asciz "DCOSNET" 2: .align 4 3: .ascii "Org: dcos.net|K:7.1|Arch:${TARGET_ARCH}|Label:${SYS_LABEL}|Forge:${log_base}" 4: .align 4 EOF gcc -c btc_stamp.s -o btc_stamp.o objcopy --add-section .note.BTC=btc_stamp.o "${target_bin}" rm -f btc_stamp.s btc_stamp.o # 2. Append Extended Filesystem Attributes Ledger local bin_hash bin_hash=$(sha256sum "${target_bin}" | awk '{print $1}') setfattr -n user.btc.identity -v "BTC-${SYS_LABEL}-${v_linux}-sovereign" "${target_bin}" 2>/dev/null || true setfattr -n user.btc.hash -v "${bin_hash}" "${target_bin}" 2>/dev/null || true # 3. Separate Debug Symbols & Create External Links if [[ "${BTC_STRIP_MODE:-1}" -eq 1 ]]; then mkdir -p "${BTC_ARCHIVE}/symbols/${SYS_LABEL}" objcopy --only-keep-debug "${target_bin}" "${BTC_ARCHIVE}/symbols/${SYS_LABEL}/${log_base}.debug" strip --strip-unneeded "${target_bin}" objcopy --add-gnu-debuglink="${BTC_ARCHIVE}/symbols/${SYS_LABEL}/${log_base}.debug" "${target_bin}" fi fi } # --- 6. CLEANROOM MATRIX CONFIGURATION --- function f_setup() { echo ">> Preparing Virtualized Cleanroom Environment..." mkdir -p "${SOURCE_CACHE}" "${LOGS}" "${BTC_ARCHIVE}/symbols/${SYS_LABEL}" if ! mountpoint -q "${SOURCES_ACTIVE}"; then mount -t ramfs -o size=${RAMDISK_SIZE} ramfs "${SOURCES_ACTIVE}" echo ">> Ramfs Cleanroom mounted at ${SOURCES_ACTIVE} with ceiling ${RAMDISK_SIZE}." fi mkdir -p "${NEWROOT}" cd "${NEWROOT}" mkdir -p bin etc lib lib64 sbin usr var include case $(uname -m) in x86_64) ln -sfv lib "${NEWROOT}/lib64" ;; esac export PATH="${NEWROOT}/bin:${PATH}" } # --- 7. Building of Toolchain Starts here --- function f_binutils() { cd "${SOURCES_ACTIVE}" tar -xf "${SOURCE_CACHE}/${v_binutils}.tar.xz" mkdir -p "${v_binutils}-build" && cd "${v_binutils}-build" local build_cmd="../${v_binutils}/configure \ --prefix=${NEWROOT} \ --with-sysroot=${NEWROOT} \ --target=${TARGET} \ --disable-nls \ --enable-gprofng=no \ --disable-werror \ --enable-default-hash-style=gnu" f_exec_log "${build_cmd}" "binutils-configure" f_exec_log "make ${v_threads}" "binutils-make" f_exec_log "make install" "binutils-install" } function f_kernel_headers() { cd "${SOURCES_ACTIVE}" tar -xf "${SOURCE_CACHE}/${v_linux}.tar.xz" cd "${v_linux}" f_exec_log "make mrproper" "kernel-headers-clean" f_exec_log "make headers" "kernel-headers-generate" find usr/include -type f ! -name '*.h' -delete mkdir -p "${NEWROOT}/usr/include" cp -rv usr/include/* "${NEWROOT}/usr/include" } function f_gcc_p1() { cd "${SOURCES_ACTIVE}" tar -xf "${SOURCE_CACHE}/${v_gcc}.tar.xz" cd "${v_gcc}" # Nesting Support Libraries internally for Stage-1 execution isolation tar -xf "${SOURCE_CACHE}/${v_gmp}.tar.xz" && mv -v "${v_gmp}" gmp tar -xf "${SOURCE_CACHE}/${v_mpfr}.tar.xz" && mv -v "${v_mpfr}" mpfr tar -xf "${SOURCE_CACHE}/${v_mpc}.tar.gz" && mv -v "${v_mpc}" mpc # Enforce 64-bit dynamic linker structural target pathing sed -e '/m64=/s/lib64/lib/' -i.bak gcc/config/i386/t-linux64 mkdir -p "${SOURCES_ACTIVE}/${v_gcc}-phase1" && cd "${SOURCES_ACTIVE}/${v_gcc}-phase1" local build_cmd="../${v_gcc}/configure \ --target=${TARGET} \ --prefix=${NEWROOT} \ --with-glibc-version=${v_glibc#*-} \ --with-sysroot=${NEWROOT} \ --with-newlib \ --without-headers \ --enable-default-pie \ --enable-default-ssp \ --disable-nls \ --disable-shared \ --disable-multilib \ --disable-threads \ --disable-libatomic \ --disable-libgomp \ --disable-libquadmath \ --disable-libssp \ --disable-libvtv \ --disable-libstdcxx \ --enable-languages=c,c++" f_exec_log "${build_cmd}" "gcc-p1-configure" f_exec_log "make ${v_threads}" "gcc-p1-make" f_exec_log "make install" "gcc-p1-install" } function f_glibc() { cd "${SOURCES_ACTIVE}" tar -xf "${SOURCE_CACHE}/${v_glibc}.tar.xz" mkdir -p "${v_glibc}-build" && cd "${v_glibc}-build" local build_cmd="../${v_glibc}/configure \ --prefix=/usr \ --host=${TARGET} \ --build=${HOST_ARCH} \ --enable-kernel=4.19 \ --with-headers=${NEWROOT}/usr/include \ --disable-profile \ --enable-stack-protector=strong \ --disable-werror \ libc_cv_slibdir=/usr/lib" f_exec_log "${build_cmd}" "glibc-configure" f_exec_log "make ${v_threads}" "glibc-make" f_exec_log "make DESTDIR=${NEWROOT} install" "glibc-install" # Sanitize hardcoded host system configurations from dynamic script linkage sed -i "s|${NEWROOT}||g" "${NEWROOT}/usr/bin/ldd" } function f_libxcrypt() { cd "${SOURCES_ACTIVE}" tar -xf "${SOURCE_CACHE}/libxcrypt-${v_libxcrypt}.tar.xz" cd "libxcrypt-${v_libxcrypt}" local build_cmd="./configure \ --prefix=/usr \ --host=${TARGET} \ --build=${HOST_ARCH} \ --enable-hashes=strong,glibc \ --enable-obsolete-api=no \ --disable-static" f_exec_log "${build_cmd}" "libxcrypt-configure" f_exec_log "make ${v_threads}" "libxcrypt-make" f_exec_log "make DESTDIR=${NEWROOT} install" "libxcrypt-install" } function f_gcc_p2() { cd "${SOURCES_ACTIVE}" # Re-use existing directory with static parameters attached cd "${v_gcc}" tar -xf "${SOURCE_CACHE}/${v_gmp}.tar.xz" --skip-old-files || true tar -xf "${SOURCE_CACHE}/${v_mpfr}.tar.xz" --skip-old-files || true tar -xf "${SOURCE_CACHE}/${v_mpc}.tar.gz" --skip-old-files || true mkdir -p "${SOURCES_ACTIVE}/${v_gcc}-phase2" && cd "${SOURCES_ACTIVE}/${v_gcc}-phase2" local build_cmd="../${v_gcc}/configure \ --prefix=/usr \ --host=${TARGET} \ --build=${HOST_ARCH} \ --enable-languages=c,c++ \ --enable-default-pie \ --enable-default-ssp \ --disable-multilib \ --disable-bootstrap" f_exec_log "${build_cmd}" "gcc-p2-configure" f_exec_log "make ${v_threads}" "gcc-p2-make" f_exec_log "make DESTDIR=${NEWROOT} install" "gcc-p2-install" } function f_kernel_binary() { cd "${SOURCES_ACTIVE}/${v_linux}" echo ">> Instantiating Silicon Optimized Monolithic Configuration Matrix..." make defconfig # Inject Custom Enterprise Swarm Labels & Architecture Parameters sed -i "s/CONFIG_LOCALVERSION=\"\"/CONFIG_LOCALVERSION=\"-dcosnet-${SYS_LABEL}\"/" .config # Modern Hardening Optimization Suite Injection sed -i "s/# CONFIG_MODULES is not set/CONFIG_MODULES=n/" .config || true echo "CONFIG_MODULES=n" >> .config echo "CONFIG_KALLSYMS=n" >> .config echo "CONFIG_DEBUG_FS=n" >> .config f_exec_log "make olddefconfig" "kernel-bin-config-merge" f_exec_log "make ${v_threads} LOCALVERSION=-dcosnet-${SYS_LABEL} bzImage" "kernel-bin-make" mkdir -p "${NEWROOT}/boot" cp -v arch/x86/boot/bzImage "${NEWROOT}/boot/vmlinuz-${v_linux}-${SYS_LABEL}-sovereign" # Apply Forensic Engine Analysis Verification Stamps to Core Cross-Compiler Tooling find "${NEWROOT}/bin" "${NEWROOT}/usr/bin" -type f -exec bash -c 'f_stamp_binary "$1" "$(basename "$1")"' _ {} \; || true } function f_package() { echo ">> Packaging Production Golden Image Artifact Target Matrix..." cd "${NEWROOT}" tar -cf - . | xz -9 -T 0 > "${BTC_ARCHIVE}/${SYS_LABEL}-toolchain-golden.tar.xz" echo ">> [SUCCESS] Archive deployed cleanly to: ${BTC_ARCHIVE}/${SYS_LABEL}-toolchain-golden.tar.xz" } # --- 8. MAIN ENTRY RUNTIME MATRIX --- function f_main() { [[ ${EUID} -ne 0 ]] && { echo ">> Error: Root privileges required."; exit 1; } f_agpl_header f_silicon_probe f_setup f_tmux_dashboard # Linear Forge Execution Sequence f_binutils f_kernel_headers f_gcc_p1 f_glibc f_libxcrypt f_gcc_p2 f_kernel_binary f_package # Clear volatile memory cleanrooms cd / umount -l "${SOURCES_ACTIVE}" 2>/dev/null || true echo ">> [COMPLETE] Sovereign Forge Build Finished Successfully under AGPLv3 Framework." } f_main "$@"