407 lines
14 KiB
Bash
407 lines
14 KiB
Bash
#!/bin/bash
|
|
# BTC-0.3.1.sh - Build Tool Chain (Sovereign Forge Edition)
|
|
# Identity: dcosnet / dcos.net | Target: Broadwell-HS / Haswell-EP
|
|
# Version: 0.3.1 | Persistence: /opt/BTC | Volatile: ramfs
|
|
# License: GNU AGPLv3 Mandatory Prominent Interactive Notice
|
|
# Copyright (C) 2012-2026 Jeremy Anderson (info@dcos.net)
|
|
|
|
set -euo pipefail
|
|
export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES
|
|
|
|
# --- 1. AGPL INTERACTIVE LICENSE COMPLIANCE ---
|
|
function f_agpl_header() {
|
|
clear
|
|
cat << 'EOF'
|
|
===========================================================================
|
|
BTC-0.3.1.sh - Build Tool Chain (AGPLv3 PROTECTED)
|
|
===========================================================================
|
|
This program is free software: you can redistribute it and/or modify it
|
|
under the terms of the GNU Affero General Public License as published by
|
|
the Free Software Foundation, either version 3 of the License.
|
|
|
|
REMOTE INTERACTION NOTICE: Per Section 13 of the GNU AGPLv3, if you modify
|
|
this script and offer its toolchain-building capabilities as a service over
|
|
a network, you MUST make your complete modified source code available.
|
|
===========================================================================
|
|
EOF
|
|
if [[ ! -f /var/tmp/BTC-AGPL-ACCEPTED ]]; then
|
|
echo -n "Do you accept the network-sovereignty terms of the AGPLv3? (y/N): "
|
|
read -r reply
|
|
if [[ "${reply}" =~ ^[Yy]$ ]]; then
|
|
touch /var/tmp/BTC-AGPL-ACCEPTED
|
|
else
|
|
echo ">> Build aborted: AGPLv3 acceptance is mandatory for execution."
|
|
exit 1
|
|
fi
|
|
fi
|
|
}
|
|
|
|
# --- 2. SILICON IDENTITY & SAFE RESOURCE MANAGEMENT ---
|
|
function f_silicon_probe() {
|
|
echo ">> Interrogating Core Topology and Instruction Extensions..."
|
|
local RAW_ARCH
|
|
RAW_ARCH=$(gcc -march=native -Q --help=target | grep -m1 "march=" | awk '{print $2}')
|
|
|
|
if [[ -z "${RAW_ARCH}" || "${RAW_ARCH}" == "x86-64" ]]; then
|
|
export TARGET_ARCH="haswell"
|
|
else
|
|
export TARGET_ARCH="${RAW_ARCH}"
|
|
fi
|
|
|
|
export ISA_TAG="AVX2"
|
|
export OPT_TAG="LTO"
|
|
export SYS_LABEL="DCOSNET-${TARGET_ARCH^^}-${ISA_TAG}-${OPT_TAG}"
|
|
export TARGET="x86_64-dcosnet-linux-gnu"
|
|
|
|
# Resource-Safe Threading: Allocate 2GB RAM per core floor to prevent LTO thrashing
|
|
local total_cpus
|
|
total_cpus=$(nproc)
|
|
local free_gb
|
|
free_gb=$(free -g | awk '/^Mem:/{print $7}')
|
|
local safe_threads=$(( free_gb / 2 ))
|
|
|
|
if [[ ${safe_threads} -lt 1 ]]; then safe_threads=1; fi
|
|
if [[ ${safe_threads} -gt ${total_cpus} ]]; then safe_threads=${total_cpus}; fi
|
|
export v_threads="-j${safe_threads}"
|
|
|
|
echo ">> [IDENTITY STAMP] ${SYS_LABEL}"
|
|
echo ">> [THREAD ALLOCATION] Probed ${total_cpus} cores -> Throttled to ${v_threads} for LTO Safety."
|
|
}
|
|
|
|
# --- 3. SYSTEM PATHS & STAGING MATRIX ---
|
|
export SOURCES_ACTIVE=/usr/src
|
|
export BTC_ARCHIVE=/opt/BTC
|
|
export SOURCE_CACHE=${BTC_ARCHIVE}/src
|
|
export RAMDISK_SIZE="12gb"
|
|
|
|
# Upstream Production Matrices
|
|
export v_linux='linux-7.1'
|
|
export v_binutils='binutils-2.46'
|
|
export v_gcc='gcc-14.2.0'
|
|
export v_glibc='glibc-2.41'
|
|
export v_libxcrypt='4.4.36'
|
|
export v_gmp='gmp-6.3.0'
|
|
export v_mpfr='mpfr-4.2.1'
|
|
export v_mpc='mpc-1.3.1'
|
|
|
|
export NEWROOT="${SOURCES_ACTIVE}/${SYS_LABEL}-cleanroom"
|
|
export LOGS="${BTC_ARCHIVE}/logs/${SYS_LABEL}"
|
|
export HOST_ARCH="x86_64-pc-linux-gnu"
|
|
|
|
# Optimization Ensembles
|
|
export GLOBAL_CFLAGS="-O3 -march=${TARGET_ARCH} -flto -ffat-lto-objects --sysroot=${NEWROOT} -pipe"
|
|
export GLOBAL_LDFLAGS="-Wl,-O1 -Wl,--as-needed -flto --sysroot=${NEWROOT}"
|
|
|
|
# --- 4. HARDWARE SENTINEL & TELEMETRY MODULES ---
|
|
function f_guard() {
|
|
local max_temp=85
|
|
local min_mem=800
|
|
local cur_temp
|
|
local cur_mem
|
|
|
|
cur_temp=$(cat /sys/class/thermal/thermal_zone*/temp | head -n1 | awk '{print $1/1000}')
|
|
cur_mem=$(free -m | awk '/^Mem:/{print $7}')
|
|
|
|
if (( ${cur_temp%.*} > max_temp )); then
|
|
echo ">> [WARNING: THERMAL SPIKE] Temp at ${cur_temp}°C. Throttling build for cooling phase..."
|
|
sleep 15
|
|
fi
|
|
if [[ ${cur_mem} -lt ${min_mem} ]]; then
|
|
echo ">> [WARNING: MEMORY SATURATION] Free memory at ${cur_mem}MB. Yielding pipeline execution..."
|
|
sleep 20
|
|
fi
|
|
}
|
|
|
|
function f_entropy_shield() {
|
|
local min_entropy=1000
|
|
local cur_entropy
|
|
cur_entropy=$(cat /proc/sys/kernel/random/entropy_avail)
|
|
|
|
if [[ ${cur_entropy} -lt ${min_entropy} ]]; then
|
|
echo ">> [ENTROPY DEFICIT] Pool dropped to ${cur_entropy}. Injecting safe hardware-jitter..."
|
|
find /bin /sbin -type f -exec ls -l {} + > /dev/null 2>&1 &
|
|
sleep 2
|
|
kill $! 2>/dev/null || true
|
|
fi
|
|
}
|
|
|
|
function f_exec_log() {
|
|
local cmd="$1"
|
|
local log_base="$2"
|
|
|
|
f_entropy_shield
|
|
f_guard
|
|
|
|
echo ">> Executing: ${log_base}"
|
|
stdbuf -oL -eL bash -c "${cmd}" 2>&1 | \
|
|
pv -t -r -b -N "${log_base}" | \
|
|
tee -a "${LOGS}/${log_base}.log" > /dev/null
|
|
}
|
|
|
|
function f_tmux_dashboard() {
|
|
if [[ -n "${TMUX:-}" ]]; then
|
|
echo ">> Active Tmux session identified. Splitting target tracking matrix..."
|
|
tmux split-window -h -p 35 "tail -F ${LOGS}/*.log" || true
|
|
tmux split-window -v -p 50 "watch -n 2 'echo \"=== ENTROPY POOL ===\"; cat /proc/sys/kernel/random/entropy_avail; echo \"=== NETWORK BOUND MATRIX ===\"; ss -tunp | grep -v 127.0.0.1'" || true
|
|
tmux select-pane -t 0 || true
|
|
fi
|
|
}
|
|
|
|
# --- 5. FORENSIC IDENTITY STAMPING LAYER ---
|
|
function f_stamp_binary() {
|
|
local target_bin="$1"
|
|
local log_base="$2"
|
|
|
|
if [[ -f "${target_bin}" && ! -L "${target_bin}" ]]; then
|
|
# 1. Inject ELF Object Note
|
|
cat << EOF > btc_stamp.s
|
|
.section .note.BTC,"a",@note
|
|
.long 2f - 1f
|
|
.long 4f - 3f
|
|
.long 1
|
|
1: .asciz "DCOSNET"
|
|
2: .align 4
|
|
3: .ascii "Org: dcos.net|K:7.1|Arch:${TARGET_ARCH}|Label:${SYS_LABEL}|Forge:${log_base}"
|
|
4: .align 4
|
|
EOF
|
|
gcc -c btc_stamp.s -o btc_stamp.o
|
|
objcopy --add-section .note.BTC=btc_stamp.o "${target_bin}"
|
|
rm -f btc_stamp.s btc_stamp.o
|
|
|
|
# 2. Append Extended Filesystem Attributes Ledger
|
|
local bin_hash
|
|
bin_hash=$(sha256sum "${target_bin}" | awk '{print $1}')
|
|
setfattr -n user.btc.identity -v "BTC-${SYS_LABEL}-${v_linux}-sovereign" "${target_bin}" 2>/dev/null || true
|
|
setfattr -n user.btc.hash -v "${bin_hash}" "${target_bin}" 2>/dev/null || true
|
|
|
|
# 3. Separate Debug Symbols & Create External Links
|
|
if [[ "${BTC_STRIP_MODE:-1}" -eq 1 ]]; then
|
|
mkdir -p "${BTC_ARCHIVE}/symbols/${SYS_LABEL}"
|
|
objcopy --only-keep-debug "${target_bin}" "${BTC_ARCHIVE}/symbols/${SYS_LABEL}/${log_base}.debug"
|
|
strip --strip-unneeded "${target_bin}"
|
|
objcopy --add-gnu-debuglink="${BTC_ARCHIVE}/symbols/${SYS_LABEL}/${log_base}.debug" "${target_bin}"
|
|
fi
|
|
fi
|
|
}
|
|
|
|
# --- 6. CLEANROOM MATRIX CONFIGURATION ---
|
|
function f_setup() {
|
|
echo ">> Preparing Virtualized Cleanroom Environment..."
|
|
mkdir -p "${SOURCE_CACHE}" "${LOGS}" "${BTC_ARCHIVE}/symbols/${SYS_LABEL}"
|
|
|
|
if ! mountpoint -q "${SOURCES_ACTIVE}"; then
|
|
mount -t ramfs -o size=${RAMDISK_SIZE} ramfs "${SOURCES_ACTIVE}"
|
|
echo ">> Ramfs Cleanroom mounted at ${SOURCES_ACTIVE} with ceiling ${RAMDISK_SIZE}."
|
|
fi
|
|
|
|
mkdir -p "${NEWROOT}"
|
|
cd "${NEWROOT}"
|
|
mkdir -p bin etc lib lib64 sbin usr var include
|
|
|
|
case $(uname -m) in
|
|
x86_64) ln -sfv lib "${NEWROOT}/lib64" ;;
|
|
esac
|
|
|
|
export PATH="${NEWROOT}/bin:${PATH}"
|
|
}
|
|
|
|
# --- 7. Building of Toolchain Starts here ---
|
|
function f_binutils() {
|
|
cd "${SOURCES_ACTIVE}"
|
|
tar -xf "${SOURCE_CACHE}/${v_binutils}.tar.xz"
|
|
mkdir -p "${v_binutils}-build" && cd "${v_binutils}-build"
|
|
|
|
local build_cmd="../${v_binutils}/configure \
|
|
--prefix=${NEWROOT} \
|
|
--with-sysroot=${NEWROOT} \
|
|
--target=${TARGET} \
|
|
--disable-nls \
|
|
--enable-gprofng=no \
|
|
--disable-werror \
|
|
--enable-default-hash-style=gnu"
|
|
|
|
f_exec_log "${build_cmd}" "binutils-configure"
|
|
f_exec_log "make ${v_threads}" "binutils-make"
|
|
f_exec_log "make install" "binutils-install"
|
|
}
|
|
|
|
function f_kernel_headers() {
|
|
cd "${SOURCES_ACTIVE}"
|
|
tar -xf "${SOURCE_CACHE}/${v_linux}.tar.xz"
|
|
cd "${v_linux}"
|
|
|
|
f_exec_log "make mrproper" "kernel-headers-clean"
|
|
f_exec_log "make headers" "kernel-headers-generate"
|
|
|
|
find usr/include -type f ! -name '*.h' -delete
|
|
mkdir -p "${NEWROOT}/usr/include"
|
|
cp -rv usr/include/* "${NEWROOT}/usr/include"
|
|
}
|
|
|
|
function f_gcc_p1() {
|
|
cd "${SOURCES_ACTIVE}"
|
|
tar -xf "${SOURCE_CACHE}/${v_gcc}.tar.xz"
|
|
cd "${v_gcc}"
|
|
|
|
# Nesting Support Libraries internally for Stage-1 execution isolation
|
|
tar -xf "${SOURCE_CACHE}/${v_gmp}.tar.xz" && mv -v "${v_gmp}" gmp
|
|
tar -xf "${SOURCE_CACHE}/${v_mpfr}.tar.xz" && mv -v "${v_mpfr}" mpfr
|
|
tar -xf "${SOURCE_CACHE}/${v_mpc}.tar.gz" && mv -v "${v_mpc}" mpc
|
|
|
|
# Enforce 64-bit dynamic linker structural target pathing
|
|
sed -e '/m64=/s/lib64/lib/' -i.bak gcc/config/i386/t-linux64
|
|
|
|
mkdir -p "${SOURCES_ACTIVE}/${v_gcc}-phase1" && cd "${SOURCES_ACTIVE}/${v_gcc}-phase1"
|
|
|
|
local build_cmd="../${v_gcc}/configure \
|
|
--target=${TARGET} \
|
|
--prefix=${NEWROOT} \
|
|
--with-glibc-version=${v_glibc#*-} \
|
|
--with-sysroot=${NEWROOT} \
|
|
--with-newlib \
|
|
--without-headers \
|
|
--enable-default-pie \
|
|
--enable-default-ssp \
|
|
--disable-nls \
|
|
--disable-shared \
|
|
--disable-multilib \
|
|
--disable-threads \
|
|
--disable-libatomic \
|
|
--disable-libgomp \
|
|
--disable-libquadmath \
|
|
--disable-libssp \
|
|
--disable-libvtv \
|
|
--disable-libstdcxx \
|
|
--enable-languages=c,c++"
|
|
|
|
f_exec_log "${build_cmd}" "gcc-p1-configure"
|
|
f_exec_log "make ${v_threads}" "gcc-p1-make"
|
|
f_exec_log "make install" "gcc-p1-install"
|
|
}
|
|
|
|
function f_glibc() {
|
|
cd "${SOURCES_ACTIVE}"
|
|
tar -xf "${SOURCE_CACHE}/${v_glibc}.tar.xz"
|
|
mkdir -p "${v_glibc}-build" && cd "${v_glibc}-build"
|
|
|
|
local build_cmd="../${v_glibc}/configure \
|
|
--prefix=/usr \
|
|
--host=${TARGET} \
|
|
--build=${HOST_ARCH} \
|
|
--enable-kernel=4.19 \
|
|
--with-headers=${NEWROOT}/usr/include \
|
|
--disable-profile \
|
|
--enable-stack-protector=strong \
|
|
--disable-werror \
|
|
libc_cv_slibdir=/usr/lib"
|
|
|
|
f_exec_log "${build_cmd}" "glibc-configure"
|
|
f_exec_log "make ${v_threads}" "glibc-make"
|
|
f_exec_log "make DESTDIR=${NEWROOT} install" "glibc-install"
|
|
|
|
# Sanitize hardcoded host system configurations from dynamic script linkage
|
|
sed -i "s|${NEWROOT}||g" "${NEWROOT}/usr/bin/ldd"
|
|
}
|
|
|
|
function f_libxcrypt() {
|
|
cd "${SOURCES_ACTIVE}"
|
|
tar -xf "${SOURCE_CACHE}/libxcrypt-${v_libxcrypt}.tar.xz"
|
|
cd "libxcrypt-${v_libxcrypt}"
|
|
|
|
local build_cmd="./configure \
|
|
--prefix=/usr \
|
|
--host=${TARGET} \
|
|
--build=${HOST_ARCH} \
|
|
--enable-hashes=strong,glibc \
|
|
--enable-obsolete-api=no \
|
|
--disable-static"
|
|
|
|
f_exec_log "${build_cmd}" "libxcrypt-configure"
|
|
f_exec_log "make ${v_threads}" "libxcrypt-make"
|
|
f_exec_log "make DESTDIR=${NEWROOT} install" "libxcrypt-install"
|
|
}
|
|
|
|
function f_gcc_p2() {
|
|
cd "${SOURCES_ACTIVE}"
|
|
# Re-use existing directory with static parameters attached
|
|
cd "${v_gcc}"
|
|
|
|
tar -xf "${SOURCE_CACHE}/${v_gmp}.tar.xz" --skip-old-files || true
|
|
tar -xf "${SOURCE_CACHE}/${v_mpfr}.tar.xz" --skip-old-files || true
|
|
tar -xf "${SOURCE_CACHE}/${v_mpc}.tar.gz" --skip-old-files || true
|
|
|
|
mkdir -p "${SOURCES_ACTIVE}/${v_gcc}-phase2" && cd "${SOURCES_ACTIVE}/${v_gcc}-phase2"
|
|
|
|
local build_cmd="../${v_gcc}/configure \
|
|
--prefix=/usr \
|
|
--host=${TARGET} \
|
|
--build=${HOST_ARCH} \
|
|
--enable-languages=c,c++ \
|
|
--enable-default-pie \
|
|
--enable-default-ssp \
|
|
--disable-multilib \
|
|
--disable-bootstrap"
|
|
|
|
f_exec_log "${build_cmd}" "gcc-p2-configure"
|
|
f_exec_log "make ${v_threads}" "gcc-p2-make"
|
|
f_exec_log "make DESTDIR=${NEWROOT} install" "gcc-p2-install"
|
|
}
|
|
|
|
function f_kernel_binary() {
|
|
cd "${SOURCES_ACTIVE}/${v_linux}"
|
|
|
|
echo ">> Instantiating Silicon Optimized Monolithic Configuration Matrix..."
|
|
make defconfig
|
|
|
|
# Inject Custom Enterprise Swarm Labels & Architecture Parameters
|
|
sed -i "s/CONFIG_LOCALVERSION=\"\"/CONFIG_LOCALVERSION=\"-dcosnet-${SYS_LABEL}\"/" .config
|
|
|
|
# Modern Hardening Optimization Suite Injection
|
|
sed -i "s/# CONFIG_MODULES is not set/CONFIG_MODULES=n/" .config || true
|
|
echo "CONFIG_MODULES=n" >> .config
|
|
echo "CONFIG_KALLSYMS=n" >> .config
|
|
echo "CONFIG_DEBUG_FS=n" >> .config
|
|
|
|
f_exec_log "make olddefconfig" "kernel-bin-config-merge"
|
|
f_exec_log "make ${v_threads} LOCALVERSION=-dcosnet-${SYS_LABEL} bzImage" "kernel-bin-make"
|
|
|
|
mkdir -p "${NEWROOT}/boot"
|
|
cp -v arch/x86/boot/bzImage "${NEWROOT}/boot/vmlinuz-${v_linux}-${SYS_LABEL}-sovereign"
|
|
|
|
# Apply Forensic Engine Analysis Verification Stamps to Core Cross-Compiler Tooling
|
|
find "${NEWROOT}/bin" "${NEWROOT}/usr/bin" -type f -exec bash -c 'f_stamp_binary "$1" "$(basename "$1")"' _ {} \; || true
|
|
}
|
|
|
|
function f_package() {
|
|
echo ">> Packaging Production Golden Image Artifact Target Matrix..."
|
|
cd "${NEWROOT}"
|
|
tar -cf - . | xz -9 -T 0 > "${BTC_ARCHIVE}/${SYS_LABEL}-toolchain-golden.tar.xz"
|
|
echo ">> [SUCCESS] Archive deployed cleanly to: ${BTC_ARCHIVE}/${SYS_LABEL}-toolchain-golden.tar.xz"
|
|
}
|
|
|
|
# --- 8. MAIN ENTRY RUNTIME MATRIX ---
|
|
function f_main() {
|
|
[[ ${EUID} -ne 0 ]] && { echo ">> Error: Root privileges required."; exit 1; }
|
|
|
|
f_agpl_header
|
|
f_silicon_probe
|
|
f_setup
|
|
f_tmux_dashboard
|
|
|
|
# Linear Forge Execution Sequence
|
|
f_binutils
|
|
f_kernel_headers
|
|
f_gcc_p1
|
|
f_glibc
|
|
f_libxcrypt
|
|
f_gcc_p2
|
|
f_kernel_binary
|
|
f_package
|
|
|
|
# Clear volatile memory cleanrooms
|
|
cd /
|
|
umount -l "${SOURCES_ACTIVE}" 2>/dev/null || true
|
|
echo ">> [COMPLETE] Sovereign Forge Build Finished Successfully under AGPLv3 Framework."
|
|
}
|
|
|
|
f_main "$@" |