Hi NoisyCoik,
> The second and most exciting news is you can now cross-build Tails for
> arm64 on an x86_64 machine! Keeping in mind that you still need to
> hijack your DNS to download the arm64 packages, to build an arm64
> version of Tails on x86_64:
After a couple of attempts & fails finally I could build a crossarm
compiled raspberry pi 5 bootable (from USB) image - it was a big moment
to see Tails running on rpi!
- Build platform: Intel i7 8 cores and > 32 GB RAM.
- followed your DNS hijack - with some changes see nginx.conf and
docker-compose.yml below. In short: debian-security for example isn't
available unsecure with http:// but only secure https:// and thus must
be rewritten - redirect http to https would require a TLS server setup -
too much efforts.
- forked from your/NoisyCoil's repository into
https://gitlab.tails.boum.org/N9iu7pk/tails -> all changes to get a
successfull build are pushed to this branch
- I used base_branch = 'wip/raspi'
I'm not shure, whether that was the proper/intended choice. With
'stable' or 'devel' the build ended up with building x86_64 instead of
aarch64/arm64. Didn't investigated that any further.
- had some issues with certificates (i.e. raspi_chroot) and preparing
apt sources (wip/raspi must be mapped to stable in
auto/scripts/tails-custom-apt-sources)
- took day's for a first build (of course - running a full emulated arm
VM on amd64 :D ). When choosing to keep the vm running afterwards,
sometime the vm won't stop with rake vm:halt, had to kill qemu.
- without any build options the VM grabbed all 8 available cores and 50%
of the available RAM
- Tor-Browser was running!
- the IMG was bootable, some issues
* at boot time: failed to start systemd-sysctl.servide - apply
kernel variables
* when trying to modify stetting (language keyboard etc.) in the
startup screen the system got "frozen"
I'd like to propose - as you already did - the two(or more)-image EFI
idea (i.e. rpi and apple). Seems not to be an issue of ressources on
users side (as todays usb-sticks < 64 GB becomes rare) but a problem of
build ressources in terms of the timed snapshots from debian are doubled
also for arm and nearly multiplied build timea are needed and for each
platform an adjusted/modified kernel, dtb's & boot stack would be
required -> which rather the task of projects like
https://wiki.debian.org/DebianKernel/ARMMP.
Best regards
niuu7pk
PGP 7426 4598 B5AD 4D12 1699 C710 [ D602 E331 4D12 FFCB ]
https://keys.openpgp.org/search?q=D602E3314D12FFCB
events {}
http {
server {
server_name time-based.snapshots.deb.tails.boum.org;
listen *:80;
error_log /var/log/nginx/tails.log debug;
rewrite_log on;
rewrite ^\/(debian)\/pool(\/?.*) http://ftp.debian.org/$1/pool$2;
rewrite ^\/(debian-security)\/pool(\/?.*) https://deb.debian.org/$1/pool$2;
rewrite ^\/(debian)\/[0-9]+(\/?.*) http://ftp.debian.org/$1$2;
rewrite ^\/(debian-security)\/[0-9]+(\/?.*) https://deb.debian.org/$1$2;
rewrite ^\/[0-9.]+(\/?.*) https://deb.debian.org$1;
location ~ ^/(debian|debian-security|tails)/project/trace/(debian|debian-security|tails) {
proxy_pass http://204.13.164.63:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
location ~ ^/(tails|torproject) {
proxy_pass http://204.13.164.63:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
}
}
