Hi NoisyCoik,
The second and most exciting news is you can now cross-build Tails for arm64 on an x86_64 machine! Keeping in mind that you still need to hijack your DNS to download the arm64 packages, to build an arm64 version of Tails on x86_64:
After a couple of attempts & fails finally I could build a crossarm compiled raspberry pi 5 bootable (from USB) image - it was a big moment to see Tails running on rpi!
- Build platform: Intel i7 8 cores and > 32 GB RAM.- followed your DNS hijack - with some changes see nginx.conf and docker-compose.yml below. In short: debian-security for example isn't available unsecure with http:// but only secure https:// and thus must be rewritten - redirect http to https would require a TLS server setup - too much efforts.
- forked from your/NoisyCoil's repository into https://gitlab.tails.boum.org/N9iu7pk/tails -> all changes to get a successfull build are pushed to this branch
- I used base_branch = 'wip/raspi'I'm not shure, whether that was the proper/intended choice. With 'stable' or 'devel' the build ended up with building x86_64 instead of aarch64/arm64. Didn't investigated that any further.
- had some issues with certificates (i.e. raspi_chroot) and preparing apt sources (wip/raspi must be mapped to stable in auto/scripts/tails-custom-apt-sources)
- took day's for a first build (of course - running a full emulated arm VM on amd64 :D ). When choosing to keep the vm running afterwards, sometime the vm won't stop with rake vm:halt, had to kill qemu.
- without any build options the VM grabbed all 8 available cores and 50% of the available RAM
- Tor-Browser was running! - the IMG was bootable, some issues* at boot time: failed to start systemd-sysctl.servide - apply kernel variables * when trying to modify stetting (language keyboard etc.) in the startup screen the system got "frozen"
I'd like to propose - as you already did - the two(or more)-image EFI idea (i.e. rpi and apple). Seems not to be an issue of ressources on users side (as todays usb-sticks < 64 GB becomes rare) but a problem of build ressources in terms of the timed snapshots from debian are doubled also for arm and nearly multiplied build timea are needed and for each platform an adjusted/modified kernel, dtb's & boot stack would be required -> which rather the task of projects like https://wiki.debian.org/DebianKernel/ARMMP.
Best regards niuu7pk PGP 7426 4598 B5AD 4D12 1699 C710 [ D602 E331 4D12 FFCB ] https://keys.openpgp.org/search?q=D602E3314D12FFCB
events {}
http {
server {
server_name time-based.snapshots.deb.tails.boum.org;
listen *:80;
error_log /var/log/nginx/tails.log debug;
rewrite_log on;
rewrite ^\/(debian)\/pool(\/?.*) http://ftp.debian.org/$1/pool$2;
rewrite ^\/(debian-security)\/pool(\/?.*)
https://deb.debian.org/$1/pool$2;
rewrite ^\/(debian)\/[0-9]+(\/?.*) http://ftp.debian.org/$1$2;
rewrite ^\/(debian-security)\/[0-9]+(\/?.*) https://deb.debian.org/$1$2;
rewrite ^\/[0-9.]+(\/?.*) https://deb.debian.org$1;
location ~
^/(debian|debian-security|tails)/project/trace/(debian|debian-security|tails) {
proxy_pass http://204.13.164.63:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
location ~ ^/(tails|torproject) {
proxy_pass http://204.13.164.63:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
}
}
docker-compose.yml
Description: application/yaml
OpenPGP_0xD602E3314D12FFCB.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://www.autistici.org/mailman/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
