Merge pull request #60 from tslmy/chore/docker-build-macos-workflow

Add Docker-based macOS build workflow and stabilize SD image assembly

.dockerignore

@@ -0,0 +1,2 @@
+**
+!Dockerfile

.gitignore

@@ -3,5 +3,85 @@ brainux
 cache/*
 !cache/.gitkeep
 nk.bin
-image/sd.img
+image/sd*.img
+*.exe
 image/work
+
+# Created by https://www.toptal.com/developers/gitignore/api/macos,linux,windows
+# Edit at https://www.toptal.com/developers/gitignore?templates=macos,linux,windows
+
+### Linux ###
+*~
+
+# temporary files which can be created if a process still has a handle open of a deleted file
+.fuse_hidden*
+
+# KDE directory preferences
+.directory
+
+# Linux trash folder which might appear on any partition or disk
+.Trash-*
+
+# .nfs files are created when an open file is removed but is still being accessed
+.nfs*
+
+### macOS ###
+# General
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+### macOS Patch ###
+# iCloud generated files
+*.icloud
+
+### Windows ###
+# Windows thumbnail cache files
+Thumbs.db
+Thumbs.db:encryptable
+ehthumbs.db
+ehthumbs_vista.db
+
+# Dump file
+*.stackdump
+
+# Folder config file
+[Dd]esktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Windows Installer files
+*.cab
+*.msi
+*.msix
+*.msm
+*.msp
+
+# Windows shortcuts
+*.lnk
+
+# End of https://www.toptal.com/developers/gitignore/api/macos,linux,windows

Dockerfile

@@ -0,0 +1,58 @@
+# TOOLCHAIN_PLATFORM is pinned to linux/amd64 so the ARM cross-compilers and
+# qemu-user-static are always x86_64 binaries, matching the tested path.
+# Passing `--platform` through an ARG silences the Docker linter warning about
+# constant --platform values while keeping the behaviour identical.
+ARG TOOLCHAIN_PLATFORM=linux/amd64
+FROM --platform=${TOOLCHAIN_PLATFORM} debian:trixie
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Toolchain and utilities needed by build targets in this repository.
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+    bc \
+    bison \
+    build-essential \
+    ca-certificates \
+    cpio \
+    debootstrap \
+    dosfstools \
+    e2fsprogs \
+    fdisk \
+    file \
+    flex \
+    gcc-arm-linux-gnueabi \
+    gcc-arm-linux-gnueabihf \
+    git \
+    kmod \
+    kpartx \
+    libncurses-dev \
+    libssl-dev \
+    libyaml-dev \
+    lzop \
+    make \
+    parted \
+    python3 \
+    python3-pyelftools \
+    python3-venv \
+    qemu-user-static \
+    rsync \
+    sudo \
+    unzip \
+    util-linux \
+    u-boot-tools \
+    wget \
+    xz-utils \
+    && rm -rf /var/lib/apt/lists/*
+
+# brainlilo requires arm-mingw32ce toolchain from cegcc-build releases.
+RUN wget -q -O /tmp/cegcc.zip https://github.com/brain-hackers/cegcc-build/releases/download/2022-04-11-133546/cegcc-2022-04-11-133546.zip \
+    && unzip -q /tmp/cegcc.zip -d /tmp \
+    && mkdir -p /opt \
+    && mv /tmp/cegcc /opt/cegcc \
+    && rm -rf /tmp/cegcc.zip
+
+WORKDIR /work
+
+# Keep entrypoint simple so callers can pass arbitrary make targets.
+CMD ["bash"]

Makefile

@@ -5,6 +5,9 @@ LINUX_CROSS=$(shell ./tools/getcross linux)
 ROOTFS_CROSS=$(shell ./tools/getcross rootfs)
 export ARCH=arm
 
+DOCKER_IMAGE := buildbrain-builder:local
+ROOTFS_VOLUME := buildbrain-brainux-rootfs
+
 .PHONY:
 setup:
 	@echo "Updating submodules"
@@ -135,25 +138,37 @@ lilobuild:
 liloclean:
 	make -C ./brainlilo clean
 
+.PHONY: brainux brainux-umount-special brainux-clean
 brainux: 
 	@if [ "$(shell uname)" != "Linux" ]; then \
 		echo "Debootstrap is only available in Linux!"; \
 		exit 1; \
 	fi
 	mkdir -p brainux
-	sudo mkdir -p brainux/proc brainux/sys
-	sudo mount -t proc none $(shell pwd)/brainux/proc
-	sudo mount --rbind /sys $(shell pwd)/brainux/sys
-	
 	@if [ "$(CI)" = "true" ]; then \
 		echo "I'm in CI and debootstrap without cache."; \
 		sudo debootstrap --arch=$(ROOTFS_CROSS) --foreign trixie brainux/; \
 	else \
 		sudo debootstrap --arch=$(ROOTFS_CROSS) --foreign trixie brainux/ http://localhost:65432/debian/; \
 	fi
+
+	# Keep the mounting commands AFTER the first stage of debootstrap, because
+	# debootstrap's cleanup code/trap tries to clean up the target directory
+	# (`rm -rf /work/brainux/proc`) and fails because proc virtual files can't be removed.
+	sudo mkdir -p brainux/proc brainux/sys
+	sudo mount -t proc none $(shell pwd)/brainux/proc
+	sudo mount --rbind /sys $(shell pwd)/brainux/sys
+
 	sudo cp /usr/bin/qemu-arm-static brainux/usr/bin/
 	sudo cp ./os-brainux/setup_brainux.sh brainux/
 	sudo ./os-brainux/override-pre.sh ./os-brainux/override ./brainux
+	# Register qemu-arm-static binfmt handler if not already present.
+	sudo bash -c 'mount binfmt_misc -t binfmt_misc /proc/sys/fs/binfmt_misc 2>/dev/null; test -e /proc/sys/fs/binfmt_misc/qemu-arm || echo ":qemu-arm:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-arm-static:F" > /proc/sys/fs/binfmt_misc/register'
+	# Allow qemu-arm-static to reserve the guest address space at low virtual
+	# addresses (0x1000).  On Linux hosts vm.mmap_min_addr defaults to 65536
+	# which blocks the reservation, causing armel binaries like sqv (apt's
+	# OpenPGP verifier) to fail.  This requires --privileged in Docker.
+	sudo sh -c 'echo 0 > /proc/sys/vm/mmap_min_addr'
 	sudo -E chroot brainux /setup_brainux.sh
 	sudo rm brainux/setup_brainux.sh
 	sudo ./os-brainux/override.sh ./os-brainux/override ./brainux
@@ -195,3 +210,42 @@ aptcache:
 .PHONY:
 datetag:
 	git tag $(shell ./tools/version)
+
+.PHONY:
+docker-build:
+	docker build --platform linux/amd64 -t $(DOCKER_IMAGE) -f Dockerfile .
+
+.PHONY:
+docker-uboot:
+	docker run --rm --platform linux/amd64 -v "$$PWD":/work -w /work $(DOCKER_IMAGE) \
+		bash -lc "make udefconfig-sh1 && make ubuild"
+
+.PHONY:
+docker-kernel:
+	docker run --rm --platform linux/amd64 -v "$$PWD":/work -w /work $(DOCKER_IMAGE) \
+		bash -lc "make lclean; make ldefconfig && make lbuild"
+
+.PHONY:
+docker-rootfs: docker-volume-rm docker-volume-create
+	docker run --rm --platform linux/amd64 --privileged -e CI=true \
+		-v $(ROOTFS_VOLUME):/work/brainux \
+		-v "$$PWD":/work -w /work $(DOCKER_IMAGE) \
+		bash -lc "make brainux"
+
+.PHONY:
+docker-sd-image:
+	docker run --rm --platform linux/amd64 --privileged \
+		-v $(ROOTFS_VOLUME):/work/brainux \
+		-v "$$PWD":/work -w /work $(DOCKER_IMAGE) \
+		bash -lc "make -C nkbin_maker clean all && make IMG_BUILD_JOBS=1 image/sd.img"
+
+.PHONY:
+docker-sd-image-full: docker-kernel docker-rootfs docker-sd-image
+
+.PHONY:
+docker-volume-create:
+	docker volume create $(ROOTFS_VOLUME)
+
+.PHONY:
+docker-volume-rm:
+	docker volume rm $(ROOTFS_VOLUME) 2>/dev/null || true

README.md

@@ -13,6 +13,7 @@ Confirmed environments
 
 - Debian 10 (buster) amd64
 - Debian 11 (bullseye) amd64
+- macOS 26.5 (Tahoe) arm64-apple-darwin25.5.0 via Docker
 
 
 Getting Started
@@ -121,6 +122,91 @@ If you want to customize the build of Buildroot, `cd` into `buildroot` and use t
 `image/sd_buildroot.img` target expects presence of the tarball at `buildroot/output/images/rootfs.tar`. You'll have to `clean` and rebuild every time you change the Buildroot's config before making the SD image.
 
 
+Docker build
+------------
+
+You can build everything in Docker instead of preparing native Linux cross toolchains on your host.
+
+### Prerequisites
+
+- Docker Desktop (or Docker Engine) with Linux containers enabled
+- A clone with submodules initialized
+
+### Steps
+
+1. Build the builder image.
+
+    ```sh
+    make docker-build
+    ```
+
+2. Build complete SD image in stages (recommended for macOS to avoid daemon crashes).
+
+    ```sh
+    make docker-sd-image-full
+    ```
+
+    This runs three separate containers in sequence, which distributes resource load and prevents Docker Desktop daemon from running out of memory. Alternatively, run each stage independently:
+
+    ```sh
+    make docker-kernel
+    make docker-rootfs
+    make docker-sd-image
+    ```
+
+    **Note:** On macOS Docker Desktop, the combined memory footprint of kernel compilation, rootfs staging, and loop device operations can exceed the default VM allocation (~2-4 GB). Breaking into stages allows the daemon to garbage collect between steps.
+
+    **Note:** `make docker-rootfs` (and thus `make docker-sd-image-full`) always deletes and recreates the named volume `buildbrain-brainux-rootfs` before building, so each rootfs build starts from a clean slate. To delete the volume manually between runs use `make docker-volume-rm`.
+
+### Direct Docker commands (advanced)
+
+For macOS, run in **stages** and use a **named volume** for the rootfs.
+
+> [!NOTE] Why a named volume for the rootfs?
+> macOS APFS (the host filesystem behind Docker bind mounts) cannot create device
+> files (`mknod`), may strip `setuid` bits, and does not faithfully preserve all
+> Linux filesystem attributes.  If the Debian rootfs is stored on APFS the result
+> looks complete but will fail to boot — systemd cannot exec as PID 1 because the
+> rootfs is subtly broken.  The `make docker-*` targets below store `brainux/` in a
+> Docker **named volume** (`buildbrain-brainux-rootfs`), which lives inside the
+> Docker Desktop Linux VM on an ext4 filesystem and supports full Linux semantics.
+
+```sh
+# Create a named volume for the rootfs (Linux ext4 inside the Docker Desktop VM)
+$ docker volume create buildbrain-brainux-rootfs
+
+# Stage 1: kernel (bind mount is fine for source + outputs)
+$ docker run --rm --platform linux/amd64 -v "$PWD":/work -w /work buildbrain-builder:local \
+    bash -lc "make ldefconfig && make lbuild"
+
+# Stage 2: rootfs (must use named volume, NOT a bind mount for brainux/)
+$ docker run --rm --platform linux/amd64 --privileged -e CI=true \
+    -v buildbrain-brainux-rootfs:/work/brainux \
+    -v "$PWD":/work -w /work buildbrain-builder:local \
+    bash -lc "make brainux"
+
+# Stage 3: image assembly (mount the same named volume so cp -a reads from Linux ext4)
+$ docker run --rm --platform linux/amd64 --privileged \
+    -v buildbrain-brainux-rootfs:/work/brainux \
+    -v "$PWD":/work -w /work buildbrain-builder:local \
+    bash -lc "make -C nkbin_maker clean all && make IMG_BUILD_JOBS=1 image/sd.img"
+```
+
+On Linux with sufficient resources, you can run all steps in one container (no named volume needed on a native Linux host):
+
+```sh
+$ docker run --rm --platform linux/amd64 --privileged -e CI=true -v "$PWD":/work -w /work buildbrain-builder:local \
+    bash -lc "make ldefconfig lbuild && make nkbin-maker && make brainux && make image/sd.img"
+```
+
+Other useful Docker recipes:
+
+- `make docker-uboot` to build U-Boot
+- `make docker-kernel` to build Linux kernel
+- `make docker-volume-create` to (re-)create the rootfs named volume
+- `make docker-volume-rm` to delete the rootfs named volume and reclaim its disk space
+
+
 Known issues
 ----------------------------------------
 If you use GCC 10 for the host compiler, `make ubuild` may fail.

image/build_image.sh

@@ -1,14 +1,33 @@
 #!/bin/bash
 set -uex -o pipefail
 
-JOBS=$(nproc)
+show_help() {
+    cat << 'EOF'
+Usage: ./build_image.sh ROOTFS IMG_NAME SIZE_M
+
+Build a bootable image for Brainux.
+
+Arguments:
+  ROOTFS       Path to the root filesystem directory to include in the image (default: "rootfs").
+  IMG_NAME     Name of the output image file (default: sd.img).
+  SIZE_M       Size of the output image in megabytes (default: 3072).
+EOF
+}
+
+# Trigger help if requested or if no arguments are passed
+if [[ "$1" == "-h" || "$1" == "--help" || -z "$1" ]]; then
+    show_help
+    exit 0
+fi
+
+JOBS=${IMG_BUILD_JOBS:-$(nproc)}
 REPO=$(git rev-parse --show-toplevel)
 WORK=${REPO}/image/work
 LINUX=${REPO}/linux-brain
-ROOTFS=$1
-IMG_NAME=$2
+ROOTFS=${1:-rootfs}
+IMG_NAME=${2:-sd.img}
 IMG=${REPO}/image/${IMG_NAME}
-SIZE_M=$3
+SIZE_M=${3:-3072}
 export CROSS_COMPILE=arm-linux-gnueabi-
 
 mkdir -p ${WORK}
@@ -16,23 +35,26 @@ mkdir -p ${WORK}/lilobin
 
 for i in "a7200" "a7400" "sh1" "sh2" "sh3" "sh4" "sh5" "sh6" "sh7"; do
     NUM=$(echo $i | sed -E 's/sh//g')
+    BUILD_DIR=${WORK}/uboot-build-${i}
 
-    make -C ${REPO}/u-boot-brain distclean pw${i}_defconfig
-    make -j${JOBS} -C ${REPO}/u-boot-brain u-boot.bin
-    ${REPO}/nkbin_maker/bsd-ce ${REPO}/u-boot-brain/u-boot.bin
+    rm -rf ${BUILD_DIR}
+    rsync -a --exclude '.git' ${REPO}/u-boot-brain/ ${BUILD_DIR}/
+    make -C ${BUILD_DIR} pw${i}_defconfig
+    make -j${JOBS} -C ${BUILD_DIR} u-boot.bin
+    ${REPO}/nkbin_maker/bsd-ce ${BUILD_DIR}/u-boot.bin
 
     case $i in
         "a7200")
             mv ${REPO}/nk.bin ${WORK}/edna3exe.bin
-            mv ${REPO}/u-boot-brain/u-boot.bin ${WORK}/lilobin/gen2.bin;;
+            mv ${BUILD_DIR}/u-boot.bin ${WORK}/lilobin/gen2.bin;;
         "a7400")
-            mv ${REPO}/u-boot-brain/u-boot.bin ${WORK}/lilobin/gen2_7400.bin;;
+            mv ${BUILD_DIR}/u-boot.bin ${WORK}/lilobin/gen2_7400.bin;;
         "sh1" | "sh2" | "sh3")
             mv ${REPO}/nk.bin ${WORK}/edsa${NUM}exe.bin
-            mv ${REPO}/u-boot-brain/u-boot.bin ${WORK}/lilobin/gen3_${NUM}.bin;;
+            mv ${BUILD_DIR}/u-boot.bin ${WORK}/lilobin/gen3_${NUM}.bin;;
         "sh4" | "sh5" | "sh6" | "sh7")
             mv ${REPO}/nk.bin ${WORK}/edsh${NUM}exe.bin
-            mv ${REPO}/u-boot-brain/u-boot.bin ${WORK}/lilobin/gen3_${NUM}.bin;;
+            mv ${BUILD_DIR}/u-boot.bin ${WORK}/lilobin/gen3_${NUM}.bin;;
         *)
             echo "WTF: $i"
             exit 1;;
@@ -52,9 +74,8 @@ EOF
 
 sfdisk ${IMG} < ${WORK}/part.sfdisk
 
-sudo kpartx -av ${IMG}
-
-LOOPDEV=$(losetup -l | grep ${IMG_NAME} | grep -o 'loop.' | tail -n 1)
+KPARTX_OUTPUT=$(sudo kpartx -av ${IMG})
+LOOPDEV=$(echo "${KPARTX_OUTPUT}" | sed -n 's/^add map \(loop[0-9]\+\)p1.*/\1/p' | head -n 1)
 
 sudo mkfs.fat -n boot -F32 -v -I /dev/mapper/${LOOPDEV}p1
 sudo mkfs.ext4 -L rootfs /dev/mapper/${LOOPDEV}p2
@@ -63,7 +84,7 @@ mkdir -p ${WORK}/p1 ${WORK}/p2
 sudo mount -o utf8=true /dev/mapper/${LOOPDEV}p1 ${WORK}/p1
 sudo mount /dev/mapper/${LOOPDEV}p2 ${WORK}/p2
 
-echo ${BRAINUX_VERSION} > ${WORK}/brainux_version
+echo ${BRAINUX_VERSION:-unknown} > ${WORK}/brainux_version
 sudo cp ${WORK}/brainux_version ${WORK}/p1/
 sudo cp ${LINUX}/arch/arm/boot/zImage ${WORK}/p1/
 sudo cp ${LINUX}/arch/arm/boot/dts/imx28-pw*.dtb ${WORK}/p1/

os-brainux/override.sh

@@ -14,8 +14,8 @@ install -g root -o root -m 0644 $SRC/etc/X11/Xsession.d/96calibrate $DST/etc/X11
 install -g root -o root -m 0644 -D $SRC/etc/xdg/weston/weston.ini $DST/etc/xdg/weston/weston.ini
 
 install -g 1000 -o 1000 -m 0644 $SRC/home/user/.xprofile $DST/home/user/.xprofile
-sudo -u#1000 -g#1000 mkdir -p $DST/home/user/.config/fcitx
+install -d -o 1000 -g 1000 -m 0755 $DST/home/user/.config/fcitx
 install -g 1000 -o 1000 -m 0644 $SRC/home/user/.config/fcitx/profile $DST/home/user/.config/fcitx/profile
-sudo -u#1000 -g#1000 mkdir -p $DST/home/user/lxterminal
+install -d -o 1000 -g 1000 -m 0755 $DST/home/user/lxterminal
 install -g 1000 -o 1000 -m 0644 $SRC/home/user/lxterminal/lxterminal.conf $DST/home/user/lxterminal/lxterminal.conf
 install -g root -o root -m 0644 -D $SRC/etc/jwm/system.jwmrc $DST/etc/jwm/system.jwmrc

os-brainux/setup_brainux.sh

@@ -57,12 +57,9 @@ echo "brain" > /etc/hostname
 
 # curl, ca-certificates: downloads the GPG key from packagecloud
 # gnupg, debian-archive-keyring: packagecloud verification dependency
+# apt-transport-https: needed before we can add the HTTPS packagecloud source
 DEBIAN_FRONTEND=noninteractive \
-    apt install -y curl ca-certificates gnupg debian-archive-keyring
-
-# apt-transport-https can be installed after debian-archive-keyring being installed
-DEBIAN_FRONTEND=noninteractive \
-    apt install -y apt-transport-https
+    apt install -y curl ca-certificates gnupg debian-archive-keyring apt-transport-https
 
 # Install GPG key and packagecloud repository config
 mkdir -p /etc/apt/keyrings
@@ -102,7 +99,7 @@ DEBIAN_FRONTEND=noninteractive \
 cd /
 git clone --recurse-submodules -b master-24f017e https://github.com/brain-hackers/ly.git
 cd ly
-make
+make -j$(nproc)
 make install
 make installsystemd
 cd /