diff --git a/src/build-instructions.md b/src/build-instructions.md index 71d3368..88d901a 100644 --- a/src/build-instructions.md +++ b/src/build-instructions.md @@ -71,6 +71,9 @@ For Ubuntu 20.04, also install `python2`. ffmpeg-devel pulseaudio-libs-devel libxkbfile-devel openssl-devel llvm libcap-devel ``` + + See also the `rpm/` sub-directory for docker-compose instructions. + **OpenSUSE Tumbleweed** You will need to build Darling with only the 64bit components. See **Build Options** for instructions. @@ -121,9 +124,7 @@ If you have already cloned Darling and would like to get the latest changes, do ``` $ git lfs install -$ git pull -$ git submodule init -$ git submodule update +$ git pull --recurse-submodules ``` # Build @@ -159,6 +160,12 @@ $ make lkm $ sudo make lkm_install ``` +The above builds against your currently running kernel. If you need to build against a different one from your running kernel, set `KERNELDIR`: + +``` +$ KERNELDIR=/lib/modules/5.6.19-300.fc32.x86_64/build/ make lkm +``` + If module installation produces warnings such as `SSL error:02001002:system library:fopen:No such file or directory: bss_file.c:175`, then these can be usually ignored, unless you configured your system to enforce secure boot. The kernel module is an experimental piece of code; it's likely to have many bugs and vulnerabilities. Be prepared for kernel hangups and crashes, and run Darling on a virtual machine if possible. @@ -226,6 +233,8 @@ Cannot open mnt namespace file: No such file or directory ``` To work around this try this command: `setsebool -P mmap_low_allowed 1`. +( `-P` means persistent - Don't use this option if you prefer to auto-revert this change after reboot. +See `man 8 kernel_selinux` of selinux policy documentation for details. ) ### Secure Boot @@ -243,11 +252,27 @@ Use the following commands to generate a key and self-sign the kernel module: openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=Darling LKM/" # Enroll Key sudo mokutil --import MOK.der -# Sign Module +``` + +Fedora ships the signing certificates of their release kernels in `/usr/share/doc/kernel-keys/` as part of the `kernel-core` package. + +The signing tool is `scripts/sign-file.c` within the kernel source tree. See `Documentation/admin-guide/module-signing.rst` at https://www.kernel.org for usage. +This tool is packaged differently for different Linux distributions: + +``` +# Fedora - Sign Module +sudo /lib/modules/$(uname -r)/build/scripts/sign-file sha512 MOK.priv MOK.der /lib/modules/$(uname -r)/extra/darling-mach.ko +sudo /lib/modules/$(uname -r)/build/scripts/sign-file sha512 MOK.priv MOK.der /lib/modules/$(uname -r)/extra/darling-overlay.ko + +# Ubuntu (not Debian) - Sign Module sudo kmodsign sha512 MOK.priv MOK.der /lib/modules/$(uname -r)/extra/darling-mach.ko +sudo kmodsign sha512 MOK.priv MOK.der /lib/modules/$(uname -r)/extra/darling-overlay.ko + # Reboot System and Enroll Key ``` +Debian / Raspbian does not provide this tool in binary form (Debian bug #939393, Sept 2019), nor SuSE. You may need to build it by `make scripts` +in a kernel source tree. ### No rule to make target 'modules' diff --git a/src/darling-prefix.md b/src/darling-prefix.md index a36a5ed..2e672c5 100644 --- a/src/darling-prefix.md +++ b/src/darling-prefix.md @@ -8,6 +8,11 @@ The container uses overlayfs along with a user mount namespace to provide a diff When you run an executable inside the prefix for the first time (after boot), `launchd`, the Darwin init process representing the container is started. This init process keeps the root file system mounted. +Note: Do not put an ending `/` in the variable - Darling uses `${DPREFIX}.workdir` directly as overlayfs's working directory, +and `someplace/.workdir` breaks it. Also, do not create it beforehand (unlike WINE) - if the directory exists and empty, it confuses darling. + +Also, cannot set DPREFIX via `DPREFIX=prefix darling shell` (unlike wine) - you will see an error message about `Target executable not found: /sbin/launchd`. + ## Updating the prefix Unlike Wine, Darling doesn't need to update the prefix whenever the Darling installation is updated. There is one caveat, though: since overlayfs caches the contents of underlying file system(s), you may need to terminate the container to see Darling's updated files: diff --git a/src/what-to-try.md b/src/what-to-try.md index ab5fa96..b5c2ec9 100644 --- a/src/what-to-try.md +++ b/src/what-to-try.md @@ -221,6 +221,9 @@ System/ com.apple.xpc.system (XPC Singleton Domain)/ ``` +And, `launchctl shutdown` for completely shutting down darling, including lingering background processes. +This might be useful if you want to unload the kernel modules, for example. + Read `man launchctl` for more information of other commands `launchctl` has. ## Fetch a webpage