# Corporate Network Deployment Guide (Air-Gap) **Document ID:** DEPLOY-CORP-001-REV2 **Date:** 2026-03-01 **Build Name:** UT (Universität/Projekt) **Target:** TQMa6UL on MBa6ULx **Environment:** Air-gapped corporate network --- ## Overview This guide describes deployment of the UT Yocto mirror in an air-gapped corporate network. The corporate system has no internet access and requires complete offline build capability. **Prerequisites:** - Software approval documentation received - UT-mirror-package.tar.gz transferred securely - Checksum verified - Ubuntu 22.04 system ready (can use local Ubuntu mirror for apt) --- ## Pre-Deployment Checklist - [ ] Software approval granted - [ ] Mirror archive transferred to corporate network - [ ] SHA256 checksum verified: `sha256sum -c *.sha256` - [ ] Sufficient disk space (200GB+) - [ ] Ubuntu 22.04 installed (can use local apt mirror) - [ ] User has sudo privileges - [ ] Target directory `/opt/UT-yocto` approved by IT --- ## Step 1: Extract Mirror Archive ```bash # Create base directory export UT_BASE=/opt/UT-yocto sudo mkdir -p ${UT_BASE} sudo chown $(whoami):$(whoami) ${UT_BASE} # Extract mirror archive cd ${UT_BASE} tar xzf /path/to/transfer/UT-tqma6ul-yocto-scarthgap-*.tar.gz # Verify structure ls -la UT-mirror-package/ # Should show: sources/, premirror/, downloads/, licenses/, configs/ ``` --- ## Step 2: Install Build Dependencies From corporate Ubuntu mirror (or pre-approved packages): ```bash sudo apt update sudo apt install -y \ git python3 jq bash grep gawk wget diffstat \ chrpath cpio texinfo gcc g++ make file tar \ bzip2 gzip xz-utils zstd lz4 patch perl \ python3-pexpect socat unzip rsync bc \ libsdl1.2-dev xterm # Locale setup sudo locale-gen en_US.UTF-8 sudo update-locale LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 export LC_ALL=en_US.UTF-8 export LANG=en_US.UTF-8 ``` --- ## Step 3: Setup Mirror Directories ```bash # Create system mirror directories sudo mkdir -p /srv/yocto/{premirror,downloads,sstate-cache} sudo chown -R $(whoami):$(whoami) /srv/yocto # Copy mirror contents cd ${UT_BASE}/UT-mirror-package # Copy premirror (git repos and tarballs) cp -r premirror/* /srv/yocto/premirror/ # Copy downloads cp -r downloads/* /srv/yocto/downloads/ # SState cache (optional, speeds up rebuilds) cp -r sstate-cache/* /srv/yocto/sstate-cache/ 2>/dev/null || true ``` --- ## Step 4: Configure Site Configuration Create `~/.yocto/site.conf` for air-gap: ```bash mkdir -p ~/.yocto cat > ~/.yocto/site.conf <<'EOF' # UT Project - Air-Gap Configuration # Build: UT # Target: TQMa6UL # Date: 2026-03-01 # Mirror directories (local filesystem) DL_DIR = "/srv/yocto/downloads" SSTATE_DIR = "/srv/yocto/sstate-cache" # Air-gap settings BB_NO_NETWORK = "1" BB_FETCH_PREMIRRORONLY = "1" # Premirror configuration (local files only) SOURCE_MIRROR_URL = "file:///srv/yocto/premirror/" INHERIT += "own-mirrors" PREMIRRORS:prepend = " \ git://.*/.* file:///srv/yocto/premirror/ \n \ ftp://.*/.* file:///srv/yocto/premirror/ \n \ http://.*/.* file:///srv/yocto/premirror/ \n \ https://.*/.* file:///srv/yocto/premirror/ \n \ " # Parallelism (adjust to hardware) BB_NUMBER_THREADS ?= "8" PARALLEL_MAKE ?= "-j8" # License compliance COPY_LIC_MANIFEST = "1" COPY_LIC_DIRS = "1" INHERIT += "archiver" ARCHIVER_MODE[src] = "original" EOF ``` --- ## Step 5: Initialize Build Environment ```bash cd ${UT_BASE}/UT-mirror-package/sources/ci-meta-tq # Verify submodules are present ls -la sources/ # Set machine for TQMa6UL export ACCEPT_FSL_EULA=1 export MACHINE=tqma6ul-multi-mba6ulx # Initialize build (creates build_ut) . ./setup-environment build_ut mainline # Verify configuration bitbake -e | grep "^MACHINE=" # Should show: MACHINE="tqma6ul-multi-mba6ulx" ``` --- ## Step 6: Verify Air-Gap Build ### 6.1 Test Offline Build ```bash # Ensure we're in build environment cd ${UT_BASE}/UT-mirror-package/sources/ci-meta-tq export ACCEPT_FSL_EULA=1 export MACHINE=tqma6ul-multi-mba6ulx . ./setup-environment build_ut mainline # Verify no network access is attempted export BB_NO_NETWORK=1 # Start build (should complete without network) bitbake tq-image-small-debug ``` **Expected:** Build completes using only local premirror sources. ### 6.2 Verify 2038 Compliance ```bash # Check time_t size echo '#include ' | \ ${WORKDIR}/recipe-sysroot-native/usr/bin/arm-poky-linux-gnueabi-gcc -x c - -dM -E | \ grep TIME_BITS # Expected: #define __TIME_BITS 64 # Check kernel config bitbake -e virtual/kernel | grep CONFIG_COMPAT_32BIT_TIME # Expected: CONFIG_COMPAT_32BIT_TIME=y ``` --- ## Step 7: Development Workflow ### Daily Build Commands ```bash # Enter build environment cd ${UT_BASE}/UT-mirror-package/sources/ci-meta-tq export ACCEPT_FSL_EULA=1 export MACHINE=tqma6ul-multi-mba6ulx . ./setup-environment build_ut mainline # Build target image bitbake tq-image-small-debug # Deploy to target (SD card) # See TQ documentation for deployment methods ``` ### SDK Generation (for Application Development) ```bash # Generate SDK for application developers bitbake tq-image-small-debug -c populate_sdk # Install SDK ${UT_BASE}/UT-mirror-package/sources/ci-meta-tq/build_ut/tmp/deploy/sdk/*.sh # Source SDK in new terminal source /opt/poky/.../environment-setup-arm-poky-linux-gnueabi ``` --- ## Build Verification Checklist - [ ] Air-gap build completes without network errors - [ ] Image boots on TQMa6UL hardware - [ ] 2038 compliance verified (64-bit time_t) - [ ] License manifest generated - [ ] All proprietary components reviewed - [ ] SDK functional for application development --- ## Troubleshooting ### Issue: "Failed to fetch" errors **Cause:** BitBake trying to access network **Solution:** ```bash # Verify settings grep BB_NO_NETWORK ~/.yocto/site.conf grep SOURCE_MIRROR_URL ~/.yocto/site.conf # Should show: # BB_NO_NETWORK = "1" # SOURCE_MIRROR_URL = "file:///srv/yocto/premirror/" ``` ### Issue: Missing files in premirror **Cause:** Incomplete transfer **Solution:** ```bash # Re-verify checksum on source system # Re-transfer missing files ``` ### Issue: Permission denied **Solution:** ```bash sudo chown -R $(whoami):$(whoami) /opt/UT-yocto /srv/yocto ``` --- ## Security & Compliance 1. **No Network Access:** Build verified to complete offline 2. **Source Audit:** All sources archived and traceable 3. **License Compliance:** License manifest generated per build 4. **User Permissions:** Build as regular user, not root --- ## Support & Documentation - **TQ BSP Documentation:** Included in `sources/meta-tq/` - **Yocto Manuals:** Included in `sources/poky/documentation/` - **License Info:** `build_ut/tmp/deploy/licenses/` --- **Document Version:** 2.0 **Author:** Siggi ⚙️ **Build:** UT **Last Updated:** 2026-03-01