|
|
|
|
@ -7,12 +7,21 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
|
|
|
|
############## Setup #########################
|
|
|
|
|
|
|
|
|
|
function cleanup {
|
|
|
|
|
sync
|
|
|
|
|
kill_gpg_agent
|
|
|
|
|
stop_jails
|
|
|
|
|
unmount_folders
|
|
|
|
|
remove_memory_devices
|
|
|
|
|
for f in "${folders[@]}"; do
|
|
|
|
|
>&2 echo "Deleting $f"
|
|
|
|
|
log "Deleting $f"
|
|
|
|
|
rm -rf "$f"
|
|
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
folders=()
|
|
|
|
|
jails=()
|
|
|
|
|
memorydevices=()
|
|
|
|
|
mountedfolders=()
|
|
|
|
|
gpgagents=()
|
|
|
|
|
for sig in EXIT INT QUIT HUP TERM; do
|
|
|
|
|
trap "set +e; cleanup" "$sig"
|
|
|
|
|
done
|
|
|
|
|
@ -112,31 +121,21 @@ Mkc=
|
|
|
|
|
|
|
|
|
|
function precheck {
|
|
|
|
|
# Checks to run before building the image
|
|
|
|
|
if [ $(id -u) -ne 0 ]; then
|
|
|
|
|
die 1 "Must run as root."
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if ! grep -q 'linux.ko' <<<"$(kldstat)"; then
|
|
|
|
|
die 1 "Need linux kernel module for building initramfs."
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
for bin in gpg sha256; do
|
|
|
|
|
for bin in gpg sha256 mkfs.ext4; do
|
|
|
|
|
if ! command -V "$bin" &> /dev/null; then
|
|
|
|
|
die 1 "Need $bin installed."
|
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function make_chroot {
|
|
|
|
|
bsdtar -C "$chroot" -xpf "${download_directory}/${ALPINE_TARBALL}"
|
|
|
|
|
|
|
|
|
|
# Steal the DNS info from the host
|
|
|
|
|
(umask 022 && resolvconf -l > "${chroot}/etc/resolv.conf")
|
|
|
|
|
|
|
|
|
|
# Enter the jail
|
|
|
|
|
# install mkinitfs
|
|
|
|
|
sudo jail -c path="$chroot" ip4=inherit ip6=inherit host=inherit allow.raw_sockets=true command=/bin/sh
|
|
|
|
|
|
|
|
|
|
# Remove the resolv.conf file since it should get populated via dhcp
|
|
|
|
|
rm "${chroot}/etc/resolv.conf"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function download_alpine {
|
|
|
|
|
if [ "$LOCAL_DEV" == "true" ] && [ -e "${NETIZEN_CACHE}/${ALPINE_TARBALL}" ]; then
|
|
|
|
|
# Cache for local development to avoid stressing alpine servers
|
|
|
|
|
@ -152,24 +151,132 @@ function download_alpine {
|
|
|
|
|
sha256 -c "$ALPINE_SHA256" "${download_directory}/${ALPINE_TARBALL}"
|
|
|
|
|
|
|
|
|
|
local keyring="$work_directory/keyring"
|
|
|
|
|
gpg --no-default-keyring --keyring "$keyring" --trust-model always --import <<<"$ALPINE_KEY"
|
|
|
|
|
gpg --no-default-keyring --keyring "$keyring" --trust-model always --verify <(cat <<<"$ALPINE_SIGNATURE") "${download_directory}/${ALPINE_TARBALL}"
|
|
|
|
|
local gpghome="$work_directory/gpghome"
|
|
|
|
|
(umask 077 && mkdir "$gpghome")
|
|
|
|
|
GNUPGHOME="$gpghome" gpg --no-default-keyring --keyring "$keyring" --trust-model always --import <<<"$ALPINE_KEY"
|
|
|
|
|
gpgagents+=("$gpghome")
|
|
|
|
|
GNUPGHOME="$gpghome" gpg --no-default-keyring --keyring "$keyring" --trust-model always --verify <(cat <<<"$ALPINE_SIGNATURE") "${download_directory}/${ALPINE_TARBALL}"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function make_chroot {
|
|
|
|
|
bsdtar -C "$chroot" -xpf "${download_directory}/${ALPINE_TARBALL}"
|
|
|
|
|
|
|
|
|
|
# Steal the DNS info from the host
|
|
|
|
|
(umask 022 && resolvconf -l > "${chroot}/etc/resolv.conf")
|
|
|
|
|
|
|
|
|
|
# Enter the jail
|
|
|
|
|
# install mkinitfs
|
|
|
|
|
jid=$(jail -c -i path="$chroot" ip4=inherit ip6=inherit host=inherit allow.raw_sockets=true persist)
|
|
|
|
|
jails+=("$jid")
|
|
|
|
|
|
|
|
|
|
jexec "$jid" apk add --no-cache mkinitfs docker linux-virt
|
|
|
|
|
jexec "$jid" apk add --no-cache --repository 'http://dl-cdn.alpinelinux.org/alpine/edge/testing' refind
|
|
|
|
|
module_name=$(jexec "$jid" ls /lib/modules/)
|
|
|
|
|
jexec "$jid" mkinitfs -c /etc/mkinitfs/mkinitfs.conf -b / "$module_name"
|
|
|
|
|
jexec "$jid" mkdir /boot/efi
|
|
|
|
|
jexec "$jid" cp -r /usr/share/refind /boot/efi/boot
|
|
|
|
|
jexec "$jid" cp /boot/efi/boot/refind_x64.efi /boot/efi/boot/bootx64.efi
|
|
|
|
|
(umask 022 && tee "${chroot}/boot/refind_linux.conf" <<EOF
|
|
|
|
|
"Boot normal" "rw root=vda2 console=ttyS0,115200"
|
|
|
|
|
EOF
|
|
|
|
|
)
|
|
|
|
|
# (umask 022 && tee "${chroot}/boot/refind_linux.conf" <<EOF
|
|
|
|
|
# "Boot normal" "rw root=PARTLABEL=DIB console=ttyS0,115200"
|
|
|
|
|
# EOF
|
|
|
|
|
# )
|
|
|
|
|
# Open shell to look/experiment
|
|
|
|
|
# jexec "$jid" /bin/sh
|
|
|
|
|
|
|
|
|
|
# Remove the resolv.conf file since it should get populated via dhcp
|
|
|
|
|
rm "${chroot}/etc/resolv.conf"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function make_image {
|
|
|
|
|
dd if=/dev/zero of="$image_file" bs=1 count=0 seek=10G
|
|
|
|
|
local image_device
|
|
|
|
|
# image_device=$(mdconfig -a -t vnode -f "$image_file")
|
|
|
|
|
image_device=$(mdconfig -f "$image_file")
|
|
|
|
|
memorydevices+=("$image_device")
|
|
|
|
|
|
|
|
|
|
efi_partition="${image_device}p1"
|
|
|
|
|
data_partition="${image_device}p2"
|
|
|
|
|
|
|
|
|
|
gpart create -s gpt "$image_device"
|
|
|
|
|
gpart add -t efi -l efi -a4k -s500m "$image_device"
|
|
|
|
|
newfs_msdos "${efi_partition}"
|
|
|
|
|
gpart add -t linux-data -l DIB -a4k "$image_device"
|
|
|
|
|
mkfs.ext4 "/dev/${data_partition}"
|
|
|
|
|
|
|
|
|
|
mount -t ext2fs "/dev/${data_partition}" "${mount_directory}"
|
|
|
|
|
mountedfolders+=("$mount_directory")
|
|
|
|
|
boot_directory="${mount_directory}/boot"
|
|
|
|
|
mkdir -p "$boot_directory"
|
|
|
|
|
mount_msdosfs "/dev/${efi_partition}" "${boot_directory}"
|
|
|
|
|
mountedfolders+=("$boot_directory")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function kill_gpg_agent {
|
|
|
|
|
for f in "${gpgagents[@]}"; do
|
|
|
|
|
log "Killing gpg-agent $f"
|
|
|
|
|
GNUPGHOME="$f" gpgconf --kill gpg-agent
|
|
|
|
|
done
|
|
|
|
|
gpgagents=()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function stop_jails {
|
|
|
|
|
for f in "${jails[@]}"; do
|
|
|
|
|
log "Stopping jail $f"
|
|
|
|
|
jail -r "$f"
|
|
|
|
|
done
|
|
|
|
|
jails=()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function unmount_folders {
|
|
|
|
|
for (( idx=${#mountedfolders[@]}-1 ; idx>=0 ; idx-- )) ; do
|
|
|
|
|
log "Unmounting folder ${mountedfolders[idx]}"
|
|
|
|
|
umount -f "${mountedfolders[idx]}"
|
|
|
|
|
done
|
|
|
|
|
mountedfolders=()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function remove_memory_devices {
|
|
|
|
|
for f in "${memorydevices[@]}"; do
|
|
|
|
|
log "Removing memory device $f"
|
|
|
|
|
mdconfig -d -u "$f"
|
|
|
|
|
done
|
|
|
|
|
memorydevices=()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function main {
|
|
|
|
|
precheck
|
|
|
|
|
|
|
|
|
|
work_directory=$(mktemp -d -t dib)
|
|
|
|
|
mkdir "$DIR/work_directory"
|
|
|
|
|
work_directory="$DIR/work_directory"
|
|
|
|
|
# work_directory=$(mktemp -d -t dib)
|
|
|
|
|
folders+=("$work_directory")
|
|
|
|
|
|
|
|
|
|
download_directory="${work_directory}/downloads"
|
|
|
|
|
mkdir "$download_directory"
|
|
|
|
|
download_alpine
|
|
|
|
|
|
|
|
|
|
chroot="${work_directory}/chroot"
|
|
|
|
|
mkdir "$chroot"
|
|
|
|
|
image_directory="${work_directory}/images"
|
|
|
|
|
mount_directory="${work_directory}/mount"
|
|
|
|
|
mkdir "$image_directory" "$mount_directory"
|
|
|
|
|
image_file="$image_directory/dib.img"
|
|
|
|
|
make_image
|
|
|
|
|
|
|
|
|
|
chroot="${mount_directory}"
|
|
|
|
|
# mkdir "$chroot"
|
|
|
|
|
log "Building chroot in $chroot"
|
|
|
|
|
make_chroot
|
|
|
|
|
|
|
|
|
|
kill_gpg_agent
|
|
|
|
|
stop_jails
|
|
|
|
|
unmount_folders
|
|
|
|
|
remove_memory_devices
|
|
|
|
|
|
|
|
|
|
log "Copying final image to $DIR"
|
|
|
|
|
cp "$image_file" "$DIR"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
main
|
|
|
|
|
|
Tom Alexander
