From fb3f2c95990b4b0deaa1a3397a880841fe8f48fe Mon Sep 17 00:00:00 2001 From: "Lance R. Vick" Date: Tue, 25 Mar 2025 21:50:30 -0700 Subject: [PATCH] wip: iommu net --- Containerfile | 102 +++++++++++++++--- Makefile | 5 +- rootfs/.gnupg/gpg.conf | 1 - src/guest/config/syslinux.cfg | 8 ++ src/guest/rootfs/etc/default/dockerd | 1 + src/guest/rootfs/etc/docker/daemon.json | 7 ++ .../rootfs/etc/git/base-hooks/post-receive | 6 ++ .../rootfs/etc/git/base-hooks/pre-receive | 2 + src/guest/rootfs/etc/git/base-hooks/update | 3 + src/guest/rootfs/etc/group | 47 ++++++++ src/guest/rootfs/etc/hosts | 4 + src/guest/rootfs/etc/init.d/S01syslogd | 55 ++++++++++ src/guest/rootfs/etc/init.d/S02klogd | 55 ++++++++++ .../guest/rootfs}/etc/init.d/S02sysctl | 0 .../guest/rootfs}/etc/init.d/S03keymap | 0 src/guest/rootfs/etc/init.d/S06diskmount | 27 +++++ .../guest/rootfs}/etc/init.d/S10udev | 0 .../guest/rootfs}/etc/init.d/S20urandom | 0 src/guest/rootfs/etc/init.d/S42network | 13 +++ src/guest/rootfs/etc/init.d/S50sshd | 83 ++++++++++++++ src/guest/rootfs/etc/init.d/S60dockerd | 40 +++++++ {rootfs => src/guest/rootfs}/etc/init.d/rcK | 0 {rootfs => src/guest/rootfs}/etc/init.d/rcS | 0 src/guest/rootfs/etc/inittab | 56 ++++++++++ {rootfs => src/guest/rootfs}/etc/modules | 0 src/guest/rootfs/etc/passwd | 4 + src/guest/rootfs/etc/profile | 5 + src/guest/rootfs/etc/resolv.conf | 2 + src/guest/rootfs/etc/ssh/sshd_config | 4 + {rootfs => src/guest/rootfs}/init | 0 {config => src/host/config}/grub.cfg | 0 {config => src/host/config}/grub_early.cfg | 0 {config => src/host/config}/syslinux.cfg | 0 .../host/rootfs}/etc/init.d/S01syslogd | 0 .../host/rootfs}/etc/init.d/S02klogd | 0 .../host/rootfs}/etc/init.d/S02modules | 0 src/host/rootfs/etc/init.d/S02sysctl | 94 ++++++++++++++++ src/host/rootfs/etc/init.d/S03keymap | 22 ++++ .../rootfs}/etc/init.d/S04cbfs-key-import | 0 src/host/rootfs/etc/init.d/S10udev | 24 +++++ .../host/rootfs}/etc/init.d/S12pcscd | 0 src/host/rootfs/etc/init.d/S20urandom | 70 ++++++++++++ src/host/rootfs/etc/init.d/rcK | 27 +++++ src/host/rootfs/etc/init.d/rcS | 27 +++++ {rootfs => src/host/rootfs}/etc/inittab | 0 src/host/rootfs/etc/modules | 1 + {rootfs => src/host/rootfs}/etc/profile | 0 src/host/rootfs/init | 2 + .../usr/lib/udev/rules.d/sdcard-autorun.rules | 0 .../host/rootfs}/usr/local/bin/autorun | 0 50 files changed, 781 insertions(+), 16 deletions(-) delete mode 100644 rootfs/.gnupg/gpg.conf create mode 100644 src/guest/config/syslinux.cfg create mode 100644 src/guest/rootfs/etc/default/dockerd create mode 100644 src/guest/rootfs/etc/docker/daemon.json create mode 100755 src/guest/rootfs/etc/git/base-hooks/post-receive create mode 100755 src/guest/rootfs/etc/git/base-hooks/pre-receive create mode 100755 src/guest/rootfs/etc/git/base-hooks/update create mode 100644 src/guest/rootfs/etc/group create mode 100644 src/guest/rootfs/etc/hosts create mode 100755 src/guest/rootfs/etc/init.d/S01syslogd create mode 100755 src/guest/rootfs/etc/init.d/S02klogd rename {rootfs => src/guest/rootfs}/etc/init.d/S02sysctl (100%) rename {rootfs => src/guest/rootfs}/etc/init.d/S03keymap (100%) create mode 100755 src/guest/rootfs/etc/init.d/S06diskmount rename {rootfs => src/guest/rootfs}/etc/init.d/S10udev (100%) rename {rootfs => src/guest/rootfs}/etc/init.d/S20urandom (100%) create mode 100755 src/guest/rootfs/etc/init.d/S42network create mode 100755 src/guest/rootfs/etc/init.d/S50sshd create mode 100755 src/guest/rootfs/etc/init.d/S60dockerd rename {rootfs => src/guest/rootfs}/etc/init.d/rcK (100%) rename {rootfs => src/guest/rootfs}/etc/init.d/rcS (100%) create mode 100644 src/guest/rootfs/etc/inittab rename {rootfs => src/guest/rootfs}/etc/modules (100%) create mode 100644 src/guest/rootfs/etc/passwd create mode 100644 src/guest/rootfs/etc/profile create mode 100644 src/guest/rootfs/etc/resolv.conf create mode 100644 src/guest/rootfs/etc/ssh/sshd_config rename {rootfs => src/guest/rootfs}/init (100%) rename {config => src/host/config}/grub.cfg (100%) rename {config => src/host/config}/grub_early.cfg (100%) rename {config => src/host/config}/syslinux.cfg (100%) rename {rootfs => src/host/rootfs}/etc/init.d/S01syslogd (100%) rename {rootfs => src/host/rootfs}/etc/init.d/S02klogd (100%) rename {rootfs => src/host/rootfs}/etc/init.d/S02modules (100%) create mode 100755 src/host/rootfs/etc/init.d/S02sysctl create mode 100755 src/host/rootfs/etc/init.d/S03keymap rename {rootfs => src/host/rootfs}/etc/init.d/S04cbfs-key-import (100%) create mode 100755 src/host/rootfs/etc/init.d/S10udev rename {rootfs => src/host/rootfs}/etc/init.d/S12pcscd (100%) create mode 100755 src/host/rootfs/etc/init.d/S20urandom create mode 100755 src/host/rootfs/etc/init.d/rcK create mode 100755 src/host/rootfs/etc/init.d/rcS rename {rootfs => src/host/rootfs}/etc/inittab (100%) create mode 100644 src/host/rootfs/etc/modules rename {rootfs => src/host/rootfs}/etc/profile (100%) create mode 100755 src/host/rootfs/init rename {rootfs => src/host/rootfs}/usr/lib/udev/rules.d/sdcard-autorun.rules (100%) rename {rootfs => src/host/rootfs}/usr/local/bin/autorun (100%) diff --git a/Containerfile b/Containerfile index 58d7458..3ba5f91 100644 --- a/Containerfile +++ b/Containerfile @@ -31,7 +31,6 @@ FROM stagex/core-libunwind:sx2025.02.0@sha256:99e2574ace4f7dfa3d8bfc93ab69e1fd5f FROM stagex/user-libusb:sx2025.02.0@sha256:b78ca9194fdb8dfb7b7177d16a156fac21e6c9822a0c35a17841400bc1a27f68 AS user-libusb FROM stagex/user-libzbar:sx2025.02.0@sha256:44ad89a661bc395d6b49d89a0367846f7bee40b198780777c5c7b1b3c0d49a0e AS user-libzbar FROM stagex/core-libzstd:sx2025.02.0@sha256:23cd975a27e218c5398efd17e1f8c491d31969ab674d3468dbf8b75ba40611ad AS core-libzstd -FROM stagex/user-linux-airgap:sx2025.02.0@sha256:a2dbeace3ce085ba487e88b3968fea1ec29ce392f691d28c4b183e1ed9c0df4d AS user-linux-airgap FROM stagex/user-lzo:sx2025.02.0@sha256:b71c2944073f3fbc1fe543b9e4dfc4f59ec013a763a6209ded77b8f8bd0a33b4 AS user-lzo FROM stagex/user-mtools:sx2025.02.0@sha256:ea76e5f82f9833274a4438e9706779afd9b1c0b197c984c9d54c9887163ffb42 AS user-mtools FROM stagex/core-musl:sx2025.02.0@sha256:23d0614f60449015add2369959c89a6ea08e208302773b9a0811ce1195afc3a4 AS core-musl @@ -60,6 +59,10 @@ FROM stagex/user-util-linux:sx2025.02.0@sha256:bf03b1aaa92a3877f2d2a35d2c27cf453 FROM stagex/user-xorriso:sx2025.02.0@sha256:f3b9f1eebdbc6f2e62a9d4345abb87ea81219fc4afdbdc0412a8a2110282a1a1 AS user-xorriso FROM stagex/core-xz:sx2025.02.0@sha256:34824f16967f6bd8ecf24c320e36dfc9cd58d5746d3c524e1b896ebdf5a2e760 AS core-xz FROM stagex/user-yq:sx2025.02.0@sha256:e817e39f34a7417fd151b4fb9d0d21e21242fe8dc19c0e248677426f2e478cce AS user-yq +FROM stagex/user-edk2:sx2025.02.0@sha256:db24be51d35117d264dccfc44f0ca331f59d738083170cd9bb86b49a5c06abff AS user-edk2 +FROM stagex/core-ca-certificates:local AS core-ca-certificates +FROM stagex/user-linux-guest:local AS user-linux-guest +FROM stagex/user-linux-airgap:local AS user-linux-airgap FROM scratch AS base ARG VERSION development @@ -98,13 +101,69 @@ COPY --from=core-curl . / COPY --from=user-libtpms . / COPY --from=user-tpm2-tss . / COPY --from=user-tpm2-tools . / +COPY --from=user-edk2 . / + +FROM base AS build-guest +COPY --from=user-linux-guest /bzImage iso/boot/vmlinuz +COPY --from=core-busybox . initramfs +COPY --from=user-eudev . initramfs +COPY --from=core-musl . initramfs +COPY --from=core-zlib . initramfs +COPY --from=core-ca-certificates . initramfs +COPY src/guest/rootfs/ initramfs +RUN <<-EOF + set -eux + cd initramfs + mkdir -p home/git + chmod 755 home + chown -R 1000:1000 home/git + find . -exec touch -hcd "@0" "{}" + + find . -print0 \ + | sort -z \ + | cpio \ + --null \ + --create \ + --verbose \ + --reproducible \ + --format=newc \ + | gzip --best \ + > ../iso/boot/initramfs +EOF +COPY src/guest/config/syslinux.cfg iso/boot/syslinux/ +COPY --from=user-syslinux \ + /usr/share/syslinux/isohdpfx.bin \ + /usr/share/syslinux/isolinux.bin \ + /usr/share/syslinux/ldlinux.c32 \ + /usr/share/syslinux/libutil.c32 \ + /usr/share/syslinux/libcom32.c32 \ + /usr/share/syslinux/mboot.c32 \ + iso/boot/syslinux/ +ENV SOURCE_DATE_EPOCH=1 +RUN <<-EOF + set -eux + find iso -exec touch -hcd "@0" "{}" + + xorrisofs \ + -output guest.img \ + -full-iso9660-filenames \ + -joliet \ + -rational-rock \ + -sysid LINUX \ + -volid "repros" \ + -isohybrid-mbr iso/boot/syslinux/isohdpfx.bin \ + -eltorito-boot boot/syslinux/isolinux.bin \ + -eltorito-catalog boot/syslinux/boot.cat \ + -no-emul-boot \ + -boot-load-size 4 \ + -boot-info-table \ + -no-emul-boot \ + -isohybrid-gpt-basdat \ + -follow-links \ + iso/ +EOF FROM base AS build - -## Kernel COPY --from=user-linux-airgap /bzImage iso/boot/vmlinuz - -## Initramfs +COPY --from=build-guest /guest.img initramfs/ COPY --from=core-busybox . initramfs COPY --from=user-eudev . initramfs COPY --from=core-musl . initramfs @@ -135,17 +194,34 @@ COPY --from=user-nettle . initramfs COPY --from=user-opensc . initramfs COPY --from=user-util-linux . initramfs COPY --from=user-sops . initramfs -COPY --from=core-gcc /usr/lib/libgcc* initramfs/usr/lib/ +COPY --from=core-gcc /usr/lib/. initramfs/usr/lib/ COPY --from=core-sqlite3 . initramfs COPY --from=user-sdtool . initramfs RUN chmod +x initramfs/usr/bin/sdtool COPY --from=user-openpgp-card-tools . initramfs COPY --from=user-sequoia-sq . initramfs COPY --from=user-sequoia-sq-wot . initramfs +COPY --from=user-libslirp . initramfs +COPY --from=user-seabios . initramfs +COPY --from=user-ipxe . initramfs +COPY --from=user-glib . initramfs +COPY --from=user-numactl . initramfs +COPY --from=core-libzstd . initramfs +COPY --from=user-alsa-lib . initramfs +COPY --from=user-lzo . initramfs +COPY --from=user-dtc . initramfs +COPY --from=user-libaio . initramfs +COPY --from=user-libseccomp . initramfs +COPY --from=core-libffi . initramfs +COPY --from=core-libzstd . initramfs +COPY --from=user-libslirp . initramfs +COPY --from=user-seabios . initramfs +COPY --from=user-canokey-qemu . initramfs +COPY --from=user-qemu . initramfs COPY --from=user-libzbar . initramfs COPY --from=user-keyfork . initramfs COPY --from=user-icepick . initramfs -COPY rootfs/ initramfs +COPY src/host/rootfs/ initramfs COPY <<-EOF initramfs/etc/environment export VERSION="$VERSION" export GIT_TIMESTAMP="$GIT_TIMESTAMP" @@ -170,8 +246,8 @@ RUN <<-EOF EOF ## Grub (EFI Boot) -COPY config/grub.cfg iso/boot/grub/grub.cfg -COPY config/grub_early.cfg grub_early.cfg +COPY src/host/config/grub.cfg iso/boot/grub/grub.cfg +COPY src/host/config/grub_early.cfg grub_early.cfg RUN <<-EOF set -eux mkdir -p efi/boot @@ -203,7 +279,7 @@ RUN <<-EOF EOF ## Syslinux (BIOS Boot) -COPY config/syslinux.cfg iso/boot/syslinux/ +COPY src/host/config/syslinux.cfg iso/boot/syslinux/ COPY --from=user-syslinux \ /usr/share/syslinux/isohdpfx.bin \ /usr/share/syslinux/isolinux.bin \ @@ -213,8 +289,6 @@ COPY --from=user-syslinux \ /usr/share/syslinux/mboot.c32 \ iso/boot/syslinux/ -## Build Hybrid EFI/BIOS ISO -FROM build AS install ENV SOURCE_DATE_EPOCH=1 RUN <<-EOF set -eux @@ -253,5 +327,5 @@ RUN <<-EOF EOF FROM scratch AS package -COPY --from=install /sdcard.img / -COPY --from=install /airgap.iso / +COPY --from=build /sdcard.img / +COPY --from=build /airgap.iso / diff --git a/Makefile b/Makefile index bfc0f29..44633d0 100644 --- a/Makefile +++ b/Makefile @@ -60,7 +60,7 @@ vm: out/dev-shell.digest out/airgap.iso out/sdcard.img --tpm2 & \ qemu-system-x86_64 \ -m 4G \ - -machine pc \ + -machine q35,kernel-irqchip=split \ -chardev socket,id=chrtpm,path=vtpm-sock \ -usb -device canokey,file=/out/canokey-file \ -tpmdev emulator,id=tpm0,chardev=chrtpm \ @@ -70,6 +70,9 @@ vm: out/dev-shell.digest out/airgap.iso out/sdcard.img -device sd-card,drive=external \ -drive id=external,if=none,format=raw,file=out/sdcard.img \ -device usb-storage,drive=usbdrive \ + -device intel-iommu,intremap=on \ + -netdev user,id=net0 \ + -device e1000,netdev=net0 \ $(if $(filter $(EFI),true) ,\ -bios /usr/share/ovmf/OVMF.fd \ -drive id=boot$(,)if=virtio$(,)format=raw$(,)file=out/airgap.iso \ diff --git a/rootfs/.gnupg/gpg.conf b/rootfs/.gnupg/gpg.conf deleted file mode 100644 index 065d80c..0000000 --- a/rootfs/.gnupg/gpg.conf +++ /dev/null @@ -1 +0,0 @@ -pinentry-mode loopback diff --git a/src/guest/config/syslinux.cfg b/src/guest/config/syslinux.cfg new file mode 100644 index 0000000..20170fe --- /dev/null +++ b/src/guest/config/syslinux.cfg @@ -0,0 +1,8 @@ +TIMEOUT 2 +PROMPT -1 +DEFAULT ReprOS +LABEL ReprOS + MENU LABEL Linux ReprOS + KERNEL /boot/vmlinuz + INITRD /boot/initramfs + APPEND init=/init vga=normal console=ttyAMA0,115200 console=tty highres=off console=ttyS0 console=tty0 ro diff --git a/src/guest/rootfs/etc/default/dockerd b/src/guest/rootfs/etc/default/dockerd new file mode 100644 index 0000000..f3d18e3 --- /dev/null +++ b/src/guest/rootfs/etc/default/dockerd @@ -0,0 +1 @@ +export DOCKER_RAMDISK=true diff --git a/src/guest/rootfs/etc/docker/daemon.json b/src/guest/rootfs/etc/docker/daemon.json new file mode 100644 index 0000000..75c212f --- /dev/null +++ b/src/guest/rootfs/etc/docker/daemon.json @@ -0,0 +1,7 @@ +{ + "features": { + "containerd-snapshotter": true, + "buildkit": true + } +} + diff --git a/src/guest/rootfs/etc/git/base-hooks/post-receive b/src/guest/rootfs/etc/git/base-hooks/post-receive new file mode 100755 index 0000000..164b1e3 --- /dev/null +++ b/src/guest/rootfs/etc/git/base-hooks/post-receive @@ -0,0 +1,6 @@ +#!/bin/bash +set -eu +echo "hook -> post-receive" +while read oldrev newrev refname; do + git --work-tree=".." checkout -f "$newrev" +done diff --git a/src/guest/rootfs/etc/git/base-hooks/pre-receive b/src/guest/rootfs/etc/git/base-hooks/pre-receive new file mode 100755 index 0000000..585f80d --- /dev/null +++ b/src/guest/rootfs/etc/git/base-hooks/pre-receive @@ -0,0 +1,2 @@ +#!/bin/bash +echo "hook -> pre-receive" diff --git a/src/guest/rootfs/etc/git/base-hooks/update b/src/guest/rootfs/etc/git/base-hooks/update new file mode 100755 index 0000000..bd5e0e5 --- /dev/null +++ b/src/guest/rootfs/etc/git/base-hooks/update @@ -0,0 +1,3 @@ +#!/bin/bash + +echo "Firing update hook" diff --git a/src/guest/rootfs/etc/group b/src/guest/rootfs/etc/group new file mode 100644 index 0000000..6570d3a --- /dev/null +++ b/src/guest/rootfs/etc/group @@ -0,0 +1,47 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7:lp +mem:x:8: +kmem:x:9: +wheel:x:10:root +floppy:x:11:root +mail:x:12:mail +news:x:13:news +uucp:x:14:uucp +man:x:15:man +cron:x:16:cron +console:x:17: +audio:x:18: +cdrom:x:19: +dialout:x:20:root +ftp:x:21: +sshd:x:22: +input:x:23: +at:x:25:at +tape:x:26:root +video:x:27:root +netdev:x:28: +readproc:x:30: +squid:x:31:squid +xfs:x:33:xfs +kvm:x:34:kvm +games:x:35: +shadow:x:42: +cdrw:x:80: +www-data:x:82: +usb:x:85: +vpopmail:x:89: +users:x:100:games +ntp:x:123: +nofiles:x:200: +smmsp:x:209:smmsp +locate:x:245: +abuild:x:300: +utmp:x:406: +ping:x:999: +git:x:1000: diff --git a/src/guest/rootfs/etc/hosts b/src/guest/rootfs/etc/hosts new file mode 100644 index 0000000..9b1a20a --- /dev/null +++ b/src/guest/rootfs/etc/hosts @@ -0,0 +1,4 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback repros +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters diff --git a/src/guest/rootfs/etc/init.d/S01syslogd b/src/guest/rootfs/etc/init.d/S01syslogd new file mode 100755 index 0000000..d331993 --- /dev/null +++ b/src/guest/rootfs/etc/init.d/S01syslogd @@ -0,0 +1,55 @@ +#!/bin/sh + +DAEMON="syslogd" +PIDFILE="/var/run/$DAEMON.pid" + +SYSLOGD_ARGS="" + +# shellcheck source=/dev/null +[ -r "/etc/default/$DAEMON" ] && . "/etc/default/$DAEMON" + +# BusyBox' syslogd does not create a pidfile, so pass "-n" in the command line +# and use "-m" to instruct start-stop-daemon to create one. +start() { + printf 'Starting %s: ' "$DAEMON" + # shellcheck disable=SC2086 # we need the word splitting + start-stop-daemon -b -m -S -q -p "$PIDFILE" -x "/bin/$DAEMON" \ + -- -n $SYSLOGD_ARGS + status=$? + if [ "$status" -eq 0 ]; then + echo "OK" + else + echo "FAIL" + fi + return "$status" +} + +stop() { + printf 'Stopping %s: ' "$DAEMON" + start-stop-daemon -K -q -p "$PIDFILE" + status=$? + if [ "$status" -eq 0 ]; then + rm -f "$PIDFILE" + echo "OK" + else + echo "FAIL" + fi + return "$status" +} + +restart() { + stop + sleep 1 + start +} + +case "$1" in + start|stop|restart) + "$1";; + reload) + # Restart, since there is no true "reload" feature. + restart;; + *) + echo "Usage: $0 {start|stop|restart|reload}" + exit 1 +esac diff --git a/src/guest/rootfs/etc/init.d/S02klogd b/src/guest/rootfs/etc/init.d/S02klogd new file mode 100755 index 0000000..85246f1 --- /dev/null +++ b/src/guest/rootfs/etc/init.d/S02klogd @@ -0,0 +1,55 @@ +#!/bin/sh + +DAEMON="klogd" +PIDFILE="/var/run/$DAEMON.pid" + +KLOGD_ARGS="" + +# shellcheck source=/dev/null +[ -r "/etc/default/$DAEMON" ] && . "/etc/default/$DAEMON" + +# BusyBox' klogd does not create a pidfile, so pass "-n" in the command line +# and use "-m" to instruct start-stop-daemon to create one. +start() { + printf 'Starting %s: ' "$DAEMON" + # shellcheck disable=SC2086 # we need the word splitting + start-stop-daemon -b -m -S -q -p "$PIDFILE" -x "/bin/$DAEMON" \ + -- -n $KLOGD_ARGS + status=$? + if [ "$status" -eq 0 ]; then + echo "OK" + else + echo "FAIL" + fi + return "$status" +} + +stop() { + printf 'Stopping %s: ' "$DAEMON" + start-stop-daemon -K -q -p "$PIDFILE" + status=$? + if [ "$status" -eq 0 ]; then + rm -f "$PIDFILE" + echo "OK" + else + echo "FAIL" + fi + return "$status" +} + +restart() { + stop + sleep 1 + start +} + +case "$1" in + start|stop|restart) + "$1";; + reload) + # Restart, since there is no true "reload" feature. + restart;; + *) + echo "Usage: $0 {start|stop|restart|reload}" + exit 1 +esac diff --git a/rootfs/etc/init.d/S02sysctl b/src/guest/rootfs/etc/init.d/S02sysctl similarity index 100% rename from rootfs/etc/init.d/S02sysctl rename to src/guest/rootfs/etc/init.d/S02sysctl diff --git a/rootfs/etc/init.d/S03keymap b/src/guest/rootfs/etc/init.d/S03keymap similarity index 100% rename from rootfs/etc/init.d/S03keymap rename to src/guest/rootfs/etc/init.d/S03keymap diff --git a/src/guest/rootfs/etc/init.d/S06diskmount b/src/guest/rootfs/etc/init.d/S06diskmount new file mode 100755 index 0000000..9c00254 --- /dev/null +++ b/src/guest/rootfs/etc/init.d/S06diskmount @@ -0,0 +1,27 @@ +#!/bin/sh + +case "${1}" in + start) + cache_drive="$( \ + lsblk --fs --json \ + | jq -r ' .blockdevices[]? | select(.label == "cache" ) | .name' \ + )" + if [[ ! -z "$cache_drive" ]]; then + mkdir -p /rw \ + && mount /dev/${cache_drive} /rw \ + && mkdir -p /rw/docker /var/lib/docker /rw/git \ + && mount -o bind /rw/docker /var/lib/docker \ + && mount -o bind /rw/git /home/git \ + && chown -R git:git /home/git + if [ $? -eq 0 ]; then + echo "OK" + else + echo "FAIL" + fi + fi + ;; + *) + echo "Usage: ${0} {start}" + exit 1 + ;; +esac diff --git a/rootfs/etc/init.d/S10udev b/src/guest/rootfs/etc/init.d/S10udev similarity index 100% rename from rootfs/etc/init.d/S10udev rename to src/guest/rootfs/etc/init.d/S10udev diff --git a/rootfs/etc/init.d/S20urandom b/src/guest/rootfs/etc/init.d/S20urandom similarity index 100% rename from rootfs/etc/init.d/S20urandom rename to src/guest/rootfs/etc/init.d/S20urandom diff --git a/src/guest/rootfs/etc/init.d/S42network b/src/guest/rootfs/etc/init.d/S42network new file mode 100755 index 0000000..78d952e --- /dev/null +++ b/src/guest/rootfs/etc/init.d/S42network @@ -0,0 +1,13 @@ +#!/bin/sh + +case "${1}" in + start) + ip addr add 172.16.0.2/29 dev eth0 + ifconfig eth0 up + ip route add default via 172.16.0.1 + ;; + *) + echo "Usage: ${0} {start}" + exit 1 + ;; +esac diff --git a/src/guest/rootfs/etc/init.d/S50sshd b/src/guest/rootfs/etc/init.d/S50sshd new file mode 100755 index 0000000..7e5ccf0 --- /dev/null +++ b/src/guest/rootfs/etc/init.d/S50sshd @@ -0,0 +1,83 @@ +#!/bin/sh +# +# sshd Starts sshd. +# + +DAEMON="sshd" +PIDFILE="/var/run/$DAEMON.pid" + +# Make sure the ssh-keygen program exists +[ -f /usr/bin/ssh-keygen ] || exit 0 + +umask 077 + +start() { + # Create any missing keys + /usr/bin/ssh-keygen -A + + printf "Starting %s: " "$DAEMON" + start-stop-daemon --start --pidfile "$PIDFILE" \ + --exec "/usr/sbin/$DAEMON" + status=$? + if [ "$status" -eq 0 ]; then + echo "OK" + else + echo "FAIL" + fi + return "$status" +} + +stop() { + printf "Stopping sshd: " + start-stop-daemon --stop --pidfile "$PIDFILE" \ + --exec "/usr/sbin/$DAEMON" + status=$? + if [ "$status" -eq 0 ]; then + echo "OK" + else + echo "FAIL" + fi + # sshd deletes its PID file on exit, wait for it to be gone + while [ -f "$PIDFILE" ]; do + sleep 0.1 + done + return "$status" +} + +restart() { + stop + start +} + +reload() { + printf "Reloading sshd config: " + start-stop-daemon --stop --signal HUP -q --pidfile "$PIDFILE" \ + --exec "/usr/sbin/$DAEMON" + status=$? + if [ "$status" -eq 0 ]; then + echo "OK" + else + echo "FAIL" + fi + return "$status" +} + +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart) + restart + ;; + reload) + reload + ;; + *) + echo "Usage: $0 {start|stop|restart|reload}" + exit 1 +esac + +exit $? diff --git a/src/guest/rootfs/etc/init.d/S60dockerd b/src/guest/rootfs/etc/init.d/S60dockerd new file mode 100755 index 0000000..173e680 --- /dev/null +++ b/src/guest/rootfs/etc/init.d/S60dockerd @@ -0,0 +1,40 @@ +#!/bin/sh + +NAME=dockerd +DAEMON=/usr/bin/$NAME +PIDFILE=/var/run/$NAME.pid +DAEMON_ARGS="" + +[ -r /etc/default/$NAME ] && . /etc/default/$NAME $1 + +do_start() { + echo -n "Starting $NAME: " + start-stop-daemon --start --quiet --background --make-pidfile \ + --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_ARGS \ + && echo "OK" || echo "FAIL" + until [ -S /var/run/docker.sock ];do sleep 0.1; done + chown -R git:git /var/run/docker.sock +} + +do_stop() { + echo -n "Stopping $NAME: " + start-stop-daemon --stop --quiet --pidfile $PIDFILE \ + && echo "OK" || echo "FAIL" +} + +case "$1" in + start) + do_start + ;; + stop) + do_stop + ;; + restart) + do_stop + sleep 1 + do_start + ;; + *) + echo "Usage: $0 {start|stop|restart}" + exit 1 +esac diff --git a/rootfs/etc/init.d/rcK b/src/guest/rootfs/etc/init.d/rcK similarity index 100% rename from rootfs/etc/init.d/rcK rename to src/guest/rootfs/etc/init.d/rcK diff --git a/rootfs/etc/init.d/rcS b/src/guest/rootfs/etc/init.d/rcS similarity index 100% rename from rootfs/etc/init.d/rcS rename to src/guest/rootfs/etc/init.d/rcS diff --git a/src/guest/rootfs/etc/inittab b/src/guest/rootfs/etc/inittab new file mode 100644 index 0000000..f478bfe --- /dev/null +++ b/src/guest/rootfs/etc/inittab @@ -0,0 +1,56 @@ +# /etc/inittab + +# Format for each entry: ::: +# +# id == tty to run on, or empty for /dev/console +# runlevels == ignored +# action == one of sysinit, respawn, askfirst, wait, and once +# process == program to run + +# Startup the system +::sysinit:/bin/mount -t devtmpfs devtmpfs /dev +::sysinit:/bin/mkdir -p /proc /run /dev/pts /dev/shm /sys +::sysinit:/bin/mount -t sysfs sysfs /sys +::sysinit:/bin/mount -t devpts devpts /dev/pts +::sysinit:/bin/mount -t cgroup cgroup /sys/fs/cgroup +::sysinit:/bin/mount -t proc proc /proc +::sysinit:/bin/mount -o remount,rw / +::sysinit:/bin/mkdir /var/log +::sysinit:/bin/chmod 755 /home +::sysinit:/bin/chown -R 1000:1000 /home/git +::sysinit:/bin/hostname -F /etc/hostname +null::sysinit:/bin/ln -sf /proc/self/fd /dev/fd +null::sysinit:/bin/ln -sf /proc/self/fd/0 /dev/stdin +null::sysinit:/bin/ln -sf /proc/self/fd/1 /dev/stdout +null::sysinit:/bin/ln -sf /proc/self/fd/2 /dev/stderr + +# Stuff to do for the 3-finger salute +::ctrlaltdel:/usr/bin/reboot + +# now run any rc scripts +::sysinit:/etc/init.d/rcS + +# Spawn shells on serial terminal and default console +::respawn:-/usr/bin/login -f root +ttyS0::respawn:-/usr/bin/login -f root + +# Stuff to do before rebooting +::shutdown:/etc/init.d/rcK +::shutdown:/bin/umount -a -r +::sysinit:/bin/hostname -F /etc/hostname +null::sysinit:/bin/ln -sf /proc/self/fd /dev/fd +null::sysinit:/bin/ln -sf /proc/self/fd/0 /dev/stdin +null::sysinit:/bin/ln -sf /proc/self/fd/1 /dev/stdout +null::sysinit:/bin/ln -sf /proc/self/fd/2 /dev/stderr +# now run any rc scripts +::sysinit:/etc/init.d/rcS + +# Put a getty on the serial port +ttyS0::respawn:-/usr/bin/login -f root + +# Stuff to do for the 3-finger salute +#::ctrlaltdel:/sbin/reboot + +# Stuff to do before rebooting +::shutdown:/etc/init.d/rcK +::shutdown:/bin/umount -a -r diff --git a/rootfs/etc/modules b/src/guest/rootfs/etc/modules similarity index 100% rename from rootfs/etc/modules rename to src/guest/rootfs/etc/modules diff --git a/src/guest/rootfs/etc/passwd b/src/guest/rootfs/etc/passwd new file mode 100644 index 0000000..19f1e64 --- /dev/null +++ b/src/guest/rootfs/etc/passwd @@ -0,0 +1,4 @@ +root::0:0:root:/root:/bin/sh +sshd:x:22:22:sshd:/dev/null:/sbin/nologin +git::1000:1000::/home/git:/bin/git-shell +nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin diff --git a/src/guest/rootfs/etc/profile b/src/guest/rootfs/etc/profile new file mode 100644 index 0000000..8ecac5d --- /dev/null +++ b/src/guest/rootfs/etc/profile @@ -0,0 +1,5 @@ +export EDITOR=/bin/vi +export PATH="/usr/local/bin:/bin:/sbin:/usr/bin:/usr/sbin" +export PS1="[\h \t] \\$ " +export GNUPGHOME=/.gnupg +cd /root diff --git a/src/guest/rootfs/etc/resolv.conf b/src/guest/rootfs/etc/resolv.conf new file mode 100644 index 0000000..bb27186 --- /dev/null +++ b/src/guest/rootfs/etc/resolv.conf @@ -0,0 +1,2 @@ +nameserver 1.1.1.1 +nameserver 8.8.8.8 diff --git a/src/guest/rootfs/etc/ssh/sshd_config b/src/guest/rootfs/etc/ssh/sshd_config new file mode 100644 index 0000000..c81e7dc --- /dev/null +++ b/src/guest/rootfs/etc/ssh/sshd_config @@ -0,0 +1,4 @@ +PubkeyAuthentication no +PermitEmptyPasswords yes +PermitRootLogin yes +SubSystem sftp /usr/lib/ssh/sftp-server diff --git a/rootfs/init b/src/guest/rootfs/init similarity index 100% rename from rootfs/init rename to src/guest/rootfs/init diff --git a/config/grub.cfg b/src/host/config/grub.cfg similarity index 100% rename from config/grub.cfg rename to src/host/config/grub.cfg diff --git a/config/grub_early.cfg b/src/host/config/grub_early.cfg similarity index 100% rename from config/grub_early.cfg rename to src/host/config/grub_early.cfg diff --git a/config/syslinux.cfg b/src/host/config/syslinux.cfg similarity index 100% rename from config/syslinux.cfg rename to src/host/config/syslinux.cfg diff --git a/rootfs/etc/init.d/S01syslogd b/src/host/rootfs/etc/init.d/S01syslogd similarity index 100% rename from rootfs/etc/init.d/S01syslogd rename to src/host/rootfs/etc/init.d/S01syslogd diff --git a/rootfs/etc/init.d/S02klogd b/src/host/rootfs/etc/init.d/S02klogd similarity index 100% rename from rootfs/etc/init.d/S02klogd rename to src/host/rootfs/etc/init.d/S02klogd diff --git a/rootfs/etc/init.d/S02modules b/src/host/rootfs/etc/init.d/S02modules similarity index 100% rename from rootfs/etc/init.d/S02modules rename to src/host/rootfs/etc/init.d/S02modules diff --git a/src/host/rootfs/etc/init.d/S02sysctl b/src/host/rootfs/etc/init.d/S02sysctl new file mode 100755 index 0000000..85d9ed5 --- /dev/null +++ b/src/host/rootfs/etc/init.d/S02sysctl @@ -0,0 +1,94 @@ +#!/bin/sh +# +# This script is used by busybox and procps-ng. +# +# With procps-ng, the "--system" option of sysctl also enables "--ignore", so +# errors are not reported via syslog. Use the run_logger function to mimic the +# --system behavior, still reporting errors via syslog. Users not interested +# on error reports can add "-e" to SYSCTL_ARGS. +# +# busybox does not have a "--system" option neither reports errors via syslog, +# so the scripting provides a consistent behavior between the implementations. +# Testing the busybox sysctl exit code is fruitless, as at the moment, since +# its exit status is zero even if errors happen. Hopefully this will be fixed +# in a future busybox version. + +PROGRAM="sysctl" + +SYSCTL_ARGS="" + +# shellcheck source=/dev/null +[ -r "/etc/default/$PROGRAM" ] && . "/etc/default/$PROGRAM" + +# Files are read from directories in the SYSCTL_SOURCES list, in the given +# order. A file may be used more than once, since there can be multiple +# symlinks to it. No attempt is made to prevent this. +SYSCTL_SOURCES="/etc/sysctl.d/ /usr/local/lib/sysctl.d/ /usr/lib/sysctl.d/ /lib/sysctl.d/ /etc/sysctl.conf" + +# If the logger utility is available all messages are sent to syslog, except +# for the final status. The file redirections do the following: +# +# - stdout is redirected to syslog with facility.level "kern.info" +# - stderr is redirected to syslog with facility.level "kern.err" +# - file dscriptor 4 is used to pass the result to the "start" function. +# +run_logger() { + # shellcheck disable=SC2086 # we need the word splitting + find $SYSCTL_SOURCES -maxdepth 1 -name '*.conf' -print0 2> /dev/null | \ + xargs -0 -r -n 1 readlink -f | { + prog_status="OK" + while :; do + read -r file || { + echo "$prog_status" >&4 + break + } + echo "* Applying $file ..." + /sbin/sysctl -p "$file" $SYSCTL_ARGS || prog_status="FAIL" + done 2>&1 >&3 | /usr/bin/logger -t sysctl -p kern.err + } 3>&1 | /usr/bin/logger -t sysctl -p kern.info +} + +# If logger is not available all messages are sent to stdout/stderr. +run_std() { + # shellcheck disable=SC2086 # we need the word splitting + find $SYSCTL_SOURCES -maxdepth 1 -name '*.conf' -print0 2> /dev/null | \ + xargs -0 -r -n 1 readlink -f | { + prog_status="OK" + while :; do + read -r file || { + echo "$prog_status" >&4 + break + } + echo "* Applying $file ..." + /sbin/sysctl -p "$file" $SYSCTL_ARGS || prog_status="FAIL" + done + } +} + +if [ -x /usr/bin/logger ]; then + run_program="run_logger" +else + run_program="run_std" +fi + +start() { + printf '%s %s: ' "$1" "$PROGRAM" + status=$("$run_program" 4>&1) + echo "$status" + if [ "$status" = "OK" ]; then + return 0 + fi + return 1 +} + +case "$1" in + start) + start "Running";; + restart|reload) + start "Rerunning";; + stop) + :;; + *) + echo "Usage: $0 {start|stop|restart|reload}" + exit 1 +esac diff --git a/src/host/rootfs/etc/init.d/S03keymap b/src/host/rootfs/etc/init.d/S03keymap new file mode 100755 index 0000000..c84b376 --- /dev/null +++ b/src/host/rootfs/etc/init.d/S03keymap @@ -0,0 +1,22 @@ +#!/bin/sh + +case "${1}" in + start) + keymap="$( \ + awk -F 'keymap=' '{sub(/ .*$/, "", $2); print $2}' /proc/cmdline \ + )" + if [[ ! -z "$keymap" ]]; then + printf 'Loading Keymap %s: ' "${keymap}" + loadkeys "$keymap" + if [ $? -eq 0 ]; then + echo "OK" + else + echo "FAIL" + fi + fi + ;; + *) + echo "Usage: ${0} {start}" + exit 1 + ;; +esac diff --git a/rootfs/etc/init.d/S04cbfs-key-import b/src/host/rootfs/etc/init.d/S04cbfs-key-import similarity index 100% rename from rootfs/etc/init.d/S04cbfs-key-import rename to src/host/rootfs/etc/init.d/S04cbfs-key-import diff --git a/src/host/rootfs/etc/init.d/S10udev b/src/host/rootfs/etc/init.d/S10udev new file mode 100755 index 0000000..cf7dce9 --- /dev/null +++ b/src/host/rootfs/etc/init.d/S10udev @@ -0,0 +1,24 @@ +#!/bin/sh + +case "$1" in + start) + printf "Populating %s using udev: " "${udev_root:-/dev}" + [ -e /proc/sys/kernel/hotplug ] && printf '\000\000\000\000' > /proc/sys/kernel/hotplug + /sbin/udevd -d || { echo "FAIL"; exit 1; } + udevadm trigger --type=subsystems --action=add + udevadm trigger --type=devices --action=add + udevadm settle --timeout=30 || echo "udevadm settle failed" + echo "done" + ;; + stop) + # Stop execution of events + udevadm control --stop-exec-queue + killall udevd + ;; + *) + echo "Usage: $0 {start|stop}" + exit 1 + ;; +esac + +exit 0 diff --git a/rootfs/etc/init.d/S12pcscd b/src/host/rootfs/etc/init.d/S12pcscd similarity index 100% rename from rootfs/etc/init.d/S12pcscd rename to src/host/rootfs/etc/init.d/S12pcscd diff --git a/src/host/rootfs/etc/init.d/S20urandom b/src/host/rootfs/etc/init.d/S20urandom new file mode 100755 index 0000000..6c6aea9 --- /dev/null +++ b/src/host/rootfs/etc/init.d/S20urandom @@ -0,0 +1,70 @@ +#! /bin/sh +# +# Preserve the random seed between reboots. See urandom(4). +# + +# Quietly do nothing if /dev/urandom does not exist +[ -c /dev/urandom ] || exit 0 + +URANDOM_SEED="/var/lib/random-seed" + +# shellcheck source=/dev/null +[ -r "/etc/default/urandom" ] && . "/etc/default/urandom" + +if pool_bits=$(cat /proc/sys/kernel/random/poolsize 2> /dev/null); then + pool_size=$((pool_bits/8)) +else + pool_size=512 +fi + +init_rng() { + [ -f "$URANDOM_SEED" ] || return 0 + printf 'Initializing random number generator: ' + dd if="$URANDOM_SEED" bs="$pool_size" of=/dev/urandom count=1 2> /dev/null + status=$? + if [ "$status" -eq 0 ]; then + echo "OK" + else + echo "FAIL" + fi + return "$status" +} + +save_random_seed() { + printf 'Saving random seed: ' + status=1 + if touch "$URANDOM_SEED.new" 2> /dev/null; then + old_umask=$(umask) + umask 077 + dd if=/dev/urandom of="$URANDOM_SEED.tmp" bs="$pool_size" count=1 2> /dev/null + cat "$URANDOM_SEED" "$URANDOM_SEED.tmp" 2>/dev/null \ + | sha256sum \ + | cut -d ' ' -f 1 > "$URANDOM_SEED.new" && \ + mv "$URANDOM_SEED.new" "$URANDOM_SEED" && status=0 + rm -f "$URANDOM_SEED.tmp" + umask "$old_umask" + if [ "$status" -eq 0 ]; then + echo "OK" + else + echo "FAIL" + fi + + else + echo "SKIP (read-only file system detected)" + fi + return "$status" +} + +case "$1" in + start|restart|reload) + # Carry a random seed from start-up to start-up + # Load and then save the whole entropy pool + init_rng && save_random_seed;; + stop) + # Carry a random seed from shut-down to start-up + # Save the whole entropy pool + save_random_seed;; + *) + echo "Usage: $0 {start|stop|restart|reload}" + exit 1 +esac diff --git a/src/host/rootfs/etc/init.d/rcK b/src/host/rootfs/etc/init.d/rcK new file mode 100755 index 0000000..59e9c54 --- /dev/null +++ b/src/host/rootfs/etc/init.d/rcK @@ -0,0 +1,27 @@ +#!/bin/sh + + +# Stop all init scripts in /etc/init.d +# executing them in reversed numerical order. +# +for i in $(ls -r /etc/init.d/S??*) ;do + + # Ignore dangling symlinks (if any). + [ ! -f "$i" ] && continue + + case "$i" in + *.sh) + # Source shell script for speed. + ( + trap - INT QUIT TSTP + set stop + . $i + ) + ;; + *) + # No sh extension, so fork subprocess. + $i stop + ;; + esac +done + diff --git a/src/host/rootfs/etc/init.d/rcS b/src/host/rootfs/etc/init.d/rcS new file mode 100755 index 0000000..de41153 --- /dev/null +++ b/src/host/rootfs/etc/init.d/rcS @@ -0,0 +1,27 @@ +#!/bin/sh + + +# Start all init scripts in /etc/init.d +# executing them in numerical order. +# +for i in /etc/init.d/S??* ;do + + # Ignore dangling symlinks (if any). + [ ! -f "$i" ] && continue + + case "$i" in + *.sh) + # Source shell script for speed. + ( + trap - INT QUIT TSTP + set start + . $i + ) + ;; + *) + # No sh extension, so fork subprocess. + $i start + ;; + esac +done + diff --git a/rootfs/etc/inittab b/src/host/rootfs/etc/inittab similarity index 100% rename from rootfs/etc/inittab rename to src/host/rootfs/etc/inittab diff --git a/src/host/rootfs/etc/modules b/src/host/rootfs/etc/modules new file mode 100644 index 0000000..03e2c07 --- /dev/null +++ b/src/host/rootfs/etc/modules @@ -0,0 +1 @@ +i915 diff --git a/rootfs/etc/profile b/src/host/rootfs/etc/profile similarity index 100% rename from rootfs/etc/profile rename to src/host/rootfs/etc/profile diff --git a/src/host/rootfs/init b/src/host/rootfs/init new file mode 100755 index 0000000..15bd0d1 --- /dev/null +++ b/src/host/rootfs/init @@ -0,0 +1,2 @@ +#!/bin/sh +exec /bin/init diff --git a/rootfs/usr/lib/udev/rules.d/sdcard-autorun.rules b/src/host/rootfs/usr/lib/udev/rules.d/sdcard-autorun.rules similarity index 100% rename from rootfs/usr/lib/udev/rules.d/sdcard-autorun.rules rename to src/host/rootfs/usr/lib/udev/rules.d/sdcard-autorun.rules diff --git a/rootfs/usr/local/bin/autorun b/src/host/rootfs/usr/local/bin/autorun similarity index 100% rename from rootfs/usr/local/bin/autorun rename to src/host/rootfs/usr/local/bin/autorun