initial commit

This commit is contained in:
Ryan Heywood 2024-01-31 01:51:17 -05:00
commit 35721b5dca
Signed by: ryan
GPG Key ID: 8E401478A3FBEF72
30 changed files with 413 additions and 0 deletions

1
.dockerignore Normal file
View File

@ -0,0 +1 @@
output

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
out
*.swp

8
Dockerfile Normal file
View File

@ -0,0 +1,8 @@
FROM archlinux
RUN pacman -Syu --noconfirm archiso
ADD configs /configs
WORKDIR /
ENTRYPOINT ["/usr/bin/bash", "-x", "/usr/bin/mkarchiso", "-v", "-w", "/work", "-o", "/out"]
CMD "/usr/share/archiso/configs/baseline"

14
Makefile Normal file
View File

@ -0,0 +1,14 @@
# Known configs:
# * airgap
.PHONY: default
default: out/archlinux-baseline-arch-airgap-x86_64.iso
out/archlinux-baseline-arch-%-x86_64.iso: configs/%
$(MAKE) docker-airgap-builder
mkdir -p out
docker run --rm --privileged --volume "$(PWD)/out:/out" airgap-builder $<
.PHONY: docker-airgap-builder
docker-airgap-builder:
docker build -t airgap-builder .

21
README.md Normal file
View File

@ -0,0 +1,21 @@
# Airgap NG
A slim version of Arch Linux intended to run on airgapped (always-offline)
systems. The builder runs in Docker using privileged mode.
## Building
The default target is the `airgap` image, but a different one can be specified.
```sh
config="airgap"
make "out/archlinux-baseline-arch-${config}-x86_64.iso"
```
## Flashing
Assuming your block device is `/dev/sdb`:
```
pv < out/archlinux-baseline-arch-airgap-x86_64.iso | sudo dd of=/dev/sdb
```

View File

@ -0,0 +1 @@
LANG=C.UTF-8

View File

@ -0,0 +1 @@
/usr/share/zoneinfo/UTC

View File

@ -0,0 +1 @@
HOOKS=(base udev modconf archiso block filesystems)

View File

@ -0,0 +1,8 @@
# mkinitcpio preset file for the 'linux' package on archiso
PRESETS=('archiso')
ALL_kver='/boot/vmlinuz-linux'
archiso_config='/etc/mkinitcpio.conf.d/archiso.conf'
archiso_image="/boot/initramfs-linux.img"

View File

@ -0,0 +1 @@
root::14871::::::

View File

@ -0,0 +1 @@
kernel.printk = 0 0 0 0

View File

@ -0,0 +1,2 @@
[Network]
IPv6PrivacyExtensions=yes

View File

@ -0,0 +1,13 @@
[Match]
# Matching with "Type=ether" causes issues with containers because it also matches virtual Ethernet interfaces (veth*).
# See https://bugs.archlinux.org/task/70892
# Instead match by globbing the network interface name.
Name=en*
Name=eth*
[Link]
RequiredForOnline=routable
[Network]
DHCP=yes
MulticastDNS=yes

View File

@ -0,0 +1,4 @@
# Default systemd-resolved configuration for archiso
[Resolve]
MulticastDNS=yes

View File

@ -0,0 +1 @@
/usr/lib/systemd/system/systemd-networkd.service

View File

@ -0,0 +1 @@
/usr/lib/systemd/system/systemd-resolved.service

View File

@ -0,0 +1 @@
/usr/lib/systemd/system/systemd-networkd-wait-online.service

View File

@ -0,0 +1 @@
/usr/lib/systemd/system/systemd-networkd.socket

View File

@ -0,0 +1,6 @@
# Allow systemd-networkd-wait-online to succeed with one interface, otherwise, if multiple network interfaces exist,
# network-online.target gets needlessly delayed.
# See https://wiki.archlinux.org/title/systemd-networkd#systemd-networkd-wait-online
[Service]
ExecStart=
ExecStart=/usr/lib/systemd/systemd-networkd-wait-online --any

View File

@ -0,0 +1,2 @@
arch-install-scripts
base

View File

@ -0,0 +1,4 @@
title Airgap Arch Linux (x86_64, UEFI)
linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux
initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
options archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID%

View File

@ -0,0 +1,2 @@
timeout 3
default 01-archiso-x86_64-linux.conf

View File

@ -0,0 +1,105 @@
# Load partition table and file system modules
insmod part_gpt
insmod part_msdos
insmod fat
insmod iso9660
insmod ntfs
insmod ntfscomp
insmod exfat
insmod udf
# Use graphics-mode output
if loadfont "${prefix}/fonts/unicode.pf2" ; then
insmod all_video
set gfxmode="auto"
terminal_input console
terminal_output console
fi
# Enable serial console
insmod serial
insmod usbserial_common
insmod usbserial_ftdi
insmod usbserial_pl2303
insmod usbserial_usbdebug
if serial --unit=0 --speed=115200; then
terminal_input --append serial
terminal_output --append serial
fi
# Search for the ISO volume
if [ -z "${ARCHISO_UUID}" ]; then
if [ -z "${ARCHISO_HINT}" ]; then
regexp --set=1:ARCHISO_HINT '^\(([^)]+)\)' "${cmdpath}"
fi
search --no-floppy --set=root --file '%ARCHISO_SEARCH_FILENAME%' --hint "${ARCHISO_HINT}"
probe --set ARCHISO_UUID --fs-uuid "${root}"
fi
# Get a human readable platform identifier
if [ "${grub_platform}" == 'efi' ]; then
archiso_platform='UEFI'
if [ "${grub_cpu}" == 'x86_64' ]; then
archiso_platform="x64 ${archiso_platform}"
elif [ "${grub_cpu}" == 'i386' ]; then
archiso_platform="IA32 ${archiso_platform}"
else
archiso_platform="${grub_cpu} ${archiso_platform}"
fi
elif [ "${grub_platform}" == 'pc' ]; then
archiso_platform='BIOS'
else
archiso_platform="${grub_cpu} ${grub_platform}"
fi
# Set default menu entry
default=archlinux
timeout=15
timeout_style=menu
# Menu entries
menuentry "Airgap Arch Linux (%ARCH%, ${archiso_platform})" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' {
set gfxpayload=keep
linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisodevice=UUID=${ARCHISO_UUID}
initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img
}
if [ "${grub_platform}" == 'efi' -a "${grub_cpu}" == 'x86_64' -a -f '/boot/memtest86+/memtest.efi' ]; then
menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class gnu --class tool {
set gfxpayload=800x600,1024x768
linux /boot/memtest86+/memtest.efi
}
fi
if [ "${grub_platform}" == 'pc' -a -f '/boot/memtest86+/memtest' ]; then
menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class gnu --class tool {
set gfxpayload=800x600,1024x768
linux /boot/memtest86+/memtest
}
fi
if [ "${grub_platform}" == 'efi' ]; then
if [ "${grub_cpu}" == 'x86_64' -a -f '/shellx64.efi' ]; then
menuentry 'UEFI Shell' {
chainloader /shellx64.efi
}
elif [ "${grub_cpu}" == "i386" -a -f '/shellia32.efi' ]; then
menuentry 'UEFI Shell' {
chainloader /shellia32.efi
}
fi
menuentry 'UEFI Firmware Settings' --id 'uefi-firmware' {
fwsetup
}
fi
menuentry 'System shutdown' --class shutdown --class poweroff {
echo 'System shutting down...'
halt
}
menuentry 'System restart' --class reboot --class restart {
echo 'System rebooting...'
reboot
}

View File

@ -0,0 +1,73 @@
# https://www.supergrubdisk.org/wiki/Loopback.cfg
# Search for the ISO volume
search --no-floppy --set=archiso_img_dev --file "${iso_path}"
probe --set archiso_img_dev_uuid --fs-uuid "${archiso_img_dev}"
# Get a human readable platform identifier
if [ "${grub_platform}" == 'efi' ]; then
archiso_platform='UEFI'
if [ "${grub_cpu}" == 'x86_64' ]; then
archiso_platform="x64 ${archiso_platform}"
elif [ "${grub_cpu}" == 'i386' ]; then
archiso_platform="IA32 ${archiso_platform}"
else
archiso_platform="${grub_cpu} ${archiso_platform}"
fi
elif [ "${grub_platform}" == 'pc' ]; then
archiso_platform='BIOS'
else
archiso_platform="${grub_cpu} ${grub_platform}"
fi
# Set default menu entry
default=archlinux
timeout=15
timeout_style=menu
# Menu entries
menuentry "Airgap Arch Linux (%ARCH%, ${archiso_platform})" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' {
set gfxpayload=keep
linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% img_dev=UUID=${archiso_img_dev_uuid} img_loop="${iso_path}"
initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img
}
if [ "${grub_platform}" == 'efi' -a "${grub_cpu}" == 'x86_64' -a -f '/boot/memtest86+/memtest.efi' ]; then
menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class gnu --class tool {
set gfxpayload=800x600,1024x768
linux /boot/memtest86+/memtest.efi
}
fi
if [ "${grub_platform}" == 'pc' -a -f '/boot/memtest86+/memtest' ]; then
menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class gnu --class tool {
set gfxpayload=800x600,1024x768
linux /boot/memtest86+/memtest
}
fi
if [ "${grub_platform}" == 'efi' ]; then
if [ "${grub_cpu}" == 'x86_64' -a -f '/shellx64.efi' ]; then
menuentry 'UEFI Shell' {
chainloader /shellx64.efi
}
elif [ "${grub_cpu}" == "i386" -a -f '/shellia32.efi' ]; then
menuentry 'UEFI Shell' {
chainloader /shellia32.efi
}
fi
menuentry 'UEFI Firmware Settings' --id 'uefi-firmware' {
fwsetup
}
fi
menuentry 'System shutdown' --class shutdown --class poweroff {
echo 'System shutting down...'
halt
}
menuentry 'System restart' --class reboot --class restart {
echo 'System rebooting...'
reboot
}

View File

@ -0,0 +1,5 @@
base
linux
mkinitcpio
mkinitcpio-archiso
syslinux

View File

@ -0,0 +1,98 @@
#
# /etc/pacman.conf
#
# See the pacman.conf(5) manpage for option and repository directives
#
# GENERAL OPTIONS
#
[options]
# The following paths are commented out with their default values listed.
# If you wish to use different paths, uncomment and update the paths.
#RootDir = /
#DBPath = /var/lib/pacman/
#CacheDir = /var/cache/pacman/pkg/
#LogFile = /var/log/pacman.log
#GPGDir = /etc/pacman.d/gnupg/
#HookDir = /etc/pacman.d/hooks/
HoldPkg = pacman glibc
#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
Architecture = auto
# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
#IgnorePkg =
#IgnoreGroup =
#NoUpgrade =
#NoExtract =
# Misc options
#UseSyslog
#Color
#NoProgressBar
# We cannot check disk space from within a chroot environment
#CheckSpace
#VerbosePkgLists
ParallelDownloads = 5
# By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages.
SigLevel = Required DatabaseOptional
LocalFileSigLevel = Optional
#RemoteFileSigLevel = Required
# NOTE: You must run `pacman-key --init` before first using pacman; the local
# keyring can then be populated with the keys of all official Arch Linux
# packagers with `pacman-key --populate archlinux`.
#
# REPOSITORIES
# - can be defined here or included from another file
# - pacman will search repositories in the order defined here
# - local/custom mirrors can be added here or in separate files
# - repositories listed first will take precedence when packages
# have identical names, regardless of version number
# - URLs will have $repo replaced by the name of the current repo
# - URLs will have $arch replaced by the name of the architecture
#
# Repository entries are of the format:
# [repo-name]
# Server = ServerName
# Include = IncludePath
#
# The header [repo-name] is crucial - it must be present and
# uncommented to enable the repo.
#
# The testing repositories are disabled by default. To enable, uncomment the
# repo name header and Include lines. You can add preferred servers immediately
# after the header, and they will be used before the default mirrors.
#[core-testing]
#Include = /etc/pacman.d/mirrorlist
[core]
Include = /etc/pacman.d/mirrorlist
#[extra-testing]
#Include = /etc/pacman.d/mirrorlist
[extra]
Include = /etc/pacman.d/mirrorlist
# If you want to run 32 bit applications on your x86_64 system,
# enable the multilib repositories as required here.
#[multilib-testing]
#Include = /etc/pacman.d/mirrorlist
#[multilib]
#Include = /etc/pacman.d/mirrorlist
# An example of a custom package repository. See the pacman manpage for
# tips on creating your own repositories.
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

View File

@ -0,0 +1,21 @@
#!/usr/bin/env bash
# shellcheck disable=SC2034
iso_name="archlinux-baseline"
iso_label="AIRGAP"
iso_publisher="Distrust."
iso_application="Airgap Linux"
iso_version="arch-airgap"
install_dir="arch"
buildmodes=('iso')
bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito'
'uefi-ia32.grub.esp' 'uefi-x64.grub.esp'
'uefi-ia32.grub.eltorito' 'uefi-x64.grub.eltorito')
arch="x86_64"
pacman_conf="pacman.conf"
airootfs_image_type="squashfs"
# airootfs_image_tool_options=('-zlzma,109' -E 'ztailpacking,fragments,dedupe')
# airootfs_image_tool_options=('-zlzma,109' -E 'ztailpacking,fragments,dedupe')
file_permissions=(
["/etc/shadow"]="0:0:400"
)

View File

@ -0,0 +1,5 @@
LABEL arch
MENU LABEL Airgap Arch Linux (x86_64, BIOS)
LINUX /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux
INITRD /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img
APPEND archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID%

View File

@ -0,0 +1,9 @@
SERIAL 0 115200
UI menu.c32
MENU TITLE Airgap Arch Linux
MENU CLEAR
DEFAULT arch
TIMEOUT 30
INCLUDE syslinux-linux.cfg