From fbdb919b7fcfc665d93e475e2e5bab718a7ed5c6 Mon Sep 17 00:00:00 2001 From: "Lance R. Vick" Date: Tue, 11 Jun 2024 14:07:13 -0700 Subject: [PATCH] Second pass w/ hybrid grub/syslinux for efi/bios boot --- Containerfile | 133 +++++++++++++++++++++++++++++++++++++------------- Makefile | 32 +++++++----- 2 files changed, 119 insertions(+), 46 deletions(-) diff --git a/Containerfile b/Containerfile index cb8027b..9645045 100644 --- a/Containerfile +++ b/Containerfile @@ -5,7 +5,8 @@ FROM stagex/syslinux AS syslinux FROM stagex/cpio AS cpio FROM stagex/linux-airgap AS linux FROM stagex/mtools AS mtools -FROM stagex/dosfstools AS dosfstools +FROM stagex/xz AS xz +FROM stagex/grub:local AS grub FROM scratch AS base COPY --from=busybox . / @@ -14,56 +15,122 @@ COPY --from=xorriso . / COPY --from=cpio . / COPY --from=mtools . / COPY --from=linux . / -COPY --from=dosfstools . / COPY --from=syslinux . / +COPY --from=xz . / +COPY --from=grub . / FROM base AS build -COPY --from=linux /bzImage /iso/boot/bzImage + +## Kernel +COPY --from=linux /bzImage iso/boot/vmlinuz + +## Initramfs COPY --from=stagex/busybox . initramfs COPY --chmod=0755 <<-EOF initramfs/init #!/bin/sh /bin/sh EOF -RUN cd initramfs && find . | cpio -o -H newc | gzip -9 > /iso/boot/init.gz -COPY <<-EOF iso/isolinux/isolinux.cfg - DEFAULT linux - LABEL linux - KERNEL boot/bzImage - APPEND initrd=boot/init.gz -EOF -COPY --from=syslinux /usr/share/syslinux/isolinux.bin iso/isolinux/ -COPY --from=syslinux /usr/share/syslinux/ldlinux.c32 iso/isolinux/ RUN <<-EOF set -eux - mkdir -p iso/efi - truncate -s $((10796+128+128))k iso/efi/esp.img - mkfs.fat -F 16 -f 1 -M 0xF0 -r 112 -R 1 iso/efi/esp.img - mmd -i iso/efi/esp.img ::boot - mcopy -i iso/efi/esp.img iso/boot/bzImage ::boot/bzImage - mcopy -i iso/efi/esp.img iso/boot/init.gz ::boot/init.gz - mmd -i iso/efi/esp.img ::syslinux - mcopy -i iso/efi/esp.img iso/isolinux/isolinux.cfg ::syslinux/syslinux.cfg - mcopy -i iso/efi/esp.img /usr/share/syslinux/efi64/ldlinux.e64 ::syslinux/ldlinux.e64 - mmd -i iso/efi/esp.img ::efi - mmd -i iso/efi/esp.img ::efi/boot - mcopy -i iso/efi/esp.img /usr/share/syslinux/efi64/syslinux.efi ::efi/boot/boot64.efi - ls -Rlah iso + cd initramfs + find . \ + | cpio -o -H newc \ + | gzip -9 \ + > ../iso/boot/initramfs EOF + +## Grub (EFI Boot) +COPY <<-EOF iso/boot/grub/grub.cfg + menuentry "Linux Airgap" { + linux /boot/vmlinuz + initrd /boot/initramfs + } +EOF +COPY <<-EOF grub_early.cfg + search --no-floppy --set=root --label "Airgap" + set prefix=(\$root)/boot/grub +EOF +RUN <<-EOF + set -eux + mkdir -p iso/efi/boot + grub-mkimage \ + --config="grub_early.cfg" \ + --prefix="/boot/grub" \ + --output="iso/efi/boot/bootx64.efi" \ + --format="x86_64-efi" \ + --compression="xz" \ + all_video \ + disk \ + part_gpt \ + part_msdos \ + linux \ + normal \ + configfile \ + search \ + search_label \ + efi_gop \ + fat \ + iso9660 \ + cat \ + echo \ + ls \ + test \ + true \ + help \ + gzio +EOF +RUN <<-EOF + mformat -i iso/boot/grub/efi.img -C -f 1440 -N 0 :: + mcopy -i iso/boot/grub/efi.img iso/efi + touch -md "@0" iso/boot/grub/efi.img +EOF + + +## Syslinux (BIOS Boot) +COPY <<-EOF iso/boot/syslinux/syslinux.cfg + TIMEOUT 2 + PROMPT -1 + DEFAULT Airgap + LABEL Airgap + MENU LABEL Linux Airgap + KERNEL /boot/vmlinuz + INITRD /boot/initramfs +EOF +RUN <<-EOF + mkdir -p iso/boot/syslinux + for file in \ + isohdpfx.bin \ + isolinux.bin \ + ldlinux.c32 \ + libutil.c32 \ + libcom32.c32 \ + mboot.c32; \ + do + mv /usr/share/syslinux/$file iso/boot/syslinux/$file || return 1 + done +EOF + +## Build Hybrid EFI/BIOS ISO FROM build AS install -RUN xorriso \ - -as mkisofs \ +RUN xorrisofs \ -output airgap.iso \ - -eltorito-boot isolinux/isolinux.bin \ + -full-iso9660-filenames \ + -joliet \ + -rational-rock \ + -sysid LINUX \ + -isohybrid-mbr iso/boot/syslinux/isohdpfx.bin \ + -eltorito-boot boot/syslinux/isolinux.bin \ + -eltorito-catalog boot/syslinux/boot.cat \ -no-emul-boot \ -boot-load-size 4 \ -boot-info-table \ -eltorito-alt-boot \ - -eltorito-platform efi \ - -eltorito-boot efi/esp.img \ + -e boot/grub/efi.img \ -no-emul-boot \ - -eltorito-catalog isolinux/boot.cat \ - iso -#RUN isohybrid airgap.iso + -isohybrid-gpt-basdat \ + -follow-links \ + iso/ FROM scratch AS package +COPY --from=install /iso /iso COPY --from=install /airgap.iso / diff --git a/Makefile b/Makefile index f7904f9..93a4fbd 100644 --- a/Makefile +++ b/Makefile @@ -1,21 +1,27 @@ .DEFAULT_GOAL := .PHONY: default default: \ - $(OUT_DIR)/airgap.iso + out/airgap.iso .PHONY: vm -vm: - $(call toolchain,$(USER)," \ - qemu-system-i386 \ - -M pc \ - -nographic \ - -cdrom "$(OUT_DIR)/airgap.iso"; \ - ") +vm: out/airgap.iso + qemu-system-x86_64 \ + -m 512M \ + -machine pc \ + -nographic \ + -cdrom "out/airgap.iso" -$(OUT_DIR)/airgap.iso: \ - $(FETCH_DIR)/buildroot +.PHONY: vm-uefi +vm-uefi: + qemu-system-x86_64 \ + -m 4G \ + -machine type=q35 \ + -bios /usr/share/ovmf/OVMF.fd \ + -cdrom "out/airgap.iso" + +out/airgap.iso: Containerfile docker build \ --progress=plain \ - --output type=oci,tar=false,force-compression=true,name=airgap,dest=airgap \ - . \ - -f Containerfile + --output type=local,dest=out \ + -f Containerfile \ + .