diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | Makefile | 9 | ||||
| -rw-r--r-- | README.md | 9 | ||||
| -rwxr-xr-x | build-os | 6 | ||||
| -rwxr-xr-x | commit-os | 11 | ||||
| -rw-r--r-- | config | 14 | ||||
| -rwxr-xr-x | generate-usb-img | 22 | ||||
| -rwxr-xr-x | hooks/build-os-post/40-ostree-demo-scripts | 1 | ||||
| -rwxr-xr-x | hooks/build-os-post/90-ostree-path-mangles | 6 | ||||
| -rwxr-xr-x | hooks/build-os/10-apt | 10 | ||||
| -rwxr-xr-x | hooks/build-os/30-packages | 9 | ||||
| -rwxr-xr-x | hooks/build-os/50-network | 12 | ||||
| -rwxr-xr-x | hooks/build-os/70-system-config | 36 | ||||
| -rwxr-xr-x | hooks/build-os/80-firstboot-repart-growfs | 4 | ||||
| -rwxr-xr-x | publish-repo | 15 | ||||
| -rwxr-xr-x | sync-images | 7 |
16 files changed, 126 insertions, 46 deletions
@@ -1,5 +1,4 @@ repo/ build-repo/ roots/ -delta-update-file halo-*-usb-* @@ -1,12 +1,17 @@ scripts := build-os commit-os publish-repo generate-usb-img sync-repo hooks := hooks/build-os/* hooks/build-os-post/* +all: + sudo ./build-os + sudo ./commit-os + ./publish-repo + check: $(scripts) shellcheck -x $(scripts) shellcheck -x $(hooks) clean: - rm -rf build-repo halo-*-usb-* + sudo rm -rf roots build-repo distclean: clean - rm -rf roots repo + rm -rf repo @@ -1,4 +1,4 @@ -# ostree-demo +# halo-os ## Intro @@ -27,7 +27,7 @@ filesystem for you. ### Login -Login as `root` with the password `guest` +Login as `trent` with the password `reznor` ### Connect to the internet @@ -50,3 +50,8 @@ Check for and apply system updates from public ostree repo, hosted at $ ./publish-repo # migrate the content to an archive repo $ sudo ./generate-usb-img # build a bootable usb image file $ ./sync-repo # sync the archive repo up to a webserver + +# Notes and References + +<https://fedoramagazine.org/building-your-own-atomic-bootc-desktop/> +<https://systemd.io/HOME_DIRECTORY/> @@ -22,7 +22,7 @@ function on_exit(){ } trap on_exit EXIT -root="${roots:?}"/"$version" +root="${roots:?}"/"${branch:?}"/"$version" mkdir -p "$root" @@ -42,6 +42,10 @@ export osversion export osdesc export branch export remote +export build +export buildenv +export arch + run-parts --exit-on-error -- hooks/build-os @@ -2,9 +2,14 @@ set -o pipefail . config +. sh-lib -version="$(find "$roots" -mindepth 1 -maxdepth 1 -type d | cut -d/ -f2 | sort -rn | head -1)" -root="$roots"/"$version" +# Check for dependencies: +package_deps ostree + +#TODO: Maybe this script should take branch and version as arguments? +version="$(cd "${roots:?}"/"${branch:?}"; find ./ -mindepth 1 -maxdepth 1 -type d | cut -d/ -f2 | sort -rn | head -1)" +root="${roots:?}"/"${branch:?}"/"$version" if [ ! -d "$root" ]; then echo "Error: root dir not found: $root" >&2 @@ -13,6 +18,8 @@ fi [ -d "$build_repo" ] && rm -rf "$build_repo" +mkdir -p "$build_repo" + ostree --repo="$build_repo" init --mode=archive ostree --repo="$build_repo" commit -b "$branch" --tree=dir="$root" @@ -3,16 +3,22 @@ osversion=01 osdesc="Down In It" codename=trixie -branch="$osname"/"$osversion"/x86_64/buildmain/standard +build=main +buildenv=dev +arch="x86_64" + +branch="$osname"/"$osversion"/"$build"/"$buildenv"/"$arch" # local dirs roots=roots -build_repo=build-repo -repo=repo +build_repo=build-repo/"$osversion" +repo=repo/"$osversion" +images=images # remote -remote=repo-dev +remote="$osname"-"$osversion" remote_url="https://os.halo.nu/$remote" # publish-repo publish_remote_repo="ph1l@os.halo.nu:/var/www/os.halo.nu/$remote" +publish_images="ph1l@os.halo.nu:/var/www/os.halo.nu/images" diff --git a/generate-usb-img b/generate-usb-img index 68cf2f7..e219ed4 100755 --- a/generate-usb-img +++ b/generate-usb-img @@ -8,16 +8,18 @@ set -o pipefail sysroot=/tmp/$$.ostree_usb version=$(date +%Y%m%d.%H%M%S) -image="./$osname-$osversion-usb-$version.img" +image="$osname-$osversion-$build-$buildenv-$arch-usb-$version.img" seek_sectors=$(( (8 *1024 *1024 *2) +33 -1 )) # Check for dependencies: -package_deps dosfstools ostree parted udev +package_deps bmaptool dosfstools ostree parted udev xz-utils zerofree -[ -f "$image" ] && rm "$image" +[ ! -d "${images:?}" ] && mkdir -p "${images:?}" -dd if=/dev/zero of="$image" seek="$seek_sectors" count=1 bs=512 -loopdev=$(losetup -f --show "$image") +[ -f ${images:?}/"$image" ] && rm ${images:?}/"$image" + +dd if=/dev/zero of=${images:?}/"$image" seek="$seek_sectors" count=1 bs=512 +loopdev=$(losetup -f --show ${images:?}/"$image") function cleanup(){ set +e @@ -36,8 +38,10 @@ function cleanup(){ done rmdir "$sysroot" partx -d "$loopdev"p1 + zerofree -v "$loopdev"p2 partx -d "$loopdev"p2 losetup -d "$loopdev" + set -e } trap cleanup EXIT @@ -73,7 +77,7 @@ chattr -i "$deployroot" touch "$deployroot"/image chattr +i "$deployroot" -mount --bind "$image" "$deployroot"/image +mount --bind ${images:?}/"$image" "$deployroot"/image mount --bind "$sysroot"/boot "$deployroot"/boot mount --bind "$sysroot"/boot/efi "$deployroot"/boot/efi @@ -83,7 +87,7 @@ done chroot "$deployroot" /usr/sbin/grub-install --target='x86_64-efi' \ --efi-directory=/boot/efi --boot-directory=/boot \ - --bootloader-id=GRUB --removable "$image" + --bootloader-id=GRUB --removable ${images:?}/"$image" mount --bind "$sysroot" "$deployroot"/sysroot chroot "$deployroot" grub-mkconfig -o /boot/grub/grub.cfg @@ -91,6 +95,8 @@ chroot "$deployroot" grub-mkconfig -o /boot/grub/grub.cfg trap - EXIT cleanup +pushd ${images:?} bmaptool create "$image" > "$image".bmap xz "$image" -sha256sum "$image".xz > "$image".sha256sum +sha256sum "$image".xz > "$image".xz..sha256sum +popd diff --git a/hooks/build-os-post/40-ostree-demo-scripts b/hooks/build-os-post/40-ostree-demo-scripts index 6ea5627..cb8d693 100755 --- a/hooks/build-os-post/40-ostree-demo-scripts +++ b/hooks/build-os-post/40-ostree-demo-scripts @@ -2,6 +2,7 @@ set -o pipefail +#TODO: package this stuff in .debs and put in a reprepro cat > "${root:?}"/usr/sbin/halo-upgrade << EOF #!/bin/bash -e diff --git a/hooks/build-os-post/90-ostree-path-mangles b/hooks/build-os-post/90-ostree-path-mangles index b2709f3..8a478b8 100755 --- a/hooks/build-os-post/90-ostree-path-mangles +++ b/hooks/build-os-post/90-ostree-path-mangles @@ -1,8 +1,8 @@ #!/bin/bash -xe set -o pipefail -# remove everything from dev and var -rm -rf "${root:?}"/dev/* "${root:?}"/var/* +# remove everything from dev +rm -rvf "${root:?}"/dev/* # add sysroot mountpoint and ostree link to root mkdir -p "${root:?}"/sysroot @@ -32,7 +32,7 @@ EOF # move /etc to /usr/etc mv "${root:?}"/etc "${root:?}"/usr/etc -mkdir "${root:?}"/etc # do we need this? +mkdir "${root:?}"/etc #TODO: do we need this? # link persistent directories to /var for dir in home opt srv mnt tmp; do diff --git a/hooks/build-os/10-apt b/hooks/build-os/10-apt index 65c7056..be2059b 100755 --- a/hooks/build-os/10-apt +++ b/hooks/build-os/10-apt @@ -3,13 +3,11 @@ set -o pipefail # Enable additional sources cat > "${root:?}"/etc/apt/sources.list << EOF -deb https://deb.debian.org/debian trixie main contrib non-free non-free-firmware - -deb https://deb.debian.org/debian trixie-updates main contrib non-free non-free-firmware - -deb https://security.debian.org/debian-security trixie-security main contrib non-free non-free-firmware +deb http://deb.debian.org/debian trixie main contrib non-free non-free-firmware +deb http://deb.debian.org/debian trixie-updates main contrib non-free non-free-firmware +deb http://security.debian.org/debian-security trixie-security main contrib non-free non-free-firmware EOF # update/upgrade system chroot "${root:?}" apt-get update -chroot "${root:?}" apt-get upgrade +chroot "${root:?}" apt-get upgrade --assume-yes diff --git a/hooks/build-os/30-packages b/hooks/build-os/30-packages index b131edf..9510c87 100755 --- a/hooks/build-os/30-packages +++ b/hooks/build-os/30-packages @@ -7,15 +7,22 @@ packages=( debootstrap dosfstools e2fsprogs + flatpak + gnome-core + gnome-tweaks lvm2 nethack-console + network-manager ostree parted rsync + sudo systemd-container + systemd-homed + task-english xfsprogs ) -chroot "${root:?}" apt-get -y install "${packages[@]}" +chroot "${root:?}" apt-get -y --no-install-recommends install "${packages[@]}" echo 'kernel.unprivileged_userns_clone=1' > "${root:?}"/etc/sysctl.d/nspawn.conf diff --git a/hooks/build-os/50-network b/hooks/build-os/50-network index c2cb6ee..a7ec432 100755 --- a/hooks/build-os/50-network +++ b/hooks/build-os/50-network @@ -1,16 +1,14 @@ #!/bin/bash -xe set -o pipefail -# Append motd +# Append to motd cat >> "${root:?}"/etc/motd << EOF -${osname:?}/${osversion:?} (${osdesc:?}) v${version:?} +${osname:?}/${osversion:?}/${build:?}/${buildenv:?}/${arch:?} (${osdesc:?}) v${version:?} EOF # Set hostname -echo "${osname:?}-${osversion:?}" > "${root:?}"/etc/hostname -echo "127.0.1.1 ${osname:?}-${osversion:?}" >> "${root:?}"/etc/hosts - -# Install network manager -chroot "${root:?}" apt-get install -y network-manager +echo "${osname:?}-${osversion:?}-${build:?}-${buildenv:?}" > "${root:?}"/etc/hostname +echo "127.0.1.1 ${osname:?}-${osversion:?}-${build:?}-${buildenv:?}" >> "${root:?}"/etc/hosts +echo "Etc/UTC" > "${root:?}"/etc/localtime diff --git a/hooks/build-os/70-system-config b/hooks/build-os/70-system-config index 0fc5bde..38b6f68 100755 --- a/hooks/build-os/70-system-config +++ b/hooks/build-os/70-system-config @@ -1,10 +1,40 @@ #!/bin/bash -xe set -o pipefail -# Set a root password -echo "root:guest" | chroot "${root:?}" chpasswd +## Set a root password +echo "root:reznor" | chroot "${root:?}" chpasswd + +## add a default regular user with systemd-homed on firstboot +mkdir -p "${root:?}"/usr/lib/credstore +cat > "${root:?}"/usr/lib/credstore/home.create.trent << EOF +{ + "disposition" : "regular", + "memberOf" : [ + "sudo" + ], + "privileged" : { + "hashedPassword" : [ + "\$y\$j9T\$KiIvlGKRHOAfV600NZhag.\$cKOX95FUr7aSVL3EpU2dlDmf/xmL.UoeYonmI3ZkXXA" + ] + }, + "secret" : { + "password" : [ + "reznor" + ] + }, + "userName" : "trent" +} +EOF + +mkdir "${root:?}"/etc/systemd/system/systemd-homed-firstboot.service.d +cat > "${root:?}"/etc/systemd/system/systemd-homed-firstboot.service.d/override.conf << EOF +[Service] +ExecStart= +ExecStart=homectl firstboot --enforce-password-policy=no +EOF + # Make console quieter cat > "${root:?}"/etc/sysctl.d/printk.conf << EOF -kernel.printk = 3 4 1 3 +kernel.printk = 3 4 1 3 EOF diff --git a/hooks/build-os/80-firstboot-repart-growfs b/hooks/build-os/80-firstboot-repart-growfs index 78648cc..97aceff 100755 --- a/hooks/build-os/80-firstboot-repart-growfs +++ b/hooks/build-os/80-firstboot-repart-growfs @@ -36,7 +36,7 @@ mkdir "${root:?}"/etc/systemd/system/systemd-firstboot.service.d cat > "${root:?}"/etc/systemd/system/systemd-firstboot.service.d/install.conf << EOF [Service] ExecStart= -ExecStart=/usr/bin/systemd-firstboot --prompt +ExecStart=/usr/bin/systemd-firstboot [Install] WantedBy=sysinit.target @@ -44,4 +44,4 @@ EOF chroot "${root:?}" systemctl enable systemd-firstboot.service -rm "${root:?}"/etc/{machine-id,localtime} +rm "${root:?}"/etc/machine-id diff --git a/publish-repo b/publish-repo index d4ece7c..f1ec88e 100755 --- a/publish-repo +++ b/publish-repo @@ -3,10 +3,17 @@ set -o pipefail . config +. sh-lib -version="$(find "$roots" -mindepth 1 -maxdepth 1 -type d | cut -d/ -f2 | sort -rn | head -1)" +# Check for dependencies: +package_deps ostree -[ ! -d "$repo" ] && ostree --repo="$repo" init --mode=archive +version="$(cd "${roots:?}"/"${branch:?}"; find ./ -mindepth 1 -maxdepth 1 -type d | cut -d/ -f2 | sort -rn | head -1)" + +if [ ! -d "$repo" ]; then + mkdir -p "$repo" + ostree --repo="$repo" init --mode=archive +fi REF=$(ostree --repo="$build_repo" rev-parse "$branch") @@ -15,9 +22,9 @@ ostree --repo="$repo" pull-local "$build_repo" "$REF" ostree --repo="$repo" commit -b "$branch" \ -s "$osname/$osversion:($osdesc) $branch $version" \ --add-metadata-string=version="$branch":"$version" \ - --gpg-sign=CE4A0BF21E1C237DD8C400FAA39487B22697143F \ + --gpg-sign=91BC029A6B3701253B585656C5FE25B2138B1F0F \ --tree=ref="$REF" -ostree --repo="$repo" static-delta generate "$branch" || echo "Warning: static-delta generate failed" >&2 +ostree --repo="$repo" static-delta generate "$branch" || echo "Warning: static-delta generate failed, (they grow up so fast...)" >&2 ostree --repo="$repo" summary -u diff --git a/sync-images b/sync-images new file mode 100755 index 0000000..1793774 --- /dev/null +++ b/sync-images @@ -0,0 +1,7 @@ +#!/bin/bash -xe + +set -o pipefail + +. config + +rsync -av --delete-after images/ "$publish_images"/ |