Commit Graph

51 Commits

Author SHA1 Message Date
Anton Midyukov
1782ffdcdc arm-rpi4, build-vm, tar2fs: Add new argument VM_BOOTTYPE for tar2fs
While this argument can only have one "EFI" value.
Thus, the problem of building an image for Raspberry Pi on armh,
where there is no grub-efi, was solved.
2020-11-26 19:52:29 +07:00
Anton Midyukov
0f28ee414f build-vm, tar2fs: added VM_PARTTABLE
For Raspberry Pi needed to build grub-efi + MBR images.
2020-05-22 13:34:37 +07:00
Anton Midyukov
fe2b712557 build-vm: Added INITRDFEATURES to /etc/initrd.mk 2020-05-22 13:34:37 +07:00
Anton Midyukov
45c6adbf61 build-vm: fixed make-initrd for e2k 2020-05-22 13:34:35 +07:00
Anton Midyukov
cc248448a0 build-vm: running make-initrd later plymouth setup 2020-05-01 23:49:57 +07:00
Anton Midyukov
8c68a3c5d5 build-vm, kernel, uboot: setup /etc/fstab for build-vm
The entry in /etc/fstab about the mount parameters of the root
partition needs to be done not only for builds with u-boot.
But, if the record already exists, then it will not be added.
The file system type is set by the variable VM_FSTYPE.
2020-04-07 22:35:52 +07:00
Anton Midyukov
801e99b087 build-vm, kernel, uboot: return possibility of changing boot sequence of kernels
Since packet sorting is enabled by default, then
the order in KFLAVORS has ceased to matter.
Kernels are always installed in alphabetical order.
Therefore, it makes no sense to sort by buildtime.
See-also: https://bugzilla.altlinux.org/show_bug.cgi?id=30806

Also fixed my typo. When creating a symlink, the variable
$kver was used, i.e. the entire list of kernels, not the
last value $KVER of the list.
2020-04-07 22:35:52 +07:00
Anton Midyukov
fc67e5a8c2 build-vm, tar2fs: get ARCH from command line argument
tar2fs does not run in hasher and without qemu. This causes build
problems for an architecture other than the host.
2020-04-07 22:35:52 +07:00
Anton Midyukov
8d4c094093 build-vm: drop 04-inittab
Not used by systemd and looks obsolete generally
as sysvinit-based disk images aren't really targeting
low-resource systems these days _by default_ but rather
_can_ target those as well; feel free to reconstruct
these "RAM saving" bits as a part of e.g. lowmem patch.
2019-09-30 21:19:22 +03:00
Anton Midyukov
0fe6b1ee7d build-vm: 07-kernel: all initrd modules are optional
The problem at hand is that different kernels can have
varying module sets, and it makes sense to put four of
those at once sometimes; so avoid silly build breakage.
2019-09-16 21:21:39 +03:00
Ivan Melnikov
dc598719d0 build-vm, main.mk, pack: add recovery.tar
recovery.tar needed for tavolga (mipsel).
This commit is the result of transferring the required functionality
from build-mr (mipsel rootfs).
This change uses external tool to build Tavolga-compatible
recovery.tar. This simplifies the logic and avoids having
recovery workdir in the profile.
After this change, m-p will require tavolga-image-tools >= 3.0.
2019-09-16 21:21:15 +03:00
Anton Midyukov
a8b1f11f2e build-vm: handle multiple kernels either again
KFLAVOURS can describe more than one kernel, get iterator back.

Fixes: 27674e297b
2019-08-30 19:23:16 +03:00
Ivan A. Melnikov
2e70a8f895 build-vm: Don't copy in .host/qemu* if tar2fs won't be called
(gkebfm@ thinks it was a terrible idea in the first place
and mike@ agrees; this is a rework TODO item)
2019-08-19 23:25:50 +03:00
Anton Midyukov
1ef77caf70 build-vm, pack: implement tar, tar.gz, tar.xz support for vm/* target
build-vm ceases to be a target for building only virtual machine images.
Now it can be used to build tarballs designed for installation on real
machines.

This commit is the result of transferring the required functionality from
build-mr (mipsel rootfs) by Ivan Melnikov <iv@altlinux.org>.

NB: mike@ strongly objected to this dilution but gave up eventually;
    the whole kernel/build-vm/tar2fs/pack mess should be split into
    distinct layers busy with their own responsibilities:

    1) a tarball with kernel is done without tar2fs at all
       (and no build-vm bits should be needed either, maybe
       it's worth splitting and renaming as "vm" meaning
       disk image for some armh board is grossly misleading);

    2) a tarball with kernel can be further (multi-)packed
       as, well, (compressed) tarball and a disk image
       (only the latter one should employ build-vm/tar2fs);

    3) compression should be done in pack feature style,
       preferably described once and not duplicated all over
       the profile for every single new kind of its output.

    In the mean time, running into this and moving no further
    starts to hurt more than it could help.
2019-08-19 23:24:26 +03:00
Anton Midyukov
8e1dd12f8e kernel, tar2fs: do not create /boot/.origver 2019-08-19 23:18:31 +03:00
Anton Midyukov
05d628313d build-vm: if make-initrd failed then exit 2019-08-19 23:17:43 +03:00
Anton Midyukov
27674e297b build-vm, kernel, tar2fs: make-initrd happens now in build-vm
NB: 07-kernel change breaks multi-kernel setup!

Breaks: 650e92bf7f
2019-08-19 23:16:06 +03:00
Ivan A. Melnikov
dab41865b2 build-vm: proper cleanup for *.img
We should delete the tarball whenever it's not the target.
2019-03-04 20:24:21 +03:00
Dmitriy Terekhin
be75d3c3d2 need /.host/qemu* in the chroot if qemu is used
The original commit broke system tar2fs use by accidentally
moving TOPDIR definition into a separate shell execution;
thanks iv@ for spotting and fixing it promptly.

Co-authored-by: Ivan A. Melnikov" <iv@altlinux.org>
2019-03-04 19:56:03 +03:00
Anton Midyukov
ac489474a3 build-{ve,vm}: there can be no syslogd
...if it's a systemd-based image; no real error then.
2019-01-14 17:00:37 +03:00
Ivan A. Melnikov
98a9c1f303 Use correct path for system tar2fs
tar2fs comes from m-p, not from mkimage. Also, we should
use $TOPDIR from shell, not $(TOPDIR) from make, when
calling it.

Note: this is a security fix for environments relying
on packaged mkimage-profiles with sudo enabled for the
builder user.

Fixes: f293239d5b
2018-12-25 15:42:56 +03:00
Michael Shigorin
650e92bf7f build-vm, tar2fs: handle multiple kernels either
This was crucial for e2k rescue image supporting
multiple CPU versions but can be useful elsewhere.
2018-05-21 22:50:00 +03:00
Michael Shigorin
d813c43112 build-vm: spare all gettys on e2k
It has no VM hypervisor so far, the images are intended
for bare metal execution.
2018-04-04 12:46:21 +03:00
Michael Shigorin
d5f71b3716 image.in, build-*: generalize SUBDIRS
This is a fix to previous failures of
ve/vm + use/repo/main build attempts
(in fact, any non-distro/ targets).

SUBDIRS were just optimized away...
2018-02-15 17:03:19 +03:00
Michael Shigorin
7b9d8e9cd1 build-vm: whitespace fixup
...so that it doesn't show up in a diff with build-vm.
2018-02-14 18:34:47 +03:00
Michael Shigorin
e043f87775 build-vm, pack: implement qcow2c support
This is a compressed version of good ol' qcow2.

Suggested-by: Alexey Shabalin <shaba@altlinux.org>
2017-12-04 20:02:19 +03:00
Michael Shigorin
0f2411ec34 image.in, build-vm: handle qemu-img absence properly
This isn't a warning cause, this is a error cause!
2017-12-04 19:41:51 +03:00
Michael Shigorin
cf9559287b build-ve, build-vm: handle *_PACKAGES_REGEXP
BASE_PACKAGES_REGEXP and THE_PACKAGES_REGEXP,
to be exact; the lack of handling these appears
to have been the culprit of firefox missing in
vm images which use/browser/firefox.
2017-08-21 21:44:01 +03:00
Michael Shigorin
2600bc2c1d build-vm: purge tarball even with DEBUG=1
...and leave it for possible further investigation
only if debug level is 2 or higher (which is uncommon).
2017-08-21 21:10:32 +03:00
Michael Shigorin
3d7a0c5c39 build-vm, tar2fs: unify kver handling
No need to deduce kernel version again,
just save it in a temporary file.

The main reason to change what worked is
that e2k kernel-image package has Linux bits
named as image-$kver and not vmlinuz-$kver;
the guessing logic taking all of this into
account resulted in non-aesthetic patch.

NB: there's a duplicating script within
    kernel feature; it wasn't easy to avoid
    this and it might differ when handling
    multiple kernels, I didn't think much
    about this now as vm images tend to ship
    with the sole one.
2017-08-02 22:13:44 +03:00
Michael Shigorin
d28950caed 90-build-vm.mk: better error reference
In this case it's rather worth it to examine build.log
than read documentation again (as vm.txt should have been
read or at least skimmed through to get sudo setup ready,
and the problem might be either an environment one or a bug).
2017-01-14 12:08:13 +03:00
Michael Shigorin
f293239d5b build-vm: try system tar2fs first
It's at least removing the very obvious user->root
attack through (maliciously) modifying bin/tar2fs
and waiting for it to be run; if mkimage-profiles
is installed system-wide as a package, the script
from /usr/share/mkimage-profiles will be tried so
those willing to allow vm/* build to themselves
can provide for a passwordless sudo (as described
in doc/vm.txt) to run a root-only writable script,
not user-writable.

Still not perfect but a step away from the abyss.
2016-11-07 19:47:53 +03:00
Michael Shigorin
aea95968ef build-vm: cleanup the leftover tarball
...unless we're debuggin'.
2015-02-20 19:08:31 +03:00
Michael Shigorin
39fa788ac8 build-vm: update referenced script name
It's probably a good year to get rid of this reference practice
resulting in a known sort of misdocumentation over time :-/
2015-01-05 11:18:48 +03:00
Michael Shigorin
05abfaa2d8 build-vm: don't use/deflogin indefinitely
There's working use/oem to provide initial setup now too,
default root/user logins are logically conflicting with it
most of the time.
2014-04-28 21:28:12 +04:00
Michael Shigorin
3f547e2504 documentation: use paths relative to toplevel dir
This change is done to reduce ambiguity in some cases;
the previous intention has been to ease navigation when
staying in a particular directory, now it's been changed
in favour of convenient toplevel `git grep' in fact.

Both variants have their pros and cons, I just find myself
leaning to this one by now hence the commit.  Feel free to
provide constructive criticism :)

Some path-related bitrot has also been fixed while at that.
2014-03-05 21:36:30 +04:00
Michael Shigorin
d7689f30c7 tar2vm: rewrote as tar2fs
Overview of the changes:
- ARM support: separate ext2 /boot, no LILO
- avoid race condition with devmapper
- trap ERR so that -e in shebang doesn't result in extra cleanup hassle
- configurable root filesystem type (ext4 by default)
- jumps through parted hoops

Details:

1. LILO is x86-specific while the rest of the script can be used
   to prepare e.g. Marvell ArmadaXP or CuBox images; we can generally
   count on uboot supporting ext2 for relatively sane platforms but
   not ext4 that would be a better root filesystem performance-wise.

2. Apparently /dev/mapper/loopXpY can be still missing at the time
   when kpartx returns and pop up a bit later... sit there, wait
   and check for it.

3. If something went wrong with any command of the script it would bail out
   due to -e in shebang; it is now better to clean up the loopback device
   and its mappings in this situation either.

4. One size doesn't fit all, really.

5. The parted sizing was sloppy as in broken, now it's just half insane.
   Someone's decision to stick units and auto-alignment knobs into
   a single one was apparently hilarious...

   http://www.gnu.org/software/parted/manual/parted.html#unit

Manual loop/dm cleanup is described in documentation just in case.

/boot size meter is suboptimal in terms of additional I/O incurred,
will be most likely rewritten to make use of advance "du -s".
2013-06-17 19:29:11 +04:00
Michael Shigorin
d22c793ee9 initial deflogin feature (security sensitive!)
The feature officially introduces the "engineering passwords"
including empty ones which have been around since forever but
weren't properly managed (and still are not, at least until
there are no stray passwd/chpasswd/usermod calls in both the
profile, installer-features and all the other related parts).

It is based on an m-p-d init3-users script by stanv@ but was
cleaned up and restructured in a pretty severe manner; thanks
glebfm@ for additional discussion.

This also cleans up the kludge previously stuck into build-vm.

Note that vm/icewm sports graphical autologin now as well as
the default root password (which can be overridden by passing
ROOTPW=... to make but it is a change from the previous state
of affairs indeed).
2013-06-17 14:03:54 +04:00
Michael Shigorin
ee5dd31a71 build-{ve,vm}: handle THE_* and DOT_BASE too
Classic VEs don't carry any kernel since these are running
under a single OpenVZ (or potentially LXC) kernel image;
ARM Multiboot (TWRP in this particular case) allows to boot
off a chroot via kexec, and we need a kernel in it for that,
obviously.

No bootloader required inside such VE though.
2013-06-17 14:03:53 +04:00
Michael Shigorin
67adab492f initial rootfs subprofile and services feature
This subprofile is akin to THE_* variables family: the configuration
bits and script hooks sitting there influence whatever chroot is
declared to be the user facing one in the end, whether it comes
from vm image or live subprofile.

The services feature ought to be a changeset of its own which would
be based on rootfs and become the base for ve/vm changes but I chose
to just do it atomically; some pre-existing duplicates are pruned now.
2013-06-17 14:03:53 +04:00
Denis Smirnov
7f805cdf79 Rename all scripts in */image-scripts.d to format \d\d-scriptname 2013-01-06 12:05:32 +04:00
Denis Smirnov
c509ddb954 /etc/firsttime.d support 2013-01-06 00:10:46 +04:00
Michael Shigorin
cb764516eb build-vm: standalone build is a must, too
The problem was spotted by Alexander Bandura:
bin/tar2vm wasn't present in the generated profile.

I considered extending features.in/Makefile to include
bin/ alongside lib/ but that would make the helper's location
unpredictable (unless BUILDDIR is specified explicitly) so
restricting sudoers would be harder; worse yet, the copied file
would come with write access for the user building an image.

The implications in restricted case are complex enough anyways
so the recommended implementation would only include a fixed
readonly location like /usr/share/mkimage-profiles/bin/tar2vm
as laid out in doc/vm.txt, and that means it's in the metaprofile
not a generated profile.
2012-07-18 16:06:15 +03:00
Michael Shigorin
24edc620d8 prep optimization
There was some extra duplication, just clean it up.
2012-07-16 18:24:18 +03:00
Michael Shigorin
e36792ac90 lib/functions.mk: initial xport()
A few too many downstream makefiles employed the pattern
of "export GLOBAL_VAR := $(VAR)"; macroize that.
2012-07-02 16:14:34 +03:00
Michael Shigorin
fcf41f2201 proxy CLEANUP_PACKAGES down
mkimage implementation requires that the variables
to be passed to the scripts are to be prefixed with
GLOBAL_ or INFO_ tags as appropriate; in this case
the upstream makefile didn't care to.
2012-07-02 16:14:23 +03:00
Michael Shigorin
0e9a873608 build-vm: avoid dummy raw2raw conversion
It's better to rather just move the raw image instead
of specifically converting it into the same, and there's
no need for qemu-img altogether then.

Let's drop the intermediate raw image after successful
conversion as well.
2012-06-30 13:21:28 +03:00
Michael Shigorin
09be84beee initial vm-{net,ssh} features
A virtual machine isn't very useful if there are no means
to access it; let's bring up the basic networking and provide
root SSH access via pre-existing public key.

As the remote access with known default credentials is roughly
equivalent to just lending one's VMs to anyone with network
access to it, the fallback root password is now exterminated;
you have to provide one (or a long enough random string
if you plan to use keys only, see e.g. apg utility).
2012-06-25 19:29:38 +03:00
Michael Shigorin
b24bd31f45 build-vm: 06syslog should differ from VE's one
There's no need to disable console as it's emulated too,
and it still can be helpful or just convenient.
2012-06-25 19:29:38 +03:00
Michael Shigorin
8a04d9b656 initial specific VM formats support
Raw disk images are convenient and universal
but there are custom formats like Qemu's qcow2
providing additional features, e.g. copy-on-write
or space savings.  All of this ultimately belongs
to mkimage but in the mean time has been implemented
here as well.
2012-06-25 19:29:38 +03:00