File registry.sh of Package suse-AGL
#!/bin/sh
set -ex
for device in /dev/mapper/loop*;do
partlabel=$(blkid -s PARTLABEL -o value "${device}")
if [ "${partlabel}" = "p.lxreadonly" ];then
root_device=$device
root_partuuid=$(blkid -s PARTUUID -o value "${root_device}")
fi
if [ "${partlabel}" = "p.UEFI" ];then
esp_device=$device
fi
if [ "${partlabel}" = "p.spare" ];then
reg_instance_device=$device
fi
done
# Preserve storage
mv var/lib/containers/storage /tmp
# umount write space
umount "${reg_instance_device}"
# create luks for RW registry with initial empty key
cryptsetup \
-q \
--key-file /dev/zero \
--type luks2 \
--keyfile-size 128 \
luksFormat "${reg_instance_device}"
cryptsetup \
--key-file /dev/zero \
--keyfile-size 128 \
luksOpen "${reg_instance_device}" luksInstances
# create XFS for RW registry
mkfs.xfs -f -L INSTANCE /dev/mapper/luksInstances
# mount root + ESP
mount "${root_device}" /mnt
mount "${esp_device}" /mnt/boot/efi
# restore storage
mount /dev/mapper/luksInstances /mnt/var/lib/containers/storage
mv /tmp/storage/* /mnt/var/lib/containers/storage/
mount -t proc proc /mnt/proc
# register fleet app
chroot /mnt /usr/bin/flake-ctl podman register \
--container fleet \
--target /usr/bin/fleet \
--app /usr/share/flakes/bin/fleet \
--base basesystem \
--opt '\--rm' \
--opt '\-i' \
--opt '\--volume /run:/run'
# register KUKSA val service
chroot /mnt /usr/bin/flake-ctl podman register \
--container kuksa-val-server \
--app /usr/share/flakes/bin/kuksa-server \
--target /usr/bin/start-kuksa-server \
--resume \
--opt "\--rm" \
--opt "\-v /etc/kuksa-val/certs/:/etc/kuksa-val/certs/" \
--opt "\-v /etc/kuksa-val/tokens/:/etc/kuksa-val/tokens/" \
--opt "\--name kuksa_server" \
--opt "\--net=host"
# register KUKSA feeder service
chroot /mnt /usr/bin/flake-ctl podman register \
--container kuksa-feeder \
--app /usr/share/flakes/bin/kuksa-feeder \
--target /usr/bin/start-kuksa-feeder \
--resume \
--opt "\--rm" \
--opt "\-v /etc/kuksa-val/certs/:/etc/kuksa-val/certs/" \
--opt "\-v /etc/kuksa-val/tokens/:/etc/kuksa-val/tokens/" \
--opt "\--name kuksa_feeder" \
--opt "\--net=host"
# Register agl-user-compositor
agl_user=$(grep "AGL demo user" /mnt/etc/passwd | cut -f3 -d:)
chroot /mnt /usr/bin/flake-ctl podman register \
--container aglcompositor \
--app /usr/share/flakes/bin/agl-user-compositor \
--target /lib/systemd/systemd \
--opt "\--rm" \
--opt "\--name compositor" \
--opt "\--net=host" \
--opt "\--cap-add CAP_SYS_TTY_CONFIG" \
--opt "\-v /tmp:/tmp" \
--opt "\-v /dev:/dev" \
--opt "\-v /run/udev:/run/udev" \
--opt "\-v /run/user/${agl_user}:/run/user/${agl_user}" \
--opt "\--privileged" \
--opt "\-t"
# Register agl-cluster-dashboard
chroot /mnt /usr/bin/flake-ctl podman register \
--container aglcluster \
--app /usr/share/flakes/bin/agl-cluster-dashboard \
--target /usr/bin/cluster-dashboard \
--opt "\--rm" \
--opt "\--name cluster_demo" \
--opt "\--net=host" \
--opt "\-e QT_QPA_PLATFORM=wayland" \
--opt "\-e QT_PLUGIN_PATH=/usr/lib64/qt5/plugins/" \
--opt "\-e XDG_RUNTIME_DIR=/run/user/${agl_user}" \
--opt "\-e WAYLAND_DISPLAY=/run/user/${agl_user}/wayland-0" \
--opt "\-v /etc/kuksa-val/certs/:/etc/kuksa-val/certs/" \
--opt "\-v /etc/kuksa-val/tokens/:/etc/kuksa-val/tokens/" \
--opt "\-v /run:/run"
# Register trafficsign service
# supports two modes:
# classify picture
# read image file from socket, classify, report
# classify webcam
# poll on webcam (1sec), classify, report
chroot /mnt /usr/bin/flake-ctl podman register \
--container trafficsign \
--app /usr/share/flakes/bin/classify \
--target /usr/bin/classify \
--resume \
--opt "\--net=host" \
--opt "\--privileged" \
--opt "\--name traffic_sign" \
--opt "\-v /run:/run"
# Register capture traffic sign capture
# Example: capture /run/traffic /run/captured_from_webcam.jpg
chroot /mnt /usr/bin/flake-ctl podman register \
--container trafficsign \
--app /usr/share/flakes/bin/capture \
--target /usr/bin/capture \
--opt "\--rm" \
--opt "\-ti" \
--opt "\--privileged" \
--opt "\-v /run:/run"
umount /mnt/proc
# umount storage
umount /mnt/var/lib/containers/storage
# close crypt
cryptsetup luksClose luksInstances
# Create grub early boot script
uuid=$(readlink /mnt/boot/uuid)
cat >/mnt/boot/efi/EFI/BOOT/earlyboot.cfg <<-EOF
search --file --set=root ${uuid}
set rootdev=PARTUUID=${root_partuuid}
export rootdev
set prefix=(\$root)/boot/grub2
configfile (\$root)/boot/grub2/grub.cfg
EOF
# Rebuild EFI binary
efi_arch="arm64-efi"
efi_image="bootaa64.efi"
if [ "$(uname -m)" = "x86_64" ];then
efi_arch="x86_64-efi"
efi_image="bootx64.efi"
fi
grub2-mkimage \
-O "${efi_arch}" \
-o /mnt/boot/efi/EFI/BOOT/"${efi_image}" \
-c /mnt/boot/efi/EFI/BOOT/earlyboot.cfg \
-p /mnt/boot/grub2 \
-d /mnt/usr/share/grub2/"${efi_arch}" \
linux configfile search_fs_file search normal gzio fat font \
minicmd gfxterm gfxmenu all_video squash4 loadenv part_gpt \
part_msdos efi_gop serial test echo
# umount ROOT + ESP
umount /mnt/boot/efi
umount /mnt
