Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:marcus.schaefer:EOS
suse-eos-vendorbuild
_service:obs_scm:eos-1714565492.577d465.obscpio
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:obs_scm:eos-1714565492.577d465.obscpio of Package suse-eos-vendorbuild
07070100000000000081A4000000000000000000000001663231740000006E000000000000000000000000000000000000002400000000eos-1714565492.577d465/_constraints<constraints> <hardware> <disk> <size unit="G">20</size> </disk> </hardware> </constraints> 07070100000001000081A40000000000000000000000016632317400000081000000000000000000000000000000000000002300000000eos-1714565492.577d465/_multibuild<multibuild> <flavor>Static</flavor> <flavor>AB</flavor> <flavor>EC2</flavor> <flavor>RPI</flavor> </multibuild> 07070100000002000081A400000000000000000000000166323174000004B5000000000000000000000000000000000000002900000000eos-1714565492.577d465/appliance.changes------------------------------------------------------------------- Thu Dec 14 10:02:46 UTC 2023 - Marcus Schäfer <marcus.schaefer@gmail.com> - preload basesystem container in RO registry and provide the fleet delta container for testing IoT devices. The provided key-pair/certs are just for testing and can be wiped in the cloud at any time ------------------------------------------------------------------- Sun Nov 12 10:00:50 UTC 2023 - Marcus Schäfer <marcus.schaefer@gmail.com> - named grub config for RPI ------------------------------------------------------------------- Fri Nov 10 11:46:49 UTC 2023 - Marcus Schäfer <marcus.schaefer@gmail.com> - allow for local build ------------------------------------------------------------------- Mon Oct 30 12:44:54 UTC 2023 - Marcus Schäfer <marcus.schaefer@gmail.com> - consolidate rPI and VM build into one ------------------------------------------------------------------- Mon Oct 23 09:35:34 UTC 2023 - Marcus Schäfer <marcus.schaefer@gmail.com> - add vim editor ------------------------------------------------------------------- Mon Oct 23 09:19:14 UTC 2023 - Marcus Schäfer <marcus.schaefer@gmail.com> - add changes file 07070100000003000081A40000000000000000000000016632317400002B5D000000000000000000000000000000000000002600000000eos-1714565492.577d465/appliance.kiwi<?xml version="1.0" encoding="utf-8"?> <!-- The line below is required in order to use the multibuild OBS features --> <!-- OBS-Profiles: @BUILD_FLAVOR@ --> <image schemaversion="7.5" name="EOS" displayname="SUSE Embedded OS"> <description type="system"> <author>Marcus Schäfer</author> <contact>marcus.schaefer@suse.com</contact> <specification>Immutable Embeddded OS for Container workloads</specification> </description> <profiles> <profile name="Static" description="Smallest Possible; No A/B update clones"/> <profile name="AB" description="Rest Capacity, A/B OS updates possible"/> <profile name="EC2" description="For AWS EC2, Rest Capacity, A/B OS updates possible"/> <profile name="RPI" description="For Raspberry PI, Rest Capacity, A/B OS updates possible" arch="aarch64"/> <profile name="RPI5" description="For Raspberry PI5, Rest Capacity, A/B OS updates possible" arch="aarch64"/> </profiles> <preferences> <version>1.0.1</version> <packagemanager>zypper</packagemanager> <locale>en_US</locale> <keytable>us</keytable> <timezone>UTC</timezone> <rpm-excludedocs>true</rpm-excludedocs> <rpm-check-signatures>false</rpm-check-signatures> </preferences> <preferences profiles="AB"> <type image="oem" filesystem="xfs" firmware="efi" initrd_system="dracut" overlayroot="true" overlayroot_write_partition="false" bootpartition="false" overlayroot_readonly_partsize="512" squashfscompression="xz" devicepersistency="by-label" editbootinstall="registry_encrypted.sh" efipartsize="9" spare_part="1" spare_part_mountpoint="/var/lib/containers/storage" spare_part_fs="xfs" spare_part_is_last="true" root_clone="1"> <bootloader name="grub2"/> <oemconfig> <oem-resize>false</oem-resize> </oemconfig> <size unit="M">2048</size> </type> </preferences> <preferences profiles="Static"> <type image="oem" filesystem="xfs" firmware="efi" initrd_system="dracut" overlayroot="true" overlayroot_write_partition="false" bootpartition="false" overlayroot_readonly_partsize="512" squashfscompression="xz" devicepersistency="by-label" editbootinstall="registry_encrypted.sh" efipartsize="9" spare_part="1" spare_part_mountpoint="/var/lib/containers/storage" spare_part_fs="xfs" spare_part_is_last="true"> <bootloader name="grub2"/> <oemconfig> <oem-resize>false</oem-resize> </oemconfig> <size unit="M">1024</size> </type> </preferences> <preferences profiles="EC2"> <type image="oem" filesystem="xfs" firmware="efi" initrd_system="dracut" overlayroot="true" overlayroot_write_partition="false" bootpartition="false" overlayroot_readonly_partsize="512" squashfscompression="xz" devicepersistency="by-label" editbootinstall="registry_encrypted.sh" efipartsize="9" spare_part="1" spare_part_mountpoint="/var/lib/containers/storage" spare_part_fs="xfs" spare_part_is_last="true" root_clone="1"> <bootloader name="grub2"/> <oemconfig> <oem-resize>false</oem-resize> </oemconfig> <partitions> <!-- cloud-init needs write permissions for provisioning tasks --> <partition name="home" size="20" mountpoint="/home" filesystem="ext4"/> <partition name="cloud" size="5" mountpoint="/var/lib/cloud" filesystem="ext4"/> </partitions> <size unit="M">10240</size> <machine xen_loader="hvmloader"/> </type> </preferences> <preferences arch="aarch64" profiles="RPI"> <type image="oem" filesystem="xfs" firmware="efi" initrd_system="dracut" overlayroot="true" overlayroot_write_partition="false" bootpartition="false" overlayroot_readonly_partsize="512" squashfscompression="xz" devicepersistency="by-label" editbootinstall="registry_encrypted.sh" efipartsize="10" spare_part="1" spare_part_mountpoint="/var/lib/containers/storage" spare_part_fs="xfs" spare_part_is_last="true" root_clone="1"> <bootloader name="grub2"/> <oemconfig> <oem-resize>false</oem-resize> </oemconfig> <size unit="M">2048</size> </type> </preferences> <preferences arch="aarch64" profiles="RPI5"> <type image="oem" filesystem="xfs" firmware="efi" initrd_system="dracut" overlayroot="true" overlayroot_write_partition="false" bootpartition="false" overlayroot_readonly_partsize="512" squashfscompression="xz" devicepersistency="by-label" editbootinstall="registry_raw.sh" efipartsize="10" spare_part="1" spare_part_mountpoint="/var/lib/containers/storage" spare_part_fs="xfs" spare_part_is_last="true" root_clone="1"> <bootloader name="grub2"/> <oemconfig> <oem-resize>false</oem-resize> </oemconfig> <size unit="M">2048</size> </type> </preferences> <users> <user password="$1$wYJUgpM5$RXMMeASDc035eX.NbYWFl0" home="/root" name="root" groups="root" shell="/bin/bash"/> </users> <users profiles="EC2"> <user password="$1$wYJUgpM5$RXMMeASDc035eX.NbYWFl0" home="/home/ec2-user" name="ec2-user" groups="users,root"/> </users> <repository type="rpm-md"> <source path="obsrepositories:/"/> </repository> <packages type="image"> <!-- kernel --> <package name="kernel-default"/> <!-- bootloader --> <package name="grub2"/> <package name="grub2-x86_64-efi" arch="x86_64"/> <package name="grub2-arm64-efi" arch="aarch64"/> <package name="grub2-i386-pc" arch="x86_64"/> <!-- enable for root overlay (debugging) --> <!-- <package name="dracut-kiwi-overlay"/> --> <!-- system --> <package name="timezone"/> <package name="systemd"/> <package name="systemd-network"/> <package name="NetworkManager"/> <package name="wireless-regdb"/> <package name="wireless-tools"/> <package name="wpa_supplicant"/> <package name="openssh"/> <package name="iproute2"/> <package name="squashfs"/> <package name="vim"/> <!-- enable for testing with virtual TPM chip --> <!-- <package name="tpm-tools"/> --> <package name="cryptsetup"/> <package name="podman"/> <package name="netavark"/> <package name="cni"/> <package name="cni-plugins"/> <package name="flake-pilot"/> <package name="flake-pilot-podman"/> <package name="flake-pilot-firecracker"/> <package name="device-mapper"/> <package name="binutils"/> <package name="gptfdisk"/> <package name="xfsprogs"/> <package name="shadow"/> <package name="eos-setup-base"/> <package name="eos-setup-registry"/> <package name="eos-setup-base-ssh-keys"/> <!-- image building --> <package name="git"/> <package name="qemu-kvm" arch="x86_64"/> <package name="qemu-seabios" arch="x86_64"/> <package name="qemu-vgabios" arch="x86_64"/> <package name="qemu-uefi-aarch64" arch="aarch64"/> <package name="qemu-ipxe"/> <package name="python3-kiwi_boxed_plugin"/> </packages> <packages type="image" profiles="RPI"> <package name="arm-trusted-firmware-rpi4"/> </packages> <packages type="image" profiles="RPI,RPI5"> <package name="raspberrypi-firmware"/> <package name="raspberrypi-firmware-config"/> <package name="raspberrypi-firmware-dt"/> <package name="u-boot-rpiarm64"/> <package name="raspberrypi-eeprom"/> <package name="kernel-firmware-bluetooth"/> <package name="kernel-firmware-brcm"/> <package name="bcm43xx-firmware"/> <package name="eos-setup-grub-rpi"/> <package name="eos-setup-base-rpi"/> </packages> <packages type="image" profiles="AB"> <package name="eos-setup-grub-ab"/> </packages> <packages type="image" profiles="Static"> <package name="eos-setup-grub-static"/> </packages> <packages type="image" profiles="AB,Static"> <package name="eos-setup-base-vm"/> <package name="eos-setup-base-ssh"/> </packages> <packages type="image" profiles="AB,EC2,RPI,RPI5"> <package name="kexec-tools"/> <package name="eos-setup-os-update"/> <!-- preloaded containers --> <package name="basesystem-image"/> <package name="fleet-image"/> </packages> <packages type="image" profiles="EC2"> <package name="grub2-x86_64-xen" arch="x86_64"/> <package name="chrony"/> <package name="amazon-ssm-agent"/> <package name="cloud-init"/> <package name="cloud-init-config-suse"/> <package name="openssh-server"/> <package name="openssh-clients"/> <package name="eos-setup-base-ec2"/> <package name="eos-setup-grub-ec2"/> </packages> <packages type="bootstrap"> <package name="udev"/> <package name="filesystem"/> <package name="glibc-locale-base"/> <package name="cracklib-dict-small"/> <package name="ca-certificates"/> <package name="ca-certificates-mozilla"/> <package name="xz"/> <package name="grep"/> </packages> <packages type="delete" profiles="AB,EC2,RPI,RPI5"> <!-- it is in the registry now, so we can delete the package --> <!-- <package name="core-image"/> --> </packages> <packages type="delete" profiles="AB,EC2,RPI,RPI5"> <package name="basesystem-image"/> <package name="fleet-image"/> </packages> <packages type="delete" profiles="AB,Static,RPI,RPI5,EC2"> <package name="zypper"/> </packages> </image> 07070100000004000041ED0000000000000000000000036632317400000000000000000000000000000000000000000000001F00000000eos-1714565492.577d465/boxroot07070100000005000041ED0000000000000000000000026632317400000000000000000000000000000000000000000000002300000000eos-1714565492.577d465/boxroot/etc07070100000006000081A4000000000000000000000001663231740000012E000000000000000000000000000000000000002C00000000eos-1714565492.577d465/boxroot/etc/kiwi.ymlmapper: - part_mapper: kpartx container: # Specify compression for container images # Possible values are true, false, xz or none. - compress: true runtime_checks: - disable: - check_partuuid_persistency_type_used_with_mbr - check_dracut_module_for_disk_overlay_in_package_list 07070100000007000081ED00000000000000000000000166323174000001EB000000000000000000000000000000000000002700000000eos-1714565492.577d465/build.local.rpi#!/bin/bash kiwi-ng \ --debug \ --profile RPI \ system boxbuild \ --box universal \ --box-memory 3g \ --machine virt \ --cpu host \ -- \ --description . \ --target-dir myeos \ --set-repo https://download.opensuse.org/ports/aarch64/tumbleweed/repo/oss \ --add-repo obs://home:marcus.schaefer:delta_containers/containers_tw \ --add-repo obs://home:marcus.schaefer:EOS/TW \ --add-repo obs://Virtualization:Appliances:Builder/openSUSE_Tumbleweed 07070100000008000081A40000000000000000000000016632317400002233000000000000000000000000000000000000002100000000eos-1714565492.577d465/config.sh#!/bin/bash set -ex declare kiwi_profiles=${kiwi_profiles} source /etc/os-release #====================================== # World writable flakes #-------------------------------------- # This needs a better solution for rootless use, similar to podman chmod 777 /usr/share/flakes chmod 777 /var/lib/firecracker/images chmod 777 /var/lib/firecracker/storage #====================================== # Import Build Time Containers (RO) #-------------------------------------- for profile in ${kiwi_profiles//,/ }; do if [ ! "${profile}" = "Static" ]; then pushd /usr/share/suse-docker-images/native/ podman load -i basesystem.*.tar.xz rm -f basesystem.*.tar.xz popd break fi done #====================================== # Create timesync subdirs #-------------------------------------- mkdir -p /var/lib/systemd/timesync mkdir -p /var/lib/private/systemd/timesync #====================================== # Create container subdirs #-------------------------------------- mkdir -p /var/lib/containers/storage mkdir -p /var/cache/containers mkdir -p /var/lib/cni mkdir -p /etc/cni/net.d #====================================== # Link flakes to a writable location #-------------------------------------- mkdir -p /usr/share/flakes/bin echo "export PATH=\$PATH:/usr/share/flakes/bin" >> /etc/profile #====================================== # Move containers to read-only registry #-------------------------------------- # move containers to additionalimagestores [read-only] mv /var/lib/containers/storage /var/lib/containers/loaded #====================================== # Move flakes to read-write registry #-------------------------------------- mkdir -p /var/lib/containers/storage mv /usr/share/flakes /var/lib/containers/storage/ ln -s /var/lib/containers/storage/flakes /usr/share/flakes #====================================== # Relink kiwi boxes to RW #-------------------------------------- mkdir -p /var/lib/containers/storage/kiwi_boxes ln -s /var/lib/containers/storage/kiwi_boxes /root/.kiwi_boxes #====================================== # Move firecracker registry to rw #-------------------------------------- mkdir -p /var/lib/containers/storage/firecracker mv /var/lib/firecracker/ /var/lib/containers/storage/firecracker/ ln -s /var/lib/containers/storage/firecracker /var/lib/firecracker chmod 750 /var/lib/containers #====================================== # Import Build Time Containers (RW) #-------------------------------------- for profile in ${kiwi_profiles//,/ }; do if [ ! "${profile}" = "Static" ]; then pushd /usr/share/suse-docker-images/native/ for container in *.tar.xz ;do acceptable_name=$(echo "${container}" | cut -f1 -d.).tar.xz mv "${container}" "${acceptable_name}" podman load -i "${acceptable_name}" done popd break fi done #====================================== # Setup container policy #-------------------------------------- # disabled for the moment, allow from anywhere # cat >/etc/containers/policy.json <<- EOF # { # "default": [ # { # "type": "reject" # } # ], # "transports": { # "docker": { # "registry.opensuse.org": [ # { # "type": "insecureAcceptAnything" # } # ] # } # } # } # EOF #====================================== # Setup container storage config #-------------------------------------- cat >/etc/containers/storage.conf <<- EOF [storage] driver = "overlay" graphroot = "/var/lib/containers/storage" runroot = "/var/run/containers/storage" [storage.options] additionalimagestores = ['/var/lib/containers/loaded'] EOF #====================================== # Setup flakes.yml #-------------------------------------- cat >/etc/flakes.yml <<- EOF --- generic: flakes_dir: /usr/share/flakes podman_ids_dir: /var/lib/containers/storage/tmp/flakes firecracker_ids_dir: /var/lib/firecracker/storage/tmp/flakes EOF #====================================== # Setup default registry #-------------------------------------- cat >/etc/containers/registries.conf <<- EOF unqualified-search-registries=["registry.opensuse.org"] [[registry]] prefix = "registry.opensuse.org/ubuntu-apps" location = "registry.opensuse.org/home/marcus.schaefer/delta_containers/containers_ubuntu" [[registry]] prefix = "registry.opensuse.org/tw-apps" location = "registry.opensuse.org/home/marcus.schaefer/delta_containers/containers_tw" EOF arch=$(uname -m) #====================================== # Setup update config #-------------------------------------- dist=unknown if [ "${ID}" = "opensuse-tumbleweed" ];then dist=TW fi if [ "${ID}" = "opensuse-alp" ];then dist=ALP fi cat >/etc/os-update.yml <<- EOF --- update: pkey: /run/id_fleet server: ec2-user@ec2-3-125-193-126.eu-central-1.compute.amazonaws.com name: EOS.${arch}-${kiwi_profiles}-${dist} EOF #================================== # Create ssh host keys #---------------------------------- /usr/sbin/sshd-gen-keys-start #================================== # Delete stuff we don't need #---------------------------------- rm -f /etc/containers/registries.d/default.yaml rm -f /etc/containers/mounts.conf rm -f /usr/share/containers/mounts.conf #================================== # Turn grub-mkconfig into a noop #---------------------------------- # We have to provide a static version of the grub config # because at the time of the grub2-mkconfig call the # system is read-only cp /usr/bin/true /usr/sbin/grub2-mkconfig #================================== # Mask services due to RO system #---------------------------------- for service in \ systemd-rfkill.service \ systemd-rfkill.socket \ logrotate.service \ logrotate.timer do systemctl mask "${service}" done #====================================== # Setup services #-------------------------------------- for service in \ sshd \ registry-rw \ registry_resize \ systemd-networkd \ systemd-resolved do systemctl enable "${service}" done #====================================== # Setup grub #-------------------------------------- mv "/boot/grub2/grub.cfg.${kiwi_profiles}.${arch}" /boot/grub2/grub.cfg # delete unused grub templates rm -f /boot/grub2/grub.cfg.* #====================================== # Setup Profile Specific #-------------------------------------- for profile in ${kiwi_profiles//,/ }; do # RPI if [ "${profile}" = "RPI" ] || [ "${profile}" = "RPI5" ]; then # RPI required services systemctl enable systemd-timesyncd systemctl enable update_commit fi # AB if [ "${profile}" = "AB" ]; then # AB required services systemctl enable systemd-timesyncd systemctl enable update_commit fi # Static if [ "${profile}" = "Static" ]; then # Static required services systemctl enable systemd-timesyncd fi # EC2 if [ "${profile}" = "EC2" ]; then # Cloud required services for service in \ chronyd \ cloud-init-local \ cloud-init \ cloud-config \ cloud-final \ amazon-ssm-agent \ update_commit do systemctl enable "${service}" done # Create flake-ctl alias to run via sudo echo "alias flake-ctl='sudo flake-ctl'" > /home/ec2-user/.alias # Disable password based login via ssh ssh_conf=/etc/ssh/sshd_config if [ ! -e "${ssh_conf}" ];then ssh_conf=/usr/etc/ssh/sshd_config fi sed -i 's/#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' "${ssh_conf}" sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' "${ssh_conf}" # Remove the password for root sed -i 's/^root:[^:]*:/root:*:/' /etc/shadow # Allow root access on serial console grep -E -q '^ttyS0$' /etc/securetty || echo ttyS0 >> /etc/securetty # Set up time server echo "server 169.254.169.123 iburst" >> /etc/chrony.conf fi done # The following should not be needed... # make sure to create systemd-network user # For some reason the user was missing on the aarch64 ALP image build # The call is taken from the systemd spec file and can be # deleted once the packaging got fixed /usr/bin/systemd-sysusers systemd-network.conf # make sure to create systemd-resolve user # For some reason the user was missing on the aarch64 ALP image build # The call is taken from the systemd spec file and can be # deleted once the packaging got fixed /usr/bin/systemd-sysusers systemd-resolve.conf 07070100000009000081ED0000000000000000000000016632317400000308000000000000000000000000000000000000002200000000eos-1714565492.577d465/ec2-upload#!/bin/bash # shellcheck shell=bash set -e if [ ! -d binaries ];then echo "run osc getbinaries first..." exit 1 fi image=$(echo binaries/*.raw.xz) arch=$(echo "${image}" | cut -f2 -d. | cut -f1 -d-) dist=$(echo "${image}" | cut -f4 -d. | cut -f3 -d- | sed -e "s@Build@@" | tr '[:upper:]' '[:lower:]') desc="$(basename "${image}" | cut -f1 -d.)"-"${dist}"-"${arch}" name="${desc}-v$(date +%Y%m%d)" ec2arch="${arch}" if [ "${arch}" == "aarch64" ];then ec2arch=arm64 fi ec2uploadimg \ --wait-count 5 \ -a suse-pct -f ~ms/.ec2/ec2utils.conf \ --grub2 \ -m "${ec2arch}" \ -n "${name}" \ --sriov-support \ --ena-support \ --boot-mode uefi \ -r eu-central-1 \ --description "${desc}" \ --verbose \ -B ssd \ "${image}" 0707010000000A000081A400000000000000000000000166323174000008C5000000000000000000000000000000000000002800000000eos-1714565492.577d465/pre_disk_sync.sh#!/bin/sh set -ex #======================================= # RPI specific #--------------------------------------- for profile in ${kiwi_profiles//,/ }; do if [ "${profile}" = "RPI" ] || [ "${profile}" = "RPI5" ]; then #======================================= # Setup EFI #--------------------------------------- # move rPI firmware from boot partition(s) to ESP cp -a /boot/vc/* /boot/efi/ rm -rf /boot/vc fi if [ "${profile}" = "RPI" ] || [ "${profile}" = "RPI5" ]; then cat >/boot/efi/extraconfig.txt <<- EOF # Enable USB boot program_usb_boot_mode=1 # Enable DRM VC4 V3D driver dtoverlay=vc4-kms-v3d max_framebuffers=2 display_auto_detect=1 disable_overscan=1 gpu_mem=128 # Enable I2C (1) dtparam=i2c1=on EOF fi if [ "${profile}" = "RPI5" ]; then cat >>/boot/efi/extraconfig.txt <<- EOF dtparam=uart0_console dtoverlay=uart0 EOF fi done #======================================= # Create UUID because squashfs has none #--------------------------------------- uuid=$(uuidgen) touch /boot/${uuid} ln -s /boot/${uuid} /boot/uuid #======================================= # Create stub resolv.conf link #--------------------------------------- # kiwi cleanup has dropped stale resolv.conf ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf #======================================= # Relink /var/lib/dhcp to /run (rw) #--------------------------------------- (cd /var/lib && rm -rf dhcp && ln -s /run dhcp) #======================================= # Delete stuff we don't need #--------------------------------------- rm -rf /usr/lib/sysimage/rpm rm -rf /usr/share/locale rm -rf /var/log/* rm -rf /etc/zypp rm -rf /usr/lib/dracut rm -rf /usr/lib/zypp rm -rf /usr/lib*/librpm* rm -rf /usr/lib*/libzypp* find /usr/lib/rpm -type f ! -path "*rpmrc" ! -path "*macros" -delete #================================== # Turn rpm into a noop #---------------------------------- # kiwi calls rpm to fetch metadata from the image, but for size # reasons we try to get rid of all rpm data cat >/usr/bin/rpm <<- EOF #!/bin/sh echo "/read-only system, use os-update or container workload" EOF chmod 755 /usr/bin/rpm 0707010000000B000081A40000000000000000000000016632317400000A79000000000000000000000000000000000000002D00000000eos-1714565492.577d465/registry_encrypted.sh#!/bin/sh set -ex for device in /dev/mapper/loop*;do partlabel=$(blkid -s PARTLABEL -o value "${device}") if [ "${partlabel}" = "p.lxreadonly" ];then root_device=$device root_partuuid=$(blkid -s PARTUUID -o value "${root_device}") fi if [ "${partlabel}" = "p.UEFI" ];then esp_device=$device fi if [ "${partlabel}" = "p.spare" ];then reg_instance_device=$device fi done # Preserve storage mv var/lib/containers/storage /tmp # umount write space umount "${reg_instance_device}" # create luks for RW registry with initial empty key cryptsetup \ -q \ --key-file /dev/zero \ --type luks2 \ --keyfile-size 128 \ luksFormat "${reg_instance_device}" cryptsetup \ --key-file /dev/zero \ --keyfile-size 128 \ luksOpen "${reg_instance_device}" luksInstances # create XFS for RW registry mkfs.xfs -f -L INSTANCE /dev/mapper/luksInstances # mount root + ESP mount "${root_device}" /mnt mount "${esp_device}" /mnt/boot/efi # restore storage mount /dev/mapper/luksInstances /mnt/var/lib/containers/storage mv /tmp/storage/* /mnt/var/lib/containers/storage/ # register fleet app mount -t proc proc /mnt/proc chroot /mnt /usr/bin/flake-ctl podman register \ --container fleet \ --target /usr/bin/fleet \ --app /usr/share/flakes/bin/fleet \ --base basesystem \ --opt '\--rm' \ --opt '\-i' \ --opt '\--volume /run:/run' # register core app chroot /mnt /usr/bin/flake-ctl podman register \ --container basesystem \ --target /usr/lib/systemd/systemd \ --app /usr/share/flakes/bin/core \ --attach \ --opt '\--privileged' \ --opt '\--net host' \ --opt '\-ti' umount /mnt/proc # umount storage umount /mnt/var/lib/containers/storage # close crypt cryptsetup luksClose luksInstances # Create grub early boot script uuid=$(readlink /mnt/boot/uuid) cat >/mnt/boot/efi/EFI/BOOT/earlyboot.cfg <<-EOF search --file --set=root ${uuid} set rootdev=PARTUUID=${root_partuuid} export rootdev set prefix=(\$root)/boot/grub2 configfile (\$root)/boot/grub2/grub.cfg EOF # Rebuild EFI binary efi_arch="arm64-efi" efi_image="bootaa64.efi" if [ "$(uname -m)" = "x86_64" ];then efi_arch="x86_64-efi" efi_image="bootx64.efi" fi grub2-mkimage \ -O "${efi_arch}" \ -o /mnt/boot/efi/EFI/BOOT/"${efi_image}" \ -c /mnt/boot/efi/EFI/BOOT/earlyboot.cfg \ -p /mnt/boot/grub2 \ -d /mnt/usr/share/grub2/"${efi_arch}" \ linux configfile search_fs_file search normal gzio fat font \ minicmd gfxterm gfxmenu all_video squash4 loadenv part_gpt \ part_msdos efi_gop serial test echo # umount ROOT + ESP umount /mnt/boot/efi umount /mnt 0707010000000C000081A4000000000000000000000001663231740000085A000000000000000000000000000000000000002700000000eos-1714565492.577d465/registry_raw.sh#!/bin/sh set -ex for device in /dev/mapper/loop*;do partlabel=$(blkid -s PARTLABEL -o value "${device}") if [ "${partlabel}" = "p.lxreadonly" ];then root_device=$device root_partuuid=$(blkid -s PARTUUID -o value "${root_device}") fi if [ "${partlabel}" = "p.UEFI" ];then esp_device=$device fi if [ "${partlabel}" = "p.spare" ];then reg_instance_device=$device fi done # umount write space umount "${reg_instance_device}" # mount root + ESP mount "${root_device}" /mnt mount "${esp_device}" /mnt/boot/efi # mount storage mount "${reg_instance_device}" /mnt/var/lib/containers/storage # register fleet app mount -t proc proc /mnt/proc chroot /mnt /usr/bin/flake-ctl podman register \ --container fleet \ --target /usr/bin/fleet \ --app /usr/share/flakes/bin/fleet \ --base basesystem \ --opt '\--rm' \ --opt '\-i' \ --opt '\--volume /run:/run' # register core app chroot /mnt /usr/bin/flake-ctl podman register \ --container basesystem \ --target /usr/lib/systemd/systemd \ --app /usr/share/flakes/bin/core \ --attach \ --opt '\--privileged' \ --opt '\--net host' \ --opt '\-ti' umount /mnt/proc # umount storage umount /mnt/var/lib/containers/storage # Create grub early boot script uuid=$(readlink /mnt/boot/uuid) cat >/mnt/boot/efi/EFI/BOOT/earlyboot.cfg <<-EOF search --file --set=root ${uuid} set rootdev=PARTUUID=${root_partuuid} export rootdev set prefix=(\$root)/boot/grub2 configfile (\$root)/boot/grub2/grub.cfg EOF # Rebuild EFI binary efi_arch="arm64-efi" efi_image="bootaa64.efi" if [ "$(uname -m)" = "x86_64" ];then efi_arch="x86_64-efi" efi_image="bootx64.efi" fi grub2-mkimage \ -O "${efi_arch}" \ -o /mnt/boot/efi/EFI/BOOT/"${efi_image}" \ -c /mnt/boot/efi/EFI/BOOT/earlyboot.cfg \ -p /mnt/boot/grub2 \ -d /mnt/usr/share/grub2/"${efi_arch}" \ linux configfile search_fs_file search normal gzio fat font \ minicmd gfxterm gfxmenu all_video squash4 loadenv part_gpt \ part_msdos efi_gop serial test echo # umount ROOT + ESP umount /mnt/boot/efi umount /mnt 0707010000000D000081ED000000000000000000000001663231740000030B000000000000000000000000000000000000001B00000000eos-1714565492.577d465/run#!/bin/bash set -ex if [ ! -d binaries ];then echo "run 'osc getbinaries images_ALP x86_64 -M AB' first..." exit 1 fi if [ ! -e binaries/mysdcard.raw ];then qemu-img create binaries/mysdcard.raw 4g xz -dc binaries/EOS*.raw.xz |\ dd of=binaries/mysdcard.raw conv=notrunc status=progress fi if [ ! -e binaries/registry.raw ];then qemu-img create binaries/registry.raw 20g fi qemu-kvm \ -m 4096 \ -cpu host \ -smp 2 \ -display none \ -bios /usr/share/qemu/ovmf-x86_64.bin \ -netdev user,id=user0,hostfwd=tcp::10022-:22 \ -device virtio-net-pci,netdev=user0,mac=52:54:00:6a:40:f8 \ -serial stdio \ -drive file=binaries/mysdcard.raw,if=virtio,format=raw \ -drive file=binaries/registry.raw,if=virtio,format=raw 07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000B00000000TRAILER!!!65 blocks
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor