diff options
Diffstat (limited to 'release/tools')
| -rw-r--r-- | release/tools/azure.conf | 35 | ||||
| -rw-r--r-- | release/tools/basic-ci.conf | 2 | ||||
| -rw-r--r-- | release/tools/basic-cloudinit.conf | 2 | ||||
| -rw-r--r-- | release/tools/ec2-base.conf | 5 | ||||
| -rw-r--r-- | release/tools/ec2-builder.conf | 20 | ||||
| -rw-r--r-- | release/tools/ec2-cloud-init.conf | 1 | ||||
| -rw-r--r-- | release/tools/ec2-small.conf | 16 | ||||
| -rw-r--r-- | release/tools/ec2.conf | 33 | ||||
| -rw-r--r-- | release/tools/gce.conf | 19 | ||||
| -rw-r--r-- | release/tools/oci-image-notoolchain.conf | 25 | ||||
| -rw-r--r-- | release/tools/oci-image-runtime.conf | 4 | ||||
| -rw-r--r-- | release/tools/oci-image-toolchain.conf | 11 | ||||
| -rw-r--r-- | release/tools/openstack.conf | 1 | ||||
| -rw-r--r-- | release/tools/oracle.conf | 7 | ||||
| -rw-r--r-- | release/tools/vagrant.conf | 32 | ||||
| -rw-r--r-- | release/tools/vmimage.subr | 158 |
16 files changed, 279 insertions, 92 deletions
diff --git a/release/tools/azure.conf b/release/tools/azure.conf index 519ab13fe432..7975e1db0822 100644 --- a/release/tools/azure.conf +++ b/release/tools/azure.conf @@ -19,19 +19,25 @@ export NOSWAP=YES export VM_BOOTPARTSOFFSET=1M vm_extra_pre_umount() { - mount -t devfs devfs ${DESTDIR}/dev - - # The firstboot_pkgs rc.d script will download the repository - # catalogue and install or update pkg when the instance first - # launches, so these files would just be replaced anyway; removing - # them from the image allows it to boot faster. - chroot ${DESTDIR} ${EMULATOR} env ASSUME_ALWAYS_YES=yes \ - /usr/sbin/pkg delete -f -y pkg - rm -r ${DESTDIR}/var/db/pkg/repos/FreeBSD - - chroot ${DESTDIR} ${EMULATOR} pw usermod root -h - - - umount ${DESTDIR}/dev + # Remove the pkg package and repo databases as they will likely + # be out of date by the time the image is used. In unprivileged + # builds this is unnecessary as pkg will not be installed to + # begin with. + if [ -z "${NO_ROOT}" ]; then + mount -t devfs devfs ${DESTDIR}/dev + + # The firstboot_pkgs rc.d script will download the repository + # catalogue and install or update pkg when the instance first + # launches, so these files would just be replaced anyway; removing + # them from the image allows it to boot faster. + chroot ${DESTDIR} ${EMULATOR} env ASSUME_ALWAYS_YES=yes \ + /usr/sbin/pkg delete -f -y pkg + umount ${DESTDIR}/dev + rm -r ${DESTDIR}/var/db/pkg/repos/FreeBSD-ports + rm -r ${DESTDIR}/var/db/pkg/repos/FreeBSD-ports-kmods + fi + + pw -R ${DESTDIR} usermod root -h - cat << EOF >> ${DESTDIR}/etc/rc.conf ifconfig_hn0="SYNCDHCP" @@ -50,8 +56,7 @@ boot_serial="YES" mlx4en_load="YES" mlx5en_load="YES" EOF - - touch ${DESTDIR}/firstboot + metalog_add_data ./boot/loader.conf return 0 } diff --git a/release/tools/basic-ci.conf b/release/tools/basic-ci.conf index 4bcb87aec791..e235c03d39fe 100644 --- a/release/tools/basic-ci.conf +++ b/release/tools/basic-ci.conf @@ -30,7 +30,5 @@ PermitEmptyPasswords yes UsePAM no EOF - touch_firstboot - return 0 } diff --git a/release/tools/basic-cloudinit.conf b/release/tools/basic-cloudinit.conf index 7088c0a5f72a..f8554c42f49c 100644 --- a/release/tools/basic-cloudinit.conf +++ b/release/tools/basic-cloudinit.conf @@ -34,7 +34,5 @@ PasswordAuthentication yes UsePAM no EOF - touch ${DESTDIR}/firstboot - return 0 } diff --git a/release/tools/ec2-base.conf b/release/tools/ec2-base.conf index 3ed20474a4e8..ffe2646240a5 100644 --- a/release/tools/ec2-base.conf +++ b/release/tools/ec2-base.conf @@ -28,6 +28,7 @@ vm_extra_pre_umount() { # be "new" disks; there is no "previous boot" when they might have # been seen and used already. touch ${DESTDIR}/var/db/ec2_ephemeral_diskseen + metalog_add_data ./var/db/ec2_ephemeral_diskseen # Configuration common to all EC2 AMIs ec2_common @@ -35,5 +36,9 @@ vm_extra_pre_umount() { # Standard FreeBSD network configuration ec2_base_networking + # Add files from packages which weren't recorded in metalog + metalog_add_data ./usr/local/etc/dhclient.conf + metalog_add_data ./usr/local/etc/ssl/cert.pem + return 0 } diff --git a/release/tools/ec2-builder.conf b/release/tools/ec2-builder.conf index 7927fc13a74d..3b0344f9eb9a 100644 --- a/release/tools/ec2-builder.conf +++ b/release/tools/ec2-builder.conf @@ -7,9 +7,17 @@ export VMSIZE=8000m # Flags to installworld/kernel: We don't want debug symbols (kernel or -# userland), 32-bit libraries, tests, or the debugger. +# userland), 32-bit libraries, or tests. export INSTALLOPTS="WITHOUT_DEBUG_FILES=YES WITHOUT_KERNEL_SYMBOLS=YES \ - WITHOUT_LIB32=YES WITHOUT_TESTS=YES WITHOUT_LLDB=YES" + WITHOUT_LIB32=YES WITHOUT_TESTS=YES" + +# Equivalent to INSTALLOPTS for pkgbase +vm_extra_filter_base_packages() { + grep -v \ + -e '.*-dbg$' \ + -e '.*-lib32$' \ + -e '^FreeBSD-set-tests' +} # Packages to install into the image we're creating. In addition to packages # present on all EC2 AMIs, we install: @@ -28,6 +36,7 @@ vm_extra_pre_umount() { # be "new" disks; there is no "previous boot" when they might have # been seen and used already. touch ${DESTDIR}/var/db/ec2_ephemeral_diskseen + metalog_add_data ./var/db/ec2_ephemeral_diskseen # Configuration common to all EC2 AMIs ec2_common @@ -37,21 +46,28 @@ vm_extra_pre_umount() { # Grab a copy of the ec2-base disk image, and compress it zstd < ${EC2BASEIMG} > ${DESTDIR}/image.zst + metalog_add_data ./image.zst # Disable fortune so we don't have extra noise at login chmod a-x ${DESTDIR}/usr/bin/fortune # Install the AMI-building script install -m 755 ${WORLDDIR}/release/tools/mkami.sh ${DESTDIR}/bin/mkami + metalog_add_data ./bin/mkami 0755 # Install an /etc/rc which juggles disks around for us install -m 755 ${WORLDDIR}/release/tools/rc.amibuilder ${DESTDIR}/etc + metalog_add_data ./etc/rc.amibuilder 0755 # We want to mount from the UFS disk and juggle disks first cat >> ${DESTDIR}/boot/loader.conf <<-EOF vfs.root.mountfrom="ufs:/dev/gpt/rootfs" init_script="/etc/rc.amibuilder" EOF + metalog_add_data ./boot/loader.conf + + # Add files from packages which weren't recorded in metalog + metalog_add_data ./usr/local/etc/dhclient.conf return 0 } diff --git a/release/tools/ec2-cloud-init.conf b/release/tools/ec2-cloud-init.conf index 048202e252f6..2a15ae5c57d8 100644 --- a/release/tools/ec2-cloud-init.conf +++ b/release/tools/ec2-cloud-init.conf @@ -27,6 +27,7 @@ vm_extra_pre_umount() { doas: - permit nopass ec2-user EOF + metalog_add_data ./usr/local/etc/cloud/cloud.cfg.d/98_ec2.cfg return 0 } diff --git a/release/tools/ec2-small.conf b/release/tools/ec2-small.conf index 858836717f5a..6564a59c2cf6 100644 --- a/release/tools/ec2-small.conf +++ b/release/tools/ec2-small.conf @@ -10,9 +10,17 @@ export VMSIZE=5000m # Flags to installworld/kernel: We don't want debug symbols (kernel or -# userland), 32-bit libraries, tests, or the debugger. +# userland), 32-bit libraries, or tests. export INSTALLOPTS="WITHOUT_DEBUG_FILES=YES WITHOUT_KERNEL_SYMBOLS=YES \ - WITHOUT_LIB32=YES WITHOUT_TESTS=YES WITHOUT_LLDB=YES" + WITHOUT_LIB32=YES WITHOUT_TESTS=YES" + +# Equivalent to INSTALLOPTS for pkgbase +vm_extra_filter_base_packages() { + grep -v \ + -e '.*-dbg$' \ + -e '.*-lib32$' \ + -e '^FreeBSD-set-tests' +} # Packages to install into the image we're creating. In addition to packages # present on all EC2 AMIs, we install: @@ -33,6 +41,7 @@ vm_extra_pre_umount() { # be "new" disks; there is no "previous boot" when they might have # been seen and used already. touch ${DESTDIR}/var/db/ec2_ephemeral_diskseen + metalog_add_data ./var/db/ec2_ephemeral_diskseen # Configuration common to all EC2 AMIs ec2_common @@ -40,5 +49,8 @@ vm_extra_pre_umount() { # Standard FreeBSD network configuration ec2_base_networking + # Add files from packages which weren't recorded in metalog + metalog_add_data ./usr/local/etc/dhclient.conf + return 0 } diff --git a/release/tools/ec2.conf b/release/tools/ec2.conf index ef7a603efea9..335db6cca93a 100644 --- a/release/tools/ec2.conf +++ b/release/tools/ec2.conf @@ -22,16 +22,27 @@ export NOSWAP=YES ec2_common() { # Delete the pkg package and the repo database; they will likely be - # long out of date before the EC2 instance is launched. - mount -t devfs devfs ${DESTDIR}/dev - chroot ${DESTDIR} ${EMULATOR} env ASSUME_ALWAYS_YES=yes \ - /usr/sbin/pkg delete -f -y pkg - umount ${DESTDIR}/dev - rm -r ${DESTDIR}/var/db/pkg/repos/FreeBSD + # long out of date before the EC2 instance is launched. In + # unprivileged builds this is unnecessary as pkg will not be + # installed to begin with. + if [ -z "${NO_ROOT}" ]; then + mount -t devfs devfs ${DESTDIR}/dev + chroot ${DESTDIR} ${EMULATOR} env ASSUME_ALWAYS_YES=yes \ + /usr/sbin/pkg delete -f -y pkg + umount ${DESTDIR}/dev + rm -r ${DESTDIR}/var/db/pkg/repos/FreeBSD-ports + rm -r ${DESTDIR}/var/db/pkg/repos/FreeBSD-ports-kmods + fi # Turn off IPv6 Duplicate Address Detection; the EC2 networking # configuration makes it unnecessary. echo 'net.inet6.ip6.dad_count=0' >> ${DESTDIR}/etc/sysctl.conf + metalog_add_data ./etc/sysctl.conf + + # Tell gptboot not to wait 3 seconds for a keypress which will + # never arrive. + printf -- "-n\n" > ${DESTDIR}/boot.config + metalog_add_data ./boot.config # Booting quickly is more important than giving users a chance to # access the boot loader via the serial port. @@ -42,10 +53,6 @@ ec2_common() { # default 2048 bytes of entropy; ask for 64 bytes instead. echo 'entropy_efi_seed_size="64"' >> ${DESTDIR}/boot/loader.conf - # Tell gptboot not to wait 3 seconds for a keypress which will - # never arrive. - printf -- "-n\n" > ${DESTDIR}/boot.config - # The emulated keyboard attached to EC2 instances is inaccessible to # users, and there is no mouse attached at all; disable to keyboard # and the keyboard controller (to which the mouse would attach, if @@ -92,6 +99,7 @@ ec2_common() { # by pressing the "Attention button" a second time, but in the EC2 # environment this delay serves no purpose. echo 'hw.pci.pcie_hp_detach_timeout="0"' >> ${DESTDIR}/boot/loader.conf + metalog_add_data ./boot/loader.conf # Disable KbdInteractiveAuthentication according to EC2 requirements. sed -i '' -e \ @@ -126,9 +134,7 @@ REGION=`fetch -qo- http://169.254.169.254/latest/meta-data/placement/availabilit echo "-nfsv4,minorversion=1,oneopenown ${FS}.efs.${REGION}.amazonaws.com:/" EOF chmod 755 ${DESTDIR}/etc/autofs/special_efs - - # The first time the AMI boots, run "first boot" scripts. - touch ${DESTDIR}/firstboot + metalog_add_data ./etc/autofs/special_efs 0755 return 0 } @@ -156,6 +162,7 @@ ec2_base_networking () { /usr/local/sbin/dhclient -6 -nw -N -cf /dev/null $1 EOF chmod 755 ${DESTDIR}/usr/local/libexec/rtsold-M + metalog_add_data ./usr/local/libexec/rtsold-M 0755 return 0 } diff --git a/release/tools/gce.conf b/release/tools/gce.conf index 382a839786f3..a7ccfc27a75c 100644 --- a/release/tools/gce.conf +++ b/release/tools/gce.conf @@ -21,6 +21,7 @@ vm_extra_install_base() { echo 'search google.internal' > ${DESTDIR}/etc/resolv.conf echo 'nameserver 169.254.169.254' >> ${DESTDIR}/etc/resolv.conf echo 'nameserver 8.8.8.8' >> ${DESTDIR}/etc/resolv.conf + metalog_add ./etc/resolv.conf } vm_extra_pre_umount() { @@ -94,33 +95,24 @@ EOF # ports.txz distributions to the target virtual machine disk image # and fetch the sources for the third-party software installed on # the image. - if [ ! -c "${DESTDIR}/dev/null" ]; then - DEVFSISOURS=1 - mkdir -p ${DESTDIR}/dev - mount -t devfs devfs ${DESTDIR}/dev - fi if [ -e "${DESTDIR}/../ftp/src.txz" ]; then tar fxJ ${DESTDIR}/../ftp/src.txz -C ${DESTDIR} fi if [ -e "${DESTDIR}/../ftp/ports.txz" ]; then tar fxJ ${DESTDIR}/../ftp/ports.txz -C ${DESTDIR} - _INSTALLED_PACKAGES=$(chroot ${DESTDIR} pkg info -o -q -a) + _INSTALLED_PACKAGES=$(pkg -r ${DESTDIR} info -o -q -a) for PACKAGE in ${_INSTALLED_PACKAGES}; do - chroot ${DESTDIR} \ - make -C /usr/ports/${PACKAGE} fetch + make -C ${DESTDIR}/usr/ports/${PACKAGE} fetch \ + DISTDIR=${DESTDIR}/usr/ports/distfiles + done fi - if [ "$DEVFSISOURS" = "1" ]; then - umount_loop ${DESTDIR}/dev - fi ## XXX: Verify this is needed. I do not see this requirement ## in the docs, and it impairs the ability to boot-test a copy ## of the image prior to packaging for upload to GCE. #sed -E -i '' 's/^([^#].*[[:space:]])on/\1off/' ${DESTDIR}/etc/ttys - touch ${DESTDIR}/firstboot - return 0 } @@ -130,6 +122,5 @@ vm_emulation_cleanup() { if [ -n "${QEMUSTATIC}" ]; then rm -f ${DESTDIR}/${EMULATOR} fi - umount_loop ${DESTDIR}/dev return 0 } diff --git a/release/tools/oci-image-notoolchain.conf b/release/tools/oci-image-notoolchain.conf new file mode 100644 index 000000000000..72a62657fa76 --- /dev/null +++ b/release/tools/oci-image-notoolchain.conf @@ -0,0 +1,25 @@ +#! /bin/sh + +# Build OCI container image with almost all packages suitable for jails, +# excluding toolchain. + +OCI_BASE_IMAGE=runtime + +oci_image_build() { + set_cmd ${workdir} /bin/sh + install_packages ${abi} ${workdir} \ + FreeBSD-bmake \ + FreeBSD-dma \ + FreeBSD-inetd \ + FreeBSD-ipf \ + FreeBSD-ipfw \ + FreeBSD-natd \ + FreeBSD-netmap \ + FreeBSD-pf \ + FreeBSD-ssh \ + FreeBSD-telnet \ + FreeBSD-xz \ + FreeBSD-zfs \ + FreeBSD-set-minimal-jail +} + diff --git a/release/tools/oci-image-runtime.conf b/release/tools/oci-image-runtime.conf index 93aad1e39250..db99e5640040 100644 --- a/release/tools/oci-image-runtime.conf +++ b/release/tools/oci-image-runtime.conf @@ -9,6 +9,10 @@ OCI_BASE_IMAGE=dynamic oci_image_build() { set_cmd ${workdir} /bin/sh + # The static image installed termcap.small into /usr/share/misc/termcap + # and we are replacing it with the full termcap file. We remove the + # small one first to avoid creating a .pkgsave file. + rm ${workdir}/rootfs/usr/share/misc/termcap install_packages ${abi} ${workdir} \ FreeBSD-runtime \ FreeBSD-certctl \ diff --git a/release/tools/oci-image-toolchain.conf b/release/tools/oci-image-toolchain.conf new file mode 100644 index 000000000000..984fb3fbfbfe --- /dev/null +++ b/release/tools/oci-image-toolchain.conf @@ -0,0 +1,11 @@ +#! /bin/sh + +# Build OCI container images with almost all packages for running and building FreeBSD. + +OCI_BASE_IMAGE=notoolchain + +oci_image_build() { + set_cmd ${workdir} /bin/sh + install_packages ${abi} ${workdir} \ + FreeBSD-set-devel +} diff --git a/release/tools/openstack.conf b/release/tools/openstack.conf index 05d2d13bbb39..b73734a4fd04 100644 --- a/release/tools/openstack.conf +++ b/release/tools/openstack.conf @@ -47,6 +47,5 @@ vm_extra_pre_umount() { echo 'debug.debugger_on_panic=0' >> ${DESTDIR}/etc/sysctl.conf echo 'kern.panic_reboot_wait_time=0' >> ${DESTDIR}/etc/sysctl.conf - touch ${DESTDIR}/firstboot return 0 } diff --git a/release/tools/oracle.conf b/release/tools/oracle.conf index 8a4206c05623..ebda3b3d6e61 100644 --- a/release/tools/oracle.conf +++ b/release/tools/oracle.conf @@ -17,7 +17,6 @@ export VM_EXTRA_PACKAGES=" net/py-netifaces net/py-oauth net/rsync - panicmail security/ca_root_nss security/sudo@default sysutils/firstboot-freebsd-update @@ -56,6 +55,7 @@ EOF xz_load="YES" zfs_load="YES" EOF + metalog_add_data ./boot/loader.conf cat <<-'EOF' >> ${DESTDIR}/etc/ssh/sshd_config # S11 Configure the SSH service to prevent password-based login @@ -83,12 +83,11 @@ EOF network: renderers: ['freebsd'] EOF + metalog_add_data ./usr/local/etc/cloud/cloud.cfg.d/98_oracle.cfg # Use Oracle Cloud Infrastructure NTP server sed -i '' -E -e 's/^pool.*iburst/server 169.254.169.254 iburst/' \ - ${DESTDIR}/etc/ntp.conf - - touch ${DESTDIR}/firstboot + ${DESTDIR}/etc/ntp.conf return 0 } diff --git a/release/tools/vagrant.conf b/release/tools/vagrant.conf index c212af7d012e..5b0f38b740a6 100644 --- a/release/tools/vagrant.conf +++ b/release/tools/vagrant.conf @@ -14,13 +14,16 @@ export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} shells/bash \ export VM_RC_LIST="firstboot_freebsd_update firstboot_pkgs growfs" vagrant_common () { - # The firstboot_pkgs rc.d script will download the repository - # catalogue and install or update pkg when the instance first - # launches, so these files would just be replaced anyway; removing - # them from the image allows it to boot faster. - env ASSUME_ALWAYS_YES=yes pkg -c ${DESTDIR} clean -y -a - env ASSUME_ALWAYS_YES=yes pkg -c ${DESTDIR} delete -f -y pkg - rm -r ${DESTDIR}/var/db/pkg/repos/FreeBSD + if [ -z "${NO_ROOT}" ]; then + # The firstboot_pkgs rc.d script will download the repository + # catalogue and install or update pkg when the instance first + # launches, so these files would just be replaced anyway; + # removing them from the image allows it to boot faster. + pkg -c ${DESTDIR} clean -y -a + pkg -c ${DESTDIR} delete -f -y pkg + rm -r ${DESTDIR}/var/db/pkg/repos/FreeBSD-ports + rm -r ${DESTDIR}/var/db/pkg/repos/FreeBSD-ports-kmods + fi # Vagrant instances use DHCP to get their network configuration. echo 'ifconfig_DEFAULT="SYNCDHCP"' >> ${DESTDIR}/etc/rc.conf @@ -39,27 +42,29 @@ vagrant_common () { # Create the vagrant user with a password of vagrant /usr/sbin/pw -R ${DESTDIR} \ groupadd vagrant -g 1001 - chroot ${DESTDIR} mkdir -p /home/vagrant - /usr/sbin/pw -R ${DESTDIR} \ + /usr/sbin/pw -R ${DESTDIR} -M ${DESTDIR}/METALOG \ useradd vagrant \ -m -M 0755 -w yes -n vagrant -u 1001 -g 1001 -G 0 \ -c 'Vagrant User' -d '/home/vagrant' -s '/bin/csh' # Change root's password to vagrant - echo 'vagrant' | /usr/sbin/pw -R ${DESTDIR} \ - usermod root -h 0 + echo 'vagrant' | /usr/sbin/pw -R ${DESTDIR} usermod root -h 0 # Configure sudo to allow the vagrant user echo 'vagrant ALL=(ALL:ALL) NOPASSWD: ALL' >> ${DESTDIR}/usr/local/etc/sudoers # Configure the vagrant ssh keys mkdir ${DESTDIR}/home/vagrant/.ssh - chmod 700 ${DESTDIR}/home/vagrant/.ssh + echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" > ${DESTDIR}/home/vagrant/.ssh/authorized_keys echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN1YdxBpNlzxDqfJyw/QKow1F+wvG9hXGoqiysfJOn5Y vagrant insecure public key" >> ${DESTDIR}/home/vagrant/.ssh/authorized_keys - chown -R 1001 ${DESTDIR}/home/vagrant/.ssh chmod 600 ${DESTDIR}/home/vagrant/.ssh/authorized_keys + chmod 700 ${DESTDIR}/home/vagrant/.ssh + chown -R 1001 ${DESTDIR}/home/vagrant/.ssh + echo "./home/vagrant/.ssh type=dir uid=1001 gid=1001 mode=0700" >> ${DESTDIR}/METALOG + echo "./home/vagrant/.ssh/authorized_keys type=file uid=1001 gid=1001 mode=0600" >> ${DESTDIR}/METALOG + # Reboot quickly, Don't wait at the panic screen echo 'debug.trace_on_panic=1' >> ${DESTDIR}/etc/sysctl.conf echo 'debug.debugger_on_panic=0' >> ${DESTDIR}/etc/sysctl.conf @@ -67,6 +72,7 @@ vagrant_common () { # The console is not interactive, so we might as well boot quickly. echo 'autoboot_delay="-1"' >> ${DESTDIR}/boot/loader.conf + metalog_add_data ./boot/loader.conf # The first time the VM boots, the installed "first boot" scripts # should be allowed to run: diff --git a/release/tools/vmimage.subr b/release/tools/vmimage.subr index 156987e33457..3bfef585f613 100644 --- a/release/tools/vmimage.subr +++ b/release/tools/vmimage.subr @@ -39,8 +39,21 @@ cleanup() { } metalog_add_data() { + local file mode type + if [ -n "${NO_ROOT}" ]; then - echo "$1 type=file uname=root gname=wheel mode=0644" >> \ + file=$1 + if [ -f ${DESTDIR}/${file} ]; then + type=file + mode=${2:-0644} + elif [ -d ${DESTDIR}/${file} ]; then + type=dir + mode=${2:-0755} + else + echo "metalog_add_data: ${file} not found" >&2 + return 1 + fi + echo "${file} type=${type} uname=root gname=wheel mode=${mode}" >> \ ${DESTDIR}/METALOG fi } @@ -57,13 +70,48 @@ vm_copy_base() { return 0 } +vm_base_packages_list() { + # Output a list of package sets equivalent to what we get from + # "installworld installkernel distribution", aka. the full base + # system. + for S in base kernels; do + echo FreeBSD-set-$S + echo FreeBSD-set-$S-dbg + done + case ${TARGET_ARCH} in + amd64 | aarch64 | powerpc64) + echo FreeBSD-set-lib32 + echo FreeBSD-set-lib32-dbg + esac + echo FreeBSD-set-tests +} + +vm_extra_filter_base_packages() { + # Prototype. When overridden, allows further filtering of base system + # packages, reading package names from stdin and writing to stdout. + cat +} + vm_install_base() { # Installs the FreeBSD userland/kernel to the virtual machine disk. - cd ${WORLDDIR} && \ - make DESTDIR=${DESTDIR} ${INSTALLOPTS} \ - installworld installkernel distribution || \ - err "\n\nCannot install the base system to ${DESTDIR}." + if [ -z "${NOPKGBASE}" ]; then + local pkg_cmd + pkg_cmd="${PKG_CMD} --rootdir ${DESTDIR} --repo-conf-dir ${PKGBASE_REPO_DIR} + -o ASSUME_ALWAYS_YES=yes -o IGNORE_OSVERSION=yes + -o ABI=${PKG_ABI} -o INSTALL_AS_USER=yes " + if [ -n "${NO_ROOT}" ]; then + pkg_cmd="$pkg_cmd -o METALOG=METALOG" + fi + $pkg_cmd update + selected=$(vm_base_packages_list | vm_extra_filter_base_packages) + $pkg_cmd install -U -r FreeBSD-base $selected + else + cd ${WORLDDIR} && \ + make DESTDIR=${DESTDIR} ${INSTALLOPTS} \ + installworld installkernel distribution || \ + err "\n\nCannot install the base system to ${DESTDIR}." + fi # Bootstrap etcupdate(8) database. mkdir -p ${DESTDIR}/var/db/etcupdate @@ -82,7 +130,7 @@ vm_install_base() { echo '# Custom /etc/fstab for FreeBSD VM images' \ > ${DESTDIR}/etc/fstab if [ "${VMFS}" != zfs ]; then - echo "/dev/${ROOTLABEL}/rootfs / ${VMFS} rw 1 1" \ + echo "/dev/${ROOTLABEL}/rootfs / ${VMFS} rw,noatime 1 1" \ >> ${DESTDIR}/etc/fstab fi if [ -z "${NOSWAP}" ]; then @@ -144,26 +192,39 @@ vm_extra_enable_services() { ${DESTDIR}/etc/rc.conf # Expand the filesystem to fill the disk. echo 'growfs_enable="YES"' >> ${DESTDIR}/etc/rc.conf - touch ${DESTDIR}/firstboot fi return 0 } vm_extra_install_packages() { - if [ -n "${WITHOUT_QEMU}" ]; then - return 0 - fi - if [ -z "${VM_EXTRA_PACKAGES}" ]; then return 0 fi - chroot ${DESTDIR} ${EMULATOR} env ASSUME_ALWAYS_YES=yes \ - /usr/sbin/pkg bootstrap -y - for p in ${VM_EXTRA_PACKAGES}; do + if [ -n "${NO_ROOT}" ]; then + for pkg in ${VM_EXTRA_PACKAGES}; do + INSTALL_AS_USER=yes \ + ${PKG_CMD} \ + -o ABI=${PKG_ABI} \ + -o METALOG=${DESTDIR}/METALOG.pkg \ + -o REPOS_DIR=${PKG_REPOS_DIR} \ + -o PKG_DBDIR=${DESTDIR}/var/db/pkg \ + -r ${DESTDIR} \ + install -y -r ${PKG_REPO_NAME} $pkg + done + metalog_add_data ./var/db/pkg/local.sqlite + else + if [ -n "${WITHOUT_QEMU}" ]; then + return 0 + fi + chroot ${DESTDIR} ${EMULATOR} env ASSUME_ALWAYS_YES=yes \ - /usr/sbin/pkg install -y ${p} - done + /usr/sbin/pkg bootstrap -y + for p in ${VM_EXTRA_PACKAGES}; do + chroot ${DESTDIR} ${EMULATOR} env ASSUME_ALWAYS_YES=yes \ + /usr/sbin/pkg install -y ${p} + done + fi return 0 } @@ -196,9 +257,17 @@ vm_emulation_cleanup() { } vm_extra_pkg_rmcache() { - if [ -e ${DESTDIR}/usr/local/sbin/pkg ]; then - chroot ${DESTDIR} ${EMULATOR} env ASSUME_ALWAYS_YES=yes \ - /usr/local/sbin/pkg clean -y -a + if [ -n "${NO_ROOT}" ]; then + ${PKG_CMD} \ + -o ASSUME_ALWAYS_YES=yes \ + -o INSTALL_AS_USER=yes \ + -r ${DESTDIR} \ + clean -y -a + else + if [ -e ${DESTDIR}/usr/local/sbin/pkg ]; then + chroot ${DESTDIR} ${EMULATOR} env ASSUME_ALWAYS_YES=yes \ + /usr/local/sbin/pkg clean -y -a + fi fi return 0 @@ -207,6 +276,47 @@ vm_extra_pkg_rmcache() { buildfs() { local md tmppool + if [ -f ${DESTDIR}/METALOG.pkg ]; then + cat ${DESTDIR}/METALOG.pkg >> ${DESTDIR}/METALOG + fi + + if [ -n "${NO_ROOT}" ]; then + # Check for any directories in the staging tree which weren't + # recorded in METALOG, and record them now. This is a quick hack + # to avoid creating unusable VM images and should go away once + # the bugs which produce such unlogged directories are gone. + grep type=dir ${DESTDIR}/METALOG | + cut -f 1 -d ' ' | + sort -u > ${DESTDIR}/METALOG.dirs + ( cd ${DESTDIR} && find . -type d ) | + sort | + comm -23 - ${DESTDIR}/METALOG.dirs > ${DESTDIR}/METALOG.missingdirs + if [ -s ${DESTDIR}/METALOG.missingdirs ]; then + echo "WARNING: Directories exist but were not in METALOG" + cat ${DESTDIR}/METALOG.missingdirs + fi + while read DIR; do + metalog_add_data ${DIR} + done < ${DESTDIR}/METALOG.missingdirs + + if [ -z "${NOPKGBASE}" ]; then + # Add some database files which are created by pkg triggers; + # at some point in the future the tools which create these + # files should probably learn how to record them in METALOG + # (which would simplify no-root installworld as well). + metalog_add_data ./etc/login.conf.db + metalog_add_data ./etc/passwd + metalog_add_data ./etc/pwd.db + metalog_add_data ./etc/spwd.db 600 + metalog_add_data ./var/db/services.db + fi + + # Sort METALOG file; makefs produces directories with 000 permissions + # if their contents are seen before the directories themselves. + env -i LC_COLLATE=C sort -u ${DESTDIR}/METALOG > ${DESTDIR}/METALOG.sorted + mv ${DESTDIR}/METALOG.sorted ${DESTDIR}/METALOG + fi + case "${VMFS}" in ufs) cd ${DESTDIR} && ${MAKEFS} ${MAKEFSARGS} -o label=rootfs -o version=2 -o softupdates=1 \ @@ -338,6 +448,11 @@ vm_create_disk() { >> ${DESTDIR}/etc/fstab fi + # Add a marker file which indicates that this image has never + # been booted. Some services run only upon the first boot. + touch ${DESTDIR}/firstboot + metalog_add_data ./firstboot + echo "Building filesystem... Please wait." buildfs @@ -362,8 +477,3 @@ vm_extra_create_disk() { return 0 } - -touch_firstboot() { - touch ${DESTDIR}/firstboot - metalog_add_data ./firstboot -} |