blob: 5ad83bcded536d08bf942e790bc97fb2dc2724b3 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
#!/bin/sh
#
#
# The default of 3GB is too small for GCE, so override the size here.
export VMSIZE=20g
# Set to a list of packages to install.
export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} firstboot-freebsd-update \
firstboot-pkgs google-cloud-sdk panicmail sudo \
sysutils/py-google-compute-engine lang/python \
lang/python3"
# Set to a list of third-party software to enable in rc.conf(5).
export VM_RC_LIST="ntpd sshd growfs \
firstboot_pkgs firstboot_freebsd_update google_startup \
google_accounts_daemon google_clock_skew_daemon \
google_instance_setup google_network_daemon"
vm_extra_install_base() {
echo 'search google.internal' > ${DESTDIR}/etc/resolv.conf
echo 'nameserver 169.254.169.254' >> ${DESTDIR}/etc/resolv.conf
echo 'nameserver 8.8.8.8' >> ${DESTDIR}/etc/resolv.conf
}
vm_extra_pre_umount() {
# Enable growfs on every boot, not only the first, as as instance's disk can
# be enlarged post-creation
sed -i -e '/KEYWORD: firstboot/d' /etc/rc.d/growfs
cat << EOF >> ${DESTDIR}/etc/rc.conf
dumpdev="AUTO"
ifconfig_DEFAULT="SYNCDHCP mtu 1460"
ntpd_sync_on_start="YES"
# need to fill in something here
#firstboot_pkgs_list=""
panicmail_autosubmit="YES"
EOF
cat << EOF >> ${DESTDIR}/boot/loader.conf
autoboot_delay="-1"
beastie_disable="YES"
loader_logo="none"
hw.memtest.tests="0"
console="comconsole,vidconsole"
hw.vtnet.mq_disable=1
kern.timecounter.hardware=ACPI-safe
aesni_load="YES"
nvme_load="YES"
EOF
echo '169.254.169.254 metadata.google.internal metadata' >> \
${DESTDIR}/etc/hosts
# overwrite ntp.conf
cat << EOF > ${DESTDIR}/etc/ntp.conf
server metadata.google.internal iburst
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 ::1
restrict 127.127.1.0
EOF
cat << EOF >> ${DESTDIR}/etc/syslog.conf
*.err;kern.warning;auth.notice;mail.crit /dev/console
EOF
cat << EOF >> ${DESTDIR}/etc/ssh/sshd_config
KbdInteractiveAuthentication no
X11Forwarding no
AcceptEnv LANG
AllowAgentForwarding no
ClientAliveInterval 420
EOF
cat << EOF >> ${DESTDIR}/etc/crontab
0 3 * * * root /usr/sbin/freebsd-update cron
EOF
cat << EOF >> ${DESTDIR}/etc/sysctl.conf
net.inet.icmp.drop_redirect=1
net.inet.ip.redirect=0
kern.ipc.soacceptqueue=1024
debug.trace_on_panic=1
debug.debugger_on_panic=0
EOF
# To meet GCE marketplace requirements, extract the src.txz and
# ports.txz distributions to the target virtual machine disk image
# and fetch the sources for the third-party software installed on
# the image.
if [ ! -c "${DESTDIR}/dev/null" ]; then
mkdir -p ${DESTDIR}/dev
mount -t devfs devfs ${DESTDIR}/dev
fi
if [ -e "${DESTDIR}/../ftp/src.txz" ]; then
tar fxJ ${DESTDIR}/../ftp/src.txz -C ${DESTDIR}
fi
if [ -e "${DESTDIR}/../ftp/ports.txz" ]; then
tar fxJ ${DESTDIR}/../ftp/ports.txz -C ${DESTDIR}
_INSTALLED_PACKAGES=$(chroot ${DESTDIR} pkg info -o -q -a)
for PACKAGE in ${_INSTALLED_PACKAGES}; do
chroot ${DESTDIR} \
make -C /usr/ports/${PACKAGE} fetch
done
fi
if [ -c "${DESTDIR}/dev/null" ]; then
umount_loop ${DESTDIR}/dev
fi
## XXX: Verify this is needed. I do not see this requirement
## in the docs, and it impairs the ability to boot-test a copy
## of the image prior to packaging for upload to GCE.
#sed -E -i '' 's/^([^#].*[[:space:]])on/\1off/' ${DESTDIR}/etc/ttys
touch ${DESTDIR}/firstboot
return 0
}
# Do everything except deleting resolv.conf since we construct our own
# Googlized resolv.conf file in vm_extra_install_base.
vm_emulation_cleanup() {
if ! [ -z "${QEMUSTATIC}" ]; then
rm -f ${DESTDIR}/${EMULATOR}
fi
umount_loop ${DESTDIR}/dev
return 0
}
|