HardenedBSD/release/tools/oci-image-static.conf

#! /bin/sh

# Build Open Container Initiative (OCI) container image suitable as a base for
# static-linked workloads. This contains mtree directories, SSL certificates and
# a few other config files.

OCI_BASE_IMAGE=

oci_image_build() {
	mtree -deU -p $m/ -f /etc/mtree/BSD.root.dist > /dev/null
	mtree -deU -p $m/var -f /etc/mtree/BSD.var.dist > /dev/null
	mtree -deU -p $m/usr -f /etc/mtree/BSD.usr.dist > /dev/null
	mtree -deU -p $m/usr/include -f /etc/mtree/BSD.include.dist > /dev/null
	mtree -deU -p $m/usr/lib -f /etc/mtree/BSD.debug.dist > /dev/null
	install_packages ${abi} ${workdir} $m FreeBSD-caroot FreeBSD-zoneinfo
	cp /etc/master.passwd $m/etc
	pwd_mkdb -p -d $m/etc $m/etc/master.passwd || return $?
	cp /etc/group $m/etc || return $?
	cp /etc/termcap.small $m/etc/termcap.small || return $?
	cp /etc/termcap.small $m/usr/share/misc/termcap || return $?
	env DESTDIR=$m /usr/sbin/certctl rehash
	# Generate a suitable repo config for pkgbase
	case ${branch} in
		CURRENT|STABLE|BETA*)
			repo=base_latest
			;;
		*)
			repo=base_release_${minor}
			;;
	esac
	mkdir -p $m/usr/local/etc/pkg/repos
	cat > $m/usr/local/etc/pkg/repos/base.conf <<EOF
FreeBSD-base: {
  url: "https://pkg.FreeBSD.org/\${ABI}/${repo}",
  mirror_type: "srv",
  signature_type: "fingerprints",
  fingerprints: "/usr/share/keys/pkg",
  enabled: yes
}
EOF

}
release: add optional OCI images This adds three OCI archive format files to the release containing FreeBSD base images suitable for static linked, dynamic linked and shell workloads. The shell image also contains pkg-bootstrap and can be easily extended by installing packages (including pkgbase packages). Reviewed by: dch, cpersiva, jlduran, zlei Differential Revision: https://reviews.freebsd.org/D46759 MFC after: 2 days 2024-08-14 17:39:24 +02:00			`#! /bin/sh`

			`# Build Open Container Initiative (OCI) container image suitable as a base for`
			`# static-linked workloads. This contains mtree directories, SSL certificates and`
			`# a few other config files.`

			`OCI_BASE_IMAGE=`

			`oci_image_build() {`
			`mtree -deU -p $m/ -f /etc/mtree/BSD.root.dist > /dev/null`
			`mtree -deU -p $m/var -f /etc/mtree/BSD.var.dist > /dev/null`
			`mtree -deU -p $m/usr -f /etc/mtree/BSD.usr.dist > /dev/null`
			`mtree -deU -p $m/usr/include -f /etc/mtree/BSD.include.dist > /dev/null`
			`mtree -deU -p $m/usr/lib -f /etc/mtree/BSD.debug.dist > /dev/null`
			`install_packages ${abi} ${workdir} $m FreeBSD-caroot FreeBSD-zoneinfo`
			`cp /etc/master.passwd $m/etc`
			`pwd_mkdb -p -d $m/etc $m/etc/master.passwd \|\| return $?`
			`cp /etc/group $m/etc \|\| return $?`
			`cp /etc/termcap.small $m/etc/termcap.small \|\| return $?`
			`cp /etc/termcap.small $m/usr/share/misc/termcap \|\| return $?`
			`env DESTDIR=$m /usr/sbin/certctl rehash`
			`# Generate a suitable repo config for pkgbase`
			`case ${branch} in`
			`CURRENT\|STABLE\|BETA*)`
			`repo=base_latest`
			`;;`
			`*)`
			`repo=base_release_${minor}`
			`;;`
			`esac`
			`mkdir -p $m/usr/local/etc/pkg/repos`
			`cat > $m/usr/local/etc/pkg/repos/base.conf <<EOF`
			`FreeBSD-base: {`
			`url: "https://pkg.FreeBSD.org/\${ABI}/${repo}",`
			`mirror_type: "srv",`
			`signature_type: "fingerprints",`
			`fingerprints: "/usr/share/keys/pkg",`
			`enabled: yes`
			`}`
			`EOF`

			`}`