HardenedBSD/release/tools/vmimage.subr
Glen Barber 4b8175ee8f When building VM disk images, vm_copy_base() uses tar(1) to
copy the userland from one md(4)-mounted filesystem to a clean
filesystem to prevent remnants of files that were added and
removed from resulting in an unclean filesystem.  When newfs(8)
creates the first filesystem with journaled soft-updates enabled,
the /.sujournal file in the new filesystem cannot be overwritten
by the /.sujournal in the original filesystem.

To avoid this particular error case, do not enable journaled
soft-updates when creating the md(4)-backed filesystems, and
instead use tunefs(8) to enable journaled soft-updates after
the new filesystem is populated in vm_copy_base().

While here, fix a long standing bug where the build environment
/boot files were used by mkimg(1) when creating the VM disk
images by using the files in .OBJDIR.

MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2015-04-20 19:54:54 +00:00

226 lines
4.7 KiB
Bash

#!/bin/sh
#
# $FreeBSD$
#
#
# Common functions for virtual machine image build scripts.
#
export PATH="/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
trap "cleanup" INT QUIT TRAP ABRT TERM
write_partition_layout() {
if [ -z "${NOSWAP}" ]; then
SWAPOPT="-p freebsd-swap/swapfs::1G"
fi
_OBJDIR="$(make -C ${WORLDDIR} -V .OBJDIR)"
if [ -d "${_OBJDIR%%/usr/src}/${TARGET}.${TARGET_ARCH}" ]; then
BOOTFILES="${_OBJDIR%%/usr/src}/${TARGET}.${TARGET_ARCH}/usr/src/sys/boot"
else
BOOTFILES="${_OBJDIR}/usr/src/sys/boot"
fi
case "${TARGET}:${TARGET_ARCH}" in
amd64:amd64 | i386:i386)
mkimg -s gpt -b ${BOOTFILES}/i386/pmbr/pmbr \
-p freebsd-boot/bootfs:=${BOOTFILES}/i386/gptboot/gptboot \
${SWAPOPT} \
-p freebsd-ufs/rootfs:=${VMBASE} \
-o ${VMIMAGE}
;;
powerpc:powerpc*)
mkimg -s apm \
-p apple-boot/bootfs:=${BOOTFILES}/powerpc/boot1.chrp/boot1.hfs \
${SWAPOPT} \
-p freebsd-ufs/rootfs:=${VMBASE} \
-o ${VMIMAGE}
;;
*)
# ENOTSUPP
return 1
;;
esac
return 0
}
err() {
printf "${@}\n"
cleanup
return 1
}
cleanup() {
if [ -c "${DESTDIR}/dev/null" ]; then
umount_loop ${DESTDIR}/dev 2>/dev/null
fi
umount_loop ${DESTDIR}
if [ ! -z "${mddev}" ]; then
mdconfig -d -u ${mddev}
fi
return 0
}
vm_create_base() {
# Creates the UFS root filesystem for the virtual machine disk,
# written to the formatted disk image with mkimg(1).
mkdir -p ${DESTDIR}
truncate -s ${VMSIZE} ${VMBASE}
mddev=$(mdconfig -f ${VMBASE})
newfs /dev/${mddev}
mount /dev/${mddev} ${DESTDIR}
return 0
}
vm_copy_base() {
# Creates a new UFS root filesystem and copies the contents of the
# current root filesystem into it. This produces a "clean" disk
# image without any remnants of files which were created temporarily
# during image-creation and have since been deleted (e.g., downloaded
# package archives).
mkdir -p ${DESTDIR}/old
mdold=$(mdconfig -f ${VMBASE})
mount /dev/${mdold} ${DESTDIR}/old
truncate -s ${VMSIZE} ${VMBASE}.tmp
mkdir -p ${DESTDIR}/new
mdnew=$(mdconfig -f ${VMBASE}.tmp)
newfs /dev/${mdnew}
mount /dev/${mdnew} ${DESTDIR}/new
tar -cf- -C ${DESTDIR}/old . | tar -xUf- -C ${DESTDIR}/new
umount_loop /dev/${mdold}
rmdir ${DESTDIR}/old
mdconfig -d -u ${mdold}
umount_loop /dev/${mdnew}
rmdir ${DESTDIR}/new
tunefs -j enable /dev/${mdnew}
mdconfig -d -u ${mdnew}
mv ${VMBASE}.tmp ${VMBASE}
}
vm_install_base() {
# Installs the FreeBSD userland/kernel to the virtual machine disk.
cd ${WORLDDIR} && \
make DESTDIR=${DESTDIR} \
installworld installkernel distribution || \
err "\n\nCannot install the base system to ${DESTDIR}."
echo '# Custom /etc/fstab for FreeBSD VM images' \
> ${DESTDIR}/etc/fstab
echo '/dev/gpt/rootfs / ufs rw 1 1' \
>> ${DESTDIR}/etc/fstab
if [ -z "${NOSWAP}" ]; then
echo '/dev/gpt/swapfs none swap sw 0 0' \
>> ${DESTDIR}/etc/fstab
fi
mkdir -p ${DESTDIR}/dev
mount -t devfs devfs ${DESTDIR}/dev
chroot ${DESTDIR} /usr/bin/newaliases
chroot ${DESTDIR} /etc/rc.d/ldconfig forcestart
umount_loop ${DESTDIR}/dev
cp /etc/resolv.conf ${DESTDIR}/etc/resolv.conf
return 0
}
vm_extra_install_base() {
# Prototype. When overridden, runs extra post-installworld commands
# as needed, based on the target virtual machine image or cloud
# provider image target.
return 0
}
vm_extra_enable_services() {
if [ ! -z "${VM_RC_LIST}" ]; then
for _rcvar in ${VM_RC_LIST}; do
echo ${_rcvar}_enable="YES" >> ${DESTDIR}/etc/rc.conf
done
fi
return 0
}
vm_extra_install_packages() {
if [ -z "${VM_EXTRA_PACKAGES}" ]; then
return 0
fi
mkdir -p ${DESTDIR}/dev
mount -t devfs devfs ${DESTDIR}/dev
chroot ${DESTDIR} env ASSUME_ALWAYS_YES=yes \
/usr/sbin/pkg bootstrap -y
chroot ${DESTDIR} env ASSUME_ALWAYS_YES=yes \
/usr/sbin/pkg install -y ${VM_EXTRA_PACKAGES}
umount_loop ${DESTDIR}/dev
return 0
}
vm_extra_install_ports() {
# Prototype. When overridden, installs additional ports within the
# virtual machine environment.
return 0
}
vm_extra_pre_umount() {
# Prototype. When overridden, installs additional ports within the
# virtual machine environment.
rm -f ${DESTDIR}/etc/resolv.conf
return 0
}
vm_extra_pkg_rmcache() {
if [ -e ${DESTDIR}/usr/local/sbin/pkg ]; then
chroot ${DESTDIR} env ASSUME_ALWAYS_YES=yes \
/usr/local/sbin/pkg clean -y -a
fi
return 0
}
umount_loop() {
DIR=$1
i=0
sync
while ! umount ${DIR}; do
i=$(( $i + 1 ))
if [ $i -ge 10 ]; then
# This should never happen. But, it has happened.
echo "Cannot umount(8) ${DIR}"
echo "Something has gone horribly wrong."
return 1
fi
sleep 1
done
return 0
}
vm_create_disk() {
echo "Creating image... Please wait."
echo
write_partition_layout || return 1
return 0
}
vm_extra_create_disk() {
return 0
}