mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-23 05:41:05 +01:00
4b8175ee8f
copy the userland from one md(4)-mounted filesystem to a clean filesystem to prevent remnants of files that were added and removed from resulting in an unclean filesystem. When newfs(8) creates the first filesystem with journaled soft-updates enabled, the /.sujournal file in the new filesystem cannot be overwritten by the /.sujournal in the original filesystem. To avoid this particular error case, do not enable journaled soft-updates when creating the md(4)-backed filesystems, and instead use tunefs(8) to enable journaled soft-updates after the new filesystem is populated in vm_copy_base(). While here, fix a long standing bug where the build environment /boot files were used by mkimg(1) when creating the VM disk images by using the files in .OBJDIR. MFC after: 3 days Sponsored by: The FreeBSD Foundation
226 lines
4.7 KiB
Bash
226 lines
4.7 KiB
Bash
#!/bin/sh
|
|
#
|
|
# $FreeBSD$
|
|
#
|
|
#
|
|
# Common functions for virtual machine image build scripts.
|
|
#
|
|
|
|
export PATH="/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
|
|
trap "cleanup" INT QUIT TRAP ABRT TERM
|
|
|
|
write_partition_layout() {
|
|
if [ -z "${NOSWAP}" ]; then
|
|
SWAPOPT="-p freebsd-swap/swapfs::1G"
|
|
fi
|
|
|
|
_OBJDIR="$(make -C ${WORLDDIR} -V .OBJDIR)"
|
|
if [ -d "${_OBJDIR%%/usr/src}/${TARGET}.${TARGET_ARCH}" ]; then
|
|
BOOTFILES="${_OBJDIR%%/usr/src}/${TARGET}.${TARGET_ARCH}/usr/src/sys/boot"
|
|
else
|
|
BOOTFILES="${_OBJDIR}/usr/src/sys/boot"
|
|
fi
|
|
|
|
case "${TARGET}:${TARGET_ARCH}" in
|
|
amd64:amd64 | i386:i386)
|
|
mkimg -s gpt -b ${BOOTFILES}/i386/pmbr/pmbr \
|
|
-p freebsd-boot/bootfs:=${BOOTFILES}/i386/gptboot/gptboot \
|
|
${SWAPOPT} \
|
|
-p freebsd-ufs/rootfs:=${VMBASE} \
|
|
-o ${VMIMAGE}
|
|
;;
|
|
powerpc:powerpc*)
|
|
mkimg -s apm \
|
|
-p apple-boot/bootfs:=${BOOTFILES}/powerpc/boot1.chrp/boot1.hfs \
|
|
${SWAPOPT} \
|
|
-p freebsd-ufs/rootfs:=${VMBASE} \
|
|
-o ${VMIMAGE}
|
|
;;
|
|
*)
|
|
# ENOTSUPP
|
|
return 1
|
|
;;
|
|
esac
|
|
|
|
return 0
|
|
}
|
|
|
|
err() {
|
|
printf "${@}\n"
|
|
cleanup
|
|
return 1
|
|
}
|
|
|
|
cleanup() {
|
|
if [ -c "${DESTDIR}/dev/null" ]; then
|
|
umount_loop ${DESTDIR}/dev 2>/dev/null
|
|
fi
|
|
umount_loop ${DESTDIR}
|
|
if [ ! -z "${mddev}" ]; then
|
|
mdconfig -d -u ${mddev}
|
|
fi
|
|
|
|
return 0
|
|
}
|
|
|
|
vm_create_base() {
|
|
# Creates the UFS root filesystem for the virtual machine disk,
|
|
# written to the formatted disk image with mkimg(1).
|
|
|
|
mkdir -p ${DESTDIR}
|
|
truncate -s ${VMSIZE} ${VMBASE}
|
|
mddev=$(mdconfig -f ${VMBASE})
|
|
newfs /dev/${mddev}
|
|
mount /dev/${mddev} ${DESTDIR}
|
|
|
|
return 0
|
|
}
|
|
|
|
vm_copy_base() {
|
|
# Creates a new UFS root filesystem and copies the contents of the
|
|
# current root filesystem into it. This produces a "clean" disk
|
|
# image without any remnants of files which were created temporarily
|
|
# during image-creation and have since been deleted (e.g., downloaded
|
|
# package archives).
|
|
|
|
mkdir -p ${DESTDIR}/old
|
|
mdold=$(mdconfig -f ${VMBASE})
|
|
mount /dev/${mdold} ${DESTDIR}/old
|
|
|
|
truncate -s ${VMSIZE} ${VMBASE}.tmp
|
|
mkdir -p ${DESTDIR}/new
|
|
mdnew=$(mdconfig -f ${VMBASE}.tmp)
|
|
newfs /dev/${mdnew}
|
|
mount /dev/${mdnew} ${DESTDIR}/new
|
|
|
|
tar -cf- -C ${DESTDIR}/old . | tar -xUf- -C ${DESTDIR}/new
|
|
|
|
umount_loop /dev/${mdold}
|
|
rmdir ${DESTDIR}/old
|
|
mdconfig -d -u ${mdold}
|
|
|
|
umount_loop /dev/${mdnew}
|
|
rmdir ${DESTDIR}/new
|
|
tunefs -j enable /dev/${mdnew}
|
|
mdconfig -d -u ${mdnew}
|
|
mv ${VMBASE}.tmp ${VMBASE}
|
|
}
|
|
|
|
vm_install_base() {
|
|
# Installs the FreeBSD userland/kernel to the virtual machine disk.
|
|
|
|
cd ${WORLDDIR} && \
|
|
make DESTDIR=${DESTDIR} \
|
|
installworld installkernel distribution || \
|
|
err "\n\nCannot install the base system to ${DESTDIR}."
|
|
|
|
echo '# Custom /etc/fstab for FreeBSD VM images' \
|
|
> ${DESTDIR}/etc/fstab
|
|
echo '/dev/gpt/rootfs / ufs rw 1 1' \
|
|
>> ${DESTDIR}/etc/fstab
|
|
if [ -z "${NOSWAP}" ]; then
|
|
echo '/dev/gpt/swapfs none swap sw 0 0' \
|
|
>> ${DESTDIR}/etc/fstab
|
|
fi
|
|
|
|
mkdir -p ${DESTDIR}/dev
|
|
mount -t devfs devfs ${DESTDIR}/dev
|
|
chroot ${DESTDIR} /usr/bin/newaliases
|
|
chroot ${DESTDIR} /etc/rc.d/ldconfig forcestart
|
|
umount_loop ${DESTDIR}/dev
|
|
|
|
cp /etc/resolv.conf ${DESTDIR}/etc/resolv.conf
|
|
|
|
return 0
|
|
}
|
|
|
|
vm_extra_install_base() {
|
|
# Prototype. When overridden, runs extra post-installworld commands
|
|
# as needed, based on the target virtual machine image or cloud
|
|
# provider image target.
|
|
|
|
return 0
|
|
}
|
|
|
|
vm_extra_enable_services() {
|
|
if [ ! -z "${VM_RC_LIST}" ]; then
|
|
for _rcvar in ${VM_RC_LIST}; do
|
|
echo ${_rcvar}_enable="YES" >> ${DESTDIR}/etc/rc.conf
|
|
done
|
|
fi
|
|
|
|
return 0
|
|
}
|
|
|
|
vm_extra_install_packages() {
|
|
if [ -z "${VM_EXTRA_PACKAGES}" ]; then
|
|
return 0
|
|
fi
|
|
mkdir -p ${DESTDIR}/dev
|
|
mount -t devfs devfs ${DESTDIR}/dev
|
|
chroot ${DESTDIR} env ASSUME_ALWAYS_YES=yes \
|
|
/usr/sbin/pkg bootstrap -y
|
|
chroot ${DESTDIR} env ASSUME_ALWAYS_YES=yes \
|
|
/usr/sbin/pkg install -y ${VM_EXTRA_PACKAGES}
|
|
umount_loop ${DESTDIR}/dev
|
|
|
|
return 0
|
|
}
|
|
|
|
vm_extra_install_ports() {
|
|
# Prototype. When overridden, installs additional ports within the
|
|
# virtual machine environment.
|
|
|
|
return 0
|
|
}
|
|
|
|
vm_extra_pre_umount() {
|
|
# Prototype. When overridden, installs additional ports within the
|
|
# virtual machine environment.
|
|
|
|
rm -f ${DESTDIR}/etc/resolv.conf
|
|
return 0
|
|
}
|
|
|
|
vm_extra_pkg_rmcache() {
|
|
if [ -e ${DESTDIR}/usr/local/sbin/pkg ]; then
|
|
chroot ${DESTDIR} env ASSUME_ALWAYS_YES=yes \
|
|
/usr/local/sbin/pkg clean -y -a
|
|
fi
|
|
|
|
return 0
|
|
}
|
|
|
|
umount_loop() {
|
|
DIR=$1
|
|
i=0
|
|
sync
|
|
while ! umount ${DIR}; do
|
|
i=$(( $i + 1 ))
|
|
if [ $i -ge 10 ]; then
|
|
# This should never happen. But, it has happened.
|
|
echo "Cannot umount(8) ${DIR}"
|
|
echo "Something has gone horribly wrong."
|
|
return 1
|
|
fi
|
|
sleep 1
|
|
done
|
|
|
|
return 0
|
|
}
|
|
|
|
vm_create_disk() {
|
|
echo "Creating image... Please wait."
|
|
echo
|
|
|
|
write_partition_layout || return 1
|
|
|
|
return 0
|
|
}
|
|
|
|
vm_extra_create_disk() {
|
|
|
|
return 0
|
|
}
|
|
|