#!/bin/sh #- # Copyright (c) 2013-2016 Juan Romero Pardines. # Copyright (c) 2017 Google # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR # IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. # IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT # NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #- readonly PROGNAME=$(basename "$0") readonly ARCH=$(uname -m) trap 'printf "\nInterrupted! exiting...\n"; cleanup; exit 0' INT TERM HUP # This source pulls in all the functions from lib.sh. This set of # functions makes it much easier to work with chroots and abstracts # away all the problems with running binaries with QEMU. # shellcheck source=./lib.sh . ./lib.sh cleanup() { unmount_pseudofs umount -f "${ROOTFS}/boot" 2>/dev/null umount -f "${ROOTFS}" 2>/dev/null if [ -e "$LOOPDEV" ]; then partx -d "$LOOPDEV" 2>/dev/null losetup -d "$LOOPDEV" 2>/dev/null fi [ -d "$ROOTFS" ] && rmdir "$ROOTFS" } usage() { cat <<_EOF Usage: $PROGNAME [options] The argument expects a tarball generated by void-mkrootfs. The platform is guessed automatically by its name. Accepted sizes suffixes: KiB, MiB, GiB, TiB, EiB. OPTIONS -b Set /boot filesystem type (defaults to FAT) -B Set /boot filesystem size (defaults to 64MiB) -r Set / filesystem type (defaults to EXT4) -s Set total image size (defaults to 2GB) -o Set image filename (guessed automatically) -h Show this help -V Show version Resulting image will have 2 partitions, /boot and /. _EOF exit 0 } # ######################################## # SCRIPT EXECUTION STARTS HERE # ######################################## while getopts "b:B:o:r:s:hV" opt; do case $opt in b) BOOT_FSTYPE="$OPTARG";; B) BOOT_FSSIZE="$OPTARG";; o) FILENAME="$OPTARG";; r) ROOT_FSTYPE="$OPTARG";; s) IMGSIZE="$OPTARG";; V) echo "$PROGNAME @@MKLIVE_VERSION@@"; exit 0;; h) usage;; esac done shift $((OPTIND - 1)) ROOTFS_TARBALL="$1" if [ -z "$ROOTFS_TARBALL" ]; then usage elif [ ! -r "$ROOTFS_TARBALL" ]; then # In rare cases the tarball can wind up owned by the wrong user. # This leads to confusing failures if execution is allowed to # proceed. die "Cannot read rootfs tarball: $ROOTFS_TARBALL" fi # By default we build all platform images with a 64MiB boot partition # formated FAT16, and an approxomately 1.9GiB root partition formated # ext4. More exotic combinations are of course possible, but this # combination works on all known platforms. : "${IMGSIZE:=2G}" : "${BOOT_FSTYPE:=vfat}" : "${BOOT_FSSIZE:=64MiB}" : "${ROOT_FSTYPE:=ext4}" # Verify that the required tooling is available readonly REQTOOLS="sfdisk partx losetup mount truncate mkfs.${BOOT_FSTYPE} mkfs.${ROOT_FSTYPE}" check_tools # Setup the platform variable. Here we want just the name and # optionally -musl if this is the musl variant. PLATFORM="${ROOTFS_TARBALL#void-}" PLATFORM="${PLATFORM%-ROOTFS*}" # This is an aweful hack since the script isn't using privesc # mechanisms selectively. This is a TODO item. if [ "$(id -u)" -ne 0 ]; then die "need root perms to continue, exiting." fi # Set the default filename if none was provided above. The default # will include the platform the image is being built for and the date # on which it was built. if [ -z "$FILENAME" ]; then FILENAME="void-${PLATFORM}-$(date +%Y%m%d).img" fi # Be absolutely certain the platform is supported before continuing case "$PLATFORM" in bananapi|beaglebone|cubieboard2|cubietruck|odroid-c2|odroid-u2|rpi|rpi2|rpi3|usbarmory|GCP|*-musl);; *) die "The $PLATFORM is not supported, exiting..." esac # Create the base image. This was previously accomplished with dd, # but truncate is markedly faster. info_msg "Creating disk image ($IMGSIZE) ..." truncate -s "${IMGSIZE}" "$FILENAME" >/dev/null 2>&1 # Grab a tmpdir for the rootfs. If this fails we need to halt now # because otherwise things will go very badly for the host system. ROOTFS=$(mktemp -d) || die "Could not create tmpdir for ROOTFS" info_msg "Creating disk image partitions/filesystems ..." if [ "$BOOT_FSTYPE" = "vfat" ]; then _args="-I -F16" fi case "$PLATFORM" in cubieboard2|cubietruck|ci20*|odroid-c2*) sfdisk "${FILENAME}" <<_EOF label: dos 2048,,L _EOF LOOPDEV=$(losetup --show --find --partscan "$FILENAME") mkfs.${ROOT_FSTYPE} -O '^64bit,^extra_isize,^has_journal' "${LOOPDEV}p1" >/dev/null 2>&1 mount "${LOOPDEV}p1" "$ROOTFS" ROOT_UUID=$(blkid -o value -s UUID "${LOOPDEV}p1") ;; *) sfdisk "${FILENAME}" <<_EOF label: dos 2048,${BOOT_FSSIZE},b,* ,+,L _EOF LOOPDEV=$(losetup --show --find --partscan "$FILENAME") # Normally we need to quote to prevent argument splitting, but # we explicitly want argument splitting here. # shellcheck disable=SC2086 mkfs.${BOOT_FSTYPE} $_args "${LOOPDEV}p1" >/dev/null case "$ROOT_FSTYPE" in ext[34]) disable_journal="-O ^has_journal";; esac mkfs.${ROOT_FSTYPE} "$disable_journal" "${LOOPDEV}p2" >/dev/null 2>&1 mount "${LOOPDEV}p2" "$ROOTFS" mkdir -p "${ROOTFS}/boot" mount "${LOOPDEV}p1" "${ROOTFS}/boot" BOOT_UUID=$(blkid -o value -s UUID "${LOOPDEV}p1") ROOT_UUID=$(blkid -o value -s UUID "${LOOPDEV}p2") ;; esac info_msg "Unpacking rootfs tarball ..." if [ "$PLATFORM" = "beaglebone" ]; then fstab_args=",noauto" tar xfp "$ROOTFS_TARBALL" -C "$ROOTFS" ./boot/MLO tar xfp "$ROOTFS_TARBALL" -C "$ROOTFS" ./boot/u-boot.img touch "$ROOTFS/boot/uEnv.txt" umount "$ROOTFS/boot" fi tar xfp "$ROOTFS_TARBALL" --xattrs --xattrs-include='*' -C "$ROOTFS" fspassno="1" if [ "$ROOT_FSTYPE" = "f2fs" ]; then fspassno="0" fi echo "UUID=$ROOT_UUID / $ROOT_FSTYPE defaults 0 ${fspassno}" >> "${ROOTFS}/etc/fstab" if [ -n "$BOOT_UUID" ]; then echo "UUID=$BOOT_UUID /boot $BOOT_FSTYPE defaults${fstab_args} 0 2" >> "${ROOTFS}/etc/fstab" fi info_msg "Configuring image for platform $PLATFORM" case "$PLATFORM" in bananapi*|cubieboard2*|cubietruck*) dd if="${ROOTFS}/boot/u-boot-sunxi-with-spl.bin" of="${LOOPDEV}" bs=1024 seek=8 >/dev/null 2>&1 ;; odroid-c2*) dd if="${ROOTFS}/boot/bl1.bin.hardkernel" of="${LOOPDEV}" bs=1 count=442 >/dev/null 2>&1 dd if="${ROOTFS}/boot/bl1.bin.hardkernel" of="${LOOPDEV}" bs=512 skip=1 seek=1 >/dev/null 2>&1 dd if="${ROOTFS}/boot/u-boot.bin" of="${LOOPDEV}" bs=512 seek=97 >/dev/null 2>&1 ;; odroid-u2*) dd if="${ROOTFS}/boot/E4412_S.bl1.HardKernel.bin" of="${LOOPDEV}" seek=1 >/dev/null 2>&1 dd if="${ROOTFS}/boot/bl2.signed.bin" of="${LOOPDEV}" seek=31 >/dev/null 2>&1 dd if="${ROOTFS}/boot/u-boot.bin" of="${LOOPDEV}" seek=63 >/dev/null 2>&1 dd if="${ROOTFS}/boot/E4412_S.tzsw.signed.bin" of="${LOOPDEV}" seek=2111 >/dev/null 2>&1 ;; usbarmory*) dd if="${ROOTFS}/boot/u-boot.imx" of="${LOOPDEV}" bs=512 seek=2 conv=fsync >/dev/null 2>&1 ;; ci20*) dd if="${ROOTFS}/boot/u-boot-spl.bin" of="${LOOPDEV}" obs=512 seek=1 >/dev/null 2>&1 dd if="${ROOTFS}/boot/u-boot.img" of="${LOOPDEV}" obs=1K seek=14 >/dev/null 2>&1 ;; GCP*) # Setup GRUB mount_pseudofs chroot "${ROOTFS}" grub-install "${LOOPDEV}" sed -i "s:page_poison=1:page_poison=1 console=ttyS0,38400n8d:" "${ROOTFS}/etc/default/grub" chroot "${ROOTFS}" update-grub umount_pseudofs # Setup the GCP Guest services for _service in dhcpcd sshd agetty-console nanoklogd socklog-unix GCP-Guest-Initialization GCP-accounts GCP-clock-skew GCP-ip-forwarding ; do chroot "${ROOTFS}" ln -sv /etc/sv/$_service /etc/runit/runsvdir/default/$_service done # Turn off the agetty's since we can't use them anyway rm -v "${ROOTFS}/etc/runit/runsvdir/default/agetty-tty*" # Disable root login over ssh and lock account sed -i "s:PermitRootLogin yes:PermitRootLogin no:" "${ROOTFS}/etc/ssh/sshd_config" chroot "${ROOTFS}" passwd -l root # Set the Timezone chroot "${ROOTFS}" ln -svf /usr/share/zoneinfo/UTC /etc/localtime # Generate glibc-locales if necessary (this is a noop on musl) if [ "$PLATFORM" = GCP ] ; then chroot "${ROOTFS}" xbps-reconfigure -f glibc-locales fi # Remove SSH host keys (these will get rebuilt on first boot) rm -f "${ROOTFS}/etc/ssh/*key*" rm -f "${ROOTFS}/etc/ssh/moduli" # Force hte hostname since this isn't read from DHCP echo void-GCE > "${ROOTFS}/etc/hostname" ;; esac umount -R "$ROOTFS" losetup -d "$LOOPDEV" rmdir "$ROOTFS" || die "$ROOTFS not empty!" chmod 644 "$FILENAME" case "$PLATFORM" in GCP*) mv void-GCP*.img disk.raw info_msg "Compressing disk.raw" tar Sczf "${FILENAME%.img}.tar.gz" disk.raw rm disk.raw info_msg "Sucessfully created ${FILENAME%.img}.tar.gz image." ;; *) info_msg "Successfully created $FILENAME image." ;; esac