-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbuild-initramfs
executable file
·96 lines (86 loc) · 3.67 KB
/
build-initramfs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
#! /bin/bash
set -eu
CONFIG="$1"; shift
OUT="$1"; shift # NOTE: Relative to $(dirname $0)
[ $# -gt 0 ] && { FLAVOUR="$1"; shift; }
[ $# -gt 0 ] && { KERNEL_DEB="$1"; shift; } # Optional: Path to Debian package (.deb) with kernel to use
FLAVOUR=${FLAVOUR-vanilla}
KERNEL_DEB=${KERNEL_DEB-}
DEBIAN_RELEASE=bookworm
PKGLIST_BASE="$CONFIG"/pkgs/000base.pkglist
OUTDIR=$(dirname "$OUT")
[ -d "$OUTDIR" ] || mkdir -p "$OUTDIR"
ROOTAR="$OUTDIR"/tmproot.tar
### Collect root password
if [[ -r ${CONFIG}/pw.root ]]; then
PW_ROOT="$(cat "${CONFIG}/pw.root")"
else
# NOTE: Doesn't work in ./contain
# TODO: Detect non-interactive container and bail
read -rs -p "Root password to set in image: " PW_ROOT
echo
fi
build_rootfs() {
### Build APT sources.list
sources_list="$OUTDIR"/sources.list
case "$DEBIAN_RELEASE" in # https://wiki.debian.org/SourcesList
bookworm)
# NOTE: non-free-firmware for intel-microcode on physical machines
DEBIAN_COMPONENTS="main non-free-firmware"
cat >$sources_list <<EOF
deb https://ftp.acc.umu.se/debian/ $DEBIAN_RELEASE $DEBIAN_COMPONENTS
deb https://ftp.acc.umu.se/debian/ $DEBIAN_RELEASE-updates $DEBIAN_COMPONENTS
deb https://deb.debian.org/debian-security/ $DEBIAN_RELEASE-security $DEBIAN_COMPONENTS
EOF
;;
esac
### Run mmdebstrap
# TODO: use $APT_CACHER_NG for local proxy, add --aptopt and use http
# --aptopt='Acquire::http { Proxy "http://localhost:3142"; }'
mmdebstrap_includes="
--include=$(grep -E -v '^[[:space:]]*#|^[[:space:]]*$' ${PKGLIST_BASE} | tr '\n' ',')"
if [ -f ${CONFIG}/pkgs/${FLAVOUR}.pkglist ]; then
mmdebstrap_includes+=" --include=$(grep -E -v '^[[:space:]]*#|^[[:space:]]*$' ${CONFIG}/pkgs/${FLAVOUR}.pkglist | tr '\n' ',')"
fi
echo "$0: running mmdebstrap, will take a minute or two"
mmdebstrap --mode fakeroot --format tar --architectures=amd64 --variant=minbase \
--customize-hook="download /vmlinuz $OUTDIR/vmlinuz" \
--customize-hook="sync-in ${CONFIG}/overlays/${FLAVOUR} /" \
--customize-hook="$CONFIG/scripts/setup.sh \$1 $CONFIG" \
--customize-hook="copy-in $CONFIG/scripts/setup-in-chroot.sh /tmp/" \
--customize-hook="chroot \$1 /tmp/setup-in-chroot.sh" \
--customize-hook="echo \"root:${PW_ROOT}\" | chroot \$1 chpasswd" \
$mmdebstrap_includes \
$DEBIAN_RELEASE \
$ROOTAR \
$sources_list
rm "$sources_list"
}
copy_kernel() {
### Copy kernel to or from rootfs
if [ -f "$KERNEL_DEB" ]; then
echo "$0: copy kernel to rootfs NYI"
exit 1
else
tgt="$(basename "$OUT" .cpio.gz)".vmlinuz
ln -sf vmlinuz "${OUTDIR}/${tgt}"
fi
}
create_cpio_archive() {
### Create cpio archive
# TODO: prepend cpio archive with /kernel/x86/microcode/GenuineIntel.bin containing /lib/firmware/intel-ucode/* to $OUT, for targeting real hw
# NOTE: If mmdebstrap was run in a container, cpio needs to be run in a container because file ownership.
cat >"$OUTDIR"/mkcpio.sh <<EOF
set -eu
mkdir "${OUTDIR}"/tmproot
tar x -C "${OUTDIR}"/tmproot --numeric-owner -f "$ROOTAR"
(cd "${OUTDIR}"/tmproot && find . -depth | LC_ALL=C sort | cpio -o -H newc --quiet)
rm -r "$OUTDIR"/tmproot
EOF
fakeroot -- bash "$OUTDIR"/mkcpio.sh | gzip > "$OUT"
rm -r "$OUTDIR"/mkcpio.sh
}
####################
build_rootfs
copy_kernel
create_cpio_archive