diff --git a/usr/bin/archboot-aarch64-create-container.sh b/usr/bin/archboot-aarch64-create-container.sh index de5f20a51..c2f5a6619 100755 --- a/usr/bin/archboot-aarch64-create-container.sh +++ b/usr/bin/archboot-aarch64-create-container.sh @@ -1,136 +1,54 @@ #!/usr/bin/env bash # created by Tobias Powalowski -_PWD="$(pwd)" -_BASENAME="$(basename "${0}")" -_CACHEDIR="$1/var/cache/pacman/pkg" -_CLEANUP_CACHE="" -_SAVE_RAM="" -_LINUX_FIRMWARE="linux-firmware" -_DIR="" +source /usr/lib/archboot/functions +source /usr/lib/archboot/container_functions _PACMAN_AARCH64_CHROOT_SERVER="https://pkgbuild.com/~tpowa/archboot-helper/pacman-chroot-aarch64" _PACMAN_AARCH64_CHROOT="pacman-aarch64-chroot-latest.tar.zst" - -usage () { - echo "CREATE ARCHBOOT CONTAINER" - echo "-----------------------------" - echo "This will create an archboot container for an archboot image." - echo "Usage: ${_BASENAME} " - echo " Options:" - echo " -cc Cleanup container eg. remove manpages, includes ..." - echo " -cp Cleanup container package cache" - exit 0 -} - -cleancache() { - if [[ "${_CLEANUP_CACHE}" == "1" ]]; then - # clean cache - echo "Clean pacman cache from ${_DIR} ..." - rm -r "${_DIR}"/var/cache/pacman - fi -} - -saveram() { - if [[ "${_SAVE_RAM}" == "1" ]]; then - # clean container from not needed files - echo "Clean container, delete not needed files from ${_DIR} ..." - rm -r "${_DIR}"/usr/include - rm -r "${_DIR}"/usr/share/{aclocal,applications,audit,avahi,awk,bash-completion,cmake,common-lisp,cracklib,dhclient,dhcpcd,dict,dnsmasq,emacs,et,fish,gdb,gettext,gettext-0.21,glib-2.0,gnupg,graphite2,gtk-doc,iana-etc,icons,icu,iptables,keyutils,libalpm,libgpg-error,makepkg-template,misc,mkinitcpio,ncat,ntp,p11-kit,pixmaps,pkgconfig,readline,screen,smartmontools,ss,stoken,tabset,texinfo,vala,xml,xtables,zoneinfo-leaps,man,doc,info,perl5} - rm -r "${_DIR}"/usr/lib/{audit,avahi,awk,bash,binfmt.d,cifs-utils,cmake,coreutils,cryptsetup,cups,dracut,e2fsprogs,engines-1.1,environment.d,gawk,getconf,gettext,girepository-1.0,glib-2.0,gnupg,gssproxy,guile,icu,itcl4.2.2,iwd,krb5,ldb,ldscripts,libnl,libproxy,named,ntfs-3g,openconnect,openssl-1.0,p11-kit,pcsc,perl5,pkcs11,pkgconfig,python3.10,rsync,samba,sasl2,siconv,sysctl.d,sysusers.d,tar,tcl8.6,tcl8,tdbc1.1.3,tdbcmysql1.1.3,tdbcodbc1.1.3,tdbcpostgres1.1.3,terminfo,texinfo,thread2.8.7,valgrind,xfsprogs,xplc-0.3.13,xtables} - fi -} - -[[ -z "${1}" ]] && usage - +_ARCHBOOT="archboot-arm" +_KEYRING=" archlinuxarm" +[[ -z "${1}" ]] && _usage _DIR="$1" - -while [ $# -gt 0 ]; do - case ${1} in - -cc|--cc) _SAVE_RAM="1" ;; - -cp|--cp) _CLEANUP_CACHE="1" ;; - esac - shift -done - -### check for root -if ! [[ ${UID} -eq 0 ]]; then - echo "ERROR: Please run as root user!" - exit 1 -fi - +#shellcheck disable=SC2120 +_parameters +_root_check echo "Starting container creation ..." echo "Create directory ${_DIR} ..." mkdir "${_DIR}" if [[ "$(uname -m)" == "aarch64" ]]; then - # prepare pacman dirs - echo "Create directories in ${_DIR} ..." - mkdir -p "${_DIR}"/var/lib/pacman - mkdir -p "${_CACHEDIR}" - [[ -e "${_DIR}/proc" ]] || mkdir -m 555 "${_DIR}/proc" - [[ -e "${_DIR}/sys" ]] || mkdir -m 555 "${_DIR}/sys" - [[ -e "${_DIR}/dev" ]] || mkdir -m 755 "${_DIR}/dev" - # mount special filesystems to ${_DIR} - echo "Mount special filesystems in ${_DIR} ..." - mount proc "${_DIR}/proc" -t proc -o nosuid,noexec,nodev - mount sys "${_DIR}/sys" -t sysfs -o nosuid,noexec,nodev,ro - mount udev "${_DIR}/dev" -t devtmpfs -o mode=0755,nosuid - mount devpts "${_DIR}/dev/pts" -t devpts -o mode=0620,gid=5,nosuid,noexec - mount shm "${_DIR}/dev/shm" -t tmpfs -o mode=1777,nosuid,nodev - # install archboot - echo "Installing packages base linux and ${_LINUX_FIRMWARE} to ${_DIR} ..." - pacman --root "${_DIR}" -Sy base linux "${_LINUX_FIRMWARE}" --ignore systemd-resolvconf --noconfirm --cachedir "${_PWD}"/"${_CACHEDIR}" >/dev/null 2>&1 - rm "${_DIR}"/usr/share/libalpm/hooks/60-mkinitcpio-remove.hook - rm "${_DIR}"/usr/share/libalpm/hooks/90-mkinitcpio-install.hook - rm "${_DIR}"/boot/{initramfs-linux.img,initramfs-linux-fallback.img} - cleancache - echo "Installing archboot to ${_DIR} ..." - pacman --root "${_DIR}" -Sy archboot-arm --ignore systemd-resolvconf --noconfirm >/dev/null 2>&1 - saveram - # Clean cache on archboot environment - if [[ "$(cat /etc/hostname)" == "archboot" ]]; then - echo "Cleaning /var/cache/pacman/pkg ..." - rm -r /var/cache/pacman/pkg - fi - # umount special filesystems - echo "Umount special filesystems in to ${_DIR} ..." - umount -R "${_DIR}/proc" - umount -R "${_DIR}/sys" - umount -R "${_DIR}/dev" - # generate locales - echo "Create locales in container ..." - systemd-nspawn -D "${_DIR}" /bin/bash -c "echo 'en_US ISO-8859-1' >> /etc/locale.gen" >/dev/null 2>&1 - systemd-nspawn -D "${_DIR}" /bin/bash -c "echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen" >/dev/null 2>&1 - systemd-nspawn -D "${_DIR}" locale-gen >/dev/null 2>&1 - [[ "${_SAVE_RAM}" == "1" ]] && rm -r "${_DIR}"/usr/share/{i18n,locale} - # generate pacman keyring - echo "Generate pacman keyring in container ..." - systemd-nspawn -D "${_DIR}" pacman-key --init >/dev/null 2>&1 - systemd-nspawn -D "${_DIR}" pacman-key --populate archlinuxarm >/dev/null 2>&1 - # enable parallel downloads - sed -i -e 's:^#ParallelDownloads:ParallelDownloads:g' "${_DIR}"/etc/pacman.conf + _prepare_pacman + _install_base_packages + _cleanmkinitcpio + _cleancache + _install_archboot + _umount_special + _cleancontainer + _clean_archboot_cache + _generate_keyring + _generate_locales + _clean_locale + _copy_mirrorlist_and_pacman_conf + _change_pacman_conf fi if [[ "$(uname -m)" == "x86_64" ]]; then echo "Downloading archlinuxarm pacman aarch64 chroot..." - ! [[ -f pacman-aarch64-chroot-latest.tar.zst ]] && wget ${_PACMAN_AARCH64_CHROOT_SERVER}/${_PACMAN_AARCH64_CHROOT}{,.sig} >/dev/null 2>&1 + [[ -f pacman-aarch64-chroot-latest.tar.zst ]] || wget ${_PACMAN_AARCH64_CHROOT_SERVER}/${_PACMAN_AARCH64_CHROOT}{,.sig} >/dev/null 2>&1 # verify dowload sleep 1 gpg --verify "${_PACMAN_AARCH64_CHROOT}.sig" >/dev/null 2>&1 || exit 1 bsdtar -C "${_DIR}" -xf "${_PACMAN_AARCH64_CHROOT}" echo "Removing installation tarball ..." rm ${_PACMAN_AARCH64_CHROOT}{,.sig} -fi - # disable checkspace option in pacman.conf, to allow to install packages in environment - sed -i -e 's:^CheckSpace:#CheckSpace:g' "${_DIR}"/etc/pacman.conf -if [[ "$(uname -m)" == "x86_64" ]]; then # update container to latest packages echo "Update container to latest packages..." systemd-nspawn -D "${_DIR}" pacman -Syu --noconfirm >/dev/null 2>&1 - echo "Installing archboot-arm and ${_LINUX_FIRMWARE} to container..." - systemd-nspawn -D "${_DIR}" /bin/bash -c "pacman -S archboot-arm ${_LINUX_FIRMWARE} --noconfirm" >/dev/null 2>&1 - rm "${_DIR}"/boot/{initramfs-linux.img,initramfs-linux-fallback.img} - cleancache - saveram - [[ "${_SAVE_RAM}" == "1" ]] && rm -r "${_DIR}"/usr/share/{i18n,locale} + _install_base_packages + _cleanmkinitcpio + _cleancache + _install_archboot + _cleanmkinitcpio + _cleancache + _cleancontainer + _clean_locale fi -echo "Setting hostname to archboot ..." -systemd-nspawn -D "${_DIR}" /bin/bash -c "echo archboot > /etc/hostname" >/dev/null 2>&1 +_set_hostname echo "Finished container setup in ${_DIR} ." diff --git a/usr/bin/archboot-aarch64-iso.sh b/usr/bin/archboot-aarch64-iso.sh index 1c1e79aa1..795e9c081 100755 --- a/usr/bin/archboot-aarch64-iso.sh +++ b/usr/bin/archboot-aarch64-iso.sh @@ -1,153 +1,20 @@ #!/usr/bin/env bash # created by Tobias Powalowski - -_BASENAME="$(basename "${0}")" -_SHIM_URL="https://pkgbuild.com/~tpowa/archboot-helper/fedora-shim" -_PRESET_DIR="/etc/archboot/presets" -_GRUB_CONFIG="/usr/share/archboot/grub/grub.cfg" -# covered by usage -_GENERATE="" -_PRESET="" -_IMAGENAME="" -_RELEASENAME="" -# temporary directories -_AARCH64="$(mktemp -d AARCH64.XXX)" - -usage () { - echo "${_BASENAME}: usage" - echo "CREATE AARCH64 USB/CD IMAGES" - echo "-----------------------------" - echo "PARAMETERS:" - echo " -g Start generation of image." - echo " -p=PRESET Which preset should be used." - echo " /etc/archboot/presets locates the presets" - echo " default=aarch64" - echo " -i=IMAGENAME Your IMAGENAME." - echo " -r=RELEASENAME Use RELEASENAME in boot message." - echo " -h This message." - exit 0 -} - -[[ -z "${1}" ]] && usage - -# change to english locale! -export LANG="en_US" - -while [ $# -gt 0 ]; do - case ${1} in - -g|--g) _GENERATE="1" ;; - -p=*|--p=*) _PRESET="$(echo "${1}" | awk -F= '{print $2;}')" ;; - -i=*|--i=*) _IMAGENAME="$(echo "${1}" | awk -F= '{print $2;}')" ;; - -r=*|--r=*) _RELEASENAME="$(echo "${1}" | awk -F= '{print $2;}')" ;; - -h|--h|?) usage ;; - *) usage ;; - esac - shift -done - -### check for root -if ! [[ ${UID} -eq 0 ]]; then - echo "ERROR: Please run as root user!" - exit 1 -fi - -### check for aarch64 -if ! [[ "$(uname -m)" == "aarch64" ]]; then - echo "ERROR: Please run on aarch64 hardware." - exit 1 -fi - -[[ "${_GENERATE}" == "1" ]] || usage - -#set PRESET -[[ -z "${_PRESET}" ]] && _PRESET="aarch64" -_PRESET="${_PRESET_DIR}/${_PRESET}" - -# set defaults, if nothing given -[[ -z "${_RELEASENAME}" ]] && _RELEASENAME="$(date +%Y.%m.%d-%H.%M)" -[[ -z "${_IMAGENAME}" ]] && _IMAGENAME="archlinux-archboot-${_RELEASENAME}-aarch64" - -if ! [[ "${_GENERATE}" == "1" ]]; then - usage -fi - -_prepare_kernel_initramfs_files() { - source "${_PRESET}" - mkdir -p "${_AARCH64}/EFI/BOOT" - mkdir -p "${_AARCH64}/boot" - # fix for mkinitcpio 31 - # https://bugs.archlinux.org/task/72882 - # remove on mkinitcpio 32 release - cp "/usr/lib/initcpio/functions" "/usr/lib/initcpio/functions.old" - [[ -f "/usr/share/archboot/patches/31-initcpio.functions.fixed" ]] && cp "/usr/share/archboot/patches/31-initcpio.functions.fixed" "/usr/lib/initcpio/functions" - mkinitcpio -c "${MKINITCPIO_CONFIG}" -k "${ALL_kver}" -g "${_AARCH64}/boot/initramfs_aarch64.img" || exit 1 - mv "/usr/lib/initcpio/functions.old" "/usr/lib/initcpio/functions" - install -m644 "${ALL_kver}" "${_AARCH64}/boot/vmlinuz_aarch64" - # install ucode files - cp /boot/amd-ucode.img "${_AARCH64}/boot/" - # fix license files - mkdir -p "${_AARCH64}/licenses/amd-ucode" - cp /usr/share/licenses/amd-ucode/LICENSE.amd-ucode "${_AARCH64}/licenses/amd-ucode" -} - -_prepare_efitools_uefi () { - cp -f "/usr/share/efitools/efi/HashTool.efi" "${_AARCH64}/EFI/tools/HashTool.efi" - cp -f "/usr/share/efitools/efi/KeyTool.efi" "${_AARCH64}/EFI/tools/KeyTool.efi" -} - -_prepare_fedora_shim_bootloaders () { - # Details on shim https://www.rodsbooks.com/efi-bootloaders/secureboot.html#initial_shim - # add shim aa64 signed files from fedora - for i in mmaa64.efi BOOTAA64.efi; do - curl -s --create-dirs -L -O --output-dir "${_AARCH64}/EFI/BOOT/" "${_SHIM_URL}/${i}" - done -} - -_prepare_uefi_image() { - ## get size of boot x86_64 files - BOOTSIZE=$(du -bc "${_AARCH64}"/EFI | grep total | cut -f1) - IMGSZ=$(( (BOOTSIZE*102)/100/1024 + 1)) # image size in sectors - ## Create cdefiboot.img - dd if=/dev/zero of="${_AARCH64}"/efi.img bs="${IMGSZ}" count=1024 - VFAT_IMAGE="${_AARCH64}/efi.img" - mkfs.vfat "${VFAT_IMAGE}" - ## Copy all files to UEFI vfat image - mcopy -i "${VFAT_IMAGE}" -s "${_AARCH64}"/EFI ::/ -} - -# build grubXXX with all modules: http://bugs.archlinux.org/task/71382 -# If you don't use shim use --disable-shim-lock -_prepare_uefi_AA64_GRUB_USB_files() { - ### Hint: https://src.fedoraproject.org/rpms/grub2/blob/rawhide/f/grub.macros#_407 - grub-mkstandalone -d /usr/lib/grub/arm64-efi -O arm64-efi --sbat=/usr/share/grub/sbat.csv --modules="all_video boot btrfs cat configfile cryptodisk echo efi_gop efifwsetup efinet ext2 f2fs fat font gcry_rijndael gcry_rsa gcry_serpent gcry_sha256 gcry_twofish gcry_whirlpool gfxmenu gfxterm gzio halt hfsplus http iso9660 loadenv loopback linux lvm lsefi lsefimmap luks luks2 mdraid09 mdraid1x minicmd net normal part_apple part_msdos part_gpt password_pbkdf2 pgp png reboot regexp search search_fs_uuid search_fs_file search_label serial sleep syslinuxcfg test tftp video xfs zstd chain tpm" --fonts="unicode" --locales="" --themes="" -o "${_AARCH64}/EFI/BOOT/grubaa64.efi" "boot/grub/grub.cfg=${_GRUB_CONFIG}" -} - +source /usr/lib/archboot/functions +source /usr/lib/archboot/iso_functions +[[ -z "${1}" ]] && _usage +_parameters +_root_check +_aarch64_check +[[ "${_GENERATE}" == "1" ]] || _usage +_config echo "Starting ISO creation ..." -echo "Prepare kernel and initramfs ..." _prepare_kernel_initramfs_files - -echo "Prepare fedora shim ..." -_prepare_fedora_shim_bootloaders >/dev/null 2>&1 - -echo "Prepare efitools ..." +_prepare_fedora_shim_bootloaders_aarch64 >/dev/null 2>&1 _prepare_efitools_uefi >/dev/null 2>&1 - -echo "Prepare AA64 Grub ..." _prepare_uefi_AA64_GRUB_USB_files >/dev/null 2>&1 - -echo "Prepare UEFI image ..." _prepare_uefi_image >/dev/null 2>&1 - -## Generate the BIOS+ISOHYBRID+UEFI CD image -grub-mkrescue --compress=xz --fonts="unicode" --locales="" --themes="" -o "${_IMAGENAME}.iso" "${_AARCH64}"/ "boot/grub/grub.cfg=${_GRUB_CONFIG}" &> "${_IMAGENAME}.log" - -## create sha256sums.txt -echo "Generating sha256sum ..." -rm -f "sha256sums.txt" || true -cksum -a sha256 ./*.iso > "sha256sums.txt" - -# cleanup -echo "Cleanup remove ${_AARCH64} ..." -rm -rf "${_AARCH64}" -rm -rf "${_SHIM}" +_grub_mkrescue +_create_cksum +_cleanup_iso echo "Finished ISO creation." diff --git a/usr/bin/archboot-aarch64-pacman-chroot-tarball.sh b/usr/bin/archboot-aarch64-pacman-chroot-tarball.sh index 567719166..0b28b44a3 100755 --- a/usr/bin/archboot-aarch64-pacman-chroot-tarball.sh +++ b/usr/bin/archboot-aarch64-pacman-chroot-tarball.sh @@ -1,13 +1,13 @@ #!/usr/bin/env bash # created by Tobias Powalowski -_PWD="$(pwd)" -_BASENAME="$(basename "${0}")" +source /usr/lib/archboot/functions _DIR="" _LATEST_ARM64="http://os.archlinuxarm.org/os/ArchLinuxARM-aarch64-latest.tar.gz" _PACMAN_CHROOT="pacman-aarch64-chroot" +KEYRING="archlinuxarm" usage () { - echo "CREATE ARCHBOOT CONTAINER" + echo "CREATE AARCH64 PACMAN CHROOT" echo "-----------------------------" echo "This will create an aarch64 pacman chroot tarball on x86_64" echo "Usage: ${_BASENAME} " @@ -25,16 +25,8 @@ while [ $# -gt 0 ]; do shift done -### check for root -if ! [[ ${UID} -eq 0 ]]; then - echo "ERROR: Please run as root user!" - exit 1 -fi - -if ! [[ "$(uname -m)" == "x86_64" ]]; then - echo "ERROR: Please run on x86_64 hardware." - exit 1 -fi +_root_check +_x86_64_check echo "Starting container creation ..." echo "Create directory ${_DIR} ..." @@ -44,15 +36,8 @@ echo "Downloading archlinuxarm aarch64..." bsdtar -xf ArchLinuxARM-aarch64-latest.tar.gz -C "${_DIR}" echo "Removing installation tarball ..." rm ArchLinuxARM-aarch64-latest.tar.gz -# generate locales -echo "Create locales in container ..." -systemd-nspawn -D "${_DIR}" /bin/bash -c "echo 'en_US ISO-8859-1' >> /etc/locale.gen" >/dev/null 2>&1 -systemd-nspawn -D "${_DIR}" /bin/bash -c "echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen" >/dev/null 2>&1 -systemd-nspawn -D "${_DIR}" locale-gen >/dev/null 2>&1 -# generate pacman keyring -echo "Generate pacman keyring in container ..." -systemd-nspawn -D "${_DIR}" pacman-key --init >/dev/null 2>&1 -systemd-nspawn -D "${_DIR}" pacman-key --populate archlinuxarm >/dev/null 2>&1 +_generate_locales +_generate_keyring # enable parallel downloads sed -i -e 's:^#ParallelDownloads:ParallelDownloads:g' "${_DIR}"/etc/pacman.conf # fix network in container diff --git a/usr/bin/archboot-aarch64-release.sh b/usr/bin/archboot-aarch64-release.sh index 8bb8a4e79..4a38a4a1c 100755 --- a/usr/bin/archboot-aarch64-release.sh +++ b/usr/bin/archboot-aarch64-release.sh @@ -1,87 +1,14 @@ #!/usr/bin/env bash # created by Tobias Powalowski - -_BASENAME="$(basename "${0}")" -_ARCH="aarch64" -_PRESET_LATEST="${_ARCH}-latest" -_AMD_UCODE="boot/amd-ucode.img" -_INITRAMFS="boot/initramfs_${_ARCH}.img" -_INITRAMFS_LATEST="boot/initramfs_${_ARCH}-latest.img" -_KERNEL="boot/vmlinuz_${_ARCH}" -_KERNEL_ARCHBOOT="boot/vmlinuz_archboot_${_ARCH}" -_W_DIR="$(mktemp -u archboot-release.XXX)" - -usage () { - echo "CREATE ARCHBOOT RELEASE IMAGE" - echo "-----------------------------" - echo "Usage: ${_BASENAME} " - echo "This will create an archboot release image in ." - exit 0 -} - -[[ -z "${1}" ]] && usage - -### check for root -if ! [[ ${UID} -eq 0 ]]; then - echo "ERROR: Please run as root user!" - exit 1 -fi +source /usr/lib/archboot/functions +source /usr/lib/archboot/release_functions +_ARCHBOOT="archboot-arm" +[[ -z "${1}" ]] && _usage +_root_check +_aarch64_check echo "Start release creation in $1 ..." -mkdir -p "${1}" -cd "${1}" || exit 1 -# create container -archboot-${_ARCH}-create-container.sh "${_W_DIR}" -cc -cp || exit 1 -# generate tarball in container, umount tmp it's a tmpfs and weird things could happen then -echo "Generate ISO ..." -# generate iso in container -systemd-nspawn -q -D "${_W_DIR}" /bin/bash -c "umount /tmp;archboot-${_ARCH}-iso.sh -g" || exit 1 -# remove not working lvm2 from latest image -echo "Remove lvm2 and openssh from container ${_W_DIR} ..." -systemd-nspawn -D "${_W_DIR}" /bin/bash -c "pacman -Rdd lvm2 openssh --noconfirm" >/dev/null 2>&1 -# generate latest tarball in container -echo "Generate latest ISO ..." -# generate latest iso in container -systemd-nspawn -q -D "${_W_DIR}" /bin/bash -c "umount /tmp;archboot-${_ARCH}-iso.sh -g -p=${_PRESET_LATEST} -r=$(date +%Y.%m.%d-%H.%M)-latest" || exit 1 -# create Release.txt with included main archlinux packages -echo "Generate Release.txt ..." -(echo "Welcome to ARCHBOOT INSTALLATION / RESCUEBOOT SYSTEM";\ - echo "Creation Tool: 'archboot' Tobias Powalowski ";\ - echo "Homepage: https://wiki.archlinux.org/title/Archboot";\ - echo "Architecture: ${_ARCH}";\ - echo "RAM requirement to boot: 1152 MB or greater";\ - echo "Archboot:$(systemd-nspawn -q -D "${_W_DIR}" pacman -Qi archboot-arm | grep Version | cut -d ":" -f2 | sed -e "s/\r//g")";\ - echo "Kernel:$(systemd-nspawn -q -D "${_W_DIR}" pacman -Qi linux | grep Version | cut -d ":" -f2 | sed -e "s/\r//g")";\ - echo "Pacman:$(systemd-nspawn -q -D "${_W_DIR}" pacman -Qi pacman | grep Version | cut -d ":" -f2 | sed -e "s/\r//g")";\ - echo "Systemd:$(systemd-nspawn -q -D "${_W_DIR}" pacman -Qi systemd | grep Version | cut -d ":" -f2 | sed -e "s/\r//g")") >>Release.txt -# move iso out of container -mv "${_W_DIR}"/*.iso ./ -# remove container -echo "Remove container ${_W_DIR} ..." -rm -r "${_W_DIR}" -# create boot directory with ramdisks -echo "Create boot directory ..." -mkdir -p boot/licenses/amd-ucode -for i in *.iso; do - if ! echo "${i}" | grep -q latest; then - isoinfo -R -i "${i}" -x /"${_AMD_UCODE}" 2>/dev/null > "${_AMD_UCODE}" - isoinfo -R -i "${i}" -x /"${_INITRAMFS}" 2>/dev/null > "${_INITRAMFS}" - isoinfo -R -i "${i}" -x /"${_KERNEL}" 2>/dev/null > "${_KERNEL_ARCHBOOT}" - else - isoinfo -R -i "${i}" -x /"${_INITRAMFS}" 2>/dev/null > "${_INITRAMFS_LATEST}" - fi -done -cp /usr/share/licenses/amd-ucode/* boot/licenses/amd-ucode/ -# create torrent files -for i in *.iso; do - echo "Generating ${i} torrent ..." - archboot-mktorrent.sh archboot/"${1}" "${i}" >/dev/null 2>&1 -done -# create sha256sums -echo "Generating sha256sum ..." -for i in *; do - [[ -f "${i}" ]] && cksum -a sha256 "${i}" >> sha256sum.txt -done -for i in boot/*; do - [[ -f "${i}" ]] && cksum -a sha256 "${i}" >> sha256sum.txt -done +_create_iso +_create_boot +_create_torrent +_create_cksum echo "Finished release creation in ${1} ." diff --git a/usr/bin/archboot-aarch64-server-release.sh b/usr/bin/archboot-aarch64-server-release.sh index 4be431a89..9737053d4 100755 --- a/usr/bin/archboot-aarch64-server-release.sh +++ b/usr/bin/archboot-aarch64-server-release.sh @@ -1,103 +1,9 @@ #! /bin/bash -_DIRECTORY="$(date +%Y.%m)" +source /usr/lib/archboot/functions +source /usr/lib/archboot/server_functions _ARCH="aarch64" -_ISODIR="/home/tobias/Arch/iso/${_ARCH}" -_BUILDDIR="$(mktemp -d ${_ISODIR}/server-release.XXX)" -_SERVER="pkgbuild.com" -_SERVER_HOME="/home/tpowa/" -_SERVER_DIR="/home/tpowa/public_html/archboot-images" -_USER="tobias" -_GROUP="users" -_GPG="--detach-sign --no-armor --batch --passphrase-file /etc/archboot/gpg.passphrase --pinentry-mode loopback -u 7EDF681F" -_PACMAN_AARCH__BUILDDIR="/home/tobias/Arch/iso" -_PACMAN_AARCH_SERVERDIR="/home/tpowa/public_html/archboot-helper/pacman-chroot-aarch64" -_PACMAN_AARCH64="pacman-aarch64-chroot" -_PACMAN_AARCH64_CHROOT_SERVER="https://pkgbuild.com/~tpowa/archboot-helper/pacman-chroot-aarch64" -_PACMAN_AARCH64_CHROOT="pacman-aarch64-chroot-latest.tar.zst" +_check_root +_check_buildserver +_update_aarch64_pacman_chroot +_server_release -### check for root -if ! [[ ${UID} -eq 0 ]]; then - echo "ERROR: Please run as root user!" - exit 1 -fi - -### check for tpowa's build server -if [[ ! "$(cat /etc/hostname)" == "T-POWA-LX" ]]; then - echo "This script should only be run on tpowa's build server. Aborting..." - exit 1 -fi -# update aarch64 pacman chroot -cd "${_PACMAN_AARCH__BUILDDIR}" || exit 1 -mkdir "${_PACMAN_AARCH64}" -echo "Downloading archlinuxarm pacman aarch64 chroot..." -[[ -f pacman-aarch64-chroot-latest.tar.zst ]] && rm pacman-aarch64-chroot-latest.tar.zst{,.sig} -wget ${_PACMAN_AARCH64_CHROOT_SERVER}/${_PACMAN_AARCH64_CHROOT}{,.sig} >/dev/null 2>&1 -# verify dowload -sudo -u "${_USER}" gpg --verify "${_PACMAN_AARCH64_CHROOT}.sig" >/dev/null 2>&1 || exit 1 -bsdtar -C "${_PACMAN_AARCH64}" -xf "${_PACMAN_AARCH64_CHROOT}" >/dev/null 2>&1 -echo "Removing installation tarball ..." -rm ${_PACMAN_AARCH64_CHROOT}{,.sig} >/dev/null 2>&1 -# update container to latest packages -echo "Update container to latest packages..." -systemd-nspawn -D "${_PACMAN_AARCH64}" pacman -Syu --noconfirm >/dev/null 2>&1 || exit 1 -# remove package cache -echo "Remove package cache from container ..." -rm ${_PACMAN_AARCH64}/var/cache/pacman/pkg/* -# enable parallel downloads -sed -i -e 's:^#ParallelDownloads:ParallelDownloads:g' "${_PACMAN_AARCH64}"/etc/pacman.conf -# fix network in container -rm "${_PACMAN_AARCH64}/etc/resolv.conf" -echo "nameserver 8.8.8.8" > "${_PACMAN_AARCH64}/etc/resolv.conf" -echo "Clean container, delete not needed files from ${_PACMAN_AARCH64} ..." -rm -r "${_PACMAN_AARCH64}"/usr/include >/dev/null 2>&1 -rm -r "${_PACMAN_AARCH64}"/usr/share/{man,doc,info,locale} >/dev/null 2>&1 -echo "Generating tarball ..." -tar -acf "${_PACMAN_AARCH64_CHROOT}" -C "${_PACMAN_AARCH64}" . -echo "Removing ${_PACMAN_AARCH64} ..." -rm -r "${_PACMAN_AARCH64}" -echo "Finished container tarball." -#shellcheck disable=SC2086 -sudo -u "${_USER}" gpg ${_GPG} "${_PACMAN_AARCH64_CHROOT}" -chown "${_USER}:${_GROUP}" ${_PACMAN_AARCH64_CHROOT}{,.sig} -sudo -u "${_USER}" scp ${_PACMAN_AARCH64_CHROOT}{,.sig} ${_SERVER}:${_PACMAN_AARCH_SERVERDIR} || exit 1 -# create release in "${_ISODIR}" -cd "${_ISODIR}" || exit 1 -"archboot-${_ARCH}-release.sh" "${_BUILDDIR}" || rm -r "${_BUILDDIR}" -# set user rights on files -# set user rights on files -[[ -d "${_BUILDDIR}" ]] || exit 1 -chown -R "${_USER}:${_GROUP}" "${_BUILDDIR}" -chmod 755 "${_BUILDDIR}" -cd "${_BUILDDIR}" || exit 1 -# remove sha256sum and install image -rm sha256sum.txt -# sign files and create new sha256sum.txt -for i in *; do - #shellcheck disable=SC2086 - [[ -f "${i}" ]] && sudo -u "${_USER}" gpg ${_GPG} "${i}" - [[ -f "${i}" ]] && cksum -a sha256 "${i}" >> sha256sum.txt - [[ -f "${i}.sig" ]] && cksum -a sha256 "${i}.sig" >> sha256sum.txt -done -for i in boot/*; do - #shellcheck disable=SC2086 - [[ -f "${i}" ]] && sudo -u "${_USER}" gpg ${_GPG} "${i}" - [[ -f "${i}" ]] && cksum -a sha256 "${i}" >> sha256sum.txt - [[ -f "${i}.sig" ]] && cksum -a sha256 "${i}.sig" >> sha256sum.txt -done -chown -R "${_USER}:${_GROUP}" ./* -cd .. -[[ -d "archive" ]] || mkdir archive -[[ -d "archive/${_DIRECTORY}" ]] && rm -r "archive/${_DIRECTORY}" -[[ -d "${_DIRECTORY}" ]] && mv "${_DIRECTORY}" archive/ -mv "${_BUILDDIR}" "${_DIRECTORY}" -# copy files to server -sudo -u "${_USER}" scp -r "${_DIRECTORY}" "${_SERVER}":"${_SERVER_HOME}" || exit 1 -# move files on server, create symlink and remove 3 month old release -sudo -u "${_USER}" ssh "${_SERVER}" < - +source /usr/lib/archboot/functions _D_SCRIPTS="" _L_COMPLETE="" _L_INSTALL_COMPLETE="" _G_RELEASE="" -_RUNNING_ARCH="$(uname -m)" _CONFIG="/etc/archboot/${_RUNNING_ARCH}-update_installer.conf" _W_DIR="/archboot" _INSTALLER_SOURCE="https://gitlab.archlinux.org/tpowa/archboot/-/raw/master/usr/bin" kver() { # get kernel version from installed kernel - [[ "$(uname -m)" == "x86_64" ]] && VMLINUZ="${_W_DIR}/boot/vmlinuz-linux" - [[ "$(uname -m)" == "aarch64" ]] && VMLINUZ="${_W_DIR}/boot/Image" + [[ "${_RUNNING_ARCH}" == "x86_64" ]] && VMLINUZ="${_W_DIR}/boot/vmlinuz-linux" + [[ "${_RUNNING_ARCH}" == "aarch64" ]] && VMLINUZ="${_W_DIR}/boot/Image" if [[ -f "${VMLINUZ}" ]]; then offset=$(hexdump -s 526 -n 2 -e '"%0d"' "${VMLINUZ}") read -r _HWKVER _ < <(dd if="${VMLINUZ}" bs=1 count=127 skip=$(( offset + 0x200 )) 2>/dev/null) @@ -73,7 +72,10 @@ if [[ "${_D_SCRIPTS}" == "1" ]]; then [[ -e /usr/bin/archboot-${_RUNNING_ARCH}-release.sh ]] && wget -q "$_INSTALLER_SOURCE/archboot-${_RUNNING_ARCH}-release.sh?inline=false" -O "/usr/bin/archboot-${_RUNNING_ARCH}-release.sh" >/dev/null 2>&1 [[ -e /usr/bin/archboot-binary-check.sh ]] && wget -q "$_INSTALLER_SOURCE/archboot-binary-check.sh?inline=false" -O /usr/bin/archboot-binary-check.sh >/dev/null 2>&1 [[ -e /usr/bin/update-installer.sh ]] && wget -q "$_INSTALLER_SOURCE/archboot-update-installer.sh?inline=false" -O /usr/bin/update-installer.sh >/dev/null 2>&1 - + [[ -e /usr/lib/archboot/functions ]] && wget -q "$_INSTALLER_SOURCE/functions?inline=false" -O "/usr/lib/archboot/functions" >/dev/null 2>&1 + [[ -e /usr/lib/archboot/container_functions ]] && wget -q "$_INSTALLER_SOURCE/container_functions?inline=false" -O "/usr/lib/archboot/container_functions" >/dev/null 2>&1 + [[ -e /usr/lib/archboot/release_functions ]] && wget -q "$_INSTALLER_SOURCE/release_functions?inline=false" -O "/usr/lib/archboot/release_functions" >/dev/null 2>&1 + [[ -e /usr/lib/archboot/iso_functions ]] && wget -q "$_INSTALLER_SOURCE/iso_functions?inline=false" -O "/usr/lib/archboot/iso_functions" >/dev/null 2>&1 echo "Finished: Downloading scripts done." exit 0 fi diff --git a/usr/bin/archboot-x86_64-create-container.sh b/usr/bin/archboot-x86_64-create-container.sh index 166d3d0f8..63c311674 100755 --- a/usr/bin/archboot-x86_64-create-container.sh +++ b/usr/bin/archboot-x86_64-create-container.sh @@ -1,110 +1,30 @@ #!/usr/bin/env bash # created by Tobias Powalowski -_PWD="$(pwd)" -_BASENAME="$(basename "${0}")" -_CACHEDIR="$1/var/cache/pacman/pkg" -_CLEANUP_CACHE="" -_SAVE_RAM="" -_LINUX_FIRMWARE="linux-firmware" -_DIR="" - -usage () { - echo "CREATE ARCHBOOT CONTAINER" - echo "-----------------------------" - echo "This will create an archboot container for an archboot image." - echo "Usage: ${_BASENAME} " - echo " Options:" - echo " -cc Cleanup container eg. remove manpages, includes ..." - echo " -cp Cleanup container package cache" - exit 0 -} - -[[ -z "${1}" ]] && usage - +source /usr/lib/archboot/functions +source /usr/lib/archboot/container_functions +_ARCHBOOT="archboot" +_KEYRING="archlinux" +[[ -z "${1}" ]] && _usage _DIR="$1" - -while [ $# -gt 0 ]; do - case ${1} in - -cc|--cc) _SAVE_RAM="1" ;; - -cp|--cp) _CLEANUP_CACHE="1" ;; - esac - shift -done - -### check for root -if ! [[ ${UID} -eq 0 ]]; then - echo "ERROR: Please run as root user!" - exit 1 -fi -### check for x86_64 -if ! [[ "$(uname -m)" == "x86_64" ]]; then - echo "ERROR: Pleae run on x86_64 hardware." - exit 1 -fi -# prepare pacman dirs +#shellcheck disable=SC2120 +_parameters +_root_check +_x86_64_check echo "Starting container creation ..." echo "Create directories in ${_DIR} ..." -mkdir -p "${_DIR}"/var/lib/pacman -mkdir -p "${_CACHEDIR}" -[[ -e "${_DIR}/proc" ]] || mkdir -m 555 "${_DIR}/proc" -[[ -e "${_DIR}/sys" ]] || mkdir -m 555 "${_DIR}/sys" -[[ -e "${_DIR}/dev" ]] || mkdir -m 755 "${_DIR}/dev" -# mount special filesystems to ${_DIR} -echo "Mount special filesystems in ${_DIR} ..." -mount proc "${_DIR}/proc" -t proc -o nosuid,noexec,nodev -mount sys "${_DIR}/sys" -t sysfs -o nosuid,noexec,nodev,ro -mount udev "${_DIR}/dev" -t devtmpfs -o mode=0755,nosuid -mount devpts "${_DIR}/dev/pts" -t devpts -o mode=0620,gid=5,nosuid,noexec -mount shm "${_DIR}/dev/shm" -t tmpfs -o mode=1777,nosuid,nodev -# install archboot -echo "Installing packages base linux and ${_LINUX_FIRMWARE} to ${_DIR} ..." -pacman --root "${_DIR}" -Sy base linux "${_LINUX_FIRMWARE}" --ignore systemd-resolvconf --noconfirm --cachedir "${_PWD}"/"${_CACHEDIR}" >/dev/null 2>&1 -rm "${_DIR}"/usr/share/libalpm/hooks/60-mkinitcpio-remove.hook -rm "${_DIR}"/usr/share/libalpm/hooks/90-mkinitcpio-install.hook -rm "${_DIR}"/boot/{initramfs-linux.img,initramfs-linux-fallback.img} -if [[ "${_CLEANUP_CACHE}" == "1" ]]; then - # clean cache - echo "Clean pacman cache from ${_DIR} ..." - rm -r "${_DIR}"/var/cache/pacman -fi -echo "Installing archboot to ${_DIR} ..." -pacman --root "${_DIR}" -Sy archboot --ignore systemd-resolvconf --noconfirm >/dev/null 2>&1 -if [[ "${_SAVE_RAM}" == "1" ]]; then - # clean container from not needed files - echo "Clean container, delete not needed files from ${_DIR} ..." - rm -r "${_DIR}"/usr/include - rm -r "${_DIR}"/usr/share/{aclocal,applications,audit,avahi,awk,bash-completion,cmake,common-lisp,cracklib,dhclient,dhcpcd,dict,dnsmasq,emacs,et,fish,gdb,gettext,gettext-0.21,glib-2.0,gnupg,graphite2,gtk-doc,iana-etc,icons,icu,iptables,java,keyutils,libalpm,libgpg-error,makepkg-template,misc,mkinitcpio,ncat,ntp,p11-kit,readline,screen,smartmontools,ss,stoken,tabset,texinfo,vala,xml,xtables,zoneinfo-leaps,man,doc,info,perl5} - rm -r "${_DIR}"/usr/lib/{audit,avahi,awk,bash,bfd-plugins,binfmt.d,cifs-utils,cmake,coreutils,cryptsetup,cups,dracut,e2fsprogs,engines-1.1,environment.d,gawk,getconf,gettext,girepository-1.0,glib-2.0,gnupg,gssproxy,guile,icu,itcl4.2.2,iwd,kexec-tools,krb5,ldb,ldscripts,libnl,libproxy,named,ntfs-3g,openconnect,openssl-1.0,p11-kit,pcsc,perl5,pkcs11,pkgconfig,rsync,samba,sasl2,siconv,sysctl.d,sysusers.d,tar,tcl8.6,tcl8,tdbc1.1.3,tdbcmysql1.1.3,tdbcodbc1.1.3,tdbcpostgres1.1.3,terminfo,texinfo,thread2.8.7,valgrind,xfsprogs,xplc-0.3.13,xtables} -fi -# Clean cache on archboot environment -if [[ "$(cat /etc/hostname)" == "archboot" ]]; then - echo "Cleaning /var/cache/pacman/pkg ..." - rm -r /var/cache/pacman/pkg -fi -# umount special filesystems -echo "Umount special filesystems in to ${_DIR} ..." -umount -R "${_DIR}/proc" -umount -R "${_DIR}/sys" -umount -R "${_DIR}/dev" -# generate locales -echo "Create locales in container ..." -systemd-nspawn -D "${_DIR}" /bin/bash -c "echo 'en_US ISO-8859-1' >> /etc/locale.gen" >/dev/null 2>&1 -systemd-nspawn -D "${_DIR}" /bin/bash -c "echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen" >/dev/null 2>&1 -systemd-nspawn -D "${_DIR}" locale-gen >/dev/null 2>&1 -[[ "${_SAVE_RAM}" == "1" ]] && rm -r "${_DIR}"/usr/share/{i18n,locale} -# generate pacman keyring -echo "Generate pacman keyring in container ..." -systemd-nspawn -D "${_DIR}" pacman-key --init >/dev/null 2>&1 -systemd-nspawn -D "${_DIR}" pacman-key --populate archlinux >/dev/null 2>&1 -# copy local mirrorlist to container -echo "Create pacman config and mirrorlist in container..." -cp /etc/pacman.d/mirrorlist "${_DIR}"/etc/pacman.d/mirrorlist -# only copy from archboot pacman.conf, else use default file -[[ "$(cat /etc/hostname)" == "archboot" ]] && cp /etc/pacman.conf "${_DIR}"/etc/pacman.conf -# disable checkspace option in pacman.conf, to allow to install packages in environment -sed -i -e 's:^CheckSpace:#CheckSpace:g' "${_DIR}"/etc/pacman.conf -# enable parallel downloads -sed -i -e 's:^#ParallelDownloads:ParallelDownloads:g' "${_DIR}"/etc/pacman.conf +_prepare_pacman +_install_base_packages +_cleanmkinitcpio +_cleancache +_install_archboot +_umount_special +_cleancontainer +_clean_archboot_cache +_generate_locales +_clean_locale +_generate_keyring +_copy_mirrorlist_and_pacman_conf +_change_pacman_conf # enable [testing] if enabled in host if grep -q "^\[testing" /etc/pacman.conf; then echo "Enable [testing] repository in container ..." @@ -112,6 +32,5 @@ if grep -q "^\[testing" /etc/pacman.conf; then sed -i -e '/^#\[community-testing\]/ { n ; s/^#// }' "${_DIR}/etc/pacman.conf" sed -i -e 's:^#\[testing\]:\[testing\]:g' -e 's:^#\[community-testing\]:\[community-testing\]:g' "${_DIR}/etc/pacman.conf" fi -echo "Setting hostname to archboot ..." -systemd-nspawn -D "${_DIR}" /bin/bash -c "echo archboot > /etc/hostname" >/dev/null 2>&1 +_set_hostname echo "Finished container setup in ${_DIR} ." diff --git a/usr/bin/archboot-x86_64-iso.sh b/usr/bin/archboot-x86_64-iso.sh index 9fb78ef10..7f45b9193 100755 --- a/usr/bin/archboot-x86_64-iso.sh +++ b/usr/bin/archboot-x86_64-iso.sh @@ -1,171 +1,22 @@ #!/usr/bin/env bash # created by Tobias Powalowski - -_BASENAME="$(basename "${0}")" -_PRESET_DIR="/etc/archboot/presets" -_SHIM_URL="https://pkgbuild.com/~tpowa/archboot-helper/fedora-shim" -_GRUB_CONFIG="/usr/share/archboot/grub/grub.cfg" -# covered by usage -_GENERATE="" -_PRESET="" -_IMAGENAME="" -_RELEASENAME="" -# temporary directories -_X86_64="$(mktemp -d X86_64.XXX)" - -usage () { - echo "${_BASENAME}: usage" - echo "CREATE X86_64 USB/CD IMAGES" - echo "-----------------------------" - echo "PARAMETERS:" - echo " -g Start generation of image." - echo " -p=PRESET Which preset should be used." - echo " /etc/archboot/presets locates the presets" - echo " default=x86_64" - echo " -i=IMAGENAME Your IMAGENAME." - echo " -r=RELEASENAME Use RELEASENAME in boot message." - echo " -h This message." - exit 0 -} - -# change to english locale! -export LANG="en_US" - -while [ $# -gt 0 ]; do - case ${1} in - -g|--g) _GENERATE="1" ;; - -p=*|--p=*) _PRESET="$(echo "${1}" | awk -F= '{print $2;}')" ;; - -i=*|--i=*) _IMAGENAME="$(echo "${1}" | awk -F= '{print $2;}')" ;; - -r=*|--r=*) _RELEASENAME="$(echo "${1}" | awk -F= '{print $2;}')" ;; - -h|--h|?) usage ;; - *) usage ;; - esac - shift -done - -### check for root -if ! [[ ${UID} -eq 0 ]]; then - echo "ERROR: Please run as root user!" - exit 1 -fi - -### check for aarch64 -if ! [[ "$(uname -m)" == "x86_64" ]]; then - echo "ERROR: Please run on x86_64 hardware." - exit 1 -fi - -[[ "${_GENERATE}" == "1" ]] || usage - -#set PRESET -[[ -z "${_PRESET}" ]] && _PRESET="x86_64" -_PRESET="${_PRESET_DIR}/${_PRESET}" - -# set defaults, if nothing given -[[ -z "${_RELEASENAME}" ]] && _RELEASENAME="$(date +%Y.%m.%d-%H.%M)" -[[ -z "${_IMAGENAME}" ]] && _IMAGENAME="archlinux-archboot-${_RELEASENAME}-x86_64" - -_prepare_kernel_initramfs_files() { - source "${_PRESET}" - mkdir -p "${_X86_64}/EFI/BOOT" - mkdir -p "${_X86_64}/boot" - # fix for mkinitcpio 31 - # https://bugs.archlinux.org/task/72882 - # remove on mkinitcpio 32 release - cp "/usr/lib/initcpio/functions" "/usr/lib/initcpio/functions.old" - [[ -f "/usr/share/archboot/patches/31-initcpio.functions.fixed" ]] && cp "/usr/share/archboot/patches/31-initcpio.functions.fixed" "/usr/lib/initcpio/functions" - mkinitcpio -c "${MKINITCPIO_CONFIG}" -k "${ALL_kver}" -g "${_X86_64}/boot/initramfs_x86_64.img" || exit 1 - mv "/usr/lib/initcpio/functions.old" "/usr/lib/initcpio/functions" - install -m644 "${ALL_kver}" "${_X86_64}/boot/vmlinuz_x86_64" - # install ucode files - cp /boot/{intel-ucode.img,amd-ucode.img} "${_X86_64}/boot/" - # fix license files - mkdir -p "${_X86_64}"/licenses/{amd-ucode,intel-ucode} - cp /usr/share/licenses/amd-ucode/LICENSE.amd-ucode "${_X86_64}/licenses/amd-ucode" - cp /usr/share/licenses/intel-ucode/LICENSE "${_X86_64}/licenses/intel-ucode" -} - -_prepare_efitools_uefi () { - cp -f "/usr/share/efitools/efi/HashTool.efi" "${_X86_64}/EFI/tools/HashTool.efi" - cp -f "/usr/share/efitools/efi/KeyTool.efi" "${_X86_64}/EFI/tools/KeyTool.efi" -} - -_prepare_fedora_shim_bootloaders () { - # Details on shim https://www.rodsbooks.com/efi-bootloaders/secureboot.html#initial_shim - # add shim x64 signed files from fedora - for i in mmx64.efi BOOTX64.efi mmia32.efi BOOTIA32.efi; do - curl -s --create-dirs -L -O --output-dir "${_X86_64}/EFI/BOOT/" "${_SHIM_URL}/${i}" - done -} - -_prepare_uefi_image() { - ## get size of boot x86_64 files - BOOTSIZE=$(du -bc "${_X86_64}"/EFI | grep total | cut -f1) - IMGSZ=$(( (BOOTSIZE*102)/100/1024 + 1)) # image size in sectors - ## Create cdefiboot.img - dd if=/dev/zero of="${_X86_64}"/efi.img bs="${IMGSZ}" count=1024 - VFAT_IMAGE="${_X86_64}/efi.img" - mkfs.vfat "${VFAT_IMAGE}" - ## Copy all files to UEFI vfat image - mcopy -i "${VFAT_IMAGE}" -s "${_X86_64}"/EFI ::/ -} - -_download_uefi_shell_tianocore() { - mkdir -p "${_X86_64}/EFI/tools/" - ## Install Tianocore UDK/EDK2 ShellBinPkg UEFI X64 "Full Shell" - For UEFI Spec. >=2.3 systems - cp /usr/share/edk2-shell/x64/Shell.efi "${_X86_64}/EFI/tools/shellx64_v2.efi" - ## Install Tianocore UDK/EDK2 EdkShellBinPkg UEFI X64 "Full Shell" - For UEFI Spec. <2.3 systems - cp /usr/share/edk2-shell/x64/Shell_Full.efi "${_X86_64}/EFI/tools/shellx64_v1.efi" - ## Install Tianocore UDK/EDK2 ShellBinPkg UEFI IA32 "Full Shell" - For UEFI Spec. >=2.3 systems - cp /usr/share/edk2-shell/ia32/Shell.efi "${_X86_64}/EFI/tools/shellia32_v2.efi" - ## InstallTianocore UDK/EDK2 EdkShellBinPkg UEFI IA32 "Full Shell" - For UEFI Spec. <2.3 systems - cp /usr/share/edk2-shell/ia32/Shell_Full.efi "${_X86_64}/EFI/tools/shellia32_v1.efi" -} - -# build grubXXX with all modules: http://bugs.archlinux.org/task/71382 -# If you don't use shim use --disable-shim-lock -_prepare_uefi_X64_GRUB_USB_files() { - ### Hint: https://src.fedoraproject.org/rpms/grub2/blob/rawhide/f/grub.macros#_407 - grub-mkstandalone -d /usr/lib/grub/x86_64-efi -O x86_64-efi --sbat=/usr/share/grub/sbat.csv --modules="all_video boot btrfs cat configfile cryptodisk echo efi_gop efi_uga efifwsetup efinet ext2 f2fs fat font gcry_rijndael gcry_rsa gcry_serpent gcry_sha256 gcry_twofish gcry_whirlpool gfxmenu gfxterm gzio halt hfsplus http iso9660 loadenv loopback linux lvm lsefi lsefimmap luks luks2 mdraid09 mdraid1x minicmd net normal part_apple part_msdos part_gpt password_pbkdf2 pgp png reboot regexp search search_fs_uuid search_fs_file search_label serial sleep syslinuxcfg test tftp video xfs zstd backtrace chain tpm usb usbserial_common usbserial_pl2303 usbserial_ftdi usbserial_usbdebug keylayouts at_keyboard" --fonts="unicode" --locales="" --themes="" -o "${_X86_64}/EFI/BOOT/grubx64.efi" "boot/grub/grub.cfg=${_GRUB_CONFIG}" -} - -_prepare_uefi_IA32_GRUB_USB_files() { - ### Hint: https://src.fedoraproject.org/rpms/grub2/blob/rawhide/f/grub.macros#_407 - grub-mkstandalone -d /usr/lib/grub/i386-efi -O i386-efi --sbat=/usr/share/grub/sbat.csv --modules="all_video boot btrfs cat configfile cryptodisk echo efi_gop efi_uga efifwsetup efinet ext2 f2fs fat font gcry_rijndael gcry_rsa gcry_serpent gcry_sha256 gcry_twofish gcry_whirlpool gfxmenu gfxterm gzio halt hfsplus http iso9660 loadenv loopback linux lvm lsefi lsefimmap luks luks2 mdraid09 mdraid1x minicmd net normal part_apple part_msdos part_gpt password_pbkdf2 pgp png reboot regexp search search_fs_uuid search_fs_file search_label serial sleep syslinuxcfg test tftp video xfs zstd backtrace chain tpm usb usbserial_common usbserial_pl2303 usbserial_ftdi usbserial_usbdebug keylayouts at_keyboard" --fonts="unicode" --locales="" --themes="" -o "${_X86_64}/EFI/BOOT/grubia32.efi" "boot/grub/grub.cfg=${_GRUB_CONFIG}" -} - +source /usr/lib/archboot/functions +source /usr/lib/archboot/iso_functions +[[ -z "${1}" ]] && _usage +_parameters +_root_check +_x86_64_check +[[ "${_GENERATE}" == "1" ]] || _usage +_config echo "Starting ISO creation ..." -echo "Prepare kernel and initramfs ..." _prepare_kernel_initramfs_files - -echo "Prepare fedora shim ..." -_prepare_fedora_shim_bootloaders >/dev/null 2>&1 - -echo "Prepare uefi shells ..." +_prepare_fedora_shim_bootloaders_x86_64 >/dev/null 2>&1 _download_uefi_shell_tianocore >/dev/null 2>&1 - -echo "Prepare efitools ..." _prepare_efitools_uefi >/dev/null 2>&1 - -echo "Prepare X64 Grub ..." _prepare_uefi_X64_GRUB_USB_files >/dev/null 2>&1 - -echo "Prepare IA32 Grub ..." _prepare_uefi_IA32_GRUB_USB_files >/dev/null 2>&1 - -echo "Prepare UEFI image ..." _prepare_uefi_image >/dev/null 2>&1 - -## Generate the BIOS+ISOHYBRID+UEFI CD image -echo "Generating X86_64 hybrid ISO ..." -grub-mkrescue --compress="xz" --fonts="unicode" --locales="" --themes="" -o "${_IMAGENAME}.iso" "${_X86_64}"/ "boot/grub/grub.cfg=${_GRUB_CONFIG}" &> "${_IMAGENAME}.log" - -## create sha256sums.txt -echo "Generating sha256sum ..." -rm -f "sha256sums.txt" || true -cksum -a sha256 ./*.iso > "sha256sums.txt" - -# cleanup -echo "Cleanup remove ${_X86_64} ..." -rm -rf "${_X86_64}" +_grub_mkrescure +_create_cksum +_cleanup_iso echo "Finished ISO creation." diff --git a/usr/bin/archboot-x86_64-release.sh b/usr/bin/archboot-x86_64-release.sh index 5744c62a4..38ad0b657 100755 --- a/usr/bin/archboot-x86_64-release.sh +++ b/usr/bin/archboot-x86_64-release.sh @@ -1,95 +1,16 @@ #!/usr/bin/env bash # created by Tobias Powalowski +source /usr/lib/archboot/functions +source /usr/lib/archboot/release_functions +_ARCHBOOT="archboot" -_BASENAME="$(basename "${0}")" -_ARCH="x86_64" -_PRESET_LATEST="${_ARCH}-latest" -_AMD_UCODE="boot/amd-ucode.img" -_INTEL_UCODE="boot/intel-ucode.img" -_INITRAMFS="boot/initramfs_${_ARCH}.img" -_INITRAMFS_LATEST="boot/initramfs_${_ARCH}-latest.img" -_KERNEL="boot/vmlinuz_${_ARCH}" -_KERNEL_ARCHBOOT="boot/vmlinuz_archboot_${_ARCH}" -_W_DIR="$(mktemp -u archboot-release.XXX)" +[[ -z "${1}" ]] && _usage -usage () { - echo "CREATE ARCHBOOT RELEASE IMAGE" - echo "-----------------------------" - echo "Usage: ${_BASENAME} " - echo "This will create an archboot release image in ." - exit 0 -} - -[[ -z "${1}" ]] && usage - -### check for root -if ! [[ ${UID} -eq 0 ]]; then - echo "ERROR: Please run as root user!" - exit 1 -fi -### check for x86_64 -if ! [[ "$(uname -m)" == "x86_64" ]]; then - echo "ERROR: Pleae run on x86_64 hardware." - exit 1 -fi +_root_check +_x86_64_check echo "Start release creation in $1 ..." -mkdir -p "${1}" -cd "${1}" || exit 1 -# create container -archboot-${_ARCH}-create-container.sh "${_W_DIR}" -cc -cp || exit 1 -# generate tarball in container, umount tmp it's a tmpfs and weird things could happen then -echo "Generate ISO ..." -# generate iso in container -systemd-nspawn -q -D "${_W_DIR}" /bin/bash -c "umount /tmp;archboot-${_ARCH}-iso.sh -g" || exit 1 -# remove not working lvm2 from latest image -echo "Remove lvm2 and openssh from container ${_W_DIR} ..." -systemd-nspawn -D "${_W_DIR}" /bin/bash -c "pacman -Rdd lvm2 openssh --noconfirm" >/dev/null 2>&1 -# generate latest tarball in container -echo "Generate latest ISO ..." -# generate latest iso in container -systemd-nspawn -q -D "${_W_DIR}" /bin/bash -c "umount /tmp;archboot-${_ARCH}-iso.sh -g -p=${_PRESET_LATEST} -r=$(date +%Y.%m.%d-%H.%M)-latest" || exit 1 -# create Release.txt with included main archlinux packages -echo "Generate Release.txt ..." -(echo "Welcome to _ARCHBOOT INSTALLATION / RESCUEBOOT SYSTEM";\ - echo "Creation Tool: 'archboot' Tobias Powalowski ";\ - echo "Homepage: https://wiki.archlinux.org/title/Archboot";\ - echo "Architecture: ${_ARCH}";\ - echo "RAM requirement to boot: 1152 MB or greater";\ - echo "Archboot:$(systemd-nspawn -q -D "${_W_DIR}" pacman -Qi archboot | grep Version | cut -d ":" -f2 | sed -e "s/\r//g")";\ - echo "Kernel:$(systemd-nspawn -q -D "${_W_DIR}" pacman -Qi linux | grep Version | cut -d ":" -f2 | sed -e "s/\r//g")";\ - echo "Pacman:$(systemd-nspawn -q -D "${_W_DIR}" pacman -Qi pacman | grep Version | cut -d ":" -f2 | sed -e "s/\r//g")";\ - echo "Systemd:$(systemd-nspawn -q -D "${_W_DIR}" pacman -Qi systemd | grep Version | cut -d ":" -f2 | sed -e "s/\r//g")") >>Release.txt -# move iso out of container -mv "${_W_DIR}"/*.iso ./ -# remove container -echo "Remove container ${_W_DIR} ..." -rm -r "${_W_DIR}" -# create boot directory with ramdisks -echo "Create boot directory ..." -mkdir -p boot/licenses/{amd-ucode,intel-ucode} -for i in *.iso; do - if ! echo "${i}" | grep -q latest; then - isoinfo -R -i "${i}" -x /"${_AMD_UCODE}" 2>/dev/null > "${_AMD_UCODE}" - isoinfo -R -i "${i}" -x /"${_INTEL_UCODE}" 2>/dev/null > "${_INTEL_UCODE}" - isoinfo -R -i "${i}" -x /"${_INITRAMFS}" 2>/dev/null > "${_INITRAMFS}" - isoinfo -R -i "${i}" -x /"${_KERNEL}" 2>/dev/null > "${_KERNEL_ARCHBOOT}" - else - isoinfo -R -i "${i}" -x /"${_INITRAMFS}" 2>/dev/null > "${_INITRAMFS_LATEST}" - fi -done -cp /usr/share/licenses/amd-ucode/* boot/licenses/amd-ucode/ -cp /usr/share/licenses/intel-ucode/* boot/licenses/intel-ucode/ -# create torrent files -for i in *.iso; do - echo "Generating ${i} torrent ..." - archboot-mktorrent.sh archboot/"${1}" "${i}" >/dev/null 2>&1 -done -# create sha256sums -echo "Generating sha256sum ..." -for i in *; do - [[ -f "${i}" ]] && cksum -a sha256 "${i}" >> sha256sum.txt -done -for i in boot/*; do - [[ -f "${i}" ]] && cksum -a sha256 "${i}" >> sha256sum.txt -done +_create_iso +_create_boot +_create_torrent +_create_cksum echo "Finished release creation in ${1} ." diff --git a/usr/bin/archboot-x86_64-server-release.sh b/usr/bin/archboot-x86_64-server-release.sh index 222d4a791..0bc07f5e8 100755 --- a/usr/bin/archboot-x86_64-server-release.sh +++ b/usr/bin/archboot-x86_64-server-release.sh @@ -1,75 +1,11 @@ #! /bin/bash -_DIRECTORY="$(date +%Y.%m)" +source /usr/lib/archboot/functions +source /usr/lib/archboot/server_functions _ARCH="x86_64" -_ISODIR="/home/tobias/Arch/iso/${_ARCH}" -_BUILDDIR="$(mktemp -d ${_ISODIR}/server-release.XXX)" -_PACMAN_MIRROR="/etc/pacman.d/mirrorlist" -_PACMAN_CONF="/etc/pacman.conf" -_SERVER="pkgbuild.com" -_SERVER_HOME="/home/tpowa/" -_SERVER_DIR="/home/tpowa/public_html/archboot-images" -_USER="tobias" -_GROUP="users" -_GPG="--detach-sign --batch --no-armor --passphrase-file /etc/archboot/gpg.passphrase --pinentry-mode loopback -u 7EDF681F" +_check_root +_check_buildserver +_pacman_x86_64_use_default +_server_release +_pacman_x86_64_restore -### check for root -if ! [[ ${UID} -eq 0 ]]; then - echo "ERROR: Please run as root user!" - exit 1 -fi -### check for tpowa's build server -if [[ ! "$(cat /etc/hostname)" == "T-POWA-LX" ]]; then - echo "This script should only be run on tpowa's build server. Aborting..." - exit 1 -fi - -# use pacman.conf with disabled [testing] repository -cp "${_PACMAN_CONF}" "${_PACMAN_CONF}".old -cp "${_PACMAN_CONF}".archboot "${_PACMAN_CONF}" -# use mirrorlist with enabled rackspace mirror -cp "${_PACMAN_MIRROR}" "${_PACMAN_MIRROR}".old -cp "${_PACMAN_MIRROR}".archboot "${_PACMAN_MIRROR}" -# create release in "${_ISODIR}" -cd "${_ISODIR}" || exit 1 -"archboot-${_ARCH}-release.sh" "${_BUILDDIR}" || rm -r "${_BUILDDIR}" -# restore pacman.conf and mirrorlist -cp "${_PACMAN_MIRROR}".old "${_PACMAN_MIRROR}" -cp "${_PACMAN_CONF}".old "${_PACMAN_CONF}" -# set user rights on files -[[ -d "${_BUILDDIR}" ]] || exit 1 -chmod 755 "${_BUILDDIR}" -chown -R "${_USER}:${_GROUP}" "${_BUILDDIR}" -cd "${_BUILDDIR}" || exit 1 -# remove sha256sum -rm sha256sum.txt -# sign files and create new sha256sum.txt -for i in *; do - #shellcheck disable=SC2086 - [[ -f "${i}" ]] && sudo -u "${_USER}" gpg ${_GPG} "${i}" - [[ -f "${i}" ]] && cksum -a sha256 "${i}" >> sha256sum.txt - [[ -f "${i}.sig" ]] && cksum -a sha256 "${i}.sig" >> sha256sum.txt -done -for i in boot/*; do - #shellcheck disable=SC2086 - [[ -f "${i}" ]] && sudo -u "${_USER}" gpg ${_GPG} "${i}" - [[ -f "${i}" ]] && cksum -a sha256 "${i}" >> sha256sum.txt - [[ -f "${i}.sig" ]] && cksum -a sha256 "${i}.sig" >> sha256sum.txt -done -chown -R "${_USER}:${_GROUP}" ./* -cd .. -[[ -d "archive" ]] || mkdir archive -[[ -d "archive/${_DIRECTORY}" ]] && rm -r "archive/${_DIRECTORY}" -[[ -d "${_DIRECTORY}" ]] && mv "${_DIRECTORY}" archive/ -mv "${_BUILDDIR}" "${_DIRECTORY}" -# copy files to server -sudo -u "${_USER}" scp -r "${_DIRECTORY}" "${_SERVER}":"${_SERVER_HOME}" || exit 1 -# move files on server, create symlink and remove 3 month old release -sudo -u "${_USER}" ssh "${_SERVER}" < " + echo " Options:" + echo " -cc Cleanup container eg. remove manpages, includes ..." + echo " -cp Cleanup container package cache" + exit 0 +} + +_parameters() { + while [ $# -gt 0 ]; do + case ${1} in + -cc|--cc) _CLEANUP_CONTAINER="1" ;; + -cp|--cp) _CLEANUP_CACHE="1" ;; + esac + shift + done +} + +_cleancache() { + if [[ "${_CLEANUP_CACHE}" == "1" ]]; then + # clean cache + echo "Clean pacman cache in ${_DIR} ..." + rm -r "${_DIR}"/var/cache/pacman + fi +} + +# clean container from not needed files +_cleancontainer() { + if [[ "${_CLEANUP_CONTAINER}" == "1" ]]; then + echo "Clean container, delete not needed files from ${_DIR} ..." + rm -r "${_DIR}"/usr/include + rm -r "${_DIR}"/usr/share/{aclocal,applications,audit,avahi,awk,bash-completion,cmake,common-lisp,cracklib,dhclient,dhcpcd,dict,dnsmasq,emacs,et,fish,gdb,gettext,gettext-0.21,glib-2.0,gnupg,graphite2,gtk-doc,iana-etc,icons,icu,iptables,keyutils,libalpm,libgpg-error,makepkg-template,misc,mkinitcpio,ncat,ntp,p11-kit,pixmaps,pkgconfig,readline,screen,smartmontools,ss,stoken,tabset,texinfo,vala,xml,xtables,zoneinfo-leaps,man,doc,info,perl5} + rm -r "${_DIR}"/usr/lib/{audit,avahi,awk,bash,binfmt.d,cifs-utils,cmake,coreutils,cryptsetup,cups,dracut,e2fsprogs,engines-1.1,environment.d,gawk,getconf,gettext,girepository-1.0,glib-2.0,gnupg,gssproxy,guile,icu,itcl4.2.2,iwd,krb5,ldb,ldscripts,libnl,libproxy,named,ntfs-3g,openconnect,openssl-1.0,p11-kit,pcsc,perl5,pkcs11,pkgconfig,python3.10,rsync,samba,sasl2,siconv,sysctl.d,sysusers.d,tar,tcl8.6,tcl8,tdbc1.1.3,tdbcmysql1.1.3,tdbcodbc1.1.3,tdbcpostgres1.1.3,terminfo,texinfo,thread2.8.7,valgrind,xfsprogs,xplc-0.3.13,xtables} + fi +} + +# remove mkinitcpio hooks to speed up process, remove not needed initramdisks +_cleanmkinitcpio() { + echo "Clean mkinitcpio from ${_DIR} ..." + [[ -e "${_DIR}/usr/share/libalpm/hooks/60-mkinitcpio-remove.hook" ]] && rm "${_DIR}/usr/share/libalpm/hooks/60-mkinitcpio-remove.hook" + [[ -e "${_DIR}/usr/share/libalpm/hooks/90-mkinitcpio-install.hook" ]] && rm "${_DIR}/usr/share/libalpm/hooks/90-mkinitcpio-install.hook" + [[ -e "${_DIR}/boot/{initramfs-linux.img" ]] && rm "${_DIR}/boot/initramfs-linux.img" + [[ -e "${_DIR}/boot/initramfs-linux-fallback.img" ]] && rm "${_DIR}/boot/initramfs-linux-fallback.img" +} + +_clean_locale() { + [[ "${_SAVE_RAM}" == "1" ]] && (echo "Clean locale from ${_DIR} ..."; rm -r "${_DIR}"/usr/share/{i18n,locale}) +} + +_clean_archboot_cache() { + # Clean cache on archboot environment + grep -qw 'archboot' /etc/hostname && (echo "Cleaning archboot /var/cache/pacman/pkg ..."; rm -r /var/cache/pacman/pkg) +} + +_prepare_pacman() { + # prepare pacman dirs + mkdir -p "${_DIR}/var/lib/pacman" + mkdir -p "${_CACHEDIR}" + [[ -e "${_DIR}/proc" ]] || mkdir -m 555 "${_DIR}/proc" + [[ -e "${_DIR}/sys" ]] || mkdir -m 555 "${_DIR}/sys" + [[ -e "${_DIR}/dev" ]] || mkdir -m 755 "${_DIR}/dev" + # mount special filesystems to ${_DIR} + echo "Mount special filesystems in ${_DIR} ..." + mount proc "${_DIR}/proc" -t proc -o nosuid,noexec,nodev + mount sys "${_DIR}/sys" -t sysfs -o nosuid,noexec,nodev,ro + mount udev "${_DIR}/dev" -t devtmpfs -o mode=0755,nosuid + mount devpts "${_DIR}/dev/pts" -t devpts -o mode=0620,gid=5,nosuid,noexec + mount shm "${_DIR}/dev/shm" -t tmpfs -o mode=1777,nosuid,nodev +} + +_change_pacman_conf() { + # enable parallel downloads + sed -i -e 's:^#ParallelDownloads:ParallelDownloads:g' "${_DIR}"/etc/pacman.conf + # disable checkspace option in pacman.conf, to allow to install packages in environment + sed -i -e 's:^CheckSpace:#CheckSpace:g' "${_DIR}"/etc/pacman.conf +} + +# umount special filesystems +_umount_special() { + echo "Umount special filesystems in to ${_DIR} ..." + umount -R "${_DIR}/proc" + umount -R "${_DIR}/sys" + umount -R "${_DIR}/dev" +} + +_install_base_packages() { + echo "Installing packages base linux and ${_LINUX_FIRMWARE} to ${_DIR} ..." + pacman --root "${_DIR}" -Sy base linux "${_LINUX_FIRMWARE}" --ignore systemd-resolvconf --noconfirm --cachedir "${_PWD}"/"${_CACHEDIR}" >/dev/null 2>&1 +} + +_install_archboot() { + echo "Installing ${_ARCHBOOT} to ${_DIR} ..." + pacman --root "${_DIR}" -Sy "${_ARCHBOOT}" --ignore systemd-resolvconf --noconfirm >/dev/null 2>&1 +} + +_copy_mirrorlist_and_pacman_conf() { + # copy local mirrorlist to container + echo "Create pacman config and mirrorlist in container..." + cp "/etc/pacman.d/mirrorlist" "${_DIR}/etc/pacman.d/mirrorlist" + # only copy from archboot pacman.conf, else use default file + grep -qw 'archboot' /etc/hostname && cp /etc/pacman.conf "${_DIR}"/etc/pacman.conf +} + +_set_hostname() { + echo "Setting hostname to archboot ..." + echo 'archboot' > "${_DIR}/etc/hostname" >/dev/null 2>&1 +} diff --git a/usr/lib/archboot/functions b/usr/lib/archboot/functions new file mode 100644 index 000000000..5029629f1 --- /dev/null +++ b/usr/lib/archboot/functions @@ -0,0 +1,53 @@ +#!/bin/bash +# change to english locale! +export LANG="en_US" +_BASENAME="$(basename "${0}")" +_PWD="$(pwd)" +_RUNNING_ARCH="$(uname -m)" + +### check for root +_root_check() { + if ! [[ ${UID} -eq 0 ]]; then + echo "ERROR: Please run as root user!" + exit 1 + fi +} + +### check for x86_64 +_x86_64_check() { + if ! [[ "${_RUNNING_ARCH}" == "x86_64" ]]; then + echo "ERROR: Pleae run on x86_64 hardware." + exit 1 + fi +} + +### check for aarch64 +_check_aarch64() { + if ! [[ "${_RUNNING_ARCH}" == "aarch64" ]]; then + echo "ERROR: Please run on aarch64 hardware." + exit 1 + fi +} + +### check for tpowa's build server +_check_buildserver() { + if [[ ! "$(cat /etc/hostname)" == "T-POWA-LX" ]]; then + echo "This script should only be run on tpowa's build server. Aborting..." + exit 1 + fi +} + +# generate locales +_generate_locales() { + echo "Create locales in container ..." + echo 'en_US ISO-8859-1' >> "${_DIR}/etc/locale.gen" >/dev/null 2>&1 + echo 'en_US.UTF-8 UTF-8' >> "${_DIR}/etc/locale.gen" >/dev/null 2>&1 + systemd-nspawn -D "${_DIR}" locale-gen >/dev/null 2>&1 +} + +_generate_keyring() { + # generate pacman keyring + echo "Generate pacman keyring in container ..." + systemd-nspawn -D "${_DIR}" pacman-key --init >/dev/null 2>&1 + systemd-nspawn -D "${_DIR}" pacman-key --populate "${_KEYRING}" >/dev/null 2>&1 +} diff --git a/usr/lib/archboot/iso_functions b/usr/lib/archboot/iso_functions new file mode 100644 index 000000000..e60410612 --- /dev/null +++ b/usr/lib/archboot/iso_functions @@ -0,0 +1,165 @@ +#!/bin/bash +_PRESET_DIR="/etc/archboot/presets" +_SHIM_URL="https://pkgbuild.com/~tpowa/archboot-helper/fedora-shim" +_GRUB_CONFIG="/usr/share/archboot/grub/grub.cfg" +# covered by usage +_GENERATE="" +_PRESET="" +_IMAGENAME="" +_RELEASENAME="" +# temporary directories +_ISODIR="$(mktemp -d ISODIR.XXX)" + +_usage () { + echo "${_BASENAME}: usage" + echo "CREATE X86_64 USB/CD IMAGES" + echo "-----------------------------" + echo "PARAMETERS:" + echo " -g Start generation of image." + echo " -p=PRESET Which preset should be used." + echo " /etc/archboot/presets locates the presets" + echo " default=x86_64" + echo " -i=IMAGENAME Your IMAGENAME." + echo " -r=RELEASENAME Use RELEASENAME in boot message." + echo " -h This message." + exit 0 +} + +_parameters() { + while [ $# -gt 0 ]; do + case ${1} in + -g|--g) _GENERATE="1" ;; + -p=*|--p=*) _PRESET="$(echo "${1}" | awk -F= '{print $2;}')" ;; + -i=*|--i=*) _IMAGENAME="$(echo "${1}" | awk -F= '{print $2;}')" ;; + -r=*|--r=*) _RELEASENAME="$(echo "${1}" | awk -F= '{print $2;}')" ;; + -h|--h|?) usage ;; + *) _usage ;; + esac + shift + done +} + +_config() { + #set PRESET + [[ -z "${_PRESET}" ]] && _PRESET="${_RUNNING_ARCH}" + _PRESET="${_PRESET_DIR}/${_PRESET}" + + # set defaults, if nothing given + [[ -z "${_RELEASENAME}" ]] && _RELEASENAME="$(date +%Y.%m.%d-%H.%M)" + [[ -z "${_IMAGENAME}" ]] && _IMAGENAME="archlinux-archboot-${_RELEASENAME}-${_RUNNING_ARCH}" +} + +_prepare_kernel_initramfs_files() { + echo "Prepare kernel and initramfs ..." + source "${_PRESET}" + mkdir -p "${_ISODIR}/EFI/BOOT" + mkdir -p "${_ISODIR}/boot" + # fix for mkinitcpio 31 + # https://bugs.archlinux.org/task/72882 + # remove on mkinitcpio 32 release + cp "/usr/lib/initcpio/functions" "/usr/lib/initcpio/functions.old" + [[ -f "/usr/share/archboot/patches/31-initcpio.functions.fixed" ]] && cp "/usr/share/archboot/patches/31-initcpio.functions.fixed" "/usr/lib/initcpio/functions" + mkinitcpio -c "${MKINITCPIO_CONFIG}" -k "${ALL_kver}" -g "${_ISODIR}/boot/initramfs_${_RUNNING_ARCH}.img" || exit 1 + mv "/usr/lib/initcpio/functions.old" "/usr/lib/initcpio/functions" + install -m644 "${ALL_kver}" "${_ISODIR}/boot/vmlinuz_${_RUNNING_ARCH}" + # install ucode files + [[ "${_RUNNING_ARCH}" == "aarch64" ]] || cp /boot/intel-ucode.img "${_ISODIR}/boot/" + cp /boot/amd-ucode.img "${_ISODIR}/boot/" + # fix license files + mkdir -p "${_ISODIR}"/licenses/amd-ucode + [[ "${_RUNNING_ARCH}" == "aarch64" ]] || mkdir -p "${_ISODIR}"/licenses/intel-ucode + cp /usr/share/licenses/amd-ucode/LICENSE.amd-ucode "${_ISODIR}/licenses/amd-ucode" + [[ "${_RUNNING_ARCH}" == "aarch64" ]] || cp /usr/share/licenses/intel-ucode/LICENSE "${_ISODIR}/licenses/intel-ucode" +} + +_prepare_fedora_shim_bootloaders_x86_64 () { + echo "Prepare fedora shim ..." + # Details on shim https://www.rodsbooks.com/efi-bootloaders/secureboot.html#initial_shim + # add shim x64 signed files from fedora + for i in mmx64.efi BOOTX64.efi mmia32.efi BOOTIA32.efi; do + curl -s --create-dirs -L -O --output-dir "${_ISODIR}/EFI/BOOT/" "${_SHIM_URL}/${i}" + done +} + +_prepare_fedora_shim_bootloaders_aarch64 () { + echo "Prepare fedora shim ..." + # Details on shim https://www.rodsbooks.com/efi-bootloaders/secureboot.html#initial_shim + # add shim aa64 signed files from fedora + for i in mmaa64.efi BOOTAA64.efi; do + curl -s --create-dirs -L -O --output-dir "${_ISODIR}/EFI/BOOT/" "${_SHIM_URL}/${i}" + done +} + +_prepare_efitools_uefi () { + echo "Prepare efitools ..." + cp -f "/usr/share/efitools/efi/HashTool.efi" "${_ISODIR}/EFI/tools/HashTool.efi" + cp -f "/usr/share/efitools/efi/KeyTool.efi" "${_ISODIR}/EFI/tools/KeyTool.efi" +} + +_download_uefi_shell_tianocore() { + echo "Prepare uefi shells ..." + mkdir -p "${_ISODIR}/EFI/tools/" + ## Install Tianocore UDK/EDK2 ShellBinPkg UEFI X64 "Full Shell" - For UEFI Spec. >=2.3 systems + cp /usr/share/edk2-shell/x64/Shell.efi "${_ISODIR}/EFI/tools/shellx64_v2.efi" + ## Install Tianocore UDK/EDK2 EdkShellBinPkg UEFI X64 "Full Shell" - For UEFI Spec. <2.3 systems + cp /usr/share/edk2-shell/x64/Shell_Full.efi "${_ISODIR}/EFI/tools/shellx64_v1.efi" + ## Install Tianocore UDK/EDK2 ShellBinPkg UEFI IA32 "Full Shell" - For UEFI Spec. >=2.3 systems + cp /usr/share/edk2-shell/ia32/Shell.efi "${_ISODIR}/EFI/tools/shellia32_v2.efi" + ## InstallTianocore UDK/EDK2 EdkShellBinPkg UEFI IA32 "Full Shell" - For UEFI Spec. <2.3 systems + cp /usr/share/edk2-shell/ia32/Shell_Full.efi "${_ISODIR}/EFI/tools/shellia32_v1.efi" +} + +# build grubXXX with all modules: http://bugs.archlinux.org/task/71382 +# If you don't use shim use --disable-shim-lock +_prepare_uefi_X64_GRUB_USB_files() { + echo "Prepare X64 Grub ..." + ### Hint: https://src.fedoraproject.org/rpms/grub2/blob/rawhide/f/grub.macros#_407 + grub-mkstandalone -d /usr/lib/grub/x86_64-efi -O x86_64-efi --sbat=/usr/share/grub/sbat.csv --modules="all_video boot btrfs cat configfile cryptodisk echo efi_gop efi_uga efifwsetup efinet ext2 f2fs fat font gcry_rijndael gcry_rsa gcry_serpent gcry_sha256 gcry_twofish gcry_whirlpool gfxmenu gfxterm gzio halt hfsplus http iso9660 loadenv loopback linux lvm lsefi lsefimmap luks luks2 mdraid09 mdraid1x minicmd net normal part_apple part_msdos part_gpt password_pbkdf2 pgp png reboot regexp search search_fs_uuid search_fs_file search_label serial sleep syslinuxcfg test tftp video xfs zstd backtrace chain tpm usb usbserial_common usbserial_pl2303 usbserial_ftdi usbserial_usbdebug keylayouts at_keyboard" --fonts="unicode" --locales="" --themes="" -o "${_ISODIR}/EFI/BOOT/grubx64.efi" "boot/grub/grub.cfg=${_GRUB_CONFIG}" +} + +_prepare_uefi_IA32_GRUB_USB_files() { + echo "Prepare IA32 Grub ..." + ### Hint: https://src.fedoraproject.org/rpms/grub2/blob/rawhide/f/grub.macros#_407 + grub-mkstandalone -d /usr/lib/grub/i386-efi -O i386-efi --sbat=/usr/share/grub/sbat.csv --modules="all_video boot btrfs cat configfile cryptodisk echo efi_gop efi_uga efifwsetup efinet ext2 f2fs fat font gcry_rijndael gcry_rsa gcry_serpent gcry_sha256 gcry_twofish gcry_whirlpool gfxmenu gfxterm gzio halt hfsplus http iso9660 loadenv loopback linux lvm lsefi lsefimmap luks luks2 mdraid09 mdraid1x minicmd net normal part_apple part_msdos part_gpt password_pbkdf2 pgp png reboot regexp search search_fs_uuid search_fs_file search_label serial sleep syslinuxcfg test tftp video xfs zstd backtrace chain tpm usb usbserial_common usbserial_pl2303 usbserial_ftdi usbserial_usbdebug keylayouts at_keyboard" --fonts="unicode" --locales="" --themes="" -o "${_ISODIR}/EFI/BOOT/grubia32.efi" "boot/grub/grub.cfg=${_GRUB_CONFIG}" +} + +# build grubXXX with all modules: http://bugs.archlinux.org/task/71382 +# If you don't use shim use --disable-shim-lock +_prepare_uefi_AA64_GRUB_USB_files() { + echo "Prepare AA64 Grub ..." + ### Hint: https://src.fedoraproject.org/rpms/grub2/blob/rawhide/f/grub.macros#_407 + grub-mkstandalone -d /usr/lib/grub/arm64-efi -O arm64-efi --sbat=/usr/share/grub/sbat.csv --modules="all_video boot btrfs cat configfile cryptodisk echo efi_gop efifwsetup efinet ext2 f2fs fat font gcry_rijndael gcry_rsa gcry_serpent gcry_sha256 gcry_twofish gcry_whirlpool gfxmenu gfxterm gzio halt hfsplus http iso9660 loadenv loopback linux lvm lsefi lsefimmap luks luks2 mdraid09 mdraid1x minicmd net normal part_apple part_msdos part_gpt password_pbkdf2 pgp png reboot regexp search search_fs_uuid search_fs_file search_label serial sleep syslinuxcfg test tftp video xfs zstd chain tpm" --fonts="unicode" --locales="" --themes="" -o "${_ISODIR}/EFI/BOOT/grubaa64.efi" "boot/grub/grub.cfg=${_GRUB_CONFIG}" +} + +_prepare_uefi_image() { + echo "Prepare UEFI image ..." + ## get size of boot files + BOOTSIZE=$(du -bc "${_ISODIR}"/EFI | grep total | cut -f1) + IMGSZ=$(( (BOOTSIZE*102)/100/1024 + 1)) # image size in sectors + ## Create cdefiboot.img + dd if=/dev/zero of="${_ISODIR}"/efi.img bs="${IMGSZ}" count=1024 + VFAT_IMAGE="${_ISODIR}/efi.img" + mkfs.vfat "${VFAT_IMAGE}" + ## Copy all files to UEFI vfat image + mcopy -i "${VFAT_IMAGE}" -s "${_ISODIR}"/EFI ::/ +} + +_grub_mkrescue() { + ## Generate the BIOS+ISOHYBRID+UEFI CD image + echo "Generating ${_RUNNING_ARCH} hybrid ISO ..." + grub-mkrescue --compress=xz --fonts="unicode" --locales="" --themes="" -o "${_IMAGENAME}.iso" "${_ISODIR}"/ "boot/grub/grub.cfg=${_GRUB_CONFIG}" &> "${_IMAGENAME}.log" +} + +_create_cksum() { +## create sha256sums.txt +echo "Generating sha256sum ..." +[[ -f "sha256sums.txt" ]] && rm "sha256sums.txt" +cksum -a sha256 ./*.iso > "sha256sums.txt" +} + +_cleanup_iso() { +# cleanup + echo "Cleanup remove ${_ISODIR} ..." + [[ -d "${_ISODIR}" ]] && rm -r "${_ISODIR}" + [[ -d "${_SHIM}" ]] && rm -r "${_SHIM}" +} diff --git a/usr/lib/archboot/release_functions b/usr/lib/archboot/release_functions new file mode 100644 index 000000000..697037023 --- /dev/null +++ b/usr/lib/archboot/release_functions @@ -0,0 +1,89 @@ +#!/bin/bash +_PRESET_LATEST="${_RUNNING_ARCH}-latest" +_AMD_UCODE="boot/amd-ucode.img" +_INTEL_UCODE="boot/intel-ucode.img" +_INITRAMFS="boot/initramfs_${_RUNNING_ARCH}.img" +_INITRAMFS_LATEST="boot/initramfs_${_RUNNING_ARCH}-latest.img" +_KERNEL="boot/vmlinuz_${_RUNNING_ARCH}" +_KERNEL_ARCHBOOT="boot/vmlinuz_archboot_${_RUNNING_ARCH}" +_W_DIR="$(mktemp -u archboot-release.XXX)" + +_usage () { + echo "CREATE ARCHBOOT RELEASE IMAGE" + echo "-----------------------------" + echo "Usage: ${_BASENAME} " + echo "This will create an archboot release image in ." + exit 0 +} + +_create_iso() { + mkdir -p "${1}" + cd "${1}" || exit 1 + # create container + archboot-${_RUNNING_ARCH}-create-container.sh "${_W_DIR}" -cc -cp || exit 1 + # generate tarball in container, umount tmp it's a tmpfs and weird things could happen then + echo "Generate ISO ..." + # generate iso in container + systemd-nspawn -q -D "${_W_DIR}" /bin/bash -c "umount /tmp;archboot-${_RUNNING_ARCH}-iso.sh -g" || exit 1 + # remove not working lvm2 from latest image + echo "Remove lvm2 and openssh from container ${_W_DIR} ..." + systemd-nspawn -D "${_W_DIR}" /bin/bash -c "pacman -Rdd lvm2 openssh --noconfirm" >/dev/null 2>&1 + # generate latest tarball in container + echo "Generate latest ISO ..." + # generate latest iso in container + systemd-nspawn -q -D "${_W_DIR}" /bin/bash -c "umount /tmp;archboot-${_RUNNING_ARCH}-iso.sh -g -p=${_PRESET_LATEST} -r=$(date +%Y.%m.%d-%H.%M)-latest" || exit 1 + # create Release.txt with included main archlinux packages + echo "Generate Release.txt ..." + (echo "Welcome to _RUNNING_ARCHBOOT INSTALLATION / RESCUEBOOT SYSTEM";\ + echo "Creation Tool: 'archboot' Tobias Powalowski ";\ + echo "Homepage: https://wiki.archlinux.org/title/Archboot";\ + echo "Architecture: ${_RUNNING_ARCH}";\ + echo "RAM requirement to boot: 1152 MB or greater";\ + echo "Archboot:$(systemd-nspawn -q -D "${_W_DIR}" pacman -Qi ${_ARCHBOOT} | grep Version | cut -d ":" -f2 | sed -e "s/\r//g")";\ + echo "Kernel:$(systemd-nspawn -q -D "${_W_DIR}" pacman -Qi linux | grep Version | cut -d ":" -f2 | sed -e "s/\r//g")";\ + echo "Pacman:$(systemd-nspawn -q -D "${_W_DIR}" pacman -Qi pacman | grep Version | cut -d ":" -f2 | sed -e "s/\r//g")";\ + echo "Systemd:$(systemd-nspawn -q -D "${_W_DIR}" pacman -Qi systemd | grep Version | cut -d ":" -f2 | sed -e "s/\r//g")") >>Release.txt + # move iso out of container + mv "${_W_DIR}"/*.iso ./ + # remove container + echo "Remove container ${_W_DIR} ..." + rm -r "${_W_DIR}" +} + +_create_boot() { + # create boot directory with ramdisks + echo "Create boot directory ..." + mkdir -p boot/licenses/amd-ucode + [[ "${_RUNNING_ARCH}" == "aarch64" ]] || mkdir -p boot/licenses/intel-ucode + for i in *.iso; do + if ! echo "${i}" | grep -q latest; then + isoinfo -R -i "${i}" -x /"${_AMD_UCODE}" 2>/dev/null > "${_AMD_UCODE}" + [[ "${_RUNNING_ARCH}" == "aarch64" ]] || isoinfo -R -i "${i}" -x /"${_INTEL_UCODE}" 2>/dev/null > "${_INTEL_UCODE}" + isoinfo -R -i "${i}" -x /"${_INITRAMFS}" 2>/dev/null > "${_INITRAMFS}" + isoinfo -R -i "${i}" -x /"${_KERNEL}" 2>/dev/null > "${_KERNEL_ARCHBOOT}" + else + isoinfo -R -i "${i}" -x /"${_INITRAMFS}" 2>/dev/null > "${_INITRAMFS_LATEST}" + fi + done + cp /usr/share/licenses/amd-ucode/* boot/licenses/amd-ucode/ + [[ "${_RUNNING_ARCH}" == "aarch64" ]] || cp /usr/share/licenses/intel-ucode/* boot/licenses/intel-ucode/ +} + +_create_torrent() { + # create torrent files + for i in *.iso; do + echo "Generating ${i} torrent ..." + archboot-mktorrent.sh archboot/"${1}" "${i}" >/dev/null 2>&1 + done +} + +_create_cksum() { + # create sha256sums + echo "Generating sha256sum ..." + for i in *; do + [[ -f "${i}" ]] && cksum -a sha256 "${i}" >> sha256sum.txt + done + for i in boot/*; do + [[ -f "${i}" ]] && cksum -a sha256 "${i}" >> sha256sum.txt + done +} diff --git a/usr/lib/archboot/server_functions b/usr/lib/archboot/server_functions new file mode 100644 index 000000000..9817c0460 --- /dev/null +++ b/usr/lib/archboot/server_functions @@ -0,0 +1,112 @@ +#!/bin/bash +_DIRECTORY="$(date +%Y.%m)" +_ISOHOME="/home/tobias/Arch/iso/${_ARCH}" +_BUILDDIR="$(mktemp -d ${_ISOHOME}/server-release.XXX)" +_SERVER="pkgbuild.com" +_SERVER_HOME="/home/tpowa/" +_SERVER_DIR="/home/tpowa/public_html/archboot-images" +_USER="tobias" +_GROUP="users" +_GPG="--detach-sign --no-armor --batch --passphrase-file /etc/archboot/gpg.passphrase --pinentry-mode loopback -u 7EDF681F" +_PACMAN_AARCH_BUILDDIR="/home/tobias/Arch/iso" +_PACMAN_AARCH_SERVERDIR="/home/tpowa/public_html/archboot-helper/pacman-chroot-aarch64" +_PACMAN_AARCH64="pacman-aarch64-chroot" +_PACMAN_AARCH64_CHROOT_SERVER="https://pkgbuild.com/~tpowa/archboot-helper/pacman-chroot-aarch64" +_PACMAN_AARCH64_CHROOT="pacman-aarch64-chroot-latest.tar.zst" +_PACMAN_MIRROR="/etc/pacman.d/mirrorlist" +_PACMAN_CONF="/etc/pacman.conf" + +_update_aarch64_pacman_chroot() { + # update aarch64 pacman chroot + cd "${_PACMAN_AARCH_BUILDDIR}" || exit 1 + mkdir "${_PACMAN_AARCH64}" + echo "Downloading archlinuxarm pacman aarch64 chroot..." + [[ -f pacman-aarch64-chroot-latest.tar.zst ]] && rm pacman-aarch64-chroot-latest.tar.zst{,.sig} + wget ${_PACMAN_AARCH64_CHROOT_SERVER}/${_PACMAN_AARCH64_CHROOT}{,.sig} >/dev/null 2>&1 + # verify dowload + sudo -u "${_USER}" gpg --verify "${_PACMAN_AARCH64_CHROOT}.sig" >/dev/null 2>&1 || exit 1 + bsdtar -C "${_PACMAN_AARCH64}" -xf "${_PACMAN_AARCH64_CHROOT}" >/dev/null 2>&1 + echo "Removing installation tarball ..." + rm ${_PACMAN_AARCH64_CHROOT}{,.sig} >/dev/null 2>&1 + # update container to latest packages + echo "Update container to latest packages..." + systemd-nspawn -D "${_PACMAN_AARCH64}" pacman -Syu --noconfirm >/dev/null 2>&1 || exit 1 + # remove package cache + echo "Remove package cache from container ..." + rm ${_PACMAN_AARCH64}/var/cache/pacman/pkg/* + # enable parallel downloads + sed -i -e 's:^#ParallelDownloads:ParallelDownloads:g' "${_PACMAN_AARCH64}"/etc/pacman.conf + # fix network in container + rm "${_PACMAN_AARCH64}/etc/resolv.conf" + echo "nameserver 8.8.8.8" > "${_PACMAN_AARCH64}/etc/resolv.conf" + echo "Clean container, delete not needed files from ${_PACMAN_AARCH64} ..." + rm -r "${_PACMAN_AARCH64}"/usr/include >/dev/null 2>&1 + rm -r "${_PACMAN_AARCH64}"/usr/share/{man,doc,info,locale} >/dev/null 2>&1 + echo "Generating tarball ..." + tar -acf "${_PACMAN_AARCH64_CHROOT}" -C "${_PACMAN_AARCH64}" . + echo "Removing ${_PACMAN_AARCH64} ..." + rm -r "${_PACMAN_AARCH64}" + echo "Finished container tarball." + #shellcheck disable=SC2086 + sudo -u "${_USER}" gpg ${_GPG} "${_PACMAN_AARCH64_CHROOT}" + chown "${_USER}:${_GROUP}" ${_PACMAN_AARCH64_CHROOT}{,.sig} + sudo -u "${_USER}" scp ${_PACMAN_AARCH64_CHROOT}{,.sig} ${_SERVER}:${_PACMAN_AARCH_SERVERDIR} || exit 1 +} + +_server_release() { + # create release in "${_ISOHOME}" + cd "${_ISOHOME}" || exit 1 + "archboot-${_ARCH}-release.sh" "${_BUILDDIR}" || rm -r "${_BUILDDIR}" + # set user rights on files + [[ -d "${_BUILDDIR}" ]] || exit 1 + chmod 755 "${_BUILDDIR}" + chown -R "${_USER}:${_GROUP}" "${_BUILDDIR}" + cd "${_BUILDDIR}" || exit 1 + # remove sha256sum + rm sha256sum.txt + # sign files and create new sha256sum.txt + for i in *; do + #shellcheck disable=SC2086 + [[ -f "${i}" ]] && sudo -u "${_USER}" gpg ${_GPG} "${i}" + [[ -f "${i}" ]] && cksum -a sha256 "${i}" >> sha256sum.txt + [[ -f "${i}.sig" ]] && cksum -a sha256 "${i}.sig" >> sha256sum.txt + done + for i in boot/*; do + #shellcheck disable=SC2086 + [[ -f "${i}" ]] && sudo -u "${_USER}" gpg ${_GPG} "${i}" + [[ -f "${i}" ]] && cksum -a sha256 "${i}" >> sha256sum.txt + [[ -f "${i}.sig" ]] && cksum -a sha256 "${i}.sig" >> sha256sum.txt + done + chown -R "${_USER}:${_GROUP}" ./* + cd .. + [[ -d "archive" ]] || mkdir archive + [[ -d "archive/${_DIRECTORY}" ]] && rm -r "archive/${_DIRECTORY}" + [[ -d "${_DIRECTORY}" ]] && mv "${_DIRECTORY}" archive/ + mv "${_BUILDDIR}" "${_DIRECTORY}" + # copy files to server + sudo -u "${_USER}" scp -r "${_DIRECTORY}" "${_SERVER}":"${_SERVER_HOME}" || exit 1 + # move files on server, create symlink and remove 3 month old release + sudo -u "${_USER}" ssh "${_SERVER}" <