diff --git a/mkimage.sh.in b/mkimage.sh.in index ad81a70..e84bfd9 100644 --- a/mkimage.sh.in +++ b/mkimage.sh.in @@ -25,42 +25,27 @@ # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #- -readonly PROGNAME=$(basename $0) +readonly PROGNAME=$(basename "$0") readonly ARCH=$(uname -m) trap 'printf "\nInterrupted! exiting...\n"; cleanup; exit 0' INT TERM HUP -mount_pseudofs() { - for f in sys dev proc; do - mkdir -p $ROOTFS/$f - mount --bind /$f $ROOTFS/$f - done -} -umount_pseudofs() { - umount -f $ROOTFS/sys >/dev/null 2>&1 - umount -f $ROOTFS/dev >/dev/null 2>&1 - umount -f $ROOTFS/proc >/dev/null 2>&1 -} +# This source pulls in all the functions from lib.sh. This set of +# functions makes it much easier to work with chroots and abstracts +# away all the problems with running binaries with QEMU. +# shellcheck source=./lib.sh +. ./lib.sh cleanup() { unmount_pseudofs - umount -f ${ROOTFS}/boot 2>/dev/null - umount -f ${ROOTFS} 2>/dev/null + umount -f "${ROOTFS}/boot" 2>/dev/null + umount -f "${ROOTFS}" 2>/dev/null if [ -e "$LOOPDEV" ]; then - partx -d $LOOPDEV 2>/dev/null - losetup -d $LOOPDEV 2>/dev/null + partx -d "$LOOPDEV" 2>/dev/null + losetup -d "$LOOPDEV" 2>/dev/null fi - [ -d "$ROOTFS" ] && rmdir $ROOTFS -} - -info_msg() { - printf "\033[1m[${PLATFORM}] $@\n\033[m" -} - -die() { - echo "FATAL: $@" - exit 1 + [ -d "$ROOTFS" ] && rmdir "$ROOTFS" } usage() { @@ -86,9 +71,10 @@ _EOF exit 0 } -# -# main() -# +# ######################################## +# SCRIPT EXECUTION STARTS HERE +# ######################################## + while getopts "b:B:o:r:s:hV" opt; do case $opt in b) BOOT_FSTYPE="$OPTARG";; @@ -100,186 +86,197 @@ while getopts "b:B:o:r:s:hV" opt; do h) usage;; esac done -shift $(($OPTIND - 1)) - +shift $((OPTIND - 1)) ROOTFS_TARBALL="$1" + if [ -z "$ROOTFS_TARBALL" ]; then usage elif [ ! -r "$ROOTFS_TARBALL" ]; then + # In rare cases the tarball can wind up owned by the wrong user. + # This leads to confusing failures if execution is allowed to + # proceed. die "Cannot read rootfs tarball: $ROOTFS_TARBALL" fi -PLATFORM="${ROOTFS_TARBALL#void-}" -PLATFORM="${PLATFORM%-rootfs*}" +# By default we build all platform images with a 64MiB boot partition +# formated FAT16, and an approxomately 1.9GiB root partition formated +# ext4. More exotic combinations are of course possible, but this +# combination works on all known platforms. +: "${IMGSIZE:=2G}" +: "${BOOT_FSTYPE:=vfat}" +: "${BOOT_FSSIZE:=64MiB}" +: "${ROOT_FSTYPE:=ext4}" +# Verify that the required tooling is available +readonly REQTOOLS="sfdisk partx losetup mount truncate mkfs.${BOOT_FSTYPE} mkfs.${ROOT_FSTYPE}" +check_tools + +# Setup the platform variable. Here we want just the name and +# optionally -musl if this is the musl variant. +PLATFORM="${ROOTFS_TARBALL#void-}" +PLATFORM="${PLATFORM%-ROOTFS*}" + +# This is an aweful hack since the script isn't using privesc +# mechanisms selectively. This is a TODO item. if [ "$(id -u)" -ne 0 ]; then die "need root perms to continue, exiting." fi -: ${IMGSIZE:=2G} -: ${BOOT_FSTYPE:=vfat} -: ${BOOT_FSSIZE:=64MiB} -: ${ROOT_FSTYPE:=ext4} - +# Set the default filename if none was provided above. The default +# will include the platform the image is being built for and the date +# on which it was built. if [ -z "$FILENAME" ]; then FILENAME="void-${PLATFORM}-$(date +%Y%m%d).img" fi -# double check PLATFORM is supported... +# Be absolutely certain the platform is supported before continuing case "$PLATFORM" in bananapi|beaglebone|cubieboard2|cubietruck|odroid-c2|odroid-u2|rpi|rpi2|rpi3|usbarmory|GCP|*-musl);; *) die "The $PLATFORM is not supported, exiting..." esac -for f in sfdisk partx losetup mount mkfs.${BOOT_FSTYPE} mkfs.${ROOT_FSTYPE}; do - if ! which ${f} >/dev/null; then - die "Cannot find ${f}, exiting." - fi -done - -# dd conv=sparse support first appeared in coreutils-8.16, disable it in -# older versions. -DD_VERSION=$(dd --version|head -n1|awk '{print $3}') -case "$DD_VERSION" in - [8-9].1[6-9]*|[8-9].[2-9]*) DD_SPARSE="conv=sparse";; -esac - +# Create the base image. This was previously accomplished with dd, +# but truncate is markedly faster. info_msg "Creating disk image ($IMGSIZE) ..." -truncate -s "${IMGSIZE}" $FILENAME >/dev/null 2>&1 +truncate -s "${IMGSIZE}" "$FILENAME" >/dev/null 2>&1 + +# Grab a tmpdir for the rootfs. If this fails we need to halt now +# because otherwise things will go very badly for the host system. +ROOTFS=$(mktemp -d) || die "Could not create tmpdir for ROOTFS" -ROOTFS=$(mktemp -d) info_msg "Creating disk image partitions/filesystems ..." if [ "$BOOT_FSTYPE" = "vfat" ]; then - _btype="fat32" _args="-I -F16" fi + case "$PLATFORM" in -cubieboard2|cubietruck|ci20*|odroid-c2*) - sfdisk ${FILENAME} <<_EOF + cubieboard2|cubietruck|ci20*|odroid-c2*) + sfdisk "${FILENAME}" <<_EOF label: dos 2048,,L _EOF - LOOPDEV=$(losetup --show --find --partscan $FILENAME) - mkfs.${ROOT_FSTYPE} -O '^64bit,^extra_isize,^has_journal' ${LOOPDEV}p1 >/dev/null 2>&1 - mount ${LOOPDEV}p1 $ROOTFS - ROOT_UUID=$(blkid -o value -s UUID ${LOOPDEV}p1) - ;; -*) - sfdisk ${FILENAME} <<_EOF + LOOPDEV=$(losetup --show --find --partscan "$FILENAME") + mkfs.${ROOT_FSTYPE} -O '^64bit,^extra_isize,^has_journal' "${LOOPDEV}p1" >/dev/null 2>&1 + mount "${LOOPDEV}p1" "$ROOTFS" + ROOT_UUID=$(blkid -o value -s UUID "${LOOPDEV}p1") + ;; + *) + sfdisk "${FILENAME}" <<_EOF label: dos 2048,${BOOT_FSSIZE},b,* ,+,L _EOF - LOOPDEV=$(losetup --show --find --partscan $FILENAME) - mkfs.${BOOT_FSTYPE} $_args ${LOOPDEV}p1 >/dev/null - case "$ROOT_FSTYPE" in - ext[34]) disable_journal="-O ^has_journal";; - esac - mkfs.${ROOT_FSTYPE} $disable_journal ${LOOPDEV}p2 >/dev/null 2>&1 - mount ${LOOPDEV}p2 $ROOTFS - mkdir -p ${ROOTFS}/boot - mount ${LOOPDEV}p1 ${ROOTFS}/boot - BOOT_UUID=$(blkid -o value -s UUID ${LOOPDEV}p1) - ROOT_UUID=$(blkid -o value -s UUID ${LOOPDEV}p2) - ;; + LOOPDEV=$(losetup --show --find --partscan "$FILENAME") + # Normally we need to quote to prevent argument splitting, but + # we explicitly want argument splitting here. + # shellcheck disable=SC2086 + mkfs.${BOOT_FSTYPE} $_args "${LOOPDEV}p1" >/dev/null + case "$ROOT_FSTYPE" in + ext[34]) disable_journal="-O ^has_journal";; + esac + mkfs.${ROOT_FSTYPE} "$disable_journal" "${LOOPDEV}p2" >/dev/null 2>&1 + mount "${LOOPDEV}p2" "$ROOTFS" + mkdir -p "${ROOTFS}/boot" + mount "${LOOPDEV}p1" "${ROOTFS}/boot" + BOOT_UUID=$(blkid -o value -s UUID "${LOOPDEV}p1") + ROOT_UUID=$(blkid -o value -s UUID "${LOOPDEV}p2") + ;; esac info_msg "Unpacking rootfs tarball ..." if [ "$PLATFORM" = "beaglebone" ]; then fstab_args=",noauto" - tar xfp $ROOTFS_TARBALL -C $ROOTFS ./boot/MLO - tar xfp $ROOTFS_TARBALL -C $ROOTFS ./boot/u-boot.img - touch $ROOTFS/boot/uEnv.txt - umount $ROOTFS/boot + tar xfp "$ROOTFS_TARBALL" -C "$ROOTFS" ./boot/MLO + tar xfp "$ROOTFS_TARBALL" -C "$ROOTFS" ./boot/u-boot.img + touch "$ROOTFS/boot/uEnv.txt" + umount "$ROOTFS/boot" fi -tar xfp $ROOTFS_TARBALL --xattrs --xattrs-include='*' -C $ROOTFS +tar xfp "$ROOTFS_TARBALL" --xattrs --xattrs-include='*' -C "$ROOTFS" fspassno="1" if [ "$ROOT_FSTYPE" = "f2fs" ]; then fspassno="0" fi -echo "UUID=$ROOT_UUID / $ROOT_FSTYPE defaults 0 ${fspassno}" >> ${ROOTFS}/etc/fstab +echo "UUID=$ROOT_UUID / $ROOT_FSTYPE defaults 0 ${fspassno}" >> "${ROOTFS}/etc/fstab" if [ -n "$BOOT_UUID" ]; then - echo "UUID=$BOOT_UUID /boot $BOOT_FSTYPE defaults${fstab_args} 0 2" >> ${ROOTFS}/etc/fstab + echo "UUID=$BOOT_UUID /boot $BOOT_FSTYPE defaults${fstab_args} 0 2" >> "${ROOTFS}/etc/fstab" fi +info_msg "Configuring image for platform $PLATFORM" case "$PLATFORM" in bananapi*|cubieboard2*|cubietruck*) - dd if=${ROOTFS}/boot/u-boot-sunxi-with-spl.bin of=${LOOPDEV} bs=1024 seek=8 >/dev/null 2>&1 + dd if="${ROOTFS}/boot/u-boot-sunxi-with-spl.bin" of="${LOOPDEV}" bs=1024 seek=8 >/dev/null 2>&1 ;; odroid-c2*) - dd if=${ROOTFS}/boot/bl1.bin.hardkernel of=${LOOPDEV} bs=1 count=442 >/dev/null 2>&1 - dd if=${ROOTFS}/boot/bl1.bin.hardkernel of=${LOOPDEV} bs=512 skip=1 seek=1 >/dev/null 2>&1 - dd if=${ROOTFS}/boot/u-boot.bin of=${LOOPDEV} bs=512 seek=97 >/dev/null 2>&1 + dd if="${ROOTFS}/boot/bl1.bin.hardkernel" of="${LOOPDEV}" bs=1 count=442 >/dev/null 2>&1 + dd if="${ROOTFS}/boot/bl1.bin.hardkernel" of="${LOOPDEV}" bs=512 skip=1 seek=1 >/dev/null 2>&1 + dd if="${ROOTFS}/boot/u-boot.bin" of="${LOOPDEV}" bs=512 seek=97 >/dev/null 2>&1 ;; odroid-u2*) - dd if=${ROOTFS}/boot/E4412_S.bl1.HardKernel.bin of=${LOOPDEV} seek=1 >/dev/null 2>&1 - dd if=${ROOTFS}/boot/bl2.signed.bin of=${LOOPDEV} seek=31 >/dev/null 2>&1 - dd if=${ROOTFS}/boot/u-boot.bin of=${LOOPDEV} seek=63 >/dev/null 2>&1 - dd if=${ROOTFS}/boot/E4412_S.tzsw.signed.bin of=${LOOPDEV} seek=2111 >/dev/null 2>&1 + dd if="${ROOTFS}/boot/E4412_S.bl1.HardKernel.bin" of="${LOOPDEV}" seek=1 >/dev/null 2>&1 + dd if="${ROOTFS}/boot/bl2.signed.bin" of="${LOOPDEV}" seek=31 >/dev/null 2>&1 + dd if="${ROOTFS}/boot/u-boot.bin" of="${LOOPDEV}" seek=63 >/dev/null 2>&1 + dd if="${ROOTFS}/boot/E4412_S.tzsw.signed.bin" of="${LOOPDEV}" seek=2111 >/dev/null 2>&1 ;; usbarmory*) - dd if=${ROOTFS}/boot/u-boot.imx of=${LOOPDEV} bs=512 seek=2 conv=fsync >/dev/null 2>&1 + dd if="${ROOTFS}/boot/u-boot.imx" of="${LOOPDEV}" bs=512 seek=2 conv=fsync >/dev/null 2>&1 ;; ci20*) - dd if=${ROOTFS}/boot/u-boot-spl.bin of=${LOOPDEV} obs=512 seek=1 >/dev/null 2>&1 - dd if=${ROOTFS}/boot/u-boot.img of=${LOOPDEV} obs=1K seek=14 >/dev/null 2>&1 + dd if="${ROOTFS}/boot/u-boot-spl.bin" of="${LOOPDEV}" obs=512 seek=1 >/dev/null 2>&1 + dd if="${ROOTFS}/boot/u-boot.img" of="${LOOPDEV}" obs=1K seek=14 >/dev/null 2>&1 ;; GCP*) # Setup GRUB mount_pseudofs - chroot ${ROOTFS} grub-install ${LOOPDEV} - sed -i "s:page_poison=1:page_poison=1 console=ttyS0,38400n8d:" ${ROOTFS}/etc/default/grub - chroot ${ROOTFS} update-grub + chroot "${ROOTFS}" grub-install "${LOOPDEV}" + sed -i "s:page_poison=1:page_poison=1 console=ttyS0,38400n8d:" "${ROOTFS}/etc/default/grub" + chroot "${ROOTFS}" update-grub umount_pseudofs # Setup the GCP Guest services for _service in dhcpcd sshd agetty-console nanoklogd socklog-unix GCP-Guest-Initialization GCP-accounts GCP-clock-skew GCP-ip-forwarding ; do - chroot ${ROOTFS} ln -sv /etc/sv/$_service /etc/runit/runsvdir/default/$_service + chroot "${ROOTFS}" ln -sv /etc/sv/$_service /etc/runit/runsvdir/default/$_service done # Turn off the agetty's since we can't use them anyway - rm -v ${ROOTFS}/etc/runit/runsvdir/default/agetty-tty* + rm -v "${ROOTFS}/etc/runit/runsvdir/default/agetty-tty*" # Disable root login over ssh and lock account - sed -i "s:PermitRootLogin yes:PermitRootLogin no:" ${ROOTFS}/etc/ssh/sshd_config - chroot ${ROOTFS} passwd -l root + sed -i "s:PermitRootLogin yes:PermitRootLogin no:" "${ROOTFS}/etc/ssh/sshd_config" + chroot "${ROOTFS}" passwd -l root # Set the Timezone - chroot ${ROOTFS} ln -svf /usr/share/zoneinfo/UTC /etc/localtime + chroot "${ROOTFS}" ln -svf /usr/share/zoneinfo/UTC /etc/localtime # Generate glibc-locales if necessary (this is a noop on musl) if [ "$PLATFORM" = GCP ] ; then - chroot ${ROOTFS} xbps-reconfigure -f glibc-locales + chroot "${ROOTFS}" xbps-reconfigure -f glibc-locales fi # Remove SSH host keys (these will get rebuilt on first boot) - rm -v ${ROOTFS}/etc/ssh/*key* - rm -v ${ROOTFS}/etc/ssh/moduli + rm -f "${ROOTFS}/etc/ssh/*key*" + rm -f "${ROOTFS}/etc/ssh/moduli" # Force hte hostname since this isn't read from DHCP - echo "void-GCE" > ${ROOTFS}/etc/hostname + echo void-GCE > "${ROOTFS}/etc/hostname" ;; esac -mountpoint -q ${ROOTFS}/boot && umount ${ROOTFS}/boot -umount $ROOTFS -losetup -d $LOOPDEV -rmdir $ROOTFS +umount -R "$ROOTFS" +losetup -d "$LOOPDEV" +rmdir "$ROOTFS" || die "$ROOTFS not empty!" -chmod 644 $FILENAME +chmod 644 "$FILENAME" case "$PLATFORM" in GCP*) mv void-GCP*.img disk.raw info_msg "Compressing disk.raw" - tar Sczf "${FILENAME/.img/.tar.gz}" disk.raw + tar Sczf "${FILENAME%.img}.tar.gz" disk.raw rm disk.raw - info_msg "Sucessfully created ${FILENAME/.img/.tar.gz/} image." + info_msg "Sucessfully created ${FILENAME%.img}.tar.gz image." ;; *) info_msg "Successfully created $FILENAME image." ;; esac - -# vim: set ts=4 sw=4 et: