From f6a50215a55e4fbacf6d373c1a76fb8ae47844ed Mon Sep 17 00:00:00 2001 From: Isaac True Date: Wed, 20 Sep 2023 10:33:00 +0200 Subject: [PATCH] ERL-352: use keg to generate image definitions All image definitions are now generated and managed by Keg. Run `make` to update all image definitions. Signed-off-by: Isaac True --- Makefile | 40 ++++++++++ data/base/common.yaml | 13 ++++ data/base/common/admin.yaml | 35 +++++++++ data/base/common/dracut.yaml | 10 +++ data/base/common/scripts.yaml | 8 ++ data/base/common/snapd.yaml | 6 ++ data/base/common/sysctl.yaml | 17 +++++ data/base/common/watchdog.yaml | 11 +++ data/base/efi/amd64/grub.yaml | 7 ++ data/base/efi/arm64/grub.yaml | 7 ++ data/base/efi/disable-selinux.yaml | 11 +++ data/base/efi/dracut.yaml | 8 ++ data/base/efi/fix-kiwi-efi.yaml | 15 ++++ data/base/minimal/packages.yaml | 14 ++++ data/base/minimal/systemd-journald.yaml | 11 +++ data/base/qemu/dracut.yaml | 8 ++ data/base/qemu/serial.yaml | 17 +++++ data/base/reference/dracut.yaml | 13 ++++ data/base/reference/insecure-luks.yaml | 8 ++ data/base/reference/oci-containers.yaml | 11 +++ data/base/reference/packages.yaml | 41 ++++++++++ data/base/s32g274ardb2/fitimage.yaml | 75 +++++++++++++++++++ data/base/s32g274ardb2/serial.yaml | 11 +++ data/bootstrap/lunar/bootstrap.yaml | 14 ++++ data/bootstrap/mantic/bootstrap.yaml | 14 ++++ data/config/common.yaml | 6 ++ data/config/efi/grub.yaml | 12 +++ data/config/minimal/minimal.yaml | 27 +++++++ data/config/reference/reference.yaml | 65 ++++++++++++++++ data/debootstrap/lunar/bootstrap.yaml | 12 +++ data/debootstrap/mantic/bootstrap.yaml | 12 +++ data/networking/qemu/netplan.yaml | 19 +++++ data/networking/s32g274ardb2/netplan.yaml | 20 +++++ data/scripts/busybox.sh | 4 + data/scripts/cleanup.sh | 18 +++++ data/scripts/osinfo.sh | 10 +++ data/scripts/snapd.sh | 44 +++++++++++ images/image_defaults.yaml | 56 ++++++++++++++ images/lunar/minimal/qemu-amd64/image.yaml | 14 ++++ images/lunar/minimal/qemu-arm64/image.yaml | 14 ++++ images/lunar/minimal/s32g274ardb2/image.yaml | 12 +++ images/lunar/reference/qemu-amd64/image.yaml | 14 ++++ images/lunar/reference/qemu-arm64/image.yaml | 14 ++++ .../lunar/reference/s32g274ardb2/image.yaml | 12 +++ images/lunar/repositories.yaml | 61 +++++++++++++++ images/mantic/minimal/qemu-amd64/image.yaml | 14 ++++ images/mantic/minimal/qemu-arm64/image.yaml | 14 ++++ images/mantic/minimal/s32g274ardb2/image.yaml | 12 +++ images/mantic/reference/qemu-amd64/image.yaml | 14 ++++ images/mantic/reference/qemu-arm64/image.yaml | 14 ++++ .../mantic/reference/s32g274ardb2/image.yaml | 12 +++ images/mantic/repositories.yaml | 61 +++++++++++++++ schemas/config_sh_header.templ | 28 +++++++ 53 files changed, 1040 insertions(+) create mode 100644 Makefile create mode 100644 data/base/common.yaml create mode 100644 data/base/common/admin.yaml create mode 100644 data/base/common/dracut.yaml create mode 100644 data/base/common/scripts.yaml create mode 100644 data/base/common/snapd.yaml create mode 100644 data/base/common/sysctl.yaml create mode 100644 data/base/common/watchdog.yaml create mode 100644 data/base/efi/amd64/grub.yaml create mode 100644 data/base/efi/arm64/grub.yaml create mode 100644 data/base/efi/disable-selinux.yaml create mode 100644 data/base/efi/dracut.yaml create mode 100644 data/base/efi/fix-kiwi-efi.yaml create mode 100644 data/base/minimal/packages.yaml create mode 100644 data/base/minimal/systemd-journald.yaml create mode 100644 data/base/qemu/dracut.yaml create mode 100644 data/base/qemu/serial.yaml create mode 100644 data/base/reference/dracut.yaml create mode 100644 data/base/reference/insecure-luks.yaml create mode 100644 data/base/reference/oci-containers.yaml create mode 100644 data/base/reference/packages.yaml create mode 100644 data/base/s32g274ardb2/fitimage.yaml create mode 100644 data/base/s32g274ardb2/serial.yaml create mode 100644 data/bootstrap/lunar/bootstrap.yaml create mode 100644 data/bootstrap/mantic/bootstrap.yaml create mode 100644 data/config/common.yaml create mode 100644 data/config/efi/grub.yaml create mode 100644 data/config/minimal/minimal.yaml create mode 100644 data/config/reference/reference.yaml create mode 100644 data/debootstrap/lunar/bootstrap.yaml create mode 100644 data/debootstrap/mantic/bootstrap.yaml create mode 100644 data/networking/qemu/netplan.yaml create mode 100644 data/networking/s32g274ardb2/netplan.yaml create mode 100644 data/scripts/busybox.sh create mode 100644 data/scripts/cleanup.sh create mode 100644 data/scripts/osinfo.sh create mode 100644 data/scripts/snapd.sh create mode 100644 images/image_defaults.yaml create mode 100644 images/lunar/minimal/qemu-amd64/image.yaml create mode 100644 images/lunar/minimal/qemu-arm64/image.yaml create mode 100644 images/lunar/minimal/s32g274ardb2/image.yaml create mode 100644 images/lunar/reference/qemu-amd64/image.yaml create mode 100644 images/lunar/reference/qemu-arm64/image.yaml create mode 100644 images/lunar/reference/s32g274ardb2/image.yaml create mode 100644 images/lunar/repositories.yaml create mode 100644 images/mantic/minimal/qemu-amd64/image.yaml create mode 100644 images/mantic/minimal/qemu-arm64/image.yaml create mode 100644 images/mantic/minimal/s32g274ardb2/image.yaml create mode 100644 images/mantic/reference/qemu-amd64/image.yaml create mode 100644 images/mantic/reference/qemu-arm64/image.yaml create mode 100644 images/mantic/reference/s32g274ardb2/image.yaml create mode 100644 images/mantic/repositories.yaml create mode 100644 schemas/config_sh_header.templ diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..def0040 --- /dev/null +++ b/Makefile @@ -0,0 +1,40 @@ +# SPDX-License-Identifier: GPL-2.0-or-later + +SERIES = \ + lunar \ + mantic + +CONFIGURATIONS = \ + minimal \ + reference + +PLATFORMS = \ + qemu-amd64 \ + qemu-arm64 \ + s32g274ardb2 + +TARGETS = \ + $(foreach platform,$(PLATFORMS), \ + $(addsuffix -$(platform), \ + $(foreach series,$(SERIES), \ + $(addsuffix -$(series), \ + $(addprefix nemos-images-,$(CONFIGURATIONS)) \ + ) \ + ) \ + ) \ + ) + +.PHONY: all +all: $(TARGETS) + +.PHONY: $(TARGETS) +$(TARGETS): + @CONFIG="$$(echo $(@) | cut -f 3 -d-)"; \ + SERIES="$$(echo $(@) | cut -f 4 -d-)"; \ + PLATFORM="$$(echo $(@) | cut -f 5- -d-)"; \ + echo "Generating $${SERIES}/$${CONFIG}/$${PLATFORM}"; \ + keg -v --disable-multibuild -f -r . -d \ + "nemos-images-$${CONFIG}-$${SERIES}/$${PLATFORM}" \ + "$${SERIES}/$${CONFIG}/$${PLATFORM}"; \ + mv nemos-images-$${CONFIG}-$${SERIES}/$${PLATFORM}/config.kiwi \ + nemos-images-$${CONFIG}-$${SERIES}/$${PLATFORM}/appliance.kiwi diff --git a/data/base/common.yaml b/data/base/common.yaml new file mode 100644 index 0000000..7cb2456 --- /dev/null +++ b/data/base/common.yaml @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +packages: + _namespace_common_pkgs: + package: + - "linux-s32-eb" + - "usrmerge" + - "netbase" + - "locales" + - "busybox-static" + - "systemd" + - "dbus" + - "kiwi-dracut-overlay" diff --git a/data/base/common/admin.yaml b/data/base/common/admin.yaml new file mode 100644 index 0000000..f0f3931 --- /dev/null +++ b/data/base/common/admin.yaml @@ -0,0 +1,35 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +config: + files: + admin-user: + - path: /etc/polkit-1/localauthority/10-vendor.d/admin-org.freedesktop.login1.pkla + append: False + content: |- + [Admin - Power off the system] + Identity=unix-user:admin + Action=org.freedesktop.login1.power-off + ResultAny=yes + + [Admin - Reboot the system] + Identity=unix-user:admin + Action=org.freedesktop.login1.reboot + ResultAny=yes + + [Admin - Halt the system] + Identity=unix-user:admin + Action=org.freedesktop.login1.halt + ResultAny=yes + - path: /etc/sudoers + append: False + content: |- + Defaults always_set_home + Defaults secure_path="/usr/sbin:/usr/bin:/sbin:/bin" + Defaults env_reset + Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_ATIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE" + Defaults !insults + Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + Defaults targetpw # ask for the password of the target user i.e. root + ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'! + root ALL=(ALL) ALL + admin ALL=(ALL) NOPASSWD: ALL diff --git a/data/base/common/dracut.yaml b/data/base/common/dracut.yaml new file mode 100644 index 0000000..c5f43e8 --- /dev/null +++ b/data/base/common/dracut.yaml @@ -0,0 +1,10 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +config: + files: + dracut-common: + - path: /etc/dracut.conf.d/50-common.conf + append: False + content: |- + force_drivers+=" squashfs nls_iso8859-1 binfmt_misc overlay " + add_dracutmodules+=" bash " diff --git a/data/base/common/scripts.yaml b/data/base/common/scripts.yaml new file mode 100644 index 0000000..156cf4f --- /dev/null +++ b/data/base/common/scripts.yaml @@ -0,0 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +config: + scripts: + common: + - "cleanup" + - "busybox" + - "osinfo" diff --git a/data/base/common/snapd.yaml b/data/base/common/snapd.yaml new file mode 100644 index 0000000..8487b97 --- /dev/null +++ b/data/base/common/snapd.yaml @@ -0,0 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +config: + scripts: + snapd: + - "snapd" diff --git a/data/base/common/sysctl.yaml b/data/base/common/sysctl.yaml new file mode 100644 index 0000000..1cd37fd --- /dev/null +++ b/data/base/common/sysctl.yaml @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +config: + files: + sysctl: + - path: /etc/sysctl.d/50-kernel-kptr-restrict.conf + append: False + content: kernel.kptr_restrict=1 + - path: /etc/sysctl.d/50-randomize-va-space.conf + append: False + content: kernel.randomize_va_space=2 + - path: /etc/sysctl.d/50-vm-overcommit.conf + append: False + content: vm.overcommit_memory=2 + - path: /etc/sysctl.d/50-yama-ptrace-scope.conf + append: False + content: kernel.yama.ptrace_scope=1 diff --git a/data/base/common/watchdog.yaml b/data/base/common/watchdog.yaml new file mode 100644 index 0000000..d55b316 --- /dev/null +++ b/data/base/common/watchdog.yaml @@ -0,0 +1,11 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +config: + files: + watchdog: + - path: /etc/systemd/system.conf.d/watchdog.conf + append: False + content: |- + [Manager] + WatchdogDevice=/dev/watchdog0 + RuntimeWatchdogSec=10 diff --git a/data/base/efi/amd64/grub.yaml b/data/base/efi/amd64/grub.yaml new file mode 100644 index 0000000..238279f --- /dev/null +++ b/data/base/efi/amd64/grub.yaml @@ -0,0 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +packages: + _namespace_grub_efi_pkgs: + package: + - "grub-efi-amd64-signed" + - "grub-pc" diff --git a/data/base/efi/arm64/grub.yaml b/data/base/efi/arm64/grub.yaml new file mode 100644 index 0000000..2298058 --- /dev/null +++ b/data/base/efi/arm64/grub.yaml @@ -0,0 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +packages: + _namespace_grub_efi_pkgs: + package: + - "grub-efi-arm64-signed" + - "grub-pc" diff --git a/data/base/efi/disable-selinux.yaml b/data/base/efi/disable-selinux.yaml new file mode 100644 index 0000000..f973b00 --- /dev/null +++ b/data/base/efi/disable-selinux.yaml @@ -0,0 +1,11 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +# ERL-72: This is a temporary workaround to disable SELinux until it's properly +# implemented. + +config: + files: + disable-selinux: + - path: /etc/default/grub.d/50-disable-selinux.cfg + append: False + content: GRUB_CMDLINE_LINUX_DEFAULT="\${GRUB_CMDLINE_LINUX_DEFAULT} selinux=0" diff --git a/data/base/efi/dracut.yaml b/data/base/efi/dracut.yaml new file mode 100644 index 0000000..9cbb5cd --- /dev/null +++ b/data/base/efi/dracut.yaml @@ -0,0 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +config: + files: + dracut-efi-pstore: + - path: /etc/dracut.conf.d/51-efi-pstore.conf + append: False + content: force_drivers+=" efi-pstore " diff --git a/data/base/efi/fix-kiwi-efi.yaml b/data/base/efi/fix-kiwi-efi.yaml new file mode 100644 index 0000000..355b9c5 --- /dev/null +++ b/data/base/efi/fix-kiwi-efi.yaml @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +config: + files: + disable-selinux: + - path: /etc/grub.d/01_fix_linuxefi + append: False + content: |- + #!/bin/sh + + # Override Kiwi's template which tries to boot with the linuxefi command, + # which doesn't exist in GRUB 2.12 + + echo "set linux=linux" + echo "set initrd=initrd" diff --git a/data/base/minimal/packages.yaml b/data/base/minimal/packages.yaml new file mode 100644 index 0000000..e61c873 --- /dev/null +++ b/data/base/minimal/packages.yaml @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +packages: + _namespace_minimal_pkgs: + package: + - "openssh-client" + - "openssh-server" + - "usrmerge" + - "netbase" + - "netplan.io" + - "sudo" + - "cron" + - "zstd" + - "networkd-dispatcher" diff --git a/data/base/minimal/systemd-journald.yaml b/data/base/minimal/systemd-journald.yaml new file mode 100644 index 0000000..bd92c5d --- /dev/null +++ b/data/base/minimal/systemd-journald.yaml @@ -0,0 +1,11 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +config: + files: + systemd-journald: + - path: /etc/systemd/journald.conf + append: False + content: |- + [Journal] + Storage=volatile + ForwardToSyslog=no diff --git a/data/base/qemu/dracut.yaml b/data/base/qemu/dracut.yaml new file mode 100644 index 0000000..ba4832e --- /dev/null +++ b/data/base/qemu/dracut.yaml @@ -0,0 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +config: + files: + dracut-virtio: + - path: /etc/dracut.conf.d/50-virtio.conf + append: False + content: force_drivers+=" virtio virtio_net virtio_blk virtio_scsi virtio_rng virtio_dma_buf virtio_pci " diff --git a/data/base/qemu/serial.yaml b/data/base/qemu/serial.yaml new file mode 100644 index 0000000..e30df7d --- /dev/null +++ b/data/base/qemu/serial.yaml @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +config: + files: + serial: + - path: /etc/systemd/system/serial-getty@ttyAMA0.service.d/override.conf + append: False + content: |- + [Service] + ExecStart= + ExecStart=-/usr/sbin/agetty --autologin root --noclear --keep-baud 115200,38400,9600 ttyAMA0 $TERM + - path: /etc/systemd/system/serial-getty@hvc0.service.d/override.conf + append: False + content: |- + [Service] + ExecStart= + ExecStart=-/usr/sbin/agetty --autologin root --noclear --keep-baud 115200,38400,9600 hvc0 $TERM diff --git a/data/base/reference/dracut.yaml b/data/base/reference/dracut.yaml new file mode 100644 index 0000000..440c1b1 --- /dev/null +++ b/data/base/reference/dracut.yaml @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +config: + files: + dracut-reference: + - path: /etc/dracut.conf.d/50-luks.conf + append: False + content: install_items+=" /etc/cryptsetup-keys.d/luks.key " + - path: /etc/dracut.conf.d/50-kiwi-root.conf + append: False + content: |- + add_dracutmodules+=" kiwi-overlay kiwi-verity crypt " + force_drivers+=" overlay " diff --git a/data/base/reference/insecure-luks.yaml b/data/base/reference/insecure-luks.yaml new file mode 100644 index 0000000..d740e26 --- /dev/null +++ b/data/base/reference/insecure-luks.yaml @@ -0,0 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +config: + files: + insecure-luks: + - path: /etc/cryptsetup-keys.d/luks.key + append: False + content: insecure diff --git a/data/base/reference/oci-containers.yaml b/data/base/reference/oci-containers.yaml new file mode 100644 index 0000000..1ff930d --- /dev/null +++ b/data/base/reference/oci-containers.yaml @@ -0,0 +1,11 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +config: + files: + oci-containers: + - path: /var/lib/containers/storage/TODO + append: False + content: TODO + - path: /var/lib/containers/loaded/TODO + append: False + content: TODO diff --git a/data/base/reference/packages.yaml b/data/base/reference/packages.yaml new file mode 100644 index 0000000..dfe7f5e --- /dev/null +++ b/data/base/reference/packages.yaml @@ -0,0 +1,41 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +packages: + _namespace_reference_pkgs: + package: + - "usrmerge" + - "netbase" + - "netplan.io" + - "sudo" + - "cron" + - "xz-utils" + - "zstd" + - "tuptime" + - "polkitd" + - "busybox-static" + - "cryptsetup" + - "dracut" + - "kiwi-dracut-verity" + - "dbus" + - "systemd-resolved" + - "systemd-coredump" + - "xfsprogs" + - "parted" + - "auditd" + - "tpm2-tools" + - "mokutil" + - "sbsigntool" + - "openssh-client" + - "openssh-server" + - "net-tools" + - "bridge-utils" + - "ethtool" + - "openssl" + - "linuxptp" + - "udhcpd" + - "udhcpc" + - "iptables" + - "iotop" + - "kdump-tools" + - "strace" + - "systemtap" diff --git a/data/base/s32g274ardb2/fitimage.yaml b/data/base/s32g274ardb2/fitimage.yaml new file mode 100644 index 0000000..10af896 --- /dev/null +++ b/data/base/s32g274ardb2/fitimage.yaml @@ -0,0 +1,75 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +config: + files: + fitimage: + - path: /boot/fitImage.its + append: False + content: |- + /dts-v1/; + + / { + description = "Ubuntu kernel, ramdisk, FDT blob and boot config for a NXP S32x board"; + #address-cells = <1>; + + images { + kernel-1 { + description = "Ubuntu kernel"; + data = /incbin/("@@PATH@@/vmlinuz"); + type = "kernel"; + arch = "arm64"; + os = "linux"; + compression = "none"; + load = <0x80000000>; + entry = <0x80000000>; + + hash-1 { + algo = "sha256"; + }; + }; + + ramdisk-1 { + description = "Ubuntu ramdisk"; + data = /incbin/("@@PATH@@/initrd"); + type = "ramdisk"; + arch = "arm64"; + os = "linux"; + compression = "none"; + load = <0x90000000>; + + hash-1 { + algo = "sha256"; + }; + }; + + fdt-1 { + description = "Device tree for a NXP S32x board"; + data = /incbin/("@@PATH@@/dtb"); + type = "flat_dt"; + arch = "arm64"; + compression = "none"; + load = <0x83000000>; + + hash-1 { + algo = "sha256"; + }; + }; + }; + + configurations { + default = "nxp-s32"; + + nxp-s32 { + description = "Boot config for a NXP S32x board"; + kernel = "kernel-1"; + ramdisk = "ramdisk-1"; + fdt = "fdt-1"; + + signature-1 { + algo = "sha256,rsa2048"; + key-name-hint = "nemos-dev"; + sign-images = "fdt", "kernel", "ramdisk"; + }; + }; + }; + }; diff --git a/data/base/s32g274ardb2/serial.yaml b/data/base/s32g274ardb2/serial.yaml new file mode 100644 index 0000000..ab1c19d --- /dev/null +++ b/data/base/s32g274ardb2/serial.yaml @@ -0,0 +1,11 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +config: + files: + serial: + - path: /etc/systemd/system/serial-getty@ttyLF0.service.d/override.conf + append: False + content: |- + [Service] + ExecStart= + ExecStart=-/usr/sbin/agetty --autologin root --noclear --keep-baud 115200,38400,9600 ttyLF0 $TERM diff --git a/data/bootstrap/lunar/bootstrap.yaml b/data/bootstrap/lunar/bootstrap.yaml new file mode 100644 index 0000000..f41567d --- /dev/null +++ b/data/bootstrap/lunar/bootstrap.yaml @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +packages: + _attributes: + type: "bootstrap" + bootstrap_package: "kiwi-bootstrap-lunar" + profiles: + - "development" + - "bootstrapped" + _map_attribute: "name" + _namespace_bootstrap_pkgs: + package: + - "ca-certificates" + - "apt-transport-https" diff --git a/data/bootstrap/mantic/bootstrap.yaml b/data/bootstrap/mantic/bootstrap.yaml new file mode 100644 index 0000000..b95d2ea --- /dev/null +++ b/data/bootstrap/mantic/bootstrap.yaml @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +packages: + _attributes: + type: "bootstrap" + bootstrap_package: "kiwi-bootstrap-mantic" + profiles: + - "development" + - "bootstrapped" + _map_attribute: "name" + _namespace_bootstrap_pkgs: + package: + - "ca-certificates" + - "apt-transport-https" diff --git a/data/config/common.yaml b/data/config/common.yaml new file mode 100644 index 0000000..7689e41 --- /dev/null +++ b/data/config/common.yaml @@ -0,0 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +preferences: + type: + oemconfig: + - oem-resize: "false" diff --git a/data/config/efi/grub.yaml b/data/config/efi/grub.yaml new file mode 100644 index 0000000..43e209d --- /dev/null +++ b/data/config/efi/grub.yaml @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +preferences: + type: + _attributes: + firmware: "efi" + bootpartsize: "120" + bootloader: + _attributes: + name: "grub2" + console: "console" + timeout: "0" diff --git a/data/config/minimal/minimal.yaml b/data/config/minimal/minimal.yaml new file mode 100644 index 0000000..3b72126 --- /dev/null +++ b/data/config/minimal/minimal.yaml @@ -0,0 +1,27 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +preferences: + type: + _attributes: + image: "oem" + initrd_system: "dracut" + filesystem: "xfs" + overlayroot: "true" + overlayroot_write_partition: "false" + overlayroot_readonly_partsize: "62" + bootpartition: "true" + bootfilesystem: "ext4" + format: "qcow2" + devicepersistency: "by-partuuid" + kernelcmdline: "console=ttyS0 rd.root.overlay.readonly" + partitions: + partition: + - _attributes: + name: "home" + size: "5" + mountpoint: "/home" + filesystem: "ext2" + size: + _attributes: + unit: "M" + _text: "256" diff --git a/data/config/reference/reference.yaml b/data/config/reference/reference.yaml new file mode 100644 index 0000000..571869b --- /dev/null +++ b/data/config/reference/reference.yaml @@ -0,0 +1,65 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +preferences: + type: + _attributes: + image: "oem" + filesystem: "xfs" + initrd_system: "dracut" + overlayroot: "true" + overlayroot_write_partition: "true" + overlayroot_readonly_partsize: "1024" + squashfscompression: "zstd" + bootpartition: "true" + bootfilesystem: "ext4" + format: "qcow2" + verity_blocks: "all" + embed_verity_metadata: "true" + luks_version: "luks2" + luks: "insecure" + kernelcmdline: "console=ttyS0 rd.systemd.verity=1 root=overlay:MAPPER=verityRoot verityroot=/dev/disk/by-partlabel/p.lxreadonly rd.root.overlay.write=/dev/mapper/luks rd.luks=yes rootwait pstore.backend=efi" + partitions: + partition: + - _attributes: + name: "home" + size: "10" + mountpoint: "/home" + filesystem: "ext4" + - _attributes: + name: "oci-storage" + size: "512" + mountpoint: "/var/lib/containers/storage" + filesystem: "xfs" + - _attributes: + name: "oci-preload" + size: "512" + mountpoint: "/var/lib/containers/loaded" + filesystem: "squashfs" + luksformat: + option: + - _attributes: + name: "--cipher" + value: "aegis128-random" + - _attributes: + name: "--key-size" + value: "128" + - _attributes: + name: "--integrity" + value: "aead" + - _attributes: + name: "--pbkdf" + value: "argon2id" + # The following values were chosen to optimise for low memory conditionsF + - _attributes: + name: "--pbkdf-memory" + value: "178155" + - _attributes: + name: "--pbkdf-force-iterations" + value: "4" + - _attributes: + name: "--pbkdf-parallel" + value: "2" + size: + _attributes: + unit: "G" + _text: "3" diff --git a/data/debootstrap/lunar/bootstrap.yaml b/data/debootstrap/lunar/bootstrap.yaml new file mode 100644 index 0000000..2b3c0ee --- /dev/null +++ b/data/debootstrap/lunar/bootstrap.yaml @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +packages: + _attributes: + type: "bootstrap" + profiles: + - "default" + _map_attribute: "name" + _namespace_bootstrap_pkgs: + package: + - "ca-certificates" + - "apt-transport-https" diff --git a/data/debootstrap/mantic/bootstrap.yaml b/data/debootstrap/mantic/bootstrap.yaml new file mode 100644 index 0000000..2b3c0ee --- /dev/null +++ b/data/debootstrap/mantic/bootstrap.yaml @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +packages: + _attributes: + type: "bootstrap" + profiles: + - "default" + _map_attribute: "name" + _namespace_bootstrap_pkgs: + package: + - "ca-certificates" + - "apt-transport-https" diff --git a/data/networking/qemu/netplan.yaml b/data/networking/qemu/netplan.yaml new file mode 100644 index 0000000..c3fb2f0 --- /dev/null +++ b/data/networking/qemu/netplan.yaml @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +config: + files: + netplan: + - path: /etc/netplan/00-netplan.yaml + append: False + content: |- + network: + version: 2 + renderer: networkd + ethernets: + lan0: + match: + driver: virtio_net + set-name: lan0 + dhcp4: true + dhcp6: true + optional: false diff --git a/data/networking/s32g274ardb2/netplan.yaml b/data/networking/s32g274ardb2/netplan.yaml new file mode 100644 index 0000000..2f06dd8 --- /dev/null +++ b/data/networking/s32g274ardb2/netplan.yaml @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +config: + files: + netplan: + - path: /etc/netplan/00-netplan.yaml + append: False + content: |- + version: 2 + ethernets: + pfe: + match: + name: "pfe*" + dhcp4: true + dhcp6: true + optional: true + eth0: + dhcp4: true + dhcp6: true + optional: true diff --git a/data/scripts/busybox.sh b/data/scripts/busybox.sh new file mode 100644 index 0000000..d980d0e --- /dev/null +++ b/data/scripts/busybox.sh @@ -0,0 +1,4 @@ +#================================== +# Allow suid tools with busybox +#---------------------------------- +chmod u+s /usr/bin/busybox diff --git a/data/scripts/cleanup.sh b/data/scripts/cleanup.sh new file mode 100644 index 0000000..0bc3c69 --- /dev/null +++ b/data/scripts/cleanup.sh @@ -0,0 +1,18 @@ +#================================== +# Delete initrd from kernel +#---------------------------------- +# The kernel package provides some arbitrary initrd +rm -f /boot/initrd* +rm -f /boot/vmlinuz.old + +#================================== +# Delete data not needed or wanted +#---------------------------------- +rm -rf /var/backups +rm -rf /usr/share/man +rm -rf /usr/lib/*/gconv + +#================================== +# Delete docs but retain copyright notices +#---------------------------------- +find /usr/share/doc/ ! -iname copyright -delete 2> /dev/null || true diff --git a/data/scripts/osinfo.sh b/data/scripts/osinfo.sh new file mode 100644 index 0000000..508f7b1 --- /dev/null +++ b/data/scripts/osinfo.sh @@ -0,0 +1,10 @@ +#======================================= +# Update OS information +#--------------------------------------- +echo "VARIANT=\"NemOS\"" >> /usr/lib/os-release +echo "VARIANT_ID=\"nemos\"" >> /usr/lib/os-release +echo "IMAGE_ID=\"${kiwi_iname}\"" >> /usr/lib/os-release +echo "IMAGE_VERSION=\"${kiwi_iversion}\"" >> /usr/lib/os-release +echo "BUILD_ID=\"$(date -I -u)\"" >> /usr/lib/os-release +echo "NEMOS_HOME_URL=\"https://launchpad.net/nemos\"" >> /usr/lib/os-release +echo "NEMOS_BUG_REPORT_URL=\"https://bugs.launchpad.net/nemos\"" >> /usr/lib/os-release diff --git a/data/scripts/snapd.sh b/data/scripts/snapd.sh new file mode 100644 index 0000000..2279136 --- /dev/null +++ b/data/scripts/snapd.sh @@ -0,0 +1,44 @@ +#====================================== +# Install snapd and bootstrap snaps +#-------------------------------------- + +# The list of profiles is comma separated; change them to spaces to iterate +# over them. +for profile in ${kiwi_profiles//,/ }; do + if [ "${profile}" = "development" ]; then + # Use the preseeding feature of snapd to preload some snaps into the + # system. This will download the snaps from the global Snap Store, copy + # them to the snapd seed directory, and add each to the preseed YAML + # file to instruct snapd to install them on first boot. + # This requires network access to the Snap Store in Kiwi. + mkdir -p /var/lib/snapd/seed + echo "snaps": > /var/lib/snapd/seed/seed.yaml + for snap in snapd checkbox22 checkbox core22; do + snap download $snap + # Add this new snap to the list of seeded snaps + cat >> /var/lib/snapd/seed/seed.yaml << EOF + - name: ${snap} + channel: latest/stable + file: $(ls ${snap}_*.snap) +EOF + # Checkbox snap requires classic confinement mode + if [ "${snap}" = "checkbox" ]; then + cat >> /var/lib/snapd/seed/seed.yaml << EOF + classic: true +EOF + fi + done + + # Copy the snap archives + install -Dm0644 *.snap -t /var/lib/snapd/seed/snaps/ + # Copy the snap assertions (cryptographic signatures) + install -Dm0644 *.assert -t /var/lib/snapd/seed/assertions/ + + # Install the generic snapd model assertion so that the snaps can + # be verified and snapd properly initialised. + snap known --remote model series=16 brand-id=generic \ + model=generic-classic > /var/lib/snapd/seed/assertions/model + fi +done + +rm -f *.snap *.assert diff --git a/images/image_defaults.yaml b/images/image_defaults.yaml new file mode 100644 index 0000000..7f21533 --- /dev/null +++ b/images/image_defaults.yaml @@ -0,0 +1,56 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +config: + - _include: + - "base/common" + - "networking" +image: + _attributes: + schemaversion: "7.6" + description: + _attributes: + type: "system" + author: "NemOS Team" + contact: "nemos-team@lists.launchpad.net" + profiles: + profile: + - _attributes: + name: "default" + description: "build the image using debootstrap" + import: "true" + - _attributes: + name: "bootstrapped" + description: "build the image using a bootstrap archive" + - _attributes: + name: "development" + description: "build the image with development tools" + preferences: + - version: "1.0.0" + packagemanager: "apt" + _include: + - "config" + users: + user: + - _attributes: + name: "root" + groups: "root" + home: "/root" + password: "$1$wYJUgpM5$RXMMeASDc035eX.NbYWFl0" + shell: "/bin/ash" + - _attributes: + name: "admin" + groups: "users" + home: "/home/admin" + password: "$1$wYJUgpM5$RXMMeASDc035eX.NbYWFl0" + shell: "/bin/ash" + packages: + - _attributes: + type: "image" + _map_attribute: "name" + _include: "base" + - _attributes: + type: "bootstrap" + _include: "bootstrap" + - _attributes: + type: "bootstrap" + _include: "debootstrap" diff --git a/images/lunar/minimal/qemu-amd64/image.yaml b/images/lunar/minimal/qemu-amd64/image.yaml new file mode 100644 index 0000000..dfa8369 --- /dev/null +++ b/images/lunar/minimal/qemu-amd64/image.yaml @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +include-paths: + - "minimal" + - "lunar" + - "qemu" + - "efi" + - "efi/amd64" +image: + _attributes: + name: nemos-image-minimal-lunar-qemu-amd64 + displayname: "NemOS image minimal lunar qemu-amd64" + description: + specification: "NemOS image minimal lunar qemu-amd64" diff --git a/images/lunar/minimal/qemu-arm64/image.yaml b/images/lunar/minimal/qemu-arm64/image.yaml new file mode 100644 index 0000000..07c2c23 --- /dev/null +++ b/images/lunar/minimal/qemu-arm64/image.yaml @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +include-paths: + - "minimal" + - "lunar" + - "qemu" + - "efi" + - "efi/arm64" +image: + _attributes: + name: nemos-image-minimal-lunar-qemu-arm64 + displayname: "NemOS image minimal lunar qemu-arm64" + description: + specification: "NemOS image minimal lunar qemu-arm64" diff --git a/images/lunar/minimal/s32g274ardb2/image.yaml b/images/lunar/minimal/s32g274ardb2/image.yaml new file mode 100644 index 0000000..09141c1 --- /dev/null +++ b/images/lunar/minimal/s32g274ardb2/image.yaml @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +include-paths: + - "minimal" + - "lunar" + - "s32g274ardb2" +image: + _attributes: + name: nemos-image-minimal-lunar-s32g274ardb2 + displayname: "NemOS image minimal lunar s32g274ardb2" + description: + specification: "NemOS image minimal lunar s32g274ardb2" diff --git a/images/lunar/reference/qemu-amd64/image.yaml b/images/lunar/reference/qemu-amd64/image.yaml new file mode 100644 index 0000000..19fe5f1 --- /dev/null +++ b/images/lunar/reference/qemu-amd64/image.yaml @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +include-paths: + - "reference" + - "lunar" + - "qemu" + - "efi" + - "efi/amd64" +image: + _attributes: + name: nemos-image-reference-lunar-qemu-amd64 + displayname: "NemOS image reference lunar qemu-amd64" + description: + specification: "NemOS image reference lunar qemu-amd64" diff --git a/images/lunar/reference/qemu-arm64/image.yaml b/images/lunar/reference/qemu-arm64/image.yaml new file mode 100644 index 0000000..45f0b6f --- /dev/null +++ b/images/lunar/reference/qemu-arm64/image.yaml @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +include-paths: + - "reference" + - "lunar" + - "qemu" + - "efi" + - "efi/arm64" +image: + _attributes: + name: nemos-image-reference-lunar-qemu-arm64 + displayname: "NemOS image reference lunar qemu-arm64" + description: + specification: "NemOS image reference lunar qemu-arm64" diff --git a/images/lunar/reference/s32g274ardb2/image.yaml b/images/lunar/reference/s32g274ardb2/image.yaml new file mode 100644 index 0000000..a66d987 --- /dev/null +++ b/images/lunar/reference/s32g274ardb2/image.yaml @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +include-paths: + - "reference" + - "lunar" + - "s32g274ardb2" +image: + _attributes: + name: nemos-image-reference-lunar-s32g274ardb2 + displayname: "NemOS image reference lunar s32g274ardb2" + description: + specification: "NemOS image reference lunar s32g274ardb2" diff --git a/images/lunar/repositories.yaml b/images/lunar/repositories.yaml new file mode 100644 index 0000000..c760a92 --- /dev/null +++ b/images/lunar/repositories.yaml @@ -0,0 +1,61 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +image: + repository: + - _attributes: + type: "apt-deb" + alias: "NemOS-PPA" + components: "main" + repository_gpgcheck: "false" + distribution: "lunar" + source: + _attributes: + path: "https://ppa.launchpadcontent.net/nemos-team/ppa/ubuntu" + - _attributes: + type: "apt-deb" + alias: "NemOS-Bootstrap-PPA" + components: "main" + profiles: + - "bootstrapped" + - "development" + repository_gpgcheck: "false" + distribution: "lunar" + source: + _attributes: + path: "https://ppa.launchpadcontent.net/nemos-team/bootstrap/ubuntu" + - _attributes: + type: "apt-deb" + alias: "NemOS-Kiwi-Backports-PPA" + components: "main" + repository_gpgcheck: "false" + distribution: "lunar" + source: + _attributes: + path: "https://ppa.launchpadcontent.net/nemos-team/kiwi/ubuntu" + - _attributes: + type: "apt-deb" + alias: "Ubuntu" + components: "main" + repository_gpgcheck: "false" + distribution: "lunar" + source: + _attributes: + path: "http://archive.ubuntu.com/ubuntu/" + - _attributes: + type: "apt-deb" + alias: "Ubuntu-Security" + components: "main universe" + repository_gpgcheck: "false" + distribution: "lunar-security" + source: + _attributes: + path: "http://security.ubuntu.com/ubuntu" + - _attributes: + type: "apt-deb" + alias: "Ubuntu-Updates" + components: "main universe" + repository_gpgcheck: "false" + distribution: "lunar-updates" + source: + _attributes: + path: "http://archive.ubuntu.com/ubuntu/" diff --git a/images/mantic/minimal/qemu-amd64/image.yaml b/images/mantic/minimal/qemu-amd64/image.yaml new file mode 100644 index 0000000..3ae80d0 --- /dev/null +++ b/images/mantic/minimal/qemu-amd64/image.yaml @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +include-paths: + - "minimal" + - "mantic" + - "qemu" + - "efi" + - "efi/amd64" +image: + _attributes: + name: nemos-image-minimal-mantic-qemu-amd64 + displayname: "NemOS image minimal mantic qemu-amd64" + description: + specification: "NemOS image minimal mantic qemu-amd64" diff --git a/images/mantic/minimal/qemu-arm64/image.yaml b/images/mantic/minimal/qemu-arm64/image.yaml new file mode 100644 index 0000000..e822ab5 --- /dev/null +++ b/images/mantic/minimal/qemu-arm64/image.yaml @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +include-paths: + - "minimal" + - "mantic" + - "qemu" + - "efi" + - "efi/arm64" +image: + _attributes: + name: nemos-image-minimal-mantic-qemu-arm64 + displayname: "NemOS image minimal mantic qemu-arm64" + description: + specification: "NemOS image minimal mantic qemu-arm64" diff --git a/images/mantic/minimal/s32g274ardb2/image.yaml b/images/mantic/minimal/s32g274ardb2/image.yaml new file mode 100644 index 0000000..8a7e740 --- /dev/null +++ b/images/mantic/minimal/s32g274ardb2/image.yaml @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +include-paths: + - "minimal" + - "mantic" + - "s32g274ardb2" +image: + _attributes: + name: nemos-image-minimal-mantic-s32g274ardb2 + displayname: "NemOS image minimal mantic s32g274ardb2" + description: + specification: "NemOS image minimal mantic s32g274ardb2" diff --git a/images/mantic/reference/qemu-amd64/image.yaml b/images/mantic/reference/qemu-amd64/image.yaml new file mode 100644 index 0000000..724f447 --- /dev/null +++ b/images/mantic/reference/qemu-amd64/image.yaml @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +include-paths: + - "reference" + - "mantic" + - "qemu" + - "efi" + - "efi/amd64" +image: + _attributes: + name: nemos-image-reference-mantic-qemu-amd64 + displayname: "NemOS image reference mantic qemu-amd64" + description: + specification: "NemOS image reference mantic qemu-amd64" diff --git a/images/mantic/reference/qemu-arm64/image.yaml b/images/mantic/reference/qemu-arm64/image.yaml new file mode 100644 index 0000000..fabede6 --- /dev/null +++ b/images/mantic/reference/qemu-arm64/image.yaml @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +include-paths: + - "reference" + - "mantic" + - "qemu" + - "efi" + - "efi/arm64" +image: + _attributes: + name: nemos-image-reference-mantic-qemu-arm64 + displayname: "NemOS image reference mantic qemu-arm64" + description: + specification: "NemOS image reference mantic qemu-arm64" diff --git a/images/mantic/reference/s32g274ardb2/image.yaml b/images/mantic/reference/s32g274ardb2/image.yaml new file mode 100644 index 0000000..86599f9 --- /dev/null +++ b/images/mantic/reference/s32g274ardb2/image.yaml @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +include-paths: + - "reference" + - "mantic" + - "s32g274ardb2" +image: + _attributes: + name: nemos-image-reference-mantic-s32g274ardb2 + displayname: "NemOS image reference mantic s32g274ardb2" + description: + specification: "NemOS image reference mantic s32g274ardb2" diff --git a/images/mantic/repositories.yaml b/images/mantic/repositories.yaml new file mode 100644 index 0000000..22eb9aa --- /dev/null +++ b/images/mantic/repositories.yaml @@ -0,0 +1,61 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +--- +image: + repository: + - _attributes: + type: "apt-deb" + alias: "NemOS-PPA" + components: "main" + repository_gpgcheck: "false" + distribution: "mantic" + source: + _attributes: + path: "https://ppa.launchpadcontent.net/nemos-team/ppa/ubuntu" + - _attributes: + type: "apt-deb" + alias: "NemOS-Bootstrap-PPA" + components: "main" + profiles: + - "bootstrapped" + - "development" + repository_gpgcheck: "false" + distribution: "mantic" + source: + _attributes: + path: "https://ppa.launchpadcontent.net/nemos-team/bootstrap/ubuntu" + - _attributes: + type: "apt-deb" + alias: "NemOS-Kiwi-Backports-PPA" + components: "main" + repository_gpgcheck: "false" + distribution: "mantic" + source: + _attributes: + path: "https://ppa.launchpadcontent.net/nemos-team/kiwi/ubuntu" + - _attributes: + type: "apt-deb" + alias: "Ubuntu" + components: "main" + repository_gpgcheck: "false" + distribution: "mantic" + source: + _attributes: + path: "http://archive.ubuntu.com/ubuntu/" + - _attributes: + type: "apt-deb" + alias: "Ubuntu-Security" + components: "main universe" + repository_gpgcheck: "false" + distribution: "mantic-security" + source: + _attributes: + path: "http://security.ubuntu.com/ubuntu" + - _attributes: + type: "apt-deb" + alias: "Ubuntu-Updates" + components: "main universe" + repository_gpgcheck: "false" + distribution: "mantic-updates" + source: + _attributes: + path: "http://archive.ubuntu.com/ubuntu/" diff --git a/schemas/config_sh_header.templ b/schemas/config_sh_header.templ new file mode 100644 index 0000000..4a9cec5 --- /dev/null +++ b/schemas/config_sh_header.templ @@ -0,0 +1,28 @@ +#!/bin/bash -ex +#================ +# FILE : config.sh +#---------------- +# PROJECT : NemOS +# COPYRIGHT : (c) {{ data['timestamp'].split('-')[0] }} Canonical Ltd. +# (c) {{ data['timestamp'].split('-')[0] }} Elektrobit Automotive GmbH +# : +# CONTACT : {{ data['image']['description']['author'] }} {{ data['image']['description']['contact'] }} +# : +# BELONGS TO : Operating System images +# : +# DESCRIPTION : OS configuration script +# : +# : +# STATUS : Production +# GENERATED BY : {{ data['generator'] }} on {{ data['timestamp'] }} +#---------------- +#====================================== +# Functions... +#-------------------------------------- +test -f /.kconfig && . /.kconfig +test -f /.profile && . /.profile + +#====================================== +# Greeting... +#-------------------------------------- +echo "Configure image: [$kiwi_iname]..."