Build OSTree Debian Trixie image

.github/workflows/build.yml

@@ -2,7 +2,7 @@ name: CI
 
 on:
   push:
-    branches: [ "main" ]
+    branches: [ "main", "ostree" ]
   pull_request:
     branches: [ "main" ]
   workflow_dispatch:
@@ -13,4 +13,4 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       - name: Build the image
-        run: ./build base
+        run: ./build ostree

README.md

@@ -1,5 +1,27 @@
-# Builder Example 
+# Debian OSTree Builder
 
-This is a basic example of utilizing the GardenLinux builder.
-For more comprehensive information, please refer to the [Gardenlinux/builder](https://github.com/gardenlinux/builder) repository.
+This is a experimental repo to build Debian OSTree images.
 
+## Build
+
+This repo is built using the [Garden Linux Builder](https://github.com/gardenlinux/builder#builder), which uses podman, see it's readme for setup instructions.
+
+```bash
+$ ./build ostree
+```
+
+## Run
+
+Use the `bin/start-vm` script from [Garden Linux](https://github.com/gardenlinux/gardenlinux/blob/main/bin/start-vm).
+
+Depending on your architecture, it should look like this:
+
+```bash
+$ path/to/gardenlinux/bin/start-vm --no-watchdog .build/ostree-arm64-trixie-local.ostree.raw
+```
+
+```bash
+$ path/to/gardenlinux/bin/start-vm --no-watchdog .build/ostree-amd64-trixie-local.ostree.raw
+```
+
+Check for the actual name of the image in the `.build` directory.

build

@@ -3,7 +3,7 @@
 set -euo pipefail
 shopt -s nullglob
 
-container_image=ghcr.io/gardenlinux/builder:ca6b3f755ea31470dbca42d57c5cbbc62d1245a8
+container_image=ghcr.io/gardenlinux/builder:301ce9f70045c001c5d724c2f9d1a9503e1d5ccc
 container_engine=podman
 target_dir=.build
 

features/ostree/exec.config

@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+systemctl enable systemd-networkd
+systemctl enable systemd-resolved

features/ostree/exec.late

@@ -0,0 +1,84 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+echo OSTree builder
+ostree --version
+
+OSTREE_SYSROOT=/sysroot
+
+kernel="$(find /boot -name 'vmlinuz-*' | sort -V | tail -n 1)"
+version="${kernel#*-}"
+
+# Adapt to ostree root-fs requirements, see https://ostreedev.github.io/ostree/adapting-existing/
+
+declare -A TOPLEVEL_LINKS=(
+    ["home"]="var/home"
+    ["media"]="run/media"
+    ["mnt"]="var/mnt"
+    ["opt"]="var/opt"
+    # ["ostree"]="$OSTREE_SYSROOT/ostree"
+    # ["root"]="var/roothome"
+    ["srv"]="var/srv"
+)
+
+for link in "${!TOPLEVEL_LINKS[@]}"; do
+    target=${TOPLEVEL_LINKS[$link]}
+    echo mv $link $(dirname $target)
+    mv $link $(dirname $target)
+    echo ln -sf $target $link
+    ln -sf $target $link
+done
+
+mv root var/roothome
+ln -sf var/roothome root
+
+ln -s sysroot/ostree ostree
+
+echo $(date) > /timestamp
+
+mkdir -p /boot/efi/Default
+
+unshare --mount bash -c 'mount -t tmpfs none /sys && mount --bind /usr/bin/false /usr/bin/systemd-detect-virt && "$@"' \
+    DRACUT_COMPRESS_XZ="$(command -v xz)" dracut \
+    --no-hostonly \
+    --force \
+    --kver "${version}" \
+    --add "ostree" \
+    --modules "bash dash systemd systemd-initrd kernel-modules kernel-modules-extra terminfo udev-rules dracut-systemd base fs-lib shutdown" \
+    --reproducible \
+    "/boot/initrd.img-${version}"
+
+if ! command -v python3 > /dev/null; then
+	mkdir -p /etc/kernel/install.d
+	ln -s /usr/bin/true /etc/kernel/install.d/60-ukify.install
+fi
+SYSTEMD_ESP_PATH=/boot/efi kernel-install --verbose --entry-token literal:Default add "$version" "$kernel"
+
+# ostree kernel location: https://ostreedev.github.io/ostree/deployment/#contents-of-a-deployment
+mkdir -p /usr/lib/modules/$version/
+cp $kernel /usr/lib/modules/$version/vmlinuz
+cp "/boot/initrd.img-$version" /usr/lib/modules/$version/initramfs.img
+
+# Build fails if we do this here instead of in image.ostree.raw
+# mv /etc /usr/etc
+
+# Delete apt because this is an image-based system
+rm -f /etc/cron.daily/apt-compat
+rm -f /etc/logrotate.d/apt
+rm -f /etc/systemd/system/timers.target.wants/apt-daily-upgrade.timer
+rm -f /etc/systemd/system/timers.target.wants/apt-daily.timer
+rm -f /usr/bin/apt*
+rm -f /usr/bin/debconf-apt-progress
+rm -rf /etc/apt
+rm -rf /etc/dpkg
+rm -rf /usr/lib/apt/
+rm -rf /usr/lib/dpkg/methods/apt/
+rm -rf /usr/lib/systemd/system/apt*
+rm -rf /usr/share/bash-completion/completions/apt
+rm -rf /usr/share/bug/apt/
+rm -rf /var/cache/apt/
+rm -rf /var/lib/apt/
+rm -rf /var/lib/dpkg
+rm -rf /var/log/apt/
+
+find "/var/log/" -type f -delete

features/ostree/exec.post

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+set -eufo pipefail
+
+rootfs="$1"
+
+echo "exec.post"
+echo "rootfs: $rootfs"
+ls -la "$rootfs"

features/ostree/file.exclude

@@ -0,0 +1 @@
+/boot/efi/loader/random-seed

features/ostree/file.include/etc/systemd/system/serial-getty@.service.d/autologin.conf

@@ -0,0 +1,3 @@
+[Service]
+ExecStart=
+ExecStart=-/sbin/agetty --autologin root -o '-p -f -- \\u' --keep-baud 115200,38400,9600 %I $TERM

features/ostree/file.include/etc/systemd/system/systemd-networkd-wait-online.service.d/any.conf

@@ -0,0 +1,3 @@
+[Service]
+ExecStart=
+ExecStart=/lib/systemd/systemd-networkd-wait-online --any

features/ostree/file.include/network/99-default.network

@@ -0,0 +1,5 @@
+[Match]
+Name=en* eth*
+
+[Network]
+DHCP=yes

features/ostree/file.include/usr/lib/tmpfiles.d/ostree.conf

@@ -0,0 +1,2 @@
+d /var/log/journal 0755 root root -
+d /var/log/audit 0755 root root -

features/ostree/fstab

@@ -0,0 +1,3 @@
+# <file system>    <dir>        <type>    <options>                                <makeimg args>
+LABEL=EFI          /boot/efi    vfat      umask=0077                               type=uefi,size=1G
+LABEL=ROOT         /            ext4      rw,prjquota,discard

features/ostree/image.ostree.raw

@@ -0,0 +1,80 @@
+#!/usr/bin/env bash
+
+set -euxo pipefail
+
+export PATH="/builder/image.d:$PATH"
+
+rootfs_work="$(mktemp -d)"
+mount -t tmpfs tmpfs "$rootfs_work"
+
+MYROOT="$(mktemp -d)"
+mount -t tmpfs tmpfs "$MYROOT"
+mkdir -p "$MYROOT"/sysroot
+OSTREE_SYSROOT="$MYROOT/sysroot"
+OSTREE_REPO=$OSTREE_SYSROOT/ostree/repo
+OSTREE_REF="gardenlinux/today/$BUILDER_ARCH"
+
+rootfs="$1"
+output="$2"
+
+tar xf "$rootfs" -C "$rootfs_work"
+
+mv "$rootfs_work"/etc "$rootfs_work"/usr/etc
+
+ostree admin init-fs --modern $OSTREE_SYSROOT
+ostree init --mode=archive --repo=$OSTREE_REPO
+ostree admin os-init --sysroot=$OSTREE_SYSROOT gardenlinux
+ostree config --repo=$OSTREE_REPO set sysroot.bootloader none
+ostree commit --repo=$OSTREE_REPO --branch $OSTREE_REF --skip-if-unchanged -s "Gardenlinux build $(date)" "$rootfs_work"
+ostree admin deploy --karg=root=LABEL=ROOT --karg-append=rw --karg-append=efi=runtime --karg-append=systemd.journald.forward_to_console=1 --sysroot=$OSTREE_SYSROOT --os=gardenlinux $OSTREE_REF
+
+boot_hash=`ls "$OSTREE_SYSROOT"/ostree/boot.1.1/gardenlinux/`
+mkdir -p "$OSTREE_SYSROOT"/ostree/boot.1.1/gardenlinux/$boot_hash/0/sysroot
+
+mkdir -p "$OSTREE_SYSROOT"/ostree/deploy/gardenlinux/var/home
+mkdir -p "$OSTREE_SYSROOT"/ostree/deploy/gardenlinux/var/roothome
+mkdir -p "$OSTREE_SYSROOT"/ostree/deploy/gardenlinux/var/opt
+mkdir -p "$OSTREE_SYSROOT"/ostree/deploy/gardenlinux/var/srv
+
+# Build disk image, this is hacky as of now, needs rework
+# Setup bootloader
+boot_dir=$(mktemp -d)
+cp -r $OSTREE_SYSROOT/boot/* $boot_dir
+LOADER_TEMP=$(mktemp -d)
+rm -rf $boot_dir/loader
+# move to temp dir to avoid errors with systemd-boot install
+mv $boot_dir/loader.1 $LOADER_TEMP
+mount --bind $boot_dir $rootfs_work/boot/efi
+mount --rbind /proc $rootfs_work/proc
+mount --rbind /sys $rootfs_work/sys
+SYSTEMD_ESP_PATH=/boot/efi chroot $rootfs_work bootctl --no-variables install
+umount -l $rootfs_work/proc
+umount -l $rootfs_work/sys
+umount $rootfs_work/boot/efi
+# recover from temp dir
+cp -r $LOADER_TEMP/* $boot_dir/loader.1
+cp -r $LOADER_TEMP/* $boot_dir/loader
+cp $boot_dir/loader/loader.1/entries/* $boot_dir/loader/entries
+cat $boot_dir/loader/entries/*
+echo 'timeout 7' > $boot_dir/loader/loader.conf
+
+efi_partition=$(mktemp)
+root_partition=$(mktemp)
+partitions=$(mktemp)
+
+# fixme: make disk size dynamic
+truncate -s 300M "$efi_partition"
+# make_reproducible_vfat $OSTREE_SYSROOT/boot "$efi_partition"
+make_reproducible_vfat $boot_dir "$efi_partition"
+size_uefi=$(du -b "$efi_partition" | awk '{ padded_size = $1 + (MB - ($1 % MB) % MB); print (padded_size / MB) }' "MB=1048576")
+part_uuid_uefi=b0e0359c-007b-4361-a0d1-a7ca2d73fe3c
+echo -e "$part_uuid_uefi\tuefi\t$size_uefi\t0\t$efi_partition\tEFI" >> "$partitions"
+
+
+truncate -s 2G "$root_partition"
+make_reproducible_ext4 -l ROOT "$MYROOT"/sysroot "$root_partition"
+size_rootfs=$(du -b "$root_partition" | awk '{ padded_size = $1 + (MB - ($1 % MB) % MB); print (padded_size / MB) }' "MB=1048576")
+part_uuid_rootfs=a9bef950-8218-4888-9f1c-1ad8bb481807
+echo -e "$part_uuid_rootfs\tlinux\t$size_rootfs\t0\t$root_partition\tROOT" >> "$partitions"
+
+makedisk $rootfs_work "$output" < "$partitions"

features/ostree/info.yaml

@@ -0,0 +1,2 @@
+description: 'image-based system using OSTree'
+type: platform

features/ostree/pkg.include

@@ -0,0 +1,14 @@
+ca-certificates
+curl
+dracut
+iproute2
+iputils-ping
+isc-dhcp-client
+linux-image-$arch
+network-manager
+ostree
+ostree-boot
+podman
+systemd
+systemd-boot
+systemd-resolved