From 9ad28406002855cde33b7abdd0a816b8af3ed0ac Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Mon, 15 Jun 2015 21:57:48 +0200 Subject: [PATCH 1/5] Working PreOS without SSH Signed-off-by: Nico Schottelius --- hacking/v3-busybox/all.sh | 25 +++++++++++++- hacking/v3-busybox/create_initramfs.sh | 14 +++++--- hacking/v3-busybox/init | 47 ++++---------------------- 3 files changed, 40 insertions(+), 46 deletions(-) diff --git a/hacking/v3-busybox/all.sh b/hacking/v3-busybox/all.sh index 65a3706b..563d093a 100755 --- a/hacking/v3-busybox/all.sh +++ b/hacking/v3-busybox/all.sh @@ -3,7 +3,30 @@ rm -rf preos mkdir -p preos/boot -./create_initramfs.sh > preos/boot/initramfs +initramfs=preos/boot/initramfs + +./create_initramfs.sh > "$initramfs" ./add_kernel_isolinux.sh preos ./copy_bin_with_libs.sh preos ./create_iso.sh preos preos.iso + +exit 0 + +run_earlyhook() { + kmod static-nodes --format=tmpfiles --output=/run/tmpfiles.d/kmod.conf + systemd-tmpfiles --prefix=/dev --create --boot + /usr/lib/systemd/systemd-udevd --daemon --resolve-names=never + udevd_running=1 +} + +run_hook() { + msg ":: Triggering uevents..." + udevadm trigger --action=add --type=subsystems + udevadm trigger --action=add --type=devices + udevadm settle +} + +run_cleanuphook() { + udevadm control --exit + udevadm info --cleanup-db +} diff --git a/hacking/v3-busybox/create_initramfs.sh b/hacking/v3-busybox/create_initramfs.sh index f87a7ef6..77606374 100755 --- a/hacking/v3-busybox/create_initramfs.sh +++ b/hacking/v3-busybox/create_initramfs.sh @@ -18,15 +18,19 @@ for link in sh mount; do done cd "${initramfs_dir}" -find . | cpio -H newc -o | gzip -rm -rf "${initramfs_dir}" - -exit 0 +# Add Arch Linux initramfs with kernel modules included +zcat /boot/initramfs-linux-fallback.img | cpio -i # TODO: -# - Kernel modules # - ssh # - various mkfs # - libs +# Create new initramfs +find . | cpio -H newc -o | gzip + +# echo ${initramfs_dir} +rm -rf "${initramfs_dir}" + +exit 0 diff --git a/hacking/v3-busybox/init b/hacking/v3-busybox/init index a961526f..2c6d747a 100755 --- a/hacking/v3-busybox/init +++ b/hacking/v3-busybox/init @@ -16,46 +16,13 @@ mknod /dev/null c 1 3 mknod /dev/tty c 5 0 mdev -s -#Function for parsing command line options with "=" in them -# get_opt("init=/sbin/init") will return "/sbin/init" -get_opt() { - echo "$@" | cut -d "=" -f 2 -} - -#Defaults -init="/sbin/init" -root="/dev/hda1" - -#Process command line options -for i in $(cat /proc/cmdline); do - case $i in - root\=*) - root=$(get_opt $i) - ;; - init\=*) - init=$(get_opt $i) - ;; - esac -done +# udev stuff +kmod static-nodes --format=tmpfiles --output=/run/tmpfiles.d/kmod.conf +systemd-tmpfiles --prefix=/dev --create --boot +/usr/lib/systemd/systemd-udevd --daemon --resolve-names=never +udevadm trigger --action=add --type=subsystems +udevadm trigger --action=add --type=devices +udevadm settle exec sh - -# Skipping the rest - -#Mount the root device -mount "${root}" /newroot - -#Check if $init exists and is executable -if [[ -x "/newroot/${init}" ]] ; then - #Unmount all other mounts so that the ram used by - #the initramfs can be cleared after switch_root - umount /sys /proc - - #Switch to the new root and execute init - exec switch_root /newroot "${init}" -fi - -#This will only be run if the exec above failed -echo "Failed to switch_root, dropping to a shell" -exec sh From 9d35be6acd7c5c6bef72e07382501910aad3ce4b Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Tue, 16 Jun 2015 10:11:16 +0200 Subject: [PATCH 2/5] add script to configure sshd Signed-off-by: Nico Schottelius --- hacking/v3-busybox/sshd_config.sh | 32 +++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100755 hacking/v3-busybox/sshd_config.sh diff --git a/hacking/v3-busybox/sshd_config.sh b/hacking/v3-busybox/sshd_config.sh new file mode 100755 index 00000000..10a8f465 --- /dev/null +++ b/hacking/v3-busybox/sshd_config.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +if [ "$#" -ne 1 ]; then + echo "$0: output directory" + exit 1 +fi + +dir=$1 + +mkdir -p "$dir/etc/ssh" +mkdir -p "$dir/root/.ssh" + +cat << eof > "$dir/etc/ssh/sshd_config" +# cdist generated - do not modify +PermitRootLogin without-password +eof + +cat << eof > "$dir/etc/passwd" +root:x:0:0:root:/root:/bin/bash +nobody:x:99:99:nobody:/:/bin/false +eof + +cat << eof > "$dir/etc/group" +root:x:0:root +nobody:x:99: +eof + +#cat << eof > "$dir/etc/shadow" +#root:x:0:0:root:/root:/bin/bash +#nobody:x:1:::::: +#eof + From cc144d9e8fee33faf86675fa1887ece14a061d05 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Tue, 16 Jun 2015 11:14:50 +0200 Subject: [PATCH 3/5] generate ssh keys Signed-off-by: Nico Schottelius --- hacking/v3-busybox/all.sh | 19 -------------- hacking/v3-busybox/copy_bin_with_libs.sh | 32 ++++++------------------ hacking/v3-busybox/create_initramfs.sh | 11 ++++---- hacking/v3-busybox/init | 14 +++++++---- hacking/v3-busybox/sshd_config.sh | 15 +++++++++++ 5 files changed, 38 insertions(+), 53 deletions(-) diff --git a/hacking/v3-busybox/all.sh b/hacking/v3-busybox/all.sh index 563d093a..e16e9c55 100755 --- a/hacking/v3-busybox/all.sh +++ b/hacking/v3-busybox/all.sh @@ -11,22 +11,3 @@ initramfs=preos/boot/initramfs ./create_iso.sh preos preos.iso exit 0 - -run_earlyhook() { - kmod static-nodes --format=tmpfiles --output=/run/tmpfiles.d/kmod.conf - systemd-tmpfiles --prefix=/dev --create --boot - /usr/lib/systemd/systemd-udevd --daemon --resolve-names=never - udevd_running=1 -} - -run_hook() { - msg ":: Triggering uevents..." - udevadm trigger --action=add --type=subsystems - udevadm trigger --action=add --type=devices - udevadm settle -} - -run_cleanuphook() { - udevadm control --exit - udevadm info --cleanup-db -} diff --git a/hacking/v3-busybox/copy_bin_with_libs.sh b/hacking/v3-busybox/copy_bin_with_libs.sh index ee2b532e..d850eb59 100755 --- a/hacking/v3-busybox/copy_bin_with_libs.sh +++ b/hacking/v3-busybox/copy_bin_with_libs.sh @@ -13,13 +13,17 @@ fi out_dir=$1 +# TODO: +# - various mkfs + #bin_list="udevadm bash fdisk mount syslinux umount rm mv" -bin_list="udevadm fdisk" +bin_list="udevadm fdisk sshd ssh-keygen" + +# debug tools +bin_list="$bin_list strace less" libs=$(mktemp /tmp/cdist-preos-libs.XXXXXXXXXXXXX) -mkdir -p "$out_dir/bin" "$out_dir/lib" - ( for bin in $bin_list; do src=$(which "$bin") @@ -31,30 +35,10 @@ mkdir -p "$out_dir/bin" "$out_dir/lib" while read lib; do - if echo $lib | grep '^/'; then + if echo $lib | grep -q '^/'; then # echo "Copying fqdn lib $lib ..." cp "$lib" "$out_dir/lib" - else - echo "How to copy $lib ?" fi done < "$libs" - rm -f "$libs" - -exit 0 - - -bin=$1 - -# Not used alternatives -# new_list=$(objdump -p /usr/bin/ls | awk '$1 ~ /NEEDED/ { print $2 }') -# ldconfig -p | grep 'libBrokenLocale.so.1$' | sed 's/.* => //' - - -for new_item in $new_list; do - - -done - -ldconfig -p | diff --git a/hacking/v3-busybox/create_initramfs.sh b/hacking/v3-busybox/create_initramfs.sh index 77606374..70bc77ed 100755 --- a/hacking/v3-busybox/create_initramfs.sh +++ b/hacking/v3-busybox/create_initramfs.sh @@ -1,6 +1,7 @@ #!/bin/sh -set -ex +set -e +here=$(pwd -P) initramfs_dir=$(mktemp -d /tmp/cdist-preos.XXXXXXX) # initramfs_dir=$1 @@ -22,10 +23,10 @@ cd "${initramfs_dir}" # Add Arch Linux initramfs with kernel modules included zcat /boot/initramfs-linux-fallback.img | cpio -i -# TODO: -# - ssh -# - various mkfs -# - libs +# Add helper binaries +"$here/copy_bin_with_libs.sh" "$initramfs_dir" >/dev/null 2>&1 +"$here/sshd_config.sh" "$initramfs_dir" + # Create new initramfs find . | cpio -H newc -o | gzip diff --git a/hacking/v3-busybox/init b/hacking/v3-busybox/init index 2c6d747a..bf6011f9 100755 --- a/hacking/v3-busybox/init +++ b/hacking/v3-busybox/init @@ -1,17 +1,16 @@ #!/bin/sh -#Create all the symlinks to /bin/busybox +# Create all the symlinks to /bin/busybox /bin/busybox --install -s -#Mount things needed by this script +# Mount things needed by this script mount -t proc proc /proc mount -t sysfs sysfs /sys -#Disable kernel messages from popping onto the screen +# Disable kernel messages from popping onto the screen echo 0 > /proc/sys/kernel/printk - -#Create device nodes +# Create device nodes mknod /dev/null c 1 3 mknod /dev/tty c 5 0 mdev -s @@ -24,5 +23,10 @@ udevadm trigger --action=add --type=subsystems udevadm trigger --action=add --type=devices udevadm settle +# /bin/sshd + +# Generate keys for sshd +echo "Generating keys for sshd" +ssh-keygen -A exec sh diff --git a/hacking/v3-busybox/sshd_config.sh b/hacking/v3-busybox/sshd_config.sh index 10a8f465..090aae8c 100755 --- a/hacking/v3-busybox/sshd_config.sh +++ b/hacking/v3-busybox/sshd_config.sh @@ -9,6 +9,7 @@ dir=$1 mkdir -p "$dir/etc/ssh" mkdir -p "$dir/root/.ssh" +mkdir -p "$dir/lib" cat << eof > "$dir/etc/ssh/sshd_config" # cdist generated - do not modify @@ -25,6 +26,20 @@ root:x:0:root nobody:x:99: eof +# libpam not found +# /etc/ssl/openssl.cnf +# /etc/gai.conf +# no nscd socket +# /etc/nsswitch.conf +# libnss_compat.so.2 +# libnss_files.so.2 + +# Fixes the user problem +cp /lib/libnss* "$dir/lib" + +# Required by sshd +mkdir -p "$dir/var/empty" + #cat << eof > "$dir/etc/shadow" #root:x:0:0:root:/root:/bin/bash #nobody:x:1:::::: From edf01900f3d0490fcc380b49e9a364496774f40a Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Tue, 16 Jun 2015 11:16:33 +0200 Subject: [PATCH 4/5] fix permissions for /var/empty Signed-off-by: Nico Schottelius --- hacking/v3-busybox/sshd_config.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/hacking/v3-busybox/sshd_config.sh b/hacking/v3-busybox/sshd_config.sh index 090aae8c..f801abc9 100755 --- a/hacking/v3-busybox/sshd_config.sh +++ b/hacking/v3-busybox/sshd_config.sh @@ -39,6 +39,7 @@ cp /lib/libnss* "$dir/lib" # Required by sshd mkdir -p "$dir/var/empty" +chmod 0700 "$dir/var/empty" #cat << eof > "$dir/etc/shadow" #root:x:0:0:root:/root:/bin/bash From c829be2d40d110dcdccb043df82f0ae95cffb181 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Tue, 16 Jun 2015 11:21:36 +0200 Subject: [PATCH 5/5] change owner to root in initramfs Signed-off-by: Nico Schottelius --- hacking/v3-busybox/create_initramfs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hacking/v3-busybox/create_initramfs.sh b/hacking/v3-busybox/create_initramfs.sh index 70bc77ed..61171d0d 100755 --- a/hacking/v3-busybox/create_initramfs.sh +++ b/hacking/v3-busybox/create_initramfs.sh @@ -29,7 +29,7 @@ zcat /boot/initramfs-linux-fallback.img | cpio -i # Create new initramfs -find . | cpio -H newc -o | gzip +find . | cpio -H newc -R root -o | gzip # echo ${initramfs_dir} rm -rf "${initramfs_dir}"