From 0d7367df9ad9d00c0eb3e51e02d75bb42a9ebbe8 Mon Sep 17 00:00:00 2001
From: Nico Schottelius <nico@nico-notebook.schottelius.org>
Date: Sun, 1 May 2022 14:04:50 +0200
Subject: [PATCH 01/35] freebsd: also bump the ports release

---
 opennebula-images/freebsd-build-opennebula-image.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/opennebula-images/freebsd-build-opennebula-image.sh b/opennebula-images/freebsd-build-opennebula-image.sh
index a03d5d3..c76f9fc 100755
--- a/opennebula-images/freebsd-build-opennebula-image.sh
+++ b/opennebula-images/freebsd-build-opennebula-image.sh
@@ -13,7 +13,7 @@ IMAGE_PATH=freebsd-$RELEASE-$(date -I).img.qcow2
 IMAGE_SIZE=10G
 
 DIST_BASE="https://download.freebsd.org/ftp/releases/$ARCH/$RELEASE"
-PORTS_BASE="https://download.freebsd.org/ftp/snapshots/$ARCH/12.1-STABLE"
+PORTS_BASE="https://download.freebsd.org/ftp/snapshots/$ARCH/13.0-STABLE"
 
 ONE_CONTEXT_PKG_URL="https://github.com/OpenNebula/addon-context-linux/releases/download/v5.12.0/one-context-5.12.0_1.txz"
 

From 1724933e877fa07a780bdc9a384f04c7538b846d Mon Sep 17 00:00:00 2001
From: Nico Schottelius <nico@nico-notebook.schottelius.org>
Date: Mon, 2 May 2022 10:23:16 +0200
Subject: [PATCH 02/35] openwrt/ipv4: output peer section at the end

---
 openwrt/openwrt-add-ipv4-vpn.sh | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/openwrt/openwrt-add-ipv4-vpn.sh b/openwrt/openwrt-add-ipv4-vpn.sh
index c97050f..0b1f795 100755
--- a/openwrt/openwrt-add-ipv4-vpn.sh
+++ b/openwrt/openwrt-add-ipv4-vpn.sh
@@ -24,10 +24,10 @@ public_key=$(echo $private_key | wg pubkey)
 
 case $my_wireguard_ip in
     185.155.29.*)
-        vpn_endpoint_pubkey=6BRnQ+dmeFzVCH9RbM1pbJ7u3y3qrl+zUzzYCmC88kE=
+        vpn_endpoint_pubkey="6BRnQ+dmeFzVCH9RbM1pbJ7u3y3qrl+zUzzYCmC88kE="
     ;;
     185.155.30.*)
-        vpn_endpoint_pubkey=5ach7pUQ57aa402LHz1MYh7lyBZS0GvBEw2PC6dMHW4=
+        vpn_endpoint_pubkey="5ach7pUQ57aa402LHz1MYh7lyBZS0GvBEw2PC6dMHW4="
         ;;
     *)
         echo "Unknown VPN host for IP $my_wireguard_ip" >&2
@@ -77,4 +77,10 @@ uci commit
 
 EOF
 
-echo "Host ${my_ip} uses ip ${my_wireguard_ip} with public key ${public_key}"
+echo "Host ${my_ip} uses ip ${my_wireguard_ip} with public key ${public_key}:"
+
+cat <<EOF
+[Peer]
+PublicKey = ${public_key}
+AllowedIPs = ${my_wireguard_ip}/32
+EOF

From 9da4900070ed8c171261effbb890dec5580fff49 Mon Sep 17 00:00:00 2001
From: Nico Schottelius <nico@nico-notebook.schottelius.org>
Date: Mon, 2 May 2022 10:30:03 +0200
Subject: [PATCH 03/35] openwrt/ipv4: add whitespace

---
 openwrt/openwrt-add-ipv4-vpn.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/openwrt/openwrt-add-ipv4-vpn.sh b/openwrt/openwrt-add-ipv4-vpn.sh
index 0b1f795..9e6fb52 100755
--- a/openwrt/openwrt-add-ipv4-vpn.sh
+++ b/openwrt/openwrt-add-ipv4-vpn.sh
@@ -80,6 +80,8 @@ EOF
 echo "Host ${my_ip} uses ip ${my_wireguard_ip} with public key ${public_key}:"
 
 cat <<EOF
+
+#
 [Peer]
 PublicKey = ${public_key}
 AllowedIPs = ${my_wireguard_ip}/32

From 0a9c8f8245da3fa24df5047f7d520c2aba4c34cc Mon Sep 17 00:00:00 2001
From: kjg <jinguk.kwon@ungleich.ch>
Date: Mon, 9 May 2022 14:53:51 +0000
Subject: [PATCH 04/35] [VNC] update get_info.py for Task#10544

---
 vnc_console_connection/get_info.py | 41 +++++++++++++++++++++++++++---
 1 file changed, 38 insertions(+), 3 deletions(-)

diff --git a/vnc_console_connection/get_info.py b/vnc_console_connection/get_info.py
index e98ae72..466417b 100755
--- a/vnc_console_connection/get_info.py
+++ b/vnc_console_connection/get_info.py
@@ -6,6 +6,7 @@ from xmltodict import parse
 from config import config
 from ldap_list import vm_list
 from db_export import setconn
+from db_export import delconn
 
 # Constants
 ALL_VM_STATES = -1
@@ -61,6 +62,22 @@ class VM:
         }
 
 
+class tVM:
+    def __init__(self, tvm: dict):
+        self.id = vm.get('ID', None)
+        self.owner = {
+            'id': vm.get('UID', None),
+            'name': vm.get('UNAME', None),
+            'gname': vm.get('GNAME', None)
+        }
+        self.name = vm.get('NAME', None)
+        self.status = vm.get('STATE', None)
+        if self.status:
+            self.status = VMState(int(self.status)).name.lower()
+
+        template = vm['TEMPLATE']
+
+
 def main():
     with RPCClient(opnserver) as rpc_client:
         success, response, *_ = rpc_client.one.vmpool.infoextended(
@@ -74,15 +91,33 @@ def main():
                     vm_user = vm['UNAME']
                     vm_id = vm['ID']
                     vm_port = vm['TEMPLATE']['GRAPHICS'].get('PORT')
-                    vm_host = vm['HISTORY_RECORDS']['HISTORY']['HOSTNAME'] 
+                    vm_host = vm['HISTORY_RECORDS']['HISTORY']['HOSTNAME']
                     if vm['UNAME'] == temp_uname:
-                        #print(entry.uid, vm_id, vm_port, vm_host)
+                        print(entry.uid, vm_id, vm_port, vm_host)
                         setconn(entry.uid, vm_id, vm_port, vm_host)
-                          
+
         else:
             print(response)
 
+    with RPCClient(opnserver) as rpc_client2:
+        success, response, *_ = rpc_client2.one.vmpool.infoextended(
+                 session_string , VmFilterFlag.AllResources.value, START_ID, END_ID, VMState.DONE.value
+        )
+        if success:
+            vms2 = json.loads(json.dumps(parse(response)))['VM_POOL']['VM']
+            for entry in vm_list.entries:
+                temp_uname = entry.uid
+                for i, tvm in enumerate(vms2):
+                    vm_user = tvm['UNAME']
+                    vm_id = tvm['ID']
+                    if tvm['UNAME'] == temp_uname:
+                        print("terminated VM : ", entry.uid, vm_id)
+                        delconn(entry.uid, vm_id)
+
+        else:
+            print(response)
 
 if __name__ == "__main__":
     main()
 
+    
\ No newline at end of file

From 16d7e8013360caa51cfe25abcb12d59a593c8978 Mon Sep 17 00:00:00 2001
From: kjg <jinguk.kwon@ungleich.ch>
Date: Mon, 9 May 2022 14:55:11 +0000
Subject: [PATCH 05/35] [VNC] update db_export.py for Task#10544

---
 vnc_console_connection/db_export.py | 47 ++++++++++++++++++++++++++---
 1 file changed, 42 insertions(+), 5 deletions(-)

diff --git a/vnc_console_connection/db_export.py b/vnc_console_connection/db_export.py
index d283eb4..b7fab12 100755
--- a/vnc_console_connection/db_export.py
+++ b/vnc_console_connection/db_export.py
@@ -1,5 +1,14 @@
 import psycopg2 as pg2
 from config import config
+import logging
+
+logger = logging.getLogger()
+logger.setLevel(logging.INFO)
+formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
+file_handler = logging.FileHandler('/var/log/desktop.log')
+file_handler.setFormatter(formatter)
+logger.addHandler(file_handler)
+
 
 db_name = config['db']['db_name']
 db_user = config['db']['db_user']
@@ -10,15 +19,15 @@ db_port = config['db']['db_port']
 def setconn(u_id, vm_num, vm_port,vm_host):
     conn = pg2.connect("host = localhost dbname={} user={} password={} port={}".format(db_name,db_user,db_password,db_port))
     conn.autocommit = True
-    cur = conn.cursor() 
+    cur = conn.cursor()
     cur.execute("SELECT entity_id FROM guacamole_entity WHERE name = '{}'".format(u_id))
     row = cur.fetchone()
     if row == None:
-        cur.execute("INSERT INTO guacamole_entity (name, type) VALUES ('{}','USER')".format(u_id))    
+        cur.execute("INSERT INTO guacamole_entity (name, type) VALUES ('{}','USER')".format(u_id))
         cur.execute("SELECT entity_id FROM guacamole_entity WHERE name = '{}'".format(u_id))
         row = cur.fetchone()
         en_id = row[0]
-        cur.execute("INSERT INTO guacamole_user(entity_id, password_hash, password_date) VALUES ('{}', '\x74657374', now())".format(en_id)) 
+        cur.execute("INSERT INTO guacamole_user(entity_id, password_hash, password_date) VALUES ('{}', '\x74657374', now())".format(en_id))
         print("create user : " , u_id)
     else:
         en_id = row[0]
@@ -43,7 +52,9 @@ def setconn(u_id, vm_num, vm_port,vm_host):
         #clipboard-encoding
         cur.execute("INSERT INTO guacamole_connection_parameter VALUES ('{}','clipboard-encoding','UTF-8')".format(cn_id))
         print("create connection")
-    else:    
+        log = "create connection : " + cn
+        logging.info(log)
+    else:
         cur.execute("SELECT MAX(connection_id) FROM guacamole_connection WHERE connection_name = '{}' AND parent_id IS NULL".format(cn))
         temp_cn_id = cur.fetchone()
         cn_id = temp_cn_id[0]
@@ -52,4 +63,30 @@ def setconn(u_id, vm_num, vm_port,vm_host):
         #cur.execute("UPDATE guacamole_connection_parameter SET parameter_value='UTF-8' where connection_id='{}' and parameter_name='clipboard-encoding'".format(cn_id))
         print("no connection")
     conn.close()
-    return None
\ No newline at end of file
+    return None
+
+
+def delconn(u_id, vm_num):
+    conn2 = pg2.connect("host = localhost dbname={} user={} password={} port={}".format(db_name,db_user,db_password,db_port))
+    conn2.autocommit = True
+    cur2 = conn2.cursor()
+    cur2.execute("SELECT entity_id FROM guacamole_entity WHERE name = '{}'".format(u_id))
+    row2 = cur2.fetchone()
+    if row2 == None:
+        print("no user : " , u_id)
+    else:
+        cn2 = "{}{}".format(u_id,vm_num)
+        cur2.execute("SELECT connection_id FROM guacamole_connection WHERE connection_name = '{}'".format(cn2))
+        row2 = cur2.fetchone()
+        if row2 != None:
+            print("cn_id : ", row2[0])
+            #delete connection
+            cur2.execute("SELECT connection_id from guacamole_connection_permission where connection_id = '{}'".format(row2[0]))
+            row2 = cur2.fetchone()
+            if row2 != None:
+                print("delete connection : ",row2[0])
+                cur2.execute("delete from guacamole_connection_permission where connection_id = '{}'".format(row2[0]))
+                log = "delete connection : " + cn2
+                logging.info(log)
+    conn2.close()
+    
\ No newline at end of file

From d5d327b93655f4929f06864e3ab87e6040e7af72 Mon Sep 17 00:00:00 2001
From: Nico Schottelius <nico@nico-notebook.schottelius.org>
Date: Fri, 3 Jun 2022 17:15:11 +0200
Subject: [PATCH 06/35] Update ubuntu build script to build 22.04

---
 opennebula-images/ubuntu-build-opennebula-image.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/opennebula-images/ubuntu-build-opennebula-image.sh b/opennebula-images/ubuntu-build-opennebula-image.sh
index 01a4c3b..6f1db12 100755
--- a/opennebula-images/ubuntu-build-opennebula-image.sh
+++ b/opennebula-images/ubuntu-build-opennebula-image.sh
@@ -9,14 +9,14 @@ set -e
 set -x
 
 # XXX: Handle command-line arguments?
-RELEASE=groovy # 20.10
+RELEASE=jammy # 22.04 LTS
 ARCH=amd64
 IMAGE_PATH=ubuntu-$RELEASE-$(date --iso-8601).img.qcow2
 IMAGE_SIZE=10G
 NBD_DEVICE=/dev/nbd0
 
 # TODO: find the package definition and built ourself, publish in some RPM repository.
-ONE_CONTEXT_DEB_URL="https://github.com/OpenNebula/addon-context-linux/releases/download/v5.10.0/one-context_5.10.0-1.deb"
+ONE_CONTEXT_DEB_URL="https://github.com/OpenNebula/addon-context-linux/releases/download/v6.4.0/one-context_6.4.0-1.deb"
 ONE_CONTEXT_DEB_PATH=/root/one-context.deb
 
 cleanup() {

From 4fbd39ea1e4f3b9f73cadadd60e4427dae40ac83 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B8rn=20=C3=85ne=20de=20Jong?= <git@jornane.no>
Date: Sun, 1 May 2022 13:04:27 +0200
Subject: [PATCH 07/35] Add FreeBSD on ZFS install script

---
 .../freebsd-zfs-build-opennebula-image.sh     | 140 ++++++++++++++++++
 1 file changed, 140 insertions(+)
 create mode 100644 opennebula-images/freebsd-zfs-build-opennebula-image.sh

diff --git a/opennebula-images/freebsd-zfs-build-opennebula-image.sh b/opennebula-images/freebsd-zfs-build-opennebula-image.sh
new file mode 100644
index 0000000..a58edac
--- /dev/null
+++ b/opennebula-images/freebsd-zfs-build-opennebula-image.sh
@@ -0,0 +1,140 @@
+#!/bin/sh
+
+# This script generates FreeBSD images for OpenNebula, being heavily inspired
+# from srht's FreeBSD build image definition. It assumes running on a FreeBSD host.
+# ZFS installation as documented by the FreeBSD project
+# https://wiki.freebsd.org/RootOnZFS/GPTZFSBoot
+
+set -e
+set -x
+
+# XXX: Handle command-line arguments?
+RELEASE=13.0-RELEASE
+ARCH=amd64
+IMAGE_PATH=freebsd-$RELEASE-$(date -I).img.qcow2
+IMAGE_SIZE=10G
+
+DIST_BASE="https://download.freebsd.org/ftp/releases/$ARCH/$RELEASE"
+ZPOOL=zroot
+
+ONE_CONTEXT_PKG_URL="https://github.com/OpenNebula/addon-context-linux/releases/download/v6.2.0/one-context-6.2.0_1.txz"
+
+if [ "$(zpool list -Ho name $ZPOOL)" = $ZPOOL ]; then
+	echo "The pool $ZPOOL is already imported." >&2
+	exit 1
+fi
+
+cleanup() {
+	sync || true
+	umount /mnt/dev || true
+	zpool export $ZPOOL || true
+	mdconfig -du md0 || true
+}
+trap cleanup EXIT
+
+if [ "$(whoami)" != 'root' ]; then
+	echo "This script must be run as root." >&2
+	exit 1
+fi
+
+# Allocate and partition/format disk image.
+# We use "legacy boot", aka BIOS boot
+# Preferably, we'd use EFI boot here, check the FreeBSD wiki link in the header
+# to see how to make that change, but make the EFI partition larger
+disk=$(mktemp)
+truncate -s 6G $disk
+mdconfig -a -t vnode -f $disk -u md0
+gpart create -s gpt /dev/md0
+gpart add -t freebsd-boot -l bootfs -b 40 -s 512K md0
+gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 md0
+gpart add -t freebsd-zfs -l zfs0 -b 1M -s 5G md0
+zpool create -O compression=on -o ashift=12 -o altroot=/mnt -m none $ZPOOL md0p2
+
+zfs create -o mountpoint=none                                  $ZPOOL/ROOT
+zfs create -o mountpoint=/ -o canmount=noauto                  $ZPOOL/ROOT/default
+mount -t zfs $ZPOOL/ROOT/default /mnt
+zpool set bootfs=$ZPOOL/ROOT/default $ZPOOL
+
+zfs create -o mountpoint=/tmp  -o exec=on      -o setuid=off   $ZPOOL/tmp
+zfs create -o canmount=off -o mountpoint=/usr                  $ZPOOL/usr
+zfs create                                                     $ZPOOL/usr/home
+zfs create                     -o exec=off     -o setuid=off   $ZPOOL/usr/src
+zfs create                                                     $ZPOOL/usr/obj
+zfs create -o mountpoint=/usr/ports            -o setuid=off   $ZPOOL/usr/ports
+zfs create                     -o exec=off     -o setuid=off   $ZPOOL/usr/ports/distfiles
+zfs create                     -o exec=off     -o setuid=off   $ZPOOL/usr/ports/packages
+zfs create -o canmount=off -o mountpoint=/var                  $ZPOOL/var
+zfs create                     -o exec=off     -o setuid=off   $ZPOOL/var/audit
+zfs create                     -o exec=off     -o setuid=off   $ZPOOL/var/crash
+zfs create                     -o exec=off     -o setuid=off   $ZPOOL/var/log
+zfs create -o atime=on         -o exec=off     -o setuid=off   $ZPOOL/var/mail
+zfs create                     -o exec=on      -o setuid=off   $ZPOOL/var/tmp
+
+ln -s /usr/home /mnt/home
+chmod 1777 /mnt/var/tmp
+chmod 1777 /mnt/tmp
+
+# Mount allocated image.
+mkdir -p /mnt/dev
+mount -t devfs devfs /mnt/dev
+
+# Download and extract base system.
+dist_files="kernel.txz base.txz"
+dist_dir="/usr/freebsd-dist/$ARCH/$RELEASE"
+
+mkdir -p "$dist_dir"
+for f in $dist_files
+do
+	fetch -m -o "$dist_dir/$f" "$DIST_BASE/$f"
+	tar -C /mnt -xJf "$dist_dir/$f"
+done
+
+# Configure new system.
+printf '# Device\tMountpoint\tFStype\tOptions\tDump\tPass#\n' >/mnt/etc/fstab
+touch /mnt/firstboot
+sysrc -f /mnt/boot/loader.conf zfs_load=YES autoboot_delay=-1
+
+sysrc -f /mnt/etc/rc.conf ntpd_enable=YES sshd_enable=YES growfs_enable=YES hostname=freebsd
+
+cp /etc/resolv.conf /mnt/etc/resolv.conf
+tzsetup -s -C /mnt UTC
+
+cat >>/mnt/etc/ssh/sshd_config <<EOF
+PermitRootLogin yes
+PasswordAuthentication no
+PermitEmptyPasswords no
+EOF
+
+mkdir -p /mnt/usr/local/etc/pkg/repos/
+# It doesn't appear to be necessary to use "latest", "quarterly" is new enough
+#sed -es@quarterly@latest@ </mnt/etc/pkg/FreeBSD.conf >/mnt/usr/local/etc/pkg/repos/FreeBSD.conf
+
+# freebsd-update is only supported for RELEASE
+if [ "${release%-RELEASE}" != "$RELEASE" ]
+then
+	env PAGER=true /usr/sbin/freebsd-update \
+		-b /mnt \
+		--currently-running "$RELEASE" \
+		--not-running-from-cron -F \
+		fetch install
+fi
+
+env ASSUME_ALWAYS_YES=YES pkg -c /mnt bootstrap -f
+
+fetch -m -o /mnt/one-context.txz "$ONE_CONTEXT_PKG_URL"
+# OpenNebula has dependencies, but these are not included in the package for some reason
+# https://github.com/OpenNebula/addon-context-linux/blob/40efc929487b2955e6f32643853a5cdc93c548da/targets.sh#L25
+# It would be useful to see if there is an alternative to OpenNebula without so many dependencies,
+# so we can run on FreeBSD base, and avoid breaking OpenNebula when the admin removes a dependency.
+env ASSUME_ALWAYS_YES=YES pkg -c /mnt install sudo bash curl base64 ruby open-vm-tools-nox11 gawk virt-what one-context.txz
+rm /mnt/one-context.txz
+
+cleanup
+trap : EXIT
+
+mkdir -p "$ARCH"
+qemu-img convert -f raw -O qcow2 "$disk" "$IMAGE_PATH"
+rm "$disk"
+
+# Filesystem will be enlarged by growfs(7) on next startup
+qemu-img resize "$IMAGE_PATH" "$IMAGE_SIZE"

From 059a0d6bae81f23cded593451140ef8f49f5e115 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B8rn=20=C3=85ne=20de=20Jong?= <git@jornane.no>
Date: Sun, 1 May 2022 14:22:45 +0200
Subject: [PATCH 08/35] Fix overly zealous double-zpool check

---
 opennebula-images/freebsd-zfs-build-opennebula-image.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/opennebula-images/freebsd-zfs-build-opennebula-image.sh b/opennebula-images/freebsd-zfs-build-opennebula-image.sh
index a58edac..fec98e4 100644
--- a/opennebula-images/freebsd-zfs-build-opennebula-image.sh
+++ b/opennebula-images/freebsd-zfs-build-opennebula-image.sh
@@ -19,7 +19,7 @@ ZPOOL=zroot
 
 ONE_CONTEXT_PKG_URL="https://github.com/OpenNebula/addon-context-linux/releases/download/v6.2.0/one-context-6.2.0_1.txz"
 
-if [ "$(zpool list -Ho name $ZPOOL)" = $ZPOOL ]; then
+if [ "$(zpool list -Ho name $ZPOOL || true)" = $ZPOOL ]; then
 	echo "The pool $ZPOOL is already imported." >&2
 	exit 1
 fi

From eaa5ed671d44eb74928d388cd5791c2d87f7fa1a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B8rn=20=C3=85ne=20de=20Jong?= <git@jornane.no>
Date: Sun, 1 May 2022 15:51:22 +0200
Subject: [PATCH 09/35] Make freebsd-zfs-build-opennebula-image.sh executable

---
 opennebula-images/freebsd-zfs-build-opennebula-image.sh | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 mode change 100644 => 100755 opennebula-images/freebsd-zfs-build-opennebula-image.sh

diff --git a/opennebula-images/freebsd-zfs-build-opennebula-image.sh b/opennebula-images/freebsd-zfs-build-opennebula-image.sh
old mode 100644
new mode 100755

From c4b91aa64ab5ce368287237e25899b595e2f6585 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B8rn=20=C3=85ne=20de=20Jong?= <git@jornane.no>
Date: Sun, 1 May 2022 15:58:09 +0200
Subject: [PATCH 10/35] Remove caches before creating the image

---
 opennebula-images/freebsd-zfs-build-opennebula-image.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/opennebula-images/freebsd-zfs-build-opennebula-image.sh b/opennebula-images/freebsd-zfs-build-opennebula-image.sh
index fec98e4..4328416 100755
--- a/opennebula-images/freebsd-zfs-build-opennebula-image.sh
+++ b/opennebula-images/freebsd-zfs-build-opennebula-image.sh
@@ -117,6 +117,7 @@ then
 		--currently-running "$RELEASE" \
 		--not-running-from-cron -F \
 		fetch install
+	rm -rf /mnt/var/db/freebsd-update/*
 fi
 
 env ASSUME_ALWAYS_YES=YES pkg -c /mnt bootstrap -f
@@ -127,6 +128,7 @@ fetch -m -o /mnt/one-context.txz "$ONE_CONTEXT_PKG_URL"
 # It would be useful to see if there is an alternative to OpenNebula without so many dependencies,
 # so we can run on FreeBSD base, and avoid breaking OpenNebula when the admin removes a dependency.
 env ASSUME_ALWAYS_YES=YES pkg -c /mnt install sudo bash curl base64 ruby open-vm-tools-nox11 gawk virt-what one-context.txz
+env ASSUME_ALWAYS_YES=YES pkg -c /mnt clean --all
 rm /mnt/one-context.txz
 
 cleanup

From 9e926a90dce2485990bdf86178491bfb2024f3ca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B8rn=20=C3=85ne=20de=20Jong?= <git@jornane.no>
Date: Sun, 1 May 2022 16:02:54 +0200
Subject: [PATCH 11/35] Remove the trap, THEN cleanup

---
 opennebula-images/freebsd-zfs-build-opennebula-image.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/opennebula-images/freebsd-zfs-build-opennebula-image.sh b/opennebula-images/freebsd-zfs-build-opennebula-image.sh
index 4328416..4964c16 100755
--- a/opennebula-images/freebsd-zfs-build-opennebula-image.sh
+++ b/opennebula-images/freebsd-zfs-build-opennebula-image.sh
@@ -131,8 +131,8 @@ env ASSUME_ALWAYS_YES=YES pkg -c /mnt install sudo bash curl base64 ruby open-vm
 env ASSUME_ALWAYS_YES=YES pkg -c /mnt clean --all
 rm /mnt/one-context.txz
 
-cleanup
 trap : EXIT
+cleanup
 
 mkdir -p "$ARCH"
 qemu-img convert -f raw -O qcow2 "$disk" "$IMAGE_PATH"

From 2263c0df2e696d69496856c8f5344456855c0a9b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B8rn=20=C3=85ne=20de=20Jong?= <git@jornane.no>
Date: Sun, 1 May 2022 17:14:27 +0200
Subject: [PATCH 12/35] Shorter duplicate zpool check

---
 opennebula-images/freebsd-zfs-build-opennebula-image.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/opennebula-images/freebsd-zfs-build-opennebula-image.sh b/opennebula-images/freebsd-zfs-build-opennebula-image.sh
index 4964c16..e0d687b 100755
--- a/opennebula-images/freebsd-zfs-build-opennebula-image.sh
+++ b/opennebula-images/freebsd-zfs-build-opennebula-image.sh
@@ -19,7 +19,7 @@ ZPOOL=zroot
 
 ONE_CONTEXT_PKG_URL="https://github.com/OpenNebula/addon-context-linux/releases/download/v6.2.0/one-context-6.2.0_1.txz"
 
-if [ "$(zpool list -Ho name $ZPOOL || true)" = $ZPOOL ]; then
+if zpool list -Ho name $ZPOOL 2>/dev/null; then
 	echo "The pool $ZPOOL is already imported." >&2
 	exit 1
 fi

From a389fdd795b5bcaff1bc6ae5317a35ddc016c1db Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B8rn=20=C3=85ne=20de=20Jong?= <git@jornane.no>
Date: Sun, 1 May 2022 17:14:42 +0200
Subject: [PATCH 13/35] Install qemu-tools as part of the script

---
 opennebula-images/freebsd-zfs-build-opennebula-image.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/opennebula-images/freebsd-zfs-build-opennebula-image.sh b/opennebula-images/freebsd-zfs-build-opennebula-image.sh
index e0d687b..363cee3 100755
--- a/opennebula-images/freebsd-zfs-build-opennebula-image.sh
+++ b/opennebula-images/freebsd-zfs-build-opennebula-image.sh
@@ -37,6 +37,8 @@ if [ "$(whoami)" != 'root' ]; then
 	exit 1
 fi
 
+env ASSUME_ALWAYS_YES=YES pkg install -y qemu-tools
+
 # Allocate and partition/format disk image.
 # We use "legacy boot", aka BIOS boot
 # Preferably, we'd use EFI boot here, check the FreeBSD wiki link in the header

From ad5e1d5fa3a3d761256ef3608ebd78bf807b9bcd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B8rn=20=C3=85ne=20de=20Jong?= <git@jornane.no>
Date: Sun, 1 May 2022 17:14:53 +0200
Subject: [PATCH 14/35] Add -zfs to image name

---
 opennebula-images/freebsd-zfs-build-opennebula-image.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/opennebula-images/freebsd-zfs-build-opennebula-image.sh b/opennebula-images/freebsd-zfs-build-opennebula-image.sh
index 363cee3..fcb9a33 100755
--- a/opennebula-images/freebsd-zfs-build-opennebula-image.sh
+++ b/opennebula-images/freebsd-zfs-build-opennebula-image.sh
@@ -11,7 +11,7 @@ set -x
 # XXX: Handle command-line arguments?
 RELEASE=13.0-RELEASE
 ARCH=amd64
-IMAGE_PATH=freebsd-$RELEASE-$(date -I).img.qcow2
+IMAGE_PATH=freebsd-zfs-$RELEASE-$(date -I).img.qcow2
 IMAGE_SIZE=10G
 
 DIST_BASE="https://download.freebsd.org/ftp/releases/$ARCH/$RELEASE"

From 805ad9228b23fa648cd5cda98154b6985bb955f6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B8rn=20=C3=85ne=20de=20Jong?= <git@jornane.no>
Date: Sun, 1 May 2022 22:19:23 +0200
Subject: [PATCH 15/35] Do not create empty pkg directory

---
 opennebula-images/freebsd-zfs-build-opennebula-image.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/opennebula-images/freebsd-zfs-build-opennebula-image.sh b/opennebula-images/freebsd-zfs-build-opennebula-image.sh
index fcb9a33..41b845f 100755
--- a/opennebula-images/freebsd-zfs-build-opennebula-image.sh
+++ b/opennebula-images/freebsd-zfs-build-opennebula-image.sh
@@ -107,8 +107,8 @@ PasswordAuthentication no
 PermitEmptyPasswords no
 EOF
 
-mkdir -p /mnt/usr/local/etc/pkg/repos/
 # It doesn't appear to be necessary to use "latest", "quarterly" is new enough
+#mkdir -p /mnt/usr/local/etc/pkg/repos/
 #sed -es@quarterly@latest@ </mnt/etc/pkg/FreeBSD.conf >/mnt/usr/local/etc/pkg/repos/FreeBSD.conf
 
 # freebsd-update is only supported for RELEASE

From 33cc65ecc266068aa1e8f92d8db25e18c9f612a8 Mon Sep 17 00:00:00 2001
From: Nico Schottelius <nico@nico-notebook.schottelius.org>
Date: Sun, 12 Jun 2022 08:37:24 +0200
Subject: [PATCH 16/35] Upgrade to FreeBSD 13 and sync with ZFS script

---
 .../freebsd-build-opennebula-image.sh         | 40 ++++++++-----------
 1 file changed, 17 insertions(+), 23 deletions(-)

diff --git a/opennebula-images/freebsd-build-opennebula-image.sh b/opennebula-images/freebsd-build-opennebula-image.sh
index c76f9fc..af5e6a8 100755
--- a/opennebula-images/freebsd-build-opennebula-image.sh
+++ b/opennebula-images/freebsd-build-opennebula-image.sh
@@ -13,9 +13,8 @@ IMAGE_PATH=freebsd-$RELEASE-$(date -I).img.qcow2
 IMAGE_SIZE=10G
 
 DIST_BASE="https://download.freebsd.org/ftp/releases/$ARCH/$RELEASE"
-PORTS_BASE="https://download.freebsd.org/ftp/snapshots/$ARCH/13.0-STABLE"
 
-ONE_CONTEXT_PKG_URL="https://github.com/OpenNebula/addon-context-linux/releases/download/v5.12.0/one-context-5.12.0_1.txz"
+ONE_CONTEXT_PKG_URL="https://github.com/OpenNebula/addon-context-linux/releases/download/v6.2.0/one-context-6.2.0_1.txz"
 
 cleanup() {
 	sync || true
@@ -30,6 +29,8 @@ if [ "$(whoami)" != 'root' ]; then
 	exit 1
 fi
 
+env ASSUME_ALWAYS_YES=YES pkg install -y qemu-tools
+
 # Allocate and partition/format disk image.
 disk=$(mktemp)
 truncate -s 6G $disk
@@ -59,14 +60,9 @@ done
 # Configure new system.
 echo "/dev/gpt/rootfs / ufs rw,noatime 1 1" >/mnt/etc/fstab
 touch /mnt/firstboot
-echo 'autoboot_delay="-1"' >>/mnt/boot/loader.conf
+sysrc -f /mnt/boot/loader.conf autoboot_delay=-1
 
-cat >>/mnt/etc/rc.conf <<EOF
-ntpd_enable=YES
-sshd_enable=YES
-growfs_enable=YES
-hostname="freebsd"
-EOF
+sysrc -f /mnt/etc/rc.conf ntpd_enable=YES sshd_enable=YES growfs_enable=YES hostname=freebsd
 
 cp /etc/resolv.conf /mnt/etc/resolv.conf
 tzsetup -s -C /mnt UTC
@@ -77,13 +73,9 @@ PasswordAuthentication no
 PermitEmptyPasswords no
 EOF
 
-mkdir -p /mnt/usr/local/etc/pkg/repos/
-cat >/mnt/usr/local/etc/pkg/repos/FreeBSD.conf <<EOF
-FreeBSD: {
-	url: pkg+http://pkg.FreeBSD.org/\$\{ABI\}/latest
-	enabled: yes
-}
-EOF
+# It doesn't appear to be necessary to use "latest", "quarterly" is new enough
+#mkdir -p /mnt/usr/local/etc/pkg/repos/
+#sed -es@quarterly@latest@ </mnt/etc/pkg/FreeBSD.conf >/mnt/usr/local/etc/pkg/repos/FreeBSD.conf
 
 # freebsd-update is only supported for RELEASE
 if [ "${release%-RELEASE}" != "$RELEASE" ]
@@ -93,20 +85,22 @@ then
 		--currently-running "$RELEASE" \
 		--not-running-from-cron -F \
 		fetch install
+	rm -rf /mnt/var/db/freebsd-update/*
 fi
 
 env ASSUME_ALWAYS_YES=YES pkg -c /mnt bootstrap -f
-env ASSUME_ALWAYS_YES=YES pkg -c /mnt install bash curl
 
-curl -L "$ONE_CONTEXT_PKG_URL" -o /mnt/one-context.txz
-env ASSUME_ALWAYS_YES=YES pkg -c /mnt add one-context.txz
+fetch -m -o /mnt/one-context.txz "$ONE_CONTEXT_PKG_URL"
+# OpenNebula has dependencies, but these are not included in the package for some reason
+# https://github.com/OpenNebula/addon-context-linux/blob/40efc929487b2955e6f32643853a5cdc93c548da/targets.sh#L25
+# It would be useful to see if there is an alternative to OpenNebula without so many dependencies,
+# so we can run on FreeBSD base, and avoid breaking OpenNebula when the admin removes a dependency.
+env ASSUME_ALWAYS_YES=YES pkg -c /mnt install sudo bash curl base64 ruby open-vm-tools-nox11 gawk virt-what one-context.txz
+env ASSUME_ALWAYS_YES=YES pkg -c /mnt clean --all
 rm /mnt/one-context.txz
 
-fetch -m -o "$dist_dir/ports.txz" "$PORTS_BASE/ports.txz"
-tar -C /mnt -xJf "$dist_dir/ports.txz"
-
-cleanup
 trap : EXIT
+cleanup
 
 mkdir -p "$ARCH"
 qemu-img convert -f raw -O qcow2 "$disk" "$IMAGE_PATH"

From f24303d021b6af46870be237b58bdb6d01e96ebd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B8rn=20=C3=85ne=20de=20Jong?= <git@jornane.no>
Date: Mon, 2 May 2022 09:27:59 +0200
Subject: [PATCH 17/35] Make the image zstd-19 compressed

---
 opennebula-images/freebsd-zfs-build-opennebula-image.sh | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/opennebula-images/freebsd-zfs-build-opennebula-image.sh b/opennebula-images/freebsd-zfs-build-opennebula-image.sh
index 41b845f..d3a2847 100755
--- a/opennebula-images/freebsd-zfs-build-opennebula-image.sh
+++ b/opennebula-images/freebsd-zfs-build-opennebula-image.sh
@@ -53,7 +53,9 @@ gpart add -t freebsd-zfs -l zfs0 -b 1M -s 5G md0
 zpool create -O compression=on -o ashift=12 -o altroot=/mnt -m none $ZPOOL md0p2
 
 zfs create -o mountpoint=none                                  $ZPOOL/ROOT
-zfs create -o mountpoint=/ -o canmount=noauto                  $ZPOOL/ROOT/default
+# We set zstd-19 so our image will become smaller, at the cost of a longer build time
+# At the end, we remove zstd-19 again, but all files already written will remain zstd-19 compressed
+zfs create -o mountpoint=/ -o canmount=noauto -o compression=zstd-19 $ZPOOL/ROOT/default
 mount -t zfs $ZPOOL/ROOT/default /mnt
 zpool set bootfs=$ZPOOL/ROOT/default $ZPOOL
 
@@ -133,6 +135,11 @@ env ASSUME_ALWAYS_YES=YES pkg -c /mnt install sudo bash curl base64 ruby open-vm
 env ASSUME_ALWAYS_YES=YES pkg -c /mnt clean --all
 rm /mnt/one-context.txz
 
+# Remove zstd-19 again, as it would be too slow for daily use.
+# But all files that were already writtne will remain zstd-19 compressed.
+# zstd-19 is slow to compress but fast to read.
+zfs inherit compression $ZPOOL/ROOT/default
+
 trap : EXIT
 cleanup
 

From 31431ef8db7be6784c5b60edd5c4031c0e8761d1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B8rn=20=C3=85ne=20de=20Jong?= <git@jornane.no>
Date: Mon, 2 May 2022 09:43:56 +0200
Subject: [PATCH 18/35] Remove mountpoints not in an 13.0-RELASE install

---
 opennebula-images/freebsd-zfs-build-opennebula-image.sh | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/opennebula-images/freebsd-zfs-build-opennebula-image.sh b/opennebula-images/freebsd-zfs-build-opennebula-image.sh
index d3a2847..39992ce 100755
--- a/opennebula-images/freebsd-zfs-build-opennebula-image.sh
+++ b/opennebula-images/freebsd-zfs-build-opennebula-image.sh
@@ -63,10 +63,7 @@ zfs create -o mountpoint=/tmp  -o exec=on      -o setuid=off   $ZPOOL/tmp
 zfs create -o canmount=off -o mountpoint=/usr                  $ZPOOL/usr
 zfs create                                                     $ZPOOL/usr/home
 zfs create                     -o exec=off     -o setuid=off   $ZPOOL/usr/src
-zfs create                                                     $ZPOOL/usr/obj
 zfs create -o mountpoint=/usr/ports            -o setuid=off   $ZPOOL/usr/ports
-zfs create                     -o exec=off     -o setuid=off   $ZPOOL/usr/ports/distfiles
-zfs create                     -o exec=off     -o setuid=off   $ZPOOL/usr/ports/packages
 zfs create -o canmount=off -o mountpoint=/var                  $ZPOOL/var
 zfs create                     -o exec=off     -o setuid=off   $ZPOOL/var/audit
 zfs create                     -o exec=off     -o setuid=off   $ZPOOL/var/crash

From 7bac0537572b30034ee3c47380db7973ae3f1403 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B8rn=20=C3=85ne=20de=20Jong?= <git@jornane.no>
Date: Tue, 24 May 2022 23:05:09 +0200
Subject: [PATCH 19/35] Update FreeBSD 13.1 and remove dependencies

- Upgrade to 13.1-RELEASE
- Build ZFS and UFS images in same script
- Replace OpenNebula's addon-context-linux script with a new script
  - New script does not have dependency on bash, Python and Ruby
- pkg is no longer preinstalled, but FreeBSD still offers on first invocation
---
 .../freebsd-build-opennebula-image.sh         | 178 +++++++++++++-----
 .../freebsd-zfs-build-opennebula-image.sh     | 148 ---------------
 2 files changed, 129 insertions(+), 197 deletions(-)
 delete mode 100755 opennebula-images/freebsd-zfs-build-opennebula-image.sh

diff --git a/opennebula-images/freebsd-build-opennebula-image.sh b/opennebula-images/freebsd-build-opennebula-image.sh
index af5e6a8..4c4d841 100755
--- a/opennebula-images/freebsd-build-opennebula-image.sh
+++ b/opennebula-images/freebsd-build-opennebula-image.sh
@@ -2,25 +2,43 @@
 
 # This script generates FreeBSD images for OpenNebula, being heavily inspired
 # from srht's FreeBSD build image definition. It assumes running on a FreeBSD host.
+# ZFS installation as documented by the FreeBSD project
+# https://wiki.freebsd.org/RootOnZFS/GPTZFSBoot
 
 set -e
 set -x
 
 # XXX: Handle command-line arguments?
-RELEASE=13.0-RELEASE
+RELEASE=13.1-RELEASE
 ARCH=amd64
-IMAGE_PATH=freebsd-$RELEASE-$(date -I).img.qcow2
+IMAGE_PATH_ZFS=freebsd-zfs-$RELEASE-$(date -I).img.qcow2
+IMAGE_PATH_UFS=freebsd-ufs-$RELEASE-$(date -I).img.qcow2
 IMAGE_SIZE=10G
 
 DIST_BASE="https://download.freebsd.org/ftp/releases/$ARCH/$RELEASE"
+CLSETUP_COMMIT=82d7d16ff14e1893f06f39788bb7cd8604284583
+CLSETUP_URL="https://git.sr.ht/~jornane/clsetup/archive/$CLSETUP_COMMIT.tar.gz"
+ZPOOL=zroot
 
-ONE_CONTEXT_PKG_URL="https://github.com/OpenNebula/addon-context-linux/releases/download/v6.2.0/one-context-6.2.0_1.txz"
+ZFSTARGET="$(mktemp -d /var/tmp/zfsbuild.XXXXX)"
+UFSTARGET="$(mktemp -d /var/tmp/ufsbuild.XXXXX)"
+CLSETUP_WORK="$(mktemp -d /var/tmp/clsetup.XXXXX)"
+
+if zpool list -Ho name $ZPOOL 2>/dev/null; then
+	echo "The pool $ZPOOL is already imported." >&2
+	exit 1
+fi
 
 cleanup() {
-	sync || true
-	umount /mnt/dev || true
-	umount /mnt || true
-	mdconfig -du md0 || true
+	sync ||:
+	umount "$UFSTARGET/dev" ||:
+	umount "$UFSTARGET/tmp" ||:
+	umount "$UFSTARGET/var/tmp" ||:
+	umount "$UFSTARGET" ||:
+	zpool export $ZPOOL ||:
+	mdconfig -du md0 ||:
+	mdconfig -du md1 ||:
+	rm -rf "$CLSETUP_WORK"
 }
 trap cleanup EXIT
 
@@ -29,82 +47,144 @@ if [ "$(whoami)" != 'root' ]; then
 	exit 1
 fi
 
-env ASSUME_ALWAYS_YES=YES pkg install -y qemu-tools
+if ! command -v rsync >/dev/null
+then
+	env ASSUME_ALWAYS_YES=YES pkg install -y rsync
+fi
+if ! command -v qemu-img >/dev/null
+then
+	env ASSUME_ALWAYS_YES=YES pkg install -y qemu-tools
+fi
 
-# Allocate and partition/format disk image.
-disk=$(mktemp)
-truncate -s 6G $disk
-mdconfig -a -t vnode -f $disk -u md0
-gpart create -s gpt /dev/md0
-gpart add -t freebsd-boot -l bootfs -b 40 -s 512K md0
-gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 md0
-gpart add -t freebsd-ufs -l rootfs -b 1M -s 5G md0
-newfs -U /dev/md0p2
+fetch -qo- "$CLSETUP_URL" | tar -C "$CLSETUP_WORK" --strip-components 1 -xzf-
+
+ufsdisk=$(mktemp /var/tmp/ufsdisk.XXXXX)
+truncate -s 6G $ufsdisk
+mdconfig -a -t vnode -f $ufsdisk -u md1
+gpart create -s gpt /dev/md1
+gpart add -t freebsd-boot -l bootfs -b 40 -s 512K md1
+gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 md1
+gpart add -t freebsd-ufs -l rootfs -b 1M -s 5G md1
+newfs -U /dev/md1p2
 
 # Mount allocated image.
-mount /dev/md0p2 /mnt
-mkdir -p /mnt/dev
-mount -t devfs devfs /mnt/dev
+mount /dev/md1p2 "$UFSTARGET"
+
+# Allocate and partition/format disk image.
+# We use "legacy boot", aka BIOS boot
+# Preferably, we'd use EFI boot here, check the FreeBSD wiki link in the header
+# to see how to make that change, but make the EFI partition larger
+zfsdisk=$(mktemp /var/tmp/zfsdisk.XXXXX)
+truncate -s 6G $zfsdisk
+mdconfig -a -t vnode -f $zfsdisk -u md0
+gpart create -s gpt /dev/md0
+gpart add -t freebsd-boot -l bootfs -b 40 -s 512K md0
+gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 md0
+gpart add -t freebsd-zfs -l zfs0 -b 1M -s 5G md0
+zpool create -O compression=on -o ashift=12 -o altroot="$ZFSTARGET" -m none $ZPOOL md0p2
+
+zfs create -o mountpoint=none                                  $ZPOOL/ROOT
+# We set zstd-19 so our image will become smaller, at the cost of a longer build time.
+# At the end of the process, we disable zstd-19 again using zfs inherit compression,
+# but all files already written will remain zstd-19 compressed
+zfs create -o mountpoint=/ -o canmount=noauto                  $ZPOOL/ROOT/default
+mount -t zfs $ZPOOL/ROOT/default "$ZFSTARGET"
+zpool set bootfs=$ZPOOL/ROOT/default $ZPOOL
+
+zfs create -o mountpoint=/tmp  -o exec=on      -o setuid=off   $ZPOOL/tmp
+zfs create -o canmount=off -o mountpoint=/usr                  $ZPOOL/usr
+zfs create                                                     $ZPOOL/usr/home
+zfs create                     -o exec=off     -o setuid=off   $ZPOOL/usr/src
+zfs create -o mountpoint=/usr/ports            -o setuid=off   $ZPOOL/usr/ports
+zfs create -o canmount=off -o mountpoint=/var                  $ZPOOL/var
+zfs create                     -o exec=off     -o setuid=off   $ZPOOL/var/audit
+zfs create                     -o exec=off     -o setuid=off   $ZPOOL/var/crash
+zfs create                     -o exec=off     -o setuid=off   $ZPOOL/var/log
+zfs create -o atime=on         -o exec=off     -o setuid=off   $ZPOOL/var/mail
+zfs create                     -o exec=on      -o setuid=off   $ZPOOL/var/tmp
+
+ln -s /usr/home "$ZFSTARGET/home"
+chmod 1777 "$ZFSTARGET/var/tmp"
+chmod 1777 "$ZFSTARGET/tmp"
+
+# Mount dev in chroot
+mkdir -p "$UFSTARGET/dev"
+mount -t devfs devfs "$UFSTARGET/dev"
 
 # Download and extract base system.
 dist_files="kernel.txz base.txz"
 dist_dir="/usr/freebsd-dist/$ARCH/$RELEASE"
 
-mkdir -p "$dist_dir"
+mkdir -p "$dist_dir" "$UFSTARGET"
 for f in $dist_files
 do
 	fetch -m -o "$dist_dir/$f" "$DIST_BASE/$f"
-	tar -C /mnt -xJf "$dist_dir/$f"
+	tar -C "$UFSTARGET" -xJf "$dist_dir/$f"
 done
 
+# Avoid writing temporary files while building
+mount_nullfs /tmp "$UFSTARGET/tmp"
+mount_nullfs /var/tmp "$UFSTARGET/var/tmp"
+
+# Install the first-boot script that configures the network and ssh key
+make -C "$CLSETUP_WORK/" PREFIX="$UFSTARGET/usr/local" install
+
 # Configure new system.
-echo "/dev/gpt/rootfs / ufs rw,noatime 1 1" >/mnt/etc/fstab
-touch /mnt/firstboot
-sysrc -f /mnt/boot/loader.conf autoboot_delay=-1
+printf '# Device\tMountpoint\tFStype\tOptions\t\tDump\tPass#\n' >"$UFSTARGET/etc/fstab"
+touch "$UFSTARGET/firstboot"
+sysrc -f "$UFSTARGET/boot/loader.conf" \
+	zfs_load=YES \
+	autoboot_delay=-1 \
 
-sysrc -f /mnt/etc/rc.conf ntpd_enable=YES sshd_enable=YES growfs_enable=YES hostname=freebsd
+sysrc -f "$UFSTARGET/etc/rc.conf" \
+	ntpd_enable=YES \
+	sshd_enable=YES \
+	growfs_enable=YES \
+	hostname=freebsd \
+	firstboot_clsetup_enable=YES \
 
-cp /etc/resolv.conf /mnt/etc/resolv.conf
-tzsetup -s -C /mnt UTC
+# The resolv.conf file is written by firstboot_clsetup
+#cp /etc/resolv.conf "$UFSTARGET/etc/resolv.conf"
 
-cat >>/mnt/etc/ssh/sshd_config <<EOF
+tzsetup -s -C "$UFSTARGET" UTC
+
+cat >>"$UFSTARGET/etc/ssh/sshd_config" <<EOF
 PermitRootLogin yes
 PasswordAuthentication no
 PermitEmptyPasswords no
 EOF
 
-# It doesn't appear to be necessary to use "latest", "quarterly" is new enough
-#mkdir -p /mnt/usr/local/etc/pkg/repos/
-#sed -es@quarterly@latest@ </mnt/etc/pkg/FreeBSD.conf >/mnt/usr/local/etc/pkg/repos/FreeBSD.conf
-
 # freebsd-update is only supported for RELEASE
-if [ "${release%-RELEASE}" != "$RELEASE" ]
+if printf %s "$RELEASE" | grep -q '.-RELEASE$'
 then
 	env PAGER=true /usr/sbin/freebsd-update \
-		-b /mnt \
+		-b "$UFSTARGET" \
 		--currently-running "$RELEASE" \
 		--not-running-from-cron -F \
 		fetch install
-	rm -rf /mnt/var/db/freebsd-update/*
 fi
+rm -rf "$UFSTARGET/var/db/freebsd-update/"* ||:
 
-env ASSUME_ALWAYS_YES=YES pkg -c /mnt bootstrap -f
-
-fetch -m -o /mnt/one-context.txz "$ONE_CONTEXT_PKG_URL"
-# OpenNebula has dependencies, but these are not included in the package for some reason
-# https://github.com/OpenNebula/addon-context-linux/blob/40efc929487b2955e6f32643853a5cdc93c548da/targets.sh#L25
-# It would be useful to see if there is an alternative to OpenNebula without so many dependencies,
-# so we can run on FreeBSD base, and avoid breaking OpenNebula when the admin removes a dependency.
-env ASSUME_ALWAYS_YES=YES pkg -c /mnt install sudo bash curl base64 ruby open-vm-tools-nox11 gawk virt-what one-context.txz
-env ASSUME_ALWAYS_YES=YES pkg -c /mnt clean --all
-rm /mnt/one-context.txz
+# Set zstd-19 compression, copy all data to the pool, and then set compression to default again
+# This will make the base image smaller, at the cost of taking longer to generate, as zstd-19 is slow to write
+# Therefore, afterwards we restore compression to default, so written files stay zstd-19, which is fast to read,
+# but files written by the user afterwards will be written with the default compression algorihtm.
+zfs set compression=zstd-19 $ZPOOL/ROOT/default
+umount "$UFSTARGET/dev" "$UFSTARGET/tmp" "$UFSTARGET/var/tmp"
+rsync -aH --fileflags --inplace "$UFSTARGET/." "$ZFSTARGET"
+sysrc -f "$UFSTARGET/boot/loader.conf" -x zfs_load
+printf '%s\t%s\t\t%s\t%s\t%s\t%s\n' /dev/gpt/rootfs / ufs rw,noatime 1 1 >>"$UFSTARGET/etc/fstab"
+sync ||:
+zfs inherit compression $ZPOOL/ROOT/default
 
 trap : EXIT
 cleanup
 
 mkdir -p "$ARCH"
-qemu-img convert -f raw -O qcow2 "$disk" "$IMAGE_PATH"
-rm "$disk"
+qemu-img convert -f raw -O qcow2 "$zfsdisk" "$ARCH/$IMAGE_PATH_ZFS"
+qemu-img convert -f raw -O qcow2 "$ufsdisk" "$ARCH/$IMAGE_PATH_UFS"
+rm "$zfsdisk" "$ufsdisk"
 
 # Filesystem will be enlarged by growfs(7) on next startup
-qemu-img resize "$IMAGE_PATH" "$IMAGE_SIZE"
+qemu-img resize "$ARCH/$IMAGE_PATH_ZFS" "$IMAGE_SIZE"
+qemu-img resize "$ARCH/$IMAGE_PATH_UFS" "$IMAGE_SIZE"
diff --git a/opennebula-images/freebsd-zfs-build-opennebula-image.sh b/opennebula-images/freebsd-zfs-build-opennebula-image.sh
deleted file mode 100755
index 39992ce..0000000
--- a/opennebula-images/freebsd-zfs-build-opennebula-image.sh
+++ /dev/null
@@ -1,148 +0,0 @@
-#!/bin/sh
-
-# This script generates FreeBSD images for OpenNebula, being heavily inspired
-# from srht's FreeBSD build image definition. It assumes running on a FreeBSD host.
-# ZFS installation as documented by the FreeBSD project
-# https://wiki.freebsd.org/RootOnZFS/GPTZFSBoot
-
-set -e
-set -x
-
-# XXX: Handle command-line arguments?
-RELEASE=13.0-RELEASE
-ARCH=amd64
-IMAGE_PATH=freebsd-zfs-$RELEASE-$(date -I).img.qcow2
-IMAGE_SIZE=10G
-
-DIST_BASE="https://download.freebsd.org/ftp/releases/$ARCH/$RELEASE"
-ZPOOL=zroot
-
-ONE_CONTEXT_PKG_URL="https://github.com/OpenNebula/addon-context-linux/releases/download/v6.2.0/one-context-6.2.0_1.txz"
-
-if zpool list -Ho name $ZPOOL 2>/dev/null; then
-	echo "The pool $ZPOOL is already imported." >&2
-	exit 1
-fi
-
-cleanup() {
-	sync || true
-	umount /mnt/dev || true
-	zpool export $ZPOOL || true
-	mdconfig -du md0 || true
-}
-trap cleanup EXIT
-
-if [ "$(whoami)" != 'root' ]; then
-	echo "This script must be run as root." >&2
-	exit 1
-fi
-
-env ASSUME_ALWAYS_YES=YES pkg install -y qemu-tools
-
-# Allocate and partition/format disk image.
-# We use "legacy boot", aka BIOS boot
-# Preferably, we'd use EFI boot here, check the FreeBSD wiki link in the header
-# to see how to make that change, but make the EFI partition larger
-disk=$(mktemp)
-truncate -s 6G $disk
-mdconfig -a -t vnode -f $disk -u md0
-gpart create -s gpt /dev/md0
-gpart add -t freebsd-boot -l bootfs -b 40 -s 512K md0
-gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 md0
-gpart add -t freebsd-zfs -l zfs0 -b 1M -s 5G md0
-zpool create -O compression=on -o ashift=12 -o altroot=/mnt -m none $ZPOOL md0p2
-
-zfs create -o mountpoint=none                                  $ZPOOL/ROOT
-# We set zstd-19 so our image will become smaller, at the cost of a longer build time
-# At the end, we remove zstd-19 again, but all files already written will remain zstd-19 compressed
-zfs create -o mountpoint=/ -o canmount=noauto -o compression=zstd-19 $ZPOOL/ROOT/default
-mount -t zfs $ZPOOL/ROOT/default /mnt
-zpool set bootfs=$ZPOOL/ROOT/default $ZPOOL
-
-zfs create -o mountpoint=/tmp  -o exec=on      -o setuid=off   $ZPOOL/tmp
-zfs create -o canmount=off -o mountpoint=/usr                  $ZPOOL/usr
-zfs create                                                     $ZPOOL/usr/home
-zfs create                     -o exec=off     -o setuid=off   $ZPOOL/usr/src
-zfs create -o mountpoint=/usr/ports            -o setuid=off   $ZPOOL/usr/ports
-zfs create -o canmount=off -o mountpoint=/var                  $ZPOOL/var
-zfs create                     -o exec=off     -o setuid=off   $ZPOOL/var/audit
-zfs create                     -o exec=off     -o setuid=off   $ZPOOL/var/crash
-zfs create                     -o exec=off     -o setuid=off   $ZPOOL/var/log
-zfs create -o atime=on         -o exec=off     -o setuid=off   $ZPOOL/var/mail
-zfs create                     -o exec=on      -o setuid=off   $ZPOOL/var/tmp
-
-ln -s /usr/home /mnt/home
-chmod 1777 /mnt/var/tmp
-chmod 1777 /mnt/tmp
-
-# Mount allocated image.
-mkdir -p /mnt/dev
-mount -t devfs devfs /mnt/dev
-
-# Download and extract base system.
-dist_files="kernel.txz base.txz"
-dist_dir="/usr/freebsd-dist/$ARCH/$RELEASE"
-
-mkdir -p "$dist_dir"
-for f in $dist_files
-do
-	fetch -m -o "$dist_dir/$f" "$DIST_BASE/$f"
-	tar -C /mnt -xJf "$dist_dir/$f"
-done
-
-# Configure new system.
-printf '# Device\tMountpoint\tFStype\tOptions\tDump\tPass#\n' >/mnt/etc/fstab
-touch /mnt/firstboot
-sysrc -f /mnt/boot/loader.conf zfs_load=YES autoboot_delay=-1
-
-sysrc -f /mnt/etc/rc.conf ntpd_enable=YES sshd_enable=YES growfs_enable=YES hostname=freebsd
-
-cp /etc/resolv.conf /mnt/etc/resolv.conf
-tzsetup -s -C /mnt UTC
-
-cat >>/mnt/etc/ssh/sshd_config <<EOF
-PermitRootLogin yes
-PasswordAuthentication no
-PermitEmptyPasswords no
-EOF
-
-# It doesn't appear to be necessary to use "latest", "quarterly" is new enough
-#mkdir -p /mnt/usr/local/etc/pkg/repos/
-#sed -es@quarterly@latest@ </mnt/etc/pkg/FreeBSD.conf >/mnt/usr/local/etc/pkg/repos/FreeBSD.conf
-
-# freebsd-update is only supported for RELEASE
-if [ "${release%-RELEASE}" != "$RELEASE" ]
-then
-	env PAGER=true /usr/sbin/freebsd-update \
-		-b /mnt \
-		--currently-running "$RELEASE" \
-		--not-running-from-cron -F \
-		fetch install
-	rm -rf /mnt/var/db/freebsd-update/*
-fi
-
-env ASSUME_ALWAYS_YES=YES pkg -c /mnt bootstrap -f
-
-fetch -m -o /mnt/one-context.txz "$ONE_CONTEXT_PKG_URL"
-# OpenNebula has dependencies, but these are not included in the package for some reason
-# https://github.com/OpenNebula/addon-context-linux/blob/40efc929487b2955e6f32643853a5cdc93c548da/targets.sh#L25
-# It would be useful to see if there is an alternative to OpenNebula without so many dependencies,
-# so we can run on FreeBSD base, and avoid breaking OpenNebula when the admin removes a dependency.
-env ASSUME_ALWAYS_YES=YES pkg -c /mnt install sudo bash curl base64 ruby open-vm-tools-nox11 gawk virt-what one-context.txz
-env ASSUME_ALWAYS_YES=YES pkg -c /mnt clean --all
-rm /mnt/one-context.txz
-
-# Remove zstd-19 again, as it would be too slow for daily use.
-# But all files that were already writtne will remain zstd-19 compressed.
-# zstd-19 is slow to compress but fast to read.
-zfs inherit compression $ZPOOL/ROOT/default
-
-trap : EXIT
-cleanup
-
-mkdir -p "$ARCH"
-qemu-img convert -f raw -O qcow2 "$disk" "$IMAGE_PATH"
-rm "$disk"
-
-# Filesystem will be enlarged by growfs(7) on next startup
-qemu-img resize "$IMAGE_PATH" "$IMAGE_SIZE"

From 2a0b713a78a6d9beaed18e694cda2996518b2657 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B8rn=20=C3=85ne=20de=20Jong?= <git@jornane.no>
Date: Wed, 25 May 2022 10:59:20 +0200
Subject: [PATCH 20/35] Use temporary pool name while installing

This will allow running the script when the OS is already running off
a pool named "zroot".
---
 .../freebsd-build-opennebula-image.sh         | 43 ++++++++++---------
 1 file changed, 22 insertions(+), 21 deletions(-)

diff --git a/opennebula-images/freebsd-build-opennebula-image.sh b/opennebula-images/freebsd-build-opennebula-image.sh
index 4c4d841..5899a6a 100755
--- a/opennebula-images/freebsd-build-opennebula-image.sh
+++ b/opennebula-images/freebsd-build-opennebula-image.sh
@@ -19,13 +19,14 @@ DIST_BASE="https://download.freebsd.org/ftp/releases/$ARCH/$RELEASE"
 CLSETUP_COMMIT=82d7d16ff14e1893f06f39788bb7cd8604284583
 CLSETUP_URL="https://git.sr.ht/~jornane/clsetup/archive/$CLSETUP_COMMIT.tar.gz"
 ZPOOL=zroot
+ZPOOL_TMP="zinstalling"
 
 ZFSTARGET="$(mktemp -d /var/tmp/zfsbuild.XXXXX)"
 UFSTARGET="$(mktemp -d /var/tmp/ufsbuild.XXXXX)"
 CLSETUP_WORK="$(mktemp -d /var/tmp/clsetup.XXXXX)"
 
-if zpool list -Ho name $ZPOOL 2>/dev/null; then
-	echo "The pool $ZPOOL is already imported." >&2
+if zpool list -Ho name $ZPOOL_TMP 2>/dev/null; then
+	echo "The pool $ZPOOL_TMP is already imported." >&2
 	exit 1
 fi
 
@@ -35,7 +36,7 @@ cleanup() {
 	umount "$UFSTARGET/tmp" ||:
 	umount "$UFSTARGET/var/tmp" ||:
 	umount "$UFSTARGET" ||:
-	zpool export $ZPOOL ||:
+	zpool export $ZPOOL_TMP ||:
 	mdconfig -du md0 ||:
 	mdconfig -du md1 ||:
 	rm -rf "$CLSETUP_WORK"
@@ -81,27 +82,27 @@ gpart create -s gpt /dev/md0
 gpart add -t freebsd-boot -l bootfs -b 40 -s 512K md0
 gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 md0
 gpart add -t freebsd-zfs -l zfs0 -b 1M -s 5G md0
-zpool create -O compression=on -o ashift=12 -o altroot="$ZFSTARGET" -m none $ZPOOL md0p2
+zpool create -O compression=on -o ashift=12 -o altroot="$ZFSTARGET" -m none -t $ZPOOL_TMP $ZPOOL md0p2
 
-zfs create -o mountpoint=none                                  $ZPOOL/ROOT
+zfs create -o mountpoint=none                                  $ZPOOL_TMP/ROOT
 # We set zstd-19 so our image will become smaller, at the cost of a longer build time.
 # At the end of the process, we disable zstd-19 again using zfs inherit compression,
 # but all files already written will remain zstd-19 compressed
-zfs create -o mountpoint=/ -o canmount=noauto                  $ZPOOL/ROOT/default
-mount -t zfs $ZPOOL/ROOT/default "$ZFSTARGET"
-zpool set bootfs=$ZPOOL/ROOT/default $ZPOOL
+zfs create -o mountpoint=/ -o canmount=noauto                  $ZPOOL_TMP/ROOT/default
+mount -t zfs $ZPOOL_TMP/ROOT/default "$ZFSTARGET"
+zpool set bootfs=$ZPOOL_TMP/ROOT/default $ZPOOL_TMP
 
-zfs create -o mountpoint=/tmp  -o exec=on      -o setuid=off   $ZPOOL/tmp
-zfs create -o canmount=off -o mountpoint=/usr                  $ZPOOL/usr
-zfs create                                                     $ZPOOL/usr/home
-zfs create                     -o exec=off     -o setuid=off   $ZPOOL/usr/src
-zfs create -o mountpoint=/usr/ports            -o setuid=off   $ZPOOL/usr/ports
-zfs create -o canmount=off -o mountpoint=/var                  $ZPOOL/var
-zfs create                     -o exec=off     -o setuid=off   $ZPOOL/var/audit
-zfs create                     -o exec=off     -o setuid=off   $ZPOOL/var/crash
-zfs create                     -o exec=off     -o setuid=off   $ZPOOL/var/log
-zfs create -o atime=on         -o exec=off     -o setuid=off   $ZPOOL/var/mail
-zfs create                     -o exec=on      -o setuid=off   $ZPOOL/var/tmp
+zfs create -o mountpoint=/tmp  -o exec=on      -o setuid=off   $ZPOOL_TMP/tmp
+zfs create -o canmount=off -o mountpoint=/usr                  $ZPOOL_TMP/usr
+zfs create                                                     $ZPOOL_TMP/usr/home
+zfs create                     -o exec=off     -o setuid=off   $ZPOOL_TMP/usr/src
+zfs create -o mountpoint=/usr/ports            -o setuid=off   $ZPOOL_TMP/usr/ports
+zfs create -o canmount=off -o mountpoint=/var                  $ZPOOL_TMP/var
+zfs create                     -o exec=off     -o setuid=off   $ZPOOL_TMP/var/audit
+zfs create                     -o exec=off     -o setuid=off   $ZPOOL_TMP/var/crash
+zfs create                     -o exec=off     -o setuid=off   $ZPOOL_TMP/var/log
+zfs create -o atime=on         -o exec=off     -o setuid=off   $ZPOOL_TMP/var/mail
+zfs create                     -o exec=on      -o setuid=off   $ZPOOL_TMP/var/tmp
 
 ln -s /usr/home "$ZFSTARGET/home"
 chmod 1777 "$ZFSTARGET/var/tmp"
@@ -169,13 +170,13 @@ rm -rf "$UFSTARGET/var/db/freebsd-update/"* ||:
 # This will make the base image smaller, at the cost of taking longer to generate, as zstd-19 is slow to write
 # Therefore, afterwards we restore compression to default, so written files stay zstd-19, which is fast to read,
 # but files written by the user afterwards will be written with the default compression algorihtm.
-zfs set compression=zstd-19 $ZPOOL/ROOT/default
+zfs set compression=zstd-19 $ZPOOL_TMP/ROOT/default
 umount "$UFSTARGET/dev" "$UFSTARGET/tmp" "$UFSTARGET/var/tmp"
 rsync -aH --fileflags --inplace "$UFSTARGET/." "$ZFSTARGET"
 sysrc -f "$UFSTARGET/boot/loader.conf" -x zfs_load
 printf '%s\t%s\t\t%s\t%s\t%s\t%s\n' /dev/gpt/rootfs / ufs rw,noatime 1 1 >>"$UFSTARGET/etc/fstab"
 sync ||:
-zfs inherit compression $ZPOOL/ROOT/default
+zfs inherit compression $ZPOOL_TMP/ROOT/default
 
 trap : EXIT
 cleanup

From 2b715244381a2958859434f689ed82ea9e2c30d4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B8rn=20=C3=85ne=20de=20Jong?= <git@jornane.no>
Date: Wed, 25 May 2022 11:04:46 +0200
Subject: [PATCH 21/35] Bump clsetup and rename to cloudsetup

---
 .../freebsd-build-opennebula-image.sh            | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/opennebula-images/freebsd-build-opennebula-image.sh b/opennebula-images/freebsd-build-opennebula-image.sh
index 5899a6a..3d0add4 100755
--- a/opennebula-images/freebsd-build-opennebula-image.sh
+++ b/opennebula-images/freebsd-build-opennebula-image.sh
@@ -16,14 +16,14 @@ IMAGE_PATH_UFS=freebsd-ufs-$RELEASE-$(date -I).img.qcow2
 IMAGE_SIZE=10G
 
 DIST_BASE="https://download.freebsd.org/ftp/releases/$ARCH/$RELEASE"
-CLSETUP_COMMIT=82d7d16ff14e1893f06f39788bb7cd8604284583
-CLSETUP_URL="https://git.sr.ht/~jornane/clsetup/archive/$CLSETUP_COMMIT.tar.gz"
+CLOUDSETUP_COMMIT=4ac15b8647d5525048c5faa5fd4b28491905d000
+CLOUDSETUP_URL="https://git.sr.ht/~jornane/cloudsetup/archive/$CLOUDSETUP_COMMIT.tar.gz"
 ZPOOL=zroot
 ZPOOL_TMP="zinstalling"
 
 ZFSTARGET="$(mktemp -d /var/tmp/zfsbuild.XXXXX)"
 UFSTARGET="$(mktemp -d /var/tmp/ufsbuild.XXXXX)"
-CLSETUP_WORK="$(mktemp -d /var/tmp/clsetup.XXXXX)"
+CLOUDSETUP_WORK="$(mktemp -d /var/tmp/cloudsetup.XXXXX)"
 
 if zpool list -Ho name $ZPOOL_TMP 2>/dev/null; then
 	echo "The pool $ZPOOL_TMP is already imported." >&2
@@ -39,7 +39,7 @@ cleanup() {
 	zpool export $ZPOOL_TMP ||:
 	mdconfig -du md0 ||:
 	mdconfig -du md1 ||:
-	rm -rf "$CLSETUP_WORK"
+	rm -rf "$CLOUDSETUP_WORK"
 }
 trap cleanup EXIT
 
@@ -57,7 +57,7 @@ then
 	env ASSUME_ALWAYS_YES=YES pkg install -y qemu-tools
 fi
 
-fetch -qo- "$CLSETUP_URL" | tar -C "$CLSETUP_WORK" --strip-components 1 -xzf-
+fetch -qo- "$CLOUDSETUP_URL" | tar -C "$CLOUDSETUP_WORK" --strip-components 1 -xzf-
 
 ufsdisk=$(mktemp /var/tmp/ufsdisk.XXXXX)
 truncate -s 6G $ufsdisk
@@ -128,7 +128,7 @@ mount_nullfs /tmp "$UFSTARGET/tmp"
 mount_nullfs /var/tmp "$UFSTARGET/var/tmp"
 
 # Install the first-boot script that configures the network and ssh key
-make -C "$CLSETUP_WORK/" PREFIX="$UFSTARGET/usr/local" install
+make -C "$CLOUDSETUP_WORK/" PREFIX="$UFSTARGET/usr/local" install
 
 # Configure new system.
 printf '# Device\tMountpoint\tFStype\tOptions\t\tDump\tPass#\n' >"$UFSTARGET/etc/fstab"
@@ -142,9 +142,9 @@ sysrc -f "$UFSTARGET/etc/rc.conf" \
 	sshd_enable=YES \
 	growfs_enable=YES \
 	hostname=freebsd \
-	firstboot_clsetup_enable=YES \
+	firstboot_cloudsetup_enable=YES \
 
-# The resolv.conf file is written by firstboot_clsetup
+# The resolv.conf file is written by firstboot_cloudsetup
 #cp /etc/resolv.conf "$UFSTARGET/etc/resolv.conf"
 
 tzsetup -s -C "$UFSTARGET" UTC

From 02e273faf442b133da3cdced273351cf3070b90a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B8rn=20=C3=85ne=20de=20Jong?= <git@jornane.no>
Date: Wed, 25 May 2022 12:04:36 +0200
Subject: [PATCH 22/35] Remove target directories on cleanup

---
 opennebula-images/freebsd-build-opennebula-image.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/opennebula-images/freebsd-build-opennebula-image.sh b/opennebula-images/freebsd-build-opennebula-image.sh
index 3d0add4..cb3dc82 100755
--- a/opennebula-images/freebsd-build-opennebula-image.sh
+++ b/opennebula-images/freebsd-build-opennebula-image.sh
@@ -39,7 +39,9 @@ cleanup() {
 	zpool export $ZPOOL_TMP ||:
 	mdconfig -du md0 ||:
 	mdconfig -du md1 ||:
-	rm -rf "$CLOUDSETUP_WORK"
+	rm -rf "$CLOUDSETUP_WORK" ||:
+	rmdir "$ZFSTARGET" ||:
+	rmdir "$UFSTARGET" ||:
 }
 trap cleanup EXIT
 

From 39ff63706406214439271b97125751db6294f105 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B8rn=20=C3=85ne=20de=20Jong?= <git@jornane.no>
Date: Wed, 25 May 2022 12:09:19 +0200
Subject: [PATCH 23/35] Add quotes around variables

---
 .../freebsd-build-opennebula-image.sh         | 56 +++++++++----------
 1 file changed, 28 insertions(+), 28 deletions(-)

diff --git a/opennebula-images/freebsd-build-opennebula-image.sh b/opennebula-images/freebsd-build-opennebula-image.sh
index cb3dc82..a29e5e9 100755
--- a/opennebula-images/freebsd-build-opennebula-image.sh
+++ b/opennebula-images/freebsd-build-opennebula-image.sh
@@ -11,8 +11,8 @@ set -x
 # XXX: Handle command-line arguments?
 RELEASE=13.1-RELEASE
 ARCH=amd64
-IMAGE_PATH_ZFS=freebsd-zfs-$RELEASE-$(date -I).img.qcow2
-IMAGE_PATH_UFS=freebsd-ufs-$RELEASE-$(date -I).img.qcow2
+IMAGE_PATH_ZFS="freebsd-zfs-$RELEASE-$(date -I).img.qcow2"
+IMAGE_PATH_UFS="freebsd-ufs-$RELEASE-$(date -I).img.qcow2"
 IMAGE_SIZE=10G
 
 DIST_BASE="https://download.freebsd.org/ftp/releases/$ARCH/$RELEASE"
@@ -25,7 +25,7 @@ ZFSTARGET="$(mktemp -d /var/tmp/zfsbuild.XXXXX)"
 UFSTARGET="$(mktemp -d /var/tmp/ufsbuild.XXXXX)"
 CLOUDSETUP_WORK="$(mktemp -d /var/tmp/cloudsetup.XXXXX)"
 
-if zpool list -Ho name $ZPOOL_TMP 2>/dev/null; then
+if zpool list -Ho name "$ZPOOL_TMP" 2>/dev/null; then
 	echo "The pool $ZPOOL_TMP is already imported." >&2
 	exit 1
 fi
@@ -36,7 +36,7 @@ cleanup() {
 	umount "$UFSTARGET/tmp" ||:
 	umount "$UFSTARGET/var/tmp" ||:
 	umount "$UFSTARGET" ||:
-	zpool export $ZPOOL_TMP ||:
+	zpool export "$ZPOOL_TMP" ||:
 	mdconfig -du md0 ||:
 	mdconfig -du md1 ||:
 	rm -rf "$CLOUDSETUP_WORK" ||:
@@ -61,9 +61,9 @@ fi
 
 fetch -qo- "$CLOUDSETUP_URL" | tar -C "$CLOUDSETUP_WORK" --strip-components 1 -xzf-
 
-ufsdisk=$(mktemp /var/tmp/ufsdisk.XXXXX)
-truncate -s 6G $ufsdisk
-mdconfig -a -t vnode -f $ufsdisk -u md1
+ufsdisk="$(mktemp /var/tmp/ufsdisk.XXXXX)"
+truncate -s 6G "$ufsdisk"
+mdconfig -a -t vnode -f "$ufsdisk" -u md1
 gpart create -s gpt /dev/md1
 gpart add -t freebsd-boot -l bootfs -b 40 -s 512K md1
 gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 md1
@@ -77,34 +77,34 @@ mount /dev/md1p2 "$UFSTARGET"
 # We use "legacy boot", aka BIOS boot
 # Preferably, we'd use EFI boot here, check the FreeBSD wiki link in the header
 # to see how to make that change, but make the EFI partition larger
-zfsdisk=$(mktemp /var/tmp/zfsdisk.XXXXX)
-truncate -s 6G $zfsdisk
-mdconfig -a -t vnode -f $zfsdisk -u md0
+zfsdisk="$(mktemp /var/tmp/zfsdisk.XXXXX)"
+truncate -s 6G "$zfsdisk"
+mdconfig -a -t vnode -f "$zfsdisk" -u md0
 gpart create -s gpt /dev/md0
 gpart add -t freebsd-boot -l bootfs -b 40 -s 512K md0
 gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 md0
 gpart add -t freebsd-zfs -l zfs0 -b 1M -s 5G md0
-zpool create -O compression=on -o ashift=12 -o altroot="$ZFSTARGET" -m none -t $ZPOOL_TMP $ZPOOL md0p2
+zpool create -O compression=on -o ashift=12 -o "altroot=$ZFSTARGET" -m none -t "$ZPOOL_TMP" "$ZPOOL" md0p2
 
-zfs create -o mountpoint=none                                  $ZPOOL_TMP/ROOT
+zfs create -o mountpoint=none                                  "$ZPOOL_TMP/ROOT"
 # We set zstd-19 so our image will become smaller, at the cost of a longer build time.
 # At the end of the process, we disable zstd-19 again using zfs inherit compression,
 # but all files already written will remain zstd-19 compressed
-zfs create -o mountpoint=/ -o canmount=noauto                  $ZPOOL_TMP/ROOT/default
-mount -t zfs $ZPOOL_TMP/ROOT/default "$ZFSTARGET"
-zpool set bootfs=$ZPOOL_TMP/ROOT/default $ZPOOL_TMP
+zfs create -o mountpoint=/ -o canmount=noauto                  "$ZPOOL_TMP/ROOT/default"
+mount -t zfs "$ZPOOL_TMP/ROOT/default" "$ZFSTARGET"
+zpool set "bootfs=$ZPOOL_TMP/ROOT/default" "$ZPOOL_TMP"
 
-zfs create -o mountpoint=/tmp  -o exec=on      -o setuid=off   $ZPOOL_TMP/tmp
-zfs create -o canmount=off -o mountpoint=/usr                  $ZPOOL_TMP/usr
-zfs create                                                     $ZPOOL_TMP/usr/home
-zfs create                     -o exec=off     -o setuid=off   $ZPOOL_TMP/usr/src
-zfs create -o mountpoint=/usr/ports            -o setuid=off   $ZPOOL_TMP/usr/ports
-zfs create -o canmount=off -o mountpoint=/var                  $ZPOOL_TMP/var
-zfs create                     -o exec=off     -o setuid=off   $ZPOOL_TMP/var/audit
-zfs create                     -o exec=off     -o setuid=off   $ZPOOL_TMP/var/crash
-zfs create                     -o exec=off     -o setuid=off   $ZPOOL_TMP/var/log
-zfs create -o atime=on         -o exec=off     -o setuid=off   $ZPOOL_TMP/var/mail
-zfs create                     -o exec=on      -o setuid=off   $ZPOOL_TMP/var/tmp
+zfs create -o mountpoint=/tmp  -o exec=on      -o setuid=off   "$ZPOOL_TMP/tmp"
+zfs create -o canmount=off -o mountpoint=/usr                  "$ZPOOL_TMP/usr"
+zfs create                                                     "$ZPOOL_TMP/usr/home"
+zfs create                     -o exec=off     -o setuid=off   "$ZPOOL_TMP/usr/src"
+zfs create -o mountpoint=/usr/ports            -o setuid=off   "$ZPOOL_TMP/usr/ports"
+zfs create -o canmount=off -o mountpoint=/var                  "$ZPOOL_TMP/var"
+zfs create                     -o exec=off     -o setuid=off   "$ZPOOL_TMP/var/audit"
+zfs create                     -o exec=off     -o setuid=off   "$ZPOOL_TMP/var/crash"
+zfs create                     -o exec=off     -o setuid=off   "$ZPOOL_TMP/var/log"
+zfs create -o atime=on         -o exec=off     -o setuid=off   "$ZPOOL_TMP/var/mail"
+zfs create                     -o exec=on      -o setuid=off   "$ZPOOL_TMP/var/tmp"
 
 ln -s /usr/home "$ZFSTARGET/home"
 chmod 1777 "$ZFSTARGET/var/tmp"
@@ -172,13 +172,13 @@ rm -rf "$UFSTARGET/var/db/freebsd-update/"* ||:
 # This will make the base image smaller, at the cost of taking longer to generate, as zstd-19 is slow to write
 # Therefore, afterwards we restore compression to default, so written files stay zstd-19, which is fast to read,
 # but files written by the user afterwards will be written with the default compression algorihtm.
-zfs set compression=zstd-19 $ZPOOL_TMP/ROOT/default
+zfs set compression=zstd-19 "$ZPOOL_TMP/ROOT/default"
 umount "$UFSTARGET/dev" "$UFSTARGET/tmp" "$UFSTARGET/var/tmp"
 rsync -aH --fileflags --inplace "$UFSTARGET/." "$ZFSTARGET"
 sysrc -f "$UFSTARGET/boot/loader.conf" -x zfs_load
 printf '%s\t%s\t\t%s\t%s\t%s\t%s\n' /dev/gpt/rootfs / ufs rw,noatime 1 1 >>"$UFSTARGET/etc/fstab"
 sync ||:
-zfs inherit compression $ZPOOL_TMP/ROOT/default
+zfs inherit compression "$ZPOOL_TMP/ROOT/default"
 
 trap : EXIT
 cleanup

From 906754e8413457df72df7935bc934a8d684bd204 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B8rn=20=C3=85ne=20de=20Jong?= <git@jornane.no>
Date: Fri, 27 May 2022 22:04:42 +0200
Subject: [PATCH 24/35] Prepare for later EFI boot

---
 .../freebsd-build-opennebula-image.sh              | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/opennebula-images/freebsd-build-opennebula-image.sh b/opennebula-images/freebsd-build-opennebula-image.sh
index a29e5e9..3081154 100755
--- a/opennebula-images/freebsd-build-opennebula-image.sh
+++ b/opennebula-images/freebsd-build-opennebula-image.sh
@@ -65,7 +65,8 @@ ufsdisk="$(mktemp /var/tmp/ufsdisk.XXXXX)"
 truncate -s 6G "$ufsdisk"
 mdconfig -a -t vnode -f "$ufsdisk" -u md1
 gpart create -s gpt /dev/md1
-gpart add -t freebsd-boot -l bootfs -b 40 -s 512K md1
+#gpart add -t efi -l efiboot0 -s 260M md1
+gpart add -t freebsd-boot -l gptboot0 -b 40 -s 512K md1
 gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 md1
 gpart add -t freebsd-ufs -l rootfs -b 1M -s 5G md1
 newfs -U /dev/md1p2
@@ -81,7 +82,8 @@ zfsdisk="$(mktemp /var/tmp/zfsdisk.XXXXX)"
 truncate -s 6G "$zfsdisk"
 mdconfig -a -t vnode -f "$zfsdisk" -u md0
 gpart create -s gpt /dev/md0
-gpart add -t freebsd-boot -l bootfs -b 40 -s 512K md0
+#gpart add -t efi -l efiboot0 -s 260M md1
+gpart add -t freebsd-boot -l gptboot0 -b 40 -s 512K md0
 gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 md0
 gpart add -t freebsd-zfs -l zfs0 -b 1M -s 5G md0
 zpool create -O compression=on -o ashift=12 -o "altroot=$ZFSTARGET" -m none -t "$ZPOOL_TMP" "$ZPOOL" md0p2
@@ -133,7 +135,6 @@ mount_nullfs /var/tmp "$UFSTARGET/var/tmp"
 make -C "$CLOUDSETUP_WORK/" PREFIX="$UFSTARGET/usr/local" install
 
 # Configure new system.
-printf '# Device\tMountpoint\tFStype\tOptions\t\tDump\tPass#\n' >"$UFSTARGET/etc/fstab"
 touch "$UFSTARGET/firstboot"
 sysrc -f "$UFSTARGET/boot/loader.conf" \
 	zfs_load=YES \
@@ -175,8 +176,13 @@ rm -rf "$UFSTARGET/var/db/freebsd-update/"* ||:
 zfs set compression=zstd-19 "$ZPOOL_TMP/ROOT/default"
 umount "$UFSTARGET/dev" "$UFSTARGET/tmp" "$UFSTARGET/var/tmp"
 rsync -aH --fileflags --inplace "$UFSTARGET/." "$ZFSTARGET"
+
 sysrc -f "$UFSTARGET/boot/loader.conf" -x zfs_load
-printf '%s\t%s\t\t%s\t%s\t%s\t%s\n' /dev/gpt/rootfs / ufs rw,noatime 1 1 >>"$UFSTARGET/etc/fstab"
+printf '# Device\tMountpoint\tFStype\tOptions\t\tDump\tPass#\n' \
+	>"$ZFSTARGET/etc/fstab"
+printf '# Device\tMountpoint\tFStype\tOptions\t\tDump\tPass#\n%s\t%s\t\t%s\t%s\t%s\t%s\n' \
+	/dev/gpt/rootfs / ufs rw,noatime 1 1 \
+	>"$UFSTARGET/etc/fstab"
 sync ||:
 zfs inherit compression "$ZPOOL_TMP/ROOT/default"
 

From c9353f173622002fe9e21e28c11b97daa1d79ca4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B8rn=20=C3=85ne=20de=20Jong?= <git@jornane.no>
Date: Fri, 27 May 2022 22:13:42 +0200
Subject: [PATCH 25/35] Install firstboot script through ports

---
 .../freebsd-build-opennebula-image.sh         | 22 ++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/opennebula-images/freebsd-build-opennebula-image.sh b/opennebula-images/freebsd-build-opennebula-image.sh
index 3081154..d801698 100755
--- a/opennebula-images/freebsd-build-opennebula-image.sh
+++ b/opennebula-images/freebsd-build-opennebula-image.sh
@@ -16,14 +16,11 @@ IMAGE_PATH_UFS="freebsd-ufs-$RELEASE-$(date -I).img.qcow2"
 IMAGE_SIZE=10G
 
 DIST_BASE="https://download.freebsd.org/ftp/releases/$ARCH/$RELEASE"
-CLOUDSETUP_COMMIT=4ac15b8647d5525048c5faa5fd4b28491905d000
-CLOUDSETUP_URL="https://git.sr.ht/~jornane/cloudsetup/archive/$CLOUDSETUP_COMMIT.tar.gz"
 ZPOOL=zroot
 ZPOOL_TMP="zinstalling"
 
 ZFSTARGET="$(mktemp -d /var/tmp/zfsbuild.XXXXX)"
 UFSTARGET="$(mktemp -d /var/tmp/ufsbuild.XXXXX)"
-CLOUDSETUP_WORK="$(mktemp -d /var/tmp/cloudsetup.XXXXX)"
 
 if zpool list -Ho name "$ZPOOL_TMP" 2>/dev/null; then
 	echo "The pool $ZPOOL_TMP is already imported." >&2
@@ -59,7 +56,18 @@ then
 	env ASSUME_ALWAYS_YES=YES pkg install -y qemu-tools
 fi
 
-fetch -qo- "$CLOUDSETUP_URL" | tar -C "$CLOUDSETUP_WORK" --strip-components 1 -xzf-
+portsnap fetch
+if [ -f /usr/ports/README ]
+then
+	portsnap update || portsnap extract
+else
+	portsnap extract
+fi
+make -C /usr/ports/sysutils/firstboot-cloudsetup clean package
+CLOUDSETUP_VERSION="$(fgrep VERSION /usr/ports/sysutils/firstboot-cloudsetup/Makefile | cut -f2- | tr -d \\t)"
+CLOUDSETUP_PKG="/usr/ports/sysutils/firstboot-cloudsetup/work/pkg/firstboot-cloudsetup-${CLOUDSETUP_VERSION}.pkg"
+tar -tzf "$CLOUDSETUP_PKG" >/dev/null # check that it's a valid tar, or we crash due to set -e
+# tar -t lists the contents of a tar file, but does not extract
 
 ufsdisk="$(mktemp /var/tmp/ufsdisk.XXXXX)"
 truncate -s 6G "$ufsdisk"
@@ -132,7 +140,11 @@ mount_nullfs /tmp "$UFSTARGET/tmp"
 mount_nullfs /var/tmp "$UFSTARGET/var/tmp"
 
 # Install the first-boot script that configures the network and ssh key
-make -C "$CLOUDSETUP_WORK/" PREFIX="$UFSTARGET/usr/local" install
+# We must use --rootdir and not --chroot, because the file is read from within the chroot
+# --automatic means that the package is considered to be installed "automatically",
+# aka as a dependency of something, so pkg autoremove will remove it.
+# We do not run pkg autoremove ourselves, that's up to the administrator.
+pkg --rootdir "$UFSTARGET" add --automatic "$CLOUDSETUP_PKG"
 
 # Configure new system.
 touch "$UFSTARGET/firstboot"

From d3369d321afa101279270c6aa5acd84b7046c335 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B8rn=20=C3=85ne=20de=20Jong?= <git@jornane.no>
Date: Sun, 29 May 2022 16:29:01 +0200
Subject: [PATCH 26/35] Rename gptboot0 to gptboot on single-disk UFS

---
 opennebula-images/freebsd-build-opennebula-image.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/opennebula-images/freebsd-build-opennebula-image.sh b/opennebula-images/freebsd-build-opennebula-image.sh
index d801698..8051921 100755
--- a/opennebula-images/freebsd-build-opennebula-image.sh
+++ b/opennebula-images/freebsd-build-opennebula-image.sh
@@ -74,7 +74,7 @@ truncate -s 6G "$ufsdisk"
 mdconfig -a -t vnode -f "$ufsdisk" -u md1
 gpart create -s gpt /dev/md1
 #gpart add -t efi -l efiboot0 -s 260M md1
-gpart add -t freebsd-boot -l gptboot0 -b 40 -s 512K md1
+gpart add -t freebsd-boot -l gptboot -b 40 -s 512K md1
 gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 md1
 gpart add -t freebsd-ufs -l rootfs -b 1M -s 5G md1
 newfs -U /dev/md1p2

From a4daf87a3497d4d85a02eb473afe3ec51e1fd8da Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B8rn=20=C3=85ne=20de=20Jong?= <git@jornane.no>
Date: Sun, 29 May 2022 16:29:43 +0200
Subject: [PATCH 27/35] Make cloudsetup version overrideable

This is useful for applying hotfixes before the updated port lands in
FreeBSD ports.
---
 opennebula-images/freebsd-build-opennebula-image.sh | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/opennebula-images/freebsd-build-opennebula-image.sh b/opennebula-images/freebsd-build-opennebula-image.sh
index 8051921..5161cbd 100755
--- a/opennebula-images/freebsd-build-opennebula-image.sh
+++ b/opennebula-images/freebsd-build-opennebula-image.sh
@@ -15,6 +15,10 @@ IMAGE_PATH_ZFS="freebsd-zfs-$RELEASE-$(date -I).img.qcow2"
 IMAGE_PATH_UFS="freebsd-ufs-$RELEASE-$(date -I).img.qcow2"
 IMAGE_SIZE=10G
 
+# Comment out to simply use latest version
+# Hash checking is disabled when specifying this
+CLOUDSETUP_VERSION=1.1
+
 DIST_BASE="https://download.freebsd.org/ftp/releases/$ARCH/$RELEASE"
 ZPOOL=zroot
 ZPOOL_TMP="zinstalling"
@@ -63,6 +67,12 @@ then
 else
 	portsnap extract
 fi
+
+if [ -n "$CLOUDSETUP_VERSION" ]
+then
+	sed -i .bak -e '/^PORTVERSION=/ s/[0-9]*\.[0-9]*/'"$CLOUDSETUP_VERSION/" /usr/ports/sysutils/firstboot-cloudsetup/Makefile
+	make -C /usr/ports/sysutils/firstboot-cloudsetup makesum
+fi
 make -C /usr/ports/sysutils/firstboot-cloudsetup clean package
 CLOUDSETUP_VERSION="$(fgrep VERSION /usr/ports/sysutils/firstboot-cloudsetup/Makefile | cut -f2- | tr -d \\t)"
 CLOUDSETUP_PKG="/usr/ports/sysutils/firstboot-cloudsetup/work/pkg/firstboot-cloudsetup-${CLOUDSETUP_VERSION}.pkg"

From d35d04801ad288941a310d58f5e80628006a98cc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B8rn=20=C3=85ne=20de=20Jong?= <git@jornane.no>
Date: Sun, 29 May 2022 17:17:42 +0200
Subject: [PATCH 28/35] Run freebsd-update at first boot instead of build

Since the image probably isn't going to be rebuild that often,
it's better to update at first boot, even though that will take longer.
---
 .../freebsd-build-opennebula-image.sh         | 19 +++++++------------
 1 file changed, 7 insertions(+), 12 deletions(-)

diff --git a/opennebula-images/freebsd-build-opennebula-image.sh b/opennebula-images/freebsd-build-opennebula-image.sh
index 5161cbd..d94bb81 100755
--- a/opennebula-images/freebsd-build-opennebula-image.sh
+++ b/opennebula-images/freebsd-build-opennebula-image.sh
@@ -79,6 +79,11 @@ CLOUDSETUP_PKG="/usr/ports/sysutils/firstboot-cloudsetup/work/pkg/firstboot-clou
 tar -tzf "$CLOUDSETUP_PKG" >/dev/null # check that it's a valid tar, or we crash due to set -e
 # tar -t lists the contents of a tar file, but does not extract
 
+make -C /usr/ports/sysutils/firstboot-freebsd-update clean package
+FBUPDATE_VERSION="$(fgrep VERSION /usr/ports/sysutils/firstboot-freebsd-update/Makefile | cut -f2- | tr -d \\t)"
+FBUPDATE_PKG="/usr/ports/sysutils/firstboot-freebsd-update/work/pkg/firstboot-freebsd-update-${FBUPDATE_VERSION}.pkg"
+tar -tzf "$FBUPDATE_PKG" >/dev/null # check that it's a valid tar, or we crash due to set -e
+
 ufsdisk="$(mktemp /var/tmp/ufsdisk.XXXXX)"
 truncate -s 6G "$ufsdisk"
 mdconfig -a -t vnode -f "$ufsdisk" -u md1
@@ -154,7 +159,7 @@ mount_nullfs /var/tmp "$UFSTARGET/var/tmp"
 # --automatic means that the package is considered to be installed "automatically",
 # aka as a dependency of something, so pkg autoremove will remove it.
 # We do not run pkg autoremove ourselves, that's up to the administrator.
-pkg --rootdir "$UFSTARGET" add --automatic "$CLOUDSETUP_PKG"
+pkg --rootdir "$UFSTARGET" add --automatic "$CLOUDSETUP_PKG" "$FBUPDATE_PKG"
 
 # Configure new system.
 touch "$UFSTARGET/firstboot"
@@ -168,6 +173,7 @@ sysrc -f "$UFSTARGET/etc/rc.conf" \
 	growfs_enable=YES \
 	hostname=freebsd \
 	firstboot_cloudsetup_enable=YES \
+	firstboot_freebsd_update_enable=YES \
 
 # The resolv.conf file is written by firstboot_cloudsetup
 #cp /etc/resolv.conf "$UFSTARGET/etc/resolv.conf"
@@ -180,17 +186,6 @@ PasswordAuthentication no
 PermitEmptyPasswords no
 EOF
 
-# freebsd-update is only supported for RELEASE
-if printf %s "$RELEASE" | grep -q '.-RELEASE$'
-then
-	env PAGER=true /usr/sbin/freebsd-update \
-		-b "$UFSTARGET" \
-		--currently-running "$RELEASE" \
-		--not-running-from-cron -F \
-		fetch install
-fi
-rm -rf "$UFSTARGET/var/db/freebsd-update/"* ||:
-
 # Set zstd-19 compression, copy all data to the pool, and then set compression to default again
 # This will make the base image smaller, at the cost of taking longer to generate, as zstd-19 is slow to write
 # Therefore, afterwards we restore compression to default, so written files stay zstd-19, which is fast to read,

From 03aee8ad688a6f6526ae8a3a2ec7c273ec5f1e6d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B8rn=20=C3=85ne=20de=20Jong?= <git@jornane.no>
Date: Sun, 29 May 2022 17:18:35 +0200
Subject: [PATCH 29/35] Mount dev after tarbombing

---
 opennebula-images/freebsd-build-opennebula-image.sh | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/opennebula-images/freebsd-build-opennebula-image.sh b/opennebula-images/freebsd-build-opennebula-image.sh
index d94bb81..31d9e8c 100755
--- a/opennebula-images/freebsd-build-opennebula-image.sh
+++ b/opennebula-images/freebsd-build-opennebula-image.sh
@@ -135,22 +135,19 @@ ln -s /usr/home "$ZFSTARGET/home"
 chmod 1777 "$ZFSTARGET/var/tmp"
 chmod 1777 "$ZFSTARGET/tmp"
 
-# Mount dev in chroot
-mkdir -p "$UFSTARGET/dev"
-mount -t devfs devfs "$UFSTARGET/dev"
-
 # Download and extract base system.
 dist_files="kernel.txz base.txz"
 dist_dir="/usr/freebsd-dist/$ARCH/$RELEASE"
 
-mkdir -p "$dist_dir" "$UFSTARGET"
+mkdir -p "$dist_dir"
 for f in $dist_files
 do
 	fetch -m -o "$dist_dir/$f" "$DIST_BASE/$f"
 	tar -C "$UFSTARGET" -xJf "$dist_dir/$f"
 done
 
-# Avoid writing temporary files while building
+# Mount dev and tmp in chroot
+mount -t devfs devfs "$UFSTARGET/dev"
 mount_nullfs /tmp "$UFSTARGET/tmp"
 mount_nullfs /var/tmp "$UFSTARGET/var/tmp"
 

From b14fa3db427ba382a612121d72e032644e1dffed Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B8rn=20=C3=85ne=20de=20Jong?= <git@jornane.no>
Date: Mon, 30 May 2022 16:19:37 +0200
Subject: [PATCH 30/35] Hotfix the pkg-plist file for the cloudsetup port

---
 opennebula-images/freebsd-build-opennebula-image.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/opennebula-images/freebsd-build-opennebula-image.sh b/opennebula-images/freebsd-build-opennebula-image.sh
index 31d9e8c..87f4215 100755
--- a/opennebula-images/freebsd-build-opennebula-image.sh
+++ b/opennebula-images/freebsd-build-opennebula-image.sh
@@ -71,6 +71,7 @@ fi
 if [ -n "$CLOUDSETUP_VERSION" ]
 then
 	sed -i .bak -e '/^PORTVERSION=/ s/[0-9]*\.[0-9]*/'"$CLOUDSETUP_VERSION/" /usr/ports/sysutils/firstboot-cloudsetup/Makefile
+	echo '%%DATADIR%%/userconf-getent.sh' >> /usr/ports/sysutils/firstboot-cloudsetup/pkg-plist
 	make -C /usr/ports/sysutils/firstboot-cloudsetup makesum
 fi
 make -C /usr/ports/sysutils/firstboot-cloudsetup clean package

From beb967c1963b274d96dba76145ad31936bca00d0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B8rn=20=C3=85ne=20de=20Jong?= <git@jornane.no>
Date: Mon, 30 May 2022 20:39:10 +0200
Subject: [PATCH 31/35] Update cloudsetup to 1.2

---
 opennebula-images/freebsd-build-opennebula-image.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/opennebula-images/freebsd-build-opennebula-image.sh b/opennebula-images/freebsd-build-opennebula-image.sh
index 87f4215..5ff345c 100755
--- a/opennebula-images/freebsd-build-opennebula-image.sh
+++ b/opennebula-images/freebsd-build-opennebula-image.sh
@@ -17,7 +17,7 @@ IMAGE_SIZE=10G
 
 # Comment out to simply use latest version
 # Hash checking is disabled when specifying this
-CLOUDSETUP_VERSION=1.1
+CLOUDSETUP_VERSION=1.2
 
 DIST_BASE="https://download.freebsd.org/ftp/releases/$ARCH/$RELEASE"
 ZPOOL=zroot

From 84daa8eca4ba32d6a7b854f2902779efe756c911 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B8rn=20=C3=85ne=20de=20Jong?= <git@jornane.no>
Date: Thu, 2 Jun 2022 20:55:19 +0200
Subject: [PATCH 32/35] Set PermitRootLogin without-password

This replaces the PermitRootLogin yes + PasswordAuthentication no construction.
---
 .../freebsd-build-opennebula-image.sh            | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/opennebula-images/freebsd-build-opennebula-image.sh b/opennebula-images/freebsd-build-opennebula-image.sh
index 5ff345c..a63bba2 100755
--- a/opennebula-images/freebsd-build-opennebula-image.sh
+++ b/opennebula-images/freebsd-build-opennebula-image.sh
@@ -178,11 +178,19 @@ sysrc -f "$UFSTARGET/etc/rc.conf" \
 
 tzsetup -s -C "$UFSTARGET" UTC
 
-cat >>"$UFSTARGET/etc/ssh/sshd_config" <<EOF
-PermitRootLogin yes
-PasswordAuthentication no
-PermitEmptyPasswords no
+# Add PermitRootLogin without-password, unless PermitRootLogin yes was already set
+sed -i .orig -e '/^#PermitRootLogin[[:blank:]]/a\
+PermitRootLogin without-password
+' -e '/^PermitRootLogin[[:blank:]]*no/ s/\([[:blank:]]\).*$/\1without-password/' \
+	"$UFSTARGET/etc/ssh/sshd_config"
+if ! grep -Eq '^PermitRootLogin (without-password|yes)' "$UFSTARGET/etc/ssh/sshd_config"
+then
+	cat >>"$UFSTARGET/etc/ssh/sshd_config" <<EOF
+
+# Added by Ungleich
+PermitRootLogin without-password
 EOF
+fi
 
 # Set zstd-19 compression, copy all data to the pool, and then set compression to default again
 # This will make the base image smaller, at the cost of taking longer to generate, as zstd-19 is slow to write

From ac6a724d0483f04eda5db0c130f0d4e96e964a34 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B8rn=20=C3=85ne=20de=20Jong?= <git@jornane.no>
Date: Wed, 8 Jun 2022 18:43:24 +0200
Subject: [PATCH 33/35] Vanity: use quotes as in rc.conf

---
 .../freebsd-build-opennebula-image.sh            | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/opennebula-images/freebsd-build-opennebula-image.sh b/opennebula-images/freebsd-build-opennebula-image.sh
index a63bba2..cca57a7 100755
--- a/opennebula-images/freebsd-build-opennebula-image.sh
+++ b/opennebula-images/freebsd-build-opennebula-image.sh
@@ -162,16 +162,16 @@ pkg --rootdir "$UFSTARGET" add --automatic "$CLOUDSETUP_PKG" "$FBUPDATE_PKG"
 # Configure new system.
 touch "$UFSTARGET/firstboot"
 sysrc -f "$UFSTARGET/boot/loader.conf" \
-	zfs_load=YES \
-	autoboot_delay=-1 \
+	zfs_load="YES" \
+	autoboot_delay="-1" \
 
 sysrc -f "$UFSTARGET/etc/rc.conf" \
-	ntpd_enable=YES \
-	sshd_enable=YES \
-	growfs_enable=YES \
-	hostname=freebsd \
-	firstboot_cloudsetup_enable=YES \
-	firstboot_freebsd_update_enable=YES \
+	ntpd_enable="YES" \
+	sshd_enable="YES" \
+	growfs_enable="YES" \
+	hostname="freebsd" \
+	firstboot_cloudsetup_enable="YES" \
+	firstboot_freebsd_update_enable="YES" \
 
 # The resolv.conf file is written by firstboot_cloudsetup
 #cp /etc/resolv.conf "$UFSTARGET/etc/resolv.conf"

From 9266f02268a1a91d5cd1b3154f7ac8b5e8354cfe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B8rn=20=C3=85ne=20de=20Jong?= <git@jornane.no>
Date: Sat, 11 Jun 2022 22:00:10 +0200
Subject: [PATCH 34/35] cloudsetup 1.2 is now in ports, no need to override
 anymore

---
 opennebula-images/freebsd-build-opennebula-image.sh | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/opennebula-images/freebsd-build-opennebula-image.sh b/opennebula-images/freebsd-build-opennebula-image.sh
index cca57a7..b77e68c 100755
--- a/opennebula-images/freebsd-build-opennebula-image.sh
+++ b/opennebula-images/freebsd-build-opennebula-image.sh
@@ -17,7 +17,7 @@ IMAGE_SIZE=10G
 
 # Comment out to simply use latest version
 # Hash checking is disabled when specifying this
-CLOUDSETUP_VERSION=1.2
+#CLOUDSETUP_VERSION=1.2
 
 DIST_BASE="https://download.freebsd.org/ftp/releases/$ARCH/$RELEASE"
 ZPOOL=zroot
@@ -71,7 +71,6 @@ fi
 if [ -n "$CLOUDSETUP_VERSION" ]
 then
 	sed -i .bak -e '/^PORTVERSION=/ s/[0-9]*\.[0-9]*/'"$CLOUDSETUP_VERSION/" /usr/ports/sysutils/firstboot-cloudsetup/Makefile
-	echo '%%DATADIR%%/userconf-getent.sh' >> /usr/ports/sysutils/firstboot-cloudsetup/pkg-plist
 	make -C /usr/ports/sysutils/firstboot-cloudsetup makesum
 fi
 make -C /usr/ports/sysutils/firstboot-cloudsetup clean package

From a1cad581b9ab194fc4216301f1d42d7b61d0cbe5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B8rn=20=C3=85ne=20de=20Jong?= <git@jornane.no>
Date: Sat, 11 Jun 2022 22:00:22 +0200
Subject: [PATCH 35/35] Add zfs_enable to rc.conf

---
 opennebula-images/freebsd-build-opennebula-image.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/opennebula-images/freebsd-build-opennebula-image.sh b/opennebula-images/freebsd-build-opennebula-image.sh
index b77e68c..bf3f06c 100755
--- a/opennebula-images/freebsd-build-opennebula-image.sh
+++ b/opennebula-images/freebsd-build-opennebula-image.sh
@@ -165,6 +165,7 @@ sysrc -f "$UFSTARGET/boot/loader.conf" \
 	autoboot_delay="-1" \
 
 sysrc -f "$UFSTARGET/etc/rc.conf" \
+	zfs_enable="YES" \
 	ntpd_enable="YES" \
 	sshd_enable="YES" \
 	growfs_enable="YES" \
@@ -200,6 +201,7 @@ umount "$UFSTARGET/dev" "$UFSTARGET/tmp" "$UFSTARGET/var/tmp"
 rsync -aH --fileflags --inplace "$UFSTARGET/." "$ZFSTARGET"
 
 sysrc -f "$UFSTARGET/boot/loader.conf" -x zfs_load
+sysrc -f "$UFSTARGET/etc/rc.conf" -x zfs_enable
 printf '# Device\tMountpoint\tFStype\tOptions\t\tDump\tPass#\n' \
 	>"$ZFSTARGET/etc/fstab"
 printf '# Device\tMountpoint\tFStype\tOptions\t\tDump\tPass#\n%s\t%s\t\t%s\t%s\t%s\t%s\n' \