From e26682aa3b9bc769ca600a585956826d5464c6b1 Mon Sep 17 00:00:00 2001 From: Lu Qiuwen Date: Sat, 8 May 2021 16:58:45 +0800 Subject: [PATCH] =?UTF-8?q?=E8=B0=83=E6=95=B4=E7=9B=AE=E5=BD=95=E7=BB=93?= =?UTF-8?q?=E6=9E=84=EF=BC=8C=E5=8F=82=E6=95=B0=E5=8C=96=E9=83=A8=E5=88=86?= =?UTF-8?q?=E5=85=B3=E9=94=AE=E8=84=9A=E6=9C=AC=E5=8F=98=E9=87=8F=EF=BC=8C?= =?UTF-8?q?=E6=94=AF=E6=8C=81=E5=A4=9A=E7=A7=8D=E8=AE=BE=E5=A4=87=E5=9B=BA?= =?UTF-8?q?=E4=BB=B6=E7=BC=96=E8=AF=91=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitignore | 2 + Makefile | 51 ++++++++++++ conf/yum.conf | 47 +++++++++++ cook-bits.sh | 88 -------------------- installer/install.sh | 8 +- make/Makefile.9000NPBP01R01 | 59 +++++++++++++ mkimage-yum.sh | 110 ------------------------- tools/cook-bits | 54 ++++++++++++ tools/mk-base-image | 61 ++++++++++++++ sharch_body.sh => tools/sharch_body.sh | 0 10 files changed, 278 insertions(+), 202 deletions(-) create mode 100644 .gitignore create mode 100644 Makefile create mode 100644 conf/yum.conf delete mode 100755 cook-bits.sh create mode 100644 make/Makefile.9000NPBP01R01 delete mode 100755 mkimage-yum.sh create mode 100755 tools/cook-bits create mode 100755 tools/mk-base-image rename sharch_body.sh => tools/sharch_body.sh (100%) diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..10561bd6 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +build/ +.vscode \ No newline at end of file diff --git a/Makefile b/Makefile new file mode 100644 index 00000000..6da144e8 --- /dev/null +++ b/Makefile @@ -0,0 +1,51 @@ +#------------------------------------------------------------------------------- +# +# Copyright (C) 2020 Lu Qiuwen +# SPDX-License-Identifier: GPL-2.0 +# +# Builds the TSG-OS (Tiango Security Gateway OS) install images + +# Don't move this, it must be in FRONT of any included makefiles + + +THIS_MAKEFILE = $(realpath $(firstword $(MAKEFILE_LIST))) +SHELL = bash + +V ?= 0 +Q = @ +ifneq ($V,0) + Q = +endif + +PATCHDIR = $(realpath ./patches) +UPSTREAMDIR = $(realpath ./upstream) +CONFDIR = $(realpath ./conf) +TOOLSDIR = $(realpath ./tools) +INSTALLERDIR = $(realpath ./installer) + +PROJECTDIR = $(abspath ) +BUILDDIR_BASE = $(abspath ./build) +IMAGEDIR_BASE = $(BUILDDIR)/images + +OS_RELEASE_VER = 20.04.1 + +ifndef PROFILE_LIST +PROFILE_LIST := 9000NPBP01R01 +endif + +export TOOLSDIR +export CONFDIR +export INSTALLERDIR +export PROJECTDIR +export BUILDDIR_BASE +export IMAGEDIR_BASE +export OS_RELEASE_VER + +.PHONY: all clean $(PROFILE_LIST) + +all: $(PROFILE_LIST) + $(Q) echo "=== Building $< $(OS_RELEASE_VER) ===" + $(Q) $(MAKE) -f make/Makefile.$< all + +clean: $(PROFILE_LIST) + $(Q) echo "=== Finished making $@ for $(PLATFORM) ===" \ No newline at end of file diff --git a/conf/yum.conf b/conf/yum.conf new file mode 100644 index 00000000..86c0d183 --- /dev/null +++ b/conf/yum.conf @@ -0,0 +1,47 @@ +[main] +cachedir=/var/cache/yum/x86_64/7 +keepcache=0 +debuglevel=2 +logfile=/var/log/yum.log +exactarch=1 +obsoletes=1 +gpgcheck=1 +plugins=1 +installonly_limit=5 +distroverpkg=centos-release +reposdir=./ + +[base] +name=CentOS-7 - Base - mirrors.aliyun.com +failovermethod=priority +baseurl=http://mirrors.aliyun.com/centos/7/os/x86_64/ + http://mirrors.aliyuncs.com/centos/7/os/x86_64/ + http://mirrors.cloud.aliyuncs.com/centos/7/os/x86_64/ +gpgcheck=1 +gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 + +[updates] +name=CentOS-7 - Updates - mirrors.aliyun.com +failovermethod=priority +baseurl=http://mirrors.aliyun.com/centos/7/updates/x86_64/ + http://mirrors.aliyuncs.com/centos/7/updates/x86_64/ + http://mirrors.cloud.aliyuncs.com/centos/7/updates/x86_64/ +gpgcheck=1 +gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 + +[extras] +name=CentOS-7 - Extras - mirrors.aliyun.com +failovermethod=priority +baseurl=http://mirrors.aliyun.com/centos/7/extras/x86_64/ + http://mirrors.aliyuncs.com/centos/7/extras/x86_64/ + http://mirrors.cloud.aliyuncs.com/centos/7/extras/x86_64/ +gpgcheck=1 +gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 + +[epel] +name=Extra Packages for Enterprise Linux 7 - x86_64 +baseurl=https://mirrors.tuna.tsinghua.edu.cn/epel/7/x86_64 +failovermethod=priority +enabled=1 +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 \ No newline at end of file diff --git a/cook-bits.sh b/cook-bits.sh deleted file mode 100755 index c4162b8d..00000000 --- a/cook-bits.sh +++ /dev/null @@ -1,88 +0,0 @@ -#!/bin/bash - -# -# Copyright (C) 2017 Rajendra Dendukuri -# -# SPDX-License-Identifier: GPL-2.0 -# - -# Make an ONIE installer using CentOS 7 chroot environment -# -# inputs: cento7 chroot package -# output: ONIE compatible OS installer image -# -# Comments: This script expects that yumbootsstrap is installed on -# on the Linux host where it is executed. - -#!/bin/sh - -set -e - -IN=./input -OUT=./output -rm -rf $OUT -mkdir -p $OUT - -INSTALLER_TEMPLATE_DIR=./installer -WORKDIR=./work -EXTRACTDIR="$WORKDIR/extract" -INSTALLDIR="$WORKDIR/installer" - -# Create a centos-7 chroot package if not done already -DISTR0_VER="21.04.1" -MACHINE_ID="9140NPCP01R01" - -CHROOT_PKG="tsg-os-${DISTR0_VER}-${MACHINE_ID}-chroot.tar.bz2" -output_file="${OUT}/tsg-os-${DISTR0_VER}-${MACHINE_ID}-ONIE.bin" - -echo -n "Creating $output_file: ." - -# prepare workspace -[ -d $EXTRACTDIR ] && chmod +w -R $EXTRACTDIR -rm -rf $WORKDIR -mkdir -p $EXTRACTDIR -mkdir -p $INSTALLDIR - -# Copy distro package -cp -f ${IN}/${CHROOT_PKG} $INSTALLDIR - -# Create custom install.sh script -cp $INSTALLER_TEMPLATE_DIR/install.sh $INSTALLDIR/install.sh -chmod +x $INSTALLDIR/install.sh -sed -i -e "s/%%DISTR0_VER%%/$DISTR0_VER/" $INSTALLDIR/install.sh -sed -i -e "s/%%MACHINE_ID%%/$MACHINE_ID/" $INSTALLDIR/install.sh -sed -i -e "s/%%CHROOT_PKG%%/$CHROOT_PKG/" $INSTALLDIR/install.sh - -# Create o/s setup script -cp $INSTALLER_TEMPLATE_DIR/distro-setup.sh $INSTALLDIR/distro-setup.sh -chmod +x $INSTALLDIR/distro-setup.sh - -echo -n "." - -# Repackage $INSTALLDIR into a self-extracting installer image -sharch="$WORKDIR/sharch.tar" -tar -C $WORKDIR -cf $sharch installer || { - echo "Error: Problems creating $sharch archive" - exit 1 -} - -[ -f "$sharch" ] || { - echo "Error: $sharch not found" - exit 1 -} -echo -n "." - -sha1=$(cat $sharch | sha1sum | awk '{print $1}') -echo -n "." - -cp sharch_body.sh $output_file || { - echo "Error: Problems copying sharch_body.sh" - exit 1 -} - -# Replace variables in the sharch template -sed -i -e "s/%%IMAGE_SHA1%%/$sha1/" $output_file -echo -n "." -cat $sharch >> $output_file -rm -rf $tmp_dir -echo " Done." diff --git a/installer/install.sh b/installer/install.sh index 059e5b43..c8af0a91 100755 --- a/installer/install.sh +++ b/installer/install.sh @@ -7,19 +7,19 @@ distro_part=3 distro_dev="${blk_dev}${distro_part}" distro_mnt=/mnt/distro onie_root_dir=/mnt/onie-boot/onie -kernel_args="console=ttyS0,115200n8 intel_iommu=on iommu=pt pci=realloc,assign-busses isolcpus=1,14-27,42-55" -grub_serial_command="" +kernel_args="%%KERNAL_ARGS%%" +grub_serial_command="%%GRUB_SERIAL_COMMAND%%" DISTR0_VER="%%DISTR0_VER%%" MACHINE_ID="%%MACHINE_ID%%" CHROOT_PKG="%%CHROOT_PKG%%" +size_part_tsg_os_sysroot="%%SIZE_PART_SYSROOT%%" +size_part_tsg_os_data="%%SIZE_PART_DATA%%" vol_label_tsg_os_sysroot="TSG-OS-SYSROOT" vol_label_tsg_os_data="TSG-OS-DATA" exp_part_tsg_os_sysroot=3 exp_part_tsg_os_data=4 -size_part_tsg_os_sysroot="6096M" -size_part_tsg_os_data="128M" dev_part_tsg_os_sysroot="/dev/sda${exp_part_tsg_os_sysroot}" dev_part_tsg_os_data="/dev/sda${exp_part_tsg_os_data}" tsg_os_efi_prefix="TSG-OS" diff --git a/make/Makefile.9000NPBP01R01 b/make/Makefile.9000NPBP01R01 new file mode 100644 index 00000000..a975099e --- /dev/null +++ b/make/Makefile.9000NPBP01R01 @@ -0,0 +1,59 @@ + +PROFILE_ID := 9000-NPB-P01R01 +SUPPORTED_MACHINE_ID := 9000-NPB-P01R01 +CHROOT_PKG := tsg-os-${OS_RELEASE_VER}-${PROFILE_ID}-chroot.tar.bz2 +CHROOT_BIN := tsg-os-${OS_RELEASE_VER}-${PROFILE_ID}-ONIE.bin + +TARGET_BUILD_DIR := $(BUILDDIR_BASE)/$(PROFILE_ID) +TARGET_INSTALLER_DIR := $(TARGET_BUILD_DIR)/installer +TARGET_SYSROOT_DIR := $(TARGET_BUILD_DIR)/sysroot + +KERNEL_ARGS := console=ttyS0,115200n8 intel_iommu=on iommu=pt pci=realloc,assign-busses isolcpus=1,14-27,42-55 +GRUB_SERIAL_COMMAND := +SIZE_PART_SYSROOT := 7000M +SIZE_PART_DATA := 128M + +.PHONY: all builddir installer sysroot-base sysroot-ansible sysroot-cleanup sysroot-archive sysroot-binary clean + +all: sysroot-binary + +builddir: + mkdir -p $(TARGET_BUILD_DIR) + +installer: builddir + mkdir -p $(TARGET_INSTALLER_DIR) + cp $(INSTALLERDIR)/install.sh $(TARGET_INSTALLER_DIR)/install.sh + cp $(INSTALLERDIR)/distro-setup.sh $(TARGET_INSTALLER_DIR)/distro-setup.sh + chmod +x $(TARGET_INSTALLER_DIR)/install.sh + chmod +x $(TARGET_INSTALLER_DIR)/distro-setup.sh + + sed -i -e "s/%%DISTR0_VER%%/$(OS_RELEASE_VER)/" $(TARGET_INSTALLER_DIR)/install.sh + sed -i -e "s/%%MACHINE_ID%%/$(SUPPORTED_MACHINE_ID)/" $(TARGET_INSTALLER_DIR)/install.sh + sed -i -e "s/%%CHROOT_PKG%%/$(CHROOT_PKG)/" $(TARGET_INSTALLER_DIR)/install.sh + sed -i -e "s/%%KERNAL_ARGS%%/$(KERNEL_ARGS)/" $(TARGET_INSTALLER_DIR)/install.sh + sed -i -e "s/%%GRUB_SERIAL_COMMAND%%/$(GRUB_SERIAL_COMMAND)/" $(TARGET_INSTALLER_DIR)/install.sh + sed -i -e "s/%%SIZE_PART_SYSROOT%%/$(SIZE_PART_SYSROOT)/" $(TARGET_INSTALLER_DIR)/install.sh + sed -i -e "s/%%SIZE_PART_DATA%%/$(SIZE_PART_DATA)/" $(TARGET_INSTALLER_DIR)/install.sh + +sysroot-base: builddir + $(TOOLSDIR)/mk-base-image $(CONFDIR)/yum.conf $(TARGET_SYSROOT_DIR) + +sysroot-ansible: sysroot-base + +sysroot-cleanup: + rm -rf $(TARGET_SYSROOT_DIR)/tmp/* + rm -rf $(TARGET_SYSROOT_DIR)/dev/* + +sysroot-archive: installer sysroot-ansible sysroot-cleanup + tar --exclude=*~ --exclude-backups --owner=root --group=root -c -C $(TARGET_SYSROOT_DIR) . | pbzip2 > $(TARGET_INSTALLER_DIR)/$(CHROOT_PKG) + +INPUT_DIR=$1 +WORK_DIR=$2 +TARGET_BINARY=$3 + +sysroot-binary: sysroot-archive + mkdir -p $(TARGET_BUILD_DIR)/cook-bits + $(TOOLSDIR)/cook-bits $(TARGET_BUILD_DIR) $(TARGET_BUILD_DIR)/cook-bits $(TARGET_BUILD_DIR)/$(CHROOT_BIN) + +clean: + rm -rf $(TARGET_BUILD_DIR) \ No newline at end of file diff --git a/mkimage-yum.sh b/mkimage-yum.sh deleted file mode 100755 index 15d44794..00000000 --- a/mkimage-yum.sh +++ /dev/null @@ -1,110 +0,0 @@ -#!/usr/bin/env bash -# -# Create a base CentOS Docker image. -# -# This script is useful on systems with yum installed (e.g., building -# a CentOS image on CentOS). See contrib/mkimage-rinse.sh for a way -# to build CentOS images on other systems. - -usage() { - cat < -OPTIONS: - -y The path to the yum config to install packages from. The - default is /etc/yum.conf. -EOOPTS - exit 1 -} - -# option defaults -yum_config=/etc/yum.conf -while getopts ":y:h" opt; do - case $opt in - y) - yum_config=$OPTARG - ;; - h) - usage - ;; - \?) - echo "Invalid option: -$OPTARG" - usage - ;; - esac -done -shift $((OPTIND - 1)) -name=$1 - -if [[ -z $name ]]; then - usage -fi - -#-------------------- - -#target=$(mktemp -d --tmpdir $(basename $0).XXXXXX) -target=$PWD/centos_mkroot - -set -x - -for dev in console null zero urandom; do - /sbin/MAKEDEV -d "$target"/dev -x $dev -done - -package_to_install="@base @core @debugging @directory-client @guest-agents - @hardware-monitoring @network-file-system-client @performance @remote-system-management - grub2 kernel kernel-devel epel-release ansible" - -setopt="group_package_types=mandatory,default,optional" - -enabled_repos="base,extras,updates" - -yum -c "$yum_config" --installroot="$target" -y --setopt=$setopt install $package_to_install - -cat > "$target"/etc/sysconfig/network <&2 "warning: cannot autodetect OS version, using '$name' as tag" - version=$name -fi - -#tar --numeric-owner -c -C "$target" . | docker import - $name:$version -#docker run -i -t $name:$version echo success -cp -a /dev/urandom centos_mkroot/dev/ -cp -a /dev/random centos_mkroot/dev/ -#tar zcvf centos_mkroot.tar.gz centos_mkroot/ -ansible-playbook -i tsg-9140-scripts/install_config/tsg_9140_host tsg-9140-scripts/tsg_9140_deploy.yml -yum -c "$yum_config" --installroot="$target" -y --setopt=$setopt clean all -rm -rf centos_mkroot/tmp/* -tar --numeric-owner -c -C centos_mkroot/ . | pbzip2 -p9 > input/centos-7-chroot.tar.bz2 - -#rm -rf "$target" diff --git a/tools/cook-bits b/tools/cook-bits new file mode 100755 index 00000000..e9fc69e8 --- /dev/null +++ b/tools/cook-bits @@ -0,0 +1,54 @@ +#!/bin/bash + +# +# Copyright (C) 2017 Rajendra Dendukuri +# +# SPDX-License-Identifier: GPL-2.0 +# + +# Make an ONIE installer using CentOS 7 chroot environment +# +# inputs: cento7 chroot package +# output: ONIE compatible OS installer image +# +# Comments: This script expects that yumbootsstrap is installed on +# on the Linux host where it is executed. + +#!/bin/sh + +set -e + +SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" +INPUT_DIR=$1 +WORK_DIR=$2 +TARGET_BINARY=$3 + +echo -n "Creating $TARGET_BINARY: ." + +# Repackage $INSTALLDIR into a self-extracting installer image +sharch="$WORK_DIR/sharch.tar" +tar --exclude=*~ --exclude-backups --owner=root --group=root -C $INPUT_DIR -cf $sharch installer || { + echo "Error: Problems creating $sharch archive" + exit 1 +} + +[ -f "$sharch" ] || { + echo "Error: $sharch not found" + exit 1 +} + +echo -n "." + +sha1=$(cat $sharch | sha1sum | awk '{print $1}') +echo -n "." + +cp $SCRIPT_DIR/sharch_body.sh $TARGET_BINARY || { + echo "Error: Problems copying sharch_body.sh" + exit 1 +} + +# Replace variables in the sharch template +sed -i -e "s/%%IMAGE_SHA1%%/$sha1/" $TARGET_BINARY +echo -n "." +cat $sharch >> $TARGET_BINARY +echo " Done." \ No newline at end of file diff --git a/tools/mk-base-image b/tools/mk-base-image new file mode 100755 index 00000000..07743254 --- /dev/null +++ b/tools/mk-base-image @@ -0,0 +1,61 @@ +#!/usr/bin/env bash +# +# Create a base CentOS Docker image. +# +# This script is useful on systems with yum installed (e.g., building +# a CentOS image on CentOS). See contrib/mkimage-rinse.sh for a way +# to build CentOS images on other systems. + +yum_config=$1 +target=$2 + +set -ex + +package_to_install="@base @core @debugging @directory-client @guest-agents + @hardware-monitoring @network-file-system-client @performance @remote-system-management + grub2 kernel kernel-devel epel-release ansible" + +setopt="group_package_types=mandatory,default,optional" +yum -c "$yum_config" --installroot="$target" -y --setopt=$setopt install $package_to_install + +cat > "$target"/etc/sysconfig/network < input/centos-7-chroot.tar.bz2 + +#rm -rf "$target" \ No newline at end of file diff --git a/sharch_body.sh b/tools/sharch_body.sh similarity index 100% rename from sharch_body.sh rename to tools/sharch_body.sh