rancher/os
1
0
Fork 1
mirror of https://github.com/rancher/os.git synced 2025-07-30 22:24:33 +00:00
Code Issues Releases Wiki Activity

Sync up with cos upstream

Browse Source
This commit is contained in:
Darren Shepherd 2021-06-25 11:01:35 -07:00
parent 84365503fe
commit 24e676d156
26 changed files with 98 additions and 874 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
Dockerfile
View File

@ -1,13 +1,22 @@
FROM opensuse/leap:15.3 as tools
RUN zypper in -y curl docker squashfs xorriso go1.16 git
RUN curl https://get.mocaccino.org/luet/get_luet_root.sh | sh
RUN luet install -y extension/makeiso
COPY tools /
FROM opensuse/leap:15.3
FROM registry.suse.com/suse/sle15:15.3 AS base
ARG ARCH=amd64
ENV ARCH=${ARCH}
ENV LUET_VERSION 0.16.7
RUN zypper rm -y container-suseconnect
RUN zypper ar --priority=200 http://download.opensuse.org/distribution/leap/15.3/repo/oss repo-oss
RUN zypper --no-gpg-checks ref
COPY files/etc/luet/luet.yaml /etc/luet/luet.yaml
RUN zypper in -y curl
RUN curl -sfL -o /usr/bin/luet https://github.com/mudler/luet/releases/download/${LUET_VERSION}/luet-${LUET_VERSION}-linux-${ARCH} && \
chmod +x /usr/bin/luet
FROM base as tools
RUN zypper in -y docker squashfs xorriso
COPY tools /
RUN luet install -y repository/luet repository/mocaccino-repository-index
RUN luet install -y extension/makeiso
FROM base
RUN zypper in -y \
bash-completion \
conntrack-tools \
@ -19,12 +28,14 @@ RUN zypper in -y \
e2fsprogs \
findutils \
gawk \
gptfdisk \
grub2-i386-pc \
grub2-x86_64-efi \
haveged \
iproute2 \
iptables \
iputils \
issue-generator \
jq \
kernel-default \
kernel-firmware-bnx2 \
@ -45,6 +56,9 @@ RUN zypper in -y \
open-iscsi \
open-vm-tools \
parted \
pigz \
policycoreutils \
procps \
python-azure-agent \
qemu-guest-agent \
rng-tools \
@ -58,34 +72,19 @@ RUN zypper in -y \
vim \
which
RUN curl -L https://github.com/rancher/rancherd/releases/download/v0.0.1-alpha03/rancherd-${ARCH} > /usr/bin/rancherd && \
RUN curl -L https://github.com/rancher/rancherd/releases/download/v0.0.1-alpha04/rancherd-${ARCH} > /usr/bin/rancherd && \
chmod +x /usr/bin/rancherd
RUN zypper ar https://download.opensuse.org/repositories/security:/SELinux/openSUSE_Leap_15.3/security:SELinux.repo
RUN zypper --gpg-auto-import-keys in -y --allow-vendor-change --allow-downgrade container-selinux -libsemanage1
RUN mkdir /tmp/rpm && \
cd /tmp/rpm && \
curl -L -O https://github.com/k3s-io/k3s-selinux/releases/download/v0.3.testing.0/k3s-selinux-0.3-0.el7.noarch.rpm && \
curl -L -O https://github.com/rancher/rancher-selinux/releases/download/v0.2-rc1.testing.1/rancher-selinux-0.2.rc1-1.el7.noarch.rpm && \
mv /var/lib/selinux/targeted/active /var/lib/selinux/targeted/bkp && \
mv /var/lib/selinux/targeted/bkp /var/lib/selinux/targeted/active && \
rpm -ivh --nodeps *.rpm && \
cd / && \
rm -rf /tmp/rpm
COPY files/etc/luet/luet.yaml /etc/luet/luet.yaml
ENV LUET_VERSION 0.16.6
RUN curl -sfL -o /usr/bin/luet https://github.com/mudler/luet/releases/download/${LUET_VERSION}/luet-${LUET_VERSION}-linux-${ARCH} && \
chmod +x /usr/bin/luet
ARG CACHEBUST
RUN luet install -y \
toolchain/yip \
utils/installer \
system/cloud-config \
system/cos-setup \
system/immutable-rootfs \
system/grub-config \
selinux/k3s \
selinux/rancher \
utils/k9s \
utils/nerdctl
@ -95,5 +94,7 @@ RUN mkinitrd
ARG OS_NAME=RancherOS
ARG OS_VERSION=999
ARG OS_GIT=dirty
ARG FINALIZE=false
RUN if [ "${FINALIZE}" = "true" ]; then OS_NAME=${OS_NAME} OS_VERSION=${OS_VERSION} OS_GIT=${OS_GIT} /usr/bin/finalize; fi
ARG OS_REPO=norepo/norepo
ARG OS_LABEL=latest
RUN envsubst >/usr/lib/os-release </usr/lib/os-release.tmpl && \
rm /usr/lib/os-release.tmpl

16
Makefile
View File

@ -1,14 +1,16 @@
.DEFAULT_GOAL := iso
IMAGE=ibuildthecloud/test
REPO=ibuildthecloud/test
LABEL=latest
IMAGE=${REPO}:${LABEL}
TOOLS=${IMAGE}-tools
.PHONY: build
build:
docker build -t ${IMAGE} .
.PHONY: final-build
final-build:
docker build --build-arg FINALIZE=true -t ${IMAGE} .
docker build \
--build-arg CACHEBUST="${CACHEBUST}" \
--build-arg OS_LABEL=${LABEL} \
--build-arg OS_REPO=${REPO} \
-t ${IMAGE} .
.PHONY: push
push: build
@ -19,7 +21,7 @@ tools:
docker build -t ${TOOLS} --target tools .
.PHONY: iso
iso: tools final-build
iso: tools build
mkdir -p build
rm -f build/iso-container
docker run -v /var/run:/var/run -it --cidfile=build/iso-container ${TOOLS} makeiso ${IMAGE}

5
files/etc/bash.bashrc.local
View File

@ -1,7 +1,8 @@
if [ -e /etc/rancher/rke2 ]; then
if [ -z "$KUBECONFIG" ]; then
if [ -z "$KUBECONFIG" ]; then
if [ -e /etc/rancher/rke2 ]; then
export KUBECONFIG=/etc/rancher/rke2/rke2.yaml
fi
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
fi
if [ -d /var/lib/rancher/rke2/bin ]; then
export PATH="${PATH}:/var/lib/rancher/rke2/bin"

3
files/etc/cos/bootargs.cfg
View File

@ -1,3 +0,0 @@
set kernel=/boot/vmlinuz
set kernelcmd="console=tty1 console=ttyS0 root=LABEL=$label iso-scan/filename=$img panic=5 security=selinux selinux=1"
set initramfs=/boot/initrd

2
files/etc/dracut.conf.d/50-immutable-rootfs.conf → files/etc/dracut.conf.d/50-cos-initrd.conf
View File

@ -2,4 +2,4 @@ hostonly_cmdline="no"
hostonly="no"
compress="xz"
omit_dracutmodules+=" multipath "
add_dracutmodules+=" dmsquash-live cos-immutable-rootfs "
add_dracutmodules+=" dmsquash-live "

3
files/etc/luet/luet.yaml
View File

@ -13,5 +13,6 @@ repositories:
priority: 1
verify: false
urls:
- "quay.io/costoolkit/releases-opensuse"
- "ibuildthecloud/releases-sle"
#- "quay.io/costoolkit/releases-opensuse"

1
files/etc/os-release Symbolic link
View File

@ -0,0 +1 @@
../usr/lib/os-release

1
files/etc/systemd/system/multi-user.target.wants/sshd.service Symbolic link
View File

@ -0,0 +1 @@
/usr/lib/systemd/system/sshd.service

42
files/system/oem/00_rootfs.yaml → files/system/oem/00_ros-rootfs.yaml
View File

@ -1,40 +1,26 @@
name: "Rootfs Layout Settings"
name: "ROS Rootfs Layout Settings"
stages:
rootfs:
- environment_file: /run/cos/cos-layout.env
environment:
VOLUMES: "LABEL=COS_OEM:/oem LABEL=COS_PERSISTENT:/usr/local"
OVERLAY: "tmpfs:25%"
# DEBUG_RW: "true"
initramfs:
rootfs.after:
- if: '[ -z "$(blkid -L COS_SYSTEM || true)" ]'
commands:
- |
target=/usr/local/.ros-state
set -x
target=/sysroot/usr/local/.ros-state
# Always want the latest update of systemd conf from the image
mkdir -p ${target}/etc/systemd/
rsync -av /etc/systemd/ ${target}/etc/systemd/
rsync -a /sysroot/etc/systemd/ ${target}/etc/systemd/
# Only populate ssh conf once
if [ ! -e ${target}/etc/ssh ]; then
mkdir -p ${target}/etc/ssh/
rsync -av /etc/ssh/ ${target}/etc/ssh/
rsync -a /sysroot/etc/ssh/ ${target}/etc/ssh/
fi
# make /tmp tmpfs
cp -f /usr/share/systemd/tmp.mount ${target}/etc/systemd/system/
# undo /home /opt mount from cos immutable-rootfs module
sed -i '/overlay \/home /d' /etc/fstab
sed -i '/overlay \/opt /d' /etc/fstab
umount /home
umount /opt
# setup directories as persistent
for i in root opt home var/lib/rancher var/lib/kubelet etc/systemd etc/rancher etc/ssh usr/libexec; do
mkdir -p ${target}/$i /$i
mount ${target}/$i /$i -t none -o bind
for i in root opt home var/lib/rancher var/lib/kubelet etc/systemd etc/rancher etc/ssh usr/libexec var/log var/lib/wicked; do
mkdir -p ${target}/$i /sysroot/$i
mount ${target}/$i /sysroot/$i -t none -o bind
done
# This is hidden so that if you run some selinux label checking or relabeling the bind
@ -43,16 +29,8 @@ stages:
mkdir -p ${target}/empty
mount ${target}/empty ${target} -o bind,ro
# persist machine-id
if [ -s /usr/local/etc/machine-id ]; then
cat /usr/local/etc/machine-id > /etc/machine-id
else
mkdir -p /usr/local/etc
cp /etc/machine-id /usr/local/etc
fi
# ensure /var/log/journal exists so it's labeled correctly
mkdir -p /var/log/journal
mkdir -p /sysroot/var/log/journal
initramfs.after:
- if: '[ -z "$(blkid -L COS_SYSTEM || true)" ]'
commands:

11
files/system/oem/01_defaults.yaml
View File

@ -1,11 +0,0 @@
name: "General settings"
stages:
initramfs:
- name: "Setup distro"
#systemd_firstboot:
#keymap: us
#locale: en_US.UTF-8
#timezone: UTC
- name: "Remove install default"
commands:
- rm -f /usr/local/cloud-config/90_after_install.yaml

17
files/system/oem/03_branding.yaml
View File

@ -3,20 +3,3 @@ stages:
initramfs:
- name: "Branding"
hostname: "rancher"
Xfiles:
- path: /etc/issue
content: |
.-----.
| .-. |
| |.| |
| `-' |
`-----'
Welcome to \S !
IP address \4
Login with user: root, password: cos
Start the installer with "cos-installer <device>" to install it in the local system
permissions: 0644
owner: 0
group: 0

5
files/system/oem/04_accounting.yaml
View File

@ -24,11 +24,6 @@ stages:
primary_group: "rancher"
shell: /bin/bash
homedir: "/home/rancher"
#ensure_entities:
#- entity: |
# kind: "shadow"
# username: "root"
# password: "$6$g9DDJRDNRS8MEzhH$w6Cn6PNzFnUVnatwRbNoLk6etanvAbcxUzfYlQcj6y/JLGq3Yrl7wXi6SkMzp1/tEM3NheMr5fH8.92NdiaB/0"
- name: "Setup sudo"
files:
- path: "/etc/sudoers"

17
files/system/oem/05_network.yaml
View File

@ -1,17 +0,0 @@
name: "Default network configuration"
stages:
initramfs:
- name: "Setup network"
dns:
path: /etc/resolv.conf
nameservers:
- 8.8.8.8
- 1.1.1.1
files:
- path: /etc/sysconfig/network/ifcfg-eth0
content: |
BOOTPROTO='dhcp'
STARTMODE='onboot'
permissions: 0600
owner: 0
group: 0

12
files/system/oem/06_recovery.yaml
View File

@ -1,12 +0,0 @@
name: "Recovery partition boot setup"
stages:
boot:
- name: "Recovery"
commands:
- |
source /etc/os-release
if [ -n "$(blkid -L COS_SYSTEM || true)" ]; then
echo >> /etc/issue
echo "You are booting from recovery mode. Run 'cos-reset' to reset the system to $VERSION" >> /etc/issue
echo >> /etc/issue
fi

8
files/system/oem/07_cdrom_ds.yaml
View File

@ -1,8 +0,0 @@
name: "Cloud-init cdrom"
stages:
fs:
- name: "cdrom datasource"
datasource:
providers:
- cdrom
path: /oem

14
files/system/oem/07_cloud-metadata.yaml Normal file
View File

@ -0,0 +1,14 @@
# Default cOS OEM configuration file
#
# This file is part of cOS and will get reset during upgrades.
#
# Before you change this file manually,
# consider copying this file to /usr/local/cloud-config or
# copy the file with a prefix starting by 90, e.g. /oem/91_custom.yaml
name: "Cloud providers metadata"
stages:
network:
- name: "Cloud providers datasources"
datasource:
providers: ["aws", "gcp", "cdrom"]
path: "/oem"

50
files/usr/bin/finalize
View File

@ -1,50 +0,0 @@
#!/bin/bash
set -e -o pipefail
packages="openSUSE-release-appliance-docker
systemd-presets-branding-MicroOS
dracut
rpm-config-SUSE
openSUSE-release-15.3
openSUSE-build-key"
packages="$packages $(zypper rm --details -D -u -y zypper | grep '^[a-z]' | grep -v procps)"
echo Removing $packages
rpm --nodeps -v -e $packages 2>&1 | grep -v LC_MESSAGES
echo Removing zypper data
rm -rf /etc/zypp \
/var/cache/zypp \
/var/log/zypp \
/var/lib/zypp
echo Removing luet metadata
rm -rf /var/cache/luet \
/var/luet \
/etc/luet
echo Removing rpm
rpm --nodeps -v -e rpm 2>&1 | grep -v LC_MESSAGES
rm -rf /usr/lib/rpm \
/usr/lib/sysimage/rpm \
/etc/rpm
echo Removing extra kernel weight
rm -rf /boot/vmlinux*
if ! command -v man >/dev/null; then
echo Removing man pages
find /usr/share/man -type f -exec rm {} \;
fi
if [ -e /usr/lib/os-release.tmpl ]; then
echo Setting up /etc/os-release
export OS_NAME=${OS_NAME:-NoNameOS} OS_VERSION="${OS_VERSION:-0.0.0}" OS_GIT="${OS_GIT:-HEAD}"
cat /usr/lib/os-release.tmpl | envsubst > /usr/lib/os-release
rm /usr/lib/os-release.tmpl
ln -sf ../usr/lib/os-release /etc/os-release
fi
echo Removing self
rm /usr/bin/finalize

5
files/usr/bin/self-upgrade Executable file
View File

@ -0,0 +1,5 @@
#!/bin/bash
set -e -x
source /etc/os-release
sudo cos-upgrade --no-verify --docker-image "${IMAGE}"
sudo reboot

4
files/usr/bin/test-upgrade
View File

@ -1,4 +0,0 @@
#!/bin/bash
set -e -x
sudo cos-upgrade --no-verify --docker-image ibuildthecloud/test
sudo reboot

2
files/usr/lib/issue.d/10-rancheros.conf
View File

@ -1,2 +0,0 @@
Welcome to \S - Kernel \r (\l).

9
files/usr/lib/issue.d/90-SUSE Normal file
View File

@ -0,0 +1,9 @@
, , ______ _ _____ _____TM
,------------|'------'| | ___ \\ | | / _ / ___|
/ . '-' |- | |_/ /__ _ _ __ ___| |__ ___ _ __ | | | \\ '--.
\\/| | | | // _' | '_ \\ / __| '_ \\ / _ \\ '__' | | | |'--. \\
| .________.'----' | |\\ \\ (_| | | | | (__| | | | __/ | | \\_/ /\\__/ /
| | | | \\_| \\_\\__,_|_| |_|\\___|_| |_|\\___|_| \\___/\\____/
\\___/ \\___/ \s \r
RancherOS \v \n \l

3
files/usr/lib/os-release.tmpl
View File

@ -7,3 +7,6 @@ PRETTY_NAME="${OS_NAME} v${OS_VERSION} (${OS_GIT})"
ANSI_COLOR="0;32"
BUG_REPORT_URL="https://github.com/rancher/os/issues"
HOME_URL="https://github.com/rancher/os"
IMAGE="${OS_REPO}:${OS_LABEL}"
IMAGE_REPO="${OS_REPO}"
IMAGE_LABEL="${OS_LABEL}"

22
files/usr/lib/systemd/system/rancherd.service
View File

@ -1,22 +0,0 @@
[Unit]
Description=Rancher Bootstrap
Documentation=https://github.com/rancher/rancherd
Wants=network-online.target
After=network-online.target
[Install]
WantedBy=multi-user.target
[Service]
Type=oneshot
EnvironmentFile=-/etc/default/%N
EnvironmentFile=-/etc/sysconfig/%N
KillMode=process
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=1048576
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
TimeoutStartSec=0
ExecStart=/usr/bin/rancherd bootstrap

355
files/usr/sbin/cos-upgrade
View File

@ -1,355 +0,0 @@
#!/bin/bash
set -e
CHANNEL_UPGRADES="${CHANNEL_UPGRADES:-true}"
# 1. Identify active/passive partition
# 2. Install upgrade in passive partition
# 3. Invert partition labels
find_partitions() {
STATE=$(blkid -L COS_STATE || true)
if [ -z "$STATE" ]; then
echo "State partition cannot be found"
exit 1
fi
PERSISTENT=$(blkid -L COS_PERSISTENT || true)
if [ -z "$PERSISTENT" ]; then
echo "Persistent partition cannot be found"
exit 1
fi
OEM=$(blkid -L COS_OEM || true)
if [ -z "$OEM" ]; then
echo "OEM partition cannot be found"
exit 1
fi
COS_ACTIVE=$(blkid -L COS_ACTIVE || true)
if [ -n "$COS_ACTIVE" ]; then
CURRENT=active.img
fi
COS_PASSIVE=$(blkid -L COS_PASSIVE || true)
if [ -n "$COS_PASSIVE" ]; then
CURRENT=passive.img
fi
if [ -z "$CURRENT" ]; then
# We booted from an ISO or some else medium. We assume we want to fixup the current label
read -p "Could not determine current partition. Do you want to overwrite your current active partition? (CURRENT=active.img) [y/N] : " -n 1 -r
if [[ ! $REPLY =~ ^[Yy]$ ]]
then
[[ "$0" = "$BASH_SOURCE" ]] && exit 1 || return 1 # handle exits from shell or function but don't exit interactive shell
fi
CURRENT=active.img
echo
fi
echo "-> Upgrade target: $CURRENT"
}
find_recovery() {
RECOVERY=$(blkid -L COS_RECOVERY || true)
if [ -z "$RECOVERY" ]; then
echo "COS_RECOVERY partition cannot be found"
exit 1
fi
}
# cos-upgrade-image: system/cos
find_upgrade_channel() {
if [ -e "/etc/cos-upgrade-image" ]; then
source /etc/cos-upgrade-image
fi
if [ -n "$IMAGE" ]; then
UPGRADE_IMAGE=$IMAGE
echo "Upgrading to image $UPGRADE_IMAGE"
fi
if [ -z "$UPGRADE_IMAGE" ]; then
UPGRADE_IMAGE="system/cos"
fi
if [ -n "$UPGRADE_RECOVERY" ] && [ $UPGRADE_RECOVERY == true ] && [ -n "$RECOVERY_IMAGE" ]; then
UPGRADE_IMAGE=$RECOVERY_IMAGE
fi
}
is_squashfs() {
if [ -e "${STATEDIR}/cOS/recovery.squashfs" ]; then
return 0
else
return 1
fi
}
recovery_boot() {
cmdline="$(cat /proc/cmdline)"
if echo $cmdline | grep -q "COS_RECOVERY" || echo $cmdline | grep -q "COS_SYSTEM"; then
return 0
else
return 1
fi
}
prepare_target() {
mkdir -p ${STATEDIR}/cOS || true
rm -rf ${STATEDIR}/cOS/transition.img || true
dd if=/dev/zero of=${STATEDIR}/cOS/transition.img bs=1M count=3240
mkfs.ext2 ${STATEDIR}/cOS/transition.img
mount -t ext2 -o loop ${STATEDIR}/cOS/transition.img $TARGET
}
prepare_squashfs_target() {
rm -rf $TARGET || true
TARGET=${STATEDIR}/tmp/target
mkdir -p $TARGET
}
mount_state() {
STATEDIR=/run/initramfs/state
mkdir -p $STATEDIR
mount ${STATE} ${STATEDIR}
}
mount_image() {
STATEDIR=/run/initramfs/isoscan
TARGET=/tmp/upgrade
mkdir -p $TARGET || true
if [ -d "$STATEDIR" ]; then
if recovery_boot; then
mount_state
else
mount -o remount,rw ${STATE} ${STATEDIR}
fi
else
mount_state
fi
prepare_target
}
mount_recovery() {
STATEDIR=/tmp/recovery
TARGET=/tmp/upgrade
mkdir -p $TARGET || true
mkdir -p $STATEDIR || true
mount $RECOVERY $STATEDIR
if is_squashfs; then
echo "Preparing squashfs target"
prepare_squashfs_target
else
echo "Preparing image target"
prepare_target
fi
}
mount_persistent() {
mkdir -p ${TARGET}/oem || true
mount ${OEM} ${TARGET}/oem
mkdir -p ${TARGET}/usr/local || true
mount ${PERSISTENT} ${TARGET}/usr/local
}
upgrade() {
mount_persistent
ensure_dir_structure
temp_upgrade=$STATEDIR/tmp/upgrade
rm -rf $temp_upgrade || true
mkdir -p $temp_upgrade
# FIXME: XDG_RUNTIME_DIR is for containerd, by default that points to /run/user/<uid>
# which might not be sufficient to unpack images. Use /usr/local/tmp until we get a separate partition
# for the state
# FIXME: Define default /var/tmp as tmpdir_base in default luet config file
export XDG_RUNTIME_DIR=$temp_upgrade
export TMPDIR=$temp_upgrade
if [ -n "$CHANNEL_UPGRADES" ] && [ "$CHANNEL_UPGRADES" == true ]; then
if [ -z "$VERIFY" ]; then
args="--plugin image-mtree-check"
fi
luet install $args --system-target $TARGET --system-engine memory -y $UPGRADE_IMAGE
luet cleanup
else
if [ "$DIRECTORY" != true ]; then
args=""
if [ -z "$VERIFY" ]; then
args="--plugin image-mtree-check"
fi
rm -rf /usr/local/tmp/rootfs
luet util unpack $args $UPGRADE_IMAGE /usr/local/tmp/rootfs
rsync -axq --exclude='host' --exclude='mnt' --exclude='proc' --exclude='sys' --exclude='dev' --exclude='tmp' /usr/local/tmp/rootfs/ /tmp/upgrade
else
rsync -axq --exclude='host' --exclude='mnt' --exclude='proc' --exclude='sys' --exclude='dev' --exclude='tmp' ${UPGRADE_IMAGE}/ /tmp/upgrade
fi
rm -rf /usr/local/tmp/rootfs
fi
SELinux_relabel
chmod 755 /tmp/upgrade
rm -rf $temp_upgrade
umount $TARGET/oem || true
umount $TARGET/usr/local || true
umount $TARGET || true
}
SELinux_relabel()
{
if which setfiles > /dev/null && [ -e ${TARGET}/etc/selinux/targeted/contexts/files/file_contexts ]; then
setfiles -r ${TARGET} ${TARGET}/etc/selinux/targeted/contexts/files/file_contexts ${TARGET}
fi
}
switch_active() {
if [[ "$CURRENT" == "active.img" ]]; then
mv -f ${STATEDIR}/cOS/$CURRENT ${STATEDIR}/cOS/passive.img
tune2fs -L COS_PASSIVE ${STATEDIR}/cOS/passive.img
fi
mv -f ${STATEDIR}/cOS/transition.img ${STATEDIR}/cOS/active.img
tune2fs -L COS_ACTIVE ${STATEDIR}/cOS/active.img
}
switch_recovery() {
if is_squashfs; then
mksquashfs $TARGET ${STATEDIR}/cOS/transition.squashfs -b 1024k -comp xz -Xbcj x86
mv ${STATEDIR}/cOS/transition.squashfs ${STATEDIR}/cOS/recovery.squashfs
rm -rf $TARGET
else
mv -f ${STATEDIR}/cOS/transition.img ${STATEDIR}/cOS/recovery.img
tune2fs -L COS_SYSTEM ${STATEDIR}/cOS/recovery.img
fi
}
ensure_dir_structure() {
mkdir ${TARGET}/proc || true
mkdir ${TARGET}/boot || true
mkdir ${TARGET}/dev || true
mkdir ${TARGET}/sys || true
mkdir ${TARGET}/tmp || true
}
cleanup2()
{
rm -rf /usr/local/tmp/upgrade || true
mount -o remount,ro ${STATE} ${STATEDIR} || true
if [ -n "${TARGET}" ]; then
umount ${TARGET}/boot/efi || true
umount ${TARGET}/oem || true
umount ${TARGET}/usr/local || true
umount ${TARGET}/ || true
rm -rf ${TARGET}
fi
if [ -n "$UPGRADE_RECOVERY" ] && [ $UPGRADE_RECOVERY == true ]; then
umount ${STATEDIR} || true
fi
if [ "$STATEDIR" == "/run/initramfs/state" ]; then
umount ${STATEDIR}
rm -rf $STATEDIR
fi
}
cleanup()
{
EXIT=$?
cleanup2 2>/dev/null || true
return $EXIT
}
usage()
{
echo "Usage: cos-upgrade [--no-verify] [--recovery] [--docker-image] IMAGE"
echo ""
echo "Example: cos-upgrade"
echo ""
echo "IMAGE is optional, and upgrades the system to the given specified docker image."
echo ""
echo ""
exit 1
}
find_upgrade_channel
while [ "$#" -gt 0 ]; do
case $1 in
--docker-image)
CHANNEL_UPGRADES=false
;;
--directory)
CHANNEL_UPGRADES=false
DIRECTORY=true
;;
--recovery)
UPGRADE_RECOVERY=true
;;
--no-verify)
VERIFY=false
;;
-h)
usage
;;
--help)
usage
;;
*)
if [ "$#" -gt 2 ]; then
usage
fi
INTERACTIVE=true
UPGRADE_IMAGE=$1
break
;;
esac
shift 1
done
trap cleanup exit
if [ -n "$UPGRADE_RECOVERY" ] && [ $UPGRADE_RECOVERY == true ]; then
echo "Upgrading recovery partition.."
find_partitions
find_recovery
mount_recovery
upgrade
switch_recovery
else
echo "Upgrading system.."
find_partitions
mount_image
upgrade
switch_active
fi
echo "Flush changes to disk"
sync
sync
if [ -n "$INTERACTIVE" ] && [ $INTERACTIVE == false ]; then
if grep -q 'cos.upgrade.power_off=true' /proc/cmdline; then
poweroff -f
else
echo " * Rebooting system in 5 seconds (CTRL+C to cancel)"
sleep 5
reboot -f
fi
else
echo "Upgrade done, now you might want to reboot"
fi

295
files/usr/sbin/cos-upgrade.save
View File

@ -1,295 +0,0 @@
#!/bin/bash
set -e
CHANNEL_UPGRADES="${CHANNEL_UPGRADES:-true}"
# 1. Identify active/passive partition
# 2. Install upgrade in passive partition
# 3. Invert partition labels
find_partitions() {
STATE=$(blkid -L COS_STATE || true)
if [ -z "$STATE" ]; then
echo "State partition cannot be found"
exit 1
fi
PERSISTENT=$(blkid -L COS_PERSISTENT || true)
if [ -z "$PERSISTENT" ]; then
echo "Persistent partition cannot be found"
exit 1
fi
OEM=$(blkid -L COS_OEM || true)
if [ -z "$OEM" ]; then
echo "OEM partition cannot be found"
exit 1
fi
COS_ACTIVE=$(blkid -L COS_ACTIVE || true)
if [ -n "$COS_ACTIVE" ]; then
CURRENT=active.img
fi
COS_PASSIVE=$(blkid -L COS_PASSIVE || true)
if [ -n "$COS_PASSIVE" ]; then
CURRENT=passive.img
fi
if [ -z "$CURRENT" ]; then
# We booted from an ISO or some else medium. We assume we want to fixup the current label
read -p "Could not determine current partition. Do you want to overwrite your current active partition? [y/N] : " -n 1 -r
if [[ ! $REPLY =~ ^[Yy]$ ]]
then
[[ "$0" = "$BASH_SOURCE" ]] && exit 1 || return 1 # handle exits from shell or function but don't exit interactive shell
fi
CURRENT=active.img
fi
echo "-> Booting from: $CURRENT"
}
find_recovery() {
RECOVERY=$(blkid -L COS_RECOVERY || true)
if [ -z "$RECOVERY" ]; then
echo "COS_RECOVERY partition cannot be found"
exit 1
fi
}
# cos-upgrade-image: system/cos
find_upgrade_channel() {
if [ -e "/etc/cos-upgrade-image" ]; then
source /etc/cos-upgrade-image
fi
if [ -n "$IMAGE" ]; then
UPGRADE_IMAGE=$IMAGE
echo "Upgrading to image $UPGRADE_IMAGE"
fi
if [ -z "$UPGRADE_IMAGE" ]; then
UPGRADE_IMAGE="system/cos"
fi
}
prepare_target() {
mkdir -p ${STATEDIR}/cOS || true
rm -rf ${STATEDIR}/cOS/transition.img || true
dd if=/dev/zero of=${STATEDIR}/cOS/transition.img bs=1M count=3240
mkfs.ext2 ${STATEDIR}/cOS/transition.img
mount -t ext2 -o loop ${STATEDIR}/cOS/transition.img $TARGET
}
mount_image() {
STATEDIR=/run/initramfs/isoscan
TARGET=/tmp/upgrade
mkdir -p $TARGET || true
mount -o remount,rw ${STATE} ${STATEDIR}
prepare_target
}
mount_recovery() {
STATEDIR=/tmp/recovery
TARGET=/tmp/upgrade
mkdir -p $TARGET || true
mkdir -p $STATEDIR || true
mount $RECOVERY $STATEDIR
prepare_target
}
mount_persistent() {
mkdir -p ${TARGET}/oem || true
mount ${OEM} ${TARGET}/oem
mkdir -p ${TARGET}/usr/local || true
mount ${PERSISTENT} ${TARGET}/usr/local
}
upgrade() {
mount_persistent
ensure_dir_structure
mkdir -p /usr/local/tmp/upgrade
# FIXME: XDG_RUNTIME_DIR is for containerd, by default that points to /run/user/<uid>
# which might not be sufficient to unpack images. Use /usr/local/tmp until we get a separate partition
# for the state
# FIXME: Define default /var/tmp as tmpdir_base in default luet config file
export XDG_RUNTIME_DIR=/usr/local/tmp/upgrade
export TMPDIR=/usr/local/tmp/upgrade
export HOME=/tmp # Docker Content Trust data is stored in $HOME/.docker. We don't need those to persist
if [ -n "$CHANNEL_UPGRADES" ] && [ "$CHANNEL_UPGRADES" == true ]; then
if [ -z "$VERIFY" ]; then
args="--plugin image-mtree-check"
fi
luet install $args --system-target /tmp/upgrade --system-engine memory -y $UPGRADE_IMAGE
luet cleanup
else
if [ "$DIRECTORY" != true ]; then
args=""
if [ -z "$VERIFY" ]; then
args="--verify"
fi
rm -rf /usr/local/tmp/rootfs
luet util unpack $args $UPGRADE_IMAGE /usr/local/tmp/rootfs
rsync -axq --exclude='host' --exclude='mnt' --exclude='proc' --exclude='sys' --exclude='dev' --exclude='tmp' /usr/local/tmp/rootfs/ /tmp/upgrade
else
rsync -axq --exclude='host' --exclude='mnt' --exclude='proc' --exclude='sys' --exclude='dev' --exclude='tmp' ${UPGRADE_IMAGE}/ /tmp/upgrade
fi
rm -rf /usr/local/tmp/rootfs
fi
SELinux_relabel
chmod 755 /tmp/upgrade
rm -rf /usr/local/tmp/upgrade
umount $TARGET/oem
umount $TARGET/usr/local
umount $TARGET
}
SELinux_relabel()
{
if which setfiles > /dev/null && [ -e ${TARGET}/etc/selinux/targeted/contexts/files/file_contexts ]; then
setfiles -r ${TARGET} ${TARGET}/etc/selinux/targeted/contexts/files/file_contexts ${TARGET}
fi
}
switch_active() {
if [[ "$CURRENT" == "active.img" ]]; then
mv -f ${STATEDIR}/cOS/$CURRENT ${STATEDIR}/cOS/passive.img
tune2fs -L COS_PASSIVE ${STATEDIR}/cOS/passive.img
fi
mv -f ${STATEDIR}/cOS/transition.img ${STATEDIR}/cOS/active.img
tune2fs -L COS_ACTIVE ${STATEDIR}/cOS/active.img
}
switch_recovery() {
mv -f ${STATEDIR}/cOS/transition.img ${STATEDIR}/cOS/recovery.img
tune2fs -L COS_SYSTEM ${STATEDIR}/cOS/recovery.img
}
ensure_dir_structure() {
mkdir ${TARGET}/proc || true
mkdir ${TARGET}/boot || true
mkdir ${TARGET}/dev || true
mkdir ${TARGET}/sys || true
mkdir ${TARGET}/tmp || true
}
cleanup2()
{
rm -rf /usr/local/tmp/upgrade || true
mount -o remount,ro ${STATE} ${STATEDIR} || true
if [ -n "${TARGET}" ]; then
umount ${TARGET}/boot/efi || true
umount ${TARGET}/oem || true
umount ${TARGET}/usr/local || true
umount ${TARGET}/ || true
fi
if [ -n "$UPGRADE_RECOVERY" ] && [ $UPGRADE_RECOVERY == true ]; then
umount ${STATEDIR} || true
fi
}
cleanup()
{
EXIT=$?
cleanup2 2>/dev/null || true
return $EXIT
}
usage()
{
echo "Usage: cos-upgrade [--verify] [--recovery] [--docker-image] IMAGE"
echo ""
echo "Example: cos-upgrade"
echo ""
echo "IMAGE is optional, and upgrades the system to the given specified docker image."
echo ""
echo ""
exit 1
}
find_upgrade_channel
while [ "$#" -gt 0 ]; do
case $1 in
--docker-image)
CHANNEL_UPGRADES=false
;;
--directory)
CHANNEL_UPGRADES=false
DIRECTORY=true
;;
--recovery)
UPGRADE_RECOVERY=true
;;
--no-verify)
VERIFY=false
;;
-h)
usage
;;
--help)
usage
;;
*)
if [ "$#" -gt 2 ]; then
usage
fi
INTERACTIVE=true
UPGRADE_IMAGE=$1
break
;;
esac
shift 1
done
trap cleanup exit
if [ -n "$UPGRADE_RECOVERY" ] && [ $UPGRADE_RECOVERY == true ]; then
echo "Upgrading recovery partition.."
find_partitions
find_recovery
mount_recovery
upgrade
switch_recovery
else
echo "Upgrading system.."
find_partitions
mount_image
upgrade
switch_active
fi
echo "Flush changes to disk"
sync
sync
if [ -n "$INTERACTIVE" ] && [ $INTERACTIVE == false ]; then
if grep -q 'cos.upgrade.power_off=true' /proc/cmdline; then
poweroff -f
else
echo " * Rebooting system in 5 seconds (CTRL+C to cancel)"
sleep 5
reboot -f
fi
else
echo "Upgrade done, now you might want to reboot"
fi

9
tools/etc/luet/repos.conf.d/mocaccino-repository-index.yml Normal file
View File

@ -0,0 +1,9 @@
name: "mocaccino-repository-index"
description: "MocaccinoOS Repository Index"
type: "http"
enable: true
cached: true
priority: 1
urls:
- "https://raw.githubusercontent.com/mocaccinoOS/repository-index/gh-pages"
- "https://get.mocaccino.org/mocaccino-repository-index"