diff --git a/Dockerfile b/Dockerfile index 0a90589e..2f157ed6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,13 +1,22 @@ -FROM opensuse/leap:15.3 as tools -RUN zypper in -y curl docker squashfs xorriso go1.16 git -RUN curl https://get.mocaccino.org/luet/get_luet_root.sh | sh -RUN luet install -y extension/makeiso -COPY tools / - - -FROM opensuse/leap:15.3 +FROM registry.suse.com/suse/sle15:15.3 AS base ARG ARCH=amd64 ENV ARCH=${ARCH} +ENV LUET_VERSION 0.16.7 +RUN zypper rm -y container-suseconnect +RUN zypper ar --priority=200 http://download.opensuse.org/distribution/leap/15.3/repo/oss repo-oss +RUN zypper --no-gpg-checks ref +COPY files/etc/luet/luet.yaml /etc/luet/luet.yaml +RUN zypper in -y curl +RUN curl -sfL -o /usr/bin/luet https://github.com/mudler/luet/releases/download/${LUET_VERSION}/luet-${LUET_VERSION}-linux-${ARCH} && \ + chmod +x /usr/bin/luet + +FROM base as tools +RUN zypper in -y docker squashfs xorriso +COPY tools / +RUN luet install -y repository/luet repository/mocaccino-repository-index +RUN luet install -y extension/makeiso + +FROM base RUN zypper in -y \ bash-completion \ conntrack-tools \ @@ -19,12 +28,14 @@ RUN zypper in -y \ e2fsprogs \ findutils \ gawk \ + gptfdisk \ grub2-i386-pc \ grub2-x86_64-efi \ haveged \ iproute2 \ iptables \ iputils \ + issue-generator \ jq \ kernel-default \ kernel-firmware-bnx2 \ @@ -45,6 +56,9 @@ RUN zypper in -y \ open-iscsi \ open-vm-tools \ parted \ + pigz \ + policycoreutils \ + procps \ python-azure-agent \ qemu-guest-agent \ rng-tools \ @@ -58,34 +72,19 @@ RUN zypper in -y \ vim \ which -RUN curl -L https://github.com/rancher/rancherd/releases/download/v0.0.1-alpha03/rancherd-${ARCH} > /usr/bin/rancherd && \ +RUN curl -L https://github.com/rancher/rancherd/releases/download/v0.0.1-alpha04/rancherd-${ARCH} > /usr/bin/rancherd && \ chmod +x /usr/bin/rancherd -RUN zypper ar https://download.opensuse.org/repositories/security:/SELinux/openSUSE_Leap_15.3/security:SELinux.repo -RUN zypper --gpg-auto-import-keys in -y --allow-vendor-change --allow-downgrade container-selinux -libsemanage1 - -RUN mkdir /tmp/rpm && \ - cd /tmp/rpm && \ - curl -L -O https://github.com/k3s-io/k3s-selinux/releases/download/v0.3.testing.0/k3s-selinux-0.3-0.el7.noarch.rpm && \ - curl -L -O https://github.com/rancher/rancher-selinux/releases/download/v0.2-rc1.testing.1/rancher-selinux-0.2.rc1-1.el7.noarch.rpm && \ - mv /var/lib/selinux/targeted/active /var/lib/selinux/targeted/bkp && \ - mv /var/lib/selinux/targeted/bkp /var/lib/selinux/targeted/active && \ - rpm -ivh --nodeps *.rpm && \ - cd / && \ - rm -rf /tmp/rpm - - -COPY files/etc/luet/luet.yaml /etc/luet/luet.yaml -ENV LUET_VERSION 0.16.6 -RUN curl -sfL -o /usr/bin/luet https://github.com/mudler/luet/releases/download/${LUET_VERSION}/luet-${LUET_VERSION}-linux-${ARCH} && \ - chmod +x /usr/bin/luet - +ARG CACHEBUST RUN luet install -y \ toolchain/yip \ utils/installer \ + system/cloud-config \ system/cos-setup \ system/immutable-rootfs \ system/grub-config \ + selinux/k3s \ + selinux/rancher \ utils/k9s \ utils/nerdctl @@ -95,5 +94,7 @@ RUN mkinitrd ARG OS_NAME=RancherOS ARG OS_VERSION=999 ARG OS_GIT=dirty -ARG FINALIZE=false -RUN if [ "${FINALIZE}" = "true" ]; then OS_NAME=${OS_NAME} OS_VERSION=${OS_VERSION} OS_GIT=${OS_GIT} /usr/bin/finalize; fi +ARG OS_REPO=norepo/norepo +ARG OS_LABEL=latest +RUN envsubst >/usr/lib/os-release /etc/machine-id - else - mkdir -p /usr/local/etc - cp /etc/machine-id /usr/local/etc - fi - # ensure /var/log/journal exists so it's labeled correctly - mkdir -p /var/log/journal + mkdir -p /sysroot/var/log/journal initramfs.after: - if: '[ -z "$(blkid -L COS_SYSTEM || true)" ]' commands: diff --git a/files/system/oem/01_defaults.yaml b/files/system/oem/01_defaults.yaml deleted file mode 100644 index 9cf7832e..00000000 --- a/files/system/oem/01_defaults.yaml +++ /dev/null @@ -1,11 +0,0 @@ -name: "General settings" -stages: - initramfs: - - name: "Setup distro" - #systemd_firstboot: - #keymap: us - #locale: en_US.UTF-8 - #timezone: UTC - - name: "Remove install default" - commands: - - rm -f /usr/local/cloud-config/90_after_install.yaml diff --git a/files/system/oem/03_branding.yaml b/files/system/oem/03_branding.yaml index 1bca5c47..c86eecef 100644 --- a/files/system/oem/03_branding.yaml +++ b/files/system/oem/03_branding.yaml @@ -3,20 +3,3 @@ stages: initramfs: - name: "Branding" hostname: "rancher" - Xfiles: - - path: /etc/issue - content: | - .-----. - | .-. | - | |.| | - | `-' | - `-----' - - Welcome to \S ! - IP address \4 - Login with user: root, password: cos - Start the installer with "cos-installer " to install it in the local system - permissions: 0644 - owner: 0 - group: 0 - diff --git a/files/system/oem/04_accounting.yaml b/files/system/oem/04_accounting.yaml index 23786e6a..9265fbee 100644 --- a/files/system/oem/04_accounting.yaml +++ b/files/system/oem/04_accounting.yaml @@ -24,11 +24,6 @@ stages: primary_group: "rancher" shell: /bin/bash homedir: "/home/rancher" - #ensure_entities: - #- entity: | - # kind: "shadow" - # username: "root" - # password: "$6$g9DDJRDNRS8MEzhH$w6Cn6PNzFnUVnatwRbNoLk6etanvAbcxUzfYlQcj6y/JLGq3Yrl7wXi6SkMzp1/tEM3NheMr5fH8.92NdiaB/0" - name: "Setup sudo" files: - path: "/etc/sudoers" diff --git a/files/system/oem/05_network.yaml b/files/system/oem/05_network.yaml deleted file mode 100644 index 2a990aaf..00000000 --- a/files/system/oem/05_network.yaml +++ /dev/null @@ -1,17 +0,0 @@ -name: "Default network configuration" -stages: - initramfs: - - name: "Setup network" - dns: - path: /etc/resolv.conf - nameservers: - - 8.8.8.8 - - 1.1.1.1 - files: - - path: /etc/sysconfig/network/ifcfg-eth0 - content: | - BOOTPROTO='dhcp' - STARTMODE='onboot' - permissions: 0600 - owner: 0 - group: 0 diff --git a/files/system/oem/06_recovery.yaml b/files/system/oem/06_recovery.yaml deleted file mode 100644 index 4144735a..00000000 --- a/files/system/oem/06_recovery.yaml +++ /dev/null @@ -1,12 +0,0 @@ -name: "Recovery partition boot setup" -stages: - boot: - - name: "Recovery" - commands: - - | - source /etc/os-release - if [ -n "$(blkid -L COS_SYSTEM || true)" ]; then - echo >> /etc/issue - echo "You are booting from recovery mode. Run 'cos-reset' to reset the system to $VERSION" >> /etc/issue - echo >> /etc/issue - fi diff --git a/files/system/oem/07_cdrom_ds.yaml b/files/system/oem/07_cdrom_ds.yaml deleted file mode 100644 index 79a9c664..00000000 --- a/files/system/oem/07_cdrom_ds.yaml +++ /dev/null @@ -1,8 +0,0 @@ -name: "Cloud-init cdrom" -stages: - fs: - - name: "cdrom datasource" - datasource: - providers: - - cdrom - path: /oem diff --git a/files/system/oem/07_cloud-metadata.yaml b/files/system/oem/07_cloud-metadata.yaml new file mode 100644 index 00000000..f4738d15 --- /dev/null +++ b/files/system/oem/07_cloud-metadata.yaml @@ -0,0 +1,14 @@ +# Default cOS OEM configuration file +# +# This file is part of cOS and will get reset during upgrades. +# +# Before you change this file manually, +# consider copying this file to /usr/local/cloud-config or +# copy the file with a prefix starting by 90, e.g. /oem/91_custom.yaml +name: "Cloud providers metadata" +stages: + network: + - name: "Cloud providers datasources" + datasource: + providers: ["aws", "gcp", "cdrom"] + path: "/oem" diff --git a/files/usr/bin/finalize b/files/usr/bin/finalize deleted file mode 100755 index d5f88496..00000000 --- a/files/usr/bin/finalize +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/bash -set -e -o pipefail - -packages="openSUSE-release-appliance-docker - systemd-presets-branding-MicroOS - dracut - rpm-config-SUSE - openSUSE-release-15.3 - openSUSE-build-key" - -packages="$packages $(zypper rm --details -D -u -y zypper | grep '^[a-z]' | grep -v procps)" - -echo Removing $packages -rpm --nodeps -v -e $packages 2>&1 | grep -v LC_MESSAGES - -echo Removing zypper data -rm -rf /etc/zypp \ - /var/cache/zypp \ - /var/log/zypp \ - /var/lib/zypp - -echo Removing luet metadata -rm -rf /var/cache/luet \ - /var/luet \ - /etc/luet - -echo Removing rpm -rpm --nodeps -v -e rpm 2>&1 | grep -v LC_MESSAGES -rm -rf /usr/lib/rpm \ - /usr/lib/sysimage/rpm \ - /etc/rpm - -echo Removing extra kernel weight -rm -rf /boot/vmlinux* - -if ! command -v man >/dev/null; then - echo Removing man pages - find /usr/share/man -type f -exec rm {} \; -fi - -if [ -e /usr/lib/os-release.tmpl ]; then - echo Setting up /etc/os-release - export OS_NAME=${OS_NAME:-NoNameOS} OS_VERSION="${OS_VERSION:-0.0.0}" OS_GIT="${OS_GIT:-HEAD}" - cat /usr/lib/os-release.tmpl | envsubst > /usr/lib/os-release - rm /usr/lib/os-release.tmpl - ln -sf ../usr/lib/os-release /etc/os-release -fi - -echo Removing self -rm /usr/bin/finalize diff --git a/files/usr/bin/self-upgrade b/files/usr/bin/self-upgrade new file mode 100755 index 00000000..2bcc1406 --- /dev/null +++ b/files/usr/bin/self-upgrade @@ -0,0 +1,5 @@ +#!/bin/bash +set -e -x +source /etc/os-release +sudo cos-upgrade --no-verify --docker-image "${IMAGE}" +sudo reboot diff --git a/files/usr/bin/test-upgrade b/files/usr/bin/test-upgrade deleted file mode 100755 index 28a5040f..00000000 --- a/files/usr/bin/test-upgrade +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -set -e -x -sudo cos-upgrade --no-verify --docker-image ibuildthecloud/test -sudo reboot diff --git a/files/usr/lib/issue.d/10-rancheros.conf b/files/usr/lib/issue.d/10-rancheros.conf deleted file mode 100644 index 220c7233..00000000 --- a/files/usr/lib/issue.d/10-rancheros.conf +++ /dev/null @@ -1,2 +0,0 @@ -Welcome to \S - Kernel \r (\l). - diff --git a/files/usr/lib/issue.d/90-SUSE b/files/usr/lib/issue.d/90-SUSE new file mode 100644 index 00000000..12db49a7 --- /dev/null +++ b/files/usr/lib/issue.d/90-SUSE @@ -0,0 +1,9 @@ + , , ______ _ _____ _____TM + ,------------|'------'| | ___ \\ | | / _ / ___| + / . '-' |- | |_/ /__ _ _ __ ___| |__ ___ _ __ | | | \\ '--. + \\/| | | | // _' | '_ \\ / __| '_ \\ / _ \\ '__' | | | |'--. \\ + | .________.'----' | |\\ \\ (_| | | | | (__| | | | __/ | | \\_/ /\\__/ / + | | | | \\_| \\_\\__,_|_| |_|\\___|_| |_|\\___|_| \\___/\\____/ + \\___/ \\___/ \s \r + + RancherOS \v \n \l diff --git a/files/usr/lib/os-release.tmpl b/files/usr/lib/os-release.tmpl index 1f9ead5a..e510bd83 100644 --- a/files/usr/lib/os-release.tmpl +++ b/files/usr/lib/os-release.tmpl @@ -7,3 +7,6 @@ PRETTY_NAME="${OS_NAME} v${OS_VERSION} (${OS_GIT})" ANSI_COLOR="0;32" BUG_REPORT_URL="https://github.com/rancher/os/issues" HOME_URL="https://github.com/rancher/os" +IMAGE="${OS_REPO}:${OS_LABEL}" +IMAGE_REPO="${OS_REPO}" +IMAGE_LABEL="${OS_LABEL}" diff --git a/files/usr/lib/systemd/system/rancherd.service b/files/usr/lib/systemd/system/rancherd.service deleted file mode 100644 index 891f3a63..00000000 --- a/files/usr/lib/systemd/system/rancherd.service +++ /dev/null @@ -1,22 +0,0 @@ -[Unit] -Description=Rancher Bootstrap -Documentation=https://github.com/rancher/rancherd -Wants=network-online.target -After=network-online.target - -[Install] -WantedBy=multi-user.target - -[Service] -Type=oneshot -EnvironmentFile=-/etc/default/%N -EnvironmentFile=-/etc/sysconfig/%N -KillMode=process -# Having non-zero Limit*s causes performance problems due to accounting overhead -# in the kernel. We recommend using cgroups to do container-local accounting. -LimitNOFILE=1048576 -LimitNPROC=infinity -LimitCORE=infinity -TasksMax=infinity -TimeoutStartSec=0 -ExecStart=/usr/bin/rancherd bootstrap diff --git a/files/usr/sbin/cos-upgrade b/files/usr/sbin/cos-upgrade deleted file mode 100755 index 6ea7a98d..00000000 --- a/files/usr/sbin/cos-upgrade +++ /dev/null @@ -1,355 +0,0 @@ -#!/bin/bash -set -e - -CHANNEL_UPGRADES="${CHANNEL_UPGRADES:-true}" - -# 1. Identify active/passive partition -# 2. Install upgrade in passive partition -# 3. Invert partition labels - -find_partitions() { - STATE=$(blkid -L COS_STATE || true) - if [ -z "$STATE" ]; then - echo "State partition cannot be found" - exit 1 - fi - - PERSISTENT=$(blkid -L COS_PERSISTENT || true) - if [ -z "$PERSISTENT" ]; then - echo "Persistent partition cannot be found" - exit 1 - fi - - OEM=$(blkid -L COS_OEM || true) - if [ -z "$OEM" ]; then - echo "OEM partition cannot be found" - exit 1 - fi - - COS_ACTIVE=$(blkid -L COS_ACTIVE || true) - if [ -n "$COS_ACTIVE" ]; then - CURRENT=active.img - fi - - COS_PASSIVE=$(blkid -L COS_PASSIVE || true) - if [ -n "$COS_PASSIVE" ]; then - CURRENT=passive.img - fi - - if [ -z "$CURRENT" ]; then - # We booted from an ISO or some else medium. We assume we want to fixup the current label - read -p "Could not determine current partition. Do you want to overwrite your current active partition? (CURRENT=active.img) [y/N] : " -n 1 -r - if [[ ! $REPLY =~ ^[Yy]$ ]] - then - [[ "$0" = "$BASH_SOURCE" ]] && exit 1 || return 1 # handle exits from shell or function but don't exit interactive shell - fi - CURRENT=active.img - echo - fi - - echo "-> Upgrade target: $CURRENT" -} - -find_recovery() { - RECOVERY=$(blkid -L COS_RECOVERY || true) - if [ -z "$RECOVERY" ]; then - echo "COS_RECOVERY partition cannot be found" - exit 1 - fi -} - -# cos-upgrade-image: system/cos -find_upgrade_channel() { - if [ -e "/etc/cos-upgrade-image" ]; then - source /etc/cos-upgrade-image - fi - - if [ -n "$IMAGE" ]; then - UPGRADE_IMAGE=$IMAGE - echo "Upgrading to image $UPGRADE_IMAGE" - fi - - if [ -z "$UPGRADE_IMAGE" ]; then - UPGRADE_IMAGE="system/cos" - fi - - if [ -n "$UPGRADE_RECOVERY" ] && [ $UPGRADE_RECOVERY == true ] && [ -n "$RECOVERY_IMAGE" ]; then - UPGRADE_IMAGE=$RECOVERY_IMAGE - fi -} - -is_squashfs() { - if [ -e "${STATEDIR}/cOS/recovery.squashfs" ]; then - return 0 - else - return 1 - fi -} - -recovery_boot() { - cmdline="$(cat /proc/cmdline)" - if echo $cmdline | grep -q "COS_RECOVERY" || echo $cmdline | grep -q "COS_SYSTEM"; then - return 0 - else - return 1 - fi -} - -prepare_target() { - mkdir -p ${STATEDIR}/cOS || true - rm -rf ${STATEDIR}/cOS/transition.img || true - dd if=/dev/zero of=${STATEDIR}/cOS/transition.img bs=1M count=3240 - mkfs.ext2 ${STATEDIR}/cOS/transition.img - mount -t ext2 -o loop ${STATEDIR}/cOS/transition.img $TARGET -} - -prepare_squashfs_target() { - rm -rf $TARGET || true - TARGET=${STATEDIR}/tmp/target - mkdir -p $TARGET -} - -mount_state() { - STATEDIR=/run/initramfs/state - mkdir -p $STATEDIR - mount ${STATE} ${STATEDIR} -} - -mount_image() { - STATEDIR=/run/initramfs/isoscan - TARGET=/tmp/upgrade - - mkdir -p $TARGET || true - - if [ -d "$STATEDIR" ]; then - if recovery_boot; then - mount_state - else - mount -o remount,rw ${STATE} ${STATEDIR} - fi - else - mount_state - fi - - prepare_target -} - -mount_recovery() { - STATEDIR=/tmp/recovery - TARGET=/tmp/upgrade - - mkdir -p $TARGET || true - mkdir -p $STATEDIR || true - mount $RECOVERY $STATEDIR - if is_squashfs; then - echo "Preparing squashfs target" - prepare_squashfs_target - else - echo "Preparing image target" - prepare_target - fi -} - -mount_persistent() { - mkdir -p ${TARGET}/oem || true - mount ${OEM} ${TARGET}/oem - mkdir -p ${TARGET}/usr/local || true - mount ${PERSISTENT} ${TARGET}/usr/local -} - -upgrade() { - mount_persistent - ensure_dir_structure - - temp_upgrade=$STATEDIR/tmp/upgrade - rm -rf $temp_upgrade || true - mkdir -p $temp_upgrade - - # FIXME: XDG_RUNTIME_DIR is for containerd, by default that points to /run/user/ - # which might not be sufficient to unpack images. Use /usr/local/tmp until we get a separate partition - # for the state - # FIXME: Define default /var/tmp as tmpdir_base in default luet config file - export XDG_RUNTIME_DIR=$temp_upgrade - export TMPDIR=$temp_upgrade - - if [ -n "$CHANNEL_UPGRADES" ] && [ "$CHANNEL_UPGRADES" == true ]; then - if [ -z "$VERIFY" ]; then - args="--plugin image-mtree-check" - fi - luet install $args --system-target $TARGET --system-engine memory -y $UPGRADE_IMAGE - luet cleanup - else - if [ "$DIRECTORY" != true ]; then - args="" - if [ -z "$VERIFY" ]; then - args="--plugin image-mtree-check" - fi - rm -rf /usr/local/tmp/rootfs - luet util unpack $args $UPGRADE_IMAGE /usr/local/tmp/rootfs - rsync -axq --exclude='host' --exclude='mnt' --exclude='proc' --exclude='sys' --exclude='dev' --exclude='tmp' /usr/local/tmp/rootfs/ /tmp/upgrade - else - rsync -axq --exclude='host' --exclude='mnt' --exclude='proc' --exclude='sys' --exclude='dev' --exclude='tmp' ${UPGRADE_IMAGE}/ /tmp/upgrade - fi - rm -rf /usr/local/tmp/rootfs - fi - - SELinux_relabel - chmod 755 /tmp/upgrade - - rm -rf $temp_upgrade - umount $TARGET/oem || true - umount $TARGET/usr/local || true - umount $TARGET || true -} - -SELinux_relabel() -{ - if which setfiles > /dev/null && [ -e ${TARGET}/etc/selinux/targeted/contexts/files/file_contexts ]; then - setfiles -r ${TARGET} ${TARGET}/etc/selinux/targeted/contexts/files/file_contexts ${TARGET} - fi -} - -switch_active() { - if [[ "$CURRENT" == "active.img" ]]; then - mv -f ${STATEDIR}/cOS/$CURRENT ${STATEDIR}/cOS/passive.img - tune2fs -L COS_PASSIVE ${STATEDIR}/cOS/passive.img - fi - - mv -f ${STATEDIR}/cOS/transition.img ${STATEDIR}/cOS/active.img - tune2fs -L COS_ACTIVE ${STATEDIR}/cOS/active.img -} - -switch_recovery() { - if is_squashfs; then - mksquashfs $TARGET ${STATEDIR}/cOS/transition.squashfs -b 1024k -comp xz -Xbcj x86 - mv ${STATEDIR}/cOS/transition.squashfs ${STATEDIR}/cOS/recovery.squashfs - rm -rf $TARGET - else - mv -f ${STATEDIR}/cOS/transition.img ${STATEDIR}/cOS/recovery.img - tune2fs -L COS_SYSTEM ${STATEDIR}/cOS/recovery.img - fi -} - -ensure_dir_structure() { - mkdir ${TARGET}/proc || true - mkdir ${TARGET}/boot || true - mkdir ${TARGET}/dev || true - mkdir ${TARGET}/sys || true - mkdir ${TARGET}/tmp || true -} - -cleanup2() -{ - rm -rf /usr/local/tmp/upgrade || true - mount -o remount,ro ${STATE} ${STATEDIR} || true - if [ -n "${TARGET}" ]; then - umount ${TARGET}/boot/efi || true - umount ${TARGET}/oem || true - umount ${TARGET}/usr/local || true - umount ${TARGET}/ || true - rm -rf ${TARGET} - fi - if [ -n "$UPGRADE_RECOVERY" ] && [ $UPGRADE_RECOVERY == true ]; then - umount ${STATEDIR} || true - fi - if [ "$STATEDIR" == "/run/initramfs/state" ]; then - umount ${STATEDIR} - rm -rf $STATEDIR - fi -} - -cleanup() -{ - EXIT=$? - cleanup2 2>/dev/null || true - return $EXIT -} - -usage() -{ - echo "Usage: cos-upgrade [--no-verify] [--recovery] [--docker-image] IMAGE" - echo "" - echo "Example: cos-upgrade" - echo "" - echo "IMAGE is optional, and upgrades the system to the given specified docker image." - echo "" - echo "" - exit 1 -} - -find_upgrade_channel - -while [ "$#" -gt 0 ]; do - case $1 in - --docker-image) - CHANNEL_UPGRADES=false - ;; - --directory) - CHANNEL_UPGRADES=false - DIRECTORY=true - ;; - --recovery) - UPGRADE_RECOVERY=true - ;; - --no-verify) - VERIFY=false - ;; - -h) - usage - ;; - --help) - usage - ;; - *) - if [ "$#" -gt 2 ]; then - usage - fi - INTERACTIVE=true - UPGRADE_IMAGE=$1 - break - ;; - esac - shift 1 -done - -trap cleanup exit - -if [ -n "$UPGRADE_RECOVERY" ] && [ $UPGRADE_RECOVERY == true ]; then - echo "Upgrading recovery partition.." - - find_partitions - - find_recovery - - mount_recovery - - upgrade - - switch_recovery -else - echo "Upgrading system.." - - find_partitions - - mount_image - - upgrade - - switch_active -fi - -echo "Flush changes to disk" -sync -sync - -if [ -n "$INTERACTIVE" ] && [ $INTERACTIVE == false ]; then - if grep -q 'cos.upgrade.power_off=true' /proc/cmdline; then - poweroff -f - else - echo " * Rebooting system in 5 seconds (CTRL+C to cancel)" - sleep 5 - reboot -f - fi -else - echo "Upgrade done, now you might want to reboot" -fi diff --git a/files/usr/sbin/cos-upgrade.save b/files/usr/sbin/cos-upgrade.save deleted file mode 100755 index 5d8a3df6..00000000 --- a/files/usr/sbin/cos-upgrade.save +++ /dev/null @@ -1,295 +0,0 @@ -#!/bin/bash -set -e - -CHANNEL_UPGRADES="${CHANNEL_UPGRADES:-true}" - -# 1. Identify active/passive partition -# 2. Install upgrade in passive partition -# 3. Invert partition labels - -find_partitions() { - STATE=$(blkid -L COS_STATE || true) - if [ -z "$STATE" ]; then - echo "State partition cannot be found" - exit 1 - fi - - PERSISTENT=$(blkid -L COS_PERSISTENT || true) - if [ -z "$PERSISTENT" ]; then - echo "Persistent partition cannot be found" - exit 1 - fi - - OEM=$(blkid -L COS_OEM || true) - if [ -z "$OEM" ]; then - echo "OEM partition cannot be found" - exit 1 - fi - - COS_ACTIVE=$(blkid -L COS_ACTIVE || true) - if [ -n "$COS_ACTIVE" ]; then - CURRENT=active.img - fi - - COS_PASSIVE=$(blkid -L COS_PASSIVE || true) - if [ -n "$COS_PASSIVE" ]; then - CURRENT=passive.img - fi - - if [ -z "$CURRENT" ]; then - # We booted from an ISO or some else medium. We assume we want to fixup the current label - read -p "Could not determine current partition. Do you want to overwrite your current active partition? [y/N] : " -n 1 -r - if [[ ! $REPLY =~ ^[Yy]$ ]] - then - [[ "$0" = "$BASH_SOURCE" ]] && exit 1 || return 1 # handle exits from shell or function but don't exit interactive shell - fi - CURRENT=active.img - fi - - echo "-> Booting from: $CURRENT" -} - -find_recovery() { - RECOVERY=$(blkid -L COS_RECOVERY || true) - if [ -z "$RECOVERY" ]; then - echo "COS_RECOVERY partition cannot be found" - exit 1 - fi -} - -# cos-upgrade-image: system/cos -find_upgrade_channel() { - if [ -e "/etc/cos-upgrade-image" ]; then - source /etc/cos-upgrade-image - fi - - if [ -n "$IMAGE" ]; then - UPGRADE_IMAGE=$IMAGE - echo "Upgrading to image $UPGRADE_IMAGE" - fi - - if [ -z "$UPGRADE_IMAGE" ]; then - UPGRADE_IMAGE="system/cos" - fi -} - -prepare_target() { - mkdir -p ${STATEDIR}/cOS || true - rm -rf ${STATEDIR}/cOS/transition.img || true - dd if=/dev/zero of=${STATEDIR}/cOS/transition.img bs=1M count=3240 - mkfs.ext2 ${STATEDIR}/cOS/transition.img - mount -t ext2 -o loop ${STATEDIR}/cOS/transition.img $TARGET -} - -mount_image() { - STATEDIR=/run/initramfs/isoscan - TARGET=/tmp/upgrade - - mkdir -p $TARGET || true - mount -o remount,rw ${STATE} ${STATEDIR} - - prepare_target -} - -mount_recovery() { - STATEDIR=/tmp/recovery - TARGET=/tmp/upgrade - - mkdir -p $TARGET || true - mkdir -p $STATEDIR || true - mount $RECOVERY $STATEDIR - - prepare_target -} - -mount_persistent() { - mkdir -p ${TARGET}/oem || true - mount ${OEM} ${TARGET}/oem - mkdir -p ${TARGET}/usr/local || true - mount ${PERSISTENT} ${TARGET}/usr/local -} - -upgrade() { - mount_persistent - ensure_dir_structure - - mkdir -p /usr/local/tmp/upgrade - - # FIXME: XDG_RUNTIME_DIR is for containerd, by default that points to /run/user/ - # which might not be sufficient to unpack images. Use /usr/local/tmp until we get a separate partition - # for the state - # FIXME: Define default /var/tmp as tmpdir_base in default luet config file - export XDG_RUNTIME_DIR=/usr/local/tmp/upgrade - export TMPDIR=/usr/local/tmp/upgrade - export HOME=/tmp # Docker Content Trust data is stored in $HOME/.docker. We don't need those to persist - - if [ -n "$CHANNEL_UPGRADES" ] && [ "$CHANNEL_UPGRADES" == true ]; then - if [ -z "$VERIFY" ]; then - args="--plugin image-mtree-check" - fi - luet install $args --system-target /tmp/upgrade --system-engine memory -y $UPGRADE_IMAGE - luet cleanup - else - if [ "$DIRECTORY" != true ]; then - args="" - if [ -z "$VERIFY" ]; then - args="--verify" - fi - rm -rf /usr/local/tmp/rootfs - luet util unpack $args $UPGRADE_IMAGE /usr/local/tmp/rootfs - rsync -axq --exclude='host' --exclude='mnt' --exclude='proc' --exclude='sys' --exclude='dev' --exclude='tmp' /usr/local/tmp/rootfs/ /tmp/upgrade - else - rsync -axq --exclude='host' --exclude='mnt' --exclude='proc' --exclude='sys' --exclude='dev' --exclude='tmp' ${UPGRADE_IMAGE}/ /tmp/upgrade - fi - rm -rf /usr/local/tmp/rootfs - fi - - SELinux_relabel - chmod 755 /tmp/upgrade - - rm -rf /usr/local/tmp/upgrade - umount $TARGET/oem - umount $TARGET/usr/local - umount $TARGET -} - -SELinux_relabel() -{ - if which setfiles > /dev/null && [ -e ${TARGET}/etc/selinux/targeted/contexts/files/file_contexts ]; then - setfiles -r ${TARGET} ${TARGET}/etc/selinux/targeted/contexts/files/file_contexts ${TARGET} - fi -} - -switch_active() { - if [[ "$CURRENT" == "active.img" ]]; then - mv -f ${STATEDIR}/cOS/$CURRENT ${STATEDIR}/cOS/passive.img - tune2fs -L COS_PASSIVE ${STATEDIR}/cOS/passive.img - fi - - mv -f ${STATEDIR}/cOS/transition.img ${STATEDIR}/cOS/active.img - tune2fs -L COS_ACTIVE ${STATEDIR}/cOS/active.img -} - -switch_recovery() { - mv -f ${STATEDIR}/cOS/transition.img ${STATEDIR}/cOS/recovery.img - tune2fs -L COS_SYSTEM ${STATEDIR}/cOS/recovery.img -} - -ensure_dir_structure() { - mkdir ${TARGET}/proc || true - mkdir ${TARGET}/boot || true - mkdir ${TARGET}/dev || true - mkdir ${TARGET}/sys || true - mkdir ${TARGET}/tmp || true -} - -cleanup2() -{ - rm -rf /usr/local/tmp/upgrade || true - mount -o remount,ro ${STATE} ${STATEDIR} || true - if [ -n "${TARGET}" ]; then - umount ${TARGET}/boot/efi || true - umount ${TARGET}/oem || true - umount ${TARGET}/usr/local || true - umount ${TARGET}/ || true - fi - if [ -n "$UPGRADE_RECOVERY" ] && [ $UPGRADE_RECOVERY == true ]; then - umount ${STATEDIR} || true - fi -} - -cleanup() -{ - EXIT=$? - cleanup2 2>/dev/null || true - return $EXIT -} - -usage() -{ - echo "Usage: cos-upgrade [--verify] [--recovery] [--docker-image] IMAGE" - echo "" - echo "Example: cos-upgrade" - echo "" - echo "IMAGE is optional, and upgrades the system to the given specified docker image." - echo "" - echo "" - exit 1 -} - -find_upgrade_channel - -while [ "$#" -gt 0 ]; do - case $1 in - --docker-image) - CHANNEL_UPGRADES=false - ;; - --directory) - CHANNEL_UPGRADES=false - DIRECTORY=true - ;; - --recovery) - UPGRADE_RECOVERY=true - ;; - --no-verify) - VERIFY=false - ;; - -h) - usage - ;; - --help) - usage - ;; - *) - if [ "$#" -gt 2 ]; then - usage - fi - INTERACTIVE=true - UPGRADE_IMAGE=$1 - break - ;; - esac - shift 1 -done - -trap cleanup exit - -if [ -n "$UPGRADE_RECOVERY" ] && [ $UPGRADE_RECOVERY == true ]; then - echo "Upgrading recovery partition.." - - find_partitions - - find_recovery - - mount_recovery - - upgrade - - switch_recovery -else - echo "Upgrading system.." - - find_partitions - - mount_image - - upgrade - - switch_active -fi - -echo "Flush changes to disk" -sync -sync - -if [ -n "$INTERACTIVE" ] && [ $INTERACTIVE == false ]; then - if grep -q 'cos.upgrade.power_off=true' /proc/cmdline; then - poweroff -f - else - echo " * Rebooting system in 5 seconds (CTRL+C to cancel)" - sleep 5 - reboot -f - fi -else - echo "Upgrade done, now you might want to reboot" -fi diff --git a/tools/etc/luet/repos.conf.d/mocaccino-repository-index.yml b/tools/etc/luet/repos.conf.d/mocaccino-repository-index.yml new file mode 100644 index 00000000..74f021d6 --- /dev/null +++ b/tools/etc/luet/repos.conf.d/mocaccino-repository-index.yml @@ -0,0 +1,9 @@ +name: "mocaccino-repository-index" +description: "MocaccinoOS Repository Index" +type: "http" +enable: true +cached: true +priority: 1 +urls: +- "https://raw.githubusercontent.com/mocaccinoOS/repository-index/gh-pages" +- "https://get.mocaccino.org/mocaccino-repository-index"