From f87c220f1b07db6d24966f1bc1f65181b18a376b Mon Sep 17 00:00:00 2001 From: Olli Janatuinen Date: Thu, 2 Mar 2023 20:31:02 +0100 Subject: [PATCH] v2.0.0-beta7 - Docker 24.0.5 - Kernel 5.10.188 - System-docker 17.06.108 - System container images compresses with zstd instead of xz - Added WSL2 support - Include Hyper-V, ProxmoxVE and VMware tools to ISO - Include apparmor tools to console - Enable apparmor by default - Remove experimental selinux support - Include chroot command to initrd --- .github/workflows/add-platform-specific.yml | 44 -------------- .github/workflows/create-release.yml | 5 -- Dockerfile.dapper | 21 +++---- assets/selinux/config | 2 - assets/selinux/ros/contexts/failsafe_context | 1 - assets/selinux/ros/contexts/lxc_contexts | 3 - assets/selinux/ros/seusers | 1 - cmd/control/cli.go | 1 - cmd/control/console_init.go | 4 ++ cmd/control/selinux.go | 59 ------------------- cmd/init/init.go | 2 - .../cloudinit/Documentation/cloud-config.md | 1 - config/docker_config_test.go | 12 +--- config/schema.go | 1 - config/types.go | 1 - images/02-console/Dockerfile | 1 + os-config.tpl.yml | 1 - pkg/dfs/scratch.go | 29 ++------- pkg/init/selinux/selinux.go | 34 ----------- pkg/selinux/selinux_linux.go | 16 ----- pkg/util/cutil.go | 5 +- pkg/util/util_linux.go | 12 +++- scripts/global.cfg | 2 +- scripts/layout-initrd | 50 ++-------------- scripts/release-amd64 | 5 ++ scripts/release-azurebase | 9 --- scripts/release-hyperv | 14 ----- scripts/release-proxmoxve | 14 ----- scripts/release-vmware | 14 ----- scripts/schema.json | 1 - scripts/tar-images | 9 +-- 31 files changed, 47 insertions(+), 327 deletions(-) delete mode 100644 .github/workflows/add-platform-specific.yml delete mode 100644 assets/selinux/config delete mode 100644 assets/selinux/ros/contexts/failsafe_context delete mode 100644 assets/selinux/ros/contexts/lxc_contexts delete mode 100644 assets/selinux/ros/seusers delete mode 100644 cmd/control/selinux.go delete mode 100644 pkg/init/selinux/selinux.go delete mode 100644 pkg/selinux/selinux_linux.go delete mode 100755 scripts/release-azurebase delete mode 100755 scripts/release-hyperv delete mode 100755 scripts/release-proxmoxve delete mode 100755 scripts/release-vmware diff --git a/.github/workflows/add-platform-specific.yml b/.github/workflows/add-platform-specific.yml deleted file mode 100644 index 8626f4d8..00000000 --- a/.github/workflows/add-platform-specific.yml +++ /dev/null @@ -1,44 +0,0 @@ -name: add-platform-spefific - -on: - workflow_dispatch: - inputs: - platform: - description: 'Platform' - default: 'vmware' - required: true - -jobs: - build: - runs-on: ubuntu-20.04 - steps: - - uses: actions/checkout@v2 - with: - fetch-depth: '0' - - - name: Install github-release - run: | - sudo wget https://github.com/github-release/github-release/releases/download/v0.9.0/linux-amd64-github-release.bz2 -O /usr/local/bin/github-release.bz2 - sudo bunzip2 /usr/local/bin/github-release.bz2 - sudo chmod 0755 /usr/local/bin/github-release - - - name: Build OS - run: | - export VERSION=$(git describe --exact-match --tags $(git log -n1 --pretty='%h')) - if [ -z "$VERSION" ]; then - echo "Build is not started from tag. Will exit..." - exit 1 - fi - export ARCH=amd64 - make ${{ github.event.inputs.platform }} - - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - - name: Publish release - run: ${PWD}/dist/publish.sh - env: - GITHUB_TOKEN: ${{ secrets.OS_RELEASE_TOKEN }} diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index bc442bd3..b12bba72 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -2,11 +2,6 @@ name: release on: workflow_dispatch: - inputs: - firmware: - description: 'Include firmwares' - default: 'true' - required: true jobs: build: diff --git a/Dockerfile.dapper b/Dockerfile.dapper index e3ff318a..cc196abb 100644 --- a/Dockerfile.dapper +++ b/Dockerfile.dapper @@ -39,6 +39,7 @@ RUN echo "Acquire::http { Proxy \"$APTPROXY\"; };" >> /etc/apt/apt.conf.d/01prox wget \ xorriso \ xz-utils \ + zstd \ telnet ########## Dapper Configuration ##################### @@ -61,9 +62,7 @@ ARG OS_REPO=burmilla ARG HOSTNAME_DEFAULT=burmilla ARG DISTRIB_ID=BurmillaOS -ARG SELINUX_POLICY_URL=https://github.com/burmilla/refpolicy/releases/download/v0.0.3/policy.29 - -ARG KERNEL_VERSION=5.10.162-burmilla +ARG KERNEL_VERSION=5.10.188-burmilla ARG KERNEL_URL_amd64=https://github.com/burmilla/os-kernel/releases/download/v${KERNEL_VERSION}/linux-${KERNEL_VERSION}-x86.tar.gz ARG KERNEL_URL_arm64=https://github.com/burmilla/os-kernel/releases/download/v${KERNEL_VERSION}/linux-${KERNEL_VERSION}-arm64.tar.gz @@ -79,17 +78,17 @@ ARG OS_CONSOLE=default ARG OS_AUTOFORMAT=false ARG OS_FIRMWARE=true -ARG OS_BASE_URL_amd64=https://github.com/burmilla/os-base/releases/download/v2022.02.8-2/os-base_amd64.tar.xz -ARG OS_BASE_URL_arm64=https://github.com/burmilla/os-base/releases/download/v2022.02.8-2/os-base_arm64.tar.xz +ARG OS_BASE_URL_amd64=https://github.com/burmilla/os-base/releases/download/v2023.05-1/os-base_amd64.tar.xz +ARG OS_BASE_URL_arm64=https://github.com/burmilla/os-base/releases/download/v2023.05-1/os-base_arm64.tar.xz -ARG OS_INITRD_BASE_URL_amd64=https://github.com/burmilla/os-initrd-base/releases/download/v2022.02.8-2/os-initrd-base-amd64.tar.gz -ARG OS_INITRD_BASE_URL_arm64=https://github.com/burmilla/os-initrd-base/releases/download/v2022.02.8-2/os-initrd-base-arm64.tar.gz +ARG OS_INITRD_BASE_URL_amd64=https://github.com/burmilla/os-initrd-base/releases/download/v2023.05-1/os-initrd-base-amd64.tar.gz +ARG OS_INITRD_BASE_URL_arm64=https://github.com/burmilla/os-initrd-base/releases/download/v2023.05-1/os-initrd-base-arm64.tar.gz -ARG SYSTEM_DOCKER_VERSION=17.06.107 +ARG SYSTEM_DOCKER_VERSION=17.06.108 ARG SYSTEM_DOCKER_URL_amd64=https://github.com/burmilla/os-system-docker/releases/download/${SYSTEM_DOCKER_VERSION}/docker-amd64-${SYSTEM_DOCKER_VERSION}.tgz ARG SYSTEM_DOCKER_URL_arm64=https://github.com/burmilla/os-system-docker/releases/download/${SYSTEM_DOCKER_VERSION}/docker-arm64-${SYSTEM_DOCKER_VERSION}.tgz -ARG USER_DOCKER_VERSION=23.0.0rc3 +ARG USER_DOCKER_VERSION=24.0.5 ARG USER_DOCKER_ENGINE_VERSION=docker-${USER_DOCKER_VERSION} ARG AZURE_SERVICE=false @@ -131,7 +130,6 @@ ENV BUILD_DOCKER_URL=BUILD_DOCKER_URL_${ARCH} \ OS_AUTOFORMAT=${OS_AUTOFORMAT} \ OS_FIRMWARE=${OS_FIRMWARE} \ REPO_VERSION=master \ - SELINUX_POLICY_URL=${SELINUX_POLICY_URL} \ SYSTEM_DOCKER_URL=SYSTEM_DOCKER_URL_${ARCH} \ SYSTEM_DOCKER_URL_amd64=${SYSTEM_DOCKER_URL_amd64} \ SYSTEM_DOCKER_URL_arm64=${SYSTEM_DOCKER_URL_arm64} \ @@ -152,9 +150,6 @@ RUN echo "... Downloading ${!KERNEL_URL}"; \ curl -fL ${!KERNEL_URL} > ${DOWNLOADS}/kernel.tar.gz \ ;fi -# Download SELinux Policy -RUN curl -pfL ${SELINUX_POLICY_URL} > ${DOWNLOADS}/$(basename ${SELINUX_POLICY_URL}) - # Install Go RUN curl -L https://storage.googleapis.com/golang/go${GO_VERSION}.linux-${HOST_ARCH}.tar.gz | tar -xzf - -C /usr/local && \ go get github.com/burmilla/trash diff --git a/assets/selinux/config b/assets/selinux/config deleted file mode 100644 index 35ea6f5e..00000000 --- a/assets/selinux/config +++ /dev/null @@ -1,2 +0,0 @@ -SELINUX=permissive -SELINUXTYPE=ros diff --git a/assets/selinux/ros/contexts/failsafe_context b/assets/selinux/ros/contexts/failsafe_context deleted file mode 100644 index a50bde77..00000000 --- a/assets/selinux/ros/contexts/failsafe_context +++ /dev/null @@ -1 +0,0 @@ -unconfined_r:unconfined_t:s0 diff --git a/assets/selinux/ros/contexts/lxc_contexts b/assets/selinux/ros/contexts/lxc_contexts deleted file mode 100644 index bf3fcc1a..00000000 --- a/assets/selinux/ros/contexts/lxc_contexts +++ /dev/null @@ -1,3 +0,0 @@ -process = "system_u:system_r:svirt_lxc_net_t:s0" -content = "system_u:object_r:virt_var_lib_t:s0" -file = "system_u:object_r:svirt_lxc_file_t:s0" diff --git a/assets/selinux/ros/seusers b/assets/selinux/ros/seusers deleted file mode 100644 index 28991524..00000000 --- a/assets/selinux/ros/seusers +++ /dev/null @@ -1 +0,0 @@ -__default__:unconfined_u:s0-s0:c0.c1023 diff --git a/cmd/control/cli.go b/cmd/control/cli.go index ee5cf47f..98185b8d 100644 --- a/cmd/control/cli.go +++ b/cmd/control/cli.go @@ -136,7 +136,6 @@ func Main() { Action: userDockerAction, }, installCommand, - selinuxCommand(), } app.Run(os.Args) diff --git a/cmd/control/console_init.go b/cmd/control/console_init.go index c643540b..49a7208e 100644 --- a/cmd/control/console_init.go +++ b/cmd/control/console_init.go @@ -277,6 +277,10 @@ sudo ros service up docker-compose log.Error(err) } + if err := util.RunScript("/etc/init.d/apparmor", "start"); err != nil { + log.Error(err) + } + // Enable Bash colors enableBashRC("/root", 0, 0) enableBashRC(rancherHome, 1100, 1100) diff --git a/cmd/control/selinux.go b/cmd/control/selinux.go deleted file mode 100644 index b3aa4130..00000000 --- a/cmd/control/selinux.go +++ /dev/null @@ -1,59 +0,0 @@ -package control - -import ( - "fmt" - "syscall" - - "github.com/burmilla/os/config" - - "github.com/codegangsta/cli" -) - -func selinuxCommand() cli.Command { - app := cli.Command{} - app.Hidden = true - app.Name = "selinux" - app.Action = func(c *cli.Context) error { - argv := []string{"system-docker", "run", "-it", "--privileged", "--rm", - "--net", "host", "--pid", "host", "--ipc", "host", - "-v", "/usr/bin/docker:/usr/bin/docker.dist:ro", - "-v", "/usr/bin/ros:/usr/bin/dockerlaunch:ro", - "-v", "/usr/bin/ros:/usr/bin/system-docker:ro", - "-v", "/usr/bin/ros:/sbin/poweroff:ro", - "-v", "/usr/bin/ros:/sbin/reboot:ro", - "-v", "/usr/bin/ros:/sbin/halt:ro", - "-v", "/usr/bin/ros:/sbin/shutdown:ro", - "-v", "/usr/bin/ros:/usr/bin/respawn:ro", - "-v", "/usr/bin/ros:/usr/bin/ros:ro", - "-v", "/usr/bin/ros:/usr/bin/cloud-init:ro", - "-v", "/usr/bin/ros:/usr/sbin/netconf:ro", - "-v", "/usr/bin/ros:/usr/sbin/wait-for-network:ro", - "-v", "/usr/bin/ros:/usr/sbin/wait-for-docker:ro", - "-v", "/var/lib/docker:/var/lib/docker", - "-v", "/var/lib/rkt:/var/lib/rkt", - "-v", "/dev:/host/dev", - "-v", "/etc/docker:/etc/docker", - "-v", "/etc/hosts:/etc/hosts", - "-v", "/etc/resolv.conf:/etc/resolv.conf", - "-v", "/etc/rkt:/etc/rkt", - "-v", "/etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt.rancher", - "-v", "/lib/firmware:/lib/firmware", - "-v", "/lib/modules:/lib/modules", - "-v", "/run:/run", - "-v", "/usr/share/ros:/usr/share/ros", - "-v", "/var/lib/rancher/conf:/var/lib/rancher/conf", - "-v", "/var/lib/rancher:/var/lib/rancher", - "-v", "/var/log:/var/log", - "-v", "/var/run:/var/run", - "-v", "/home:/home", - "-v", "/opt:/opt", - "-v", "/etc/selinux:/etc/selinux", - "-v", "/var/lib/selinux:/var/lib/selinux", - "-v", "/usr/share/selinux:/usr/share/selinux", - fmt.Sprintf("%s/os-selinuxtools:%s%s", config.OsRepo, config.Version, config.Suffix), "bash"} - syscall.Exec("/bin/system-docker", argv, []string{}) - return nil - } - - return app -} diff --git a/cmd/init/init.go b/cmd/init/init.go index 9a649dbf..e893781f 100644 --- a/cmd/init/init.go +++ b/cmd/init/init.go @@ -20,7 +20,6 @@ import ( "github.com/burmilla/os/pkg/init/one" "github.com/burmilla/os/pkg/init/prepare" "github.com/burmilla/os/pkg/init/recovery" - "github.com/burmilla/os/pkg/init/selinux" "github.com/burmilla/os/pkg/init/sharedroot" "github.com/burmilla/os/pkg/init/switchroot" "github.com/burmilla/os/pkg/log" @@ -64,7 +63,6 @@ func RunInit() error { {Name: "preparefs2", Func: prepare.FS}, {Name: "load modules2", Func: modules.LoadModules}, {Name: "set proxy env", Func: env.Proxy}, - {Name: "init SELinux", Func: selinux.Initialize}, {Name: "setupSharedRoot", Func: sharedroot.Setup}, {Name: "sysinit", Func: sysinit.RunSysInit}, } diff --git a/config/cloudinit/Documentation/cloud-config.md b/config/cloudinit/Documentation/cloud-config.md index ecb3be0c..651bd135 100644 --- a/config/cloudinit/Documentation/cloud-config.md +++ b/config/cloudinit/Documentation/cloud-config.md @@ -387,7 +387,6 @@ The following fields are not yet implemented: - **inactive**: Deactivate the user upon creation - **lock-passwd**: Boolean. Disable password login for user - **sudo**: Entry to add to /etc/sudoers for user. By default, no sudo access is authorized. -- **selinux-user**: Corresponding SELinux user - **ssh-import-id**: Import SSH keys by ID from Launchpad. ```yaml diff --git a/config/docker_config_test.go b/config/docker_config_test.go index 750c57e4..c646b8e3 100644 --- a/config/docker_config_test.go +++ b/config/docker_config_test.go @@ -37,13 +37,6 @@ func TestGenerateEngineOptsString(t *testing.T) { Bridge: "bridge", })), "--bridge bridge") - testContains(t, fmt.Sprint(generateEngineOptsSlice(EngineOpts{ - SelinuxEnabled: &[]bool{true}[0], - })), "--selinux-enabled") - testContains(t, fmt.Sprint(generateEngineOptsSlice(EngineOpts{ - SelinuxEnabled: &[]bool{false}[0], - })), "--selinux-enabled=false") - testContains(t, fmt.Sprint(generateEngineOptsSlice(EngineOpts{ Host: []string{ "unix:///var/run/system-docker.sock", @@ -59,11 +52,10 @@ func TestGenerateEngineOptsString(t *testing.T) { })), "--log-opt max-size=25m", "--log-opt max-file=2") testContains(t, fmt.Sprint(generateEngineOptsSlice(EngineOpts{ - Bridge: "bridge", - SelinuxEnabled: &[]bool{true}[0], + Bridge: "bridge", LogOpts: map[string]string{ "max-size": "25m", "max-file": "2", }, - })), "--bridge bridge", "--selinux-enabled", "--log-opt max-size=25m", "--log-opt max-file=2") + })), "--bridge bridge", "--log-opt max-size=25m", "--log-opt max-file=2") } diff --git a/config/schema.go b/config/schema.go index d736d00f..6f682ee1 100644 --- a/config/schema.go +++ b/config/schema.go @@ -140,7 +140,6 @@ var schema = `{ "pid_file": {"type": "string"}, "registry_mirror": {"type": "string"}, "restart": {"type": ["boolean", "null"]}, - "selinux_enabled": {"type": ["boolean", "null"]}, "storage_driver": {"type": "string"}, "userland_proxy": {"type": ["boolean", "null"]}, "userns_enabled": {"type": ["boolean", "null"]}, diff --git a/config/types.go b/config/types.go index 2cde3bcd..53851dfd 100644 --- a/config/types.go +++ b/config/types.go @@ -180,7 +180,6 @@ type EngineOpts struct { PidFile string `yaml:"pid_file,omitempty" opt:"pidfile"` RegistryMirror string `yaml:"registry_mirror,omitempty" opt:"registry-mirror"` Restart *bool `yaml:"restart,omitempty" opt:"restart"` - SelinuxEnabled *bool `yaml:"selinux_enabled,omitempty" opt:"selinux-enabled"` StorageDriver string `yaml:"storage_driver,omitempty" opt:"storage-driver"` UserlandProxy *bool `yaml:"userland_proxy,omitempty" opt:"userland-proxy"` } diff --git a/images/02-console/Dockerfile b/images/02-console/Dockerfile index 4a666258..42de1da1 100644 --- a/images/02-console/Dockerfile +++ b/images/02-console/Dockerfile @@ -8,6 +8,7 @@ RUN apt-get update \ sudo less curl ca-certificates psmisc htop kmod iproute2 \ net-tools bash-completion wget \ nano open-iscsi iputils-ping nvi \ + apparmor \ && update-alternatives --set iptables /usr/sbin/iptables-legacy \ && update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy \ && rm -rf /var/lib/apt/lists/* \ diff --git a/os-config.tpl.yml b/os-config.tpl.yml index 5ef4c6f4..1b775986 100644 --- a/os-config.tpl.yml +++ b/os-config.tpl.yml @@ -141,7 +141,6 @@ rancher: - /etc/logrotate.d:/etc/logrotate.d - /etc/resolv.conf:/etc/resolv.conf - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt.rancher - - /etc/selinux:/etc/selinux - /lib/firmware:/lib/firmware - /lib/modules:/lib/modules - /run:/run diff --git a/pkg/dfs/scratch.go b/pkg/dfs/scratch.go index eaed4eb3..1e3c1723 100644 --- a/pkg/dfs/scratch.go +++ b/pkg/dfs/scratch.go @@ -15,7 +15,6 @@ import ( "github.com/burmilla/os/pkg/init/one" "github.com/burmilla/os/pkg/log" "github.com/burmilla/os/pkg/netconf" - "github.com/burmilla/os/pkg/selinux" "github.com/burmilla/os/pkg/util" "github.com/docker/libnetwork/resolvconf" @@ -38,9 +37,7 @@ var ( {"none", "/run", "tmpfs", ""}, {"none", "/sys", "sysfs", ""}, {"none", "/sys/fs/cgroup", "tmpfs", ""}, - } - optionalMounts = [][]string{ - {"none", "/sys/fs/selinux", "selinuxfs", "ro"}, + {"debugfs", "/sys/kernel/debug", "debugfs", ""}, } ) @@ -73,16 +70,6 @@ func createMounts(mounts ...[]string) error { return nil } -func createOptionalMounts(mounts ...[]string) { - for _, mount := range mounts { - log.Debugf("Mounting %s %s %s %s", mount[0], mount[1], mount[2], mount[3]) - err := util.Mount(mount[0], mount[1], mount[2], mount[3]) - if err != nil { - log.Debugf("Unable to mount %s %s %s %s: %v", mount[0], mount[1], mount[2], mount[3], err) - } - } -} - func createDirs(dirs ...string) error { for _, dir := range dirs { if _, err := os.Stat(dir); os.IsNotExist(err) { @@ -448,10 +435,10 @@ func PrepareFs(config *Config) error { return err } - createOptionalMounts(optionalMounts...) - - if err := mountCgroups(config.CgroupHierarchy); err != nil { - return err + if util.GetHypervisor() != "wsl2" { + if err := mountCgroups(config.CgroupHierarchy); err != nil { + return err + } } if err := createLayout(config); err != nil { @@ -547,8 +534,6 @@ func createLayout(config *Config) error { cleanupFiles(graphDirectory) - selinux.SetFileContext(graphDirectory, "system_u:object_r:var_lib_t:s0") - symlinks := [][]string{ {"usr/lib", "/lib"}, {"usr/sbin", "/sbin"}, @@ -579,10 +564,6 @@ func firstPrepare() error { if err := defaultFolders( "/etc/docker", - "/etc/selinux", - "/etc/selinux/ros", - "/etc/selinux/ros/policy", - "/etc/selinux/ros/contexts", ); err != nil { return err } diff --git a/pkg/init/selinux/selinux.go b/pkg/init/selinux/selinux.go deleted file mode 100644 index 7ea48faf..00000000 --- a/pkg/init/selinux/selinux.go +++ /dev/null @@ -1,34 +0,0 @@ -//go:build linux -// +build linux - -package selinux - -import ( - "io/ioutil" - - "github.com/burmilla/os/config" - "github.com/burmilla/os/pkg/log" - "github.com/burmilla/os/pkg/selinux" -) - -func Initialize(c *config.CloudConfig) (*config.CloudConfig, error) { - ret, _ := selinux.InitializeSelinux() - - if ret != 0 { - log.Debug("Unable to initialize SELinux") - return c, nil - } - - // Set allow_execstack boolean to true - if err := ioutil.WriteFile("/sys/fs/selinux/booleans/allow_execstack", []byte("1"), 0644); err != nil { - log.Debug(err) - return c, nil - } - - if err := ioutil.WriteFile("/sys/fs/selinux/commit_pending_bools", []byte("1"), 0644); err != nil { - log.Debug(err) - return c, nil - } - - return c, nil -} diff --git a/pkg/selinux/selinux_linux.go b/pkg/selinux/selinux_linux.go deleted file mode 100644 index c1550e6e..00000000 --- a/pkg/selinux/selinux_linux.go +++ /dev/null @@ -1,16 +0,0 @@ -package selinux - -// #cgo pkg-config: libselinux libsepol -// #include -import "C" - -func InitializeSelinux() (int, error) { - enforce := C.int(0) - ret, err := C.selinux_init_load_policy(&enforce) - return int(ret), err -} - -func SetFileContext(path string, context string) (int, error) { - ret, err := C.setfilecon(C.CString(path), C.CString(context)) - return int(ret), err -} diff --git a/pkg/util/cutil.go b/pkg/util/cutil.go index 72175835..8857f622 100644 --- a/pkg/util/cutil.go +++ b/pkg/util/cutil.go @@ -8,12 +8,13 @@ package util #include #include #include +#cgo pkg-config: libselinux libsepol +#include */ import "C" -import "unsafe" - import ( "errors" + "unsafe" ) // ResolveDevice this isn't reliable - blkid -L LABEL works more often :( diff --git a/pkg/util/util_linux.go b/pkg/util/util_linux.go index 9703c111..a71041ec 100644 --- a/pkg/util/util_linux.go +++ b/pkg/util/util_linux.go @@ -144,5 +144,15 @@ func BlkidType(deviceType string) (deviceNames []string, err error) { // GetHypervisor tries to detect if we're running in a VM, and returns a string for its type func GetHypervisor() string { - return cpuid.CPU.HypervisorName + hv := cpuid.CPU.HypervisorName + if hv == "hyperv" { + data, err := os.ReadFile("/proc/sys/kernel/osrelease") + if err != nil { + return hv + } + if strings.Contains(string(data), "microsoft-standard-WSL2") { + hv = "wsl2" + } + } + return hv } diff --git a/scripts/global.cfg b/scripts/global.cfg index 3548584e..da62d62e 100755 --- a/scripts/global.cfg +++ b/scripts/global.cfg @@ -1 +1 @@ -APPEND rancher.autologin=tty1 rancher.autologin=ttyS0 rancher.autologin=ttyS1 console=tty1 console=ttyS0 console=ttyS1 printk.devkmsg=on transparent_hugepage=never scsi_mod.use_blk_mq=1 ${APPEND} +APPEND rancher.autologin=tty1 rancher.autologin=ttyS0 rancher.autologin=ttyS1 console=tty1 console=ttyS0 console=ttyS1 printk.devkmsg=on transparent_hugepage=never scsi_mod.use_blk_mq=1 apparmor=1 security=apparmor ${APPEND} diff --git a/scripts/layout-initrd b/scripts/layout-initrd index 6071ea1f..03f15995 100755 --- a/scripts/layout-initrd +++ b/scripts/layout-initrd @@ -1,6 +1,7 @@ #!/bin/bash function cache_services() { + echo "Caching service: $1" local SERVICE_YMLFILE=$1 local SERVICE_URL=${OS_SERVICES_REPO}/${REPO_VERSION} @@ -22,10 +23,11 @@ mkdir -p ${INITRD_DIR}/usr/{etc,lib,bin,share/ros} ./scripts/template -cp -rf assets/selinux ${INITRD_DIR}/usr/etc cp build/images*.tar ${INITRD_DIR}/usr/share/ros/ cp bin/ros ${INITRD_DIR}/usr/bin/ ln -s usr/bin/ros ${INITRD_DIR}/init +# cp ${INITRD_DIR}/usr/bin/sh ${INITRD_DIR}/usr/bin +ln -s ros ${INITRD_DIR}/usr/bin/init ln -s bin ${INITRD_DIR}/usr/sbin ln -s usr/sbin ${INITRD_DIR}/sbin @@ -49,44 +51,9 @@ BUILD_ID= HERE # cache os-services yml file -for file in $(find . -type f -name ".make-*"); do - f_file=$(basename ${file}) - case $f_file in - ".make-vmware") - cache_services "o/open-vm-tools.yml" - ;; - ".make-4glte") - cache_services "m/modem-manager.yml" - ;; - ".make-hyperv") - cache_services "h/hyperv-vm-tools.yml" - ;; - ".make-azurebase") - cache_services "h/hyperv-vm-tools.yml" - cache_services "w/waagent.yml" - ;; - ".make-proxmoxve") - cache_services "q/qemu-guest-agent.yml" - ;; - esac -done -case ${OS_CONSOLE} in - "alpine") - cache_services "a/alpine.yml" - ;; - "centos") - cache_services "c/centos.yml" - ;; - "debian") - cache_services "d/debian.yml" - ;; - "fedora") - cache_services "f/fedora.yml" - ;; - "ubuntu") - cache_services "u/ubuntu.yml" - ;; -esac +cache_services "h/hyperv-vm-tools.yml" +cache_services "o/open-vm-tools.yml" +cache_services "q/qemu-guest-agent.yml" pushd ${INITRD_DIR}/usr/etc ln -s ../share/ros/os-release . @@ -97,11 +64,6 @@ touch ${INITRD_DIR}/usr/bin/docker-containerd touch ${INITRD_DIR}/usr/bin/docker-containerd-shim touch ${INITRD_DIR}/usr/bin/docker -if [ -e ${DOWNLOADS}/policy.29 ]; then - mkdir -p ${INITRD_DIR}/usr/etc/selinux/ros/policy/ - cp ${DOWNLOADS}/policy.29 ${INITRD_DIR}/usr/etc/selinux/ros/policy/ -fi - # make burmilla/os-initrd image cat < ${INITRD_DIR}/../Dockerfile.initrd FROM scratch diff --git a/scripts/release-amd64 b/scripts/release-amd64 index 20cdac77..58516a49 100755 --- a/scripts/release-amd64 +++ b/scripts/release-amd64 @@ -3,6 +3,11 @@ set -ex cd $(dirname $0)/.. +# touch .make-azurebase +touch .make-hyperv +touch .make-proxmoxve +touch .make-vmware + source ./scripts/version ./scripts/release-build diff --git a/scripts/release-azurebase b/scripts/release-azurebase deleted file mode 100755 index b10ace10..00000000 --- a/scripts/release-azurebase +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash -set -ex - -cd $(dirname $0)/.. - -touch .make-azurebase - -source ./scripts/version -./scripts/release-build diff --git a/scripts/release-hyperv b/scripts/release-hyperv deleted file mode 100755 index 6987ec2d..00000000 --- a/scripts/release-hyperv +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash -set -ex - -cd $(dirname $0)/.. - -touch .make-hyperv - -source ./scripts/version -./scripts/release-build - -touch dist/publish.sh -chmod 755 dist/publish.sh - -echo "github-release upload --user burmilla --repo os --tag ${VERSION} --file dist/artifacts/burmillaos.iso --name burmillaos-${VERSION}-hyperv.iso" > dist/publish.sh diff --git a/scripts/release-proxmoxve b/scripts/release-proxmoxve deleted file mode 100755 index 9dc976a7..00000000 --- a/scripts/release-proxmoxve +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash -set -ex - -cd $(dirname $0)/.. - -touch .make-proxmoxve - -source ./scripts/version -./scripts/release-build - -touch dist/publish.sh -chmod 755 dist/publish.sh - -echo "github-release upload --user burmilla --repo os --tag ${VERSION} --file dist/artifacts/burmillaos.iso --name burmillaos-${VERSION}-proxmoxve.iso" > dist/publish.sh diff --git a/scripts/release-vmware b/scripts/release-vmware deleted file mode 100755 index 6c27576c..00000000 --- a/scripts/release-vmware +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash -set -ex - -cd $(dirname $0)/.. - -touch .make-vmware - -source ./scripts/version -./scripts/release-build - -touch dist/publish.sh -chmod 755 dist/publish.sh - -echo "github-release upload --user burmilla --repo os --tag ${VERSION} --file dist/artifacts/burmillaos.iso --name burmillaos-${VERSION}-vmware.iso" >> dist/publish.sh diff --git a/scripts/schema.json b/scripts/schema.json index 8b561611..05557524 100644 --- a/scripts/schema.json +++ b/scripts/schema.json @@ -133,7 +133,6 @@ "pid_file": {"type": "string"}, "registry_mirror": {"type": "string"}, "restart": {"type": ["boolean", "null"]}, - "selinux_enabled": {"type": ["boolean", "null"]}, "storage_driver": {"type": "string"}, "userland_proxy": {"type": ["boolean", "null"]}, "userns_enabled": {"type": ["boolean", "null"]}, diff --git a/scripts/tar-images b/scripts/tar-images index 4a0cc282..9cc552a7 100755 --- a/scripts/tar-images +++ b/scripts/tar-images @@ -44,14 +44,7 @@ echo "tar-image: SYSTEM_IMAGES=$SYSTEM_IMAGES" echo "tar-image: INIT_IMAGES=$INIT_IMAGES" echo "tar-image: USER_IMAGES=$USER_IMAGES" -if [ "$COMPRESS" == "" ]; then - ARCHIVE_CMD="gzip" -else - # system-docker can not load images which compressed by xz with a compression level of 9 - # decompression consumes more memory if using level 9 - # the default compression level for xz is 6 - ARCHIVE_CMD="xz -4 -e" -fi +ARCHIVE_CMD="zstd -19 -c" docker save ${INIT_IMAGES} | ${ARCHIVE_CMD} > ${INIT_IMAGES_DST} docker save ${SYSTEM_IMAGES} | ${ARCHIVE_CMD} > ${SYSTEM_IMAGES_DST}