Introduce custom alpine initrd (#253)

* protect against no arch

Signed-off-by: Itxaka <itxaka.garcia@spectrocloud.com>

* alpine custom initrd package

Introduces the alpine initrd with some modifications to fall in line
with immucore

Signed-off-by: Itxaka <itxaka.garcia@spectrocloud.com>

---------

Signed-off-by: Itxaka <itxaka.garcia@spectrocloud.com>

packages/initrd-alpine/build.yaml

@@ -0,0 +1,27 @@
+image: alpine
+
+copy:
+  - package:
+      category: "system"
+      name: "immucore"
+      version: ">=0"
+    source: "/usr/bin/immucore"
+    destination: "/usr/bin/immucore"
+  - package:
+      category: "system"
+      name: "kairos-agent"
+      version: ">=0"
+    source: "/usr/bin/kairos-agent"
+    destination: "/usr/bin/kairos-agent"
+
+prelude:
+- apk add linux-lts mkinitfs linux-firmware-none udev lvm2 findmnt rsync parted
+- rm /boot/initramfs-lts
+
+steps:
+- /usr/bin/immucore version
+- cp files/immucore.files /etc/mkinitfs/features.d/immucore.files
+- kernel=$(ls /lib/modules | head -n1) && mkinitfs -o /boot/initrd -i files/initramfs-init -c files/mkinitfs.conf $kernel
+
+include:
+  - ^/boot/initrd$

packages/initrd-alpine/collection.yaml

@@ -0,0 +1,4 @@
+packages:
+- name: "alpine"
+  category: "distro-initrd"
+  version: "0.1.0"

packages/initrd-alpine/files/immucore.files

@@ -0,0 +1,12 @@
+/usr/bin/immucore
+/usr/bin/kairos-agent
+/sbin/lvm
+/bin/findmnt
+/bin/udevadm
+/sbin/udevadm
+/sbin/udevd
+/etc/udev/*
+/lib/udev/*
+/usr/lib/libudev*
+/usr/bin/rsync
+/usr/sbin/parted

packages/initrd-alpine/files/initramfs-init

@@ -0,0 +1,381 @@
+#!/bin/sh
+
+VERSION=3.8.0-kairos1
+INIT=/sbin/init
+sysroot="$ROOT"/sysroot
+
+# some helpers
+ebegin() {
+	last_emsg="$*"
+	echo "$last_emsg..." > "$ROOT"/dev/kmsg
+	echo -n " * $last_emsg: "
+}
+eend() {
+	if [ "$1" = 0 ] || [ $# -lt 1 ] ; then
+		echo "$last_emsg: ok." > "$ROOT"/dev/kmsg
+		echo "ok."
+	else
+		shift
+		echo "$last_emsg: failed. $*" > "$ROOT"/dev/kmsg
+		echo "failed. $*"
+		echo "initramfs emergency recovery shell launched. Type 'exit' to continue boot"
+		/bin/busybox sh
+	fi
+}
+
+# find mount dir and mount opts for given device in an fstab
+get_fstab_mount_info() {
+	local search_dev="$1"
+	local fstab="$2"
+	local mntopts=
+	case "$search_dev" in
+	UUID*|LABEL*) search_dev=$(findfs "$search_dev");;
+	esac
+	[ -r "$fstab" ] || return 1
+	local search_maj_min=$(stat -L -c '%t,%T' $search_dev)
+	while read dev mnt fs mntopts chk; do
+		case "$dev" in
+		UUID*|LABEL*) dev=$(findfs "$dev");;
+		esac
+		if [ -b "$dev" ] || [ -n "$ROOT" ]; then
+			local maj_min=$(stat -L -c '%t,%T' $dev)
+			if [ "$maj_min" = "$search_maj_min" ]; then
+				echo "$mnt $mntopts"
+				return
+			fi
+		fi
+	done < $fstab
+}
+
+#  add a boot service to $sysroot
+rc_add() {
+	mkdir -p $sysroot/etc/runlevels/$2
+	ln -sf /etc/files.d/$1 $sysroot/etc/runlevels/$2/$1
+}
+
+# Recursively resolve tty aliases like console or tty0
+list_console_devices() {
+	if ! [ -e "$ROOT"/sys/class/tty/$1/active ]; then
+		echo $1
+		return
+	fi
+
+	for dev in $(cat "$ROOT"/sys/class/tty/$1/active); do
+		list_console_devices $dev
+	done
+}
+
+detect_serial_console() {
+	local n=$(awk '$7 ~ /CTS/ || $7 ~ /DSR/ { print $1 }' "$ROOT"/proc/tty/driver/serial 2>/dev/null)
+	if [ -n "$n" ]; then
+		echo ttyS${n%:}
+	fi
+}
+
+setup_inittab_console() {
+	term=vt100
+	# Inquire the kernel for list of console= devices
+	consoles="$(for c in console $(detect_serial_console); do list_console_devices $c; done)"
+	for tty in $consoles; do
+		# ignore tty devices that gives I/O error
+		if ! stty -g -F /dev/$tty >/dev/null 2>/dev/null; then
+			continue
+		fi
+		# do nothing if inittab already have the tty set up
+		if ! grep -q "^$tty:" $sysroot/etc/inittab 2>/dev/null; then
+			echo "# enable login on alternative console" \
+				>> $sysroot/etc/inittab
+			# Baudrate of 0 keeps settings from kernel
+			echo "$tty::respawn:/sbin/getty -L 0 $tty $term" \
+				>> $sysroot/etc/inittab
+		fi
+		if [ -e "$sysroot"/etc/securetty ] && ! grep -q -w "$tty" "$sysroot"/etc/securetty; then
+			echo "$tty" >> "$sysroot"/etc/securetty
+		fi
+	done
+}
+
+# relocate mountpoint according given fstab and set mount options
+remount_fstab_entry() {
+	local fstab="${1}"
+	local dir=
+	if ! [ -e "$repofile" ]; then
+		return
+	fi
+	cat - "$repofile" | while read dir; do
+		# skip http(s)/ftp repos for netboot
+		if [ -z "$dir" ] || ! [ -d "$ROOT/$dir" -o -f "$ROOT/$dir" ]; then
+			continue
+		fi
+		local dev=$(df -P "$dir" | tail -1 | awk '{print $1}')
+		local mntinfo="$(get_fstab_mount_info "$dev" "$fstab")"
+		local mnt="${mntinfo% *}"
+		local mntopts="${mntinfo#* }"
+		if [ -n "$mnt" ]; then
+			local oldmnt=$(awk -v d=$ROOT$dev '$1==d {print $2}' "$ROOT"/proc/mounts 2>/dev/null)
+			if [ "$oldmnt" != "$mnt" ]; then
+				mkdir -p "$mnt"
+				$MOCK mount -o move "$oldmnt" "$mnt"
+			fi
+			if [ -n "$mntopts" ]; then
+				$MOCK mount -o remount,"$mntopts" "$mnt"
+			fi
+		fi
+	done
+}
+rtc_exists() {
+	local rtc=
+	for rtc in /dev/rtc /dev/rtc[0-9]*; do
+		[ -e "$rtc" ] && break
+	done
+	[ -e "$rtc" ]
+}
+
+# This is used to predict if network access will be necessary
+is_url() {
+	case "$1" in
+	http://*|https://*|ftp://*)
+		return 0;;
+	*)
+		return 1;;
+	esac
+}
+
+# support for eudev. see /etc/init.d/udev*
+eudev_start()
+{
+  ebegin "Start udev"
+	if [ -e /proc/sys/kernel/hotplug ]; then
+		echo "" >/proc/sys/kernel/hotplug
+	fi
+
+	udevd -d
+
+	# store persistent-rules that got created while booting
+	# when / was still read-only
+	# create /etc/udev/rules.d
+	[ -d /etc/udev/rules.d ] || mkdir -p /etc/udev/rules.d
+
+	local file dest
+	for file in /run/udev/tmp-rules--*; do
+		dest=${file##*tmp-rules--}
+		[ "$dest" = '*' ] && break
+		type=${dest##70-persistent-}
+		type=${type%%.rules}
+		cat "$file" >> /etc/udev/rules.d/"$dest" && rm -f "$file"
+	done
+
+	# Populating /dev with existing devices through uevents
+	udevadm trigger --type=subsystems --action=add
+	udevadm trigger --type=devices --action=add
+	eend $?
+}
+
+
+/bin/busybox mkdir -p "$ROOT"/usr/bin \
+	"$ROOT"/usr/sbin \
+	"$ROOT"/proc \
+	"$ROOT"/sys \
+	"$ROOT"/dev \
+	"$sysroot" \
+	"$ROOT"/media/cdrom \
+	"$ROOT"/media/usb \
+	"$ROOT"/tmp \
+	"$ROOT"/etc \
+	"$ROOT"/run/cryptsetup
+
+# Spread out busybox symlinks and make them available without full path
+/bin/busybox --install -s
+export PATH="$PATH:/usr/bin:/bin:/usr/sbin:/sbin"
+
+
+
+$MOCK mount -t sysfs -o noexec,nosuid,nodev sysfs /sys
+$MOCK mount -t devtmpfs -o exec,nosuid,mode=0755,size=2M devtmpfs /dev 2>/dev/null \
+	|| $MOCK mount -t tmpfs -o exec,nosuid,mode=0755,size=2M tmpfs /dev
+
+# Make sure /dev/null is a device node. If /dev/null does not exist yet, the command
+# mounting the devtmpfs will create it implicitly as an file with the "2>" redirection.
+# The -c check is required to deal with initramfs with pre-seeded device nodes without
+# error message.
+[ -c /dev/null ] || mknod -m 666 /dev/null c 1 3
+
+# Make sure /dev/kmsg is a device node. Writing to /dev/kmsg allows the use of the
+# earlyprintk kernel option to monitor early files progress. As above, the -c check
+# prevents an error if the device node has already been seeded.
+[ -c /dev/kmsg ] || mknod -m 660 /dev/kmsg c 1 11
+
+$MOCK mount -t proc -o noexec,nosuid,nodev proc /proc
+# pty device nodes (later system will need it)
+[ -c /dev/ptmx ] || mknod -m 666 /dev/ptmx c 5 2
+[ -d /dev/pts ] || mkdir -m 755 /dev/pts
+$MOCK mount -t devpts -o gid=5,mode=0620,noexec,nosuid devpts /dev/pts
+
+# shared memory area (later system will need it)
+[ -d /dev/shm ] || mkdir /dev/shm
+$MOCK mount -t tmpfs -o nodev,nosuid,noexec shm /dev/shm
+
+# mount run
+$MOCK mount -t tmpfs -o nodev,nosuid,noexec,rw tmpfs /run
+
+echo "Alpine Init $VERSION" > "$ROOT"/dev/kmsg
+echo "Alpine Init $VERSION"
+
+# pick first keymap if found
+for map in "$ROOT"/etc/keymap/*; do
+	if [ -f "$map" ]; then
+		ebegin "Setting keymap ${map##*/}"
+		zcat "$map" | loadkmap
+		eend
+		break
+	fi
+done
+
+# hide kernel messages
+dmesg -n 1
+
+# load available drivers to get access to modloop media
+ebegin "Loading boot drivers"
+$MOCK modprobe -a ahci virtio_blk virtio_net virtio_console virtio_pci nvme overlay usb_storage libata cdrom sr_mod iso9660 loop squashfs simpledrm unix 2> /dev/null
+eend $?
+
+# persistent device names from eudev in order for immucore to mount stuff
+[ -x "/sbin/udevadm" ] && eudev_start
+
+# Path for booting from livecd/netboot/rd.{cos,immucore}.disable
+if grep -q cdroot /proc/cmdline || grep -q netboot /proc/cmdline || grep -q "rd.immucore.disable" /proc/cmdline || grep -q "rd.cos.disable" /proc/cmdline;then
+  ebegin "Mounting LiveCD"
+  $MOCK sync
+  # Create mountpoints
+  mkdir -p /media/root-ro /media/root-rw /run/rootfsbase $sysroot/media/root-ro $sysroot/media/root-rw $sysroot/run/rootfsbase
+  # Mount read-only livecd
+  $MOCK mount /dev/sr0 /media/root-ro
+  $MOCK sync
+  # Mount squashfs into loop device
+  losetup /dev/loop0 /media/root-ro/rootfs.squashfs
+  $MOCK sync
+  # Mount loop device into the rootfsbase
+  $MOCK mount /dev/loop0 /run/rootfsbase
+  $MOCK sync
+  # Mount writable overlay tmpfs
+  $MOCK mount -t tmpfs -o "mode=0755,rw,size=25%" root-tmpfs /media/root-rw
+  $MOCK sync
+  # Create additional mountpoints and do the overlay mount
+  mkdir -p /media/root-rw/work /media/root-rw/root
+  $MOCK mount -t overlay -o lowerdir=/run/rootfsbase,upperdir=/media/root-rw/root,workdir=/media/root-rw/work overlayfs $sysroot
+  $MOCK sync
+	eend
+	$MOCK sync
+	# immucore to run the initramfs and rootfs stages
+	ebegin "Immucore"
+	immucore
+	eend $?
+	# Move current mounts into sysroot mounts
+  # shellcheck disable=SC2002
+  cat "$ROOT"/proc/mounts 2>/dev/null | while read DEV DIR TYPE OPTS ; do
+    # shellcheck disable=SC2166
+    if [ "$DIR" != "/" -a "$DIR" != "$sysroot" -a -d "$DIR" ]; then
+      ebegin "Moving $DIR to $sysroot/$DIR"
+      mkdir -p $sysroot/$DIR
+      $MOCK mount -o move $DIR $sysroot/$DIR
+      eend $?
+    fi
+  done
+	# shellcheck disable=SC2093
+	exec switch_root "$sysroot" "$INIT"
+	echo "initramfs emergency recovery shell launched"
+	exec /bin/busybox sh
+fi
+
+
+# Path for booting active/passive/recovery
+ebegin "Immucore"
+immucore
+eend $?
+
+# by now the system should be mounted in /sysroot
+if [ -f "$sysroot/etc/.default_boot_services" ]; then
+	# add some boot services by default
+	ebegin "Adding default boot services"
+	rc_add devfs sysinit
+	rc_add dmesg sysinit
+	rc_add mdev sysinit
+	rc_add hwdrivers sysinit
+	rc_add modloop sysinit
+	rc_add sshd default
+	rc_add udev sysinit
+
+	rc_add modules boot
+	rc_add sysctl boot
+	rc_add hostname boot
+	rc_add bootmisc boot
+	rc_add syslog boot
+
+	rc_add mount-ro shutdown
+	rc_add killprocs shutdown
+	rc_add savecache shutdown
+	rc_add firstboot default
+
+
+	rm -f "$sysroot/etc/.default_boot_services"
+	eend
+fi
+
+
+# copy keys so apk finds them. apk looks for stuff relative --root
+mkdir -p $sysroot/etc/apk/keys/
+cp -a /etc/apk/keys $sysroot/etc/apk
+
+
+# silently fix apk arch in case the apkovl does not match
+if [ -r "$sysroot"/etc/apk/arch ]; then
+	apk_arch="$(apk --print-arch)"
+	if [ -n "$apk_arch" ]; then
+		echo "$apk_arch" > "$sysroot"/etc/apk/arch
+	fi
+fi
+
+
+# use swclock if no RTC is found
+if rtc_exists || [ "$(uname -m)" = "s390x" ]; then
+	rc_add hwclock boot
+else
+	rc_add swclock boot
+fi
+
+
+# Mount bind system mounts to sysroot to keep them going
+mkdir -p $sysroot/sys $sysroot/proc $sysroot/dev $sysroot/run
+$MOCK mount -o bind /sys $sysroot/sys
+$MOCK mount -o bind /proc $sysroot/proc
+$MOCK mount -o bind /dev $sysroot/dev
+$MOCK mount -o bind /run $sysroot/run
+
+# remount according default fstab from package
+if [ -z "$has_fstab" ] && [ -f "$sysroot"/etc/fstab ]; then
+	remount_fstab_entry "$sysroot"/etc/fstab
+fi
+
+
+# fix inittab if alternative console
+setup_inittab_console
+
+! [ -f "$sysroot"/etc/resolv.conf ] && [ -f /etc/resolv.conf ] && \
+	cp /etc/resolv.conf "$sysroot"/etc
+
+if [ ! -x "${sysroot}${INIT}" ]; then
+	echo "$INIT not found in new root. Launching emergency recovery shell"
+	echo "Type exit to continue boot."
+	/bin/busybox sh
+fi
+
+# switch over to new root
+echo ""
+# shellcheck disable=SC2093
+exec switch_root "$sysroot" "$INIT"
+
+# If it fails, drop to recovery shell
+echo "initramfs emergency recovery shell launched"
+# shellcheck disable=SC2093
+exec /bin/busybox sh
+reboot

packages/initrd-alpine/files/mkinitfs.conf

@@ -0,0 +1 @@
+features="ata base cdrom ext4 keymap kms mmc lvm nvme raid scsi usb network dhcp virtio zfs squashfs immucore"

packages/kernels/linux-tegra/build.yaml

@@ -1,3 +1,4 @@
+{{ if .Values.arch }}
 {{ if eq .Values.arch "arm64" }}
 # There is no arm64 package. There is only a linux-tegra, generic, for ARM64, built from x86.
 {{ else }}
@@ -29,4 +30,5 @@ steps:
 - cd Linux_for_Tegra/source/public/kernel/kernel-4.9/ && make CROSS_COMPILE=/luetbuild/gcc-linaro-7.3.1-2018.05-x86_64_aarch64-linux-gnu/ LOCALVERSION="-tegra" ARCH=arm64 O=/luetbuild/Linux_for_Tegra/source/public/kernel_out modules_install INSTALL_MOD_PATH=/out
 # https://blog.kevmo314.com/compiling-custom-kernel-modules-on-the-jetson-nano.html
 package_dir: /out
-{{ end }}
+{{ end }}
+{{end}}

packages/static/grub-efi/build.yaml

@@ -3,6 +3,7 @@
 image: {{.Values.image}}
 
 {{if eq .Values.distribution "opensuse"}}
+{{ if .Values.arch }}
 {{ if eq .Values.arch "arm64" }}
 prelude:
 - zypper in -y grub2-arm64-efi grub2
@@ -13,6 +14,7 @@ prelude:
 - zypper in -y grub2-i386-pc grub2-x86_64-efi grub2
 {{ end }}
 {{end}}
+{{end}}
 
 package_dir: "/output"
 steps: