├── example
    ├── rootfs
    │   └── usr
    │   │   └── local
    │   │       └── bin
    │   │           └── hello
    ├── packages
    ├── repositories
    └── configure.sh
├── .github
    ├── FUNDING.yml
    └── workflows
    │   └── ci.yml
├── .editorconfig
├── LICENSE
├── Makefile
├── README.adoc
└── alpine-make-vm-image


/example/rootfs/usr/local/bin/hello:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | 
3 | echo 'Hello, world!'
4 | 


--------------------------------------------------------------------------------
/.github/FUNDING.yml:
--------------------------------------------------------------------------------
1 | # These are supported funding model platforms
2 | 
3 | github: jirutka
4 | 


--------------------------------------------------------------------------------
/example/packages:
--------------------------------------------------------------------------------
1 | chrony
2 | doas
3 | doas-sudo-shim
4 | less
5 | logrotate
6 | openssh
7 | ssmtp
8 | 


--------------------------------------------------------------------------------
/example/repositories:
--------------------------------------------------------------------------------
1 | @edge http://dl-cdn.alpinelinux.org/alpine/edge/main
2 | http://dl-cdn.alpinelinux.org/alpine/latest-stable/main
3 | http://dl-cdn.alpinelinux.org/alpine/latest-stable/community
4 | 


--------------------------------------------------------------------------------
/.editorconfig:
--------------------------------------------------------------------------------
 1 | # http://editorconfig.org
 2 | root = true
 3 | 
 4 | [*]
 5 | charset = utf-8
 6 | end_of_line = lf
 7 | indent_size = 4
 8 | indent_style = tab
 9 | insert_final_newline = true
10 | trim_trailing_whitespace = true
11 | 
12 | [*.{adoc,yml}]
13 | indent_size = 2
14 | indent_style = space
15 | 


--------------------------------------------------------------------------------
/example/configure.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | _step_counter=0
 4 | step() {
 5 | 	_step_counter=$(( _step_counter + 1 ))
 6 | 	printf '\n\033[1;36m%d) %s\033[0m\n' $_step_counter "$@" >&2  # bold cyan
 7 | }
 8 | 
 9 | uname -a
10 | 
11 | step 'Set up timezone'
12 | setup-timezone -z Europe/Prague
13 | 
14 | step 'Set up networking'
15 | cat > /etc/network/interfaces <<-EOF
16 | 	iface lo inet loopback
17 | 	iface eth0 inet dhcp
18 | EOF
19 | ln -s networking /etc/init.d/net.lo
20 | ln -s networking /etc/init.d/net.eth0
21 | 
22 | step 'Adjust rc.conf'
23 | sed -Ei \
24 | 	-e 's/^[# ](rc_depend_strict)=.*/\1=NO/' \
25 | 	-e 's/^[# ](rc_logger)=.*/\1=YES/' \
26 | 	-e 's/^[# ](unicode)=.*/\1=YES/' \
27 | 	/etc/rc.conf
28 | 
29 | step 'Enable services'
30 | rc-update add acpid default
31 | rc-update add chronyd default
32 | rc-update add crond default
33 | rc-update add net.eth0 default
34 | rc-update add net.lo boot
35 | rc-update add termencoding boot
36 | 
37 | step 'List /usr/local/bin'
38 | ls -la /usr/local/bin
39 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | The MIT License
 2 | 
 3 | Copyright 2017-present Jakub Jirutka <jakub@jirutka.cz>.
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in
13 | all copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21 | THE SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
 1 | SCRIPT_NAME := alpine-make-vm-image
 2 | 
 3 | DESTDIR := /
 4 | PREFIX := /usr/local
 5 | 
 6 | SED := sed
 7 | SHA1SUM := sha1sum
 8 | 
 9 | ifeq ($(shell uname -s),Darwin)
10 | 	SED := gsed
11 | 	SHA1SUM := shasum -a 1
12 | endif
13 | 
14 | #: Update version in the script and README.adoc to $VERSION.
15 | bump-version:
16 | 	test -n "$(VERSION)"  # $$VERSION
17 | 	$(SED) -E -i "s/^(readonly VERSION)=.*/\1='$(VERSION)'/" $(SCRIPT_NAME)
18 | 	$(SED) -E -i "s/^(:version:).*/\1 $(VERSION)/" README.adoc
19 | 
20 | #: Install the script into $DESTDIR.
21 | install:
22 | 	mkdir -p $(DESTDIR)$(PREFIX)/bin
23 | 	install -m 755 $(SCRIPT_NAME) $(DESTDIR)$(PREFIX)/bin/$(SCRIPT_NAME)
24 | 
25 | #: Update variable :script-sha1: in README.adoc with SHA1 checksum of the script.
26 | readme-update-checksum:
27 | 	$(SED) -E -i \
28 | 		-e "s/^(:script-sha1:).*/\1 $(shell $(SHA1SUM) $(SCRIPT_NAME) | cut -d ' ' -f 1)/" \
29 | 		README.adoc
30 | 
31 | #: Bump version to $VERSION, create release commit and tag.
32 | release: .check-git-clean | bump-version readme-update-checksum
33 | 	test -n "$(VERSION)"  # $$VERSION
34 | 	git add .
35 | 	git commit -m "Release version $(VERSION)"
36 | 	git tag -s v$(VERSION) -m v$(VERSION)
37 | 
38 | #: Print list of targets.
39 | help:
40 | 	@printf '%s\n\n' 'List of targets:'
41 | 	@$(SED) -En '/^#:.*/{ N; s/^#: (.*)\n([A-Za-z0-9_-]+).*/\2 \1/p }' $(MAKEFILE_LIST) \
42 | 		| while read label desc; do printf '%-30s %s\n' "$$label" "$$desc"; done
43 | 
44 | .check-git-clean:
45 | 	@test -z "$(shell git status --porcelain)" \
46 | 		|| { echo 'You have uncommitted changes!' >&2; exit 1; }
47 | 
48 | .PHONY: bump-version install readme-update-checksum release help .check-git-clean
49 | 


--------------------------------------------------------------------------------
/.github/workflows/ci.yml:
--------------------------------------------------------------------------------
  1 | name: CI
  2 | on:
  3 |   - pull_request
  4 |   - push
  5 | 
  6 | jobs:
  7 |   test-ubuntu:
  8 |     name: Test on Ubuntu
  9 |     runs-on: ubuntu-latest
 10 |     steps:
 11 |       - name: Install qemu-utils
 12 |         run: |
 13 |           sudo apt-get update
 14 |           sudo apt-get install qemu-utils
 15 | 
 16 |       - uses: actions/checkout@v4
 17 | 
 18 |       - name: Build image for x86_64 with BIOS mode and without GPT
 19 |         run: |
 20 |           sudo ./alpine-make-vm-image \
 21 |               --image-format qcow2 \
 22 |               --image-size 2G \
 23 |               --repositories-file example/repositories \
 24 |               --packages "$(cat example/packages)" \
 25 |               --fs-skel-dir example/rootfs \
 26 |               --fs-skel-chown root:root \
 27 |               --script-chroot \
 28 |               alpine-bios-$(date +%Y-%m-%d).qcow2 -- ./example/configure.sh
 29 | 
 30 |       - name: Build image for x86_64 with BIOS mode and GPT
 31 |         run: |
 32 |           sudo ./alpine-make-vm-image \
 33 |               --image-format raw \
 34 |               --image-size 2G \
 35 |               --partition \
 36 |               --repositories-file example/repositories \
 37 |               --packages "$(cat example/packages)" \
 38 |               --fs-skel-dir example/rootfs \
 39 |               --fs-skel-chown root:root \
 40 |               --script-chroot \
 41 |               alpine-bios-part-$(date +%Y-%m-%d).raw -- ./example/configure.sh
 42 | 
 43 |       - name: Build image for x86_64 with UEFI mode
 44 |         run: |
 45 |           sudo ./alpine-make-vm-image \
 46 |               --image-format qcow2 \
 47 |               --image-size 2G \
 48 |               --boot-mode UEFI \
 49 |               --repositories-file example/repositories \
 50 |               --packages "$(cat example/packages)" \
 51 |               --fs-skel-dir example/rootfs \
 52 |               --fs-skel-chown root:root \
 53 |               --script-chroot \
 54 |               alpine-uefi-$(date +%Y-%m-%d).qcow2 -- ./example/configure.sh
 55 | 
 56 |       - name: Install qemu-aarch64 and register in binfmt
 57 |         uses: jirutka/setup-alpine@v1
 58 |         with:
 59 |           arch: aarch64
 60 | 
 61 |       - name: Build image for aarch64
 62 |         run: |
 63 |           sudo ./alpine-make-vm-image \
 64 |               --arch aarch64 \
 65 |               --image-format qcow2 \
 66 |               --image-size 2G \
 67 |               --repositories-file example/repositories \
 68 |               --packages "$(cat example/packages) linux-virt@edge" \
 69 |               --fs-skel-dir example/rootfs \
 70 |               --fs-skel-chown root:root \
 71 |               --script-chroot \
 72 |               alpine-aarch64-$(date +%Y-%m-%d).qcow2 -- ./example/configure.sh
 73 | 
 74 |   test-alpine:
 75 |     name: Test on Alpine
 76 |     runs-on: ubuntu-latest
 77 |     steps:
 78 |       - uses: actions/checkout@v3
 79 | 
 80 |       # We must run this outside the chroot.
 81 |       - run: sudo modprobe nbd max_part=16
 82 | 
 83 |       - name: Set up Alpine Linux v3.22
 84 |         uses: jirutka/setup-alpine@v1
 85 |         with:
 86 |           # XXX: v3.23 doesn't work here, running package triggers results in "unshare: Invalid argument"
 87 |           branch: v3.22
 88 | 
 89 |       - name: Build image for x86_64 with BIOS mode and without GPT
 90 |         run: |
 91 |           ./alpine-make-vm-image \
 92 |               --image-format qcow2 \
 93 |               --image-size 2G \
 94 |               --repositories-file example/repositories \
 95 |               --packages "$(cat example/packages)" \
 96 |               --fs-skel-dir example/rootfs \
 97 |               --fs-skel-chown root:root \
 98 |               --script-chroot \
 99 |               alpine-bios-$(date +%Y-%m-%d).qcow2 -- ./example/configure.sh
100 |         shell: alpine.sh --root {0}
101 | 
102 |       - name: Build image for x86_64 with UEFI mode
103 |         run: |
104 |           ./alpine-make-vm-image \
105 |               --image-format qcow2 \
106 |               --image-size 2G \
107 |               --boot-mode UEFI \
108 |               --repositories-file example/repositories \
109 |               --packages "$(cat example/packages)" \
110 |               --fs-skel-dir example/rootfs \
111 |               --fs-skel-chown root:root \
112 |               --script-chroot \
113 |               alpine-uefi-$(date +%Y-%m-%d).qcow2 -- ./example/configure.sh
114 |         shell: alpine.sh --root {0}
115 | 
116 |       - name: Install qemu-aarch64 and register in binfmt
117 |         uses: jirutka/setup-alpine@v1
118 |         with:
119 |           arch: aarch64
120 |           shell-name: alpine-aarch64.sh
121 | 
122 |       # Note: We cannot run alpine-make-vm-image inside emulated chroot due to nbd.
123 |       - name: Build image for aarch64
124 |         run: |
125 |           ./alpine-make-vm-image \
126 |               --arch aarch64 \
127 |               --branch edge \
128 |               --image-format qcow2 \
129 |               --image-size 2G \
130 |               --packages "$(cat example/packages)" \
131 |               --fs-skel-dir example/rootfs \
132 |               --fs-skel-chown root:root \
133 |               --script-chroot \
134 |               alpine-aarch64-$(date +%Y-%m-%d).qcow2 -- ./example/configure.sh
135 |         shell: alpine.sh --root {0}
136 | 


--------------------------------------------------------------------------------
/README.adoc:
--------------------------------------------------------------------------------
  1 | = Make Alpine Linux VM Image
  2 | :script-name: alpine-make-vm-image
  3 | :script-sha1: f17ef4997496ace524a8e8e578d944f3552255bb
  4 | :gh-name: alpinelinux/{script-name}
  5 | :version: 0.13.3
  6 | 
  7 | ifdef::env-github[]
  8 | image:https://github.com/{gh-name}/workflows/CI/badge.svg["Build Status", link="https://github.com/{gh-name}/actions"]
  9 | endif::env-github[]
 10 | 
 11 | This project provides a script for making customized https://alpinelinux.org/[Alpine Linux] disk images for x86_64 and aarch64 footnote:[Supported since Alpine Linux v3.19. See <<aarch64-old>>.] virtual machines.
 12 | You can choose between BIOS mode (using https://syslinux.org/[Syslinux], only for x86_64) and UEFI mode (using Linux https://docs.kernel.org/admin-guide/efi-stub.html[EFI stub]).
 13 | It’s quite simple (400 LoC of shell), fast (~32 seconds on GitHub Actions), requires minimum dependencies (QEMU and filesystem tools).
 14 | 
 15 | TIP: Don’t need VM, just wanna chroot into Alpine Linux?
 16 |      Try https://github.com/alpinelinux/alpine-chroot-install[alpine-chroot-install]!
 17 |      Or do you want to create a custom rootfs?
 18 |      Then https://github.com/alpinelinux/alpine-make-rootfs[alpine-make-rootfs] is for you!
 19 | 
 20 | 
 21 | == Requirements
 22 | 
 23 | * Linux system with common userland (Busybox or GNU coreutils)
 24 | * POSIX-sh compatible shell (e.g. Busybox ash, dash, Bash, ZSH)
 25 | * `qemu-img` and `qemu-nbd` tools
 26 | * `rsync` (needed only for `--fs-skel-dir`)
 27 | * `sfdisk` (needed only for `--partition`, `--boot-mode UEFI` and non-x86 architectures)
 28 | * `mdev` or `udevadm` (needed only for `--partition`, `--boot-mode UEFI` and non-x86 architectures if device hotplug doesn’t work)
 29 | * `e2fsprogs` (for ext4), `btrfs-progs` (for Btrfs), or `xfsprogs` (for XFS)
 30 | * `dosfstools` (needed only for `--boot-mode UEFI` and non-x86 architectures)
 31 | 
 32 | All dependencies except the first two are automatically installed by the script when running on Alpine Linux.
 33 | 
 34 | 
 35 | == Usage
 36 | 
 37 | Read documentation in link:{script-name}[{script-name}].
 38 | See link:.github/workflows/ci.yml[] for GitHub Actions example.
 39 | 
 40 | You can copy link:{script-name}[{script-name}] into your repository or download it on demand, e.g.:
 41 | 
 42 | [source, sh, subs="+attributes"]
 43 | wget https://raw.githubusercontent.com/{gh-name}/v{version}/{script-name} \
 44 |     && echo '{script-sha1}  {script-name}' | sha1sum -c \
 45 |     || exit 1
 46 | 
 47 | Or, if you are on Alpine Linux, you can simply install the https://pkgs.alpinelinux.org/packages?name={script-name}[{script-name}] package.
 48 | 
 49 | 
 50 | == Howtos
 51 | 
 52 | === Create images for aarch64 on x86_64 host
 53 | 
 54 | All you need to do is install the https://www.qemu.org/docs/master/user/main.html[QEMU User space emulator] for aarch64 and register it in https://docs.kernel.org/admin-guide/binfmt-misc.html[binfmt_misc] as the interpreter for aarch64 binaries.
 55 | 
 56 | On Alpine Linux::
 57 | +
 58 | [source, sh]
 59 | apk add qemu-aarch64 qemu-openrc
 60 | rc-service qemu-binfmt start
 61 | 
 62 | On Debian/Ubuntu::
 63 | +
 64 | [source, sh]
 65 | apt-get install -y --no-install-recommends binfmt-support qemu-user-static
 66 | update-binfmts --enable
 67 | 
 68 | On Fedora::
 69 | +
 70 | [source, sh]
 71 | dnf install qemu-user-static
 72 | 
 73 | On GitHub Actions::
 74 | +
 75 | [source, yaml]
 76 | ----
 77 | - name: Install qemu-aarch64 and register in binfmt
 78 |   uses: jirutka/setup-alpine@v1
 79 |   with:
 80 |     arch: aarch64
 81 | ----
 82 | +
 83 | See link:.github/workflows/ci.yml[] for a complete example.
 84 | 
 85 | After that, run {script-name} with the option `--arch aarch64`.
 86 | 
 87 | 
 88 | [[aarch64-old]]
 89 | === Create aarch64 image with Alpine v3.18 or older
 90 | 
 91 | The Linux kernel (_linux-virt_, _linux-lts_ or _linux-edge_ package) in Alpine v3.18 and earlier doesn’t have https://cateee.net/lkddb/web-lkddb/EFI_ZBOOT.html[EFI_ZBOOT] enabled, so EFI stub cannot load a compressed vmlinuz.
 92 | We backported it to v3.18, but then we had to revert it due to a problem with Grub (see https://gitlab.alpinelinux.org/alpine/aports/-/issues/15263[alpine/aports#15263]).
 93 | 
 94 | If you want to build an image with an older branch of Alpine Linux, you can, but you must install the kernel from the v3.19 branch (or newer).
 95 | This is relatively safe because the kernel package doesn’t have any dynamic dependencies.
 96 | 
 97 | . Create a `repositories` file with a pinned main repository from v3.19, e.g.:
 98 | +
 99 | [source]
100 | ----
101 | @v319 https://dl-cdn.alpinelinux.org/alpine/v3.19/main
102 | https://dl-cdn.alpinelinux.org/alpine/v3.18/main
103 | https://dl-cdn.alpinelinux.org/alpine/v3.18/community
104 | ----
105 | 
106 | . Run {script-name} with the options `--repositories-file ./repositories` and `--packages linux-virt@v319` (or `linux-lts@v319` if you use `--kernel-flavor lts`).
107 | 
108 | This will first install _linux-virt_ from v3.18, but in the later step it will reinstall it from the v3.19 branch.
109 | 
110 | 
111 | === Create image for VMware (ESXi)
112 | 
113 | VMware and disk images (virtual disks) is one big mess.
114 | You can find that VMware uses the VMDK format, but the problem is that this is not a single format.
115 | Actually it has many subformats with very different structure and various (in)compatibility with VMware hypervisors.
116 | 
117 | When I’ve created a disk image using `qemu-img create -f vmdk` or converted Qcow2 to VMDK using `qemu-img convert -O vmdk`, vSphere client loaded this image without any problem, but the data was corrupted.
118 | Eventually I found in some old documentation that ESXi does not support “sparse” disks…
119 | 
120 | So after many trials I found out that the least bad and functional solution is to create Qcow2 image and then convert it to VMDK using:
121 | 
122 | [source, sh]
123 | qemu-img convert -f qcow2 -O vmdk -o adapter_type=lsilogic,subformat=monolithicFlat alpine.qcow2 alpine.vmdk
124 | 
125 | Unfortunately, this creates a “thick” image, i.e. its size equals the “provisioned space”, not actually used space as in Qcow2.
126 | However, you can compress it with gzip to avoid transferring multiple gigabytes of zeros over network.
127 | 
128 | 
129 | == License
130 | 
131 | This project is licensed under http://opensource.org/licenses/MIT/[MIT License].
132 | For the full text of the license, see the link:LICENSE[LICENSE] file.
133 | 


--------------------------------------------------------------------------------
/alpine-make-vm-image:
--------------------------------------------------------------------------------
  1 | #!/bin/sh
  2 | # vim: set ts=4 sw=4:
  3 | # SPDX-FileCopyrightText: © 2017 Jakub Jirutka <jakub@jirutka.cz>
  4 | # SPDX-License-Identifier: MIT
  5 | #---help---
  6 | # Usage: alpine-make-vm-image [options] [--] <image> [<script> [<script-opts...>]]
  7 | #
  8 | # This script creates a bootable Alpine Linux disk image for virtual machines.
  9 | # If running on Alpine system (detected by file /etc/alpine-release), then it
 10 | # also installs needed packages on the host system. On other systems you must
 11 | # install them yourself: qemu-img, qemu-nbd, rsync, sfdisk, dosfstools (for UEFI
 12 | # mode) and mkfs utility for the chosen ROOTFS. If $APK is not available on the
 13 | # host system, then static apk-tools specified by $APK_TOOLS_URI is downloaded
 14 | # and used.
 15 | #
 16 | # Note that in BIOS mode, it does not create any partitions by default (it's
 17 | # really not needed), filesystem is created directly on the image. If you must
 18 | # use some platform that foolishly requires partitions in images, use
 19 | # --partition.
 20 | #
 21 | # Arguments:
 22 | #   <image>                               Path of block device or disk image file to use or create
 23 | #                                         if it does not exist.
 24 | #
 25 | #   <script>                              Path of script to execute after installing base system in
 26 | #                                         the mounted image and before umounting it.
 27 | #
 28 | #   <script-opts>                         Arguments to pass to the script.
 29 | #
 30 | # Options and Environment Variables:
 31 | #   -a --arch ARCH                        Target CPU architecture. If it doesn't match the host's
 32 | #                                         architecture, you must register an interpreter (emulator)
 33 | #                                         for the target architecture in binfmt, e.g. qemu userspace
 34 | #                                         emulator. Options: x86_64, aarch64 (Alpine v3.19+ / edge).
 35 | #
 36 | #   -B --boot-mode BOOT_MODE              Either "BIOS" (default on x86/x86_64) or "UEFI" (default
 37 | #                                         on others). "BIOS" is supported only on x86/x86_64.
 38 | #
 39 | #   -b --branch ALPINE_BRANCH             Alpine branch to install; used only when
 40 | #                                         --repositories-file is not specified. Default is
 41 | #                                         latest-stable.
 42 | #
 43 | #   -S --fs-skel-dir FS_SKEL_DIR          Path of directory which content to recursively copy
 44 | #                                         (using rsync) into / in the image.
 45 | #
 46 | #      --fs-skel-chown FS_SKEL_CHOWN      Force all files from FS_SKEL_DIR to be owned by the
 47 | #                                         specified USER:GROUP.
 48 | #
 49 | #   -P --partition (PARTITION)            Create GUID Partition Table (GPT) with a single partition.
 50 | #                                         GPT is always created if --boot-mode is UEFI.
 51 | #
 52 | #   -f --image-format IMAGE_FORMAT        Format of the disk image (see qemu-img --help). Not
 53 | #                                         applicable if the target image is a block device.
 54 | #
 55 | #   -s --image-size IMAGE_SIZE            Size of the disk image to create in bytes or with suffix
 56 | #                                         (e.g. 1G, 1024M). Default is 2G. Not applicable if the
 57 | #                                         target image is a block device.
 58 | #
 59 | #   -i --initfs-features INITFS_FEATURES  List of additional mkinitfs features (basically modules)
 60 | #                                         to be included in initramfs (see mkinitfs -L). "base" and
 61 | #                                         $ROOTFS is always included, don't specify them here.
 62 | #                                         Default is "kms scsi virtio".
 63 | #
 64 | #   -k --kernel-flavor KERNEL_FLAVOR      The kernel flavour to install; virt (default), lts
 65 | #                                         (Alpine >=3.11), or vanilla (Alpine <3.11).
 66 | #
 67 | #      --keys-dir KEYS_DIR                Path of directory with Alpine keys to copy into the image.
 68 | #                                         Default is /etc/apk/keys if --arch matches the host arch.
 69 | #                                         If does not exist, keys for aarch64 and x86_64 embedded in
 70 | #                                         this script will be used.
 71 | #
 72 | #   -m --mirror-uri ALPINE_MIRROR         URI of the Aports mirror to fetch packages; used only
 73 | #                                         when --repositories-file is not specified. Default is
 74 | #                                         http://dl-cdn.alpinelinux.org/alpine.
 75 | #
 76 | #   -C --no-cleanup (CLEANUP)             Don't umount and disconnect image when done.
 77 | #
 78 | #   -p --packages PACKAGES                Additional packages to install into the image.
 79 | #
 80 | #   -r --repositories-file REPOS_FILE     Path of the repositories file to copy into the rootfs.
 81 | #                                         If not provided, Alpine's main and community repositories
 82 | #                                         on --mirror-uri will be used.
 83 | #
 84 | #      --rootfs ROOTFS                    Filesystem to create on the image. Default is ext4.
 85 | #
 86 | #   -c --script-chroot (SCRIPT_CHROOT)    Bind <script>'s directory at /mnt inside image and chroot
 87 | #                                         into the image before executing <script>.
 88 | #
 89 | #   -t --serial-console (SERIAL_CONSOLE)  Add configuration for a serial console on ttyS0.
 90 | #
 91 | #   -h --help                             Show this help message and exit.
 92 | #
 93 | #   -V --version                          Print version and exit.
 94 | #
 95 | #   APK                                   APK command to use. Default is "apk".
 96 | #
 97 | #   APK_OPTS                              Options to pass into apk on each execution.
 98 | #                                         Default is "--no-progress".
 99 | #
100 | #   APK_TOOLS_URI                         URL of apk-tools binary to download if $APK is not found
101 | #                                         on the host system. Default is apk.static from
102 | #                                         https://gitlab.alpinelinux.org/alpine/apk-tools/-/packages.
103 | #
104 | #   APK_TOOLS_SHA256                      SHA-256 checksum of $APK_TOOLS_URI.
105 | #
106 | # Each option can be also provided by environment variable. If both option and
107 | # variable is specified and the option accepts only one argument, then the
108 | # option takes precedence.
109 | #
110 | # https://github.com/alpinelinux/alpine-make-vm-image
111 | #---help---
112 | set -eu
113 | 
114 | # Some distros (e.g. Arch Linux) does not have /bin or /sbin in PATH.
115 | PATH="$PATH:/usr/sbin:/usr/bin:/sbin:/bin"
116 | 
117 | readonly PROGNAME='alpine-make-vm-image'
118 | readonly VERSION='0.13.3'
119 | readonly VIRTUAL_PKG=".make-$PROGNAME"
120 | # An opaque string used to detect changes in resolv.conf.
121 | readonly RESOLVCONF_MARK="### created by $PROGNAME ###"
122 | 
123 | # Alpine APK keys for verification of packages for x86_64 and aarch64.
124 | readonly ALPINE_KEYS='
125 | 4a6a0840:MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1yHJxQgsHQREclQu4Ohe\nqxTxd1tHcNnvnQTu/UrTky8wWvgXT+jpveroeWWnzmsYlDI93eLI2ORakxb3gA2O\nQ0Ry4ws8vhaxLQGC74uQR5+/yYrLuTKydFzuPaS1dK19qJPXB8GMdmFOijnXX4SA\njixuHLe1WW7kZVtjL7nufvpXkWBGjsfrvskdNA/5MfxAeBbqPgaq0QMEfxMAn6/R\nL5kNepi/Vr4S39Xvf2DzWkTLEK8pcnjNkt9/aafhWqFVW7m3HCAII6h/qlQNQKSo\nGuH34Q8GsFG30izUENV9avY7hSLq7nggsvknlNBZtFUcmGoQrtx3FmyYsIC8/R+B\nywIDAQAB
126 | 5261cecb:MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlzMkl7b5PBdfMzGdCT0\ncGloRr5xGgVmsdq5EtJvFkFAiN8Ac9MCFy/vAFmS8/7ZaGOXoCDWbYVLTLOO2qtX\nyHRl+7fJVh2N6qrDDFPmdgCi8NaE+3rITWXGrrQ1spJ0B6HIzTDNEjRKnD4xyg4j\ng01FMcJTU6E+V2JBY45CKN9dWr1JDM/nei/Pf0byBJlMp/mSSfjodykmz4Oe13xB\nCa1WTwgFykKYthoLGYrmo+LKIGpMoeEbY1kuUe04UiDe47l6Oggwnl+8XD1MeRWY\nsWgj8sF4dTcSfCMavK4zHRFFQbGp/YFJ/Ww6U9lA3Vq0wyEI6MCMQnoSMFwrbgZw\nwwIDAQAB
127 | 6165ee59:MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAutQkua2CAig4VFSJ7v54\nALyu/J1WB3oni7qwCZD3veURw7HxpNAj9hR+S5N/pNeZgubQvJWyaPuQDm7PTs1+\ntFGiYNfAsiibX6Rv0wci3M+z2XEVAeR9Vzg6v4qoofDyoTbovn2LztaNEjTkB+oK\ntlvpNhg1zhou0jDVYFniEXvzjckxswHVb8cT0OMTKHALyLPrPOJzVtM9C1ew2Nnc\n3848xLiApMu3NBk0JqfcS3Bo5Y2b1FRVBvdt+2gFoKZix1MnZdAEZ8xQzL/a0YS5\nHd0wj5+EEKHfOd3A75uPa/WQmA+o0cBFfrzm69QDcSJSwGpzWrD1ScH3AK8nWvoj\nv7e9gukK/9yl1b4fQQ00vttwJPSgm9EnfPHLAtgXkRloI27H6/PuLoNvSAMQwuCD\nhQRlyGLPBETKkHeodfLoULjhDi1K2gKJTMhtbnUcAA7nEphkMhPWkBpgFdrH+5z4\nLxy+3ek0cqcI7K68EtrffU8jtUj9LFTUC8dERaIBs7NgQ/LfDbDfGh9g6qVj1hZl\nk9aaIPTm/xsi8v3u+0qaq7KzIBc9s59JOoA8TlpOaYdVgSQhHHLBaahOuAigH+VI\nisbC9vmqsThF2QdDtQt37keuqoda2E6sL7PUvIyVXDRfwX7uMDjlzTxHTymvq2Ck\nhtBqojBnThmjJQFgZXocHG8CAwEAAQ==
128 | 58199dcc:MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3v8/ye/V/t5xf4JiXLXa\nhWFRozsnmn3hobON20GdmkrzKzO/eUqPOKTpg2GtvBhK30fu5oY5uN2ORiv2Y2ht\neLiZ9HVz3XP8Fm9frha60B7KNu66FO5P2o3i+E+DWTPqqPcCG6t4Znk2BypILcit\nwiPKTsgbBQR2qo/cO01eLLdt6oOzAaF94NH0656kvRewdo6HG4urbO46tCAizvCR\nCA7KGFMyad8WdKkTjxh8YLDLoOCtoZmXmQAiwfRe9pKXRH/XXGop8SYptLqyVVQ+\ntegOD9wRs2tOlgcLx4F/uMzHN7uoho6okBPiifRX+Pf38Vx+ozXh056tjmdZkCaV\naQIDAQAB
129 | 616ae350:MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyduVzi1mWm+lYo2Tqt/0\nXkCIWrDNP1QBMVPrE0/ZlU2bCGSoo2Z9FHQKz/mTyMRlhNqTfhJ5qU3U9XlyGOPJ\npiM+b91g26pnpXJ2Q2kOypSgOMOPA4cQ42PkHBEqhuzssfj9t7x47ppS94bboh46\nxLSDRff/NAbtwTpvhStV3URYkxFG++cKGGa5MPXBrxIp+iZf9GnuxVdST5PGiVGP\nODL/b69sPJQNbJHVquqUTOh5Ry8uuD2WZuXfKf7/C0jC/ie9m2+0CttNu9tMciGM\nEyKG1/Xhk5iIWO43m4SrrT2WkFlcZ1z2JSf9Pjm4C2+HovYpihwwdM/OdP8Xmsnr\nDzVB4YvQiW+IHBjStHVuyiZWc+JsgEPJzisNY0Wyc/kNyNtqVKpX6dRhMLanLmy+\nf53cCSI05KPQAcGj6tdL+D60uKDkt+FsDa0BTAobZ31OsFVid0vCXtsbplNhW1IF\nHwsGXBTVcfXg44RLyL8Lk/2dQxDHNHzAUslJXzPxaHBLmt++2COa2EI1iWlvtznk\nOk9WP8SOAIj+xdqoiHcC4j72BOVVgiITIJNHrbppZCq6qPR+fgXmXa+sDcGh30m6\n9Wpbr28kLMSHiENCWTdsFij+NQTd5S47H7XTROHnalYDuF1RpS+DpQidT5tUimaT\nJZDr++FjKrnnijbyNF8b98UCAwEAAQ==
130 | '
131 | 
132 | readonly HOST_ARCH="$(uname -m)"
133 | 
134 | # SHA256 checksum of $APK_TOOLS_URI for each architecture.
135 | case "$HOST_ARCH" in
136 | 	aarch64) : ${APK_TOOLS_SHA256:="e471d35aa221d031abe9b6288aede12a8e9f1a398954e5a2e1d1bce1727b4ef4"};;
137 | 	x86_64) : ${APK_TOOLS_SHA256:="34bb1a96f0258982377a289392d4ea9f3f4b767a4bb5806b1b87179b79ad8a1c"};;
138 | esac
139 | 
140 | : ${APK_TOOLS_URI:="https://gitlab.alpinelinux.org/api/v4/projects/5/packages/generic/v2.14.10/$HOST_ARCH/apk.static"}
141 | : ${APK:="apk"}
142 | : ${APK_OPTS:="--no-progress"}
143 | 
144 | 
145 | # For compatibility with systems that does not have "realpath" command.
146 | if ! command -v realpath >/dev/null; then
147 | 	alias realpath='readlink -f'
148 | fi
149 | 
150 | die() {
151 | 	printf '\033[1;31mERROR:\033[0m %s\n' "$@" >&2  # bold red
152 | 	exit 1
153 | }
154 | 
155 | einfo() {
156 | 	printf '\n\033[1;36m> %s\033[0m\n' "$@" >&2  # bold cyan
157 | }
158 | 
159 | # Prints help and exists with the specified status.
160 | help() {
161 | 	sed -En '/^#---help---/,/^#---help---/p' "$0" | sed -E 's/^# ?//; 1d;$d;'
162 | 	exit ${1:-0}
163 | }
164 | 
165 | # Cleans the host system. This function is executed before exiting the script.
166 | cleanup() {
167 | 	set +eu
168 | 	trap '' EXIT HUP INT TERM  # unset trap to avoid loop
169 | 
170 | 	cd /
171 | 	if [ -d "$temp_dir" ]; then
172 | 		rm -Rf "$temp_dir"
173 | 	fi
174 | 	if [ "$mount_dir" ]; then
175 | 		umount_recursively "$mount_dir" \
176 | 			|| die "Failed to unmount $mount_dir; unmount it and disconnect $disk_dev manually"
177 | 		rm -Rf "$mount_dir"
178 | 	fi
179 | 	if [ "$disk_dev" ] && ! [ -b "$IMAGE_FILE" ]; then
180 | 		qemu-nbd --disconnect "$disk_dev" \
181 | 			|| die "Failed to disconnect $disk_dev; disconnect it manually"
182 | 	fi
183 | 	if [ "$INSTALL_HOST_PKGS" = yes ]; then
184 | 		_apk del $VIRTUAL_PKG
185 | 	fi
186 | }
187 | 
188 | _apk() {
189 | 	"$APK" $APK_OPTS "$@"
190 | }
191 | 
192 | # Attaches the specified image as a NBD block device and prints its path.
193 | attach_image() {
194 | 	local image="$1"
195 | 	local format="${2:-}"
196 | 	local disk_dev
197 | 
198 | 	disk_dev=$(get_available_nbd) || {
199 | 		modprobe nbd max_part=16
200 | 		sleep 1
201 | 		disk_dev=$(get_available_nbd)
202 | 	} || die 'No available nbd device found!'
203 | 
204 | 	qemu-nbd --connect="$disk_dev" --cache=writeback \
205 | 		${format:+--format=$format} "$image" || return 1
206 | 
207 | 	sleep 1  # see #45
208 | 	echo "$disk_dev"
209 | }
210 | 
211 | # Prints UUID of filesystem on the specified block device.
212 | blk_uuid() {
213 | 	local dev="$1"
214 | 	blkid "$dev" | sed -En 's/.*\bUUID="([^"]+)".*/\1/p'
215 | }
216 | 
217 | # Creates GPT parition table on the device $1 for boot mode $2 (BIOS or UEFI).
218 | create_gpt() {
219 | 	local dev="$1"
220 | 	local mode="$2"
221 | 
222 | 	case "$mode" in
223 | 		BIOS) printf '%s\n' \
224 | 			'label: gpt' \
225 | 			'name=system,type=L,bootable,attrs=LegacyBIOSBootable' \
226 | 			| sfdisk "$dev" ;;
227 | 		UEFI) printf '%s\n' \
228 | 			'label: gpt' \
229 | 			'name=efi,type=U,size=128M,bootable' \
230 | 			'name=system,type=L' \
231 | 			| sfdisk "$disk_dev" ;;
232 | 		*) die "Invalid mode: $mode" ;;
233 | 	esac
234 | }
235 | 
236 | # Writes Alpine APK keys embedded in this script into directory $1.
237 | dump_alpine_keys() {
238 | 	local dest_dir="$1"
239 | 	local content id line
240 | 
241 | 	mkdir -p "$dest_dir"
242 | 	for line in $ALPINE_KEYS; do
243 | 		id=${line%%:*}
244 | 		content=${line#*:}
245 | 
246 | 		printf -- "-----BEGIN PUBLIC KEY-----\n$content\n-----END PUBLIC KEY-----\n" \
247 | 			> "$dest_dir/alpine-devel@lists.alpinelinux.org-$id.rsa.pub"
248 | 	done
249 | }
250 | 
251 | # Prints path of available nbdX device, or returns 1 if not any.
252 | get_available_nbd() {
253 | 	local dev; for dev in $(find /dev -maxdepth 2 -name 'nbd[0-9]*'); do
254 | 		if [ "$(blockdev --getsize64 "$dev")" -eq 0 ]; then
255 | 			echo "$dev"; return 0
256 | 		fi
257 | 	done
258 | 	return 1
259 | }
260 | 
261 | # Prints name of the package needed for creating the specified filesystem.
262 | fs_progs_pkg() {
263 | 	local fs="$1"  # filesystem name
264 | 
265 | 	case "$fs" in
266 | 		ext4) echo 'e2fsprogs';;
267 | 		btrfs) echo 'btrfs-progs';;
268 | 		xfs) echo 'xfsprogs';;
269 | 	esac
270 | }
271 | 
272 | # Tests if the specified command exists on the system.
273 | has_cmd() {
274 | 	command -v "$1" >/dev/null
275 | }
276 | 
277 | # Binds the directory $1 at the mountpoint $2 and sets propagation to private.
278 | mount_bind() {
279 | 	mkdir -p "$2"
280 | 	mount --bind "$1" "$2"
281 | 	mount --make-private "$2"
282 | }
283 | 
284 | # Prepares chroot at the specified path.
285 | prepare_chroot() {
286 | 	local dest="$1"
287 | 
288 | 	mkdir -p "$dest"/proc
289 | 	mount -t proc none "$dest"/proc
290 | 	mount_bind /dev "$dest"/dev
291 | 	mount_bind /sys "$dest"/sys
292 | 
293 | 	install -D -m 644 /etc/resolv.conf "$dest"/etc/resolv.conf
294 | 	echo "$RESOLVCONF_MARK" >> "$dest"/etc/resolv.conf
295 | }
296 | 
297 | # Adds specified services to the runlevel. Current working directory must be
298 | # root of the image.
299 | rc_add() {
300 | 	local runlevel="$1"; shift  # runlevel name
301 | 	local services="$*"  # names of services
302 | 
303 | 	local svc; for svc in $services; do
304 | 		mkdir -p etc/runlevels/$runlevel
305 | 		ln -s /etc/init.d/$svc etc/runlevels/$runlevel/$svc
306 | 		echo " * service $svc added to runlevel $runlevel"
307 | 	done
308 | }
309 | 
310 | # Ensures that the specified device node exists.
311 | settle_dev_node() {
312 | 	local dev="$1"
313 | 
314 | 	[ -e "$dev" ] && return 0
315 | 
316 | 	sleep 1  # give hotplug handler some time to kick in
317 | 	[ -e "$dev" ] && return 0
318 | 
319 | 	if has_cmd udevadm; then
320 | 		udevadm settle --exit-if-exists="$dev"
321 | 	elif has_cmd mdev; then
322 | 		mdev -s
323 | 	fi
324 | 	[ -e "$dev" ] && return 0
325 | 
326 | 	return 1
327 | }
328 | 
329 | # Installs and configures extlinux.
330 | setup_extlinux() {
331 | 	local mnt="$1"  # path of directory where is root device currently mounted
332 | 	local root_dev="$2"  # root device
333 | 	local modules="$3"  # modules which should be loaded before pivot_root
334 | 	local kernel_flavor="$4"  # name of default kernel to boot
335 | 	local serial_port="$5"  # serial port number for serial console
336 | 	local default_kernel="$kernel_flavor"
337 | 	local kernel_opts=''
338 | 
339 | 	[ -z "$serial_port" ] || kernel_opts="console=$serial_port"
340 | 
341 | 	if [ "$kernel_flavor" = 'virt' ]; then
342 | 		_apk search --root . --exact --quiet linux-lts | grep -q . \
343 | 			&& default_kernel='lts' \
344 | 			|| default_kernel='vanilla'
345 | 	fi
346 | 
347 | 	sed -Ei \
348 | 		-e "s|^[# ]*(root)=.*|\1=$root_dev|" \
349 | 		-e "s|^[# ]*(default_kernel_opts)=.*|\1=\"$kernel_opts\"|" \
350 | 		-e "s|^[# ]*(modules)=.*|\1=\"$modules\"|" \
351 | 		-e "s|^[# ]*(default)=.*|\1=$default_kernel|" \
352 | 		-e "s|^[# ]*(serial_port)=.*|\1=$serial_port|" \
353 | 		"$mnt"/etc/update-extlinux.conf
354 | 
355 | 	chroot "$mnt" extlinux --install /boot
356 | 	chroot "$mnt" update-extlinux --warn-only 2>&1 \
357 | 		| { grep -Fv 'extlinux: cannot open device /dev' ||:; } >&2
358 | }
359 | 
360 | # Configures mkinitfs.
361 | setup_mkinitfs() {
362 | 	local mnt="$1"  # path of directory where is root device currently mounted
363 | 	local features="$2"  # list of mkinitfs features
364 | 
365 | 	features=$(printf '%s\n' $features | sort | uniq | xargs)
366 | 
367 | 	sed -Ei "s|^[# ]*(features)=.*|\1=\"$features\"|" \
368 | 		"$mnt"/etc/mkinitfs/mkinitfs.conf
369 | }
370 | 
371 | # Unmounts all filesystem under the specified directory tree.
372 | umount_recursively() {
373 | 	local mount_point="$1"
374 | 	test -n "$mount_point" || return 1
375 | 
376 | 	cat /proc/mounts \
377 | 		| cut -d ' ' -f 2 \
378 | 		| grep "^$mount_point" \
379 | 		| sort -r \
380 | 		| xargs umount -rn
381 | }
382 | 
383 | # Downloads the specified file using wget and checks checksum.
384 | wgets() (
385 | 	local url="$1"
386 | 	local sha256="$2"
387 | 	local dest="${3:-.}"
388 | 
389 | 	cd "$dest" \
390 | 		&& wget -T 10 --no-verbose "$url" \
391 | 		&& echo "$sha256  ${url##*/}" | sha256sum -c
392 | )
393 | 
394 | 
395 | #=============================  M a i n  ==============================#
396 | 
397 | opts=$(getopt -n $PROGNAME -o a:b:B:cCf:hi:k:m:p:Pr:s:S:tV \
398 | 	-l arch:,boot-mode:,branch:,fs-skel-chown:,fs-skel-dir:,image-format:,image-size:,initfs-features:,kernel-flavor:,keys-dir:,mirror-uri:,no-cleanup,packages:,partition,repositories-file:,rootfs:,script-chroot,serial-console,help,version \
399 | 	-- "$@") || help 1 >&2
400 | 
401 | eval set -- "$opts"
402 | while [ $# -gt 0 ]; do
403 | 	n=2
404 | 	case "$1" in
405 | 		-a | --arch) ARCH="$2";;
406 | 		-B | --boot-mode) BOOT_MODE="$2";;
407 | 		-b | --branch) ALPINE_BRANCH="$2";;
408 | 		-S | --fs-skel-dir) FS_SKEL_DIR="$(realpath "$2")";;
409 | 		     --fs-skel-chown) FS_SKEL_CHOWN="$2";;
410 | 		-f | --image-format) IMAGE_FORMAT="$2";;
411 | 		-s | --image-size) IMAGE_SIZE="$2";;
412 | 		-i | --initfs-features) INITFS_FEATURES="${INITFS_FEATURES:-} $2";;
413 | 		-k | --kernel-flavor) KERNEL_FLAVOR="$2";;
414 | 		     --keys-dir) KEYS_DIR="$(realpath "$2")";;
415 | 		-m | --mirror-uri) ALPINE_MIRROR="$2";;
416 | 		-C | --no-cleanup) CLEANUP='no'; n=1;;
417 | 		-p | --packages) PACKAGES="${PACKAGES:-} $2";;
418 | 		-P | --partition) PARTITION='yes'; n=1;;
419 | 		-r | --repositories-file) REPOS_FILE="$(realpath "$2")";;
420 | 		     --rootfs) ROOTFS="$2";;
421 | 		-t | --serial-console) SERIAL_CONSOLE='yes'; n=1;;
422 | 		-c | --script-chroot) SCRIPT_CHROOT='yes'; n=1;;
423 | 		-h | --help) help 0;;
424 | 		-V | --version) echo "$PROGNAME $VERSION"; exit 0;;
425 | 		--) shift; break;;
426 | 	esac
427 | 	shift $n
428 | done
429 | 
430 | : ${ALPINE_BRANCH:="latest-stable"}
431 | : ${ALPINE_MIRROR:="http://dl-cdn.alpinelinux.org/alpine"}
432 | : ${ARCH:=}
433 | : ${CLEANUP:="yes"}
434 | : ${FS_SKEL_CHOWN:=}
435 | : ${FS_SKEL_DIR:=}
436 | : ${IMAGE_FORMAT:=}
437 | : ${IMAGE_SIZE:="2G"}
438 | # kms includes virtio-gpu drivers used for graphical output. This is needed
439 | # for aarch64 where '-vga std' is not supported, but useful even for x86_64.
440 | : ${INITFS_FEATURES:="kms scsi virtio"}
441 | : ${KERNEL_FLAVOR:="virt"}
442 | : ${PACKAGES:=}
443 | : ${PARTITION:="no"}
444 | : ${REPOS_FILE:=}
445 | : ${ROOTFS:="ext4"}
446 | : ${SCRIPT_CHROOT:="no"}
447 | : ${SERIAL_CONSOLE:="no"}
448 | 
449 | case "$ALPINE_BRANCH" in
450 | 	[0-9]*) ALPINE_BRANCH="v$ALPINE_BRANCH";;
451 | esac
452 | 
453 | if [ -z "$ARCH" ] || [ "$HOST_ARCH" = "$ARCH" ]; then
454 | 	: ${KEYS_DIR:="/etc/apk/keys"}
455 | else
456 | 	: ${KEYS_DIR:=}
457 | fi
458 | 
459 | case "${ARCH:-"$HOST_ARCH"}" in
460 | 	x86*) : ${BOOT_MODE:="BIOS"};;
461 | 	*)    : ${BOOT_MODE:="UEFI"}
462 | 	      [ "$BOOT_MODE" = 'BIOS' ] && die 'BIOS boot mode is supported only on x86/x86_64';;
463 | esac
464 | 
465 | case "$BOOT_MODE" in
466 | 	BIOS | UEFI) ;;
467 | 	*) die "Invalid boot-mode: $BOOT_MODE";;
468 | esac
469 | 
470 | if [ -f /etc/alpine-release ]; then
471 | 	: ${INSTALL_HOST_PKGS:="yes"}
472 | else
473 | 	: ${INSTALL_HOST_PKGS:="no"}
474 | fi
475 | 
476 | SERIAL_PORT=
477 | [ "$SERIAL_CONSOLE" = 'no' ] || SERIAL_PORT='ttyS0'
478 | 
479 | [ $# -ne 0 ] || help 1 >&2
480 | 
481 | IMAGE_FILE="$1"; shift
482 | SCRIPT=
483 | [ $# -eq 0 ] || { SCRIPT=$(realpath "$1"); shift; }
484 | 
485 | [ "$CLEANUP" = no ] || trap cleanup EXIT HUP INT TERM
486 | 
487 | #-----------------------------------------------------------------------
488 | if [ "$INSTALL_HOST_PKGS" = yes ]; then
489 | 	einfo 'Installing needed packages on host system'
490 | 
491 | 	# We need load btrfs module to avoid the error message:
492 | 	# 'failed to open /dev/btrfs-control'
493 | 	if ! grep -q -w "$ROOTFS" /proc/filesystems; then
494 | 		modprobe $ROOTFS
495 | 	fi
496 | 
497 | 	[ "$BOOT_MODE" = 'UEFI' ] && vfatpkg='dosfstools' || vfatpkg=
498 | 	_apk add -t $VIRTUAL_PKG qemu-img $(fs_progs_pkg "$ROOTFS") $vfatpkg rsync sfdisk
499 | fi
500 | 
501 | #-----------------------------------------------------------------------
502 | temp_dir=''
503 | if ! command -v "$APK" >/dev/null; then
504 | 	einfo "$APK not found, downloading static apk-tools"
505 | 
506 | 	temp_dir="$(mktemp -d /tmp/$PROGNAME.XXXXXX)"
507 | 	wgets "$APK_TOOLS_URI" "$APK_TOOLS_SHA256" "$temp_dir"
508 | 	APK="$temp_dir/apk.static"
509 | 	chmod +x "$APK"
510 | fi
511 | 
512 | #-----------------------------------------------------------------------
513 | if [ ! -f "$IMAGE_FILE" ] && [ ! -b "$IMAGE_FILE" ]; then
514 | 	einfo "Creating $IMAGE_FORMAT image of size $IMAGE_SIZE"
515 | 	qemu-img create ${IMAGE_FORMAT:+-f $IMAGE_FORMAT} "$IMAGE_FILE" "$IMAGE_SIZE"
516 | fi
517 | 
518 | #-----------------------------------------------------------------------
519 | if [ -b "$IMAGE_FILE" ]; then
520 | 	echo "Provided target $IMAGE_FILE is a block device" >&2
521 | 
522 | 	disk_dev="$IMAGE_FILE"
523 | else
524 | 	einfo "Attaching image $IMAGE_FILE as a NBD device"
525 | 
526 | 	disk_dev=$(attach_image "$IMAGE_FILE" "$IMAGE_FORMAT")
527 | fi
528 | 
529 | #-----------------------------------------------------------------------
530 | if [ "$PARTITION" = yes ] || [ "$BOOT_MODE" = 'UEFI' ]; then
531 | 	einfo 'Creating GPT partition table'
532 | 
533 | 	create_gpt "$disk_dev" "$BOOT_MODE"
534 | 
535 | 	if [ "$BOOT_MODE" = 'BIOS' ]; then
536 | 		root_dev="${disk_dev}p1"
537 | 	else
538 | 		esp_dev="${disk_dev}p1"
539 | 		root_dev="${disk_dev}p2"
540 | 	fi
541 | 	# This is needed when running in a container.
542 | 	settle_dev_node "$root_dev" || die "system didn't create $root_dev node"
543 | else
544 | 	root_dev="$disk_dev"
545 | fi
546 | 
547 | #-----------------------------------------------------------------------
548 | einfo 'Creating filesystem(s)'
549 | 
550 | if [ "$BOOT_MODE" = 'UEFI' ]; then
551 | 	mkfs.fat -F32 -n EFI "$esp_dev"
552 | fi
553 | 
554 | # syslinux 6.0.3 cannot boot from ext4 w/ 64bit feature enabled.
555 | # -E nodiscard / -K - do not attempt to discard blocks at mkfs time (it's
556 | # useless for NBD image and prints confusing error).
557 | [ "$ROOTFS" = ext4 ] && mkfs_args='-O ^64bit -E nodiscard' || mkfs_args='-K'
558 | 
559 | mkfs.$ROOTFS -L root $mkfs_args "$root_dev"
560 | 
561 | root_uuid=$(blk_uuid "$root_dev")
562 | mount_dir=$(mktemp -d /tmp/$PROGNAME.XXXXXX)
563 | 
564 | #-----------------------------------------------------------------------
565 | einfo "Mounting image at $mount_dir"
566 | 
567 | mount "$root_dev" "$mount_dir"
568 | 
569 | if [ "$BOOT_MODE" = 'UEFI' ]; then
570 | 	install -d -m 000 "$mount_dir"/boot
571 | 	mount -t vfat "$esp_dev" "$mount_dir"/boot
572 | fi
573 | 
574 | #-----------------------------------------------------------------------
575 | einfo 'Installing base system'
576 | 
577 | cd "$mount_dir"
578 | 
579 | mkdir -p etc/apk/keys
580 | if [ "$REPOS_FILE" ]; then
581 | 	install -m 644 "$REPOS_FILE" etc/apk/repositories
582 | else
583 | 	cat > etc/apk/repositories <<-EOF
584 | 		$ALPINE_MIRROR/$ALPINE_BRANCH/main
585 | 		$ALPINE_MIRROR/$ALPINE_BRANCH/community
586 | 	EOF
587 | fi
588 | if [ -d "$KEYS_DIR" ]; then
589 | 	cp "$KEYS_DIR"/* etc/apk/keys/
590 | else
591 | 	dump_alpine_keys etc/apk/keys/
592 | fi
593 | 
594 | # Use APK cache if available.
595 | if [ -L /etc/apk/cache ]; then
596 | 	ln -s "$(realpath /etc/apk/cache)" etc/apk/cache
597 | fi
598 | 
599 | _apk add --root . ${ARCH:+--arch "$ARCH"} --update-cache --initdb alpine-base
600 | 
601 | fsprogs_pkgs=
602 | # btrfs doesn't use fsck, so we don't have to install btrfs-progs.
603 | [ "$ROOTFS" != 'btrfs' ] && fsprogs_pkgs="$(fs_progs_pkg "$ROOTFS")"
604 | [ "$BOOT_MODE" = 'UEFI' ] && fsprogs_pkgs="$fsprogs_pkgs dosfstools"
605 | [ "$fsprogs_pkgs" ] && _apk add --root . $fsprogs_pkgs
606 | 
607 | prepare_chroot .
608 | 
609 | #-----------------------------------------------------------------------
610 | einfo "Installing kernel linux-$KERNEL_FLAVOR"
611 | 
612 | if [ "$KERNEL_FLAVOR" = 'virt' ]; then
613 | 	_apk add --root . linux-$KERNEL_FLAVOR
614 | else
615 | 	# Avoid installing *all* linux-firmware-* packages (see #21).
616 | 	_apk add --root . linux-$KERNEL_FLAVOR linux-firmware-none
617 | fi
618 | 
619 | #-----------------------------------------------------------------------
620 | einfo "Installing and configuring mkinitfs"
621 | 
622 | _apk add --root . mkinitfs
623 | setup_mkinitfs . "base $ROOTFS $INITFS_FEATURES"
624 | 
625 | #-----------------------------------------------------------------------
626 | if [ "$BOOT_MODE" = 'BIOS' ]; then
627 | 	einfo 'Setting up extlinux bootloader'
628 | 
629 | 	_apk add --root . --no-scripts syslinux
630 | 	setup_extlinux . "UUID=$root_uuid" "$ROOTFS" "$KERNEL_FLAVOR" "$SERIAL_PORT"
631 | 
632 | 	if [ "$PARTITION" = yes ]; then
633 | 		dd bs=440 count=1 conv=notrunc if=usr/share/syslinux/gptmbr.bin of="$disk_dev"
634 | 		sync
635 | 	fi
636 | fi
637 | 
638 | #-----------------------------------------------------------------------
639 | einfo 'Configuring system'
640 | 
641 | cat > etc/fstab <<-EOF
642 | 	# <fs>		<mountpoint>	<type>	<opts>		<dump/pass>
643 | 	UUID=$root_uuid	/		$ROOTFS	relatime	0 1
644 | EOF
645 | 
646 | if [ "$BOOT_MODE" = 'UEFI' ]; then
647 | 	echo "LABEL=EFI	/boot		vfat\
648 | 	rw,relatime,fmask=0133,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro	0 2" \
649 | 	>> etc/fstab
650 | 
651 | 	# This script is interpreted by UEFI.
652 | 	# NOTE: When console=$SERIAL_PORT is added here, no messages are printed to
653 | 	#  console on QEMU after switch_root. 'console=tty0' must be explicitly set
654 | 	#  for aarch64 (it's the default on x86_64).
655 | 	echo "vmlinuz-$KERNEL_FLAVOR" \
656 | 		"initrd=initramfs-$KERNEL_FLAVOR" \
657 | 		"root=UUID=$root_uuid" \
658 | 		"rootfstype=$ROOTFS" \
659 | 		"modules=$(echo $INITFS_FEATURES | tr ' ' ',')" \
660 | 		'console=tty0' \
661 | 		> boot/startup.nsh
662 | fi
663 | 
664 | # We just prepare this config, but don't start the networking service.
665 | cat > etc/network/interfaces <<-EOF
666 | 	auto eth0
667 | 	iface eth0 inet dhcp
668 | 
669 | 	post-up /etc/network/if-post-up.d/*
670 | 	post-down /etc/network/if-post-down.d/*
671 | EOF
672 | 
673 | mkdir -p etc/network/if-post-up.d
674 | mkdir -p etc/network/if-post-down.d
675 | 
676 | if [ "$SERIAL_PORT" ]; then
677 | 	echo "$SERIAL_PORT" >> etc/securetty
678 | 	sed -Ei "s|^[# ]*($SERIAL_PORT:.*)|\1|" etc/inittab
679 | fi
680 | 
681 | #-----------------------------------------------------------------------
682 | einfo 'Enabling base system services'
683 | 
684 | rc_add sysinit devfs dmesg mdev hwdrivers
685 | [ -e etc/init.d/cgroups ] && rc_add sysinit cgroups ||:  # since v3.8
686 | 
687 | rc_add boot modules hwclock swap hostname sysctl bootmisc syslog
688 | # urandom was renamed to seedrng in v3.17
689 | [ -e etc/init.d/seedrng ] && rc_add boot seedrng || rc_add boot urandom
690 | 
691 | rc_add shutdown killprocs savecache mount-ro
692 | 
693 | #-----------------------------------------------------------------------
694 | if [ "$PACKAGES" ]; then
695 | 	einfo 'Installing additional packages'
696 | 	_apk add --root . $PACKAGES
697 | fi
698 | 
699 | #-----------------------------------------------------------------------
700 | if [ -L /etc/apk/cache ]; then
701 | 	rm etc/apk/cache >/dev/null 2>&1
702 | fi
703 | 
704 | #-----------------------------------------------------------------------
705 | if [ "$FS_SKEL_DIR" ]; then
706 | 	einfo "Copying content of $FS_SKEL_DIR into image"
707 | 
708 | 	[ "$FS_SKEL_CHOWN" ] \
709 | 		&& rsync_opts="--chown $FS_SKEL_CHOWN" \
710 | 		|| rsync_opts='--numeric-ids'
711 | 	rsync --archive --info=NAME2 --whole-file $rsync_opts "$FS_SKEL_DIR"/ . >&2
712 | 
713 | 	# rsync may modify perms of the rootfs dir itself, so make sure it's correct.
714 | 	install -d -m 0755 -o root -g root .
715 | fi
716 | 
717 | #-----------------------------------------------------------------------
718 | if [ "$SCRIPT" ]; then
719 | 	script_name="${SCRIPT##*/}"
720 | 
721 | 	if [ "$SCRIPT_CHROOT" = 'no' ]; then
722 | 		einfo "Executing script: $script_name $*"
723 | 		"$SCRIPT" "$@" || die 'Script failed'
724 | 	else
725 | 		einfo "Executing script in chroot: $script_name $*"
726 | 		mount_bind "${SCRIPT%/*}" mnt/
727 | 		chroot . /bin/sh -c "cd /mnt && ./$script_name \"\$@\"" -- "$@" \
728 | 			|| die 'Script failed'
729 | 	fi
730 | fi
731 | 
732 | #-----------------------------------------------------------------------
733 | if grep -qw "$RESOLVCONF_MARK" etc/resolv.conf 2>/dev/null; then
734 | 	cat > etc/resolv.conf <<-EOF
735 | 		# Default nameservers, replace them with your own.
736 | 		nameserver 1.1.1.1
737 | 		nameserver 2606:4700:4700::1111
738 | 	EOF
739 | fi
740 | 
741 | rm -Rf var/cache/apk/* ||:
742 | 
743 | einfo 'Completed'
744 | 
745 | cd - >/dev/null
746 | ls -lh "$IMAGE_FILE"
747 | 


--------------------------------------------------------------------------------