├── .gitignore ├── COPYING ├── COPYING.GPL ├── README ├── bin └── pcib ├── examples ├── openstack-openbsd56 └── openstack-openbsd57 ├── lib ├── cleanup.sh ├── functions.sh ├── gnu.sh ├── host.sh ├── lock.sh ├── optparse.sh ├── os.sh ├── plugin.sh ├── sudo.sh ├── task.sh ├── ui.sh └── usage.sh └── plugins ├── base ├── bootable │ ├── init.sh │ └── tasks │ │ ├── 35-install-kernel.sh │ │ └── 40-configure-networking.sh ├── pcib │ ├── init.sh │ └── tasks │ │ ├── 00-lock.sh │ │ ├── 01-create-workspace.sh │ │ ├── 18-mount-filesystems.sh │ │ └── 82-unmount-filesystems.sh └── raw-image-file │ ├── init.sh │ └── tasks │ ├── 02-create-image-file.sh │ ├── 03-loopback-image-file.sh │ ├── 85-close-loop-device.sh │ └── 99-finalise.sh ├── fs ├── ext4 │ ├── init.sh │ └── tasks │ │ ├── 00-check-ext4-filesystem-programs.sh │ │ └── 10-format-filesystems.sh └── ffs │ ├── init.sh │ └── tasks │ └── 10-format-filesystems.sh ├── lib ├── README └── ruby │ └── init.sh ├── mds ├── coffee │ ├── files │ │ ├── init_scripts │ │ │ ├── avf-configure-networking │ │ │ ├── avf-install-root-ssh-keys │ │ │ └── avf-set-root-password │ │ ├── systemd │ │ │ ├── avf-configure-networking.service │ │ │ ├── avf-connect-to-mds.service │ │ │ ├── avf-install-root-ssh-keys.service │ │ │ └── avf-set-root-password.service │ │ └── usr │ │ │ └── local │ │ │ └── share │ │ │ └── avf │ │ │ ├── bin │ │ │ ├── configure-networking │ │ │ ├── connect-to-mds │ │ │ ├── install-root-ssh-keys │ │ │ └── set-root-password │ │ │ └── lib │ │ │ └── functions │ ├── init.sh │ └── tasks │ │ └── 30-install-initscripts.sh └── ec2 │ ├── init.sh │ └── tasks │ └── 50-ec2-metadata.sh ├── misc └── linux-swap │ ├── init.sh │ └── tasks │ └── 12-format-swap.sh ├── os ├── centos │ ├── init.sh │ └── tasks │ │ ├── 00-check-os-centos-programs.sh │ │ ├── 00-check-os-centos-rpm-config.sh │ │ ├── 18-prepare-repos.sh │ │ ├── 20-yum-bootstrap.sh │ │ ├── 21-resolv-conf.sh │ │ ├── 21-yum-repos.sh │ │ ├── 35-configure-kernel.sh │ │ └── 79-clean-yum.sh ├── debian │ ├── init.sh │ └── tasks │ │ ├── 00-check-os-debian-programs.sh │ │ ├── 19-disable-daemons.sh │ │ ├── 20-debootstrap.sh │ │ ├── 21-apt-sources.sh │ │ ├── 21-configure-proxy.sh │ │ ├── 22-no-recommends.sh │ │ ├── 24-apt-file-update.sh │ │ ├── 24-apt-upgrade.sh │ │ ├── 74-uninstall-apt-file.sh │ │ ├── 79-clean-apt.sh │ │ ├── 79-unconfigure-proxy.sh │ │ └── 81-enable-daemons.sh ├── linux-common │ ├── init.sh │ └── tasks │ │ ├── 00-check-os-linux-common-programs.sh │ │ ├── 21-mount-specials.sh │ │ ├── 25-fstab.sh │ │ ├── 75-unmount-specials.sh │ │ └── 79-cleanup-system.sh └── openbsd │ ├── files │ └── usr │ │ └── src │ │ └── distrib │ │ ├── amd64 │ │ └── ramdisk_growfs │ │ │ ├── Makefile │ │ │ ├── dot.profile │ │ │ └── list.local │ │ └── special │ │ └── growfs │ │ └── Makefile │ ├── init.sh │ └── tasks │ ├── 00-check-os-openbsd-sources.sh │ ├── 02-fetch-sets.sh │ ├── 20-extract-sets.sh │ ├── 21-growfs.sh │ ├── 21-makedev.sh │ ├── 21-pkg-conf.sh │ ├── 21-resolv-conf.sh │ ├── 24-install-pkg-locate.sh │ ├── 25-fstab.sh │ ├── 60-install-bootloader.sh │ ├── 78-uninstall-pkg-locate.sh │ └── 79-resolv-conf.sh ├── package ├── auditd │ ├── init.sh │ └── tasks │ │ └── 30-install-auditd.sh ├── exim │ ├── init.sh │ └── tasks │ │ ├── 29-preseed-exim.sh │ │ └── 30-install-exim-package.sh ├── grub │ ├── init.sh │ └── tasks │ │ ├── 30-install-grub-package.sh │ │ ├── 60-install-grub-in-bootloader.sh │ │ └── 61-generate-grub-config.sh ├── postfix │ ├── init.sh │ └── tasks │ │ └── 30-install-postfix-package.sh ├── sshd │ ├── files │ │ ├── init_scripts │ │ │ └── generate-ssh-hostkeys │ │ └── systemd │ │ │ └── generate-ssh-hostkeys.service │ ├── init.sh │ └── tasks │ │ ├── 00-check-package-ssh-programs-available.sh │ │ ├── 30-install-ssh.sh │ │ ├── 30-ssh-hostkeys-init-script.sh │ │ ├── 60-ssh-password-auth.sh │ │ └── 79-clean-keys.sh ├── unattended-upgrades │ ├── init.sh │ └── tasks │ │ ├── 00-check-unattended-upgrades-os.sh │ │ ├── 30-install-unattended-upgrades-packages.sh │ │ └── 40-configure-unattended-upgrades.sh └── yum-cron │ ├── init.sh │ └── tasks │ ├── 00-check-yum-cron-os.sh │ ├── 30-install-yum-cron-packages.sh │ └── 40-configure-yum-cron.sh ├── partitioner ├── disklabel │ ├── init.sh │ └── tasks │ │ └── 05-partition-image.sh ├── full-disk-with-lvm │ ├── init.sh │ └── tasks │ │ ├── 00-check-full-disk-partitioner-programs.sh │ │ ├── 01-validate-misc-lvm-target-options.sh │ │ ├── 05-partition-image.sh │ │ ├── 06-refresh-partitions.sh │ │ ├── 07-create-target-lv.sh │ │ ├── 15-refresh-partitions.sh │ │ ├── 30-install-lvm-packages.sh │ │ ├── 79-clean-lvm.sh │ │ └── 84-finalise-vg.sh └── full-disk │ ├── init.sh │ └── tasks │ ├── 00-check-full-disk-partitioner-programs.sh │ ├── 05-partition-image.sh │ ├── 06-refresh-partitions.sh │ └── 15-refresh-partitions.sh ├── repo ├── debian-backports │ ├── init.sh │ └── tasks │ │ ├── 00-check-debian-backports-os.sh │ │ └── 21-debian-backports.sh ├── epel │ ├── init.sh │ └── tasks │ │ ├── 00-check-epel-os.sh │ │ ├── 00-epel-option-defaults.sh │ │ └── 23-epel.sh └── m-tier │ ├── files │ ├── etc │ │ └── signify │ │ │ ├── mtier-56-pkg.pub │ │ │ └── mtier-57-pkg.pub │ └── usr │ │ └── local │ │ └── sbin │ │ └── openup │ ├── init.sh │ └── tasks │ ├── 00-check-m-tier-os.sh │ ├── 22-m-tier.sh │ ├── 23-openup.sh │ └── 69-openup.sh └── user └── admin ├── init.sh └── tasks ├── 00-process-user-admin-args.sh └── 40-configure-admin-user.sh /.gitignore: -------------------------------------------------------------------------------- 1 | # Reserved for vendor- and site-local plugins. 2 | /plugins/vendor 3 | /plugins/site 4 | 5 | *.swp 6 | -------------------------------------------------------------------------------- /COPYING: -------------------------------------------------------------------------------- 1 | PCIB is based on UCIB, originally written by Matt Palmer 2 | . Code which is copyright Matt Palmer is licensed 3 | under GPLv3; see COPYING.GPL. Other code is made available under an 4 | ISC-style licence; see copyright notices in the individual files. 5 | 6 | Files with no explicit copyright or licence statement are covered by 7 | the following conditions (from the original UCIB source tree): 8 | 9 | This program is free software; you can redistribute it and/or modify it 10 | under the terms of the GNU General Public License version 3, as 11 | published by the Free Software Foundation. 12 | 13 | This program is distributed in the hope that it will be useful, but 14 | WITHOUT ANY WARRANTY; without even the implied warranty of 15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 | General Public License for more details. 17 | 18 | You should have received a copy of the GNU General Public License along 19 | with this program; if not, see 20 | -------------------------------------------------------------------------------- /README: -------------------------------------------------------------------------------- 1 | PCIB - The Penultimate Cloud Image Builder 2 | ------------------------------------------ 3 | 4 | PCIB is a cloud image builder based on UCIB (the Ultimate Cloud Image 5 | Builder) by Matt Palmer. While it retains the same extensible plugin 6 | architecture as UCIB, there are several important design changes: 7 | 8 | - PCIB does not care what host OS you're building an image on, and 9 | will not try to install any packages on your system for you. Rather, 10 | it will complain and die if it can't find a command it needs. This 11 | both simplifies the codebase and leaves your system's administration 12 | in the hands of the best person for the job: you. 13 | 14 | - PCIB has abandoned the concept of a monolithic "cloud" plugin that 15 | does everything you need for a particular cloud platform. In 16 | actuality, many cloud platforms are made up of a large number of 17 | small subsystems, many of which are common between multiple 18 | platforms. 19 | 20 | To best support this, PCIB can accept options in a config file as 21 | well as on the command line, and each "cloud" is now represented in 22 | an example config file in examples/. 23 | 24 | - New contributions to PCIB are licensed under a permissive licence 25 | (ISC-style preferred). UCIB is licensed under GPLv3, and much of the 26 | code in PCIB is taken from UCIB, but new contributions under the GPL 27 | will not be accepted. 28 | -------------------------------------------------------------------------------- /bin/pcib: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright (c) 2015 Steven McDonald 4 | # 5 | # Permission to use, copy, modify, and distribute this software for any 6 | # purpose with or without fee is hereby granted, provided that the above 7 | # copyright notice and this permission notice appear in all copies. 8 | # 9 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | 17 | set -e 18 | set -o pipefail 19 | shopt -s nullglob 20 | 21 | # The image build system's locale should not be able to influence the 22 | # resulting image. 23 | export LC_ALL=C 24 | 25 | # Asking "where is my binary located?" is inherently non-portable in 26 | # shell. This implementation uses only base perl modules, which should 27 | # be available everywhere. 28 | ROOT="$( 29 | perl -MCwd=abs_path -MFile::Basename=dirname -e 'print dirname dirname abs_path $ARGV[0]' \ 30 | "$(which "$0")" 31 | )" 32 | . "$ROOT"/lib/functions.sh 33 | 34 | ARGV=("$@") 35 | CONFIG_ARGV=() 36 | 37 | # Options that should only ever be specified on the command line, and 38 | # thus come before config file parsing. 39 | parseopt debug 40 | parseopt help 41 | 42 | if optval debug &>/dev/null; then 43 | DEBUG=y 44 | fi 45 | 46 | if [ "${#ARGV[@]}" -eq 1 ]; then 47 | ARGV=(--config "${ARGV[@]}") 48 | fi 49 | 50 | parseopt config true 51 | if optval config &>/dev/null; then 52 | config="$(optval config)" 53 | [ -e "$config" ] || fatal "Config file does not exist: $config" 54 | [ -f "$config" ] || fatal "Not a regular file: $config" 55 | [ -r "$config" ] || fatal "No read permission: $config" 56 | while IFS='=' read key value; do 57 | CONFIG_ARGV=("${CONFIG_ARGV[@]}" --"$key" "$value") 58 | done < <(grep -Ev '^[[:space:]]*(#|$)' "$(optval config)") 59 | fi 60 | 61 | load_plugin_or_die base/pcib 62 | 63 | parseopt os true 64 | if ! optval os &>/dev/null; then 65 | fatal "Required option 'os' not provided." 66 | fi 67 | load_plugin_or_die os/"$(optval os)" 68 | 69 | parseopt plugin true 70 | while optval plugin &>/dev/null; do 71 | load_plugin_or_die "$(optval plugin)" 72 | parseopt plugin true 73 | done 74 | 75 | if optval help &>/dev/null; then 76 | usage 77 | exit 0 78 | fi 79 | 80 | if [ "${#ARGV[@]}" -gt 0 -o "${#CONFIG_ARGV[@]}" -gt 0 ]; then 81 | fatal "Unrecognised arguments: ${ARGV[*]} ${CONFIG_ARGV[*]}" 82 | fi 83 | 84 | trap 'error "An error occurred. Cleaning up..."; run_cleanups' EXIT 85 | 86 | run_tasks 87 | BUILD_COMPLETE=1 88 | 89 | run_cleanups 90 | trap '' EXIT 91 | exit 0 92 | -------------------------------------------------------------------------------- /examples/openstack-openbsd56: -------------------------------------------------------------------------------- 1 | os=openbsd 2 | mirror=http://mirror.internode.on.net/pub/OpenBSD 3 | arch=amd64 4 | release=5.6 5 | 6 | plugin=base/bootable 7 | dhcp-interface=vio0 8 | 9 | plugin=base/raw-image-file 10 | image-basename=openstack-openbsd56 11 | image-size=1 12 | 13 | plugin=partitioner/disklabel 14 | plugin=fs/ffs 15 | plugin=repo/m-tier 16 | plugin=package/sshd 17 | 18 | plugin=mds/ec2 19 | plugin=user/admin 20 | admin-shells=ksh 21 | ec2-user=admin 22 | -------------------------------------------------------------------------------- /examples/openstack-openbsd57: -------------------------------------------------------------------------------- 1 | os=openbsd 2 | mirror=http://mirror.internode.on.net/pub/OpenBSD 3 | arch=amd64 4 | release=5.7 5 | 6 | plugin=base/bootable 7 | dhcp-interface=vio0 8 | 9 | plugin=base/raw-image-file 10 | image-basename=openstack-openbsd57 11 | image-size=1 12 | 13 | plugin=partitioner/disklabel 14 | plugin=fs/ffs 15 | plugin=repo/m-tier 16 | plugin=package/sshd 17 | 18 | plugin=mds/ec2 19 | plugin=user/admin 20 | admin-shells=ksh 21 | ec2-user=admin 22 | -------------------------------------------------------------------------------- /lib/cleanup.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Steven McDonald 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | cleanups=() 16 | 17 | register_cleanup() { 18 | debug "Registering cleanup: $1" 19 | cleanups=("${cleanups[@]}" "$1") 20 | } 21 | 22 | run_cleanups() { 23 | local target="$1" 24 | debug "Running cleanups up to $target" 25 | 26 | while [ -n "$cleanups" ]; do 27 | # "cleanups[-1]" is a bash-4ism, and doesn't even work correctly 28 | # on all bash 4 versions. Calculating a positive index enables us 29 | # to run on older systems. 30 | local i=$((${#cleanups[@]}-1)) 31 | local cleanup="${cleanups[$i]}" 32 | unset "cleanups[$i]" 33 | 34 | debug "Running cleanup: $cleanup" 35 | "$cleanup" 36 | 37 | [ "$cleanup" != "$target" ] || break 38 | done 39 | } 40 | -------------------------------------------------------------------------------- /lib/functions.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Steven McDonald 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | . "$ROOT"/lib/cleanup.sh 16 | . "$ROOT"/lib/gnu.sh 17 | . "$ROOT"/lib/host.sh 18 | . "$ROOT"/lib/lock.sh 19 | . "$ROOT"/lib/optparse.sh 20 | . "$ROOT"/lib/os.sh 21 | . "$ROOT"/lib/plugin.sh 22 | . "$ROOT"/lib/sudo.sh 23 | . "$ROOT"/lib/task.sh 24 | . "$ROOT"/lib/ui.sh 25 | . "$ROOT"/lib/usage.sh 26 | -------------------------------------------------------------------------------- /lib/gnu.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | # seq and shred are only available as GNU variants (with 'g' prefix) on 16 | # non-GNU systems. sed is more widely available, but we rely on the -i 17 | # option, which is a GNUism. 18 | 19 | case "$(uname -s)" in 20 | Linux|GNU*) 21 | gsed=sed 22 | gseq=seq 23 | gshred=shred 24 | ;; 25 | *) 26 | gsed=gsed 27 | gseq=gseq 28 | gshred=gshred 29 | ;; 30 | esac 31 | -------------------------------------------------------------------------------- /lib/host.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Steven McDonald 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | check_program_available() { 16 | eval "$1" &>/dev/null || fatal "Command not found: $2" 17 | } 18 | 19 | run_in_target() { 20 | chroot "$TARGET" "$@" 21 | } 22 | -------------------------------------------------------------------------------- /lib/lock.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | cleanup_locks() { 16 | for pid in "${locks[@]}"; do 17 | [ -z "$pid" ] || kill "$pid" 18 | done 19 | } 20 | declare -A locks 21 | 22 | lock() { 23 | local lock="$1" 24 | mkdir -p "$BASEDIR"/lock 25 | 26 | locks[$lock]="$( ( 27 | if ! flock 9; then 28 | error "Unable to acquire lock for '$lock'" 29 | exit 1 30 | fi 31 | ( 32 | # Hold the lock forever, or until we get killed. 33 | exec >/dev/null 34 | while :; do 35 | sleep 1 36 | done 37 | ) & 38 | echo $! 39 | ) 9>"$BASEDIR"/lock/"$lock" )" 40 | } 41 | 42 | unlock() { 43 | local lock="$1" 44 | 45 | [ -n "${locks[$lock]}" ] || 46 | fatal "Attempt to release non-existent lock '$lock'" 47 | 48 | kill "${locks[$lock]}" 49 | locks[$lock]= 50 | } 51 | -------------------------------------------------------------------------------- /lib/optparse.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Steven McDonald 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | declare -A OPTS 16 | 17 | parseopt() { 18 | local opt="$1" 19 | local val="$2" 20 | local def="$3" 21 | 22 | # Reset any previously parsed option to default value (for 23 | # multivalue opts). 24 | if [ -n "$def" ]; then 25 | OPTS["$opt"]="$def" 26 | else 27 | unset "OPTS[$opt]" 28 | fi 29 | 30 | for i in "${!ARGV[@]}"; do 31 | if [ "${ARGV[$i]}" = --"$opt" ]; then 32 | unset "ARGV[$i]" 33 | if [ "$val" = true ]; then 34 | OPTS["$opt"]="${ARGV[$(($i+1))]}" 35 | unset "ARGV[$(($i+1))]" 36 | else 37 | OPTS["$opt"]=y 38 | fi 39 | return 40 | fi 41 | done 42 | 43 | for i in "${!CONFIG_ARGV[@]}"; do 44 | if [ "${CONFIG_ARGV[$i]}" = --"$opt" ]; then 45 | unset "CONFIG_ARGV[$i]" 46 | if [ "$val" = true ]; then 47 | OPTS["$opt"]="${CONFIG_ARGV[$(($i+1))]}" 48 | unset "CONFIG_ARGV[$(($i+1))]" 49 | else 50 | OPTS["$opt"]=y 51 | fi 52 | return 53 | fi 54 | done 55 | } 56 | 57 | optval() { 58 | local opt="$1" 59 | 60 | # Do we actually have the requested option? 61 | if [ -z "${OPTS["$opt"]:+yes}" ]; then 62 | return 1 63 | fi 64 | 65 | echo "${OPTS["$opt"]}" 66 | } 67 | -------------------------------------------------------------------------------- /lib/os.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | # Once upon a time, these were implemented by individual OS plugins. 16 | # However, the majority of their code was simply duplicated between 17 | # plugins. In order to reduce the inevitable code smell, the 18 | # OS-specific bits were separated into two new (trivial) functions, 19 | # find_package_containing and expand_command_path, and the common code 20 | # moved here. 21 | 22 | install_package_containing() { 23 | local error 24 | if [ "$1" = -q ]; then 25 | # If we've been asked for silence, turn errors into debugs. 26 | error=debug 27 | shift 28 | else 29 | error=error 30 | fi 31 | 32 | # Run cheap tests first; if a file we want already exists, we can 33 | # skip all of the below (and apt-file is sloooooowwwww). This is 34 | # also more correct; if we are provided with more than one file, and 35 | # one of them (other than the first) already exists, there's no 36 | # point trying to install *another* package to provide an 37 | # alternative for something we already have. 38 | for file in "$@"; do 39 | debug "Checking to see if '$file' already exists" 40 | [ -e "$TARGET""$file" ] || continue 41 | debug "File exists, not installing any packages: $file" 42 | return 0 43 | done 44 | 45 | for file in "$@"; do 46 | debug "Looking for a package containing '$file'" 47 | pkg="$(find_package_containing "$file")" 48 | 49 | if [ -n "$pkg" ]; then 50 | install_packages_in_target "$pkg" 51 | return 0 52 | fi 53 | done 54 | 55 | "$error" "No package found for any of: $*" 56 | return 1 57 | } 58 | 59 | install_package_providing() { 60 | for cmd in "$@"; do 61 | debug "Looking for a package providing command '$cmd'" 62 | if install_package_containing -q $(expand_command_path "$cmd"); then 63 | return 0 64 | fi 65 | done 66 | 67 | error "No package found for any of commands: $*" 68 | return 1 69 | } 70 | -------------------------------------------------------------------------------- /lib/plugin.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Steven McDonald 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | plugindir() { 16 | echo "$ROOT"/plugins/"$1" 17 | } 18 | 19 | plugin_file() { 20 | echo "$(plugindir "$1")"/files/"$2" 21 | } 22 | 23 | load_plugin() { 24 | local plugin="$1" 25 | local init="$(plugindir "$plugin")"/init.sh 26 | 27 | if [ ! -f "$init" ]; then 28 | debug "No such plugin: $plugin" 29 | return 1 30 | fi 31 | 32 | debug "Loading plugin: $plugin" 33 | . "$init" 34 | register_plugin_tasks "$plugin" 35 | debug "Finished loading plugin: $plugin" 36 | } 37 | 38 | load_plugin_or_die() { 39 | load_plugin "$@" || fatal "Unable to load plugin: $*" 40 | } 41 | 42 | load_plugin_if_exists() { 43 | load_plugin "$@" || : 44 | } 45 | -------------------------------------------------------------------------------- /lib/sudo.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | # This used to live in various different OS plugins, but since there's 16 | # only one implementation of sudo, there's no point repeating this in a 17 | # billion different places. 18 | 19 | grant_full_sudo() { 20 | install_package_providing sudo 21 | 22 | if [ ! -d "$TARGET"/etc/sudoers.d ]; then 23 | mkdir -p "$TARGET"/etc/sudoers.d 24 | echo "#includedir /etc/sudoers.d" >>"$TARGET"/etc/sudoers 25 | fi 26 | 27 | echo "$1 ALL=(ALL) NOPASSWD: ALL" >"$TARGET"/etc/sudoers.d/99_"$1" 28 | chmod 0440 "$TARGET"/etc/sudoers.d/99_"$1" 29 | } 30 | -------------------------------------------------------------------------------- /lib/task.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Steven McDonald 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | declare -A tasks 16 | 17 | register_plugin_tasks() { 18 | local taskdir="$(plugindir "$1")"/tasks 19 | 20 | for task in "$taskdir"/*.sh; do 21 | tasks["$(basename "$task")"]="$task" 22 | done 23 | } 24 | 25 | run_tasks() { 26 | local tasklist 27 | readarray -t tasklist < <(printf '%s\n' "${!tasks[@]}" | sort) 28 | 29 | for task in "${tasklist[@]}"; do 30 | info "Running task: $task" 31 | . "${tasks["$task"]}" 32 | done 33 | } 34 | -------------------------------------------------------------------------------- /lib/ui.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Steven McDonald 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | status() { 16 | colour="$1"; shift 17 | printf '\033[%sm%s\033[0m\n' "$colour" "$*" >&2 18 | } 19 | 20 | debug() { 21 | [ "$DEBUG" = y ] || return 0 22 | # Magenta. 23 | status '0;35' DEBUG: "$@" 24 | } 25 | 26 | info() { 27 | # Cyan. 28 | status '0;36' INFO: "$@" 29 | } 30 | 31 | warning() { 32 | # Yellow. 33 | status '0;33' WARNING: "$@" 34 | } 35 | 36 | error() { 37 | # Red. 38 | status '0;31' ERROR: "$@" 39 | } 40 | 41 | fatal() { 42 | # If we're failing from an init.sh, and the user has requested help, 43 | # let things fall through to the usage message. 44 | if optval help &>/dev/null; then 45 | return 46 | fi 47 | 48 | error "$@" 49 | exit 1 50 | } 51 | 52 | spin() { 53 | local msg="$*" 54 | local char='|' 55 | 56 | while read line; do 57 | [ -z "$WORKSPACE" ] || echo "$line" >>"$WORKSPACE"/build.log 58 | printf '\r%s: %s' "$msg" "$char" >&2 59 | case "$char" in 60 | \|) char=/ ;; 61 | /) char=- ;; 62 | -) char=\\ ;; 63 | \\) char=\| ;; 64 | esac 65 | done 66 | 67 | printf '\r%s: \033[0;32mDone!\033[0m\n' "$msg" >&2 68 | } 69 | 70 | logpipe() { 71 | [ -n "$WORKSPACE" ] || fatal "Unable to log prior to setting up workspace." 72 | cat >>"$WORKSPACE"/build.log 73 | } 74 | -------------------------------------------------------------------------------- /lib/usage.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Steven McDonald 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | usage=() 16 | 17 | register_usage() { 18 | usage=("${usage[@]}" "$1") 19 | } 20 | 21 | usage() { 22 | local begun= 23 | for u in "${usage[@]}"; do 24 | [ -z "$begun" ] || printf '\n' >&2 25 | begun=1 26 | "$u" 27 | done 28 | } 29 | 30 | usage_section() { 31 | # Bold yellow. 32 | status '1;33' "$1" 33 | } 34 | 35 | usage_description() { 36 | for part in "$@"; do 37 | # Green. 38 | status '0;32' "$part" 39 | done 40 | } 41 | 42 | usage_option() { 43 | printf '\n' 44 | 45 | # Bold cyan. 46 | status '1;36' "$1" 47 | shift 48 | 49 | for part in "$@"; do 50 | # Cyan. 51 | status '0;36' "$part" 52 | done 53 | } 54 | -------------------------------------------------------------------------------- /plugins/base/bootable/init.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Steven McDonald 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | base_bootable_usage() { 16 | usage_section "Bootable" 17 | usage_description "Makes an image bootable." \ 18 | "Without this plugin, an image will only be useful in a container or" \ 19 | "chroot." 20 | 21 | usage_option "--dhcp-interface " \ 22 | "A network interface to configure using DHCP. May be specified multiple" \ 23 | "times." 24 | } 25 | 26 | register_usage base_bootable_usage 27 | 28 | dhcp_interfaces=() 29 | parseopt dhcp-interface true 30 | while optval dhcp-interface &>/dev/null; do 31 | dhcp_interfaces=("${dhcp_interfaces[@]}" "$(optval dhcp-interface)") 32 | parseopt dhcp-interface true 33 | done 34 | -------------------------------------------------------------------------------- /plugins/base/bootable/tasks/35-install-kernel.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Steven McDonald 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | # This should be provided by an os plugin. 16 | install_kernel 17 | -------------------------------------------------------------------------------- /plugins/base/bootable/tasks/40-configure-networking.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Steven McDonald 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | for i in "${dhcp_interfaces[@]}"; do 16 | # This should be provided by an os plugin. 17 | dhcp_interface "$i" 18 | done 19 | -------------------------------------------------------------------------------- /plugins/base/pcib/init.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Steven McDonald 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | base_pcib_usage() { 16 | usage_section "PCIB: The Penultimate Cloud Image Builder" 17 | usage_description "A flexible, extensible cloud image builder." 18 | 19 | usage_option "--basedir " \ 20 | "The directory to use for all storage, including final images. pcib may" \ 21 | "do whatever it likes in this directory, so it should not be used by" \ 22 | "anything else. Default: /var/cache/pcib." 23 | 24 | usage_option "--config " \ 25 | "A config file to process additional options from. If only one argument" \ 26 | "provided to pcib, it will assume that it is a config file." 27 | 28 | usage_option "--debug" \ 29 | "Enable debugging output." 30 | 31 | usage_option "--help" \ 32 | "Display usage information and exit." 33 | 34 | usage_option "--os " \ 35 | "Required: The operating system to build, which may provide additional" \ 36 | "options." 37 | 38 | usage_option "--plugin " \ 39 | "Load a plugin, which may provide additional options. This option may be" \ 40 | "specified multiple times." 41 | } 42 | 43 | register_usage base_pcib_usage 44 | 45 | parseopt basedir true /var/cache/pcib 46 | BASEDIR="$(optval basedir)" 47 | [ -d "$BASEDIR" ] || fatal "No such directory: $BASEDIR" 48 | [ -r "$BASEDIR" ] || fatal "No read permission: $BASEDIR" 49 | [ -w "$BASEDIR" ] || fatal "No write permission: $BASEDIR" 50 | [ -x "$BASEDIR" ] || fatal "No search permission: $BASEDIR" 51 | -------------------------------------------------------------------------------- /plugins/base/pcib/tasks/00-lock.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | check_program_available "flock 3 3 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | cleanup_workspace() { 16 | if [ -z "$BUILD_COMPLETE" -o -n "$DEBUG" ]; then 17 | info "Preserving workspace: $WORKSPACE" 18 | else 19 | rm -rf "$WORKSPACE" 20 | fi 21 | } 22 | 23 | register_cleanup cleanup_workspace 24 | 25 | mkdir -p "$BASEDIR"/work 26 | WORKSPACE="$(mktemp -d -p "$BASEDIR"/work XXXXXX)" 27 | -------------------------------------------------------------------------------- /plugins/base/pcib/tasks/18-mount-filesystems.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Steven McDonald 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | cleanup_mount_filesystems() { 16 | [ "$unmount_safely" = safe ] || warning "Performing unsafe unmounts." 17 | 18 | local unmount_order 19 | readarray -t unmount_order < <(perl -e 'print join "\n", sort { length $b <=> length $a } @ARGV' "${!PARTITIONS[@]}") 20 | 21 | for p in "${unmount_order[@]}"; do 22 | is_mountpoint "$TARGET""$p" || continue 23 | unmount_filesystem "$TARGET""$p" "$unmount_safely" 24 | done 25 | } 26 | 27 | register_cleanup cleanup_mount_filesystems 28 | 29 | TARGET="$WORKSPACE"/target 30 | 31 | for p in "${!PARTITIONS[@]}"; do 32 | case "$p" in 33 | /*) ;; 34 | *) continue ;; 35 | esac 36 | 37 | mkdir -p "$TARGET""$p" 38 | mount_filesystem "${PARTITIONS["$p"]}" "$TARGET""$p" 39 | done 40 | -------------------------------------------------------------------------------- /plugins/base/pcib/tasks/82-unmount-filesystems.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Steven McDonald 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | unmount_safely=safe 16 | run_cleanups cleanup_mount_filesystems 17 | -------------------------------------------------------------------------------- /plugins/base/raw-image-file/init.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Steven McDonald 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | raw_image_file_usage() { 16 | usage_section "Raw image file" 17 | usage_description "Provides a raw-format image file." 18 | 19 | usage_option "--compress " \ 20 | "Compress the image using the specified algorithm." 21 | 22 | usage_option "--image-basename " \ 23 | "Required. The basename to use for the final image." 24 | 25 | usage_option "--image-size " \ 26 | "Required. The size of the image in GB." 27 | } 28 | 29 | parseopt compress true "" 30 | case "$(optval compress)" in 31 | ""|bzip2) ;; 32 | *) fatal "Unsupported compression algorithm: $(optval compress)" ;; 33 | esac 34 | 35 | parseopt image-basename true 36 | if ! optval image-basename &>/dev/null; then 37 | fatal "No image-basename provided." 38 | fi 39 | 40 | parseopt image-size true 41 | if ! optval image-size &>/dev/null; then 42 | fatal "No image-size provided." 43 | fi 44 | -------------------------------------------------------------------------------- /plugins/base/raw-image-file/tasks/02-create-image-file.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Steven McDonald 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | IMAGE="$WORKSPACE"/image.raw 16 | 17 | if ! dd if=/dev/null of="$IMAGE" bs=1M seek="$(($(optval image-size)*1024))" &>"$WORKSPACE"/build.log; then 18 | fatal "Error creating image file." 19 | fi 20 | -------------------------------------------------------------------------------- /plugins/base/raw-image-file/tasks/03-loopback-image-file.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Steven McDonald 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | cleanup_loopback_image() { 16 | case "$(uname -s)" in 17 | Linux) 18 | losetup -d "$BLOCK_DEVICE" || 19 | fatal "Unable to unconfigure loopback device." 20 | ;; 21 | OpenBSD) 22 | vnconfig -u vnd"$vnd" || 23 | fatal "Unable to unconfigure vnd(4) device." 24 | ;; 25 | esac 26 | } 27 | 28 | register_cleanup cleanup_loopback_image 29 | 30 | case "$(uname -s)" in 31 | Linux) 32 | BLOCK_DEVICE="$(losetup --show -f "$IMAGE")" || 33 | fatal "Unable to configure loopback device." 34 | CHARACTER_DEVICE="$BLOCK_DEVICE" 35 | ;; 36 | OpenBSD) 37 | lock vnd 38 | vnd="$(vnconfig -l | perl -ne 'if (/^vnd([1-9]|\d{2,}): not in use$/) { print $1; exit; }')" 39 | [ -n "$vnd" ] || fatal "No available vnd(4) found." 40 | 41 | vnconfig vnd"$vnd" "$IMAGE" || 42 | fatal "Unable to configure vnd(4) device." 43 | unlock vnd 44 | 45 | DISK=vnd"$vnd" 46 | BLOCK_DEVICE=/dev/"$DISK"c 47 | CHARACTER_DEVICE=/dev/r"$DISK"c 48 | ;; 49 | *) 50 | fatal "Unknown operating system: $(uname -s)" 51 | ;; 52 | esac 53 | -------------------------------------------------------------------------------- /plugins/base/raw-image-file/tasks/85-close-loop-device.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Steven McDonald 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | run_cleanups cleanup_loopback_image 16 | -------------------------------------------------------------------------------- /plugins/base/raw-image-file/tasks/99-finalise.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Steven McDonald 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | mkdir -p "$BASEDIR"/images 16 | 17 | imagename="$(optval image-basename)"-"$(date +%Y%m%d-%H%M%S)".img 18 | imagepath="$BASEDIR"/images/"$imagename" 19 | 20 | case "$(optval compress)" in 21 | "") 22 | cp "$IMAGE" "$imagepath" 23 | ;; 24 | bzip2) 25 | imagepath="$imagepath".bz2 26 | bzip2 <"$IMAGE" >"$imagepath" 27 | ;; 28 | esac 29 | 30 | info "Image written to: $imagepath" 31 | -------------------------------------------------------------------------------- /plugins/fs/ext4/init.sh: -------------------------------------------------------------------------------- 1 | FILESYSTEM=ext4 2 | -------------------------------------------------------------------------------- /plugins/fs/ext4/tasks/00-check-ext4-filesystem-programs.sh: -------------------------------------------------------------------------------- 1 | check_program_available "(mkfs.ext4 || true) |& grep 'Usage: mkfs.ext4'" "mkfs.ext4" 2 | -------------------------------------------------------------------------------- /plugins/fs/ext4/tasks/10-format-filesystems.sh: -------------------------------------------------------------------------------- 1 | debug "Formatting all filesystems for ext4..." 2 | 3 | for part in "${!PARTITIONS[@]}"; do 4 | if ! [[ "$part" =~ ^/ ]]; then 5 | # Not a regular filesystem partition; leave it alone 6 | continue 7 | fi 8 | 9 | if ! mkfs.ext4 "${PARTITIONS[$part]}" |& spin "Formatting '$part' filesystem"; then 10 | fatal "Failed to format ${PARTITIONS[$part]} for $part" 11 | fi 12 | 13 | if ! tune2fs -c 0 -i 0 "${PARTITIONS[$part]}" |& spin "Tuning '$part' filesystem"; then 14 | fatal "Failed to tune ${PARTITIONS[$part]} for $part" 15 | fi 16 | done 17 | -------------------------------------------------------------------------------- /plugins/fs/ffs/init.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | FILESYSTEM=ffs 16 | -------------------------------------------------------------------------------- /plugins/fs/ffs/tasks/10-format-filesystems.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | for part in "${!PARTITIONS[@]}"; do 16 | case "$part" in 17 | /*) 18 | ;; 19 | *) 20 | # Not a regular filesystem partition; leave it alone. 21 | continue 22 | ;; 23 | esac 24 | 25 | # We need to format the raw (character) device, not the block 26 | # device. 27 | to_format="$(sed 's,dev/,dev/r,' <<<"${PARTITIONS[$part]}")" 28 | 29 | if ! newfs "$to_format" |& spin "Formatting '$part' filesystem"; then 30 | fatal "Failed to format ${PARTITIONS[$part]} for $part" 31 | fi 32 | done 33 | -------------------------------------------------------------------------------- /plugins/lib/README: -------------------------------------------------------------------------------- 1 | These "plugins" exist not to perform any useful work on their own, but 2 | to provide specialised shell library routines for the use of other 3 | plugins. General-purpose library routines should go in lib/ (not 4 | plugins/lib/) where they can be loaded at startup time; these libraries 5 | do not get loaded unless requested by another plugin. 6 | -------------------------------------------------------------------------------- /plugins/lib/ruby/init.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | # Ruby packaging is a mess. 16 | # 17 | # * CentOS packages Ruby gems in sitelibdir. 18 | # * Debian places Ruby gems in vendordir (*not* vendorlibdir, except 19 | # for native code). 20 | # * Older versions of Debian just dumped them into rubylibdir. 21 | # * The most general way to do this is to just try each of rubylibdir, 22 | # vendordir, vendorlibdir, sitedir and sitelibdir, and hope we match 23 | # on one of those. If not, install_package_containing will barf and 24 | # we'll get a build failure. 25 | 26 | # _set_rubydirs: Run once, when install_ruby_package_containing is 27 | # first called, to set some variables with the location of the guest's 28 | # various Ruby library directories. We can't do this at plugin load 29 | # time, because the guest isn't bootstrapped yet, but we still want to 30 | # call it only once to avoid excessive chrooting to ask the guest for 31 | # the same information over and over. 32 | _set_rubydirs() { 33 | install_package_providing ruby 34 | ruby_rubylibdir="$(run_in_target ruby -rrbconfig -e 'print RbConfig::CONFIG["rubylibdir"]')" 35 | ruby_vendordir="$(run_in_target ruby -rrbconfig -e 'print RbConfig::CONFIG["vendordir"]')" 36 | ruby_vendorlibdir="$(run_in_target ruby -rrbconfig -e 'print RbConfig::CONFIG["vendorlibdir"]')" 37 | ruby_sitedir="$(run_in_target ruby -rrbconfig -e 'print RbConfig::CONFIG["sitedir"]')" 38 | ruby_sitelibdir="$(run_in_target ruby -rrbconfig -e 'print RbConfig::CONFIG["sitelibdir"]')" 39 | } 40 | 41 | # install_ruby_package_containing: Given a relative path to a Ruby 42 | # library file, find and install a package which provides this library 43 | # in one of Ruby's plethora of library paths. 44 | install_ruby_package_containing() { 45 | [ -n "$ruby_rubylibdir" ] || _set_rubydirs 46 | file="$1" 47 | 48 | case "${OPTS[os]}" in 49 | centos) 50 | # Special case to handle CentOS's weird rubygems packaging. 51 | if install_packages_in_target /usr/share/gems/gems/'*'/lib/"$file"; then 52 | return 0 53 | fi 54 | ;; 55 | *) 56 | ;; 57 | esac 58 | 59 | install_package_containing \ 60 | "$ruby_rubylibdir"/"$file" \ 61 | "$ruby_vendordir"/"$file" \ 62 | "$ruby_vendorlibdir"/"$file" \ 63 | "$ruby_sitedir"/"$file" \ 64 | "$ruby_sitelibdir"/"$file" 65 | } 66 | -------------------------------------------------------------------------------- /plugins/mds/coffee/files/init_scripts/avf-configure-networking: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | ### BEGIN INIT INFO 3 | # Provides: avf-configure-networking 4 | # X-Start-Before: $network 5 | # Required-Start: $local_fs 6 | # Required-Stop: 7 | # Should-Start: 8 | # Should-Stop: 9 | # Default-Start: 2 3 4 5 10 | # Default-Stop: 0 1 6 11 | # Description: Configure any network interface that isn't already 12 | ### END INIT INFO 13 | # chkconfig: 123 98 98 14 | 15 | if [ -f /var/local/lib/avf/has-run/configure-networking ]; then 16 | exit 0 17 | fi 18 | 19 | export RUNNING_FROM_SYSVINIT=yes 20 | 21 | case "$1" in 22 | start) 23 | /usr/local/share/avf/bin/connect-to-mds || exit 1 24 | exec /usr/local/share/avf/bin/configure-networking 25 | ;; 26 | *) 27 | # Do nothing. 28 | ;; 29 | esac 30 | 31 | : 32 | -------------------------------------------------------------------------------- /plugins/mds/coffee/files/init_scripts/avf-install-root-ssh-keys: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | ### BEGIN INIT INFO 3 | # Provides: avf-install-root-ssh-keys 4 | # Required-Start: avf-configure-networking 5 | # Required-Stop: 6 | # Should-Start: 7 | # Should-Stop: 8 | # Default-Start: 2 3 4 5 9 | # Default-Stop: 0 1 6 10 | # Description: Retrieve SSH user keys and seed root's authorized_keys 11 | ### END INIT INFO 12 | # chkconfig: 123 99 99 13 | 14 | if [ -f /var/local/lib/avf/has-run/install-root-ssh-keys ]; then 15 | exit 0 16 | fi 17 | 18 | export RUNNING_FROM_SYSVINIT=yes 19 | 20 | case "$1" in 21 | start) 22 | exec /usr/local/share/avf/bin/install-root-ssh-keys 23 | ;; 24 | *) 25 | # Do nothing. 26 | ;; 27 | esac 28 | 29 | : 30 | -------------------------------------------------------------------------------- /plugins/mds/coffee/files/init_scripts/avf-set-root-password: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | ### BEGIN INIT INFO 3 | # Provides: avf-set-root-password 4 | # Required-Start: avf-configure-networking 5 | # Required-Stop: 6 | # Should-Start: 7 | # Should-Stop: 8 | # Default-Start: 2 3 4 5 9 | # Default-Stop: 0 1 6 10 | # Description: sets the root password from the MDS data on first boot 11 | ### END INIT INFO 12 | # chkconfig: 123 99 99 13 | 14 | if [ -f /var/local/lib/avf/has-run/set-root-password ]; then 15 | exit 0 16 | fi 17 | 18 | export RUNNING_FROM_SYSVINIT=yes 19 | 20 | case "$1" in 21 | start) 22 | exec /usr/local/share/avf/bin/set-root-password 23 | ;; 24 | *) 25 | # Do nothing. 26 | ;; 27 | esac 28 | 29 | : 30 | -------------------------------------------------------------------------------- /plugins/mds/coffee/files/systemd/avf-configure-networking.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Configure any network interface that isn't already 3 | ConditionPathExists=!/var/local/lib/avf/has-run/configure-networking 4 | Wants=avf-connect-to-mds.service 5 | After=avf-connect-to-mds.service 6 | Before=network-pre.target 7 | 8 | [Service] 9 | Type=oneshot 10 | RemainAfterExit=yes 11 | ExecStart=/usr/local/share/avf/bin/configure-networking 12 | 13 | [Install] 14 | WantedBy=multi-user.target 15 | Wants=network-pre.target 16 | -------------------------------------------------------------------------------- /plugins/mds/coffee/files/systemd/avf-connect-to-mds.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Establish communication with the metadata server 3 | 4 | [Service] 5 | Type=oneshot 6 | RemainAfterExit=yes 7 | ExecStart=/usr/local/share/avf/bin/connect-to-mds 8 | -------------------------------------------------------------------------------- /plugins/mds/coffee/files/systemd/avf-install-root-ssh-keys.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Retrieve SSH user keys and seed root's authorized_keys 3 | ConditionPathExists=!/var/local/lib/avf/has-run/install-root-ssh-keys 4 | Wants=avf-connect-to-mds.service 5 | After=avf-connect-to-mds.service 6 | # Since if we install keys, we'll disable password auth as root, we 7 | # need to run before ssh.service so it picks up our modified config. 8 | Before=ssh.service 9 | 10 | [Service] 11 | Type=oneshot 12 | RemainAfterExit=yes 13 | ExecStart=/usr/local/share/avf/bin/install-root-ssh-keys 14 | 15 | [Install] 16 | WantedBy=multi-user.target 17 | -------------------------------------------------------------------------------- /plugins/mds/coffee/files/systemd/avf-set-root-password.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=sets the root password from the MDS data on first boot 3 | ConditionPathExists=!/var/local/lib/avf/has-run/set-root-password 4 | Wants=avf-connect-to-mds.service 5 | After=avf-connect-to-mds.service 6 | 7 | [Service] 8 | Type=oneshot 9 | RemainAfterExit=yes 10 | ExecStart=/usr/local/share/avf/bin/set-root-password 11 | 12 | [Install] 13 | WantedBy=multi-user.target 14 | -------------------------------------------------------------------------------- /plugins/mds/coffee/files/usr/local/share/avf/bin/configure-networking: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | PATH=/usr/sbin:/usr/bin:/sbin:/bin 4 | 5 | . /usr/local/share/avf/lib/functions 6 | 7 | nicparam() { 8 | local nic="$1" 9 | local param="$2" 10 | 11 | mds network/interfaces/"$nic"/"$param" 12 | } 13 | 14 | write_interface_cfg_rhel() { 15 | ENI=/etc/sysconfig/network-scripts/ifcfg-"$nic" 16 | 17 | if [ -e "$ENI" ]; then 18 | # This NIC is already configured... cool 19 | return 20 | fi 21 | 22 | log "Configuring $nic" 23 | 24 | if [ -n "$ip4" ]; then 25 | cat >"$ENI" <<-EOF 26 | DEVICE=$nic 27 | ONBOOT=yes 28 | IPADDR=$ip4 29 | NETMASK=$netmask 30 | GATEWAY=$gw 31 | EOF 32 | 33 | if [ -n "$gw" ]; then 34 | echo "GATEWAY=$gw" >>"$ENI" 35 | fi 36 | elif [ -n "$ip6" ]; then 37 | cat >>"$ENI" <<-EOF 38 | IPV6INIT=yes 39 | IPV6ADDR=$ip6 40 | IPV6_DEFAULTGW=$gw 41 | EOF 42 | fi 43 | 44 | log "Starting $nic" 45 | /sbin/ifup "$nic" 46 | 47 | return 48 | } 49 | 50 | write_interface_cfg_debian() { 51 | if grep -q "^iface $nic " "$ENI"; then 52 | # This NIC is already configured... cool 53 | return 54 | fi 55 | 56 | log "Configuring $nic" 57 | 58 | if [ -n "$ip4" ]; then 59 | cat >>"$ENI" <<-EOF 60 | 61 | auto $nic 62 | iface $nic inet static 63 | address $ip4 64 | netmask $netmask 65 | EOF 66 | elif [ -n "$ip6" ]; then 67 | cat >>"$ENI" <<-EOF 68 | 69 | auto $nic 70 | iface $nic inet6 static 71 | address $ip6 72 | netmask $netmask 73 | EOF 74 | fi 75 | 76 | if [ -n "$gw" ]; then 77 | echo " gateway $gw" >>"$ENI" 78 | fi 79 | 80 | 81 | log "Starting ${nic}" 82 | /sbin/ifup "$nic" 83 | 84 | return 85 | } 86 | 87 | # Basic OS check 88 | if [ -e /etc/debian_version ]; then 89 | os=debian 90 | elif [ -e /etc/redhat-release ]; then 91 | os=rhel 92 | else 93 | log "Unknown operating system" 94 | exit 1 95 | fi 96 | 97 | log "Operating system is \"$os\"" 98 | 99 | mds network/hostname >/etc/hostname 100 | hostname -F /etc/hostname 101 | grep '^127.0.1.1 ' /etc/hosts || echo "127.0.1.1 $(cat /etc/hostname) $(hostname -s)" >>/etc/hosts 102 | 103 | # A resolv.conf is always useful 104 | echo "domain $(cat /etc/hostname | sed 's/^[^.]*\.//')" >/etc/resolv.conf 105 | for ns in $(mds network/resolvers); do 106 | echo "nameserver $ns" >>/etc/resolv.conf 107 | done 108 | 109 | if [ "$os" == debian ]; then 110 | ENI=/etc/network/interfaces 111 | elif [ "$os" == rhel ]; then 112 | ENI="/etc/sysconfig/network" 113 | 114 | cat >"$ENI" <<-EOF 115 | NETWORKING=yes 116 | HOSTNAME=$(hostname) 117 | EOF 118 | fi 119 | 120 | # Hokay, what NICs have we got? 121 | niclist="$(mds network/interfaces | sed 's%/$%%')" 122 | 123 | for nic in $niclist; do 124 | ip4="$(nicparam "$nic" ip4)" 125 | ip6="$(nicparam "$nic" ip6)" 126 | gw="$(nicparam "$nic" gateway)" 127 | 128 | if [ -n "$ip4" ]; then 129 | netmask="$(nicparam "$nic" netmask)" 130 | elif [ -n "$ip6" ]; then 131 | netmask="$(nicparam "$nic" masklen)" 132 | fi 133 | 134 | if [ "$os" == debian ]; then 135 | write_interface_cfg_debian 136 | elif [ "$os" == rhel ]; then 137 | write_interface_cfg_rhel 138 | fi 139 | done 140 | 141 | has_run configure-networking 142 | : 143 | -------------------------------------------------------------------------------- /plugins/mds/coffee/files/usr/local/share/avf/bin/connect-to-mds: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | PATH=/usr/sbin:/usr/bin:/sbin:/bin 4 | 5 | . /usr/local/share/avf/lib/functions 6 | 7 | # Tell IPv6 to accept our specific route RAs 8 | log "Setting max prefix length to /64" 9 | for i in /proc/sys/net/ipv6/conf/*; do 10 | echo 64 >"$i"/accept_ra_rt_info_max_plen 11 | done 12 | 13 | # We've got to activate all NICs, so that we can maximise our chances of 14 | # talking to the MDS 15 | for iface in $(ip li sh | grep -Eo ' eth[0-9]+'); do 16 | log "Bringing up $iface" 17 | ip link set "$iface" up 18 | done 19 | 20 | # We'll wait a little while to see if we get a route, but not forever 21 | i=0 22 | while [ $i -lt 10 ]; do 23 | if ip -6 ro sh | grep -q '^fc0f::/64'; then 24 | log "Found route to MDS" 25 | exit 0 26 | fi 27 | i=$(($i+1)) 28 | sleep 1 29 | done 30 | 31 | log "Failed to find route to MDS. Giving up." 32 | exit 1 33 | -------------------------------------------------------------------------------- /plugins/mds/coffee/files/usr/local/share/avf/bin/install-root-ssh-keys: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | PATH=/usr/sbin:/usr/bin:/sbin:/bin 4 | 5 | . /usr/local/share/avf/lib/functions 6 | 7 | ssh_dir=/root/.ssh 8 | authorized_keys="$ssh_dir"/authorized_keys 9 | 10 | mkdir -p "$ssh_dir" -m 0700 11 | 12 | # We need to distinguish between a failed response (the MDS returned an 13 | # error) and a successful empty response (there are no SSH keys to 14 | # install). Therefore, we test the exit status of wget rather than 15 | # check if $pklist is empty. 16 | pklist="$(mds public_keys)" || { 17 | log "Failed to get SSH keys from MDS" 18 | exit 1 19 | } 20 | 21 | disable_password_auth=no 22 | 23 | for pk in $pklist; do 24 | mds "public_keys/$pk/openssh-key" >>"$authorized_keys" 25 | log "Added public key $pk to root account" 26 | disable_password_auth=yes 27 | done 28 | 29 | if [ "$disable_password_auth" = yes ]; then 30 | sed -i 's/^PermitRootLogin yes$/PermitRootLogin without-password/' /etc/ssh/sshd_config 31 | fi 32 | 33 | has_run install-root-ssh-keys 34 | : 35 | -------------------------------------------------------------------------------- /plugins/mds/coffee/files/usr/local/share/avf/bin/set-root-password: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | PATH=/usr/sbin:/usr/bin:/sbin:/bin 4 | 5 | . /usr/local/share/avf/lib/functions 6 | 7 | rootpass="$(mds root_password)" 8 | 9 | if [ -z "$rootpass" ]; then 10 | log "Failed to get root password from MDS" 11 | exit 1 12 | fi 13 | 14 | log "Setting the root password to the value in MDS" 15 | /bin/echo "root:${rootpass}" | /usr/sbin/chpasswd -e 16 | 17 | has_run set-root-password 18 | : 19 | -------------------------------------------------------------------------------- /plugins/mds/coffee/files/usr/local/share/avf/lib/functions: -------------------------------------------------------------------------------- 1 | if grep -q avfdebug /proc/cmdline; then 2 | set -x 3 | trap "sleep 10" EXIT 4 | fi 5 | 6 | MDS="http://[fc0f::fee]/2013-09-14/" 7 | 8 | mds() { 9 | wget -qO - $MDS/$1 10 | } 11 | 12 | log() { 13 | if [ -z "$RUNNING_FROM_SYSVINIT" ]; then 14 | # systemd will do the right thing with stdout. 15 | echo "$@" 16 | else 17 | logger -t "$(basename $0)" "$@" 18 | fi 19 | } 20 | 21 | has_run() { 22 | mkdir -p /var/local/lib/avf/has-run 23 | touch /var/local/lib/avf/has-run/"$1" 24 | } 25 | 26 | # vim: ft=sh 27 | -------------------------------------------------------------------------------- /plugins/mds/coffee/init.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchor/pcib/c10e9e4bffd3dd22aba63be0d53c926f0e2f5445/plugins/mds/coffee/init.sh -------------------------------------------------------------------------------- /plugins/mds/coffee/tasks/30-install-initscripts.sh: -------------------------------------------------------------------------------- 1 | cp -rT "$(plugin_file mds/coffee usr/local/share/avf)" "$TARGET"/usr/local/share/avf 2 | 3 | if [ "$INIT_SYSTEM" = systemd ]; then 4 | install_systemd_unit "$(plugin_file mds/coffee systemd/avf-connect-to-mds.service)" 5 | fi 6 | 7 | for service in \ 8 | "avf-configure-networking" \ 9 | "avf-install-root-ssh-keys" \ 10 | "avf-set-root-password"; do 11 | case "$INIT_SYSTEM" in 12 | systemd) 13 | install_systemd_unit "$(plugin_file mds/coffee systemd/${service}.service)" enable 14 | ;; 15 | sysvinit) 16 | install_init_script "$(plugin_file mds/coffee init_scripts/${service})" 17 | ;; 18 | *) 19 | fatal "Unsupported init system: $INIT_SYSTEM" 20 | ;; 21 | esac 22 | done 23 | -------------------------------------------------------------------------------- /plugins/mds/ec2/init.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | mds_ec2_plugin_usage() { 16 | usage_section "EC2 metadata API" 17 | 18 | usage_description \ 19 | "This plugin provides a lightweight implementation for" \ 20 | "configuring an instance using the EC2 metadata API." 21 | 22 | usage_option "--ec2-user" \ 23 | "The default user to use for per-user configuration. Currently," \ 24 | "this is only used for installing SSH keys." 25 | } 26 | 27 | register_usage mds_ec2_plugin_usage 28 | 29 | parseopt ec2-user true 30 | -------------------------------------------------------------------------------- /plugins/mds/ec2/tasks/50-ec2-metadata.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | case "${OPTS[os]}" in 16 | openbsd) 17 | cat >>"$TARGET"/etc/rc.firsttime <<-'EOF' 18 | echo -n "fetching hostname from mds: " 19 | hostname="$(ftp -Vo- http://169.254.169.254/2009-04-04/meta-data/local-hostname)" 20 | if [ -n "$hostname" ]; then 21 | echo "${hostname}." 22 | echo "$hostname" >/etc/myname 23 | hostname "$hostname" 24 | else 25 | echo "(none)." 26 | fi 27 | EOF 28 | 29 | ec2_user="${OPTS[ec2-user]}" 30 | case "$ec2_user" in 31 | "") ;; 32 | *) 33 | userinfo="$(run_in_target getent passwd "$ec2_user")" || 34 | die "No such user: $ec2_user" 35 | userhome="$(cut -d: -f6 <<<"$userinfo")" 36 | mkdir -p "$TARGET"/"$userhome"/.ssh 37 | run_in_target chown "$ec2_user": "$userhome"/.ssh 38 | 39 | cat >>"$TARGET"/etc/rc.firsttime <<-EOF 40 | pubkey_base=http://169.254.169.254/2009-04-04/meta-data/public-keys 41 | echo -n "fetching authorized keys for ${ec2_user}:" 42 | keys="\$(ftp -Vo- "\$pubkey_base"/ | cut -d= -f1)" 43 | for key in \$keys; do 44 | echo -n . 45 | key="\$(ftp -Vo- "\$pubkey_base"/"\$key"/openssh-key)" 46 | echo "\$key" >>$userhome/.ssh/authorized_keys 47 | done 48 | chown $ec2_user: $userhome/.ssh/authorized_keys 49 | echo " done." 50 | EOF 51 | ;; 52 | esac 53 | ;; 54 | *) 55 | die "Unsupported operating system: ${OPTS[os]}" 56 | ;; 57 | esac 58 | -------------------------------------------------------------------------------- /plugins/misc/linux-swap/init.sh: -------------------------------------------------------------------------------- 1 | misc_linux_swap_usage() { 2 | usage_section "Linux swap" 3 | 4 | usage_description \ 5 | "This plugin creates a Linux swap volume." 6 | 7 | usage_option "--swap-size" \ 8 | "Specify the size of the swap partition. Standard suffixes are" \ 9 | "(M, G, etc.) are supported. (default: 512M)" 10 | } 11 | 12 | # Inform partitioning plugins that we want a swap partition. 13 | WANT_SWAP=y 14 | 15 | parseopt swap-size true 512M 16 | SWAP_SIZE="$(optval swap-size)" 17 | -------------------------------------------------------------------------------- /plugins/misc/linux-swap/tasks/12-format-swap.sh: -------------------------------------------------------------------------------- 1 | if [ -z "$SWAP_DEVICE" ]; then 2 | fatal "No swap device provided by a partitioning plugin" 3 | fi 4 | 5 | if ! mkswap -f "$SWAP_DEVICE" &>/dev/null; then 6 | fatal "Unable to format device $SWAP_DEVICE as swap" 7 | fi 8 | -------------------------------------------------------------------------------- /plugins/os/centos/init.sh: -------------------------------------------------------------------------------- 1 | os_centos_plugin_usage() { 2 | usage_section "CentOS" 3 | 4 | usage_description \ 5 | "This plugin installs a very minimal CentOS." 6 | 7 | usage_option "--release " \ 8 | "(REQUIRED) The CentOS release to install." 9 | 10 | usage_option "--arch " \ 11 | "The architecture to build for. Currently, only x86_64 (the" \ 12 | "default) is supported." 13 | 14 | usage_option "--mirror " \ 15 | "(REQUIRED) The mirror from which to fetch packages." 16 | } 17 | 18 | register_usage os_centos_plugin_usage 19 | 20 | load_plugin_or_die os/linux-common 21 | 22 | parseopt release true 23 | parseopt arch true x86_64 24 | parseopt mirror true 25 | 26 | release_version="$(optval release)" || 27 | fatal "Must provide a CentOS release to build." 28 | optval mirror >/dev/null || 29 | fatal "Must provide a CentOS mirror." 30 | 31 | if [ "$release_version" -ge 7 ]; then 32 | INIT_SYSTEM=systemd 33 | else 34 | # CentOS 6 uses upstart, but in sysvinit-compatibility mode, so for 35 | # our purposes we can treat it as sysvinit. 36 | INIT_SYSTEM=sysvinit 37 | fi 38 | 39 | install_packages_in_target() { 40 | run_in_target yum -y install "$@" 2>&1 | spin "Installing $*" 41 | } 42 | 43 | uninstall_packages_from_target() { 44 | run_in_target yum -y erase "$@" 2>&1 | spin "Uninstalling $*" 45 | } 46 | 47 | create_user() { 48 | local user="$1" 49 | local gecos="${2:-$user}" 50 | local pw="$3" 51 | local shell="$4" 52 | 53 | local shell_args 54 | if [ -n "$shell" ]; then 55 | local shell_="$(perl -ne 'print if m,/\Q'"$shell"'\E$,' /dev/null 66 | 67 | if [ -n "$pw" ]; then 68 | echo "$user:$pw" | run_in_target chpasswd 69 | fi 70 | } 71 | 72 | dhcp_interface() { 73 | local if="$1" 74 | 75 | # CentOS treats this as an "enable networking" flag. 76 | touch "$TARGET"/etc/sysconfig/network 77 | 78 | # Make sure we can actually *do* DHCP. 79 | install_package_providing dhclient 80 | 81 | cat >"$TARGET"/etc/sysconfig/network-scripts/ifcfg-"$if" <<-EOF 82 | DEVICE=$if 83 | ONBOOT=yes 84 | BOOTPROTO=dhcp 85 | EOF 86 | } 87 | 88 | install_init_script() { 89 | [ "$INIT_SYSTEM" = sysvinit ] || fatal "install_init_script: This operating system does not support sysvinit" 90 | 91 | local file="$1" 92 | 93 | debug "Installing '$file' as an init script" 94 | cp "$file" "$TARGET"/etc/init.d/ 95 | chmod 0755 "$TARGET"/etc/init.d/"$(basename "$file")" 96 | run_in_target chkconfig --add "$(basename "$file")" >/dev/null 97 | } 98 | 99 | # Because 'yum install' is capable of accepting a filename to install, 100 | # we simply echo the filename we were given if we can find a package 101 | # that provides it. 102 | find_package_containing() { 103 | run_in_target yum whatprovides "$1" | grep -iq '^no matches found' || echo "$1" 104 | } 105 | 106 | expand_command_path() { 107 | echo {/usr,}/{s,}bin/"$1" /usr/libexec/"$1" 108 | } 109 | 110 | install_kernel() { 111 | install_packages_in_target kernel 112 | } 113 | 114 | set_hostname() { 115 | echo "$1" >"$TARGET"/etc/hostname 116 | } 117 | 118 | selinux_relabel() { 119 | # Relabel selinux on first boot 120 | touch "$TARGET"/.autorelabel 121 | } 122 | 123 | selinux_disable() { 124 | if [ -e "$TARGET"/etc/selinux/config ]; then 125 | sed -i 's/^SELINUX=.*$/SELINUX=disabled/g' "$TARGET"/etc/selinux/config 126 | fi 127 | } 128 | -------------------------------------------------------------------------------- /plugins/os/centos/tasks/00-check-os-centos-programs.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | check_program_available "yum --help" yum 16 | -------------------------------------------------------------------------------- /plugins/os/centos/tasks/00-check-os-centos-rpm-config.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | # Some distributions (e.g., Debian) patch rpm to use a database 16 | # elsewhere than /var/lib/rpm by default. This causes yum to bootstrap 17 | # CentOS with its rpm database in the wrong place, causing the new OS 18 | # to believe that it has no packages installed. 19 | # 20 | # Since there's no way to override an rpm macro through yum, fail hard 21 | # if %_dbpath is set to something unexpected. 22 | 23 | rpm_dbpath="$(rpm -E %_dbpath)" 24 | 25 | [ "$rpm_dbpath" = /var/lib/rpm ] || 26 | fatal "RPM database is $rpm_dbpath (must be /var/lib/rpm)." 27 | -------------------------------------------------------------------------------- /plugins/os/centos/tasks/18-prepare-repos.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | cleanup_yum_bootstrap() { 16 | [ -z "$yum_repos_file" ] || rm -f "$yum_repos_file" 17 | [ -z "$yum_repos_base" ] || rm -rf "$TARGET"/var/cache/yum/"$yum_repos_base"* 18 | } 19 | 20 | register_cleanup cleanup_yum_bootstrap 21 | 22 | yum_repos_file="$(mktemp /etc/yum/repos.d/centos-"$release_version"-XXXX.repo)" 23 | yum_repos_base="$(basename "$yum_repos_file" | sed 's/\.repo$//')" 24 | yum_repos_args=() 25 | 26 | # Other plugins which need to inject additional repos to be present at 27 | # bootstrap time should call this function in a hook with priority 19. 28 | add_bootstrap_yum_repo() { 29 | local name="$1" 30 | local url="$2" 31 | 32 | [ -n "$name" ] || fatal "A yum repo needs a name." 33 | [ -n "$url" ] || fatal "A yum repo needs a URL." 34 | 35 | yum_repos_args+=(--enablerepo="$yum_repos_base"-"$name") 36 | 37 | cat >>"$yum_repos_file" <<-EOF 38 | [$yum_repos_base-$name] 39 | name=$yum_repos_base-$name 40 | baseurl=$url 41 | enabled=0 42 | 43 | EOF 44 | } 45 | 46 | add_bootstrap_yum_repo base \ 47 | "$(optval mirror)"/"$release_version"/os/"$(optval arch)/" 48 | add_bootstrap_yum_repo updates \ 49 | "$(optval mirror)"/"$release_version"/updates/"$(optval arch)/" 50 | -------------------------------------------------------------------------------- /plugins/os/centos/tasks/20-yum-bootstrap.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | # /var/run needs to be a symlink to /run on CentOS >= 7. 16 | if [ "$release_version" -ge 7 ]; then 17 | # Some (old) versions of yum will create all parent directories of 18 | # the yum lockfile regardless. 19 | mkdir -p "$TARGET"/var "$TARGET"/run || 20 | fatal "Unable to ensure /var and /run exist." 21 | ln -sfn ../run "$TARGET"/var/run || 22 | fatal "Unable to ensure /var/run -> /run." 23 | fi 24 | 25 | if ! yum -y install \ 26 | /usr/bin/yum \ 27 | /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-"$release_version" \ 28 | /etc/redhat-release \ 29 | --installroot="$TARGET" \ 30 | "${yum_repos_args[@]}" |& 31 | tee "$WORKSPACE"/yum_output | 32 | spin "Bootstrapping yum" 33 | then 34 | error "Yum bootstrap failed:" 35 | cat "$WORKSPACE"/yum_output 36 | exit 1 37 | fi 38 | 39 | run_cleanups cleanup_yum_bootstrap 40 | 41 | # Older versions of rpm expect bits of the rpm database to use a 42 | # different format. Rebuild the database on older CentOS to avoid 43 | # problems later. 44 | if [ "$release_version" -lt 7 ]; then 45 | run_in_target rpm --rebuilddb 2>&1 | logpipe "rpm --rebuilddb" || 46 | fatal "Error rebuilding RPM database." 47 | fi 48 | -------------------------------------------------------------------------------- /plugins/os/centos/tasks/21-resolv-conf.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | cleanup_resolv_conf() { 16 | rm -f "$TARGET"/etc/resolv.conf 17 | } 18 | 19 | register_cleanup cleanup_resolv_conf 20 | 21 | cp /etc/resolv.conf "$TARGET"/etc/resolv.conf 22 | -------------------------------------------------------------------------------- /plugins/os/centos/tasks/21-yum-repos.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | # Define this as a function, because we'll need to do it again after 16 | # completing the yum bootstrap. 17 | install_yum_repos() { 18 | rm -f "$TARGET"/etc/yum.repos.d/*.repo 19 | 20 | cat >"$TARGET"/etc/yum.repos.d/centos-base.repo <<-EOF 21 | [centos-base] 22 | name=CentOS-\$releasever - Base 23 | baseurl=$(optval mirror)/\$releasever/os/\$basearch/ 24 | enabled=1 25 | gpgcheck=1 26 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-$release_version 27 | 28 | [centos-base-debuginfo] 29 | name=CentOS-\$releasever - Base - Debug 30 | baseurl=$(optval mirror)/\$releasever/os/\$basearch/debug/ 31 | enabled=0 32 | gpgcheck=1 33 | 34 | [centos-base-source] 35 | name=CentOS-\$releasever - Base - Source 36 | baseurl=$(optval mirror)/\$releasever/os/SRPMS/ 37 | enabled=0 38 | gpgcheck=1 39 | EOF 40 | 41 | cat >"$TARGET"/etc/yum.repos.d/centos-updates.repo <<-EOF 42 | [centos-updates] 43 | name=CentOS-\$releasever - Updates 44 | baseurl=$(optval mirror)/\$releasever/updates/\$basearch/ 45 | enabled=1 46 | gpgcheck=1 47 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-$release_version 48 | 49 | [centos-updates-source] 50 | name=CentOS-\$releasever - Updates - Source 51 | baseurl=$(optval mirror)/\$releasever/updates/SRPMS/ 52 | enabled=0 53 | gpgcheck=1 54 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-$release_version 55 | EOF 56 | } 57 | 58 | install_yum_repos 59 | -------------------------------------------------------------------------------- /plugins/os/centos/tasks/35-configure-kernel.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | # This just blats out the most common case for /etc/sysconfig/kernel 16 | # from anaconda: 17 | # https://git.fedorahosted.org/cgit/anaconda.git/tree/pyanaconda/bootloader.py?h=anaconda-21.48.22-1#n2295 18 | 19 | cat >"$TARGET"/etc/sysconfig/kernel </dev/null 2 | -------------------------------------------------------------------------------- /plugins/os/debian/init.sh: -------------------------------------------------------------------------------- 1 | os_debian_plugin_usage() { 2 | usage_section "Debian" 3 | 4 | usage_description \ 5 | "This plugin installs a very minimal Debian." 6 | 7 | usage_option "--release " \ 8 | "(REQUIRED) The Debian release to install. May be specified" \ 9 | "either as a numeric version (e.g., 8) or as a release codename" \ 10 | "(e.g., jessie)." 11 | 12 | usage_option "--arch " \ 13 | "The architecture to build for. (Default: amd64)" \ 14 | "Valid values are i386 or amd64." \ 15 | 16 | usage_option "--debootstrap-mirror " \ 17 | "The URL from which debootstrap will get packages. If not" \ 18 | "specified, this will default to the value of the --apt-mirror" \ 19 | "option." 20 | 21 | usage_option "--apt-mirror " \ 22 | "A mirror to use post-debootstrap." \ 23 | "(Default: http://http.debian.net/debian)" \ 24 | "This option instructs the installer to configure apt to" \ 25 | "download packages from the given package mirror." 26 | 27 | usage_option "--proxy " \ 28 | "Use the given URL as an HTTP proxy." 29 | } 30 | 31 | register_usage os_debian_plugin_usage 32 | 33 | load_plugin_or_die os/linux-common 34 | 35 | parseopt release true 36 | case "$(optval release)" in 37 | "") 38 | fatal "Required option 'release' not provided. Try $0 --help." 39 | ;; 40 | 7|7.*|wheezy) 41 | release_version=7 42 | release_name=wheezy 43 | ;; 44 | 8|8.*|jessie) 45 | release_version=8 46 | release_name=jessie 47 | ;; 48 | *) 49 | fatal "Unsupported Debian release: $(optval release)" 50 | ;; 51 | esac 52 | 53 | parseopt arch true amd64 54 | parseopt apt-mirror true http://http.debian.net/debian 55 | parseopt debootstrap-mirror true "${OPTS[apt-mirror]}" 56 | parseopt proxy true 57 | 58 | if optval proxy >/dev/null; then 59 | export http_proxy="$(optval proxy)" 60 | fi 61 | 62 | if [ "$release_version" -ge 8 ]; then 63 | INIT_SYSTEM=systemd 64 | else 65 | INIT_SYSTEM=sysvinit 66 | fi 67 | 68 | install_packages_in_target() { 69 | local orig_debian_frontend="$DEBIAN_FRONTEND" 70 | export DEBIAN_FRONTEND=noninteractive 71 | run_in_target apt-get -y install "$@" 2>&1 | spin "Installing $*" 72 | export DEBIAN_FRONTEND="$orig_debian_frontend" 73 | } 74 | 75 | uninstall_packages_from_target() { 76 | local orig_debian_frontend="$DEBIAN_FRONTEND" 77 | export DEBIAN_FRONTEND=noninteractive 78 | run_in_target apt-get -y remove --purge "$@" 2>&1 | spin "Uninstalling $*" 79 | export DEBIAN_FRONTEND="$orig_debian_frontend" 80 | } 81 | 82 | create_user() { 83 | local user="$1" 84 | local gecos="${2:-$user}" 85 | local pw="$3" 86 | local shell="$4" 87 | 88 | local shell_args 89 | if [ -n "$shell" ]; then 90 | local shell_="$(perl -ne 'print if m,/\Q'"$shell"'\E$,' /dev/null 101 | 102 | if [ -n "$pw" ]; then 103 | echo "$user:$pw" | run_in_target chpasswd 104 | fi 105 | } 106 | 107 | dhcp_interface() { 108 | local if="$1" 109 | local filename=/etc/network/interfaces 110 | 111 | install_package_providing dhclient 112 | 113 | # Older Debians don't have /etc/network/interfaces.d. 114 | if [ "$release_version" -ge 8 ]; then 115 | filename=/etc/network/interfaces.d/"$(echo -n "$if" | perl -pe 's/[^\w\-]/_/g')" 116 | mkdir -p "$TARGET"/etc/network/interfaces.d 117 | >"$TARGET""$filename" 118 | fi 119 | 120 | cat >>"$TARGET""$filename" </dev/null 135 | } 136 | 137 | find_package_containing() { 138 | local pkg_list 139 | local file="$1" 140 | 141 | # wheezy's apt-file has a bug that causes it to spam uninitialised 142 | # value warnings. These are *extremely* annoying when trying to 143 | # follow pcib's output, so discard stderr on older systems. We don't 144 | # do this on later systems because stderr is useful, when it's -- 145 | # err, useful. 146 | if [ "$release_version" -lt 8 ]; then 147 | pkg_list=($(run_in_target apt-file -Fl search "$file" 2>/dev/null)) 148 | else 149 | pkg_list=($(run_in_target apt-file -Fl search "$file")) 150 | fi 151 | 152 | # If there is only one package to install, return that. 153 | [ "${#pkg_list[@]}" -gt 1 ] || { 154 | echo "${pkg_list[0]}" 155 | return 156 | } 157 | 158 | # Now comes the fun bit. APT doesn't make it easy to determine what 159 | # the "best" package is, if multiple packages provide the same file, 160 | # and sometimes (e.g., sudo and sudo-ldap) installing the latter 161 | # package will cause the former to be removed. 162 | # 163 | # Our process for deciding which package to prefer is: 164 | # 165 | # 1. Select all packages with the highest Priority. 166 | # 2. If we still have multiple packages and one is Provided by all 167 | # others, return that. 168 | # 3. If we still have multiple packages, complain. The caller must 169 | # be modified to provide a more specific requirement. 170 | 171 | # "Find the package with the highest Priority" ain't easy in bash. 172 | local best_pkg_list=() 173 | local best_priority=extra 174 | local priorities 175 | declare -A priorities 176 | priorities[required]=0 177 | priorities[important]=1 178 | priorities[standard]=2 179 | priorities[optional]=3 180 | priorities[extra]=4 181 | 182 | for pkg in "${pkg_list[@]}"; do 183 | local pkg_priority=($(run_in_target apt-cache show "$pkg" | perl -nle 'print $1 if /^Priority: (.*)$/' | sort -u)) 184 | if [ "${#pkg_priority[@]}" -gt 1 ]; then 185 | error "Multiple package priorities detected for '$pkg'." 186 | error "If you *really* want to implement the craziness required to support this, feel free." 187 | fatal "Otherwise, have your plugin provide more specific package requirements." 188 | fi 189 | 190 | pkg_priority="${pkg_priority[0]}" 191 | if [ "${priorities["$pkg_priority"]}" -le "${priorities["$best_priority"]}" ]; then 192 | if [ "${priorities["$pkg_priority"]}" -lt "${priorities["$best_priority"]}" ]; then 193 | best_pkg_list=() 194 | fi 195 | best_pkg_list=("${best_pkg_list[@]}" "$pkg") 196 | best_priority="$pkg_priority" 197 | fi 198 | done 199 | 200 | # Has that narrowed things down? 201 | [ "${#best_pkg_list[@]}" -gt 1 ] || { 202 | echo "${best_pkg_list[0]}" 203 | return 204 | } 205 | 206 | # Nope? Time for step 2. 207 | local bester_pkg_list=() 208 | local provided 209 | declare -A provided 210 | for pkg in "${best_pkg_list[@]}"; do 211 | local pkg_provides=($(run_in_target apt-cache show "$pkg" | perl -nle 'print join "\n", split /,\s*/, $1 if /^Provides: (.*)$/' | sort -u)) 212 | for p in "${pkg_provides[@]}"; do 213 | # Exclude packages which Provide themselves (this makes 214 | # figuring out if a package has been provided by all others 215 | # below much more difficult if we allow it). 216 | [ "$p" != "$pkg" ] || continue 217 | provided["$p"]=$((${provided["$p"]}+1)) 218 | done 219 | done 220 | for pkg in "${best_pkg_list[@]}"; do 221 | # Have we been provided by every other package in best_pkg_list 222 | # (i.e., 1 fewer times than the size of best_pkg_list)? We use && 223 | # rather than -a here so that bash doesn't complain about using 224 | # -eq on an empty string. 225 | if [ -n "${provided["$pkg"]}" ] && [ "${provided["$pkg"]}" -eq $((${#best_pkg_list[@]}-1)) ]; then 226 | bester_pkg_list=("${bester_pkg_list[@]}" "$pkg") 227 | fi 228 | done 229 | 230 | # Are we there yet? 231 | [ "${#bester_pkg_list[@]}" -ne 1 ] || { 232 | echo "${bester_pkg_list[0]}" 233 | return 234 | } 235 | 236 | # If we *still* don't know what to install, give up. 237 | error "Unable to unambiguously install a package providing '${file}'." 238 | fatal "Please be more specific." 239 | } 240 | 241 | expand_command_path() { 242 | echo {/usr,}/{s,}bin/"$1" 243 | } 244 | 245 | install_kernel() { 246 | case "${OPTS[arch]}" in 247 | amd64) kernel=linux-image-amd64;; 248 | i386) kernel=linux-image-686;; 249 | *) fatal "Unknown architecture: ${OPTS[arch]}" 250 | esac 251 | 252 | install_packages_in_target "$kernel" 253 | } 254 | 255 | set_hostname() { 256 | echo "$1" >"$TARGET"/etc/hostname 257 | } 258 | 259 | selinux_relabel() { 260 | # Relabel selinux on first boot 261 | touch "$TARGET"/.autorelabel 262 | } 263 | 264 | selinux_disable() { 265 | if [ -e "$TARGET"/etc/selinux/config ]; then 266 | sed -i 's/^SELINUX=.*$/SELINUX=disabled/g' "$TARGET"/etc/selinux/config 267 | fi 268 | } 269 | -------------------------------------------------------------------------------- /plugins/os/debian/tasks/00-check-os-debian-programs.sh: -------------------------------------------------------------------------------- 1 | check_program_available "debootstrap --help" debootstrap 2 | -------------------------------------------------------------------------------- /plugins/os/debian/tasks/19-disable-daemons.sh: -------------------------------------------------------------------------------- 1 | cleanup_disable_daemons() { 2 | rm -f "$TARGET"/usr/sbin/policy-rc.d 3 | } 4 | 5 | register_cleanup cleanup_disable_daemons 6 | 7 | mkdir -p "$TARGET"/usr/sbin 8 | cat >"$TARGET"/usr/sbin/policy-rc.d <"$sources_list" </dev/null; then 12 | echo "Acquire::http::Proxy \"$(optval proxy)\";" >"$TARGET"/etc/apt/apt.conf.d/50proxy 13 | fi 14 | -------------------------------------------------------------------------------- /plugins/os/debian/tasks/22-no-recommends.sh: -------------------------------------------------------------------------------- 1 | echo "Apt::Install-Recommends \"false\";" >"$TARGET"/etc/apt/apt.conf.d/02no-recommends 2 | -------------------------------------------------------------------------------- /plugins/os/debian/tasks/24-apt-file-update.sh: -------------------------------------------------------------------------------- 1 | install_packages_in_target apt-file 2>&1 | spin "Installing apt-file" 2 | 3 | run_in_target apt-file update 2>&1 | \ 4 | spin "Updating apt-file cache for build sources.list" 5 | -------------------------------------------------------------------------------- /plugins/os/debian/tasks/24-apt-upgrade.sh: -------------------------------------------------------------------------------- 1 | run_in_target apt-get update 2>&1 | spin "Updating package lists" 2 | run_in_target apt-get -y upgrade 2>&1 | spin "Installing available package updates" 3 | 4 | -------------------------------------------------------------------------------- /plugins/os/debian/tasks/74-uninstall-apt-file.sh: -------------------------------------------------------------------------------- 1 | run_in_target apt-get -y remove --purge apt-file >/dev/null 2>&1 2 | -------------------------------------------------------------------------------- /plugins/os/debian/tasks/79-clean-apt.sh: -------------------------------------------------------------------------------- 1 | run_in_target apt-get -y autoremove --purge &>/dev/null 2 | run_in_target apt-get clean &>/dev/null 3 | -------------------------------------------------------------------------------- /plugins/os/debian/tasks/79-unconfigure-proxy.sh: -------------------------------------------------------------------------------- 1 | run_cleanups cleanup_os_debian_proxy 2 | -------------------------------------------------------------------------------- /plugins/os/debian/tasks/81-enable-daemons.sh: -------------------------------------------------------------------------------- 1 | run_cleanups cleanup_disable_daemons 2 | -------------------------------------------------------------------------------- /plugins/os/linux-common/init.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | install_systemd_unit() { 16 | [ "$INIT_SYSTEM" = systemd ] || fatal "install_systemd_unit: This operating system does not support systemd" 17 | 18 | local file="$1" 19 | local enable="$2" 20 | 21 | debug "Installing '$file' as a systemd unit" 22 | cp "$file" "$TARGET"/etc/systemd/system/ 23 | 24 | if [ -n "$enable" ]; then 25 | run_in_target systemctl enable "$(basename "$file")" &>/dev/null 26 | fi 27 | } 28 | 29 | mount_filesystem() { 30 | local special="$1" 31 | local mountpoint="$2" 32 | 33 | mount -o noatime,barrier=0,data=writeback "$special" "$mountpoint" 34 | } 35 | 36 | unmount_filesystem() { 37 | local mountpoint="$1" 38 | local safe="$2" 39 | 40 | if [ "$safe" = safe ]; then 41 | umount "$mountpoint" 42 | else 43 | umount -lf "$mountpoint" 44 | fi 45 | } 46 | 47 | is_mountpoint() { 48 | mountpoint -q "$1" 49 | } 50 | -------------------------------------------------------------------------------- /plugins/os/linux-common/tasks/00-check-os-linux-common-programs.sh: -------------------------------------------------------------------------------- 1 | check_program_available "shred --help" shred 2 | -------------------------------------------------------------------------------- /plugins/os/linux-common/tasks/21-mount-specials.sh: -------------------------------------------------------------------------------- 1 | cleanup_mount_specials() { 2 | umount "$TARGET"/dev/pts 3 | umount "$TARGET"/sys 4 | umount "$TARGET"/proc 5 | umount "$TARGET"/dev 6 | } 7 | 8 | register_cleanup cleanup_mount_specials 9 | 10 | mkdir -p "$TARGET"/dev 11 | mount --bind /dev "$TARGET"/dev 12 | mount -t proc none "$TARGET"/proc 13 | mount -t sysfs none "$TARGET"/sys 14 | mount -t devpts none "$TARGET"/dev/pts 15 | -------------------------------------------------------------------------------- /plugins/os/linux-common/tasks/25-fstab.sh: -------------------------------------------------------------------------------- 1 | if ! optval lvname >/dev/null; then 2 | root_uuid="$(blkid -s UUID -o value "${PARTITIONS[/]}")" 3 | 4 | cat >"$TARGET"/etc/fstab <<-EOF 5 | UUID=$root_uuid / ext4 defaults 0 1 6 | EOF 7 | else 8 | boot_uuid="$(blkid -s UUID -o value "${PARTITIONS[/boot]}")" 9 | 10 | cat >"$TARGET"/etc/fstab <<-EOF 11 | $(lvm_device_path "$(optval vgname)" "$(optval lvname)") / ext4 defaults 0 1 12 | UUID=$boot_uuid /boot ext4 defaults 0 2 13 | EOF 14 | fi 15 | 16 | if [ -n "$SWAP_DEVICE" ]; then 17 | cat >>"$TARGET"/etc/fstab <<-EOF 18 | $SWAP_DEVICE none swap sw 0 0 19 | EOF 20 | fi 21 | -------------------------------------------------------------------------------- /plugins/os/linux-common/tasks/75-unmount-specials.sh: -------------------------------------------------------------------------------- 1 | run_cleanups cleanup_mount_specials 2 | -------------------------------------------------------------------------------- /plugins/os/linux-common/tasks/79-cleanup-system.sh: -------------------------------------------------------------------------------- 1 | if [ -f "$TARGET"/etc/resolv.conf ]; then 2 | shred --remove "$TARGET"/etc/resolv.conf 3 | fi 4 | 5 | if [ -f "$TARGET"/root/.bash_history ]; then 6 | shred --remove "$TARGET"/root/.bash_history 7 | fi 8 | 9 | rm -rf "$TARGET"/tmp/* "$TARGET"/run/* 10 | find "$TARGET"/var/log -type f -print0 | xargs -0 --no-run-if-empty shred --remove 11 | -------------------------------------------------------------------------------- /plugins/os/openbsd/files/usr/src/distrib/amd64/ramdisk_growfs/Makefile: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | .PATH: ${.CURDIR}/../ramdisk 16 | RAMDISK=RAMDISK_CD 17 | FLOPPYSIZE=6976 18 | FLOPPYTYPE=mini34 19 | XNAME=miniroot 20 | LBA=1 21 | 22 | .include "${.CURDIR}/../common/Makefile.inc" 23 | 24 | LISTS+= ${.CURDIR}/list.local 25 | -------------------------------------------------------------------------------- /plugins/os/openbsd/files/usr/src/distrib/amd64/ramdisk_growfs/dot.profile: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | # Automatically resize the filesystem of an instance on first boot. 16 | # Note that this script relies heavily on a partition layout containing 17 | # one large 'a' partition and nothing else. 18 | 19 | export PATH=/sbin:/bin:/usr/bin:/usr/sbin 20 | umask 022 21 | 22 | # Make sure we can write to /tmp by just mounting / read-write. 23 | mount -u /dev/rd0a / 24 | 25 | disk=sd0 26 | fpart=3 27 | dpart=a 28 | echo "growing filesystem on disk ${disk}" 29 | echo "(msdos partition $fpart, disklabel partition $dpart)" 30 | 31 | set -- $(disklabel "$disk" | sed -n '/^total sectors: /h;${g;p;}') 32 | sectors="$3" 33 | echo "total number of sectors: ${sectors}" 34 | 35 | set -- $(disklabel "$disk" | sed -n '/^ '"$dpart"':/h;${g;p;}') 36 | offset="$3" 37 | echo "partition start offset: ${offset}" 38 | 39 | size="$(($sectors-$offset))" 40 | echo "calculated new partition size: ${size}" 41 | 42 | # Do this now, so that if something goes wrong we avoid an infinite 43 | # loop. 44 | echo -n "removing boot.conf: " 45 | mount /dev/"$disk$dpart" /mnt 46 | rm -f /mnt/etc/boot.conf 47 | umount /mnt 48 | echo "done." 49 | 50 | echo -n "modifying fdisk partition: " 51 | fdisk -e "$disk" >/dev/null </dev/null </dev/null 78 | echo "done." 79 | 80 | echo -n "checking filesystem: " 81 | fsck -y /dev/"$disk$dpart" >/dev/null 82 | echo "done." 83 | 84 | echo "rebooting system..." 85 | exec reboot 86 | -------------------------------------------------------------------------------- /plugins/os/openbsd/files/usr/src/distrib/amd64/ramdisk_growfs/list.local: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | LINK instbin sbin/growfs 16 | COPY ${CURDIR}/dot.profile .profile 17 | -------------------------------------------------------------------------------- /plugins/os/openbsd/files/usr/src/distrib/special/growfs/Makefile: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | PROG= growfs 16 | SRCS= growfs.c 17 | MAN= growfs.8 18 | 19 | DPADD= ${LIBUTIL} 20 | LDADD= -lutil 21 | 22 | .PATH: ${.CURDIR}/../../../sbin/growfs 23 | .include 24 | -------------------------------------------------------------------------------- /plugins/os/openbsd/init.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | os_openbsd_plugin_usage() { 16 | usage_section "OpenBSD" 17 | 18 | usage_description \ 19 | "This plugin installs OpenBSD." 20 | 21 | usage_option "--release " \ 22 | "(REQUIRED) The OpenBSD release to install." 23 | 24 | usage_option "--arch " \ 25 | "The architecture to build for. (Default: amd64)" 26 | 27 | usage_option "--mirror " \ 28 | "The mirror from which to fetch the sets. Currently, only HTTP" \ 29 | "mirrors are supported." 30 | 31 | usage_option "--sets " \ 32 | "Which sets to install. (Default: base,comp,man,xbase,xfont," \ 33 | "xshare; i.e., everything but game and xserv)" 34 | 35 | usage_option "--kernel " \ 36 | "Which kernel to install. (Default: bsd.mp)" 37 | } 38 | 39 | register_usage os_openbsd_plugin_usage 40 | 41 | parseopt release true 42 | case "$(optval release)" in 43 | "") 44 | fatal "Required option 'release' not provided. Try $0 --help." 45 | ;; 46 | *) 47 | if ! optval release | grep -Eq '^[0-9]+\.[0-9]$'; then 48 | fatal "Invalid OpenBSD release: $(optval release)" 49 | fi 50 | ;; 51 | esac 52 | 53 | parseopt arch true amd64 54 | parseopt mirror true http://ftp.openbsd.org/pub/OpenBSD 55 | parseopt sets true 56 | parseopt kernel true bsd.mp 57 | 58 | download_base="$(optval mirror)"/"$(optval release)"/"$(optval arch)" 59 | release="$(optval release | tr -d .)" 60 | 61 | list_all_sets() { 62 | local sets 63 | if ! sets="$(optval sets)"; then 64 | if [ "$release" -ge 57 ]; then 65 | sets=base,comp,man,xbase,xfont,xshare 66 | else 67 | # Older versions of OpenBSD had separate base and etc sets. 68 | sets=base,comp,etc,man,xbase,xetc,xfont,xshare 69 | fi 70 | fi 71 | 72 | local IFS=, 73 | for set in $sets; do 74 | echo "$set""$release".tgz 75 | done 76 | } 77 | sets="$(list_all_sets)" 78 | 79 | install_packages_in_target() { 80 | run_in_target pkg_add -I "$@" | spin "Installing $*" 81 | } 82 | 83 | uninstall_packages_from_target() { 84 | run_in_target pkg_delete -I "$@" | spin "Uninstalling $*" 85 | } 86 | 87 | create_user() { 88 | local user="$1" 89 | local gecos="${2:-$user}" 90 | local pw="$3" 91 | local shell="$4" 92 | 93 | local pw_args 94 | if [ -n "$pw" ]; then 95 | pw_args=(-p "$(encrypt <<<"$pw")") 96 | else 97 | pw_args=() 98 | fi 99 | 100 | local shell_args 101 | if [ -n "$shell" ]; then 102 | local shell_="$(perl -ne 'print if m,/\Q'"$shell"'\E$,' "$TARGET"/etc/hostname."$1" 120 | } 121 | 122 | install_init_script() { 123 | fatal "install_init_script: OpenBSD does not support sysvinit." 124 | } 125 | 126 | install_pkglocatedb() { 127 | [ -e "$TARGET"/usr/local/bin/pkg_locate ] || 128 | install_packages_in_target pkglocatedb 129 | } 130 | 131 | find_package_containing() { 132 | local to_find="$1" 133 | local best_pkg 134 | 135 | install_pkglocatedb 136 | 137 | while IFS=: read pkg port file; do 138 | # pkg_locate treats 'foo' as if it were '*foo*', so we need to 139 | # make sure we haven't matched only part of a path. 140 | [ "$file" = "$to_find" ] || continue 141 | 142 | # If we found multiple matches, and one of them *isn't* a 143 | # substring of the other (indicating a different flavour), then 144 | # bail. 145 | local best_pkg_suffix="$(perl -pe "s/\\Q$pkg\\E//" <<<"$best_pkg")" 146 | local pkg_suffix="$(perl -pe "s/\\Q$best_pkg\\E//" <<<"$pkg")" 147 | if [ -n "$best_pkg" -a "$best_pkg_suffix" = "$best_pkg" -a "$pkg_suffix" = "$pkg" ]; then 148 | fatal "Unable to unambiguously install a package containing '$to_find'." 149 | fi 150 | 151 | # This is our new best_pkg if we don't already have one, or if 152 | # best_pkg has a suffix. 153 | if [ -z "$best_pkg" -o "$best_pkg_suffix" != "$best_pkg" ]; then 154 | best_pkg="$pkg" 155 | fi 156 | done < <(run_in_target pkg_locate "$to_find") 157 | 158 | # We don't care about specific versions of packages; this can be 159 | # important when making use of the M:Tier package repo, which 160 | # includes updates not reflected by pkg_locate. 161 | sed -r 's/-[0-9A-Za-z.]+$//' <<<"$best_pkg" 162 | } 163 | 164 | expand_command_path() { 165 | echo {,/usr,/usr/local}/{s,}bin/"$1" 166 | } 167 | 168 | install_kernel() { 169 | # It's possible that a kernel has already been installed when 170 | # install_kernel is called; in particular, M:Tier's openup script 171 | # will install a kernel for us if it has already been invoked. 172 | [ -e "$TARGET"/bsd ] || cp "$SETDIR"/"$(optval kernel)" "$TARGET"/bsd 173 | [ -e "$TARGET"/bsd.rd ] || cp "$SETDIR"/bsd.rd "$TARGET"/bsd.rd 174 | } 175 | 176 | set_hostname() { 177 | echo "$1" >"$TARGET"/etc/myname 178 | } 179 | 180 | # SELinux isn't relevant to anything but Linux, funnily enough. 181 | selinux_relabel() { :; } 182 | selinux_disable() { :; } 183 | 184 | mount_filesystem() { 185 | local special="$1" 186 | local mountpoint="$2" 187 | 188 | mount -o async,noatime "$special" "$mountpoint" 189 | } 190 | 191 | unmount_filesystem() { 192 | local mountpoint="$1" 193 | local safe="$2" 194 | 195 | if [ "$safe" = safe ]; then 196 | umount "$mountpoint" 197 | else 198 | umount -f "$mountpoint" 199 | fi 200 | } 201 | 202 | is_mountpoint() { 203 | # The root of an FFS filesystem always has inode number 2. 204 | test "$(stat -qf %i "$1")" = 2 205 | } 206 | -------------------------------------------------------------------------------- /plugins/os/openbsd/tasks/00-check-os-openbsd-sources.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | [ -d /usr/src/distrib/amd64/common -a -f /usr/src/sys/arch/amd64/conf/RAMDISK_CD ] || 16 | fatal "The OpenBSD source tree is not unpacked in /usr/src." 17 | -------------------------------------------------------------------------------- /plugins/os/openbsd/tasks/02-fetch-sets.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | SETDIR="$BASEDIR"/openbsd/"$(optval release)"/"$(optval arch)" 16 | mkdir -p "$SETDIR" 17 | 18 | for set in SHA256.sig $sets "$(optval kernel)" bsd.rd; do 19 | if [ ! -e "$SETDIR"/"$set" ] && ! ftp -MVo "$SETDIR"/"$set" "$download_base"/"$set"; then 20 | fatal "Error fetching '$set'." 21 | fi 22 | 23 | case "$set" in 24 | SHA256.sig) 25 | # First, we verify the signature once. 26 | if ! signify -qV -p /etc/signify/openbsd-"$release"-base.pub -x "$SETDIR"/SHA256.sig -m <(tail -n+3 "$SETDIR"/SHA256.sig); then 27 | fatal "Could not verify signature on '$set'." 28 | fi 29 | ;; 30 | *) 31 | # Then, we verify each file's checksum. 32 | if ! (cd "$SETDIR" && sha256 -qC SHA256.sig "$set"); then 33 | fatal "Could not verify checksum for '$set'." 34 | fi 35 | ;; 36 | esac 37 | done 38 | 39 | info "Successfully verified all signatures and checksums." 40 | -------------------------------------------------------------------------------- /plugins/os/openbsd/tasks/20-extract-sets.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | for set in $sets; do 16 | tar -xzphC "$TARGET" -f "$SETDIR"/"$set" 17 | done 18 | 19 | # As of OpenBSD 5.7, configuration is provided in tarballs under 20 | # /usr/share/sysmerge in the base set rather than as a separate etc 21 | # set. 22 | if [ "$release" -ge 57 ]; then 23 | for conf in "$TARGET"/usr/share/sysmerge/*etc.tgz; do 24 | tar -xzphC "$TARGET" -f "$conf" 25 | done 26 | fi 27 | -------------------------------------------------------------------------------- /plugins/os/openbsd/tasks/21-growfs.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | # Only one kernel build at a time, thanks. 16 | lock growfs 17 | 18 | rm -rf /usr/src/distrib/amd64/ramdisk_growfs /usr/src/distrib/special/growfs 19 | cp -r \ 20 | "$(plugin_file os/openbsd usr/src/distrib/amd64/ramdisk_growfs)" \ 21 | /usr/src/distrib/amd64/ 22 | cp -r \ 23 | "$(plugin_file os/openbsd usr/src/distrib/special/growfs)" \ 24 | /usr/src/distrib/special/ 25 | 26 | rm -rf /usr/obj/* 27 | (cd /usr/src && make obj 2>&1) | 28 | spin "Populating /usr/obj" 29 | 30 | (cd /usr/src/distrib/special && make 2>&1) | 31 | spin "Installing distribution tools" 32 | 33 | (cd /usr/src/distrib/amd64/ramdisk_growfs && make 2>&1) | 34 | spin "Building growfs ramdisk kernel" 35 | 36 | cp /usr/src/distrib/amd64/ramdisk_growfs/bsd.rd "$TARGET"/bsd.gf 37 | unlock growfs 38 | 39 | cat >"$TARGET"/etc/boot.conf < 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | (cd "$TARGET"/dev; ./MAKEDEV all) 16 | -------------------------------------------------------------------------------- /plugins/os/openbsd/tasks/21-pkg-conf.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | echo "installpath=$(optval mirror)/$(optval release)/packages/$(optval arch)" >"$TARGET"/etc/pkg.conf 16 | -------------------------------------------------------------------------------- /plugins/os/openbsd/tasks/21-resolv-conf.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | cleanup_os_openbsd_resolv_conf() { 16 | rm -f "$TARGET"/etc/resolv.conf 17 | } 18 | 19 | register_cleanup cleanup_os_openbsd_resolv_conf 20 | 21 | cp /etc/resolv.conf "$TARGET"/etc/resolv.conf 22 | -------------------------------------------------------------------------------- /plugins/os/openbsd/tasks/24-install-pkg-locate.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | cleanup_os_openbsd_install_pkglocatedb() { 16 | [ ! -e "$TARGET"/usr/local/bin/pkg_locate ] || uninstall_packages_from_target pkglocatedb 17 | } 18 | 19 | register_cleanup cleanup_os_openbsd_install_pkglocatedb 20 | -------------------------------------------------------------------------------- /plugins/os/openbsd/tasks/25-fstab.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | duid="$(disklabel "$DISK" | perl -ne 'print $1 if /^duid: (\S+)/')" 16 | 17 | cat >"$TARGET"/etc/fstab <<-EOF 18 | ${duid}.a / ffs rw,softdep,noatime 1 1 19 | EOF 20 | 21 | if [ -n "$SWAP_DEVICE" ]; then 22 | cat >>"$TARGET"/etc/fstab <<-EOF 23 | $SWAP_DEVICE none swap sw 24 | EOF 25 | fi 26 | -------------------------------------------------------------------------------- /plugins/os/openbsd/tasks/60-install-bootloader.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | installboot \ 16 | -r "$TARGET" \ 17 | "$DISK" \ 18 | "$TARGET"/usr/mdec/biosboot \ 19 | "$TARGET"/usr/mdec/boot || 20 | fatal "Error installing bootloader." 21 | -------------------------------------------------------------------------------- /plugins/os/openbsd/tasks/78-uninstall-pkg-locate.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | run_cleanups cleanup_os_openbsd_install_pkglocatedb 16 | -------------------------------------------------------------------------------- /plugins/os/openbsd/tasks/79-resolv-conf.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | run_cleanups cleanup_os_openbsd_resolv_conf 16 | -------------------------------------------------------------------------------- /plugins/package/auditd/init.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchor/pcib/c10e9e4bffd3dd22aba63be0d53c926f0e2f5445/plugins/package/auditd/init.sh -------------------------------------------------------------------------------- /plugins/package/auditd/tasks/30-install-auditd.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | install_package_providing auditd 16 | -------------------------------------------------------------------------------- /plugins/package/exim/init.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchor/pcib/c10e9e4bffd3dd22aba63be0d53c926f0e2f5445/plugins/package/exim/init.sh -------------------------------------------------------------------------------- /plugins/package/exim/tasks/29-preseed-exim.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | if [ "${OPTS[os]}" = debian ]; then 16 | run_in_target debconf-set-selections <<<'debconf exim4/dc_eximconfig_configtype select internet site; mail is sent and received directly using SMTP' 17 | fi 18 | -------------------------------------------------------------------------------- /plugins/package/exim/tasks/30-install-exim-package.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | install_package_providing exim 16 | -------------------------------------------------------------------------------- /plugins/package/grub/init.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchor/pcib/c10e9e4bffd3dd22aba63be0d53c926f0e2f5445/plugins/package/grub/init.sh -------------------------------------------------------------------------------- /plugins/package/grub/tasks/30-install-grub-package.sh: -------------------------------------------------------------------------------- 1 | case "${OPTS[os]}" in 2 | debian) 3 | # Because Debian has multiple packages that provide grub-install, 4 | # and because the one of those packages that we *want* is 5 | # grub2-common (which doesn't provide all of GRUB), we have to be 6 | # a bit picky about specific package names here instead of just 7 | # letting install_package_providing do its thing. 8 | install_packages_in_target grub-pc 9 | ;; 10 | centos) 11 | # CentOS 7 is in a similar boat to Debian, having both grub2 and 12 | # grub2-tools. Older CentOSen still use GRUB 1. 13 | install_packages_in_target grub2 || install_package_providing grub-install 14 | ;; 15 | *) 16 | install_package_providing grub-install 17 | ;; 18 | esac 19 | -------------------------------------------------------------------------------- /plugins/package/grub/tasks/60-install-grub-in-bootloader.sh: -------------------------------------------------------------------------------- 1 | cleanup_grub1_install() { 2 | kpartx -d /dev/mapper/hda 3 | dmsetup remove hda 4 | # Give udev time to react. 5 | sleep 1 6 | unlock grub1:install 7 | } 8 | 9 | if run_in_target which grub2-install &>/dev/null; then 10 | # CentOS is a little special. 11 | grub_install=grub2-install 12 | grub_mkconfig=/usr/sbin/grub2-mkconfig 13 | _boot_grub=/boot/grub2 14 | else 15 | grub_install=grub-install 16 | grub_mkconfig=/usr/sbin/grub-mkconfig 17 | _boot_grub=/boot/grub 18 | fi 19 | 20 | mkdir -p "$TARGET""$_boot_grub" 21 | 22 | case "$(run_in_target "$grub_install" --version)" in 23 | *\ 0.*) 24 | # Oh *man*... I thought grub2 was weird 25 | 26 | # Temporary device.map for grub installation purposes 27 | echo "(hd0) $BLOCK_DEVICE" >"$TARGET""$_boot_grub"/device.map 28 | 29 | register_cleanup cleanup_grub1_install 30 | 31 | # http://ebroder.net/2009/08/04/installing-grub-onto-a-disk-image/ 32 | # gave me the nasty details of this one 33 | 34 | blocks=$(($(optval image-size) * 2097152)) 35 | maj_num=$((0x$(stat -c %t "$BLOCK_DEVICE"))) 36 | min_num=$((0x$(stat -c %T "$BLOCK_DEVICE"))) 37 | 38 | lock grub1:install 39 | echo "0 $blocks linear $maj_num:$min_num 0" | dmsetup create hda 40 | kpartx -a /dev/mapper/hda 41 | # Give udev time to react. 42 | sleep 1 43 | 44 | # Setup some dummy files 45 | echo "(hd0) /dev/mapper/hda" >"$TARGET""$_boot_grub"/device.map 46 | 47 | if ! optval lvname >/dev/null; then 48 | echo "/dev/mapper/hda1 / ext4 defaults 0 0" >"$TARGET"/etc/mtab 49 | else 50 | echo "/dev/mapper/hda1 /boot ext3 defaults 0 0" >"$TARGET"/etc/mtab 51 | echo "/dev/mapper/hda2 / ext4 defaults 0 0" >>"$TARGET"/etc/mtab 52 | fi 53 | 54 | run_in_target "$grub_install" /dev/mapper/hda >/dev/null 2>&1 55 | run_cleanups cleanup_grub1_install 56 | 57 | # Replace with a real device.map 58 | echo "(hd0) /dev/vda" >"$TARGET""$_boot_grub"/device.map 59 | rm -f "$TARGET"/etc/mtab 60 | ;; 61 | *\ 1.99*) 62 | cp "$TARGET"/usr/lib/grub/i386-pc/* "$TARGET""$_boot_grub"/ 63 | 64 | if ! optval lvname >/dev/null; then 65 | grub_dir="$_boot_grub" 66 | else 67 | grub_dir=/grub 68 | fi 69 | run_in_target grub-mkimage -d /usr/lib/grub/i386-pc -O i386-pc \ 70 | --output="$_boot_grub"/core.img --prefix="(,1)${grub_dir}" \ 71 | biosdisk ext2 part_msdos 72 | 73 | # Final, real device.map for boot 74 | echo "(hd0) /dev/vda" >"$TARGET""$_boot_grub"/device.map 75 | 76 | run_in_target grub-setup -d "$_boot_grub" --root-device='(hd0)' "$BLOCK_DEVICE" 77 | ;; 78 | *) 79 | echo "(hd0) /dev/vda" >"$TARGET""$_boot_grub"/device.map 80 | 81 | run_in_target "$grub_install" "$BLOCK_DEVICE" 2>&1 | spin "Installing GRUB to MBR" 82 | ;; 83 | esac 84 | -------------------------------------------------------------------------------- /plugins/package/grub/tasks/61-generate-grub-config.sh: -------------------------------------------------------------------------------- 1 | remunge_defaults= 2 | 3 | # This is a workaround for the fact that partitioner/full-disk-with-lvm 4 | # uses a temporary VG name for the build to enable parallelism, and we 5 | # want the image to end up with the final VG name. 6 | case "$(run_in_target "$grub_install" --version)" in 7 | *\ 1.99*|*\ 2.*) 8 | if optval lvname >/dev/null; then 9 | echo GRUB_DEVICE="$(lvm_device_path "$(optval vgname)" "$(optval lvname)")" >>"$TARGET"/etc/default/grub 10 | # If GRUB "detects" that the path we've given it isn't an LVM 11 | # path, it will use the UUID of the mounted root filesystem 12 | # instead. 13 | echo GRUB_DISABLE_LINUX_UUID=true >>"$TARGET"/etc/default/grub 14 | remunge_defaults=y 15 | fi 16 | ;; 17 | *) 18 | ;; 19 | esac 20 | 21 | # This is a workaround for some older versions of GRUB2 which don't 22 | # correctly detect the root device's UUID in a chroot. 23 | case "$(run_in_target "$grub_install" --version)" in 24 | *\ 1.99*) 25 | if ! optval lvname >/dev/null; then 26 | echo GRUB_DEVICE_UUID="$(blkid -s UUID -o value "${PARTITIONS[/]}")" >>"$TARGET"/etc/default/grub 27 | remunge_defaults=y 28 | fi 29 | ;; 30 | *) 31 | ;; 32 | esac 33 | 34 | if [ -x "$TARGET"/usr/sbin/update-grub ]; then 35 | run_in_target /usr/sbin/update-grub 2>&1 | spin "Configuring GRUB" 36 | elif [ -x "$TARGET""$grub_mkconfig" ]; then 37 | run_in_target "$grub_mkconfig" 2>&1 >"$TARGET""$_boot_grub"/grub.cfg | spin "Configuring GRUB" 38 | else 39 | if [ ! -e "$TARGET"/etc/grub.conf ]; then 40 | ln -s "$_boot_grub"/grub.conf "$TARGET"/etc/grub.conf 41 | fi 42 | 43 | if [ ! -e "$TARGET""$_boot_grub"/menu.lst ]; then 44 | ln -s "$_boot_grub"/grub.conf "$TARGET"/boot/grub/menu.lst 45 | fi 46 | 47 | if ! [ -e "$TARGET""$_boot_grub"/grub.conf ]; then 48 | kernel="$(basename "$(ls "$TARGET"/boot/vmlinuz*)")" 49 | if [ -z "$kernel" ]; then 50 | fatal "No kernel found" 51 | fi 52 | 53 | initrd="$(basename "$(ls "$TARGET"/boot/init*img*)")" 54 | if [ -z "$initrd" ]; then 55 | fatal "No initrd found" 56 | fi 57 | 58 | if ! optval lvname >/dev/null; then 59 | cat >"$TARGET""$_boot_grub"/grub.conf <<-EOF 60 | default=0 61 | timeout=5 62 | title Linux 63 | root (hd0,0) 64 | kernel /boot/$kernel ro root=/dev/vda1 65 | initrd /boot/$initrd 66 | EOF 67 | else 68 | cat >"$TARGET""$_boot_grub"/grub.conf <<-EOF 69 | default=0 70 | timeout=5 71 | title Linux 72 | root (hd0,0) 73 | kernel /$kernel ro root=$(lvm_device_path "$(optval vgname)" "$(optval lvname)") 74 | initrd /$initrd 75 | EOF 76 | fi 77 | fi 78 | fi 79 | 80 | if [ -n "$remunge_defaults" ]; then 81 | sed -i '/^GRUB_DEVICE=/d;/^GRUB_DEVICE_UUID=/d;/^GRUB_DISABLE_LINUX_UUID=/d' "$TARGET"/etc/default/grub 82 | fi 83 | -------------------------------------------------------------------------------- /plugins/package/postfix/init.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchor/pcib/c10e9e4bffd3dd22aba63be0d53c926f0e2f5445/plugins/package/postfix/init.sh -------------------------------------------------------------------------------- /plugins/package/postfix/tasks/30-install-postfix-package.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | install_package_providing postfix 16 | -------------------------------------------------------------------------------- /plugins/package/sshd/files/init_scripts/generate-ssh-hostkeys: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | ### BEGIN INIT INFO 3 | # Provides: generate-ssh-hostkeys 4 | # Required-Start: $local_fs 5 | # Required-Stop: 6 | # Should-Start: 7 | # Should-Stop: 8 | # Default-Start: 2 3 4 5 9 | # Default-Stop: 0 1 6 10 | # Description: Generate ssh host keys if they do not exist 11 | ### END INIT INFO 12 | 13 | if [ -f /etc/ssh/ssh_host_rsa_key -o -f /etc/ssh/ssh_host_dsa_key ]; then 14 | exit 0 15 | fi 16 | 17 | case "$1" in 18 | start) 19 | exec ssh-keygen -A 20 | ;; 21 | *) 22 | # Do nothing. 23 | ;; 24 | esac 25 | 26 | : 27 | -------------------------------------------------------------------------------- /plugins/package/sshd/files/systemd/generate-ssh-hostkeys.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Generate ssh host keys if they do not exist 3 | ConditionPathExists=!/etc/ssh/ssh_host_rsa_key 4 | ConditionPathExists=!/etc/ssh/ssh_host_dsa_key 5 | Before=ssh.service 6 | 7 | [Service] 8 | Type=oneshot 9 | RemainAfterExit=yes 10 | ExecStart=/usr/bin/ssh-keygen -A 11 | 12 | [Install] 13 | WantedBy=ssh.service 14 | -------------------------------------------------------------------------------- /plugins/package/sshd/init.sh: -------------------------------------------------------------------------------- 1 | package_sshd_usage() { 2 | usage_section "sshd" 3 | 4 | usage_description \ 5 | "This plugin installs and configures the OpenSSH server for" \ 6 | "remote login." 7 | 8 | usage_option "permit-root-login" \ 9 | "An optional setting for the PermitRootLogin option in" \ 10 | "sshd_config. If unspecified, will be left as the default. Note" \ 11 | "that mds plugins may override this based on instance metadata" \ 12 | "at boot time." 13 | } 14 | 15 | register_usage package_sshd_usage 16 | 17 | parseopt permit-root-login true 18 | permit_root_login="$(optval permit-root-login)" || : 19 | case "$permit_root_login" in 20 | ""|yes|without-password|no) ;; 21 | *) fatal "Invalid value for permit-root-login: $permit_root_login" ;; 22 | esac 23 | -------------------------------------------------------------------------------- /plugins/package/sshd/tasks/00-check-package-ssh-programs-available.sh: -------------------------------------------------------------------------------- 1 | check_program_available "$gsed '' /dev/null; then 3 | fatal "Error removing '$k' from the image." 4 | fi 5 | done 6 | -------------------------------------------------------------------------------- /plugins/package/unattended-upgrades/init.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchor/pcib/c10e9e4bffd3dd22aba63be0d53c926f0e2f5445/plugins/package/unattended-upgrades/init.sh -------------------------------------------------------------------------------- /plugins/package/unattended-upgrades/tasks/00-check-unattended-upgrades-os.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | if [ "${OPTS[os]}" != debian ]; then 16 | fatal "unattended-upgrades not supported on ${OPTS[os]}" 17 | fi 18 | -------------------------------------------------------------------------------- /plugins/package/unattended-upgrades/tasks/30-install-unattended-upgrades-packages.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | install_packages_in_target unattended-upgrades 16 | -------------------------------------------------------------------------------- /plugins/package/unattended-upgrades/tasks/40-configure-unattended-upgrades.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | run_in_target debconf-set-selections <<<'debconf unattended-upgrades/enable_auto_updates boolean true' 16 | run_in_target dpkg-reconfigure --frontend=noninteractive --default-priority unattended-upgrades 2>/dev/null 17 | -------------------------------------------------------------------------------- /plugins/package/yum-cron/init.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchor/pcib/c10e9e4bffd3dd22aba63be0d53c926f0e2f5445/plugins/package/yum-cron/init.sh -------------------------------------------------------------------------------- /plugins/package/yum-cron/tasks/00-check-yum-cron-os.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | if [ "${OPTS[os]}" != centos ]; then 16 | fatal "yum-cron not supported on ${OPTS[os]}" 17 | fi 18 | -------------------------------------------------------------------------------- /plugins/package/yum-cron/tasks/30-install-yum-cron-packages.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | install_packages_in_target yum-cron 16 | -------------------------------------------------------------------------------- /plugins/package/yum-cron/tasks/40-configure-yum-cron.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | # As of CentOS 7, yum-cron has been reimplemented, and now the default 16 | # configuration doesn't install updates automatically. We do nothing 17 | # for the old shell script that shipped in CentOS 6 and earlier because 18 | # that will install updates by default. 19 | if [ -e "$TARGET"/etc/yum/yum-cron.conf ]; then 20 | "$gsed" -i 's/^apply_updates = no$/apply_updates = yes/' "$TARGET"/etc/yum/yum-cron.conf 21 | fi 22 | -------------------------------------------------------------------------------- /plugins/partitioner/disklabel/init.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchor/pcib/c10e9e4bffd3dd22aba63be0d53c926f0e2f5445/plugins/partitioner/disklabel/init.sh -------------------------------------------------------------------------------- /plugins/partitioner/disklabel/tasks/05-partition-image.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | fdisk -iy "$CHARACTER_DEVICE" >/dev/null 16 | disklabel -E "$CHARACTER_DEVICE" >/dev/null <" \ 8 | "Create the LV on the specified VG." 9 | 10 | usage_option "--lvname " \ 11 | "Create the root LV with the specified name." 12 | 13 | usage_option "--lvsize " \ 14 | "Create the LV with the specified size. The format is that" \ 15 | "accepted by lvcreate(8). (default: image size - 1G)" 16 | } 17 | 18 | register_usage misc_lvm_target_plugin_usage 19 | 20 | parseopt vgname true 21 | parseopt lvname true 22 | parseopt lvsize true "$(( ${OPTS[image-size]} - 1 ))G" 23 | 24 | # Convenience function. 25 | # lvm_device_path -> 26 | lvm_device_path() { 27 | local vgname="$1" 28 | local lvname="$2" 29 | 30 | echo /dev/mapper/"${vgname//-/--}"-"${lvname//-/--}" 31 | } 32 | -------------------------------------------------------------------------------- /plugins/partitioner/full-disk-with-lvm/tasks/00-check-full-disk-partitioner-programs.sh: -------------------------------------------------------------------------------- 1 | check_program_available "sfdisk -h" "sfdisk" 2 | check_program_available "lvs >/dev/null 2>&1" "lvs" 3 | check_program_available "vgs >/dev/null 2>&1" "vgs" 4 | check_program_available "pvcreate -h >/dev/null 2>&1" "pvcreate" 5 | check_program_available "vgcreate -h >/dev/null 2>&1" "vgcreate" 6 | check_program_available "lvcreate -h >/dev/null 2>&1" "lvcreate" 7 | -------------------------------------------------------------------------------- /plugins/partitioner/full-disk-with-lvm/tasks/01-validate-misc-lvm-target-options.sh: -------------------------------------------------------------------------------- 1 | if ! optval vgname >/dev/null; then 2 | fatal "--vgname must be specified" 3 | fi 4 | 5 | if ! optval lvname >/dev/null; then 6 | fatal "--lvname must be specified" 7 | fi 8 | -------------------------------------------------------------------------------- /plugins/partitioner/full-disk-with-lvm/tasks/05-partition-image.sh: -------------------------------------------------------------------------------- 1 | sfdisk -f -u S "$BLOCK_DEVICE" </dev/null 2>&1 2 | 2048,514047,83 3 | 516095,,8e 4 | EOF 5 | 6 | declare -A PARTITIONS 7 | 8 | PARTITIONS[/boot]="${BLOCK_DEVICE}p1" 9 | PARTITIONS[/]="${BLOCK_DEVICE}p2" 10 | -------------------------------------------------------------------------------- /plugins/partitioner/full-disk-with-lvm/tasks/06-refresh-partitions.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | cleanup_refresh_partitions() { 16 | kpartx -d "$BLOCK_DEVICE" 17 | # Give udev time to react. 18 | sleep 1 19 | } 20 | 21 | register_cleanup "cleanup_refresh_partitions" 22 | 23 | kpartx -a "$BLOCK_DEVICE" 24 | # Give udev time to react. 25 | sleep 1 26 | 27 | # kpartx has a nasty habit of putting all its partitions under /dev/mapper, 28 | # which, of course, the partitioner isn't expected to know. So, we need to 29 | # manually mangle the partition names to correspond to the kpartx-created 30 | # names. 31 | for partname in "${!PARTITIONS[@]}"; do 32 | debug "Converting $partname (${PARTITIONS[$partname]}) to kpartx-created device name" 33 | PARTITIONS[$partname]="/dev/mapper/$(basename "${PARTITIONS[$partname]}")" 34 | done 35 | -------------------------------------------------------------------------------- /plugins/partitioner/full-disk-with-lvm/tasks/07-create-target-lv.sh: -------------------------------------------------------------------------------- 1 | cleanup_lvm() { 2 | vgchange -an "$vgname" &>/dev/null 3 | # Give udev time to react. 4 | sleep 1 5 | } 6 | 7 | debug "Loopback device is $BLOCK_DEVICE" 8 | 9 | pvcreate "${PARTITIONS[/]}" |& logpipe "pvcreate" 10 | 11 | # In order to allow multiple image builds to run simultaneously, use a 12 | # random temporary VG name for the build. We'll rename it to 13 | # $(optval vgname) later, in a brief serialised portion of the build. 14 | vgname="$(mktemp -u pcib.XXXXXX)" 15 | 16 | register_cleanup cleanup_lvm 17 | vgcreate "$vgname" "${PARTITIONS[/]}" |& logpipe "vgcreate" 18 | 19 | lvcreate -L "$(optval lvsize)" -n "$(optval lvname)" \ 20 | "$vgname" |& logpipe "lvcreate root" 21 | 22 | # Has another plugin requested a place to mkswap? 23 | if [ "$WANT_SWAP" = y ]; then 24 | lvcreate -L "$SWAP_SIZE" -n swap "$vgname" \ 25 | |& logpipe "lvcreate swap" 26 | SWAP_DEVICE="$(lvm_device_path "$vgname" swap)" 27 | fi 28 | 29 | declare -A PARTITIONS 30 | PARTITIONS[/]="$(lvm_device_path "$vgname" "$(optval lvname)")" 31 | -------------------------------------------------------------------------------- /plugins/partitioner/full-disk-with-lvm/tasks/15-refresh-partitions.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | # This is necessary because mkfs doesn't trigger udev to repopulate 16 | # /dev/disk/by-uuid, which causes hassles down the line when GRUB hard 17 | # codes our bootstrap device name into its config. 18 | vgchange -an "$vgname" &>/dev/null 19 | kpartx -d "$BLOCK_DEVICE" &>/dev/null 20 | kpartx -a "$BLOCK_DEVICE" &>/dev/null 21 | vgchange -ay "$vgname" &>/dev/null 22 | 23 | # This is a bit of a hack to make /etc/fstab come out with the right VG 24 | # name, as we've allocated a temporary one in 07-create-target-lv.sh. 25 | [ -z "$WANT_SWAP" ] || SWAP_DEVICE="$(lvm_device_path "$(optval vgname)" swap)" 26 | -------------------------------------------------------------------------------- /plugins/partitioner/full-disk-with-lvm/tasks/30-install-lvm-packages.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | install_package_providing lvm 16 | -------------------------------------------------------------------------------- /plugins/partitioner/full-disk-with-lvm/tasks/79-clean-lvm.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | # Prevent information leakage about the host system's LVM VGs into the 16 | # image. We use a for loop because gshred errors if given no arguments, 17 | # and we want to just do nothing if there is nothing to delete. 18 | for f in "$TARGET"/etc/lvm/archive/* "$TARGET"/etc/lvm/backup/*; do 19 | "$gshred" --remove "$f" 20 | done 21 | -------------------------------------------------------------------------------- /plugins/partitioner/full-disk-with-lvm/tasks/84-finalise-vg.sh: -------------------------------------------------------------------------------- 1 | # Ensure only one build at a time uses the $(optval vgname) VG. 2 | lvm_lock="lvm:$(optval vgname)" 3 | lock "$lvm_lock" 4 | 5 | vgrename "$vgname" "$(optval vgname)" |& logpipe vgrename 6 | vgname="$(optval vgname)" 7 | 8 | run_cleanups cleanup_lvm 9 | unlock "$lvm_lock" 10 | -------------------------------------------------------------------------------- /plugins/partitioner/full-disk/init.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchor/pcib/c10e9e4bffd3dd22aba63be0d53c926f0e2f5445/plugins/partitioner/full-disk/init.sh -------------------------------------------------------------------------------- /plugins/partitioner/full-disk/tasks/00-check-full-disk-partitioner-programs.sh: -------------------------------------------------------------------------------- 1 | check_program_available "sfdisk -h" sfdisk 2 | 3 | -------------------------------------------------------------------------------- /plugins/partitioner/full-disk/tasks/05-partition-image.sh: -------------------------------------------------------------------------------- 1 | sfdisk -f -u S "$BLOCK_DEVICE" &>/dev/null < 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | cleanup_refresh_partitions() { 16 | kpartx -d "$BLOCK_DEVICE" 17 | # Give udev time to react. 18 | sleep 1 19 | } 20 | 21 | register_cleanup "cleanup_refresh_partitions" 22 | 23 | kpartx -a "$BLOCK_DEVICE" 24 | # Give udev time to react. 25 | sleep 1 26 | 27 | # kpartx has a nasty habit of putting all its partitions under /dev/mapper, 28 | # which, of course, the partitioner isn't expected to know. So, we need to 29 | # manually mangle the partition names to correspond to the kpartx-created 30 | # names. 31 | for partname in "${!PARTITIONS[@]}"; do 32 | debug "Converting $partname (${PARTITIONS[$partname]}) to kpartx-created device name" 33 | PARTITIONS[$partname]="/dev/mapper/$(basename "${PARTITIONS[$partname]}")" 34 | done 35 | -------------------------------------------------------------------------------- /plugins/partitioner/full-disk/tasks/15-refresh-partitions.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | # This is necessary because mkfs doesn't trigger udev to repopulate 16 | # /dev/disk/by-uuid, which causes hassles down the line when GRUB hard 17 | # codes our bootstrap device name into its config. 18 | kpartx -d "$BLOCK_DEVICE" &>/dev/null 19 | kpartx -a "$BLOCK_DEVICE" &>/dev/null 20 | # Give udev time to react. 21 | sleep 1 22 | -------------------------------------------------------------------------------- /plugins/repo/debian-backports/init.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchor/pcib/c10e9e4bffd3dd22aba63be0d53c926f0e2f5445/plugins/repo/debian-backports/init.sh -------------------------------------------------------------------------------- /plugins/repo/debian-backports/tasks/00-check-debian-backports-os.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | if [ "${OPTS[os]}" != debian ]; then 16 | fatal "debian-backports not supported on ${OPTS[os]}" 17 | fi 18 | -------------------------------------------------------------------------------- /plugins/repo/debian-backports/tasks/21-debian-backports.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | echo "deb ${OPTS[apt-mirror]} ${release_name}-backports main" >"$TARGET"/etc/apt/sources.list.d/backports.list 16 | -------------------------------------------------------------------------------- /plugins/repo/epel/init.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | repo_epel_plugin_usage() { 16 | usage_section "EPEL" 17 | 18 | usage_description \ 19 | "This plugin enables Extra Packages for Enterprise Linux." 20 | 21 | usage_option "--epel-mirror " \ 22 | "The mirror from which to fetch packages. Defaults to --mirror," \ 23 | "with any trailing 'centos' substituted with 'epel'." 24 | 25 | usage_option "--epel-gpgkey " \ 26 | "The URL from which to fetch the EPEL GPG key. May be specified" \ 27 | "as either an absolute URL or a relative path; in the latter" \ 28 | "case, it is appended to --epel-mirror. Defaults to" \ 29 | "'RPM-GPG-KEY-EPEL-(--release)'." 30 | } 31 | 32 | register_usage repo_epel_plugin_usage 33 | 34 | parseopt epel-mirror true 35 | parseopt epel-gpgkey true 36 | -------------------------------------------------------------------------------- /plugins/repo/epel/tasks/00-check-epel-os.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | if [ "${OPTS[os]}" != centos ]; then 16 | fatal "epel not supported on ${OPTS[os]}" 17 | fi 18 | -------------------------------------------------------------------------------- /plugins/repo/epel/tasks/00-epel-option-defaults.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | epel_mirror="$(optval epel-mirror)" || epel_mirror="$(optval mirror | sed -r 's,centos(/?)$,epel\1,i')" 16 | 17 | if [[ "$(optval epel-gpgkey)" =~ ^[A-Za-z][A-Za-z+-.]*: ]]; then 18 | # We have a full URL. 19 | epel_gpgkey="$(optval epel-gpgkey)" 20 | elif optval epel-gpgkey >/dev/null; then 21 | # We have a relative URL. 22 | epel_gpgkey="$epel_mirror"/"$(optval epel-gpgkey)" 23 | else 24 | # Default. 25 | epel_gpgkey="$epel_mirror"/RPM-GPG-KEY-EPEL-"$release_version" 26 | fi 27 | -------------------------------------------------------------------------------- /plugins/repo/epel/tasks/23-epel.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | cat >"$TARGET"/etc/yum.repos.d/epel.repo <<-EOF 16 | [epel] 17 | name=Extra Packages for Enterprise Linux 18 | baseurl=$epel_mirror/\$releasever/\$basearch/ 19 | enabled=1 20 | gpgcheck=1 21 | gpgkey=$epel_gpgkey 22 | 23 | [epel-debuginfo] 24 | name=Extra Packages for Enterprise Linux - Debug 25 | baseurl=$epel_mirror/\$releasever/\$basearch/debug/ 26 | enabled=0 27 | gpgcheck=1 28 | 29 | [epel-source] 30 | name=Extra Packages for Enterprise Linux - Source 31 | baseurl=$epel_mirror/\$releasever/SRPMS/ 32 | enabled=0 33 | gpgcheck=1 34 | EOF 35 | -------------------------------------------------------------------------------- /plugins/repo/m-tier/files/etc/signify/mtier-56-pkg.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: signature from M:Tier Ltd. 5.6 stable public key 2 | RWQQss3E1pCsGzoY2kAPvTuhn4/BjXNf3Ou/BqWq5aaypiAM+cvzjZd3 3 | -------------------------------------------------------------------------------- /plugins/repo/m-tier/files/etc/signify/mtier-57-pkg.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: M:Tier Ltd. 5.7 stable public key public key 2 | RWRtyvBdYDUs1e4fgLEylrBoW5YgEd4Q6dFc4IjlgtnCtbdzs1cwuNX4 3 | -------------------------------------------------------------------------------- /plugins/repo/m-tier/files/usr/local/sbin/openup: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Copyright (c) 2013, 2014 M:tier Ltd. 4 | # 5 | # Permission to use, copy, modify, and distribute this software for any 6 | # purpose with or without fee is hereby granted, provided that the above 7 | # copyright notice and this permission notice appear in all copies. 8 | # 9 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | # 17 | # Author: Antoine Jacoutot 18 | 19 | # ChangeLog 20 | # http://cgit.mtier.org:8000/openup/log/ 21 | 22 | ######################################################################## 23 | ### DO NOT EDIT THIS FILE!!! ### 24 | ### User defined variables: overrides are read from /etc/openup.conf ### 25 | ######################################################################## 26 | 27 | # URL to the latest openup version 28 | OPENUP_URL="https://stable.mtier.org/openup" 29 | 30 | # signify(1) public key 31 | PKG_PUBKEY_URL="https://stable.mtier.org/mtier-$(uname -r | tr -d '.')-pkg.pub" 32 | 33 | # PKG_PATH for currently running OpenBSD release 34 | PKG_PATH_MAIN="http://ftp.fr.openbsd.org/pub/OpenBSD/$(uname -r)/packages/$(arch -s)" 35 | 36 | # PKG_PATH for the corresponding release stable service 37 | PKG_PATH_UPDATE="https://stable.mtier.org/updates/$(uname -r)/$(arch -s)" 38 | 39 | # PKG_PATH addition for the corresponding LTS release stable service 40 | #PKG_PATH_UPDATE_LTS="https://user%domain.tld:password@stable.mtier.org/updates-lts/$(uname -r)/$(arch -s)" 41 | 42 | # URL to the latest vuxml (vulnerabilities database) 43 | VUXML_URL="https://stable.mtier.org/vuxml/$(uname -r | tr -d '.').xml" 44 | 45 | # fetch command (must behave like "ftp -o"); e.g. "wget -qO" 46 | FETCH="ftp -Vo" 47 | 48 | # exclusion list: pkg names without version/flavor, separated by space 49 | EXCLUDE_PKG="" 50 | 51 | ######################################################################## 52 | ### End of user defined variables ### 53 | ######################################################################## 54 | 55 | usage() { 56 | echo 57 | echo "Usage: ${0##*/} [-K][-S|c]" >&2 58 | echo 59 | echo "Options:" 60 | echo " -K do not check for kernel binpatches (when running non GENERIC)" 61 | echo " -S ignore binpatch/package signatures" 62 | echo " -c check/cron mode, report only (cannot be used with -S)" 63 | echo 64 | exit 1 65 | } 66 | 67 | pr_err() { 68 | echo "!!! ${@}" 69 | } 70 | 71 | bye_bye() { 72 | rm -rf ${_TMPDIR} ${_PID} 73 | exit 1 74 | } 75 | 76 | pr() { 77 | if [ -z "${checkrun}" ]; then 78 | echo "===> ${@}" 79 | fi 80 | } 81 | 82 | get_key() { 83 | [ -r /etc/signify/mtier-${_REL_INT}-pkg.pub ] && return 84 | 85 | pr "Downloading and installing public key" 86 | ${FETCH} ${_TMPKEY} ${PKG_PUBKEY_URL} || bye_bye 87 | install -m0644 ${_TMPKEY} /etc/signify/mtier-${_REL_INT}-pkg.pub || bye_bye 88 | } 89 | 90 | check_openupd() { 91 | local _U 92 | 93 | pr "Checking for openup update" 94 | _U="${FETCH} - ${OPENUP_URL} | awk -F '=' '/^_OPENUP_VERSION/ { print \$2 }'" 95 | _U=$(eval $_U) 96 | if [ -z "${_U}" ]; then 97 | pr_err "Cannot retrieve ${OPENUP_URL}" 98 | pr_err "Please verify your Internet connection, proxy settings and firewall." 99 | bye_bye 100 | fi 101 | 102 | if [ "${_OPENUP_VERSION}" -lt "${_U}" ]; then 103 | pr_err "New openup release (version ${_U}) available; please update with:" 104 | pr_err "${FETCH} $(readlink -f $0) ${OPENUP_URL}" 105 | bye_bye 106 | fi 107 | } 108 | 109 | # check that we have no installed binpatches from a previous release and 110 | # if so remove the entries manually (we don't want pkg_delete to 111 | # modify nor error out on installed files from newer release/binpatch) 112 | rm_old_bp() { 113 | local _bp 114 | local _BPDB=$(ls -d /var/db/binpatch/{binpatch-,}[0-9]* 2>/dev/null |grep -v ${_REL}) 115 | local _BPPKG=$(ls -d /var/db/pkg/binpatch* 2>/dev/null |grep -v binpatch${_REL_INT}) 116 | if [ -n "${_BPPKG}" -o -n "${_BPDB}" ]; then 117 | pr "Removing old release binpatch entries" 118 | fi 119 | for _bp in ${_BPPKG} ${_BPDB}; do 120 | rm -rf ${_bp} 121 | done 122 | } 123 | 124 | update_binpatches() { 125 | local _BP _b _e 126 | 127 | # binpatches can only be found in PKG_PATH_UPDATE{,_LTS) and we 128 | # want to make sure we search in all paths and don't stop at the 129 | # first match we find 130 | for i in ${PKG_PATH_UPDATE_LTS} ${PKG_PATH_UPDATE}; do 131 | _BP="$(pkg_info -Q binpatch${_REL_INT}-${_ARCH} | sed 's/.[^-]*$//' | sort -u)${_BP:+ ${_BP}}" 132 | done 133 | 134 | if [ -n "${_BP}" ]; then 135 | for _e in ${EXCLUDE_PKG}; do 136 | set -A _BP -- ${_BP} 137 | _BP="$(for _b in ${_BP[@]}; do echo ${_b} | grep -v "^${_e}$"; done)" 138 | done 139 | _BP=$(echo "${_BP}" | tr '\n' ' ') 140 | 141 | pr "Installing/updating binpatch(es)" 142 | pkg_add ${pkgopt} ${_BP} || bye_bye 143 | fi 144 | } 145 | 146 | update_pkg() { 147 | local _PKG _e _p 148 | 149 | _PKG=$(pkg_info -q | grep -v binpatch${_REL_INT}-${_ARCH}) 150 | 151 | if [ -n "${_PKG}" ]; then 152 | for _e in ${EXCLUDE_PKG}; do 153 | set -A _PKG -- ${_PKG} 154 | _PKG="$(for _p in ${_PKG[@]}; do echo ${_p} | grep -v "^${_e}-.*"; done)" 155 | done 156 | _PKG=$(echo "${_PKG}" | tr '\n' ' ') 157 | 158 | pr "Updating package(s)" 159 | pkg_add -quz ${pkgopt} ${_PKG} || bye_bye 160 | fi 161 | } 162 | 163 | # this only outputs the most recent vulnerability for each matching pkg 164 | check_vuxml() { 165 | local _BP_MATCH _OUTDATED _PKG_MATCH _b _e _p 166 | 167 | # XXX5.6 drop redirect to /dev/null when 5.6 is out of support 168 | ${FETCH} ${_TMPVUXML} ${VUXML_URL} >/dev/null || bye_bye 169 | perl -pi -e 's,\$ARCH,'"${_ARCH}"',g' ${_TMPVUXML} 170 | 171 | _BP_MATCH="$(grep binpatch ${_TMPVUXML} | sed -e 's,,,g;s,,,g;s,\$ARCH,'"${_ARCH}"',g' | sort -u)" 172 | for _e in ${EXCLUDE_PKG}; do 173 | set -A _BP_MATCH -- ${_BP_MATCH} 174 | _BP_MATCH="$(for _b in ${_BP_MATCH[@]}; do echo ${_b} | grep -v "^${_e}$"; done)" 175 | done 176 | 177 | _PKG_MATCH=$(pkg_info -q | grep -v binpatch${_REL_INT}-${_ARCH}) 178 | for _e in ${EXCLUDE_PKG}; do 179 | set -A _PKG_MATCH -- ${_PKG_MATCH} 180 | _PKG_MATCH="$(for _p in ${_PKG_MATCH[@]}; do echo ${_p} | grep -v "^${_e}-.*"; done)" 181 | done 182 | 183 | # set to "quirks" if empty to prevent running pkg_add against an empty pkg list 184 | _OUTDATED=$((pkg_add -Iqn -Dnosig -Dunsigned ${_BP_MATCH:=quirks}; pkg_add -Iqnuz -Dnosig -Dunsigned ${_PKG_MATCH:=quirks}) 2>&1 | \ 185 | grep '^NOT CHECKING DIGITAL SIGNATURE FOR ' | \ 186 | sed -e 's,^NOT CHECKING DIGITAL SIGNATURE FOR ,,g' | \ 187 | grep -v '^quirks-' | \ 188 | perl -ne '/^(.*)-(\d[^-]*)[-]?(\w*)(.*)$/ && print "$1\n"' | \ 189 | sort -u) 190 | 191 | for p in ${_OUTDATED} 192 | do 193 | echo "--- ${p} ---\n" 194 | echo "Available update(s): " 195 | # XXX how do we print only the 1st matching range in awk? 196 | awk "/${p}<\/name>/,/<\/vuln>/" ${_TMPVUXML} | \ 197 | sed '/<\/vuln>/,$d' | \ 198 | sed -n -e 's/.*\(.*\)<\/lt><\/range>.*/\1/p' \ 199 | -e 's/.*

\(.*\)<\/p>.*/\1/p' | uniq | \ 200 | while read l; do echo -n "${l} "; done 201 | echo "\n" 202 | done | fmt | sed '/^$/d' 203 | } 204 | 205 | do_i_need_to_reboot() { 206 | # XXX hardcoded PKG_DBDIR 207 | local kern_bp_time=$(stat -qf "%Um" /var/db/pkg/binpatch${_REL_INT}-${_ARCH}-kernel-*) 208 | local wake_up=$(sysctl -n kern.boottime) 209 | 210 | if [ "${wake_up}" -lt "${kern_bp_time}" ]; then 211 | pr_err 212 | pr_err "System must be rebooted after the last kernel update" 213 | pr_err 214 | fi 215 | } 216 | 217 | trap "bye_bye" 1 2 3 13 15 218 | 219 | if [ "$(id -u)" -ne 0 ]; then 220 | pr_err "Need root privileges to run this script" 221 | usage 222 | fi 223 | 224 | if [ -f /etc/openup.conf ]; then 225 | if [ $(stat -f "%SMp%SLp" /etc/openup.conf) != "------" ]; then 226 | pr_err "Unsecure permissions on /etc/openup.conf; please run:" 227 | pr_err "chmod 0600 /etc/openup.conf" 228 | exit 1 229 | fi 230 | . /etc/openup.conf 231 | fi 232 | 233 | # regex taken from fw_update(1) 234 | set -A _REL -- $(sysctl -n kern.version | sed 's/^OpenBSD \([0-9]\.[0-9]\)\([^ ]*\).*/\1 \2/;q') 235 | _REL_INT="$(echo ${_REL[0]} | tr -d '.')" 236 | _OPENUP_MINREL=56 237 | _OPENUP_VERSION=21 238 | if [ -n "${_REL[1]}" -a "${_REL[1]}" != "-stable" ]; then _badrel=1; fi 239 | if [ "${_REL_INT}" -lt "${_OPENUP_MINREL}" ]; then _badrel=1; fi 240 | if [ -n "${_badrel}" ]; then 241 | pr_err "${_REL[0]}${_REL[1]} is not a supported release" 242 | exit 1 243 | fi 244 | 245 | # XXX5.6 drop when 5.6 is out of support 246 | if [ "${_REL_INT}" -ge 57 ]; then 247 | FETCH="ftp -MVo" 248 | fi 249 | 250 | while getopts 'KSc' arg; do 251 | case ${arg} in 252 | K) nokrn=1 ;; 253 | S) nosig=1; pkgopt="${pkgopt} -Dnosig -Dunsigned" ;; 254 | c) checkrun=1 ;; 255 | *) usage ;; 256 | esac 257 | done 258 | [ $# = $(($OPTIND-1)) ] || usage 259 | 260 | [ -n "${checkrun}" -a -n "${nosig}" ] && usage 261 | 262 | _ARCH=$(arch -s) 263 | _PID="/var/run/${0##*/}.pid" 264 | _TMP="${TMPDIR:=/tmp}" 265 | _TMPDIR=$(mktemp -dp ${_TMP} .openup-XXXXXXXXXX) || exit 1 266 | _TMPKEY="${_TMPDIR}/key" 267 | _TMPVUXML="${_TMPDIR}/vuxml" 268 | 269 | export PKG_PATH=${PKG_PATH_UPDATE_LTS}:${PKG_PATH_UPDATE}:${PKG_PATH_MAIN} 270 | 271 | if [ -f ${_PID} ]; then 272 | pr_err "openup is already running ($(cat ${_PID})):" 273 | pr_err "${_PID}" 274 | exit 1 275 | fi 276 | echo $$ >${_PID} 277 | 278 | if [ -n "${nokrn}" ]; then 279 | EXCLUDE_PKG="binpatch${_REL_INT}-${_ARCH}-kernel ${EXCLUDE_PKG}" 280 | fi 281 | if [ -n "${EXCLUDE_PKG}" ]; then 282 | pr "Excluded package(s)/binpatch(es): ${EXCLUDE_PKG}" 283 | fi 284 | 285 | check_openupd 286 | 287 | if [ "${checkrun}" ]; then 288 | check_vuxml 289 | else 290 | [ -z "${nosig}" ] && get_key 291 | rm_old_bp 292 | update_binpatches 293 | update_pkg 294 | fi 295 | 296 | do_i_need_to_reboot 297 | 298 | rm -rf ${_TMPDIR} 299 | rm ${_PID} 300 | -------------------------------------------------------------------------------- /plugins/repo/m-tier/init.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchor/pcib/c10e9e4bffd3dd22aba63be0d53c926f0e2f5445/plugins/repo/m-tier/init.sh -------------------------------------------------------------------------------- /plugins/repo/m-tier/tasks/00-check-m-tier-os.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | if [ "${OPTS[os]}" != openbsd ]; then 16 | fatal "m-tier not supported on ${OPTS[os]}" 17 | fi 18 | -------------------------------------------------------------------------------- /plugins/repo/m-tier/tasks/22-m-tier.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | cp "$(plugin_file repo/m-tier etc/signify/mtier-"$release"-pkg.pub)" "$TARGET"/etc/signify/ 16 | chmod 0644 "$TARGET"/etc/signify/mtier-"$release"-pkg.pub 17 | 18 | # M:Tier needs to be the first installpath entry, so that the updated 19 | # packages in M:Tier's repo have priority. 20 | sed 's/^installpath=/installpath+=/' <"$TARGET"/etc/pkg.conf >"$TARGET"/etc/.pkg.conf.tmp 21 | echo "installpath=https://stable.mtier.org/updates/${OPTS[release]}/${OPTS[arch]}" >"$TARGET"/etc/pkg.conf 22 | cat "$TARGET"/etc/.pkg.conf.tmp >>"$TARGET"/etc/pkg.conf 23 | rm -f "$TARGET"/etc/.pkg.conf.tmp 24 | -------------------------------------------------------------------------------- /plugins/repo/m-tier/tasks/23-openup.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | cp "$(plugin_file repo/m-tier usr/local/sbin/openup)" "$TARGET"/usr/local/sbin/ 16 | chmod 0755 "$TARGET"/usr/local/sbin/openup 17 | 18 | # openup doesn't use /etc/pkg.conf, so we need to configure this 19 | # separately. 20 | cat >"$TARGET"/etc/openup.conf <<-EOF 21 | PKG_PATH_MAIN=$(optval mirror)/$(optval release)/packages/$(optval arch) 22 | EOF 23 | chmod 0600 "$TARGET"/etc/openup.conf 24 | 25 | run_in_target openup | spin "Installing security updates from M:Tier" 26 | 27 | # M:Tier's kernel binpatch will link the SMP kernel as /bsd iff the 28 | # running system has multiple CPUs. But with an image build, the 29 | # running system isn't relevant to the kernel being installed. In order 30 | # to properly support an instance with any number of cores, make sure 31 | # /bsd is always SMP-capable. 32 | if [ -e "$TARGET"/bsd.mp ]; then 33 | mv -f "$TARGET"/bsd "$TARGET"/bsd.sp 34 | mv "$TARGET"/bsd.mp "$TARGET"/bsd 35 | fi 36 | -------------------------------------------------------------------------------- /plugins/repo/m-tier/tasks/69-openup.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | # This needs to come after all other rc.firsttime fragments, because 16 | # the reboot will halt rc.firsttime processing (and it won't get 17 | # sourced again on second boot). 18 | 19 | # FIXME: We should be able to reboot conditionally. It's safe to do so 20 | # unconditionally, since rc.firsttime is guaranteed not to be run 21 | # multiple times, but may be wasteful if there are no updates. 22 | # Unfortunately, openup provides no easy mechanism to determine if 23 | # there were updates. 24 | cat >>"$TARGET"/etc/rc.firsttime <<-'EOF' 25 | echo "installing updates from M:Tier" 26 | /usr/local/sbin/openup 27 | echo -n "rebooting... " 28 | reboot 29 | echo "failed!" 30 | exit 1 31 | EOF 32 | -------------------------------------------------------------------------------- /plugins/user/admin/init.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | user_admin_usage() { 16 | usage_section "Create an admin user" 17 | 18 | usage_description \ 19 | "Set up an admin user with full passwordless sudo." 20 | 21 | usage_option "admin-username" \ 22 | "Specify the username for the admin user. May be specified as a" \ 23 | "comma-separated list of usernames, in which case all listed" \ 24 | "users will be created. (default: admin)" 25 | 26 | usage_option "admin-authorized-keys" \ 27 | "Specify a filename to copy into the image as the admin user's" 28 | "authorized_keys file. May be specified as a comma-separated" \ 29 | "list of colon-separated key-value pairs, with keys" \ 30 | "corresponding to usernames and values corresponding to" \ 31 | "filenames. If multiple usernames are specified, but only one" \ 32 | "key file is provided, then that authorized_keys file is" \ 33 | "installed for all admin users." 34 | 35 | usage_option "admin-shells" \ 36 | "Specify a shell to use for the admin user. If a full path is" \ 37 | "given, all but the last component is ignored, and the basename" \ 38 | "looked up in /etc/shells on the target system. May be" \ 39 | "specified as a comma-separated list of colon-separated" \ 40 | "key-value pairs, interpreted as with admin-authorized-keys." \ 41 | "(default: sh)" 42 | } 43 | 44 | parseopt admin-username true admin 45 | admin_users="$(optval admin-username || :)" 46 | admin_users=(${admin_users//,/ }) 47 | 48 | parseopt admin-authorized-keys true 49 | admin_authorized_keys="$(optval admin-authorized-keys || :)" 50 | admin_authorized_keys=(${admin_authorized_keys//,/ }) 51 | 52 | parseopt admin-shells true 53 | -------------------------------------------------------------------------------- /plugins/user/admin/tasks/00-process-user-admin-args.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | admin_shells_="$(optval admin-shells || :)" 16 | admin_shells_=(sh ${admin_shells_//,/}) 17 | declare -A admin_shells 18 | set_admin_shell() { 19 | local user="$1" 20 | local shell="${2/*\//}" 21 | debug "Setting shell for $user to $shell" 22 | admin_shells["$user"]="$shell" 23 | } 24 | parse_admin_shells() { 25 | local IFS=, 26 | for s in "${admin_shells_[@]}"; do 27 | IFS=: read user shell <<<"$s" 28 | if [ -n "$shell" ]; then 29 | set_admin_shell "$user" "$shell" 30 | else 31 | shell="$user" 32 | for user in "${admin_users[@]}"; do 33 | set_admin_shell "$user" "$shell" 34 | done 35 | fi 36 | done 37 | } 38 | parse_admin_shells 39 | -------------------------------------------------------------------------------- /plugins/user/admin/tasks/40-configure-admin-user.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015 Anchor Systems Pty Ltd 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | install_ssh_key() { 16 | local user="$1" 17 | local key="$2" 18 | 19 | mkdir -p "$TARGET"/home/"$user"/.ssh 20 | cat "$key" >>"$TARGET"/home/"$user"/.ssh/authorized_keys 21 | run_in_target chown -R "$user": /home/"$user" 22 | } 23 | 24 | for user in "${admin_users[@]}"; do 25 | debug "Creating admin user $user with shell ${admin_shells["$user"]}" 26 | create_user "$user" "$user" "" "${admin_shells["$user"]}" 27 | grant_full_sudo "$user" 28 | done 29 | 30 | for key in "${admin_authorized_keys[@]}"; do 31 | IFS=':' read user key <<<"$key" 32 | if [ -n "$key" ]; then 33 | install_ssh_key "$user" "$key" 34 | else 35 | key="$user" 36 | for user in "${admin_users[@]}"; do 37 | install_ssh_key "$user" "$key" 38 | done 39 | fi 40 | done 41 | --------------------------------------------------------------------------------