├── bin ├── ec2-setup ├── ec2 │ ├── __init__.py │ ├── legacy │ │ ├── __init__.py │ │ ├── conf.py │ │ ├── ebs_publish.py │ │ ├── ebs_share.py │ │ ├── ec2_copy.py │ │ ├── utils.py │ │ └── ebs.py │ ├── conf.py │ ├── test.py │ ├── ebs_publish.py │ ├── ebs_share.py │ ├── ec2_copy.py │ ├── utils.py │ └── ebs.py ├── generate-release-deb ├── generate-manifest ├── aptconf-tag ├── rootfs-cleanup ├── signature-sign ├── upgrade-pkgs ├── aws-setup ├── publish-files ├── iso-download ├── img-download ├── openstack-setup ├── docker-bundle ├── img-publish ├── iso-verify ├── img-verify ├── vm-setup ├── build-tag ├── purge-pkgs ├── openstack-bundle-ami ├── update-pkgs ├── parse-appname-version ├── docker-qemu-bundle ├── img-release ├── generate-app-patch ├── iso-publish ├── clean ├── signature-verify ├── generate-signature ├── iso-release ├── docker-setup ├── openstack-bundle ├── clicksnap-setup └── generate-opennode-ovf ├── .gitignore ├── patches ├── canvas-18.0-bookworm-amd64 │ ├── overlay │ │ ├── etc │ │ │ ├── tmpfiles.d │ │ │ │ └── passenger.conf │ │ │ └── systemd │ │ │ │ └── system │ │ │ │ └── apache2.service.d │ │ │ │ └── override.conf │ │ └── usr │ │ │ └── lib │ │ │ └── inithooks │ │ │ └── bin │ │ │ └── canvas.py │ └── conf ├── headless │ ├── overlay │ │ ├── root │ │ │ └── .profile.d │ │ │ │ └── turnkey-init-fence │ │ └── usr │ │ │ └── lib │ │ │ ├── systemd │ │ │ └── system │ │ │ │ └── inithooks.service │ │ │ └── inithooks │ │ │ └── firstboot.d │ │ │ └── 29preseed │ └── conf ├── container │ ├── overlay │ │ ├── root │ │ │ └── .profile.d │ │ │ │ └── turnkey-init-fence │ │ └── usr │ │ │ └── lib │ │ │ └── inithooks │ │ │ └── firstboot.d │ │ │ └── 35postfix-unprivileged │ └── conf ├── otc │ ├── overlay │ │ └── etc │ │ │ ├── sudoers.d │ │ │ └── 90-cloud-init-users │ │ │ ├── apt │ │ │ └── sources.list.d │ │ │ │ └── sources.list │ │ │ └── cloud │ │ │ └── cloud.cfg │ └── conf ├── ec2 │ ├── overlay │ │ ├── var │ │ │ └── lib │ │ │ │ └── inithooks │ │ │ │ └── turnkey-init-fence │ │ │ │ └── htdocs │ │ │ │ ├── ec2-console.png │ │ │ │ ├── awsmpcredits.png │ │ │ │ ├── system-log-admin.png │ │ │ │ ├── turnkey-init-admin.png │ │ │ │ └── index.html │ │ ├── usr │ │ │ └── lib │ │ │ │ └── inithooks │ │ │ │ ├── firstboot.d │ │ │ │ ├── 97tklbam-restore │ │ │ │ ├── 28ec2-sudoadmin │ │ │ │ ├── 81hub-launched │ │ │ │ └── 25ec2-resizerootpart │ │ │ │ └── everyboot.d │ │ │ │ ├── 98finalize │ │ │ │ └── 25ec2-userdata-idchange │ │ └── etc │ │ │ └── fstab │ └── conf ├── vm │ ├── overlay │ │ └── etc │ │ │ └── kernel-img.conf │ └── conf ├── cloud │ ├── overlay │ │ ├── etc │ │ │ ├── rc.local │ │ │ └── event.d │ │ │ │ └── console │ │ └── usr │ │ │ └── lib │ │ │ └── inithooks │ │ │ ├── firstboot.d │ │ │ ├── 27ec2-mntbind-ephemeral │ │ │ ├── 70ec2-log-rootpass │ │ │ ├── 40ec2-sshkeys │ │ │ └── 25ec2-userdata │ │ │ └── everyboot.d │ │ │ └── 70ec2-log-sshfp │ └── conf ├── openstack │ ├── overlay │ │ ├── etc │ │ │ └── fstab │ │ ├── lib │ │ │ └── systemd │ │ │ │ └── system │ │ │ │ └── inithooks-openstack.service │ │ └── usr │ │ │ └── lib │ │ │ └── inithooks │ │ │ ├── everyboot.d │ │ │ └── 25ec2-userdata-idchange │ │ │ └── firstboot.d │ │ │ └── 26ec2-resizerootfs │ └── conf ├── xen │ ├── overlay │ │ ├── etc │ │ │ ├── fstab │ │ │ ├── event.d │ │ │ │ └── console │ │ │ └── grub.d │ │ │ │ └── 40_custom │ │ └── usr │ │ │ └── lib │ │ │ └── inithooks │ │ │ └── firstboot.d │ │ │ └── 30rootpass │ └── conf ├── apt-upgrade │ └── conf ├── ec2-pvmshim │ ├── conf │ └── overlay │ │ ├── usr │ │ └── lib │ │ │ └── inithooks │ │ │ └── firstboot.d │ │ │ └── 24ec2-pvmshim │ │ └── etc │ │ └── grub.d │ │ └── 40_custom ├── openstack-ami │ ├── overlay │ │ └── etc │ │ │ └── fstab │ └── conf ├── qemu │ ├── overlay │ │ └── usr │ │ │ └── lib │ │ │ ├── systemd │ │ │ └── system │ │ │ │ └── inithooks.service │ │ │ └── inithooks │ │ │ └── firstboot.d │ │ │ └── 29preseed │ └── conf ├── clean-old-kernels │ └── conf ├── docker │ ├── overlay │ │ └── usr │ │ │ ├── lib │ │ │ └── inithooks │ │ │ │ └── firstboot.d │ │ │ │ └── 70logger │ │ │ └── sbin │ │ │ └── start.sh │ └── conf ├── 17.0-bullseye-amd64 │ └── conf ├── tklupdates │ └── conf └── secupdates │ └── conf ├── config.example ├── aws.cfg ├── docker.cfg └── common.cfg ├── templates └── ovf-productinfo ├── tests ├── signature └── appname-version ├── contrib └── docker-ports.py ├── docs ├── setup └── testing ├── bt-optimized ├── bt-openstack-ami ├── bt-prepqemu ├── bt-iso-patched ├── bt-xen ├── bt-openstack ├── bt-otc ├── bt-qemu-docker ├── bt-container └── bt-vm /bin/ec2-setup: -------------------------------------------------------------------------------- 1 | aws-setup -------------------------------------------------------------------------------- /bin/ec2/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /bin/ec2/legacy/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.pyc 2 | config 3 | logs/* 4 | tmp/* 5 | -------------------------------------------------------------------------------- /patches/canvas-18.0-bookworm-amd64/overlay/etc/tmpfiles.d/passenger.conf: -------------------------------------------------------------------------------- 1 | d /run/passenger-instreg 0755 root root - 2 | -------------------------------------------------------------------------------- /bin/generate-release-deb: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | [[ -z "$BT_DEBUG" ]] || set -x 4 | 5 | /usr/share/fab/make-release-deb.py $@ 6 | -------------------------------------------------------------------------------- /config.example/aws.cfg: -------------------------------------------------------------------------------- 1 | export AWS_ACCESS_KEY_ID="..." 2 | export AWS_SECRET_ACCESS_KEY="..." 3 | export AWS_SESSION_TOKEN="..." 4 | -------------------------------------------------------------------------------- /patches/headless/overlay/root/.profile.d/turnkey-init-fence: -------------------------------------------------------------------------------- 1 | /usr/bin/dtach -A /root/.inithooks.dtach -Ez /bin/bash -c "turnkey-init --full-confconsole" 2 | -------------------------------------------------------------------------------- /patches/container/overlay/root/.profile.d/turnkey-init-fence: -------------------------------------------------------------------------------- 1 | /usr/bin/dtach -A /root/.inithooks.dtach -Ez /bin/bash -c "TERM=xterm; turnkey-init --full-confconsole" 2 | -------------------------------------------------------------------------------- /config.example/docker.cfg: -------------------------------------------------------------------------------- 1 | # Docker Hub credentials - to upload docker container 2 | export BT_DOCKER_NAME="..." 3 | export BT_DOCKER_USER="..." 4 | export BT_DOCKER_PASS="..." 5 | export BT_DOCKER_MAIL="..." 6 | -------------------------------------------------------------------------------- /patches/otc/overlay/etc/sudoers.d/90-cloud-init-users: -------------------------------------------------------------------------------- 1 | # Created by cloud-init v. 18.3-0-g108452bf-1~bddeb on Tue, 06 Nov 2018 11:17:38 +0000 2 | 3 | # User rules for linux 4 | linux ALL=(ALL) NOPASSWD:ALL 5 | -------------------------------------------------------------------------------- /patches/ec2/overlay/var/lib/inithooks/turnkey-init-fence/htdocs/ec2-console.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/turnkeylinux/buildtasks/HEAD/patches/ec2/overlay/var/lib/inithooks/turnkey-init-fence/htdocs/ec2-console.png -------------------------------------------------------------------------------- /patches/ec2/overlay/var/lib/inithooks/turnkey-init-fence/htdocs/awsmpcredits.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/turnkeylinux/buildtasks/HEAD/patches/ec2/overlay/var/lib/inithooks/turnkey-init-fence/htdocs/awsmpcredits.png -------------------------------------------------------------------------------- /patches/ec2/overlay/var/lib/inithooks/turnkey-init-fence/htdocs/system-log-admin.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/turnkeylinux/buildtasks/HEAD/patches/ec2/overlay/var/lib/inithooks/turnkey-init-fence/htdocs/system-log-admin.png -------------------------------------------------------------------------------- /patches/ec2/overlay/var/lib/inithooks/turnkey-init-fence/htdocs/turnkey-init-admin.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/turnkeylinux/buildtasks/HEAD/patches/ec2/overlay/var/lib/inithooks/turnkey-init-fence/htdocs/turnkey-init-admin.png -------------------------------------------------------------------------------- /patches/vm/overlay/etc/kernel-img.conf: -------------------------------------------------------------------------------- 1 | do_symlinks = yes 2 | relative_links = yes 3 | do_bootfloppy = no 4 | do_initrd = yes 5 | link_in_boot = no 6 | postinst_hook = /usr/sbin/update-grub 7 | postrm_hook = /usr/sbin/update-grub 8 | do_bootloader = no 9 | -------------------------------------------------------------------------------- /patches/otc/overlay/etc/apt/sources.list.d/sources.list: -------------------------------------------------------------------------------- 1 | deb http://archive.turnkeylinux.org/debian stretch main 2 | 3 | deb http://deb.debian.org/debian stretch main multiverse 4 | deb http://deb.debian.org/debian stretch contrib 5 | deb http://deb.debian.org/debian stretch non-free 6 | -------------------------------------------------------------------------------- /patches/cloud/overlay/etc/rc.local: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # 3 | # This script is executed at the end of each multiuser runlevel. 4 | # Make sure that the script will "exit 0" on success or any other 5 | # value on error. 6 | 7 | [ -d /etc/rc.local.d ] && run-parts /etc/rc.local.d 8 | 9 | exit 0 10 | -------------------------------------------------------------------------------- /patches/openstack/overlay/etc/fstab: -------------------------------------------------------------------------------- 1 | # /etc/fstab: static file system information. 2 | # 3 | proc /proc proc nodev,noexec,nosuid 0 0 4 | LABEL=root / ext4 discard 0 0 5 | -------------------------------------------------------------------------------- /patches/ec2/overlay/usr/lib/inithooks/firstboot.d/97tklbam-restore: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | [ -n "$_TURNKEY_INIT" ] && exit 0 4 | 5 | . /etc/default/inithooks 6 | [ -e $INITHOOKS_CONF ] && . $INITHOOKS_CONF 7 | 8 | [ -z $RESTORE_BACKUPID ] && exit 0 9 | 10 | hubclient-status tklbam-restore 11 | tklbam-restore --noninteractive $RESTORE_BACKUPID 12 | 13 | -------------------------------------------------------------------------------- /patches/xen/overlay/etc/fstab: -------------------------------------------------------------------------------- 1 | # /etc/fstab: static file system information. 2 | # 3 | proc /proc proc defaults 0 0 4 | /dev/xvda1 / ext4 relatime,errors=remount-ro 0 1 5 | /dev/xvda2 none swap sw 0 0 6 | 7 | -------------------------------------------------------------------------------- /patches/xen/overlay/usr/lib/inithooks/firstboot.d/30rootpass: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # set root password (unless already set OOB) 3 | 4 | . /etc/default/inithooks 5 | 6 | if grep -qs ^root:U6aMy0wojraho /etc/shadow; then 7 | [ -e $INITHOOKS_CONF ] && . $INITHOOKS_CONF 8 | $INITHOOKS_PATH/bin/setpass.py root --pass="$ROOT_PASS" 9 | fi 10 | 11 | exit 0 12 | 13 | -------------------------------------------------------------------------------- /patches/apt-upgrade/conf: -------------------------------------------------------------------------------- 1 | #!/bin/bash -ex 2 | 3 | export DEBIAN_FRONTEND=noninteractive 4 | 5 | list_file="/var/lib/apt/lists/archive.turnkeylinux.org_debian_dists_*" 6 | [[ -n "$list_file" ]] || apt-get update 7 | 8 | apt-get upgrade \ 9 | --autoremove --with-new-pkgs -y \ 10 | -o DPkg::Options::=--force-confdef \ 11 | -o DPkg::Options::=--force-confold 12 | -------------------------------------------------------------------------------- /patches/ec2/overlay/usr/lib/inithooks/firstboot.d/28ec2-sudoadmin: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | [ -n "$_TURNKEY_INIT" ] && exit 0 4 | 5 | if grep -q SERVERID= /var/lib/hubclient/server.conf >/dev/null 2>&1; then 6 | # hub launch, disable sudoadmin 7 | sed -i "s/^SUDOADMIN=.*/SUDOADMIN=false/" /etc/default/inithooks 8 | else 9 | # non-hub launch 10 | exit 0 11 | fi 12 | 13 | -------------------------------------------------------------------------------- /patches/ec2-pvmshim/conf: -------------------------------------------------------------------------------- 1 | #!/bin/bash -ex 2 | 3 | # create grub config for pvgrub 4 | chmod -x /etc/grub.d/??_* 5 | chmod +x /etc/grub.d/40_custom 6 | grub-mkconfig -o /boot/grub/menu.lst 7 | 8 | # disable pvgrub, ebs-bundle will handle grub config for hvm 9 | # inithooks/firstboot.d/??ec2-pvmshim will revert if pvm 10 | chmod +x /etc/grub.d/??_* 11 | chmod -x /etc/grub.d/40_custom 12 | -------------------------------------------------------------------------------- /patches/canvas-18.0-bookworm-amd64/overlay/etc/systemd/system/apache2.service.d/override.conf: -------------------------------------------------------------------------------- 1 | [Service] 2 | # Disable Apache private temp so the detailed passenger error html files are 3 | # saved directly to the root of /tmp - otherwise they are saved to 4 | # /tmp/systemd-private-xxx.xxx-apache2.service-XXXXXX/tmp/passenger-error-xxxxx.html 5 | # making them hard to find for the uninitiated 6 | PrivateTmp=false 7 | -------------------------------------------------------------------------------- /patches/openstack-ami/overlay/etc/fstab: -------------------------------------------------------------------------------- 1 | # /etc/fstab: static file system information. 2 | # 3 | proc /proc proc nodev,noexec,nosuid 0 0 4 | /dev/vda / ext4 defaults 0 0 5 | /dev/vdb /mnt auto defaults 0 0 6 | 7 | -------------------------------------------------------------------------------- /patches/cloud/overlay/usr/lib/inithooks/firstboot.d/27ec2-mntbind-ephemeral: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # mount bind various directories to ephemeral storage 3 | 4 | DIRS="/tmp /var/cache/tklbam" 5 | 6 | for dir in $DIRS; do 7 | # skip if already mounted 8 | findmnt -l $dir >/dev/null && continue 9 | mkdir -p /mnt$dir 10 | rsync -aq $dir/ /mnt$dir 11 | mount --bind /mnt$dir $dir 12 | done 13 | 14 | -------------------------------------------------------------------------------- /patches/ec2/overlay/usr/lib/inithooks/firstboot.d/81hub-launched: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | aptconf_tag() { 4 | grep -q $1 /etc/apt/apt.conf.d/01turnkey && return 5 | sed -i "s|turnkey-\(.*\))|turnkey-\1 $1)|" /etc/apt/apt.conf.d/01turnkey 6 | } 7 | 8 | grep SERVERID= /var/lib/hubclient/server.conf -q -s && aptconf_tag hub 9 | [ "$(ec2metadata --product-codes)" == "unavailable" ] || aptconf_tag mp 10 | 11 | exit 0 12 | 13 | -------------------------------------------------------------------------------- /templates/ovf-productinfo: -------------------------------------------------------------------------------- 1 | 2 | TurnKey Linux virtual appliance 3 | TurnKey - @@APP@@ 4 | TurnKey GNU/Linux 5 | @@VERSION@@ 6 | @@FULL_VERSION@@ 7 | @@URL@@ 8 | https://www.turnkeylinux.org/ 9 | 10 | -------------------------------------------------------------------------------- /patches/ec2/overlay/etc/fstab: -------------------------------------------------------------------------------- 1 | # /etc/fstab: static file system information. 2 | # 3 | proc /proc proc defaults 0 0 4 | /dev/xvda2 / ext4 defaults 0 0 5 | 6 | ## swap volume - disabled by default (requires additional volume to be attached) 7 | #/dev/xvdb none swap sw,nofail 0 0 8 | -------------------------------------------------------------------------------- /patches/ec2/overlay/usr/lib/inithooks/everyboot.d/98finalize: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | INITHOOKS_DEFAULT=/etc/default/inithooks 4 | . $INITHOOKS_DEFAULT 5 | 6 | # if registered with hub, update with status and sshfp for user verification 7 | if grep SERVERID= /var/lib/hubclient/server.conf -q -s; then 8 | sshfp="$($INITHOOKS_PATH/everyboot.d/70ec2-log-sshfp | grep :)" 9 | hubclient-status inithooks-finalized "$sshfp" 10 | fi 11 | 12 | exit 0 13 | 14 | -------------------------------------------------------------------------------- /patches/xen/overlay/etc/event.d/console: -------------------------------------------------------------------------------- 1 | # console - getty 2 | # 3 | # This service maintains a getty on console from the point the system is 4 | # started until it is shut down again. 5 | # 6 | # Added for extra xen happiness 7 | # 8 | 9 | start on stopped rc2 10 | start on stopped rc3 11 | start on stopped rc4 12 | start on stopped rc5 13 | 14 | stop on runlevel 0 15 | stop on runlevel 1 16 | stop on runlevel 6 17 | 18 | respawn 19 | exec /sbin/getty 38400 console 20 | -------------------------------------------------------------------------------- /patches/cloud/overlay/etc/event.d/console: -------------------------------------------------------------------------------- 1 | # console - getty 2 | # 3 | # This service maintains a getty on console from the point the system is 4 | # started until it is shut down again. 5 | # 6 | # Added for extra xen happiness 7 | # 8 | 9 | start on stopped rc2 10 | start on stopped rc3 11 | start on stopped rc4 12 | start on stopped rc5 13 | 14 | stop on runlevel 0 15 | stop on runlevel 1 16 | stop on runlevel 6 17 | 18 | respawn 19 | exec /sbin/getty 38400 console 20 | -------------------------------------------------------------------------------- /patches/cloud/overlay/usr/lib/inithooks/everyboot.d/70ec2-log-sshfp: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Display ssh fingerprints in console log to allow user verification 4 | echo 5 | echo "############################# [ SSH FINGERPRINTS ] ###############################" 6 | echo 7 | 8 | for hostkey in /etc/ssh/ssh_host_*.pub; 9 | do ssh-keygen -l -f $hostkey; 10 | done 11 | 12 | echo 13 | echo "##################################################################################" 14 | echo 15 | -------------------------------------------------------------------------------- /patches/qemu/overlay/usr/lib/systemd/system/inithooks.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=inithooks: firstboot and everyboot initialization scripts 3 | Before=getty@tty1.service 4 | ConditionKernelCommandLine=!noinithooks 5 | 6 | [Service] 7 | Type=oneshot 8 | EnvironmentFile=/etc/default/inithooks 9 | ExecStart=/bin/sh -c '${INITHOOKS_PATH}/run' 10 | StandardOutput=journal+console 11 | StandardError=journal+console 12 | SyslogIdentifier=inithooks 13 | 14 | [Install] 15 | WantedBy=basic.target 16 | -------------------------------------------------------------------------------- /patches/qemu/conf: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | apt-get update 4 | DEBIAN_FRONTEND=noninteractive apt-get -y \ 5 | -o DPkg::Options::=--force-confdef \ 6 | -o DPkg::Options::=--force-confold \ 7 | install dtach inithooks 8 | 9 | rm -f /root/.bashrc.d/confconsole-auto 10 | rm -f /root/.profile.d/turnkey-init-fence 11 | 12 | apt-mark hold linux-image-arm64 13 | 14 | sed -i '/REDIRECT_OUTPUT/ s/=.*/=true/g' /etc/default/inithooks 15 | 16 | echo "hostmnt /mnt 9p trans=virtio,rw,_netdev 0 0" >> /etc/fstab 17 | -------------------------------------------------------------------------------- /patches/headless/conf: -------------------------------------------------------------------------------- 1 | #!/bin/bash -ex 2 | # Author: Anton Pyrogovskyi (c) 2015 3 | 4 | apt-get update 5 | DEBIAN_FRONTEND=noninteractive apt-get -y \ 6 | -o DPkg::Options::=--force-confdef \ 7 | -o DPkg::Options::=--force-confold \ 8 | install dtach inithooks 9 | 10 | # init fence now launches confconsole with full options, so autolaunch not 11 | # required, or desired. 12 | confconsole_auto='/root/.bashrc.d/confconsole-auto' 13 | [[ -x "$confconsole_auto" ]] && chmod -x "$confconsole_auto" 14 | -------------------------------------------------------------------------------- /patches/canvas-18.0-bookworm-amd64/conf: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | a2dismod evasive 4 | 5 | passenger_conf=/etc/apache2/mods-available/passenger.conf 6 | sed -i "/^PassengerStartTimeout/ s| .*| 360|" "$passenger_conf" 7 | echo "PassengerInstanceRegistryDir /run/passenger-instreg" >> "$passenger_conf" 8 | 9 | conf_dir=/var/www/canvas/config 10 | sed -i "/worker_max_memory_usage:/ s|:.*|:1073741824|" "$conf_dir/delayed_jobs.yml" 11 | sed -i "/lti_iss:/ S|:.*|: \"https://www.example.com\"" "$conf_dir/security.yml" 12 | 13 | py3clean / 14 | yarn cache clean 15 | -------------------------------------------------------------------------------- /patches/clean-old-kernels/conf: -------------------------------------------------------------------------------- 1 | #!/bin/bash -ex 2 | 3 | export DEBIAN_FRONTEND=noninteractive 4 | 5 | old_kernels=() 6 | installed_kernels=$(dpkg -l | grep '^ii *linux-image-[0-9]' | awk '{print $2}') 7 | current_vmlinuz=$(find / -maxdepth 1 -name 'vmlinuz' -exec readlink {} \;) 8 | current_kernel="linux-image-${current_vmlinuz#boot/vmlinuz-}" 9 | for kernel in $installed_kernels; do 10 | if [[ "$kernel" == "$current_kernel" ]]; then 11 | continue 12 | else 13 | old_kernels+=("$kernel") 14 | fi 15 | done 16 | 17 | apt-get -y purge "${old_kernels[@]}" || true 18 | -------------------------------------------------------------------------------- /patches/ec2-pvmshim/overlay/usr/lib/inithooks/firstboot.d/24ec2-pvmshim: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | [ -n "$_TURNKEY_INIT" ] && exit 0 4 | 5 | aptconf_tag() { 6 | grep -q $1 /etc/apt/apt.conf.d/01turnkey && return 7 | sed -i "s|turnkey-\(.*\))|turnkey-\1 $1)|" /etc/apt/apt.conf.d/01turnkey 8 | } 9 | 10 | if ec2metadata --kernel-id |grep -q aki; then 11 | chmod -x /etc/grub.d/??_* 12 | chmod +x /etc/grub.d/40_custom 13 | aptconf_tag pvm 14 | else 15 | chmod +x /etc/grub.d/??_* 16 | chmod -x /etc/grub.d/40_custom 17 | aptconf_tag hvm 18 | fi 19 | 20 | exit 0 21 | -------------------------------------------------------------------------------- /patches/openstack/overlay/lib/systemd/system/inithooks-openstack.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=inithooks-openstack: firstboot and everyboot initialization scripts (openstack) 3 | Before=getty@tty1.service 4 | ConditionKernelCommandLine=!noinithooks 5 | ConditionPathExists=/var/lib/turnkey-info/inithooks.service/openstack 6 | 7 | [Service] 8 | Type=oneshot 9 | EnvironmentFile=/etc/default/inithooks 10 | ExecStart=/bin/sh -c '${INITHOOKS_PATH}/run' 11 | StandardOutput=syslog+console 12 | StandardError=syslog+console 13 | SyslogIdentifier=inithooks 14 | 15 | [Install] 16 | WantedBy=basic.target 17 | -------------------------------------------------------------------------------- /patches/qemu/overlay/usr/lib/inithooks/firstboot.d/29preseed: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # generic preseeding of inithooks.conf if it doesn't exist 3 | 4 | [[ -n "$_TURNKEY_INIT" ]] && exit 0 5 | 6 | [[ -e "$INITHOOKS_CONF" ]] && exit 0 7 | 8 | MASTERPASS=root 9 | 10 | cat>$INITHOOKS_CONF<> /etc/modules 16 | 17 | # workaround https://github.com/turnkeylinux/tracker/issues/1340 18 | # proper fix is in confconsole package 19 | systemctl enable inithooks-openstack.service 20 | -------------------------------------------------------------------------------- /patches/vm/conf: -------------------------------------------------------------------------------- 1 | #!/bin/bash -ex 2 | 3 | warn() { echo "[WARN] $0 $@" >2 ; } 4 | 5 | install() { 6 | apt-get update || warn "'apt update' non zero exit code ($?) - continuing anyway..." 7 | DEBIAN_FRONTEND=noninteractive apt-get -y \ 8 | -o DPkg::Options::=--force-confdef \ 9 | -o DPkg::Options::=--force-confold \ 10 | install $@ 11 | } 12 | 13 | # install open-vm-tools and modules 14 | install open-vm-tools 15 | service open-vm-tools stop || true 16 | 17 | # disable udev persistent net generation 18 | echo -n > /etc/udev/rules.d/70-persistent-net.rules 19 | echo -n > /lib/udev/rules.d/75-persistent-net-generator.rules 20 | 21 | -------------------------------------------------------------------------------- /patches/docker/overlay/usr/lib/inithooks/firstboot.d/70logger: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | [ -e $INITHOOKS_CONF ] && . $INITHOOKS_CONF 4 | 5 | # Display ssh fingerprints in console log to allow user verification 6 | # Display root password just incase user can't use ssh key to login 7 | echo 8 | echo "################################## [ LOGIN DETAILS ] ###################################" 9 | echo 10 | echo " Random initial root password: $ROOT_PASS" 11 | echo 12 | ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub 13 | ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub 14 | echo 15 | echo "########################################################################################" 16 | echo 17 | -------------------------------------------------------------------------------- /bin/ec2/conf.py: -------------------------------------------------------------------------------- 1 | LOG_LEVEL = 'DEBUG' 2 | 3 | KERNELS = { 4 | # http://go.alonswartz.org/aws-kernels (pv-grub-hd00_1.04) 5 | 'us-east-1': {'amd64': 'aki-499ccb20', 'i386': 'aki-659ccb0c'}, 6 | 'us-west-1': {'amd64': 'aki-920531d7', 'i386': 'aki-960531d3'}, 7 | 'us-west-2': {'amd64': 'aki-e28f11d2', 'i386': 'aki-e68f11d6'}, 8 | 'sa-east-1': {'amd64': 'aki-5153f44c', 'i386': 'aki-5753f44a'}, 9 | 'eu-west-1': {'amd64': 'aki-58a3452f', 'i386': 'aki-5ea34529'}, 10 | 'ap-southeast-1': {'amd64': 'aki-563e7404', 'i386': 'aki-5e3e740c'}, 11 | 'ap-southeast-2': {'amd64': 'aki-3b1d8001', 'i386': 'aki-c162fffb'}, 12 | 'ap-northeast-1': {'amd64': 'aki-196bf518', 'i386': 'aki-1f6bf51e'}, 13 | } 14 | -------------------------------------------------------------------------------- /bin/ec2/test.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | 3 | """Quick and dirty test to check that all files import cleanly.""" 4 | 5 | import importlib 6 | import sys 7 | 8 | modules = ['conf', 'ebs', 'ebs_bundle', 'ebs_publish', 'ebs_register', 9 | 'ebs_share', 'ec2_copy', 'utils'] 10 | 11 | for module in modules: 12 | print(f'testing import of {module}') 13 | temp_module = importlib.import_module(module) 14 | callables = [] 15 | for item in dir(temp_module): 16 | if not item.startswith('__'): 17 | callables.append(item) 18 | print(f'callables: {callables}') 19 | # now deport module 20 | print('removing...') 21 | del sys.modules[module] 22 | del temp_module 23 | -------------------------------------------------------------------------------- /patches/container/overlay/usr/lib/inithooks/firstboot.d/35postfix-unprivileged: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # remove read/write access to /var/spool/postfix/dev/{u,random} 3 | # as well as prevents it from being recreated 4 | 5 | appname="$(turnkey-version | sed 's/^turnkey-\(.*\)-[0-9]\+.[0-9]\+-.*-amd64/\1/g')" 6 | if [[ "$appname" != "openldap" ]]; then 7 | rm -rf /var/spool/postfix/dev/{u,}random 8 | touch /var/spool/postfix/dev/{u,}random 9 | chown root:root /var/spool/postfix/dev/{u,}random 10 | chmod 000 /var/spool/postfix/dev/{u,}random 11 | chattr +i /var/spool/postfix/dev/{u,}random 12 | fi 13 | 14 | service postfix restart 15 | 16 | chmod -x /usr/lib/inithooks/firstboot.d/35postfix-unprivileged 17 | -------------------------------------------------------------------------------- /patches/otc/conf: -------------------------------------------------------------------------------- 1 | #!/bin/bash -ex 2 | 3 | install() { 4 | apt-get update 5 | DEBIAN_FRONTEND=noninteractive apt-get -y \ 6 | -o DPkg::Options::=--force-confdef \ 7 | -o DPkg::Options::=--force-confold \ 8 | install $@ 9 | } 10 | 11 | echo "OTC: installing cloud-init package" 12 | apt-get update 13 | DEBIAN_FRONTEND=noninteractive apt-get -y -o DPkg::Options::=--force-confdef \ 14 | -o DPkg::Options::=--force-confold -o DPkg::Options::=--force-overwrite \ 15 | install cloud-init 16 | 17 | DEBIAN_FRONTEND=noninteractive apt-get -y -o DPkg::Options::=--force-confdef \ 18 | -o DPkg::Options::=--force-confold -o DPkg::Options::=--force-overwrite \ 19 | install sudo 20 | 21 | 22 | 23 | -------------------------------------------------------------------------------- /bin/ec2/legacy/conf.py: -------------------------------------------------------------------------------- 1 | LOG_LEVEL = 'DEBUG' 2 | 3 | KERNELS = { 4 | # http://go.alonswartz.org/aws-kernels (pv-grub-hd00_1.04) 5 | 'us-east-1': {'amd64': 'aki-499ccb20', 'i386': 'aki-659ccb0c'}, 6 | 'us-west-1': {'amd64': 'aki-920531d7', 'i386': 'aki-960531d3'}, 7 | 'us-west-2': {'amd64': 'aki-e28f11d2', 'i386': 'aki-e68f11d6'}, 8 | 'sa-east-1': {'amd64': 'aki-5153f44c', 'i386': 'aki-5753f44a'}, 9 | 'eu-west-1': {'amd64': 'aki-58a3452f', 'i386': 'aki-5ea34529'}, 10 | 'ap-southeast-1': {'amd64': 'aki-563e7404', 'i386': 'aki-5e3e740c'}, 11 | 'ap-southeast-2': {'amd64': 'aki-3b1d8001', 'i386': 'aki-c162fffb'}, 12 | 'ap-northeast-1': {'amd64': 'aki-196bf518', 'i386': 'aki-1f6bf51e'}, 13 | } 14 | 15 | -------------------------------------------------------------------------------- /patches/ec2/overlay/usr/lib/inithooks/firstboot.d/25ec2-resizerootpart: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # grow root partition and filesystem 3 | 4 | [[ -n "$_TURNKEY_INIT" ]] && exit 0 5 | 6 | ROOT_PART="$(findfs PARTLABEL=rootfs)" 7 | ROOT_DEV="$(lsblk -pno PKNAME "$ROOT_PART")" 8 | 9 | ROOT_PART_NUM="${ROOT_PART/#${ROOT_DEV}}" 10 | ROOT_PART_NUM="${ROOT_PART_NUM/p}" 11 | 12 | echo "Checking if root partition #$ROOT_PART_NUM ($ROOT_PART) on $ROOT_DEV can be grown..." 13 | if growpart -N "$ROOT_DEV" "$ROOT_PART_NUM"; then 14 | echo "Growing root partition #$ROOT_PART_NUM ($ROOT_PART) on $ROOT_DEV..." 15 | growpart "$ROOT_DEV" "$ROOT_PART_NUM" 16 | 17 | echo "Growing root FS on $ROOT_PART..." 18 | resize2fs "$ROOT_PART" 19 | fi 20 | -------------------------------------------------------------------------------- /patches/17.0-bullseye-amd64/conf: -------------------------------------------------------------------------------- 1 | #!/bin/bash -ex 2 | 3 | export DEBIAN_FRONTEND=noninteractive 4 | _apt() { 5 | opts="-o DPkg::Options::=--force-confdef -o DPkg::Options::=--force-confold" 6 | cmd=$1 7 | shift 8 | case $cmd in 9 | install) args="-y $opts";; 10 | reinstall) cmd=install 11 | args="--reinstall -y $opts";; 12 | remove) args="-y";; 13 | esac 14 | apt-get $cmd $args "$@" 15 | } 16 | 17 | list_file=/var/lib/apt/lists/archive.turnkeylinux.org_debian_dists_bullseye_Release 18 | [[ -f "$list_file" ]] || apt-get update 19 | 20 | _apt remove live-tools 21 | _apt reinstall initramfs-tools 22 | # di-live was also removed above and will reinstall live-tools 23 | _apt install di-live 24 | -------------------------------------------------------------------------------- /patches/xen/conf: -------------------------------------------------------------------------------- 1 | #!/bin/bash -ex 2 | 3 | # grub tweaks 4 | cur=$(grep GRUB_CMDLINE_LINUX_DEFAULT /etc/default/grub | sed "s/.*=\"\(.*\)\"/\1/") 5 | new=$(echo "$cur xencons=hvc0 console=hvc0" | sed "s/^ *//g") 6 | sed -i "/GRUB_CMDLINE_LINUX_DEFAULT=/ s/=.*/=\"$new\"/" /etc/default/grub 7 | 8 | sed -i "/GRUB_HIDDEN_TIMEOUT=/ s/=.*/=true/" /etc/default/grub 9 | sed -i "/GRUB_TIMEOUT=/ s/=.*/=0/" /etc/default/grub 10 | 11 | chmod -x /etc/grub.d/* 12 | chmod +x /etc/grub.d/40_custom 13 | update-grub 14 | ln -sf /boot/grub/grub.cfg /boot/grub/menu.lst 15 | 16 | # disable confconsole init script 17 | update-rc.d -f confconsole disable 18 | 19 | # redirect inithook output (preseeded headless deployment) 20 | sed -i '/REDIRECT_OUTPUT/ s/=.*/=true/g' /etc/default/inithooks 21 | 22 | -------------------------------------------------------------------------------- /patches/tklupdates/conf: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | update_repo() { 4 | apt-get update -o Dir::Etc::sourcelist="sources.list.d/$1.list" \ 5 | -o Dir::Etc::sourceparts="-" -o APT::Get::List-Cleanup="0" 6 | } 7 | 8 | TMP_SOURCE=/etc/apt/sources.list.d/turnkey.list 9 | cat > $TMP_SOURCE <$invokercd<<'EOF' 6 | #!/bin/sh 7 | exit 0 8 | EOF 9 | chmod +x $invokercd 10 | 11 | trap "rm $invokercd; dpkg-divert --local --rename --remove $invokercd" INT TERM EXIT 12 | 13 | for actionfile in /etc/cron-apt/action.d/*; do 14 | while read aptcmd; do 15 | aptcmd=$(echo $aptcmd | sed "s|-q||") 16 | aptcmd=$(echo $aptcmd | sed "s|-o quiet=.*||") 17 | DEBIAN_FRONTEND=noninteractive apt-get $aptcmd 18 | done < $actionfile 19 | done 20 | 21 | INSTALLED=$(dpkg-query --showformat='${Package} ${Status}\n' -W 'linux-image-[0-9].*' | grep "ok installed" | sed 's/ .*//') 22 | CURRENT=$(ls -l /vmlinuz | awk '{print $11}' | sed 's|boot/vmlinuz-|linux-image-|') 23 | for KERNEL in $INSTALLED; do 24 | [ "$KERNEL" == "$CURRENT" ] && continue 25 | DEBIAN_FRONTEND=noninteractive apt-get -y purge $KERNEL 26 | done 27 | -------------------------------------------------------------------------------- /patches/ec2/overlay/usr/lib/inithooks/everyboot.d/25ec2-userdata-idchange: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # process userdata if instance id has changed (ie. snapshot launch) 3 | 4 | . /etc/default/inithooks 5 | 6 | EC2_METADATA_CACHE=/var/lib/ec2metadata 7 | 8 | set_instanceid_fs() { 9 | mkdir -p $EC2_METADATA_CACHE 10 | echo $1 > $EC2_METADATA_CACHE/instance-id 11 | } 12 | 13 | get_instanceid_fs() { 14 | if [ -e $EC2_METADATA_CACHE/instance-id ]; then 15 | cat $EC2_METADATA_CACHE/instance-id 16 | fi 17 | } 18 | 19 | get_instanceid_md() { 20 | /usr/bin/ec2metadata --instance-id 21 | } 22 | 23 | INSTANCEID_FS=$(get_instanceid_fs) 24 | INSTANCEID_MD=$(get_instanceid_md) 25 | 26 | if [ "$INSTANCEID_FS" ]; then 27 | if [ "$INSTANCEID_FS" != "$INSTANCEID_MD" ]; then 28 | set_instanceid_fs $INSTANCEID_MD 29 | $INITHOOKS_PATH/firstboot.d/25ec2-userdata 30 | fi 31 | else 32 | set_instanceid_fs $INSTANCEID_MD 33 | fi 34 | 35 | exit 0 36 | 37 | -------------------------------------------------------------------------------- /patches/openstack/overlay/usr/lib/inithooks/everyboot.d/25ec2-userdata-idchange: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # process userdata if instance id has changed (ie. snapshot launch) 3 | 4 | . /etc/default/inithooks 5 | 6 | EC2_METADATA_CACHE=/var/lib/ec2metadata 7 | 8 | set_instanceid_fs() { 9 | mkdir -p $EC2_METADATA_CACHE 10 | echo $1 > $EC2_METADATA_CACHE/instance-id 11 | } 12 | 13 | get_instanceid_fs() { 14 | if [ -e $EC2_METADATA_CACHE/instance-id ]; then 15 | cat $EC2_METADATA_CACHE/instance-id 16 | fi 17 | } 18 | 19 | get_instanceid_md() { 20 | /usr/bin/ec2metadata --instance-id 21 | } 22 | 23 | INSTANCEID_FS=$(get_instanceid_fs) 24 | INSTANCEID_MD=$(get_instanceid_md) 25 | 26 | if [ "$INSTANCEID_FS" ]; then 27 | if [ "$INSTANCEID_FS" != "$INSTANCEID_MD" ]; then 28 | set_instanceid_fs $INSTANCEID_MD 29 | $INITHOOKS_PATH/firstboot.d/25ec2-userdata 30 | fi 31 | else 32 | set_instanceid_fs $INSTANCEID_MD 33 | fi 34 | 35 | exit 0 36 | 37 | -------------------------------------------------------------------------------- /patches/docker/overlay/usr/sbin/start.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # not recommended, useful for testing though... 4 | if [ -n "$SEC_UPDATES" ]; then 5 | PRESEED=/usr/lib/inithooks/firstboot.d/29preseed 6 | sed -i "s|SEC_UPDATES=.*|SEC_UPDATES=$SEC_UPDATES|" $PRESEED 7 | fi 8 | 9 | run-parts -a start /etc/rc2.d 10 | trap "run-parts -a stop /etc/rc2.d" INT TERM EXIT 11 | 12 | turnkey-sysinfo 13 | 14 | if [ -x /root/.profile.d/turnkey-init-fence ]; then 15 | cat<&2; exit 1; } 13 | info() { echo "INFO [$(basename $0)]: $@"; } 14 | 15 | usage() { 16 | cat< 3 | 4 | import os 5 | import sys 6 | 7 | if '_TURNKEY_INIT' in os.environ: 8 | sys.exit(0) 9 | 10 | import pwd 11 | import ec2metadata 12 | 13 | USERNAME = 'root' 14 | 15 | 16 | def authorize_sshkeys(keys, username): 17 | pw = pwd.getpwnam(username) 18 | sshdir = os.path.join(pw.pw_dir, '.ssh') 19 | authorized_keys = os.path.join(sshdir, 'authorized_keys') 20 | 21 | if not os.path.exists(sshdir): 22 | os.makedirs(sshdir) 23 | os.chmod(sshdir, 0o700) 24 | os.chown(sshdir, pw.pw_uid, pw.pw_gid) 25 | 26 | with open(authorized_keys, 'a') as fob: 27 | fob.write(''.join(['%s\n' % key for key in keys])) 28 | os.chown(authorized_keys, pw.pw_uid, pw.pw_gid) 29 | 30 | 31 | def main(): 32 | keys = ec2metadata.get('public-keys') 33 | if keys: 34 | authorize_sshkeys(keys, USERNAME) 35 | 36 | 37 | if __name__ == "__main__": 38 | main() 39 | -------------------------------------------------------------------------------- /bin/aptconf-tag: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # Copyright (c) 2011-2015 TurnKey GNU/Linux - http://www.turnkeylinux.org 3 | # 4 | # This file is part of buildtasks. 5 | # 6 | # Buildtasks is free software; you can redistribute it and/or modify it 7 | # under the terms of the GNU Affero General Public License as published by the 8 | # Free Software Foundation; either version 3 of the License, or (at your 9 | # option) any later version. 10 | 11 | 12 | fatal() { echo "FATAL [$(basename $0)]: $@" 1>&2; exit 1; } 13 | info() { echo "INFO [$(basename $0)]: $@"; } 14 | 15 | usage() { 16 | cat< $rootfs/etc/apt/apt.conf.d/01turnkey 38 | -------------------------------------------------------------------------------- /bin/rootfs-cleanup: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # Copyright (c) 2011-2015 TurnKey GNU/Linux - http://www.turnkeylinux.org 3 | # 4 | # This file is part of buildtasks. 5 | # 6 | # Buildtasks is free software; you can redistribute it and/or modify it 7 | # under the terms of the GNU Affero General Public License as published by the 8 | # Free Software Foundation; either version 3 of the License, or (at your 9 | # option) any later version. 10 | 11 | 12 | fatal() { echo "FATAL [$(basename $0)]: $@" 1>&2; exit 1; } 13 | info() { echo "INFO [$(basename $0)]: $@"; } 14 | 15 | CLEANUP='/boot/*.bak /var/log/dpkg.log /var/log/apt/* /var/lib/apt/lists/* /var/cache/apt/archives/*.deb /var/cache/apt/*.bin' 16 | 17 | usage() { 18 | cat<> /etc/modules 19 | 20 | # hold kernel (not used in image, pro-longs sec-updates) 21 | ARCH=$(dpkg --print-architecture) 22 | case "$ARCH" in 23 | "i386") 24 | META_KERNEL="linux-image-686"; 25 | ;; 26 | "amd64") 27 | META_KERNEL="linux-image-amd64"; 28 | ;; 29 | *) 30 | fatal "non-supported architecture: $ARCH"; 31 | ;; 32 | esac 33 | KERNEL=$(echo /boot/vmlinuz-* | sed 's|/boot/vmlinuz-|linux-image-|') 34 | echo "$KERNEL hold" | dpkg --set-selections 35 | echo "$META_KERNEL hold" | dpkg --set-selections 36 | 37 | -------------------------------------------------------------------------------- /tests/signature: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | fatal() { echo "FATAL [$(basename $0)]: $@" 1>&2; exit 1; } 4 | info() { echo "INFO [$(basename $0)]: $@"; } 5 | 6 | usage() { 7 | cat< $t 19 | $BT_BIN/generate-signature $t 20 | $BT_BIN/signature-sign $t.sig 21 | $BT_BIN/signature-verify $t $t.sig 22 | rm $t $t.sig 23 | 24 | info "test2: should fail (gpg)" 25 | t=$(tempfile) 26 | echo "foo" > $t 27 | $BT_BIN/generate-signature $t 28 | $BT_BIN/signature-sign $t.sig 29 | sed -i "s/Turnkey/TurnKey/" $t.sig 30 | $BT_BIN/signature-verify $t $t.sig && fatal "should have failed (gpg)" 31 | rm $t $t.sig 32 | 33 | info "test3: should fail (checksum)" 34 | t=$(tempfile) 35 | echo "foo" > $t 36 | $BT_BIN/generate-signature $t 37 | $BT_BIN/signature-sign $t.sig 38 | echo "foo" >> $t 39 | $BT_BIN/signature-verify $t $t.sig && fatal "should have failed (checksum)" 40 | rm $t $t.sig 41 | 42 | info "all tests passed" 43 | -------------------------------------------------------------------------------- /contrib/docker-ports.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # Copyright (c) 2011-2015 TurnKey GNU/Linux - http://www.turnkeylinux.org 3 | # 4 | # This file is part of buildtasks. 5 | # 6 | # Buildtasks is free software; you can redistribute it and/or modify it 7 | # under the terms of the GNU Affero General Public License as published by the 8 | # Free Software Foundation; either version 3 of the License, or (at your 9 | # option) any later version. 10 | 11 | """Generate config/docker.ports from hub stable appliances""" 12 | 13 | import sys 14 | 15 | sys.path.insert(0, '/turnkey/public/hub/apps/appliance') 16 | from appliances import appliances 17 | 18 | def main(): 19 | for a in appliances: 20 | ports = [] 21 | for p in a.fw.tcp: 22 | if ":" in p: 23 | start, end = p.split(":") 24 | for p in range(int(start), int(end) + 1): 25 | ports.append(str(p)) 26 | else: 27 | ports.append(p) 28 | 29 | for p in a.fw.udp: 30 | ports.append(p + '/udp') 31 | 32 | print "%s: %s" % (a.name, ' '.join(ports)) 33 | 34 | if __name__ == "__main__": 35 | main() 36 | 37 | -------------------------------------------------------------------------------- /bin/signature-sign: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # Copyright (c) 2011-2015 TurnKey GNU/Linux - http://www.turnkeylinux.org 3 | # 4 | # This file is part of buildtasks. 5 | # 6 | # Buildtasks is free software; you can redistribute it and/or modify it 7 | # under the terms of the GNU Affero General Public License as published by the 8 | # Free Software Foundation; either version 3 of the License, or (at your 9 | # option) any later version. 10 | 11 | 12 | fatal() { echo "FATAL [$(basename $0)]: $@" 1>&2; exit 1; } 13 | info() { echo "INFO [$(basename $0)]: $@"; } 14 | 15 | usage() { 16 | cat<&2; exit 1; } 12 | info() { echo "INFO [$(basename $0)]: $@"; } 13 | 14 | usage() { 15 | cat< /dev/null; then 10 | # possibly overkill, but send to both stdout & stderr 11 | echo "FATAL [$0]: openssl not installed" | tee /dev/stderr 12 | exit 1 13 | fi 14 | 15 | # generate (pseudo) random 12 char base64 password string 16 | unset check response 17 | while [ -z "$check" ]; do 18 | response="$(openssl rand -base64 9 2>/dev/null || true)" 19 | if [[ "${#response}" -ge 12 ]]; then 20 | MASTERPASS=${response#\'} 21 | check=good 22 | else 23 | echo "openssl responded with something unexpected, so sleeping 1 sec, then retrying" 24 | sleep 1 25 | fi 26 | done 27 | 28 | cat>$INITHOOKS_CONF< 3 | 4 | import os 5 | import sys 6 | 7 | if '_TURNKEY_INIT' in os.environ: 8 | sys.exit(0) 9 | 10 | from os.path import join 11 | import subprocess 12 | 13 | import ec2metadata 14 | 15 | DIR = '/var/lib/inithooks/ec2metadata' 16 | 17 | 18 | def main(): 19 | userdata = ec2metadata.get('user-data') 20 | os.makedirs(DIR, exist_ok=True) 21 | 22 | if userdata and userdata.decode().startswith("#!"): 23 | os.makedirs(DIR, exist_ok=True) 24 | script = join(DIR, 'user-data.sh') 25 | with open(script, "wb") as fob: 26 | fob.write(userdata) 27 | os.chmod(script, 0o750) 28 | ec2meta = subprocess.run([script], capture_output=True, text=True) 29 | if ec2meta.returncode == 0: 30 | os.remove(script) 31 | print("# executed ec2 user-data script") 32 | else: 33 | line = f"# ERROR: executing ec2 user-data script failed ({script})" 34 | log = '/var/log/userdata.log' 35 | with open(log, 'w') as fob: 36 | print(line, f'\n - see {log} for details.') 37 | fob.write(line+'\n\n') 38 | fob.writelines(ec2meta.stderr) 39 | sys.exit(1) 40 | 41 | 42 | if __name__ == "__main__": 43 | main() 44 | -------------------------------------------------------------------------------- /bin/aws-setup: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # Copyright (c) 2021 TurnKey GNU/Linux - https://www.turnkeylinux.org 3 | # 4 | # This file is part of buildtasks. 5 | # 6 | # Buildtasks is free software; you can redistribute it and/or modify it 7 | # under the terms of the GNU Affero General Public License as published by the 8 | # Free Software Foundation; either version 3 of the License, or (at your 9 | # option) any later version. 10 | 11 | 12 | fatal() { echo "FATAL [$(basename $0)]: $@" 1>&2; exit 1; } 13 | warning() { echo "WARNING [$(basename $0)]: $@"; } 14 | info() { echo "INFO [$(basename $0)]: $@"; } 15 | 16 | usage() { 17 | cat<&2; exit 1; } 14 | info() { echo "INFO [$(basename $0)]: $@"; } 15 | 16 | usage() { 17 | cat<&2; exit 1; } 13 | info() { echo "INFO [$(basename $0)]: $@"; } 14 | 15 | usage() { 16 | cat</dev/null || true 45 | 46 | mkdir -p $outdir 47 | mirror_images="http://mirror.turnkeylinux.org/turnkeylinux/images" 48 | bucket_images="s3://turnkeylinux-builds/images" 49 | if ! wget --read-timeout=60 --tries=10 $mirror_images/iso/$isofile \ 50 | -O $outdir/$isofile; then 51 | if ! aws s3 cp $bucket_images/iso/$isofile $outdir/$isofile; then 52 | fatal "$isofile download failed" 53 | fi 54 | fi 55 | -------------------------------------------------------------------------------- /bin/img-download: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # Copyright (c) 2011-2018 TurnKey GNU/Linux - https://www.turnkeylinux.org 3 | # 4 | # This file is part of buildtasks. 5 | # 6 | # Buildtasks is free software; you can redistribute it and/or modify it 7 | # under the terms of the GNU Affero General Public License as published by the 8 | # Free Software Foundation; either version 3 of the License, or (at your 9 | # option) any later version. 10 | 11 | 12 | fatal() { echo "FATAL [$(basename $0)]: $@" 1>&2; exit 1; } 13 | info() { echo "INFO [$(basename $0)]: $@"; } 14 | 15 | usage() { 16 | cat</dev/null || true 45 | 46 | mkdir -p $outdir 47 | mirror_images="http://mirror.turnkeylinux.org/turnkeylinux/images" 48 | bucket_images="s3://turnkeylinux-builds/images" 49 | if ! wget --read-timeout=60 --tries=10 $mirror_images/img/$imgfile \ 50 | -O $outdir/$imgfile; then 51 | if ! aws s3 cp $bucket_images/img/$imgfile $outdir/$imgfile; then 52 | fatal "$imgfile download failed" 53 | fi 54 | fi 55 | -------------------------------------------------------------------------------- /patches/cloud/conf: -------------------------------------------------------------------------------- 1 | #!/bin/bash -ex 2 | 3 | install() { 4 | apt-get update 5 | DEBIAN_FRONTEND=noninteractive apt-get -y \ 6 | -o DPkg::Options::=--force-confdef \ 7 | -o DPkg::Options::=--force-confold \ 8 | install $@ 9 | } 10 | 11 | # install cloud required packages 12 | install tkl-ec2metadata 13 | 14 | # copy mntbind inithook in everyboot 15 | INITHOOKS=/usr/lib/inithooks 16 | cp $INITHOOKS/firstboot.d/27ec2-mntbind-ephemeral $INITHOOKS/everyboot.d/ 17 | 18 | # disable systemd confconsole.service (as of v16.0 it's no longer a stand 19 | # alone service, hence why I've also added ' || true'). 20 | systemctl disable confconsole \ 21 | || echo "[$(basename $0)] disabling confconsole service failed - expected when building v17.0+" 22 | 23 | # disable networking options in confconsole 24 | sed -i "/networking false/ s|^#||" /etc/confconsole/confconsole.conf 25 | 26 | # use ec2metadata to get public IP address 27 | sed -i "/publicip_cmd ec2metadata/ s|^#||" /etc/confconsole/confconsole.conf 28 | 29 | # uncomment eth1 in interfaces file (commented out in common - see #952) 30 | sed -i "/eth1/ s|^#||" /etc/network/interfaces 31 | 32 | # redirect inithook output (preseeded headless deployment) 33 | sed -i '/REDIRECT_OUTPUT/ s/=.*/=true/g' /etc/default/inithooks 34 | 35 | # ensure grub is correctly configured 36 | bootdisk=$(find /dev -type b -name "*da") 37 | disks=$(wc -l <<<"$bootdisk") 38 | if [[ $disks -eq 1 ]]; then 39 | debconf-set-selections <<< "grub-pc grub-pc/install_devices multiselect $bootdisk" 40 | else 41 | if [[ $disks -eq 0 ]]; then 42 | echo "FATAL: could not find bootdisk" 43 | else 44 | echo "FATAL: got multiple possibile bootdisks:" $bootdisk 45 | fi 46 | exit 1 47 | fi 48 | -------------------------------------------------------------------------------- /tests/appname-version: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | fatal() { echo "FATAL [$(basename $0)]: $@" 1>&2; exit 1; } 4 | info() { echo "INFO [$(basename $0)]: $@"; } 5 | 6 | usage() { 7 | cat<&2; exit 1; } 13 | warning() { echo "WARNING [$(basename $0)]: $@"; } 14 | info() { echo "INFO [$(basename $0)]: $@"; } 15 | 16 | usage() { 17 | cat</dev/null; then 47 | info "need to install mbr" 48 | pkgs="$pkgs mbr" 49 | fi 50 | 51 | if ! which extlinux >/dev/null; then 52 | info "need to install extlinux" 53 | pkgs="$pkgs extlinux" 54 | fi 55 | 56 | if ! which parted >/dev/null; then 57 | info "need to install parted" 58 | pkgs="$pkgs parted" 59 | fi 60 | 61 | if ! which kpartx >/dev/null; then 62 | info "need to install kpartx" 63 | pkgs="$pkgs kpartx" 64 | fi 65 | 66 | if ! which qemu-img >/dev/null; then 67 | info "need to install qemu-utils" 68 | pkgs="$pkgs qemu-utils" 69 | fi 70 | 71 | info "installing required packages" 72 | install "$pkgs" 73 | -------------------------------------------------------------------------------- /bin/docker-bundle: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # Copyright (c) 2011-2015 TurnKey GNU/Linux - http://www.turnkeylinux.org 3 | # 4 | # This file is part of buildtasks. 5 | # 6 | # Buildtasks is free software; you can redistribute it and/or modify it 7 | # under the terms of the GNU Affero General Public License as published by the 8 | # Free Software Foundation; either version 3 of the License, or (at your 9 | # option) any later version. 10 | 11 | 12 | fatal() { echo "FATAL [$(basename $0)]: $@" 1>&2; exit 1; } 13 | info() { echo "INFO [$(basename $0)]: $@"; } 14 | 15 | usage() { 16 | cat< $name.docker/Dockerfile < 54 | CMD ["/usr/sbin/start.sh"] 55 | EXPOSE $ports 56 | EOF 57 | 58 | info "building new docker image" 59 | docker build -t $dockername $name.docker 60 | 61 | if [ -z "$BT_DEBUG" ]; then 62 | info "removing directory" 63 | rm -rf $name.docker 64 | fi 65 | 66 | -------------------------------------------------------------------------------- /patches/docker/conf: -------------------------------------------------------------------------------- 1 | #!/bin/bash -ex 2 | 3 | # remove kernel 4 | ARCH=$(dpkg --print-architecture) 5 | case "$ARCH" in 6 | "i386") 7 | OLD_META_KERNEL="linux-image-686"; 8 | ;; 9 | "amd64") 10 | OLD_META_KERNEL="linux-image-amd64"; 11 | ;; 12 | *) 13 | fatal "non-supported architecture: $ARCH"; 14 | ;; 15 | esac 16 | OLD_KERNEL=$(echo /boot/vmlinuz-* | sed 's|/boot/vmlinuz-|linux-image-|') 17 | OLD_KERNEL_VER=$(echo /boot/vmlinuz-* | sed 's|/boot/vmlinuz-||') 18 | 19 | mv /usr/sbin/update-grub /usr/sbin/update-grub.orig 20 | ln -s /bin/true /usr/sbin/update-grub 21 | 22 | debconf-set-selections << EOF 23 | $OLD_KERNEL $OLD_KERNEL/prerm/removing-running-kernel-$OLD_KERNEL_VER boolean false 24 | EOF 25 | DEBIAN_FRONTEND=noninteractive apt-get -y purge $OLD_META_KERNEL $OLD_KERNEL 26 | 27 | rm /usr/sbin/update-grub 28 | mv /usr/sbin/update-grub.orig /usr/sbin/update-grub 29 | 30 | # remove resolvconf 31 | rm -rf /var/run/resolvconf 32 | dpkg --purge resolvconf 33 | rm -f /etc/resolv.conf* 34 | touch /etc/resolv.conf 35 | 36 | # remove ntp daemon 37 | dpkg --purge ntp || true 38 | 39 | # disable confconsole 40 | chmod -x /root/.bashrc.d/confconsole-auto 41 | 42 | # disable fgconsole (inithooks related until fixed) 43 | mv /bin/fgconsole /bin/fgconsole.orig 44 | ln -s /bin/false /bin/fgconsole 45 | 46 | # modprobe doesn't work in docker 47 | mv /sbin/modprobe /sbin/modprobe.orig 48 | ln -s /bin/true /sbin/modprobe 49 | 50 | # mongodb temp workaround 51 | # prealloc files do not contain data, but are rather simply 52 | # preallocated files that are ready to use that are truly preallocated 53 | # by the file system (i.e. they are not "sparse"). It is thus safe to 54 | # remove them, but if you restart mongod with journaling, it will 55 | # create them again if they are missing.* 56 | 57 | [ -e /var/lib/mongodb/journal ] && rm -f /var/lib/mongodb/journal/prealloc.* 58 | 59 | exit 0 60 | -------------------------------------------------------------------------------- /bin/img-publish: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # Copyright (c) 2011-2015 TurnKey GNU/Linux - http://www.turnkeylinux.org 3 | # 4 | # This file is part of buildtasks. 5 | # 6 | # Buildtasks is free software; you can redistribute it and/or modify it 7 | # under the terms of the GNU Affero General Public License as published by the 8 | # Free Software Foundation; either version 3 of the License, or (at your 9 | # option) any later version. 10 | 11 | 12 | info() { echo "INFO [$(basename $0)]: $@"; } 13 | fatal() { echo "FATAL [$(basename $0)]: $@" 1>&2; exit 1; } 14 | warning() { echo "WARNING [$(basename $0)]: $@"; } 15 | 16 | FILES=$* 17 | 18 | usage() { 19 | cat<&2; exit 1; } 13 | info() { echo "INFO [$(basename $0)]: $@"; } 14 | 15 | usage() { 16 | cat</dev/null || true 50 | 51 | if [ ! -e $hashpath ]; then 52 | mirror_src=http://releases.turnkeylinux.org/turnkey-$appname/$version/$hashfile 53 | bucket_src=s3://turnkeylinux-builds/metadata/$hashfile 54 | wget --read-timeout=60 --tries=10 $mirror_src -O $hashpath \ 55 | || aws s3 cp $bucket_src $hashpath \ 56 | || fatal "$hashfile download failed" 57 | else 58 | info "$hashfile already exists, skipping download..." 59 | fi 60 | 61 | if ! $BT/bin/signature-verify $isodir/$isofile $hashpath; then 62 | mv $isodir/$isofile $isodir/$isofile.corrupt 63 | rm $hashpath 64 | fatal "$hashfile verification failed" 65 | fi 66 | -------------------------------------------------------------------------------- /bin/img-verify: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # Copyright (c) 2011-2018 TurnKey GNU/Linux - https://www.turnkeylinux.org 3 | # 4 | # This file is part of buildtasks. 5 | # 6 | # Buildtasks is free software; you can redistribute it and/or modify it 7 | # under the terms of the GNU Affero General Public License as published by the 8 | # Free Software Foundation; either version 3 of the License, or (at your 9 | # option) any later version. 10 | 11 | 12 | fatal() { echo "FATAL [$(basename $0)]: $@" 1>&2; exit 1; } 13 | info() { echo "INFO [$(basename $0)]: $@"; } 14 | 15 | usage() { 16 | cat</dev/null || true 50 | 51 | if [ ! -e $hashpath ]; then 52 | mirror_src=http://releases.turnkeylinux.org/turnkey-$appname/$version/$hashfile 53 | bucket_src=s3://turnkeylinux-builds/metadata/$hashfile 54 | wget --read-timeout=60 --tries=10 $mirror_src -O $hashpath \ 55 | || aws s3 cp $bucket_src $hashpath \ 56 | || fatal "$hashfile download failed" 57 | else 58 | info "$hashfile already exists, skipping download..." 59 | fi 60 | 61 | if ! $BT/bin/signature-verify $imgdir/$imgfile $hashpath; then 62 | mv $imgdir/$imgfile $imgdir/$imgfile.corrupt 63 | rm $hashpath 64 | fatal "$hashfile verification failed" 65 | fi 66 | -------------------------------------------------------------------------------- /bin/ec2/legacy/ebs_publish.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # Author: Alon Swartz 3 | # Copyright (c) 2011-2015 TurnKey GNU/Linux - http://www.turnkeylinux.org 4 | # 5 | # This file is part of buildtasks. 6 | # 7 | # Buildtasks is free software; you can redistribute it and/or modify it 8 | # under the terms of the GNU Affero General Public License as published by the 9 | # Free Software Foundation; either version 3 of the License, or (at your 10 | # option) any later version. 11 | 12 | """ 13 | Set AMI launch permission to all 14 | 15 | Arguments: 16 | 17 | ami_id Amazon Image ID 18 | 19 | Options: 20 | 21 | --region= Region (default: current region) 22 | 23 | """ 24 | import sys 25 | import getopt 26 | 27 | import utils 28 | 29 | log = utils.get_logger('ebs-publish') 30 | 31 | def usage(e=None): 32 | if e: 33 | print >> sys.stderr, "error: " + str(e) 34 | 35 | print >> sys.stderr, "Syntax: %s [ -options ] ami_id" % (sys.argv[0]) 36 | print >> sys.stderr, __doc__.strip() 37 | 38 | sys.exit(1) 39 | 40 | def share_public(ami_id, region): 41 | conn = utils.connect(region) 42 | 43 | log.debug('setting image to public - %s', ami_id) 44 | conn.modify_image_attribute( 45 | ami_id, 46 | attribute='launchPermission', 47 | operation='add', 48 | groups=['all']) 49 | 50 | log.info('set image to public - %s' % ami_id) 51 | 52 | def main(): 53 | try: 54 | opts, args = getopt.gnu_getopt(sys.argv[1:], "h", ["help", "region="]) 55 | except getopt.GetoptError, e: 56 | usage(e) 57 | 58 | region = None 59 | for opt, val in opts: 60 | if opt in ('-h', '--help'): 61 | usage() 62 | 63 | if opt == "--region": 64 | region = val 65 | 66 | if len(args) != 1: 67 | usage("incorrect number of arguments") 68 | 69 | ami_id = args[0] 70 | region = region if region else utils.get_region() 71 | 72 | share_public(ami_id, region) 73 | 74 | if __name__ == "__main__": 75 | main() 76 | 77 | -------------------------------------------------------------------------------- /bin/vm-setup: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # Copyright (c) 2018 TurnKey GNU/Linux - https://www.turnkeylinux.org 3 | # 4 | # This file is part of buildtasks. 5 | # 6 | # Buildtasks is free software; you can redistribute it and/or modify it 7 | # under the terms of the GNU Affero General Public License as published by the 8 | # Free Software Foundation; either version 3 of the License, or (at your 9 | # option) any later version. 10 | 11 | 12 | fatal() { echo "FATAL [$(basename $0)]: $@" 1>&2; exit 1; } 13 | warning() { echo "WARNING [$(basename $0)]: $@"; } 14 | info() { echo "INFO [$(basename $0)]: $@"; } 15 | 16 | usage() { 17 | cat</dev/null; then 54 | pkgs_to_install="${pkgs_to_install} ${pkg}" 55 | fi 56 | done 57 | [[ -z ${pkgs_to_install} ]] || install ${pkgs_to_install} 58 | 59 | if ! which ovftool >/dev/null; then 60 | msg="VMWare OFVTool not installed.\n\n" 61 | msg="${msg}Please download and install 'VMware OVF Tool for Linux 64-bit'. " 62 | msg="${msg}It can be downloaded from:\n\n\t${OVFTOOL_URL}\n\nand installed with:\n" 63 | msg="${msg}\n\tpath/to/VMware-ovftool-VER-lin.x86_64.bundle --console --eulas-agreed" 64 | msg="$(echo -e $msg)" 65 | fatal "$msg" 66 | fi 67 | -------------------------------------------------------------------------------- /bin/build-tag: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # Copyright (c) 2018 TurnKey GNU/Linux - https://www.turnkeylinux.org 3 | # 4 | # This file is part of buildtasks. 5 | # 6 | # Buildtasks is free software; you can redistribute it and/or modify it 7 | # under the terms of the GNU Affero General Public License as published by the 8 | # Free Software Foundation; either version 3 of the License, or (at your 9 | # option) any later version. 10 | 11 | 12 | fatal() { echo "FATAL [$(basename $0)]: $@" 1>&2; exit 1; } 13 | info() { echo "INFO [$(basename $0)]: $@"; } 14 | 15 | usage() { 16 | cat< 3 | # Copyright (c) 2011-2022 TurnKey GNU/Linux - http://www.turnkeylinux.org 4 | # 5 | # This file is part of buildtasks. 6 | # 7 | # Buildtasks is free software; you can redistribute it and/or modify it 8 | # under the terms of the GNU Affero General Public License as published by the 9 | # Free Software Foundation; either version 3 of the License, or (at your 10 | # option) any later version. 11 | 12 | """ 13 | Set AMI launch permission to all 14 | 15 | Arguments: 16 | 17 | ami_id Amazon Image ID 18 | 19 | Options: 20 | 21 | --region= Region (default: current region) 22 | 23 | """ 24 | import sys 25 | import getopt 26 | 27 | import utils 28 | 29 | log = utils.get_logger('ebs-publish') 30 | 31 | 32 | def usage(e=None): 33 | if e: 34 | print("error: " + str(e), file=sys.stderr) 35 | 36 | print("Syntax: %s [ -options ] ami_id" % (sys.argv[0]), file=sys.stderr) 37 | print(__doc__.strip(), file=sys.stderr) 38 | 39 | sys.exit(1) 40 | 41 | 42 | def share_public(ami_id, region): 43 | conn = utils.connect(region) 44 | 45 | log.debug(f'setting image to public - {ami_id}') 46 | conn.modify_image_attribute( 47 | ami_id, 48 | attribute='launchPermission', 49 | operation='add', 50 | groups=['all']) 51 | 52 | log.info(f'set image to public - {ami_id}') 53 | 54 | 55 | def main(): 56 | try: 57 | opts, args = getopt.gnu_getopt(sys.argv[1:], "h", ["help", "region="]) 58 | except getopt.GetoptError as e: 59 | usage(e) 60 | 61 | region = None 62 | for opt, val in opts: 63 | if opt in ('-h', '--help'): 64 | usage() 65 | 66 | if opt == "--region": 67 | region = val 68 | 69 | if len(args) != 1: 70 | usage("incorrect number of arguments") 71 | 72 | ami_id = args[0] 73 | region = region if region else utils.get_region() 74 | 75 | share_public(ami_id, region) 76 | 77 | 78 | if __name__ == "__main__": 79 | main() 80 | -------------------------------------------------------------------------------- /bt-optimized: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # Copyright (c) 2011-2018 TurnKey GNU/Linux - https://www.turnkeylinux.org 3 | # 4 | # This file is part of buildtasks. 5 | # 6 | # Buildtasks is free software; you can redistribute it and/or modify it 7 | # under the terms of the GNU Affero General Public License as published by the 8 | # Free Software Foundation; either version 3 of the License, or (at your 9 | # option) any later version. 10 | 11 | 12 | fatal() { echo "FATAL [$(basename $0)]: $@" 1>&2; exit 1; } 13 | warning() { echo "WARNING [$(basename $0)]: $@"; } 14 | info() { echo "INFO [$(basename $0)]: $@"; } 15 | 16 | usage() { 17 | cat<&2; exit 1; } 12 | info() { echo "INFO [$(basename $0)]: $@"; } 13 | 14 | PKGS="di-live live-boot live-tools live-boot-initramfs-tools" 15 | 16 | usage() { 17 | cat< 3 | # Copyright (c) 2011-2015 TurnKey GNU/Linux - http://www.turnkeylinux.org 4 | # 5 | # This file is part of buildtasks. 6 | # 7 | # Buildtasks is free software; you can redistribute it and/or modify it 8 | # under the terms of the GNU Affero General Public License as published by the 9 | # Free Software Foundation; either version 3 of the License, or (at your 10 | # option) any later version. 11 | 12 | """ 13 | Share snapshot with Amazon marketplace 14 | 15 | Arguments: 16 | 17 | snapshot_id Snapshot ID 18 | 19 | Options: 20 | 21 | --region= Region (default: current region) 22 | 23 | """ 24 | import sys 25 | import getopt 26 | 27 | import utils 28 | 29 | log = utils.get_logger('ebs-share') 30 | 31 | def usage(e=None): 32 | if e: 33 | print >> sys.stderr, "error: " + str(e) 34 | 35 | print >> sys.stderr, "Syntax: %s [ -options ] snapshot_id" % (sys.argv[0]) 36 | print >> sys.stderr, __doc__.strip() 37 | 38 | sys.exit(1) 39 | 40 | def share_marketplace(snapshot_id, region): 41 | conn = utils.connect(region) 42 | 43 | log.debug('getting snapshot - %s', snapshot_id) 44 | snapshot = conn.get_all_snapshots(snapshot_ids=[snapshot_id])[0] 45 | 46 | log.debug('sharing with marketplace') 47 | snapshot.share(user_ids=['096457495696']) 48 | 49 | log.info('shared with marketplace - %s', snapshot_id) 50 | 51 | def main(): 52 | try: 53 | opts, args = getopt.gnu_getopt(sys.argv[1:], "h", ["help", "region="]) 54 | except getopt.GetoptError, e: 55 | usage(e) 56 | 57 | region = None 58 | for opt, val in opts: 59 | if opt in ('-h', '--help'): 60 | usage() 61 | 62 | if opt == "--region": 63 | region = val 64 | 65 | if len(args) != 1: 66 | usage("incorrect number of arguments") 67 | 68 | snapshot_id = args[0] 69 | region = region if region else utils.get_region() 70 | 71 | share_marketplace(snapshot_id, region) 72 | 73 | if __name__ == "__main__": 74 | main() 75 | -------------------------------------------------------------------------------- /bin/ec2/ebs_share.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | # Author: Alon Swartz 3 | # Copyright (c) 2011-2022 TurnKey GNU/Linux - http://www.turnkeylinux.org 4 | # 5 | # This file is part of buildtasks. 6 | # 7 | # Buildtasks is free software; you can redistribute it and/or modify it 8 | # under the terms of the GNU Affero General Public License as published by the 9 | # Free Software Foundation; either version 3 of the License, or (at your 10 | # option) any later version. 11 | 12 | """ 13 | Share snapshot with Amazon marketplace 14 | 15 | Arguments: 16 | 17 | snapshot_id Snapshot ID 18 | 19 | Options: 20 | 21 | --region= Region (default: current region) 22 | 23 | """ 24 | import sys 25 | import getopt 26 | 27 | import utils 28 | 29 | log = utils.get_logger('ebs-share') 30 | 31 | 32 | def usage(e=None): 33 | if e: 34 | print("error: " + str(e), file=sys.stderr) 35 | 36 | print("Syntax: %s [ -options ] snapshot_id" % (sys.argv[0]), file=sys.stderr) 37 | print(__doc__.strip(), file=sys.stderr) 38 | 39 | sys.exit(1) 40 | 41 | 42 | def share_marketplace(snapshot_id, region): 43 | conn = utils.connect(region) 44 | 45 | log.debug(f'getting snapshot - {snapshot_id}') 46 | snapshot = conn.get_all_snapshots(snapshot_ids=[snapshot_id])[0] 47 | 48 | log.debug('sharing with marketplace') 49 | snapshot.share(user_ids=['096457495696']) 50 | 51 | log.info(f'shared with marketplace - {snapshot_id}') 52 | 53 | 54 | def main(): 55 | try: 56 | opts, args = getopt.gnu_getopt(sys.argv[1:], "h", ["help", "region="]) 57 | except getopt.GetoptError as e: 58 | usage(e) 59 | 60 | region = None 61 | for opt, val in opts: 62 | if opt in ('-h', '--help'): 63 | usage() 64 | 65 | if opt == "--region": 66 | region = val 67 | 68 | if len(args) != 1: 69 | usage("incorrect number of arguments") 70 | 71 | snapshot_id = args[0] 72 | region = region if region else utils.get_region() 73 | 74 | share_marketplace(snapshot_id, region) 75 | 76 | 77 | if __name__ == "__main__": 78 | main() 79 | -------------------------------------------------------------------------------- /bin/openstack-bundle-ami: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # Copyright (c) 2011-2015 TurnKey GNU/Linux - http://www.turnkeylinux.org 3 | # 4 | # This file is part of buildtasks. 5 | # 6 | # Buildtasks is free software; you can redistribute it and/or modify it 7 | # under the terms of the GNU Affero General Public License as published by the 8 | # Free Software Foundation; either version 3 of the License, or (at your 9 | # option) any later version. 10 | 11 | 12 | fatal() { echo "FATAL [$(basename $0)]: $@" 1>&2; exit 1; } 13 | info() { echo "INFO [$(basename $0)]: $@"; } 14 | 15 | usage() { 16 | cat<&2; exit 1; } 12 | info() { echo "INFO [$(basename $0)]: $@"; } 13 | 14 | PKGS="turnkey-netinfo confconsole" 15 | 16 | usage() { 17 | cat<&2; exit 1; } 14 | 15 | usage() { 16 | cat<&2; exit 1; } 13 | info() { echo "INFO [$(basename $0)]: $@"; } 14 | 15 | usage() { 16 | cat< $name.docker/Dockerfile < 52 | RUN apt update 53 | RUN apt install -y qemu-system-arm 54 | RUN mkdir /app 55 | COPY $qcow2 /app 56 | COPY vmlinuz-$qcow2 /app/vmlinuz 57 | COPY initrd.img-$qcow2 /app/initrd.img 58 | WORKDIR /app 59 | CMD ["qemu-system-aarch64", "-kernel", "vmlinuz", "-initrd", "initrd.img", "-m", "1024", \ 60 | "-M", "virt", "-cpu", "cortex-a72", "-serial", "mon:stdio", \ 61 | "-append", "rw root=LABEL=RASPIROOT net.ifnames=0 console=ttyAMA0 rootwait", \ 62 | "-drive", "file=$qcow2,if=sd,id=hd-root", "-device", "virtio-blk-device,drive=hd-root", \ 63 | "-netdev", "user,id=net0,hostfwd=tcp::22-:22", "-device", "virtio-net-device,netdev=net0", \ 64 | "-no-reboot", "-nographic", \ 65 | "-virtfs", "local,path=/mnt,mount_tag=hostmnt,security_model=passthrough,id=hostmnt"] 66 | EXPOSE $ports 67 | VOLUME /mnt 68 | EOF 69 | 70 | info "building new docker image" 71 | docker build -t $dockername $name.docker 72 | 73 | if [ -z "$BT_DEBUG" ]; then 74 | info "removing directory" 75 | rm -rf $name.docker 76 | fi 77 | 78 | -------------------------------------------------------------------------------- /patches/ec2/overlay/var/lib/inithooks/turnkey-init-fence/htdocs/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | Initialization required 4 | 5 | 6 | 7 | 8 | 9 |
10 |

Please initialize this system...

11 | 12 |

Welcome to TurnKey! Before we fully expose this instance to a hostile Internet, 13 | we need to initialize it. This will setup passwords, install security 14 | updates, etc.

15 | 16 |

To continue you'll need to SSH into the admin 17 | account, which will automatically start the turnkey-init 18 | initialization program:

19 | 20 | 21 | 22 |

After initialization try reloading this page. This message will 23 | disappear and you'll be able to access all services on this system 24 | normally.

25 | 26 |
27 | 28 |
29 | 30 |

How do I SSH into the admin account?

31 | 32 | Using your SSH key-pair: If you've 33 | correctly configured an AWS SSH key-pair, you'll be able to log into the admin account 34 | without having to enter a password using your SSH client (e.g., Putty on Windows). 35 | 36 |
37 | 38 |
39 | 40 |

Register for bundled support and 1-click cloud backup

41 | 42 |

Each TurnKey solution on the AWS marketplace is bundled with e-mail 43 | support and 1-click cloud backup and migration for no extra-charge.

44 | 45 |

To benefit, sign up for a free TurnKey Hub account if you don't already have one. We identify your AWS marketplace 46 | subscription and eligibility for bundled services by your Amazon account id.

47 | 48 |

For more information, visit our website!

49 | 50 |

For further information, please consult the 51 | product page and 52 | AWS marketplace usage notes 53 | on the TurnKey GNU/Linux website.

54 | 55 |
56 | 57 | 58 | 59 | 60 | 61 | 68 | -------------------------------------------------------------------------------- /bt-openstack-ami: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # Copyright (c) 2011-2015 TurnKey GNU/Linux - http://www.turnkeylinux.org 3 | # 4 | # This file is part of buildtasks. 5 | # 6 | # Buildtasks is free software; you can redistribute it and/or modify it 7 | # under the terms of the GNU Affero General Public License as published by the 8 | # Free Software Foundation; either version 3 of the License, or (at your 9 | # option) any later version. 10 | 11 | 12 | fatal() { echo "FATAL [$(basename $0)]: $@" 1>&2; exit 1; } 13 | warning() { echo "WARNING [$(basename $0)]: $@"; } 14 | info() { echo "INFO [$(basename $0)]: $@"; } 15 | 16 | usage() { 17 | cat< $O/$name-openstack.tar.gz.buildenv 80 | 81 | # publish if specified 82 | if [ "$publish" == "yes" ]; then 83 | export PUBLISH_DEST=${BT_PUBLISH_IMGS}/openstack/ 84 | $BT/bin/publish-files $O/$name-openstack.tar.gz 85 | 86 | export PUBLISH_DEST=${BT_PUBLISH_META}/ 87 | $BT/bin/publish-files $O/$name-openstack.{tar.gz.hash,tar.gz.buildenv} 88 | fi 89 | 90 | if [ -z "$BT_DEBUG" ] && ! (mount | grep -q $(basename $rootfs)); then 91 | rm -rf $rootfs 92 | rm -rf $cdroot 93 | fi 94 | 95 | -------------------------------------------------------------------------------- /bin/ec2/legacy/ec2_copy.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # Author: Alon Swartz 3 | # Copyright (c) 2011-2015 TurnKey GNU/Linux - http://www.turnkeylinux.org 4 | # 5 | # This file is part of buildtasks. 6 | # 7 | # Buildtasks is free software; you can redistribute it and/or modify it 8 | # under the terms of the GNU Affero General Public License as published by the 9 | # Free Software Foundation; either version 3 of the License, or (at your 10 | # option) any later version. 11 | 12 | """ 13 | Copy AMI to destination region(s) 14 | 15 | Arguments: 16 | 17 | ami_id Amazon Image ID 18 | ami_name Amazon Image Name 19 | ami_region Amazon Image Region 20 | region...regionN Destination region(s) to copy to (also accepts: all) 21 | 22 | """ 23 | import sys 24 | import getopt 25 | 26 | import utils 27 | 28 | log = utils.get_logger('ebs-copy') 29 | 30 | def fatal(e): 31 | print >> sys.stderr, "error: " + str(e) 32 | sys.exit(1) 33 | 34 | def usage(e=None): 35 | if e: 36 | print >> sys.stderr, "error: " + str(e) 37 | 38 | args = "ami_id ami_name ami_region region...regionN" 39 | print >> sys.stderr, "Syntax: %s %s" % (sys.argv[0], args) 40 | print >> sys.stderr, __doc__.strip() 41 | 42 | sys.exit(1) 43 | 44 | class Image: 45 | def __init__(self, ami_id, region): 46 | self.id = ami_id 47 | self.region = region 48 | 49 | def get(self): 50 | conn = utils.connect(self.region) 51 | return conn.get_all_images(image_ids=[self.id])[0] 52 | 53 | def copy_image(ami_id, ami_name, ami_region, regions=[]): 54 | images = [] 55 | for region in regions: 56 | log.debug('copying %s (%s) to %s', ami_id, ami_region, region) 57 | 58 | conn = utils.connect(region) 59 | ret = conn.copy_image(ami_region, ami_id, ami_name) 60 | image = Image(ret.image_id, region) 61 | images.append(image) 62 | 63 | log.info('pending %s (%s) to %s (%s)', ami_id, ami_region, image.id, region) 64 | 65 | return images 66 | 67 | def main(): 68 | try: 69 | opts, args = getopt.gnu_getopt(sys.argv[1:], "h", ["help"]) 70 | except getopt.GetoptError, e: 71 | usage(e) 72 | 73 | publish = False 74 | for opt, val in opts: 75 | if opt in ('-h', '--help'): 76 | usage() 77 | 78 | if len(args) < 4: 79 | usage("incorrect number of arguments") 80 | 81 | ami_id, ami_name, ami_region = args[:3] 82 | regions = args[3:] 83 | 84 | if 'all' in regions: 85 | regions = utils.get_all_regions() 86 | regions.remove(ami_region) 87 | 88 | images = copy_image(ami_id, ami_name, ami_region, regions) 89 | for image in images: 90 | print "%s - %s" % (image.id, image.region) 91 | 92 | 93 | if __name__ == "__main__": 94 | main() 95 | 96 | -------------------------------------------------------------------------------- /bin/img-release: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # Copyright (c) 2011-2015 TurnKey GNU/Linux - http://www.turnkeylinux.org 3 | # 4 | # This file is part of buildtasks. 5 | # 6 | # Buildtasks is free software; you can redistribute it and/or modify it 7 | # under the terms of the GNU Affero General Public License as published by the 8 | # Free Software Foundation; either version 3 of the License, or (at your 9 | # option) any later version. 10 | 11 | 12 | info() { echo "INFO [$(basename $0)]: $@"; } 13 | fatal() { echo "FATAL [$(basename $0)]: $@" 1>&2; exit 1; } 14 | warning() { echo "WARNING [$(basename $0)]: $@"; } 15 | 16 | usage() { 17 | cat< $O/$name.manifest 76 | $BT/bin/generate-buildenv img $appname > $O/$name.img.xz.buildenv 77 | if [ -e $BT_PROFILES/$appname ]; then 78 | mkdir -p $O/$name.tklbam 79 | export PROFILES_CONF=$BT_PROFILES 80 | $BT/bin/generate-tklbam-profile $rootfs $O/$name.tklbam 81 | fi 82 | 83 | -------------------------------------------------------------------------------- /bt-prepqemu: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # Author: Yannick Heneault yheneaul@gmail.com 3 | # 4 | # This file is part of buildtasks. 5 | # 6 | # Buildtasks is free software; you can redistribute it and/or modify it 7 | # under the terms of the GNU Affero General Public License as published by the 8 | # Free Software Foundation; either version 3 of the License, or (at your 9 | # option) any later version. 10 | 11 | 12 | fatal() { echo "FATAL [$(basename $0)]: $@" 1>&2; exit 1; } 13 | warning() { echo "WARNING [$(basename $0)]: $@"; } 14 | info() { echo "INFO [$(basename $0)]: $@"; } 15 | 16 | usage() { 17 | cat< $tmpimgfile 69 | info "Resizing image..." 70 | qemu-img resize -f raw $tmpimgfile 30G 71 | parted -s $tmpimgfile -- resizepart 2 100% 72 | kpartx -asv $tmpimgfile 73 | e2fsck -f /dev/mapper/loop0p2 74 | resize2fs /dev/mapper/loop0p2 75 | mkdir -p sdroot 76 | mount /dev/mapper/loop0p2 sdroot 77 | mkdir -p sdroot/boot/firmware 78 | mount /dev/mapper/loop0p1 sdroot/boot/firmware 79 | 80 | [[ "$appversion" == *"rc"* ]] && $BT/bin/upgrade-pkgs sdroot 81 | 82 | $BT/bin/purge-pkgs sdroot 83 | tklpatch-apply sdroot $BT/patches/qemu 84 | $BT/bin/rootfs-cleanup sdroot 85 | 86 | $BT/bin/aptconf-tag sdroot qemu 87 | 88 | cp sdroot/boot/vmlinuz-* vmlinuz-$qcowfile 89 | cp sdroot/boot/initrd.img-* initrd.img-$qcowfile 90 | 91 | umount sdroot/boot/firmware 92 | umount sdroot 93 | rmdir sdroot 94 | kpartx -dsv $tmpimgfile 95 | info "Converting image..." 96 | qemu-img convert -f raw -O qcow2 $tmpimgfile $qcowfile 97 | rm $tmpimgfile 98 | 99 | -------------------------------------------------------------------------------- /bin/ec2/ec2_copy.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | # Author: Alon Swartz 3 | # Copyright (c) 2011-2022 TurnKey GNU/Linux - http://www.turnkeylinux.org 4 | # 5 | # This file is part of buildtasks. 6 | # 7 | # Buildtasks is free software; you can redistribute it and/or modify it 8 | # under the terms of the GNU Affero General Public License as published by the 9 | # Free Software Foundation; either version 3 of the License, or (at your 10 | # option) any later version. 11 | 12 | """ 13 | Copy AMI to destination region(s) 14 | 15 | Arguments: 16 | 17 | ami_id Amazon Image ID 18 | ami_name Amazon Image Name 19 | ami_region Amazon Image Region 20 | region...regionN Destination region(s) to copy to (also accepts: all) 21 | 22 | """ 23 | import sys 24 | import getopt 25 | 26 | import utils 27 | 28 | log = utils.get_logger('ebs-copy') 29 | 30 | 31 | def fatal(e): 32 | print("error: " + str(e), file=sys.stderr) 33 | sys.exit(1) 34 | 35 | 36 | def usage(e=None): 37 | if e: 38 | print("error: " + str(e), file=sys.stderr) 39 | 40 | args = "ami_id ami_name ami_region region...regionN" 41 | print("Syntax: %s %s" % (sys.argv[0], args), file=sys.stderr) 42 | print(__doc__.strip(), file=sys.stderr) 43 | 44 | sys.exit(1) 45 | 46 | 47 | class Image: 48 | def __init__(self, ami_id, region): 49 | self.id = ami_id 50 | self.region = region 51 | 52 | def get(self): 53 | conn = utils.connect(self.region) 54 | return conn.get_all_images(image_ids=[self.id])[0] 55 | 56 | 57 | def copy_image(ami_id, ami_name, ami_region, regions=[]): 58 | images = [] 59 | for region in regions: 60 | log.debug(f'copying {ami_id} ({ami_region}) to {region}') 61 | 62 | conn = utils.connect(region) 63 | ret = conn.copy_image(ami_region, ami_id, ami_name) 64 | image = Image(ret.image_id, region) 65 | images.append(image) 66 | 67 | log.info(f'pending {ami_id} ({ami_region}) to {image.id} ({region})') 68 | 69 | return images 70 | 71 | 72 | def main(): 73 | try: 74 | opts, args = getopt.gnu_getopt(sys.argv[1:], "h", ["help"]) 75 | except getopt.GetoptError as e: 76 | usage(e) 77 | 78 | publish = False 79 | for opt, val in opts: 80 | if opt in ('-h', '--help'): 81 | usage() 82 | 83 | if len(args) < 4: 84 | usage("incorrect number of arguments") 85 | 86 | ami_id, ami_name, ami_region = args[:3] 87 | regions = args[3:] 88 | 89 | if 'all' in regions: 90 | regions = utils.get_all_regions() 91 | regions.remove(ami_region) 92 | 93 | images = copy_image(ami_id, ami_name, ami_region, regions) 94 | for image in images: 95 | print("%s - %s" % (image.id, image.region)) 96 | 97 | 98 | if __name__ == "__main__": 99 | main() 100 | -------------------------------------------------------------------------------- /patches/container/conf: -------------------------------------------------------------------------------- 1 | #!/bin/bash -ex 2 | # Original author: Alon Swartz (c) 2012-2013 3 | # Since modified by: TurnKey Linux (c)2014-2023 4 | 5 | # remove kernel 6 | ARCH=$(dpkg --print-architecture) 7 | case "$ARCH" in 8 | "i386") 9 | OLD_META_KERNEL="linux-image-686"; 10 | ;; 11 | "amd64") 12 | OLD_META_KERNEL="linux-image-amd64"; 13 | ;; 14 | *) 15 | fatal "non-supported architecture: $ARCH"; 16 | ;; 17 | esac 18 | OLD_KERNEL=$(echo /boot/vmlinuz-* | sed 's|/boot/vmlinuz-|linux-image-|') 19 | OLD_KERNEL_VER=$(echo /boot/vmlinuz-* | sed 's|/boot/vmlinuz-||') 20 | 21 | # grub will be removed later 22 | rm /usr/sbin/update-grub 23 | ln -s /bin/true /usr/sbin/update-grub 24 | 25 | debconf-set-selections << EOF 26 | $OLD_KERNEL $OLD_KERNEL/prerm/removing-running-kernel-$OLD_KERNEL_VER boolean false 27 | EOF 28 | export DEBIAN_FRONTEND=noninteractive 29 | apt-get -y purge "$OLD_META_KERNEL" "$OLD_KERNEL" 30 | 31 | # stop auto-secupdates complaining 32 | mkdir -p /lib/modules 33 | 34 | # remove packages that are problematic, redundant and/or not usable in a 35 | # container 36 | apt-get purge -y \ 37 | ntpsec \ 38 | jitterentropy-rngd \ 39 | acpid \ 40 | fdisk webmin-fdisk \ 41 | lvm2 webmin-lvm \ 42 | webmin-raid webmin-mount \ 43 | || true 44 | 45 | # disable ssh.socket so that sshd runs reliably - closes #1722 46 | systemctl mask ssh.socket 47 | 48 | # disable systemd-resolved.service - closes #1766 49 | systemctl mask systemd-resolved.service 50 | 51 | # mask Kernel Config & Debug mounts - doesn't work on LXC - see: 52 | # https://github.com/lxc/lxc/issues/3903 53 | systemctl mask sys-kernel-debug.mount 54 | systemctl mask sys-kernel-config.mount 55 | 56 | # remove /etc/fstab - workaround #1139 57 | rm -rf /etc/fstab 58 | 59 | # modprobe doesn't work in lxc 60 | mv /sbin/modprobe /sbin/modprobe.orig 61 | ln -s /bin/true /sbin/modprobe 62 | 63 | # root password is set outside of container 64 | chmod -x /usr/lib/inithooks/firstboot.d/30rootpass 65 | 66 | # redirect inithook output (preseeded headless deployment) 67 | sed -i '/REDIRECT_OUTPUT/ s/=.*/=true/g' /etc/default/inithooks 68 | 69 | # clean up unrequired package(s); make sure wireguard-tools isn't 70 | if apt-get autoremove --simulate | grep -q wireguard; then 71 | echo "FATAL: Wireguard package to be removed - exiting" 72 | exit 1 73 | else 74 | apt-get autoremove --purge -y 75 | fi 76 | 77 | # remove postfix /dev/[u]random to support unprivileged containers 78 | # note that it breaks ldap/postfix integration - see issue #855 79 | # (applyed to openldap too as of v16.1) 80 | rm -rf /var/spool/postfix/dev/{u,}random 81 | 82 | if which redis-server >/dev/null; then 83 | dir=/etc/systemd/system/redis-server.service.d 84 | mkdir -p $dir 85 | cat > $dir/container-override.conf <&2; exit 1; } 13 | info() { echo "INFO [$(basename $0)]: $@"; } 14 | 15 | usage() { 16 | cat<> $patch_dst/changelog 74 | fi 75 | 76 | # auto-generate release package if it does not exist 77 | if [ ! -e $patch_dst/debs/turnkey-$appname-*.deb ]; then 78 | $BT/bin/generate-release-deb $patch_dst/changelog $patch_dst/debs 79 | fi 80 | 81 | # auto-generate version bump code in appliance conf patch 82 | if [ ! -e $patch_dst/conf ]; then 83 | echo -e '#!/bin/bash -e\n' > $patch_dst/conf 84 | chmod +x $patch_dst/conf 85 | fi 86 | cat >> $patch_dst/conf < /etc/turnkey_version 90 | echo "Acquire::http::User-Agent \"TurnKey APT-HTTP/1.3 ($newname)\";" > /etc/apt/apt.conf.d/01turnkey 91 | EOF 92 | 93 | -------------------------------------------------------------------------------- /bin/iso-publish: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # Copyright (c) 2011-2023 TurnKey GNU/Linux - http://www.turnkeylinux.org 3 | # 4 | # This file is part of buildtasks. 5 | # 6 | # Buildtasks is free software; you can redistribute it and/or modify it 7 | # under the terms of the GNU Affero General Public License as published by the 8 | # Free Software Foundation; either version 3 of the License, or (at your 9 | # option) any later version. 10 | 11 | 12 | info() { echo "INFO [$(basename $0)]: $@"; } 13 | fatal() { echo "FATAL [$(basename $0)]: $@" 1>&2; exit 1; } 14 | warning() { echo "WARNING [$(basename $0)]: $@"; } 15 | 16 | usage() { 17 | cat<&2; exit 1; } 13 | warning() { echo "WARNING [$(basename $0)]: $@"; } 14 | info() { echo "INFO [$(basename $0)]: $@"; } 15 | 16 | usage() { 17 | cat<&2; exit 1; } 13 | warning() { echo "WARNING [$(basename $0)]: $@"; } 14 | info() { echo "INFO [$(basename $0)]: $@"; } 15 | 16 | usage() { 17 | cat</dev/null 2>&1 || true 70 | make clean >/dev/null 2>&1 || true 71 | fi 72 | fatal "build failed..." 73 | fi 74 | 75 | mkdir -p $BT_ISOS 76 | $BT/bin/iso-release --force $BT_ISOS 77 | 78 | patchname=`basename $patch` 79 | patchname=${patchname%%.*} 80 | if [[ $patchname != *$appname* ]]; then 81 | patchname=${appname}-$patchname 82 | fi 83 | name=$(cat build/root.patched/etc/turnkey_version) 84 | namepatched=${name/$appname/$patchname} 85 | 86 | mv $BT_ISOS/$name.iso $BT_ISOS/$namepatched.iso 87 | mv $BT_ISOS/$name.iso.sig $BT_ISOS/$namepatched.iso.sig 88 | mv $BT_ISOS/$name.manifest $BT_ISOS/$namepatched.manifest 89 | mv $BT_ISOS/$name.changelog $BT_ISOS/$namepatched.changelog 90 | [ -e $BT_ISOS/$name.log ] && mv $BT_ISOS/$name.log $BT_ISOS/$namepatched.log 91 | [ -e $BT_ISOS/$name.tklbam ] && mv $BT_ISOS/$name.tklbam $BT_ISOS/$namepatched.tklbam 92 | 93 | if [ "$publish" == "yes" ]; then 94 | $BT/bin/iso-publish $BT_ISOS/$namepatched.iso 95 | fi 96 | 97 | if [ -z "$BT_DEBUG" ]; then 98 | deck -D build/root.sandbox 99 | make clean 100 | fi 101 | 102 | -------------------------------------------------------------------------------- /bin/ec2/legacy/utils.py: -------------------------------------------------------------------------------- 1 | # Author: Alon Swartz 2 | # Copyright (c) 2011-2015 TurnKey GNU/Linux - http://www.turnkeylinux.org 3 | # 4 | # This file is part of buildtasks. 5 | # 6 | # Buildtasks is free software; you can redistribute it and/or modify it 7 | # under the terms of the GNU Affero General Public License as published by the 8 | # Free Software Foundation; either version 3 of the License, or (at your 9 | # option) any later version. 10 | 11 | 12 | import re 13 | import os 14 | import sys 15 | import logging 16 | 17 | import conf 18 | 19 | import executil 20 | import ec2metadata 21 | 22 | from boto.ec2 import connect_to_region 23 | import boto3 24 | 25 | def connect(region=None): 26 | region = region if region else get_region() 27 | return connect_to_region( 28 | region, 29 | aws_access_key_id=os.environ.get('AWS_ACCESS_KEY_ID'), 30 | aws_secret_access_key=os.environ.get('AWS_SECRET_ACCESS_KEY'), 31 | security_token=os.environ.get('AWS_SESSION_TOKEN', None)) 32 | 33 | def connect_boto3(region=None): 34 | region = region if region else get_region() 35 | return boto3.client('ec2', 36 | region_name = region, 37 | aws_access_key_id=os.environ.get('AWS_ACCESS_KEY_ID'), 38 | aws_secret_access_key=os.environ.get('AWS_SECRET_ACCESS_KEY')) 39 | 40 | def get_turnkey_version(rootfs): 41 | return file(os.path.join(rootfs, "etc/turnkey_version")).read().strip() 42 | 43 | def get_instanceid(): 44 | return ec2metadata.get('instance-id') 45 | 46 | def get_zone(): 47 | return ec2metadata.get('availability-zone') 48 | 49 | def get_region(): 50 | return ec2metadata.get('availability-zone')[0:-1] 51 | 52 | def get_all_regions(): 53 | return conf.KERNELS.keys() 54 | 55 | def get_kernel(region, arch): 56 | return conf.KERNELS[region][arch] 57 | 58 | def get_arch(): 59 | return executil.getoutput('dpkg --print-architecture') 60 | 61 | def get_logger(name, level=None): 62 | logger = logging.getLogger(name) 63 | 64 | if not logger.handlers: 65 | logging.addLevelName(45, 'IMPORTANT') 66 | setattr(logger, 'important', 67 | lambda *args, **kwargs: logger.log(45, *args, **kwargs)) 68 | 69 | format = logging.Formatter('%(levelname)s [%(name)s]: %(message)s') 70 | 71 | stdout = logging.StreamHandler(sys.stdout) 72 | stdout.setFormatter(format) 73 | logger.addHandler(stdout) 74 | 75 | logfile = os.environ.get('LOGFILE_PATH', None) 76 | if logfile: 77 | filehandler = logging.FileHandler(logfile, mode='a') 78 | filehandler.setFormatter(format) 79 | logger.addHandler(filehandler) 80 | 81 | level = level if level else conf.LOG_LEVEL 82 | logger.setLevel(getattr(logging, level)) 83 | 84 | return logger 85 | 86 | def is_mounted(path): 87 | mounts = file("/proc/mounts").read() 88 | if mounts.find(path) != -1: 89 | return True 90 | 91 | return False 92 | 93 | def mkdir(path): 94 | if not os.path.exists(path): 95 | os.makedirs(path) 96 | 97 | def rsync(rootfs, dest): 98 | executil.system('rsync -a -t -r -S -I -H %s/ %s' % (rootfs, dest)) 99 | 100 | -------------------------------------------------------------------------------- /bt-xen: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # Copyright (c) 2011-2020 TurnKey GNU/Linux - https://www.turnkeylinux.org 3 | # 4 | # This file is part of buildtasks. 5 | # 6 | # Buildtasks is free software; you can redistribute it and/or modify it 7 | # under the terms of the GNU Affero General Public License as published by the 8 | # Free Software Foundation; either version 3 of the License, or (at your 9 | # option) any later version. 10 | 11 | 12 | fatal() { echo "FATAL [$(basename $0)]: $@" 1>&2; exit 1; } 13 | warning() { echo "WARNING [$(basename $0)]: $@"; } 14 | info() { echo "INFO [$(basename $0)]: $@"; } 15 | 16 | usage() { 17 | cat< $O/$name-xen.tar.bz2.buildenv 98 | 99 | # publish if specified 100 | if [ "$publish" == "yes" ]; then 101 | export PUBLISH_DEST=${BT_PUBLISH_IMGS}/xen/ 102 | $BT/bin/publish-files $O/$name-xen.tar.bz2 103 | 104 | export PUBLISH_DEST=${BT_PUBLISH_META}/ 105 | $BT/bin/publish-files $O/$name-xen.{tar.bz2.hash,tar.bz2.buildenv} 106 | fi 107 | 108 | if [ -z "$BT_DEBUG" ] && ! (mount | grep -q $(basename $rootfs)); then 109 | rm -rf $rootfs 110 | rm -rf $cdroot 111 | [ "$publish" == "yes" ] && $BT/bin/clean xen $appver 112 | fi 113 | 114 | -------------------------------------------------------------------------------- /bin/ec2/utils.py: -------------------------------------------------------------------------------- 1 | # Author: Alon Swartz 2 | # Copyright (c) 2011-2022 TurnKey GNU/Linux - http://www.turnkeylinux.org 3 | # 4 | # This file is part of buildtasks. 5 | # 6 | # Buildtasks is free software; you can redistribute it and/or modify it 7 | # under the terms of the GNU Affero General Public License as published by the 8 | # Free Software Foundation; either version 3 of the License, or (at your 9 | # option) any later version. 10 | 11 | 12 | import re 13 | import os 14 | import sys 15 | import logging 16 | import subprocess 17 | 18 | import conf 19 | 20 | # depends on tkl-ec2metadata 21 | import ec2metadata 22 | 23 | # depends on python3-boto & python3-boto3 24 | from boto.ec2 import connect_to_region 25 | import boto3 26 | 27 | 28 | def connect(region=None): 29 | region = region if region else get_region() 30 | return connect_to_region( 31 | region, 32 | aws_access_key_id=os.environ.get('AWS_ACCESS_KEY_ID'), 33 | aws_secret_access_key=os.environ.get('AWS_SECRET_ACCESS_KEY'), 34 | security_token=os.environ.get('AWS_SESSION_TOKEN', None)) 35 | 36 | 37 | def connect_boto3(region=None): 38 | region = region if region else get_region() 39 | return boto3.client( 40 | 'ec2', 41 | region_name=region, 42 | aws_access_key_id=os.environ.get('AWS_ACCESS_KEY_ID'), 43 | aws_secret_access_key=os.environ.get('AWS_SECRET_ACCESS_KEY')) 44 | 45 | 46 | def get_turnkey_version(rootfs): 47 | with open(os.path.join(rootfs, "etc/turnkey_version")) as fob: 48 | return fob.read().strip() 49 | 50 | 51 | def get_instanceid(): 52 | return ec2metadata.get('instance-id') 53 | 54 | 55 | def get_zone(): 56 | return ec2metadata.get('availability-zone') 57 | 58 | 59 | def get_region(): 60 | return ec2metadata.get('availability-zone')[0:-1] 61 | 62 | 63 | def get_all_regions(): 64 | return list(conf.KERNELS.keys()) 65 | 66 | 67 | def get_kernel(region, arch): 68 | return conf.KERNELS[region][arch] 69 | 70 | 71 | def get_arch(): 72 | return subprocess.run(['dpkg', '--print-architecture'], 73 | capture_output=True, text=True).stdout.rstrip() 74 | 75 | 76 | def get_logger(name, level=None): 77 | logger = logging.getLogger(name) 78 | 79 | if not logger.handlers: 80 | logging.addLevelName(45, 'IMPORTANT') 81 | setattr(logger, 'important', 82 | lambda *args, **kwargs: logger.log(45, *args, **kwargs)) 83 | 84 | format = logging.Formatter('%(levelname)s [%(name)s]: %(message)s') 85 | 86 | stdout = logging.StreamHandler(sys.stdout) 87 | stdout.setFormatter(format) 88 | logger.addHandler(stdout) 89 | 90 | logfile = os.environ.get('LOGFILE_PATH', None) 91 | if logfile: 92 | filehandler = logging.FileHandler(logfile, mode='a') 93 | filehandler.setFormatter(format) 94 | logger.addHandler(filehandler) 95 | 96 | level = level if level else conf.LOG_LEVEL 97 | logger.setLevel(getattr(logging, level)) 98 | 99 | return logger 100 | 101 | 102 | def is_mounted(path): 103 | with open("/proc/mounts") as fob: 104 | mounts = fob.read() 105 | if mounts.find(path) != -1: 106 | return True 107 | 108 | return False 109 | 110 | 111 | def mkdir(path): 112 | if not os.path.exists(path): 113 | os.makedirs(path) 114 | 115 | 116 | def rsync(rootfs, dest): 117 | subprocess.run( 118 | ['rsync', '-a', '-t', '-r', '-S', '-I', '-H', f'{rootfs}/', dest]) 119 | -------------------------------------------------------------------------------- /bin/signature-verify: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # Copyright (c) 2011-2018 TurnKey GNU/Linux - https://www.turnkeylinux.org 3 | # 4 | # This file is part of buildtasks. 5 | # 6 | # Buildtasks is free software; you can redistribute it and/or modify it 7 | # under the terms of the GNU Affero General Public License as published by the 8 | # Free Software Foundation; either version 3 of the License, or (at your 9 | # option) any later version. 10 | 11 | 12 | fatal() { echo "FATAL [$(basename $0)]: $@" 1>&2; exit 1; } 13 | warning() { echo "WARNING [$(basename $0)]: $@"; } 14 | info() { echo "INFO [$(basename $0)]: $@"; } 15 | 16 | usage() { 17 | cat<&1 >/dev/null; then 67 | info "Downloading GPG key: $BT_GPGKEY." 68 | if ! gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys $BT_GPGKEY; then 69 | warning "importing from keyserver.ubuntu.com failed; trying alternate." 70 | wget -O /tmp/$BT_GPGKEY.asc https://www.turnkeylinux.org/$BT_GPGKEY.asc \ 71 | || fatal "failed to download GPG key $BT_GPGKEY." 72 | gpg --import /tmp/$BT_GPGKEY.asc || fatal "alternate import failed." 73 | rm -f /tmp/$BT_GPGKEY.asc* 74 | fi 75 | fi 76 | 77 | info "Verifying GPG signature" 78 | if ! output=$(gpg --verify $hashpath 2>&1); then 79 | if [[ "${output%%$'\n'*}" == "gpg: no valid OpenPGP data found." ]]; then 80 | msg="$hashpath is not signed by GPG" 81 | if [[ "$force_gpg" == "yes" ]]; then 82 | fatal "$msg - exiting because '--force-gpg' set." 83 | else 84 | warning "$msg - this is expected if building locally and/or the hash file is unsigned." 85 | fi 86 | else 87 | echo "$output" 88 | fatal "$hashpath GPG verification failed" 89 | fi 90 | else 91 | echo "$output" 92 | info "GPG verification success." 93 | fi 94 | 95 | info "Verifying checksum." 96 | sum1=$(sha512sum $filepath | cut -d " " -f 1) 97 | sum2=$(grep -A 1 sha512sum $hashpath | head -n 2 | tail -n 1 | sed "s/^ *//; s/ .*//") 98 | if [ ! "$sum1" == "$sum2" ]; then 99 | fatal "$filepath checksum verification failed." 100 | fi 101 | 102 | info "Checksum verification success." 103 | -------------------------------------------------------------------------------- /bt-openstack: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # Copyright (c) 2011-2020 TurnKey GNU/Linux - https://www.turnkeylinux.org 3 | # 4 | # This file is part of buildtasks. 5 | # 6 | # Buildtasks is free software; you can redistribute it and/or modify it 7 | # under the terms of the GNU Affero General Public License as published by the 8 | # Free Software Foundation; either version 3 of the License, or (at your 9 | # option) any later version. 10 | 11 | 12 | fatal() { echo "FATAL [$(basename $0)]: $@" 1>&2; exit 1; } 13 | warning() { echo "WARNING [$(basename $0)]: $@"; } 14 | info() { echo "INFO [$(basename $0)]: $@"; } 15 | 16 | usage() { 17 | cat< $O/$name-openstack.qcow2.buildenv 103 | 104 | # publish if specified 105 | if [ "$publish" == "yes" ]; then 106 | export PUBLISH_DEST=${BT_PUBLISH_IMGS}/openstack/ 107 | $BT/bin/publish-files $O/$name-openstack.qcow2 108 | 109 | export PUBLISH_DEST=${BT_PUBLISH_META}/ 110 | $BT/bin/publish-files $O/$name-openstack.{qcow2.hash,qcow2.buildenv} 111 | fi 112 | 113 | if [ -z "$BT_DEBUG" ] && ! (mount | grep -q $(basename $rootfs)); then 114 | rm -rf $rootfs 115 | rm -rf $cdroot 116 | rm -f $rootfs.img 117 | [ "$publish" == "yes" ] && $BT/bin/clean openstack $appver 118 | fi 119 | 120 | -------------------------------------------------------------------------------- /bin/generate-signature: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # Copyright (c) 2011-2020 TurnKey GNU/Linux - http://www.turnkeylinux.org 3 | # 4 | # This file is part of buildtasks. 5 | # 6 | # Buildtasks is free software; you can redistribute it and/or modify it 7 | # under the terms of the GNU Affero General Public License as published by the 8 | # Free Software Foundation; either version 3 of the License, or (at your 9 | # option) any later version. 10 | 11 | 12 | fatal() { echo "FATAL [$(basename $0)]: $@" 1>&2; exit 1; } 13 | info() { echo "INFO [$(basename $0)]: $@"; } 14 | 15 | usage() { 16 | cat< $filepath.hash < local 19 | - choose file and upload 20 | - virtual machines > create > 21 | template: new appliance 22 | hostname: core 23 | mem/swap: 256 24 | password 25 | ipaddress: something available on network (venet) 26 | dns domain: local 27 | - virtual machines 28 | - click on vm just created (last) 29 | - click start 30 | - wait until booted (tip: see the boot log) 31 | 32 | openstack (virtualbox stackops) 33 | =============================== 34 | 35 | references: 36 | 2012/Week34 37 | 2013/Week23 38 | http://www.turnkeylinux.org/blog/announcing-openstack-builds 39 | 40 | /etc/init.d/ntp stop 41 | ntpdate pool.ntp.org 42 | /etc/init.d/ntp start 43 | 44 | . /var/lib/stackops/setenv.sh 45 | export OS_AUTH_STRATEGY=keystone 46 | export GLANCE_TOKEN=$(grep admin_token /etc/glance/glance-api.conf | awk '{print $3}') 47 | 48 | cd /var/lib/nova/bin 49 | ./nova-manage service list 50 | 51 | service nova-XXX start 52 | 53 | # cd /tmp 54 | # tar -zxf turnkey-core-12.1-squeeze-amd64-openstack.tar.gz 55 | # ls turnkey-core-12.1-squeeze-amd64 56 | turnkey-core-12.1-squeeze-amd64-initrd 57 | turnkey-core-12.1-squeeze-amd64-kernel 58 | turnkey-core-12.1-squeeze-amd64.img 59 | 60 | # IMG=turnkey-core-12.1-squeeze-amd64 61 | 62 | # glance add -A $GLANCE_TOKEN \ 63 | is_public=true \ 64 | container_format=ari \ 65 | disk_format=ari \ 66 | name="$IMG-initrd" \ 67 | < /tmp/$IMG/$IMG-initrd 68 | 69 | Added new image with ID: 24 70 | 71 | # RAMDISK_ID=24 72 | 73 | # glance add -A $GLANCE_TOKEN \ 74 | is_public=true \ 75 | container_format=aki \ 76 | disk_format=aki \ 77 | name="$IMG-kernel" \ 78 | < /tmp/$IMG/$IMG-kernel 79 | 80 | Added new image with ID: 25 81 | 82 | # KERNEL_ID=25 83 | 84 | # glance add -A $GLANCE_TOKEN \ 85 | is_public=true \ 86 | container_format=ami \ 87 | disk_format=ami \ 88 | ramdisk_id=$RAMDISK_ID \ 89 | kernel_id=$KERNEL_ID \ 90 | name="$IMG" \ 91 | < /tmp/$IMG/$IMG.img 92 | 93 | Added new image with ID: 26 94 | 95 | # glance -A $GLANCE_TOKEN index 96 | 97 | ID Name Disk Format Container Format Size 98 | -- ---------------------------------- ----------- ---------------- --------- 99 | 26 turnkey-core-12.1-squeeze-amd6 ami ami 682672128 100 | 25 turnkey-core-12.1-squeeze-amd6 aki aki 2482528 101 | 24 turnkey-core-12.1-squeeze-amd6 ari ari 9816258 102 | 103 | # euca-describe-images 104 | 105 | IMAGE ami-0000001a None (turnkey-core-12.1-squeeze-amd64) available public machine aki-00000019 ari-00000018 106 | IMAGE aki-00000019 None (turnkey-core-12.1-squeeze-amd64-kernel) available public kernel 107 | IMAGE ari-00000018 None (turnkey-core-12.1-squeeze-amd64-initrd) available public ramdisk 108 | 109 | # euca-run-instances -k demo -t t1.micro ami-0000001a 110 | 111 | # euca-describe-instances 112 | RESERVATION r-7wi0xgaq 2 default 113 | INSTANCE i-00000011 ami-0000001a 1.0.0.2 1.0.0.2 pending demo 0t1.micro 2013-06-04T08:48:45Z nova aki-00000019 ari-00000018 114 | 115 | # euca-get-console-output i-00000011 116 | 117 | takes a while to boot, be patient 118 | 119 | # ssh -i /root/creds/demo.pem root@1.0.0.2 120 | 121 | # euca-terminate-instances i-00000011 122 | 123 | -------------------------------------------------------------------------------- /patches/otc/overlay/etc/cloud/cloud.cfg: -------------------------------------------------------------------------------- 1 | # The top level settings are used as module 2 | # and system configuration. 3 | 4 | # A set of users which may be applied and/or used by various modules 5 | # when a 'default' entry is found it will reference the 'default_user' 6 | # from the distro configuration specified below 7 | users: 8 | - default 9 | 10 | # If this is set, 'root' will not be able to ssh in and they 11 | # will get a message to login instead as the default $user 12 | disable_root: true 13 | 14 | # This will cause the set+update hostname module to not operate (if true) 15 | preserve_hostname: false 16 | 17 | # preserve source_list 18 | apt_preserve_sources_list: true 19 | 20 | # Example datasource config 21 | # datasource: 22 | # Ec2: 23 | # metadata_urls: [ 'blah.com' ] 24 | # timeout: 5 # (defaults to 50 seconds) 25 | # max_wait: 10 # (defaults to 120 seconds) 26 | 27 | # The modules that run in the 'init' stage 28 | cloud_init_modules: 29 | - migrator 30 | - seed_random 31 | - bootcmd 32 | - write-files 33 | - growpart 34 | - resizefs 35 | - disk_setup 36 | - mounts 37 | - set_hostname 38 | - update_hostname 39 | - update_etc_hosts 40 | - ca-certs 41 | - rsyslog 42 | - users-groups 43 | - ssh 44 | 45 | # The modules that run in the 'config' stage 46 | cloud_config_modules: 47 | # Emit the cloud config ready event 48 | # this can be used by upstart jobs for 'start on cloud-config'. 49 | - emit_upstart 50 | - snap 51 | - snap_config # DEPRECATED- Drop in version 18.2 52 | - ssh-import-id 53 | - locale 54 | - set-passwords 55 | - grub-dpkg 56 | - apt-pipelining 57 | - apt-configure 58 | - ntp 59 | - timezone 60 | - disable-ec2-metadata 61 | - runcmd 62 | - byobu 63 | 64 | # The modules that run in the 'final' stage 65 | cloud_final_modules: 66 | - snappy # DEPRECATED- Drop in version 18.2 67 | - package-update-upgrade-install 68 | - fan 69 | - landscape 70 | - lxd 71 | - puppet 72 | - chef 73 | - mcollective 74 | - salt-minion 75 | - rightscale_userdata 76 | - scripts-vendor 77 | - scripts-per-once 78 | - scripts-per-boot 79 | - scripts-per-instance 80 | - scripts-user 81 | - ssh-authkey-fingerprints 82 | - keys-to-console 83 | - phone-home 84 | - final-message 85 | - power-state-change 86 | 87 | # System and/or distro specific settings 88 | # (not accessible to handlers/transforms) 89 | system_info: 90 | # This will affect which distro class gets used 91 | distro: debian 92 | # Default user name + that default users groups (if added/used) 93 | default_user: 94 | name: linux 95 | lock_passwd: True 96 | gecos: Linux 97 | groups: [adm, audio, cdrom, dialout, dip, floppy, lxd, netdev, plugdev, sudo, video] 98 | sudo: ["ALL=(ALL) NOPASSWD:ALL"] 99 | shell: /bin/bash 100 | # Automatically discover the best ntp_client 101 | ntp_client: auto 102 | # Other config here will be given to the distro class and/or path classes 103 | paths: 104 | cloud_dir: /var/lib/cloud/ 105 | templates_dir: /etc/cloud/templates/ 106 | upstart_dir: /etc/init/ 107 | package_mirrors: 108 | - arches: [i386, amd64] 109 | failsafe: 110 | primary: http://deb.debian.org/debian 111 | security: http://security.debian.org/ 112 | search: 113 | primary: 114 | - http://archive.turnkeylinux.org/debian 115 | - http://deb.debian.org/debian 116 | security: [] 117 | ssh_svcname: ssh 118 | 119 | 120 | 121 | # OTC automatic configuration (2017/04/12) 122 | # hardcode OpenStack datasource, only '- disable-ec2-metadate' not works to suppress ec2 123 | # datasource_list: [ OpenStack ] 124 | #cloud-config 125 | datasource: 126 | OpenStack: 127 | metadata_urls: ["http://169.254.169.254:80"] 128 | max_wait: 120 129 | timeout: 50 130 | retries: 5 131 | 132 | 133 | 134 | -------------------------------------------------------------------------------- /bt-otc: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # Copyright (c) 2011-2015 TurnKey GNU/Linux - http://www.turnkeylinux.org 3 | # 4 | # This file is part of buildtasks. 5 | # 6 | # Buildtasks is free software; you can redistribute it and/or modify it 7 | # under the terms of the GNU Affero General Public License as published by the 8 | # Free Software Foundation; either version 3 of the License, or (at your 9 | # option) any later version. 10 | 11 | 12 | fatal() { echo "FATAL [$(basename $0)]: $@" 1>&2; exit 1; } 13 | warning() { echo "WARNING [$(basename $0)]: $@"; } 14 | info() { echo "INFO [$(basename $0)]: $@"; } 15 | 16 | usage() { 17 | cat< $O/$name-openstack.qcow2.buildenv 106 | 107 | # publish if specified 108 | if [ "$publish" == "yes" ]; then 109 | export PUBLISH_DEST=${BT_PUBLISH_IMGS}/openstack/ 110 | $BT/bin/publish-files $O/$name-openstack.qcow2 111 | 112 | export PUBLISH_DEST=${BT_PUBLISH_META}/ 113 | $BT/bin/publish-files $O/$name-openstack.{qcow2.hash,qcow2.buildenv} 114 | fi 115 | 116 | if [ -z "$BT_DEBUG" ] && ! (mount | grep -q $(basename $rootfs)); then 117 | rm -rf $rootfs 118 | rm -rf $cdroot 119 | rm -f $rootfs.img 120 | [ "$publish" == "yes" ] && $BT/bin/clean openstack $appver 121 | fi 122 | 123 | -------------------------------------------------------------------------------- /bin/iso-release: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # Copyright (c) 2011-2023 TurnKey GNU/Linux - https://www.turnkeylinux.org 3 | # 4 | # This file is part of buildtasks. 5 | # 6 | # Buildtasks is free software; you can redistribute it and/or modify it 7 | # under the terms of the GNU Affero General Public License as published by the 8 | # Free Software Foundation; either version 3 of the License, or (at your 9 | # option) any later version. 10 | 11 | 12 | info() { echo "INFO [$(basename $0)]: $@"; } 13 | fatal() { echo "FATAL [$(basename $0)]: $@" 1>&2; exit 1; } 14 | warning() { echo "WARNING [$(basename $0)]: $@"; } 15 | 16 | usage() { 17 | cat< $O/$name.manifest 88 | $BT/bin/generate-buildenv iso $appname > $O/$name.iso.buildenv 89 | if [[ -e $BT_PROFILES/$appname ]]; then 90 | mkdir -p $O/$name.tklbam 91 | export PROFILES_CONF=$BT_PROFILES 92 | $BT/bin/generate-tklbam-profile $O/$name.iso $O/$name.tklbam 93 | fi 94 | if [[ -z "$no_screens" ]]; then 95 | mkdir -p $O/$name.screens 96 | prefix=$(echo "$name" | \ 97 | sed -En "s|turnkey-([a-z0-9-]+-[0-9]+\.[0-9]+[brc0-9]*)-.*|\1|p") 98 | for screen in build/screens/*.png; do 99 | screen_file=$(basename $screen) 100 | if [[ "$screen_file" == 'screenshot-'* ]]; then 101 | new_name=$(echo $screen_file \ 102 | | sed -En "s|screenshot-(.*\.png)|\1|p") 103 | cp $screen $O/$name.screens/$prefix-$new_name 104 | else 105 | cp $screen $O/$name.screens/$prefix-$screen_file 106 | fi 107 | done 108 | fi 109 | -------------------------------------------------------------------------------- /bin/ec2/legacy/ebs.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # Author: Alon Swartz 3 | # Copyright (c) 2011-2015 TurnKey GNU/Linux - http://www.turnkeylinux.org 4 | # 5 | # This file is part of buildtasks. 6 | # 7 | # Buildtasks is free software; you can redistribute it and/or modify it 8 | # under the terms of the GNU Affero General Public License as published by the 9 | # Free Software Foundation; either version 3 of the License, or (at your 10 | # option) any later version. 11 | 12 | """ 13 | Create Amazon EC2 EBS-backed HVM AMI from rootfs 14 | 15 | Arguments: 16 | 17 | rootfs Path to rootfs 18 | 19 | Options: 20 | --name= Use as name basis (default: turnkey_version + ctime) 21 | --copy Copy created AMI to all other regions 22 | --publish Set AMI launch permission to public 23 | --marketplace Share snapshot with AWS marketplace userid 24 | 25 | Environment: 26 | 27 | AWS_ACCESS_KEY_ID AWS Access Key ID (required) 28 | AWS_SECRET_ACCESS_KEY AWS Secret Access Key (required) 29 | AWS_SESSION_TOKEN AWS Session Token 30 | 31 | """ 32 | import os 33 | import sys 34 | import time 35 | import getopt 36 | 37 | import utils 38 | 39 | from ebs_bundle import bundle 40 | from ebs_register import register 41 | from ebs_publish import share_public 42 | from ebs_share import share_marketplace 43 | from ec2_copy import copy_image 44 | 45 | log = utils.get_logger('ebs') 46 | 47 | def fatal(e): 48 | print >> sys.stderr, "error: " + str(e) 49 | sys.exit(1) 50 | 51 | def usage(e=None): 52 | if e: 53 | print >> sys.stderr, "error: " + str(e) 54 | 55 | print >> sys.stderr, "Syntax: %s [ -options ] rootfs" % (sys.argv[0]) 56 | print >> sys.stderr, __doc__.strip() 57 | 58 | sys.exit(1) 59 | 60 | def main(): 61 | try: 62 | l_opts = ["help", "copy", "publish", "marketplace", "pvmregister", "name="] 63 | opts, args = getopt.gnu_getopt(sys.argv[1:], "h", l_opts) 64 | except getopt.GetoptError, e: 65 | usage(e) 66 | 67 | name = None 68 | copy = False 69 | publish = False 70 | marketplace = False 71 | pvmregister = False 72 | for opt, val in opts: 73 | if opt in ('-h', '--help'): 74 | usage() 75 | 76 | if opt == "--name": 77 | name = val 78 | 79 | if opt == "--copy": 80 | copy = True 81 | 82 | if opt == "--publish": 83 | publish = True 84 | 85 | if opt == "--marketplace": 86 | marketplace = True 87 | 88 | if opt == "--pvmregister": 89 | pvmregister = True 90 | 91 | if len(args) != 1: 92 | usage("incorrect number of arguments") 93 | 94 | rootfs = args[0] 95 | if not os.path.exists(rootfs): 96 | fatal("rootfs path does not exist: %s" % rootfs) 97 | 98 | if not name: 99 | turnkey_version = utils.get_turnkey_version(rootfs) 100 | name = '_'.join([turnkey_version, str(int(time.time()))]) 101 | 102 | arch = utils.get_arch() 103 | region = utils.get_region() 104 | snapshot_id, snapshot_name = bundle(rootfs, name) 105 | log.important(' '.join([snapshot_id, arch, region])) 106 | 107 | if marketplace: 108 | share_marketplace(snapshot_id, region) 109 | 110 | ami_id, ami_name = register(snapshot_id, region, arch) 111 | 112 | log.info(ami_name) 113 | log.important(' '.join([ami_id, arch, region])) 114 | 115 | if pvmregister: 116 | ami_id, ami_name = register(snapshot_id, region, arch, pvm=True) 117 | 118 | log.info(ami_name + ' (PVM)') 119 | log.important(' '.join([ami_id, arch, region, '(PVM)'])) 120 | 121 | if publish: 122 | share_public(ami_id, region) 123 | 124 | if copy: 125 | regions = utils.get_all_regions() 126 | regions.remove(region) 127 | images = copy_image(ami_id, ami_name, region, regions) 128 | 129 | for image in images: 130 | log.important(' '.join([image.id, arch, image.region])) 131 | 132 | 133 | if __name__ == "__main__": 134 | main() 135 | 136 | -------------------------------------------------------------------------------- /bin/ec2/ebs.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | # Author: Alon Swartz 3 | # Copyright (c) 2011-2022 TurnKey GNU/Linux - http://www.turnkeylinux.org 4 | # 5 | # This file is part of buildtasks. 6 | # 7 | # Buildtasks is free software; you can redistribute it and/or modify it 8 | # under the terms of the GNU Affero General Public License as published by the 9 | # Free Software Foundation; either version 3 of the License, or (at your 10 | # option) any later version. 11 | 12 | """ 13 | Create Amazon EC2 EBS-backed HVM AMI from rootfs 14 | 15 | Arguments: 16 | 17 | rootfs Path to rootfs 18 | 19 | Options: 20 | --name= Use as name basis (default: turnkey_version + ctime) 21 | --copy Copy created AMI to all other regions 22 | --publish Set AMI launch permission to public 23 | --marketplace Share snapshot with AWS marketplace userid 24 | 25 | Environment: 26 | 27 | AWS_ACCESS_KEY_ID AWS Access Key ID (required) 28 | AWS_SECRET_ACCESS_KEY AWS Secret Access Key (required) 29 | AWS_SESSION_TOKEN AWS Session Token 30 | 31 | """ 32 | import os 33 | import sys 34 | import time 35 | import getopt 36 | 37 | import utils 38 | 39 | from ebs_bundle import bundle 40 | from ebs_register import register 41 | from ebs_publish import share_public 42 | from ebs_share import share_marketplace 43 | from ec2_copy import copy_image 44 | 45 | log = utils.get_logger('ebs') 46 | 47 | 48 | def fatal(e): 49 | print("error: " + str(e), file=sys.stderr) 50 | sys.exit(1) 51 | 52 | 53 | def usage(e=None): 54 | if e: 55 | print("error: " + str(e), file=sys.stderr) 56 | 57 | print("Syntax: %s [ -options ] rootfs" % (sys.argv[0]), file=sys.stderr) 58 | print(__doc__.strip(), file=sys.stderr) 59 | 60 | sys.exit(1) 61 | 62 | 63 | def main(): 64 | try: 65 | l_opts = ["help", "copy", "publish", "marketplace", "pvmregister", "name="] 66 | opts, args = getopt.gnu_getopt(sys.argv[1:], "h", l_opts) 67 | except getopt.GetoptError as e: 68 | usage(e) 69 | 70 | name = None 71 | copy = False 72 | publish = False 73 | marketplace = False 74 | pvmregister = False 75 | for opt, val in opts: 76 | if opt in ('-h', '--help'): 77 | usage() 78 | 79 | if opt == "--name": 80 | name = val 81 | 82 | if opt == "--copy": 83 | copy = True 84 | 85 | if opt == "--publish": 86 | publish = True 87 | 88 | if opt == "--marketplace": 89 | marketplace = True 90 | 91 | if opt == "--pvmregister": 92 | pvmregister = True 93 | 94 | if len(args) != 1: 95 | usage("incorrect number of arguments") 96 | 97 | rootfs = args[0] 98 | if not os.path.exists(rootfs): 99 | fatal("rootfs path does not exist: %s" % rootfs) 100 | 101 | if not name: 102 | turnkey_version = utils.get_turnkey_version(rootfs) 103 | name = '_'.join([turnkey_version, str(int(time.time()))]) 104 | 105 | arch = utils.get_arch() 106 | region = utils.get_region() 107 | snapshot_id, snapshot_name = bundle(rootfs, name) 108 | log.important(' '.join([snapshot_id, arch, region])) 109 | 110 | if marketplace: 111 | share_marketplace(snapshot_id, region) 112 | 113 | ami_id, ami_name = register(snapshot_id, region, arch) 114 | 115 | log.info(ami_name) 116 | log.important(' '.join([ami_id, arch, region])) 117 | 118 | if pvmregister: 119 | ami_id, ami_name = register(snapshot_id, region, arch, pvm=True) 120 | 121 | log.info(ami_name + ' (PVM)') 122 | log.important(' '.join([ami_id, arch, region, '(PVM)'])) 123 | 124 | if publish: 125 | share_public(ami_id, region) 126 | 127 | if copy: 128 | regions = utils.get_all_regions() 129 | regions.remove(region) 130 | images = copy_image(ami_id, ami_name, region, regions) 131 | 132 | for image in images: 133 | log.important(' '.join([image.id, arch, image.region])) 134 | 135 | 136 | if __name__ == "__main__": 137 | main() 138 | -------------------------------------------------------------------------------- /bt-qemu-docker: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # Author: Yannick Heneault yheneaul@gmail.com 3 | # 4 | # This file is part of buildtasks. 5 | # 6 | # Buildtasks is free software; you can redistribute it and/or modify it 7 | # under the terms of the GNU Affero General Public License as published by the 8 | # Free Software Foundation; either version 3 of the License, or (at your 9 | # option) any later version. 10 | 11 | 12 | fatal() { echo "FATAL [$(basename $0)]: $@" 1>&2; exit 1; } 13 | warning() { echo "WARNING [$(basename $0)]: $@"; } 14 | info() { echo "INFO [$(basename $0)]: $@"; } 15 | 16 | usage() { 17 | cat< 3 | 4 | import os 5 | import sys 6 | 7 | if '_TURNKEY_INIT' in os.environ: 8 | sys.exit(0) 9 | 10 | import stat 11 | import statvfs 12 | import tempfile 13 | 14 | from executil import system, ExecError 15 | 16 | def get_mounts(mounts_file="/proc/mounts"): 17 | """ 18 | Given a mounts file (e.g., /proc/mounts), generate dicts with the 19 | following keys: 20 | 21 | - device: The device file which is mounted. 22 | - mount-point: The path at which the filesystem is mounted. 23 | - filesystem: The filesystem type. 24 | - total-space: The capacity of the filesystem in kbytes. 25 | """ 26 | for line in open(mounts_file): 27 | 28 | try: 29 | device, mount_point, filesystem = line.split()[:3] 30 | mount_point = mount_point.decode("string-escape") 31 | except ValueError: 32 | continue 33 | 34 | stats = os.statvfs(mount_point) 35 | block_size = stats[statvfs.F_BSIZE] 36 | total_space = (stats[statvfs.F_BLOCKS] * block_size) / 1024 37 | 38 | yield { "device": device, 39 | "mount-point": mount_point, 40 | "filesystem": filesystem, 41 | "total-space": int(total_space) } 42 | 43 | def get_partitions(partitions_file="/proc/partitions"): 44 | """ 45 | Given a partitions file (e.g., /proc/partitions), generate dicts with the 46 | following keys: 47 | 48 | - major: Major block 49 | - minor: Minor block 50 | - blocks: Amount of blocks 51 | - name: Partition name 52 | """ 53 | for line in open(partitions_file): 54 | 55 | try: 56 | major, minor, blocks, name = line.split() 57 | blocks = int(blocks) 58 | except ValueError: 59 | continue 60 | 61 | yield { "major": major, 62 | "minor": minor, 63 | "blocks": blocks, 64 | "name": name } 65 | 66 | class RootFS: 67 | SUPPORTED_FILESYSTEMS = ('ext2', 'ext3', 'ext4') 68 | 69 | def __init__(self, mountpoint): 70 | self.mountpoint = mountpoint 71 | 72 | m = self._get_mount(self.mountpoint) 73 | self.device = m['device'] 74 | self.filesystem = m['filesystem'] 75 | self.filesystem_size = float(m['total-space']) 76 | 77 | p = self._get_partition(self.device) 78 | self.partition_size = float(p['blocks']) 79 | 80 | self.fs_gb = round(self.filesystem_size / (1024 * 1024)) 81 | self.pt_gb = round(self.partition_size / (1024 * 1024)) 82 | 83 | @staticmethod 84 | def _get_mount(mountpoint): 85 | for m in get_mounts(): 86 | if m['device'].startswith('/dev/') and m['mount-point'] == mountpoint: 87 | return m 88 | 89 | @staticmethod 90 | def _get_partition(device_name): 91 | for p in get_partitions(): 92 | if p['name'] == device_name.replace('/dev/', ''): 93 | return p 94 | 95 | @property 96 | def has_unused_space(self): 97 | return True if self.pt_gb > self.fs_gb else False 98 | 99 | @property 100 | def has_supported_filesystem(self): 101 | return True if self.filesystem in self.SUPPORTED_FILESYSTEMS else False 102 | 103 | def resize_filesystem(self): 104 | fd, devpath = tempfile.mkstemp(dir=self.mountpoint) 105 | os.unlink(devpath) 106 | os.close(fd) 107 | 108 | st_dev = os.stat(self.mountpoint).st_dev 109 | dev = os.makedev(os.major(st_dev), os.minor(st_dev)) 110 | os.mknod(devpath, 0400 | stat.S_IFBLK, dev) 111 | 112 | try: 113 | system("resize2fs", devpath) 114 | except ExecError: 115 | os.unlink(devpath) 116 | raise 117 | 118 | os.unlink(devpath) 119 | 120 | 121 | def main(): 122 | rootfs = RootFS(mountpoint="/") 123 | if rootfs.has_unused_space and rootfs.has_supported_filesystem: 124 | print "Resizing %s: %sG to %sG" % (rootfs.device, rootfs.fs_gb, rootfs.pt_gb) 125 | rootfs.resize_filesystem() 126 | 127 | if __name__ == "__main__": 128 | main() 129 | 130 | -------------------------------------------------------------------------------- /bin/docker-setup: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # Copyright (c) 2011-2015 TurnKey GNU/Linux - http://www.turnkeylinux.org 3 | # 4 | # This file is part of buildtasks. 5 | # 6 | # Buildtasks is free software; you can redistribute it and/or modify it 7 | # under the terms of the GNU Affero General Public License as published by the 8 | # Free Software Foundation; either version 3 of the License, or (at your 9 | # option) any later version. 10 | 11 | 12 | fatal() { echo "FATAL [$(basename $0)]: $@" 1>&2; exit 1; } 13 | warning() { echo "WARNING [$(basename $0)]: $@"; } 14 | info() { echo "INFO [$(basename $0)]: $@"; } 15 | 16 | usage() { 17 | cat</dev/null; then 60 | if [[ "$binary" == "lxc-create" ]]; then 61 | pkgs="$pkgs lxc" 62 | elif [[ "$binary" == "xz" ]]; then 63 | pkgs="$pkgs xz-utils" 64 | else 65 | pkgs="$pkgs $binary" 66 | fi 67 | fi 68 | done 69 | info "installing $pkgs" 70 | install "$pkgs" 71 | 72 | if ! grep -qs /sys/fs/cgroup /etc/fstab; then 73 | info "setting up cgroups" 74 | echo "none /sys/fs/cgroup cgroup defaults 0 0" >> /etc/fstab 75 | mount /sys/fs/cgroup || warning "mounting cgroups failed, if docker fails to run you may need to reboot" 76 | fi 77 | 78 | if [ ! -e /etc/apt/sources.list.d/docker.list ]; then 79 | info "importing docker repo key and creating docker apt repo entry" 80 | GPG_FINGERPRINT=9DC858229FC7DD38854AE2D88D81803C0EBFCD88 81 | gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys $GPG_FINGERPRINT 82 | gpg --output /usr/share/keyrings/docker.gpg --export $GPG_FINGERPRINT 83 | 84 | cat > /etc/apt/sources.list.d/docker.list < /etc/apt/preferences.d/docker</dev/null; then 100 | info "installing docker" 101 | install docker-ce \ 102 | || warning "docker-ce install exited non-zero - trying to proceed regardless." 103 | fi 104 | 105 | if [ ! -e /var/lib/docker ]; then 106 | info "mount binding /var/lib/docker to ephemeral storage" 107 | mkdir -p /var/lib/docker 108 | mkdir -p /mnt/var/lib/docker 109 | mount --bind /mnt/var/lib/docker /var/lib/docker 110 | fi 111 | 112 | if [ ! -e /root/.dockercfg ]; then 113 | info "creating docker auth config" 114 | cat >/root/.dockercfg</dev/null; then 125 | info "starting docker daemon" 126 | service docker start 127 | else 128 | info "restarting docker daemon" 129 | service docker restart 130 | fi 131 | 132 | exit_code=0 133 | info "testing docker" 134 | docker run hello-world \ 135 | || fatal "Docker hello-world test failed for user: '$BT_DOCKER_USER'; email: '$BT_DOCKER_MAIL'; using password: '$BT_DOCKER_PASS'." 136 | -------------------------------------------------------------------------------- /bin/openstack-bundle: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # Copyright (c) 2011-2015 TurnKey GNU/Linux - http://www.turnkeylinux.org 3 | # 4 | # This file is part of buildtasks. 5 | # 6 | # Buildtasks is free software; you can redistribute it and/or modify it 7 | # under the terms of the GNU Affero General Public License as published by the 8 | # Free Software Foundation; either version 3 of the License, or (at your 9 | # option) any later version. 10 | 11 | 12 | fatal() { echo "FATAL [$(basename $0)]: $@" 1>&2; exit 1; } 13 | warning() { echo "WARNING [$(basename $0)]: $@" 1>&2; } 14 | info() { echo "INFO [$(basename $0)]: $@"; } 15 | 16 | usage() { 17 | cat<&1` 61 | 62 | if echo "${RESULT_KPARTX}" | grep "^add map" ; then 63 | LOOP_DEVICE=`echo ${RESULT_KPARTX} | cut -d" " -f3` 64 | info "kpartx mounted using: ${LOOP_DEVICE}" 65 | else 66 | fatal "It seems kpartx didn't mount the image correctly: exiting." 67 | fi 68 | 69 | cleanup(){ 70 | error=$? 71 | [ ! -d "${MOUNT_DIR}" ] && return 72 | echo 73 | echo "error $error, umounting $MOUNT_DIR" 74 | chroot ${MOUNT_DIR} umount /proc || true 75 | chroot ${MOUNT_DIR} umount /sys || true 76 | umount ${MOUNT_DIR} 77 | rmdir ${MOUNT_DIR} 78 | kpartx -d ${AMI_NAME} 79 | exit $error 80 | } 81 | trap "cleanup" EXIT TERM INT 82 | 83 | mkfs.ext4 -F -j -L root /dev/mapper/${LOOP_DEVICE} 84 | # No fsck because of X days without checks 85 | tune2fs -i 0 /dev/mapper/${LOOP_DEVICE} 86 | 87 | MOUNT_DIR=`mktemp -d -t build-debimg.XXXXXX` 88 | mount -o loop /dev/mapper/${LOOP_DEVICE} ${MOUNT_DIR} 89 | 90 | info "syncing rootfs to loopback" 91 | cp -a $rootfs/* ${MOUNT_DIR} 92 | 93 | info "install extlinux" 94 | mkdir -p ${MOUNT_DIR}/boot/extlinux 95 | echo "default linux 96 | timeout 1 97 | label linux 98 | kernel /vmlinuz 99 | append initrd=/initrd.img root=LABEL=root biosdevname=0 net.ifnames=0 console=tty0 console=ttyS0,115200 ro" > ${MOUNT_DIR}/boot/extlinux/extlinux.conf 100 | rm ${MOUNT_DIR}/extlinux.conf || true 101 | ln ${MOUNT_DIR}/boot/extlinux/extlinux.conf ${MOUNT_DIR}/extlinux.conf 102 | extlinux --install ${MOUNT_DIR}/boot/extlinux 103 | 104 | info "umount loopback" 105 | umount -d ${MOUNT_DIR} 106 | rmdir ${MOUNT_DIR} 107 | 108 | fsck.ext3 -f /dev/mapper/${LOOP_DEVICE} || true 109 | 110 | sync 111 | for i in {1..10}; do 112 | sleep 1 113 | kpartx -v -d ${AMI_NAME} || true 114 | losetup_msg=$(losetup -a) 115 | if [[ -z "$losetup_msg" ]]; then 116 | info "Success - ${AMI_NAME} is unmounted (after $i attempt(s))." 117 | break 118 | elif [ "$i" -eq 10 ]; then 119 | fatal "${AMI_NAME} is NOT unmounted (retried 10 times over 10 seconds)." 120 | else 121 | warning "Attempt #$i to unmount ${AMI_NAME} failed - waiting a second then retrying." 122 | fi 123 | done 124 | 125 | if [ -z "$BT_DEBUG" ]; then 126 | info "removing directory" 127 | rm -rf $name 128 | fi 129 | 130 | info "creating qcow2 image" 131 | QCOW2_NAME=$name-openstack.qcow2 132 | QEMU_VERSION=`qemu-img --help | head -n 1 | cut -d" " -f3 | cut -d"," -f1 | cut -d"(" -f1` 133 | if dpkg --compare-versions ${QEMU_VERSION} gt 1.0 ; then 134 | OTHER_QEMU_IMG_OPTIONS=" -o compat=0.10" 135 | else 136 | OTHER_QEMU_IMG_OPTIONS="" 137 | fi 138 | 139 | qemu-img convert -f raw ${AMI_NAME}${OTHER_QEMU_IMG_OPTIONS} -O qcow2 ${QCOW2_NAME} 140 | -------------------------------------------------------------------------------- /bt-container: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # Copyright (c) 2011-2020 TurnKey GNU/Linux - https://www.turnkeylinux.org 3 | # 4 | # This file is part of buildtasks. 5 | # 6 | # Buildtasks is free software; you can redistribute it and/or modify it 7 | # under the terms of the GNU Affero General Public License as published by the 8 | # Free Software Foundation; either version 3 of the License, or (at your 9 | # option) any later version. 10 | 11 | 12 | fatal() { echo "FATAL [$(basename $0)]: $@" 1>&2; exit 1; } 13 | warning() { echo "WARNING [$(basename $0)]: $@"; } 14 | info() { echo "INFO [$(basename $0)]: $@"; } 15 | 16 | usage() { 17 | cat< $O/$stupidname.tar.gz.buildenv 120 | 121 | # publish if specified 122 | if [ "$publish" == "yes" ]; then 123 | export PUBLISH_DEST=${BT_PUBLISH_IMGS}/proxmox/ 124 | $BT/bin/publish-files $O/$stupidname.tar.gz 125 | 126 | export PUBLISH_DEST=${BT_PUBLISH_META}/ 127 | $BT/bin/publish-files $O/$stupidname.{tar.gz.hash,tar.gz.buildenv} 128 | fi 129 | 130 | if [ -z "$BT_DEBUG" ] && ! (mount | grep -q $(basename $rootfs)); then 131 | rm -rf $rootfs 132 | rm -rf $cdroot 133 | [ "$publish" != "yes" ] || $BT/bin/clean container $appver 134 | fi 135 | -------------------------------------------------------------------------------- /bin/clicksnap-setup: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # Copyright (c) 2023 TurnKey GNU/Linux - https://www.turnkeylinux.org 3 | # 4 | # This file is part of buildtasks. 5 | # 6 | # Buildtasks is free software; you can redistribute it and/or modify it 7 | # under the terms of the GNU Affero General Public License as published by the 8 | # Free Software Foundation; either version 3 of the License, or (at your 9 | # option) any later version. 10 | 11 | fatal() { echo "FATAL [$(basename $0)]: $@" 1>&2; exit 1; } 12 | warn() { echo -e "WARNING [$(basename $0)]: $@"; } 13 | info() { echo "INFO [$(basename $0)]: $@"; } 14 | 15 | usage() { 16 | cat<&2 34 | exit 1 35 | fi 36 | exit 37 | } 38 | 39 | [ -n "$BT_DEBUG" ] && set -x 40 | 41 | export BT=$(dirname $(dirname $(readlink -f $0))) 42 | export BT_CONFIG=$BT/config 43 | 44 | [[ -n "$BASE_DIR" ]] || BASE_DIR=/turnkey/public 45 | mkdir -p $BASE_DIR 46 | GH_URL=https://github.com/turnkeylinux 47 | 48 | unset app 49 | while [ "$1" != "" ]; do 50 | case $1 in 51 | --help|-h ) usage;; 52 | *) if [[ -z "$app" ]]; then 53 | app="$1" 54 | else 55 | usage "Unknown option/multiple app names given: '$1'" 56 | fi;; 57 | esac 58 | shift 59 | done 60 | 61 | install() { 62 | info "Updating apt cache and installing deps:" $@ 63 | info "installing $@" 64 | apt-get -qq update 65 | DEBIAN_FRONTEND=noninteractive apt-get -y install $@ 66 | } 67 | 68 | git_pull() { 69 | local dir=$1 70 | local app=$2 71 | cd $dir 72 | local remote=$(sed -En "s|(^[a-zA-Z0-9_-]*)[[:space:]].*|\1|p" \ 73 | <<<$(git remote -v | grep -m1 "turnkeylinux/$app")) 74 | git pull $remote master 75 | } 76 | 77 | # dl & check for screenshot code first so we can bail as early as possible 78 | for dl in tkldev-docker clicksnap; do 79 | if [[ -e "$BASE_DIR/$dl" ]]; then 80 | if [[ -d "$BASE_DIR/$dl/.git" ]]; then 81 | info "$dl already installed, checking for updates" 82 | cd "$BASE_DIR/$dl" 83 | git_pull "$BASE_DIR/$dl" "$dl" 84 | else 85 | fatal "$BASE_DIR/$dl exists but is not a git repo" 86 | fi 87 | else 88 | info "Downloading $dl source" 89 | git clone --depth=1 $GH_URL/$dl $BASE_DIR/$dl 90 | fi 91 | done 92 | 93 | app=$(sed "s|-|_|g" <<<$app) 94 | if [[ -z "$app" ]]; then 95 | warn "App name not given - continuing, but may fail later" 96 | elif ! ls $BASE_DIR/clicksnap/src/apps/ | grep -q -w "$app" \ 97 | && [[ -z "$no_screens" ]] ; then 98 | fatal "Clicksnap code for $app not found (checked in $BASE_DIR/clicksnap/src/apps/)" 99 | fi 100 | 101 | # sed, fab & deck should be installed, but just in case 102 | deps="podman sed fab deck" 103 | missing='' 104 | for dep in $deps; do 105 | which $dep >/dev/null || missing="$missing $dep" 106 | done 107 | [[ -z "$missing" ]] || install $missing 108 | 109 | case "$(which cargo || echo 'fail')" in 110 | "$HOME/.cargo/bin/cargo") 111 | info "Rust installed via rustup detected, attempting update" 112 | rustup update;; 113 | /usr/bin/cargo) 114 | warn "system installed rust detected; continuing but may cause issues\n" \ 115 | " - if you encountner issues, please remove rust and rerun";; 116 | fail) 117 | info "Installing rust via rustup" 118 | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y 119 | echo "export PATH=\"\$HOME/.cargo/bin:\$PATH\"" > $HOME/.bashrc.d/rust 120 | chmod +x $HOME/.bashrc.d/rust 121 | source $HOME/.bashrc.d/rust;; 122 | *) 123 | fatal "Unexpected cargo path: '$1'";; 124 | esac 125 | 126 | cd $BASE_DIR/clicksnap 127 | info "Building & installing clicksnap" 128 | cargo build 129 | ln -sf $PWD/target/debug/clicksnap /usr/local/bin/clicksnap 130 | ln -sf $BASE_DIR/tkldev-docker/dockerize.sh /usr/local/bin/dockerize 131 | ln -sf $BASE_DIR/tkldev-docker/wait-ready.sh /usr/local/bin/tkl-docker-wait-ready 132 | -------------------------------------------------------------------------------- /patches/canvas-18.0-bookworm-amd64/overlay/usr/lib/inithooks/bin/canvas.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | """Set Canvas admin password, email and domain to serve 3 | 4 | Option: 5 | --pass= unless provided, will ask interactively 6 | --email= unless provided, will ask interactively 7 | --domain= unless provided, will ask interactively 8 | DEFAULT=www.example.com 9 | """ 10 | 11 | import sys 12 | import getopt 13 | import hashlib 14 | import random 15 | import string 16 | import psycopg2 17 | import subprocess 18 | 19 | from libinithooks import inithooks_cache 20 | from libinithooks.dialog_wrapper import Dialog 21 | 22 | DEFAULT_DOMAIN = "www.example.com" 23 | 24 | 25 | def usage(s=None): 26 | if s: 27 | print("Error:", s, file=sys.stderr, **kwargs) 28 | print(f"Syntax: {sys.argv[0]} [options]", file=sys.stderr) 29 | print(__doc__, file=sys.stderr) 30 | sys.exit(1) 31 | 32 | 33 | def main(): 34 | try: 35 | opts, args = getopt.gnu_getopt(sys.argv[1:], "h", 36 | ['help', 'pass=', 'email=', 'domain=']) 37 | except getopt.GetoptError as e: 38 | usage(e) 39 | 40 | email = "" 41 | domain = "" 42 | password = "" 43 | for opt, val in opts: 44 | if opt in ('-h', '--help'): 45 | usage() 46 | elif opt == '--pass': 47 | password = val 48 | elif opt == '--email': 49 | email = val 50 | elif opt == '--domain': 51 | domain = val 52 | 53 | if not password: 54 | d = Dialog('TurnKey Linux - First boot configuration') 55 | password = d.get_password( 56 | "Canvas Password", 57 | "Enter new password for the Canvas 'admin' account.") 58 | 59 | if not email: 60 | if 'd' not in locals(): 61 | d = Dialog('TurnKey Linux - First boot configuration') 62 | 63 | email = d.get_email( 64 | "Canvas Email", 65 | "Enter email address for the Canvas 'admin' account.", 66 | "admin@example.com") 67 | 68 | inithooks_cache.write('APP_EMAIL', email) 69 | 70 | if not domain: 71 | if 'd' not in locals(): 72 | d = Dialog('TurnKey Linux - First boot configuration') 73 | 74 | domain = d.get_input( 75 | "Canvas Domain", 76 | "Enter the domain to serve Canvas.", 77 | DEFAULT_DOMAIN) 78 | 79 | if domain == "DEFAULT": 80 | domain = DEFAULT_DOMAIN 81 | 82 | inithooks_cache.write('APP_DOMAIN', domain) 83 | 84 | salt = "".join(random.choice(string.ascii_letters) for line in range(20)) 85 | hash = password + salt 86 | for i in range(20): 87 | hash = hashlib.sha512(hash.encode('utf-8')).hexdigest() 88 | 89 | access_token = "".join(random.choice(string.ascii_letters) 90 | for line in range(20)) 91 | 92 | conn = psycopg2.connect("dbname=canvas_production user=root") 93 | c = conn.cursor() 94 | c.execute('UPDATE users SET name=%s, sortable_name=%s WHERE id=1;', 95 | (email, email)) 96 | c.execute('UPDATE pseudonyms SET unique_id=%s, crypted_password=%s, password_salt=%s, single_access_token=%s WHERE user_id=1;', 97 | (email, hash, salt, access_token)) 98 | c.execute('UPDATE communication_channels SET path=%s WHERE id=1;', 99 | (email, )) 100 | conn.commit() 101 | c.close() 102 | conn.close() 103 | 104 | config = "/var/www/canvas/config/outgoing_mail.yml" 105 | subprocess.run(["sed", "-ri", 106 | f's|domain:.*|domain: "{domain}"|', 107 | config]) 108 | subprocess.run(["sed", "-ri", 109 | f's|outgoing_address:.*|outgoing_address: "{email}"|', 110 | config]) 111 | 112 | config = "/var/www/canvas/config/dynamic_settings.yml" 113 | subprocess.run(["sed", "-ri", 114 | f's|app-host:.*|app-host: "{domain}:3000"|', 115 | config]) 116 | 117 | config = "/var/www/canvas/config/domain.yml" 118 | subprocess.run(["sed", "-ri", 119 | f's|domain:.*|domain: "{domain}"|', 120 | config]) 121 | 122 | config = "/var/www/canvas/config/security.yml" 123 | subprocess.run(["sed", "-ri", 124 | f's|lti_iss:.*|lti_iss: "https://{domain}"|', 125 | config]) 126 | 127 | print("Restarting services; please wait...") 128 | for service in ['canvas_init', 'apache2']: 129 | subprocess.run(['systemctl', 'restart', service]) 130 | 131 | 132 | if __name__ == "__main__": 133 | main() 134 | -------------------------------------------------------------------------------- /bin/generate-opennode-ovf: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # Copyright (c) 2011-2015 TurnKey GNU/Linux - http://www.turnkeylinux.org 3 | # 4 | # This file is part of buildtasks. 5 | # 6 | # Buildtasks is free software; you can redistribute it and/or modify it 7 | # under the terms of the GNU Affero General Public License as published by the 8 | # Free Software Foundation; either version 3 of the License, or (at your 9 | # option) any later version. 10 | 11 | 12 | fatal() { echo "FATAL [$(basename $0)]: $@" 1>&2; exit 1; } 13 | info() { echo "INFO [$(basename $0)]: $@"; } 14 | 15 | usage() { 16 | cat< 48 | 49 | 50 | OpenVZ OpenNode template 51 | 52 | Operating system type deployed in a template 53 | debian 54 | 55 | 56 | Virtual hardware requirements for a virtual machine 57 | 58 | Virtual Hardware Family 59 | 0 60 | openvz 61 | 62 | 63 | 1 virtual CPU 64 | Number of virtual CPUs 65 | 1 virtual CPU 66 | 1 67 | 3 68 | 1 69 | 70 | 71 | 1 virtual CPU 72 | Number of virtual CPUs 73 | 1 virtual CPU 74 | 2 75 | 3 76 | 1 77 | 78 | 79 | GigaBytes 80 | 0.5 GB of memory 81 | Memory Size 82 | 0.5 GB of memory 83 | 3 84 | 4 85 | 0.5 86 | 87 | 88 | GigaBytes 89 | $ON_MEMORY GB of memory 90 | Memory Size 91 | $ON_MEMORY GB of memory 92 | 4 93 | 4 94 | $ON_MEMORY 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | OpenVZ CT template disks 104 | 105 | 106 | 107 | EOF 108 | 109 | -------------------------------------------------------------------------------- /bt-vm: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # Copyright (c) 2011-2020 TurnKey GNU/Linux - https://www.turnkeylinux.org 3 | # 4 | # This file is part of buildtasks. 5 | # 6 | # Buildtasks is free software; you can redistribute it and/or modify it 7 | # under the terms of the GNU Affero General Public License as published by the 8 | # Free Software Foundation; either version 3 of the License, or (at your 9 | # option) any later version. 10 | 11 | 12 | fatal() { echo "FATAL [$(basename $0)]: $@" 1>&2; exit 1; } 13 | warning() { echo "WARNING [$(basename $0)]: $@"; } 14 | info() { echo "INFO [$(basename $0)]: $@"; } 15 | 16 | usage() { 17 | cat< $O/$name-vmdk.zip.buildenv 126 | $BT/bin/generate-buildenv vm $BT_ISOS/$isofile.hash > $O/$name.ova.buildenv 127 | 128 | # publish if specified 129 | if [ "$publish" == "yes" ]; then 130 | export PUBLISH_DEST=${BT_PUBLISH_IMGS}/vmdk/ 131 | $BT/bin/publish-files $O/$name-vmdk.zip 132 | 133 | export PUBLISH_DEST=${BT_PUBLISH_IMGS}/ova/ 134 | $BT/bin/publish-files $O/$name.ova 135 | 136 | export PUBLISH_DEST=${BT_PUBLISH_META}/ 137 | $BT/bin/publish-files $O/$name-vmdk.{zip.hash,zip.buildenv} 138 | $BT/bin/publish-files $O/$name.{ova.hash,ova.buildenv} 139 | fi 140 | 141 | if [ -z "$BT_DEBUG" ] && ! (mount | grep -q $(basename $rootfs)); then 142 | rm -rf $rootfs 143 | rm -rf $cdroot 144 | [ "$publish" == "yes" ] && $BT/bin/clean vm $appver 145 | fi 146 | --------------------------------------------------------------------------------