Setup /build/tftp size-limited tmpfs, make accessible via TFTP

3 files changed, 59 insertions, 0 deletions

diff --git a/bootstrap b/bootstrap
index c8707f6..7c82c18 100755
--- a/bootstrap
+++ b/bootstrap
@@ -150,6 +150,7 @@ if [ "$stage" -eq "1" ]; then
   pkgs+=",ifupdown,bridge-utils,dnsmasq,ntp,postfix"
   pkgs+=",iputils-ping,wget,curl"
   pkgs+=",openssh-client,openssh-server"
+  pkgs+=",tftp-hpa,tftpd-hpa"
 
   pkgs+=",less"
 
diff --git a/doc/manual.cli b/doc/manual.cli
index eaf8d93..04227f9 100644
--- a/doc/manual.cli
+++ b/doc/manual.cli
@@ -31,6 +31,47 @@ normally containers but can also be long-running virtual machines. Inside
 virtual machines/containers, \c{bbot} and \c{bslave} run in the \i{worker
 mode} and receive \i{build tasks} from their respective agents.
 
+\h1#arch|Architecture|
+
+Build OS root filesystem (\c{rootfs}) resides entirely in RAM with all changes
+(such as installation of the \c{build2} toolchain} discarded on the next
+reboot. A small amount of persistent (but not precious) state is stored in
+\c{/state} (see \l{#config-storage-state State}).
+
+After booting the kernel, the Build OS execution starts with a custom \c{init}
+script which performs low-level configuration and setup and then hands off the
+initialization to \c{systemd}. At the end of \c{systemd} startup the Build OS
+monitor script (\c{buildos}) is started as a \c{systemd} service. On startup
+this script bootstraps the \c{build2} toolchain, builds the \c{bbot} package,
+and starts it (as another \c{systemd} service) in the agent mode. After that
+the monitor starts monitoring for OS and toolchain changes. If either is
+detected, the host is rebooted, which will trigger both booting the latest
+OS and building of the latest \c{build2} toolchain and \c{bbot}.
+
+@@ TODO: init steps.
+
+The monitor service (and \c{bbot} that it starts) are executed as the
+\c{build} user/group. The home directory of this user is \c{/build}. It has
+the following subdirectories:
+
+\ul|
+
+\li|\n\c{/build/tftp}\n
+
+  A size-limited \c{tmpfs} filesystem that is used to communicate with build
+  machines as well as for build host log access.
+
+  This directory is read-accessible via the TFTP server running on the default
+  port. A \c{bbot} agent also makes sub-directories inside this directory
+  temporarily write-accessible to build machines by running custom instances
+  of the TFTP server on other ports.|
+
+\li|\n\c{/build/machines}\n
+
+  Contains virtual machines and containers. See \l{#config-storage-machines
+  Machines} for details.||
+
+
 \h1#boot|Booting|
 
 \c{buildos} is normally booted from the network using PXE but can also be
diff --git a/init b/init
index 8714955..e189bbc 100755
--- a/init
+++ b/init
@@ -357,6 +357,13 @@ if [ -z "$machines" ]; then
   error
 fi
 
+# Create /build/tftp. We make it a size-limited tmpfs since potentially-
+# compromized VMs will be able to upload to.
+#
+mkdir -p /build/tftp
+o="nodev,noexec,nosuid,size=200M,mode=0755,uid=$(id -u build),gid=$(id -g build)"
+echo "tmpfs /build/tftp tmpfs $o 0 0" >>$fstab
+
 # Configure Postfix.
 #
 cat <<<"$hname" >/etc/mailname
@@ -410,6 +417,16 @@ if [ -n "$ssh_key" ]; then
   chmod 600 /root/.ssh/authorized_keys
 fi
 
+# Configure the TFTP server (tftpd-hpa).
+#
+# We could have ran it as user 'build' but since it is read-only, the default
+# user 'tftp' works just as well. Note that by default it is running chroot'ed
+# (--secure) so no symlinks pointing outside /build/tftp will work.
+#
+sed -r -i \
+  -e "s%^(TFTP_DIRECTORY).*%\1=\"/build/tftp\"%" \
+ /etc/default/tftpd-hpa
+
 # Hand off to systemd. But first arrange to keep console output (which
 # becomes tty1).
 #