diff options
| -rwxr-xr-x | bootstrap | 2 | ||||
| -rwxr-xr-x | buildos | 7 | ||||
| -rw-r--r-- | buildos.service | 2 | ||||
| -rw-r--r-- | doc/manual.cli | 16 | ||||
| -rwxr-xr-x | init | 4 |
5 files changed, 24 insertions, 7 deletions
@@ -321,7 +321,7 @@ EOF # write <<EOF /usr/lib/systemd/system/buildos-setup.service [Unit] -Description=Build OS Setup +Description=build os setup After=default.target Conflicts=console-getty.service @@ -531,6 +531,8 @@ function toolchain_fetch () # <toolchain-prefix> <line> # Make the link. # + # Note that the target must be just the file for TFTP chroot to work. + # ln -s "$f" "$tr/$l" } @@ -559,6 +561,11 @@ function toolchain_bootstrap () # <toolchain-name> local tv="$(toolchain_value "$tp" toolchain_ver)" # Should be set by fetch(). local tt="$(toolchain_value "$tp" toolchain_trust)" + # Save the repository certificate fingerprint into the trust file (used + # by machine bootstrap). + # + echo "$tt" >"$tr/trust" + # Bootstrap in /tmp/toolchain/$tn/, install to /build/toolchain/$tn/. # local wd="/tmp/toolchain/$tn" diff --git a/buildos.service b/buildos.service index b1aedf1..d4b1950 100644 --- a/buildos.service +++ b/buildos.service @@ -1,5 +1,5 @@ [Unit] -Description=Build OS Monitor +Description=build os monitor After=default.target Conflicts=getty@tty1.service diff --git a/doc/manual.cli b/doc/manual.cli index 3abd639..7284c6a 100644 --- a/doc/manual.cli +++ b/doc/manual.cli @@ -36,7 +36,9 @@ mode} and receive \i{build tasks} from their respective agents. Build OS root filesystem (\c{rootfs}) resides entirely in RAM with all changes (such as installation of the \c{build2} toolchain} discarded on the next reboot. A small amount of persistent (but not precious) state is stored in -\c{/state} (see \l{#config-storage-state State}). +\c{/state} (see \l{#config-storage-state State}). A minimum of 4G of RAM +is required for Build OS itself (that is, excluding any virtual machines +and containers). After booting the kernel, the Build OS execution starts with a custom \c{init} script which performs low-level configuration and setup and then hands off the @@ -339,10 +341,18 @@ e723[...]c305 *0.4.0/build2-mingw-0.4.0-x86_64-windows.tar.xz Based on the checksums file the monitor downloads each file into \c{/build/tftp/toolchain/<name>/} (the file path is taken as relative to \c{toolchain_url}), verifies their checksums, and creates \i{predictable name} -symlinks (names without the version). Continuing with the above example, the -contents of \c{/build/tftp/toolchain/default/} would be: +symlinks (names without the version). It also creates the \c{version} which +contains the toolchain version and the \c{trust} file which contains the +value of the \c{buildos.toolchain_trust} parameter or the special \c{\"no\"} +value if none were specified. + +Continuing with the above example, the contents of +\c{/build/tftp/toolchain/default/} would be: \ +version +trust + build2-toolchain-0.4.0.tar.xz build2-baseutils-0.4.0-x86_64-windows.zip build2-mingw-0.4.0-x86_64-windows.tar.xz @@ -32,7 +32,7 @@ export PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/lib/klibc/bin/ # One would expect rootflags=size=Xg to work but it doesn't (perhaps init # is expected to interpret it)? # -mount -o remount,size=1536M / +mount -o remount,size=2G / mkdir -p /sys /proc mount -t sysfs -o nodev,noexec,nosuid sysfs /sys @@ -379,7 +379,7 @@ fi # compromized VMs will be able to upload to. # mkdir -p /build/tftp -o="nodev,noexec,nosuid,size=200M" +o="nodev,noexec,nosuid,size=512M" o+=",mode=0755,uid=$(id -u build),gid=$(id -g build)" echo "tmpfs /build/tftp tmpfs $o 0 0" >>$fstab |