From c5e5cc6d1b77dbfee3341b627979e864c2e9a514 Mon Sep 17 00:00:00 2001 From: Boris Kolpackov Date: Thu, 20 Apr 2017 08:44:30 +0200 Subject: Various minor improvements/changes --- bootstrap | 2 +- buildos | 7 +++++++ buildos.service | 2 +- doc/manual.cli | 16 +++++++++++++--- init | 4 ++-- 5 files changed, 24 insertions(+), 7 deletions(-) diff --git a/bootstrap b/bootstrap index cfbf59a..3805a04 100755 --- a/bootstrap +++ b/bootstrap @@ -321,7 +321,7 @@ EOF # write < # Make the link. # + # Note that the target must be just the file for TFTP chroot to work. + # ln -s "$f" "$tr/$l" } @@ -559,6 +561,11 @@ function toolchain_bootstrap () # local tv="$(toolchain_value "$tp" toolchain_ver)" # Should be set by fetch(). local tt="$(toolchain_value "$tp" toolchain_trust)" + # Save the repository certificate fingerprint into the trust file (used + # by machine bootstrap). + # + echo "$tt" >"$tr/trust" + # Bootstrap in /tmp/toolchain/$tn/, install to /build/toolchain/$tn/. # local wd="/tmp/toolchain/$tn" diff --git a/buildos.service b/buildos.service index b1aedf1..d4b1950 100644 --- a/buildos.service +++ b/buildos.service @@ -1,5 +1,5 @@ [Unit] -Description=Build OS Monitor +Description=build os monitor After=default.target Conflicts=getty@tty1.service diff --git a/doc/manual.cli b/doc/manual.cli index 3abd639..7284c6a 100644 --- a/doc/manual.cli +++ b/doc/manual.cli @@ -36,7 +36,9 @@ mode} and receive \i{build tasks} from their respective agents. Build OS root filesystem (\c{rootfs}) resides entirely in RAM with all changes (such as installation of the \c{build2} toolchain} discarded on the next reboot. A small amount of persistent (but not precious) state is stored in -\c{/state} (see \l{#config-storage-state State}). +\c{/state} (see \l{#config-storage-state State}). A minimum of 4G of RAM +is required for Build OS itself (that is, excluding any virtual machines +and containers). After booting the kernel, the Build OS execution starts with a custom \c{init} script which performs low-level configuration and setup and then hands off the @@ -339,10 +341,18 @@ e723[...]c305 *0.4.0/build2-mingw-0.4.0-x86_64-windows.tar.xz Based on the checksums file the monitor downloads each file into \c{/build/tftp/toolchain//} (the file path is taken as relative to \c{toolchain_url}), verifies their checksums, and creates \i{predictable name} -symlinks (names without the version). Continuing with the above example, the -contents of \c{/build/tftp/toolchain/default/} would be: +symlinks (names without the version). It also creates the \c{version} which +contains the toolchain version and the \c{trust} file which contains the +value of the \c{buildos.toolchain_trust} parameter or the special \c{\"no\"} +value if none were specified. + +Continuing with the above example, the contents of +\c{/build/tftp/toolchain/default/} would be: \ +version +trust + build2-toolchain-0.4.0.tar.xz build2-baseutils-0.4.0-x86_64-windows.zip build2-mingw-0.4.0-x86_64-windows.tar.xz diff --git a/init b/init index 18a6b0b..35838e5 100755 --- a/init +++ b/init @@ -32,7 +32,7 @@ export PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/lib/klibc/bin/ # One would expect rootflags=size=Xg to work but it doesn't (perhaps init # is expected to interpret it)? # -mount -o remount,size=1536M / +mount -o remount,size=2G / mkdir -p /sys /proc mount -t sysfs -o nodev,noexec,nosuid sysfs /sys @@ -379,7 +379,7 @@ fi # compromized VMs will be able to upload to. # mkdir -p /build/tftp -o="nodev,noexec,nosuid,size=200M" +o="nodev,noexec,nosuid,size=512M" o+=",mode=0755,uid=$(id -u build),gid=$(id -g build)" echo "tmpfs /build/tftp tmpfs $o 0 0" >>$fstab -- cgit v1.1