-
Notifications
You must be signed in to change notification settings - Fork 18
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix: Program runtime could use newer Debian 12
- Loading branch information
Showing
5 changed files
with
163 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,102 @@ | ||
| #!/bin/sh | ||
|
|
||
| rm ./rootfs.squashfs | ||
|
|
||
| set -euf | ||
|
|
||
| rm -fr ./rootfs | ||
| mkdir ./rootfs | ||
|
|
||
| debootstrap --variant=minbase bookworm ./rootfs http://deb.debian.org/debian/ | ||
|
|
||
| chroot ./rootfs /bin/sh <<EOT | ||
| set -euf | ||
| apt-get install -y --no-install-recommends --no-install-suggests \ | ||
| python3-minimal \ | ||
| openssh-server \ | ||
| socat libsecp256k1-1 \ | ||
| \ | ||
| python3-aiohttp python3-msgpack \ | ||
| python3-setuptools python3-venv \ | ||
| python3-pip python3-cytoolz python3-pydantic \ | ||
| iproute2 unzip \ | ||
| nodejs npm \ | ||
| build-essential python3-dev \ | ||
| python3-fastapi \ | ||
| \ | ||
| docker.io \ | ||
| cgroupfs-mount \ | ||
| nftables \ | ||
| \ | ||
| iputils-ping curl | ||
| echo "Pip installing aleph-sdk-python" | ||
| mkdir -p /opt/aleph/libs | ||
| pip3 install --target /opt/aleph/libs 'aleph-sdk-python==0.7.0' | ||
| # Compile Python code to bytecode for faster execution | ||
| python3 -m compileall -f /usr/local/lib/python3.11 | ||
| python3 -m compileall -f /opt/aleph/libs | ||
| echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config | ||
| echo "PasswordAuthentication no" >> /etc/ssh/sshd_config | ||
| echo "ChallengeResponseAuthentication no" >> /etc/ssh/sshd_config | ||
| echo "PermitRootLogin yes" >> /etc/ssh/sshd_config | ||
| mkdir -p /overlay | ||
| # Set up a login terminal on the serial console (ttyS0): | ||
| ln -s agetty /etc/init.d/agetty.ttyS0 | ||
| echo ttyS0 > /etc/securetty | ||
| EOT | ||
|
|
||
|
|
||
| # Generate SSH host keys | ||
| #systemd-nspawn -D ./rootfs/ ssh-keygen -q -N "" -t dsa -f /etc/ssh/ssh_host_dsa_key | ||
| #systemd-nspawn -D ./rootfs/ ssh-keygen -q -N "" -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key | ||
| #systemd-nspawn -D ./rootfs/ ssh-keygen -q -N "" -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key | ||
| #systemd-nspawn -D ./rootfs/ ssh-keygen -q -N "" -t ed25519 -f /etc/ssh/ssh_host_ed25519_key | ||
|
|
||
| cat <<EOT > ./rootfs/etc/inittab | ||
| # /etc/inittab | ||
| ::sysinit:/sbin/init sysinit | ||
| ::sysinit:/sbin/init boot | ||
| ::wait:/sbin/init default | ||
| # Set up a couple of getty's | ||
| tty1::respawn:/sbin/getty 38400 tty1 | ||
| tty2::respawn:/sbin/getty 38400 tty2 | ||
| tty3::respawn:/sbin/getty 38400 tty3 | ||
| tty4::respawn:/sbin/getty 38400 tty4 | ||
| tty5::respawn:/sbin/getty 38400 tty5 | ||
| tty6::respawn:/sbin/getty 38400 tty6 | ||
| # Put a getty on the serial port | ||
| ttyS0::respawn:/sbin/getty -L ttyS0 115200 vt100 | ||
| # Stuff to do for the 3-finger salute | ||
| ::ctrlaltdel:/sbin/reboot | ||
| # Stuff to do before rebooting | ||
| ::shutdown:/sbin/init shutdown | ||
| EOT | ||
|
|
||
| # Reduce size | ||
| rm -fr ./rootfs/root/.cache | ||
| rm -fr ./rootfs/var/cache | ||
| mkdir -p ./rootfs/var/cache/apt/archives/partial | ||
| rm -fr ./rootfs/usr/share/doc | ||
| rm -fr ./rootfs/usr/share/man | ||
| rm -fr ./rootfs/var/lib/apt/lists/ | ||
|
|
||
| # Custom init | ||
| cp ./init0.sh ./rootfs/sbin/init | ||
| cp ./init1.py ./rootfs/root/init1.py | ||
| cp ./loading.html ./rootfs/root/loading.html | ||
| chmod +x ./rootfs/sbin/init | ||
| chmod +x ./rootfs/root/init1.py | ||
|
|
||
| mksquashfs ./rootfs/ ./rootfs.squashfs |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,58 @@ | ||
| #!/bin/sh | ||
|
|
||
| set -euf | ||
|
|
||
| mount -t proc proc /proc -o nosuid,noexec,nodev | ||
|
|
||
| log() { | ||
| echo "$(awk '{print $1}' /proc/uptime)" '|S' "$@" | ||
| } | ||
| log "init0.sh is launching" | ||
|
|
||
| # Switch root from read-only ext4 to to read-write overlay | ||
| mkdir -p /overlay | ||
| /bin/mount -t tmpfs -o noatime,mode=0755 tmpfs /overlay | ||
| mkdir -p /overlay/root /overlay/work | ||
| /bin/mount -o noatime,lowerdir=/,upperdir=/overlay/root,workdir=/overlay/work -t overlay "overlayfs:/overlay/root" /mnt | ||
| mkdir -p /mnt/rom | ||
| pivot_root /mnt /mnt/rom | ||
|
|
||
| mount --move /rom/proc /proc | ||
| mount --move /rom/dev /dev | ||
|
|
||
| mkdir -p /dev/pts | ||
| mkdir -p /dev/shm | ||
|
|
||
| mount -t sysfs sys /sys -o nosuid,noexec,nodev | ||
| mount -t tmpfs run /run -o mode=0755,nosuid,nodev | ||
| #mount -t devtmpfs dev /dev -o mode=0755,nosuid | ||
| mount -t devpts devpts /dev/pts -o mode=0620,gid=5,nosuid,noexec | ||
| mount -t tmpfs shm /dev/shm -omode=1777,nosuid,nodev | ||
|
|
||
| # Required by Docker | ||
| cgroupfs-mount | ||
| update-alternatives --set iptables /usr/sbin/iptables-legacy | ||
| update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy | ||
|
|
||
| # Enable the following to force the storage driver used by Docker. | ||
| # See https://docs.docker.com/storage/storagedriver/select-storage-driver/ | ||
| #echo '{\n"storage-driver": "overlay2"\n}\n' > /etc/docker/daemon.json | ||
|
|
||
| # List block devices | ||
| lsblk | ||
|
|
||
| #cat /proc/sys/kernel/random/entropy_avail | ||
|
|
||
| # TODO: Move in init1 | ||
| mkdir -p /run/sshd | ||
| /usr/sbin/sshd & | ||
| log "SSH UP" | ||
|
|
||
| log "Setup socat" | ||
| socat UNIX-LISTEN:/tmp/socat-socket,fork,reuseaddr VSOCK-CONNECT:2:53 & | ||
| log "Socat ready" | ||
|
|
||
| export PYTHONPATH=/opt/aleph/libs | ||
|
|
||
| # Replace this script with the manager | ||
| exec /root/init1.py |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| ../aleph-debian-11-python/init1.py |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| ../aleph-debian-11-python/loading.html |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| ../aleph-debian-11-python/update_inits.sh |