os-bootstrap/Makefile at debian · CoderOJ/os-bootstrap · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
SHELL := /bin/bash

DEBIAN_VERSION ?= trixie

clean:
	rm -rf target
	${MAKE} util/unmount-kernelfs
	${MAKE} util/unmount
	rm -rf mnt
	rm -rf qemu-run

util/mount:
	@test "${DISK}" != "" || (echo "Specify DISK=/dev/..."; exit 1)

	mkdir -p ./mnt
	mount `lsblk -nlo PATH ${DISK} | awk 'NR==3 {print}'` ./mnt
	mkdir -p ./mnt/boot
	mount `lsblk -nlo PATH ${DISK} | awk 'NR==2 {print}'` ./mnt/boot

util/mount-kernelfs:
	mkdir -p ./mnt/dev
	mount --bind /dev  ./mnt/dev
	mkdir -p ./mnt/proc
	mount --bind /proc ./mnt/proc
	mkdir -p ./mnt/sys
	mount --bind /sys  ./mnt/sys

util/unmount:
	umount ./mnt/boot 	|| true
	umount ./mnt 		|| true

util/unmount-kernelfs:
	umount ./mnt/dev	|| true
	umount ./mnt/proc 	|| true
	umount ./mnt/sys 	|| true

target/dependency:
	apt install gdisk btrfs-progs parted dosfstools mmdebstrap systemd-boot qemu-system-x86 ovmf

	mkdir -p target
	@touch $@

target/partition-disk: target/dependency
	@test "${DISK}" != "" || (echo "Specify DISK=/dev/..."; exit 1)
	@read -p "Partition ${DISK}? (y/N): " c && [ "$$c" = y ] || { echo "Canceled"; exit 1; }

	# 1. 清空磁盘分区表
	sgdisk -Z "${DISK}"
	# 2. 创建 GPT
	sgdisk -o "${DISK}"
	# 3. 创建 EFI 分区（FAT32）512MB
	sgdisk -n 1:0:+1G -t 1:EF00 -c 1:"EFI System" "${DISK}"
	# 4. 创建 Btrfs 根分区（剩余全部）
	sgdisk -n 2:0:0 -t 2:8300 -c 2:"Linux root (btrfs)" "${DISK}"
	# 重新加载分区表
	partprobe "${DISK}"

	@touch $@

target/format-efi:
	@test "${PART_EFI}" != "" || (echo "Specify PART_EFI"; exit 1)

	@echo format ${PART_EFI} as FAT
	mkfs.fat -F32 ${PART_EFI}

	@touch $@

target/format-root:
	@test "${PART_ROOT}" != "" || (echo "Specify PART_ROOT"; exit 1)

	@echo format ${PART_EFI} as btrfs
	mkfs.btrfs -f -L "rootfs" ${PART_ROOT}

	@touch $@

target/format: target/partition-disk
	@test "${DISK}" != "" || (echo "Specify DISK=/dev/..."; exit 1)

	mkdir -p ./mnt
	${MAKE} target/format-root "PART_ROOT=`lsblk -nlo PATH ${DISK} | awk 'NR==3 {print}'`"
	${MAKE} target/format-efi  "PART_EFI=`lsblk -nlo PATH ${DISK} | awk 'NR==2 {print}'`"

	@touch $@

target/subvolume: target/format
	${MAKE} util/mount

	btrfs su create mnt/home
	btrfs su create mnt/home/cscg
	btrfs su create mnt/var
	btrfs su create mnt/var/cache
	btrfs su create mnt/opt
	chattr +C mnt/var/cache

	@touch $@

target/bootstrap: target/subvolume
	mmdebstrap \
		--arch=amd64 \
		--variant=apt \
		--include=linux-image-amd64,login,systemd,systemd-sysv,systemd-resolved,systemd-boot,sudo,cloud-init,netplan.io,btrfs-progs,openssh-client,openssh-server,locales \
		--skip=check/empty \
		${DEBIAN_VERSION} ./mnt

	sed 's/$${DEBIAN_VERSION}/${DEBIAN_VERSION}/g' apt/sources.list.template > ./mnt/etc/apt/sources.list
	chmod 644 ./mnt/etc/apt/sources.list

	${MAKE} util/mount-kernelfs

	# Configure cloud-init nocloud datasource
	mkdir -p ./mnt/var/lib/cloud/seed/nocloud
	cp cloud-init/nocloud/meta-data ./mnt/var/lib/cloud/seed/nocloud/meta-data
	cp cloud-init/nocloud/user-data ./mnt/var/lib/cloud/seed/nocloud/user-data
	cp cloud-init/nocloud/network-config ./mnt/var/lib/cloud/seed/nocloud/network-config
	cp cloud-init/99-local.cfg 	./mnt/etc/cloud/cloud.cfg.d/99-local.cfg
	cp -r scripts ./mnt/home/cscg/

	@touch $@

target/systemd-boot: target/bootstrap
	bash systemd-boot/install.sh ./mnt systemd-boot/loader/loader.conf

	@touch $@

target/all: target/bootstrap target/systemd-boot
	@touch $@

config/set-cscg-password:
	# Keep the password out of shell history, hash it as SHA-512 crypt,
	# then replace only the cloud-init passwd line tagged with the marker.
	# The hash is passed through ENV so Perl does not treat "$$6$$..." as captures.
	@read -rsp "New password for cscg: " password; echo; \
	test "$$password" != "" || { echo "Password cannot be empty"; exit 1; }; \
	command -v openssl >/dev/null || { echo "openssl is required"; exit 1; }; \
	hash="$$(printf '%s' "$$password" | openssl passwd -6 -stdin)"; \
	HASH="$$hash" perl -0pi -e 's/^(\s*passwd:\s*)".*?"(\s*# id\.set_password_here)$$/$$1 . "\"" . $$ENV{HASH} . "\"" . $$2/me or die "Password marker not found\n"' cloud-init/nocloud/user-data

test/boot: target/dependency
	@test "${DISK}" != "" || (echo "Specify DISK=/dev/..."; exit 1)

	${MAKE} util/unmount-kernelfs
	${MAKE} util/unmount

	mkdir -p qemu-run
	cp /usr/share/OVMF/OVMF_VARS_4M.fd ./qemu-run/OVMF_VARS_4M.fd
	qemu-system-x86_64 -nographic -m 4g -smp 8 \
		  -drive if=pflash,format=raw,readonly=on,file=/usr/share/OVMF/OVMF_CODE_4M.fd \
		  -drive if=pflash,format=raw,file=./qemu-run/OVMF_VARS_4M.fd \
		  -drive file=${DISK},format=raw,if=none,id=disk0,cache=directsync \
		  -netdev user,id=net0 \
		  -device virtio-net-pci,netdev=net0 \
		  -device virtio-blk-pci,drive=disk0 \
		  -boot order=c

test/chroot:
	${MAKE} util/mount
	${MAKE} util/mount-kernelfs
	chroot ./mnt

test/scrub:
	${MAKE} util/mount
	btrfs scrub start -B mnt