starlingx/tools
Code Issues Proposed changes
tools/debian-mirror-tools/config/debian/common/base-bullseye.yaml
Dostoievski Batista 8b5ace5b78 Update path of the upgrades files 
This change update the path where the software package is installing
the files, so it can be copied to the upgrades folder inside the ISO.

Test Plan:
    PASS - Run build-image and check upgrades folder if all the files
        are in there.

Story: 2010676
Task: 51171

Change-Id: I28568b9de5e0616dd773508d2c508d32429b003f
Signed-off-by: Dostoievski Batista <dostoievski.albinobatista@windriver.com>
2024-10-11 10:49:11 -03:00

397 lines
14 KiB
YAML
Raw Blame History

---
name: starlingx
machine: intel-x86-64
image_type:
- iso
- ostree-repo
debootstrap-mirror: deb-merge-all
package_feeds: []
package_type: external-debian
wic:
OSTREE_WKS_BOOT_SIZE: ''
OSTREE_WKS_EFI_SIZE: --size=32M
OSTREE_WKS_ROOT_SIZE: ''
OSTREE_WKS_FLUX_SIZE: ''
OSTREE_FLUX_PART: fluxdata
gpg:
gpg_path: /tmp/.lat_gnupg_root
ostree:
gpgid: Wind-River-Linux-Sample
gpgkey: $OECORE_NATIVE_SYSROOT/usr/share/genimage/rpm_keys/RPM-GPG-PRIVKEY-Wind-River-Linux-Sample
gpg_password: windriver
grub:
BOOT_GPG_NAME: SecureBootCore
BOOT_GPG_PASSPHRASE: SecureCore
BOOT_KEYS_DIR: $OECORE_NATIVE_SYSROOT/usr/share/bootfs/boot_keys
BOOT_GPG_KEY: $OECORE_NATIVE_SYSROOT/usr/share/bootfs/boot_keys/BOOT-GPG-PRIVKEY-SecureBootCore
BOOT_SINGED_SHIM: $IMAGE_ROOTFS/usr/lib/shim/bootx64.efi
BOOT_SINGED_SHIMTOOL: $IMAGE_ROOTFS/usr/lib/shim/mmx64.efi
BOOT_SINGED_GRUB: $IMAGE_ROOTFS/boot/efi/EFI/BOOT/grubx64.efi
BOOT_EFITOOL: $IMAGE_ROOTFS/usr/lib/efitools/x86_64-linux-gnu/LockDown.efi
BOOT_GRUB_CFG: $IMAGE_ROOTFS/boot/efi/EFI/BOOT/grub.cfg
BOOT_NOSIG_GRUB: $IMAGE_ROOTFS/boot/efi/EFI/BOOT/bootx64-nosig.efi
EFI_SECURE_BOOT: disable
packages: []
external-packages: []
include-default-packages: '0'
rootfs-pre-scripts:
- |
# The StarlingX customize pacakges includes:
# - ostree 2019.1
export PATH=/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
chroot $IMAGE_ROOTFS bash << SCRIPT_ENDOF
set -e
# Speed up apt/dpkg used for running build-image
echo force-unsafe-io > /etc/dpkg/dpkg.cfg.d/unsafe-io
apt update
apt install -y --no-install-recommends linux-image-stx-amd64 linux-rt-image-stx-amd64 grub-common
apt install -y --allow-downgrades --allow-unauthenticated --no-install-recommends ostree ostree-boot libostree-1-1 ostree-upgrade-mgr
apt install --no-install-recommends -y ifupdown
apt install -y bc vim uuid-runtime iputils-ping
# Move dpkg database to /usr so it's accessible after the OS /var is
# mounted, but make a symlink so it works without modifications to
# dpkg or apt
mv /var/lib/dpkg /usr/share/dpkg/database
ln -sr /usr/share/dpkg/database /var/lib/dpkg
SCRIPT_ENDOF
rootfs-post-scripts:
- |-
# Set bash as default shell
ln -snf --relative $IMAGE_ROOTFS/bin/bash $IMAGE_ROOTFS/bin/sh
- |-
# FIXME: OSTree will not set up a link to scratch automagically. Need to
# relocate scratch to a more ostree friendly locale
mkdir $IMAGE_ROOTFS/var/rootdirs/scratch
ln -snf --relative $IMAGE_ROOTFS/var/rootdirs/scratch $IMAGE_ROOTFS/scratch
- |-
# Make /opt/branding to writable (To make end-user enable to place their branding archive)
mkdir $IMAGE_ROOTFS/var/branding
mkdir -p $IMAGE_ROOTFS/var/rootdirs/opt
ln -snf --relative $IMAGE_ROOTFS/var/branding $IMAGE_ROOTFS/var/rootdirs/opt/branding
- |-
cat /dev/null > $IMAGE_ROOTFS/etc/resolv.conf
- |-
cat /dev/null > $IMAGE_ROOTFS/etc/apt/sources.list
- |-
# Only used for running build-image
rm -f etc/dpkg/dpkg.cfg.d/unsafe-io
- |-
# There is ${IMAGE_ROOTFS}/var/pxeboot/grubx64.efi from parent linux installed
# For secure boot feature, it should be replaced with the right one
if [ "$EFI_SECURE_BOOT" = enable ]; then
install -m 0644 ${IMAGE_ROOTFS}/boot/efi/EFI/BOOT/grubx64.efi ${IMAGE_ROOTFS}/var/pxeboot/grubx64.efi
fi
environments:
- NO_RECOMMENDATIONS="1"
- DEBIAN_FRONTEND=noninteractive
- KERNEL_PARAMS=crashkernel=2048M apparmor=0 security=apparmor
ostree:
ostree_use_ab: '0'
ostree_osname: debian
ostree_skip_boot_diff: '2'
ostree_remote_url: ''
ostree_install_device: '/dev/sda'
OSTREE_GRUB_USER: root
OSTREE_GRUB_PW_FILE: $OECORE_NATIVE_SYSROOT/usr/share/bootfs/boot_keys/ostree_grub_pw
OSTREE_FDISK_BLM: 2506
OSTREE_FDISK_BSZ: 512
OSTREE_FDISK_RSZ: 20480
OSTREE_FDISK_VSZ: 20480
OSTREE_FDISK_FSZ: 32
OSTREE_CONSOLE: console=ttyS0,115200
debootstrap-key: ''
apt-keys:
- /opt/LAT/pubkey.rsa
iso-grub-entry: |
submenu 'UEFI Debian Controller Install' --unrestricted --id=standard {
menuentry 'Serial Console' --unrestricted --id=serial {
set fallback=1
efi-watchdog enable 0 1200
linux /bzImage-std %BOOT_PARAMS% traits=controller defaultkernel=vmlinuz-*[!t]-amd64
initrd @INITRD@
}
menuentry 'Graphical Console' --unrestricted --id=graphical {
set fallback=1
efi-watchdog enable 0 1200
linux /bzImage-std %BOOT_PARAMS% traits=controller defaultkernel=vmlinuz-*[!t]-amd64 console=tty1
initrd @INITRD@
}
}
submenu 'UEFI Debian All-in-one Install' --unrestricted --id=aio {
menuentry 'Serial Console' --unrestricted --id=serial {
set fallback=1
efi-watchdog enable 0 1200
linux /bzImage-std %BOOT_PARAMS% traits=controller,worker defaultkernel=vmlinuz-*[!t]-amd64
initrd @INITRD@
}
menuentry 'Graphical Console' --unrestricted --id=graphical {
set fallback=1
efi-watchdog enable 0 1200
linux /bzImage-std %BOOT_PARAMS% traits=controller,worker defaultkernel=vmlinuz-*[!t]-amd64 console=tty1
initrd @INITRD@
}
}
iso-syslinux-entry: |
menu start
ontimeout 1
menu begin
menu title Debian Controller Install
menu default
label 1
menu label Serial Console
kernel /bzImage-std
ipappend 2
append initrd=@INITRD@ %BOOT_PARAMS% traits=controller defaultkernel=vmlinuz-*[!t]-amd64
label 2
menu label Graphical Console
kernel /bzImage-std
ipappend 2
append initrd=@INITRD@ %BOOT_PARAMS% traits=controller defaultkernel=vmlinuz-*[!t]-amd64 console=tty1
menu end
menu begin
menu title Debian All-in-one Install
label 3
menu label Serial Console
kernel /bzImage-std
ipappend 2
append initrd=@INITRD@ %BOOT_PARAMS% traits=controller,worker defaultkernel=vmlinuz-*[!t]-amd64
label 4
menu label Graphical Console
kernel /bzImage-std
ipappend 2
append initrd=@INITRD@ %BOOT_PARAMS% traits=controller,worker defaultkernel=vmlinuz-*[!t]-amd64 console=tty1
menu end
iso-post-script: |
cd ${ISO_DIR}
# 0. Prepare
# According to `multiple-kernels' in lat yaml, install std
# or rt kernel to ISO
for k in ${OSTREE_MULTIPLE_KERNELS}; do
if [ "${k%%-rt-amd64}" != "${k}" ]; then
cp ${DEPLOY_DIR_IMAGE}/${k} bzImage-rt
if [ -e ${DEPLOY_DIR_IMAGE}/${k}.sig ]; then
cp ${DEPLOY_DIR_IMAGE}/${k}.sig bzImage-rt.sig
fi
else
cp ${DEPLOY_DIR_IMAGE}/${k} bzImage-std
if [ -e ${DEPLOY_DIR_IMAGE}/${k}.sig ]; then
cp ${DEPLOY_DIR_IMAGE}/${k}.sig bzImage-std.sig
fi
fi
done
# 1. Kickstart
mkdir -p kickstart
# 1.1 Kickstart example for PXE
cat << ENDOF > kickstart/pxe-ks.cfg
lat-disk --install-device=/dev/disk/by-path/pci-0000:af:00.0-scsi-0:2:0:0
ENDOF
# 1.2 Kickstart example for ISO
cat << ENDOF > kickstart/iso-ks.cfg
lat-disk --install-device=/dev/sda
ENDOF
# 1.3 Kickstart from image rootfs (provided by package platform-kickstarts)
if [ -e $IMAGE_ROOTFS/var/www/pages/feed/rel-*/kickstart/kickstart.cfg ]; then
cp $IMAGE_ROOTFS/var/www/pages/feed/rel-*/kickstart/kickstart.cfg kickstart/
fi
if [ -e $IMAGE_ROOTFS/var/www/pages/feed/rel-*/kickstart/miniboot.cfg ]; then
cp $IMAGE_ROOTFS/var/www/pages/feed/rel-*/kickstart/miniboot.cfg kickstart/
fi
if [ -d $IMAGE_ROOTFS/var/www/pages/feed/rel-*/kickstart/centos ]; then
cp -r $IMAGE_ROOTFS/var/www/pages/feed/rel-*/kickstart/centos kickstart/
fi
# 2. PXE
mkdir -p pxeboot/pxelinux.cfg
# 2.1 Kernel and initramfs
install -m 644 bzImage* pxeboot
install -m 644 initrd* pxeboot
# 2.2 Bootloader
# 2.2.1 Legacy BIOS PXE
cp $OECORE_TARGET_SYSROOT/usr/share/syslinux/pxelinux.0 pxeboot/
cp isolinux/isolinux.cfg pxeboot/pxelinux.cfg/default
for f in libcom32.c32 ldlinux.c32 libutil.c32 vesamenu.c32; do
cp isolinux/$f pxeboot/
done
# 2.2.2 EFI PXE
cp -a EFI pxeboot
if [ -e ${IMAGE_ROOTFS}/boot/efi/EFI/BOOT/bootx64-nosig.efi ]; then
cp ${IMAGE_ROOTFS}/boot/efi/EFI/BOOT/bootx64-nosig.efi pxeboot/EFI/BOOT/
fi
# 2.3 Edit grub.cfg and pxelinux.cfg/default
# 2.3.1 Drop to install from local ostree repo
sed -i "s#instl=/ostree_repo#@BOOTPARAMS@#g" \
pxeboot/EFI/BOOT/grub.cfg \
pxeboot/pxelinux.cfg/default
# 2.3.2 Install from remote ostree repo
sed -i "s#insturl=file://NOT_SET#insturl=http://pxecontroller:8080/feed/debian/ostree_repo#g" \
pxeboot/EFI/BOOT/grub.cfg \
pxeboot/pxelinux.cfg/default
# 2.3.3 Configure kickstart url
BOOT_PARAMS="ks=http://pxecontroller:8080/feed/debian/kickstart/pxe-ks.cfg"
# 2.3.4 Verbose installation
#BOOT_PARAMS="${BOOT_PARAMS} instsh=2"
# 2.3.5 Update boot params
sed -i "s#@BOOTPARAMS@#${BOOT_PARAMS}#g" \
pxeboot/EFI/BOOT/grub.cfg \
pxeboot/pxelinux.cfg/default
# 2.3.6 Add `Boot from hard drive' entry to grub.cfg
cat <<ENDOF>> pxeboot/EFI/BOOT/grub.cfg
export skip_check_cfg
menuentry 'UEFI Boot from hard drive' {
search --set=root --label otaefi
configfile /efi/boot/grub.cfg
}
ENDOF
# 2.4 Tweak PXE if EFI secure boot enabled
if [ "$EFI_SECURE_BOOT" = enable ]; then
# On some host, PXE make bootx64.efi search grubx64.efi
# from tftp/ dir other than tftp/EFI/BOOT/
install -m 0644 EFI/BOOT/grubx64.efi pxeboot/
# Resign grub.cfg
rm pxeboot/EFI/BOOT/grub.cfg.sig
echo 'SecureCore' | gpg --pinentry-mode loopback \
--batch \
--homedir /tmp/.lat_gnupg_root \
-u SecureBootCore \
--detach-sign \
--passphrase-fd 0 \
pxeboot/EFI/BOOT/grub.cfg
fi
# 2.5 copy pxeboot config template files to pxeboot/pxelinux.cfg
mkdir -p pxeboot/pxelinux.cfg.files
cp ${IMAGE_ROOTFS}/var/pxeboot/pxelinux.cfg.files/efi-pxe-* pxeboot/pxelinux.cfg.files/
cp ${IMAGE_ROOTFS}/var/pxeboot/pxelinux.cfg.files/pxe-* pxeboot/pxelinux.cfg.files/
# 2.6 upgrades directory and upgrade meta files
RELEASE_VER=$(cat ${IMAGE_ROOTFS}/etc/build.info | grep SW_VERSION | cut -f2 -d'=' | tr -d '"')
mkdir -p upgrades
cp ${IMAGE_ROOTFS}/etc/pxeboot-update-${RELEASE_VER}.sh upgrades/
cp ${IMAGE_ROOTFS}/usr/sbin/software-deploy/deploy-precheck upgrades/
cp ${IMAGE_ROOTFS}/usr/sbin/software-deploy/upgrade_utils.py upgrades/
cp ${IMAGE_ROOTFS}/opt/upgrades/metadata.xml upgrades/
cp ${IMAGE_ROOTFS}/usr/sbin/software-deploy/usm_load_import upgrades/
sed -i "s/xxxSW_VERSIONxxx/${RELEASE_VER}/g" upgrades/metadata.xml
if [ -f "/localdisk/workdir/${IMAGE_NAME}/packages.yaml" ]; then
# Here we collect all the packages file names
PKGS_FILENAMES=$(cat /localdisk/workdir/${IMAGE_NAME}/packages.yaml | \
grep filename: | awk '{ print $2; }' | sed -e 's/^/<deb>/' -e 's/$/<\/deb>/' | tr -d '\n')
# now we overwrite the placeholder
sed -i "s,xxxPACKAGESxxx,$PKGS_FILENAMES,g" ${IMAGE_ROOTFS}/etc/software/*-metadata.xml
else
# If we don't find the packages file we need to remove the placeholder
sed -i "s,xxxPACKAGESxxx,,g" ${IMAGE_ROOTFS}/etc/software/*-metadata.xml
fi
# Add commit id and checksum from the ostree repo in the metadata
COMMIT_OSTREE=$(ostree --repo=ostree_repo rev-parse starlingx)
sed -i "s,xxxBASECOMMITxxx,$COMMIT_OSTREE,g" ${IMAGE_ROOTFS}/etc/software/*-metadata.xml
CHECKSUM_OSTREE=$(ostree --repo=ostree_repo log starlingx | grep -i checksum | sed "s/.* //")
sed -i "s,xxxBASECHECKSUMxxx,$CHECKSUM_OSTREE,g" ${IMAGE_ROOTFS}/etc/software/*-metadata.xml
mkdir -p patches
cp ${IMAGE_ROOTFS}/etc/software/*-metadata.xml upgrades/
cp ${IMAGE_ROOTFS}/etc/software/*-metadata.xml patches/
echo -n "VERSION=${RELEASE_VER}" > upgrades/version
mkdir -p upgrades/software-deploy
# Copy all software-deploy scripts to upgrades/software-deploy in ISO
cp ${IMAGE_ROOTFS}/usr/sbin/software-deploy/* upgrades/software-deploy/
# 3. ISO
# 3.1 Edit grub.cfg and isolinux.cfg
# 3.1.1 Configure local kickstart url and LVM root and fluxdata device
BOOT_PARAMS="ks=file:///kickstart/kickstart.cfg"
BOOT_PARAMS="${BOOT_PARAMS} inst_ostree_root=/dev/mapper/cgts--vg-root--lv"
BOOT_PARAMS="${BOOT_PARAMS} inst_ostree_var=/dev/mapper/cgts--vg-var--lv"
# 3.1.2 Verbose installation
#BOOT_PARAMS="${BOOT_PARAMS} instsh=2"
# 3.1.3 Update boot params
sed -i "s#instl=/ostree_repo#& ${BOOT_PARAMS}#g" \
EFI/BOOT/grub.cfg \
isolinux/isolinux.cfg
# According to `default-kernel' in lat yaml, set which
# bootloader menu entry to boot
sed -i "s/^DEFAULT .*//g" \
isolinux/isolinux.cfg
if [ "${OSTREE_DEFAULT_KERNEL%%-rt-amd64}" != "${OSTREE_DEFAULT_KERNEL}" ]; then
# Boot rt kernel by default
sed -i "s/ set default=.*/ set default=2/g" \
EFI/BOOT/grub.cfg
else
# Boot std kernel by default
sed -i "s/ set default=.*/ set default=0/g" \
EFI/BOOT/grub.cfg
fi
# 3.2 Resign grub.cfg if EFI secure boot enabled
if [ "$EFI_SECURE_BOOT" = enable ]; then
rm EFI/BOOT/grub.cfg.sig
echo 'SecureCore' | gpg --pinentry-mode loopback \
--batch \
--homedir /tmp/.lat_gnupg_root \
-u SecureBootCore \
--detach-sign \
--passphrase-fd 0 \
EFI/BOOT/grub.cfg
fi
# Update the grub.cfg in efi.img according to above setting.
# Don't update grub.cfg.sig because the grub.cfg signature checking
# has been omitted.
mdel -i efi.img ::/EFI/BOOT/grub.cfg
mcopy -i efi.img EFI/BOOT/grub.cfg ::/EFI/BOOT/
# Put the controller-0 pxeboot install grub menu samples and
# setup script into a new the ISO's pxeboot/samples directory.
install -v -d -m 0755 pxeboot/samples
install -m 0555 ${IMAGE_ROOTFS}/usr/sbin/pxeboot_setup.sh pxeboot/samples
echo "See pxeboot_setup.sh --help for usage details" > pxeboot/samples/README
install -m 0664 ${IMAGE_ROOTFS}/var/pxeboot/pxelinux.cfg.files/pxeboot.cfg.debian pxeboot/samples
install -m 0664 ${IMAGE_ROOTFS}/var/pxeboot/pxelinux.cfg.files/efi-pxeboot.cfg.debian pxeboot/samples
# Added CERTS into efi.img
if [ "$EFI_SECURE_BOOT" = enable ]; then
mmd -i efi.img ::/CERTS
mcopy -i efi.img -s /localdisk/CERTS/* ::/CERTS/
mkdir images
ln -snf ../efi.img images/efiboot.img
fi
initramfs-sign-script: |
echo "End of initramfs-sign-script!"
multiple-kernels: vmlinuz-*[!t]-amd64 vmlinuz-*-rt-amd64
default-kernel: vmlinuz-*[!t]-amd64
system:
- contains:
- /localdisk/deploy/lat-initramfs.yaml
View Git Blame Copy Permalink