gitian-builder/bin/make-base-vm

#!/bin/sh
set -e

DISTRO=ubuntu
SUITE=xenial
ARCH=amd64
MIRROR_BASE=http://${MIRROR_HOST:-127.0.0.1}:3142
LXC=0
VBOX=0

usage() {
  echo "Usage: ${0##*/} [OPTION]..."
  echo "Make a base client."
  echo
  cat << EOF
  --help      display this help and exit
  --distro D  build distro D (e.g. debian) instead of ubuntu
  --suite U   build suite U instead of xenial
  --arch A    build architecture A (e.g. i386) instead of amd64
  --lxc       use lxc instead of kvm
  --vbox      use VirtualBox instead of kvm

  The MIRROR_HOST environment variable can be used to change the
  apt-cacher host.  It should be something that both the host and the
  target VM can reach.  It may be set to 127.0.0.1, in which case it will be
  changed to 10.0.2.2 on the guest (or GITIAN_HOST_IP if it is defined)
  10.0.2.2 is the host IP as visible from the guest under qemu networking.

  The DEBOOTSTRAP_DIR (but also GITIAN_SUDO_USE_DEBOOTSTRAP_DIR, see below!)
  environment variable can be set to select a directory
  that will contain data like in "/usr/share/debootstrap/". This allows user to
  make a copy of this files to some local dir and modify them locally:
  e.g. set env variable "DEBOOTSTRAP_DIR=./mydeboot/", then copy or link
  system's version of files there, and modify them there
  (e.g. copy your debootstrap-script file "xenial" to "./mydeboot/scripts/").

  Set env GITIAN_SUDO_USE_DEBOOTSTRAP_DIR="yes" to allow sudo for debootstrap
  to use flags like --preserve-env that are required for DEBOOTSTRAP_DIR to work.
  It must be equal string "yes".
  This is done as separate variable to make it clear that we modify sudo
  behaviour here regarding security (though anyway env is cleared with
  whitelist so should be perfectly safe).
EOF
}

if [ $# != 0 ] ; then
  while true ; do
    case "$1" in
      --help|-h)
        usage
        exit 0
        ;;
      --distro|-d)
        DISTRO="$2"
        shift 2
        ;;
      --suite|-s)
        SUITE="$2"
        shift 2
        ;;
      --arch|-a)
        ARCH="$2"
        shift 2
        ;;
      --lxc)
        LXC=1
        shift 1
        ;;
      --vbox)
        VBOX=1
        shift 1
        ;;
      --*)
        echo "unrecognized option $1"
        exit 1
        ;;
      *)
        break
        ;;
    esac
  done
fi

if [ $DISTRO = "ubuntu" ]; then
  MIRROR=$MIRROR_BASE/archive.ubuntu.com/ubuntu
  SECURITY_MIRROR=$MIRROR_BASE/security.ubuntu.com/ubuntu
  components=main,universe
elif [ $DISTRO = "debian" ]; then
  MIRROR=$MIRROR_BASE/ftp.debian.org/debian
  SECURITY_MIRROR=$MIRROR_BASE/security.debian.org/
  components=main,contrib
fi

mkdir -p var

if [ ! -e var/id_rsa ]; then
  ssh-keygen -t rsa -f var/id_rsa -N ""
fi

OUT=base-$SUITE-$ARCH
FLAVOUR=virtual

if [ $ARCH = "amd64" -a $SUITE = "hardy" ]; then
  FLAVOUR=server
fi

if [ $DISTRO = "debian" -a $ARCH = "amd64" ]; then
  FLAVOUR=amd64
elif [ $DISTRO = "debian" -a $ARCH = "i386" -a \($SUITE = "squeeze" -o $SUITE = "lenny" -o $SUITE = "etch" -o $SUITE = "sarge" -o $SUITE = "woody" -o $SUITE = "potato" -o $SUITE = "slink" -o $SUITE = "hamm" -o $SUITE = "bo" -o $SUITE = "rex" -o $SUITE = "buzz"\) ]; then
  FLAVOUR=686
elif [ $DISTRO = "debian" ]; then
  FLAVOUR=686-pae
fi


LOCALE_PKG=language-pack-en
if [ $DISTRO = "debian" ]; then
  LOCALE_PKG=locales
fi

addpkg=pciutils,build-essential,git-core,subversion,$LOCALE_PKG,wget,lsb-release

if [ $DISTRO = "ubuntu" ]; then
  # Need comma at end to work around an issue with apt for Debian <= Wheezy regarding empty strings
  #
  # If we left the comma down below when adding KERNEL_PKG to addpkg, the fact that KERNEL_PKG is undefined
  # if DISTRO is debian would result in two commas in a row (,,), which is interpreted by apt-get as the
  # package with the name empty string (""). This triggers a bug with apt versions < 1.0.3. So by adding the
  # comma to the end of KERNEL_PKG, we are including that comma if the distro is ubuntu (and therefore we do
  # have a kernel package that needs to be installed). If KERNEL_PKG is not set (i.e. we have Debian as the
  # distro), then we don't add that extra comma and therefore, we don't end up with two commas in a row.
  #
  # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744940
  # http://anonscm.debian.org/cgit/apt/apt.git/commit/?h=1.0.3&id=d99854cac4065bc7b337815fb2116269d58dab73
  KERNEL_PKG=linux-image-generic,
fi

GRUB_PKG=grub
if [ $DISTRO = "ubuntu" ]; then
  GRUB_PKG=grub-pc
fi

if [ $LXC = "1" ]; then
  addpkg=$addpkg,lxc
  if [ $DISTRO = "debian" ]; then
    addpkg=$addpkg,sudo
  fi
else
  # Lack of comma after KERNEL_PKG is not a typo
  addpkg=$addpkg,${KERNEL_PKG}${GRUB_PKG},openssh-server
fi

# Remove cron to work around vmbuilder issue when umounting /dev on target
removepkg=cron

if [ $VBOX = "1" ]; then
  NAME="$SUITE-$ARCH"
  if ! vagrant status | grep "$NAME" | grep "not created" > /dev/null; then
    echo "Vagrant machine "$NAME" already exists, please remove it first (vagrant destroy "$NAME")"
    exit 1
  fi

  DISTRO_USER_CREATE=0
  if [ $DISTRO = "debian" ]; then
      # we use a vagrant provider
      DISTRO_USER_CREATE=1
  fi

  vagrant up "$NAME"
  if [ $DISTRO_USER_CREATE = "1" ]; then
    vagrant ssh "$NAME" -c "sudo useradd -m -s /bin/bash $DISTRO"
  fi

  vagrant ssh "$NAME" -c "sudo mkdir -p /root/.ssh && sudo chmod 700 /root/.ssh"
  vagrant ssh "$NAME" -c "sudo sh -c 'cat >> /root/.ssh/authorized_keys'" < var/id_rsa.pub
  vagrant ssh "$NAME" -c "sudo -u $DISTRO mkdir -p /home/$DISTRO/.ssh && sudo -u $DISTRO chmod 700 /home/$DISTRO/.ssh"
  vagrant ssh "$NAME" -c "sudo sh -c 'cat >> /home/$DISTRO/.ssh/authorized_keys'" < var/id_rsa.pub

  VBoxManage snapshot "Gitian-$NAME" take "Gitian-Clean"
  vagrant suspend "$NAME"

  exit 0
fi

if [ $LXC = "1" ]; then
  if [ -e $OUT ]; then
    echo $OUT already exists, please remove it first
    exit 1
  fi
  sudo rm -rf $OUT-bootstrap
  # Need universe for lxc in lucid

  unset preserve_env
  if [ "$GITIAN_SUDO_USE_DEBOOTSTRAP_DIR" = "yes" ]; then
    echo "sudo will preserve (some) env flags"
    preserve_env=yes # if you would want to set false then unset this variable
  fi
  env -i LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 DEBOOTSTRAP_DIR="$DEBOOTSTRAP_DIR" sudo ${preserve_env+--preserve-env} debootstrap --arch=$ARCH --include=$addpkg --exclude=$removepkg --components=$components $SUITE $OUT-bootstrap $MIRROR
  # Fix lxc issue
  if [ -f $OUT-bootstrap/usr/lib/lxc/lxc-init ]
  then
    sudo cp $OUT-bootstrap/usr/lib/lxc/lxc-init $OUT-bootstrap/usr/sbin/init.lxc
  else
    if [ $ARCH = "amd64" ]
    then
      if [ -f $OUT-bootstrap/usr/lib/x86_64-linux-gnu/lxc/lxc-init ]
      then
        sudo cp $OUT-bootstrap/usr/lib/x86_64-linux-gnu/lxc/lxc-init $OUT-bootstrap/usr/sbin/init.lxc
      fi
    else
      if [ -f $OUT-bootstrap/usr/lib/i386-linux-gnu/lxc/lxc-init ]
      then
        sudo cp $OUT-bootstrap/usr/lib/i386-linux-gnu/lxc/lxc-init $OUT-bootstrap/usr/sbin/init.lxc
      fi
    fi
  fi
  dd if=/dev/zero of=$OUT-lxc bs=1M count=1 seek=10240
  /sbin/mkfs.ext4 -F $OUT-lxc
  t=`mktemp -d gitian.XXXXXXXX`
  sudo mount $OUT-lxc $t
  sudo cp -a $OUT-bootstrap/* $t
  sudo umount $t
  rmdir $t

  sudo rm -rf $OUT-bootstrap
  mv $OUT-lxc $OUT
  # bootstrap-fixup is done in libexec/make-clean-vm
else
  if [ -e $OUT.qcow2 ]; then
    echo $OUT.qcow2 already exists, please remove it first
    exit 1
  fi
  libexec/config-bootstrap-fixup

  rm -rf $OUT
  env -i LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 sudo vmbuilder kvm $DISTRO --rootsize 10240 --arch=$ARCH --suite=$SUITE --addpkg=$addpkg --removepkg=$removepkg --ssh-key=var/id_rsa.pub --ssh-user-key=var/id_rsa.pub --mirror=$MIRROR --security-mirror=$SECURITY_MIRROR --dest=$OUT --flavour=$FLAVOUR --firstboot=`pwd`/target-bin/bootstrap-fixup
  mv $OUT/*.qcow2 $OUT.qcow2
  rm -rf $OUT
  # bootstrap-fixup is done on first boot
fi