1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
|
#!/bin/bash
echo "Building base image"
DIR=$(dirname `readlink -f $0`)
. $DIR/../testing.conf
. $DIR/function.sh
[ `id -u` -eq 0 ] || die "You must be root to run $0"
running_any $STRONGSWANHOSTS && die "Please stop test environment before running $0"
check_commands debootstrap mkfs.ext3 blockdev qemu-img qemu-nbd sfdisk
# package includes/excludes
INC=automake,autoconf,libtool,bison,flex,gperf,pkg-config,less,locales
INC=$INC,build-essential,libgmp-dev,libldap2-dev,libcurl4-openssl-dev,ethtool
INC=$INC,libxml2-dev,libtspi-dev,libsqlite3-dev,openssh-server,tcpdump,psmisc
INC=$INC,openssl,vim,sqlite3,conntrack,gdb,cmake,libltdl-dev,wget,gnupg,man-db
INC=$INC,libboost-thread-dev,libboost-system-dev,git,iperf3,htop,valgrind,strace
INC=$INC,gnat,gprbuild,acpid,acpi-support-base,libldns-dev,libunbound-dev
INC=$INC,bind9-dnsutils,ca-certificates,unzip,libsystemd-dev
INC=$INC,python3,python3-setuptools,python3-build,python3-dev,python3-daemon,python3-venv,
INC=$INC,apt-transport-https,libjson-c-dev,libxslt1-dev,libapache2-mod-wsgi-py3
INC=$INC,libxerces-c-dev,rsyslog,ncat,socat,libiptc-dev,binutils-dev
case "$BASEIMGSUITE" in
bullseye)
INC=$INC,libahven9-dev,libxmlada-schema10-dev,libgmpada10-dev
INC=$INC,libalog6-dev,dbus-user-session
# workaround for dependency issue gdb -> libsource-highlight4v5 -> virtual
# package (libboost-regex1.74.0-icu67), which debootstrap can't resolve (#878961)
INC=$INC,libboost-regex1.74.0
;;
bookworm)
INC=$INC,libahven11-dev,libxmlada-schema12-dev,libgmpada12-dev
INC=$INC,libalog8-dev,dbus-user-session,pipx
# workaround for dependency issue gdb -> libsource-highlight4v5 -> virtual
# package (libboost-regex1.74.0-icu67), which debootstrap can't resolve (#878961)
INC=$INC,libboost-regex1.74.0
;;
trixie)
INC=$INC,libahven-dev,libxmlada-schema-dev,libgmpada-dev
INC=$INC,libalog-dev,dbus-user-session,pipx,systemd-dev
;;
*)
echo_warn "Package list for '$BASEIMGSUITE' might has to be updated"
;;
esac
SERVICES="apache2 dbus isc-dhcp-server slapd bind9 freeradius"
INC=$INC,${SERVICES// /,}
# packages to install via APT, for SWIMA tests
APT1="libgcrypt20-dev traceroute iptables"
APT="tmux"
# additional services to disable
case "$BASEIMGSUITE" in
bookworm|trixie)
;;
*)
SERVICES="$SERVICES systemd-timesyncd"
;;
esac
CACHEDIR=$BUILDDIR/cache
APTCACHE=$LOOPDIR/var/cache/apt/archives
mkdir -p $LOOPDIR
mkdir -p $CACHEDIR
mkdir -p $IMGDIR
rm -f $BASEIMG
echo "`date`, building $BASEIMG" >>$LOGFILE
load_qemu_nbd
log_action "Creating base image $BASEIMG"
execute "qemu-img create -f $IMGEXT $BASEIMG ${BASEIMGSIZE}M"
log_action "Connecting image to NBD device $NBDEV"
execute "qemu-nbd -c $NBDEV $BASEIMG"
do_on_exit qemu-nbd -d $NBDEV
# wait for disk to become ready with newer QEMU versions
sleep 1
log_action "Partitioning disk"
sfdisk /dev/nbd0 >>$LOGFILE 2>&1 << EOF
;
EOF
if [ $? != 0 ]
then
log_status 1
exit 1
else
log_status 0
fi
blockdev --rereadpt $NBDEV
log_action "Creating ext3 filesystem"
execute "mkfs.ext3 $NBDPARTITION"
log_action "Mounting $NBDPARTITION to $LOOPDIR"
execute "mount $NBDPARTITION $LOOPDIR"
do_on_exit graceful_umount $LOOPDIR
log_action "Using $CACHEDIR as archive for apt"
mkdir -p $APTCACHE
execute "mount -o bind $CACHEDIR $APTCACHE"
do_on_exit graceful_umount $APTCACHE
log_action "Running debootstrap ($BASEIMGSUITE, $BASEIMGARCH)"
execute "debootstrap --arch=$BASEIMGARCH --include=$INC $BASEIMGSUITE $LOOPDIR $BASEIMGMIRROR"
execute "mount -t proc none $LOOPDIR/proc" 0
do_on_exit graceful_umount $LOOPDIR/proc
log_action "Generating locales"
cat > $LOOPDIR/etc/locale.gen << EOF
de_CH.UTF-8 UTF-8
en_US.UTF-8 UTF-8
EOF
execute_chroot "locale-gen"
log_action "Downloading signing key for custom apt repo"
execute_chroot "wget -q $BASEIMGEXTKEY -O /tmp/strongswan.key"
log_action "Installing signing key for custom apt repo"
execute_chroot "mv /tmp/strongswan.key /etc/apt/keyrings/"
log_action "Enabling custom apt repo"
cat > $LOOPDIR/etc/apt/sources.list.d/strongswan.list << EOF
deb [signed-by=/etc/apt/keyrings/strongswan.key] $BASEIMGEXTREPO $BASEIMGSUITE main
EOF
log_status $?
log_action "Prioritize custom apt repo"
cat > $LOOPDIR/etc/apt/preferences.d/strongswan.pref << EOF
Package: *
Pin: origin "$BASEIMGEXTREPOHOST"
Pin-Priority: 1001
EOF
log_status $?
log_action "Update package sources"
execute_chroot "apt-get update"
log_action "Install packages via APT"
execute_chroot "apt-get -y install $APT1"
log_action "Move history.log to history.log.1"
execute_chroot "mv /var/log/apt/history.log /var/log/apt/history.log.1"
log_action "Compress history.log.1 to history.log.1.gz"
execute_chroot "gzip /var/log/apt/history.log.1"
log_action "Install more packages via APT"
execute_chroot "apt-get -y install $APT"
log_action "Install packages from custom repo"
execute_chroot "apt-get -y upgrade"
for service in $SERVICES
do
log_action "Disabling service $service"
execute_chroot "systemctl disable $service"
done
log_action "Switching from iptables-nft to iptables-legacy"
execute_chroot "update-alternatives --set iptables /usr/sbin/iptables-legacy" 0
execute_chroot "update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy" 0
log_status 0
log_action "Disabling root password"
execute_chroot "passwd -d root"
|
