sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-04 00:00:14 -04:00
Code Issues Projects Releases Wiki Activity
strongswan/testing/scripts/build-baseimage
Andreas Steffen 903c68e069 sw-collector: Iterate through history logs 
The logrotate function causes the apt history to be split into
several parts at arbitrary points in time. If history.log only
is parsed then some package installation changes stored in
zipped backup history files might get lost.

Thus sw-collector now searches all backup history files until
a date older than the current event stored in the collector.db
database is found, so that no entries get overlooked.
2021-12-31 14:33:22 +01:00

167 lines
4.8 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
echo "Building base image"
DIR=$(dirname `readlink -f $0`)
. $DIR/../testing.conf
. $DIR/function.sh
[ `id -u` -eq 0 ] || die "You must be root to run $0"
running_any $STRONGSWANHOSTS && die "Please stop test environment before running $0"
check_commands debootstrap mkfs.ext3 partprobe qemu-img qemu-nbd sfdisk
# package includes/excludes
INC=automake,autoconf,libtool,bison,flex,gperf,pkg-config,gettext,less,locales
INC=$INC,build-essential,libgmp-dev,libldap2-dev,libcurl4-openssl-dev,ethtool
INC=$INC,libxml2-dev,libtspi-dev,libsqlite3-dev,openssh-server,tcpdump,psmisc
INC=$INC,openssl,vim,sqlite3,conntrack,gdb,cmake,libltdl-dev,wget,gnupg,man-db
INC=$INC,libboost-thread-dev,libboost-system-dev,git,iperf,htop,valgrind,strace
INC=$INC,gnat,gprbuild,acpid,acpi-support-base,libldns-dev,libunbound-dev
INC=$INC,dnsutils,libsoup2.4-dev,ca-certificates,unzip,libsystemd-dev
INC=$INC,python3,python3-setuptools,python3-dev,python3-pip,apt-transport-https
INC=$INC,libjson-c-dev,libxslt1-dev,libapache2-mod-wsgi-py3
INC=$INC,libxerces-c-dev
case "$BASEIMGSUITE" in
bullseye)
INC=$INC,libiptc-dev
;;
*)
INC=$INC,iptables-dev
;;
esac
case "$BASEIMGSUITE" in
stretch)
INC=$INC,libahven5-dev,libxmlada-schema6-dev,libgmpada6-dev
INC=$INC,libalog2-dev
;;
buster)
INC=$INC,libahven7-dev,libxmlada-schema8-dev,libgmpada8-dev
INC=$INC,libalog4-dev,dbus-user-session
;;
bullseye)
INC=$INC,libahven9-dev,libxmlada-schema10-dev,libgmpada10-dev
INC=$INC,libalog6-dev,dbus-user-session
# workaround for dependency issue gdb -> libsource-highlight4v5 -> virtual
# package (libboost-regex1.74.0-icu67), which debootstrap can't resolve (#878961)
INC=$INC,libboost-regex1.74.0
;;
*)
echo_warn "Package list for '$BASEIMGSUITE' might has to be updated"
;;
esac
SERVICES="apache2 dbus isc-dhcp-server slapd bind9 freeradius"
INC=$INC,${SERVICES// /,}
# packages to install via APT, for SWIMA tests
APT1="libgcrypt20-dev traceroute iptables"
APT="tmux"
# additional services to disable
SERVICES="$SERVICES systemd-timesyncd.service"
CACHEDIR=$BUILDDIR/cache
APTCACHE=$LOOPDIR/var/cache/apt/archives
mkdir -p $LOOPDIR
mkdir -p $CACHEDIR
mkdir -p $IMGDIR
rm -f $BASEIMG
echo "`date`, building $BASEIMG" >>$LOGFILE
load_qemu_nbd
log_action "Creating base image $BASEIMG"
execute "qemu-img create -f $IMGEXT $BASEIMG ${BASEIMGSIZE}M"
log_action "Connecting image to NBD device $NBDEV"
execute "qemu-nbd -c $NBDEV $BASEIMG"
do_on_exit qemu-nbd -d $NBDEV
log_action "Partitioning disk"
sfdisk /dev/nbd0 >>$LOGFILE 2>&1 << EOF
;
EOF
if [ $? != 0 ]
then
log_status 1
exit 1
else
log_status 0
fi
partprobe $NBDEV
log_action "Creating ext3 filesystem"
execute "mkfs.ext3 $NBDPARTITION"
log_action "Mounting $NBDPARTITION to $LOOPDIR"
execute "mount $NBDPARTITION $LOOPDIR"
do_on_exit graceful_umount $LOOPDIR
log_action "Using $CACHEDIR as archive for apt"
mkdir -p $APTCACHE
execute "mount -o bind $CACHEDIR $APTCACHE"
do_on_exit graceful_umount $APTCACHE
log_action "Running debootstrap ($BASEIMGSUITE, $BASEIMGARCH)"
execute "debootstrap --arch=$BASEIMGARCH --include=$INC $BASEIMGSUITE $LOOPDIR $BASEIMGMIRROR"
execute "mount -t proc none $LOOPDIR/proc" 0
do_on_exit graceful_umount $LOOPDIR/proc
log_action "Generating locales"
cat > $LOOPDIR/etc/locale.gen << EOF
de_CH.UTF-8 UTF-8
en_US.UTF-8 UTF-8
EOF
execute_chroot "locale-gen"
log_action "Downloading signing key for custom apt repo"
execute_chroot "wget -q $BASEIMGEXTKEY -O /tmp/key"
log_action "Installing signing key for custom apt repo"
execute_chroot "apt-key add /tmp/key"
log_action "Enabling custom apt repo"
cat > $LOOPDIR/etc/apt/sources.list.d/strongswan.list << EOF
deb $BASEIMGEXTREPO $BASEIMGSUITE main
EOF
log_status $?
log_action "Prioritize custom apt repo"
cat > $LOOPDIR/etc/apt/preferences.d/strongswan.pref << EOF
Package: *
Pin: origin "$BASEIMGEXTREPOHOST"
Pin-Priority: 1001
EOF
log_status $?
log_action "Update package sources"
execute_chroot "apt-get update"
log_action "Install packages via APT"
execute_chroot "apt-get -y install $APT1"
log_action "Move history.log to history.log.1"
execute_chroot "mv /var/log/apt/history.log /var/log/apt/history.log.1"
log_action "Compress history.log.1 to history.log.1.gz"
execute_chroot "gzip /var/log/apt/history.log.1"
log_action "Install more packages via APT"
execute_chroot "apt-get -y install $APT"
log_action "Install packages from custom repo"
execute_chroot "apt-get -y upgrade"
for service in $SERVICES
do
log_action "Disabling service $service"
execute_chroot "systemctl disable $service"
done
case "$BASEIMGSUITE" in
buster|bullseye)
log_action "Switching from iptables-nft to iptables-legacy"
execute_chroot "update-alternatives --set iptables /usr/sbin/iptables-legacy" 0
execute_chroot "update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy" 0
log_status 0
;;
esac
log_action "Disabling root password"
execute_chroot "passwd -d root"
Reference in New Issue View Git Blame Copy Permalink