diff options
| -rw-r--r-- | .gitlab-ci.yml | 4 | ||||
| -rwxr-xr-x | bin/debvm-create | 26 | ||||
| -rwxr-xr-x | share/customize-autologin.sh | 20 | ||||
| -rwxr-xr-x | share/customize-networkd.sh | 37 | ||||
| -rwxr-xr-x | share/customize-resolved.sh | 26 |
5 files changed, 90 insertions, 23 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d7f2aee..29e0783 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -5,14 +5,14 @@ shellcheck: - apt-get update - apt-get dist-upgrade --yes - apt-get --no-install-recommends --yes install shellcheck - - shellcheck -P tests bin/* tests/*.sh + - shellcheck -P tests bin/* share/*.sh tests/*.sh codespell: script: - apt-get update - apt-get dist-upgrade --yes - apt-get --no-install-recommends --yes install codespell - - codespell bin/* tests/*.sh + - codespell bin/* share/*.sh tests/*.sh release_test: parallel: diff --git a/bin/debvm-create b/bin/debvm-create index 0dc619b..9d637b1 100755 --- a/bin/debvm-create +++ b/bin/debvm-create @@ -97,6 +97,8 @@ SSHKEY= SUITE=unstable VMNAME=testvm +SHARE_DIR="${0%/*}/../share" + nth_arg() { shift "$1" printf "%s" "$1" @@ -255,14 +257,7 @@ fi if test "$DEBVER" -ge 9; then INCLUDE_PACKAGES="$INCLUDE_PACKAGES,libnss-resolve" fi -if test "$DEBVER" -le 11; then - set -- '--customize-hook=chroot "$1" systemctl enable systemd-resolved.service' "$@" -fi -if test "$DEBVER" -le 9; then - set -- '--customize-hook=ln -fs ../run/systemd/resolve/resolv.conf "$1/etc/resolv.conf"' "$@" -elif test "$DEBVER" -le 11; then - set -- '--customize-hook=ln -fs ../run/systemd/resolve/stub-resolv.conf "$1/etc/resolv.conf"' "$@" -fi +set -- "--customize-hook=$SHARE_DIR/customize-resolved.sh" "$@" # construct mmdebstrap options as $@: set -- \ @@ -285,15 +280,7 @@ set -- \ set -- '--customize-hook=chroot "$1" passwd --delete root' "$@" # dhcp on all network interfaces -SYSD_NET_MATCH='Name=en*\n' -test "$DEBVER" -le 8 && SYSD_NET_MATCH="${SYSD_NET_MATCH}Name=eth*\\n" -SYSD_NET_NET='DHCP=yes\n' -# This anchor is included by default since bullseye. Fails DNSSEC validation when missing. -test "$DEBVER" -le 11 && SYSD_NET_NET="${SYSD_NET_NET}DNSSECNegativeTrustAnchors=home.arpa\\n" -set -- \ - '--customize-hook=chroot "$1" systemctl enable systemd-networkd.service' \ - "--customize-hook=printf \"[Match]\\n$SYSD_NET_MATCH\\n[Network]\\n$SYSD_NET_NET"'\n[DHCP]\nUseDomains=yes\n" > "$1/etc/systemd/network/20-wired.network"' \ - "$@" +set -- "--customize-hook=$SHARE_DIR/customize-networkd.sh" "$@" # add ssh key for root if test -n "$SSHKEY"; then @@ -320,10 +307,7 @@ if test "$DEBVER" -ge 12; then set -- --hook-dir=/usr/share/mmdebstrap/hooks/merged-usr "$@" fi -set -- \ - '--customize-hook=mkdir "$1/etc/systemd/system/serial-getty@.service.d"' \ - "--customize-hook=sed -n -e '1i[Service]' -e '1iExecStart=' -e 's,^ExecStart=-/sbin/agetty ,&-a root ,p'"' "$1/lib/systemd/system/serial-getty@.service" > "$1/etc/systemd/system/serial-getty@.service.d/autologin.conf"' \ - "$@" +set -- "--customize-hook=$SHARE_DIR/customize-autologin.sh" "$@" # suite target mirror set -- "$@" "$SUITE" "$IMAGE" "deb $MIRROR $SUITE main" diff --git a/share/customize-autologin.sh b/share/customize-autologin.sh new file mode 100755 index 0000000..5592a03 --- /dev/null +++ b/share/customize-autologin.sh @@ -0,0 +1,20 @@ +#!/bin/sh +# Copyright 2022 Helmut Grohne <helmut@subdivi.de> +# SPDX-License-Identifier: MIT +# +# This is a mmdebstrap customize hook that configures automatic root login on a +# serial console. + +set -eu + +TARGET=$1 + +UNIT=serial-getty@.service + +mkdir "$TARGET/etc/systemd/system/$UNIT.d" + +( + echo '[Service]' + echo 'ExecStart=' + sed -n 's,^ExecStart=-/sbin/agetty ,&-a root ,p' "$TARGET/lib/systemd/system/$UNIT" +) > "$TARGET/etc/systemd/system/$UNIT.d/autologin.conf" diff --git a/share/customize-networkd.sh b/share/customize-networkd.sh new file mode 100755 index 0000000..c89aae2 --- /dev/null +++ b/share/customize-networkd.sh @@ -0,0 +1,37 @@ +#!/bin/sh +# Copyright 2022 Helmut Grohne <helmut@subdivi.de> +# SPDX-License-Identifier: MIT +# +# This is a mmdebstrap customize hook that enables and configures +# systemd-networkd on various Debian releases. + +set -eu + +TARGET=$1 + +SYSTEMD_VERSION=$(dpkg-query --root "$TARGET" -f '${Version}' -W systemd) + +if test "${MMDEBSTRAP_MODE:-}" = chrootless; then + systemctl --root "$TARGET" enable systemd-networkd.service +else + chroot "$TARGET" systemctl enable systemd-networkd.service +fi + +{ + echo '[Match]' + echo 'Name=en*' + if dpkg --compare-versions "$SYSTEMD_VERSION" lt 220-7~; then + echo 'Name=eth*' + fi + + echo '[Network]' + echo 'DHCP=yes' + + if dpkg --compare-versions "$SYSTEMD_VERSION" lt 249; then + # This anchor is included by default since bullseye. Fails DNSSEC + # validation when missing. + echo 'DNSSECNegativeTrustAnchors=home.arpa' + fi + echo '[DHCP]' + echo 'UseDomains=yes' +} >"$TARGET/etc/systemd/network/20-wired.network" diff --git a/share/customize-resolved.sh b/share/customize-resolved.sh new file mode 100755 index 0000000..e8fe248 --- /dev/null +++ b/share/customize-resolved.sh @@ -0,0 +1,26 @@ +#!/bin/sh +# Copyright 2022 Helmut Grohne <helmut@subdivi.de> +# SPDX-License-Identifier: MIT +# +# This is a mmdebstrap customize hook that enables systemd-resolved on various +# Debian releases. + +set -eu + +TARGET=$1 + +LIBNSS_RESOLVE_VERSION=$(dpkg-query --root "$TARGET" -f '${Version}' -W libnss-resolve 2>/dev/null) || : + +if dpkg --compare-versions "$LIBNSS_RESOLVE_VERSION" lt 251.3-2~exp1; then + if test "${MMDEBSTRAP_MODE:-}" = chrootless; then + systemctl --root "$TARGET" enable systemd-resolved.service + else + chroot "$TARGET" systemctl enable systemd-resolved.service + fi + + if test -z "$LIBNSS_RESOLVE_VERSION"; then + ln -fs ../run/systemd/resolve/resolv.conf "$TARGET/etc/resolv.conf" + else + ln -fs ../run/systemd/resolve/stub-resolv.conf "$TARGET/etc/resolv.conf" + fi +fi |