add build_container

PaulGrandperrin · PaulGrandperrin · commit 2bc044ea46dc · 2019-11-27T12:00:04.000Z
diff --git a/build_container.sh b/build_container.sh
@@ -0,0 +1,39 @@
+#!/bin/sh
+set -xe
+
+# generic system setup
+apt install -y debootstrap systemd-container
+systemctl enable machines.target
+echo 'kernel.unprivileged_userns_clone=1' > /etc/sysctl.d/nspawn.conf
+echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.d/nspawn.conf
+systemctl restart systemd-sysctl.service
+systemctl enable systemd-networkd
+systemctl start systemd-networkd
+
+# params
+name=test
+container=/var/lib/machines/$name/
+
+# destroy existing setup
+systemctl disable systemd-nspawn@$name.service
+systemctl stop systemd-nspawn@$name.service
+rm -f /etc/systemd/nspawn/$name.nspawn
+rm -rf $container
+
+# create new setup
+debootstrap --include=systemd-container,ca-certificates buster $container
+echo 'deb http://security.debian.org/ buster/updates main contrib non-free' >> $container/etc/apt/sources.list
+echo 'deb http://deb.debian.org/debian buster-updates main contrib non-free' >> $container/etc/apt/sources.list
+echo 'deb [trusted=yes] file:///repo ./' >> $container/etc/apt/sources.list
+cp -rv repo $container/
+systemd-nspawn -D $container -E DEBIAN_FRONTEND=noninteractive apt update -y
+systemd-nspawn -D $container -E DEBIAN_FRONTEND=noninteractive apt upgrade -y
+systemd-nspawn -D $container -E DEBIAN_FRONTEND=noninteractive apt dist-upgrade -y
+
+systemd-nspawn -D $container systemctl enable systemd-networkd.service
+
+mkdir -p /etc/systemd/nspawn/
+echo "[Network]" > /etc/systemd/nspawn/$name.nspawn
+echo "Zone=$name" >> /etc/systemd/nspawn/$name.nspawn
+systemctl enable systemd-nspawn@$name.service
+systemctl start systemd-nspawn@$name.service
diff --git a/build_packages.sh b/build_packages.sh
@@ -59,7 +59,7 @@ ub_default="$ub_android $ub_int $ub_null $ub_bound"
 
 # PACKAGES
 
-FLAGS="$st $ub_default" # TODO try to enable some CFI
+FLAGS="$ub_default" # TODO try to enable some CFI
 export DEB_CFLAGS_APPEND="$FLAGS"
 export DEB_CXXFLAGS_APPEND="$FLAGS"
 export DEB_LDFLAGS_APPEND="$FLAGS"
@@ -69,9 +69,14 @@ build_package bzip2
 build_package icu
 build_package lua5.3
 
+FLAGS="$cfi $ub_default"
+export DEB_CFLAGS_APPEND="$FLAGS"
+export DEB_CXXFLAGS_APPEND="$FLAGS"
+export DEB_LDFLAGS_APPEND="$FLAGS"
+build_package opensmtpd
+
 FLAGS="$st $cfi $ub_default"
 export DEB_CFLAGS_APPEND="$FLAGS"
 export DEB_CXXFLAGS_APPEND="$FLAGS"
 export DEB_LDFLAGS_APPEND="$FLAGS"
 build_package opensmtpd
-build_package lzma
diff --git a/build_repo.sh b/build_repo.sh
@@ -2,20 +2,25 @@
 set -xe
 
 
-mkdir -p repo/dists/buster/main/binary-amd64
-mkdir -p repo/pool/main
+#mkdir -p repo/dists/buster/main/binary-amd64
+#mkdir -p repo/pool/main
+#
+#mv debs/*.deb repo/pool/main/
+#cd repo
+#dpkg-scanpackages . > dists/buster/main/binary-amd64/Packages
+#
+#cat <<EOF > dists/buster/Release
+#Origin: Debian
+#Label: Debian
+#Suite: stable
+#Codename: buster
+#Components: main contrib non-free
+#SHA256:
+#$(sha256sum dists/buster/main/binary-amd64/Packages |cut -d' ' -f1) $(ls -l dists/buster/main/binary-amd64/Packages|cut -d' ' -f5) main/binary-amd64/Packages
+#EOF
 
-mv debs/*.deb repo/pool/main/
+mkdir -p repo
+mv debs/*.deb repo/
 cd repo
-dpkg-scanpackages . > dists/buster/main/binary-amd64/Packages
-
-cat <<EOF > dists/buster/Release
-Origin: Debian
-Label: Debian
-Suite: stable
-Codename: buster
-Components: main contrib non-free
-SHA256:
-$(sha256sum dists/buster/main/binary-amd64/Packages |cut -d' ' -f1) $(ls -l dists/buster/main/binary-amd64/Packages|cut -d' ' -f5) main/binary-amd64/Packages
-EOF
+dpkg-scanpackages . > Packages
 
