From 26107fca27f9e37121efab5488caeea1b3548f96 Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Fri, 5 Jan 2024 14:01:20 +0100 Subject: [PATCH] feature: script to build my own kernel and rootf --- Makefile | 9 +- cmd/main.go | 22 ++++ rootf-kernel/Makefile | 6 + rootf-kernel/kernel-config/fs.config | 2 + rootf-kernel/kernel-config/net.config | 158 +++++++++++++++++++++++ rootf-kernel/kernel-config/virtio.config | 16 +++ rootf-kernel/kernel.sh | 47 +++++++ rootf-kernel/rootfs.sh | 47 +++++++ 8 files changed, 300 insertions(+), 7 deletions(-) create mode 100644 rootf-kernel/Makefile create mode 100644 rootf-kernel/kernel-config/fs.config create mode 100644 rootf-kernel/kernel-config/net.config create mode 100644 rootf-kernel/kernel-config/virtio.config create mode 100644 rootf-kernel/kernel.sh create mode 100644 rootf-kernel/rootfs.sh diff --git a/Makefile b/Makefile index 163ed5b..8a2b614 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -.PHONY: build run ci get-alpine-rootfs +.PHONY: build run ci .EXPORT_ALL_VARIABLES: GOARCH=amd64 @@ -11,7 +11,7 @@ GOBUILDFLAGS=-tags dev EXEC=out/main -build: out/alpine-minirootfs-3.19.0-x86_64.tar.gz $(EXEC) +build: $(EXEC) run: $(EXEC) @chmod +x $(EXEC) @@ -20,8 +20,6 @@ run: $(EXEC) ci: golangci-lint run --fix -get-alpine-rootfs: out/alpine-minirootfs-3.19.0-x86_64.tar.gz - publish: scp $(EXEC) sf314:~/firecracker/ @@ -32,6 +30,3 @@ dependencies: $(EXEC): cmd/main.go dependencies @echo "build for os $$GOOS and arch $$GOARCH" go build -o $@ -ldflags="$(LDFLAGS)" $(GOBUILDFLAGS) $< - -out/alpine-minirootfs-3.19.0-x86_64.tar.gz: - wget -O $@ https://dl-cdn.alpinelinux.org/alpine/v3.19/releases/x86_64/alpine-minirootfs-3.19.0-x86_64.tar.gz diff --git a/cmd/main.go b/cmd/main.go index df36fc7..b512685 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -109,6 +109,12 @@ func setupEnv() int { StaticConfiguration: &firecracker.StaticNetworkConfiguration{ MacAddress: "06:00:AC:10:00:02", HostDevName: tap.Link.Attrs().Name, + /* IPConfiguration: &firecracker.IPConfiguration{ + IPAddr: tapNetwork, + Gateway: firstIpTapNetwork, + Nameservers: []string{"1.1.1.1"}, + IfName: "net1", + },*/ }, }, }, @@ -125,6 +131,9 @@ func setupEnv() int { firecracker.VMCommandBuilder{}. WithBin("firecracker"). WithSocketPath("/tmp/firecracker.socket"). + //WithStdin(os.Stdin). + //WithStdout(os.Stdout). + //WithStderr(os.Stderr). Build(ctx), ), firecracker.WithLogger(logrus.NewEntry(log)), @@ -149,6 +158,19 @@ func setupEnv() int { return 1 } + /* cmd := exec.Command("/bin/sh") + + cmd.Stdin = os.Stdin + cmd.Stdout = os.Stdout + cmd.Stderr = os.Stderr + + cmd.Env = []string{"PS1=-[ns-process]- # "} + + if err := cmd.Run(); err != nil { + fmt.Printf("Error running the /bin/sh command - %s\n", err) + os.Exit(1) + }*/ + return 0 } diff --git a/rootf-kernel/Makefile b/rootf-kernel/Makefile new file mode 100644 index 0000000..b5987ea --- /dev/null +++ b/rootf-kernel/Makefile @@ -0,0 +1,6 @@ +.PHONY: get-alpine-rootfs + +get-alpine-rootfs: out/alpine-minirootfs-3.19.0-x86_64.tar.gz + +out/alpine-minirootfs-3.19.0-x86_64.tar.gz: + wget -O $@ https://dl-cdn.alpinelinux.org/alpine/v3.19/releases/x86_64/alpine-minirootfs-3.19.0-x86_64.tar.gz diff --git a/rootf-kernel/kernel-config/fs.config b/rootf-kernel/kernel-config/fs.config new file mode 100644 index 0000000..3bff23a --- /dev/null +++ b/rootf-kernel/kernel-config/fs.config @@ -0,0 +1,2 @@ +CONFIG_EXT4_FS=y +CONFIG_OVERLAY_FS=y diff --git a/rootf-kernel/kernel-config/net.config b/rootf-kernel/kernel-config/net.config new file mode 100644 index 0000000..0738ef6 --- /dev/null +++ b/rootf-kernel/kernel-config/net.config @@ -0,0 +1,158 @@ +CONFIG_VETH=y +CONFIG_BRIDGE=y +CONFIG_VXLAN=y + +CONFIG_IP_SET=y +CONFIG_IP_SET_BITMAP_IP=y +CONFIG_IP_SET_BITMAP_IPMAC=y +CONFIG_IP_SET_BITMAP_PORT=y +CONFIG_IP_SET_HASH_IP=y +CONFIG_IP_SET_HASH_IPMARK=y +CONFIG_IP_SET_HASH_IPPORT=y +CONFIG_IP_SET_HASH_IPPORTIP=y +CONFIG_IP_SET_HASH_IPPORTNET=y +CONFIG_IP_SET_HASH_IPMAC=y +CONFIG_IP_SET_HASH_MAC=y +CONFIG_IP_SET_HASH_NETPORTNET=y +CONFIG_IP_SET_HASH_NET=y +CONFIG_IP_SET_HASH_NETNET=y +CONFIG_IP_SET_HASH_NETPORT=y +CONFIG_IP_SET_HASH_NETIFACE=y +CONFIG_IP_SET_LIST_SET=y + +CONFIG_NETFILTER=y +CONFIG_NETFILTER_ADVANCED=y +CONFIG_NETFILTER_INGRESS=y +CONFIG_NETFILTER_NETLINK=y +CONFIG_NETFILTER_FAMILY_BRIDGE=y +CONFIG_NETFILTER_FAMILY_ARP=y +CONFIG_NETFILTER_NETLINK_ACCT=y +CONFIG_NETFILTER_NETLINK_QUEUE=y +CONFIG_NETFILTER_NETLINK_LOG=y +CONFIG_NETFILTER_NETLINK_OSF=y +CONFIG_NETFILTER_CONNCOUNT=y +CONFIG_NETFILTER_NETLINK_GLUE_CT=y +CONFIG_NETFILTER_SYNPROXY=y +CONFIG_NETFILTER_XTABLES=y +CONFIG_NETFILTER_XT_MARK=y +CONFIG_NETFILTER_XT_CONNMARK=y +CONFIG_NETFILTER_XT_SET=y +CONFIG_NETFILTER_XT_TARGET_AUDIT=y +CONFIG_NETFILTER_XT_TARGET_CHECKSUM=y +CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y +CONFIG_NETFILTER_XT_TARGET_CONNMARK=y +CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=y +CONFIG_NETFILTER_XT_TARGET_CT=y +CONFIG_NETFILTER_XT_TARGET_DSCP=y +CONFIG_NETFILTER_XT_TARGET_HL=y +CONFIG_NETFILTER_XT_TARGET_HMARK=y +CONFIG_NETFILTER_XT_TARGET_IDLETIMER=y +CONFIG_NETFILTER_XT_TARGET_LED=y +CONFIG_NETFILTER_XT_TARGET_LOG=y +CONFIG_NETFILTER_XT_TARGET_MARK=y +CONFIG_NETFILTER_XT_NAT=y +CONFIG_NETFILTER_XT_TARGET_NETMAP=y +CONFIG_NETFILTER_XT_TARGET_NFLOG=y +CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y +CONFIG_NETFILTER_XT_TARGET_NOTRACK=y +CONFIG_NETFILTER_XT_TARGET_RATEEST=y +CONFIG_NETFILTER_XT_TARGET_REDIRECT=y +CONFIG_NETFILTER_XT_TARGET_TEE=y +CONFIG_NETFILTER_XT_TARGET_TPROXY=y +CONFIG_NETFILTER_XT_TARGET_TRACE=y +CONFIG_NETFILTER_XT_TARGET_SECMARK=y +CONFIG_NETFILTER_XT_TARGET_TCPMSS=y +CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=y +CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y +CONFIG_NETFILTER_XT_MATCH_BPF=y +CONFIG_NETFILTER_XT_MATCH_CGROUP=y +CONFIG_NETFILTER_XT_MATCH_CLUSTER=y +CONFIG_NETFILTER_XT_MATCH_COMMENT=y +CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y +CONFIG_NETFILTER_XT_MATCH_CONNLABEL=y +CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y +CONFIG_NETFILTER_XT_MATCH_CONNMARK=y +CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y +CONFIG_NETFILTER_XT_MATCH_CPU=y +CONFIG_NETFILTER_XT_MATCH_DCCP=y +CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y +CONFIG_NETFILTER_XT_MATCH_DSCP=y +CONFIG_NETFILTER_XT_MATCH_ECN=y +CONFIG_NETFILTER_XT_MATCH_ESP=y +CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y +CONFIG_NETFILTER_XT_MATCH_HELPER=y +CONFIG_NETFILTER_XT_MATCH_HL=y +CONFIG_NETFILTER_XT_MATCH_IPCOMP=y +CONFIG_NETFILTER_XT_MATCH_IPRANGE=y +CONFIG_NETFILTER_XT_MATCH_IPVS=y +CONFIG_NETFILTER_XT_MATCH_L2TP=y +CONFIG_NETFILTER_XT_MATCH_LENGTH=y +CONFIG_NETFILTER_XT_MATCH_LIMIT=y +CONFIG_NETFILTER_XT_MATCH_MAC=y +CONFIG_NETFILTER_XT_MATCH_MARK=y +CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y +CONFIG_NETFILTER_XT_MATCH_NFACCT=y +CONFIG_NETFILTER_XT_MATCH_OSF=y +CONFIG_NETFILTER_XT_MATCH_OWNER=y +CONFIG_NETFILTER_XT_MATCH_POLICY=y +CONFIG_NETFILTER_XT_MATCH_PHYSDEV=y +CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y +CONFIG_NETFILTER_XT_MATCH_QUOTA=y +CONFIG_NETFILTER_XT_MATCH_RATEEST=y +CONFIG_NETFILTER_XT_MATCH_REALM=y +CONFIG_NETFILTER_XT_MATCH_RECENT=y +CONFIG_NETFILTER_XT_MATCH_SCTP=y +CONFIG_NETFILTER_XT_MATCH_SOCKET=y +CONFIG_NETFILTER_XT_MATCH_STATE=y +CONFIG_NETFILTER_XT_MATCH_STATISTIC=y +CONFIG_NETFILTER_XT_MATCH_STRING=y +CONFIG_NETFILTER_XT_MATCH_TCPMSS=y +CONFIG_NETFILTER_XT_MATCH_TIME=y +CONFIG_NETFILTER_XT_MATCH_U32=y + +CONFIG_NF_NAT=y +CONFIG_NF_NAT_NEEDED=y +CONFIG_NF_TABLES=y +CONFIG_NF_TABLES_SET=y +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y +CONFIG_NF_DUP_NETDEV=y +CONFIG_NF_FLOW_TABLE_INET=y +CONFIG_NF_FLOW_TABLE=y +CONFIG_NF_DEFRAG_IPV4=y +CONFIG_NF_TABLES_IPV4=y +CONFIG_NF_TABLES_ARP=y +CONFIG_NF_FLOW_TABLE_IPV4=y +CONFIG_NF_DUP_IPV4=y +CONFIG_NF_REJECT_IPV4=y +CONFIG_NF_NAT_IPV4=y +CONFIG_NF_NAT_MASQUERADE_IPV4=y +CONFIG_NF_TABLES_BRIDGE=y + +CONFIG_NF_CONNTRACK=y + +CONFIG_IP_NF_IPTABLES=y +CONFIG_IP_NF_MATCH_AH=y +CONFIG_IP_NF_MATCH_ECN=y +CONFIG_IP_NF_MATCH_RPFILTER=y +CONFIG_IP_NF_MATCH_TTL=y +CONFIG_IP_NF_FILTER=y +CONFIG_IP_NF_TARGET_REJECT=y +CONFIG_IP_NF_TARGET_SYNPROXY=y +CONFIG_IP_NF_NAT=y +CONFIG_IP_NF_TARGET_MASQUERADE=y +CONFIG_IP_NF_TARGET_NETMAP=y +CONFIG_IP_NF_TARGET_REDIRECT=y +CONFIG_IP_NF_MANGLE=y +CONFIG_IP_NF_TARGET_CLUSTERIP=y +CONFIG_IP_NF_TARGET_ECN=y +CONFIG_IP_NF_TARGET_TTL=y +CONFIG_IP_NF_RAW=y +CONFIG_IP_NF_SECURITY=y +CONFIG_IP_NF_ARPTABLES=y +CONFIG_IP_NF_ARPFILTER=y +CONFIG_IP_NF_ARP_MANGLE=y + +CONFIG_NFT_BRIDGE_REJECT=y + +CONFIG_BRIDGE_NETFILTER=y diff --git a/rootf-kernel/kernel-config/virtio.config b/rootf-kernel/kernel-config/virtio.config new file mode 100644 index 0000000..b00dc2b --- /dev/null +++ b/rootf-kernel/kernel-config/virtio.config @@ -0,0 +1,16 @@ +CONFIG_BLK_MQ_VIRTIO=y +CONFIG_VIRTIO_BLK=y +CONFIG_VIRTIO_BLK_SCSI=y +CONFIG_SCSI_VIRTIO=y +CONFIG_VIRTIO_NET=y +CONFIG_VIRTIO_CONSOLE=y +CONFIG_HW_RANDOM_VIRTIO=y +CONFIG_VIRTIO=y +CONFIG_VIRTIO_MENU=y +CONFIG_VIRTIO_PCI=y +CONFIG_VIRTIO_PCI_LEGACY=y +CONFIG_VIRTIO_BALLOON=y +CONFIG_VIRTIO_INPUT=y +CONFIG_VIRTIO_MMIO=y +CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y +CONFIG_CRYPTO_DEV_VIRTIO=y diff --git a/rootf-kernel/kernel.sh b/rootf-kernel/kernel.sh new file mode 100644 index 0000000..d478053 --- /dev/null +++ b/rootf-kernel/kernel.sh @@ -0,0 +1,47 @@ +#!/usr/bin/env bash + +# inspired by https://github.com/oraoto/archlinux-firecracker/blob/master/scripts/build-arch-kernel.sh + +KERNEL_VERSION=5.11.2 + +mkdir -p build + +cd build + +## Install build tools +# pacman -Syu base-devel bc pahole --ignore linux-firmware + +## Get kernel source +curl -o linux.tar.xz "https://mirrors.tuna.tsinghua.edu.cn/kernel/v5.x/linux-$KERNEL_VERSION.tar.xz" +tar xf linux.tar.xz +cd linux-$KERNEL_VERSION/ + +## Get Archlinux kernel config +curl -o .config https://git.archlinux.org/svntogit/packages.git/plain/trunk/config?h=packages/linux + +## Disable modules +sed 's/\(.*\)=m/#\1 is not set/g' -i .config +sed 's/\(.*\)MOUSE\(.*\)=y/\1MOUSE\2=n/g' -i .config +sed 's/\(.*\)USB\(.*\)=y/\1USB\2=n/g' -i .config +sed 's/\(.*\)TOUCHSCREEN\(.*\)=y/\1TOUCHSCREEN\2=n/g' -i .config +sed 's/\(.*\)HID\(.*\)=y/\1HID\2=n/g' -i .config +sed 's/\(.*\)GPU\(.*\)=y/\1GPU\2=n/g' -i .config +sed 's/\(.*\)GPIO\(.*\)=y/\1GPIO\2=n/g' -i .config +sed 's/\(.*\)NVDIMM\(.*\)=y/\1NVDIMM\2=n/g' -i .config +sed 's/\(.*\)MFD\(.*\)=y/\1MFD\2=n/g' -i .config +sed 's/\(.*\)XEN\(.*\)=y/\1XEN\2=n/g' -i .config +sed 's/\(.*\)VIDEO\(.*\)=y/\1VIDEO\2=n/g' -i .config +# sed 's/\(.*\)PCI\(.*\)=y/\1PCI\2=n/g' -i .config +sed 's/\(.*\)WLAN\(.*\)=y/\1WLAN\2=n/g' -i .config +sed 's/\(.*\)DRM\(.*\)=y/\1DRM\2=n/g' -i .config + +cat ../../config/virtio.config >> .config +cat ../../config/fs.config >> .config +cat ../../config/net.config >> .config + +## Add KVM guest support +make kvm_guest.config + +make -j$(nproc) + +./scripts/extract-vmlinux ./arch/x86_64/boot/bzImage > ../../output/arch-vmlinux.bin diff --git a/rootf-kernel/rootfs.sh b/rootf-kernel/rootfs.sh new file mode 100644 index 0000000..bc9a485 --- /dev/null +++ b/rootf-kernel/rootfs.sh @@ -0,0 +1,47 @@ +#!/usr/bin/env bash + +# inspired by https://github.com/oraoto/archlinux-firecracker/blob/master/scripts/build-arch-rootfs.sh + +DISK_SIZE=4G +DISK_FILE=../output/arch-rootfs.ext4 +DISK_ROOT=../output/mount + +cd $(dirname "${BASH_SOURCE[0]}") + +# Allocate rootfs disk +fallocate -l 4G $DISK_FILE +mkfs.ext4 $DISK_FILE + +# Mount rootfs to mount +mkdir -p $DISK_ROOT + +sudo mount $DISK_FILE $DISK_ROOT + +yes y | sudo pacstrap -i -c $DISK_ROOT bash filesystem systemd-sysvcompat pacman iproute2 + +echo "nameserver 1.1.1.1" | sudo tee $DISK_ROOT/etc/resolv.conf + +sudo tee $DISK_ROOT/etc/systemd/system/firecracker-network.service <<-'EOF' +[Unit] +Description=Firecracker Network + +[Service] +Type=oneshot +ExecStart=ip link set eth0 up +ExecStart=ip addr add 172.16.0.2/24 dev eth0 +ExecStart=ip route add default via 172.16.0.1 dev eth0 +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target +EOF + +sudo ln -s /etc/systemd/system/firecracker-network.service $DISK_ROOT/etc/systemd/system/multi-user.target.wants/ + +# Remove default (locked) root password +# See https://github.com/archlinux/svntogit-packages/commit/0320c909f3867d47576083e853543bab1705185b + +sudo sed 's/^root:.*/root::14871::::::/' -i $DISK_ROOT/etc/shadow + +sudo umount $DISK_ROOT +rmdir $DISK_ROOT