From 26107fca27f9e37121efab5488caeea1b3548f96 Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Fri, 5 Jan 2024 14:01:20 +0100 Subject: [PATCH 01/34] feature: script to build my own kernel and rootf --- Makefile | 9 +- cmd/main.go | 22 ++++ rootf-kernel/Makefile | 6 + rootf-kernel/kernel-config/fs.config | 2 + rootf-kernel/kernel-config/net.config | 158 +++++++++++++++++++++++ rootf-kernel/kernel-config/virtio.config | 16 +++ rootf-kernel/kernel.sh | 47 +++++++ rootf-kernel/rootfs.sh | 47 +++++++ 8 files changed, 300 insertions(+), 7 deletions(-) create mode 100644 rootf-kernel/Makefile create mode 100644 rootf-kernel/kernel-config/fs.config create mode 100644 rootf-kernel/kernel-config/net.config create mode 100644 rootf-kernel/kernel-config/virtio.config create mode 100644 rootf-kernel/kernel.sh create mode 100644 rootf-kernel/rootfs.sh diff --git a/Makefile b/Makefile index 163ed5b..8a2b614 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -.PHONY: build run ci get-alpine-rootfs +.PHONY: build run ci .EXPORT_ALL_VARIABLES: GOARCH=amd64 @@ -11,7 +11,7 @@ GOBUILDFLAGS=-tags dev EXEC=out/main -build: out/alpine-minirootfs-3.19.0-x86_64.tar.gz $(EXEC) +build: $(EXEC) run: $(EXEC) @chmod +x $(EXEC) @@ -20,8 +20,6 @@ run: $(EXEC) ci: golangci-lint run --fix -get-alpine-rootfs: out/alpine-minirootfs-3.19.0-x86_64.tar.gz - publish: scp $(EXEC) sf314:~/firecracker/ @@ -32,6 +30,3 @@ dependencies: $(EXEC): cmd/main.go dependencies @echo "build for os $$GOOS and arch $$GOARCH" go build -o $@ -ldflags="$(LDFLAGS)" $(GOBUILDFLAGS) $< - -out/alpine-minirootfs-3.19.0-x86_64.tar.gz: - wget -O $@ https://dl-cdn.alpinelinux.org/alpine/v3.19/releases/x86_64/alpine-minirootfs-3.19.0-x86_64.tar.gz diff --git a/cmd/main.go b/cmd/main.go index df36fc7..b512685 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -109,6 +109,12 @@ func setupEnv() int { StaticConfiguration: &firecracker.StaticNetworkConfiguration{ MacAddress: "06:00:AC:10:00:02", HostDevName: tap.Link.Attrs().Name, + /* IPConfiguration: &firecracker.IPConfiguration{ + IPAddr: tapNetwork, + Gateway: firstIpTapNetwork, + Nameservers: []string{"1.1.1.1"}, + IfName: "net1", + },*/ }, }, }, @@ -125,6 +131,9 @@ func setupEnv() int { firecracker.VMCommandBuilder{}. WithBin("firecracker"). WithSocketPath("/tmp/firecracker.socket"). + //WithStdin(os.Stdin). + //WithStdout(os.Stdout). + //WithStderr(os.Stderr). Build(ctx), ), firecracker.WithLogger(logrus.NewEntry(log)), @@ -149,6 +158,19 @@ func setupEnv() int { return 1 } + /* cmd := exec.Command("/bin/sh") + + cmd.Stdin = os.Stdin + cmd.Stdout = os.Stdout + cmd.Stderr = os.Stderr + + cmd.Env = []string{"PS1=-[ns-process]- # "} + + if err := cmd.Run(); err != nil { + fmt.Printf("Error running the /bin/sh command - %s\n", err) + os.Exit(1) + }*/ + return 0 } diff --git a/rootf-kernel/Makefile b/rootf-kernel/Makefile new file mode 100644 index 0000000..b5987ea --- /dev/null +++ b/rootf-kernel/Makefile @@ -0,0 +1,6 @@ +.PHONY: get-alpine-rootfs + +get-alpine-rootfs: out/alpine-minirootfs-3.19.0-x86_64.tar.gz + +out/alpine-minirootfs-3.19.0-x86_64.tar.gz: + wget -O $@ https://dl-cdn.alpinelinux.org/alpine/v3.19/releases/x86_64/alpine-minirootfs-3.19.0-x86_64.tar.gz diff --git a/rootf-kernel/kernel-config/fs.config b/rootf-kernel/kernel-config/fs.config new file mode 100644 index 0000000..3bff23a --- /dev/null +++ b/rootf-kernel/kernel-config/fs.config @@ -0,0 +1,2 @@ +CONFIG_EXT4_FS=y +CONFIG_OVERLAY_FS=y diff --git a/rootf-kernel/kernel-config/net.config b/rootf-kernel/kernel-config/net.config new file mode 100644 index 0000000..0738ef6 --- /dev/null +++ b/rootf-kernel/kernel-config/net.config @@ -0,0 +1,158 @@ +CONFIG_VETH=y +CONFIG_BRIDGE=y +CONFIG_VXLAN=y + +CONFIG_IP_SET=y +CONFIG_IP_SET_BITMAP_IP=y +CONFIG_IP_SET_BITMAP_IPMAC=y +CONFIG_IP_SET_BITMAP_PORT=y +CONFIG_IP_SET_HASH_IP=y +CONFIG_IP_SET_HASH_IPMARK=y +CONFIG_IP_SET_HASH_IPPORT=y +CONFIG_IP_SET_HASH_IPPORTIP=y +CONFIG_IP_SET_HASH_IPPORTNET=y +CONFIG_IP_SET_HASH_IPMAC=y +CONFIG_IP_SET_HASH_MAC=y +CONFIG_IP_SET_HASH_NETPORTNET=y +CONFIG_IP_SET_HASH_NET=y +CONFIG_IP_SET_HASH_NETNET=y +CONFIG_IP_SET_HASH_NETPORT=y +CONFIG_IP_SET_HASH_NETIFACE=y +CONFIG_IP_SET_LIST_SET=y + +CONFIG_NETFILTER=y +CONFIG_NETFILTER_ADVANCED=y +CONFIG_NETFILTER_INGRESS=y +CONFIG_NETFILTER_NETLINK=y +CONFIG_NETFILTER_FAMILY_BRIDGE=y +CONFIG_NETFILTER_FAMILY_ARP=y +CONFIG_NETFILTER_NETLINK_ACCT=y +CONFIG_NETFILTER_NETLINK_QUEUE=y +CONFIG_NETFILTER_NETLINK_LOG=y +CONFIG_NETFILTER_NETLINK_OSF=y +CONFIG_NETFILTER_CONNCOUNT=y +CONFIG_NETFILTER_NETLINK_GLUE_CT=y +CONFIG_NETFILTER_SYNPROXY=y +CONFIG_NETFILTER_XTABLES=y +CONFIG_NETFILTER_XT_MARK=y +CONFIG_NETFILTER_XT_CONNMARK=y +CONFIG_NETFILTER_XT_SET=y +CONFIG_NETFILTER_XT_TARGET_AUDIT=y +CONFIG_NETFILTER_XT_TARGET_CHECKSUM=y +CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y +CONFIG_NETFILTER_XT_TARGET_CONNMARK=y +CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=y +CONFIG_NETFILTER_XT_TARGET_CT=y +CONFIG_NETFILTER_XT_TARGET_DSCP=y +CONFIG_NETFILTER_XT_TARGET_HL=y +CONFIG_NETFILTER_XT_TARGET_HMARK=y +CONFIG_NETFILTER_XT_TARGET_IDLETIMER=y +CONFIG_NETFILTER_XT_TARGET_LED=y +CONFIG_NETFILTER_XT_TARGET_LOG=y +CONFIG_NETFILTER_XT_TARGET_MARK=y +CONFIG_NETFILTER_XT_NAT=y +CONFIG_NETFILTER_XT_TARGET_NETMAP=y +CONFIG_NETFILTER_XT_TARGET_NFLOG=y +CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y +CONFIG_NETFILTER_XT_TARGET_NOTRACK=y +CONFIG_NETFILTER_XT_TARGET_RATEEST=y +CONFIG_NETFILTER_XT_TARGET_REDIRECT=y +CONFIG_NETFILTER_XT_TARGET_TEE=y +CONFIG_NETFILTER_XT_TARGET_TPROXY=y +CONFIG_NETFILTER_XT_TARGET_TRACE=y +CONFIG_NETFILTER_XT_TARGET_SECMARK=y +CONFIG_NETFILTER_XT_TARGET_TCPMSS=y +CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=y +CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y +CONFIG_NETFILTER_XT_MATCH_BPF=y +CONFIG_NETFILTER_XT_MATCH_CGROUP=y +CONFIG_NETFILTER_XT_MATCH_CLUSTER=y +CONFIG_NETFILTER_XT_MATCH_COMMENT=y +CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y +CONFIG_NETFILTER_XT_MATCH_CONNLABEL=y +CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y +CONFIG_NETFILTER_XT_MATCH_CONNMARK=y +CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y +CONFIG_NETFILTER_XT_MATCH_CPU=y +CONFIG_NETFILTER_XT_MATCH_DCCP=y +CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y +CONFIG_NETFILTER_XT_MATCH_DSCP=y +CONFIG_NETFILTER_XT_MATCH_ECN=y +CONFIG_NETFILTER_XT_MATCH_ESP=y +CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y +CONFIG_NETFILTER_XT_MATCH_HELPER=y +CONFIG_NETFILTER_XT_MATCH_HL=y +CONFIG_NETFILTER_XT_MATCH_IPCOMP=y +CONFIG_NETFILTER_XT_MATCH_IPRANGE=y +CONFIG_NETFILTER_XT_MATCH_IPVS=y +CONFIG_NETFILTER_XT_MATCH_L2TP=y +CONFIG_NETFILTER_XT_MATCH_LENGTH=y +CONFIG_NETFILTER_XT_MATCH_LIMIT=y +CONFIG_NETFILTER_XT_MATCH_MAC=y +CONFIG_NETFILTER_XT_MATCH_MARK=y +CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y +CONFIG_NETFILTER_XT_MATCH_NFACCT=y +CONFIG_NETFILTER_XT_MATCH_OSF=y +CONFIG_NETFILTER_XT_MATCH_OWNER=y +CONFIG_NETFILTER_XT_MATCH_POLICY=y +CONFIG_NETFILTER_XT_MATCH_PHYSDEV=y +CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y +CONFIG_NETFILTER_XT_MATCH_QUOTA=y +CONFIG_NETFILTER_XT_MATCH_RATEEST=y +CONFIG_NETFILTER_XT_MATCH_REALM=y +CONFIG_NETFILTER_XT_MATCH_RECENT=y +CONFIG_NETFILTER_XT_MATCH_SCTP=y +CONFIG_NETFILTER_XT_MATCH_SOCKET=y +CONFIG_NETFILTER_XT_MATCH_STATE=y +CONFIG_NETFILTER_XT_MATCH_STATISTIC=y +CONFIG_NETFILTER_XT_MATCH_STRING=y +CONFIG_NETFILTER_XT_MATCH_TCPMSS=y +CONFIG_NETFILTER_XT_MATCH_TIME=y +CONFIG_NETFILTER_XT_MATCH_U32=y + +CONFIG_NF_NAT=y +CONFIG_NF_NAT_NEEDED=y +CONFIG_NF_TABLES=y +CONFIG_NF_TABLES_SET=y +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y +CONFIG_NF_DUP_NETDEV=y +CONFIG_NF_FLOW_TABLE_INET=y +CONFIG_NF_FLOW_TABLE=y +CONFIG_NF_DEFRAG_IPV4=y +CONFIG_NF_TABLES_IPV4=y +CONFIG_NF_TABLES_ARP=y +CONFIG_NF_FLOW_TABLE_IPV4=y +CONFIG_NF_DUP_IPV4=y +CONFIG_NF_REJECT_IPV4=y +CONFIG_NF_NAT_IPV4=y +CONFIG_NF_NAT_MASQUERADE_IPV4=y +CONFIG_NF_TABLES_BRIDGE=y + +CONFIG_NF_CONNTRACK=y + +CONFIG_IP_NF_IPTABLES=y +CONFIG_IP_NF_MATCH_AH=y +CONFIG_IP_NF_MATCH_ECN=y +CONFIG_IP_NF_MATCH_RPFILTER=y +CONFIG_IP_NF_MATCH_TTL=y +CONFIG_IP_NF_FILTER=y +CONFIG_IP_NF_TARGET_REJECT=y +CONFIG_IP_NF_TARGET_SYNPROXY=y +CONFIG_IP_NF_NAT=y +CONFIG_IP_NF_TARGET_MASQUERADE=y +CONFIG_IP_NF_TARGET_NETMAP=y +CONFIG_IP_NF_TARGET_REDIRECT=y +CONFIG_IP_NF_MANGLE=y +CONFIG_IP_NF_TARGET_CLUSTERIP=y +CONFIG_IP_NF_TARGET_ECN=y +CONFIG_IP_NF_TARGET_TTL=y +CONFIG_IP_NF_RAW=y +CONFIG_IP_NF_SECURITY=y +CONFIG_IP_NF_ARPTABLES=y +CONFIG_IP_NF_ARPFILTER=y +CONFIG_IP_NF_ARP_MANGLE=y + +CONFIG_NFT_BRIDGE_REJECT=y + +CONFIG_BRIDGE_NETFILTER=y diff --git a/rootf-kernel/kernel-config/virtio.config b/rootf-kernel/kernel-config/virtio.config new file mode 100644 index 0000000..b00dc2b --- /dev/null +++ b/rootf-kernel/kernel-config/virtio.config @@ -0,0 +1,16 @@ +CONFIG_BLK_MQ_VIRTIO=y +CONFIG_VIRTIO_BLK=y +CONFIG_VIRTIO_BLK_SCSI=y +CONFIG_SCSI_VIRTIO=y +CONFIG_VIRTIO_NET=y +CONFIG_VIRTIO_CONSOLE=y +CONFIG_HW_RANDOM_VIRTIO=y +CONFIG_VIRTIO=y +CONFIG_VIRTIO_MENU=y +CONFIG_VIRTIO_PCI=y +CONFIG_VIRTIO_PCI_LEGACY=y +CONFIG_VIRTIO_BALLOON=y +CONFIG_VIRTIO_INPUT=y +CONFIG_VIRTIO_MMIO=y +CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y +CONFIG_CRYPTO_DEV_VIRTIO=y diff --git a/rootf-kernel/kernel.sh b/rootf-kernel/kernel.sh new file mode 100644 index 0000000..d478053 --- /dev/null +++ b/rootf-kernel/kernel.sh @@ -0,0 +1,47 @@ +#!/usr/bin/env bash + +# inspired by https://github.com/oraoto/archlinux-firecracker/blob/master/scripts/build-arch-kernel.sh + +KERNEL_VERSION=5.11.2 + +mkdir -p build + +cd build + +## Install build tools +# pacman -Syu base-devel bc pahole --ignore linux-firmware + +## Get kernel source +curl -o linux.tar.xz "https://mirrors.tuna.tsinghua.edu.cn/kernel/v5.x/linux-$KERNEL_VERSION.tar.xz" +tar xf linux.tar.xz +cd linux-$KERNEL_VERSION/ + +## Get Archlinux kernel config +curl -o .config https://git.archlinux.org/svntogit/packages.git/plain/trunk/config?h=packages/linux + +## Disable modules +sed 's/\(.*\)=m/#\1 is not set/g' -i .config +sed 's/\(.*\)MOUSE\(.*\)=y/\1MOUSE\2=n/g' -i .config +sed 's/\(.*\)USB\(.*\)=y/\1USB\2=n/g' -i .config +sed 's/\(.*\)TOUCHSCREEN\(.*\)=y/\1TOUCHSCREEN\2=n/g' -i .config +sed 's/\(.*\)HID\(.*\)=y/\1HID\2=n/g' -i .config +sed 's/\(.*\)GPU\(.*\)=y/\1GPU\2=n/g' -i .config +sed 's/\(.*\)GPIO\(.*\)=y/\1GPIO\2=n/g' -i .config +sed 's/\(.*\)NVDIMM\(.*\)=y/\1NVDIMM\2=n/g' -i .config +sed 's/\(.*\)MFD\(.*\)=y/\1MFD\2=n/g' -i .config +sed 's/\(.*\)XEN\(.*\)=y/\1XEN\2=n/g' -i .config +sed 's/\(.*\)VIDEO\(.*\)=y/\1VIDEO\2=n/g' -i .config +# sed 's/\(.*\)PCI\(.*\)=y/\1PCI\2=n/g' -i .config +sed 's/\(.*\)WLAN\(.*\)=y/\1WLAN\2=n/g' -i .config +sed 's/\(.*\)DRM\(.*\)=y/\1DRM\2=n/g' -i .config + +cat ../../config/virtio.config >> .config +cat ../../config/fs.config >> .config +cat ../../config/net.config >> .config + +## Add KVM guest support +make kvm_guest.config + +make -j$(nproc) + +./scripts/extract-vmlinux ./arch/x86_64/boot/bzImage > ../../output/arch-vmlinux.bin diff --git a/rootf-kernel/rootfs.sh b/rootf-kernel/rootfs.sh new file mode 100644 index 0000000..bc9a485 --- /dev/null +++ b/rootf-kernel/rootfs.sh @@ -0,0 +1,47 @@ +#!/usr/bin/env bash + +# inspired by https://github.com/oraoto/archlinux-firecracker/blob/master/scripts/build-arch-rootfs.sh + +DISK_SIZE=4G +DISK_FILE=../output/arch-rootfs.ext4 +DISK_ROOT=../output/mount + +cd $(dirname "${BASH_SOURCE[0]}") + +# Allocate rootfs disk +fallocate -l 4G $DISK_FILE +mkfs.ext4 $DISK_FILE + +# Mount rootfs to mount +mkdir -p $DISK_ROOT + +sudo mount $DISK_FILE $DISK_ROOT + +yes y | sudo pacstrap -i -c $DISK_ROOT bash filesystem systemd-sysvcompat pacman iproute2 + +echo "nameserver 1.1.1.1" | sudo tee $DISK_ROOT/etc/resolv.conf + +sudo tee $DISK_ROOT/etc/systemd/system/firecracker-network.service <<-'EOF' +[Unit] +Description=Firecracker Network + +[Service] +Type=oneshot +ExecStart=ip link set eth0 up +ExecStart=ip addr add 172.16.0.2/24 dev eth0 +ExecStart=ip route add default via 172.16.0.1 dev eth0 +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target +EOF + +sudo ln -s /etc/systemd/system/firecracker-network.service $DISK_ROOT/etc/systemd/system/multi-user.target.wants/ + +# Remove default (locked) root password +# See https://github.com/archlinux/svntogit-packages/commit/0320c909f3867d47576083e853543bab1705185b + +sudo sed 's/^root:.*/root::14871::::::/' -i $DISK_ROOT/etc/shadow + +sudo umount $DISK_ROOT +rmdir $DISK_ROOT -- 2.45.2 From d870be5ace9aa1213a4520b28f50a1ff9305b248 Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Fri, 5 Jan 2024 14:48:27 +0100 Subject: [PATCH 02/34] This will definitely break in 2057 (TODO) Signed-off-by: RouxAntoine --- Makefile | 2 +- rootf-kernel/kernel.sh | 0 rootf-kernel/rootfs.sh | 0 3 files changed, 1 insertion(+), 1 deletion(-) mode change 100644 => 100755 rootf-kernel/kernel.sh mode change 100644 => 100755 rootf-kernel/rootfs.sh diff --git a/Makefile b/Makefile index 8a2b614..a934745 100644 --- a/Makefile +++ b/Makefile @@ -15,7 +15,7 @@ build: $(EXEC) run: $(EXEC) @chmod +x $(EXEC) - $(EXEC) + sudo $(EXEC) ci: golangci-lint run --fix diff --git a/rootf-kernel/kernel.sh b/rootf-kernel/kernel.sh old mode 100644 new mode 100755 diff --git a/rootf-kernel/rootfs.sh b/rootf-kernel/rootfs.sh old mode 100644 new mode 100755 -- 2.45.2 From 0ce44f6e7b6bbb05f65470585b8d952a601f8045 Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Fri, 5 Jan 2024 14:49:34 +0100 Subject: [PATCH 03/34] I understand that it's an antipattern, but it's convenient. Signed-off-by: RouxAntoine --- cmd/main.go | 11 ++++++----- rootf-kernel/rootfs.sh | 16 ++++++++-------- 2 files changed, 14 insertions(+), 13 deletions(-) diff --git a/cmd/main.go b/cmd/main.go index b512685..3e6e52f 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -89,17 +89,18 @@ func setupEnv() int { cpuCount := int64(4) memorySize := int64(1024) isSmt := true + socketPath := "/tmp/firecracker.socket" cfg := firecracker.Config{ - SocketPath: "/tmp/firecracker.socket", - KernelImagePath: "./vmlinux-5.10.204", - LogPath: "./firecracker.log", + SocketPath: socketPath, + KernelImagePath: "./out/vmlinux-5.10.204", + LogPath: "./out/firecracker.log", LogLevel: "Debug", KernelArgs: "console=ttyS0 reboot=k panic=1 pci=off", Drives: []models.Drive{ { DriveID: firecracker.String("rootfs"), - PathOnHost: firecracker.String("./ubuntu-22.04.ext4"), + PathOnHost: firecracker.String("./out/ubuntu-22.04.ext4"), IsReadOnly: firecracker.Bool(false), IsRootDevice: firecracker.Bool(true), }, @@ -130,7 +131,7 @@ func setupEnv() int { firecracker.WithProcessRunner( firecracker.VMCommandBuilder{}. WithBin("firecracker"). - WithSocketPath("/tmp/firecracker.socket"). + WithSocketPath(socketPath). //WithStdin(os.Stdin). //WithStdout(os.Stdout). //WithStderr(os.Stderr). diff --git a/rootf-kernel/rootfs.sh b/rootf-kernel/rootfs.sh index bc9a485..5c491c7 100755 --- a/rootf-kernel/rootfs.sh +++ b/rootf-kernel/rootfs.sh @@ -2,14 +2,14 @@ # inspired by https://github.com/oraoto/archlinux-firecracker/blob/master/scripts/build-arch-rootfs.sh -DISK_SIZE=4G -DISK_FILE=../output/arch-rootfs.ext4 -DISK_ROOT=../output/mount +DISK_SIZE=10G +DISK_FILE=../out/arch-rootfs.ext4 +DISK_ROOT=../out/mount cd $(dirname "${BASH_SOURCE[0]}") # Allocate rootfs disk -fallocate -l 4G $DISK_FILE +dd if=/dev/zero of="$DISK_FILE" bs=1M count="$DISK_SIZE" mkfs.ext4 $DISK_FILE # Mount rootfs to mount @@ -17,13 +17,13 @@ mkdir -p $DISK_ROOT sudo mount $DISK_FILE $DISK_ROOT -yes y | sudo pacstrap -i -c $DISK_ROOT bash filesystem systemd-sysvcompat pacman iproute2 +yes y | sudo pacstrap -i -c $DISK_ROOT bash filesystem systemd-sysvcompat pacman iproute2 git echo "nameserver 1.1.1.1" | sudo tee $DISK_ROOT/etc/resolv.conf -sudo tee $DISK_ROOT/etc/systemd/system/firecracker-network.service <<-'EOF' +sudo tee $DISK_ROOT/etc/systemd/system/internal-network.service <<-'EOF' [Unit] -Description=Firecracker Network +Description=Internal Network [Service] Type=oneshot @@ -36,7 +36,7 @@ RemainAfterExit=yes WantedBy=multi-user.target EOF -sudo ln -s /etc/systemd/system/firecracker-network.service $DISK_ROOT/etc/systemd/system/multi-user.target.wants/ +sudo ln -s /etc/systemd/system/internal-network.service $DISK_ROOT/etc/systemd/system/multi-user.target.wants/ # Remove default (locked) root password # See https://github.com/archlinux/svntogit-packages/commit/0320c909f3867d47576083e853543bab1705185b -- 2.45.2 From 507d7025c7b791de5e42ca23559958ae84b04e5a Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Fri, 5 Jan 2024 14:55:09 +0100 Subject: [PATCH 04/34] Updated Signed-off-by: RouxAntoine --- rootf-kernel/rootfs.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rootf-kernel/rootfs.sh b/rootf-kernel/rootfs.sh index 5c491c7..31c90b4 100755 --- a/rootf-kernel/rootfs.sh +++ b/rootf-kernel/rootfs.sh @@ -2,12 +2,12 @@ # inspired by https://github.com/oraoto/archlinux-firecracker/blob/master/scripts/build-arch-rootfs.sh +set -x + DISK_SIZE=10G DISK_FILE=../out/arch-rootfs.ext4 DISK_ROOT=../out/mount -cd $(dirname "${BASH_SOURCE[0]}") - # Allocate rootfs disk dd if=/dev/zero of="$DISK_FILE" bs=1M count="$DISK_SIZE" mkfs.ext4 $DISK_FILE -- 2.45.2 From b61befb04f0e9217e40ec670759bd0e3e51c83e7 Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Fri, 5 Jan 2024 15:23:11 +0100 Subject: [PATCH 05/34] Is there an achievement for this? Signed-off-by: RouxAntoine --- rootf-kernel/rootfs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rootf-kernel/rootfs.sh b/rootf-kernel/rootfs.sh index 31c90b4..ddccd4e 100755 --- a/rootf-kernel/rootfs.sh +++ b/rootf-kernel/rootfs.sh @@ -9,7 +9,7 @@ DISK_FILE=../out/arch-rootfs.ext4 DISK_ROOT=../out/mount # Allocate rootfs disk -dd if=/dev/zero of="$DISK_FILE" bs=1M count="$DISK_SIZE" +fallocate -l "$DISK_SIZE" "$DISK_FILE" mkfs.ext4 $DISK_FILE # Mount rootfs to mount -- 2.45.2 From 1af7b5882f9342161991369ed7e620cb726b8e8a Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Fri, 5 Jan 2024 15:28:49 +0100 Subject: [PATCH 06/34] All your codebase are belong to us. Signed-off-by: RouxAntoine --- rootf-kernel/rootfs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rootf-kernel/rootfs.sh b/rootf-kernel/rootfs.sh index ddccd4e..ef19413 100755 --- a/rootf-kernel/rootfs.sh +++ b/rootf-kernel/rootfs.sh @@ -17,7 +17,7 @@ mkdir -p $DISK_ROOT sudo mount $DISK_FILE $DISK_ROOT -yes y | sudo pacstrap -i -c $DISK_ROOT bash filesystem systemd-sysvcompat pacman iproute2 git +sudo pacstrap -c $DISK_ROOT bash filesystem systemd-sysvcompat pacman iproute2 git echo "nameserver 1.1.1.1" | sudo tee $DISK_ROOT/etc/resolv.conf -- 2.45.2 From 615fd48a59bdd543c959f1de926c91a9f47c2fb7 Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Fri, 5 Jan 2024 15:30:41 +0100 Subject: [PATCH 07/34] Removed test case since code didn't pass QA Signed-off-by: RouxAntoine --- cmd/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/main.go b/cmd/main.go index 3e6e52f..7c1c360 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -100,7 +100,7 @@ func setupEnv() int { Drives: []models.Drive{ { DriveID: firecracker.String("rootfs"), - PathOnHost: firecracker.String("./out/ubuntu-22.04.ext4"), + PathOnHost: firecracker.String("./out/rootfs.ext4"), IsReadOnly: firecracker.Bool(false), IsRootDevice: firecracker.Bool(true), }, -- 2.45.2 From 80df61cd15d875fba1222dbab60b01e92783a07d Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Fri, 5 Jan 2024 18:47:00 +0100 Subject: [PATCH 08/34] It fucking compiles \:D/ Signed-off-by: RouxAntoine --- rootf-kernel/Makefile | 24 ++++++++++++++++++---- rootf-kernel/alpine-rootf.sh | 24 ++++++++++++++++++++++ rootf-kernel/{rootfs.sh => arch-rootfs.sh} | 0 3 files changed, 44 insertions(+), 4 deletions(-) create mode 100644 rootf-kernel/alpine-rootf.sh rename rootf-kernel/{rootfs.sh => arch-rootfs.sh} (100%) diff --git a/rootf-kernel/Makefile b/rootf-kernel/Makefile index b5987ea..5e5425f 100644 --- a/rootf-kernel/Makefile +++ b/rootf-kernel/Makefile @@ -1,6 +1,22 @@ -.PHONY: get-alpine-rootfs +.PHONY: use-alpine use-arch use-ubuntu -get-alpine-rootfs: out/alpine-minirootfs-3.19.0-x86_64.tar.gz -out/alpine-minirootfs-3.19.0-x86_64.tar.gz: - wget -O $@ https://dl-cdn.alpinelinux.org/alpine/v3.19/releases/x86_64/alpine-minirootfs-3.19.0-x86_64.tar.gz +use-arch: ../out/arch-rootfs.ext4 + ln -s $< ../out/rootfs.ext4 + +use-alpine: ../out/alpine-rootf.ext4 + ln -s $< ../out/rootfs.ext4 + +use-ubuntu: ../out/ubuntu-22.04.ext4 + ln -s $< ../out/rootfs.ext4 + + + +../out/arch-rootfs.ext4: + bash ./arch-rootf.sh + +../out/alpine-rootf.ext4: + bash ./alpine-rootf.sh + +../out/ubuntu-22.04.ext4: + wget -O $@ https://s3.amazonaws.com/spec.ccfc.min/firecracker-ci/v1.7/$$(uname -m)/ubuntu-22.04.ext4 diff --git a/rootf-kernel/alpine-rootf.sh b/rootf-kernel/alpine-rootf.sh new file mode 100644 index 0000000..98d3df1 --- /dev/null +++ b/rootf-kernel/alpine-rootf.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +set -x + +DISK_SIZE=10G +DISK_FILE=../out/alpine-rootfs.ext4 +DISK_ROOT=../out/mount + +# Allocate rootfs disk +fallocate -l "$DISK_SIZE" "$DISK_FILE" +mkfs.ext4 $DISK_FILE + +# Mount rootfs to mount +mkdir -p $DISK_ROOT + +sudo mount $DISK_FILE $DISK_ROOT + +wget -O ../out/alpine-minirootfs-3.19.0-x86_64.tar.gz https://dl-cdn.alpinelinux.org/alpine/v3.19/releases/x86_64/alpine-minirootfs-3.19.0-x86_64.tar.gz + +tar xvf ../out/alpine-minirootfs-3.12.0-x86.tar.gz --directory="$DISK_ROOT" + + +sudo umount $DISK_ROOT +rmdir $DISK_ROOT diff --git a/rootf-kernel/rootfs.sh b/rootf-kernel/arch-rootfs.sh similarity index 100% rename from rootf-kernel/rootfs.sh rename to rootf-kernel/arch-rootfs.sh -- 2.45.2 From 80ce6c84d9555ef9620808a293bccdb2fd54a65b Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Fri, 5 Jan 2024 18:49:45 +0100 Subject: [PATCH 09/34] This bug has driven lots of coders completely mad. You won't believe how it ended up being fixed Signed-off-by: RouxAntoine --- rootf-kernel/Makefile | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/rootf-kernel/Makefile b/rootf-kernel/Makefile index 5e5425f..28cbcd3 100644 --- a/rootf-kernel/Makefile +++ b/rootf-kernel/Makefile @@ -7,11 +7,10 @@ use-arch: ../out/arch-rootfs.ext4 use-alpine: ../out/alpine-rootf.ext4 ln -s $< ../out/rootfs.ext4 -use-ubuntu: ../out/ubuntu-22.04.ext4 +use-ubuntu: ../out/ubuntu-22.04.ext4 ../out/ubuntu-22.04.id_rsa ln -s $< ../out/rootfs.ext4 - ../out/arch-rootfs.ext4: bash ./arch-rootf.sh @@ -20,3 +19,7 @@ use-ubuntu: ../out/ubuntu-22.04.ext4 ../out/ubuntu-22.04.ext4: wget -O $@ https://s3.amazonaws.com/spec.ccfc.min/firecracker-ci/v1.7/$$(uname -m)/ubuntu-22.04.ext4 + +../out/ubuntu-22.04.id_rsa: + wget -O $@ https://s3.amazonaws.com/spec.ccfc.min/firecracker-ci/v1.7/$$(uname -m)/ubuntu-22.04.id_rsa + chmod 400 $@ -- 2.45.2 From f8d1c1042c95abe160cc5f1a966b341ea863748e Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Fri, 5 Jan 2024 18:52:03 +0100 Subject: [PATCH 10/34] TODO: Replace placeholder code Signed-off-by: RouxAntoine --- rootf-kernel/Makefile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/rootf-kernel/Makefile b/rootf-kernel/Makefile index 28cbcd3..b3c3599 100644 --- a/rootf-kernel/Makefile +++ b/rootf-kernel/Makefile @@ -10,6 +10,11 @@ use-alpine: ../out/alpine-rootf.ext4 use-ubuntu: ../out/ubuntu-22.04.ext4 ../out/ubuntu-22.04.id_rsa ln -s $< ../out/rootfs.ext4 +kernel: ../out/vmlinux-5.10.204 + + +../out/vmlinux-5.10.204: + wget -O $@ https://s3.amazonaws.com/spec.ccfc.min/firecracker-ci/v1.7/${ARCH}/vmlinux-5.10.204 ../out/arch-rootfs.ext4: bash ./arch-rootf.sh -- 2.45.2 From 7163e77cf82ea07303704b33538f22bc26c373bb Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Fri, 5 Jan 2024 18:50:56 +0100 Subject: [PATCH 11/34] Please forgive me Signed-off-by: RouxAntoine --- rootf-kernel/alpine-rootf.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 rootf-kernel/alpine-rootf.sh diff --git a/rootf-kernel/alpine-rootf.sh b/rootf-kernel/alpine-rootf.sh old mode 100644 new mode 100755 -- 2.45.2 From 5be5849ab0b22a8658cdd81c3d894d4d0c513707 Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Fri, 5 Jan 2024 19:02:17 +0100 Subject: [PATCH 12/34] remove certain things and added stuff Signed-off-by: RouxAntoine --- rootf-kernel/Makefile | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/rootf-kernel/Makefile b/rootf-kernel/Makefile index b3c3599..2b359a3 100644 --- a/rootf-kernel/Makefile +++ b/rootf-kernel/Makefile @@ -1,5 +1,8 @@ .PHONY: use-alpine use-arch use-ubuntu +# aarch64 +# x86_64 +ARCH=x86_64 use-arch: ../out/arch-rootfs.ext4 ln -s $< ../out/rootfs.ext4 @@ -11,10 +14,10 @@ use-ubuntu: ../out/ubuntu-22.04.ext4 ../out/ubuntu-22.04.id_rsa ln -s $< ../out/rootfs.ext4 kernel: ../out/vmlinux-5.10.204 - + @echo "linux kernel retrieve" ../out/vmlinux-5.10.204: - wget -O $@ https://s3.amazonaws.com/spec.ccfc.min/firecracker-ci/v1.7/${ARCH}/vmlinux-5.10.204 + wget -O $@ https://s3.amazonaws.com/spec.ccfc.min/firecracker-ci/v1.7/$(ARCH)/vmlinux-5.10.204 ../out/arch-rootfs.ext4: bash ./arch-rootf.sh @@ -23,8 +26,8 @@ kernel: ../out/vmlinux-5.10.204 bash ./alpine-rootf.sh ../out/ubuntu-22.04.ext4: - wget -O $@ https://s3.amazonaws.com/spec.ccfc.min/firecracker-ci/v1.7/$$(uname -m)/ubuntu-22.04.ext4 + wget -O $@ https://s3.amazonaws.com/spec.ccfc.min/firecracker-ci/v1.7/$(ARCH)/ubuntu-22.04.ext4 ../out/ubuntu-22.04.id_rsa: - wget -O $@ https://s3.amazonaws.com/spec.ccfc.min/firecracker-ci/v1.7/$$(uname -m)/ubuntu-22.04.id_rsa + wget -O $@ https://s3.amazonaws.com/spec.ccfc.min/firecracker-ci/v1.7/$(ARCH)/ubuntu-22.04.id_rsa chmod 400 $@ -- 2.45.2 From 8f8fdefd74c9f3a88c3a88d822c19d51f5f38abd Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Fri, 5 Jan 2024 19:05:29 +0100 Subject: [PATCH 13/34] SHIT ===> GOLD Signed-off-by: RouxAntoine --- cmd/main.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cmd/main.go b/cmd/main.go index 7c1c360..e07057f 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -93,14 +93,14 @@ func setupEnv() int { cfg := firecracker.Config{ SocketPath: socketPath, - KernelImagePath: "./out/vmlinux-5.10.204", - LogPath: "./out/firecracker.log", + KernelImagePath: "./vmlinux-5.10.204", + LogPath: "./firecracker.log", LogLevel: "Debug", KernelArgs: "console=ttyS0 reboot=k panic=1 pci=off", Drives: []models.Drive{ { DriveID: firecracker.String("rootfs"), - PathOnHost: firecracker.String("./out/rootfs.ext4"), + PathOnHost: firecracker.String("./rootfs.ext4"), IsReadOnly: firecracker.Bool(false), IsRootDevice: firecracker.Bool(true), }, -- 2.45.2 From 20ad9f7aa3b7161bebeacffa95ba0a4b38b6b949 Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Fri, 5 Jan 2024 19:08:48 +0100 Subject: [PATCH 14/34] I already said I was sorry Signed-off-by: RouxAntoine --- rootf-kernel/Makefile | 8 ++++---- rootf-kernel/{alpine-rootf.sh => alpine-rootfs.sh} | 0 2 files changed, 4 insertions(+), 4 deletions(-) rename rootf-kernel/{alpine-rootf.sh => alpine-rootfs.sh} (100%) diff --git a/rootf-kernel/Makefile b/rootf-kernel/Makefile index 2b359a3..2ea2edd 100644 --- a/rootf-kernel/Makefile +++ b/rootf-kernel/Makefile @@ -7,7 +7,7 @@ ARCH=x86_64 use-arch: ../out/arch-rootfs.ext4 ln -s $< ../out/rootfs.ext4 -use-alpine: ../out/alpine-rootf.ext4 +use-alpine: ../out/alpine-rootfs.ext4 ln -s $< ../out/rootfs.ext4 use-ubuntu: ../out/ubuntu-22.04.ext4 ../out/ubuntu-22.04.id_rsa @@ -20,10 +20,10 @@ kernel: ../out/vmlinux-5.10.204 wget -O $@ https://s3.amazonaws.com/spec.ccfc.min/firecracker-ci/v1.7/$(ARCH)/vmlinux-5.10.204 ../out/arch-rootfs.ext4: - bash ./arch-rootf.sh + bash ./arch-rootfs.sh -../out/alpine-rootf.ext4: - bash ./alpine-rootf.sh +../out/alpine-rootfs.ext4: + bash ./alpine-rootfs.sh ../out/ubuntu-22.04.ext4: wget -O $@ https://s3.amazonaws.com/spec.ccfc.min/firecracker-ci/v1.7/$(ARCH)/ubuntu-22.04.ext4 diff --git a/rootf-kernel/alpine-rootf.sh b/rootf-kernel/alpine-rootfs.sh similarity index 100% rename from rootf-kernel/alpine-rootf.sh rename to rootf-kernel/alpine-rootfs.sh -- 2.45.2 From 30c9f4b5f71540d0e8c19475fefbbe0ffd10ab14 Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Fri, 5 Jan 2024 19:09:43 +0100 Subject: [PATCH 15/34] starting the service is always better Signed-off-by: RouxAntoine --- rootf-kernel/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rootf-kernel/Makefile b/rootf-kernel/Makefile index 2ea2edd..9e796ad 100644 --- a/rootf-kernel/Makefile +++ b/rootf-kernel/Makefile @@ -5,13 +5,13 @@ ARCH=x86_64 use-arch: ../out/arch-rootfs.ext4 - ln -s $< ../out/rootfs.ext4 + ln -fs $< ../out/rootfs.ext4 use-alpine: ../out/alpine-rootfs.ext4 - ln -s $< ../out/rootfs.ext4 + ln -fs $< ../out/rootfs.ext4 use-ubuntu: ../out/ubuntu-22.04.ext4 ../out/ubuntu-22.04.id_rsa - ln -s $< ../out/rootfs.ext4 + ln -fs $< ../out/rootfs.ext4 kernel: ../out/vmlinux-5.10.204 @echo "linux kernel retrieve" -- 2.45.2 From 5c4494b6df04e67493aa9368a24c0380a65d48c3 Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Fri, 5 Jan 2024 19:12:59 +0100 Subject: [PATCH 16/34] Fix the fixes Signed-off-by: RouxAntoine --- rootf-kernel/arch-rootfs.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/rootf-kernel/arch-rootfs.sh b/rootf-kernel/arch-rootfs.sh index ef19413..fc131a2 100755 --- a/rootf-kernel/arch-rootfs.sh +++ b/rootf-kernel/arch-rootfs.sh @@ -37,6 +37,7 @@ WantedBy=multi-user.target EOF sudo ln -s /etc/systemd/system/internal-network.service $DISK_ROOT/etc/systemd/system/multi-user.target.wants/ +sudo ln -s /usr/lib/systemd/system/sshd.service $DISK_ROOT/etc/systemd/system/multi-user.target.wants/ # Remove default (locked) root password # See https://github.com/archlinux/svntogit-packages/commit/0320c909f3867d47576083e853543bab1705185b -- 2.45.2 From 9d2c64daab6216caf85c59fe2ff405a58ac3d48f Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Fri, 5 Jan 2024 19:15:29 +0100 Subject: [PATCH 17/34] this is Spartaaaaaaaa Signed-off-by: RouxAntoine --- cmd/main.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cmd/main.go b/cmd/main.go index e07057f..ed6fb56 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -132,9 +132,9 @@ func setupEnv() int { firecracker.VMCommandBuilder{}. WithBin("firecracker"). WithSocketPath(socketPath). - //WithStdin(os.Stdin). - //WithStdout(os.Stdout). - //WithStderr(os.Stderr). + WithStdin(os.Stdin). + WithStdout(os.Stdout). + WithStderr(os.Stderr). Build(ctx), ), firecracker.WithLogger(logrus.NewEntry(log)), -- 2.45.2 From 0c7175284bdd875e1b66dc55a1ce7cb50ce2b421 Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Fri, 5 Jan 2024 19:29:30 +0100 Subject: [PATCH 18/34] DEAL WITH IT Signed-off-by: RouxAntoine --- rootf-kernel/arch-rootfs.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/rootf-kernel/arch-rootfs.sh b/rootf-kernel/arch-rootfs.sh index fc131a2..20e5e12 100755 --- a/rootf-kernel/arch-rootfs.sh +++ b/rootf-kernel/arch-rootfs.sh @@ -17,7 +17,7 @@ mkdir -p $DISK_ROOT sudo mount $DISK_FILE $DISK_ROOT -sudo pacstrap -c $DISK_ROOT bash filesystem systemd-sysvcompat pacman iproute2 git +sudo pacstrap -c $DISK_ROOT bash filesystem systemd-sysvcompat pacman iproute2 openssh git vim echo "nameserver 1.1.1.1" | sudo tee $DISK_ROOT/etc/resolv.conf @@ -39,9 +39,14 @@ EOF sudo ln -s /etc/systemd/system/internal-network.service $DISK_ROOT/etc/systemd/system/multi-user.target.wants/ sudo ln -s /usr/lib/systemd/system/sshd.service $DISK_ROOT/etc/systemd/system/multi-user.target.wants/ +# allow root login with empty password, unsafe ! +sudo tee $DISK_ROOT/etc/ssh/sshd_config.d/98-archlinux.conf <<-'EOF' +PermitEmptyPasswords yes +PermitRootLogin yes +EOF + # Remove default (locked) root password # See https://github.com/archlinux/svntogit-packages/commit/0320c909f3867d47576083e853543bab1705185b - sudo sed 's/^root:.*/root::14871::::::/' -i $DISK_ROOT/etc/shadow sudo umount $DISK_ROOT -- 2.45.2 From c3b4d020e0b691708acdd5c93169bac87ff6db19 Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Fri, 5 Jan 2024 19:30:25 +0100 Subject: [PATCH 19/34] You can't see it, but I'm making a very angry face right now Signed-off-by: RouxAntoine --- rootf-kernel/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rootf-kernel/Makefile b/rootf-kernel/Makefile index 9e796ad..74a8b17 100644 --- a/rootf-kernel/Makefile +++ b/rootf-kernel/Makefile @@ -4,10 +4,10 @@ # x86_64 ARCH=x86_64 -use-arch: ../out/arch-rootfs.ext4 +use-arch: ../out/arch-rootfs.ext4 arch-rootfs.sh ln -fs $< ../out/rootfs.ext4 -use-alpine: ../out/alpine-rootfs.ext4 +use-alpine: ../out/alpine-rootfs.ext4 alpine-rootfs.sh ln -fs $< ../out/rootfs.ext4 use-ubuntu: ../out/ubuntu-22.04.ext4 ../out/ubuntu-22.04.id_rsa -- 2.45.2 From b6aaafdce26d5c9ed0383fab47d8ba42f689ae3c Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Fri, 5 Jan 2024 19:31:18 +0100 Subject: [PATCH 20/34] remove certain things and added stuff Signed-off-by: RouxAntoine --- rootf-kernel/Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/rootf-kernel/Makefile b/rootf-kernel/Makefile index 74a8b17..60cb8e8 100644 --- a/rootf-kernel/Makefile +++ b/rootf-kernel/Makefile @@ -4,10 +4,10 @@ # x86_64 ARCH=x86_64 -use-arch: ../out/arch-rootfs.ext4 arch-rootfs.sh +use-arch: ../out/arch-rootfs.ext4 ln -fs $< ../out/rootfs.ext4 -use-alpine: ../out/alpine-rootfs.ext4 alpine-rootfs.sh +use-alpine: ../out/alpine-rootfs.ext4 ln -fs $< ../out/rootfs.ext4 use-ubuntu: ../out/ubuntu-22.04.ext4 ../out/ubuntu-22.04.id_rsa @@ -19,10 +19,10 @@ kernel: ../out/vmlinux-5.10.204 ../out/vmlinux-5.10.204: wget -O $@ https://s3.amazonaws.com/spec.ccfc.min/firecracker-ci/v1.7/$(ARCH)/vmlinux-5.10.204 -../out/arch-rootfs.ext4: +../out/arch-rootfs.ext4: ./arch-rootfs.sh bash ./arch-rootfs.sh -../out/alpine-rootfs.ext4: +../out/alpine-rootfs.ext4: ./alpine-rootfs.sh bash ./alpine-rootfs.sh ../out/ubuntu-22.04.ext4: -- 2.45.2 From 75c9c0f725f576bb47dff85ce4af9b857c7123eb Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Fri, 5 Jan 2024 19:33:17 +0100 Subject: [PATCH 21/34] Feed. You. Stuff. No time. Signed-off-by: RouxAntoine --- rootf-kernel/arch-rootfs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rootf-kernel/arch-rootfs.sh b/rootf-kernel/arch-rootfs.sh index 20e5e12..026162d 100755 --- a/rootf-kernel/arch-rootfs.sh +++ b/rootf-kernel/arch-rootfs.sh @@ -10,7 +10,7 @@ DISK_ROOT=../out/mount # Allocate rootfs disk fallocate -l "$DISK_SIZE" "$DISK_FILE" -mkfs.ext4 $DISK_FILE +mkfs.ext4 -F $DISK_FILE # Mount rootfs to mount mkdir -p $DISK_ROOT -- 2.45.2 From e7f53e8eb4e771044c23ef26fc7aceab48facc46 Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Fri, 5 Jan 2024 19:34:17 +0100 Subject: [PATCH 22/34] Merging the merge Signed-off-by: RouxAntoine --- rootf-kernel/arch-rootfs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rootf-kernel/arch-rootfs.sh b/rootf-kernel/arch-rootfs.sh index 026162d..7f9313c 100755 --- a/rootf-kernel/arch-rootfs.sh +++ b/rootf-kernel/arch-rootfs.sh @@ -2,7 +2,7 @@ # inspired by https://github.com/oraoto/archlinux-firecracker/blob/master/scripts/build-arch-rootfs.sh -set -x +set -ex DISK_SIZE=10G DISK_FILE=../out/arch-rootfs.ext4 -- 2.45.2 From bf5f33b11634f3745cd976a2dc8bca120c74a526 Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Fri, 5 Jan 2024 19:36:03 +0100 Subject: [PATCH 23/34] It's 2016; why are we using ColdFusion?! Signed-off-by: RouxAntoine --- Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Makefile b/Makefile index a934745..390c1dc 100644 --- a/Makefile +++ b/Makefile @@ -17,6 +17,9 @@ run: $(EXEC) @chmod +x $(EXEC) sudo $(EXEC) +ssh: + sudo ip netns exec practical_murdock ssh -o StrictHostKeychecking=no 172.16.0.2 + ci: golangci-lint run --fix -- 2.45.2 From 856954c2ab0b49a1df6d35071bcb089772177fd8 Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Fri, 5 Jan 2024 19:37:36 +0100 Subject: [PATCH 24/34] . Signed-off-by: RouxAntoine --- cmd/main.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/cmd/main.go b/cmd/main.go index ed6fb56..7c1c360 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -93,14 +93,14 @@ func setupEnv() int { cfg := firecracker.Config{ SocketPath: socketPath, - KernelImagePath: "./vmlinux-5.10.204", - LogPath: "./firecracker.log", + KernelImagePath: "./out/vmlinux-5.10.204", + LogPath: "./out/firecracker.log", LogLevel: "Debug", KernelArgs: "console=ttyS0 reboot=k panic=1 pci=off", Drives: []models.Drive{ { DriveID: firecracker.String("rootfs"), - PathOnHost: firecracker.String("./rootfs.ext4"), + PathOnHost: firecracker.String("./out/rootfs.ext4"), IsReadOnly: firecracker.Bool(false), IsRootDevice: firecracker.Bool(true), }, @@ -132,9 +132,9 @@ func setupEnv() int { firecracker.VMCommandBuilder{}. WithBin("firecracker"). WithSocketPath(socketPath). - WithStdin(os.Stdin). - WithStdout(os.Stdout). - WithStderr(os.Stderr). + //WithStdin(os.Stdin). + //WithStdout(os.Stdout). + //WithStderr(os.Stderr). Build(ctx), ), firecracker.WithLogger(logrus.NewEntry(log)), -- 2.45.2 From 6732784910ffcc125bbefeeed89329a93dc22214 Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Fri, 5 Jan 2024 19:38:31 +0100 Subject: [PATCH 25/34] Fix all errors, all errors on the WORLD!!!! Signed-off-by: RouxAntoine --- Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 390c1dc..3310dec 100644 --- a/Makefile +++ b/Makefile @@ -17,8 +17,9 @@ run: $(EXEC) @chmod +x $(EXEC) sudo $(EXEC) +NETNS=practical_murdock ssh: - sudo ip netns exec practical_murdock ssh -o StrictHostKeychecking=no 172.16.0.2 + sudo ip netns exec $(NETNS) ssh -o StrictHostKeychecking=no 172.16.0.2 ci: golangci-lint run --fix -- 2.45.2 From a8a633bd0a16cb9736a4d2608ae19915506c97e8 Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Fri, 5 Jan 2024 19:40:00 +0100 Subject: [PATCH 26/34] Actual final build before release Signed-off-by: RouxAntoine --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 3310dec..e5ff336 100644 --- a/Makefile +++ b/Makefile @@ -17,9 +17,9 @@ run: $(EXEC) @chmod +x $(EXEC) sudo $(EXEC) -NETNS=practical_murdock +NS=practical_murdock ssh: - sudo ip netns exec $(NETNS) ssh -o StrictHostKeychecking=no 172.16.0.2 + sudo ip netns exec $(NS) ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeychecking=no 172.16.0.2 ci: golangci-lint run --fix -- 2.45.2 From 08a985cd8a1979dc9683e670f17f6a5891b8d970 Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Fri, 5 Jan 2024 19:42:26 +0100 Subject: [PATCH 27/34] So my boss wanted this button ... Signed-off-by: RouxAntoine --- rootf-kernel/alpine-rootfs.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rootf-kernel/alpine-rootfs.sh b/rootf-kernel/alpine-rootfs.sh index 98d3df1..cb05e01 100755 --- a/rootf-kernel/alpine-rootfs.sh +++ b/rootf-kernel/alpine-rootfs.sh @@ -1,6 +1,6 @@ #!/bin/bash -set -x +set -ex DISK_SIZE=10G DISK_FILE=../out/alpine-rootfs.ext4 @@ -20,5 +20,5 @@ wget -O ../out/alpine-minirootfs-3.19.0-x86_64.tar.gz https://dl-cdn.alpinelinux tar xvf ../out/alpine-minirootfs-3.12.0-x86.tar.gz --directory="$DISK_ROOT" -sudo umount $DISK_ROOT -rmdir $DISK_ROOT +#sudo umount $DISK_ROOT +#rmdir $DISK_ROOT -- 2.45.2 From 6c797ae3ffb475df784ef63e42853fba8cf85923 Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Fri, 5 Jan 2024 19:43:42 +0100 Subject: [PATCH 28/34] bla Signed-off-by: RouxAntoine --- rootf-kernel/alpine-rootfs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rootf-kernel/alpine-rootfs.sh b/rootf-kernel/alpine-rootfs.sh index cb05e01..533cd8e 100755 --- a/rootf-kernel/alpine-rootfs.sh +++ b/rootf-kernel/alpine-rootfs.sh @@ -17,7 +17,7 @@ sudo mount $DISK_FILE $DISK_ROOT wget -O ../out/alpine-minirootfs-3.19.0-x86_64.tar.gz https://dl-cdn.alpinelinux.org/alpine/v3.19/releases/x86_64/alpine-minirootfs-3.19.0-x86_64.tar.gz -tar xvf ../out/alpine-minirootfs-3.12.0-x86.tar.gz --directory="$DISK_ROOT" +tar xvf ../out/alpine-minirootfs-3.19.0-x86_64.tar.gz --directory="$DISK_ROOT" #sudo umount $DISK_ROOT -- 2.45.2 From e961d456ecb962d892a7c875a4c79553bd72cc9b Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Fri, 5 Jan 2024 19:44:34 +0100 Subject: [PATCH 29/34] Things went wrong... Signed-off-by: RouxAntoine --- rootf-kernel/alpine-rootfs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rootf-kernel/alpine-rootfs.sh b/rootf-kernel/alpine-rootfs.sh index 533cd8e..010ebd0 100755 --- a/rootf-kernel/alpine-rootfs.sh +++ b/rootf-kernel/alpine-rootfs.sh @@ -8,7 +8,7 @@ DISK_ROOT=../out/mount # Allocate rootfs disk fallocate -l "$DISK_SIZE" "$DISK_FILE" -mkfs.ext4 $DISK_FILE +mkfs.ext4 -F $DISK_FILE # Mount rootfs to mount mkdir -p $DISK_ROOT -- 2.45.2 From abb2767e129d516017297e850aa1d188b5092175 Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Fri, 5 Jan 2024 19:47:19 +0100 Subject: [PATCH 30/34] Commit committed.... Signed-off-by: RouxAntoine --- cmd/main.go | 6 +++--- rootf-kernel/alpine-rootfs.sh | 7 +++---- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/cmd/main.go b/cmd/main.go index 7c1c360..59193b7 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -132,9 +132,9 @@ func setupEnv() int { firecracker.VMCommandBuilder{}. WithBin("firecracker"). WithSocketPath(socketPath). - //WithStdin(os.Stdin). - //WithStdout(os.Stdout). - //WithStderr(os.Stderr). + WithStdin(os.Stdin). + WithStdout(os.Stdout). + WithStderr(os.Stderr). Build(ctx), ), firecracker.WithLogger(logrus.NewEntry(log)), diff --git a/rootf-kernel/alpine-rootfs.sh b/rootf-kernel/alpine-rootfs.sh index 010ebd0..92cb8c2 100755 --- a/rootf-kernel/alpine-rootfs.sh +++ b/rootf-kernel/alpine-rootfs.sh @@ -17,8 +17,7 @@ sudo mount $DISK_FILE $DISK_ROOT wget -O ../out/alpine-minirootfs-3.19.0-x86_64.tar.gz https://dl-cdn.alpinelinux.org/alpine/v3.19/releases/x86_64/alpine-minirootfs-3.19.0-x86_64.tar.gz -tar xvf ../out/alpine-minirootfs-3.19.0-x86_64.tar.gz --directory="$DISK_ROOT" +sudo tar xvf ../out/alpine-minirootfs-3.19.0-x86_64.tar.gz --directory="$DISK_ROOT" - -#sudo umount $DISK_ROOT -#rmdir $DISK_ROOT +sudo umount $DISK_ROOT +rmdir $DISK_ROOT -- 2.45.2 From 970092d5064bd1519236802a5dc9f05fca60034c Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Fri, 5 Jan 2024 19:49:16 +0100 Subject: [PATCH 31/34] Oh my god what year is it?! Signed-off-by: RouxAntoine --- rootf-kernel/alpine-rootfs.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/rootf-kernel/alpine-rootfs.sh b/rootf-kernel/alpine-rootfs.sh index 92cb8c2..824ead5 100755 --- a/rootf-kernel/alpine-rootfs.sh +++ b/rootf-kernel/alpine-rootfs.sh @@ -18,6 +18,7 @@ sudo mount $DISK_FILE $DISK_ROOT wget -O ../out/alpine-minirootfs-3.19.0-x86_64.tar.gz https://dl-cdn.alpinelinux.org/alpine/v3.19/releases/x86_64/alpine-minirootfs-3.19.0-x86_64.tar.gz sudo tar xvf ../out/alpine-minirootfs-3.19.0-x86_64.tar.gz --directory="$DISK_ROOT" +rm ../out/alpine-minirootfs-3.19.0-x86_64.tar.gz sudo umount $DISK_ROOT rmdir $DISK_ROOT -- 2.45.2 From 8fa8bf7e1a8334bb3e4920d973e2713f8e3b38ed Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Sat, 6 Jan 2024 13:37:30 +0100 Subject: [PATCH 32/34] Final commit, ready for tagging Signed-off-by: RouxAntoine --- {rootf-kernel => rootfs-kernel}/Makefile | 0 {rootf-kernel => rootfs-kernel}/alpine-rootfs.sh | 0 {rootf-kernel => rootfs-kernel}/arch-rootfs.sh | 0 {rootf-kernel => rootfs-kernel}/kernel-config/fs.config | 0 {rootf-kernel => rootfs-kernel}/kernel-config/net.config | 0 {rootf-kernel => rootfs-kernel}/kernel-config/virtio.config | 0 {rootf-kernel => rootfs-kernel}/kernel.sh | 0 7 files changed, 0 insertions(+), 0 deletions(-) rename {rootf-kernel => rootfs-kernel}/Makefile (100%) rename {rootf-kernel => rootfs-kernel}/alpine-rootfs.sh (100%) rename {rootf-kernel => rootfs-kernel}/arch-rootfs.sh (100%) rename {rootf-kernel => rootfs-kernel}/kernel-config/fs.config (100%) rename {rootf-kernel => rootfs-kernel}/kernel-config/net.config (100%) rename {rootf-kernel => rootfs-kernel}/kernel-config/virtio.config (100%) rename {rootf-kernel => rootfs-kernel}/kernel.sh (100%) diff --git a/rootf-kernel/Makefile b/rootfs-kernel/Makefile similarity index 100% rename from rootf-kernel/Makefile rename to rootfs-kernel/Makefile diff --git a/rootf-kernel/alpine-rootfs.sh b/rootfs-kernel/alpine-rootfs.sh similarity index 100% rename from rootf-kernel/alpine-rootfs.sh rename to rootfs-kernel/alpine-rootfs.sh diff --git a/rootf-kernel/arch-rootfs.sh b/rootfs-kernel/arch-rootfs.sh similarity index 100% rename from rootf-kernel/arch-rootfs.sh rename to rootfs-kernel/arch-rootfs.sh diff --git a/rootf-kernel/kernel-config/fs.config b/rootfs-kernel/kernel-config/fs.config similarity index 100% rename from rootf-kernel/kernel-config/fs.config rename to rootfs-kernel/kernel-config/fs.config diff --git a/rootf-kernel/kernel-config/net.config b/rootfs-kernel/kernel-config/net.config similarity index 100% rename from rootf-kernel/kernel-config/net.config rename to rootfs-kernel/kernel-config/net.config diff --git a/rootf-kernel/kernel-config/virtio.config b/rootfs-kernel/kernel-config/virtio.config similarity index 100% rename from rootf-kernel/kernel-config/virtio.config rename to rootfs-kernel/kernel-config/virtio.config diff --git a/rootf-kernel/kernel.sh b/rootfs-kernel/kernel.sh similarity index 100% rename from rootf-kernel/kernel.sh rename to rootfs-kernel/kernel.sh -- 2.45.2 From bae4a4eba895dea172b2aa839b0130410a49edfc Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Sat, 6 Jan 2024 14:19:24 +0100 Subject: [PATCH 33/34] It's 2016; why are we using ColdFusion?! Signed-off-by: RouxAntoine --- rootfs-kernel/Makefile | 8 +------- rootfs-kernel/alpine-rootfs.sh | 24 ------------------------ 2 files changed, 1 insertion(+), 31 deletions(-) delete mode 100755 rootfs-kernel/alpine-rootfs.sh diff --git a/rootfs-kernel/Makefile b/rootfs-kernel/Makefile index 60cb8e8..71cce6e 100644 --- a/rootfs-kernel/Makefile +++ b/rootfs-kernel/Makefile @@ -1,4 +1,4 @@ -.PHONY: use-alpine use-arch use-ubuntu +.PHONY: use-arch use-ubuntu # aarch64 # x86_64 @@ -7,9 +7,6 @@ ARCH=x86_64 use-arch: ../out/arch-rootfs.ext4 ln -fs $< ../out/rootfs.ext4 -use-alpine: ../out/alpine-rootfs.ext4 - ln -fs $< ../out/rootfs.ext4 - use-ubuntu: ../out/ubuntu-22.04.ext4 ../out/ubuntu-22.04.id_rsa ln -fs $< ../out/rootfs.ext4 @@ -22,9 +19,6 @@ kernel: ../out/vmlinux-5.10.204 ../out/arch-rootfs.ext4: ./arch-rootfs.sh bash ./arch-rootfs.sh -../out/alpine-rootfs.ext4: ./alpine-rootfs.sh - bash ./alpine-rootfs.sh - ../out/ubuntu-22.04.ext4: wget -O $@ https://s3.amazonaws.com/spec.ccfc.min/firecracker-ci/v1.7/$(ARCH)/ubuntu-22.04.ext4 diff --git a/rootfs-kernel/alpine-rootfs.sh b/rootfs-kernel/alpine-rootfs.sh deleted file mode 100755 index 824ead5..0000000 --- a/rootfs-kernel/alpine-rootfs.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash - -set -ex - -DISK_SIZE=10G -DISK_FILE=../out/alpine-rootfs.ext4 -DISK_ROOT=../out/mount - -# Allocate rootfs disk -fallocate -l "$DISK_SIZE" "$DISK_FILE" -mkfs.ext4 -F $DISK_FILE - -# Mount rootfs to mount -mkdir -p $DISK_ROOT - -sudo mount $DISK_FILE $DISK_ROOT - -wget -O ../out/alpine-minirootfs-3.19.0-x86_64.tar.gz https://dl-cdn.alpinelinux.org/alpine/v3.19/releases/x86_64/alpine-minirootfs-3.19.0-x86_64.tar.gz - -sudo tar xvf ../out/alpine-minirootfs-3.19.0-x86_64.tar.gz --directory="$DISK_ROOT" -rm ../out/alpine-minirootfs-3.19.0-x86_64.tar.gz - -sudo umount $DISK_ROOT -rmdir $DISK_ROOT -- 2.45.2 From c9d0b5d3d2ba6069f005a945468099dcb8c16f39 Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Sat, 6 Jan 2024 14:21:10 +0100 Subject: [PATCH 34/34] better code Signed-off-by: RouxAntoine --- cmd/main.go | 22 --- rootfs-kernel/kernel-config/fs.config | 2 - rootfs-kernel/kernel-config/net.config | 158 ---------------------- rootfs-kernel/kernel-config/virtio.config | 16 --- rootfs-kernel/kernel.sh | 47 ------- 5 files changed, 245 deletions(-) delete mode 100644 rootfs-kernel/kernel-config/fs.config delete mode 100644 rootfs-kernel/kernel-config/net.config delete mode 100644 rootfs-kernel/kernel-config/virtio.config delete mode 100755 rootfs-kernel/kernel.sh diff --git a/cmd/main.go b/cmd/main.go index 59193b7..73c3e99 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -110,12 +110,6 @@ func setupEnv() int { StaticConfiguration: &firecracker.StaticNetworkConfiguration{ MacAddress: "06:00:AC:10:00:02", HostDevName: tap.Link.Attrs().Name, - /* IPConfiguration: &firecracker.IPConfiguration{ - IPAddr: tapNetwork, - Gateway: firstIpTapNetwork, - Nameservers: []string{"1.1.1.1"}, - IfName: "net1", - },*/ }, }, }, @@ -132,9 +126,6 @@ func setupEnv() int { firecracker.VMCommandBuilder{}. WithBin("firecracker"). WithSocketPath(socketPath). - WithStdin(os.Stdin). - WithStdout(os.Stdout). - WithStderr(os.Stderr). Build(ctx), ), firecracker.WithLogger(logrus.NewEntry(log)), @@ -159,19 +150,6 @@ func setupEnv() int { return 1 } - /* cmd := exec.Command("/bin/sh") - - cmd.Stdin = os.Stdin - cmd.Stdout = os.Stdout - cmd.Stderr = os.Stderr - - cmd.Env = []string{"PS1=-[ns-process]- # "} - - if err := cmd.Run(); err != nil { - fmt.Printf("Error running the /bin/sh command - %s\n", err) - os.Exit(1) - }*/ - return 0 } diff --git a/rootfs-kernel/kernel-config/fs.config b/rootfs-kernel/kernel-config/fs.config deleted file mode 100644 index 3bff23a..0000000 --- a/rootfs-kernel/kernel-config/fs.config +++ /dev/null @@ -1,2 +0,0 @@ -CONFIG_EXT4_FS=y -CONFIG_OVERLAY_FS=y diff --git a/rootfs-kernel/kernel-config/net.config b/rootfs-kernel/kernel-config/net.config deleted file mode 100644 index 0738ef6..0000000 --- a/rootfs-kernel/kernel-config/net.config +++ /dev/null @@ -1,158 +0,0 @@ -CONFIG_VETH=y -CONFIG_BRIDGE=y -CONFIG_VXLAN=y - -CONFIG_IP_SET=y -CONFIG_IP_SET_BITMAP_IP=y -CONFIG_IP_SET_BITMAP_IPMAC=y -CONFIG_IP_SET_BITMAP_PORT=y -CONFIG_IP_SET_HASH_IP=y -CONFIG_IP_SET_HASH_IPMARK=y -CONFIG_IP_SET_HASH_IPPORT=y -CONFIG_IP_SET_HASH_IPPORTIP=y -CONFIG_IP_SET_HASH_IPPORTNET=y -CONFIG_IP_SET_HASH_IPMAC=y -CONFIG_IP_SET_HASH_MAC=y -CONFIG_IP_SET_HASH_NETPORTNET=y -CONFIG_IP_SET_HASH_NET=y -CONFIG_IP_SET_HASH_NETNET=y -CONFIG_IP_SET_HASH_NETPORT=y -CONFIG_IP_SET_HASH_NETIFACE=y -CONFIG_IP_SET_LIST_SET=y - -CONFIG_NETFILTER=y -CONFIG_NETFILTER_ADVANCED=y -CONFIG_NETFILTER_INGRESS=y -CONFIG_NETFILTER_NETLINK=y -CONFIG_NETFILTER_FAMILY_BRIDGE=y -CONFIG_NETFILTER_FAMILY_ARP=y -CONFIG_NETFILTER_NETLINK_ACCT=y -CONFIG_NETFILTER_NETLINK_QUEUE=y -CONFIG_NETFILTER_NETLINK_LOG=y -CONFIG_NETFILTER_NETLINK_OSF=y -CONFIG_NETFILTER_CONNCOUNT=y -CONFIG_NETFILTER_NETLINK_GLUE_CT=y -CONFIG_NETFILTER_SYNPROXY=y -CONFIG_NETFILTER_XTABLES=y -CONFIG_NETFILTER_XT_MARK=y -CONFIG_NETFILTER_XT_CONNMARK=y -CONFIG_NETFILTER_XT_SET=y -CONFIG_NETFILTER_XT_TARGET_AUDIT=y -CONFIG_NETFILTER_XT_TARGET_CHECKSUM=y -CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y -CONFIG_NETFILTER_XT_TARGET_CONNMARK=y -CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=y -CONFIG_NETFILTER_XT_TARGET_CT=y -CONFIG_NETFILTER_XT_TARGET_DSCP=y -CONFIG_NETFILTER_XT_TARGET_HL=y -CONFIG_NETFILTER_XT_TARGET_HMARK=y -CONFIG_NETFILTER_XT_TARGET_IDLETIMER=y -CONFIG_NETFILTER_XT_TARGET_LED=y -CONFIG_NETFILTER_XT_TARGET_LOG=y -CONFIG_NETFILTER_XT_TARGET_MARK=y -CONFIG_NETFILTER_XT_NAT=y -CONFIG_NETFILTER_XT_TARGET_NETMAP=y -CONFIG_NETFILTER_XT_TARGET_NFLOG=y -CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y -CONFIG_NETFILTER_XT_TARGET_NOTRACK=y -CONFIG_NETFILTER_XT_TARGET_RATEEST=y -CONFIG_NETFILTER_XT_TARGET_REDIRECT=y -CONFIG_NETFILTER_XT_TARGET_TEE=y -CONFIG_NETFILTER_XT_TARGET_TPROXY=y -CONFIG_NETFILTER_XT_TARGET_TRACE=y -CONFIG_NETFILTER_XT_TARGET_SECMARK=y -CONFIG_NETFILTER_XT_TARGET_TCPMSS=y -CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=y -CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y -CONFIG_NETFILTER_XT_MATCH_BPF=y -CONFIG_NETFILTER_XT_MATCH_CGROUP=y -CONFIG_NETFILTER_XT_MATCH_CLUSTER=y -CONFIG_NETFILTER_XT_MATCH_COMMENT=y -CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y -CONFIG_NETFILTER_XT_MATCH_CONNLABEL=y -CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y -CONFIG_NETFILTER_XT_MATCH_CONNMARK=y -CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y -CONFIG_NETFILTER_XT_MATCH_CPU=y -CONFIG_NETFILTER_XT_MATCH_DCCP=y -CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y -CONFIG_NETFILTER_XT_MATCH_DSCP=y -CONFIG_NETFILTER_XT_MATCH_ECN=y -CONFIG_NETFILTER_XT_MATCH_ESP=y -CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y -CONFIG_NETFILTER_XT_MATCH_HELPER=y -CONFIG_NETFILTER_XT_MATCH_HL=y -CONFIG_NETFILTER_XT_MATCH_IPCOMP=y -CONFIG_NETFILTER_XT_MATCH_IPRANGE=y -CONFIG_NETFILTER_XT_MATCH_IPVS=y -CONFIG_NETFILTER_XT_MATCH_L2TP=y -CONFIG_NETFILTER_XT_MATCH_LENGTH=y -CONFIG_NETFILTER_XT_MATCH_LIMIT=y -CONFIG_NETFILTER_XT_MATCH_MAC=y -CONFIG_NETFILTER_XT_MATCH_MARK=y -CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y -CONFIG_NETFILTER_XT_MATCH_NFACCT=y -CONFIG_NETFILTER_XT_MATCH_OSF=y -CONFIG_NETFILTER_XT_MATCH_OWNER=y -CONFIG_NETFILTER_XT_MATCH_POLICY=y -CONFIG_NETFILTER_XT_MATCH_PHYSDEV=y -CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y -CONFIG_NETFILTER_XT_MATCH_QUOTA=y -CONFIG_NETFILTER_XT_MATCH_RATEEST=y -CONFIG_NETFILTER_XT_MATCH_REALM=y -CONFIG_NETFILTER_XT_MATCH_RECENT=y -CONFIG_NETFILTER_XT_MATCH_SCTP=y -CONFIG_NETFILTER_XT_MATCH_SOCKET=y -CONFIG_NETFILTER_XT_MATCH_STATE=y -CONFIG_NETFILTER_XT_MATCH_STATISTIC=y -CONFIG_NETFILTER_XT_MATCH_STRING=y -CONFIG_NETFILTER_XT_MATCH_TCPMSS=y -CONFIG_NETFILTER_XT_MATCH_TIME=y -CONFIG_NETFILTER_XT_MATCH_U32=y - -CONFIG_NF_NAT=y -CONFIG_NF_NAT_NEEDED=y -CONFIG_NF_TABLES=y -CONFIG_NF_TABLES_SET=y -CONFIG_NF_TABLES_INET=y -CONFIG_NF_TABLES_NETDEV=y -CONFIG_NF_DUP_NETDEV=y -CONFIG_NF_FLOW_TABLE_INET=y -CONFIG_NF_FLOW_TABLE=y -CONFIG_NF_DEFRAG_IPV4=y -CONFIG_NF_TABLES_IPV4=y -CONFIG_NF_TABLES_ARP=y -CONFIG_NF_FLOW_TABLE_IPV4=y -CONFIG_NF_DUP_IPV4=y -CONFIG_NF_REJECT_IPV4=y -CONFIG_NF_NAT_IPV4=y -CONFIG_NF_NAT_MASQUERADE_IPV4=y -CONFIG_NF_TABLES_BRIDGE=y - -CONFIG_NF_CONNTRACK=y - -CONFIG_IP_NF_IPTABLES=y -CONFIG_IP_NF_MATCH_AH=y -CONFIG_IP_NF_MATCH_ECN=y -CONFIG_IP_NF_MATCH_RPFILTER=y -CONFIG_IP_NF_MATCH_TTL=y -CONFIG_IP_NF_FILTER=y -CONFIG_IP_NF_TARGET_REJECT=y -CONFIG_IP_NF_TARGET_SYNPROXY=y -CONFIG_IP_NF_NAT=y -CONFIG_IP_NF_TARGET_MASQUERADE=y -CONFIG_IP_NF_TARGET_NETMAP=y -CONFIG_IP_NF_TARGET_REDIRECT=y -CONFIG_IP_NF_MANGLE=y -CONFIG_IP_NF_TARGET_CLUSTERIP=y -CONFIG_IP_NF_TARGET_ECN=y -CONFIG_IP_NF_TARGET_TTL=y -CONFIG_IP_NF_RAW=y -CONFIG_IP_NF_SECURITY=y -CONFIG_IP_NF_ARPTABLES=y -CONFIG_IP_NF_ARPFILTER=y -CONFIG_IP_NF_ARP_MANGLE=y - -CONFIG_NFT_BRIDGE_REJECT=y - -CONFIG_BRIDGE_NETFILTER=y diff --git a/rootfs-kernel/kernel-config/virtio.config b/rootfs-kernel/kernel-config/virtio.config deleted file mode 100644 index b00dc2b..0000000 --- a/rootfs-kernel/kernel-config/virtio.config +++ /dev/null @@ -1,16 +0,0 @@ -CONFIG_BLK_MQ_VIRTIO=y -CONFIG_VIRTIO_BLK=y -CONFIG_VIRTIO_BLK_SCSI=y -CONFIG_SCSI_VIRTIO=y -CONFIG_VIRTIO_NET=y -CONFIG_VIRTIO_CONSOLE=y -CONFIG_HW_RANDOM_VIRTIO=y -CONFIG_VIRTIO=y -CONFIG_VIRTIO_MENU=y -CONFIG_VIRTIO_PCI=y -CONFIG_VIRTIO_PCI_LEGACY=y -CONFIG_VIRTIO_BALLOON=y -CONFIG_VIRTIO_INPUT=y -CONFIG_VIRTIO_MMIO=y -CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y -CONFIG_CRYPTO_DEV_VIRTIO=y diff --git a/rootfs-kernel/kernel.sh b/rootfs-kernel/kernel.sh deleted file mode 100755 index d478053..0000000 --- a/rootfs-kernel/kernel.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/usr/bin/env bash - -# inspired by https://github.com/oraoto/archlinux-firecracker/blob/master/scripts/build-arch-kernel.sh - -KERNEL_VERSION=5.11.2 - -mkdir -p build - -cd build - -## Install build tools -# pacman -Syu base-devel bc pahole --ignore linux-firmware - -## Get kernel source -curl -o linux.tar.xz "https://mirrors.tuna.tsinghua.edu.cn/kernel/v5.x/linux-$KERNEL_VERSION.tar.xz" -tar xf linux.tar.xz -cd linux-$KERNEL_VERSION/ - -## Get Archlinux kernel config -curl -o .config https://git.archlinux.org/svntogit/packages.git/plain/trunk/config?h=packages/linux - -## Disable modules -sed 's/\(.*\)=m/#\1 is not set/g' -i .config -sed 's/\(.*\)MOUSE\(.*\)=y/\1MOUSE\2=n/g' -i .config -sed 's/\(.*\)USB\(.*\)=y/\1USB\2=n/g' -i .config -sed 's/\(.*\)TOUCHSCREEN\(.*\)=y/\1TOUCHSCREEN\2=n/g' -i .config -sed 's/\(.*\)HID\(.*\)=y/\1HID\2=n/g' -i .config -sed 's/\(.*\)GPU\(.*\)=y/\1GPU\2=n/g' -i .config -sed 's/\(.*\)GPIO\(.*\)=y/\1GPIO\2=n/g' -i .config -sed 's/\(.*\)NVDIMM\(.*\)=y/\1NVDIMM\2=n/g' -i .config -sed 's/\(.*\)MFD\(.*\)=y/\1MFD\2=n/g' -i .config -sed 's/\(.*\)XEN\(.*\)=y/\1XEN\2=n/g' -i .config -sed 's/\(.*\)VIDEO\(.*\)=y/\1VIDEO\2=n/g' -i .config -# sed 's/\(.*\)PCI\(.*\)=y/\1PCI\2=n/g' -i .config -sed 's/\(.*\)WLAN\(.*\)=y/\1WLAN\2=n/g' -i .config -sed 's/\(.*\)DRM\(.*\)=y/\1DRM\2=n/g' -i .config - -cat ../../config/virtio.config >> .config -cat ../../config/fs.config >> .config -cat ../../config/net.config >> .config - -## Add KVM guest support -make kvm_guest.config - -make -j$(nproc) - -./scripts/extract-vmlinux ./arch/x86_64/boot/bzImage > ../../output/arch-vmlinux.bin -- 2.45.2