migrate ISO build from Alpine to Debian 12 (Bookworm)

Replace the entire live CD build pipeline: - Alpine SDK + mkimage + genapkovl → Debian live-build (lb config/build) - OpenRC init scripts → systemd service units - dropbear → openssh-server (native to Debian live) - udhcpc → dhclient for DHCP - apk → apt-get in setup-builder.sh and build-nvidia-module.sh - Add auto/config (lb config options) and auto/build wrapper - Add config/package-lists/bee.list.chroot replacing Alpine apks - Add config/hooks/normal/9000-bee-setup.hook.chroot to enable services - Add bee-nvidia-load and bee-sshsetup helper scripts - Keep NVIDIA pre-compile pipeline (Option B): compile on builder VM against pinned Debian kernel headers (DEBIAN_KERNEL_ABI), inject .ko into includes.chroot - Fixes: native glibc (no gcompat shims), proper udev, writable /lib/modules, no Alpine modloop read-only constraint, no stale apk cache issues Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-08 18:01:38 +03:00
parent d952e10dbb
commit 345a93512a
26 changed files with 362 additions and 582 deletions
--- a/iso/builder/config/hooks/normal/9000-bee-setup.hook.chroot
+++ b/iso/builder/config/hooks/normal/9000-bee-setup.hook.chroot
@@ -0,0 +1,29 @@
+#!/bin/sh
+# 9000-bee-setup.hook.chroot — runs inside Debian chroot during live-build
+# Enables bee systemd services and configures the live environment.
+set -e
+
+echo "=== bee chroot setup ==="
+
+# Enable bee services
+systemctl enable bee-network.service
+systemctl enable bee-nvidia.service
+systemctl enable bee-audit.service
+systemctl enable bee-sshsetup.service
+systemctl enable ssh.service
+
+# Ensure scripts are executable
+chmod +x /usr/local/bin/bee-network.sh  2>/dev/null || true
+chmod +x /usr/local/bin/bee-nvidia-load 2>/dev/null || true
+chmod +x /usr/local/bin/bee-sshsetup   2>/dev/null || true
+chmod +x /usr/local/bin/bee-smoketest  2>/dev/null || true
+chmod +x /usr/local/bin/bee-tui        2>/dev/null || true
+chmod +x /usr/local/bin/audit          2>/dev/null || true
+
+# Reload udev rules
+udevadm control --reload-rules 2>/dev/null || true
+
+# Create log directory
+mkdir -p /var/log
+
+echo "=== bee chroot setup complete ==="
--- a/iso/builder/config/includes.chroot/.gitignore
+++ b/iso/builder/config/includes.chroot/.gitignore
@@ -0,0 +1,12 @@
+# Generated at build time — do not commit
+usr/local/bin/audit
+usr/local/bin/bee-smoketest
+usr/local/bin/nvidia-smi
+usr/local/bin/nvidia-bug-report.sh
+usr/local/lib/
+usr/lib/libnvidia-ml*
+usr/lib/libcuda*
+root/.ssh/authorized_keys
+etc/bee-release
+etc/bee-ssh-password-fallback
+etc/motd
--- a/iso/builder/config/package-lists/bee.list.chroot
+++ b/iso/builder/config/package-lists/bee.list.chroot
@@ -0,0 +1,35 @@
+# Hardware audit tools
+dmidecode
+smartmontools
+nvme-cli
+pciutils
+ipmitool
+util-linux
+e2fsprogs
+lshw
+lsblk
+
+# Network
+iproute2
+dhclient
+iputils-ping
+
+# SSH
+openssh-server
+
+# Utilities
+procps
+lsof
+file
+less
+vim-tiny
+dialog
+
+# QR codes (for displaying audit results)
+qrencode
+
+# Firmware
+firmware-linux-free
+
+# glibc compat helpers (for any external binaries that need it)
+libc6