Compare commits
5 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 14505ef24a | |||
| 4f20c9246d | |||
| eed157c2db | |||
| a2c8aea0df | |||
| b21f03cd26 |
@@ -1294,8 +1294,8 @@ const loadingPageHTML = `<!DOCTYPE html>
|
||||
*{margin:0;padding:0;box-sizing:border-box}
|
||||
html,body{height:100%;background:#0f1117;display:flex;align-items:center;justify-content:center;font-family:'Courier New',monospace;color:#e2e8f0}
|
||||
.wrap{text-align:center;width:420px}
|
||||
.logo{font-size:11px;line-height:1.4;color:#f6c90e;margin-bottom:6px;white-space:pre;text-align:left}
|
||||
.subtitle{font-size:12px;color:#a0aec0;text-align:left;margin-bottom:24px;padding-left:2px}
|
||||
.brand{font-size:22px;letter-spacing:.18em;color:#f6c90e;margin-bottom:6px;text-align:left}
|
||||
.subtitle{font-size:12px;color:#a0aec0;text-align:left;margin-bottom:24px}
|
||||
.spinner{width:36px;height:36px;border:3px solid #2d3748;border-top-color:#f6c90e;border-radius:50%;animation:spin .8s linear infinite;margin:0 auto 14px}
|
||||
.spinner.hidden{display:none}
|
||||
@keyframes spin{to{transform:rotate(360deg)}}
|
||||
@@ -1313,12 +1313,7 @@ td:first-child{color:#718096;width:55%}
|
||||
</head>
|
||||
<body>
|
||||
<div class="wrap">
|
||||
<div class="logo"> ███████╗ █████╗ ███████╗██╗ ██╗ ██████╗ ███████╗███████╗
|
||||
██╔════╝██╔══██╗██╔════╝╚██╗ ██╔╝ ██╔══██╗██╔════╝██╔════╝
|
||||
█████╗ ███████║███████╗ ╚████╔╝ █████╗██████╔╝█████╗ █████╗
|
||||
██╔══╝ ██╔══██║╚════██║ ╚██╔╝ ╚════╝██╔══██╗██╔══╝ ██╔══╝
|
||||
███████╗██║ ██║███████║ ██║ ██████╔╝███████╗███████╗
|
||||
╚══════╝╚═╝ ╚═╝╚══════╝ ╚═╝ ╚═════╝ ╚══════╝╚══════╝</div>
|
||||
<div class="brand">EASY BEE</div>
|
||||
<div class="subtitle">Hardware Audit LiveCD</div>
|
||||
<div class="spinner" id="spin"></div>
|
||||
<div class="status" id="st">Connecting to bee-web...</div>
|
||||
|
||||
@@ -16,6 +16,12 @@ else
|
||||
LB_LINUX_PACKAGES="linux-image"
|
||||
fi
|
||||
|
||||
if [ -n "${BEE_ISO_VOLUME:-}" ]; then
|
||||
LB_ISO_VOLUME="${BEE_ISO_VOLUME}"
|
||||
else
|
||||
LB_ISO_VOLUME="EASY_BEE_${BEE_GPU_VENDOR_UPPER:-NVIDIA}"
|
||||
fi
|
||||
|
||||
lb config noauto \
|
||||
--distribution bookworm \
|
||||
--architectures amd64 \
|
||||
@@ -30,9 +36,9 @@ lb config noauto \
|
||||
--linux-flavours "amd64" \
|
||||
--linux-packages "${LB_LINUX_PACKAGES}" \
|
||||
--memtest memtest86+ \
|
||||
--iso-volume "EASY_BEE_${BEE_GPU_VENDOR_UPPER:-NVIDIA}" \
|
||||
--iso-volume "${LB_ISO_VOLUME}" \
|
||||
--iso-application "EASY-BEE-${BEE_GPU_VENDOR_UPPER:-NVIDIA}" \
|
||||
--bootappend-live "boot=live components video=1920x1080 console=ttyS0,115200n8 console=tty0 loglevel=3 systemd.show_status=1 username=bee user-fullname=Bee modprobe.blacklist=nouveau,snd_hda_intel,snd_hda_codec_realtek,snd_hda_codec_generic,soundcore" \
|
||||
--bootappend-live "boot=live live-media-label=${LB_ISO_VOLUME} components video=1920x1080 console=ttyS0,115200n8 console=tty0 loglevel=3 systemd.show_status=1 username=bee user-fullname=Bee modprobe.blacklist=nouveau,snd_hda_intel,snd_hda_codec_realtek,snd_hda_codec_generic,soundcore" \
|
||||
--debootstrap-options "--include=ca-certificates" \
|
||||
--apt-recommends false \
|
||||
--chroot-squashfs-compression-type zstd \
|
||||
|
||||
@@ -536,6 +536,11 @@ validate_iso_live_boot_entries() {
|
||||
rm -f "$grub_cfg" "$isolinux_cfg"
|
||||
exit 1
|
||||
}
|
||||
grep -q 'linux .*live-media-label=EASY_BEE_' "$grub_cfg" || {
|
||||
echo "ERROR: GRUB live entry is missing live-media-label pinning" >&2
|
||||
rm -f "$grub_cfg" "$isolinux_cfg"
|
||||
exit 1
|
||||
}
|
||||
|
||||
grep -q 'append .*boot=live ' "$isolinux_cfg" || {
|
||||
echo "ERROR: isolinux live entry is missing boot=live" >&2
|
||||
@@ -547,6 +552,11 @@ validate_iso_live_boot_entries() {
|
||||
rm -f "$grub_cfg" "$isolinux_cfg"
|
||||
exit 1
|
||||
}
|
||||
grep -q 'append .*live-media-label=EASY_BEE_' "$isolinux_cfg" || {
|
||||
echo "ERROR: isolinux live entry is missing live-media-label pinning" >&2
|
||||
rm -f "$grub_cfg" "$isolinux_cfg"
|
||||
exit 1
|
||||
}
|
||||
|
||||
rm -f "$grub_cfg" "$isolinux_cfg"
|
||||
echo "=== live boot validation OK ==="
|
||||
@@ -566,7 +576,7 @@ validate_iso_grub_theme_assets() {
|
||||
}
|
||||
|
||||
iso_files="$(mktemp)"
|
||||
list_iso_files "$iso_path" > "$iso_files" || {
|
||||
iso_list_files "$iso_path" > "$iso_files" || {
|
||||
echo "ERROR: failed to list ISO files for GRUB theme validation" >&2
|
||||
rm -f "$iso_files"
|
||||
exit 1
|
||||
@@ -721,12 +731,12 @@ write_canonical_grub_cfg() {
|
||||
source /boot/grub/config.cfg
|
||||
|
||||
menuentry "EASY-BEE" {
|
||||
linux ${kernel} ${append_live} bee.display=kms bee.nvidia.mode=normal pci=realloc net.ifnames=0 biosdevname=0 mitigations=off transparent_hugepage=always numa_balancing=disable pcie_aspm=off intel_idle.max_cstate=1 processor.max_cstate=1 nowatchdog nosoftlockup
|
||||
linux ${kernel} ${append_live} nomodeset bee.nvidia.mode=normal pci=realloc net.ifnames=0 biosdevname=0 mitigations=off transparent_hugepage=always numa_balancing=disable pcie_aspm=off intel_idle.max_cstate=1 processor.max_cstate=1 nowatchdog nosoftlockup
|
||||
initrd ${initrd}
|
||||
}
|
||||
|
||||
menuentry "EASY-BEE -- load to RAM (toram)" {
|
||||
linux ${kernel} ${append_live} toram bee.display=kms bee.nvidia.mode=normal pci=realloc net.ifnames=0 biosdevname=0 mitigations=off transparent_hugepage=always numa_balancing=disable pcie_aspm=off intel_idle.max_cstate=1 processor.max_cstate=1 nowatchdog nosoftlockup
|
||||
linux ${kernel} ${append_live} toram nomodeset bee.nvidia.mode=normal pci=realloc net.ifnames=0 biosdevname=0 mitigations=off transparent_hugepage=always numa_balancing=disable pcie_aspm=off intel_idle.max_cstate=1 processor.max_cstate=1 nowatchdog nosoftlockup
|
||||
initrd ${initrd}
|
||||
}
|
||||
|
||||
@@ -831,6 +841,73 @@ enforce_live_build_bootloader_assets() {
|
||||
echo "bootloader sync: WARNING: could not extract live entry from $isolinux_cfg" >&2
|
||||
fi
|
||||
fi
|
||||
|
||||
sync_efi_grub_theme_assets "$lb_dir"
|
||||
}
|
||||
|
||||
fat_image_has_file() {
|
||||
img="$1"
|
||||
path="$2"
|
||||
mtype -i "$img" "$path" >/dev/null 2>&1
|
||||
}
|
||||
|
||||
is_efi_grub_fat_image() {
|
||||
img="$1"
|
||||
fat_image_has_file "$img" "::/EFI/boot/grubx64.efi" || return 1
|
||||
fat_image_has_file "$img" "::/boot/grub/grub.cfg" || return 1
|
||||
return 0
|
||||
}
|
||||
|
||||
copy_file_to_fat_image() {
|
||||
img="$1"
|
||||
src="$2"
|
||||
dst="$3"
|
||||
mcopy -o -i "$img" "$src" "$dst" >/dev/null
|
||||
}
|
||||
|
||||
sync_efi_grub_theme_assets() {
|
||||
lb_dir="$1"
|
||||
found=0
|
||||
|
||||
for img in $(find "$lb_dir" -type f \( -name '*.img' -o -name '*.ima' -o -name '*.fat' \) 2>/dev/null); do
|
||||
if ! is_efi_grub_fat_image "$img"; then
|
||||
continue
|
||||
fi
|
||||
found=1
|
||||
echo "bootloader sync: patching EFI GRUB image $img"
|
||||
mmd -i "$img" "::/boot" >/dev/null 2>&1 || true
|
||||
mmd -i "$img" "::/boot/grub" >/dev/null 2>&1 || true
|
||||
mmd -i "$img" "::/boot/grub/live-theme" >/dev/null 2>&1 || true
|
||||
|
||||
copy_file_to_fat_image "$img" "${BUILDER_DIR}/config/bootloaders/grub-efi/config.cfg" "::/boot/grub/config.cfg"
|
||||
copy_file_to_fat_image "$img" "${BUILDER_DIR}/config/bootloaders/grub-efi/theme.cfg" "::/boot/grub/theme.cfg"
|
||||
for asset in "${BUILDER_DIR}"/config/bootloaders/grub-efi/live-theme/*; do
|
||||
[ -f "$asset" ] || continue
|
||||
copy_file_to_fat_image "$img" "$asset" "::/boot/grub/live-theme/"
|
||||
done
|
||||
|
||||
fat_image_has_file "$img" "::/boot/grub/config.cfg" || {
|
||||
echo "ERROR: EFI GRUB image missing /boot/grub/config.cfg after sync: $img" >&2
|
||||
exit 1
|
||||
}
|
||||
fat_image_has_file "$img" "::/boot/grub/theme.cfg" || {
|
||||
echo "ERROR: EFI GRUB image missing /boot/grub/theme.cfg after sync: $img" >&2
|
||||
exit 1
|
||||
}
|
||||
fat_image_has_file "$img" "::/boot/grub/live-theme/theme.txt" || {
|
||||
echo "ERROR: EFI GRUB image missing /boot/grub/live-theme/theme.txt after sync: $img" >&2
|
||||
exit 1
|
||||
}
|
||||
fat_image_has_file "$img" "::/boot/grub/live-theme/bee-logo.tga" || {
|
||||
echo "ERROR: EFI GRUB image missing /boot/grub/live-theme/bee-logo.tga after sync: $img" >&2
|
||||
exit 1
|
||||
}
|
||||
done
|
||||
|
||||
if [ "$found" != "1" ]; then
|
||||
echo "ERROR: no EFI GRUB FAT image found in live-build workdir; cannot sync theme assets" >&2
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
copy_memtest_from_deb() {
|
||||
@@ -1008,6 +1085,7 @@ PROJECT_VERSION_EFFECTIVE="$(resolve_project_version)"
|
||||
ISO_BASENAME="easy-bee-${BUILD_VARIANT}-v${PROJECT_VERSION_EFFECTIVE}-amd64"
|
||||
# Versioned output directory: dist/easy-bee-v4.1/ — all final artefacts live here.
|
||||
OUT_DIR="${DIST_DIR}/easy-bee-v${PROJECT_VERSION_EFFECTIVE}"
|
||||
ISO_VERSION_LABEL_TOKEN="$(printf '%s' "${PROJECT_VERSION_EFFECTIVE}" | tr '[:lower:].-' '[:upper:]__')"
|
||||
mkdir -p "${OUT_DIR}"
|
||||
LOG_DIR="${OUT_DIR}/${ISO_BASENAME}.logs"
|
||||
LOG_ARCHIVE="${OUT_DIR}/${ISO_BASENAME}.logs.tar.gz"
|
||||
@@ -1589,7 +1667,8 @@ echo "=== building ISO (variant: ${BUILD_VARIANT}) ==="
|
||||
|
||||
# Export for auto/config
|
||||
BEE_GPU_VENDOR_UPPER="$(echo "${BUILD_VARIANT}" | tr 'a-z-' 'A-Z_')"
|
||||
export BEE_GPU_VENDOR_UPPER
|
||||
BEE_ISO_VOLUME="EASY_BEE_${BEE_GPU_VENDOR_UPPER}_V${ISO_VERSION_LABEL_TOKEN}"
|
||||
export BEE_GPU_VENDOR_UPPER BEE_ISO_VOLUME
|
||||
|
||||
cd "${LB_DIR}"
|
||||
run_step_sh "live-build clean" "80-lb-clean" "lb clean --all 2>&1 | tail -3"
|
||||
|
||||
@@ -8,7 +8,7 @@ else
|
||||
fi
|
||||
|
||||
if loadfont $font ; then
|
||||
set gfxmode=1920x1080,1280x1024,auto
|
||||
set gfxmode=1280x1024,auto
|
||||
set gfxpayload=keep
|
||||
insmod efi_gop
|
||||
insmod efi_uga
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
source /boot/grub/config.cfg
|
||||
|
||||
menuentry "EASY-BEE" {
|
||||
linux @KERNEL_LIVE@ @APPEND_LIVE@ bee.display=kms bee.nvidia.mode=normal pci=realloc net.ifnames=0 biosdevname=0 mitigations=off transparent_hugepage=always numa_balancing=disable pcie_aspm=off intel_idle.max_cstate=1 processor.max_cstate=1 nowatchdog nosoftlockup
|
||||
linux @KERNEL_LIVE@ @APPEND_LIVE@ nomodeset bee.nvidia.mode=normal pci=realloc net.ifnames=0 biosdevname=0 mitigations=off transparent_hugepage=always numa_balancing=disable pcie_aspm=off intel_idle.max_cstate=1 processor.max_cstate=1 nowatchdog nosoftlockup
|
||||
initrd @INITRD_LIVE@
|
||||
}
|
||||
|
||||
menuentry "EASY-BEE -- load to RAM (toram)" {
|
||||
linux @KERNEL_LIVE@ @APPEND_LIVE@ toram bee.display=kms bee.nvidia.mode=normal pci=realloc net.ifnames=0 biosdevname=0 mitigations=off transparent_hugepage=always numa_balancing=disable pcie_aspm=off intel_idle.max_cstate=1 processor.max_cstate=1 nowatchdog nosoftlockup
|
||||
linux @KERNEL_LIVE@ @APPEND_LIVE@ toram nomodeset bee.nvidia.mode=normal pci=realloc net.ifnames=0 biosdevname=0 mitigations=off transparent_hugepage=always numa_balancing=disable pcie_aspm=off intel_idle.max_cstate=1 processor.max_cstate=1 nowatchdog nosoftlockup
|
||||
initrd @INITRD_LIVE@
|
||||
}
|
||||
|
||||
|
||||
@@ -5,13 +5,6 @@ title-text: ""
|
||||
message-font: "Unifont Regular 16"
|
||||
terminal-font: "Unifont Regular 16"
|
||||
|
||||
#bee logo - centered, upper third of screen
|
||||
+ image {
|
||||
top = 4%
|
||||
left = 50%-200
|
||||
file = "bee-logo.tga"
|
||||
}
|
||||
|
||||
#help bar at the bottom
|
||||
+ label {
|
||||
top = 100%-50
|
||||
|
||||
@@ -1,11 +1,4 @@
|
||||
|
||||
███████╗ █████╗ ███████╗██╗ ██╗ ██████╗ ███████╗███████╗
|
||||
██╔════╝██╔══██╗██╔════╝╚██╗ ██╔╝ ██╔══██╗██╔════╝██╔════╝
|
||||
█████╗ ███████║███████╗ ╚████╔╝ █████╗██████╔╝█████╗ █████╗
|
||||
██╔══╝ ██╔══██║╚════██║ ╚██╔╝ ╚════╝██╔══██╗██╔══╝ ██╔══╝
|
||||
███████╗██║ ██║███████║ ██║ ██████╔╝███████╗███████╗
|
||||
╚══════╝╚═╝ ╚═╝╚══════╝ ╚═╝ ╚═════╝ ╚══════╝╚══════╝
|
||||
|
||||
EASY BEE
|
||||
Hardware Audit LiveCD
|
||||
Build: %%BUILD_INFO%%
|
||||
|
||||
|
||||
@@ -3,7 +3,7 @@ Description=Bee: run self-heal checks periodically
|
||||
|
||||
[Timer]
|
||||
OnBootSec=45sec
|
||||
OnUnitActiveSec=60sec
|
||||
OnUnitActiveSec=3min
|
||||
AccuracySec=15sec
|
||||
Unit=bee-selfheal.service
|
||||
|
||||
|
||||
@@ -51,12 +51,7 @@ while true; do
|
||||
printf '\033[H\033[2J'
|
||||
|
||||
printf '\n'
|
||||
printf ' \033[33m███████╗ █████╗ ███████╗██╗ ██╗ ██████╗ ███████╗███████╗\033[0m\n'
|
||||
printf ' \033[33m██╔════╝██╔══██╗██╔════╝╚██╗ ██╔╝ ██╔══██╗██╔════╝██╔════╝\033[0m\n'
|
||||
printf ' \033[33m█████╗ ███████║███████╗ ╚████╔╝ █████╗██████╔╝█████╗ █████╗\033[0m\n'
|
||||
printf ' \033[33m██╔══╝ ██╔══██║╚════██║ ╚██╔╝ ╚════╝██╔══██╗██╔══╝ ██╔══╝\033[0m\n'
|
||||
printf ' \033[33m███████╗██║ ██║███████║ ██║ ██████╔╝███████╗███████╗\033[0m\n'
|
||||
printf ' \033[33m╚══════╝╚═╝ ╚═╝╚══════╝ ╚═╝ ╚═════╝ ╚══════╝╚══════╝\033[0m\n'
|
||||
printf ' \033[33mEASY BEE\033[0m\n'
|
||||
printf ' Hardware Audit LiveCD\n'
|
||||
printf '\n'
|
||||
|
||||
|
||||
@@ -8,11 +8,17 @@ EXPORT_DIR="/appdata/bee/export"
|
||||
AUDIT_JSON="${EXPORT_DIR}/bee-audit.json"
|
||||
RUNTIME_JSON="${EXPORT_DIR}/runtime-health.json"
|
||||
LOCK_DIR="/run/bee-selfheal.lock"
|
||||
EVENTS=0
|
||||
|
||||
log() {
|
||||
echo "[${LOG_PREFIX}] $*"
|
||||
}
|
||||
|
||||
log_event() {
|
||||
EVENTS=$((EVENTS + 1))
|
||||
log "$*"
|
||||
}
|
||||
|
||||
have_nvidia_gpu() {
|
||||
lspci -Dn 2>/dev/null | awk '$2 ~ /^03(00|02):$/ && $3 ~ /^10de:/ { found=1; exit } END { exit(found ? 0 : 1) }'
|
||||
}
|
||||
@@ -56,24 +62,22 @@ web_healthy() {
|
||||
mkdir -p "${EXPORT_DIR}" /run
|
||||
|
||||
if ! mkdir "${LOCK_DIR}" 2>/dev/null; then
|
||||
log "another self-heal run is already active"
|
||||
log_event "another self-heal run is already active"
|
||||
exit 0
|
||||
fi
|
||||
trap 'rmdir "${LOCK_DIR}" >/dev/null 2>&1 || true' EXIT
|
||||
|
||||
log "start"
|
||||
|
||||
if have_nvidia_gpu && [ ! -e /dev/nvidia0 ]; then
|
||||
log "NVIDIA GPU detected but /dev/nvidia0 is missing"
|
||||
log_event "NVIDIA GPU detected but /dev/nvidia0 is missing"
|
||||
restart_service bee-nvidia.service || true
|
||||
fi
|
||||
|
||||
runtime_state="$(artifact_state "${RUNTIME_JSON}")"
|
||||
if [ "${runtime_state}" != "ready" ]; then
|
||||
if [ "${runtime_state}" = "interrupted" ]; then
|
||||
log "runtime-health.json.tmp exists — interrupted runtime-health write detected"
|
||||
log_event "runtime-health.json.tmp exists — interrupted runtime-health write detected"
|
||||
else
|
||||
log "runtime-health.json missing or empty"
|
||||
log_event "runtime-health.json missing or empty"
|
||||
fi
|
||||
restart_service bee-preflight.service || true
|
||||
fi
|
||||
@@ -81,19 +85,17 @@ fi
|
||||
audit_state="$(artifact_state "${AUDIT_JSON}")"
|
||||
if [ "${audit_state}" != "ready" ]; then
|
||||
if [ "${audit_state}" = "interrupted" ]; then
|
||||
log "bee-audit.json.tmp exists — interrupted audit write detected"
|
||||
log_event "bee-audit.json.tmp exists — interrupted audit write detected"
|
||||
else
|
||||
log "bee-audit.json missing or empty"
|
||||
log_event "bee-audit.json missing or empty"
|
||||
fi
|
||||
restart_service bee-audit.service || true
|
||||
fi
|
||||
|
||||
if ! service_active bee-web.service; then
|
||||
log "bee-web.service is not active"
|
||||
log_event "bee-web.service is not active"
|
||||
restart_service bee-web.service || true
|
||||
elif ! web_healthy; then
|
||||
log "bee-web health check failed"
|
||||
log_event "bee-web health check failed"
|
||||
restart_service bee-web.service || true
|
||||
fi
|
||||
|
||||
log "done"
|
||||
|
||||
Reference in New Issue
Block a user