124 lines
4.3 KiB
Bash
124 lines
4.3 KiB
Bash
#!/bin/sh
|
|
# build-debug.sh — build bee debug ISO with SSH access
|
|
#
|
|
# Debug ISO purpose: test audit binary on real hardware.
|
|
# Includes dropbear SSH, all audit packages, audit binary.
|
|
# Does NOT include NVIDIA driver (added in production build).
|
|
#
|
|
# Run on Alpine builder VM as root after setup-builder.sh.
|
|
# Usage:
|
|
# sh iso/builder/build-debug.sh [--authorized-keys /path/to/authorized_keys]
|
|
|
|
set -e
|
|
|
|
REPO_ROOT="$(cd "$(dirname "$0")/../.." && pwd)"
|
|
BUILDER_DIR="${REPO_ROOT}/iso/builder"
|
|
OVERLAY_DIR="${REPO_ROOT}/iso/overlay-debug"
|
|
DIST_DIR="${REPO_ROOT}/dist"
|
|
AUTH_KEYS=""
|
|
|
|
# parse args
|
|
while [ $# -gt 0 ]; do
|
|
case "$1" in
|
|
--authorized-keys) AUTH_KEYS="$2"; shift 2 ;;
|
|
*) echo "unknown arg: $1"; exit 1 ;;
|
|
esac
|
|
done
|
|
|
|
. "${BUILDER_DIR}/VERSIONS"
|
|
export PATH="$PATH:/usr/local/go/bin"
|
|
|
|
echo "=== bee debug ISO build ==="
|
|
echo "Alpine: ${ALPINE_VERSION}, Go: ${GO_VERSION}"
|
|
echo ""
|
|
|
|
# --- compile audit binary (static, Linux amd64) ---
|
|
echo "=== building audit binary ==="
|
|
cd "${REPO_ROOT}/audit"
|
|
GOOS=linux GOARCH=amd64 CGO_ENABLED=0 \
|
|
go build \
|
|
-ldflags "-s -w -X main.Version=debug-$(date +%Y%m%d)" \
|
|
-o "${DIST_DIR}/bee-audit-linux-amd64" \
|
|
./cmd/audit
|
|
echo "binary: ${DIST_DIR}/bee-audit-linux-amd64"
|
|
echo "size: $(du -sh "${DIST_DIR}/bee-audit-linux-amd64" | cut -f1)"
|
|
|
|
# --- inject authorized_keys for SSH access ---
|
|
# Uses the same Ed25519 keys as release signing (from git.mchus.pro/mchus/keys).
|
|
# SSH public keys are stored alongside signing keys as ~/.keys/<name>.key.pub
|
|
AUTHORIZED_KEYS_FILE="${OVERLAY_DIR}/root/.ssh/authorized_keys"
|
|
mkdir -p "${OVERLAY_DIR}/root/.ssh"
|
|
|
|
if [ -n "$AUTH_KEYS" ]; then
|
|
cp "$AUTH_KEYS" "$AUTHORIZED_KEYS_FILE"
|
|
chmod 600 "$AUTHORIZED_KEYS_FILE"
|
|
echo "SSH authorized_keys: installed from $AUTH_KEYS"
|
|
else
|
|
# auto-collect all developer SSH public keys from ~/.keys/*.key.pub
|
|
> "$AUTHORIZED_KEYS_FILE"
|
|
FOUND=0
|
|
for ssh_pub in "$HOME"/.keys/*.key.pub; do
|
|
[ -f "$ssh_pub" ] || continue
|
|
cat "$ssh_pub" >> "$AUTHORIZED_KEYS_FILE"
|
|
echo "SSH: added $(basename "$ssh_pub" .key.pub)"
|
|
FOUND=$((FOUND + 1))
|
|
done
|
|
if [ "$FOUND" -gt 0 ]; then
|
|
chmod 600 "$AUTHORIZED_KEYS_FILE"
|
|
echo "SSH authorized_keys: $FOUND key(s) from ~/.keys/*.key.pub"
|
|
else
|
|
echo "WARNING: no SSH public keys found — falling back to password auth"
|
|
echo " root password will be set to: bee / eeb"
|
|
echo " (generate a key with: sh keys/scripts/keygen.sh <your-name>)"
|
|
USE_PASSWORD_FALLBACK=1
|
|
fi
|
|
fi
|
|
|
|
# --- password fallback: write marker file read by init script ---
|
|
if [ "${USE_PASSWORD_FALLBACK:-0}" = "1" ]; then
|
|
touch "${OVERLAY_DIR}/etc/bee-ssh-password-fallback"
|
|
fi
|
|
|
|
# --- copy audit binary into overlay ---
|
|
mkdir -p "${OVERLAY_DIR}/usr/local/bin"
|
|
cp "${DIST_DIR}/bee-audit-linux-amd64" "${OVERLAY_DIR}/usr/local/bin/audit"
|
|
chmod +x "${OVERLAY_DIR}/usr/local/bin/audit"
|
|
|
|
# --- build ISO using mkimage ---
|
|
mkdir -p "${DIST_DIR}"
|
|
echo ""
|
|
echo "=== building ISO ==="
|
|
|
|
# Install our mkimage profile where mkimage.sh can find it.
|
|
# ~/.mkimage is the user plugin directory loaded by mkimage.sh.
|
|
mkdir -p "${HOME}/.mkimage"
|
|
cp "${BUILDER_DIR}/mkimg.bee_debug.sh" "${HOME}/.mkimage/"
|
|
cp "${BUILDER_DIR}/genapkovl-bee_debug.sh" "${HOME}/.mkimage/"
|
|
|
|
# Export overlay dir so the profile script can find it regardless of SRCDIR.
|
|
export BEE_OVERLAY_DIR="${OVERLAY_DIR}"
|
|
|
|
# Clean workdir so apkovl changes are always picked up (kernel/apks sections are re-cached).
|
|
rm -rf /var/tmp/bee-iso-work
|
|
|
|
# Run from /var/tmp to avoid git repo context conflicts and to ensure enough scratch space.
|
|
# mkinitfs/update-kernel use TMPDIR for initramfs build; tmpfs /tmp is only ~1GB.
|
|
export TMPDIR=/var/tmp
|
|
cd /var/tmp
|
|
sh /usr/share/aports/scripts/mkimage.sh \
|
|
--tag "v${ALPINE_VERSION}" \
|
|
--outdir "${DIST_DIR}" \
|
|
--arch x86_64 \
|
|
--repository "https://dl-cdn.alpinelinux.org/alpine/v${ALPINE_VERSION}/main" \
|
|
--repository "https://dl-cdn.alpinelinux.org/alpine/v${ALPINE_VERSION}/community" \
|
|
--workdir /var/tmp/bee-iso-work \
|
|
--profile bee_debug
|
|
|
|
ISO="${DIST_DIR}/alpine-bee_debug-${ALPINE_VERSION}-x86_64.iso"
|
|
echo ""
|
|
echo "=== done ==="
|
|
echo "ISO: $ISO"
|
|
echo "Size: $(du -sh "$ISO" 2>/dev/null | cut -f1 || echo 'not found')"
|
|
echo ""
|
|
echo "Boot via BMC virtual media and SSH to the server IP on port 22 as root."
|