From f5c7e5662e133e7415ed6fe0392013c4e5cbc86e Mon Sep 17 00:00:00 2001 From: Boris Kolpackov Date: Tue, 9 Nov 2021 07:07:04 +0200 Subject: Upgrade to latest Debian testing There is a new strange warning when deleting a btrfs subvolume as a non-root user (Debian but #998840). New (old) versions of key packages: systemd/udev 249.5-2 (245.6-2) qemu-system-x86 6.1+dfsg-8 (5.0-13) linux-image-amd64 5.14.9-2 (5.7.6) g++ 11.2.0-2 (9.3.0-15) initramfs-tools 0.140 (0.137) debootstrap 1.0.125 (1.0.123) New (old) sizes: buildos-image 6,316,352 (5,572,672) buildos-initrd 332,280,629 (316,454,368) --- bootstrap | 63 +++++++++++++++++++++++++++-------------------------------- bootstrap.txt | 9 +++++++-- buildos | 6 +++--- init | 9 ++------- 4 files changed, 41 insertions(+), 46 deletions(-) diff --git a/bootstrap b/bootstrap index a691245..e7aaf15 100755 --- a/bootstrap +++ b/bootstrap @@ -28,8 +28,6 @@ # usage="usage: $0" -macaddr="de:ad:be:ef:b8:da" # @@ TMP mac address for testing. - id="$(id -un)" btrfs=/btrfs root="$btrfs/$id/buildos" @@ -431,6 +429,7 @@ cd linux # # Note that SECURITY_LOCKDOWN_LSM forces MODULE_SIG ('selects' in Kconfig). # +scripts/config --disable KCSAN scripts/config --disable SECURITY_LOCKDOWN_LSM scripts/config --disable MODULE_SIG scripts/config --set-str BUILD_SALT '' @@ -438,7 +437,27 @@ scripts/config --set-str SYSTEM_TRUSTED_KEYS '' # Adjust kernel command line size limit. # -sed -i -re 's/^(#define COMMAND_LINE_SIZE ).+\$/\1 4096/' arch/x86/include/asm/setup.h +sed -i -re 's/^(#define COMMAND_LINE_SIZE).+\$/\1 4096/' arch/x86/include/asm/setup.h +sed -i -re 's/^(#define COMMAND_LINE_SIZE).+\$/\1 4096/' arch/arm64/include/uapi/asm/setup.h + +# Change certain network diagnostics from pr_info() to pr_debug() (otherwise +# to drowns out any useful diagnostics). +# +patch net/core/dev.c <br, "port %u(%s) entered %s state\n", ++ br_debug(p->br, "port %u(%s) entered %s state\n", +EOP +patch net/ipv6/addrconf.c </etc/sudoers.d/build echo "Defaults:build !syslog" >>/etc/sudoers.d/build chmod 0440 /etc/sudoers.d/build -# Clean up package cache. +# Clean up package cache and fetched repository information. # apt-get clean +rm -rf /var/lib/apt/lists + +# Strip GCC executables (Debian bug #998841). +# +strip \$(find /usr/lib/gcc -type f -executable) # Clean up /bootstrap. # @@ -614,32 +638,3 @@ EOF subvol_snapshot -r "$root" "$root-6" fi - -exit 0 - -# Test. -# -if [ ! -e /tmp/buildos-state ]; then - qemu-img create -f raw /tmp/buildos-state 20M -fi - -if [ ! -e /tmp/buildos-machines ]; then - qemu-img create -f raw /tmp/buildos-machines 100M -fi - -# To test PXE boot, replace -kernel/-initrd/-append with '-boot n'. -# -sudo kvm \ - -m 16G \ - -cpu host -smp "sockets=1,cores=4,threads=2" \ - -device "e1000,netdev=net0,mac=$macaddr" \ - -netdev "tap,id=net0,script=./qemu-ifup" \ - -device "virtio-scsi-pci,id=scsi" \ - -device "scsi-hd,drive=disk1" \ - -drive "if=none,id=disk1,file=/tmp/buildos-state,format=raw" \ - -device "scsi-hd,drive=disk2" \ - -drive "if=none,id=disk2,file=/tmp/buildos-machines,format=raw" \ - -boot n - -# -kernel buildos-image -initrd buildos-initrd \ -# -append "buildos.smtp_relay=build2.org buildos.admin_email=admin@build2.org" diff --git a/bootstrap.txt b/bootstrap.txt index d746c80..c7057e1 100644 --- a/bootstrap.txt +++ b/bootstrap.txt @@ -11,7 +11,7 @@ in unstable, consider using testing. See Debian Changelog for release dates. - Check the current source (unstable/testing) and update is necessary. + Check the current source (unstable/testing) and update if necessary. * Examining init changes: @@ -26,6 +26,9 @@ * Grep for 'bug' and @@ in init and bootstrap scripts, see if any bugs have been fixed and corresponding workarounds can be removed. + For some may make sense to do a round of cleanups after successful bootstrap + not to conflate failures. + * Upgrade to latest debootstrap and debian-archive-keyring from unstable (or testing). @@ -33,7 +36,7 @@ * Bootstrap: - ./bootstrap 2>&1 | tee bootstrap.log + ./bootstrap 2>&1 | tee bootstrap-X.Y.log NOTE: tee does not play well with bash prompt (used for troubleshooting). @@ -41,6 +44,8 @@ btrfs submodules, then it most likely has nested submodules (see nspawn() in bootstrap). + NOTE: to kill nspawn container, press Ctrl-]]]. + Save the log for later comparison (might have to redo a from-stage-1 bootstrap to get the complete log). diff --git a/buildos b/buildos index 4bb44b9..2d8d043 100755 --- a/buildos +++ b/buildos @@ -215,11 +215,11 @@ fi # # Note that MemTotal in /proc/meminfo is the available memory, not physical. # And to make it easier to provision memory it's really helpful to base it -# in the physical value. +# on the physical value. # ram_total=0 -for i in $(sudo dmidecode -t 17 | sed -n -re 's/^\s*Size:\s*([0-9]+)\s*MB.*$/\1/p'); do - ram_total=$(($ram_total + $i * 1024)) +for i in $(sudo dmidecode -t 17 | sed -n -re 's/^\s*Size:\s*([0-9]+)\s*GB.*$/\1/p'); do + ram_total=$(($ram_total + $i * 1024 * 1024)) done if [ "$ram_total" -eq 0 ]; then diff --git a/init b/init index 6fb3840..eb0c939 100755 --- a/init +++ b/init @@ -40,7 +40,8 @@ mount -t proc -o nodev,noexec,nosuid proc /proc info "init starting up..." -mount -t devtmpfs -o noexec,nosuid,mode=0755 udev /dev +mount -t devtmpfs -o nosuid,mode=0755 udev /dev +ln -s /proc/self/fd /dev/fd mkdir -p /dev/pts mount -t devpts -o noexec,nosuid,gid=5,mode=0620 devpts /dev/pts || true @@ -242,10 +243,6 @@ priv_netbase="$(sed -e 's/^\(.*\)\.0\.0$/\1/' <<<"$priv_network")" # joins the bridge. Needless to say, constantly changing MAC will wreck # all kinds of networking havoc. # -# While bridge_hw should be (and used to be) enough, something was broken (bug -# #945466) and now we set it manually and also pass it to DHCP (which runs -# before post-up). Reportedly fixed in bridge-utils 1.6-3, testing the fix... -# cat </etc/network/interfaces auto lo iface lo inet loopback @@ -259,8 +256,6 @@ iface br0 inet dhcp bridge_maxwait 0 bridge_fd 0 bridge_hw $gmac - #hwaddress $gmac - #post-up ip link set br0 address $gmac post-up ip link set $eth txqueuelen 4000 post-up ip link set br0 txqueuelen 4000 -- cgit v1.1