diff --git a/.gitignore b/.gitignore index 39a3422..bbc1a34 100644 --- a/.gitignore +++ b/.gitignore @@ -31,11 +31,11 @@ # You should really generate local copies of these, as they're pretty private. extra/pre-build.d/etc/openvpn/client.conf overlay/etc/ssh/* -overlay/home/bdisk +overlay/home/* overlay/etc/systemd/system/multi-user.target.wants/openvpn@client.service -src/ipxe_local/ssl/keys -src/ipxe_local/ssl/crts -src/ipxe_local/ssl/txt +ssl/ +!ssl/.keepme +!ssl/openssl.cnf # and we DEFINITELY don't need these. __pycache__/ diff --git a/bdisk/ipxe.py b/bdisk/ipxe.py index 4e9808c..2e50e62 100755 --- a/bdisk/ipxe.py +++ b/bdisk/ipxe.py @@ -1,9 +1,13 @@ import os import shutil import jinja2 -import gitpython +import git +import patch +def sslIPXE(): + pass + def buildIPXE(conf): build = conf['build'] bdisk = conf['bdisk'] @@ -13,5 +17,27 @@ def buildIPXE(conf): patches_dir = ipxe_tpl + '/patches' srcdir = build['srcdir'] ipxe_src = srcdir + '/ipxe' - ipxe_git_uri = - pass + ipxe_git_uri = 'git://git.ipxe.org/ipxe.git' + patches_git_uri = 'https://github.com/eworm-de/ipxe.git' + print('Now building iPXE in {0}. Please wait...'.format(ipxe_src)) + # Get the source and apply some cherrypicks + if os.path.isdir(ipxe_src): + shutil.rmtree(ipxe_src) + ipxe_repo = git.Repo.clone_from(ipxe_git_uri, ipxe_src) + patches = ipxe_repo.create_remote('eworm', patches_git_uri) + patches.fetch() + eiso_commit = '189652b03032305a2db860e76fb58e81e3420c4d' + nopie_commit = '58557055e51b2587ad3843af58075de916e5399b' + # patch files + #cwd = os.getcwd() + #os.chdir(ipxe_src + '/src') + for p in ('01.git-version.patch.j2', '02.banner.patch.j2'): + try: + patch = fromfile(p) + patch.apply(strip = 2, root = ipxe_src + '/src') + except: + pass + #os.chdir(cwd) + # Patch using the files before applying the cherrypicks + ipxe_repo.git.cherry_pick('-n', eiso_commit) + ipxe_repo.git.cherry_pick('-n', nopie_commit) diff --git a/extra/dist.build.ini b/extra/dist.build.ini index db1c737..c12fa4a 100644 --- a/extra/dist.build.ini +++ b/extra/dist.build.ini @@ -57,6 +57,11 @@ dev = r00t^2 ; 2.) ASCII *only* desc = j00 got 0wnz0r3d lulz. +; What is your livedistro's URL? +; 0.) Should be a valid URI understood by minimal versions +; of curl. +uri = https://bdisk.square-r00t.net + ; Should the root user have a password? IF THIS IS NOT SET, ; PASSWORD LOGIN WILL BE DISABLED! ; If you wish to have a blank password, use the string: @@ -363,16 +368,21 @@ group = root ; yes|no ; true|false ; 1|0 +; 1.) Requires actual git to be installed. ; If it is undefined, it is assumed to be no. iso = yes ; Build a "mini-USB" image? Same concept as the ISO file but ; this can be dd'd onto a USB thumbdrive for the same effect. +; 0.) Only accepts (case-insensitive): +; yes|no +; true|false +; 1|0 +; 1.) Requires actual git to be installed. +; If it is undefined, it is assumed to be no. usb = yes -; What URI should iPXE's EMBED script use? DO NOT USE A -; ',' (comma); instead, replace it with: -; %%COMMA%% +; What URI should iPXE's EMBED script use? ; If you require HTTP BASIC Authentication or HTTP Digest ; Authentication (untested), you can format it via: ; diff --git a/extra/pre-build.d/root/packages.both b/extra/pre-build.d/root/packages.both index a8344bf..48e5fb0 100644 --- a/extra/pre-build.d/root/packages.both +++ b/extra/pre-build.d/root/packages.both @@ -130,6 +130,7 @@ iperf iperf3 ipsec-tools iptraf-ng +ipython irssi iso-codes isomaster diff --git a/extra/templates/iPXE/patches/00-general.sed b/extra/templates/iPXE/patches/00-general.sed new file mode 100644 index 0000000..5414cce --- /dev/null +++ b/extra/templates/iPXE/patches/00-general.sed @@ -0,0 +1,10 @@ +## Enable IPv6 support +s/^#undef([[:space:]]*NET_PROTO_IPV6)/#define\1/g +## Enable HTTPS +s/^#undef([[:space:]]*DOWNLOAD_PROTO_HTTPS)/#define\1/g +s@^//(#define[[:space:]]*IMAGE_TRUST_CMD@\1@g +## Enable FTP +s/^#undef([[:space:]]*DOWNLOAD_PROTO_FTP)/#define\1/g +## Currently broken for EFI building +#s@^//(#define[[:space:]]*CONSOLE_CMD)@\1@g +#s@^//(#define[[:space:]]*IMAGE_PNG@\1@g diff --git a/extra/templates/iPXE/patches/01-console.sed b/extra/templates/iPXE/patches/01-console.sed new file mode 100644 index 0000000..3eb558e --- /dev/null +++ b/extra/templates/iPXE/patches/01-console.sed @@ -0,0 +1,2 @@ +## Currently broken on EFI systems +#s@^//(#define[[:space:]]*CONSOLE_VESAFB)@\1@g diff --git a/extra/templates/iPXE/patches/01.git-version.patch.j2 b/extra/templates/iPXE/patches/01.git-version.patch.j2 new file mode 100644 index 0000000..ba3dffe --- /dev/null +++ b/extra/templates/iPXE/patches/01.git-version.patch.j2 @@ -0,0 +1,32 @@ +{# we can probably honestly not include this. regardless, it's handy. #}From 4c139ece028b5dd6c4e5f46ce2bf8134c390de90 Mon Sep 17 00:00:00 2001 +From: Christian Hesse +Date: Thu, 12 Feb 2015 08:59:37 +0100 +Subject: [PATCH] git version + +Signed-off-by: Christian Hesse +--- + src/Makefile | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/Makefile b/src/Makefile +index cf9cfd2..38ebb3d 100644 +--- a/src/Makefile ++++ b/src/Makefile +@@ -194,10 +194,11 @@ VERSION_MINOR = 0 + VERSION_PATCH = 0 + EXTRAVERSION = + + MM_VERSION = $(VERSION_MAJOR).$(VERSION_MINOR) +-VERSION = $(MM_VERSION).$(VERSION_PATCH)$(EXTRAVERSION) + ifneq ($(wildcard ../.git),) +-GITVERSION := $(shell git describe --always --abbrev=1 --match "" 2>/dev/null) +-VERSION += ($(GITVERSION)) ++GITVERSION := $(shell git describe --tags --long 2>/dev/null) ++VERSION = $(GITVERSION) ++else ++VERSION = $(MM_VERSION).$(VERSION_PATCH)$(EXTRAVERSION) + endif + version : + @$(ECHO) "$(VERSION)" +-- +2.3.0 + diff --git a/extra/templates/iPXE/patches/02.banner.patch.j2 b/extra/templates/iPXE/patches/02.banner.patch.j2 new file mode 100644 index 0000000..cb69c66 --- /dev/null +++ b/extra/templates/iPXE/patches/02.banner.patch.j2 @@ -0,0 +1,41 @@ +From 4ec31ece6757e19be455faa383886562b8793db9 Mon Sep 17 00:00:00 2001 +From: Christian Hesse +Date: Thu, 12 Feb 2015 09:06:41 +0100 +Subject: [PATCH] banner + +Signed-off-by: Christian Hesse +--- + src/usr/autoboot.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/src/usr/autoboot.c b/src/usr/autoboot.c +index 4bcb64d..74b5b77 100644 +--- a/src/usr/autoboot.c ++++ b/src/usr/autoboot.c +@@ -67,6 +67,7 @@ static int ( * is_autoboot_device ) ( struct net_device *netdev ); + #define NORMAL "\033[0m" + #define BOLD "\033[1m" + #define CYAN "\033[36m" ++#define BLUE "\033[34m" + + /** The "scriptlet" setting */ + const struct setting scriptlet_setting __setting ( SETTING_MISC, scriptlet ) = { +@@ -551,9 +552,13 @@ void ipxe ( struct net_device *netdev ) { + * do so. + * + */ +- printf ( NORMAL "\n\n" PRODUCT_NAME "\n" BOLD PRODUCT_SHORT_NAME " %s" ++ printf ( NORMAL "\n\n" PRODUCT_NAME "\n" BOLD PRODUCT_SHORT_NAME + NORMAL " -- " PRODUCT_TAG_LINE " -- " +- CYAN PRODUCT_URI NORMAL "\nFeatures:", product_version ); ++ CYAN PRODUCT_URI NORMAL "\n" ++ BOLD "{{ bdisk['pname'] }}" BLUE "LiveDistro" NORMAL " -- {{ bdisk['desc'] }} -- " ++ BOLD BLUE "{{ bdisk['uri'] }}" NORMAL "\n" ++ "Version %s compiled on " __DATE__ ", " __TIME__ "\n" ++ "Features:", product_version ); + for_each_table_entry ( feature, FEATURES ) + printf ( " %s", feature->name ); + printf ( "\n" ); +-- +2.3.0 + diff --git a/extra/templates/iPXE/ssl/openssl.cnf b/extra/templates/iPXE/ssl/openssl.cnf new file mode 100644 index 0000000..cbaccf8 --- /dev/null +++ b/extra/templates/iPXE/ssl/openssl.cnf @@ -0,0 +1,33 @@ +[ ca ] +default_ca = ca_default + +[ ca_default ] +certificate = crts/ca.crt +private_key = keys/ca.key +serial = txt/ca.srl +database = txt/ca.idx +#new_certs_dir = signed +new_certs_dir = crts +#default_md = default +default_md = sha512 +policy = policy_anything +preserve = yes +default_days = 90 +unique_subject = no + +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = optional +emailAddress = optional + +[ cross ] +basicConstraints = critical,CA:true +keyUsage = critical,cRLSign,keyCertSign + +[ codesigning ] +keyUsage = digitalSignature +extendedKeyUsage = codeSigning