set -ex -o pipefail ### create directory structure mkdir -p $out/etc/repart.d $out/dev $out/proc $out/sys \ $out/tmp $out/root $out/run $out/boot $out/mnt $out/home $out/srv $out/var/tmp ln -sf /usr/bin $out/bin ln -sf /usr/bin $out/sbin ln -sf /usr/lib $out/lib ln -sf /usr/lib $out/lib64 ln -sf ../proc/self/mounts $out/etc/mtab ### install systemd echo "Installing systemd" cp -Pr $systemd/* $out/ find $out -type d -exec chmod 755 {} \; rm -rf $out/usr/include rm -rf $out/usr/sbin ln -sf /usr/bin $out/usr/sbin rm -f $out/usr/lib/systemd/system/sysinit.target.wants/systemd-firstboot.service rm -f $out/usr/lib/systemd/ukify rm -f $out/usr/bin/ukify rm -f $out/usr/lib/udev/rules.d/90-vconsole.rules ln -s /run/systemd/resolve/stub-resolv.conf $out/etc/resolv.conf cat < $out/etc/os-release NAME=PatOS PRETTY_NAME=PatOS v${version} (Pre-Alpha) IMAGE_ID=patos ID=patos IMAGE_VERSION=${version} VERSION=${version} VERSION_ID={version} BUILD_ID={version} EOF cat < $out/etc/issue <<< Welcome to PatOS v${version} (Pre-Alpha) (\m) - \l >>> EOF # replace agetty with busybox getty sed -i 's#ExecStart=.*#ExecStart=-/sbin/getty -L %I 115200 vt100#' $out/usr/lib/systemd/system/serial-getty@.service sed -i 's#After=\(.*\)#After=sysroot.mount \1#' $out/usr/lib/systemd/system/systemd-repart.service cat < $out/etc/repart.d/10-esp.conf [Partition] Type=esp Format=vfat EOF cat < $out/etc/repart.d/22-root.conf [Partition] Type=root EOF mkdir $out/usr/lib/systemd/system/systemd-repart.service.d cat < $out/usr/lib/systemd/system/systemd-repart.service.d/override.conf [Service] ExecStart= ExecStart=systemd-repart --dry-run=no --generate-crypttab=/etc/crypttab EOF cat < $out/etc/repart.d/40-var.conf [Partition] Type=var UUID=4d21b016-b534-45c2-a9fb-5c16e091fd2d Format=btrfs Label=patos-state Minimize=off Encrypt=tpm2 EncryptedVolume=patos-state:none:tpm2-device=auto,luks,discard FactoryReset=yes SizeMinBytes=1G SplitName=- EOF # cat < $out/usr/lib/systemd/system/var.mount # [Unit] # Description=Mount for /var # Before=local-fs.target # After=systemd-repart.service # # [Mount] # What=/dev/mapper/patos-state # Where=/var # Type=btrfs # Options=defaults # # [Install] # WantedBy=multi-user.target # EOF cat < $out/usr/lib/systemd/system/etc.mount [Unit] Description=Overlay mount for /etc Before=local-fs.target [Mount] What=overlay Where=/etc Type=overlay Options=lowerdir=/etc,upperdir=/run/.rw-etc/upper,workdir=/run/.rw-etc/work [Install] WantedBy=local-fs.target EOF ### install PatOS glibc cp -P $glibcPatos/lib/*.so* $out/usr/lib/ ### install kernel modules cp -r $kernel/lib/modules $out/usr/lib/ find $out/usr/lib/modules -type d -exec chmod 755 {} \; ### install busybox cp $busybox/bin/busybox $out/usr/bin/ $out/usr/bin/busybox --list | xargs -I {} ln -sf busybox $out/usr/bin/{} ### install dbus broker cp -r $dbusBroker/* $out/ ### install kexec cp -Pr ${kexec}/sbin/kexec $out/usr/bin/ ### install dmsetup udev rules cp -P ${lvm2}/usr/bin/dmsetup $out/usr/bin/ cp -P ${lvm2}/lib/libdevmapper.so* $out/usr/lib/ cp -P ${lvm2}/lib/udev/rules.d/* $out/usr/lib/udev/rules.d/ ### install btrfs progs cp -Pr ${btrfs}/bin/* $out/usr/bin/ cp -Pr ${btrfs}/lib/* $out/usr/lib/ ### install tpm2 tools cp -P ${tpm2Tools}/bin/* $out/usr/bin/ cp -P ${tpm2Libs}/lib/*.so* $out/usr/lib/ ### install cryptsetup tools cp -P $cryptsetup/bin/* $out/usr/bin/ ### install lib kmod cp -P $kmodLibs/lib/* $out/usr/lib cp -P $kmodBin/bin/* $out/usr/bin ### install libbpf cp -P $libbpf/lib/libbpf* $out/usr/lib # remove pkgconfig rm -rf $out/usr/lib/pkgconfig cat < $out/etc/passwd root::0:0:root:/root:/bin/sh bin:x:1:1:bin:/bin:/usr/bin/nologin daemon:x:2:2:daemon:/:/usr/bin/nologin mail:x:8:12:mail:/var/spool/mail:/usr/bin/nologin ftp:x:14:11:ftp:/srv/ftp:/usr/bin/nologin http:x:33:33:http:/srv/http:/usr/bin/nologin uuidd:x:68:68:uuidd:/:/usr/bin/nologin messagebus:x:81:81:messagebus:/:/usr/bin/nologin nobody:x:99:99:nobody:/:/usr/bin/nologin systemd-coredump:x:151:992::/var/empty:/usr/bin/nologin systemd-network:x:152:152::/var/empty:/usr/bin/nologin systemd-resolve:x:153:153::/var/empty:/usr/bin/nologin systemd-timesync:x:154:154::/var/empty:/usr/bin/nologin EOF chmod 644 $out/etc/passwd cat < $out/etc/group root:x:0:root bin:x:1:root,bin,daemon daemon:x:2:root,bin,daemon sys:x:3:root,bin adm:x:4:root,daemon tty:x:5: disk:x:6:root lp:x:7:daemon mem:x:8: kmem:x:9: wheel:x:10:root ftp:x:11: mail:x:12: uucp:x:14: log:x:19:root utmp:x:20: locate:x:21: rfkill:x:24: smmsp:x:25: proc:x:26: http:x:33: games:x:50: lock:x:54: uuidd:x:68: messagebus:x:81: systemd-journal:x:62: systemd-network:x:152: systemd-resolve:x:153: systemd-timesync:x:154: systemd-oom:x:991: systemd-coredump:x:992: network:x:90: video:x:91: audio:x:92: optical:x:93: floppy:x:94: storage:x:95: scanner:x:96: input:x:97: power:x:98: nobody:x:99: EOF chmod 644 $out/etc/group ### Find and install all shared libs find $out -type f -executable -exec ldd {} \; | awk '{print $3}' | grep -v systemd | grep -v glibc | grep -v tpm2 | grep -v devmapper | sort -u | xargs -I {} cp {} $out/usr/lib/ find $out -type f -executable -exec chmod 755 {} \; # FIXME: ELF patching. Is there a better way? find $out -type f -executable -exec patchelf --set-rpath /lib:/usr/lib:/usr/lib/systemd:/usr/lib/cryptsetup {} \; find $out -type f -executable -exec patchelf --set-interpreter /lib/ld-linux-x86-64.so.2 {} \; patchelf --remove-rpath $out/usr/lib/ld-linux-x86-64.so.2 # strip binaries find $out -type f -executable -exec strip {} \; find $out -type d -exec chmod 755 {} \;