Feature/multi platform (#1866)

* wip

* wip

* wip

* wip

* wip

* wip

* remove debian dir

* lazy env and git hash

* remove env and git hash on clean

* don't leave project dir

* use docker for native builds

* start9 rust

* correctly mount registry

* remove systemd config

* switch to /usr/bin

* disable sound for now

* wip

* change disk list

* multi-arch images

* multi-arch system images

* default aarch64

* edition 2021

* dynamic wifi interface name

* use wifi interface from config

* bugfixes

* add beep based sound

* wip

* wip

* wip

* separate out raspberry pi specific files

* fixes

* use new initramfs always

* switch journald conf to sed script

* fixes

* fix permissions

* talking about kernel modules not scripts

* fix

* fix

* switch to MBR

* install to /usr/lib

* fixes

* fixes

* fixes

* fixes

* add media config to cfg path

* fixes

* fixes

* fixes

* raspi image fixes

* fix test

* fix workflow

* sync boot partition

* gahhhhh

build/lib/scripts/add-apt-sources

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+set -e
+
+curl -fsSL https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor -o- > /usr/share/keyrings/tor-archive-keyring.gpg
+echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org bullseye main" > /etc/apt/sources.list.d/tor.list
+
+curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o- > /usr/share/keyrings/docker-archive-keyring.gpg
+echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian bullseye stable" > /etc/apt/sources.list.d/docker.list

build/lib/scripts/embassy-initramfs-module

@@ -0,0 +1,96 @@
+# Local filesystem mounting			-*- shell-script -*-
+
+#
+# This script overrides local_mount_root() in /scripts/local
+# and mounts root as a read-only filesystem with a temporary (rw)
+# overlay filesystem.
+#
+
+. /scripts/local
+
+local_mount_root()
+{
+	echo 'using embassy initramfs module'
+
+	local_top
+	local_device_setup "${ROOT}" "root file system"
+	ROOT="${DEV}"
+
+	# Get the root filesystem type if not set
+	if [ -z "${ROOTFSTYPE}" ]; then
+		FSTYPE=$(get_fstype "${ROOT}")
+	else
+		FSTYPE=${ROOTFSTYPE}
+	fi
+
+	local_premount
+
+	# CHANGES TO THE ORIGINAL FUNCTION BEGIN HERE
+	# N.B. this code still lacks error checking
+
+	modprobe ${FSTYPE}
+	checkfs ${ROOT} root "${FSTYPE}"
+
+	if [ "${FSTYPE}" != "unknown" ]; then
+		mount -t ${FSTYPE} ${ROOTFLAGS} ${ROOT} ${rootmnt}
+	else
+		mount ${ROOTFLAGS} ${ROOT} ${rootmnt}
+	fi
+
+	echo 'mounting embassyfs'
+
+	mkdir /embassyfs
+
+	mount --move ${rootmnt} /embassyfs
+
+	if ! [ -d /embassyfs/current ] && [ -d /embassyfs/prev ]; then
+		mv /embassyfs/prev /embassyfs/current
+	fi
+
+	if ! [ -d /embassyfs/current ]; then
+		mkdir /embassyfs/current
+		for FILE in $(ls /embassyfs); do
+			if [ "$FILE" != current ]; then
+				mv /embassyfs/$FILE /embassyfs/current/
+			fi
+		done
+	fi
+
+	mkdir -p /embassyfs/config
+
+	if [ -f /embassyfs/config/upgrade ] && [ -d /embassyfs/next ]; then
+		mv /embassyfs/current /embassyfs/prev
+		mv /embassyfs/next /embassyfs/current
+		rm /embassyfs/config/upgrade
+	fi
+
+	if ! [ -d /embassyfs/next ]; then
+		if [ -d /embassyfs/prev ]; then
+			mv /embassyfs/prev /embassyfs/next
+		else
+			mkdir /embassyfs/next
+		fi
+	fi
+
+	mkdir /lower /upper
+
+	mount -r --bind /embassyfs/current /lower
+
+	modprobe overlay || insmod "/lower/lib/modules/$(uname -r)/kernel/fs/overlayfs/overlay.ko"
+
+	# Mount a tmpfs for the overlay in /upper
+	mount -t tmpfs tmpfs /upper
+	mkdir /upper/data /upper/work
+
+	# Mount the final overlay-root in $rootmnt
+	mount -t overlay \
+	    -olowerdir=/lower,upperdir=/upper/data,workdir=/upper/work \
+	    overlay ${rootmnt}
+
+	mkdir -p ${rootmnt}/media/embassy/config
+	mount --bind /embassyfs/config ${rootmnt}/media/embassy/config
+	mkdir -p ${rootmnt}/media/embassy/next
+	mount --bind /embassyfs/next ${rootmnt}/media/embassy/next
+	mkdir -p ${rootmnt}/media/embassy/embassyfs
+	mount -r --bind /embassyfs ${rootmnt}/media/embassy/embassyfs
+}

build/lib/scripts/grub-probe-eos

@@ -0,0 +1,34 @@
+#!/bin/sh
+
+ARGS=
+
+for ARG in $@; do
+ if [ "${ARG%%[!/]*}" = "/" ]; then
+
+  OPTIONS=
+
+  path="$ARG"
+  while true; do
+   if FSTYPE=$( findmnt -n -o FSTYPE "$path" ); then
+    if [ "$FSTYPE" = "overlay" ]; then
+  OPTIONS=$(findmnt -n -o OPTIONS "$path")
+  break
+ else
+  break
+    fi
+   fi
+   if [ "$path" = "/" ]; then break; fi
+   path=$(dirname "$path")
+  done
+
+  if LOWERDIR=$(echo "$OPTIONS" | grep -m 1 -oP 'lowerdir=\K[^,]+'); then
+   #echo "[DEBUG] Overlay filesystem detected ${ARG} --> ${LOWERDIR}${ARG%*/}" 1>&2
+   ARG=/media/embassy/embassyfs"${ARG%*/}"
+  fi
+ fi
+ ARGS="$ARGS $ARG"
+done
+
+grub-probe-default $ARGS
+
+exit $?

build/lib/scripts/install

@@ -0,0 +1,122 @@
+#!/bin/bash
+
+set -e
+
+function partition_for () {
+    if [[ "$1" =~ [0-9]+$ ]]; then
+        echo "$1p$2"
+    else
+        echo "$1$2"
+    fi
+}
+
+OSDISK=$1
+if [ -z "$OSDISK" ]; then
+  >&2 echo 'usage: embassy-install <TARGET DISK>'
+  exit 1
+fi
+
+WIFI_IFACE=
+for IFACE in $(ls /sys/class/net); do
+    if [ -d /sys/class/net/$IFACE/wireless ]; then
+        WIFI_IFACE=$IFACE
+        break
+    fi
+done
+
+ETH_IFACE=
+for IFACE in $(ls /sys/class/net); do
+    if ! [ -d /sys/class/net/$IFACE/wireless ] && [ -d /sys/class/net/$IFACE/device ]; then
+        ETH_IFACE=$IFACE
+        break
+    fi
+done
+if [ -z "$ETH_IFACE" ]; then
+    >&2 echo 'Could not detect ethernet interface'
+    exit 1
+fi
+
+(
+  echo o      # GPT
+  echo n      # New Partition
+  echo p      #   Primary
+  echo 1      #   Index #1
+  echo        #   Default Starting Position
+  echo '+1G'  #   1GB
+  echo t      #   Change Type
+  echo 0b     #     W95 FAT32
+  echo a      #   Set Bootable
+  echo n      # New Partition
+  echo p      #   Primary
+  echo 2      #   Index #2
+  echo        #   Default Starting Position
+  echo '+15G' #   15GB
+  echo n      # New Partition
+  echo p      #   Primary
+  echo 3      #   Index #3
+  echo        #   Default Starting Position
+  echo        #   Use Full Remaining
+  echo t      #   Change Type
+  echo 3      #     (Still Index #3)
+  echo 8e     #     Linux LVM
+  echo w      # Write Changes
+) | fdisk $OSDISK
+
+BOOTPART=`partition_for $OSDISK 1`
+ROOTPART=`partition_for $OSDISK 2`
+
+mkfs.vfat $BOOTPART
+fatlabel $BOOTPART boot
+
+mkfs.ext4 $ROOTPART
+e2label $ROOTPART rootfs
+
+mount $ROOTPART /mnt
+mkdir /mnt/config
+mkdir /mnt/current
+mkdir /mnt/next
+
+mkdir /mnt/current/boot
+mount $BOOTPART /mnt/current/boot
+
+unsquashfs -f -d /mnt/current /cdrom/casper/filesystem.squashfs
+
+cat > /mnt/config/config.yaml << EOF
+os-partitions:
+  boot: $BOOTPART
+  root: $ROOTPART
+ethernet-interface: $ETH_IFACE
+EOF
+
+if [ -n "$WIFI_IFACE" ]; then
+    echo "wifi-interface: $WIFI_IFACE" >> /mnt/config/config.yaml
+fi
+
+# gen fstab
+cat > /mnt/current/etc/fstab << EOF
+$BOOTPART   /boot   vfat    defaults    0   2
+$ROOTPART   /       ext4    defaults    0   1
+EOF
+
+# gen machine-id
+chroot /mnt/current systemd-machine-id-setup
+
+# gen ssh host keys
+ssh-keygen -t rsa /mnt/current/etc/ssh_host_rsa_key
+ssh-keygen -t ecdsa /mnt/current/etc/ssh_host_ecdsa_key
+ssh-keygen -t ed25519 /mnt/current/etc/ssh_host_ed25519_key
+
+mount --bind /dev /mnt/current/dev
+mount --bind /sys /mnt/current/sys
+mount --bind /proc /mnt/current/proc
+
+chroot /mnt/current update-grub
+chroot /mnt/current grub-install $OSDISK
+
+umount /mnt/current/dev
+umount /mnt/current/sys
+umount /mnt/current/proc
+
+umount /mnt/current/boot
+
+umount /mnt

build/lib/scripts/postinst

@@ -0,0 +1,93 @@
+#!/bin/sh
+set -e
+
+SYSTEMCTL=systemctl
+if [ -n "$DPKG_MAINTSCRIPT_PACKAGE" ]; then
+	  SYSTEMCTL=deb-systemd-helper
+fi
+
+if [ -f /usr/sbin/grub-probe ]; then
+  mv /usr/sbin/grub-probe /usr/sbin/grub-probe-default
+  ln -s /usr/lib/embassy/scripts/grub-probe-eos /usr/sbin/grub-probe
+fi
+
+cp /usr/lib/embassy/scripts/embassy-initramfs-module /etc/initramfs-tools/scripts/embassy
+
+if ! grep overlay /etc/initramfs-tools/modules > /dev/null; then
+    echo overlay >> /etc/initramfs-tools/modules
+fi
+
+update-initramfs -u -k all
+
+if [ -f /etc/default/grub ]; then
+    sed -i '/\(^\|#\)GRUB_CMDLINE_LINUX=/c\GRUB_CMDLINE_LINUX="boot=embassy"' /etc/default/grub
+fi
+
+# change timezone
+rm -f /etc/localtime
+ln -s /usr/share/zoneinfo/Etc/UTC /etc/localtime
+
+# switch to systemd-resolved & network-manager
+echo "#" > /etc/network/interfaces
+ln -rsf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
+cat << EOF > /etc/NetworkManager/NetworkManager.conf
+[main]
+plugins=ifupdown,keyfile
+dns=systemd-resolved
+
+[ifupdown]
+managed=true
+EOF
+$SYSTEMCTL enable systemd-resolved.service
+$SYSTEMCTL disable wpa_supplicant.service
+
+$SYSTEMCTL disable postgresql.service
+$SYSTEMCTL disable bluetooth.service
+$SYSTEMCTL disable hciuart.service
+$SYSTEMCTL disable triggerhappy.service
+
+$SYSTEMCTL mask sleep.target
+$SYSTEMCTL mask suspend.target
+$SYSTEMCTL mask hibernate.target
+$SYSTEMCTL mask hybrid-sleep.target
+
+if which gsettings > /dev/null; then
+    gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout '0'
+    gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-timeout '0'
+fi
+
+sed -i 's/Restart=on-failure/Restart=always/g' /lib/systemd/system/tor@default.service
+sed -i 's/ExecStart=\/usr\/bin\/dockerd/ExecStart=\/usr\/bin\/dockerd --exec-opt native.cgroupdriver=systemd/g' /lib/systemd/system/docker.service
+sed -i '/}/i \ \ \ \ application\/wasm \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ wasm;' /etc/nginx/mime.types
+sed -i 's/# server_names_hash_bucket_size 64;/server_names_hash_bucket_size 128;/g' /etc/nginx/nginx.conf
+sed -i '/\(^\|#\)entries-per-entry-group-max=/c\entries-per-entry-group-max=128' /etc/avahi/avahi-daemon.conf
+sed -i '/\(^\|#\)Storage=/c\Storage=persistent' /etc/systemd/journald.conf
+sed -i '/\(^\|#\)Compress=/c\Compress=yes' /etc/systemd/journald.conf
+sed -i '/\(^\|#\)SystemMaxUse=/c\SystemMaxUse=1G' /etc/systemd/journald.conf
+sed -i '/\(^\|#\)ForwardToSyslog=/c\ForwardToSyslog=no' /etc/systemd/journald.conf
+mkdir -p /etc/docker
+ln -sf /usr/lib/embassy/docker-engine.slice /etc/systemd/system/docker-engine.slice
+echo '{ "cgroup-parent": "docker-engine.slice" }' > /etc/docker/daemon.json
+mkdir -p /etc/nginx/ssl
+
+# fix to suppress docker warning, fixed in 21.xx release of docker cli: https://github.com/docker/cli/pull/2934
+mkdir -p /root/.docker
+touch /root/.docker/config.json
+
+cat << EOF > /etc/tor/torrc
+SocksPort 0.0.0.0:9050
+SocksPolicy accept 127.0.0.1
+SocksPolicy accept 172.18.0.0/16
+SocksPolicy reject *
+ControlPort 9051
+CookieAuthentication 1
+EOF
+
+rm -rf /var/lib/tor/*
+
+echo "fs.inotify.max_user_watches=1048576" > /etc/sysctl.d/97-embassy.conf
+
+rm -f /etc/motd
+ln -sf /usr/lib/embassy/motd /etc/update-motd.d/00-embassy
+chmod -x /etc/update-motd.d/*
+chmod +x /etc/update-motd.d/00-embassy