Feature/debian runtime (#2600)

* wip * fix build * run debian update in systemd-nspawn * bugfix * fix build * free up space before image build
2026-04-01 21:13:09 +00:00 · 2024-04-15 10:00:56 -06:00
parent 156bf02d21
commit 711c82472c
13 changed files with 131 additions and 45 deletions
--- a/container-runtime/Dockerfile
+++ b/container-runtime/Dockerfile
@@ -1,4 +0,0 @@
-FROM node:18-alpine
-
-ADD ./startInit.js /usr/local/lib/startInit.js
-ADD ./entrypoint.sh /usr/local/bin/entrypoint.sh
--- a/container-runtime/container-runtime.service
+++ b/container-runtime/container-runtime.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=StartOS Container Runtime
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/node --experimental-detect-module --unhandled-rejections=warn /usr/lib/startos/init/index.js
+
+[Install]
+WantedBy=multi-user.target
--- a/container-runtime/containerRuntime.rc
+++ b/container-runtime/containerRuntime.rc
@@ -1,10 +0,0 @@
-#!/sbin/openrc-run
-
-name=containerRuntime
-#cfgfile="/etc/containerRuntime/containerRuntime.conf"
-command="/usr/bin/node"
-command_args="--experimental-detect-module --unhandled-rejections=warn /usr/lib/startos/init/index.js"
-pidfile="/run/containerRuntime.pid"
-command_background="yes"
-output_log="/var/log/containerRuntime.log"
-error_log="/var/log/containerRuntime.err"
--- a/container-runtime/deb-install.sh
+++ b/container-runtime/deb-install.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+set -e
+
+mkdir -p /run/systemd/resolve
+echo "nameserver 8.8.8.8" > /run/systemd/resolve/stub-resolv.conf
+
+apt-get update
+apt-get install -y curl rsync
+
+curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash
+source ~/.bashrc
+nvm install 20
+
+ln -s $(which node) /usr/bin/node
+
+systemctl enable container-runtime.service
+
+rm -rf /run/systemd
--- a/container-runtime/download-base-image.sh
+++ b/container-runtime/download-base-image.sh
@@ -4,8 +4,8 @@ cd "$(dirname "${BASH_SOURCE[0]}")"

 set -e

-DISTRO=alpine
-VERSION=3.19
+DISTRO=debian
+VERSION=bookworm
 ARCH=${ARCH:-$(uname -m)}
 FLAVOR=default

@@ -16,4 +16,4 @@ elif [ "$_ARCH" = "aarch64" ]; then
    _ARCH=arm64
 fi

-curl https://images.linuxcontainers.org/$(curl --silent https://images.linuxcontainers.org/meta/1.0/index-system | grep "^$DISTRO;$VERSION;$_ARCH;$FLAVOR;" | head -n1 | sed 's/^.*;//g')/rootfs.squashfs --output alpine.${ARCH}.squashfs
+curl https://images.linuxcontainers.org/$(curl --silent https://images.linuxcontainers.org/meta/1.0/index-system | grep "^$DISTRO;$VERSION;$_ARCH;$FLAVOR;" | head -n1 | sed 's/^.*;//g')/rootfs.squashfs --output debian.${ARCH}.squashfs
--- a/container-runtime/src/Adapters/Systems/SystemForEmbassy/MainLoop.ts
+++ b/container-runtime/src/Adapters/Systems/SystemForEmbassy/MainLoop.ts
@@ -40,6 +40,7 @@ export class MainLoop {
      ...system.manifest.main.args,
    ]

+    await this.setupInterfaces(effects)
    await effects.setMainStatus({ status: "running" })
    const jsMain = (this.system.moduleCode as any)?.jsMain
    const dockerProcedureContainer = await DockerProcedureContainer.of(
@@ -69,6 +70,52 @@ export class MainLoop {
    }
  }

+  private async setupInterfaces(effects: HostSystemStartOs) {
+    for (const interfaceId in this.system.manifest.interfaces) {
+      const iface = this.system.manifest.interfaces[interfaceId]
+      const internalPorts = new Set<number>()
+      for (const port of Object.values(
+        iface["tor-config"]?.["port-mapping"] || {},
+      )) {
+        internalPorts.add(parseInt(port))
+      }
+      for (const port of Object.values(iface["lan-config"] || {})) {
+        internalPorts.add(port.internal)
+      }
+      for (const internalPort of internalPorts) {
+        const torConf = Object.entries(
+          iface["tor-config"]?.["port-mapping"] || {},
+        )
+          .map(([external, internal]) => ({
+            internal: parseInt(internal),
+            external: parseInt(external),
+          }))
+          .find((conf) => conf.internal == internalPort)
+        const lanConf = Object.entries(iface["lan-config"] || {})
+          .map(([external, conf]) => ({
+            external: parseInt(external),
+            ...conf,
+          }))
+          .find((conf) => conf.internal == internalPort)
+        await effects.bind({
+          kind: "multi",
+          id: interfaceId,
+          internalPort,
+          preferredExternalPort: torConf?.external || internalPort,
+          scheme: "http",
+          secure: null,
+          addSsl: lanConf?.ssl
+            ? {
+                scheme: "https",
+                preferredExternalPort: lanConf.external,
+                alpn: { specified: ["http/1.1"] },
+              }
+            : null,
+        })
+      }
+    }
+  }
+
  public async clean(options?: { timeout?: number }) {
    const { mainEvent, healthLoops } = this
    const main = await mainEvent
--- a/container-runtime/src/Adapters/Systems/SystemForEmbassy/matchManifest.ts
+++ b/container-runtime/src/Adapters/Systems/SystemForEmbassy/matchManifest.ts
@@ -68,13 +68,24 @@ export const matchManifest = object(
    volumes: dictionary([string, matchVolume]),
    interfaces: dictionary([
      string,
-      object({
-        name: string,
-        "tor-config": object({}),
-        "lan-config": object({}),
-        ui: boolean,
-        protocols: array(string),
-      }),
+      object(
+        {
+          name: string,
+          "tor-config": object({
+            "port-mapping": dictionary([string, string]),
+          }),
+          "lan-config": dictionary([
+            string,
+            object({
+              ssl: boolean,
+              internal: number,
+            }),
+          ]),
+          ui: boolean,
+          protocols: array(string),
+        },
+        ["lan-config", "tor-config"],
+      ),
    ]),
    backup: object({
      create: matchProcedure,
--- a/container-runtime/update-image.sh
+++ b/container-runtime/update-image.sh
@@ -4,12 +4,11 @@ cd "$(dirname "${BASH_SOURCE[0]}")"

 set -e

-
-
-if mountpoint tmp/combined; then sudo umount tmp/combined; fi
+if mountpoint tmp/combined; then sudo umount -R tmp/combined; fi
 if mountpoint tmp/lower; then sudo umount tmp/lower; fi
+sudo rm -rf tmp
 mkdir -p tmp/lower tmp/upper tmp/work tmp/combined
-sudo mount alpine.${ARCH}.squashfs tmp/lower
+sudo mount debian.${ARCH}.squashfs tmp/lower
 sudo mount -t overlay -olowerdir=tmp/lower,upperdir=tmp/upper,workdir=tmp/work overlay tmp/combined

 QEMU=
@@ -18,21 +17,21 @@ if [ "$ARCH" != "$(uname -m)" ]; then
    sudo cp $(which qemu-$ARCH-static) tmp/combined${QEMU}
 fi

-echo "nameserver 8.8.8.8" | sudo tee tmp/combined/etc/resolv.conf # TODO - delegate to host resolver?
-sudo chroot tmp/combined $QEMU /sbin/apk add nodejs rsync
 sudo mkdir -p tmp/combined/usr/lib/startos/
 sudo rsync -a --copy-unsafe-links dist/ tmp/combined/usr/lib/startos/init/
-sudo cp containerRuntime.rc tmp/combined/etc/init.d/containerRuntime
+sudo chown -R 0:0 tmp/combined/usr/lib/startos/
+sudo cp container-runtime.service tmp/combined/lib/systemd/system/container-runtime.service
+sudo chown 0:0 tmp/combined/lib/systemd/system/container-runtime.service
 sudo cp ../core/target/$ARCH-unknown-linux-musl/release/containerbox tmp/combined/usr/bin/start-cli
-sudo chmod +x tmp/combined/etc/init.d/containerRuntime
-sudo chroot tmp/combined $QEMU /sbin/rc-update add containerRuntime default
+sudo chown 0:0 tmp/combined/usr/bin/start-cli
+echo container-runtime | sha256sum | head -c 32 | cat - <(echo) | sudo tee tmp/combined/etc/machine-id
+cat deb-install.sh | sudo systemd-nspawn --console=pipe -D tmp/combined $QEMU /bin/bash
+sudo truncate -s 0 tmp/combined/etc/machine-id

 if [ -n "$QEMU" ]; then
    sudo rm tmp/combined${QEMU}
 fi

-sudo truncate -s 0 tmp/combined/etc/resolv.conf
-sudo chown -R 0:0 tmp/combined
 rm -f rootfs.${ARCH}.squashfs
 mkdir -p ../build/lib/container-runtime
 sudo mksquashfs tmp/combined rootfs.${ARCH}.squashfs