diff --git a/Makefile b/Makefile index 2082a7099..def2fa8dd 100644 --- a/Makefile +++ b/Makefile @@ -226,7 +226,7 @@ wormhole-squashfs: results/$(BASENAME).squashfs $(eval SQFS_SIZE := $(shell du -s --bytes results/$(BASENAME).squashfs | awk '{print $$1}')) @echo "Paste the following command into the shell of your StartOS server:" @echo - @wormhole send results/$(BASENAME).squashfs 2>&1 | awk -Winteractive '/wormhole receive/ { printf "sudo sh -c '"'"'/usr/lib/startos/scripts/prune-images $(SQFS_SIZE) && /usr/lib/startos/scripts/prune-boot && cd /media/startos/images && wormhole receive --accept-file %s && CHECKSUM=$(SQFS_SUM) /usr/lib/startos/scripts/use-img ./$(BASENAME).squashfs'"'"'\n", $$3 }' + @wormhole send results/$(BASENAME).squashfs 2>&1 | awk -Winteractive '/wormhole receive/ { printf "sudo sh -c '"'"'/usr/lib/startos/scripts/prune-images $(SQFS_SIZE) && /usr/lib/startos/scripts/prune-boot && cd /media/startos/images && wormhole receive --accept-file %s && CHECKSUM=$(SQFS_SUM) /usr/lib/startos/scripts/upgrade ./$(BASENAME).squashfs'"'"'\n", $$3 }' update: $(STARTOS_TARGETS) @if [ -z "$(REMOTE)" ]; then >&2 echo "Must specify REMOTE" && false; fi @@ -254,7 +254,7 @@ update-squashfs: results/$(BASENAME).squashfs $(call ssh,'/usr/lib/startos/scripts/prune-images $(SQFS_SIZE)') $(call ssh,'/usr/lib/startos/scripts/prune-boot') $(call cp,results/$(BASENAME).squashfs,/media/startos/images/next.rootfs) - $(call ssh,'sudo CHECKSUM=$(SQFS_SUM) /usr/lib/startos/scripts/use-img /media/startos/images/next.rootfs') + $(call ssh,'sudo CHECKSUM=$(SQFS_SUM) /usr/lib/startos/scripts/upgrade /media/startos/images/next.rootfs') emulate-reflash: $(STARTOS_TARGETS) @if [ -z "$(REMOTE)" ]; then >&2 echo "Must specify REMOTE" && false; fi diff --git a/build/dpkg-deps/depends b/build/dpkg-deps/depends index 46f1dfe86..00625f41b 100644 --- a/build/dpkg-deps/depends +++ b/build/dpkg-deps/depends @@ -20,7 +20,6 @@ flashrom fuse3 grub-common grub-efi -grub2-common htop httpdirfs iotop diff --git a/build/dpkg-deps/raspberrypi.depends b/build/dpkg-deps/raspberrypi.depends index 95673daea..64f847a4a 100644 --- a/build/dpkg-deps/raspberrypi.depends +++ b/build/dpkg-deps/raspberrypi.depends @@ -1,6 +1,5 @@ - grub-common - grub-efi -- grub2-common + parted + raspberrypi-net-mods + raspberrypi-sys-mods diff --git a/build/lib/scripts/chroot-and-upgrade b/build/lib/scripts/chroot-and-upgrade index 346596d13..8a3bcd68f 100755 --- a/build/lib/scripts/chroot-and-upgrade +++ b/build/lib/scripts/chroot-and-upgrade @@ -10,24 +10,24 @@ fi POSITIONAL_ARGS=() while [[ $# -gt 0 ]]; do - case $1 in - --no-sync) - NO_SYNC=1 - shift - ;; - --create) - ONLY_CREATE=1 - shift - ;; - -*|--*) - echo "Unknown option $1" - exit 1 - ;; - *) - POSITIONAL_ARGS+=("$1") # save positional arg - shift # past argument - ;; - esac + case $1 in + --no-sync) + NO_SYNC=1 + shift + ;; + --create) + ONLY_CREATE=1 + shift + ;; + -*|--*) + echo "Unknown option $1" + exit 1 + ;; + *) + POSITIONAL_ARGS+=("$1") # save positional arg + shift # past argument + ;; + esac done set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters @@ -35,7 +35,7 @@ set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters if [ -z "$NO_SYNC" ]; then echo 'Syncing...' umount -R /media/startos/next 2> /dev/null - umount -R /media/startos/upper 2> /dev/null + umount /media/startos/upper 2> /dev/null rm -rf /media/startos/upper /media/startos/next mkdir /media/startos/upper mount -t tmpfs tmpfs /media/startos/upper @@ -43,8 +43,6 @@ if [ -z "$NO_SYNC" ]; then mount -t overlay \ -olowerdir=/media/startos/current,upperdir=/media/startos/upper/data,workdir=/media/startos/upper/work \ overlay /media/startos/next - mkdir -p /media/startos/next/media/startos/root - mount --bind /media/startos/root /media/startos/next/media/startos/root fi if [ -n "$ONLY_CREATE" ]; then @@ -56,12 +54,18 @@ mkdir -p /media/startos/next/dev mkdir -p /media/startos/next/sys mkdir -p /media/startos/next/proc mkdir -p /media/startos/next/boot +mkdir -p /media/startos/next/media/startos/root mount --bind /run /media/startos/next/run mount --bind /tmp /media/startos/next/tmp mount --bind /dev /media/startos/next/dev mount --bind /sys /media/startos/next/sys mount --bind /proc /media/startos/next/proc mount --bind /boot /media/startos/next/boot +mount --bind /media/startos/root /media/startos/next/media/startos/root + +if mountpoint /sys/firmware/efi/efivars 2> /dev/null; then + mount --bind /sys/firmware/efi/efivars /media/startos/next/sys/firmware/efi/efivars +fi if [ -z "$*" ]; then chroot /media/startos/next @@ -71,6 +75,10 @@ else CHROOT_RES=$? fi +if mountpoint /media/startos/next/sys/firmware/efi/efivars 2> /dev/null; then + umount /media/startos/next/sys/firmware/efi/efivars +fi + umount /media/startos/next/run umount /media/startos/next/tmp umount /media/startos/next/dev @@ -88,10 +96,10 @@ if [ "$CHROOT_RES" -eq 0 ]; then echo 'Upgrading...' if ! time mksquashfs /media/startos/next /media/startos/images/next.squashfs -b 4096 -comp gzip; then - umount -R /media/startos/next - umount -R /media/startos/upper - rm -rf /media/startos/upper /media/startos/next - exit 1 + umount -l /media/startos/next + umount -l /media/startos/upper + rm -rf /media/startos/upper /media/startos/next + exit 1 fi hash=$(b3sum /media/startos/images/next.squashfs | head -c 32) mv /media/startos/images/next.squashfs /media/startos/images/${hash}.rootfs @@ -103,5 +111,5 @@ if [ "$CHROOT_RES" -eq 0 ]; then fi umount -R /media/startos/next -umount -R /media/startos/upper +umount /media/startos/upper rm -rf /media/startos/upper /media/startos/next \ No newline at end of file diff --git a/build/lib/scripts/upgrade b/build/lib/scripts/upgrade new file mode 100755 index 000000000..ee56e5c76 --- /dev/null +++ b/build/lib/scripts/upgrade @@ -0,0 +1,82 @@ +#!/bin/bash + +set -e + +SOURCE_DIR="$(dirname $(realpath "${BASH_SOURCE[0]}"))" + +if [ "$UID" -ne 0 ]; then + >&2 echo 'Must be run as root' + exit 1 +fi + +if ! [ -f "$1" ]; then + >&2 echo "usage: $0 " + exit 1 +fi + +echo 'Upgrading...' + +hash=$(b3sum $1 | head -c 32) +if [ -n "$2" ] && [ "$hash" != "$CHECKSUM" ]; then + >&2 echo 'Checksum mismatch' + exit 2 +fi + +unsquashfs -f -d / $1 boot + +umount -R /media/startos/next 2> /dev/null || true +umount /media/startos/upper 2> /dev/null || true +umount /media/startos/lower 2> /dev/null || true + +mkdir -p /media/startos/upper +mount -t tmpfs tmpfs /media/startos/upper +mkdir -p /media/startos/lower /media/startos/upper/data /media/startos/upper/work /media/startos/next +mount $1 /media/startos/lower +mount -t overlay \ + -olowerdir=/media/startos/lower,upperdir=/media/startos/upper/data,workdir=/media/startos/upper/work \ + overlay /media/startos/next + +mkdir -p /media/startos/next/run +mkdir -p /media/startos/next/dev +mkdir -p /media/startos/next/sys +mkdir -p /media/startos/next/proc +mkdir -p /media/startos/next/boot +mkdir -p /media/startos/next/media/startos/root +mount --bind /run /media/startos/next/run +mount --bind /tmp /media/startos/next/tmp +mount --bind /dev /media/startos/next/dev +mount --bind /sys /media/startos/next/sys +mount --bind /proc /media/startos/next/proc +mount --bind /boot /media/startos/next/boot +mount --bind /media/startos/root /media/startos/next/media/startos/root + +if mountpoint /boot/efi 2> /dev/null; then + mkdir -p /media/startos/next/boot/efi + mount --bind /boot/efi /media/startos/next/boot/efi +fi + +if mountpoint /sys/firmware/efi/efivars 2> /dev/null; then + mount --bind /sys/firmware/efi/efivars /media/startos/next/sys/firmware/efi/efivars +fi + +chroot /media/startos/next bash -e << "EOF" + +if dpkg -s grub-common 2>&1 > /dev/null; then + grub-install /dev/$(eval $(lsblk -o MOUNTPOINT,PKNAME -P | grep 'MOUNTPOINT="/media/startos/root"') && echo $PKNAME) + update-grub +fi + +EOF + +sync + +umount -R /media/startos/next +umount /media/startos/upper +umount /media/startos/lower + +mv $1 /media/startos/images/${hash}.rootfs +ln -rsf /media/startos/images/${hash}.rootfs /media/startos/config/current.rootfs + +sync + +echo 'System upgrade complete. Reboot to apply changes...' \ No newline at end of file diff --git a/build/lib/scripts/use-img b/build/lib/scripts/use-img deleted file mode 100755 index bbe530302..000000000 --- a/build/lib/scripts/use-img +++ /dev/null @@ -1,61 +0,0 @@ -#!/bin/bash - -set -e - -if [ "$UID" -ne 0 ]; then - >&2 echo 'Must be run as root' - exit 1 -fi - -if [ -z "$1" ]; then - >&2 echo "usage: $0 " - exit 1 -fi - -VERSION=$(unsquashfs -cat $1 /usr/lib/startos/VERSION.txt) -GIT_HASH=$(unsquashfs -cat $1 /usr/lib/startos/GIT_HASH.txt) -B3SUM=$(b3sum $1 | head -c 32) - -if [ -n "$CHECKSUM" ] && [ "$CHECKSUM" != "$B3SUM" ]; then - >&2 echo "CHECKSUM MISMATCH" - exit 2 -fi - -mv $1 /media/startos/images/${B3SUM}.rootfs -ln -rsf /media/startos/images/${B3SUM}.rootfs /media/startos/config/current.rootfs - -unsquashfs -n -f -d / /media/startos/images/${B3SUM}.rootfs boot - -umount -R /media/startos/next 2> /dev/null || true -umount -R /media/startos/lower 2> /dev/null || true -umount -R /media/startos/upper 2> /dev/null || true - -rm -rf /media/startos/lower /media/startos/upper /media/startos/next -mkdir /media/startos/upper -mount -t tmpfs tmpfs /media/startos/upper -mkdir -p /media/startos/lower /media/startos/upper/data /media/startos/upper/work /media/startos/next -mount /media/startos/images/${B3SUM}.rootfs /media/startos/lower -mount -t overlay \ - -olowerdir=/media/startos/lower,upperdir=/media/startos/upper/data,workdir=/media/startos/upper/work \ - overlay /media/startos/next -mkdir -p /media/startos/next/media/startos/root -mount --bind /media/startos/root /media/startos/next/media/startos/root -mkdir -p /media/startos/next/dev -mkdir -p /media/startos/next/sys -mkdir -p /media/startos/next/proc -mkdir -p /media/startos/next/boot -mount --bind /dev /media/startos/next/dev -mount --bind /sys /media/startos/next/sys -mount --bind /proc /media/startos/next/proc -mount --bind /boot /media/startos/next/boot - -chroot /media/startos/next update-grub2 - -umount -R /media/startos/next -umount -R /media/startos/upper -umount -R /media/startos/lower -rm -rf /media/startos/lower /media/startos/upper /media/startos/next - -sync - -reboot \ No newline at end of file diff --git a/container-runtime/update-image.sh b/container-runtime/update-image.sh index 287117f46..069d6a07d 100755 --- a/container-runtime/update-image.sh +++ b/container-runtime/update-image.sh @@ -9,7 +9,7 @@ if [ "$ARCH" = "riscv64" ]; then RUST_ARCH="riscv64gc" fi -if mountpoint -q tmp/combined; then sudo umount -R tmp/combined; fi +if mountpoint -q tmp/combined; then sudo umount -l tmp/combined; fi if mountpoint -q tmp/lower; then sudo umount tmp/lower; fi sudo rm -rf tmp mkdir -p tmp/lower tmp/upper tmp/work tmp/combined diff --git a/core/build-ts.sh b/core/build-ts.sh index c62fe165d..63b4cddb8 100755 --- a/core/build-ts.sh +++ b/core/build-ts.sh @@ -35,5 +35,5 @@ echo "FEATURES=\"$FEATURES\"" echo "RUSTFLAGS=\"$RUSTFLAGS\"" rust-zig-builder cargo test --manifest-path=./core/Cargo.toml $BUILD_FLAGS --no-default-features --features test,$FEATURES --locked 'export_bindings_' if [ "$(ls -nd "core/startos/bindings" | awk '{ print $3 }')" != "$UID" ]; then - rust-zig-builder sh -c "chown -R $UID:$UID core/target chown -R $UID:$UID core/startos/bindings && chown -R $UID:$UID /root/.cargo" + rust-zig-builder sh -c "chown -R $UID:$UID core/target && chown -R $UID:$UID core/startos/bindings && chown -R $UID:$UID /root/.cargo" fi \ No newline at end of file diff --git a/core/builder-alias.sh b/core/builder-alias.sh index 760c0bf0e..e940efd76 100644 --- a/core/builder-alias.sh +++ b/core/builder-alias.sh @@ -5,4 +5,4 @@ if tty -s; then USE_TTY="-it" fi -alias 'rust-zig-builder'='docker run '"$USE_TTY"' --rm -e "RUSTFLAGS=$RUSTFLAGS" -e "CFLAGS=-D_FORTIFY_SOURCE=2" -e "CXXFLAGS=-D_FORTIFY_SOURCE=2" -e SCCACHE_GHA_ENABLED -e SCCACHE_GHA_VERSION -e ACTIONS_RESULTS_URL -e ACTIONS_RUNTIME_TOKEN -v "$HOME/.cargo/registry":/root/.cargo/registry -v "$HOME/.cargo/git":/root/.cargo/git -v "$HOME/.cache/sccache":/root/.cache/sccache -v "$(pwd)":/workdir -w /workdir -P start9/cargo-zigbuild' +alias 'rust-zig-builder'='docker run '"$USE_TTY"' --rm -e "RUSTFLAGS=$RUSTFLAGS" -e "CFLAGS=-D_FORTIFY_SOURCE=2" -e "CXXFLAGS=-D_FORTIFY_SOURCE=2" -e SCCACHE_GHA_ENABLED -e SCCACHE_GHA_VERSION -e ACTIONS_RESULTS_URL -e ACTIONS_RUNTIME_TOKEN -v "$HOME/.cargo/registry":/usr/local/cargo/registry -v "$HOME/.cargo/git":/root/.cargo/git -v "$HOME/.cache/sccache":/root/.cache/sccache -v "$(pwd)":/workdir -w /workdir -P start9/cargo-zigbuild' diff --git a/core/startos/src/disk/mount/util.rs b/core/startos/src/disk/mount/util.rs index 292345a59..1e0e84952 100644 --- a/core/startos/src/disk/mount/util.rs +++ b/core/startos/src/disk/mount/util.rs @@ -48,7 +48,6 @@ pub async fn bind, P1: AsRef>( pub async fn unmount>(mountpoint: P, lazy: bool) -> Result<(), Error> { tracing::debug!("Unmounting {}.", mountpoint.as_ref().display()); let mut cmd = tokio::process::Command::new("umount"); - cmd.arg("-R"); if lazy { cmd.arg("-l"); } diff --git a/core/startos/src/net/tor/ctor.rs b/core/startos/src/net/tor/ctor.rs index 83011bd36..e956e551e 100644 --- a/core/startos/src/net/tor/ctor.rs +++ b/core/startos/src/net/tor/ctor.rs @@ -889,7 +889,8 @@ async fn torctl( } } } - Err(Error::new(eyre!("Log stream terminated"), ErrorKind::Tor)) + // Err(Error::new(eyre!("Log stream terminated"), ErrorKind::Tor)) + Ok(()) }; let health_checker = async { let mut last_success = Instant::now(); diff --git a/core/startos/src/os_install/mod.rs b/core/startos/src/os_install/mod.rs index 3581eaa50..892cc52ae 100644 --- a/core/startos/src/os_install/mod.rs +++ b/core/startos/src/os_install/mod.rs @@ -375,7 +375,7 @@ pub async fn execute( Command::new("chroot") .arg(overlay.path()) - .arg("update-grub2") + .arg("update-grub") .invoke(crate::ErrorKind::Grub) .await?; dev.unmount(false).await?; diff --git a/core/startos/src/update/mod.rs b/core/startos/src/update/mod.rs index a14c86fc9..161157d25 100644 --- a/core/startos/src/update/mod.rs +++ b/core/startos/src/update/mod.rs @@ -417,9 +417,7 @@ async fn do_update( prune_phase.complete(); download_phase.start(); - let path = Path::new("/media/startos/images") - .join(hex::encode(&asset.commitment.hash[..16])) - .with_extension("rootfs"); + let path = Path::new("/media/startos/images/next.squashfs"); let mut dst = AtomicFile::new(&path, None::<&Path>) .await .with_kind(ErrorKind::Filesystem)?; @@ -446,81 +444,16 @@ async fn do_update( .arg("-d") .arg("/") .arg(&path) - .arg("boot") + .arg("/usr/lib/startos/scripts/upgrade") .invoke(crate::ErrorKind::Filesystem) .await?; - if &*PLATFORM != "raspberrypi" { - let mountpoint = "/media/startos/next"; - let root_guard = OverlayGuard::mount( - TmpMountGuard::mount(&BlockDev::new(&path), MountType::ReadOnly).await?, - mountpoint, - ) - .await?; - let startos = MountGuard::mount( - &Bind::new("/media/startos/root"), - root_guard.path().join("media/startos/root"), - MountType::ReadOnly, - ) - .await?; - let boot_guard = MountGuard::mount( - &Bind::new("/boot"), - root_guard.path().join("boot"), - MountType::ReadWrite, - ) - .await?; - let dev = MountGuard::mount( - &Bind::new("/dev"), - root_guard.path().join("dev"), - MountType::ReadWrite, - ) - .await?; - let proc = MountGuard::mount( - &Bind::new("/proc"), - root_guard.path().join("proc"), - MountType::ReadWrite, - ) - .await?; - let sys = MountGuard::mount( - &Bind::new("/sys"), - root_guard.path().join("sys"), - MountType::ReadWrite, - ) - .await?; - let efivarfs = if tokio::fs::metadata("/sys/firmware/efi").await.is_ok() { - Some( - MountGuard::mount( - &EfiVarFs, - root_guard.path().join("sys/firmware/efi/efivars"), - MountType::ReadWrite, - ) - .await?, - ) - } else { - None - }; - Command::new("chroot") - .arg(root_guard.path()) - .arg("grub-install") - .invoke(crate::ErrorKind::Grub) - .await?; + let checksum = hex::encode(&asset.commitment.hash[..16]); - Command::new("chroot") - .arg(root_guard.path()) - .arg("update-grub2") - .invoke(ErrorKind::Grub) - .await?; - - if let Some(efivarfs) = efivarfs { - efivarfs.unmount(false).await?; - } - sys.unmount(false).await?; - proc.unmount(false).await?; - dev.unmount(false).await?; - boot_guard.unmount(false).await?; - startos.unmount(false).await?; - root_guard.unmount(false).await?; - } + Command::new("/usr/lib/startos/scripts/upgrade") + .env("CHECKSUM", &checksum) + .invoke(ErrorKind::Grub) + .await?; sync_boot_phase.complete(); finalize_phase.start(); diff --git a/image-recipe/run-local-build.sh b/image-recipe/run-local-build.sh index 307f065d0..78b0e49fb 100755 --- a/image-recipe/run-local-build.sh +++ b/image-recipe/run-local-build.sh @@ -7,6 +7,11 @@ BASEDIR="$(pwd -P)" SUITE=trixie +USE_TTY= +if tty -s; then + USE_TTY="-it" +fi + dockerfile_hash=$(sha256sum ${BASEDIR}/image-recipe/Dockerfile | head -c 7) docker_img_name="startos_build:${SUITE}-${dockerfile_hash}" diff --git a/sdk/base/lib/osBindings/SignerInfo.ts b/sdk/base/lib/osBindings/SignerInfo.ts index 7e7aa2588..76cbdafce 100644 --- a/sdk/base/lib/osBindings/SignerInfo.ts +++ b/sdk/base/lib/osBindings/SignerInfo.ts @@ -1,9 +1,3 @@ // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually. -import type { AnyVerifyingKey } from "./AnyVerifyingKey" -import type { ContactInfo } from "./ContactInfo" -export type SignerInfo = { - name: string - contact: Array - keys: Array -} +export type SignerInfo = { name: string }