From 29900d8bd595c2645d4a40f26434b651a3991730 Mon Sep 17 00:00:00 2001 From: Stefan Majer Date: Wed, 10 Jan 2024 12:25:51 +0100 Subject: [PATCH] Update u-root and userspace to debian-11 (#105) --- Dockerfile | 12 +++++++++--- Makefile | 5 +++-- cmd/storage/wipe.go | 4 ++-- go.mod | 2 +- go.sum | 2 ++ main.go | 17 +++++++++++++---- 6 files changed, 30 insertions(+), 12 deletions(-) diff --git a/Dockerfile b/Dockerfile index a725f1ab..cafde9fe 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,10 +11,12 @@ RUN curl -fLsS https://sourceforge.net/projects/e1000/files/ice%20stable/${ICE_V && mkdir -p /lib/firmware/intel/ice/ddp/ \ && mv ice-${ICE_VERSION}/ddp/ice-${ICE_PKG_VERSION}.pkg /work/ice.pkg -FROM golang:1.14-buster as initrd-builder -ENV UROOT_GIT_SHA_OR_TAG=v0.7.0 +# ipmitool from bookworm is broken and returns with error on most commands +FROM golang:1.20-bullseye as initrd-builder +ENV UROOT_GIT_SHA_OR_TAG=v0.11.0 RUN apt-get update \ && apt-get install -y --no-install-recommends \ + ca-certificates \ curl \ dosfstools \ e2fsprogs \ @@ -30,7 +32,9 @@ RUN apt-get update \ nvme-cli \ pciutils \ strace \ - util-linux + util-linux \ + # this is required, otherwise uroot complains that these files already exist + && rm -f /etc/passwd /etc/lvm/lvmlocal.conf RUN mkdir -p ${GOPATH}/src/github.com/u-root \ && cd ${GOPATH}/src/github.com/u-root \ && git clone https://github.com/u-root/u-root \ @@ -38,6 +42,8 @@ RUN mkdir -p ${GOPATH}/src/github.com/u-root \ && git checkout ${UROOT_GIT_SHA_OR_TAG} \ && GO111MODULE=off go install WORKDIR /work +RUN mkdir -p /work/etc/lvm /work/etc/ssl/certs /work/lib/firmware/intel/ice/ddp/ /work/var/run \ + && cp /usr/share/zoneinfo/Etc/UTC /work/etc/localtime COPY lvmlocal.conf metal.key metal.key.pub passwd varrun Makefile .git /work/ COPY --from=r.metal-stack.io/metal/supermicro:2.12.0 /usr/bin/sum /work/ COPY --from=builder /common /common diff --git a/Makefile b/Makefile index 6ecf2462..11f0a9e1 100644 --- a/Makefile +++ b/Makefile @@ -32,6 +32,7 @@ ramdisk: -format=cpio -build=bb \ -defaultsh=/bin/bash \ -files="bin/metal-hammer:bbin/uinit" \ + -files="/etc/ssl/certs/ca-certificates.crt:etc/ssl/certs/ca-certificates.crt" \ -files="/etc/localtime:etc/localtime" \ -files="/bin/bash:bin/bash" \ -files="/sbin/blkid:sbin/blkid" \ @@ -56,8 +57,8 @@ ramdisk: -files="/sbin/mdmon:sbin/mdmon" \ -files="/sbin/sgdisk:sbin/sgdisk" \ -files="/sbin/wipefs:sbin/wipefs" \ - -files="/etc/ssl/certs/ca-certificates.crt:etc/ssl/certs/ca-certificates.crt" \ - -files="/usr/lib/x86_64-linux-gnu/libnss_files.so:lib/libnss_files.so.2" \ + -files="/lib/x86_64-linux-gnu/libnss_files-2.31.so:lib/x86_64-linux-gnu/libnss_files-2.31.so" \ + -files="/lib/x86_64-linux-gnu/libnss_files.so.2:lib/x86_64-linux-gnu/libnss_files.so.2" \ -files="passwd:etc/passwd" \ -files="varrun:var/run/keep" \ -files="ice.pkg:lib/firmware/intel/ice/ddp/ice.pkg" \ diff --git a/cmd/storage/wipe.go b/cmd/storage/wipe.go index 2f02d5dd..24f332ad 100644 --- a/cmd/storage/wipe.go +++ b/cmd/storage/wipe.go @@ -124,7 +124,7 @@ func isNVMeDisk(device string) bool { } // Secure erase is done via: -// nvme-cli --format --ses=1 /dev/nvme0n1 +// nvme-cli --format --force --ses=1 /dev/nvme0n1 // see: https://github.com/linux-nvme/nvme-cli/blob/master/Documentation/nvme-format.txt // // TODO: configure qemu to map a disk with the nvme format: @@ -132,7 +132,7 @@ func isNVMeDisk(device string) bool { // https://github.com/arunar/nvmeqemu func (d *Disks) secureEraseNVMe(device string) error { d.log.Infow("wipe", "disk", device, "message", "start very fast deleting of existing data") - err := os.ExecuteCommand(command.NVME, "--format", "--ses=1", device) + err := os.ExecuteCommand(command.NVME, "--format", "--force", "--ses=1", device) if err != nil { return fmt.Errorf("unable to secure erase nvme disk %s %w", device, err) } diff --git a/go.mod b/go.mod index 6eed8952..c8eb39c3 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/vishvananda/netlink v1.2.1-beta.2 go.uber.org/zap v1.26.0 // TODO remove once we really migrated the build to 1.21 - golang.org/x/exp v0.0.0-20231108232855-2478ac86f678 + golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa golang.org/x/sync v0.5.0 golang.org/x/sys v0.14.0 google.golang.org/grpc v1.59.0 diff --git a/go.sum b/go.sum index 7ce7af8a..4a09c742 100644 --- a/go.sum +++ b/go.sum @@ -336,6 +336,8 @@ golang.org/x/crypto v0.15.0 h1:frVn1TEaCEaZcn3Tmd7Y2b5KKPaZ+I32Q2OA3kYp5TA= golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g= golang.org/x/exp v0.0.0-20231108232855-2478ac86f678 h1:mchzmB1XO2pMaKFRqk/+MV3mgGG96aqaPXaMifQU47w= golang.org/x/exp v0.0.0-20231108232855-2478ac86f678/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE= +golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa h1:FRnLl4eNAQl8hwxVVC17teOw8kdjVDVAiFMtgUdTSRQ= +golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= diff --git a/main.go b/main.go index 393b04e5..8dbadac3 100644 --- a/main.go +++ b/main.go @@ -3,6 +3,7 @@ package main import ( "fmt" "os" + "syscall" "time" "github.com/metal-stack/v" @@ -23,7 +24,13 @@ func main() { panic("cmd args are not supported") } - err := updateResolvConf() + err := syscall.Unmount("/etc", syscall.MNT_FORCE) + if err != nil { + fmt.Printf("unable to umount /etc, which is overmounted with tmpfs %s", err) + os.Exit(1) + } + + err = updateResolvConf() if err != nil { fmt.Printf("error updating resolv.conf %s", err) os.Exit(1) @@ -87,9 +94,11 @@ func updateResolvConf() error { symlink := "/etc/resolv.conf" target := "/proc/net/pnp" - err := os.Remove(symlink) - if err != nil { - return err + if _, err := os.Stat(symlink); !os.IsNotExist(err) { + err := os.Remove(symlink) + if err != nil { + return err + } } return os.Symlink(target, symlink)