From 68084dd97d4f3be9afefa80c9805dd46358cecd1 Mon Sep 17 00:00:00 2001
From: Jarkko Oranen <oranenj@iki.fi>
Date: Sun, 5 May 2019 12:17:54 +0300
Subject: [PATCH] Add scripts for building OpenBSD 6.5 images

Bootstrapping requires only an OpenBSD 6.5 base installation plus the
qemu package.
---
 .builds/alpine.yml           |   2 +-
 images/openbsd/.gitignore    |   2 +
 images/openbsd/6.5/functions |   1 +
 images/openbsd/6.5/genimg    |   9 +++
 images/openbsd/build.yml     |  39 ++++++++++++
 images/openbsd/functions     |  39 ++++++++++++
 images/openbsd/genimg        | 117 +++++++++++++++++++++++++++++++++++
 images/openbsd/latest        |   1 +
 8 files changed, 209 insertions(+), 1 deletion(-)
 create mode 100644 images/openbsd/.gitignore
 create mode 120000 images/openbsd/6.5/functions
 create mode 100755 images/openbsd/6.5/genimg
 create mode 100644 images/openbsd/build.yml
 create mode 100644 images/openbsd/functions
 create mode 100755 images/openbsd/genimg
 create mode 120000 images/openbsd/latest

diff --git a/.builds/alpine.yml b/.builds/alpine.yml
index 28bfba0..79ff33d 100644
--- a/.builds/alpine.yml
+++ b/.builds/alpine.yml
@@ -41,4 +41,4 @@ tasks:
       ./pkgkit upload "$remote" "$remote_path" "$project"
   - deploy: |
       ssh $master doas apk upgrade -U
-      ssh $master doas service $project restart
+      ssh -t $master doas service $project restart
diff --git a/images/openbsd/.gitignore b/images/openbsd/.gitignore
new file mode 100644
index 0000000..b903bb2
--- /dev/null
+++ b/images/openbsd/.gitignore
@@ -0,0 +1,2 @@
+workdir
+amd64
diff --git a/images/openbsd/6.5/functions b/images/openbsd/6.5/functions
new file mode 120000
index 0000000..c0b5bcc
--- /dev/null
+++ b/images/openbsd/6.5/functions
@@ -0,0 +1 @@
+../functions
\ No newline at end of file
diff --git a/images/openbsd/6.5/genimg b/images/openbsd/6.5/genimg
new file mode 100755
index 0000000..2ad7fb7
--- /dev/null
+++ b/images/openbsd/6.5/genimg
@@ -0,0 +1,9 @@
+#!/bin/sh
+export arch="${1:-amd64}"
+export openbsd_version="6.5"
+# QEMU requires xbase
+export openbsd_sets="base65.tgz xbase65.tgz"
+export openbsd_kernel="bsd.mp"
+export openbsd_installurl="https://cdn.openbsd.org/pub/OpenBSD"
+export openbsd_public_key="openbsd-65-base.pub"
+exec ../genimg "$@"
diff --git a/images/openbsd/build.yml b/images/openbsd/build.yml
new file mode 100644
index 0000000..85b7273
--- /dev/null
+++ b/images/openbsd/build.yml
@@ -0,0 +1,39 @@
+image: openbsd/latest
+packages:
+  - qemu
+  # OpenBSD 6.5 contains rsync, but it might not be 100% compatible
+  # - rsync
+sources:
+  - https://git.sr.ht/~sircmpwn/builds.sr.ht
+environment:
+  arch: amd64
+  release: "6.5"
+  slaves:
+    - deploy@mio.runners.sr.ht
+    - deploy@yui.runners.sr.ht
+    - deploy@azusa.runners.sr.ht
+secrets:
+  - fa00a8d3-7b63-42d5-8060-3bb31c3e3018
+triggers:
+  - action: email
+    condition: failure
+    to: Drew DeVault <sir@cmpwn.com>
+tasks:
+  - genimg: |
+      cd builds.sr.ht/images/openbsd/$release
+      doas ./genimg $arch
+  - sanity-check: |
+      cd builds.sr.ht
+      MEMORY=256 ./images/control openbsd/$release sanity-check
+#  - deploy: |
+#      cd builds.sr.ht/images/openbsd/$release
+#      sshopts="-o StrictHostKeyChecking=no"
+#      for server in "${slaves[@]}"
+#      do
+#        rsync \
+#          --rsh="ssh $sshopts" -rzP $arch/root.img.qcow2 \
+#          ${server}:/var/lib/images/openbsd/$release/$arch/new_root.img.qcow2
+#        ssh $sshopts $server \
+#          mv /var/lib/images/openbsd/$release/$arch/new_root.img.qcow2 \
+#             /var/lib/images/openbsd/$release/$arch/root.img.qcow2
+#      done
diff --git a/images/openbsd/functions b/images/openbsd/functions
new file mode 100644
index 0000000..ffc67e7
--- /dev/null
+++ b/images/openbsd/functions
@@ -0,0 +1,39 @@
+#!/bin/sh
+poweroff_cmd="doas halt -p"
+default_arch=amd64
+
+boot() {
+	case "$arch" in
+		amd64)
+			qemu=qemu-system-x86_64
+			_boot $(cpu_opts x86_64)
+			;;
+		*)
+			echo "Unsupported architecture $arch" >&2
+			exit 1
+			;;
+	esac
+}
+
+install() {
+	port=$1
+	shift 1
+	guest_ssh -p $port build@localhost -- doas pkg_add "$@"
+}
+
+sanity_check() {
+	echo "Booting..."
+	cmd_boot amd64 8022 qemu &
+	trap 'cmd_cleanup 8022' EXIT
+	_wait_boot 8022
+	echo "Testing doas..."
+	guest_ssh -p 8022 build@localhost doas ls -a
+	echo "Testing networking..."
+	guest_ssh -p 8022 build@localhost ftp -o https://example.org
+	echo "Testing pkg_add..."
+	guest_ssh -p 8022 build@localhost doas pkg_add htop
+	echo "Testing git..."
+	guest_ssh -p 8022 build@localhost git --version
+	echo "Everything works!"
+	guest_ssh -p 8022 build@localhost doas halt -p || true
+}
diff --git a/images/openbsd/genimg b/images/openbsd/genimg
new file mode 100755
index 0000000..7227b45
--- /dev/null
+++ b/images/openbsd/genimg
@@ -0,0 +1,117 @@
+#!/bin/sh -eux
+: "$openbsd_version"
+: "$openbsd_sets"
+: "$openbsd_kernel"
+: "$openbsd_installurl"
+: "$openbsd_public_key"
+
+image_size="16g"
+run_syspatch=NO
+image_packages="bash git"
+
+BUILD_DIR="$PWD"
+mkdir -p "workdir"
+mkdir -p "$arch"
+
+cd_workdir() {
+	cd "$BUILD_DIR"/workdir
+}
+
+cleanup() {
+	sync || true
+	umount -f /mnt || true
+	vnconfig -u vnd0 || true
+}
+trap cleanup EXIT
+
+cd_workdir
+for f in $openbsd_sets $openbsd_kernel SHA256.sig SHA256
+do
+	test -f $f || ftp "${openbsd_installurl}/${openbsd_version}/${arch}/${f}"
+done
+
+signify -Cp /etc/signify/"$openbsd_public_key" \
+	-x SHA256.sig $openbsd_sets $openbsd_kernel
+
+rm -f root.img
+vmctl create root.img -s $image_size
+vnconfig -c vnd0 root.img
+fdisk -iy vnd0
+cat >/tmp/partitions <<EOF
+/ 1G-* 100%
+EOF
+disklabel -w -A -T /tmp/partitions vnd0
+newfs vnd0a
+mount /dev/vnd0a /mnt
+
+for f in $openbsd_sets
+do
+	tar -zxphf "$f" -C /mnt
+done
+
+cp $openbsd_kernel /mnt/bsd
+# lifted from openbsd install.sub to make syspatch work
+cp SHA256.sig /mnt/var/db/installed.SHA256.sig
+sha256 /mnt/bsd | (umask 077; sed 's,/mnt,,' >/mnt/var/db/kernel.SHA256)
+
+tar -zxphf /mnt/var/sysmerge/etc.tgz -C /mnt
+tar -zxphf /mnt/var/sysmerge/xetc.tgz -C /mnt
+
+cat > /mnt/etc/fstab <<EOF
+/dev/sd0a /     ffs rw,wxallowed 1 1
+EOF
+
+cd /mnt/dev
+sh MAKEDEV all
+cd_workdir
+
+cat >>/mnt/etc/ssh/sshd_config <<EOF
+PermitRootLogin yes
+PasswordAuthentication yes
+PermitEmptyPasswords yes
+EOF
+
+echo "build" > /mnt/etc/myname
+echo "10.0.2.2" > /mnt/etc/mygate
+echo "inet 10.0.2.15 255.255.255.128" > /mnt/etc/hostname.vio0
+echo "nameserver 1.1.1.1" > /mnt/etc/resolv.conf
+echo "$openbsd_installurl" > /mnt/etc/installurl
+ln -sf /usr/share/zoneinfo/UTC /mnt/etc/localtime
+
+cat >>/mnt/etc/rc.conf.local <<EOF
+library_aslr=NO
+pf=NO
+sndiod_flags=NO
+EOF
+
+# the username "build" is already used in OpenBSD base, but it probably isn't
+# anything too important; it seems to be used to build xenocara etc.
+chroot /mnt /usr/sbin/pkg_add -u
+chroot /mnt /usr/sbin/pkg_add $image_packages
+chroot /mnt /usr/sbin/userdel build
+# TODO: Remove bash
+chroot /mnt /usr/sbin/adduser \
+	-batch build wheel "Build user" "" -shell bash -s -noconfig
+echo "permit nopass keepenv :wheel" > /mnt/etc/doas.conf
+chroot /mnt /usr/sbin/usermod -p '' build
+
+if [ "$run_syspatch" = "YES" ]
+then
+	chroot /mnt ksh -x /usr/libexec/reorder_kernel
+	chroot /mnt ksh -x /usr/sbin/syspatch
+fi
+
+cat >/mnt/usr/libexec/reorder_kernel <<EOF
+#!/bin/sh
+echo "KARL disabled"
+exit 0
+EOF
+
+echo "boot" >/etc/boot.conf
+
+installboot -r /mnt vnd0
+trap : EXIT
+cleanup
+cd_workdir
+
+qemu-img convert -p -f raw -O qcow2 root.img ../$arch/root.img.qcow2
diff --git a/images/openbsd/latest b/images/openbsd/latest
new file mode 120000
index 0000000..69c9391
--- /dev/null
+++ b/images/openbsd/latest
@@ -0,0 +1 @@
+6.5
\ No newline at end of file
-- 
2.38.5