first

.gitignore

@@ -0,0 +1 @@
+src/cache/

LICENSE

@@ -0,0 +1,13 @@
+Copyright (c) 2023 Samuel 'sk4nz' AUBERTIN sk4nz@www.sk4.nz
+
+Permission to use, copy, modify, and distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

Makefile

@@ -0,0 +1,7 @@
+OPACK_TARGET=		demo
+OPACK_SYS_HEADLESS=		false
+
+include src/opack.mk
+
+all: opack
+

README.md

@@ -0,0 +1,100 @@
+# skz-opack 
+Sk4nZ OpenBSD Packer
+-----
+*Samuel 'sk4nz' AUBERTIN*
+
+**skz-opack** enables simple execution of [OpenBSD](https://www.openbsd.org) virtual machines from a Linux host or Google Cloud Compute, leveraging Packer and Vagrant, from a Makefile target named `opack`.
+
+## Installation Instructions
+
+To get started with **skz-opack**, follow these steps:
+
+1. Clone the repository using the following command:
+    ```sh
+    git clone https://www.sk4.nz/skz-opack.git
+    ```
+2. Ensure you have the following dependencies installed:
+    - GNU Make
+    - [libvirt](https://libvirt.org/)
+    - [Vagrant](https://www.vagrantup.com/)
+    - [Vagrant-Libvirt module](https://github.com/vagrant-libvirt/vagrant-libvirt)
+
+3. Use the project by including `path/to/skz-opack/src/opack.mk` and invoking the `opack` target in your Makefile to create and manage OpenBSD virtual machines with Packer and Vagrant.
+
+## Available make targets
+Available make target are `opack`, `clean` and `cleancache`.
+
+## Examples 
+### Quick example
+
+Here is the shortest Makefile that can be used to leverage skz-opack:
+
+```make
+OPACK_TARGET=   demo # the VM name
+include path/to/src/opack.mk # mandatory
+```
+
+After invokation with `make opack`, it will download, install, and run the latest OpenBSD release in a local VM.
+Once executed, the VM is running and it is possible to log into it using the `vagrant ssh` command.
+Then, `make clean` will remove the VM, but not the vagrant image. When reinvoking `make opack`, the already existing image will be reused.
+
+### Complex Example
+
+In this example, we will demonstrate how to use **skz-opack** to create an OpenBSD -current virtual machine with 4 CPUs, 1GB of RAM, and name it "run-current."
+
+```make
+OPACK_TARGET=       run-current
+OPACK_SYS_VERSION=  snapshots
+OPACK_SYS_CPU=      4
+OPACK_SYS_MEMORY=   1024
+
+include path/to/src/opack.mk
+
+all: opack 
+        vagrant ssh -c "uname -a; sysctl kern.version"
+```
+
+In this Makefile:
+
+- **OPACK_TARGET** specifies the name of the virtual machine as "run-current."
+- **OPACK_SYS_VERSION** sets the OpenBSD version to "snapshots," indicating the -current version.
+- **OPACK_SYS_CPU** allocates 4 CPUs to the VM.
+- **OPACK_SYS_MEMORY** assigns 1GB of RAM to the VM.
+
+Making "opack" a dependency target of "all" will ensure **skz-opack** operates before any command in the "all" target. Try it with `make all` !
+
+Once the "opack" target dependency is finished, the Vm is running and the system kernel version is outputted. This example showcases how to customize and run **skz-opack** for your specific needs. Every option ending with an `?` in "src/options.mk" can be overrided in the invoking Makefile.
+
+### GCP example
+
+TODO
+
+## Troubleshooting
+
+Overrides should happen before the include of "opack.mk".
+
+## Structure
+
+In the "src" directory, are located the following files:
+
+- **autodisklabel**: This file provides the partitioning layout for the installer and can be customized by using the `OPACK_AUTODISKLABEL_FILE` option.
+- **defines.mk**: Contains internal skz-opack definitions for Packer and Vagrant.
+- **opack.mk**: To use skz-opack in your projects, simply include this file in your Makefiles.
+- **opack-provision.sh**: This file is executed for post-installation provisioning with Packer and can be customized using the `OPACK_PROVISION_FILE` option.
+- **options.mk**: This file is where all skz-opack options are declared. Options are always in the `OPACK_[OPTION NAME]` format.
+- **packerfile-gcp.mk**: Special Packerfile for Google Cloud Compute upload.
+- **packerfile.mk**: Generic Packerfile for local execution.
+- **vagrantfile.mk**: Contains Vagrantfile definitions for local execution.
+- **vagrant-provision.sh**: This file is executed for pre-run provisioning with Vagrant and can be customized using the `OPACK_RUNTIME_PROVISION_FILE` option.
+
+## License
+
+**skz-opack** is distributed under the [OpenBSD License](https://www.openbsd.org/policy.html). See the [LICENSE](LICENSE) file for more details.
+
+## References
+
+For more information on the tools used in this project, refer to the following resources:
+
+- [Packer](https://www.packer.io/)
+- [Vagrant](https://www.vagrantup.com/)
+

TODOs

@@ -0,0 +1,8 @@
+tests:
+local
+
+gcp
+
+dependencies:
+vagrant 
+libvirt ?

src/autodisklabel

@@ -0,0 +1,2 @@
+/              256M-* 90%
+swap           1G-16G 10% 

src/defines.mk

@@ -0,0 +1,57 @@
+define newline
+
+
+endef
+
+define OPACK_INSTALL_CONTENT =
+Choose your keyboard layout = fr
+System hostname = $(OPACK_SYS_HOSTNAME)-$(OPACK_TARGET)
+Which network interface = vio0
+IPv4 address for vio0 = dhcp
+IPv6 address for vio0 = none
+Password for root account = $(OPACK_SYS_PASSWORD)
+Public ssh key for root account = $(OPACK_SYS_SSH_KEY)
+Allow root ssh login = prohibit-password
+Do you expect to run the X Window System = $(OPACK_SYS_XENOCARA)
+Setup a user = $(OPACK_SYS_USER)
+Password for user $(OPACK_SYS_USER) = $(OPACK_SYS_PASSWORD)
+Public ssh key for $(OPACK_SYS_USER) = $(OPACK_SYS_SSH_KEY)
+Allow root ssh login = prohibit-password
+What timezone = $(OPACK_SYS_TIMEZONE)
+Which disk = sd0
+Use (W)hole disk or (E)dit the MBR = whole
+URL to autopartitioning template for disklabel = file:/autodisklabel
+Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout = A
+Location of sets = $(OPACK_SYS_SETS_LOCATION)
+HTTP Server = $(OPACK_SYS_SERVER)
+Server directory = pub/OpenBSD/$(OPACK_SYS_VERSION)/$(OPACK_SYS_ARCHITECTURE)
+Unable to connect using https. Use http instead = yes
+Pathname to the sets = $(OPACK_SYS_VERSION_MAJOR).$(OPACK_SYS_VERSION_MINOR)/amd64
+Set name(s) = $(OPACK_SYS_SETS) done
+Directory does not contain SHA256.sig. Continue without verification = $(OPACK_NO_SIGCHK)
+Signature check of SHA256.sig failed. Continue without verification = no
+Cannot determine prefetch area. Continue without verification = yes
+Location of sets? = done
+
+endef
+
+define OPACK_METADATA_CONTENT =
+{
+  "name": "$(OPACK_BOX_TAG)",
+  "description": "OPACK - $(OPACK_COMMIT)",
+  "versions": [
+    {
+      "version": "$(OPACK_BOX_VERSION)",
+      "providers": [
+        {
+          "name": "libvirt",
+          "url": "$(OPACK_BOX_FILE)",
+          "checksum_type": "sha256",
+          "checksum": "$(OPACK_BOX_FILE_SHA256)"
+        }
+      ]
+    }
+  ]
+}
+
+endef

src/opack-provision.sh

@@ -0,0 +1,18 @@
+#!/bin/sh 
+set -e
+set +x 
+
+(
+        echo OPACK: Starting provisioning.
+        sysctl -n kern.version
+        printf 'permit nopass :wheel\n' > /etc/doas.conf
+        printf 'PasswordAuthentication yes\nPermitRootLogin yes\n' >> /etc/ssh/sshd_config
+	pkg_add -u 2> /dev/null || pkg_add -u -D snap 2> /dev/null
+	rm -f /etc/ssh/ssh_host*
+        find /var/log -type f | while read f; do echo -ne '' > $f; done
+        find /tmp -type f | while read f; do echo -ne '' > $f; done
+        sync
+        sync
+        echo OPACK: provisionning done.
+)
+exit 0

src/opack.mk

@@ -0,0 +1,93 @@
+.PHONY: clean cleancache cleanall opack
+.DEFAULT_GOAL := opack 
+
+OPACK_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
+
+define OPACK_BANNER 
+________                       __    
+\_____  \ ___________    ____ |  | __
+ /   |   \\____ \__  \ _/ ___\|  |/ /
+/    |    \  |_> > __ \\  \___|    < 
+\_______  /   __(____  /\___  >__|_ \ 
+        \/|__|       \/     \/     \/
+
+endef
+
+$(info $(OPACK_BANNER))
+
+include $(OPACK_DIR)/options.mk
+include $(OPACK_DIR)/defines.mk
+include $(OPACK_DIR)/packerfile.mk
+include $(OPACK_DIR)/packerfile-gcp.mk
+include $(OPACK_DIR)/vagrantfile.mk
+
+$(OPACK_PACKER_HTTP_DIR) $(OPACK_PACKER_DIR) ../$(OPACK_CACHE_DIR): 
+	@mkdir -p $@
+
+$(OPACK_PACKER_DIR)/vagrant.key: | $(OPACK_PACKER_DIR)
+	@curl -s -o $@ https://raw.githubusercontent.com/hashicorp/vagrant/master/keys/vagrant
+
+$(OPACK_PACKER_DIR)/opack.json: | $(OPACK_PACKER_DIR)
+	@printf '$(subst $(newline),\n,$(OPACK_PACKER_CONTENT))' > $@
+
+$(OPACK_PACKER_DIR)/bucket.json:
+	@printf '{ "name": "$(GCE_BUCKET)", "location": "$(GCE_BUCKET_LOCATION)", "storageClass": "STANDARD", "iamConfiguration": {"uniformBucketLevelAccess": { "enabled": true }, } }' > $@
+
+$(OPACK_PACKER_DIR)/opack-cloud.json: | $(OPACK_PACKER_DIR) $(OPACK_PACKER_DIR)/bucket.json
+	@printf '$(subst $(newline),\n,$(OPACK_PACKER_CLOUD_CONTENT))' > $@
+	@curl -X POST -s -o /dev/null \
+		--data-binary @$(OPACK_PACKER_DIR)/bucket.json \
+		-H "Authorization: Bearer $(STORAGE_TOKEN)" \
+		-H "Content-Type: application/json" \
+		"https://storage.googleapis.com/storage/v1/b?project=$(GCE_PROJECT)"
+	@curl -X DELETE -s -o /dev/null \
+		-H "Authorization: Bearer $(IMAGE_TOKEN)" \
+		"https://compute.googleapis.com/compute/v1/projects/$(GCE_PROJECT)/global/images/$(OPACK_TARGET)"
+
+$(OPACK_PACKER_HTTP_DIR)/install.conf: | $(OPACK_PACKER_HTTP_DIR)
+	@printf '$(subst $(newline),\n,$(OPACK_INSTALL_CONTENT))' > $@
+
+$(OPACK_PACKER_HTTP_DIR)/autodisklabel: | $(OPACK_PACKER_HTTP_DIR)
+	@cp $(OPACK_AUTODISKLABEL_FILE) $@
+
+$(OPACK_PROVISION_FILE):
+	@echo you need to write $@ && exit 1
+
+../id_ed25519:
+	@echo you need to generate the ssh key with 'make sshkey' && exit 1
+
+$(OPACK_BOX_FILE): | $(OPACK_PACKER_DIR)/opack.json $(OPACK_PACKER_DIR)/vagrant.key $(OPACK_PROVISION_FILE) $(OPACK_PACKER_HTTP_DIR)/install.conf $(OPACK_PACKER_HTTP_DIR)/autodisklabel
+	@cd $(OPACK_PACKER_DIR) &&\
+		CHECKPOINT_DISABLE=1 PACKER_CACHE_DIR=../../$(OPACK_CACHE_DIR)\
+		packer build\
+		-timestamp-ui opack.json &&\
+		rm -rf $(OPACK_PACKER_DIR)
+
+$(OPACK_META_FILE): $(OPACK_BOX_FILE)
+	@printf '$(subst $(OPACK_BOX_FILE_SHA256),$(shell sha256sum $(OPACK_BOX_FILE) | awk '{print $$1}'),$(subst $(newline),\n,$(OPACK_METADATA_CONTENT)))' > $@
+	@vagrant box add -f --name $(OPACK_BOX_TAG) $(OPACK_META_FILE)
+
+$(OPACK_VAGRANT_FILE):
+	@printf '$(subst $(newline),\n,$(OPACK_VAGRANT_CONTENT))' > $@
+	
+
+opack: $(OPACK_META_FILE) $(OPACK_VAGRANT_FILE)
+	@vagrant up 
+
+opack-cloud: | $(OPACK_PACKER_DIR)/opack-cloud.json ../id_ed25519 $(OPACK_PROVISION_FILE) $(OPACK_PACKER_HTTP_DIR)/install.conf $(OPACK_PACKER_HTTP_DIR)/autodisklabel
+	@cd $(OPACK_PACKER_DIR) &&\
+		CHECKPOINT_DISABLE=1 PACKER_CACHE_DIR=../../$(OPACK_CACHE_DIR)\
+		packer build\
+		-timestamp-ui opack-cloud.json | tee -a ../$@ &&\
+		rm -rf $(OPACK_PACKER_DIR)
+
+clean: 
+	@-vagrant destroy -f 2>/dev/null
+	@-cd terraform_??????? 2>/dev/null && terraform destroy -auto-approve && cd .. && rm -rf terraform_???????
+	@-rm -rf $(OPACK_VAGRANT_FILE) opack_build_$(OPACK_SHORT_REV) *.log ssh-config .vagrant *.json
+
+cleancache:
+	@-vagrant box remove -f --all $(OPACK_BOX_TAG) 2>/dev/null
+	@-rm -rf $(OPACK_CACHE_DIR)
+
+cleanall: clean cleancache

src/options.mk

@@ -0,0 +1,128 @@
+OPACK_DEBUG=yes
+# Enable debugging mode if OPACK_DEBUG is set to 'yes'
+
+ifndef OPACK_DEBUG
+.SILENT:
+$(info OPACK_DEBUG)
+else
+endif
+
+OPACK_SYS_HOSTNAME?=	opack
+# Set the hostname of the virtual machine to 'opack' if not specified
+
+OPACK_SYS_USER?=	opack	
+# Set the username for the virtual machine to 'opack' if not specified
+
+OPACK_SYS_PASSWORD?=	opack	
+# Set the password for the virtual machine to 'opack' if not specified
+
+OPACK_SYS_DISK_SIZE?=	4096
+# Set the disk size of the virtual machine to 4096 MB if not specified
+
+OPACK_SYS_MEMORY?=	512
+# Set the memory (RAM) size of the virtual machine to 512 MB if not specified
+
+OPACK_SYS_CPU?=		1
+# Set the number of CPUs for the virtual machine to 1 if not specified
+
+OPACK_SYS_SERVER?=cdn.openbsd.org
+# Set the OpenBSD package server to 'cdn.openbsd.org' if not specified
+
+OPACK_SYS_ARCHITECTURE?=amd64
+# Set the architecture for the virtual machine to 'amd64' if not specified
+
+OPACK_SYS_RELEASE?=$(shell basename -s .html $(shell curl -s https://www.openbsd.org/ | grep released | cut -d '"' -f 2))
+# Automatically determine the OpenBSD release based on the OpenBSD website
+
+OPACK_SYS_VERSION_MAJOR=$(shell echo $(OPACK_SYS_RELEASE) | cut -c 1)
+OPACK_SYS_VERSION_MINOR=$(shell echo $(OPACK_SYS_RELEASE) | cut -c 2)
+OPACK_SYS_VERSION?=$(OPACK_SYS_VERSION_MAJOR).$(OPACK_SYS_VERSION_MINOR)
+# Extract major and minor version components from the release and construct the version string
+
+ifeq ($(OPACK_SYS_VERSION), snapshots)
+ifeq ($(shell (curl -s https://$(OPACK_SYS_SERVER)/pub/OpenBSD/snapshots/$(OPACK_SYS_ARCHITECTURE)/SHA256 | grep cd$(OPACK_SYS_RELEASE).iso > /dev/null && echo OK) || echo KO), KO)
+$(eval OPACK_SYS_RELEASE=$(shell echo $$(($(OPACK_SYS_RELEASE)+1))))
+OPACK_SYS_VERSION_MAJOR=$(shell echo $(OPACK_SYS_RELEASE) | cut -c 1)
+OPACK_SYS_VERSION_MINOR=$(shell echo $(OPACK_SYS_RELEASE) | cut -c 2)
+endif
+endif
+# Check if the OpenBSD version is 'snapshots' and automatically increment it if needed
+
+OPACK_SYS_XENOCARA?=no
+# Set whether to include Xenocara (X Window System) in the virtual machine to 'no' by default
+
+OPACK_SYS_SETS?=+* -x* +xbase* -game* -comp* -man* -bsd.rd
+# Define the sets of files/packages to install in the virtual machine
+
+OPACK_SYS_TIMEZONE?=Europe/Paris
+# Set the timezone for the virtual machine to 'Europe/Paris' by default
+
+OPACK_SYS_SSH_KEY?=$(shell curl -s https://raw.githubusercontent.com/hashicorp/vagrant/master/keys/vagrant.pub)
+# Automatically fetch the Vagrant SSH key
+
+OPACK_PACKER_VERSION?=$$(curl -s https://checkpoint-api.hashicorp.com/v1/check/packer | jq -r .current_version)
+# Automatically fetch the latest Packer version
+
+OPACK_PACKER_HTTP_DIR?=$(OPACK_PACKER_DIR)/http
+# Define the Packer HTTP directory
+
+OPACK_SYS_ISO_URL?=https://$(OPACK_SYS_SERVER)/pub/OpenBSD/$(OPACK_SYS_VERSION)/$(OPACK_SYS_ARCHITECTURE)/cd$(OPACK_SYS_RELEASE).iso
+# Define the URL to fetch the OpenBSD ISO image
+
+OPACK_SYS_ISO_SHA256SUM?=$(shell curl -s https://$(OPACK_SYS_SERVER)/pub/OpenBSD/$(OPACK_SYS_VERSION)/$(OPACK_SYS_ARCHITECTURE)/SHA256 | grep cd$(OPACK_SYS_RELEASE).iso | cut -d"=" -f2 | tr -d ' ')
+# Calculate the SHA256 sum of the OpenBSD ISO image
+
+OPACK_COMMIT?=$(shell git log --oneline -n 1 --abbrev-commit --date=short --pretty=format:"%h %ad %s" 2&>/dev/null || echo latest)
+OPACK_SHORT_REV?=$(shell git rev-parse --short HEAD 2&>/dev/null || echo latest)
+# Obtain Git commit information
+
+OPACK_SYS_SETS_LOCATION?=http
+# Set the location to fetch the sets from to 'http'
+
+OPACK_NO_SIGCHK?=no
+# Set whether to skip signature checking to 'no' by default
+
+OPACK_SYS_HEADLESS?=true
+# Set whether the virtual machine runs in headless mode to 'true' by default
+
+OPACK_CACHE_DIR?=$(OPACK_DIR)cache
+# Define the directory for caching
+
+OPACK_BOX_FILE?=$(OPACK_CACHE_DIR)/$(OPACK_TARGET).box
+$(info BOX $(OPACK_BOX_FILE))
+# Define the path to the Vagrant box file and output info
+
+OPACK_META_FILE?=$(OPACK_TARGET).json
+# Define the metadata file for the Vagrant box
+
+OPACK_BOX_VERSION?=1.$(shell date +%s).$(OPACK_SHORT_REV)
+# Define the version of the Vagrant box
+
+OPACK_BOX_FILE_SHA256?=XXXtoreplaceXXX
+# Define the SHA256 sum for the Vagrant box file
+
+OPACK_BOX_TAG?=opack/$(OPACK_TARGET)
+# Define the Docker image tag for the Vagrant box
+
+OPACK_PACKER_DIR?=opack_build_$(OPACK_SHORT_REV)
+# Define the directory for Packer build
+
+OPACK_PROVISION_FILE?=$(OPACK_DIR)opack-provision.sh
+# Define the provisioning script for Packer
+
+OPACK_AUTODISKLABEL_FILE?=$(OPACK_DIR)autodisklabel
+# Define the autodisklabel file
+
+OPACK_VAGRANT_FILE=Vagrantfile
+# Define the Vagrantfile
+
+OPACK_RUNTIME_PROVISION_FILE?=$(OPACK_DIR)vagrant-provision.sh
+# Define the runtime provisioning script for Vagrant
+
+ifdef OPACK_DEBUG
+$(info HOSTNAME = $(OPACK_SYS_HOSTNAME) USER = $(OPACK_SYS_USER) PASSWORD = $(OPACK_SYS_PASSWORD))
+$(info DISK-SIZE = $(OPACK_SYS_DISK_SIZE)m ARCH = $(OPACK_SYS_ARCHITECTURE) CPU = $(OPACK_SYS_CPU) MEMORY = $(OPACK_SYS_MEMORY)m)
+$(info RELEASE = $(OPACK_SYS_RELEASE) VERSION = $(OPACK_SYS_VERSION) SERVER = $(OPACK_SYS_SERVER))
+$(info X = $(OPACK_SYS_XENOCARA) SETS = $(OPACK_SYS_SETS) NO-SIGNATURE = $(OPACK_NO_SIGCHK) HEADLESS = $(OPACK_SYS_HEADLESS))
+endif
+

src/packerfile-gcp.mk

@@ -0,0 +1,81 @@
+define OPACK_PACKER_CLOUD_CONTENT =
+{
+	"description": "OpenBSD $(OPACK_SYS_VERSION) $(OPACK_SYS_ARCHITECTURE) cloud",
+		"variables": {
+			"box_tag": "$(OPACK_SYS_HOSTNAME)-$(OPACK_TARGET)-{{ timestamp }}",
+			"disk_size": "$(OPACK_SYS_DISK_SIZE)",
+			"memory": "$(OPACK_SYS_MEMORY)",
+			"cpus": "$(OPACK_SYS_CPU)",
+			"gcloud_account_json": "../../$(GCE_JSON_KEY)",
+			"gcloud_project_id": "$(GCE_PROJECT)",
+			"version": "$(OPACK_BOX_VERSION)" },
+		"builders": [ {
+			"type": "qemu",
+			"format": "raw",
+			"vm_name": "disk.raw",
+			"cpus": "{{user `cpus`}}",
+			"memory": "{{user `memory`}}",
+			"headless": $(OPACK_SYS_HEADLESS),
+			"boot_key_interval": "10ms",
+			"disk_size": "{{user `disk_size`}}",
+			"disk_interface": "virtio",
+			"disk_compression": true,
+			"http_directory": "./http",
+			"iso_urls": "$(OPACK_SYS_ISO_URL)",
+			"iso_checksum": "sha256:$(OPACK_SYS_ISO_SHA256SUM)",
+			"net_device": "virtio-net",
+			"communicator": "ssh",
+			"ssh_username": "root",
+			"ssh_private_key_file": "$(OPACK_SYS_SSH_PRIVATE_KEY)",
+			"ssh_wait_timeout": "60m",
+			"shutdown_command": "shutdown -p now",
+			"boot_wait": "30s",
+			"boot_command": [ "S<enter><wait>",
+				"# ~~~ OPACK - OpenBSD Packing ~~~~<enter>",
+				"# $(OPACK_COMMIT) <enter>",
+				"ifconfig vio0 inet autoconf & ",
+				"sleep 1 && ",
+				"wait && "
+				"ftp http://{{ .HTTPIP }}:{{ .HTTPPort }}/install.conf && ",
+				"ftp http://{{ .HTTPIP }}:{{ .HTTPPort }}/autodisklabel && ",
+				"install -af install.conf && ",
+				"echo permit nopass :wheel > /mnt/etc/doas.conf && ",
+				"echo inet autoconf > /mnt/etc/hostname.vio0 && ",
+				"echo PubkeyAcceptedAlgorithms +ssh-rsa >> /mnt/etc/ssh/sshd_config && ",
+				"reboot<enter>" ]
+		} ],
+		"provisioners": [ 
+			{
+				"type": "file",
+				"source": "$(PROTECME_TOP_DIR)/src",
+				"destination": "/root/magma"
+			},
+			{
+				"type": "file",
+				"source": "$(PROTECME_SPEC_DIR)/openbsd",
+				"destination": "/var/spec2006src"
+			},
+			{
+				"type": "shell",
+				"scripts": ["$(OPACK_PROVISION_FILE)"]
+    			}
+		],
+		"post-processors": [ [
+				{	"name": "Compress",
+					"type": "compress",
+					"compression_level": 9,
+					"output": "disk.raw.tar.gz"
+				},
+				{	"name": "GCP Import",
+					"type": "googlecompute-import",
+					"project_id": "{{user `gcloud_project_id`}}",
+					"account_file": "{{user `gcloud_account_json`}}",
+					"bucket": "$(GCE_BUCKET)",
+					"image_name": "$(OPACK_TARGET)",
+					"image_description": "$(OPACK_COMMIT)",
+					"image_family": "openbsd",
+					"keep_input_artifact": true
+				}
+		] ]
+}
+endef

src/packerfile.mk

@@ -0,0 +1,58 @@
+define OPACK_PACKER_CONTENT =
+{
+	"description": "OpenBSD $(OPACK_SYS_VERSION) $(OPACK_SYS_ARCHITECTURE)",
+		"variables": {
+			"box_tag": "$(OPACK_SYS_HOSTNAME)-$(OPACK_TARGET)-{{ timestamp }}",
+			"disk_size": "$(OPACK_SYS_DISK_SIZE)",
+			"memory": "$(OPACK_SYS_MEMORY)",
+			"cpus": "$(OPACK_SYS_CPU)",
+			"version": "$(OPACK_BOX_VERSION)" },
+		"builders": [ {
+			"type": "qemu",
+			"vm_name": "$(OPACK_SYS_HOSTNAME)-$(OPACK_TARGET)",
+			"cpus": "{{user `cpus`}}",
+			"memory": "{{user `memory`}}",
+			"headless": $(OPACK_SYS_HEADLESS),
+			"boot_key_interval": "10ms",
+			"disk_size": "{{user `disk_size`}}",
+			"disk_interface": "virtio",
+			"disk_compression": true,
+			"http_directory": "./http",
+			"iso_urls": "$(OPACK_SYS_ISO_URL)",
+			"iso_checksum": "sha256:$(OPACK_SYS_ISO_SHA256SUM)",
+			"net_device": "virtio-net",
+			"communicator": "ssh",
+			"ssh_username": "root",
+			"ssh_private_key_file": "vagrant.key",
+			"ssh_wait_timeout": "60m",
+			"shutdown_command": "shutdown -p now",
+			"boot_wait": "30s",
+			"boot_command": [ "S<enter><wait>",
+				"# ~~~ OPACK - OpenBSD Packing ~~~~<enter>",
+				"# $(OPACK_COMMIT) <enter>",
+				"ifconfig vio0 inet autoconf & ",
+				"sleep 1 && ",
+				"wait && ",
+				"ftp http://{{ .HTTPIP }}:{{ .HTTPPort }}/install.conf && ",
+				"ftp http://{{ .HTTPIP }}:{{ .HTTPPort }}/autodisklabel && ",
+				"install -af install.conf && ",
+				"echo permit nopass :wheel > /mnt/etc/doas.conf && ",
+				"echo inet autoconf > /mnt/etc/hostname.vio0 && ",
+				"echo PubkeyAcceptedAlgorithms +ssh-rsa >> /mnt/etc/ssh/sshd_config && ",
+				"reboot<enter>" ]
+		} ],
+		"provisioners": [ 
+		{
+			"type": "shell",
+			"scripts": ["$(OPACK_PROVISION_FILE)"]
+    		}
+		],
+		"post-processors": [ [
+				{	"name": "vagrant",
+					"type": "vagrant",
+					"compression_level": 9,
+					"output": "$(OPACK_BOX_FILE)" }
+		] ]
+}
+endef
+

src/vagrant-provision.sh

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+echo OPACK: Sucess > /opack
+echo To run your own script, override OPACK_RUNTIME_PROVISION_FILE >> /opack

src/vagrantfile.mk

@@ -0,0 +1,21 @@
+define OPACK_VAGRANT_CONTENT =
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+ENV["VAGRANT_DEFAULT_PROVIDER"] = "libvirt"
+Vagrant.configure("2") do |config|
+  config.vm.define "$(OPACK_TARGET)"
+  config.vm.box = "$(OPACK_BOX_TAG)"
+  config.ssh.shell = "ksh -l"
+  config.ssh.username = "root"
+  config.ssh.extra_args = "-tt"
+  config.ssh.sudo_command = "doas env %c"
+  config.vm.synced_folder ".", "/vagrant", disabled: true
+  config.vm.provision "shell", path: "$(OPACK_RUNTIME_PROVISION_FILE)"
+  config.vm.provider "libvirt" do |l|
+    l.cpus = $(OPACK_SYS_CPU)
+    l.memory = $(OPACK_SYS_MEMORY)
+  end
+end
+
+endef