first

src/autodisklabel

@@ -0,0 +1,2 @@
+/              256M-* 90%
+swap           1G-16G 10% 

src/defines.mk

@@ -0,0 +1,57 @@
+define newline
+
+
+endef
+
+define OPACK_INSTALL_CONTENT =
+Choose your keyboard layout = fr
+System hostname = $(OPACK_SYS_HOSTNAME)-$(OPACK_TARGET)
+Which network interface = vio0
+IPv4 address for vio0 = dhcp
+IPv6 address for vio0 = none
+Password for root account = $(OPACK_SYS_PASSWORD)
+Public ssh key for root account = $(OPACK_SYS_SSH_KEY)
+Allow root ssh login = prohibit-password
+Do you expect to run the X Window System = $(OPACK_SYS_XENOCARA)
+Setup a user = $(OPACK_SYS_USER)
+Password for user $(OPACK_SYS_USER) = $(OPACK_SYS_PASSWORD)
+Public ssh key for $(OPACK_SYS_USER) = $(OPACK_SYS_SSH_KEY)
+Allow root ssh login = prohibit-password
+What timezone = $(OPACK_SYS_TIMEZONE)
+Which disk = sd0
+Use (W)hole disk or (E)dit the MBR = whole
+URL to autopartitioning template for disklabel = file:/autodisklabel
+Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout = A
+Location of sets = $(OPACK_SYS_SETS_LOCATION)
+HTTP Server = $(OPACK_SYS_SERVER)
+Server directory = pub/OpenBSD/$(OPACK_SYS_VERSION)/$(OPACK_SYS_ARCHITECTURE)
+Unable to connect using https. Use http instead = yes
+Pathname to the sets = $(OPACK_SYS_VERSION_MAJOR).$(OPACK_SYS_VERSION_MINOR)/amd64
+Set name(s) = $(OPACK_SYS_SETS) done
+Directory does not contain SHA256.sig. Continue without verification = $(OPACK_NO_SIGCHK)
+Signature check of SHA256.sig failed. Continue without verification = no
+Cannot determine prefetch area. Continue without verification = yes
+Location of sets? = done
+
+endef
+
+define OPACK_METADATA_CONTENT =
+{
+  "name": "$(OPACK_BOX_TAG)",
+  "description": "OPACK - $(OPACK_COMMIT)",
+  "versions": [
+    {
+      "version": "$(OPACK_BOX_VERSION)",
+      "providers": [
+        {
+          "name": "libvirt",
+          "url": "$(OPACK_BOX_FILE)",
+          "checksum_type": "sha256",
+          "checksum": "$(OPACK_BOX_FILE_SHA256)"
+        }
+      ]
+    }
+  ]
+}
+
+endef

src/opack-provision.sh

@@ -0,0 +1,18 @@
+#!/bin/sh 
+set -e
+set +x 
+
+(
+        echo OPACK: Starting provisioning.
+        sysctl -n kern.version
+        printf 'permit nopass :wheel\n' > /etc/doas.conf
+        printf 'PasswordAuthentication yes\nPermitRootLogin yes\n' >> /etc/ssh/sshd_config
+	pkg_add -u 2> /dev/null || pkg_add -u -D snap 2> /dev/null
+	rm -f /etc/ssh/ssh_host*
+        find /var/log -type f | while read f; do echo -ne '' > $f; done
+        find /tmp -type f | while read f; do echo -ne '' > $f; done
+        sync
+        sync
+        echo OPACK: provisionning done.
+)
+exit 0

src/opack.mk

@@ -0,0 +1,93 @@
+.PHONY: clean cleancache cleanall opack
+.DEFAULT_GOAL := opack 
+
+OPACK_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
+
+define OPACK_BANNER 
+________                       __    
+\_____  \ ___________    ____ |  | __
+ /   |   \\____ \__  \ _/ ___\|  |/ /
+/    |    \  |_> > __ \\  \___|    < 
+\_______  /   __(____  /\___  >__|_ \ 
+        \/|__|       \/     \/     \/
+
+endef
+
+$(info $(OPACK_BANNER))
+
+include $(OPACK_DIR)/options.mk
+include $(OPACK_DIR)/defines.mk
+include $(OPACK_DIR)/packerfile.mk
+include $(OPACK_DIR)/packerfile-gcp.mk
+include $(OPACK_DIR)/vagrantfile.mk
+
+$(OPACK_PACKER_HTTP_DIR) $(OPACK_PACKER_DIR) ../$(OPACK_CACHE_DIR): 
+	@mkdir -p $@
+
+$(OPACK_PACKER_DIR)/vagrant.key: | $(OPACK_PACKER_DIR)
+	@curl -s -o $@ https://raw.githubusercontent.com/hashicorp/vagrant/master/keys/vagrant
+
+$(OPACK_PACKER_DIR)/opack.json: | $(OPACK_PACKER_DIR)
+	@printf '$(subst $(newline),\n,$(OPACK_PACKER_CONTENT))' > $@
+
+$(OPACK_PACKER_DIR)/bucket.json:
+	@printf '{ "name": "$(GCE_BUCKET)", "location": "$(GCE_BUCKET_LOCATION)", "storageClass": "STANDARD", "iamConfiguration": {"uniformBucketLevelAccess": { "enabled": true }, } }' > $@
+
+$(OPACK_PACKER_DIR)/opack-cloud.json: | $(OPACK_PACKER_DIR) $(OPACK_PACKER_DIR)/bucket.json
+	@printf '$(subst $(newline),\n,$(OPACK_PACKER_CLOUD_CONTENT))' > $@
+	@curl -X POST -s -o /dev/null \
+		--data-binary @$(OPACK_PACKER_DIR)/bucket.json \
+		-H "Authorization: Bearer $(STORAGE_TOKEN)" \
+		-H "Content-Type: application/json" \
+		"https://storage.googleapis.com/storage/v1/b?project=$(GCE_PROJECT)"
+	@curl -X DELETE -s -o /dev/null \
+		-H "Authorization: Bearer $(IMAGE_TOKEN)" \
+		"https://compute.googleapis.com/compute/v1/projects/$(GCE_PROJECT)/global/images/$(OPACK_TARGET)"
+
+$(OPACK_PACKER_HTTP_DIR)/install.conf: | $(OPACK_PACKER_HTTP_DIR)
+	@printf '$(subst $(newline),\n,$(OPACK_INSTALL_CONTENT))' > $@
+
+$(OPACK_PACKER_HTTP_DIR)/autodisklabel: | $(OPACK_PACKER_HTTP_DIR)
+	@cp $(OPACK_AUTODISKLABEL_FILE) $@
+
+$(OPACK_PROVISION_FILE):
+	@echo you need to write $@ && exit 1
+
+../id_ed25519:
+	@echo you need to generate the ssh key with 'make sshkey' && exit 1
+
+$(OPACK_BOX_FILE): | $(OPACK_PACKER_DIR)/opack.json $(OPACK_PACKER_DIR)/vagrant.key $(OPACK_PROVISION_FILE) $(OPACK_PACKER_HTTP_DIR)/install.conf $(OPACK_PACKER_HTTP_DIR)/autodisklabel
+	@cd $(OPACK_PACKER_DIR) &&\
+		CHECKPOINT_DISABLE=1 PACKER_CACHE_DIR=../../$(OPACK_CACHE_DIR)\
+		packer build\
+		-timestamp-ui opack.json &&\
+		rm -rf $(OPACK_PACKER_DIR)
+
+$(OPACK_META_FILE): $(OPACK_BOX_FILE)
+	@printf '$(subst $(OPACK_BOX_FILE_SHA256),$(shell sha256sum $(OPACK_BOX_FILE) | awk '{print $$1}'),$(subst $(newline),\n,$(OPACK_METADATA_CONTENT)))' > $@
+	@vagrant box add -f --name $(OPACK_BOX_TAG) $(OPACK_META_FILE)
+
+$(OPACK_VAGRANT_FILE):
+	@printf '$(subst $(newline),\n,$(OPACK_VAGRANT_CONTENT))' > $@
+	
+
+opack: $(OPACK_META_FILE) $(OPACK_VAGRANT_FILE)
+	@vagrant up 
+
+opack-cloud: | $(OPACK_PACKER_DIR)/opack-cloud.json ../id_ed25519 $(OPACK_PROVISION_FILE) $(OPACK_PACKER_HTTP_DIR)/install.conf $(OPACK_PACKER_HTTP_DIR)/autodisklabel
+	@cd $(OPACK_PACKER_DIR) &&\
+		CHECKPOINT_DISABLE=1 PACKER_CACHE_DIR=../../$(OPACK_CACHE_DIR)\
+		packer build\
+		-timestamp-ui opack-cloud.json | tee -a ../$@ &&\
+		rm -rf $(OPACK_PACKER_DIR)
+
+clean: 
+	@-vagrant destroy -f 2>/dev/null
+	@-cd terraform_??????? 2>/dev/null && terraform destroy -auto-approve && cd .. && rm -rf terraform_???????
+	@-rm -rf $(OPACK_VAGRANT_FILE) opack_build_$(OPACK_SHORT_REV) *.log ssh-config .vagrant *.json
+
+cleancache:
+	@-vagrant box remove -f --all $(OPACK_BOX_TAG) 2>/dev/null
+	@-rm -rf $(OPACK_CACHE_DIR)
+
+cleanall: clean cleancache

src/options.mk

@@ -0,0 +1,128 @@
+OPACK_DEBUG=yes
+# Enable debugging mode if OPACK_DEBUG is set to 'yes'
+
+ifndef OPACK_DEBUG
+.SILENT:
+$(info OPACK_DEBUG)
+else
+endif
+
+OPACK_SYS_HOSTNAME?=	opack
+# Set the hostname of the virtual machine to 'opack' if not specified
+
+OPACK_SYS_USER?=	opack	
+# Set the username for the virtual machine to 'opack' if not specified
+
+OPACK_SYS_PASSWORD?=	opack	
+# Set the password for the virtual machine to 'opack' if not specified
+
+OPACK_SYS_DISK_SIZE?=	4096
+# Set the disk size of the virtual machine to 4096 MB if not specified
+
+OPACK_SYS_MEMORY?=	512
+# Set the memory (RAM) size of the virtual machine to 512 MB if not specified
+
+OPACK_SYS_CPU?=		1
+# Set the number of CPUs for the virtual machine to 1 if not specified
+
+OPACK_SYS_SERVER?=cdn.openbsd.org
+# Set the OpenBSD package server to 'cdn.openbsd.org' if not specified
+
+OPACK_SYS_ARCHITECTURE?=amd64
+# Set the architecture for the virtual machine to 'amd64' if not specified
+
+OPACK_SYS_RELEASE?=$(shell basename -s .html $(shell curl -s https://www.openbsd.org/ | grep released | cut -d '"' -f 2))
+# Automatically determine the OpenBSD release based on the OpenBSD website
+
+OPACK_SYS_VERSION_MAJOR=$(shell echo $(OPACK_SYS_RELEASE) | cut -c 1)
+OPACK_SYS_VERSION_MINOR=$(shell echo $(OPACK_SYS_RELEASE) | cut -c 2)
+OPACK_SYS_VERSION?=$(OPACK_SYS_VERSION_MAJOR).$(OPACK_SYS_VERSION_MINOR)
+# Extract major and minor version components from the release and construct the version string
+
+ifeq ($(OPACK_SYS_VERSION), snapshots)
+ifeq ($(shell (curl -s https://$(OPACK_SYS_SERVER)/pub/OpenBSD/snapshots/$(OPACK_SYS_ARCHITECTURE)/SHA256 | grep cd$(OPACK_SYS_RELEASE).iso > /dev/null && echo OK) || echo KO), KO)
+$(eval OPACK_SYS_RELEASE=$(shell echo $$(($(OPACK_SYS_RELEASE)+1))))
+OPACK_SYS_VERSION_MAJOR=$(shell echo $(OPACK_SYS_RELEASE) | cut -c 1)
+OPACK_SYS_VERSION_MINOR=$(shell echo $(OPACK_SYS_RELEASE) | cut -c 2)
+endif
+endif
+# Check if the OpenBSD version is 'snapshots' and automatically increment it if needed
+
+OPACK_SYS_XENOCARA?=no
+# Set whether to include Xenocara (X Window System) in the virtual machine to 'no' by default
+
+OPACK_SYS_SETS?=+* -x* +xbase* -game* -comp* -man* -bsd.rd
+# Define the sets of files/packages to install in the virtual machine
+
+OPACK_SYS_TIMEZONE?=Europe/Paris
+# Set the timezone for the virtual machine to 'Europe/Paris' by default
+
+OPACK_SYS_SSH_KEY?=$(shell curl -s https://raw.githubusercontent.com/hashicorp/vagrant/master/keys/vagrant.pub)
+# Automatically fetch the Vagrant SSH key
+
+OPACK_PACKER_VERSION?=$$(curl -s https://checkpoint-api.hashicorp.com/v1/check/packer | jq -r .current_version)
+# Automatically fetch the latest Packer version
+
+OPACK_PACKER_HTTP_DIR?=$(OPACK_PACKER_DIR)/http
+# Define the Packer HTTP directory
+
+OPACK_SYS_ISO_URL?=https://$(OPACK_SYS_SERVER)/pub/OpenBSD/$(OPACK_SYS_VERSION)/$(OPACK_SYS_ARCHITECTURE)/cd$(OPACK_SYS_RELEASE).iso
+# Define the URL to fetch the OpenBSD ISO image
+
+OPACK_SYS_ISO_SHA256SUM?=$(shell curl -s https://$(OPACK_SYS_SERVER)/pub/OpenBSD/$(OPACK_SYS_VERSION)/$(OPACK_SYS_ARCHITECTURE)/SHA256 | grep cd$(OPACK_SYS_RELEASE).iso | cut -d"=" -f2 | tr -d ' ')
+# Calculate the SHA256 sum of the OpenBSD ISO image
+
+OPACK_COMMIT?=$(shell git log --oneline -n 1 --abbrev-commit --date=short --pretty=format:"%h %ad %s" 2&>/dev/null || echo latest)
+OPACK_SHORT_REV?=$(shell git rev-parse --short HEAD 2&>/dev/null || echo latest)
+# Obtain Git commit information
+
+OPACK_SYS_SETS_LOCATION?=http
+# Set the location to fetch the sets from to 'http'
+
+OPACK_NO_SIGCHK?=no
+# Set whether to skip signature checking to 'no' by default
+
+OPACK_SYS_HEADLESS?=true
+# Set whether the virtual machine runs in headless mode to 'true' by default
+
+OPACK_CACHE_DIR?=$(OPACK_DIR)cache
+# Define the directory for caching
+
+OPACK_BOX_FILE?=$(OPACK_CACHE_DIR)/$(OPACK_TARGET).box
+$(info BOX $(OPACK_BOX_FILE))
+# Define the path to the Vagrant box file and output info
+
+OPACK_META_FILE?=$(OPACK_TARGET).json
+# Define the metadata file for the Vagrant box
+
+OPACK_BOX_VERSION?=1.$(shell date +%s).$(OPACK_SHORT_REV)
+# Define the version of the Vagrant box
+
+OPACK_BOX_FILE_SHA256?=XXXtoreplaceXXX
+# Define the SHA256 sum for the Vagrant box file
+
+OPACK_BOX_TAG?=opack/$(OPACK_TARGET)
+# Define the Docker image tag for the Vagrant box
+
+OPACK_PACKER_DIR?=opack_build_$(OPACK_SHORT_REV)
+# Define the directory for Packer build
+
+OPACK_PROVISION_FILE?=$(OPACK_DIR)opack-provision.sh
+# Define the provisioning script for Packer
+
+OPACK_AUTODISKLABEL_FILE?=$(OPACK_DIR)autodisklabel
+# Define the autodisklabel file
+
+OPACK_VAGRANT_FILE=Vagrantfile
+# Define the Vagrantfile
+
+OPACK_RUNTIME_PROVISION_FILE?=$(OPACK_DIR)vagrant-provision.sh
+# Define the runtime provisioning script for Vagrant
+
+ifdef OPACK_DEBUG
+$(info HOSTNAME = $(OPACK_SYS_HOSTNAME) USER = $(OPACK_SYS_USER) PASSWORD = $(OPACK_SYS_PASSWORD))
+$(info DISK-SIZE = $(OPACK_SYS_DISK_SIZE)m ARCH = $(OPACK_SYS_ARCHITECTURE) CPU = $(OPACK_SYS_CPU) MEMORY = $(OPACK_SYS_MEMORY)m)
+$(info RELEASE = $(OPACK_SYS_RELEASE) VERSION = $(OPACK_SYS_VERSION) SERVER = $(OPACK_SYS_SERVER))
+$(info X = $(OPACK_SYS_XENOCARA) SETS = $(OPACK_SYS_SETS) NO-SIGNATURE = $(OPACK_NO_SIGCHK) HEADLESS = $(OPACK_SYS_HEADLESS))
+endif
+

src/packerfile-gcp.mk

@@ -0,0 +1,81 @@
+define OPACK_PACKER_CLOUD_CONTENT =
+{
+	"description": "OpenBSD $(OPACK_SYS_VERSION) $(OPACK_SYS_ARCHITECTURE) cloud",
+		"variables": {
+			"box_tag": "$(OPACK_SYS_HOSTNAME)-$(OPACK_TARGET)-{{ timestamp }}",
+			"disk_size": "$(OPACK_SYS_DISK_SIZE)",
+			"memory": "$(OPACK_SYS_MEMORY)",
+			"cpus": "$(OPACK_SYS_CPU)",
+			"gcloud_account_json": "../../$(GCE_JSON_KEY)",
+			"gcloud_project_id": "$(GCE_PROJECT)",
+			"version": "$(OPACK_BOX_VERSION)" },
+		"builders": [ {
+			"type": "qemu",
+			"format": "raw",
+			"vm_name": "disk.raw",
+			"cpus": "{{user `cpus`}}",
+			"memory": "{{user `memory`}}",
+			"headless": $(OPACK_SYS_HEADLESS),
+			"boot_key_interval": "10ms",
+			"disk_size": "{{user `disk_size`}}",
+			"disk_interface": "virtio",
+			"disk_compression": true,
+			"http_directory": "./http",
+			"iso_urls": "$(OPACK_SYS_ISO_URL)",
+			"iso_checksum": "sha256:$(OPACK_SYS_ISO_SHA256SUM)",
+			"net_device": "virtio-net",
+			"communicator": "ssh",
+			"ssh_username": "root",
+			"ssh_private_key_file": "$(OPACK_SYS_SSH_PRIVATE_KEY)",
+			"ssh_wait_timeout": "60m",
+			"shutdown_command": "shutdown -p now",
+			"boot_wait": "30s",
+			"boot_command": [ "S<enter><wait>",
+				"# ~~~ OPACK - OpenBSD Packing ~~~~<enter>",
+				"# $(OPACK_COMMIT) <enter>",
+				"ifconfig vio0 inet autoconf & ",
+				"sleep 1 && ",
+				"wait && "
+				"ftp http://{{ .HTTPIP }}:{{ .HTTPPort }}/install.conf && ",
+				"ftp http://{{ .HTTPIP }}:{{ .HTTPPort }}/autodisklabel && ",
+				"install -af install.conf && ",
+				"echo permit nopass :wheel > /mnt/etc/doas.conf && ",
+				"echo inet autoconf > /mnt/etc/hostname.vio0 && ",
+				"echo PubkeyAcceptedAlgorithms +ssh-rsa >> /mnt/etc/ssh/sshd_config && ",
+				"reboot<enter>" ]
+		} ],
+		"provisioners": [ 
+			{
+				"type": "file",
+				"source": "$(PROTECME_TOP_DIR)/src",
+				"destination": "/root/magma"
+			},
+			{
+				"type": "file",
+				"source": "$(PROTECME_SPEC_DIR)/openbsd",
+				"destination": "/var/spec2006src"
+			},
+			{
+				"type": "shell",
+				"scripts": ["$(OPACK_PROVISION_FILE)"]
+    			}
+		],
+		"post-processors": [ [
+				{	"name": "Compress",
+					"type": "compress",
+					"compression_level": 9,
+					"output": "disk.raw.tar.gz"
+				},
+				{	"name": "GCP Import",
+					"type": "googlecompute-import",
+					"project_id": "{{user `gcloud_project_id`}}",
+					"account_file": "{{user `gcloud_account_json`}}",
+					"bucket": "$(GCE_BUCKET)",
+					"image_name": "$(OPACK_TARGET)",
+					"image_description": "$(OPACK_COMMIT)",
+					"image_family": "openbsd",
+					"keep_input_artifact": true
+				}
+		] ]
+}
+endef

src/packerfile.mk

@@ -0,0 +1,58 @@
+define OPACK_PACKER_CONTENT =
+{
+	"description": "OpenBSD $(OPACK_SYS_VERSION) $(OPACK_SYS_ARCHITECTURE)",
+		"variables": {
+			"box_tag": "$(OPACK_SYS_HOSTNAME)-$(OPACK_TARGET)-{{ timestamp }}",
+			"disk_size": "$(OPACK_SYS_DISK_SIZE)",
+			"memory": "$(OPACK_SYS_MEMORY)",
+			"cpus": "$(OPACK_SYS_CPU)",
+			"version": "$(OPACK_BOX_VERSION)" },
+		"builders": [ {
+			"type": "qemu",
+			"vm_name": "$(OPACK_SYS_HOSTNAME)-$(OPACK_TARGET)",
+			"cpus": "{{user `cpus`}}",
+			"memory": "{{user `memory`}}",
+			"headless": $(OPACK_SYS_HEADLESS),
+			"boot_key_interval": "10ms",
+			"disk_size": "{{user `disk_size`}}",
+			"disk_interface": "virtio",
+			"disk_compression": true,
+			"http_directory": "./http",
+			"iso_urls": "$(OPACK_SYS_ISO_URL)",
+			"iso_checksum": "sha256:$(OPACK_SYS_ISO_SHA256SUM)",
+			"net_device": "virtio-net",
+			"communicator": "ssh",
+			"ssh_username": "root",
+			"ssh_private_key_file": "vagrant.key",
+			"ssh_wait_timeout": "60m",
+			"shutdown_command": "shutdown -p now",
+			"boot_wait": "30s",
+			"boot_command": [ "S<enter><wait>",
+				"# ~~~ OPACK - OpenBSD Packing ~~~~<enter>",
+				"# $(OPACK_COMMIT) <enter>",
+				"ifconfig vio0 inet autoconf & ",
+				"sleep 1 && ",
+				"wait && ",
+				"ftp http://{{ .HTTPIP }}:{{ .HTTPPort }}/install.conf && ",
+				"ftp http://{{ .HTTPIP }}:{{ .HTTPPort }}/autodisklabel && ",
+				"install -af install.conf && ",
+				"echo permit nopass :wheel > /mnt/etc/doas.conf && ",
+				"echo inet autoconf > /mnt/etc/hostname.vio0 && ",
+				"echo PubkeyAcceptedAlgorithms +ssh-rsa >> /mnt/etc/ssh/sshd_config && ",
+				"reboot<enter>" ]
+		} ],
+		"provisioners": [ 
+		{
+			"type": "shell",
+			"scripts": ["$(OPACK_PROVISION_FILE)"]
+    		}
+		],
+		"post-processors": [ [
+				{	"name": "vagrant",
+					"type": "vagrant",
+					"compression_level": 9,
+					"output": "$(OPACK_BOX_FILE)" }
+		] ]
+}
+endef
+

src/vagrant-provision.sh

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+echo OPACK: Sucess > /opack
+echo To run your own script, override OPACK_RUNTIME_PROVISION_FILE >> /opack

src/vagrantfile.mk

@@ -0,0 +1,21 @@
+define OPACK_VAGRANT_CONTENT =
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+ENV["VAGRANT_DEFAULT_PROVIDER"] = "libvirt"
+Vagrant.configure("2") do |config|
+  config.vm.define "$(OPACK_TARGET)"
+  config.vm.box = "$(OPACK_BOX_TAG)"
+  config.ssh.shell = "ksh -l"
+  config.ssh.username = "root"
+  config.ssh.extra_args = "-tt"
+  config.ssh.sudo_command = "doas env %c"
+  config.vm.synced_folder ".", "/vagrant", disabled: true
+  config.vm.provision "shell", path: "$(OPACK_RUNTIME_PROVISION_FILE)"
+  config.vm.provider "libvirt" do |l|
+    l.cpus = $(OPACK_SYS_CPU)
+    l.memory = $(OPACK_SYS_MEMORY)
+  end
+end
+
+endef