Make it possible to build simple VM images as part of the CheriBSD release process #2360
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
brooksdavis
added a commit
to CTSRD-CHERI/cheribuild
that referenced
this pull request
Mar 7, 2025
In conjunction with the changes in CTSRD-CHERI/cheribsd#2360 this produces ciimages/FreeBSD-15.0-CURRENT-arm64-aarch64c-BASIC-CI-ufs.raw.xz in the output directory for cheribsd-release-morello-purecap. The result is untested, but likely a usable starting point if cross build actually works.
bsdjhb
approved these changes
Mar 7, 2025
| @@ -88,6 +88,9 @@ vm_install_base() { | |||
| } | |||
|
|
|||
| vm_emulation_setup() { | |||
| if [ -n "${WITHOUT_QEMU}" ]; then | |||
| return 0 | |||
| fi | |||
| if ! [ -z "${QEMUSTATIC}" ]; then | |||
| export EMULATOR=/qemu | |||
| cp ${QEMUSTATIC} ${DESTDIR}/${EMULATOR} | |||
There was a problem hiding this comment.
It might be worth adding a new newaliases rc.d script conditional on firstboot to run newaliases if needed?
Hmm, looks like /etc/rc.d/sendmail already runs newaliases if needed, but only if sendmail is enabled. I wonder if that part should just move out to a dedicated /etc/rc.d/newaliases script.
There was a problem hiding this comment.
I've written one (https://reviews.freebsd.org/D49309) but it turns out to be mostly pointless because the in the default install newaliases uses dma which doesn't build an aliases.db at all (it just validates its arguments and returns 0).
brooksdavis
force-pushed
the
release-vm-images
branch
from
3190fe3 to
bfff2e4
Compare
|
I've cherry picked everything needed to avoid conflicts when cherry picking the upstream versions of relevant commits. We're not quite in sync with upstream as I skipped a few like the chain of wireless firmware changes that didn't cause conflicts and the profiled libraries change which is very broad. |
brooksdavis
added a commit
to CTSRD-CHERI/cheribuild
that referenced
this pull request
Mar 13, 2025
With the addition of the flag: --cheribsd-morello-purecap/build-vm-images and the changes in CTSRD-CHERI/cheribsd#2360 this produces ciimages/FreeBSD-15.0-CURRENT-arm64-aarch64c-BASIC-CI-ufs.raw.xz in the output directory for cheribsd-release-morello-purecap. I've put support behind a flag as older CheriBSD trees will break without patchs.
|
I've been able to boot a BASIC-CI vm image created this way |
bsdjhb
pushed a commit
to bsdjhb/cheribsd
that referenced
this pull request
Mar 18, 2025
Libarchive 3.7.7 Security fixes: CTSRD-CHERI#2158 rpm: calculate huge header sizes correctly CTSRD-CHERI#2160 util: fix out of boundary access in mktemp functions CTSRD-CHERI#2168 uu: stop processing if lines are too long CTSRD-CHERI#2174 lzop: prevent integer overflow CTSRD-CHERI#2172 rar4: protect copy_from_lzss_window_to_unp() (CVE-2024-20696) CTSRD-CHERI#2175 unzip: unify EOF handling CTSRD-CHERI#2179 rar4: fix out of boundary access with large files CTSRD-CHERI#2203 rar4: fix OOB access with unicode filenames CTSRD-CHERI#2210 rar4: add boundary checks to rgb filter CTSRD-CHERI#2248 rar4: fix OOB in delta filter CTSRD-CHERI#2249 rar4: fix OOB in audio filter CTSRD-CHERI#2256 fix multiple vulnerabilities identified by SAST CTSRD-CHERI#2258 cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing CTSRD-CHERI#2265 rar5: clear 'data ready' cache on window buffer reallocs CTSRD-CHERI#2269 rar4: fix CVE-2024-26256 (CVE-2024-26256) CTSRD-CHERI#2330 iso: be more cautious about parsing ISO-9660 timestamps CTSRD-CHERI#2343 tar: clean up linkpath between entries CTSRD-CHERI#2364 tar: don't crash on truncated tar archives CTSRD-CHERI#2366 gzip: prevent a hang when processing a malformed gzip inside a gzip CTSRD-CHERI#2377 tar: fix two leaks in tar header parsing Important bugfixes: CTSRD-CHERI#2096 rar5: report encrypted entries CTSRD-CHERI#2150 xar: fix another infinite loop and expat error handling CTSRD-CHERI#2173 shar: check strdup return value CTSRD-CHERI#2161 lha: fix integer truncation on 32-bit systems CTSRD-CHERI#2338 tar: fix memory leaks when processing symlinks or parsing pax headers CTSRD-CHERI#2245 7zip: fix issue when skipping first file in 7zip archive that is a multiple of 65536 bytes CTSRD-CHERI#2252 7-zip: read/write symlink paths as UTF-8 CTSRD-CHERI#2259 rar5: don't try to read rediculously long names CTSRD-CHERI#2290 ar: fix archive entries having no type CTSRD-CHERI#2360 tar: fix truncation of entry pathnames in specific archives CVE: CVE-2024-20696, CVE-2024-26256 PR: 282047 (exp-run) MFC after: 1 week
bsdjhb
pushed a commit
to bsdjhb/cheribsd
that referenced
this pull request
Mar 18, 2025
Libarchive 3.7.7 Security fixes: CTSRD-CHERI#2158 rpm: calculate huge header sizes correctly CTSRD-CHERI#2160 util: fix out of boundary access in mktemp functions CTSRD-CHERI#2168 uu: stop processing if lines are too long CTSRD-CHERI#2174 lzop: prevent integer overflow CTSRD-CHERI#2172 rar4: protect copy_from_lzss_window_to_unp() (CVE-2024-20696) CTSRD-CHERI#2175 unzip: unify EOF handling CTSRD-CHERI#2179 rar4: fix out of boundary access with large files CTSRD-CHERI#2203 rar4: fix OOB access with unicode filenames CTSRD-CHERI#2210 rar4: add boundary checks to rgb filter CTSRD-CHERI#2248 rar4: fix OOB in delta filter CTSRD-CHERI#2249 rar4: fix OOB in audio filter CTSRD-CHERI#2256 fix multiple vulnerabilities identified by SAST CTSRD-CHERI#2258 cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing CTSRD-CHERI#2265 rar5: clear 'data ready' cache on window buffer reallocs CTSRD-CHERI#2269 rar4: fix CVE-2024-26256 (CVE-2024-26256) CTSRD-CHERI#2330 iso: be more cautious about parsing ISO-9660 timestamps CTSRD-CHERI#2343 tar: clean up linkpath between entries CTSRD-CHERI#2364 tar: don't crash on truncated tar archives CTSRD-CHERI#2366 gzip: prevent a hang when processing a malformed gzip inside a gzip CTSRD-CHERI#2377 tar: fix two leaks in tar header parsing Important bugfixes: CTSRD-CHERI#2096 rar5: report encrypted entries CTSRD-CHERI#2150 xar: fix another infinite loop and expat error handling CTSRD-CHERI#2173 shar: check strdup return value CTSRD-CHERI#2161 lha: fix integer truncation on 32-bit systems CTSRD-CHERI#2338 tar: fix memory leaks when processing symlinks or parsing pax headers CTSRD-CHERI#2245 7zip: fix issue when skipping first file in 7zip archive that is a multiple of 65536 bytes CTSRD-CHERI#2252 7-zip: read/write symlink paths as UTF-8 CTSRD-CHERI#2259 rar5: don't try to read rediculously long names CTSRD-CHERI#2290 ar: fix archive entries having no type CTSRD-CHERI#2360 tar: fix truncation of entry pathnames in specific archives CVE: CVE-2024-20696, CVE-2024-26256 PR: 282047 (exp-run) MFC after: 1 week
|
There is a couple of issues when trying to use this on Ubuntu (technos in my case): which can be fixed with which can be worked around in our case with which I have not got to the bottom of. |
|
https://reviews.freebsd.org/D49526 and https://reviews.freebsd.org/D49527 address first two issues. (I contemplated gating Azure support on the host being FreeBSD, but it seemed annoying to do in a way that wasn't transparent.) |
brooksdavis
force-pushed
the
release-vm-images
branch
from
bfff2e4 to
1998a53
Compare
In 2016, commit 8834318 reworked the code for excluding -dbg files from install media, and in the process accidentally broke it for dvd images ('grep -v' should have been 'grep -vE'). FreeBSD Update builds later began to depend on this, and in any case since DVD images are intended as "include everything" images there's no point excluding those; so remove the (broken) filtering from DVD image builds. Sponsored by: Amazon MFC after: 2 days (cherry picked from commit cdfd0600dc8882f0a0d0e6d9a1cdcf926edba6d6)
This adds three OCI archive format files to the release containing FreeBSD base images suitable for static linked, dynamic linked and shell workloads. The shell image also contains pkg-bootstrap and can be easily extended by installing packages (including pkgbase packages). Reviewed by: dch, cpersiva, jlduran, zlei Differential Revision: https://reviews.freebsd.org/D46759 MFC after: 2 days (cherry picked from commit d03c82c28da86e0812b98b051d24ae5980804ad7)
Replace "$((ls *.txz))" with "*.txz" Reported by: jrtc27 (cherry picked from commit e166fea685da4ac6a6891f10b07f98d0e9fcfce3)
We use a *.txz glob to get all of the "distributions" which comprise
the FreeBSD release, but we now (optionally) also build container
images which are .txz files. Grep those out from the distribution
lists.
A better long-term fix would probably be to generate an explicit list
of the .txz files we want rather than using an overbroad glob and
filtering out the files we *don't* want.
Fixes: d03c82c28da8 ("release: add optional OCI images")
MFC after: 1 minute
Sponsored by: Amazon
(cherry picked from commit 47866cdcc7278faa27250dcea16374231c676050)
These are installed into /ociimages/ and stage onto the download site
at /OCI-IMAGES/; they don't belong in the same directory as the
"distribution" .txz files.
Fixes: d03c82c28da8 ("release: add optional OCI images")
MFC after: 1 minute
Sponsored by: Amazon
(cherry picked from commit 976e1d36be688166e140cbaded01d433c61e6d47)
We used to have two different code paths for generating release media dist sets, one which expected to run as root, and one which did not. It was possible that the two different paths could generate different results. We can use the path that does not *require* root also when running as root, so use it always. We'll want to do eventually do the same for all release targets, but these ones are an easy place to start. Reviewed by: brooks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48041 (cherry picked from commit 41adc5f29ba6955e09f46e4d2c25da6fcd263ba2)
Supports reproducible builds. PR: 283214 Reviewed-by: emaste Signed-off-by: Pat Maddox <[email protected]> (cherry picked from commit 950401d21e33df7ac63ef1d2316a18f09ffbaabe)
While we're here, send the etcupdate log from generating base.txz to stdout instead of /dev/null (see e972e40) as well. Reviewed by: emaste, gordon, jrtc27 MFC after: 1 week Sponsored by: Amazon Differential Revision: https://reviews.freebsd.org/D48719 (cherry picked from commit ace4637ee0c666c6f5a1c664f8956f7302234edd)
This in effect always builds these targets in NO_ROOT mode, removing one more instance where release artifact builds require a privileged user (root). These artifacts are now always built the same way. Reviewed by: brooks, Pat Maddox <[email protected]> Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48121 (cherry picked from commit cbba69fb5793c238cfd31697667bdff6ce1920b6)
We publish three sets of VM images on download.freebsd.org:
* Generic VM images
* BASIC-CLOUDINIT VM images
* BASIC-CI VM images
Of these, the first had names like
FreeBSD-14.2-RELEASE-amd64-ufs.raw.xz,
the second had names like
FreeBSD-14.2-RELEASE-amd64-BASIC-CLOUDINIT.ufs.qcow2.xz,
and the third had names like
FreeBSD-14.2-RELEASE-amd64-BASIC-CI.ufs.raw.xz
but were listed in the CHECKSUM files with names like
FreeBSD-14.2-RELEASE-amd64-BASIC-CI-ufs.raw.xz
Standardize these to consistently use a hyphen before the filesystem
type rather than a period.
Note: On FreeBSD 14 we ship images without the -${FS} component in
their names; these are hardlinks to the -ufs images for compatibility
purposes. On FreeBSD 13 we only have UFS images and don't include the
filesystem in the name.
MFC after: 1 week
Reported by: jmg
Sponsored by: Amazon
(cherry picked from commit 35623ccc375846648f4dcdfc47c7e84fc9db4852)
- requires base tar & flua, qemu-tools & curl from ports - set ORACLE_PAR_URL to upload to local file:/// dir or cloud buckets Reviewed by: emaste Approved by: cperciva Differential Revision: https://reviews.freebsd.org/D48382 Sponsored by: SkunkWerks, GmbH (cherry picked from commit 0ce9a414adc33af29607adbd81e0760e014fcd76)
This option disables trying to build a qemu-<target>-static and simply doesn't do any of the operations that rely on it. This disables package installation which is required by most, but not all image types. Disable all CLOUDWARE variants that require pkg when WITHOUT_QEMU is set to avoid broken images. Reviewed by: emaste Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D49310 (cherry picked from commit 92d399a3be0e53622b9af16a82f9b7c7b62b34f7)
For images that don't require QEMU, support NO_ROOT. This entails: - Passing NO_ROOT down to mk-vmimage.sh (which sets it for installworld, etc) - Handling etcupdate bootstrapping - Adding assorted config file METALOG entries - Running makefs in the right directory and adding -D for dups The main gap in basic NO_ROOT support is package installation. Each image type must also be updated to add METALOG entries for any files it adds. Reviewed by: emaste Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D49320 (cherry picked from commit c41ba99779d0431c37ac06a674e7744d15de8045)
Without this, rebuilding vm images will fail due to the .xz file existing. Reviewed by: emaste Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D49321 (cherry picked from commit 59c529f2c856ec557954aa81b47603df8871ec25)
This happens to work with FreeBSD's shell, but is rejected by dash and bash. Reported by: def Reviewed by: emaste Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D49526 (cherry picked from commit 9eb6cdafe5e2c2cfc9ddebc34ecabd1e7cbdc3ca)
To support common shell patterns (test -n and -z) we want NO_ROOT and WITHOUT_QEMU to be set and not empty in mk-vmimage.sh if they are set at all in the Makefile. Actually do this rather than making them always set (which propogates to submakes run by mk-vmimage.sh and unconditionally enables NO_ROOT with undesirable side effects such as installing a /METALOG in vm images). Reported by: cperciva Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D49544 (cherry picked from commit e6e5cd297ab4cae4995895b99c713df9cf6e8c0f)
Using Compute Gallery as the source is the preferred method now. Reviewed by: brooks, emaste Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D49528 (cherry picked from commit 09f991f5f6f224f75f3cc9f666f0e0e2e9621432)
To support common shell patterns (test -n and -z) we want WITHOUT_QEMU
to be set and not empty in mk-vmimage.sh if it is defined at all in the
Makefile.
Fix a case I missed previously.
Reported by: cperciva
Fixes: e6e5cd297ab4 ("release/vm: fix setting NO_ROOT and WITHOUT_QEMU")
Sponsored by: DARPA, AFRL
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D49666
(cherry picked from commit 75ae454d58144d23672607a4a02b9b36532caf76)
brooksdavis
force-pushed
the
release-vm-images
branch
from
1998a53 to
91c8e3c
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I've not tested the image yet, but the right rc.conf bits seem to be there in the source root directory.
It would be better if we could run ldconfig more directly since it should now work for cross builds since f221df6. Likewise non-root package support.