Merge pull request #34 from bretton/14.3

Add support for 13.5 and 14.3 releases

Author: bretton

README.md

@@ -47,6 +47,6 @@ When ready, run `build.sh` with flags.
 
 To build the basic setup and upload to your remote destination:
 
-    ./build.sh -u 14.2
+    ./build.sh -u 14.3
 
 End of File

build.sh

@@ -16,6 +16,7 @@
 # 2023-12-13: configure for multiple releases
 # 2024-09-25: Add support for 13.4 and 14.1 releases
 # 2024-12-03: Add support for 14.2 release
+# 2025-06-10: Add support for 13.5 and 14.3 releases
 #
 
 # this script must be run as root
@@ -47,7 +48,7 @@ usage() {
 	-k /path/to/authorized_keys (can safely ignore, another opportunity to copy
 	   in SSH keys on image boot!)
 
-	version (valid values are 13.2, 13.4, 14.0, 14.1)
+	version (valid values are 13.2, 13.4, 13.5, 14.0, 14.1, 14.2, or 14.3)
 	EOF
 }
 
@@ -81,7 +82,7 @@ do
 done
 shift "$((OPTIND-1))"
 
-# arg1 needs to be 13.2, 13.4, 14.0, 14.1, 14.2 currently
+# arg1 needs to be 13.2, 13.4, 13.5, 14.0, 14.1, 14.2, 14.3 currently
 RELEASE="$1"
 
 # Determine the release to use and set specific variables, or provide an error notice
@@ -102,6 +103,14 @@ case $RELEASE in
 		MYRELEASE="13.4-RELEASE"
 		MYVERSION="13.4"
 		;;
+	13.5)
+		FREEBSDISOSRC="https://download.freebsd.org/releases/amd64/amd64/ISO-IMAGES/13.5/FreeBSD-13.5-RELEASE-amd64-disc1.iso.xz"
+		# See https://www.freebsd.org/releases/13.5R/checksums/CHECKSUM.SHA256-FreeBSD-13.5-RELEASE-amd64.asc for SHA256 of ISO file, not iso.xz
+		FREEBSDISOSHA256="12ada1eb745df5b4f42a1afde4f0d2f333d389c8a7f07244e562b922443c2de7"
+		FREEBSDISOFILE="FreeBSD-13.5-RELEASE-amd64-disc1.iso"
+		MYRELEASE="13.5-RELEASE"
+		MYVERSION="13.5"
+		;;
 	14.0)
 		FREEBSDISOSRC="https://download.freebsd.org/releases/amd64/amd64/ISO-IMAGES/14.0/FreeBSD-14.0-RELEASE-amd64-disc1.iso.xz"
 		# See https://www.freebsd.org/releases/14.0R/checksums/CHECKSUM.SHA256-FreeBSD-14.0-RELEASE-amd64.asc for SHA256 of ISO file, not iso.xz
@@ -126,8 +135,16 @@ case $RELEASE in
 		MYRELEASE="14.2-RELEASE"
 		MYVERSION="14.2"
 		;;
+	14.3)
+		FREEBSDISOSRC="https://download.freebsd.org/releases/amd64/amd64/ISO-IMAGES/14.3/FreeBSD-14.3-RELEASE-amd64-disc1.iso.xz"
+		# See https://www.freebsd.org/releases/14.3R/checksums/CHECKSUM.SHA256-FreeBSD-14.3-RELEASE-amd64.asc for SHA256 of ISO file, not iso.xz
+		FREEBSDISOSHA256="f564822bc72d420d1e1a6faacb72f6056d828fcf539dfafd52e08503ef5fab68"
+		FREEBSDISOFILE="FreeBSD-14.3-RELEASE-amd64-disc1.iso"
+		MYRELEASE="14.3-RELEASE"
+		MYVERSION="14.3"
+		;;
 	*)
-		echo "Invalid version specified. Use 13.2, 13.4, 14.0, 14.1 or 14.2."
+		echo "Invalid version specified. Use 13.2, 13.4, 13.5, 14.0, 14.1, 14.2 or 14.3."
 		exit_error "$(usage)"
 		;;
 esac
@@ -140,7 +157,7 @@ MFSBSDDIR="mfsbsd"
 MYARCH="amd64"
 OUTIMG="mfsbsd-$MYRELEASE-$MYARCH.img"    # not in use
 OUTISO="mfsbsd-$MYRELEASE-$MYARCH.iso"    # in use
-OUTIMAGESIZE="200m"
+OUTIMAGESIZE="300m"
 MYBASE="$BASEDIR/$CDMOUNT/usr/freebsd-dist"
 MYCUSTOMDIR="$BASEDIR/customfiles"
 

customfiles/13_5_INSTALLERCONFIG.sample

@@ -0,0 +1,248 @@
+DISTRIBUTIONS="kernel.txz base.txz"
+BSDINSTALL_DISTSITE="https://download.freebsd.org/ftp/releases/amd64/13.5-RELEASE/"
+BSDINSTALL_DISTDIR="/tmp"
+INTERFACES="%%interface%%"
+RELEASE="13.5"
+GEOM="%%disks%%"
+export GEOM
+GEOMTYPE="%%disktype%%"
+export GEOMTYPE
+export ZFSBOOT_DISKS="$GEOM"
+export ZFSBOOT_VDEV_TYPE="$GEOMTYPE"
+export ZFSBOOT_FORCE_4K_SECTORS="1"
+export ZFSBOOT_SWAP_SIZE="8g"
+export ZFSBOOT_SWAP_MIRROR="1"
+export ZFSBOOT_POOL_CREATE_OPTIONS="-O compress=lz4 -O checksum=fletcher4"
+export nonInteractive="YES"
+
+#!/bin/sh
+ASSUME_ALWAYS_YES=yes FETCH_RETRY=5 pkg install ca_root_nss
+ASSUME_ALWAYS_YES=yes FETCH_RETRY=5 pkg install curl
+ASSUME_ALWAYS_YES=yes FETCH_RETRY=5 pkg install sudo
+ASSUME_ALWAYS_YES=yes FETCH_RETRY=5 pkg install bash
+
+# Disable X11
+echo 'OPTIONS_UNSET+=X11' >> /etc/make.conf
+
+# Basic network options
+sysrc hostname=%%hostname%%
+sysrc ifconfig_%%interface%%_name="untrusted"
+sysrc ifconfig_untrusted="up"
+sysrc ifconfig_untrusted_ipv6="up"
+sysrc ifconfig_untrusted_aliases="inet %%ipv4%%/32 inet6 %%ipv6%%/64"
+sysrc ipv6_activate_all_interfaces="YES"
+sysrc static_routes="gateway default"
+sysrc route_gateway="-host %%gateway%% -interface untrusted"
+sysrc route_default="default %%gateway%%"
+sysrc ipv6_defaultrouter="fe80::1%untrusted"
+
+cat > /etc/resolv.conf<<EOR
+nameserver %%nameserveripv4one%%
+nameserver %%nameserveripv4two%%
+nameserver %%nameserveripv6one%%
+nameserver %%nameserveripv6two%%
+EOR
+
+# enable zfs
+sysrc zfs_enable=YES
+
+# Enable sshd by default
+sysrc sshd_enable=YES
+
+# Configure SSH server
+sed -i '' -e 's/^#UseDNS yes/UseDNS no/' \
+    /etc/ssh/sshd_config
+sed -i '' -e 's/^#Compression delayed/Compression no/' \
+    /etc/ssh/sshd_config
+sed -i '' -e 's/^PasswordAuthentication yes/PasswordAuthentication no/' \
+    /etc/ssh/sshd_config
+sed -i '' -e 's/^#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' \
+    /etc/ssh/sshd_config
+sed -i '' -e 's/^#KbdInteractiveAuthentication yes/KbdInteractiveAuthentication no/' \
+    /etc/ssh/sshd_config
+sed -i '' -e 's/^#UsePAM yes/UsePAM no/' \
+    /etc/ssh/sshd_config
+sed -i '' -e 's/^#VersionAddendum .*$/VersionAddendum none/' \
+    /etc/ssh/sshd_config
+sed -i '' -e 's/^#X11Forwarding yes/X11Forwarding no/' \
+    /etc/ssh/sshd_config
+
+# restart ssh
+rm -r /etc/ssh/ssh_host_* || true
+/usr/bin/ssh-keygen -A
+service sshd restart || true
+
+# removed as causing problems with user-run Ruby programs in jails
+# Change umask
+# sed -i '' -e 's/:umask=022:/:umask=027:/g' /etc/login.conf
+
+# Disable sendmail
+sysrc sendmail_enable=NONE
+
+# create default user
+pw groupadd %%username%%
+pw useradd -m -n %%username%% -g %%username%% -G wheel -h - -c "default user"
+
+# add pubkey to default user
+mkdir -p /home/%%username%%/.ssh
+fetch %%pubkeyurl%% -o /home/%%username%%/.ssh/authorized_keys
+chown -R %%username%%:%%username%% /home/%%username%%/.ssh
+chmod 600 /home/%%username%%/.ssh/authorized_keys
+chmod 700 /home/%%username%%/.ssh
+
+# update sudo access
+cat > /usr/local/etc/sudoers.d/wheel<<EOF
+%wheel ALL=(ALL) NOPASSWD: ALL
+EOF
+
+# Remove root password
+/usr/sbin/pw usermod root -h -
+
+# Secure ttys
+sed -i '' -e 's/ secure/ insecure/g' /etc/ttys
+
+# Secure newsyslog
+sed -i '' -e 's|^/var/log/init.log          644|/var/log/init.log           640|' \
+    /etc/newsyslog.conf
+sed -i '' -e 's|^/var/log/messages          644|/var/log/messages           640|' \
+    /etc/newsyslog.conf
+sed -i '' -e 's|^/var/log/devd.log          644|/var/log/devd.log           640|' \
+    /etc/newsyslog.conf
+
+# download the package for realtek network adaptors, save in /root/pkg
+# the file will be in subdir /root/pkg/All/
+mkdir -p /root/pkg
+/usr/sbin/pkg fetch -y -d -o /root/pkg realtek-re-kmod198
+
+# Setup firstboot magic to determine network interface
+mkdir -p /usr/local/etc/rc.d
+
+# See https://reviews.freebsd.org/D43350 why we use echo here
+echo '#!/bin/sh' >/usr/local/etc/rc.d/firstboot_depenguin
+cat >>/usr/local/etc/rc.d/firstboot_depenguin<<"EOF"
+
+# KEYWORD: firstboot
+# PROVIDE: firstboot_depenguin
+# REQUIRE: syslogd NETWORKING
+# BEFORE: LOGIN
+
+#
+# Script to detect the physical uplink interface and rename
+# it to ${firstboot_depenguin_uplink_name} ("untrusted" by default).
+#
+# Detection is based on the list of interfaces to look for and
+# if they are physically connected. In case an interface is
+# found and configured, the server is rebooted.
+#
+# (firstboot logic from firstboot-freebsd-update by cpercival)
+#
+# Add the following lines to /etc/rc.conf.local or /etc/rc.conf (in the disk
+# image, since this only runs on the first boot) to enable this:
+#
+# firstboot_depenguin_enable="YES"
+#
+# Options:
+#
+# firstboot_depenguin_uplink_name: Name of the uplink interface
+#                                  Set to "untrusted" by default
+# firstboot_depenguin_interfaces:  List of physical interfaces to check for
+#                                  Set to "vtnet0 em0 em1 igb0 igb1 bge0
+#                                  bge1 ixl0 ixl1 re0 re1" by default
+# firstboot_depenguin_sleep_secs:  Seconds to sleep before probing
+#                                  Set to "10" by default
+#
+
+. /etc/rc.subr
+
+: ${firstboot_depenguin_enable:="NO"}
+: ${firstboot_depenguin_uplink_name:="untrusted"}
+: ${firstboot_depenguin_interfaces:="vtnet0 \
+    em0 em1 igb0 igb1 ix0 ix1 ix2 ix3 bge0 bge1 ixl0 ixl1 re0 re1 \
+    bnxt0 bnxt1 bxe0 bxe1"}
+: ${firstboot_depenguin_sleep_secs:="10"}
+
+name="firstboot_depenguin"
+rcvar=firstboot_depenguin_enable
+start_cmd="firstboot_depenguin_run | logger -s -t 'depenguin'"
+stop_cmd=":"
+
+firstboot_depenguin_is_realtek_ifname()
+{
+	expr "X$1" : '^Xre[0-9]' >/dev/null
+}
+
+firstboot_depenguin_check_realtek_pci_id()
+{
+	local if_re_count
+
+	if_re_count=$(/usr/sbin/pciconf -l | \
+	    grep "class=0x020000" | grep -c "vendor=0x10ec")
+	[ "$if_re_count" -gt 0 ]
+}
+
+firstboot_depenguin_config()
+{
+	local intf=$1
+	local uplink=$2
+
+	sysrc "ifconfig_${intf}_name=${uplink}"
+	echo "Requesting reboot after fixing network interface"
+	touch "${firstboot_sentinel}-reboot"
+
+	if firstboot_depenguin_is_realtek_ifname "$intf" &&
+	    firstboot_depenguin_check_realtek_pci_id; then
+		echo "Realtek device found, installing custom driver"
+		pkg add /root/pkg/All/realtek-re-kmod198-198.00.pkg
+		sysrc -f /boot/loader.conf if_re_load="YES"
+		sysrc -f /boot/loader.conf if_re_name="/boot/modules/if_re.ko"
+		# Note: The line below disables jumbo frame support
+		echo 'hw.re.max_rx_mbuf_sz="2048"' >>/boot/loader.conf
+	fi
+}
+
+firstboot_depenguin_run()
+{
+	local uplink="$firstboot_depenguin_uplink_name"
+	local sleep_secs="$firstboot_depenguin_sleep_secs"
+
+	intfs=$(ifconfig -l | tr " " "\n")
+	if echo "$intfs" | grep -q "^${uplink}$"; then
+		echo "Found existing interface named ${uplink}, doing nothing"
+		return 0
+	fi
+	echo "No interface named ${uplink} found, trying to determine"
+	echo "Sleeping ${sleep_secs} seconds to allow things to settle"
+	sleep "${sleep_secs}"
+	for intf in $firstboot_depenguin_interfaces; do
+		echo "$intfs" | grep -Eq "^${intf}$" || continue
+        	echo "$intf" | grep -Eq "^ix[0-9]$" && ifconfig "$intf" up
+		if ifconfig "$intf" | grep -q "status: no carrier"; then
+			echo "Interface ${intf} has no carrier"
+			continue
+		fi
+		echo "Found interface ${intf}, configuring"
+		firstboot_depenguin_config "${intf}" "$uplink"
+		return 0
+	done
+	# check if we should gamble for a realtek interface
+	if firstboot_depenguin_check_realtek_pci_id; then
+		for intf in $firstboot_depenguin_interfaces; do
+			firstboot_depenguin_is_realtek_ifname "$intf" \
+			    || continue
+			echo "Configuring potential interface ${intf}"
+			firstboot_depenguin_config "${intf}" "$uplink"
+			return 0
+		done
+	fi
+	echo "No potential uplink interface found"
+}
+
+load_rc_config $name
+run_rc_command "$1"
+EOF
+chmod 755 /usr/local/etc/rc.d/firstboot_depenguin
+sysrc firstboot_depenguin_enable=YES
+touch /firstboot
+
+# Reboot
+shutdown -p now

customfiles/13_5_depenguin_bsdinstall.sh

@@ -0,0 +1,68 @@
+#!/bin/sh
+
+set -e
+# shellcheck disable=SC3040
+set -o pipefail
+
+exit_error() {
+    echo "$*" 1>&2
+    exit 1;
+}
+
+# read in variables
+if [ -f depenguin_settings.sh ]; then
+	# shellcheck source=customfiles/depenguin_settings.sh.sample
+	. depenguin_settings.sh
+else
+	exit_error "Copy depenguin_settings.sh.sample to depenguin_settings.sh, edit to your needs, then run depenguin_bsdinstall.sh again"
+fi
+
+# check if template installerconfig exists
+if [ ! -f INSTALLERCONFIG.sample ]; then
+	exit_error "Missing INSTALLERCONFIG.sample. Please check location."
+fi
+
+# shellcheck disable=SC3003
+# safe(r) separator for sed
+sep=$'\001'
+
+# change variables in INSTALLERCONFIG to our settings and save to INSTALLERCONFIG.active
+< INSTALLERCONFIG.sample \
+  sed "s${sep}%%hostname%%${sep}$conf_hostname${sep}g" | \
+  sed "s${sep}%%interface%%${sep}$conf_interface${sep}g" | \
+  sed "s${sep}%%ipv4%%${sep}$conf_ipv4${sep}g" | \
+  sed "s${sep}%%ipv6%%${sep}$conf_ipv6${sep}g" | \
+  sed "s${sep}%%gateway%%${sep}$conf_gateway${sep}g" | \
+  sed "s${sep}%%nameserveripv4one%%${sep}$conf_nameserveripv4one${sep}g" | \
+  sed "s${sep}%%nameserveripv4two%%${sep}$conf_nameserveripv4two${sep}g" | \
+  sed "s${sep}%%nameserveripv6one%%${sep}$conf_nameserveripv6one${sep}g" | \
+  sed "s${sep}%%nameserveripv6two%%${sep}$conf_nameserveripv6two${sep}g" | \
+  sed "s${sep}%%username%%${sep}$conf_username${sep}g" | \
+  sed "s${sep}%%pubkeyurl%%${sep}$conf_pubkeyurl${sep}g" | \
+  sed "s${sep}%%disks%%${sep}$conf_disks${sep}g" | \
+  sed "s${sep}%%disktype%%${sep}$conf_disktype${sep}g" \
+  > INSTALLERCONFIG.active
+
+# download source files
+export DISTRIBUTIONS="kernel.txz base.txz"
+export BSDINSTALL_DISTDIR="/tmp"
+export BSDINSTALL_DISTSITE="https://download.freebsd.org/ftp/releases/amd64/13.5-RELEASE/"
+bsdinstall distfetch
+
+# run installer if enabled or output help text
+if [ "$run_installer" -ne 0 ]; then
+	bsdinstall script ./INSTALLERCONFIG.active
+else
+	echo "INFO: file INSTALLERCONFIG.active created"
+	echo ""
+	echo "WARN: run_installer is not enabled in depenguin_settings.sh"
+	echo ""
+	echo "Run installer manually as follows:"
+	echo ""
+	echo "  bsdinstall script ./INSTALLERCONFIG.active"
+	echo ""
+	echo "Or set run_installer=1 in depenguin_settings.sh"
+	exit 0
+fi
+
+# end