ci-openbsd-multicore: enable PF (#1033)

* pkg/build/openbsd: copy overlay files from userspaceDir into image Fixes #1030
2024-11-23 11:29:46 +00:00 · 2019-03-05 09:08:17 -08:00 · 2019-03-05 09:08:17 -08:00 · 16559f86f5
commit 16559f86f5
parent 78b7ec0fbe
3 changed files with 31 additions and 8 deletions
--- a/dashboard/config/overlays/README.md
+++ b/dashboard/config/overlays/README.md
@ -0,0 +1,7 @@
+# File hierarchies to lay on top of default images
+
+`pkg/build/openbsd.go` replaces the files in the image generated by
+`create-openbsd-vmm-worker.sh` with the contents of `ci-openbsd-multicore/`.
+A minor bit of missing connection between `userspaceDir` and this
+location is managed outside this repository by the local filesystem
+state on the `ci-openbsd` machine.
--- a/dashboard/config/overlays/ci-openbsd-multicore/etc/rc.conf.local
+++ b/dashboard/config/overlays/ci-openbsd-multicore/etc/rc.conf.local
@ -0,0 +1,10 @@
+# Overrides the minimal config in the image created by
+# tools/create-openbsd-vmm-worker.sh to enable PF.
+cron_flags=NO
+library_aslr=NO
+ntpd_flags=NO
+pf=YES
+pflogd_flags=YES
+slaacd_flags=NO
+smtpd_flags=NO
+sndiod_flags=NO
--- a/pkg/build/openbsd.go
+++ b/pkg/build/openbsd.go
@ -51,7 +51,8 @@ func (ctx openbsd) build(targetArch, vmType, kernelDir, outputDir, compiler, use
 		}
 	}
 	if vmType == "gce" {
-		return CopyKernelToImage(outputDir)
+		return CopyFilesToImage(
+			filepath.Join(userspaceDir, "overlay"), outputDir)
 	}
 	return nil
 }
@ -70,13 +71,17 @@ func (ctx openbsd) make(kernelDir string, args ...string) error {
 	return err
 }

-// The easiest way to make an openbsd image that boots the given
-// kernel on GCE is to simply overwrite it inside the disk image.
+// CopyFilesToImage populates the filesystem image in outputDir with
+// run-specific files. The kernel is copied as /bsd and if overlayDir
+// exists, its contents are copied into corresponding files in the
+// image.
+//
 // Ideally a user space tool capable of understanding FFS should
-// implement this directly, but vnd(4) device would do in a pinch.
-// Assumes that the outputDir contains the appropriately named files.
-func CopyKernelToImage(outputDir string) error {
-	script := `set -eux
+// interpret FFS inside the image file, but vnd(4) device would do in
+// a pinch.
+func CopyFilesToImage(overlayDir, outputDir string) error {
+	script := fmt.Sprintf(`set -eux
+OVERLAY="%s"
 # Cleanup in case something failed before.
 doas umount /altroot || true
 doas vnconfig -u vnd0 || true
@ -84,9 +89,10 @@ doas vnconfig -u vnd0 || true
 doas /sbin/vnconfig vnd0 image
 doas mount /dev/vnd0a /altroot
 doas cp kernel /altroot/bsd
+test -d "$OVERLAY" && doas cp -Rf "$OVERLAY"/. /altroot
 doas umount /altroot
 doas vnconfig -u vnd0
-`
+`, overlayDir)
 	debugOut, err := osutil.RunCmd(10*time.Minute, outputDir, "/bin/sh", "-c", script)
 	if err != nil {
 		log.Logf(0, "Error copying kernel into image %v\n%v\n", outputDir, debugOut)