sabotage | build chroot | docker image | pkg build | xen guest
tested on slack150 and debian12
guest=sabotage-may2024
sparse file right below the 8589934591 bytes limit for tar and ustar formats: 8192 - 1 MiB
mkdir -p /data/guests/$guest/lala/ cd /data/guests/$guest/
–either– a casual sparse-vdisk
# btrfs dd if=/dev/zero of=$guest.btrfs bs=1M count=0 seek=8191 mkfs.btrfs $guest.btrfs mount -t btrfs -o noatime,nodiratime,compress=lzo $guest.btrfs lala/ # reiser4 dd if=/dev/zero of=$guest.reiser4 bs=1M count=0 seek=8191 mkfs.reiser4 --discard --force --yes $guest.reiser4 mount -t reiser4 -o noatime,nodiratime,txmod=wa,discard $guest.reiser4 lala/ # ext4 dd if=/dev/zero of=$guest.ext4 bs=1M count=0 seek=8191 mkfs.ext4 $guest.ext4 #dumpe2fs $guest.ext4 | grep features #tune2fs -O ^metadata_csum $guest.ext4 mount -t ext4 -o noatime,nodiratime $guest.reiser4 lala/
–or– dnc-based
dnc-list-slots.bash dnc-new-resource-template.bash pmr3 pmr1 SLOT-HERE $guest ls -lF /dev/drbd/by-res/$guest/0 mkfs.reiser4 --discard --yes /dev/drbd/by-res/$guest/0 mount -t reiser4 -o noatime,nodiratime,txmod=wa,discard /dev/drbd/by-res/$guest/0 lala/ #mkfs.ext4 /dev/drbd/by-res/$guest/0 #mount -t ext4 -o noatime,nodiratime /dev/drbd/by-res/$guest/0 lala/
assuming you’ve got a rootfs tarball already
mkdir -p /data_local/kernels/sabotage/ cd /data_local/kernels/sabotage/ wget https://lab.nethence.com/sabotage-stage1.tar.gz tar xzpSf sabotage-stage1.tar.gz mv -f sabotage/* /data/guests/$guest/lala/ rmdir sabotage/
cd /data/guests/$guest/
cp -pi lala/etc/fstab lala/etc/fstab.dist
vi lala/etc/fstab
#/dev/xvda1 / btrfs async,noatime,nodiratime,compress=lzo 0 0 /dev/xvda1 / reiser4 async,noatime,nodiratime,txmod=wa,discard 0 1 #/dev/xvda1 / ext4 async,noatime,nodiratime 0 1 proc /proc proc defaults 0 0 devpts /dev/pts devpts defaults 0 0 shm /dev/shm tmpfs nodev,nosuid 0 0
mv -i lala/etc/service/ttyS0/ lala/etc/service/hvc0/
sed -i 's/ttyS0/hvc0/g' lala/etc/service/hvc0/run
rm -f lala/var/service/ttyS0
ln -s ../../etc/service/hvc0 lala/var/service/hvc0
rm -rf lala/etc/service/tty*/
# and also disable (those were enabled by default)
rm -rf lala/var/service/tty*
rm -rf lala/etc/service/wpa_supplicant/
rm -rf lala/opt/wpa-supplicant/
mv -i lala/etc/rc.boot lala/etc/rc.boot.dist
sed '/hotplug/d; /hwclock/d' lala/etc/rc.boot.dist > lala/etc/rc.boot
chmod -x lala/etc/rc.boot.dist
chmod +x lala/etc/rc.boot
vi lala/etc/rc.boot
/rw= (get rid of the `/tmp/` write-test conditions)
mv -i lala/etc/rc.shutdown lala/etc/rc.shutdown.dist
sed '/hwclock/d' lala/etc/rc.shutdown.dist > lala/etc/rc.shutdown
chmod -x lala/etc/rc.shutdown.dist
chmod +x lala/etc/rc.shutdown
cp -pi lala/etc/profile lala/etc/profile.dist
vi lala/etc/profile
TZ="Europe/Moscow" #TZ="Europe/Paris"
default password is sabotage but that’s already too complicated to remember – anyhow it might even be safer not to have a password at all as long as you do not allow empty passwords
ls -lF lala/etc/shadow
cp -pi lala/etc/shadow lala/etc/shadow.dist
chroot lala/ passwd -d root
diff -bu lala/etc/shadow.dist lala/etc/shadow
assuming some XEN DomU-capable kernel in da place. otherwise grab our kernel builds.
mkdir lala/lib/modules/ tar xzf /data/kernels/5.2.21.domureiser4.modules.tar.gz -C lala/lib/modules/ ls -lF lala/etc/rc.modules # no exist echo modprobe tmem > lala/etc/rc.modules chmod +x lala/etc/rc.modules mv -i lala/etc/hostname lala/etc/hostname.dist echo $guest > lala/etc/hostname
mv -i lala/etc/hosts lala/etc/hosts.dist cat > lala/etc/hosts <<EOF 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost 127.0.0.1 $guest EOF
cp -pi lala/etc/rc.local lala/etc/rc.local.dist
vi lala/etc/rc.local
do_static_ip=true
if=eth0
ip=10.1.x.x
nm=255.255.0.0
gw=10.1.255.254
chmod -x lala/etc/rc.local.dist
chmod +x lala/etc/rc.local
mv -i lala/etc/resolv.conf lala/etc/resolv.conf.dist
vi lala/etc/resolv.conf
# opendns
nameserver 208.67.222.220
nameserver 208.67.222.222
du -sh lala/
# 265M on btrfs/lzo
# 569M on reiser4
and you’re done – we will enable Dropbear later on
umount lala/ rmdir lala/
we are still not ready for a disk template, we need to install dropbear first.
assuming a domU kernel, as stated above
ls -lhF /data/kernels/5.2.21.domureiser4.vmlinuz cat > $guest <<EOF kernel = "/data/kernels/5.2.21.domureiser4.vmlinuz" root = "/dev/xvda1 ro console=hvc0 mitigations=off" #extra = "init=/bin/ash" name = "$guest" vcpus = 2 memory = 1024 #disk = ['tap:tapdisk:aio:/data/guests/$guest/$guest.btrfs,xvda1,w'] disk = ['tap:tapdisk:aio:/data/guests/$guest/$guest.reiser4,xvda1,w'] #disk = ['tap:tapdisk:aio:/data/guests/$guest/$guest.ext4,xvda1,w'] #disk = ['phy:/dev/drbd/by-res/$guest/0,xvda1,w'] vif = [ 'bridge=guestbr0, vifname=$guest.0' ] type = "pvh" EOF xl create $guest -c lsmod | grep tmem free -m
check internet access
ping -c3 opendns.com
enable that alternative SSH daemon at boot-time
butch install dropbear cat /etc/shells # no exist echo /bin/ash > /etc/shells vi /var/service/dropbear/run exec /bin/dropbear -sjk -G wheel -F 2>&1 ls -lF /var/service/dropbear/down rm -f /var/service/dropbear/down sv up dropbear sv status dropbear
eventually make a template out of it
sync rm -f .ash_history ^] xl shu sabotage cd ../
see sabotage
in case you just want a chroot instead of a XEN guest
mkdir lala/
mount saboage.ext4 lala/
mount -o bind /dev/ lala/dev/
mount -o bind /dev/pts/ lala/dev/pts/
mount -o bind /proc/ lala/proc/
mount -o bind /sys/ lala/sys/
chroot lala/ /bin/mksh
and once you’re done
umount -R lala/
http://mirrors.2f30.org/sabotage/
http://ftp.barfooze.de/pub/sabotage/
Runit tools in busybox - up to the task? https://busybox.net/kill_it_with_fire.txt