diff options
-rwxr-xr-x | build.sh | 48 | ||||
-rwxr-xr-x | build_rootfs.sh | 53 | ||||
-rwxr-xr-x | files/etc/init.d/container_init | 47 |
3 files changed, 148 insertions, 0 deletions
diff --git a/build.sh b/build.sh new file mode 100755 index 0000000..93ad201 --- /dev/null +++ b/build.sh @@ -0,0 +1,48 @@ +#!/bin/sh + +set -e + +arch=x86_64 +arch_dash=`echo $arch | tr _ -` +ver=17.01.4 +image=openwrt +name=openwrt + +generic_rootfs=lede-${ver}-${arch_dash}-generic-rootfs.tar.gz +lxc_rootfs=lede-${ver}-${arch_dash}-lxc-rootfs.tar.gz + +build_rootfs() { + fakeroot ./build_rootfs.sh $generic_rootfs $lxc_rootfs +} + +build_metadata() { + stat=`stat -c %Y $lxc_rootfs` + date=`date -R -d "@${stat}"` + + cat > metadata.yaml <<EOF +architecture: "$arch" +creation_date: $(date +%s) +properties: + architecture: "$arch" + description: "OpenWrt $ver $arch ($date)" + os: "OpenWrt" + release: "$ver" +templates: +EOF +} + +build_image() { + tar czf metadata.tar.gz metadata.yaml + lxc image import metadata.tar.gz $lxc_rootfs --alias $image +} + +build_rootfs +build_metadata +build_image + +echo \# start +echo lxc launch --config "raw.lxc=lxc.aa_profile=lxc-container-default-without-dev-mounting" --profile openwrt $image $name +#lxc config +echo \# set root password +echo lxc exec $name passwd root +#echo 'echo "148.251.78.235 downloads.openwrt.org" diff --git a/build_rootfs.sh b/build_rootfs.sh new file mode 100755 index 0000000..ec61ef9 --- /dev/null +++ b/build_rootfs.sh @@ -0,0 +1,53 @@ +#!/bin/sh + +set -e + +if [ $# -ne 2 ]; then + echo "Usage: $0 <src tar> <dst file>" + exit 1 +fi + +src_tar=$1 +dst_file=$2 +base=`basename $src_tar` +dir=/tmp/build.$$ +export IPKG_INSTROOT=$dir + +unpack() { + mkdir $dir + cat $src_tar | (cd $dir && tar -xz) +} + +pack() { + echo Pack rootfs + (cd $dir && tar -cz *) > $dst_file +} + +pack_squashfs() { + echo Pack rootfs squashfs + mksquashfs $dir $dst_file +} + +add_files() { + for f in $(cd files && find); do + src=files/$f + dst=$dir/$f + if test -d $src; then + test -d $dst || mkdir $dst + elif test -f $src; then + cp $src $dst + foo=$(dirname $f) + if [ "$foo" = "./etc/init.d" ]; then + echo Enabling $f + set +e + sh $dir/etc/rc.common $src enable + set -e + fi + fi + done +} + +unpack +add_files +#pack +pack_squashfs diff --git a/files/etc/init.d/container_init b/files/etc/init.d/container_init new file mode 100755 index 0000000..386dcbd --- /dev/null +++ b/files/etc/init.d/container_init @@ -0,0 +1,47 @@ +#!/bin/sh /etc/rc.common +# Copyright (C) 2018 Mikael Magnusson + +START=15 + +log_output() { + logger -t container_init "$@" +} + +boot() { + # Only execute for lxc containers + if [ "$container" != "lxc" ]; then + exit 0 + fi + + local disable_ipv6="$(uci_get firewall @defaults[0] disable_ipv6 false)" + case "$disable_ipv6" in + '0'|'no'|'off'|'false'|'disabled') disable_ipv6=false ;; + '1'|'yes'|'on'|'true'|'enabled') disable_ipv6=true ;; + esac + + tables='filter nat mangle raw' + res=0 + for table in $tables; do + iptables -n -t $table -L >/dev/null 2>/dev/null + if ! grep $table /proc/net/ip_tables_names >/dev/null; then + log_output -p daemon.crit "ip $table load failed" + res=1 + fi + + if [ "$disable_ipv6" = "false" ]; then + ip6tables -n -t $table -L >/dev/null 2>/dev/null + if ! grep $table /proc/net/ip6_tables_names >/dev/null; then + log_output -p daemon.crit "ip6 $table load failed" + res=1 + fi + fi + done + if [ "$res" == "0" ]; then + if [ "$disable_ipv6" = "false" ]; then + log_output -p daemon.info "ip and ip6 tables loaded successfully" + else + log_output -p daemon.info "ip tables loaded successfully" + fi + fi + exit $res +} |