Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • 673-add-devblog-pages
  • update-onboarding
  • increase-burst-on-archmanweb
  • add-aurweb-tracing
  • block-uptime-robots
  • enable-gitlab-spamcheck
  • dbscripts-git-repo
  • artifact-signing-rfc
  • mysql_dashboard
  • upgrade_docs
  • aur_robots.txt
  • mariadb-nocow
13 results
Blame Permalink
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
libvirt-executor-update-base-image 2.31 KiB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65 






#!/bin/bash
set -o nounset -o errexit
readonly libvirt_default_pool_path="/var/lib/libvirt/images"
readonly arch_boxes_signing_key=/usr/local/lib/libvirt-executor/arch-boxes.asc
readonly arch_boxes_fingerprint=1B9A16984A4E8CB448712D2AE0B78BF4326C6F8F

loopdev=""

cleanup() {
  set +o errexit

  if mountpoint -q mnt; then
    umount -R mnt
  fi
  if [[ -n ${loopdev} ]]; then
    losetup -d "${loopdev}"
  fi
  rm -r "${tmpdir}"
}

tmpdir="$(mktemp --directory --tmpdir="/var/tmp")"
trap cleanup EXIT

cd "${tmpdir}"
curl -sSf --remote-name-all https://geo.mirror.pkgbuild.com/images/latest/Arch-Linux-x86_64-basic.qcow2{,.sig}
rsop verify Arch-Linux-x86_64-basic.qcow2.sig "${arch_boxes_signing_key}" < Arch-Linux-x86_64-basic.qcow2

image=Arch-Linux-x86_64-basic.img
qemu-img convert -f qcow2 -O raw Arch-Linux-x86_64-basic.qcow2 Arch-Linux-x86_64-basic.img

loopdev="$(losetup --find --partscan --show "${image}")"
mount --mkdir "${loopdev}p3" mnt

arch-chroot mnt pacman-key --init
arch-chroot mnt pacman-key --populate

arch-chroot mnt systemctl disable systemd-time-wait-sync
arch-chroot mnt pacman -Sy --noconfirm --needed archlinux-keyring
arch-chroot mnt pacman -Syu --noconfirm --needed git git-lfs gitlab-runner
sed -E 's/^#(IgnorePkg *=)/\1 linux/' -i mnt/etc/pacman.conf
arch-chroot mnt userdel -r arch
sed 's/^\(GRUB_CMDLINE_LINUX=".*\)"$/\1 lockdown=confidentiality"/' -i mnt/etc/default/grub
arch-chroot mnt /usr/bin/grub-mkconfig -o /boot/grub/grub.cfg
install -d -m0700 mnt/root/.ssh
install -m0600 /etc/libvirt-executor/id_ed25519.pub mnt/root/.ssh/authorized_keys
# We want to use the transient hostname
# https://github.com/systemd/systemd/pull/30814
rm -f mnt/etc/machine-id mnt/etc/hostname

cp -a mnt/boot/{initramfs-linux-fallback.img,initramfs-linux.img}

rm -r mnt/etc/pacman.d/gnupg/{openpgp-revocs.d,private-keys-v1.d}/
arch-chroot mnt pacman-key --delete pacman@localhost
umount mnt
losetup -d "${loopdev}"
loopdev=""

qemu-img convert -f raw -O qcow2 Arch-Linux-x86_64-basic.img Arch-Linux-x86_64-basic.qcow2
printf -v image_path '%s/runner-base-%(%s)T.qcow2' "${libvirt_default_pool_path}"
cp Arch-Linux-x86_64-basic.qcow2 "${image_path}.tmp"
mv "${image_path}"{.tmp,}

# Keep one week of base images
compgen -G "${libvirt_default_pool_path}/runner-base-*.qcow2" | sort -n -t - -k3,3 | head -n -7 | xargs --no-run-if-empty rm -vf