-
Notifications
You must be signed in to change notification settings - Fork 2
/
Makefile
136 lines (118 loc) · 3.31 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
TARGET ?= jump
INITRD ?= build/initrd-$(TARGET).cpio
BUNDLE ?=
KERNEL_TAG = $(if $(BUNDLE),$(TARGET),virtio)
KERNEL = build/vmlinuz-$(KERNEL_TAG)
INITRD_EXTRA ?=
HOSTNAME ?= $(TARGET)
CMDLINE ?= quiet console=ttyS0 ip=::::$(HOSTNAME)
all: keys $(KERNEL) $(INITRD)
build/vmlinuz-$(KERNEL_TAG): $(if $(BUNDLE),$(INITRD))
+./linux-builder/linux-builder \
--version 5.4.117 \
--config linux-builder/config/linux-virtio.config \
--tag "$(KERNEL_TAG)" \
$(if $(BUNDLE), \
--initrd "$(INITRD)" \
--hostname "$(HOSTNAME)" \
--cmdline "$(CMDLINE)" \
)
# see linux/Documentation/filesystems/nfs/nfsroot.txt
# if client-ip is INADDR_ANY (or empty), autoconfig will run
#ip=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<hostname>:<device>:<autoconf>:
menuconfig:
./linux-builder/linux-builder \
--config linux-builder/config/linux-qemu.config \
--tag "jump" \
--menuconfig
INITRD_CONFIG = \
linux-builder/config/initrd-base.config \
base/initrd.config \
syslogd/initrd.config \
build/initrd-%.cpio: %/initrd.config $(INITRD_CONFIG) $(INITRD_EXTRA)
./linux-builder/initrd-builder \
-v \
--relative \
-o $@ \
--deps $(dir $@)/.$(notdir $@).d \
$(INITRD_CONFIG) \
$<
if [ -n "$(INITRD_EXTRA)" ]; then \
cat "$(INITRD_EXTRA)" >> $@ ; \
fi
-include build/.*.d
keys: build/etc/user_ca
keys: build/etc/host_ca
keys: build/etc/ssh/ssh_host_rsa_key-cert.pub
keys: build/etc/testuser_rsa-cert.pub
# Create separate CA keys for the user and host system
build/etc/user_ca:
@echo '*********** Creating CA to sign user keys *********'
ssh-keygen \
-t rsa \
-b 4096 \
-f "$@" \
-C "jump-user-CA"
build/etc/host_ca:
@echo '*********** Creating CA to sign host keys *********'
ssh-keygen \
-t rsa \
-b 4096 \
-f "$@" \
-C "jump-host-CA"
# Create a signed host key for the jump host
build/etc/ssh/ssh_host_rsa_key:
@echo '*********** Creating a jump host key *********'
mkdir -p $(dir $@)
ssh-keygen \
-h \
-t rsa \
-b 4096 \
-N '' \
-f $@
build/etc/ssh/ssh_host_rsa_key-cert.pub: build/etc/ssh/ssh_host_rsa_key build/etc/host_ca
@echo '*********** Signing the jump host key *********'
ssh-keygen \
-s build/etc/host_ca \
-h \
-I jump \
-n jump,safeboot \
-V +52w \
$<.pub
# Create a test user that is signed with the key
build/etc/testuser_rsa:
@echo '*********** Creating test user key *********'
ssh-keygen \
-t rsa \
-b 4096 \
-f $@
build/etc/testuser_rsa-cert.pub: build/etc/testuser_rsa build/etc/user_ca.pub
@echo '*********** Signing test user key *********'
ssh-keygen \
-s build/etc/user_ca \
-I test-user \
-n jump \
-V +1h \
$<.pub
$(INITRD): | linux-builder/init
$(INITRD): build/etc/ssh/ssh_host_rsa_key-cert.pub
linux-builder/init:
$(MAKE) -C $(dir $@) $(notdir $@)
# initrd is built into the kernel now
NO=-initrd $(INITRD) \
qemu: $(KERNEL) $(INITRD)
qemu-system-x86_64 \
-M q35,accel=kvm \
-m 512 \
-kernel "$(KERNEL)" \
$(if $(BUNDLE),, \
-initrd "$(INITRD)" \
-append "$(CMDLINE)" \
) \
-netdev user,id=eth0,hostfwd=tcp::5555-:22,hostfwd=tcp::8080-:80 \
-device virtio-net-pci,netdev=eth0 \
-serial stdio \
# -device virtio-serial-pci,id=virtio-serial0 \
# -chardev stdio,id=charconsole0 \
# -device serial,chardev=charconsole0,id=console0 \
# -device virtconsole,chardev=charconsole0,id=console0 \