add openssh(sftp) && multi term login

2024-11-22 02:04:23 +08:00 · 2022-10-17 14:26:20 +00:00 · 2022-10-17 14:26:20 +00:00 · 3074c3014d
commit 3074c3014d
parent 7b792a967d
5 changed files with 107 additions and 30 deletions
--- a/01_build_src.sh
+++ b/01_build_src.sh
@ -21,6 +21,8 @@ LINUX_SRC_URL=https://mirror.bjtu.edu.cn/kernel/linux/kernel/v5.x/linux-5.8.6.ta
 GLIBC_SRC_URL=https://mirrors.ustc.edu.cn/gnu/glibc/glibc-2.27.tar.xz
 BUSYBOX_SRC_URL=https://busybox.net/downloads/busybox-1.34.1.tar.bz2
 PCIUTILS_SRC_URL=http://mj.ucw.cz/download/linux/pci/pciutils-3.8.0.tar.gz
+OPENSSL_SRC_URL=https://www.openssl.org/source/openssl-1.1.1q.tar.gz
+OPENSSH_SRC_URL=https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.8p1.tar.gz
 #GCC_SRC_URL=https://ftpmirror.gnu.org/gcc/gcc-7.5.0/gcc-7.5.0.tar.xz
 GCC_SRC_URL=https://mirrors.ustc.edu.cn/gnu/gcc/gcc-7.5.0/gcc-7.5.0.tar.xz
 #BINUTILS_SRC_URL=https://ftp.gnu.org/gnu/binutils/binutils-2.36.tar.xz
@ -39,6 +41,8 @@ LINUX_SRC_NAME=$(download_src ${LINUX_SRC_URL})
 GLIBC_SRC_NAME=$(download_src ${GLIBC_SRC_URL})
 BUSYBOX_SRC_NAME=$(download_src ${BUSYBOX_SRC_URL})
 PCIUTILS_SRC_NAME=$(download_src ${PCIUTILS_SRC_URL})
+OPENSSL_SRC_NAME=$(download_src ${OPENSSL_SRC_URL})
+OPENSSH_SRC_NAME=$(download_src ${OPENSSH_SRC_URL})
 GCC_SRC_NAME=$(download_src ${GCC_SRC_URL})
 BINUTILS_SRC_NAME=$(download_src ${BINUTILS_SRC_URL})
 cd ..
@ -54,6 +58,8 @@ LINUX_SRC_DIR=$(unzip_src ".tar.xz" ${LINUX_SRC_NAME}); echo "unzip ${LINUX_SRC_
 GLIBC_SRC_DIR=$(unzip_src ".tar.xz" ${GLIBC_SRC_NAME}); echo "unzip ${GLIBC_SRC_NAME} source code"
 BUSYBOX_SRC_DIR=$(unzip_src ".tar.bz2" ${BUSYBOX_SRC_NAME}); echo "unzip ${BUSYBOX_SRC_NAME} source code"
 PCIUTILS_SRC_DIR=$(unzip_src ".tar.gz" ${PCIUTILS_SRC_NAME}); echo "unzip ${PCIUTILS_SRC_NAME} source code"
+OPENSSL_SRC_DIR=$(unzip_src ".tar.gz" ${OPENSSL_SRC_NAME}); echo "unzip ${OPENSSL_SRC_NAME} source code"
+OPENSSH_SRC_DIR=$(unzip_src ".tar.gz" ${OPENSSH_SRC_NAME}); echo "unzip ${OPENSSH_SRC_NAME} source code"
 GCC_SRC_DIR=$(unzip_src ".tar.xz" ${GCC_SRC_NAME}); echo "unzip ${GCC_SRC_NAME} source code"
 BINUTILS_SRC_DIR=$(unzip_src ".tar.xz" ${BINUTILS_SRC_NAME}); echo "unzip ${BINUTILS_SRC_NAME} source code"

@ -327,6 +333,40 @@ if [ ! -d "pciutils_install" ]; then
  cd ..
 fi

+# 编译 openssl
+if [ ! -d "openssl_install" ]; then
+  mkdir -pv openssl_install && cd ${OPENSSL_SRC_DIR}
+  ./config --prefix=/usr shared
+  CFLAGS="-L${glibc_install}/lib64 $CFLAGS" make -j8 && make install -j8 DESTDIR=${openssl_install} PREFIX=/usr
+  cd ..
+fi
+
+# 编译 openssh
+if [ ! -d "openssh_install" ]; then
+  mkdir -pv openssh_install && cd ${OPENSSH_SRC_DIR}
+  ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ssl-dir=${openssl_install}/usr/ --with-pam --without-openssl-header-check
+  CFLAGS="-L${glibc_install}/lib64 -L${openssl_install}/usr/lib $CFLAGS" make -j8 && make install -j8 DESTDIR=${openssh_install} PREFIX=/usr
+  # 修改配置文件
+  sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/" ${openssh_install}/etc/ssh/sshd_config
+  echo "HostKeyAlgorithms=ssh-rsa,ssh-dss" >> ${openssh_install}/etc/ssh/sshd_config
+  echo "KexAlgorithms=diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1" >> ${openssh_install}/etc/ssh/sshd_config
+  # 准备环境
+  if [ ! -d "${openssh_install}/var/empty" ]; then
+    mkdir -pv ${openssh_install}/var/empty
+  fi
+  chmod 744 ${openssh_install}/var/empty/
+  chown root ${openssh_install}/var/empty/
+  if [ ! -f "${openssh_install}/etc/ssh/ssh_host_dsa_key" ]; then
+    ssh-keygen -t dsa -P "" -f ${openssh_install}/etc/ssh/ssh_host_dsa_key
+  fi
+  if [ ! -f "${openssh_install}/etc/ssh/ssh_host_rsa_key" ]; then
+    ssh-keygen -t rsa -P "" -f ${openssh_install}/etc/ssh/ssh_host_rsa_key
+  fi
+  # 开启 sftp, 可以进行文件上传
+  sed -i "s/\/usr\/libexec\/sftp-server/internal-sftp/" ${openssh_install}/etc/ssh/sshd_config
+  cd ..
+fi
+
 # 编译 gcc
 if [ ! -d "gcc_install" ]; then 
  mkdir -pv gcc_install && cd ${GCC_SRC_DIR} && make distclean && rm ./config.cache
--- a/02_build_img.sh
+++ b/02_build_img.sh
@ -18,9 +18,9 @@
 echo "${CYAN}--- build disk --- ${NC}"
 # 创建磁盘 128M 或 256M
 if [ "${with_gcc}" = false ]; then
-  create_disk disk.img 2048
+  create_disk disk.img 4096
 else
-  create_disk disk.img 2048
+  create_disk disk.img 4096
 fi
 echo "${GREEN}+++ build disk ok +++${NC}"

@ -146,19 +146,42 @@ make_init

 # 指定了利用 /etc/init.d/rcS 启动
 cat<<"EOF">etc/inittab
-::restart:/sbin/init
-::ctrlaltdel:/sbin/reboot
-::shutdown:/bin/umount -a -r
-::shutdown:/sbin/swapoff -a
 ::sysinit:echo "sysinit 1++++++++++++++++++++++++++++++++++++++"
 ::sysinit:/etc/init.d/rcS
 ::sysinit:echo "sysinit 2++++++++++++++++++++++++++++++++++++++"
-tty1::once:echo "hello smart-os tty1"
-tty1::respawn:/bin/sh
-tty2::once:echo "hello smart-os tty2"
-tty2::respawn:/bin/sh
-tty3::once:echo "hello smart-os tty3"
-tty3::respawn:/bin/sh
+
+# /bin/sh invocations on selected ttys
+#
+# Note below that we prefix the shell commands with a "-" to indicate to the
+# shell that it is supposed to be a login shell.  Normally this is handled by
+# login, but since we are bypassing login in this case, BusyBox lets you do
+# this yourself...
+#
+# Start an "askfirst" shell on the console (whatever that may be)
+::respawn:-/bin/login
+# Start an "askfirst" shell on /dev/tty2-4
+tty2::respawn:-/bin/sh
+tty3::respawn:-/bin/sh
+tty4::respawn:-/bin/sh
+
+# /sbin/getty invocations for selected ttys
+tty4::respawn:/sbin/getty 38400 tty5
+tty5::respawn:/sbin/getty 38400 tty6
+
+# Example of how to put a getty on a serial line (for a terminal)
+#::respawn:/sbin/getty -L ttyS0 9600 vt100
+#::respawn:/sbin/getty -L ttyS1 9600 vt100
+#
+# Example how to put a getty on a modem line.
+#::respawn:/sbin/getty 57600 ttyS2
+
+# Stuff to do when restarting the init process
+::restart:/sbin/init
+
+# Stuff to do before rebooting
+::ctrlaltdel:/sbin/reboot
+::shutdown:/bin/umount -a -r
+::shutdown:/sbin/swapoff -a
 EOF

 find . | cpio -R root:root -H newc -o | gzip -9 > ../${diskfs}/boot/initrd
@ -180,6 +203,12 @@ if [ -f "${diskfs}/usr/share/pci.ids.gz" ]; then
  mv ${diskfs}/usr/share/pci.ids.gz ${diskfs}/usr/local/share/pci.ids.gz
 fi

+# 带有 openssl
+cp ${openssl_install}/* ${diskfs} -r
+
+# 带有 openssh
+cp ${openssh_install}/* ${diskfs} -r
+
 # 带有 gcc 编译器
 if [ "${with_gcc}" = true ]; then
  echo "${RED} ... build with-gcc${NC}"
@ -224,7 +253,10 @@ if [ "${with_xfce}" = true ]; then
  # dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  # dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  # dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3
-  echo "dbus-daemon --system --nopidfile --systemd-activation" > ${diskfs}/xfce.sh
+  echo "dd if=/dev/zero of=/swapfile bs=1M count=2048" > ${diskfs}/xfce.sh
+  echo "mkswap /swapfile" >> ${diskfs}/xfce.sh
+  echo "swapon /swapfile" >> ${diskfs}/xfce.sh
+  echo "dbus-daemon --system --nopidfile --systemd-activation" >> ${diskfs}/xfce.sh
  echo "xinit /usr/local/bin/xfce4-session -- /usr/local/bin/Xorg :10" >> ${diskfs}/xfce.sh
  chmod +x ${diskfs}/xfce.sh
  # 添加 machine-id
@ -294,14 +326,19 @@ echo -e "\n“${title}”\n"
 cd /lib/modules && insmod hello_world.ko

 # dns 测试 busybox 必须动态编译 动态编译 glibc 已经集成 dns 功能
-ifconfig eth0 192.168.100.6 && ifconfig eth0 up
-route add default gw 192.168.100.1
+# qemu
+# ifconfig eth0 192.168.100.6 && ifconfig eth0 up
+# route add default gw 192.168.100.1
+# vmware
+ifconfig eth0 192.168.222.195 && ifconfig eth0 up
+route add default gw 192.168.222.2

 # exec 执行 /etc/init.d/rc.local 脚本
+/usr/sbin/sshd
+
 EOF
 chmod +x  ${diskfs}/etc/init.d/rcS

-
 # 登陆 login shell ，非 non-login shell
 if [ "${with_login}" = true ]; then
 cat - > ${diskfs}/etc/profile << EOF
@ -328,4 +365,11 @@ losetup -d ${loop_dev}
 #---------------------------------------------------------------
 ./ls_img.sh

+#---------------------------------------------------------------
+#
+# 转换为 vmware 格式
+#
+#---------------------------------------------------------------
+qemu-img convert disk.img -f raw -O vmdk disk.vmdk
+
 echo "Run the next script: 03_run_qemu.sh or 04_run_docker.sh"
--- a/03_run_qemu.sh
+++ b/03_run_qemu.sh
@ -92,7 +92,7 @@ else
 fi

 # 指定内存
-memory="-m 4G"
+memory="-m 8G"

 # 主磁盘
 disk="-drive format=raw,file=disk.img"
@ -105,10 +105,10 @@ logfile="-serial file:./qemu.log"
 network="-netdev tap,id=nd0,ifname=tap0,script=no,downscript=no -device e1000,netdev=nd0"

 # 显卡参数 需要编译 xf86-video-vmware, see mk_xfce.sh
-display="-vga vmware"
+display="-vga qxl"

 # 启动镜像 网络对应 run_nat.sh 里面的配置 ( -enable-kvm : vmware 里面 CPU 设置需要支持虚拟化 Intel VT-x/EPT 或 AMD-V/RVI )
 # 命令 qemu-system-x86_64 -device help 可以查看支持哪些设备
-qemu-system-x86_64 -enable-kvm ${memory} ${disk} ${sdb_img} ${network} ${logfile}
+qemu-system-x86_64 ${display} -device qxl ${memory} ${disk} ${sdb_img} ${network} ${logfile}
 # stop nat
 stop_nat
--- a/mk_login.sh
+++ b/mk_login.sh
@ -10,6 +10,7 @@ EOF
 # 用户密码文件
 cat<<EOF>${diskfs}/etc/passwd
 root:x:0:0:root:/:/bin/sh
+sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
 EOF

 # 用户 shadow 文件
@ -30,12 +31,4 @@ export PS1 HOSTNAME
 EOF

 # 重新生成 inittab 文件
-cat<<EOF>${diskfs}/etc/inittab
-::sysinit:/bin/hostname -F /etc/hostname
-::sysinit:/etc/init.d/rcS
-tty0::respawn:-/bin/login
-::restart:/sbin/init
-::ctrlaltdel:/sbin/reboot
-::shutdown:/bin/umount -a -r
-::shutdown:/sbin/swapoff -a
-EOF
+sed -i "/::sysinit:\/etc\/init.d\/rcS/a\::sysinit:\/bin\/hostname -F \/etc\/hostname" ${diskfs}/etc/inittab
--- a/mk_xfce.sh
+++ b/mk_xfce.sh
@ -748,7 +748,7 @@ llvm_build() {
  # 编译 xkbcommon
  meson_build xkbcommon ${XKBCOMMON_SRC_DIR} -Denable-docs=false
  # 编译 gdkpixbuf
-  meson_build gdkpixbuf ${GDKPIXBUF_SRC_DIR} -Dman=false
+  meson_build gdkpixbuf ${GDKPIXBUF_SRC_DIR} -Dman=false -Dbuiltin_loaders=all -Dinstalled_tests=false -Drelocatable=true
  # 编译 pixman
  common_build pixman ${PIXMAN_SRC_DIR} --enable-libpng=yes
  # 编译 freetype
@ -895,7 +895,7 @@ llvm_build() {
  # common_build xf86videoamd ${XF86VIDEOAMD_SRC_DIR}
  # xf86videoqxl ( 需要: spice_protocol, qemu 要模拟 vmware 的显卡，需要编译此工程 -vga vmware )
  if [ ! -f ".xf86videoqxl" ]; then
-    sed -i "s/value.bool/value.boolean/" ${XF86VIDEOQXL_SRC_DIR}/src/qxl_option_helpers.c
+    sed -i "s/value.bool;/value.boolean;/" ${XF86VIDEOQXL_SRC_DIR}/src/qxl_option_helpers.c
  fi
  common_build xf86videoqxl ${XF86VIDEOQXL_SRC_DIR}
  # xf86videofbdev ( qemu 要模拟 vmware 的显卡，需要编译此工程 -vga vmware )