diff --git a/01_build_src.sh b/01_build_src.sh index fc5b532..044b82b 100755 --- a/01_build_src.sh +++ b/01_build_src.sh @@ -21,6 +21,8 @@ LINUX_SRC_URL=https://mirror.bjtu.edu.cn/kernel/linux/kernel/v5.x/linux-5.8.6.ta GLIBC_SRC_URL=https://mirrors.ustc.edu.cn/gnu/glibc/glibc-2.27.tar.xz BUSYBOX_SRC_URL=https://busybox.net/downloads/busybox-1.34.1.tar.bz2 PCIUTILS_SRC_URL=http://mj.ucw.cz/download/linux/pci/pciutils-3.8.0.tar.gz +OPENSSL_SRC_URL=https://www.openssl.org/source/openssl-1.1.1q.tar.gz +OPENSSH_SRC_URL=https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.8p1.tar.gz #GCC_SRC_URL=https://ftpmirror.gnu.org/gcc/gcc-7.5.0/gcc-7.5.0.tar.xz GCC_SRC_URL=https://mirrors.ustc.edu.cn/gnu/gcc/gcc-7.5.0/gcc-7.5.0.tar.xz #BINUTILS_SRC_URL=https://ftp.gnu.org/gnu/binutils/binutils-2.36.tar.xz @@ -39,6 +41,8 @@ LINUX_SRC_NAME=$(download_src ${LINUX_SRC_URL}) GLIBC_SRC_NAME=$(download_src ${GLIBC_SRC_URL}) BUSYBOX_SRC_NAME=$(download_src ${BUSYBOX_SRC_URL}) PCIUTILS_SRC_NAME=$(download_src ${PCIUTILS_SRC_URL}) +OPENSSL_SRC_NAME=$(download_src ${OPENSSL_SRC_URL}) +OPENSSH_SRC_NAME=$(download_src ${OPENSSH_SRC_URL}) GCC_SRC_NAME=$(download_src ${GCC_SRC_URL}) BINUTILS_SRC_NAME=$(download_src ${BINUTILS_SRC_URL}) cd .. @@ -54,6 +58,8 @@ LINUX_SRC_DIR=$(unzip_src ".tar.xz" ${LINUX_SRC_NAME}); echo "unzip ${LINUX_SRC_ GLIBC_SRC_DIR=$(unzip_src ".tar.xz" ${GLIBC_SRC_NAME}); echo "unzip ${GLIBC_SRC_NAME} source code" BUSYBOX_SRC_DIR=$(unzip_src ".tar.bz2" ${BUSYBOX_SRC_NAME}); echo "unzip ${BUSYBOX_SRC_NAME} source code" PCIUTILS_SRC_DIR=$(unzip_src ".tar.gz" ${PCIUTILS_SRC_NAME}); echo "unzip ${PCIUTILS_SRC_NAME} source code" +OPENSSL_SRC_DIR=$(unzip_src ".tar.gz" ${OPENSSL_SRC_NAME}); echo "unzip ${OPENSSL_SRC_NAME} source code" +OPENSSH_SRC_DIR=$(unzip_src ".tar.gz" ${OPENSSH_SRC_NAME}); echo "unzip ${OPENSSH_SRC_NAME} source code" GCC_SRC_DIR=$(unzip_src ".tar.xz" ${GCC_SRC_NAME}); echo "unzip ${GCC_SRC_NAME} source code" BINUTILS_SRC_DIR=$(unzip_src ".tar.xz" ${BINUTILS_SRC_NAME}); echo "unzip ${BINUTILS_SRC_NAME} source code" @@ -327,6 +333,40 @@ if [ ! -d "pciutils_install" ]; then cd .. fi +# 编译 openssl +if [ ! -d "openssl_install" ]; then + mkdir -pv openssl_install && cd ${OPENSSL_SRC_DIR} + ./config --prefix=/usr shared + CFLAGS="-L${glibc_install}/lib64 $CFLAGS" make -j8 && make install -j8 DESTDIR=${openssl_install} PREFIX=/usr + cd .. +fi + +# 编译 openssh +if [ ! -d "openssh_install" ]; then + mkdir -pv openssh_install && cd ${OPENSSH_SRC_DIR} + ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ssl-dir=${openssl_install}/usr/ --with-pam --without-openssl-header-check + CFLAGS="-L${glibc_install}/lib64 -L${openssl_install}/usr/lib $CFLAGS" make -j8 && make install -j8 DESTDIR=${openssh_install} PREFIX=/usr + # 修改配置文件 + sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/" ${openssh_install}/etc/ssh/sshd_config + echo "HostKeyAlgorithms=ssh-rsa,ssh-dss" >> ${openssh_install}/etc/ssh/sshd_config + echo "KexAlgorithms=diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1" >> ${openssh_install}/etc/ssh/sshd_config + # 准备环境 + if [ ! -d "${openssh_install}/var/empty" ]; then + mkdir -pv ${openssh_install}/var/empty + fi + chmod 744 ${openssh_install}/var/empty/ + chown root ${openssh_install}/var/empty/ + if [ ! -f "${openssh_install}/etc/ssh/ssh_host_dsa_key" ]; then + ssh-keygen -t dsa -P "" -f ${openssh_install}/etc/ssh/ssh_host_dsa_key + fi + if [ ! -f "${openssh_install}/etc/ssh/ssh_host_rsa_key" ]; then + ssh-keygen -t rsa -P "" -f ${openssh_install}/etc/ssh/ssh_host_rsa_key + fi + # 开启 sftp, 可以进行文件上传 + sed -i "s/\/usr\/libexec\/sftp-server/internal-sftp/" ${openssh_install}/etc/ssh/sshd_config + cd .. +fi + # 编译 gcc if [ ! -d "gcc_install" ]; then mkdir -pv gcc_install && cd ${GCC_SRC_DIR} && make distclean && rm ./config.cache diff --git a/02_build_img.sh b/02_build_img.sh index d9ce54a..d8f153f 100755 --- a/02_build_img.sh +++ b/02_build_img.sh @@ -18,9 +18,9 @@ echo "${CYAN}--- build disk --- ${NC}" # 创建磁盘 128M 或 256M if [ "${with_gcc}" = false ]; then - create_disk disk.img 2048 + create_disk disk.img 4096 else - create_disk disk.img 2048 + create_disk disk.img 4096 fi echo "${GREEN}+++ build disk ok +++${NC}" @@ -146,19 +146,42 @@ make_init # 指定了利用 /etc/init.d/rcS 启动 cat<<"EOF">etc/inittab -::restart:/sbin/init -::ctrlaltdel:/sbin/reboot -::shutdown:/bin/umount -a -r -::shutdown:/sbin/swapoff -a ::sysinit:echo "sysinit 1++++++++++++++++++++++++++++++++++++++" ::sysinit:/etc/init.d/rcS ::sysinit:echo "sysinit 2++++++++++++++++++++++++++++++++++++++" -tty1::once:echo "hello smart-os tty1" -tty1::respawn:/bin/sh -tty2::once:echo "hello smart-os tty2" -tty2::respawn:/bin/sh -tty3::once:echo "hello smart-os tty3" -tty3::respawn:/bin/sh + +# /bin/sh invocations on selected ttys +# +# Note below that we prefix the shell commands with a "-" to indicate to the +# shell that it is supposed to be a login shell. Normally this is handled by +# login, but since we are bypassing login in this case, BusyBox lets you do +# this yourself... +# +# Start an "askfirst" shell on the console (whatever that may be) +::respawn:-/bin/login +# Start an "askfirst" shell on /dev/tty2-4 +tty2::respawn:-/bin/sh +tty3::respawn:-/bin/sh +tty4::respawn:-/bin/sh + +# /sbin/getty invocations for selected ttys +tty4::respawn:/sbin/getty 38400 tty5 +tty5::respawn:/sbin/getty 38400 tty6 + +# Example of how to put a getty on a serial line (for a terminal) +#::respawn:/sbin/getty -L ttyS0 9600 vt100 +#::respawn:/sbin/getty -L ttyS1 9600 vt100 +# +# Example how to put a getty on a modem line. +#::respawn:/sbin/getty 57600 ttyS2 + +# Stuff to do when restarting the init process +::restart:/sbin/init + +# Stuff to do before rebooting +::ctrlaltdel:/sbin/reboot +::shutdown:/bin/umount -a -r +::shutdown:/sbin/swapoff -a EOF find . | cpio -R root:root -H newc -o | gzip -9 > ../${diskfs}/boot/initrd @@ -180,6 +203,12 @@ if [ -f "${diskfs}/usr/share/pci.ids.gz" ]; then mv ${diskfs}/usr/share/pci.ids.gz ${diskfs}/usr/local/share/pci.ids.gz fi +# 带有 openssl +cp ${openssl_install}/* ${diskfs} -r + +# 带有 openssh +cp ${openssh_install}/* ${diskfs} -r + # 带有 gcc 编译器 if [ "${with_gcc}" = true ]; then echo "${RED} ... build with-gcc${NC}" @@ -224,7 +253,10 @@ if [ "${with_xfce}" = true ]; then # dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only # dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only # dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3 - echo "dbus-daemon --system --nopidfile --systemd-activation" > ${diskfs}/xfce.sh + echo "dd if=/dev/zero of=/swapfile bs=1M count=2048" > ${diskfs}/xfce.sh + echo "mkswap /swapfile" >> ${diskfs}/xfce.sh + echo "swapon /swapfile" >> ${diskfs}/xfce.sh + echo "dbus-daemon --system --nopidfile --systemd-activation" >> ${diskfs}/xfce.sh echo "xinit /usr/local/bin/xfce4-session -- /usr/local/bin/Xorg :10" >> ${diskfs}/xfce.sh chmod +x ${diskfs}/xfce.sh # 添加 machine-id @@ -294,14 +326,19 @@ echo -e "\n“${title}”\n" cd /lib/modules && insmod hello_world.ko # dns 测试 busybox 必须动态编译 动态编译 glibc 已经集成 dns 功能 -ifconfig eth0 192.168.100.6 && ifconfig eth0 up -route add default gw 192.168.100.1 +# qemu +# ifconfig eth0 192.168.100.6 && ifconfig eth0 up +# route add default gw 192.168.100.1 +# vmware +ifconfig eth0 192.168.222.195 && ifconfig eth0 up +route add default gw 192.168.222.2 # exec 执行 /etc/init.d/rc.local 脚本 +/usr/sbin/sshd + EOF chmod +x ${diskfs}/etc/init.d/rcS - # 登陆 login shell ,非 non-login shell if [ "${with_login}" = true ]; then cat - > ${diskfs}/etc/profile << EOF @@ -328,4 +365,11 @@ losetup -d ${loop_dev} #--------------------------------------------------------------- ./ls_img.sh +#--------------------------------------------------------------- +# +# 转换为 vmware 格式 +# +#--------------------------------------------------------------- +qemu-img convert disk.img -f raw -O vmdk disk.vmdk + echo "Run the next script: 03_run_qemu.sh or 04_run_docker.sh" diff --git a/03_run_qemu.sh b/03_run_qemu.sh index 8670b91..df00ecd 100755 --- a/03_run_qemu.sh +++ b/03_run_qemu.sh @@ -92,7 +92,7 @@ else fi # 指定内存 -memory="-m 4G" +memory="-m 8G" # 主磁盘 disk="-drive format=raw,file=disk.img" @@ -105,10 +105,10 @@ logfile="-serial file:./qemu.log" network="-netdev tap,id=nd0,ifname=tap0,script=no,downscript=no -device e1000,netdev=nd0" # 显卡参数 需要编译 xf86-video-vmware, see mk_xfce.sh -display="-vga vmware" +display="-vga qxl" # 启动镜像 网络对应 run_nat.sh 里面的配置 ( -enable-kvm : vmware 里面 CPU 设置需要支持虚拟化 Intel VT-x/EPT 或 AMD-V/RVI ) # 命令 qemu-system-x86_64 -device help 可以查看支持哪些设备 -qemu-system-x86_64 -enable-kvm ${memory} ${disk} ${sdb_img} ${network} ${logfile} +qemu-system-x86_64 ${display} -device qxl ${memory} ${disk} ${sdb_img} ${network} ${logfile} # stop nat stop_nat diff --git a/mk_login.sh b/mk_login.sh index 1db3ac4..08cecb8 100755 --- a/mk_login.sh +++ b/mk_login.sh @@ -10,6 +10,7 @@ EOF # 用户密码文件 cat<${diskfs}/etc/passwd root:x:0:0:root:/:/bin/sh +sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin EOF # 用户 shadow 文件 @@ -30,12 +31,4 @@ export PS1 HOSTNAME EOF # 重新生成 inittab 文件 -cat<${diskfs}/etc/inittab -::sysinit:/bin/hostname -F /etc/hostname -::sysinit:/etc/init.d/rcS -tty0::respawn:-/bin/login -::restart:/sbin/init -::ctrlaltdel:/sbin/reboot -::shutdown:/bin/umount -a -r -::shutdown:/sbin/swapoff -a -EOF +sed -i "/::sysinit:\/etc\/init.d\/rcS/a\::sysinit:\/bin\/hostname -F \/etc\/hostname" ${diskfs}/etc/inittab diff --git a/mk_xfce.sh b/mk_xfce.sh index d8c163c..89b363e 100755 --- a/mk_xfce.sh +++ b/mk_xfce.sh @@ -748,7 +748,7 @@ llvm_build() { # 编译 xkbcommon meson_build xkbcommon ${XKBCOMMON_SRC_DIR} -Denable-docs=false # 编译 gdkpixbuf - meson_build gdkpixbuf ${GDKPIXBUF_SRC_DIR} -Dman=false + meson_build gdkpixbuf ${GDKPIXBUF_SRC_DIR} -Dman=false -Dbuiltin_loaders=all -Dinstalled_tests=false -Drelocatable=true # 编译 pixman common_build pixman ${PIXMAN_SRC_DIR} --enable-libpng=yes # 编译 freetype @@ -895,7 +895,7 @@ llvm_build() { # common_build xf86videoamd ${XF86VIDEOAMD_SRC_DIR} # xf86videoqxl ( 需要: spice_protocol, qemu 要模拟 vmware 的显卡,需要编译此工程 -vga vmware ) if [ ! -f ".xf86videoqxl" ]; then - sed -i "s/value.bool/value.boolean/" ${XF86VIDEOQXL_SRC_DIR}/src/qxl_option_helpers.c + sed -i "s/value.bool;/value.boolean;/" ${XF86VIDEOQXL_SRC_DIR}/src/qxl_option_helpers.c fi common_build xf86videoqxl ${XF86VIDEOQXL_SRC_DIR} # xf86videofbdev ( qemu 要模拟 vmware 的显卡,需要编译此工程 -vga vmware )