Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/release/tools/gce.conf
103647 views
1
#!/bin/sh

2
#

3
#

4


5
# The default of 3GB is too small for GCE, so override the size here.

6
export VMSIZE=20g

7


8
# Set to a list of packages to install.

9
export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} firstboot-freebsd-update \

10
	firstboot-pkgs google-cloud-sdk panicmail sudo \

11
	sysutils/py-google-compute-engine lang/python \

12
	lang/python3"

13


14
# Set to a list of third-party software to enable in rc.conf(5).

15
export VM_RC_LIST="ntpd sshd growfs \

16
	firstboot_pkgs firstboot_freebsd_update google_startup \

17
	google_accounts_daemon google_clock_skew_daemon \

18
	google_instance_setup google_network_daemon"

19


20
# Hack for FreeBSD 15.0; should go away before 15.1.

21
MISSING_METALOGS="

22
./usr/local/etc/instance_configs.cfg.distro

23
./usr/local/etc/pam.d/sudo

24
./usr/local/etc/sudo.conf

25
./usr/local/etc/sudo_logsrvd.conf

26
./usr/local/etc/sudoers

27
./usr/local/etc/syslog.d/90-google.conf

28
"

29


30
vm_extra_install_base() {

31
	echo 'search google.internal' > ${DESTDIR}/etc/resolv.conf

32
	echo 'nameserver 169.254.169.254' >> ${DESTDIR}/etc/resolv.conf

33
	echo 'nameserver 8.8.8.8' >> ${DESTDIR}/etc/resolv.conf

34
	metalog_add_data ./etc/resolv.conf

35
}

36


37
vm_extra_pre_umount() {

38
	local DEVFSISOURS

39


40
	# Enable growfs on every boot, not only the first, as as instance's disk can

41
	# be enlarged post-creation

42
	sed -i -e '/KEYWORD: firstboot/d' ${DESTDIR}/etc/rc.d/growfs

43


44
	cat << EOF >> ${DESTDIR}/etc/rc.conf

45
dumpdev="AUTO"

46
ifconfig_DEFAULT="SYNCDHCP mtu 1460"

47
ntpd_sync_on_start="YES"

48
# need to fill in something here

49
#firstboot_pkgs_list=""

50
panicmail_autosubmit="YES"

51
EOF

52


53
	cat << EOF >> ${DESTDIR}/boot/loader.conf

54
autoboot_delay="-1"

55
beastie_disable="YES"

56
loader_logo="none"

57
hw.memtest.tests="0"

58
console="comconsole,vidconsole"

59
kern.timecounter.hardware=ACPI-safe

60
aesni_load="YES"

61
nvme_load="YES"

62


63
# Required for arm64.

64
hw.pci.honor_msi_blacklist=0

65
EOF

66
	metalog_add_data ./boot/loader.conf

67


68
	echo '169.254.169.254 metadata.google.internal metadata' >> \

69
		${DESTDIR}/etc/hosts

70


71
        # overwrite ntp.conf

72
	cat << EOF > ${DESTDIR}/etc/ntp.conf

73
server metadata.google.internal iburst

74


75
restrict default kod nomodify notrap nopeer noquery

76
restrict -6 default kod nomodify notrap nopeer noquery

77


78
restrict 127.0.0.1

79
restrict -6 ::1

80
restrict 127.127.1.0

81
EOF

82


83
	cat << EOF >> ${DESTDIR}/etc/syslog.conf

84
*.err;kern.warning;auth.notice;mail.crit                /dev/console

85
EOF

86


87
	cat << EOF >> ${DESTDIR}/etc/ssh/sshd_config

88
KbdInteractiveAuthentication no

89
X11Forwarding no

90
AcceptEnv LANG

91
AllowAgentForwarding no

92
ClientAliveInterval 420

93
EOF

94


95
	cat << EOF >> ${DESTDIR}/etc/crontab

96
0       3       *       *       *       root    /usr/sbin/freebsd-update cron

97
EOF

98


99
	cat << EOF >> ${DESTDIR}/etc/sysctl.conf

100
net.inet.icmp.drop_redirect=1

101
net.inet.ip.redirect=0

102
kern.ipc.soacceptqueue=1024

103
debug.trace_on_panic=1

104
debug.debugger_on_panic=0

105
EOF

106


107
	# To meet GCE marketplace requirements, extract the src.txz and

108
	# ports.txz distributions to the target virtual machine disk image

109
	# and fetch the sources for the third-party software installed on

110
	# the image.

111
	if [ -e "${DESTDIR}/../ftp/src.txz" ]; then

112
		tar fxJ ${DESTDIR}/../ftp/src.txz -C ${DESTDIR}

113
		( cd ${DESTDIR} && find ./usr/src ) |

114
		    while read P; do

115
			metalog_add_data ${P}

116
		    done

117
	fi

118
	if [ -e "${DESTDIR}/../ftp/ports.txz" ]; then

119
		tar fxJ ${DESTDIR}/../ftp/ports.txz -C ${DESTDIR}

120
		_INSTALLED_PACKAGES=$(pkg -r ${DESTDIR} info -o -q -a | grep -v ^base/)

121
		for PACKAGE in ${_INSTALLED_PACKAGES}; do

122
			make -C ${DESTDIR}/usr/ports/${PACKAGE} fetch \

123
			    DISTDIR=${DESTDIR}/usr/ports/distfiles \

124
			    DISABLE_VULNERABILITIES=YES \

125
			    I_DONT_CARE_IF_MY_BUILDS_TARGET_THE_WRONG_RELEASE=YES

126
		done

127
		( cd ${DESTDIR} && find ./usr/ports ) |

128
		    while read P; do

129
			metalog_add_data ${P}

130
		    done

131
	fi

132


133
	## XXX: Verify this is needed.  I do not see this requirement

134
	## in the docs, and it impairs the ability to boot-test a copy

135
	## of the image prior to packaging for upload to GCE.

136
	#sed -E -i '' 's/^([^#].*[[:space:]])on/\1off/' ${DESTDIR}/etc/ttys

137


138
	return 0

139
}

140


141
# Do everything except deleting resolv.conf since we construct our own

142
# Googlized resolv.conf file in vm_extra_install_base.

143
vm_emulation_cleanup() {

144
	if [ -n "${QEMUSTATIC}" ]; then

145
		rm -f ${DESTDIR}/${EMULATOR}

146
	fi

147
	return 0

148
}

149


150