diff --git a/config/build.conf b/config/build.conf index facfab0..3c63d47 100644 --- a/config/build.conf +++ b/config/build.conf @@ -43,6 +43,12 @@ KERNEL_SOURCE_URL="https://cdn.kernel.org/pub/linux/kernel" # FIRMWARE_TAG="v1" #FIRMWARE_TAG="latest" +# Branding and customization guard (default off) +# Set to "true" to enable Zero-OS branding and passwordless root in initramfs. +# Both variables are accepted; ZEROOS_BRANDING takes precedence if both set. +ZEROOS_BRANDING="true" +ZEROOS_REBRANDING="true" + # Feature flags ENABLE_STRIP="true" ENABLE_UPX="true" diff --git a/initramfs/etc/resolv.conf b/initramfs/etc/resolv.conf index 434ed59..02a3e3f 100644 --- a/initramfs/etc/resolv.conf +++ b/initramfs/etc/resolv.conf @@ -1,2 +1 @@ -nameserver 169.254.1.1 nameserver 192.168.64.254 diff --git a/scripts/build.sh b/scripts/build.sh index 190de95..72f3973 100755 --- a/scripts/build.sh +++ b/scripts/build.sh @@ -297,16 +297,22 @@ function main_build_process() { export FULL_KERNEL_VERSION log_info "Resolved FULL_KERNEL_VERSION: ${FULL_KERNEL_VERSION}" fi - echo ============= $(pwd) + + # Normalize working directory to the project root to avoid relative path issues + local _oldpwd + _oldpwd="$(pwd)" + safe_execute cd "${PROJECT_ROOT}" + log_debug "stage_rfs_flists CWD (normalized): $(pwd)" + # Ensure rfs scripts are executable when present (be robust if directory is missing) - if [[ -d "./scripts/rfs" ]]; then - safe_execute find ./scripts/rfs -type f -name "*.sh" -exec chmod +x {} \; + if [[ -d "${PROJECT_ROOT}/scripts/rfs" ]]; then + safe_execute find "${PROJECT_ROOT}/scripts/rfs" -type f -name "*.sh" -exec chmod +x {} \; else - log_warn "scripts/rfs directory not found; will invoke packers via bash to avoid +x requirement" + log_warn "scripts/rfs directory not found under PROJECT_ROOT=${PROJECT_ROOT}; invoking packers via bash with absolute paths" fi # Build modules flist (writes to dist/flists/modules-${FULL_KERNEL_VERSION}.fl) - safe_execute bash ./scripts/rfs/pack-modules.sh + safe_execute bash "${PROJECT_ROOT}/scripts/rfs/pack-modules.sh" # Build firmware flist with a reproducible tag: # Priority: env FIRMWARE_TAG > config/build.conf: FIRMWARE_TAG > "latest" @@ -321,13 +327,13 @@ function main_build_process() { fw_tag="${FIRMWARE_TAG:-latest}" fi log_info "Using firmware tag: ${fw_tag}" - safe_execute env FIRMWARE_TAG="${fw_tag}" bash ./scripts/rfs/pack-firmware.sh + safe_execute env FIRMWARE_TAG="${fw_tag}" bash "${PROJECT_ROOT}/scripts/rfs/pack-firmware.sh" # Embed flists inside initramfs at /etc/rfs for zinit init scripts local etc_rfs_dir="${INSTALL_DIR}/etc/rfs" safe_mkdir "${etc_rfs_dir}" - local modules_fl="dist/flists/modules-${FULL_KERNEL_VERSION}.fl" + local modules_fl="${PROJECT_ROOT}/dist/flists/modules-${FULL_KERNEL_VERSION}.fl" if [[ -f "${modules_fl}" ]]; then safe_execute cp "${modules_fl}" "${etc_rfs_dir}/" log_info "Embedded modules flist: ${modules_fl} -> ${etc_rfs_dir}/" @@ -335,7 +341,7 @@ function main_build_process() { log_warn "Modules flist not found: ${modules_fl}" fi - local firmware_fl="dist/flists/firmware-${fw_tag}.fl" + local firmware_fl="${PROJECT_ROOT}/dist/flists/firmware-${fw_tag}.fl" if [[ -f "${firmware_fl}" ]]; then # Provide canonical name firmware-latest.fl expected by firmware.sh safe_execute cp "${firmware_fl}" "${etc_rfs_dir}/firmware-latest.fl" @@ -345,6 +351,8 @@ function main_build_process() { fi log_info "RFS flists embedded into initramfs" + # Restore previous working directory + safe_execute cd "${_oldpwd}" } function stage_cleanup() { @@ -357,11 +365,25 @@ function main_build_process() { function stage_initramfs_create() { local initramfs_archive="${DIST_DIR}/initramfs.cpio.xz" + # Normalize to absolute path to avoid CWD-related issues in later stages + if [[ "${initramfs_archive}" != /* ]]; then + initramfs_archive="${PROJECT_ROOT}/${initramfs_archive#./}" + fi initramfs_create_cpio "$INSTALL_DIR" "$initramfs_archive" export INITRAMFS_ARCHIVE="$initramfs_archive" + log_debug "stage_initramfs_create: INITRAMFS_ARCHIVE=${INITRAMFS_ARCHIVE}" } function stage_initramfs_test() { + # Ensure INITRAMFS_ARCHIVE is set when skipping directly to this stage + if [[ -z "${INITRAMFS_ARCHIVE:-}" ]]; then + local archive_path="${DIST_DIR}/initramfs.cpio.xz" + if [[ "${archive_path}" != /* ]]; then + archive_path="${PROJECT_ROOT}/${archive_path#./}" + fi + export INITRAMFS_ARCHIVE="${archive_path}" + log_debug "stage_initramfs_test: defaulting INITRAMFS_ARCHIVE=${INITRAMFS_ARCHIVE}" + fi initramfs_test_archive "$INITRAMFS_ARCHIVE" } diff --git a/scripts/lib/initramfs.sh b/scripts/lib/initramfs.sh index 69c7199..bc6f785 100644 --- a/scripts/lib/initramfs.sh +++ b/scripts/lib/initramfs.sh @@ -572,18 +572,22 @@ function initramfs_finalize_customization() { section_header "Final Zero-OS Customization" - # Remove root password for passwordless login - log_info "Removing root password for passwordless login" - if [[ -f "${initramfs_dir}/etc/passwd" ]]; then - safe_execute sed -i 's/^root:[^:]*:/root::/' "${initramfs_dir}/etc/passwd" - log_info "✓ Root password removed" - else - log_warn "/etc/passwd not found, skipping password removal" - fi + # Branding guard (default disabled). Enable by setting ZEROOS_BRANDING=true (or ZEROOS_REBRANDING=true) + local _branding="${ZEROOS_BRANDING:-${ZEROOS_REBRANDING:-false}}" - # Update /etc/motd to Zero-OS - log_info "Updating /etc/motd to Zero-OS branding" - cat > "${initramfs_dir}/etc/motd" << 'EOF' + if [[ "${_branding}" == "true" ]]; then + # Remove root password for passwordless login + log_info "Branding enabled: removing root password for passwordless login" + if [[ -f "${initramfs_dir}/etc/passwd" ]]; then + safe_execute sed -i 's/^root:[^:]*:/root::/' "${initramfs_dir}/etc/passwd" + log_info "✓ Root password removed" + else + log_warn "/etc/passwd not found, skipping password removal" + fi + + # Update /etc/motd to Zero-OS + log_info "Branding enabled: updating /etc/motd to Zero-OS branding" + cat > "${initramfs_dir}/etc/motd" << 'EOF' Welcome to Zero-OS! @@ -593,18 +597,22 @@ Built on Alpine Linux with ThreeFold components. For more information: https://github.com/threefoldtech/zos EOF - - # Update /etc/issue to Zero-OS - log_info "Updating /etc/issue to Zero-OS branding" - cat > "${initramfs_dir}/etc/issue" << 'EOF' + + # Update /etc/issue to Zero-OS + log_info "Branding enabled: updating /etc/issue to Zero-OS branding" + cat > "${initramfs_dir}/etc/issue" << 'EOF' Zero-OS \r \m Built on \l EOF + else + log_info "Branding disabled: leaving /etc/motd, /etc/issue and root password unchanged" + fi - # Create ntp.conf pointing to Google NTP servers (canonical name for hooks) - log_info "Creating ntp.conf with Google NTP servers" - cat > "${initramfs_dir}/etc/ntp.conf" << 'EOF' + # Ensure ntp.conf exists for hooks. Create only if absent, do not overwrite. + if [[ ! -f "${initramfs_dir}/etc/ntp.conf" ]]; then + log_info "Creating ntp.conf with Google NTP servers (absent)" + cat > "${initramfs_dir}/etc/ntp.conf" << 'EOF' # Zero-OS NTP Configuration # Using Google public NTP servers for reliable time sync @@ -626,16 +634,19 @@ restrict -6 ::1 # Drift file for time stability driftfile /var/lib/ntp/ntp.drift EOF + else + log_info "Keeping existing /etc/ntp.conf (no overwrite)" + fi # Provide BusyBox ntpd compatibility symlink if needed if [[ ! -e "${initramfs_dir}/etc/ntpd.conf" ]]; then (cd "${initramfs_dir}/etc" && ln -sf ntp.conf ntpd.conf) fi - # Set proper permissions - safe_execute chmod 644 "${initramfs_dir}/etc/motd" - safe_execute chmod 644 "${initramfs_dir}/etc/issue" - safe_execute chmod 644 "${initramfs_dir}/etc/ntp.conf" + # Set proper permissions (only if files exist) + [[ -f "${initramfs_dir}/etc/motd" ]] && safe_execute chmod 644 "${initramfs_dir}/etc/motd" + [[ -f "${initramfs_dir}/etc/issue" ]] && safe_execute chmod 644 "${initramfs_dir}/etc/issue" + [[ -f "${initramfs_dir}/etc/ntp.conf" ]] && safe_execute chmod 644 "${initramfs_dir}/etc/ntp.conf" # Create ntp drift directory safe_mkdir "${initramfs_dir}/var/lib/ntp"