From 8d937f553bbda37724ca1ce806d95c1478e19b19 Mon Sep 17 00:00:00 2001 From: Gavin Andresen Date: Fri, 8 Feb 2013 11:50:34 -0500 Subject: [PATCH] VirtualBox support --- README.md | 67 ++++++++++++++++++++++++++++++++++++++----- libexec/make-clean-vm | 19 ++++++++++-- libexec/start-target | 20 +++++++++++-- libexec/stop-target | 21 ++++++++++++-- 4 files changed, 111 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index f28ee86..4300b3d 100644 --- a/README.md +++ b/README.md @@ -8,28 +8,80 @@ This package can do a deterministic build of a package inside a VM. This performs a build inside a VM, with deterministic inputs and outputs. If the build script takes care of all sources of non-determinism (mostly caused by timestamps), the result will always be the same. This allows multiple independent verifiers to sign a binary with the assurance that it really came from the source they reviewed. -## Synopsis: +## Prerequisites: -Install prereqs: +Linux: - sudo apt-get install apt-cacher-ng python-vm-builder ruby + sudo apt-get install git apache2 apt-cacher-ng python-vm-builder ruby + +OSX with MacPorts: + + sudo port install ruby coreutils + export PATH=$PATH:/opt/local/libexec/gnubin # Needed for sha256sum + +### KVM -If you want to use kvm: sudo apt-get install qemu-kvm -or alternatively, lxc (no need for hardware support): +### LXC (no need for hardware support): + sudo apt-get install debootstrap lxc -Create the base VM for use in further builds (requires sudo, please review the script): +### VirtualBox + +Install virtualbox from virtualbox.org, and make sure VBoxManage is in your $PATH. + +## Create the base VM for use in further builds (requires sudo, please review the script): + +### KVM bin/make-base-vm bin/make-base-vm --arch i386 -or for lxc: +### LXC bin/make-base-vm --lxc bin/make-base-vm --lxc --arch i386 +Set the USE_LXC environment variable to use LXC instead of KVM: + export USE_LXC=1 + +### VirtualBox + +Command-line VBoxManage must be in your PATH + +Setup: + +make-base-vm cannot yet make VirtualBox virtual machines (patches welcome-- it should be possible to use VBoxManage, boot-from-network Linux images and PXE booting to do it). So you must either get or manually create VirtualBox machines that: + +1. Are named "Gitian--" -- e.g. Gitian-lucid-i386 for a 32-bit, Ubuntu 10 machine. +2. Have a booted-up snapshot named "Gitian-Clean" . The build script resets the VM to that snapshot to get reproducible builds. +3. Has the VM's NAT networking setup to forward port localhost:2223 on the host machine to port 22 of the VM; e.g.: + VBoxManage modifyvm Gitian-lucid-i386 --natpf1 "guestssh,tcp,,2223,,22" + +The final setup needed is to create an ssh key that will be used to login to the virtual machine: + + ssh-keygen -t dsa -f var/id_dsa -N "" + ssh -p 2223 ubuntu@localhost 'mkdir -p .ssh && chmod 700 .ssh && cat >> .ssh/authorized_keys' < var/id_dsa.pub + ssh -p 2223 ubuntu@localhost + On VM: sudo bash + On VM: mkdir -p .ssh && chmod 700 .ssh && cat ~ubuntu/.ssh/authorized_keys >> .ssh/authorized_keys + +Set the USE_VBOX environment variable to use LXC instead of KVM: + export USE_VBOX=1 + +## Sanity-testing + +If you have everything set-up properly, you should be able to: + +PATH=$PATH:$(pwd)/libexec +make-clean-vm --suite lucid --arch i386 +start-target 32 lucid-i386 +on-target ls -la +stop-target + +## Building + Copy any additional build inputs into a directory named _inputs_. Then execute the build using a YAML description file (can be run as non-root): @@ -53,6 +105,7 @@ After you've merged everybody's signatures, verify them: bin/gverify --release .yml + ## Poking around * Log files are captured to the _var_ directory diff --git a/libexec/make-clean-vm b/libexec/make-clean-vm index cf7d658..52d3c87 100755 --- a/libexec/make-clean-vm +++ b/libexec/make-clean-vm @@ -4,6 +4,13 @@ set -e SUITE=lucid ARCH=amd64 +VMSW=KVM +if [ -n "$USE_LXC" ]; then + VMSW=LXC +elif [ -n "$USE_VBOX" ]; then + VMSW=VBOX +fi + usage() { echo "Usage: ${0##*/} [OPTION]..." echo "Make a clean copy of the base client." @@ -44,9 +51,15 @@ fi BASE=base-$SUITE-$ARCH OUT=target-$SUITE-$ARCH -if [ -z "$USE_LXC" ]; then +case $VMSW in + KVM) qemu-img create -f qcow2 -o backing_file="$BASE.qcow2" "$OUT.qcow2" -else + ;; + LXC) cp -a $BASE $OUT on-target -u root bash < target-bin/bootstrap-fixup -fi + ;; + VBOX) + VBoxManage snapshot "Gitian-${SUITE}-${ARCH}" restore "Gitian-Clean" + ;; +esac diff --git a/libexec/start-target b/libexec/start-target index cc20044..c6e06ac 100755 --- a/libexec/start-target +++ b/libexec/start-target @@ -5,11 +5,25 @@ ARCH=qemu$1 SUFFIX=$2 -if [ -z "$USE_LXC" ]; then +VMSW=KVM +if [ -n "$USE_LXC" ]; then + VMSW=LXC +elif [ -n "$USE_VBOX" ]; then + VMSW=VBOX +fi + +case $VMSW in + KVM) kvm -cpu $ARCH -m ${VMEM:-2000} -smp ${NPROCS:-2} -drive file=target-$SUFFIX.qcow2,cache=writeback -net nic,model=virtio -net user,hostfwd=tcp:127.0.0.1:$VM_SSH_PORT-:22 -vnc 127.0.0.1:16 > var/target.log 2>&1 & echo $! > var/target.pid wait rm var/target.pid -else + ;; + LXC) true #sudo lxc-start -n gitian -c var/target.log -f lxc.config -fi + ;; + VBOX) + VBoxManage startvm "Gitian-${2}" # --type headless + echo "Gitian-${2}" > var/target.vmname + ;; +esac diff --git a/libexec/stop-target b/libexec/stop-target index 003779c..6db547d 100755 --- a/libexec/stop-target +++ b/libexec/stop-target @@ -1,6 +1,14 @@ #!/bin/sh -if [ -z "$USE_LXC" ]; then +VMSW=KVM +if [ -n "$USE_LXC" ]; then + VMSW=LXC +elif [ -n "$USE_VBOX" ]; then + VMSW=VBOX +fi + +case $VMSW in + KVM) if [ ! -e var/target.pid ]; then exit; fi on-target -u root halt @@ -13,6 +21,13 @@ if [ -z "$USE_LXC" ]; then echo Killing target since it did not shutdown within 10 seconds kill `cat var/target.pid` -else + ;; + LXC) true -fi + ;; + VBOX) + if [ ! -e var/target.vmname ]; then exit; fi + VBoxManage controlvm `cat var/target.vmname` savestate + rm var/target.vmname + ;; +esac