Make all templates local, ensure ssh keys for amd64 builds are generated on first boot

2026-03-24 11:25:10 +00:00 · 2026-03-24 11:25:10 +00:00 · c22e6ed557
commit c22e6ed557
parent 0fa18af48e
14 changed files with 459 additions and 59 deletions
--- a/vmdb2-recipes/amd64_trixie.yaml
+++ b/vmdb2-recipes/amd64_trixie.yaml
@ -120,6 +120,7 @@ steps:
    unless: rootfs_unpacked

  - shell: |
+
      echo "butterbox" > "${ROOT?}/etc/hostname"

      # Allow root logins locally with no password
@ -149,6 +150,10 @@ steps:
    
  - shell: |
      rm "${ROOT?}/etc/resolv.conf"
+      mkdir -p "${ROOT?}/etc/systemd/system/multi-user.target.requires/"
+      install -m 644 -o root -g root image-specs/rootfs/etc/systemd/system/rpi-generate-ssh-host-keys.service "${ROOT?}/etc/systemd/system/"
+      ln -s "${ROOT?}/etc/systemd/system/rpi-generate-ssh-host-keys.service" "${ROOT?}/etc/systemd/system/multi-user.target.requires/rpi-generate-ssh-host-keys.service"
+      rm -f "${ROOT?}"/etc/ssh/ssh_host_*_key*
    root-fs: tag-root

  # Clear /etc/machine-id and /var/lib/dbus/machine-id, as both should
@ -162,13 +167,14 @@ steps:
  # Note this will also trigger ConditionFirstBoot=yes for systemd.
  # On Buster, /etc/machine-id should be an emtpy file, not an absent file
  # On Bullseye, /etc/machine-id should not exist in an image
+  #
+
  - chroot: tag-root
    shell: |
      rm -f /etc/machine-id /var/lib/dbus/machine-id
      echo "uninitialized" > /etc/machine-id
      echo "LABEL=BOOT / ext4 rw 0 1" > /etc/fstab

-
  - virtual-filesystems: tag-root

  - ansible: tag-root
--- a/vmdb2-recipes/raspi_4_trixie.yaml
+++ b/vmdb2-recipes/raspi_4_trixie.yaml
@ -81,7 +81,10 @@ steps:
      - dhcpcd
      - dnsmasq
      - python3
-      - lighttpd
+      - python3-packaging
+      - python3-virtualenv
+      - nginx
+      - git
      - unzip
      - sudo
      - systemd-timesyncd
--- a/vmdb2-recipes/run_build_raspi4.sh
+++ b/vmdb2-recipes/run_build_raspi4.sh
@ -4,7 +4,7 @@ GIT_BRANCH=$(git branch --show-current 2>/dev/null)
 GIT_TAG=$(git tag 2>/dev/null | head -n1)
 BUILD_DATE=$(date +"%d%m%y")
 SUFFIX="${GIT_BRANCH}_${GIT_TAG}_${BUILD_DATE}"
-time vmdb2 --rootfs-tarball=raspi4_$SUFFIX.tar.gz --output raspi4_butter_NOAP_$SUFFIX.img --log raspi4_butter_$SUFFIX.log raspi_4_trixie.yaml 
-tar cvfz raspi4_butter_NOAP_$SUFFIX.img.tar.gz raspi4_butter_NOAP_$SUFFIX.img  
+time vmdb2 --rootfs-tarball=raspi4_$SUFFIX.tar.gz --output raspi4_butter_$SUFFIX.img --log raspi4_butter_$SUFFIX.log raspi_4_trixie.yaml 
+tar cvfz raspi4_butter_NOAP_$SUFFIX.img.tar.gz raspi4_butter_$SUFFIX.img  
 #curl -H "Authorization: token" $CHURN_SECRET -X PUT --upload-file raspi4_butter_$SUFFIX.img.tar.gz https://guardianproject.dev/api/packages/butter/generic/churn/latest/raspi4_butter_$SUFFIX.img.tar.gz
 #rm *img *tar.gz