docs(arje): organiza core/ + seeds canónicas + boot reproducible
- crates/core/README.md: agrupamiento lógico de los 31 crates absorbidos
de arje (ente-*) y del protocolo brahman (brahman-*) en 6 grupos —
Init/PID 1, contratos, discovery, IPC+CAS, cerebro, 14 shims compat
systemd. No se movieron crates físicamente (rompería paths
cross-workspace).
- seeds/arje-minimal.card.json: PID1 + /bin/sh, smoke test QEMU.
- seeds/arje-prod.card.json: PID1 + 14 shims compat + tmpfiles/binfmt
one-shots + echo + getty (16 children). Validados con
brahman_card::Card::validate.
- seeds/validate.sh: carga la seed vía ente-zero en dev mode.
- scripts/build-arje-initrd.sh: empaqueta CPIO+gzip newc layout
/init→/sbin/ente-zero, /usr/sbin/ente-*-compat, /ente/seed.card.json,
/bin/{sh,...} (busybox o glibc+ldd). Tested: produce 20 MB initrd OK.
- scripts/run-arje-qemu.sh: qemu-system-x86_64 con KVM auto-detect,
-kernel/-initrd/-append "rdinit=/init console=ttyS0,115200 panic=10".
- docs/arje-boot.md: doc end-to-end — layout initramfs, QEMU (con kernel
del host o externo), GRUB bare metal, Proxmox/libvirt args:, schema
de Card con todas las validaciones, debugging (sockets de
introspección, snapshot/restore, metrics), checklist pre-deploy.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
sergio
Executable
+140
@@ -0,0 +1,140 @@
|
||||
#!/usr/bin/env bash
|
||||
# build-arje-initrd.sh — empaqueta ente-zero + shims compat + Tarjeta Semilla
|
||||
# en un initramfs CPIO+gzip listo para arrancar bajo QEMU o como /init real.
|
||||
#
|
||||
# Layout del initrd resultante:
|
||||
# /init → wrapper sh que exec /sbin/ente-zero
|
||||
# /sbin/ente-zero → PID 1
|
||||
# /usr/sbin/ente-*-compat → shims systemd
|
||||
# /usr/sbin/ente-echo, ente-policy-provider
|
||||
# /ente/seed.card.json → Tarjeta Semilla
|
||||
# /bin/{sh,ls,cat,...} → busybox o glibc-static (depende del flag)
|
||||
# /dev, /proc, /sys, /run → puntos de montaje (ente-zero los monta)
|
||||
#
|
||||
# Uso:
|
||||
# scripts/build-arje-initrd.sh [seed.card.json] [out.cpio.gz]
|
||||
#
|
||||
# seed default: seeds/arje-prod.card.json
|
||||
# out default: out/arje.initrd.cpio.gz
|
||||
#
|
||||
# Env:
|
||||
# BUSYBOX_BIN path a un busybox-static (default: $(which busybox))
|
||||
# EXTRA_BINS binarios extra a copiar, separados por espacio
|
||||
#
|
||||
# Requisitos: cpio, gzip, ldd (sólo si no usás busybox-static).
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
SEED="${1:-seeds/arje-prod.card.json}"
|
||||
OUT="${2:-out/arje.initrd.cpio.gz}"
|
||||
BUSYBOX_BIN="${BUSYBOX_BIN:-$(command -v busybox 2>/dev/null || true)}"
|
||||
EXTRA_BINS="${EXTRA_BINS:-}"
|
||||
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
REPO_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"
|
||||
cd "$REPO_DIR"
|
||||
|
||||
if [ ! -f "$SEED" ]; then
|
||||
echo "[build-initrd] seed no encontrada: $SEED" >&2
|
||||
exit 2
|
||||
fi
|
||||
|
||||
# 1. Build release de ente-zero y todos los compat shims.
|
||||
echo "[build-initrd] cargo build --release de ente-zero + shims"
|
||||
cargo build --release \
|
||||
-p ente-zero \
|
||||
-p ente-echo \
|
||||
-p ente-logind-compat \
|
||||
-p ente-hostnamed-compat \
|
||||
-p ente-timedated-compat \
|
||||
-p ente-localed-compat \
|
||||
-p ente-journald-compat \
|
||||
-p ente-resolved-compat \
|
||||
-p ente-polkit-compat \
|
||||
-p ente-machined-compat \
|
||||
-p ente-systemd1-compat \
|
||||
-p ente-notify-compat \
|
||||
-p ente-timer-compat \
|
||||
-p ente-tmpfiles-compat \
|
||||
-p ente-binfmt-compat \
|
||||
-p ente-policy-provider
|
||||
|
||||
# 2. Validar la seed.
|
||||
if ! seeds/validate.sh "$SEED" >/dev/null 2>&1; then
|
||||
echo "[build-initrd] seed inválida: $SEED" >&2
|
||||
exit 3
|
||||
fi
|
||||
|
||||
# 3. Stage root del initrd.
|
||||
STAGE="$(mktemp -d -t arje-initrd.XXXXXX)"
|
||||
trap 'rm -rf "$STAGE"' EXIT
|
||||
mkdir -p "$STAGE"/{bin,sbin,usr/sbin,etc,ente,proc,sys,dev,run,tmp,sys/fs/cgroup}
|
||||
|
||||
# 4. Copiar binarios arje.
|
||||
install -m 0755 target/release/ente-zero "$STAGE/sbin/ente-zero"
|
||||
for b in ente-echo ente-policy-provider \
|
||||
ente-logind-compat ente-hostnamed-compat ente-timedated-compat \
|
||||
ente-localed-compat ente-journald-compat ente-resolved-compat \
|
||||
ente-polkit-compat ente-machined-compat ente-systemd1-compat \
|
||||
ente-notify-compat ente-timer-compat ente-tmpfiles-compat \
|
||||
ente-binfmt-compat; do
|
||||
install -m 0755 "target/release/$b" "$STAGE/usr/sbin/$b"
|
||||
done
|
||||
|
||||
# 5. Userspace mínimo (sh, ls, mount, mkdir, ...). Dos rutas:
|
||||
# (a) busybox-static apuntado por $BUSYBOX_BIN → 1 binario, todo simlink.
|
||||
# (b) sin busybox → copiar /bin/sh + deps con ldd (libc dinámica).
|
||||
if [ -n "$BUSYBOX_BIN" ] && [ -x "$BUSYBOX_BIN" ]; then
|
||||
echo "[build-initrd] usando busybox-static: $BUSYBOX_BIN"
|
||||
install -m 0755 "$BUSYBOX_BIN" "$STAGE/bin/busybox"
|
||||
( cd "$STAGE/bin" && for app in sh ls cat mount umount mkdir cp mv \
|
||||
echo grep sed awk ps kill sleep insmod modprobe poweroff reboot \
|
||||
sysctl dmesg ip ifconfig; do
|
||||
ln -sf busybox "$app"
|
||||
done )
|
||||
else
|
||||
echo "[build-initrd] sin busybox — copiando /bin/sh + deps via ldd"
|
||||
install -m 0755 /bin/sh "$STAGE/bin/sh"
|
||||
copy_lib() {
|
||||
local lib="$1"
|
||||
[ -f "$lib" ] || return 0
|
||||
local dest="$STAGE${lib}"
|
||||
mkdir -p "$(dirname "$dest")"
|
||||
cp -L "$lib" "$dest"
|
||||
}
|
||||
for b in /bin/sh /bin/ls /bin/cat /bin/mount /bin/umount /bin/mkdir; do
|
||||
[ -x "$b" ] || continue
|
||||
cp -L "$b" "$STAGE${b}"
|
||||
while read -r lib; do copy_lib "$lib"; done < <(
|
||||
ldd "$b" 2>/dev/null | awk '{ for (i=1;i<=NF;i++) if ($i ~ /^\//) print $i }'
|
||||
)
|
||||
done
|
||||
fi
|
||||
|
||||
# 6. Tarjeta Semilla. Path canónico en prod: /ente/seed.card.json
|
||||
install -m 0644 "$SEED" "$STAGE/ente/seed.card.json"
|
||||
|
||||
# 7. /init wrapper. El kernel pasa control a /init; nosotros invocamos
|
||||
# ente-zero como PID 1 real con su env mínimo.
|
||||
cat > "$STAGE/init" <<'EOF'
|
||||
#!/bin/sh
|
||||
# arje /init — kernel → este script → ente-zero (PID 1 lo hereda via exec)
|
||||
export PATH=/usr/sbin:/usr/bin:/sbin:/bin
|
||||
export RUST_LOG="${RUST_LOG:-ente_zero=info,brahman_handshake=info,info}"
|
||||
# ente-zero monta /proc /sys /dev /sys/fs/cgroup él mismo.
|
||||
exec /sbin/ente-zero
|
||||
EOF
|
||||
chmod 0755 "$STAGE/init"
|
||||
|
||||
# 8. Binarios extra a vendorear.
|
||||
if [ -n "$EXTRA_BINS" ]; then
|
||||
for b in $EXTRA_BINS; do
|
||||
[ -x "$b" ] || { echo "[build-initrd] EXTRA_BINS: $b no existe"; exit 4; }
|
||||
install -m 0755 "$b" "$STAGE/usr/sbin/$(basename "$b")"
|
||||
done
|
||||
fi
|
||||
|
||||
# 9. Empaquetar CPIO + gzip. Formato newc (estándar para Linux initramfs).
|
||||
mkdir -p "$(dirname "$OUT")"
|
||||
( cd "$STAGE" && find . -print0 | cpio -o -H newc --null --quiet ) | gzip -9 > "$OUT"
|
||||
echo "[build-initrd] generado: $OUT ($(du -h "$OUT" | cut -f1))"
|
||||
Reference in New Issue
Block a user