59 lines
1.9 KiB
JSON
59 lines
1.9 KiB
JSON
# Copyright 2024 Signal Messenger, LLC
|
|
# SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
# Do the second phase of image creation, where we actually create the new,
|
|
# secure disk image. The additional disk will be set up as our secure one.
|
|
# This could be done in 'debian1', but that takes a long time and by
|
|
# splitting them up, we can iterate much faster on these scripts.
|
|
{
|
|
"builders": [
|
|
{
|
|
"type": "qemu",
|
|
"format": "raw",
|
|
"headless": "false",
|
|
"communicator": "ssh",
|
|
"disk_size": "5G",
|
|
"disk_additional_size": ["3G"],
|
|
"memory": 4096,
|
|
|
|
# Use UEFI again, but this time use the vars we got from 'debian1',
|
|
# since they tell us how to boot to the OS we just set up.
|
|
"efi_boot": "true",
|
|
"efi_firmware_code": "/usr/share/OVMF/OVMF_CODE_4M.ms.fd",
|
|
"efi_firmware_vars": "build/debian1.out/efivars.fd",
|
|
"machine_type": "q35",
|
|
|
|
"accelerator": "kvm",
|
|
"vm_name": "disk.raw",
|
|
"net_device": "virtio-net",
|
|
"disk_interface": "virtio",
|
|
"output_directory": "build/debian2.out",
|
|
"shutdown_command": "sudo shutdown -h now",
|
|
"ssh_username": "svr3",
|
|
"ssh_password": "svr3", # Super secret, don't tell anyone.
|
|
"ssh_timeout": "5m",
|
|
|
|
# We start from the disk image that 'debian1' created. Because
|
|
# we just created it, we ignore checksumming.
|
|
"iso_url": "build/debian1.out/disk.raw",
|
|
"iso_checksum": "none",
|
|
"disk_image": true
|
|
}
|
|
],
|
|
"provisioners": [
|
|
# Write up a bunch of scripts for us to use into /dev/shm/debian2/...
|
|
# We use /dev/shm since it's accessible even when we `chroot` halfway
|
|
# through our install process.
|
|
{
|
|
"type": "file",
|
|
"source": "debian2",
|
|
"destination": "/dev/shm"
|
|
},
|
|
# Call the first of our scripts. It does everything else.
|
|
{
|
|
"type": "shell",
|
|
"inline": ["sudo /dev/shm/debian2/run.sh"]
|
|
}
|
|
]
|
|
}
|