Release: version 0.2.0
This commit is contained in:
parent
8d78bc240b
commit
5728ebd148
268
BTC.sh
268
BTC.sh
|
|
@ -1,32 +1,79 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
# BTC-0.1.4.sh - Build Tool Chain (Sovereign Final)
|
# BTC-0.2.0.sh - Build Tool Chain
|
||||||
# Identity: dcosnet / dcos.net | Target: Broadwell-HS / Haswell-EP
|
# Version: 0.2.0 (Sovereign Sentry Forge / dcosnet-Identity / Swarm-Aware)
|
||||||
# Version: 0.1.4 | Persistence: /opt/BTC | Volatile: ramfs
|
# Target: Dell Optiplex 3050 Micro Variants & RDIMM Swarm
|
||||||
|
# License: GNU Affero General Public License v3 (AGPL-3.0)
|
||||||
|
#
|
||||||
|
# Notwithstanding any other provision of this License, if you modify
|
||||||
|
# the Program, your modified version must prominently offer all users
|
||||||
|
# interacting with it remotely through a computer network an
|
||||||
|
# opportunity to receive the Corresponding Source of your version.
|
||||||
|
#
|
||||||
|
# Security: CVE-2026-31431 Mitigated | PATH-Pinned | Static-Trust Ready
|
||||||
|
# Persistence: /opt/BTC | Volatile: ramfs
|
||||||
# Copyright (C) 2012-2026 Jeremy Anderson (info@dcos.net)
|
# Copyright (C) 2012-2026 Jeremy Anderson (info@dcos.net)
|
||||||
|
|
||||||
# --- 1. ARCHITECTURE & RECOVERY ---
|
# --- 1. AGPL COMPLIANCE & IDENTITY ---
|
||||||
set -euo pipefail # Strict exit on error, unset vars, or pipe failure
|
function f_agpl_header() {
|
||||||
# Cleanup trap: Ensures ramfs is unmounted even on build failure
|
cat <<EOF
|
||||||
trap "echo '>> Interrupt Detected. Cleaning ramfs...'; cd / && umount -l ${SOURCES_ACTIVE} 2>/dev/null || true; exit 1" INT TERM
|
>> BTC-0.2.0 "Sovereign Sentry"
|
||||||
|
>> Copyright (C) 2026 Jeremy Anderson
|
||||||
|
>> Licensed under GNU AGPLv3. NO WARRANTY.
|
||||||
|
>> SOURCE: https://dcos.net/git/btc (Official Mirror)
|
||||||
|
>> -----------------------------------------------------
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
# --- 2. GLOBAL CONFIG & PERSISTENCE ---
|
# --- 2. HARDENED ENVIRONMENT ---
|
||||||
export BTC_DEBUG_LEVEL=1 # 0=Silent, 1=Audit (IW), 2=Trace
|
# Reset PATH to prevent environment poisoning/hijacking
|
||||||
export BTC_STRIP_MODE=1 # 1=Lean/Strip (Default), 0=Preserve Symbols
|
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||||
export BTC_ARCHIVE=/opt/BTC # Permanent storage for artifacts/logs
|
set -euo pipefail # Strict error propagation
|
||||||
|
set -f # Disable globbing to prevent unintended expansion
|
||||||
|
|
||||||
# --- 3. SILICON IDENTITY & DCOSNET NAMESPACE ---
|
# Toolchain Aliases: Pinning absolute paths to avoid "Copy Fail" hijacked binaries
|
||||||
|
alias rsync='/usr/bin/rsync'
|
||||||
|
alias tar='/usr/bin/tar'
|
||||||
|
alias gcc='/usr/bin/gcc'
|
||||||
|
alias sha256sum='/usr/bin/sha256sum'
|
||||||
|
|
||||||
|
# --- 3. RECOVERY & CLEANUP ---
|
||||||
|
# Trap ensures ramfs is unmounted even if build fails; prevents persistent memory bloat
|
||||||
|
trap "echo '>> Interrupt: Cleaning ramfs...'; cd / && umount -l ${SOURCES_ACTIVE} 2>/dev/null || true; exit 1" INT TERM
|
||||||
|
|
||||||
|
# --- 4. GLOBAL CONFIG ---
|
||||||
|
export BTC_DEBUG_LEVEL=1
|
||||||
|
export BTC_STRIP_MODE=1
|
||||||
|
export BTC_ARCHIVE=/opt/BTC
|
||||||
|
export SOURCES_ACTIVE=/usr/src
|
||||||
|
export SOURCE_CACHE=${BTC_ARCHIVE}/src
|
||||||
|
export v_glibc='glibc-2.41'
|
||||||
|
export v_gcc='gcc-14.2.0'
|
||||||
|
export v_binutils='binutils-2.46'
|
||||||
|
export v_linux='linux-7.1'
|
||||||
|
export NEWROOT=${SOURCES_ACTIVE}/BTC-Forge
|
||||||
|
export LOGS=${NEWROOT}/LOGS
|
||||||
|
export DISTRO="DCOSNET-LEAD"
|
||||||
|
|
||||||
|
# --- 5. SILICON IDENTITY & MITIGATION ---
|
||||||
function f_silicon_probe() {
|
function f_silicon_probe() {
|
||||||
echo ">> BTC-0.1.4: Interrogating Silicon..."
|
echo ">> [IDENTITY] Interrogating Silicon..."
|
||||||
# Auto-detect microarch; fallback to HSW for generic/ES chips
|
|
||||||
local RAW_ARCH=$(gcc -march=native -Q --help=target | grep -m1 "march=" | awk '{print $2}')
|
# Mitigate CVE-2026-31431: Disable vulnerable crypto socket before forge starts
|
||||||
|
if [[ -f /proc/modules ]] && grep -q "algif_aead" /proc/modules; then
|
||||||
|
echo ">> [SECURITY] Disabling algif_aead (Copy Fail mitigation)..."
|
||||||
|
rmmod algif_aead || true
|
||||||
|
fi
|
||||||
|
|
||||||
|
local RAW_ARCH=$(/usr/bin/gcc -march=native -Q --help=target | grep -m1 "march=" | awk '{print $2}')
|
||||||
[[ -z "$RAW_ARCH" || "$RAW_ARCH" == "x86-64" ]] && export TARGET_ARCH="hsw" || export TARGET_ARCH="bdw"
|
[[ -z "$RAW_ARCH" || "$RAW_ARCH" == "x86-64" ]] && export TARGET_ARCH="hsw" || export TARGET_ARCH="bdw"
|
||||||
|
|
||||||
export ISA_TAG="AVX2"
|
export ISA_TAG="AVX2"
|
||||||
export OPT_TAG="LTO"
|
export OPT_TAG="LTO"
|
||||||
export SYS_LABEL="DCOSNET-${TARGET_ARCH^^}-${ISA_TAG}-${OPT_TAG}"
|
export SYS_LABEL="DCOSNET-${TARGET_ARCH^^}-${ISA_TAG}-${OPT_TAG}"
|
||||||
export TARGET="x86_64-dcosnet-linux-gnu"
|
export TARGET="x86_64-dcosnet-linux-gnu"
|
||||||
# Calculate thread depth: 2GB RAM ceiling per thread to prevent LTO thrashing
|
|
||||||
local total_ram=$(free -m | awk '/^Mem:/{print $2}')
|
# Calculate thread depth: 2GB RAM floor per core for LTO safety
|
||||||
|
local total_ram=$(/usr/bin/free -m | awk '/^Mem:/{print $2}')
|
||||||
export v_threads="-j$(( (total_ram / 2048) < $(nproc) ? (total_ram / 2048) : $(nproc) ))"
|
export v_threads="-j$(( (total_ram / 2048) < $(nproc) ? (total_ram / 2048) : $(nproc) ))"
|
||||||
|
|
||||||
# Aggressive Forge Profile: O3 + LTO + Hardened Stack
|
# Aggressive Forge Profile: O3 + LTO + Hardened Stack
|
||||||
|
|
@ -37,12 +84,12 @@ function f_silicon_probe() {
|
||||||
mkdir -p "${CCACHE_DIR}"
|
mkdir -p "${CCACHE_DIR}"
|
||||||
}
|
}
|
||||||
|
|
||||||
# --- 4. FORENSIC STAMPING (ELF & XATTR) ---
|
# --- 6. DCOSNET FORENSIC STAMPING (ELF & XATTR) ---
|
||||||
function f_stamp_binary() {
|
function f_stamp_binary() {
|
||||||
local target_bin="$1"
|
local target_bin="$1"
|
||||||
local log_base="$2"
|
local log_base="$2"
|
||||||
|
|
||||||
# Immutable ELF Note: The Silicon Birth Certificate
|
# Inject Immutable ELF Note (The Silicon DNA)
|
||||||
cat <<EOF > btc_stamp.s
|
cat <<EOF > btc_stamp.s
|
||||||
.section .note.BTC,"a"
|
.section .note.BTC,"a"
|
||||||
.align 4
|
.align 4
|
||||||
|
|
@ -54,16 +101,16 @@ function f_stamp_binary() {
|
||||||
3: .align 4
|
3: .align 4
|
||||||
4:
|
4:
|
||||||
EOF
|
EOF
|
||||||
gcc -c btc_stamp.s -o btc_stamp.o
|
/usr/bin/gcc -c btc_stamp.s -o btc_stamp.o
|
||||||
objcopy --add-section .note.BTC=btc_stamp.o "${target_bin}"
|
objcopy --add-section .note.BTC=btc_stamp.o "${target_bin}"
|
||||||
rm btc_stamp.s btc_stamp.o
|
rm btc_stamp.s btc_stamp.o
|
||||||
|
|
||||||
# Rapid Audit Metadata (Persistent via rsync -X)
|
# Rapid Audit Metadata for Fapolicyd/eBPF verification
|
||||||
local bin_hash=$(sha256sum "${target_bin}" | awk '{print $1}')
|
local bin_hash=$(sha256sum "${target_bin}" | awk '{print $1}')
|
||||||
setfattr -n user.btc.identity -v "BTC-${SYS_LABEL}-${v_linux}-dcosnet" "${target_bin}"
|
setfattr -n user.btc.identity -v "BTC-${SYS_LABEL}-${v_linux}-dcosnet" "${target_bin}"
|
||||||
setfattr -n user.btc.hash -v "${bin_hash}" "${target_bin}"
|
setfattr -n user.btc.hash -v "${bin_hash}" "${target_bin}"
|
||||||
|
|
||||||
# External Symbol Extraction: Move debug info to LeadNode archive
|
# Extract debug symbols to LeadNode archive before thinning binary
|
||||||
if [[ "${BTC_STRIP_MODE}" -eq 1 ]]; then
|
if [[ "${BTC_STRIP_MODE}" -eq 1 ]]; then
|
||||||
mkdir -p "${BTC_ARCHIVE}/symbols/${SYS_LABEL}"
|
mkdir -p "${BTC_ARCHIVE}/symbols/${SYS_LABEL}"
|
||||||
objcopy --only-keep-debug "${target_bin}" "${BTC_ARCHIVE}/symbols/${SYS_LABEL}/${log_base}.debug"
|
objcopy --only-keep-debug "${target_bin}" "${BTC_ARCHIVE}/symbols/${SYS_LABEL}/${log_base}.debug"
|
||||||
|
|
@ -72,28 +119,35 @@ EOF
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# --- 5. THE INVISIBLE GUARD (THERMAL/ENTROPY) ---
|
# --- 7. THE INVISIBLE GUARD ---
|
||||||
function f_guard() {
|
function f_guard() {
|
||||||
local max_temp=85
|
local max_temp=85
|
||||||
local min_mem=800
|
local min_mem=800
|
||||||
while true; do
|
while true; do
|
||||||
local cur_temp=$(cat /sys/class/thermal/thermal_zone*/temp | head -n1 | awk '{print $1/1000}')
|
local cur_temp=$(cat /sys/class/thermal/thermal_zone*/temp | head -n1 | awk '{print $1/1000}')
|
||||||
local cur_mem=$(free -m | awk '/^Mem:/{print $7}')
|
local cur_mem=$(/usr/bin/free -m | awk '/^Mem:/{print $7}')
|
||||||
# Prevent Broadwell thermal runaway or OOM death during link-time-optimization
|
if (( cur_temp > max_temp )); then
|
||||||
if (( cur_temp > max_temp )); then sleep 10; elif (( cur_mem < min_mem )); then sleep 30; else break; fi
|
echo ">> [THERMAL PAUSE] ${cur_temp}°C - Cooling..."
|
||||||
|
sleep 10
|
||||||
|
elif (( cur_mem < min_mem )); then
|
||||||
|
echo ">> [MEMORY PAUSE] ${cur_mem}MB - Waiting for LTO clearance (RDIMM)..."
|
||||||
|
sleep 30
|
||||||
|
else
|
||||||
|
break
|
||||||
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
function f_entropy_shield() {
|
function f_entropy_shield() {
|
||||||
# Ensure secure kernel signing and binary sealing via randomness generation
|
|
||||||
local cur_ent=$(cat /proc/sys/kernel/random/entropy_avail)
|
local cur_ent=$(cat /proc/sys/kernel/random/entropy_avail)
|
||||||
if (( cur_ent < 250 )); then
|
if (( cur_ent < 250 )); then
|
||||||
|
echo ">> [ENTROPY SHIELD] Low Pool. Generating Jitter for 7.1 Signing..."
|
||||||
find /bin /sbin -type f -exec ls -l {} + > /dev/null 2>&1 &
|
find /bin /sbin -type f -exec ls -l {} + > /dev/null 2>&1 &
|
||||||
sleep 2 && kill $! 2>/dev/null
|
sleep 2 && kill $! 2>/dev/null || true
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# --- 6. EXECUTION ENGINE (FORENSIC LOGGING) ---
|
# --- 8. EXECUTION ENGINE (FORENSIC) ---
|
||||||
function f_exec_log() {
|
function f_exec_log() {
|
||||||
local cmd="$1"
|
local cmd="$1"
|
||||||
local log_base="$2"
|
local log_base="$2"
|
||||||
|
|
@ -103,7 +157,7 @@ function f_exec_log() {
|
||||||
f_guard
|
f_guard
|
||||||
|
|
||||||
if [[ "$mode" == "install" ]]; then
|
if [[ "$mode" == "install" ]]; then
|
||||||
# Audit FS changes via installwatch; auto-stamp all resulting executables
|
# Audit FS changes via installwatch; triggers binary stamping
|
||||||
stdbuf -oL -eL installwatch -o "${LOGS}/${log_base}.iw" bash -c "$cmd" | \
|
stdbuf -oL -eL installwatch -o "${LOGS}/${log_base}.iw" bash -c "$cmd" | \
|
||||||
pv -t -r -b -N "${log_base}" >> "${LOGS}/${log_base}.log" 2>&1
|
pv -t -r -b -N "${log_base}" >> "${LOGS}/${log_base}.log" 2>&1
|
||||||
|
|
||||||
|
|
@ -119,27 +173,44 @@ function f_exec_log() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# --- 7. CLEANROOM INFRA (VOLATILE RAMFS) ---
|
|
||||||
export SOURCES_ACTIVE=/usr/src
|
|
||||||
export SOURCE_CACHE=${BTC_ARCHIVE}/src
|
|
||||||
export v_glibc='glibc-2.41'
|
|
||||||
export v_gcc='gcc-14.2.0'
|
|
||||||
export v_binutils='binutils-2.46'
|
|
||||||
export v_linux='linux-7.1'
|
|
||||||
export NEWROOT=${SOURCES_ACTIVE}/BTC-Forge
|
|
||||||
export LOGS=${NEWROOT}/LOGS
|
|
||||||
export DISTRO="DCOSNET"
|
|
||||||
|
|
||||||
function f_setup() {
|
function f_setup() {
|
||||||
# Speed-of-light compilation via ramfs; strictly temporary
|
# Mount Volatile Ramfs: The "Forge Stage" Cleanroom
|
||||||
local ram_kb=$(grep MemTotal /proc/meminfo | awk '{print $2}')
|
local ram_kb=$(grep MemTotal /proc/meminfo | awk '{print $2}')
|
||||||
mount -t ramfs -o size=$((ram_kb/2/1024))M ramfs ${SOURCES_ACTIVE}
|
mount -t ramfs -o size=$((ram_kb/2/1024))M ramfs ${SOURCES_ACTIVE}
|
||||||
mkdir -p ${NEWROOT}/{bin,lib,lib64,sbin,etc,usr,boot} ${LOGS}
|
mkdir -p ${NEWROOT}/{bin,lib,lib64,sbin,etc,usr,boot} ${LOGS}
|
||||||
ln -sf lib ${NEWROOT}/lib64
|
ln -sf lib ${NEWROOT}/lib64
|
||||||
|
|
||||||
|
# Tmux dashboard for real-time telemetry observation
|
||||||
|
if [[ -n "${TMUX:-}" ]]; then
|
||||||
|
tmux split-window -h -p 35 "tail -F ${LOGS}/*.log 2>/dev/null"
|
||||||
|
tmux split-window -v -p 66 "watch -n 2 'ss -tunp | grep -E \"gcc|make|configure|ld\" | grep -v \"127.0.0.1\"'"
|
||||||
|
tmux split-window -v -p 50 "watch -n 2 'echo \"ENTROPY: \$(cat /proc/sys/kernel/random/entropy_avail)\"; iostat -dx 1 2 | awk \"/avg-cpu/ {getline; print \\\$4 \\\"% iowait\\\"}\"'"
|
||||||
|
tmux select-pane -t 0
|
||||||
|
echo ">> BTC Dashboard Synchronized..."
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# --- 9. PERSISTENCE BRIDGE (PACKAGING) ---
|
||||||
|
function f_package() {
|
||||||
|
local PKG_NAME="dcosnet-baseline-${SYS_LABEL}-${v_linux}.tar.xz"
|
||||||
|
local PKG_PATH="${BTC_ARCHIVE}/completed"
|
||||||
|
mkdir -p "${PKG_PATH}"
|
||||||
|
|
||||||
|
echo ">> [AGPL-EXPORT] Compressing Forge State to Archive..."
|
||||||
|
# Section 13 Note: This archive constitutes part of the "Corresponding Source"
|
||||||
|
tar -cJpf "${PKG_PATH}/${PKG_NAME}" -C "${NEWROOT}" .
|
||||||
|
|
||||||
|
local pkg_hash=$(sha256sum "${PKG_PATH}/${PKG_NAME}" | awk '{print $1}')
|
||||||
|
setfattr -n user.btc.pkg_hash -v "${pkg_hash}" "${PKG_PATH}/${PKG_NAME}"
|
||||||
|
|
||||||
|
# Preserve forensic logs for the LeadNode database
|
||||||
|
mkdir -p "${BTC_ARCHIVE}/logs"
|
||||||
|
cp -rv "${LOGS}" "${BTC_ARCHIVE}/logs/${SYS_LABEL}_$(date +%Y%m%d)"
|
||||||
|
echo ">> [SUCCESS] Artifact preserved at ${PKG_PATH}/${PKG_NAME}"
|
||||||
}
|
}
|
||||||
|
|
||||||
function f_set_exports() {
|
function f_set_exports() {
|
||||||
# Pivot to the DCOSNET sovereign cross-compiler
|
# Pivot build tools to the DCOSNET sovereign toolchain
|
||||||
export CC="ccache ${NEWROOT}/bin/${TARGET}-gcc-${SYS_LABEL}"
|
export CC="ccache ${NEWROOT}/bin/${TARGET}-gcc-${SYS_LABEL}"
|
||||||
export CXX="ccache ${NEWROOT}/bin/${TARGET}-g++-${SYS_LABEL}"
|
export CXX="ccache ${NEWROOT}/bin/${TARGET}-g++-${SYS_LABEL}"
|
||||||
export AR="${NEWROOT}/bin/${TARGET}-gcc-ar-${SYS_LABEL}"
|
export AR="${NEWROOT}/bin/${TARGET}-gcc-ar-${SYS_LABEL}"
|
||||||
|
|
@ -150,22 +221,7 @@ function f_set_exports() {
|
||||||
export LDFLAGS="${GLOBAL_LDFLAGS}"
|
export LDFLAGS="${GLOBAL_LDFLAGS}"
|
||||||
}
|
}
|
||||||
|
|
||||||
# --- 8. PERSISTENCE BRIDGE (PACKAGING) ---
|
# --- 10. CORE BUILD STAGES ---
|
||||||
function f_package() {
|
|
||||||
local PKG_NAME="dcosnet-baseline-${SYS_LABEL}-${v_linux}.tar.xz"
|
|
||||||
local PKG_PATH="${BTC_ARCHIVE}/completed"
|
|
||||||
mkdir -p "${PKG_PATH}"
|
|
||||||
|
|
||||||
echo ">> [DCOSNET] Committing Ramfs to Persistent Archive..."
|
|
||||||
# Freeze the cleanroom state into a compressed artifact
|
|
||||||
tar -cJpf "${PKG_PATH}/${PKG_NAME}" -C "${NEWROOT}" .
|
|
||||||
|
|
||||||
# Preserve forensic logs for the LeadNode database
|
|
||||||
mkdir -p "${BTC_ARCHIVE}/logs"
|
|
||||||
cp -rv "${LOGS}" "${BTC_ARCHIVE}/logs/${SYS_LABEL}_$(date +%Y%m%d)"
|
|
||||||
}
|
|
||||||
|
|
||||||
# --- 9. BUILD STAGES (LINEAR) ---
|
|
||||||
function f_binutils() {
|
function f_binutils() {
|
||||||
cd ${SOURCES_ACTIVE}
|
cd ${SOURCES_ACTIVE}
|
||||||
tar -axf ${SOURCE_CACHE}/${v_binutils}*
|
tar -axf ${SOURCE_CACHE}/${v_binutils}*
|
||||||
|
|
@ -214,33 +270,96 @@ function f_gcc_p2() {
|
||||||
function f_kernel_binary() {
|
function f_kernel_binary() {
|
||||||
f_set_exports
|
f_set_exports
|
||||||
cd ${SOURCES_ACTIVE}/linux-*
|
cd ${SOURCES_ACTIVE}/linux-*
|
||||||
# Sovereign uname/kernel identification
|
|
||||||
echo "-dcosnet-${SYS_LABEL}" > .scmversion
|
echo "-dcosnet-${SYS_LABEL}" > .scmversion
|
||||||
f_exec_log "make ${v_threads} LOCALVERSION=-dcosnet-${SYS_LABEL} bzImage" "kernel-bin-make"
|
f_exec_log "make ${v_threads} LOCALVERSION=-dcosnet-${SYS_LABEL} bzImage" "kernel-bin-make"
|
||||||
cp -v arch/x86/boot/bzImage ${NEWROOT}/boot/vmlinuz-${v_linux}-${SYS_LABEL}-dcosnet
|
cp -v arch/x86/boot/bzImage ${NEWROOT}/boot/vmlinuz-${v_linux}-${SYS_LABEL}-dcosnet
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# --- 11. DEPLOYMENT & BOOT CONFIGURATION ---
|
||||||
function f_install_target() {
|
function f_install_target() {
|
||||||
local TARGET_PART="${1}"
|
local TARGET_PART="${1}"
|
||||||
local MNT_POINT="/mnt/btc_target"
|
local MNT_POINT="/mnt/btc_target"
|
||||||
mkdir -p ${MNT_POINT} && mount ${TARGET_PART} ${MNT_POINT}
|
mkdir -p ${MNT_POINT} && mount ${TARGET_PART} ${MNT_POINT}
|
||||||
|
|
||||||
[[ -f "${MNT_POINT}/etc/sorcery/version" ]] && export DISTRO="SourceMage"
|
local DISTRO="Generic-Source"
|
||||||
[[ -f "${MNT_POINT}/etc/lunar/version" ]] && export DISTRO="Lunar"
|
[[ -f "${MNT_POINT}/etc/lunar/version" ]] && DISTRO="Lunar"
|
||||||
|
[[ -f "${MNT_POINT}/etc/sorcery/version" ]] && DISTRO="SourceMage"
|
||||||
|
[[ -f "${MNT_POINT}/etc/openwrt_version" ]] && DISTRO="OpenWrt"
|
||||||
|
[[ -d "${MNT_POINT}/etc/portage" ]] && DISTRO="Gentoo"
|
||||||
|
[[ -f "${MNT_POINT}/etc/exherbo-release" ]] && DISTRO="Exherbo"
|
||||||
|
[[ -f "${MNT_POINT}/etc/cruxversion" ]] && DISTRO="CRUX"
|
||||||
|
|
||||||
echo ">> [DCOSNET SWARM] Seeding ${TARGET_PART}..."
|
echo ">> [DCOSNET SWARM] Deploying Silicon-Identity to Dell Optiplex 3050 Micro Variants / ${DISTRO} target..."
|
||||||
f_exec_log "rsync -avzX ${NEWROOT}/bin/ ${MNT_POINT}/usr/local/bin/" "deploy" "install"
|
|
||||||
|
# Kernel Handoff
|
||||||
|
mkdir -p ${MNT_POINT}/boot
|
||||||
|
cp -v ${NEWROOT}/boot/vmlinuz-* ${MNT_POINT}/boot/
|
||||||
|
|
||||||
|
# Binary Sync with safe-links
|
||||||
|
local bin_dest="/usr/local/bin"
|
||||||
|
[[ "$DISTRO" == "OpenWrt" ]] && bin_dest="/usr/bin"
|
||||||
|
|
||||||
|
f_exec_log "rsync -avzX --safe-links ${NEWROOT}/bin/ ${MNT_POINT}${bin_dest}/" "${DISTRO}_deploy" "install"
|
||||||
umount ${MNT_POINT}
|
umount ${MNT_POINT}
|
||||||
|
echo ">> [SUCCESS] Swarm Node Seeded: ${DISTRO}"
|
||||||
}
|
}
|
||||||
|
|
||||||
# --- 10. MAIN (ONE-SHOT) ---
|
function f_boot_deploy() {
|
||||||
|
local TYPE="${1:-grub2-legacy-style}"
|
||||||
|
local TARGET_PART="${2:-/dev/sda3}"
|
||||||
|
local KERNEL_IMG="vmlinuz-${v_linux}-${SYS_LABEL}-dcosnet"
|
||||||
|
|
||||||
|
echo ">> BTC-0.2.0: Deploying ${TYPE} config..."
|
||||||
|
|
||||||
|
case ${TYPE} in
|
||||||
|
grub1)
|
||||||
|
cat <<EOF > /boot/grub/menu.lst
|
||||||
|
title BTC SourceMage [${SYS_LABEL}]
|
||||||
|
root (hd0,2)
|
||||||
|
kernel /boot/${KERNEL_IMG} root=${TARGET_PART} rw quiet
|
||||||
|
EOF
|
||||||
|
;;
|
||||||
|
lilo)
|
||||||
|
cat <<EOF > /etc/lilo.conf
|
||||||
|
boot=/dev/sda
|
||||||
|
image=/boot/${KERNEL_IMG}
|
||||||
|
label=BTC-SM
|
||||||
|
root=${TARGET_PART}
|
||||||
|
read-only
|
||||||
|
EOF
|
||||||
|
/sbin/lilo
|
||||||
|
;;
|
||||||
|
grub2-legacy-style)
|
||||||
|
cat <<EOF > /etc/grub.d/40_custom
|
||||||
|
#!/bin/sh
|
||||||
|
exec tail -n +3 \$0
|
||||||
|
menuentry 'SourceMage [Silicon: ${SYS_LABEL}]' {
|
||||||
|
set root='(hd0,gpt3)'
|
||||||
|
linux /boot/${KERNEL_IMG} root=${TARGET_PART} rw quiet
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
grub-mkconfig -o /boot/grub/grub.cfg
|
||||||
|
;;
|
||||||
|
syslinux)
|
||||||
|
cat <<EOF > /boot/syslinux/syslinux.cfg
|
||||||
|
LABEL btc
|
||||||
|
LINUX ../${KERNEL_IMG}
|
||||||
|
APPEND root=${TARGET_PART} rw
|
||||||
|
EOF
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
|
# --- 12. MAIN ORCHESTRATION ---
|
||||||
function f_main() {
|
function f_main() {
|
||||||
[[ $EUID -ne 0 ]] && { echo ">> Root Required."; exit 1; }
|
[[ $EUID -ne 0 ]] && { echo ">> Root Required."; exit 1; }
|
||||||
local TARGET_DEV="${1:-}" # Optional physical seed target
|
local TARGET_DEV="${1:-}"
|
||||||
|
|
||||||
|
f_agpl_header # Display license status to all interacting users
|
||||||
f_silicon_probe
|
f_silicon_probe
|
||||||
f_setup
|
f_setup
|
||||||
|
|
||||||
|
# Forge Pipeline
|
||||||
f_binutils
|
f_binutils
|
||||||
f_kernel_headers
|
f_kernel_headers
|
||||||
f_gcc_p1
|
f_gcc_p1
|
||||||
|
|
@ -248,22 +367,19 @@ function f_main() {
|
||||||
f_gcc_p2
|
f_gcc_p2
|
||||||
f_kernel_binary
|
f_kernel_binary
|
||||||
|
|
||||||
#Stage 1: Persistence
|
# 1. Mandatory Persistence (Archive)
|
||||||
f_package
|
f_package
|
||||||
|
|
||||||
#Stage 2: Optional Seed
|
# 2. Optional Physical Seed & Boot deployment
|
||||||
if [[ -n "${TARGET_DEV}" ]]; then
|
if [[ -n "${TARGET_DEV}" ]]; then
|
||||||
if [[ -b "${TARGET_DEV}" ]]; then
|
|
||||||
f_install_target "${TARGET_DEV}"
|
f_install_target "${TARGET_DEV}"
|
||||||
else
|
f_boot_deploy "grub2-legacy-style" "${TARGET_DEV}"
|
||||||
echo ">> [ERROR] ${TARGET_DEV} is not a valid block device."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#Stage 3: Zero-Footprint Cleanup
|
# 3. Final Zero-Footprint Cleanup: Unmount ramfs
|
||||||
cd / && umount ${SOURCES_ACTIVE}
|
cd / && umount -l ${SOURCES_ACTIVE}
|
||||||
echo ">> [SUCCESS] BTC-0.1.4: Sovereign Swarm Artifacts Persistent in ${BTC_ARCHIVE}."
|
echo ">> [SUCCESS] BTC-0.2.0-AGPL: Sovereign Forge Complete."
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# One-Shot Execution
|
||||||
f_main "$@"
|
f_main "$@"
|
||||||
Loading…
Reference in New Issue