#!/bin/sh # # # The default of 3GB is too small for GCE, so override the size here. export VMSIZE=20g # Set to a list of packages to install. export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} firstboot-pkg-upgrade \ firstboot-pkgs google-cloud-sdk panicmail sudo \ sysutils/py-google-compute-engine lang/python \ lang/python3" # Set to a list of third-party software to enable in rc.conf(5). export VM_RC_LIST="ntpd sshd growfs \ firstboot_pkgs firstboot_pkg_upgrade google_startup \ google_accounts_daemon google_clock_skew_daemon \ google_instance_setup google_network_daemon" # Hack for FreeBSD 15.0; should go away before 15.1. MISSING_METALOGS=" ./usr/local/etc/instance_configs.cfg.distro ./usr/local/etc/pam.d/sudo ./usr/local/etc/sudo.conf ./usr/local/etc/sudo_logsrvd.conf ./usr/local/etc/sudoers ./usr/local/etc/syslog.d/90-google.conf " vm_extra_install_base() { echo 'search google.internal' > ${DESTDIR}/etc/resolv.conf echo 'nameserver 169.254.169.254' >> ${DESTDIR}/etc/resolv.conf echo 'nameserver 8.8.8.8' >> ${DESTDIR}/etc/resolv.conf metalog_add_data ./etc/resolv.conf } vm_extra_pre_umount() { local DEVFSISOURS # Enable growfs on every boot, not only the first, as as instance's disk can # be enlarged post-creation sed -i -e '/KEYWORD: firstboot/d' ${DESTDIR}/etc/rc.d/growfs cat << EOF >> ${DESTDIR}/etc/rc.conf dumpdev="AUTO" ifconfig_DEFAULT="SYNCDHCP mtu 1460" ntpd_sync_on_start="YES" # need to fill in something here #firstboot_pkgs_list="" firstboot_pkg_upgrade_repos="FreeBSD-base" panicmail_autosubmit="YES" EOF cat << EOF >> ${DESTDIR}/boot/loader.conf autoboot_delay="-1" beastie_disable="YES" loader_logo="none" hw.memtest.tests="0" console="comconsole,vidconsole" kern.timecounter.hardware=ACPI-safe aesni_load="YES" nvme_load="YES" # Required for arm64. hw.pci.honor_msi_blacklist=0 EOF metalog_add_data ./boot/loader.conf echo '169.254.169.254 metadata.google.internal metadata' >> \ ${DESTDIR}/etc/hosts # overwrite ntp.conf cat << EOF > ${DESTDIR}/etc/ntp.conf server metadata.google.internal iburst restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery restrict 127.0.0.1 restrict -6 ::1 restrict 127.127.1.0 EOF cat << EOF >> ${DESTDIR}/etc/syslog.conf *.err;kern.warning;auth.notice;mail.crit /dev/console EOF cat << EOF >> ${DESTDIR}/etc/ssh/sshd_config KbdInteractiveAuthentication no X11Forwarding no AcceptEnv LANG AllowAgentForwarding no ClientAliveInterval 420 EOF cat << EOF >> ${DESTDIR}/etc/crontab 0 3 * * * root /usr/sbin/freebsd-update cron EOF cat << EOF >> ${DESTDIR}/etc/sysctl.conf net.inet.icmp.drop_redirect=1 net.inet.ip.redirect=0 kern.ipc.soacceptqueue=1024 debug.trace_on_panic=1 debug.debugger_on_panic=0 EOF # To meet GCE marketplace requirements, extract the src.txz and # ports.txz distributions to the target virtual machine disk image # and fetch the sources for the third-party software installed on # the image. if [ -e "${DESTDIR}/../ftp/src.txz" ]; then tar fxJ ${DESTDIR}/../ftp/src.txz -C ${DESTDIR} ( cd ${DESTDIR} && find ./usr/src ) | while read P; do metalog_add_data ${P} done fi if [ -e "${DESTDIR}/../ftp/ports.txz" ]; then tar fxJ ${DESTDIR}/../ftp/ports.txz -C ${DESTDIR} _INSTALLED_PACKAGES=$(pkg -r ${DESTDIR} info -o -q -a | grep -v ^base/) for PACKAGE in ${_INSTALLED_PACKAGES}; do make -C ${DESTDIR}/usr/ports/${PACKAGE} fetch \ DISTDIR=${DESTDIR}/usr/ports/distfiles \ DISABLE_VULNERABILITIES=YES \ I_DONT_CARE_IF_MY_BUILDS_TARGET_THE_WRONG_RELEASE=YES done ( cd ${DESTDIR} && find ./usr/ports ) | while read P; do metalog_add_data ${P} done fi ## XXX: Verify this is needed. I do not see this requirement ## in the docs, and it impairs the ability to boot-test a copy ## of the image prior to packaging for upload to GCE. #sed -E -i '' 's/^([^#].*[[:space:]])on/\1off/' ${DESTDIR}/etc/ttys return 0 } # Do everything except deleting resolv.conf since we construct our own # Googlized resolv.conf file in vm_extra_install_base. vm_emulation_cleanup() { if [ -n "${QEMUSTATIC}" ]; then rm -f ${DESTDIR}/${EMULATOR} fi return 0 }