#!/bin/sh # # $FreeBSD$ # # Set to a list of packages to install. export VM_EXTRA_PACKAGES="firstboot-freebsd-update firstboot-pkgs \ google-cloud-sdk panicmail sudo sysutils/py-google-compute-engine \ lang/python lang/python2 lang/python3" # Set to a list of third-party software to enable in rc.conf(5). export VM_RC_LIST="ntpd sshd growfs \ firstboot_pkgs firstboot_freebsd_update google_startup \ google_accounts_daemon google_clock_skew_daemon \ google_instance_setup google_network_daemon" vm_extra_install_base() { echo 'search google.internal' > ${DESTDIR}/etc/resolv.conf echo 'nameserver 169.254.169.254' >> ${DESTDIR}/etc/resolv.conf echo 'nameserver 8.8.8.8' >> ${DESTDIR}/etc/resolv.conf } vm_extra_pre_umount() { # Enable growfs on every boot, not only the first, as as instance's disk can # be enlarged post-creation sed -i -e '/KEYWORD: firstboot/d' /etc/rc.d/growfs cat << EOF >> ${DESTDIR}/etc/rc.conf dumpdev="AUTO" ifconfig_DEFAULT="SYNCDHCP mtu 1460" ntpd_sync_on_start="YES" # need to fill in something here #firstboot_pkgs_list="" panicmail_autosubmit="YES" EOF cat << EOF >> ${DESTDIR}/boot/loader.conf autoboot_delay="-1" beastie_disable="YES" loader_logo="none" hw.memtest.tests="0" console="comconsole,vidconsole" hw.vtnet.mq_disable=1 kern.timecounter.hardware=ACPI-safe aesni_load="YES" nvme_load="YES" EOF echo '169.254.169.254 metadata.google.internal metadata' > \ ${DESTDIR}/etc/hosts # overwrite ntp.conf cat << EOF > ${DESTDIR}/etc/ntp.conf server metadata.google.internal iburst restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery restrict 127.0.0.1 restrict -6 ::1 restrict 127.127.1.0 EOF cat << EOF >> ${DESTDIR}/etc/syslog.conf *.err;kern.warning;auth.notice;mail.crit /dev/console EOF cat << EOF >> ${DESTDIR}/etc/ssh/sshd_config ChallengeResponseAuthentication no X11Forwarding no AcceptEnv LANG AllowAgentForwarding no ClientAliveInterval 420 EOF cat << EOF >> ${DESTDIR}/etc/crontab 0 3 * * * root /usr/sbin/freebsd-update cron EOF cat << EOF >> ${DESTDIR}/etc/sysctl.conf net.inet.icmp.drop_redirect=1 net.inet.ip.redirect=0 net.inet.tcp.blackhole=2 net.inet.udp.blackhole=1 kern.ipc.somaxconn=1024 debug.trace_on_panic=1 debug.debugger_on_panic=0 EOF # To meet GCE marketplace requirements, extract the src.txz and # ports.txz distributions to the target virtual machine disk image # and fetch the sources for the third-party software installed on # the image. if [ ! -c "${DESTDIR}/dev/null" ]; then mkdir -p ${DESTDIR}/dev mount -t devfs devfs ${DESTDIR}/dev fi if [ -e "${DESTDIR}/../ftp/src.txz" ]; then tar fxJ ${DESTDIR}/../ftp/src.txz -C ${DESTDIR} fi if [ -e "${DESTDIR}/../ftp/ports.txz" ]; then tar fxJ ${DESTDIR}/../ftp/ports.txz -C ${DESTDIR} _INSTALLED_PACKAGES=$(chroot ${DESTDIR} pkg info -o -q -a) for PACKAGE in ${_INSTALLED_PACKAGES}; do chroot ${DESTDIR} \ make -C /usr/ports/${PACKAGE} fetch done fi if [ -c "${DESTDIR}/dev/null" ]; then umount_loop ${DESTDIR}/dev fi ## XXX: Verify this is needed. I do not see this requirement ## in the docs, and it impairs the ability to boot-test a copy ## of the image prior to packaging for upload to GCE. #sed -E -i '' 's/^([^#].*[[:space:]])on/\1off/' ${DESTDIR}/etc/ttys touch ${DESTDIR}/firstboot rm -f ${DESTDIR}/etc/resolv.conf return 0 }