josh/Vetting
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
Vetting/live-image/mkosi.conf
T
josh 481b67fb69
CI / Lint + build + test (push) Successful in 1m42s
Details
Release / release (push) Successful in 11m25s
Details
feat(firmware): install probe tools in live image + surface nic/hba gaps 
mkosi.conf: add ipmitool, ethtool, nvme-cli so the Firmware stage
can actually read BMC revisions, NIC firmware versions, and fall
back to nvme-cli when sysfs firmware_rev is missing.

firmware.go: probeNICFirmware and probeHBAFirmware now return
(snapshots, warning) so a missing ethtool/lspci surfaces in the
stage log the same way probeBIOS/probeBMC already do. Before, a
host without ethtool silently reported "bios=1 nvme_fw=1
microcode=1" with no hint that nic coverage was dropped.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-19 21:56:18 -04:00

81 lines
2.5 KiB
Plaintext
Raw Permalink Blame History

# Vetting live image (Phase 2 skeleton).
#
# Produces a Debian-based rootfs packaged as squashfs plus a kernel
# image, ready to be served over HTTP to iPXE. The image is deliberately
# small: only what the agent needs to run Phase 2 (the Hello / Claim /
# Heartbeat loop). Phase 4+ adds smartctl, stress-ng, fio, iperf3, etc.
[Distribution]
Distribution=debian
Release=bookworm
# non-free-firmware is where bookworm landed i915 GuC/HuC, iwlwifi,
# amdgpu, nvidia-*, realtek NIC firmware, etc. — anything we'd want
# when PXE-booting a random repaired host. Without it i915 wedges
# on Tiger Lake+ and drags the serial console with it.
#
# Belt-and-suspenders: mkosi.sources.d/debian.sources ships an
# explicit deb822 sources drop-in so the bootstrap step sees the
# component regardless of how this shorthand is interpreted by the
# mkosi version doing the build.
Repositories=main non-free-firmware
[Output]
Format=directory
Output=build
[Content]
# PXE live image — iPXE loads vmlinuz+initrd from TFTP, so the rootfs
# itself doesn't need an EFI bootloader. Bootable=no skips mkosi's
# systemd-boot/bootctl dance; we still get /vmlinuz + /initrd.img
# symlinks courtesy of the linux-image-amd64 postinst.
Bootable=no
BuildPackages=
Packages=
systemd
systemd-sysv
udev
linux-image-amd64
live-boot
iproute2
iputils-ping
openssh-server
ca-certificates
curl
dmidecode
pciutils
usbutils
initramfs-tools
zstd
# Stage binaries. Every package here backs a stage the agent runs —
# if any one goes missing the corresponding stage now fails the run
# (was: pass-with-skip). Keep this list in sync with agent/tests.
smartmontools
stress-ng
fio
iperf3
lshw
lm-sensors
e2fsprogs
util-linux
# Firmware probe tooling. Without these, the Firmware stage silently
# skips whole components (ethtool → nic, nvme-cli → nvme fallback) or
# emits a cosmetic "not installed" warning (ipmitool → bmc).
ipmitool
ethtool
nvme-cli
# Firmware. firmware-linux-nonfree on bookworm is a thin metapackage
# that does NOT pull i915 GuC/HuC — those live in firmware-misc-nonfree.
# Enumerate explicitly so the blob for whatever hardware we boot on
# actually lands in /lib/firmware and then in the initrd.
firmware-misc-nonfree
firmware-iwlwifi
firmware-realtek
firmware-amd-graphics
firmware-intel-sound
intel-microcode
amd64-microcode
firmware-linux-nonfree
[Host]
# Copy the prebuilt Go agent in from the repo root via postinst.
Reference in New Issue View Git Blame Copy Permalink