josh/Vetting
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
956120b80eaed42617918601830688052331cbf3
Vetting/live-image
T
History
josh a88e24bef4
CI / Lint + build + test (push) Successful in 1m23s
Details
Release / release (push) Successful in 4m49s
Details
live-image: real /init + verbose boot for first-boot diagnosis 
Host boots past kernel init and then stalls silently. ACPI DSDT error
about TXHC.RHUB.SS01 is benign noise (Tiger Lake firmware bug) — the
actual problem is that nothing between kernel handoff and (maybe)
systemd is visible on the console.

Two changes:

1. Replace the /init → sbin/init symlink with a real shell script
   (live-image/mkosi.extra/init) that mounts /proc /sys /dev /dev/pts
   /dev/shm /run before execing systemd. Systemd has fallback mount
   code for these, but when it fails the failure is silent. Doing it
   explicitly in /init keeps failures visible and avoids the fragile
   symlink-resolution trick.

2. Drop 'quiet' from the kernel cmdline and add loglevel=7 plus
   systemd.log_target=kmsg + journald.forward_to_console=1 so every
   early-boot message reaches both tty0 and ttyS0. Will be dialed
   back once boot is stable.

Also: .gitattributes pins LF on live-image/, .gitea/, Makefile, and
*.sh so Windows checkouts don't break shell scripts and Makefile
recipes with CRLF. /init also gets chmod 0755 in repack-initrd as a
belt-and-braces against mode loss on non-Linux checkouts.
2026-04-18 14:31:40 -04:00
..
mkosi.extra
live-image: real /init + verbose boot for first-boot diagnosis
2026-04-18 14:31:40 -04:00
mkosi.skeleton/etc/systemd/system
Initial commit: full Phases 1-6 implementation
2026-04-17 21:32:10 -04:00
mkosi.sources.d
live-image: fix firmware so i915 actually loads at boot
2026-04-18 13:38:40 -04:00
Makefile
live-image: real /init + verbose boot for first-boot diagnosis
2026-04-18 14:31:40 -04:00
mkosi.conf
live-image: fix check-initrd size measurement; add zstd to image
2026-04-18 14:00:07 -04:00
mkosi.postinst
live-image: symlink /initrd.img to match /vmlinuz
2026-04-18 10:54:25 -04:00
README.md
Automate PXE setup: release bundle + pxe-setup.sh + startup validation
2026-04-18 01:38:43 -04:00

README.md

Vetting live image

Debian-based Linux live image that PXE-booted hosts drop into. Runs the vetting-agent binary under systemd and reaches back to the orchestrator over HTTP+SSE.

Preferred build path: make release

Run make release from the repo root (Linux/WSL) — it builds the live image and bundles it with the orchestrator binary, install scripts, and pinned iPXE SHAs into a single vetting-bundle-<sha>.tar.gz. See ../docs/operations.md for the install flow.

Manual build (dev loop)

On Windows:

wsl make -C live-image all

On Linux:

make -C live-image all

This produces live-image/build/vmlinuz and live-image/build/initrd.img. deploy/pxe-setup.sh picks them up automatically when run from the repo tree — no manual copy needed.

iPXE binaries

The dnsmasq supervisor expects ipxe.efi and undionly.kpxe in pxe.tftp_root. deploy/pxe-setup.sh fetches them from boot.ipxe.org and verifies against pinned SHA256s in deploy/ipxe-shas.txt. Bumping the pins requires a deliberate repo commit.

WSL prerequisites (Windows dev)

sudo apt install mkosi debootstrap squashfs-tools dosfstools
Reference in New Issue View Git Blame Copy Permalink