Move avoidable daemon shell-outs into Go
Reduce the control plane's dependency on helper scripts while keeping the hard Linux integration points in the approved shell-out layer. Replace the bash-driven image build path with a native Go builder that clones and optionally resizes the rootfs, boots a temporary Firecracker VM, provisions the guest over SSH, installs packages and modules, and preserves the package-manifest sidecar. Also replace a few small convenience shell-outs with Go helpers: read process stats from /proc, use os.Truncate for ext4 image growth, add file-clone and normalized-line helpers, drop the sh -c work-disk flattening path, and launch Firecracker via a direct sudo command. Add tests for the new SSH/archive and system helpers, plus a policy test that keeps os/exec imports confined to cli/firecracker/system. Update the docs to describe customize.sh as a manual helper rather than the daemon's image-build backend. Validated with go mod tidy, go test ./..., and make build.
This commit is contained in:
parent
0a0b0b617b
commit
942d242c03
17 changed files with 936 additions and 145 deletions
|
|
@ -4,12 +4,12 @@ Persistent Firecracker development VMs managed through a Go daemon, CLI, and TUI
|
|||
|
||||
## Requirements
|
||||
- Linux host with KVM (`/dev/kvm` access)
|
||||
- Core VM lifecycle: `sudo`, `ip`, `dmsetup`, `losetup`, `blockdev`, `truncate`, `pgrep`, `ps`
|
||||
- Core VM lifecycle: `sudo`, `ip`, `dmsetup`, `losetup`, `blockdev`, `truncate`, `pgrep`, `chown`, `chmod`, `kill`
|
||||
- Guest rootfs patching: `e2cp`, `e2rm`, `debugfs`
|
||||
- Guest work disk creation/resizing: `mkfs.ext4`, `e2fsck`, `resize2fs`, `mount`, `umount`, `cp`
|
||||
- SSH and logs: `ssh`
|
||||
- Optional NAT: `iptables`, `sysctl`
|
||||
- Image build helper flow: `bash`, `curl`, `jq`, `sha256sum`
|
||||
- Image build: the bundled SSH key plus the tools above; `banger image build` no longer shells out through `customize.sh`
|
||||
|
||||
`banger` validates these per command and returns actionable errors instead of
|
||||
assuming one workstation layout.
|
||||
|
|
@ -27,7 +27,7 @@ The bundle contains:
|
|||
- `rootfs.ext4` when present
|
||||
- `packages.apt`
|
||||
- `id_ed25519`
|
||||
- the helper scripts used by image builds and installs
|
||||
- the helper scripts used by manual customization and installs
|
||||
|
||||
Bootstrap a source checkout from a local or published runtime archive. The
|
||||
checked-in [`runtime-bundle.toml`](/home/thales/projects/personal/banger/runtime-bundle.toml)
|
||||
|
|
@ -241,7 +241,7 @@ archive elsewhere.
|
|||
|
||||
## Remaining Shell Helpers
|
||||
The runtime VM lifecycle is managed through `banger`. The remaining shell scripts are not the primary user interface:
|
||||
- `customize.sh`: implementation used by `banger image build`; it now reads
|
||||
- `customize.sh`: manual reference flow for rootfs customization; `banger image build` is now Go-native, but the script still reads
|
||||
assets from `BANGER_RUNTIME_DIR` and stores transient state under
|
||||
`BANGER_STATE_DIR`/XDG state
|
||||
- `make-rootfs.sh`: convenience wrapper for rebuilding `./runtime/rootfs-docker.ext4`
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue