From 49f8c7879dce62a838d860ac7a5f8837f0a70c9c Mon Sep 17 00:00:00 2001 From: jalr Date: Wed, 22 Dec 2021 19:10:39 +0000 Subject: [PATCH 1/6] Update to Debian bullseye --- .gitlab-ci.yml | 2 +- Makefile | 30 +++++++++---------- ...ebian-buster.yaml => debian-bullseye.yaml} | 2 +- security-scanner/Dockerfile | 2 +- txt.cfg | 4 +-- 5 files changed, 20 insertions(+), 20 deletions(-) rename packer/{debian-buster.yaml => debian-bullseye.yaml} (99%) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6645dda..89ef603 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -74,7 +74,7 @@ security_scanner: services: - docker:dind script: - - scripts/packer.sh debian-buster + - scripts/packer.sh debian-bullseye - aws --endpoint-url "$AWS_ENDPOINT_URL" s3 cp images/ "s3://$AWS_BUCKET/$CI_COMMIT_REF_SLUG/$CI_JOB_ID/" --recursive --no-progress artifacts: paths: diff --git a/Makefile b/Makefile index 81da0f7..b201b6e 100644 --- a/Makefile +++ b/Makefile @@ -22,7 +22,7 @@ qemu_network = 10.2.2.0 qemu_netmask = 24 qemu_vm_ip = 10.2.2.10 qemu_disk = tmp/qemu-disk.img -qemu_target ?= debian-buster +qemu_target ?= debian-bullseye qemu_kernel = $(qemu_target).linux qemu_torrent = $(qemu_target).torrent qemu_initramfs = $(shell \ @@ -35,7 +35,7 @@ fi \ ci_environment=$(shell env | sed -n 's/^\(CI_.*\)=.*/-e \1/p') .PHONY: default -default: builderimg images/debian-buster.squashfs +default: builderimg images/debian-bullseye.squashfs .PHONY: clean clean: @@ -60,7 +60,7 @@ images: [ ! -d "$@" ] && mkdir "$@" touch "$@" -images/debian-buster.squashfs: images +images/debian-bullseye.squashfs: images docker run \ --rm \ -v /var/run/docker.sock:/var/run/docker.sock \ @@ -72,9 +72,9 @@ images/debian-buster.squashfs: images $(ci_environment) \ "$(DOCKER_IMAGE_BUILDER)" \ scripts/packer.sh \ - debian-buster + debian-bullseye -images/debian-buster.torrent: images +images/debian-bullseye.torrent: images docker run \ --rm \ -v "${PWD}:${PWD}" \ @@ -82,7 +82,7 @@ images/debian-buster.torrent: images -e "WEBSEED=$(WEBSEED)" \ "$(DOCKER_IMAGE_BUILDER)" \ scripts/torrent.sh \ - debian-buster + debian-bullseye .PHONY: ansible ansible: @@ -104,24 +104,24 @@ ansible: # updates the initramfs # only used for development -images/debian-buster.initramfs.dev: tmp/initramfs-extracted/debian-buster packer/initramfs/labsync - cp packer/initramfs/labsync tmp/initramfs-extracted/debian-buster/scripts/labsync - (cd tmp/initramfs-extracted/debian-buster && find . | cpio -H newc -o | gzip > $(CWD)/images/debian-buster.initramfs.dev) +images/debian-bullseye.initramfs.dev: tmp/initramfs-extracted/debian-bullseye packer/initramfs/labsync + cp packer/initramfs/labsync tmp/initramfs-extracted/debian-bullseye/scripts/labsync + (cd tmp/initramfs-extracted/debian-bullseye && find . | cpio -H newc -o | gzip > $(CWD)/images/debian-bullseye.initramfs.dev) tmp: [ ! -d "$@" ] && mkdir "$@" || true -tmp/initramfs-extracted/debian-buster: images/debian-buster.initramfs - rm -rf tmp/initramfs-extracted/debian-buster - mkdir -p tmp/initramfs-extracted/debian-buster - (cd tmp/initramfs-extracted/debian-buster && zcat "$(CWD)/images/debian-buster.initramfs" | cpio -i) - touch tmp/initramfs-extracted/debian-buster +tmp/initramfs-extracted/debian-bullseye: images/debian-bullseye.initramfs + rm -rf tmp/initramfs-extracted/debian-bullseye + mkdir -p tmp/initramfs-extracted/debian-bullseye + (cd tmp/initramfs-extracted/debian-bullseye && zcat "$(CWD)/images/debian-bullseye.initramfs" | cpio -i) + touch tmp/initramfs-extracted/debian-bullseye $(qemu_disk): tmp qemu-img create "$@" 20G tmp/netboot.tar.gz: tmp - wget -c -O "$@" https://cdn-aws.deb.debian.org/debian/dists/buster/main/installer-amd64/current/images/netboot/netboot.tar.gz + wget -c -O "$@" https://cdn-aws.deb.debian.org/debian/dists/bullseye/main/installer-amd64/current/images/netboot/netboot.tar.gz touch "$@" tmp/tftproot: tmp/netboot.tar.gz diff --git a/packer/debian-buster.yaml b/packer/debian-bullseye.yaml similarity index 99% rename from packer/debian-buster.yaml rename to packer/debian-bullseye.yaml index 9a765d7..7e02bc1 100644 --- a/packer/debian-buster.yaml +++ b/packer/debian-bullseye.yaml @@ -20,7 +20,7 @@ variables: builders: - discard: true - image: debian:buster + image: debian:bullseye type: docker volumes: '{{user `images`}}': /tmp/images diff --git a/security-scanner/Dockerfile b/security-scanner/Dockerfile index 3b1eb74..677e003 100644 --- a/security-scanner/Dockerfile +++ b/security-scanner/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:buster-slim +FROM debian:bullseye-slim RUN apt-get update \ && apt-get -y install \ diff --git a/txt.cfg b/txt.cfg index 2f544a4..1cfc6a4 100644 --- a/txt.cfg +++ b/txt.cfg @@ -1,7 +1,7 @@ label labsync menu label ^labsync - kernel images/debian-buster.linux - append initrd=images/debian-buster.initramfs.dev boot=labsync labsync_disk=sda labsync_partsize_boot=512 labsync_torrent=http://10.2.2.1/debian-buster.torrent quiet vga=792 ip=10.2.2.10:::255.255.255.0:qemu-host:ens3:off labsync_wait=pause + kernel images/debian-bullseye.linux + append initrd=images/debian-bullseye.initramfs.dev boot=labsync labsync_disk=sda labsync_partsize_boot=512 labsync_torrent=http://10.2.2.1/debian-bullseye.torrent quiet vga=792 ip=10.2.2.10:::255.255.255.0:qemu-host:ens3:off labsync_wait=pause label install menu label ^Install From 8519cbbd05358254ae77fc835b6bdd4eb17f4411 Mon Sep 17 00:00:00 2001 From: jalr Date: Wed, 22 Dec 2021 19:37:28 +0000 Subject: [PATCH 2/6] Allow rsa keys for ssh --- packer/debian-bullseye.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/packer/debian-bullseye.yaml b/packer/debian-bullseye.yaml index 7e02bc1..aa82551 100644 --- a/packer/debian-bullseye.yaml +++ b/packer/debian-bullseye.yaml @@ -65,6 +65,8 @@ provisioners: - playbook_file: ansible/playbook.yml type: ansible user: root + ansible_env_vars: + - "ANSIBLE_SSH_ARGS='-o HostkeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa'" - inline: - rm /boot && mkdir /boot type: shell From fdc0441013083df1a3d8d758d7fcdc1ecec70235 Mon Sep 17 00:00:00 2001 From: jalr Date: Wed, 22 Dec 2021 20:06:07 +0000 Subject: [PATCH 3/6] Use python3 for ansible --- packer/ansible/roles/packages/tasks/sources.yml | 4 ++-- packer/debian-bullseye.yaml | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/packer/ansible/roles/packages/tasks/sources.yml b/packer/ansible/roles/packages/tasks/sources.yml index 0392177..ee35322 100644 --- a/packer/ansible/roles/packages/tasks/sources.yml +++ b/packer/ansible/roles/packages/tasks/sources.yml @@ -1,7 +1,7 @@ --- -- name: install python-apt +- name: install python3-apt apt: - name: "python-apt" + name: "python3-apt" state: present - name: clear sources.list diff --git a/packer/debian-bullseye.yaml b/packer/debian-bullseye.yaml index aa82551..01c8f8a 100644 --- a/packer/debian-bullseye.yaml +++ b/packer/debian-bullseye.yaml @@ -67,6 +67,7 @@ provisioners: user: root ansible_env_vars: - "ANSIBLE_SSH_ARGS='-o HostkeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa'" + - "ANSIBLE_PYTHON_INTERPRETER=/usr/bin/python3" - inline: - rm /boot && mkdir /boot type: shell From e5fe1ea800d6b5dc74f0b86f79e714f4401ec9ec Mon Sep 17 00:00:00 2001 From: jalr Date: Wed, 22 Dec 2021 21:34:21 +0000 Subject: [PATCH 4/6] Change debian-security source --- packer/ansible/roles/packages/tasks/sources.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packer/ansible/roles/packages/tasks/sources.yml b/packer/ansible/roles/packages/tasks/sources.yml index ee35322..9655549 100644 --- a/packer/ansible/roles/packages/tasks/sources.yml +++ b/packer/ansible/roles/packages/tasks/sources.yml @@ -26,5 +26,5 @@ - name: configure security updates repo apt_repository: filename: "{{ ansible_lsb.codename }}-security" - repo: "deb {{ debian_mirror_security }} {{ ansible_lsb.codename }}/updates {{ debian_sections | join(' ') }}" + repo: "deb {{ debian_mirror_security }}/debian-security/ {{ ansible_lsb.codename }}-security {{ debian_sections | join(' ') }}" state: present From cccc411fab2c6fea997900062750e3a4245b1d0e Mon Sep 17 00:00:00 2001 From: jalr Date: Wed, 22 Dec 2021 21:48:48 +0000 Subject: [PATCH 5/6] Replace package `python-usb` with `python3-usb` --- packer/ansible/roles/inkscape/tasks/silhouette.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packer/ansible/roles/inkscape/tasks/silhouette.yml b/packer/ansible/roles/inkscape/tasks/silhouette.yml index 001291b..5dee3e1 100644 --- a/packer/ansible/roles/inkscape/tasks/silhouette.yml +++ b/packer/ansible/roles/inkscape/tasks/silhouette.yml @@ -1,8 +1,8 @@ --- -- name: install python-usb and usbip +- name: install python3-usb and usbip apt: name: - - python-usb + - python3-usb - usbip state: present From aa2072c11da5cc18cacc4fb0e9ecd6bd9d65fd39 Mon Sep 17 00:00:00 2001 From: jalr Date: Tue, 28 Dec 2021 01:43:00 +0000 Subject: [PATCH 6/6] Use python3 compatible inkscape-silhouette plugin --- packer/ansible/roles/inkscape/files/inkscape-silhouette | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packer/ansible/roles/inkscape/files/inkscape-silhouette b/packer/ansible/roles/inkscape/files/inkscape-silhouette index 8afe49a..05d9c57 160000 --- a/packer/ansible/roles/inkscape/files/inkscape-silhouette +++ b/packer/ansible/roles/inkscape/files/inkscape-silhouette @@ -1 +1 @@ -Subproject commit 8afe49a2a52bb13bb2a34331e7c9625fb05529bf +Subproject commit 05d9c57336b13028c01c5bfd850431708c934016