Rust init

CHANGELOG.md

@@ -1,5 +1,16 @@
 # Changelog
 
+## [0.3.0] - 2024-11-10
+
+### Changed
+
+- Update easyto-assets to v0.4.0 to speed boot time.
+- Update README to clarify behavior of `secrets-manager` volume.
+
+### Removed
+
+- Remove init from this repository. It has been replaced with a version developed in its [own repository](https://github.com/cloudboss/easyto-init).
+
 ## [0.2.0] - 2024-08-06
 
 ### Added
@@ -29,5 +40,6 @@
 
 Initial release
 
+[0.3.0]: https://github.com/cloudboss/easyto/releases/tag/v0.3.0
 [0.2.0]: https://github.com/cloudboss/easyto/releases/tag/v0.2.0
 [0.1.0]: https://github.com/cloudboss/easyto/releases/tag/v0.1.0

Makefile

@@ -20,7 +20,7 @@ endif
 DIR_RELEASE = $(DIR_OUT)/release
 
 EASYTO_ASSETS_RELEASES = https://github.com/cloudboss/easyto-assets/releases/download
-EASYTO_ASSETS_VERSION = v0.3.0
+EASYTO_ASSETS_VERSION = v0.4.0
 EASYTO_ASSETS_BUILD = easyto-assets-build-$(EASYTO_ASSETS_VERSION)
 EASYTO_ASSETS_BUILD_ARCHIVE = $(EASYTO_ASSETS_BUILD).tar.gz
 EASYTO_ASSETS_BUILD_URL = $(EASYTO_ASSETS_RELEASES)/$(EASYTO_ASSETS_VERSION)/$(EASYTO_ASSETS_BUILD_ARCHIVE)
@@ -30,6 +30,11 @@ EASYTO_ASSETS_PACKER_URL = $(EASYTO_ASSETS_RELEASES)/$(EASYTO_ASSETS_VERSION)/$(
 EASYTO_ASSETS_RUNTIME = easyto-assets-runtime-$(EASYTO_ASSETS_VERSION)
 EASYTO_ASSETS_RUNTIME_ARCHIVE = $(EASYTO_ASSETS_RUNTIME).tar.gz
 EASYTO_ASSETS_RUNTIME_URL = $(EASYTO_ASSETS_RELEASES)/$(EASYTO_ASSETS_VERSION)/$(EASYTO_ASSETS_RUNTIME_ARCHIVE)
+EASYTO_INIT_RELEASES = https://github.com/cloudboss/easyto-init/releases/download
+EASYTO_INIT_VERSION = v0.1.1
+EASYTO_INIT = easyto-init-$(EASYTO_INIT_VERSION)
+EASYTO_INIT_ARCHIVE = easyto-init-$(EASYTO_INIT_VERSION).tar.gz
+EASYTO_INIT_URL = $(EASYTO_INIT_RELEASES)/$(EASYTO_INIT_VERSION)/$(EASYTO_INIT_ARCHIVE)
 
 EASYTO_ASSETS_PACKER_OUT = $(DIR_STG_PACKER)/$(PACKER_EXE) \
 	$(DIR_STG_PACKER_PLUGIN)/$(PACKER_PLUGIN_AMZ_EXE) \
@@ -65,26 +70,8 @@ $(DIR_OUT)/$(EASYTO_ASSETS_PACKER_ARCHIVE): | $(HAS_COMMAND_CURL) $(DIR_OUT)
 $(DIR_OUT)/$(EASYTO_ASSETS_RUNTIME_ARCHIVE): | $(HAS_COMMAND_CURL) $(DIR_OUT)
 	@curl -L -o $(DIR_OUT)/$(EASYTO_ASSETS_RUNTIME_ARCHIVE) $(EASYTO_ASSETS_RUNTIME_URL)
 
-$(DIR_STG_INIT)/$(DIR_ET)/sbin/init: \
-		hack/compile-init-ctr \
-		go.mod \
-		$(shell find cmd/initial -type f -path '*.go' ! -path '*_test.go') \
-		$(shell find pkg -type f -path '*.go' ! -path '*_test.go') \
-		$(shell find third_party -type f -path '*.go' ! -path '*_test.go') \
-		| $(HAS_IMAGE_LOCAL) $(VAR_DIR_ET) $(DIR_STG_INIT)/$(DIR_ET)/sbin/
-	@docker run --rm -t \
-		-v $(DIR_ROOT):/code \
-		-v $(DIR_ROOT)/$(DIR_STG_INIT):/install \
-		-e OPENSSH_PRIVSEP_DIR=$(OPENSSH_PRIVSEP_DIR) \
-		-e OPENSSH_PRIVSEP_USER=$(OPENSSH_PRIVSEP_USER) \
-		-e CHRONY_USER=$(CHRONY_USER) \
-		-e DIR_ET_ROOT=/$(DIR_ET) \
-		-e DIR_OUT=/install/$(DIR_ET)/sbin \
-		-e GOPATH=/code/$(DIR_OUT)/go \
-		-e GOCACHE=/code/$(DIR_OUT)/gocache \
-		-e CGO_ENABLED=1 \
-		-w /code \
-		$(CTR_IMAGE_LOCAL) /bin/sh -c "$$(cat hack/compile-init-ctr)"
+$(DIR_OUT)/$(EASYTO_INIT_ARCHIVE): | $(HAS_COMMAND_CURL) $(DIR_OUT)
+	@curl -L -o $(DIR_OUT)/$(EASYTO_INIT_ARCHIVE) $(EASYTO_INIT_URL)
 
 $(EASYTO_ASSETS_PACKER_OUT) &: $(DIR_OUT)/$(EASYTO_ASSETS_PACKER_ARCHIVE) | $(DIR_STG_PACKER)/
 	@tar -zmx \
@@ -124,10 +111,11 @@ $(DIR_OUT)/ctr2disk: \
 		-w /code \
 		$(CTR_IMAGE_LOCAL) /bin/sh -c "$$(cat hack/compile-ctr2disk-ctr)"
 
-$(DIR_STG_ASSETS)/init.tar: \
-		$(DIR_STG_INIT)/$(DIR_ET)/sbin/init \
-		| $(HAS_COMMAND_FAKEROOT) $(DIR_STG_ASSETS)/
-	@cd $(DIR_STG_INIT) && fakeroot tar cf $(DIR_ROOT)/$(DIR_STG_ASSETS)/init.tar .
+
+$(DIR_STG_ASSETS)/init.tar: $(DIR_OUT)/$(EASYTO_INIT_ARCHIVE) | $(DIR_STG_ASSETS)/
+	@tar -zmx \
+		--xform "s|^$(EASYTO_INIT)|$(DIR_STG_ASSETS)|" \
+		-f $(DIR_OUT)/$(EASYTO_INIT_ARCHIVE)
 
 $(DIR_STG_BIN)/easyto: \
 		hack/compile-easyto-ctr \
@@ -164,8 +152,6 @@ $(DIR_RELEASE)/easyto-$(VERSION)-$(OS)-$(ARCH).tar.gz: \
 		-f $(DIR_ROOT)/$(DIR_RELEASE)/easyto-$(VERSION)-$(OS)-$(ARCH).tar.gz assets bin packer
 
 test:
-	go vet -v ./third_party/...
-	go test -v ./third_party/...
 	go vet -v ./...
 	go test -v ./...
 

README.md

@@ -267,7 +267,7 @@ An SSM volume is a pseudo-volume, as the parameters from SSM Parameter Store are
 > [!NOTE]
 > The EC2 instance must have an instance profile with permission to call `secretsmanager:GetSecretValue`, and `kms:Decrypt` for the KMS key used to encrypt the secret if a customer-managed key was used.
 
-A Secrets Manager volume is a pseudo-volume, as the secret from Secrets Manager is copied as a file to the path defined in `mount.destination` one time on boot. Any updates to the secret would require a reboot to get the new value. The file is always written with a mode of `0600`. The owner and group of the file defaults to `security.run-as-user-id` and `security.run-as-group-id` unless explicitly specified in the volume's `mount.user-id` and `mount.group-id`.
+A Secrets Manager volume is a pseudo-volume, as the secret from Secrets Manager is copied as a file to the path defined in `mount.destination` one time on boot. Any updates to the secret would require a reboot to get the new value. This volume results in a single file being written, not a directory tree as is possible with S3 and SSM volumes. The file is always written with a mode of `0600`. The owner and group of the file defaults to `security.run-as-user-id` and `security.run-as-group-id` unless explicitly specified in the volume's `mount.user-id` and `mount.group-id`.
 
 `mount`: (Required, type [_mount_](#mount-object) object) - Configuration of the destination for the secret.
 

cmd/easyto/tree/ami.go

@@ -11,7 +11,6 @@ import (
 	"strings"
 
 	"github.com/cloudboss/easyto/pkg/constants"
-	"github.com/cloudboss/easyto/pkg/initial/vmspec"
 	"github.com/spf13/cobra"
 )
 
@@ -41,7 +40,7 @@ var (
 			}
 			amiCfg.packerDir = packerDir
 
-			return vmspec.ValidateServices(amiCfg.services)
+			return validateServices(amiCfg.services)
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
 			quotedServices := bytes.NewBufferString("")
@@ -180,3 +179,15 @@ func expandPath(pth string) (string, error) {
 
 	return filepath.Abs(expanded)
 }
+
+func validateServices(services []string) error {
+	for _, svc := range services {
+		switch svc {
+		case "chrony", "ssh":
+			continue
+		default:
+			return fmt.Errorf("invalid service %s", svc)
+		}
+	}
+	return nil
+}

pkg/constants/constants.go

@@ -1,16 +1,14 @@
 package constants
 
 const (
-	DirRoot = "/"
 	DirProc = "/proc"
-	DirRun  = "/run"
-	DirTmp  = "/tmp"
 
 	FileEtcPasswd  = "/etc/passwd"
 	FileEtcShadow  = "/etc/shadow"
 	FileEtcGroup   = "/etc/group"
 	FileEtcGShadow = "/etc/gshadow"
-	FileMetadata   = "metadata.json"
+
+	FileMetadata = "metadata.json"
 
 	GroupNameWheel = "wheel"
 
@@ -26,11 +24,8 @@ var (
 	SSHPrivsepDir  string
 	SSHPrivsepUser string
 
-	DirETRoot     string
-	DirETBin      = DirETRoot + "/bin"
-	DirETSbin     = DirETRoot + "/sbin"
-	DirETEtc      = DirETRoot + "/etc"
-	DirETHome     = DirETRoot + "/home"
-	DirETRun      = DirETRoot + "/run"
-	DirETServices = DirETRoot + "/services"
+	DirETRoot string
+	DirETBin  = DirETRoot + "/bin"
+	DirETSbin = DirETRoot + "/sbin"
+	DirETHome = DirETRoot + "/home"
 )