additional bash programming to support a json configuration file.

still working on kernel options for proper networking.

README.md

@@ -1,2 +1,8 @@
 # PatronageOS
 
+modern linux distro based on the latest kernel.
+minimal dependencies.
+
+kernel and subsystems are/will be built in a rootless containers.
+
+start with ./scripts/build_everything.sh

config/apply_initial_host_configuration.sh

@@ -0,0 +1,50 @@
+#!/bin/bash
+set -e
+set -x
+echo 'initial configuration'
+# Parse the JSON file
+while IFS="=" read -r key value; do
+  declare "$key=$value"
+done < <(jq -r 'to_entries|map("\(.key)=\(.value|tostring)")|.[]' config.json)
+
+echo "$hostname" > /etc/hostname
+echo "127.0.0.1 $hostname"> /etc/hosts
+
+echo "$timezone" > /etc/timezone
+ln -sf /usr/share/zoneinfo/America/Los_Angeles /etc/localtime
+
+# Set the root password
+echo "root:$root_password" | chpasswd
+
+#set additional profile options.
+jq --compact-output -r '.profile[]' config.json | while read -r line; do
+  echo "$line" >> /etc/profile
+done
+
+echo "export PATH=$PATH:/usr/local/go/bin" >> /etc/profile
+
+#set default shell to bash.
+sed -i 's|^SHELL=.*|SHELL=/bin/bash|' /etc/default/useradd
+
+user_mod() {
+  echo "$1"
+  username=$(echo "$1" | jq -r '.username')
+  password=$(echo "$1" | jq -r '.password')
+
+  # Create user
+  if getent passwd "$username" >/dev/null 2>&1; then
+    echo "User already exists"
+  else
+    useradd -m "$username"
+  fi   
+
+  # Set password
+  echo "$username:$password" | chpasswd
+
+  # Add to sudo group
+  usermod -aG sudo "$username"
+}
+jq --compact-output -r '.users[]' config.json | while read -r line; do
+  user_mod "$line"
+done
+echo "Configuration applied."

config/build_containerfile

@@ -0,0 +1,9 @@
+from ubuntu:latest
+run apt-get update
+run apt-get upgrade -y
+run apt-get install -y bison flex gcc make libncurses-dev git bc build-essential git libncurses5-dev lzop perl libssl-dev bison flex kmod device-tree-compiler dwarves libelf-dev libdwarf-dev libdw-dev python3 gawk zstd
+workdir /linux
+add ./config/container_cmd.sh /
+add ./config/update_kernel_make_config.py /
+run chmod +x /container_cmd.sh
+cmd ["/usr/bin/bash","-c","/container_cmd.sh"]

config/config.json

@@ -0,0 +1,28 @@
+{
+  "hostname": "linuxhost",
+  "timezone": "America/Denver",
+  "root_password": "password",
+  "locale":"en_US.UTF-8",
+  "users": [
+    {
+      "username": "user1",
+      "password": "password1"
+    },
+    {
+      "username": "user2",
+      "password": "password2"
+    }
+  ],
+  "packages": [
+    "htop",
+    "git",
+    "ffmpeg",
+    "vlc",
+    "pciutils",
+    "usbutils"
+  ],
+  "profile":[],
+  "allowed_dns":[],
+  "allowed_host":[]
+  
+}

config/container_cmd.sh

@@ -0,0 +1,9 @@
+set -e
+cores=$(nproc)
+echo "${cores}"
+/usr/bin/make clean
+/usr/bin/make defconfig
+cat ./.config | python3 /update_kernel_make_config.py --file /linux/kernel_options.json
+cat ./.config | python3 /update_kernel_make_config.py --file /linux/kernel_options.json > ./.config
+/usr/bin/make olddefconfig
+/usr/bin/make -j ${cores}

config/filesystem_chroot_install.sh

@@ -0,0 +1,52 @@
+#add sources list for questing.
+set -e
+set -x
+echo "deb https://archive.ubuntu.com/ubuntu questing main restricted universe multiverse" > /etc/apt/sources.list
+echo "deb https://archive.ubuntu.com/ubuntu questing-updates main restricted universe multiverse" >> /etc/apt/sources.list
+echo "deb https://archive.ubuntu.com/ubuntu questing-backports main restricted universe multiverse" >> /etc/apt/sources.list
+echo "deb https://security.ubuntu.com/ubuntu questing-security main restricted universe multiverse" >> /etc/apt/sources.list
+apt update
+apt upgrade -y
+
+#install base system packages
+apt install -y --install-recommends --install-suggests systemd
+apt install -y --no-install-recommends gnome-core
+apt install -y jq git rlwrap dnsutils curl systemd-resolved ufw nano htop ipset lm-sensors net-tools iputils-ping python3-pip bpfcc-tools gnome-shell-extension-ubuntu-dock gnome-shell-extension-ubuntu-tiling-assistant gnome-shell-extension-appindicator keepassxc libnetfilter-queue-dev libpcap-dev protobuf-compiler bpftool golang ufw
+
+#install packages from config
+jq -r '.packages | .[]' config.json | while read -r item; do
+  apt install -y "$item"
+done
+
+#set locale
+locale=$(jq -r '.locale' config.json)
+echo "$locale"
+locale-gen "$locale"
+echo "LANG=$locale" > /etc/default/locale
+
+#install python systemwide
+#pip install --break-system-packages dnslib psutil
+
+#add setuid for some applications
+chmod u+s /usr/bin/bwrap
+chmod u+s /usr/bin/ping
+
+#install firewall
+#mkdir -p /usr/local/src/
+#cd /usr/local/src/
+#git clone https://git.patronage.systems/matt/dnsf.git
+#chmod +x /usr/local/src/dnsf/dnsf_install.sh
+#/bin/bash -c /usr/local/src/dnsf/dnsf_install.sh
+
+#enable services
+systemctl enable systemd-resolved
+systemctl enable systemd-networkd
+
+#ui changes
+gsettings set org.gnome.desktop.interface color-scheme 'prefer-dark'
+
+#install brave browser
+curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg
+curl -fsSLo /etc/apt/sources.list.d/brave-browser-release.sources https://brave-browser-apt-release.s3.brave.com/brave-browser.sources
+apt update
+apt install -y brave-browser

config/filesystem_cmd.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+set -e
+fakechroot
+debootstrap --version
+debootstrap --variant=fakechroot --arch amd64 bionic /tmp/rootfs/ http://archive.ubuntu.com/ubuntu

config/filesystem_containerfile

@@ -0,0 +1,11 @@
+FROM ubuntu:latest
+run ls /
+run apt-get update
+run apt-get install -y pacstrap
+run mkdir -p /tmp/
+run mkdir -p /tmp/rootfs/
+workdir /linux
+add ./config/filesystem_cmd.sh /
+add ./config/polystrap.cfg /tmp
+run chmod +x /filesystem_cmd.sh
+cmd ["/usr/bin/bash","-c","/filesystem_cmd.sh"]

config/grub.cfg

@@ -0,0 +1,19 @@
+set	timeout=1
+set	default=0
+echo	'loading modules..'
+insmod	normal
+insmod	fat
+insmod	part_gpt
+insmod	gzio
+insmod	ext
+
+echo	'loading menu..'
+set	root='(hd0,gpt1)'
+ls	(hd0,gpt1)/EFI/patronage/
+menuentry "PatronageOS" {
+    linux	/EFI/patronage/bzImage quiet splash boot=/init
+    echo	'loaded kernel...'
+    initrd	/EFI/patronage/initramfs.cpio.gz
+    echo	'loaded initial ramdisk...'
+    boot
+}

config/init.sh

@@ -0,0 +1,23 @@
+#!/bin/busybox sh
+set -e
+/bin/busybox echo 'mounting /proc..'
+/bin/busybox mount -t proc proc /proc
+/bin/busybox echo 'mounting /sys..'
+/bin/busybox mount -t sysfs sysfs /sys
+/bin/busybox echo 'mounting /dev..'
+/bin/busybox mount -t devtmpfs devtmpfs /dev
+/bin/busybox echo 'creating root..'
+/bin/busybox mkdir -p /newroot
+/bin/busybox echo 'mounting root..'
+/bin/busybox mount $(/bin/busybox findfs LABEL=ROOT) /newroot
+#/bin/busybox echo 'moving /sys..'
+#/bin/busybox mount --move /sys /newroot/sys
+#/bin/busybox echo 'moving /dev..'
+#/bin/busybox mount --move /dev /newroot/dev
+#/bin/busybox echo 'moving /proc..'
+#/bin/busybox mount --move /proc /newroot/proc
+#/bin/busybox modprobe encryptfs
+#/bin/busybox modprobe dm-crypt
+/bin/busybox echo 'switching root..'
+exec switch_root /newroot /lib/systemd/systemd --system
+

config/interfaces.network

@@ -0,0 +1,5 @@
+[Match]
+Name=*
+
+[Network]
+DHCP=yes

config/resolved.conf

@@ -0,0 +1,9 @@
+[Resolve]
+Domains=~.
+DNSSEC=true
+DNSOverTLS=yes
+MulticastDNS=no
+LLMNR=no
+Cache=yes
+DNSStubListener=yes
+DNS=9.9.9.11#dns11.quad9.net DNS=1.1.1.1#cloudflare-dns.com

config/settings/opensnitch/settings.conf

@@ -0,0 +1,46 @@
+[General]
+statsDialog=1
+
+[database]
+file=:memory:
+max_days=1
+purge_interval=5
+purge_oldest=true
+type=0
+
+[global]
+default_action=0
+default_duration=6
+default_ignore_rules=false
+default_ignore_temporary_rules=0
+default_popup_advanced=true
+default_popup_advanced_dstip=true
+default_popup_advanced_dstport=true
+default_popup_advanced_uid=false
+default_popup_position=0
+default_target=0
+default_timeout=30
+disable_popups=false
+
+[notifications]
+enabled=true
+type=0
+
+[promptDialog]
+geometry=@ByteArray(\x1\xd9\xd0\xcb\0\x3\0\0\0\0\x6\x93\0\0\x3\x86\0\0\b\x9a\0\0\x4\xde\0\0\x6\x93\0\0\x3\xab\0\0\b\x9a\0\0\x4\xde\0\0\0\0\0\0\0\0\xf\0\0\0\x6\x93\0\0\x3\xab\0\0\b\x9a\0\0\x4\xde)
+
+[statsDialog]
+general_columns_state=@ByteArray(\0\0\0\xff\0\0\0\0\0\0\0\x1\0\0\0\x1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x4o\0\0\0\a\0\x1\x1\x1\0\0\0\0\0\0\0\0\0\0\0\0\x64\xff\xff\xff\xff\0\0\0\x84\0\0\0\0\0\0\0\a\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\x1\x1\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\xf5\0\0\0\x1\0\0\0\0\0\0\0\xe9\0\0\0\x1\0\0\0\0\0\0\x3\xe8\0\0\0\0\x64)
+general_filter_text=
+general_limit_results=0
+geometry=@ByteArray(\x1\xd9\xd0\xcb\0\x3\0\0\0\0\a\x84\0\0\x4&\0\0\f\b\0\0\a\xf7\0\0\a\x84\0\0\x4K\0\0\f\b\0\0\a\xf7\0\0\0\0\0\0\0\0\xf\0\0\0\a\x84\0\0\x4K\0\0\f\b\0\0\a\xf7)
+last_tab=0
+nodes_columns_state=@ByteArray(\0\0\0\xff\0\0\0\0\0\0\0\x1\0\0\0\x1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x5\x88\0\0\0\n\0\x1\x1\x1\0\0\0\0\0\0\0\0\x1\0\0\0\x64\xff\xff\xff\xff\0\0\0\x84\0\0\0\0\0\0\0\n\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0>\0\0\0\x1\0\0\0\x3\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\x2*\0\0\0\x1\0\0\0\0\0\0\x3\xe8\0\0\0\0\x64)
+rules_columns_state=@ByteArray(\0\0\0\xff\0\0\0\0\0\0\0\x1\0\0\0\x1\xff\xff\xff\xff\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x4\x46\0\0\0\n\0\x1\x1\x1\0\0\0\0\0\0\0\0\0\0\0\0\x64\xff\xff\xff\xff\0\0\0\x84\0\0\0\0\0\0\0\n\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\xc2\0\0\0\x1\0\0\0\0\0\0\x3\xe8\0\0\0\0\x64)
+rules_tree_0_expanded=false
+rules_tree_1_expanded=false
+show_columns=0, 1, 2, 3, 4, 5, 6
+view_columns_state2=@ByteArray(\0\0\0\xff\0\0\0\0\0\0\0\x1\0\0\0\x1\xff\xff\xff\xff\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x4\xaa\0\0\0\v\0\x1\x1\x1\0\0\0\0\0\0\0\0\0\0\0\0\x64\xff\xff\xff\xff\0\0\0\x84\0\0\0\0\0\0\0\v\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\xc2\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\x3\xe8\0\0\0\0\x64)
+view_columns_state4=@ByteArray(\0\0\0\xff\0\0\0\0\0\0\0\x1\0\0\0\x1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x3\xe2\0\0\0\x2\0\x1\x1\x1\0\0\0\0\0\0\0\0\x1\0\0\0\x64\xff\xff\xff\xff\0\0\0\x84\0\0\0\0\0\0\0\x2\0\0\x1\x64\0\0\0\x1\0\0\0\x3\0\0\x2~\0\0\0\x1\0\0\0\0\0\0\x3\xe8\0\0\0\0\x64)
+view_details_columns_state0=@ByteArray(\0\0\0\xff\0\0\0\0\0\0\0\x1\0\0\0\x1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xc8\0\0\0\x2\0\x1\x1\x1\0\0\0\0\0\0\0\0\x1\0\0\0\x64\xff\xff\xff\xff\0\0\0\x84\0\0\0\0\0\0\0\x2\0\0\0\x64\0\0\0\x1\0\0\0\x3\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\x3\xe8\0\0\0\0\x64)
+view_details_columns_state2=@ByteArray(\0\0\0\xff\0\0\0\0\0\0\0\x1\0\0\0\x1\xff\xff\xff\xff\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x4\x46\0\0\0\n\0\x1\x1\x1\0\0\0\0\0\0\0\0\0\0\0\0\x64\xff\xff\xff\xff\0\0\0\x84\0\0\0\0\0\0\0\n\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\xc2\0\0\0\x1\0\0\0\0\0\0\x3\xe8\0\0\0\0\x64)

config/settings/skel/bash_profile

@@ -0,0 +1,5 @@
+# ~/.bash_profile
+chsh -s /bin/bash
+if [ -f ~/.bashrc ]; then
+  . ~/.bashrc
+fi

config/settings/skel/bashrc

@@ -0,0 +1,8 @@
+# ~/.bashrc
+
+# Custom aliases
+alias la='ls -la'
+
+
+# Set a custom prompt
+PS1="[\u@\h \W]\$ "

config/settings/skel/profile

@@ -0,0 +1,5 @@
+# ~/.profile
+
+if [ -f ~/.bashrc ]; then
+  . ~/.bashrc
+fi

config/update_kernel_make_config.py

@@ -0,0 +1,27 @@
+# -*- coding: utf-8 -*-
+
+
+import sys,json,argparse
+
+text = sys.stdin.readlines()
+
+parser = argparse.ArgumentParser()
+parser.add_argument("-f","--file")
+args = parser.parse_args()
+
+config = {}
+    
+for i in range(len(text)):
+    if '#' not in text[i] and len(str(text[i]).strip())>0:
+        key = str(text[i]).strip().split('=')
+        config[str(key[0])]=str(key[1])
+
+with open(args.file,'r',encoding='utf-8') as f:
+    changes = json.loads(f.read())
+
+for c in changes.keys():
+    config[str(c)]=changes[str(c)]
+
+config_to_write = ['='.join([str(i),str(config[str(i)])]) for i in config.keys()]
+
+print('\n'.join(config_to_write))

scripts/boot_image.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+cd "$(dirname "$0")"
+cd ..
+disk="./outputs/boot_image.img"
+
+
+qemu-system-x86_64 -bios /usr/share/ovmf/OVMF.fd -drive if=none,format=raw,file=$disk,id=hd -device virtio-blk-pci,drive=hd -m 16G -smp 8 -vga none --display default,gl=off -usb -device virtio-tablet-pci -device virtio-keyboard-pci --device virtio-gpu-pci -usb -enable-kvm -machine type=pc-q35-3.1,accel=kvm,kernel_irqchip=on -netdev user,id=net0 -device virtio-net-pci,netdev=net0,mac=52:54:00:12:34:56
+#--display gtk,gl=off --device virtio-gpu

scripts/bootstrap_filesystem.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+if [ "$(id -u)" -ne 0 ]; then
+	echo "switching from $(id -un) to root"
+	exec sudo "$0" "$@"
+fi
+set -e
+cd "$(dirname "$0")"
+DIR="$(dirname "$0")"
+cd ..
+echo $PWD
+
+rm -rf './outputs/root'
+if [ ! -d ./outputs/root/bin ]; then
+    rm -rf './outputs/root'
+    mkdir -p ./outputs/root/
+    debootstrap questing ./outputs/root https://us.archive.ubuntu.com/ubuntu
+fi
+

scripts/build_everything.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+set -e
+dir=$(dirname "$0")
+echo $dir
+cd $dir
+./install_dependencies.sh
+./build_kernel.sh
+./build_initramfs.sh
+./build_filesystem.sh
+./build_image.sh
+
+
+

scripts/build_filesystem.sh

@@ -0,0 +1,44 @@
+#!/bin/bash
+
+if [ "$(id -u)" -ne 0 ]; then
+	echo "switching from $(id -un) to root"
+	exec sudo "$0" "$@"
+fi
+set -e
+cd "$(dirname "$0")"
+DIR="$(dirname "$0")"
+cd ..
+echo $PWD
+if mountpoint -q "./outputs/chroot/proc/"; then
+  umount -lf "./outputs/chroot/proc/"
+fi
+rm -rf './outputs/chroot'
+mkdir -p ./outputs/chroot/
+if mountpoint -q "./outputs/root/proc/"; then
+  umount -lf "./outputs/root/proc/"
+fi
+rsync -a ./outputs/root/ ./outputs/chroot/
+mkdir -p ./outputs/chroot/proc
+mount --bind /proc ./outputs/chroot/proc
+cp ./config/filesystem_chroot_install.sh ./outputs/chroot/filesystem_chroot_install.sh
+cp ./config/apply_initial_host_configuration.sh ./outputs/chroot/apply_initial_host_configuration.sh
+cp ./config/config.json ./outputs/chroot/config.json
+
+#setup user skeleton
+cp ./config/settings/skel/bash_profile ./outputs/chroot/etc/skel/.bash_profile
+cp ./config/settings/skel/bashrc ./outputs/chroot/etc/skel/.bashrc
+cp ./config/settings/skel/profile ./outputs/chroot/etc/skel/.profile
+
+chmod +x ./outputs/chroot/filesystem_chroot_install.sh
+chmod +x ./outputs/chroot/apply_initial_host_configuration.sh
+chroot ./outputs/chroot /bin/bash -c "/filesystem_chroot_install.sh"
+chroot ./outputs/chroot /bin/bash -c "/apply_initial_host_configuration.sh"
+
+
+
+cd $DIR
+cd ..
+if mountpoint -q "./outputs/chroot/proc/"; then
+   umount -lf "./outputs/chroot/proc/"
+fi
+echo 'root filesystem created.'

scripts/build_image.sh

@@ -0,0 +1,86 @@
+#!/bin/bash
+if [ "$(id -u)" -ne 0 ]; then
+	echo "switching from $(id -un) to root"
+	exec sudo "$0" "$@"
+fi
+set -e
+cd "$(dirname "$0")"
+cd ..
+echo "$PWD"
+sync
+if mountpoint -q "./outputs/efi"; then
+  umount "./outputs/efi"
+fi
+if mountpoint -q "./outputs/sys"; then
+  umount "./outputs/sys"
+fi
+echo 'creating image..'
+disk="./outputs/boot_image.img"
+efi_part="1"
+root_part="2"
+dd if=/dev/zero of="$disk" count=12000 bs=1M
+parted -s "$disk" mklabel gpt
+parted -s --align=optimal "$disk" mkpart ESP fat32 1MiB 50Mib
+parted -s "$disk" set "$efi_part" esp on
+parted -s --align=optimal "$disk" mkpart ext4 100MiB 100%
+parted -s "$disk" set "$root_part" boot on
+parted -s "$disk" print
+kpartx -d "$disk"
+kpartx -avs "$disk"
+echo 'mounting image as loopback device..'
+loop="$(kpartx -l $disk | grep -ow 'loop[0-9]*' | head -n 1)"
+disk_efi="${loop}p1"
+disk_sys="${loop}p2"
+echo 'formatting image partitions..'
+mkfs.fat -F32 -n EFI /dev/mapper/${disk_efi}
+mkfs.ext4 -L ROOT /dev/mapper/${disk_sys}
+echo 'creating mount points..'
+rm -rf ./outputs/{efi,sys,grub}
+mkdir -p ./outputs/
+mkdir -p ./outputs/{efi,sys,grub}
+echo 'mounting loopback devices..'
+mount -t vfat /dev/mapper/${disk_efi} ./outputs/efi
+mount -t ext4 /dev/mapper/${disk_sys} ./outputs/sys
+echo 'installing grub..'
+echo "loop dev: ${loop}"
+echo "efi loop: ${disk_efi}"
+echo "sys loop: ${disk_sys}"
+grub-install -s --compress=gz --target=x86_64-efi --recheck --no-floppy --efi-directory=./outputs/efi --boot-directory=./outputs/efi --root-directory=./outputs/sys --bootloader-id=patronage /dev/$loop
+echo 'copying filesystem to mounted image..'
+if mountpoint -q "./outputs/chroot/proc/"; then
+  umount -lf "./outputs/chroot/proc/"
+fi
+cp ./config/interfaces.network ./outputs/chroot/etc/systemd/network/10-all.network
+cp ./config/resolved.conf ./outputs/chroot/etc/systemd/resolved.conf
+rsync -a './outputs/chroot/' './outputs/sys/'
+
+
+#tar -xf ./patronagefs.tar --directory ./mnt/sys/
+echo 'copied..'
+echo 'copying boot files..'
+mkdir -p ./outputs/efi/boot/
+cp ./outputs/initramfs.cpio.gz ./outputs/efi/
+mkdir -p ./outputs/efi/EFI/patronage/
+cp ./outputs/bzImage ./outputs/efi/EFI/patronage/bzImage
+cp ./outputs/initramfs.cpio.gz ./outputs/efi/EFI/patronage/
+
+cp ./config/grub.cfg ./outputs/efi/EFI/patronage/
+#cp $dir/grub.cfg $dir/mnt/sys/boot/grub/
+cp ./config/grub.cfg ./outputs/efi/EFI/BOOT/
+echo 'unmounting..'
+
+if mountpoint -q "./outputs/efi"; then
+  sync
+  #fuser -kmv "$dir/mnt/efi"
+  umount -lf "./outputs/efi"
+fi
+
+if mountpoint -q "./outputs/sys"; then
+  sync
+  #fuser -kmv "$dir/mnt/sys"
+  umount -lf "./outputs/sys"
+fi
+
+kpartx -d "$disk"
+chmod 777 "$disk"
+echo 'image built..'

scripts/build_initramfs.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+set -e
+cd "$(dirname "$0")"
+cd ..
+echo $PWD
+echo "cleaning filesystem and creating initram directories"
+rm -rf ./dependencies/initram/
+mkdir -p ./outputs/
+mkdir -p ./dependencies/
+mkdir -p ./dependencies/initram/
+mkdir -p ./dependencies/initram/{bin,dev,etc,lib,proc,sbin,sys,tmp,usr}
+mkdir -p ./dependencies/initram/usr/{bin,sbin}
+mkdir -p ./dependencies/initram/etc/{bin,sbin}
+mkdir -p ./dependencies/initram/lib/modules/
+echo "installing busybox"
+cp ./busybox ./dependencies/initram/bin/
+chmod +x ./dependencies/initram/bin/busybox
+chmod 4755 ./dependencies/initram/bin/busybox
+./dependencies/initram/bin/busybox --install -s "./dependencies/initram/bin/"
+
+cp ./config/init.sh ./dependencies/initram/init
+chmod +x ./dependencies/initram/init
+#chmod 4755 ./dependencies/initram/bin/init
+echo "copying kernel"
+cp ./dependencies/linux/arch/x86_64/boot/bzImage ./outputs/bzImage
+cd ./dependencies/initram/
+find ./bin -type f -name "*" -exec chmod +x {} +
+
+find . -print0 | cpio --null -o --format=newc --owner root:root | zstd -19 > ../../outputs/initramfs.cpio.gz
+echo "created initramfs."

scripts/build_kernel.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+set -e
+cd "$(dirname "$0")"
+cd ..
+mkdir -p ./dependencies
+rootdir=$(dirname "$0")
+dir=./$(dirname "$0")
+cd dependencies
+[[ -d ./linux ]] || git clone --depth 1 https://github.com/torvalds/linux.git ./linux
+cd "$(dirname "$0")"
+cd ..
+echo $PWD
+cp ./config/kernel_options.json ./dependencies/linux/kernel_options.json
+cat ./config/build_containerfile | /usr/bin/podman build --volume /lib/modules:/lib/modules:z -f - -t patronagekernel:latest .
+nice -n 20 /usr/bin/podman run -it --volume /lib/modules:/lib/modules:z --volume ./dependencies/linux:/linux patronagekernel:latest
+mkdir -p ./outputs/
+cp ./dependencies/linux/arch/x86_64/boot/bzImage ./outputs/bzImage

scripts/install_dependencies.sh

@@ -0,0 +1,13 @@
+#install dependencies
+if [ "$(id -u)" -ne 0 ]; then
+	echo "switching from $(id -un) to root"
+	exec sudo "$0" "$@"
+fi
+set -e
+list="kpartx podman debootstrap "
+apt update
+for item in $list; do
+    apt install -y $item
+done
+cd "$(dirname "$0")"
+find . -type f -name "*" -exec chmod +x {} +