-
Notifications
You must be signed in to change notification settings - Fork 75
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 47881eb
Showing
20 changed files
with
555 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
.vagrant | ||
tmp/ | ||
debian/*.debhelper.log | ||
debian/cedar/ | ||
debian/files | ||
debian/*.substvars |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
Heroku Stack Images | ||
========= | ||
|
||
The provided bin/cedar.sh is the basis of a cedar stack image. | ||
|
||
cd hvm | ||
vagrant up | ||
vagrant ssh | ||
|
||
sudo /vagrant/bin/build-stack 2.0.0 /vagrant/bin/cedar.sh | ||
-----> Starting build | ||
-----> Installing build tools | ||
Hit http://us.archive.ubuntu.com lucid Release.gpg | ||
... | ||
-----> Cleaning up. Logs in /tmp/log/build-stack.log | ||
|
||
sudo /vagrant/bin/capture-stack 2.0.0 | ||
-----> Starting capture | ||
-----> Creating image file /tmp/cedar64-2.0.0.img | ||
24+0 records in | ||
... | ||
-----> Cleaning up. Logs in /tmp/log/capture-stack.log | ||
|
||
sudo /vagrant/bin/install-stack /tmp/cedar64-2.0.0.img.gz | ||
-----> Starting install | ||
-----> Gunzipping image /tmp/cedar64-2.0.0.img.gz | ||
-----> Mounting image /mnt/stacks/cedar64-2.0.0 | ||
|
||
Stack images are generally pushed to S3 and installed from there. | ||
|
||
sudo /vagrant/bin/push-stack 2.0.0 stacks_bucket \ | ||
AWS_ACCESS_KEY_ID=xxx AWS_SECRET_ACCESS_KEY=xxx | ||
-----> Starting push | ||
-----> Uploading files | ||
/tmp/cedar64-2.0.0.img.gz -> s3://stacks_bucket/cedar64-2.0.0.img.gz | ||
... | ||
-----> Signing URLs | ||
http://s3.amazonaws.com/noah_herokustacks/cedar64-2.0.0.img.gz?AWS... | ||
http://s3.amazonaws.com/noah_herokustacks/cedar64-2.0.0.img.md5 | ||
|
||
sudo /vagrant/bin/install-stack \ | ||
"http://s3.amazonaws.com/noah_herokustacks/cedar64-2.0.0.img.gz?AWS..." | ||
-----> Starting install | ||
-----> Downloading and gunzipping image | ||
-----> Mounting image /mnt/stacks/cedar64-2.0.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
Vagrant::Config.run do |config| | ||
config.vm.box = "lucid64" | ||
config.vm.box_url = "http://files.vagrantup.com/lucid64.box" | ||
config.vm.network :hostonly, "33.33.33.3" | ||
config.ssh.forward_agent = true | ||
config.vm.share_folder("log", "/tmp/log", "tmp/log") | ||
|
||
config.vm.provision :shell, :inline => <<-'EOSRC' | ||
( | ||
date | ||
apt-get update | ||
apt-get install -y curl git-core lxc s3cmd | ||
mkdir -p /cgroup | ||
mount none -t cgroup /cgroup | ||
) 2>&1 | tee /tmp/log/provision.log | ||
EOSRC | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
#!/bin/bash | ||
source $(dirname $0)/stack-helpers.sh | ||
LOG=/tmp/log/$(basename $0).log | ||
mkdir -p /tmp/log | ||
|
||
( | ||
[ $# -eq 2 ] || abort usage: $(basename $0) VERSION SCRIPT | ||
|
||
VERSION=$1 | ||
SCRIPT=$2 | ||
MNT=/tmp/cedar64-$VERSION-build | ||
|
||
[ $UID = 0 ] || abort fatal: must be called with sudo | ||
[[ -f $SCRIPT ]] || abort fatal: script "$SCRIPT" not found | ||
[[ -d $MNT ]] && abort fatal: dir "$MNT" already exists | ||
|
||
function on_exit() { | ||
display Cleaning up. Logs at $LOG | ||
umount $MNT/dev $MNT/proc 2>&1 | indent | ||
} | ||
trap on_exit EXIT | ||
|
||
display Starting build at $(date) | ||
display Installing build tools | ||
( | ||
apt-get update | ||
apt-get install -y build-essential debootstrap git-core | ||
) 2>&1 | indent | ||
|
||
display Bootstrapping build env $MNT | ||
( | ||
mkdir -p $MNT | ||
debootstrap --variant=minbase lucid $MNT | ||
) | indent | ||
|
||
display Mounting host in build env | ||
( | ||
mount --bind /dev $MNT/dev | ||
mount --bind /proc $MNT/proc | ||
cp $SCRIPT $MNT/tmp/build.sh | ||
) | indent | ||
|
||
display Building inside build env | ||
chroot $MNT /tmp/build.sh | indent | ||
) 2>&1 | tee $LOG |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,81 @@ | ||
#!/bin/bash | ||
source $(dirname $0)/stack-helpers.sh | ||
LOG=/tmp/log/$(basename $0).log | ||
|
||
( | ||
[ $# -ge 1 ] || abort usage: $(basename $0) VERSION [--no-gzip] | ||
|
||
VERSION=$1 | ||
NOGZIP=$2 | ||
MNT=/tmp/cedar64-$VERSION-build | ||
IMG=/tmp/cedar64-$VERSION.img | ||
IMG_MNT=/tmp/cedar64-$VERSION | ||
|
||
[ $UID = 0 ] || abort fatal: must be called with sudo | ||
[[ -d $MNT ]] || abort fatal: dir "$MNT" not found | ||
|
||
function on_exit() { | ||
display Cleaning up. Logs at $LOG | ||
( umount $IMG_MNT 2>&1 || true ) | indent | ||
} | ||
trap on_exit EXIT | ||
|
||
display Starting capture at $(date) | ||
display Creating image file $IMG | ||
( | ||
mkdir -p $(dirname $IMG) | ||
dd if=/dev/zero of=$IMG bs=100M count=24 | ||
yes | mkfs -t ext3 -m 1 $IMG | ||
tune2fs -c 9999 $IMG | ||
tune2fs -i 9999w $IMG | ||
) 2>&1 | indent | ||
|
||
display Mounting image $IMG_MNT | ||
mkdir -p $IMG_MNT | ||
mount -o loop,noatime,nodiratime $IMG $IMG_MNT | ||
|
||
display Copying stack to image | ||
( | ||
cd $MNT | ||
rsync -a --exclude=/lib/modules bin etc lib lib64 sbin usr $IMG_MNT | ||
rsync -a var/lib $IMG_MNT/var | ||
) | indent | ||
|
||
display Modifying image directories and files | ||
( | ||
for d in app tmp proc dev var var/log var/tmp home/group_home mnt/slug-compiler; do | ||
mkdir -p $IMG_MNT/$d | ||
done | ||
chmod 755 $IMG_MNT/home/group_home | ||
|
||
echo "127.0.0.1 localhost localhost.localdomain" > $IMG_MNT/etc/hosts | ||
|
||
echo "heroku-runtime" > $IMG_MNT/etc/hostname | ||
|
||
for f in etc/profile etc/bash.bashrc; do | ||
echo "export PS1='\\[\\033[01;34m\\]\\w\\[\\033[00m\\] \\[\\033[01;32m\\]$ \\[\\033[00m\\]'" > $IMG_MNT/$f | ||
done | ||
|
||
cat >$IMG_MNT/etc/resolv.conf <<EOF | ||
nameserver 172.16.0.23 | ||
domain z-2.compute-1.internal | ||
search z-2.compute-1.internal | ||
EOF | ||
|
||
cat > $IMG_MNT/home/group_home/.gitconfig <<EOF | ||
[user] | ||
name = Heroku Git | ||
email = [email protected] | ||
EOF | ||
chmod 644 $IMG_MNT/home/group_home/.gitconfig | ||
) | indent | ||
|
||
display Unmounting image | ||
umount $IMG_MNT | ||
|
||
display MD5ing and gzipping image | ||
( | ||
md5sum $IMG | cut -d ' ' -f 1 | tr -d '\n' | tee $IMG.md5 | ||
[[ -n $NOGZIP ]] || gzip $IMG | ||
) | indent | ||
) 2>&1 | tee $LOG |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,105 @@ | ||
#!/bin/bash | ||
|
||
exec 2>&1 | ||
set -e | ||
set -x | ||
|
||
cat > /etc/apt/sources.list <<EOF | ||
deb http://archive.ubuntu.com/ubuntu lucid main | ||
deb http://archive.ubuntu.com/ubuntu lucid-security main | ||
deb http://archive.ubuntu.com/ubuntu lucid-updates main | ||
deb http://archive.ubuntu.com/ubuntu lucid universe | ||
EOF | ||
|
||
apt-get update | ||
apt-get install -y --force-yes language-pack-en | ||
apt-get install -y --force-yes coreutils tar build-essential autoconf | ||
apt-get install -y --force-yes libxslt-dev libxml2-dev libglib2.0-dev libbz2-dev libreadline5-dev zlib1g-dev libevent-dev libssl-dev libpq-dev libncurses5-dev libcurl4-openssl-dev libjpeg-dev libmysqlclient-dev | ||
apt-get install -y --force-yes daemontools | ||
apt-get install -y --force-yes curl netcat telnet | ||
apt-get install -y --force-yes ed bison | ||
apt-get install -y --force-yes strace gdb | ||
apt-get install -y --force-yes openssh-client openssh-server | ||
apt-get install -y --force-yes imagemagick libmagick9-dev | ||
apt-get install -y --force-yes ia32-libs | ||
|
||
cd /tmp | ||
curl --retry 3 --max-time 60 --write-out %{http_code} --silent -o squashfs-tools_3.3-1ubuntu2_amd64.deb http://launchpadlibrarian.net/11397899/squashfs-tools_3.3-1ubuntu2_amd64.deb | ||
dpkg -i squashfs-tools_3.3-1ubuntu2_amd64.deb | ||
|
||
cd /tmp | ||
curl -L -o git-1.7.0.tar.gz https://github.com/git/git/tarball/v1.7.0 | ||
mkdir -p git-1.7.0 | ||
cd git-1.7.0 | ||
tar --strip-components 1 -xzvf ../git-1.7.0.tar.gz | ||
NO_EXPAT=yes NO_SVN_TESTS=yes NO_IPV6=yes NO_TCLTK=yes make prefix=/usr | ||
NO_EXPAT=yes NO_SVN_TESTS=yes NO_IPV6=yes NO_TCLTK=yes make install prefix=/usr | ||
|
||
apt-get install -y --force-yes openjdk-6-jdk openjdk-6-jre-headless | ||
|
||
cd /tmp | ||
curl -O "http://www.python.org/ftp/python/2.7.2/Python-2.7.2.tgz" | ||
tar xfz Python-2.7.2.tgz | ||
cd Python-2.7.2 | ||
./configure | ||
make | ||
make install | ||
|
||
cd /tmp | ||
curl -O http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.2-p290.tar.gz | ||
tar xzf ruby-1.9.2-p290.tar.gz | ||
cd ruby-1.9.2-p290 | ||
./configure --prefix=/usr/local | ||
make | ||
make install | ||
|
||
cd /tmp | ||
curl -O "http://www.erlang.org/download/otp_src_R14B04.tar.gz" | ||
tar xfz otp_src_R14B04.tar.gz | ||
cd otp_src_R14B04 | ||
./configure | ||
make | ||
make install | ||
|
||
# remove non-root owned artifacts of erlang | ||
rm -rf /usr/local/lib/erlang/lib/sasl-2.1.10/examples/ | ||
rm -rf /usr/local/lib/erlang/lib/ssl-4.1.6/examples/ | ||
rm -rf /usr/local/lib/erlang/lib/kernel-2.14.5/examples/ | ||
|
||
cd / | ||
rm -rf /var/cache/apt/archives/*.deb | ||
rm -rf /root/* | ||
rm -rf /tmp/* | ||
|
||
# remove SUID and SGID flags from all binaries | ||
function pruned_find() { | ||
find / -type d \( -name dev -o -name proc \) -prune -o $@ -print | ||
} | ||
|
||
pruned_find -perm /u+s | xargs -r chmod u-s | ||
pruned_find -perm /g+s | xargs -r chmod g-s | ||
|
||
# remove non-root ownership of files | ||
chown root:root /var/lib/libuuid | ||
|
||
# display build summary | ||
set +x | ||
echo -e "\nRemaining suspicious security bits:" | ||
( | ||
pruned_find ! -user root | ||
pruned_find -perm /u+s | ||
pruned_find -perm /g+s | ||
pruned_find -perm /+t | ||
) | sed -u "s/^/ /" | ||
|
||
echo -e "\nInstalled versions:" | ||
( | ||
git --version | ||
java -version | ||
ruby -v | ||
gem -v | ||
python -V | ||
) | sed -u "s/^/ /" | ||
|
||
echo -e "\nSuccess!" | ||
exit 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
#!/bin/bash | ||
source $(dirname $0)/stack-helpers.sh | ||
LOG=/tmp/log/$(basename $0).log | ||
|
||
( | ||
[ $# -eq 1 ] || abort usage: $(basename $0) IMG_GZ \| URL | ||
|
||
IMG_GZ=$1 | ||
MNT=/mnt/stacks/$(basename ${IMG_GZ%.img.gz*}) | ||
|
||
[ $UID = 0 ] || abort fatal: must be called with sudo | ||
|
||
display Starting install at $(date) | ||
if [[ -f $IMG_GZ ]]; then | ||
display Gunzipping image $IMG_GZ | ||
gunzip -c $IMG_GZ > $MNT.img | ||
else | ||
display Downloading and gunzipping image | ||
curl $IMG_GZ | gunzip > $MNT.img | ||
fi | ||
|
||
display Mounting image $MNT | ||
mkdir -p $MNT | ||
mount -o loop,noatime,nodiratime,ro $MNT.img $MNT | ||
) 2>&1 | tee $LOG |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
#!/bin/bash | ||
|
||
function append_once() { | ||
while read data; do | ||
grep -q "$data" $1 || echo "$data" >> $1 | ||
done | ||
} | ||
|
||
apt-get update | ||
apt-get -y --force-yes install curl git-core lxc | ||
|
||
# mount cgroup for LXC | ||
mkdir -p /cgroup | ||
mount none -t cgroup /cgroup | ||
append_once /etc/fstab <<EOF | ||
none /cgroup cgroup defaults 0 0 | ||
EOF | ||
|
||
# download or build a cedar image |
Oops, something went wrong.