-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(runtimes): Initial Aleph Python 3.11 runtime
- Loading branch information
1 parent
15719eb
commit 370f021
Showing
5 changed files
with
1,140 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,99 @@ | ||
| #!/bin/sh | ||
|
|
||
| rm ./rootfs.squashfs | ||
|
|
||
| set -euf | ||
|
|
||
| rm -fr ./rootfs | ||
| mkdir ./rootfs | ||
|
|
||
| debootstrap --variant=minbase bookworm ./rootfs http://deb.debian.org/debian/ | ||
|
|
||
| chroot ./rootfs /bin/sh <<EOT | ||
| set -euf | ||
| apt-get install -y --no-install-recommends --no-install-suggests \ | ||
| python3-minimal \ | ||
| openssh-server \ | ||
| socat libsecp256k1-1 \ | ||
| python3-aiohttp python3-msgpack \ | ||
| python3-setuptools python3-venv \ | ||
| python3-pip python3-cytoolz python3-pydantic \ | ||
| iproute2 unzip \ | ||
| nodejs npm \ | ||
| build-essential python3-dev \ | ||
| python3-fastapi \ | ||
| docker.io \ | ||
| cgroupfs-mount \ | ||
| nftables \ | ||
| iputils-ping curl \ | ||
| locales | ||
| # Update locale settings to en_US UTF-8 | ||
| echo "en_US.UTF-8 UTF-8" > /etc/locale.gen | ||
| locale-gen en_US.UTF-8 | ||
| echo "Pip installing aleph-sdk-python" | ||
| mkdir -p /opt/aleph/libs | ||
| pip3 install --target /opt/aleph/libs 'aleph-sdk-python==1.0.0' 'aleph-message==0.4.9' 'fastapi~=0.109.2' | ||
| # Compile Python code to bytecode for faster execution | ||
| # -o2 is needed to compile with optimization level 2 which is what we launch init1.py ("python -OO") | ||
| # otherwise they are not used | ||
| python3 -m compileall -o 2 -f /usr/local/lib/python3.11 | ||
| python3 -m compileall -o 2 -f /opt/aleph/libs | ||
| echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config | ||
| echo "PasswordAuthentication no" >> /etc/ssh/sshd_config | ||
| echo "ChallengeResponseAuthentication no" >> /etc/ssh/sshd_config | ||
| echo "PermitRootLogin yes" >> /etc/ssh/sshd_config | ||
| mkdir -p /overlay | ||
| # Set up a login terminal on the serial console (ttyS0): | ||
| ln -s agetty /etc/init.d/agetty.ttyS0 | ||
| echo ttyS0 > /etc/securetty | ||
| EOT | ||
|
|
||
| cat <<EOT > ./rootfs/etc/inittab | ||
| # /etc/inittab | ||
| ::sysinit:/sbin/init sysinit | ||
| ::sysinit:/sbin/init boot | ||
| ::wait:/sbin/init default | ||
| # Set up a couple of getty's | ||
| tty1::respawn:/sbin/getty 38400 tty1 | ||
| tty2::respawn:/sbin/getty 38400 tty2 | ||
| tty3::respawn:/sbin/getty 38400 tty3 | ||
| tty4::respawn:/sbin/getty 38400 tty4 | ||
| tty5::respawn:/sbin/getty 38400 tty5 | ||
| tty6::respawn:/sbin/getty 38400 tty6 | ||
| # Put a getty on the serial port | ||
| ttyS0::respawn:/sbin/getty -L ttyS0 115200 vt100 | ||
| # Stuff to do for the 3-finger salute | ||
| ::ctrlaltdel:/sbin/reboot | ||
| # Stuff to do before rebooting | ||
| ::shutdown:/sbin/init shutdown | ||
| EOT | ||
|
|
||
| # Reduce size | ||
| rm -fr ./rootfs/root/.cache | ||
| rm -fr ./rootfs/var/cache | ||
| mkdir -p ./rootfs/var/cache/apt/archives/partial | ||
| rm -fr ./rootfs/usr/share/doc | ||
| rm -fr ./rootfs/usr/share/man | ||
| rm -fr ./rootfs/var/lib/apt/lists/ | ||
|
|
||
| # Custom init | ||
| cp ./init0.sh ./rootfs/sbin/init | ||
| cp ./init1.py ./rootfs/root/init1.py | ||
| cp ./loading.html ./rootfs/root/loading.html | ||
| chmod +x ./rootfs/sbin/init | ||
| chmod +x ./rootfs/root/init1.py | ||
|
|
||
| mksquashfs ./rootfs/ ./rootfs.squashfs |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,58 @@ | ||
| #!/bin/sh | ||
|
|
||
| set -euf | ||
|
|
||
| mount -t proc proc /proc -o nosuid,noexec,nodev | ||
|
|
||
| log() { | ||
| echo "$(awk '{print $1}' /proc/uptime)" '|S' "$@" | ||
| } | ||
| log "init0.sh is launching" | ||
|
|
||
| # Switch root from read-only ext4 to to read-write overlay | ||
| mkdir -p /overlay | ||
| /bin/mount -t tmpfs -o noatime,mode=0755 tmpfs /overlay | ||
| mkdir -p /overlay/root /overlay/work | ||
| /bin/mount -o noatime,lowerdir=/,upperdir=/overlay/root,workdir=/overlay/work -t overlay "overlayfs:/overlay/root" /mnt | ||
| mkdir -p /mnt/rom | ||
| pivot_root /mnt /mnt/rom | ||
|
|
||
| mount --move /rom/proc /proc | ||
| mount --move /rom/dev /dev | ||
|
|
||
| mkdir -p /dev/pts | ||
| mkdir -p /dev/shm | ||
|
|
||
| mount -t sysfs sys /sys -o nosuid,noexec,nodev | ||
| mount -t tmpfs run /run -o mode=0755,nosuid,nodev | ||
| #mount -t devtmpfs dev /dev -o mode=0755,nosuid | ||
| mount -t devpts devpts /dev/pts -o mode=0620,gid=5,nosuid,noexec | ||
| mount -t tmpfs shm /dev/shm -omode=1777,nosuid,nodev | ||
|
|
||
| # Required by Docker | ||
| cgroupfs-mount | ||
| update-alternatives --set iptables /usr/sbin/iptables-legacy | ||
| update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy | ||
|
|
||
| # Enable the following to force the storage driver used by Docker. | ||
| # See https://docs.docker.com/storage/storagedriver/select-storage-driver/ | ||
| #echo '{\n"storage-driver": "overlay2"\n}\n' > /etc/docker/daemon.json | ||
|
|
||
| # List block devices | ||
| lsblk | ||
|
|
||
| #cat /proc/sys/kernel/random/entropy_avail | ||
|
|
||
| # TODO: Move in init1 | ||
| mkdir -p /run/sshd | ||
| /usr/sbin/sshd & | ||
| log "SSH UP" | ||
|
|
||
| log "Setup socat" | ||
| socat UNIX-LISTEN:/tmp/socat-socket,fork,reuseaddr VSOCK-CONNECT:2:53 & | ||
| log "Socat ready" | ||
|
|
||
| export PYTHONPATH=/opt/aleph/libs | ||
|
|
||
| # Replace this script with the manager | ||
| exec /root/init1.py |
Oops, something went wrong.