build/rfs: integrate RFS flists + runtime orchestration

• Add standalone RFS tooling: scripts/rfs/common.sh, pack-modules.sh, pack-firmware.sh, verify-flist.sh • Patch flist route.url with read-only Garage S3 credentials; optional HTTPS store row; optional manifest upload via mcli • Build integration: stage_rfs_flists in scripts/build.sh to pack and embed manifests under initramfs/etc/rfs • Runtime: add zinit units rfs-modules (after: network), rfs-firmware (after: network) as daemons; add udev-rfs oneshot post-mount • Keep early udev-trigger oneshot to coldplug NICs before RFS mounts • Firmware flist reproducible naming: respect FIRMWARE_TAG from env or config/build.conf, default to latest • Docs: update docs/rfs-flists.md with runtime ordering, reproducible tagging, verification steps
2025-09-08 23:39:20 +02:00
parent afd4f4c6f9
commit 652d38abb1
7 changed files with 217 additions and 39 deletions
--- a/scripts/build.sh
+++ b/scripts/build.sh
@@ -287,6 +287,62 @@ function main_build_process() {
        initramfs_copy_resolved_modules "$INSTALL_DIR" "$FULL_KERNEL_VERSION"
    }
    
+    # Create RFS flists and embed them into initramfs prior to CPIO
+    function stage_rfs_flists() {
+        section_header "Creating RFS flists and embedding into initramfs"
+
+        # Ensure FULL_KERNEL_VERSION is available
+        if [[ -z "${FULL_KERNEL_VERSION:-}" ]]; then
+            FULL_KERNEL_VERSION=$(kernel_get_full_version "$KERNEL_VERSION" "$KERNEL_CONFIG")
+            export FULL_KERNEL_VERSION
+            log_info "Resolved FULL_KERNEL_VERSION: ${FULL_KERNEL_VERSION}"
+        fi
+
+        # Ensure rfs scripts are executable (avoid subshell to preserve quoting)
+        safe_execute chmod +x ./scripts/rfs/*.sh
+
+        # Build modules flist (writes to dist/flists/modules-${FULL_KERNEL_VERSION}.fl)
+        safe_execute ./scripts/rfs/pack-modules.sh
+
+        # Build firmware flist with a reproducible tag:
+        # Priority: env FIRMWARE_TAG > config/build.conf: FIRMWARE_TAG > "latest"
+        local fw_tag
+        if [[ -n "${FIRMWARE_TAG:-}" ]]; then
+            fw_tag="${FIRMWARE_TAG}"
+        else
+            if [[ -f "${CONFIG_DIR}/build.conf" ]]; then
+                # shellcheck source=/dev/null
+                source "${CONFIG_DIR}/build.conf"
+            fi
+            fw_tag="${FIRMWARE_TAG:-latest}"
+        fi
+        log_info "Using firmware tag: ${fw_tag}"
+        safe_execute env FIRMWARE_TAG="${fw_tag}" ./scripts/rfs/pack-firmware.sh
+
+        # Embed flists inside initramfs at /etc/rfs for zinit init scripts
+        local etc_rfs_dir="${INSTALL_DIR}/etc/rfs"
+        safe_mkdir "${etc_rfs_dir}"
+
+        local modules_fl="dist/flists/modules-${FULL_KERNEL_VERSION}.fl"
+        if [[ -f "${modules_fl}" ]]; then
+            safe_execute cp "${modules_fl}" "${etc_rfs_dir}/"
+            log_info "Embedded modules flist: ${modules_fl} -> ${etc_rfs_dir}/"
+        else
+            log_warn "Modules flist not found: ${modules_fl}"
+        fi
+
+        local firmware_fl="dist/flists/firmware-${fw_tag}.fl"
+        if [[ -f "${firmware_fl}" ]]; then
+            # Provide canonical name firmware-latest.fl expected by firmware.sh
+            safe_execute cp "${firmware_fl}" "${etc_rfs_dir}/firmware-latest.fl"
+            log_info "Embedded firmware flist: ${firmware_fl} -> ${etc_rfs_dir}/firmware-latest.fl"
+        else
+            log_warn "Firmware flist not found: ${firmware_fl}"
+        fi
+
+        log_info "RFS flists embedded into initramfs"
+    }
+
    function stage_cleanup() {
        alpine_aggressive_cleanup "$INSTALL_DIR"
    }
@@ -336,6 +392,7 @@ function main_build_process() {
    stage_run "modules_setup" stage_modules_setup
    stage_run "modules_copy" stage_modules_copy
    stage_run "cleanup" stage_cleanup
+    stage_run "rfs_flists" stage_rfs_flists
    stage_run "validation" stage_validation
    stage_run "initramfs_create" stage_initramfs_create
    stage_run "initramfs_test" stage_initramfs_test