Update debian bookworm config

Update debian bookworm configuration to be more useful to test for a
reproducable developer environment. I use the configuration in this
commit to create a developer environment to create new features and
test for regressions.

The following configuration does the following:

- Configure Debian base system.
- Configure Networking
- Run firstboot service that creates a user,
  configures, grub, etc.
- Install Debian packages that are required to run
  apt-ostree on a virtual machine.
- Upgrade the size of the virtual machine disk size
  to 20G.

Test Plan
PASSED Install apt-ostree from git repo.
PASSED Build apt-ostree image from configuration.

Story: 2010867
Task: 48556

Change-Id: Ic3704bba1039248ff30f2bcb3956bec448782dc7
Signed-off-by: Charles Short <charles.short@windriver.com>

apt_ostree/constants.py

@@ -10,7 +10,6 @@ VERSION = "0.1"
 # packages to exclude from systemd-tmpfiles check.
 excluded_packages = [
     "ucf",
-    "dpkg",
     "base-files",
     "systemd",
     "init-system-helpers",

config/debian/bookworm/bootstrap.yaml

@@ -8,21 +8,59 @@ mmdebstrap:
   suite: bookworm
   architectures: [amd64]
   components: [main, contrib, non-free, non-free-firmware]
-  vairant: minbase
 
+  # Customizations that happen before bootstrapping.
   setup-hooks:
     - 'sync-in overlay/debian/ /'
     - 'sync-in overlay/ostree/ /'
+    - 'sync-in overlay/auto-login/ /'
+    - 'sync-in overlay/firstboot/ /'
 
+  # Customizations that happen after boostrapping.
   customize-hooks:
+    - 'sync-in overlay/adduser/ /'
     - echo 'root:root' | chroot "$1" chpasswd
-    - echo "localhost" > $1/etc/hostname
+    - chroot $1 echo "localhost" > $1/etc/hostname
+    - systemctl disable --root=$1 apt-daily.timer cron
+    - systemctl enable --root="$1" firstboot systemd-networkd
+    - chroot $1 cp -alf /lib/systemd/resolv.conf /etc/resolv.conf
+    - chroot $1 cp -alf /usr/libexec/libostree/grub2-15_ostree /etc/grub.d/15_ostree
+    - chroot $1 cp -alf /usr/lib/os-release /etc/os-release
 
+  # Packages to install after bootstrapping.
   packages:
     - linux-image-amd64
     - firmware-linux
-
+    - sudo
     - ostree
     - ostree-boot
+    - libostree-1-1
+    - libostree-dev
     - systemd-boot
     - dracut
+    - grub-efi-amd64
+    - vim
+    - net-tools
+    - openssh-client
+    - openssh-server
+    - procps
+    - less
+    - dbus
+    - policykit-1
+    - libnss-resolve
+    - curl
+    - wget
+    - git-core
+    - rsync
+    - bubblewrap
+    - python3-apt
+    - python3-all
+    - python3-pip
+    - python3-pbr
+    - python3-gi
+    - python3-click
+    - bdebstrap
+    - gobject-introspection
+    - gir1.2-ostree-1.0
+    - software-properties-common
+    - libnss-systemd

config/debian/bookworm/image/image.yaml

@@ -5,7 +5,7 @@
 {{- $cmdline := or .cmdline "console=tty0 console=ttyS0,115200n8 rootwait rw fsck.mode=auto fsck.repair=yes systemd.gpt_auto=false" -}}
 {{- $branch := or .branch "debian/bookworm" -}}
 {{- $repo := or .repo "ostree_repo" -}}
-{{- $size := or .size "3G" -}}
+{{- $size := or .size "20G" -}}
 
 architecture: {{ $architecture }}
 

config/debian/bookworm/overlay/adduser/etc/adduser.conf

@@ -0,0 +1,107 @@
+# /etc/adduser.conf: `adduser' configuration.
+# See adduser(8) and adduser.conf(5) for full documentation.
+
+# A commented out setting indicates that this is the default in the
+# code. If you need to change those settings, remove the comment and
+# make your intended change.
+
+# STDERRMSGLEVEL, STDOUTMSGLEVEL, and LOGMSGLEVEL set the minimum
+# priority for messages logged to syslog/journal and the console,
+# respectively.
+# Values are trace, debug, info, warn, err, and fatal.
+# Messages with the set priority or higher get logged to the
+# respective medium.
+#STDERRMSGLEVEL=warn
+#STDOUTMSGLEVEL=info
+#SYSLOGLEVEL=info
+
+# The login shell to be used for all new users.
+# Default: DSHELL=/bin/bash
+#DSHELL=/bin/bash
+
+# The directory in which new home directories should  be  created.
+# Default: DHOME=/home
+DHOME=/var/home
+
+# The directory from which skeletal user configuration files
+# will be copied.
+# Default: SKEL=/etc/skel
+#SKEL=/etc/skel
+
+# Specify inclusive ranges of UIDs and GIDs from which UIDs and GIDs
+# for system users, system groups, non-system users and non-system groups
+# can be dynamically allocated.
+# Default: FIRST_SYSTEM_UID=100, LAST_SYSTEM_UID=999
+#FIRST_SYSTEM_UID=100
+#LAST_SYSTEM_UID=999
+
+# Default: FIRST_SYSTEM_GID=100, LAST_SYSTEM_GID=999
+#FIRST_SYSTEM_GID=100
+#LAST_SYSTEM_GID=999
+
+# Default: FIRST_UID=1000, LAST_UID=59999
+#FIRST_UID=1000
+#LAST_UID=59999
+
+# Default: FIRST_GID=1000, LAST_GID=59999
+#FIRST_GID=1000
+#LAST_GID=59999
+
+# Specify a file or a directory containing UID and GID pool.
+#UID_POOL=/etc/adduser-pool.conf
+#UID_POOL=/etc/adduser-pool.d/
+#GID_POOL=/etc/adduser-pool.conf
+#GID_POOL=/etc/adduser-pool.d/
+
+# Specify whether each created non-system user will be
+# given their own group to use.
+# Default: USERGROUPS=yes
+#USERGROUPS=yes
+
+# Defines the groupname or GID of the group all newly-created
+# non-system users are placed into.
+# It is a configuration error to define both variables
+# even if the values are consistent.
+# Default: USERS_GID=undefined, USERS_GROUP=users
+#USERS_GID=100
+#USERS_GROUP=users
+
+# The permissions mode for home directories of non-system users.
+# Default: DIR_MODE=0700
+#DIR_MODE=0700
+
+# The permissions mode for home directories of system users.
+# Default: SYS_DIR_MODE=0755
+#SYS_DIR_MODE=0755
+
+# If set to a nonempty value, new users will have quotas copied
+# from that user with `edquota -p QUOTAUSER newuser'
+# Default: QUOTAUSER=""
+#QUOTAUSER=""
+
+# Non-system user- and groupnames are checked against this regular
+# expression.
+# Default: NAME_REGEX="^[a-z][-a-z0-9_]*\$?$"
+#NAME_REGEX="^[a-z][-a-z0-9_]*\$?$"
+
+# System user- and groupnames are checked against this regular
+# expression.
+# Default: SYS_NAME_REGEX="^[a-z_][-a-z0-9_]*\$?$"
+#SYS_NAME_REGEX="^[a-z_][-a-z0-9_]*\$?$"
+
+# When populating the newly created home directory of a non-system user,
+# files in SKEL matching this regex are not copied.
+# Default: SKEL_IGNORE_REGEX="\.(dpkg|ucf)-(old|new|dist|save)$"
+#SKEL_IGNORE_REGEX="\.(dpkg|ucf)-(old|new|dist|save)$"
+
+# list of groups that new non-system users will be added to
+# if ADD_EXTRA_GROUPS is non-zero or set on the command line.
+# Default: EXTRA_GROUPS="users"
+#EXTRA_GROUPS="users"
+
+# Setting this to something other than 0 will cause adduser to add
+# newly created non-system users to the list of groups defined by
+# EXTRA_GROUPS.
+# Default: ADD_EXTRA_GROUPS=0
+#ADD_EXTRA_GROUPS=0
+

config/debian/bookworm/overlay/adduser/etc/default/useradd

@@ -0,0 +1,37 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DSHELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+# GROUP=100
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/var/home
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+# INACTIVE=-1
+#
+# The default expire date
+# EXPIRE=
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=no
+

config/debian/bookworm/overlay/auto-login/etc/hostname

@@ -0,0 +1 @@
+localhost

config/debian/bookworm/overlay/auto-login/etc/systemd/network/dhcp.network

@@ -0,0 +1,5 @@
+[Match]
+Name=en*
+
+[Network]
+DHCP=yes

config/debian/bookworm/overlay/auto-login/etc/systemd/system/console-getty.service.d/autologin.conf

@@ -0,0 +1,3 @@
+[Service]
+ExecStart=
+ExecStart=-/sbin/agetty -o '-p -f -- \\u' --noclear --keep-baud --autologin user - 115200,38400,9600 $TERM

config/debian/bookworm/overlay/auto-login/etc/systemd/system/serial-getty@ttyS0.service.d/autologin.conf

@@ -0,0 +1,4 @@
+[Service]
+Type=simple
+ExecStart=
+ExecStart=-/sbin/agetty --autologin user --noclear %I 38400 linux

config/debian/bookworm/overlay/debian/etc/apt/apt.conf.d/15update-stamp

@@ -0,0 +1 @@
+APT::Update::Post-Invoke-Success {"touch /var/lib/apt/periodic/update-success-stamp 2>/dev/null || true";};

config/debian/bookworm/overlay/debian/etc/apt/apt.conf.d/90disable-http-pipelining

@@ -0,0 +1,4 @@
+# Work around issues with the APT downloader corrupting files and
+# causing "Hash Sum Mismatch" errors:
+# https://phabricator.collabora.com/T15071
+Acquire::http::Pipeline-Depth 0;

config/debian/bookworm/overlay/debian/etc/apt/sources.list

@@ -0,0 +1,14 @@
+deb https://ftp.debian.org/debian/ bookworm contrib main non-free non-free-firmware
+# deb-src https://ftp.debian.org/debian/ bookworm contrib main non-free non-free-firmware
+
+deb https://ftp.debian.org/debian/ bookworm-updates contrib main non-free non-free-firmware
+# deb-src https://ftp.debian.org/debian/ bookworm-updates contrib main non-free non-free-firmware
+
+deb https://ftp.debian.org/debian/ bookworm-proposed-updates contrib main non-free non-free-firmware
+# deb-src https://ftp.debian.org/debian/ bookworm-proposed-updates contrib main non-free non-free-firmware
+
+deb https://ftp.debian.org/debian/ bookworm-backports contrib main non-free non-free-firmware
+# deb-src https://ftp.debian.org/debian/ bookworm-backports contrib main non-free non-free-firmware
+
+deb https://security.debian.org/debian-security/ bookworm-security contrib main non-free non-free-firmware
+# deb-src https://security.debian.org/debian-security/ bookworm-security contrib main non-free non-free-firmware

config/debian/bookworm/overlay/debian/etc/default/grub

@@ -0,0 +1,45 @@
+# If you change this file, run 'update-grub' afterwards to update
+# /boot/grub/grub.cfg.
+# For full documentation of the options in this file, see:
+#   info -f grub -n 'Simple configuration'
+
+GRUB_DEFAULT=0
+GRUB_TIMEOUT=5
+GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
+GRUB_CMDLINE_LINUX_DEFAULT="quiet"
+GRUB_CMDLINE_LINUX=""
+# Kernel console on both serial and kvm/local console
+GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200n8 rootdelay=60"
+# Show grub menu on both serial and kvm/local console
+GRUB_TERMINAL="console serial"
+GRUB_SERIAL_COMMAND="serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1"
+
+
+# If your computer has multiple operating systems installed, then you
+# probably want to run os-prober. However, if your computer is a host
+# for guest OSes installed via LVM or raw disk devices, running
+# os-prober can cause damage to those guest OSes as it mounts
+# filesystems to look for things.
+#GRUB_DISABLE_OS_PROBER=false
+
+# Uncomment to enable BadRAM filtering, modify to suit your needs
+# This works with Linux (no patch required) and with any kernel that obtains
+# the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...)
+#GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef"
+
+# Uncomment to disable graphical terminal
+#GRUB_TERMINAL=console
+
+# The resolution used on graphical terminal
+# note that you can use only modes which your graphic card supports via VBE
+# you can see them in real GRUB with the command `vbeinfo'
+#GRUB_GFXMODE=640x480
+
+# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux
+#GRUB_DISABLE_LINUX_UUID=true
+
+# Uncomment to disable generation of recovery mode menu entries
+#GRUB_DISABLE_RECOVERY="true"
+
+# Uncomment to get a beep at grub start
+#GRUB_INIT_TUNE="480 440 1"

config/debian/bookworm/overlay/debian/etc/dpkg/dpkg.cfg.d/starlingx-dpkg-sppedup

@@ -0,0 +1 @@
+force-unsafe-io

config/debian/bookworm/overlay/debian/etc/dpkg/dpkg.cfg.d/starlingx-exclusions-docs

@@ -0,0 +1,9 @@
+# Exclude all kind of docs
+path-exclude=/usr/share/doc/*
+path-include=/usr/share/doc/*/copyright_report*
+path-include=/usr/share/doc/*/*.json*
+path-exclude=/usr/share/man/*
+path-exclude=/usr/share/info/*
+path-exclude=/usr/share/lintian/*
+path-exclude=/usr/share/linda/*
+path-exclude=/var/cache/man/*

config/debian/bookworm/overlay/debian/etc/hostname

@@ -0,0 +1 @@
+localhost

config/debian/bookworm/overlay/debian/etc/pip.conf

@@ -0,0 +1,2 @@
+[global]
+break-system-packages = true

config/debian/bookworm/overlay/debian/etc/systemd/network/dhcp.network

@@ -0,0 +1,5 @@
+[Match]
+Name=en*
+
+[Network]
+DHCP=yes

config/debian/bookworm/overlay/debian/etc/systemd/network/wired.network

@@ -0,0 +1,6 @@
+[Match]
+Name=e*
+KernelCommandLine=!nfsroot
+
+[Network]
+DHCP=yes

config/debian/bookworm/overlay/debian/etc/systemd/system/console-getty.service.d/autologin.conf

@@ -0,0 +1,3 @@
+[Service]
+ExecStart=
+ExecStart=-/sbin/agetty -o '-p -f -- \\u' --noclear --keep-baud --autologin user - 115200,38400,9600 $TERM

config/debian/bookworm/overlay/debian/etc/systemd/system/serial-getty@ttyS0.service.d/autologin.conf

@@ -0,0 +1,4 @@
+[Service]
+Type=simple
+ExecStart=
+ExecStart=-/sbin/agetty --autologin user --noclear %I 38400 linux

config/debian/bookworm/overlay/debian/usr/sbin/firstboot.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+
+if [ -f /var/.firstboot ]; then
+	exit 0
+fi
+logger "Setting up admin user"
+
+adduser --gecos User user
+adduser user sudo
+echo "user:user" | chpasswd
+
+sed -i "s/\#PermitRootLogin prohibit-password/\#PermitRootLogin prohibit-password\nPermitRootLogin Yes\n/" /etc/ssh/sshd_config
+systemctl restart ssh.service
+
+grub-install --uefi-secure-boot --target="x86_64-efi" --no-nvram --removable
+grub-install --uefi-secure-boot --target="x86_64-efi" --no-nvram
+update-grub
+cp -rp /boot/ostree/* /ostree/
+
+touch /var/.firstboot
+
+shutdown -r now

config/debian/bookworm/overlay/firstboot/lib/systemd/system/firstboot.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=FirstBoot
+After=network.target apt-daily.service apt-daily-upgrade.service
+Before=rc-local.service
+ConditionFileNotEmpty=/usr/sbin/firstboot.sh
+
+[Service]
+ExecStart=/usr/sbin/firstboot.sh
+Type=oneshot
+RemainAfterExit=no
+
+[Install]
+WantedBy=multi-user.target

config/debian/bookworm/overlay/firstboot/usr/sbin/firstboot.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+
+
+if [ -f /var/.firstboot ]; then
+	exit 0
+fi
+logger "Setting up admin user"
+
+adduser --gecos User user
+adduser user sudo
+echo "user:user" | chpasswd
+
+mkdir -p /var/lib/apt/lists
+apt-get update
+
+sed -i "s/\#PermitRootLogin prohibit-password/\#PermitRootLogin prohibit-password\nPermitRootLogin Yes\n/" /etc/ssh/sshd_config
+systemctl restart ssh.service
+
+grub-install --uefi-secure-boot --target="x86_64-efi" --no-nvram --removable
+grub-install --uefi-secure-boot --target="x86_64-efi" --no-nvram
+update-grub
+cp -rp /boot/ostree/* /ostree/
+
+touch /var/.firstboot
+
+shutdown -r now

config/debian/bookworm/overlay/networkd/etc/systemd/network/wired.network

@@ -0,0 +1,7 @@
+[Match]
+Name=e*
+KernelCommandLine=!nfsroot
+
+[Network]
+DHCP=yes
+

config/debian/bookworm/overlay/ostree/lib/tmpfiles.d/ostree-integration.conf

@@ -14,5 +14,3 @@ d /var/usrlocal/share 0755 root root -
 d /var/usrlocal/src 0755 root root -
 d /var/mnt 0755 root root -
 d /run/media 0755 root root -
-d /var/lib/apt/lists/partial 0755 root root -
-L /var/lib/dpkg - - - - ../../usr/rootdirs/var/lib/dpkg