ci: regenerate new artifacts

Add a new script to regenerate the CI artifacts. This includes:

- Latest stable Linux kernels
- Latest rootfs (Ubuntu 22.04)

Signed-off-by: Pablo Barbáchano <pablob@amazon.com>

Author: pb8o

docs/rootfs-and-kernel-setup.md

@@ -74,14 +74,13 @@ on an aarch64 machine.
 
 ## Creating a rootfs Image
 
-A rootfs image is just a file system image, that hosts at least an init
-system. For instance, our getting started guide uses an EXT4 FS image with
-OpenRC as an init system. Note that, whichever file system you choose to use,
-support for it will have to be compiled into the kernel, so it can be mounted
-at boot time.
+A rootfs image is just a file system image, that hosts at least an init system.
+For instance, our getting started guide uses an ext4 filesystem image. Note
+that, whichever file system you choose to use, support for it will have to be
+compiled into the kernel, so it can be mounted at boot time.
 
-In order to obtain an EXT4 image that you can use with Firecracker, you have
-the following options:
+In order to obtain an ext4 image that you can use with Firecracker, you have the
+following options:
 
 ### Manual build
 
@@ -168,20 +167,14 @@ Alpine Linux:
 ### Use the provided recipe
 
 The disk images used in our CI to test Firecracker's features are obtained by
-using the recipe inside devtool:
-
-```bash
-./tools/devtool build_rootfs -s 300MB
-```
-
-or
+using the recipe (in a Ubuntu 22.04 host):
 
 ```bash
-./tools/devtool build_rootfs -p
+./resources/rebuild.sh
 ```
 
-in order to obtain a partuuid enabled rootfs.
-The images resulting using this method are minimized Ubuntu 18.04.
+The images resulting using this method are minimized Ubuntu 22.04. Feel free to
+adjust the script(s) to suit your use case.
 
 You should now have a kernel image (`vmlinux`) and a rootfs image
 (`rootfs.ext4`), that you can boot with Firecracker.

resources/chroot.sh

@@ -0,0 +1,74 @@
+#!/bin/bash
+# Copyright 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+# fail if we encounter an error, uninitialized variable or a pipe breaks
+set -eu -o pipefail
+
+# be verbose
+set -x
+PS4='+\t '
+
+cp -ruv $rootfs/* /
+
+packages="udev systemd-sysv openssh-server iproute2 curl socat python3-minimal iperf3 iputils-ping fio kmod"
+
+# msr-tools is only supported on x86-64.
+arch=$(uname -m)
+if [ "${arch}" == "x86_64" ]; then
+    packages="$packages msr-tools cpuid"
+fi
+
+export DEBIAN_FRONTEND=noninteractive
+apt update
+apt install -y --no-install-recommends $packages
+apt autoremove
+
+# Set a hostname.
+echo "ubuntu-fc-uvm" > /etc/hostname
+
+passwd -d root
+
+# The serial getty service hooks up the login prompt to the kernel console
+# at ttyS0 (where Firecracker connects its serial console). We'll set it up
+# for autologin to avoid the login prompt.
+for console in ttyS0; do
+    mkdir "/etc/systemd/system/serial-getty@$console.service.d/"
+    cat <<'EOF' > "/etc/systemd/system/serial-getty@$console.service.d/override.conf"
+[Service]
+# systemd requires this empty ExecStart line to override
+ExecStart=
+ExecStart=-/sbin/agetty --autologin root -o '-p -- \\u' --keep-baud 115200,38400,9600 %I dumb
+EOF
+done
+
+# Setup fcnet service. This is a custom Firecracker setup for assigning IPs
+# to the network interfaces in the guests spawned by the CI.
+ln -s /etc/systemd/system/fcnet.service /etc/systemd/system/sysinit.target.wants/fcnet.service
+
+# Disable resolved and ntpd
+#
+rm -f /etc/systemd/system/multi-user.target.wants/systemd-resolved.service
+rm -f /etc/systemd/system/dbus-org.freedesktop.resolve1.service
+rm -f /etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service
+
+# make /tmp a tmpfs
+ln -s /usr/share/systemd/tmp.mount /etc/systemd/system/tmp.mount
+systemctl enable tmp.mount
+
+# don't need this
+systemctl disable e2scrub_reap.service
+rm -vf /etc/systemd/system/timers.target.wants/*
+# systemctl list-units --failed
+# /lib/systemd/system/systemd-random-seed.service
+
+systemctl enable var-lib-systemd.mount
+
+#### trim image https://wiki.ubuntu.com/ReducingDiskFootprint
+# this does not save much, but oh well
+rm -rf /usr/share/{doc,man,info,locale}
+
+cat >> /etc/sysctl.conf <<EOF
+# This avoids a SPECTRE vuln
+kernel.unprivileged_bpf_disabled=1
+EOF

resources/guest_configs/microvm-kernel-ci-arm64-4.14.config renamed to resources/guest_configs/microvm-kernel-ci-aarch64-4.14.config

@@ -1375,7 +1375,7 @@ CONFIG_VIRTIO_CONSOLE=y
 # CONFIG_IPMI_HANDLER is not set
 CONFIG_HW_RANDOM=y
 # CONFIG_HW_RANDOM_TIMERIOMEM is not set
-# CONFIG_HW_RANDOM_VIRTIO is not set
+CONFIG_HW_RANDOM_VIRTIO=y
 
 #
 # PCMCIA character devices