Adolfo Delorenzo
efc7f80b65
Security hardening: bind kubeconfig server to localhost, mount hardening (noexec/nosuid/nodev on tmpfs), sysctl network hardening, kernel module loading lock after boot, SHA256 checksum verification for downloads, kernel AppArmor + Audit support, complain-mode AppArmor profiles for containerd and kubelet, and security integration test. ARM64 Raspberry Pi support: piCore64 base extraction, RPi kernel build from raspberrypi/linux fork, RPi firmware fetch, SD card image with 4- partition GPT and tryboot A/B mechanism, BootEnv Go interface abstracting GRUB vs RPi boot environments, architecture-aware build scripts, QEMU aarch64 dev VM and boot test. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
35 lines
1.5 KiB
Bash
Executable File
35 lines
1.5 KiB
Bash
Executable File
#!/bin/sh
|
|
# 10-parse-cmdline.sh — Parse boot parameters from /proc/cmdline
|
|
|
|
for arg in $(cat /proc/cmdline); do
|
|
case "$arg" in
|
|
kubesolo.data=*) KUBESOLO_DATA_DEV="${arg#kubesolo.data=}" ;;
|
|
kubesolo.debug) KUBESOLO_DEBUG=1; set -x ;;
|
|
kubesolo.shell) KUBESOLO_SHELL=1 ;;
|
|
kubesolo.nopersist) KUBESOLO_NOPERSIST=1 ;;
|
|
kubesolo.cloudinit=*) KUBESOLO_CLOUDINIT="${arg#kubesolo.cloudinit=}" ;;
|
|
kubesolo.flags=*) KUBESOLO_EXTRA_FLAGS="${arg#kubesolo.flags=}" ;;
|
|
kubesolo.edge_id=*) KUBESOLO_PORTAINER_EDGE_ID="${arg#kubesolo.edge_id=}" ;;
|
|
kubesolo.edge_key=*) KUBESOLO_PORTAINER_EDGE_KEY="${arg#kubesolo.edge_key=}" ;;
|
|
kubesolo.nomodlock) KUBESOLO_NOMODLOCK=1 ;;
|
|
kubesolo.noapparmor) KUBESOLO_NOAPPARMOR=1 ;;
|
|
esac
|
|
done
|
|
|
|
export KUBESOLO_NOMODLOCK
|
|
export KUBESOLO_NOAPPARMOR
|
|
|
|
if [ -z "$KUBESOLO_DATA_DEV" ] && [ "$KUBESOLO_NOPERSIST" != "1" ]; then
|
|
log_warn "No kubesolo.data= specified and kubesolo.nopersist not set"
|
|
log_warn "Attempting auto-detection of data partition (label: KSOLODATA)"
|
|
KUBESOLO_DATA_DEV=$(blkid -L KSOLODATA 2>/dev/null || true)
|
|
if [ -z "$KUBESOLO_DATA_DEV" ]; then
|
|
log_warn "No data partition found. Running in RAM-only mode."
|
|
KUBESOLO_NOPERSIST=1
|
|
else
|
|
log "Auto-detected data partition: $KUBESOLO_DATA_DEV"
|
|
fi
|
|
fi
|
|
|
|
log "Config: data=$KUBESOLO_DATA_DEV debug=$KUBESOLO_DEBUG nopersist=$KUBESOLO_NOPERSIST"
|