Setup Docker build area
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
FROM base/archlinux
RUN pacman -Sy && \
pacman -S go \
sudo \
vim \
ca-certificates \
libcap \
git --noconfirm
RUN useradd -m -G wheel -s /bin/bash build && \
echo "%wheel ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
USER build
CMD ["/bin/bash"]
|
Build and run…
1
2
|
docker build -t uroot .
docker run --rm -it --name uroot -v <somefolder>:/home/build
|
We’ll assume that in you’ve pulled the built image of dnscrypt-proxy from https://github.com/jedisct1/dnscrypt-proxy/releases
Now install u-root
1
2
|
go get github.com/u-root/u-root
cd go/bin
|
Then run a script that looks like this:
1
2
3
4
5
6
|
./u-root -build=bb \
-files "$HOME/dnscrypt-proxy/dnscrypt-proxy:inito" \
-files "$HOME/dnscrypt-proxy/dnscrypt-proxy.toml:dnscrypt-proxy.toml" \
-files "$HOME/dnscrypt-proxy/public-resolvers.md:public-resolvers.md" \
-files "$HOME/dnscrypt-proxy/public-resolvers.md.minisig:public-resolvers.md.minisig" \
-files "/etc/ca-certificates/extracted/tls-ca-bundle.pem:etc/ssl/certs/ca-certicates.crt"
|
NOTES: dnscrypt-proxy makes https calls, so it needs access to ca-certificates in a well known path.
NOTES: cheating here by copying it all into root folder, and renaming the binary ‘inito’ so it’s automatically run -could be neater
Those commands generate a file initramfs.linux_amd64.cpio in /tmp (you can redirect that to some other file).
To run in xen, grab your kernel from /boot, and create a xen config file - this is for an Alpine PV host… vi uroot.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
|
# Kernel paths for install
kernel = "<blah>/uroot/vmlinuz-virthardened"
ramdisk = "<blah>/uroot/initramfs.linux_amd64.cpio"
extra="modules=loop,squashfs console=hvc0 ip=dhcp"
# Network configuration
vif = ['bridge=xenbr0']
# DomU settings
memory = 128
name = "uroot-a1"
vcpus = 1
maxvcpus = 1
|
Then run with
1
|
sudo xl create -f ./uroot.cfg -c
|