i386 구조 ISO 빌드와 현장 절차 문서화

2026-06-01 23:26:44 +09:00
parent 14f68278bc
commit bdd59c65a1
3 changed files with 92 additions and 12 deletions
--- a/README.md
+++ b/README.md
@@ -73,6 +73,35 @@ cp templates/rescue.env.example rescue.env
 - 작업 후 ephemeral `tailrescue-*` 노드 정리


+
+## v0.1.1 i386 industrial PC rescue build
+
+검증일: 2026-06-01
+
+- Release: https://git.0bin.in/thug0bin/tailrescue-headscale-iso/releases/tag/v0.1.1
+- i386 ISO: https://git.0bin.in/thug0bin/tailrescue-headscale-iso/releases/download/v0.1.1/tailrescue-headscale-i386-240h-20260601-2312.iso
+- SHA256: `71e00ab650f177d62295da66b8c7323d95150621ab3a0e7d60c94a39bb8c8173`
+- Architecture: `i386`, Debian 12 `linux-image-686-pae`
+- Tailscale: i386 `.deb` 직접 포함
+- Proxmox 검증: VMID `991`, `qemu32`, `rtl8139`
+- Headscale 자동등록: `tag:rescue`, 240h reusable/ephemeral preauth key로 검증
+- 검증 Tailnet IP: `100.64.0.78`
+- CT909 admin(`100.64.0.72`) → rescue SSH 검증 완료
+
+Download and verify:
+
+```bash
+curl -fL -O https://git.0bin.in/thug0bin/tailrescue-headscale-iso/releases/download/v0.1.1/tailrescue-headscale-i386-240h-20260601-2312.iso
+curl -fL -O https://git.0bin.in/thug0bin/tailrescue-headscale-iso/releases/download/v0.1.1/SHA256SUMS.i386
+sha256sum -c SHA256SUMS.i386
+```
+
+Build equivalent:
+
+```bash
+ARCH=i386 ISO_NAME=tailrescue-headscale-i386-240h-20260601-2312.iso ./scripts/build-live-iso.sh
+```
+
 ## Gitea Release artifact

 Verified PoC ISO is published as a Gitea Release attachment:
--- a/docs/runbook.md
+++ b/docs/runbook.md
@@ -4,7 +4,7 @@

 - Git: 소스/문서/스크립트/스킬만 저장
 - ISO: Gitea Release attachment 또는 내부 artifact path에 저장
- 현재 PoC ISO hash: `3d7995cfdf58c62f6ee167458079a7eaa1d2a79ac56e5f019cab1ec856943ddd`
+- 현재 i386 ISO hash: `71e00ab650f177d62295da66b8c7323d95150621ab3a0e7d60c94a39bb8c8173`

 ## 빌드

@@ -64,3 +64,40 @@ curl -H "Authorization: token $GITEA_TOKEN"   -F "attachment=@tailrescue-headsca
 Do not commit ISO files into Git.

 Note: the repository is public so Release attachments can be downloaded without authentication. Do not commit secrets or field-specific `rescue.env`; rotate preauth keys per build.
+
+
+
+## 오래된 산업용 PC 원격 드라이버 조사 플로우
+
+목표: Windows에서 NIC 드라이버가 없어 네트워크가 안 되는 장비를 TailRescue i386 ISO로 부팅한 뒤, Linux의 폭넓은 NIC/firmware 지원으로 Tailnet SSH를 확보하고 하드웨어 정보를 수집해 Windows용 드라이버를 찾는다.
+
+1. Ventoy/iVentoy에서 `tailrescue-headscale-i386-240h-20260601-2312.iso`로 부팅한다.
+2. Headscale/CT909에서 `tailrescue-*` 노드와 Tailnet IP를 확인한다.
+3. CT909에서 접속한다.
+
+```bash
+ssh rescue@100.64.x.y
+rescue-status
+list-disks
+```
+
+4. 하드웨어/드라이버 식별 정보를 수집한다.
+
+```bash
+sudo lspci -nnk
+sudo lspci -nn | grep -Ei 'ethernet|network|wireless|serial|vga|display|storage|sata|raid'
+sudo lsusb
+sudo dmidecode -t system -t baseboard -t bios
+ip -br link
+ethtool -i <nic>
+```
+
+5. PCI ID 예: `8086:10d3`, `10ec:8168` 기준으로 Windows 버전별 드라이버를 찾는다.
+6. Windows 파티션은 기본 read-only로 확인한다.
+
+```bash
+sudo mkdir -p /mnt/windows
+sudo mount-ntfs-ro /dev/sdXN /mnt/windows
+```
+
+주의: rescue 노드에서 내부 Tailnet 전체로 접근하는 권한은 주지 않고, admin 노드에서 rescue로 들어가는 방향만 허용한다.
--- a/scripts/build-live-iso.sh
+++ b/scripts/build-live-iso.sh
@@ -1,13 +1,20 @@
 #!/usr/bin/env bash
 set -euo pipefail

-WORKDIR=${WORKDIR:-/root/tailrescue-live}
+ARCH=${ARCH:-amd64}
+WORKDIR=${WORKDIR:-/root/tailrescue-live-$ARCH}
 OUTDIR=${OUTDIR:-/root/tailrescue-dist}
-ISO_NAME=${ISO_NAME:-tailrescue-headscale-$(date +%Y%m%d-%H%M).iso}
+ISO_NAME=${ISO_NAME:-tailrescue-headscale-${ARCH}-$(date +%Y%m%d-%H%M).iso}
 DIST=${DIST:-bookworm}
 RESCUE_ENV=${RESCUE_ENV:-rescue.env}
 AUTHORIZED_KEYS=${AUTHORIZED_KEYS:-templates/authorized_keys}

+case "$ARCH" in
+  amd64) KERNEL_PKG=linux-image-amd64 ;;
+  i386) KERNEL_PKG=linux-image-686-pae ;;
+  *) echo "unsupported ARCH=$ARCH; use amd64 or i386" >&2; exit 2 ;;
+esac
+
 if [[ ! -f "$RESCUE_ENV" ]]; then
  echo "missing $RESCUE_ENV; copy templates/rescue.env.example and fill field secrets" >&2
  exit 2
@@ -20,11 +27,13 @@ cd "$WORKDIR"

 lb config \
  --distribution "$DIST" \
+  --architectures "$ARCH" \
  --archive-areas "main contrib non-free non-free-firmware" \
  --binary-images iso-hybrid \
-  --bootappend-live "boot=live components hostname=tailrescue username=rescue"
+  --bootappend-live "boot=live components hostname=tailrescue username=rescue console=tty0 console=ttyS0,115200n8"

-cat > config/package-lists/tailrescue.list.chroot <<"PKGS"
+cat > config/package-lists/tailrescue.list.chroot <<PKGS
+$KERNEL_PKG
 systemd-sysv
 openssh-server
 sudo
@@ -71,11 +80,15 @@ PKGS
 mkdir -p config/includes.chroot/etc/apt/keyrings config/includes.chroot/etc/apt/sources.list.d
 curl -fsSL https://pkgs.tailscale.com/stable/debian/${DIST}.noarmor.gpg \
  -o config/includes.chroot/etc/apt/keyrings/tailscale-archive-keyring.gpg
-cat > config/includes.chroot/etc/apt/sources.list.d/tailscale.list <<TAILSRC
-deb [signed-by=/etc/apt/keyrings/tailscale-archive-keyring.gpg] https://pkgs.tailscale.com/stable/debian ${DIST} main
-TAILSRC
+case "$ARCH" in
+  amd64) TAILSCALE_DEB_ARCH=amd64 ;;
+  i386) TAILSCALE_DEB_ARCH=i386 ;;
+esac
+TAILSCALE_VERSION=${TAILSCALE_VERSION:-1.98.4}
+TAILSCALE_DEB="tailscale_${TAILSCALE_VERSION}_${TAILSCALE_DEB_ARCH}.deb"
+TAILSCALE_DEB_URL="https://pkgs.tailscale.com/stable/debian/pool/${TAILSCALE_DEB}"
 mkdir -p config/packages.chroot
-(cd config/packages.chroot && apt-get download tailscale)
+curl -fsSL "$TAILSCALE_DEB_URL" -o "config/packages.chroot/$TAILSCALE_DEB"

 mkdir -p config/includes.chroot/etc/tailrescue
 cp "$OLDPWD/$RESCUE_ENV" config/includes.chroot/etc/tailrescue/rescue.env
@@ -154,7 +167,8 @@ RemainAfterExit=yes
 [Install]
 WantedBy=multi-user.target
 SVC
-ln -sf /etc/systemd/system/tailrescue-firstboot.service config/includes.chroot/etc/systemd/system/multi-user.target.wants/tailrescue-firstboot.service 2>/dev/null || true
+mkdir -p config/includes.chroot/etc/systemd/system/multi-user.target.wants
+ln -sf ../tailrescue-firstboot.service config/includes.chroot/etc/systemd/system/multi-user.target.wants/tailrescue-firstboot.service

 mkdir -p config/hooks/normal
 cat > config/hooks/normal/0900-tailrescue-users.hook.chroot <<"HOOK"
@@ -190,6 +204,6 @@ elif [[ -f "$OLDPWD/templates/authorized_keys.example" ]]; then
 fi

 lb build
-cp -f live-image-amd64.hybrid.iso "$OUTDIR/$ISO_NAME"
-(cd "$OUTDIR" && sha256sum "$ISO_NAME" > SHA256SUMS && echo "$ISO_NAME" > latest.txt)
+cp -f "live-image-${ARCH}.hybrid.iso" "$OUTDIR/$ISO_NAME"
+(cd "$OUTDIR" && sha256sum "$ISO_NAME" > "SHA256SUMS.${ARCH}" && cp "SHA256SUMS.${ARCH}" SHA256SUMS && echo "$ISO_NAME" > "latest.${ARCH}.txt" && cp "latest.${ARCH}.txt" latest.txt)
 echo "$OUTDIR/$ISO_NAME"