diff --git a/README.md b/README.md index cd58e4b..17ba874 100644 --- a/README.md +++ b/README.md @@ -73,6 +73,35 @@ cp templates/rescue.env.example rescue.env - 작업 후 ephemeral `tailrescue-*` 노드 정리 + +## v0.1.1 i386 industrial PC rescue build + +검증일: 2026-06-01 + +- Release: https://git.0bin.in/thug0bin/tailrescue-headscale-iso/releases/tag/v0.1.1 +- i386 ISO: https://git.0bin.in/thug0bin/tailrescue-headscale-iso/releases/download/v0.1.1/tailrescue-headscale-i386-240h-20260601-2312.iso +- SHA256: `71e00ab650f177d62295da66b8c7323d95150621ab3a0e7d60c94a39bb8c8173` +- Architecture: `i386`, Debian 12 `linux-image-686-pae` +- Tailscale: i386 `.deb` 직접 포함 +- Proxmox 검증: VMID `991`, `qemu32`, `rtl8139` +- Headscale 자동등록: `tag:rescue`, 240h reusable/ephemeral preauth key로 검증 +- 검증 Tailnet IP: `100.64.0.78` +- CT909 admin(`100.64.0.72`) → rescue SSH 검증 완료 + +Download and verify: + +```bash +curl -fL -O https://git.0bin.in/thug0bin/tailrescue-headscale-iso/releases/download/v0.1.1/tailrescue-headscale-i386-240h-20260601-2312.iso +curl -fL -O https://git.0bin.in/thug0bin/tailrescue-headscale-iso/releases/download/v0.1.1/SHA256SUMS.i386 +sha256sum -c SHA256SUMS.i386 +``` + +Build equivalent: + +```bash +ARCH=i386 ISO_NAME=tailrescue-headscale-i386-240h-20260601-2312.iso ./scripts/build-live-iso.sh +``` + ## Gitea Release artifact Verified PoC ISO is published as a Gitea Release attachment: diff --git a/docs/runbook.md b/docs/runbook.md index b40da57..12dbaf3 100644 --- a/docs/runbook.md +++ b/docs/runbook.md @@ -4,7 +4,7 @@ - Git: 소스/문서/스크립트/스킬만 저장 - ISO: Gitea Release attachment 또는 내부 artifact path에 저장 -- 현재 PoC ISO hash: `3d7995cfdf58c62f6ee167458079a7eaa1d2a79ac56e5f019cab1ec856943ddd` +- 현재 i386 ISO hash: `71e00ab650f177d62295da66b8c7323d95150621ab3a0e7d60c94a39bb8c8173` ## 빌드 @@ -64,3 +64,40 @@ curl -H "Authorization: token $GITEA_TOKEN" -F "attachment=@tailrescue-headsca Do not commit ISO files into Git. Note: the repository is public so Release attachments can be downloaded without authentication. Do not commit secrets or field-specific `rescue.env`; rotate preauth keys per build. + + + +## 오래된 산업용 PC 원격 드라이버 조사 플로우 + +목표: Windows에서 NIC 드라이버가 없어 네트워크가 안 되는 장비를 TailRescue i386 ISO로 부팅한 뒤, Linux의 폭넓은 NIC/firmware 지원으로 Tailnet SSH를 확보하고 하드웨어 정보를 수집해 Windows용 드라이버를 찾는다. + +1. Ventoy/iVentoy에서 `tailrescue-headscale-i386-240h-20260601-2312.iso`로 부팅한다. +2. Headscale/CT909에서 `tailrescue-*` 노드와 Tailnet IP를 확인한다. +3. CT909에서 접속한다. + +```bash +ssh rescue@100.64.x.y +rescue-status +list-disks +``` + +4. 하드웨어/드라이버 식별 정보를 수집한다. + +```bash +sudo lspci -nnk +sudo lspci -nn | grep -Ei 'ethernet|network|wireless|serial|vga|display|storage|sata|raid' +sudo lsusb +sudo dmidecode -t system -t baseboard -t bios +ip -br link +ethtool -i +``` + +5. PCI ID 예: `8086:10d3`, `10ec:8168` 기준으로 Windows 버전별 드라이버를 찾는다. +6. Windows 파티션은 기본 read-only로 확인한다. + +```bash +sudo mkdir -p /mnt/windows +sudo mount-ntfs-ro /dev/sdXN /mnt/windows +``` + +주의: rescue 노드에서 내부 Tailnet 전체로 접근하는 권한은 주지 않고, admin 노드에서 rescue로 들어가는 방향만 허용한다. diff --git a/scripts/build-live-iso.sh b/scripts/build-live-iso.sh index 0debc86..ad31787 100755 --- a/scripts/build-live-iso.sh +++ b/scripts/build-live-iso.sh @@ -1,13 +1,20 @@ #!/usr/bin/env bash set -euo pipefail -WORKDIR=${WORKDIR:-/root/tailrescue-live} +ARCH=${ARCH:-amd64} +WORKDIR=${WORKDIR:-/root/tailrescue-live-$ARCH} OUTDIR=${OUTDIR:-/root/tailrescue-dist} -ISO_NAME=${ISO_NAME:-tailrescue-headscale-$(date +%Y%m%d-%H%M).iso} +ISO_NAME=${ISO_NAME:-tailrescue-headscale-${ARCH}-$(date +%Y%m%d-%H%M).iso} DIST=${DIST:-bookworm} RESCUE_ENV=${RESCUE_ENV:-rescue.env} AUTHORIZED_KEYS=${AUTHORIZED_KEYS:-templates/authorized_keys} +case "$ARCH" in + amd64) KERNEL_PKG=linux-image-amd64 ;; + i386) KERNEL_PKG=linux-image-686-pae ;; + *) echo "unsupported ARCH=$ARCH; use amd64 or i386" >&2; exit 2 ;; +esac + if [[ ! -f "$RESCUE_ENV" ]]; then echo "missing $RESCUE_ENV; copy templates/rescue.env.example and fill field secrets" >&2 exit 2 @@ -20,11 +27,13 @@ cd "$WORKDIR" lb config \ --distribution "$DIST" \ + --architectures "$ARCH" \ --archive-areas "main contrib non-free non-free-firmware" \ --binary-images iso-hybrid \ - --bootappend-live "boot=live components hostname=tailrescue username=rescue" + --bootappend-live "boot=live components hostname=tailrescue username=rescue console=tty0 console=ttyS0,115200n8" -cat > config/package-lists/tailrescue.list.chroot <<"PKGS" +cat > config/package-lists/tailrescue.list.chroot < config/includes.chroot/etc/apt/sources.list.d/tailscale.list </dev/null || true +mkdir -p config/includes.chroot/etc/systemd/system/multi-user.target.wants +ln -sf ../tailrescue-firstboot.service config/includes.chroot/etc/systemd/system/multi-user.target.wants/tailrescue-firstboot.service mkdir -p config/hooks/normal cat > config/hooks/normal/0900-tailrescue-users.hook.chroot <<"HOOK" @@ -190,6 +204,6 @@ elif [[ -f "$OLDPWD/templates/authorized_keys.example" ]]; then fi lb build -cp -f live-image-amd64.hybrid.iso "$OUTDIR/$ISO_NAME" -(cd "$OUTDIR" && sha256sum "$ISO_NAME" > SHA256SUMS && echo "$ISO_NAME" > latest.txt) +cp -f "live-image-${ARCH}.hybrid.iso" "$OUTDIR/$ISO_NAME" +(cd "$OUTDIR" && sha256sum "$ISO_NAME" > "SHA256SUMS.${ARCH}" && cp "SHA256SUMS.${ARCH}" SHA256SUMS && echo "$ISO_NAME" > "latest.${ARCH}.txt" && cp "latest.${ARCH}.txt" latest.txt) echo "$OUTDIR/$ISO_NAME"