i386 구조 ISO 빌드와 현장 절차 문서화

문서 보강: 공개 릴리즈 다운로드 전제 명시
문서 보강: Gitea Release ISO 산출물 링크 추가
2026-06-01 23:26:44 +09:00 · 2026-06-01 21:17:16 +09:00 · 2026-06-01 20:17:02 +09:00
3 changed files with 146 additions and 12 deletions
--- a/README.md
+++ b/README.md
@@ -71,3 +71,59 @@ cp templates/rescue.env.example rescue.env
 - 가능하면 public-key auth 우선
 - 원본 NTFS는 read-only 마운트 기본
 - 작업 후 ephemeral `tailrescue-*` 노드 정리
 ## v0.1.1 i386 industrial PC rescue build
 검증일: 2026-06-01
 - Release: https://git.0bin.in/thug0bin/tailrescue-headscale-iso/releases/tag/v0.1.1
 - i386 ISO: https://git.0bin.in/thug0bin/tailrescue-headscale-iso/releases/download/v0.1.1/tailrescue-headscale-i386-240h-20260601-2312.iso
 - SHA256: `71e00ab650f177d62295da66b8c7323d95150621ab3a0e7d60c94a39bb8c8173`
 - Architecture: `i386`, Debian 12 `linux-image-686-pae`
 - Tailscale: i386 `.deb` 직접 포함
 - Proxmox 검증: VMID `991`, `qemu32`, `rtl8139`
 - Headscale 자동등록: `tag:rescue`, 240h reusable/ephemeral preauth key로 검증
 - 검증 Tailnet IP: `100.64.0.78`
 - CT909 admin(`100.64.0.72`) → rescue SSH 검증 완료
 Download and verify:
 ```bash
 curl -fL -O https://git.0bin.in/thug0bin/tailrescue-headscale-iso/releases/download/v0.1.1/tailrescue-headscale-i386-240h-20260601-2312.iso
 curl -fL -O https://git.0bin.in/thug0bin/tailrescue-headscale-iso/releases/download/v0.1.1/SHA256SUMS.i386
 sha256sum -c SHA256SUMS.i386
 ```
 Build equivalent:
 ```bash
 ARCH=i386 ISO_NAME=tailrescue-headscale-i386-240h-20260601-2312.iso ./scripts/build-live-iso.sh
 ```
 ## Gitea Release artifact
 Verified PoC ISO is published as a Gitea Release attachment:
 - Release: https://git.0bin.in/thug0bin/tailrescue-headscale-iso/releases/tag/v0.1.0
 - ISO: https://git.0bin.in/thug0bin/tailrescue-headscale-iso/releases/download/v0.1.0/tailrescue-headscale-20260601-1842.iso
 - SHA256SUMS: https://git.0bin.in/thug0bin/tailrescue-headscale-iso/releases/download/v0.1.0/SHA256SUMS
 Download and verify:
 ```bash
 curl -fL -O https://git.0bin.in/thug0bin/tailrescue-headscale-iso/releases/download/v0.1.0/tailrescue-headscale-20260601-1842.iso
 curl -fL -O https://git.0bin.in/thug0bin/tailrescue-headscale-iso/releases/download/v0.1.0/SHA256SUMS
 sha256sum -c SHA256SUMS
 ```
 Release upload pattern for future builds:
 ```bash
 curl -H "Authorization: token $GITEA_TOKEN"   -F "attachment=@tailrescue-headscale-YYYYMMDD-HHMM.iso"   "https://git.0bin.in/api/v1/repos/thug0bin/tailrescue-headscale-iso/releases/<release_id>/assets?name=tailrescue-headscale-YYYYMMDD-HHMM.iso"
 ```
 Do not commit ISO files into Git.
 Note: the repository is public so Release attachments can be downloaded without authentication. Do not commit secrets or field-specific `rescue.env`; rotate preauth keys per build.
--- a/docs/runbook.md
+++ b/docs/runbook.md
@@ -4,7 +4,7 @@
 - Git: 소스/문서/스크립트/스킬만 저장
 - ISO: Gitea Release attachment 또는 내부 artifact path에 저장
- 현재 PoC ISO hash: `3d7995cfdf58c62f6ee167458079a7eaa1d2a79ac56e5f019cab1ec856943ddd`
+- 현재 i386 ISO hash: `71e00ab650f177d62295da66b8c7323d95150621ab3a0e7d60c94a39bb8c8173`
 ## 빌드
@@ -37,3 +37,67 @@ ssh rescue@100.64.x.y 'echo SSH_OK; sudo -n true; rescue-status; list-disks'
 - Headscale에 노드가 안 뜸: DHCP/NIC/firmware/케이블 확인, `ip -br a`, `journalctl -u tailrescue-firstboot`
 - SSH가 안 됨: `systemctl status ssh`, `/var/log/auth.log`, `id rescue`, `sudo passwd -S rescue`
 - 내장 NIC 미인식: Realtek RTL8153/RTL8156 또는 ASIX AX88179 USB LAN 동글 사용
 ## Gitea Release 산출물
 Verified PoC ISO is published as a Gitea Release attachment:
 - Release: https://git.0bin.in/thug0bin/tailrescue-headscale-iso/releases/tag/v0.1.0
 - ISO: https://git.0bin.in/thug0bin/tailrescue-headscale-iso/releases/download/v0.1.0/tailrescue-headscale-20260601-1842.iso
 - SHA256SUMS: https://git.0bin.in/thug0bin/tailrescue-headscale-iso/releases/download/v0.1.0/SHA256SUMS
 Download and verify:
 ```bash
 curl -fL -O https://git.0bin.in/thug0bin/tailrescue-headscale-iso/releases/download/v0.1.0/tailrescue-headscale-20260601-1842.iso
 curl -fL -O https://git.0bin.in/thug0bin/tailrescue-headscale-iso/releases/download/v0.1.0/SHA256SUMS
 sha256sum -c SHA256SUMS
 ```
 Release upload pattern for future builds:
 ```bash
 curl -H "Authorization: token $GITEA_TOKEN"   -F "attachment=@tailrescue-headscale-YYYYMMDD-HHMM.iso"   "https://git.0bin.in/api/v1/repos/thug0bin/tailrescue-headscale-iso/releases/<release_id>/assets?name=tailrescue-headscale-YYYYMMDD-HHMM.iso"
 ```
 Do not commit ISO files into Git.
 Note: the repository is public so Release attachments can be downloaded without authentication. Do not commit secrets or field-specific `rescue.env`; rotate preauth keys per build.
 ## 오래된 산업용 PC 원격 드라이버 조사 플로우
 목표: Windows에서 NIC 드라이버가 없어 네트워크가 안 되는 장비를 TailRescue i386 ISO로 부팅한 뒤, Linux의 폭넓은 NIC/firmware 지원으로 Tailnet SSH를 확보하고 하드웨어 정보를 수집해 Windows용 드라이버를 찾는다.
 1. Ventoy/iVentoy에서 `tailrescue-headscale-i386-240h-20260601-2312.iso`로 부팅한다.
 2. Headscale/CT909에서 `tailrescue-*` 노드와 Tailnet IP를 확인한다.
 3. CT909에서 접속한다.
 ```bash
 ssh rescue@100.64.x.y
 rescue-status
 list-disks
 ```
 4. 하드웨어/드라이버 식별 정보를 수집한다.
 ```bash
 sudo lspci -nnk
 sudo lspci -nn | grep -Ei 'ethernet|network|wireless|serial|vga|display|storage|sata|raid'
 sudo lsusb
 sudo dmidecode -t system -t baseboard -t bios
 ip -br link
 ethtool -i <nic>
 ```
 5. PCI ID 예: `8086:10d3`, `10ec:8168` 기준으로 Windows 버전별 드라이버를 찾는다.
 6. Windows 파티션은 기본 read-only로 확인한다.
 ```bash
 sudo mkdir -p /mnt/windows
 sudo mount-ntfs-ro /dev/sdXN /mnt/windows
 ```
 주의: rescue 노드에서 내부 Tailnet 전체로 접근하는 권한은 주지 않고, admin 노드에서 rescue로 들어가는 방향만 허용한다.
--- a/scripts/build-live-iso.sh
+++ b/scripts/build-live-iso.sh
@@ -1,13 +1,20 @@
 #!/usr/bin/env bash
 set -euo pipefail
-WORKDIR=${WORKDIR:-/root/tailrescue-live}
+ARCH=${ARCH:-amd64}
 WORKDIR=${WORKDIR:-/root/tailrescue-live-$ARCH}
 OUTDIR=${OUTDIR:-/root/tailrescue-dist}
-ISO_NAME=${ISO_NAME:-tailrescue-headscale-$(date +%Y%m%d-%H%M).iso}
+ISO_NAME=${ISO_NAME:-tailrescue-headscale-${ARCH}-$(date +%Y%m%d-%H%M).iso}
 DIST=${DIST:-bookworm}
 RESCUE_ENV=${RESCUE_ENV:-rescue.env}
 AUTHORIZED_KEYS=${AUTHORIZED_KEYS:-templates/authorized_keys}
 case "$ARCH" in
  amd64) KERNEL_PKG=linux-image-amd64 ;;
  i386) KERNEL_PKG=linux-image-686-pae ;;
  *) echo "unsupported ARCH=$ARCH; use amd64 or i386" >&2; exit 2 ;;
 esac
 if [[ ! -f "$RESCUE_ENV" ]]; then
  echo "missing $RESCUE_ENV; copy templates/rescue.env.example and fill field secrets" >&2
  exit 2
@@ -20,11 +27,13 @@ cd "$WORKDIR"
 lb config \
  --distribution "$DIST" \
  --architectures "$ARCH" \
  --archive-areas "main contrib non-free non-free-firmware" \
  --binary-images iso-hybrid \
-  --bootappend-live "boot=live components hostname=tailrescue username=rescue"
+  --bootappend-live "boot=live components hostname=tailrescue username=rescue console=tty0 console=ttyS0,115200n8"
-cat > config/package-lists/tailrescue.list.chroot <<"PKGS"
+cat > config/package-lists/tailrescue.list.chroot <<PKGS
 $KERNEL_PKG
 systemd-sysv
 openssh-server
 sudo
@@ -71,11 +80,15 @@ PKGS
 mkdir -p config/includes.chroot/etc/apt/keyrings config/includes.chroot/etc/apt/sources.list.d
 curl -fsSL https://pkgs.tailscale.com/stable/debian/${DIST}.noarmor.gpg \
  -o config/includes.chroot/etc/apt/keyrings/tailscale-archive-keyring.gpg
-cat > config/includes.chroot/etc/apt/sources.list.d/tailscale.list <<TAILSRC
+case "$ARCH" in
-deb [signed-by=/etc/apt/keyrings/tailscale-archive-keyring.gpg] https://pkgs.tailscale.com/stable/debian ${DIST} main
+  amd64) TAILSCALE_DEB_ARCH=amd64 ;;
-TAILSRC
+  i386) TAILSCALE_DEB_ARCH=i386 ;;
 esac
 TAILSCALE_VERSION=${TAILSCALE_VERSION:-1.98.4}
 TAILSCALE_DEB="tailscale_${TAILSCALE_VERSION}_${TAILSCALE_DEB_ARCH}.deb"
 TAILSCALE_DEB_URL="https://pkgs.tailscale.com/stable/debian/pool/${TAILSCALE_DEB}"
 mkdir -p config/packages.chroot
-(cd config/packages.chroot && apt-get download tailscale)
+curl -fsSL "$TAILSCALE_DEB_URL" -o "config/packages.chroot/$TAILSCALE_DEB"
 mkdir -p config/includes.chroot/etc/tailrescue
 cp "$OLDPWD/$RESCUE_ENV" config/includes.chroot/etc/tailrescue/rescue.env
@@ -154,7 +167,8 @@ RemainAfterExit=yes
 [Install]
 WantedBy=multi-user.target
 SVC
-ln -sf /etc/systemd/system/tailrescue-firstboot.service config/includes.chroot/etc/systemd/system/multi-user.target.wants/tailrescue-firstboot.service 2>/dev/null || true
+mkdir -p config/includes.chroot/etc/systemd/system/multi-user.target.wants
 ln -sf ../tailrescue-firstboot.service config/includes.chroot/etc/systemd/system/multi-user.target.wants/tailrescue-firstboot.service
 mkdir -p config/hooks/normal
 cat > config/hooks/normal/0900-tailrescue-users.hook.chroot <<"HOOK"
@@ -190,6 +204,6 @@ elif [[ -f "$OLDPWD/templates/authorized_keys.example" ]]; then
 fi
 lb build
-cp -f live-image-amd64.hybrid.iso "$OUTDIR/$ISO_NAME"
+cp -f "live-image-${ARCH}.hybrid.iso" "$OUTDIR/$ISO_NAME"
-(cd "$OUTDIR" && sha256sum "$ISO_NAME" > SHA256SUMS && echo "$ISO_NAME" > latest.txt)
+(cd "$OUTDIR" && sha256sum "$ISO_NAME" > "SHA256SUMS.${ARCH}" && cp "SHA256SUMS.${ARCH}" SHA256SUMS && echo "$ISO_NAME" > "latest.${ARCH}.txt" && cp "latest.${ARCH}.txt" latest.txt)
 echo "$OUTDIR/$ISO_NAME"
Author	SHA1	Message	Date
thug0bin	bdd59c65a1	i386 구조 ISO 빌드와 현장 절차 문서화	2026-06-01 23:26:44 +09:00
thug0bin	14f68278bc	문서 보강: 공개 릴리즈 다운로드 전제 명시	2026-06-01 21:17:16 +09:00
thug0bin	64001e9abe	문서 보강: Gitea Release ISO 산출물 링크 추가	2026-06-01 20:17:02 +09:00