From nobody Sat Jan 17 18:13:10 2026
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4dtlFg2Y3lz6P4HB
	for <dev-commits-src-main@mlmmj.nyi.freebsd.org>; Sat, 17 Jan 2026 18:13:11 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4dtlFf6WX2z3pQw
	for <dev-commits-src-main@FreeBSD.org>; Sat, 17 Jan 2026 18:13:10 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1768673591;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=E387rnMnWekWfQbw6PbykeyUP1SkhOzQRY6uXNF3cXY=;
	b=N4fXqPO6QlN/BpoMelRdbCT0DgNqPowsCmBVkHoPoikeXpwJ0v0zL3CXt51uza8L36FQtV
	5sNimFUJ4j+OqcLgt8Kioj97c3RXlSGlxO38VsZ4086mkAQMZY5w78uS/ie94Jyjvq+fgE
	dvQSDJSsBD9Y92NRH1jFVW2S5XGeQ4IIa5eyQORGyDXt18oO99597nfw6IRdRquXOrqSga
	EysDLo+mjHYiYKMp0OJqcJNILXle+sRG+IU3QCrUMWiAkgDxRLIwva08vYDNjMXAwqIcxY
	hpdfymCYKfhQcGptI5hAisG8hHQEwcK2W3jdsCHJmZ7X77aZq4xqtGLv00F6NA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1768673591;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=E387rnMnWekWfQbw6PbykeyUP1SkhOzQRY6uXNF3cXY=;
	b=syyG1Do+olnqswY9hLlrl8UAVj2nBKyZgd8FqgunCvFuSMgzKVajgXgVNxvE2VDujCQclC
	WTMa/0sl7jAMQQmWiXiLnHMEqSzfAmolPmyjuKyeF51hJI/vHLGDtMRlbnIbQniqGQaoq7
	P0Z2rQOwFBiwWAyYH2YsgANxx1M3x11Gml5y+7uljlpfrt3ySmw/77yvJP5NHc8MZxvwgJ
	Ajx9WXKj9C5mOFlMciefCLbdK74tfuc2PIptCRlPtpqS0O83wercQkofYJlo44BAdxSrRw
	TxiF1IEaCb317wEdMkrQuncUUZSEAO9AyMga5gd8S1Z6u04SJXbX8CQAprPu6g==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1768673591; a=rsa-sha256; cv=none;
	b=e1SU+vblsNKZXuImkqWx9lteKW9kMbEHmjOnsgfLxkvAaES81d+b6E85FVUtG6OK4rF50k
	okRS+oYOk0tKmJvo4zfEKI744b7cEim+yziWVu2XOZBDIWfrVQE1YYYTdWP9faMJzX3Pze
	haXDtETIvkarEu+iLuUAYVc1+dxy4DkRUs6RsUOhzJaBugF5Z0KetwjjOetjU9RrseIL4p
	H0RYvlm5dn1JvX9CQUKC4Q+mmskl3nqo5XMpz91I6XFA0CS4Dcy1HGC5ZTK7kgNYUSByLz
	d4qP6LmmSObj+OqO+BOxo+kCI2W2tBsAoECnP8WZKBR/9k3TH7QOqFH3po/PPg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4dtlFf5hpZz18pk
	for <dev-commits-src-main@FreeBSD.org>; Sat, 17 Jan 2026 18:13:10 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from git (uid 1279)
	(envelope-from git@FreeBSD.org)
	id 3ab32
	by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org);
	Sat, 17 Jan 2026 18:13:10 +0000
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
From: Jose Luis Duran <jlduran@FreeBSD.org>
Subject: git: ecc039be7fdd - main - nanobsd: Add a NO_ROOT build option
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: jlduran
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: ecc039be7fdd7bbae6419a311af9398ca595b2f6
Auto-Submitted: auto-generated
Date: Sat, 17 Jan 2026 18:13:10 +0000
Message-Id: <696bd136.3ab32.151e7e7f@gitrepo.freebsd.org>

The branch main has been updated by jlduran:

URL: https://cgit.FreeBSD.org/src/commit/?id=ecc039be7fdd7bbae6419a311af9398ca595b2f6

commit ecc039be7fdd7bbae6419a311af9398ca595b2f6
Author:     Jose Luis Duran <jlduran@FreeBSD.org>
AuthorDate: 2026-01-17 18:10:48 +0000
Commit:     Jose Luis Duran <jlduran@FreeBSD.org>
CommitDate: 2026-01-17 18:10:48 +0000

    nanobsd: Add a NO_ROOT build option
    
    Add a -U option to build NanoBSD images without root privileges.  It
    relies on makefs/mkimg and metalog (mtree) files, similar to what
    release engineering uses to build images.
    
    Keep the current way to build NanoBSD images untouched.  Once this
    method gets battle tested, it may be used to build images as root as
    well.
    
    Reviewed by:    imp, emaste
    MFC after:      1 week
    Differential Revision:  https://reviews.freebsd.org/D48793
---
 tools/tools/nanobsd/defaults.sh |  40 +++++++++++++---
 tools/tools/nanobsd/legacy.sh   | 100 ++++++++++++++++++++++++++++++++++++++++
 tools/tools/nanobsd/nanobsd.sh  |  20 ++++++--
 3 files changed, 151 insertions(+), 9 deletions(-)

diff --git a/tools/tools/nanobsd/defaults.sh b/tools/tools/nanobsd/defaults.sh
index bb22ab9a0aa4..850a82d4362f 100755
--- a/tools/tools/nanobsd/defaults.sh
+++ b/tools/tools/nanobsd/defaults.sh
@@ -192,9 +192,11 @@ NANO_CPUTYPE=""
 
 # Directory to populate /cfg from
 NANO_CFGDIR=""
+NANO_METALOG_CFG=""
 
 # Directory to populate /data from
 NANO_DATADIR=""
+NANO_METALOG_DATA=""
 
 # We don't need SRCCONF or SRC_ENV_CONF. NanoBSD puts everything we
 # need for the build in files included with __MAKE_CONF. Override in your
@@ -356,6 +358,10 @@ make_conf_build() {
 	nano_global_make_env
 	echo "${CONF_WORLD}"
 	echo "${CONF_BUILD}"
+	if [ -n "${NANO_NOPRIV_BUILD}" ]; then
+		echo NO_ROOT=true
+		echo METALOG="${NANO_METALOG}"
+	fi
 	) > ${NANO_MAKE_CONF_BUILD}
 }
 
@@ -595,15 +601,28 @@ setup_nanobsd() {
 		# link /$d under /conf
 		# we use hard links so we have them both places.
 		# the files in /$d will be hidden by the mount.
-		mkdir -p conf/base/$d conf/default/$d
+		tgt_dir conf/base/$d conf/default/$d
 		find $d -print | cpio ${CPIO_SYMLINK} -dumpl conf/base/
+		if [ -n "$NANO_METALOG" ]; then
+			grep "^.\/${d}\/" "${NANO_METALOG}" |
+			    sed -e "s=^./${d}=./conf/base/${d}=g" |
+			    sort | uniq >> "${NANO_METALOG}.conf"
+		fi
 	done
 
+	if [ -n "$NANO_METALOG" ]; then
+		cat "${NANO_METALOG}.conf" >> "${NANO_METALOG}"
+		rm -f "${NANO_METALOG}.conf"
+	fi
+
 	echo "$NANO_RAM_ETCSIZE" > conf/base/etc/md_size
 	echo "$NANO_RAM_TMPVARSIZE" > conf/base/var/md_size
+	tgt_touch conf/base/etc/md_size
+	tgt_touch conf/base/var/md_size
 
 	# pick up config files from the special partition
 	echo "mount -o ro /dev/${NANO_DRIVE}${NANO_SLICE_CFG}" > conf/default/etc/remount
+	tgt_touch conf/default/etc/remount
 
 	# Put /tmp on the /var ramdisk (could be symlink already)
 	tgt_dir2symlink tmp var/tmp 1777
@@ -660,13 +679,15 @@ EOF
 
 	# save config file for scripts
 	echo "NANO_DRIVE=${NANO_DRIVE}" > etc/nanobsd.conf
+	tgt_touch etc/nanobsd.conf
 
 	echo "/dev/${NANO_DRIVE}${NANO_ROOT} / ufs ro 1 1" > etc/fstab
 	echo "/dev/${NANO_DRIVE}${NANO_SLICE_CFG} /cfg ufs rw,noauto 2 2" >> etc/fstab
-	mkdir -p cfg
+	tgt_touch etc/fstab
+	tgt_dir cfg
 
 	# Create directory for eventual /usr/local/etc contents
-	mkdir -p etc/local
+	tgt_dir etc/local
 	)
 }
 
@@ -883,6 +904,8 @@ cust_install_files() (
 	if [ -n "${NANO_CUST_FILES_MTREE}" -a -f ${NANO_CUST_FILES_MTREE} ]; then
 		CR "mtree -eiU -p /" <${NANO_CUST_FILES_MTREE}
 	fi
+
+	tgt_touch $(find * -type f)
 )
 
 #######################################################################
@@ -995,7 +1018,7 @@ pprint() {
 
 usage() {
 	(
-	echo "Usage: $0 [-BbfhIiKknpqvWwX] [-c config_file]"
+	echo "Usage: $0 [-BbfhIiKknpqUvWwX] [-c config_file]"
 	echo "	-B	suppress installs (both kernel and world)"
 	echo "	-b	suppress builds (both kernel and world)"
 	echo "	-c	specify config file"
@@ -1008,6 +1031,7 @@ usage() {
 	echo "	-n	add -DNO_CLEAN to buildworld, buildkernel, etc"
 	echo "	-p	suppress preparing the image"
 	echo "	-q	make output more quiet"
+	echo "	-U	add -DNO_ROOT to build without root privileges"
 	echo "	-v	make output more verbose"
 	echo "	-W	suppress installworld"
 	echo "	-w	suppress buildworld"
@@ -1039,6 +1063,9 @@ set_defaults_and_export() {
 	if ! $do_clean; then
 		NANO_PMAKE="${NANO_PMAKE} -DNO_CLEAN"
 	fi
+	if ! $do_root; then
+		NANO_PMAKE="${NANO_PMAKE} -DNO_ROOT"
+	fi
 	NANO_MAKE_CONF_BUILD=${MAKEOBJDIRPREFIX}/make.conf.build
 	NANO_MAKE_CONF_INSTALL=${NANO_OBJ}/make.conf.install
 
@@ -1049,8 +1076,9 @@ set_defaults_and_export() {
 	[ ! -d "${NANO_TOOLS}" ] && [ -d "${NANO_SRC}/${NANO_TOOLS}" ] && \
 		NANO_TOOLS="${NANO_SRC}/${NANO_TOOLS}" || true
 
-	[ -n "${NANO_NOPRIV_BUILD}" ] && [ -z "${NANO_METALOG}" ] && \
-		NANO_METALOG=${NANO_OBJ}/_.metalog || true
+	if [ -n "${NANO_NOPRIV_BUILD}" ] && [ -z "${NANO_METALOG}" ]; then
+		NANO_METALOG=${NANO_OBJ}/_.metalog
+	fi
 
 	NANO_STARTTIME=`date +%s`
 	: ${NANO_TIMESTAMP:=${NANO_STARTTIME}}
diff --git a/tools/tools/nanobsd/legacy.sh b/tools/tools/nanobsd/legacy.sh
index ff951f4b762b..efb9c68254c9 100644
--- a/tools/tools/nanobsd/legacy.sh
+++ b/tools/tools/nanobsd/legacy.sh
@@ -155,6 +155,33 @@ create_code_slice() {
 	) > ${NANO_OBJ}/_.cs 2>&1
 }
 
+_create_code_slice ( ) (
+	pprint 2 "build code slice"
+	pprint 3 "log: ${NANO_OBJ}/_.cs"
+
+	(
+	IMG=${NANO_DISKIMGDIR}/_.disk.image
+	CODE_SIZE=$(head -n 1 "${NANO_LOG}/_.partitioning" | awk '{ print $2 }')
+	CODE_SIZE=$(_xxx_adjust_code_size "$CODE_SIZE")
+
+	echo "Writing code image..."
+	if [ -f "${NANO_WORLDDIR}/boot/boot" ]; then
+		echo "Making bootable partition"
+		bootcode="-b ${NANO_WORLDDIR}/boot/boot"
+	else
+		echo "Partition will not be bootable"
+	fi
+	nano_makefs "-DxZ ${NANO_MAKEFS} -o minfree=0,optimization=space" \
+	    "${NANO_METALOG}" "${CODE_SIZE}" "${NANO_OBJ}/_.disk.part" \
+	    "${NANO_WORLDDIR}"
+	mkimg -s bsd \
+	    ${bootcode} \
+	    -p freebsd-ufs:="${NANO_OBJ}/_.disk.part" \
+	    -o "${NANO_DISKIMGDIR}/_.disk.image"
+	rm -f "${NANO_OBJ}/_.disk.part"
+
+	) > ${NANO_OBJ}/_.cs 2>&1
+)
 
 create_diskimage() {
 	pprint 2 "build diskimage"
@@ -255,3 +282,76 @@ create_diskimage() {
 
 	) > ${NANO_LOG}/_.di 2>&1
 }
+
+_create_diskimage() {
+	pprint 2 "build diskimage"
+	pprint 3 "log: ${NANO_OBJ}/_.di"
+
+	(
+	local altroot bootloader cfgimage dataimage diskimage
+
+	CODE_SIZE=$(head -n 1 "${NANO_LOG}/_.partitioning" | awk '{ print $2 }')
+	CODE_SIZE=$(_xxx_adjust_code_size "$CODE_SIZE")
+	IMG=${NANO_DISKIMGDIR}/${NANO_IMGNAME}
+
+	if [ -f "${NANO_WORLDDIR}/${NANO_BOOTLOADER}" ]; then
+		bootloader="-b ${NANO_WORLDDIR}/${NANO_BOOTLOADER}"
+	else
+		echo "Image will not be bootable"
+	fi
+
+	diskimage="-p freebsd:=${NANO_DISKIMGDIR}/_.disk.image"
+
+	if [ "$NANO_IMAGES" -gt 1 ] && [ "$NANO_INIT_IMG2" -gt 0 ] ; then
+		echo "Duplicating to second image..."
+		tgt_switch_root_fstab "${NANO_SLICE_ROOT}" "${NANO_SLICE_ALTROOT}"
+		nano_makefs "-DxZ ${NANO_MAKEFS} -o minfree=0,optimization=space" \
+		    "${NANO_METALOG}" "${CODE_SIZE}" "${NANO_OBJ}/_.altroot.part" \
+		    "${NANO_WORLDDIR}"
+		tgt_switch_root_fstab "${NANO_SLICE_ALTROOT}" "${NANO_SLICE_ROOT}"
+		if [ -f "${NANO_WORLDDIR}/boot/boot" ]; then
+			bootcode="-b ${NANO_WORLDDIR}/boot/boot"
+		fi
+		mkimg -s bsd \
+		    ${bootcode} \
+		    -p freebsd-ufs:="${NANO_OBJ}/_.altroot.part" \
+		    -o "${NANO_OBJ}/_.altroot.image"
+		altroot="-p freebsd:=${NANO_OBJ}/_.altroot.image"
+		rm -f "${NANO_OBJ}/_.altroot.part"
+	else
+		altroot="-p-"
+	fi
+	if [ "${NANO_INIT_IMG2}" -eq 0 ]; then
+		altroot="-p freebsd::${CODE_SIZE}b"
+	fi
+
+	# Create Config slice
+	_populate_cfg_part "${NANO_OBJ}/_.cfg.part" "${NANO_CFGDIR}" \
+	    "${NANO_SLICE_CFG}" "${NANO_CONFSIZE}" "${NANO_METALOG_CFG}"
+	cfgimage="-p freebsd:=${NANO_OBJ}/_.cfg.part"
+
+	# Create Data slice, if any.
+	if [ -n "${NANO_SLICE_DATA}" ] &&
+	    [ "${NANO_SLICE_CFG}" = "${NANO_SLICE_DATA}" ] &&
+	    [ "${NANO_DATASIZE}" -ne 0 ]; then
+		pprint 2 "NANO_SLICE_DATA is the same as NANO_SLICE_CFG, fix."
+		exit 2
+	fi
+	if [ "${NANO_DATASIZE}" -ne 0 ] && [ -n "${NANO_SLICE_DATA}" ] ; then
+		_populate_data_part "${NANO_OBJ}/_.data.part" "${NANO_DATADIR}" \
+		    "${NANO_SLICE_DATA}" "${NANO_DATASIZE}" "${NANO_METALOG_DATA}"
+		dataimage="-p freebsd:=${NANO_OBJ}/_.data.part"
+	fi
+
+	echo "Writing out ${NANO_IMGNAME}..."
+	mkimg -s mbr \
+	    ${bootloader} \
+	    ${diskimage} \
+	    ${altroot} \
+	    ${cfgimage} \
+	    ${dataimage} \
+	    -o ${IMG}
+	exit
+
+	) > ${NANO_LOG}/_.di 2>&1
+}
diff --git a/tools/tools/nanobsd/nanobsd.sh b/tools/tools/nanobsd/nanobsd.sh
index 208bc646122d..94e74d9ed216 100755
--- a/tools/tools/nanobsd/nanobsd.sh
+++ b/tools/tools/nanobsd/nanobsd.sh
@@ -36,6 +36,7 @@ topdir=`dirname ${nanobsd_sh}`
 # Parse arguments
 
 do_clean=true
+do_root=true
 do_kernel=true
 do_installkernel=true
 do_world=true
@@ -49,7 +50,7 @@ do_prep_image=true
 . "${topdir}/legacy.sh"
 
 set +e
-args=`getopt BKXWbc:fhiIknpqvw $*`
+args=`getopt BKXWbc:fhiIknpqUvw $*`
 if [ $? -ne 0 ] ; then
 	usage
 	exit 2
@@ -133,6 +134,11 @@ do
 		PPLEVEL=$(($PPLEVEL + 1))
 		shift
 		;;
+	-U)
+		do_root=false
+		NANO_NOPRIV_BUILD=true
+		shift
+		;;
 	-w)
 		do_world=false
 		shift
@@ -221,9 +227,17 @@ else
 fi
 if $do_code ; then
 	calculate_partitioning
-	create_code_slice
+	if [ -z "${NANO_NOPRIV_BUILD}" ]; then
+		create_code_slice
+	else
+		_create_code_slice
+	fi
 	if $do_image ; then
-		create_diskimage
+		if [ -z "${NANO_NOPRIV_BUILD}" ]; then
+			create_diskimage
+		else
+			_create_diskimage
+		fi
 	else
 		pprint 2 "Skipping image build (as instructed)"
 	fi