diff --git a/.gitignore b/.gitignore
index 323a02a..9c27f10 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,4 @@
 .reasonix
-*.asc
\ No newline at end of file
+*.asc
+image/*.raw
+*.raw
diff --git a/BUILD.sh b/BUILD.sh
index 4e6b0f0..39b0739 100755
--- a/BUILD.sh
+++ b/BUILD.sh
@@ -1,45 +1,48 @@
-#!/bin/sh
+#!/bin/bash
 
 set -eo pipefail
 
 hasunset=0
 
+if [ "$UID" != "0" ]; then
+	 echo "This script must be run in root."
+	 exit 2
+fi
+
+PATH="$PWD/scripts:$PATH"
+
 if [[ "$CLOUD_CONFIG_REPO" -eq "" ]]; then
     echo "CLOUD_CONFIG_REPO is not set."
+    CLOUD_CONFIG_REPO="https://git.sfclub.cc/cloud/bearnet"
     hasunset=1
 fi
 
 if [[ "$CLOUD_CONFIG_REVISION" -eq "" ]]; then
     echo "CLOUD_CONFIG_REVISION is not set."
+    CLOUD_CONFIG_REVISION="wish"
     hasunset=1
 fi
 
 if [[ "$CLOUD_GATEWAY_ADDRESS" -eq "" ]]; then
     echo "CLOUD_GATEWAY_ADDRESS is not set."
+    CLOUD_GATEWAY_ADDRESS="10.0.0.119"
     hasunset=1
 fi
 
+TMP_DIR=$(mktemp -d)
+
 if [[ "$hasunset" -ne 0 ]]; then
     echo ""
     echo "Default values will be used for unset environments:"
     echo ""
-    grep -E "^ENV" ./Dockerfile
+    set | grep -E "^CLOUD_"
 fi
 
 cleanup_() {
-    if [[ "$GPG_PRIVATE_KEY" -ne "" ]]; then
-        rm ./bot-gpg-key.asc
-    fi
+    rm -rf $TMP_DIR
 }
 
-trap cleanup_ INT TERM
-
-if [[ "$GPG_PRIVATE_KEY" -ne "" ]]; then
-    echo "$GPG_PRIVATE_KEY" > ./bot-gpg-key.asc
-elif [[ ! -f ./bot-gpg-key.asc ]]; then
-    echo "GPG key not found. Terminating.."
-    exit -1
-fi
+trap cleanup_ INT TERM EXIT
 
 IMAGE_TAG=$(git rev-parse --short HEAD)
 IMAGE_NAME=${IMAGE_NAME:-bearcloud}
@@ -49,5 +52,25 @@ echo "Additional arguments: $@"
 echo "Continue?"
 read
 
-sudo docker build -t "$IMAGE_NAME:$IMAGE_TAG" -t "$IMAGE_NAME:latest" $@ .
+rm -rf "$TMP_DIR"
+cp -r ./image $TMP_DIR
+sed -i "s#_REPO_#$CLOUD_CONFIG_REPO#g" $TMP_DIR/overlay/daemon/update-keys.sh && \
+sed -i "s#_REVISION_#$CLOUD_CONFIG_REVISION#g" $TMP_DIR/overlay/daemon/update-keys.sh && \
+sed -i "s#GATEWAY_ADDRESS#$CLOUD_GATEWAY_ADDRESS#g" $TMP_DIR/overlay/etc/dhcp/dhclient.conf
+
+pushd $PWD >/dev/null
+
+cd $TMP_DIR
+export IMAGE_ARTIFACT="$PWD/vm.raw"
+rm -f vm.raw && ./build-image.sh
+if [ ! -f $IMAGE_ARTIFACT ]; then
+    exit 2
+fi
+
+popd > /dev/null
+
+mv $IMAGE_ARTIFACT ./data/
+IMAGE_ARTIFACT="$PWD/data/vm.raw"
+
+docker build -t "$IMAGE_NAME:$IMAGE_TAG" -t "$IMAGE_NAME:latest" $@ .
 
diff --git a/Dockerfile b/Dockerfile
index 4ff4089..efd422a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,25 +1,10 @@
-FROM alpine:latest AS rootfs-builder
-
-ENV CLOUD_CONFIG_REPO=https://git.sfclub.cc/cloud/bearnet
-ENV CLOUD_CONFIG_REVISION=wish
-ENV CLOUD_GATEWAY_ADDRESS=10.0.0.119
-RUN apk update && apk add alpine-make-vm-image make
-COPY /image /kitchen
-COPY ./scripts/orchestrate.py /kitchen/overlay/daemon/orchestrate.py
-COPY bot-gpg-key.asc /kitchen/overlay/root/gpg-key.asc
-RUN sed -i "s#_REPO_#$CLOUD_CONFIG_REPO#g" /kitchen/overlay/daemon/update.sh && \
-    sed -i "s#_REVISION_#$CLOUD_CONFIG_REVISION#g" /kitchen/overlay/daemon/update.sh && \
-    sed -i "s#GATEWAY_ADDRESS#$CLOUD_GATEWAY_ADDRESS#g" /kitchen/overlay/etc/dhcp/dhclient.conf
-RUN cd /kitchen && make build && mkdir /image && cp ./vm.raw /image
-
 FROM alpine:latest AS hypervisor
 ADD ./scripts/setup-hypervisor.sh /setup.sh
 # Download cloud hypervisor
 RUN apk update && apk add bash curl jq tini linux-virt && sh /setup.sh && rm /setup.sh && mkdir /app
-COPY --from=rootfs-builder /image /image
 COPY ./scripts/entrypoint.sh /entrypoint.sh
 
-ENTRYPOINT ["/usr/bin/tini", "/entrypoint.sh"]
+ENTRYPOINT ["/sbin/tini", "/entrypoint.sh"]
 
 
 
diff --git a/README.md b/README.md
deleted file mode 100644
index 55f5d91..0000000
--- a/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-
-todo:
-1. specify id for vm disks
-2. figure out if we need direct=on on --disk options
-3. test on my homelab?
diff --git a/data/.gitkeep b/data/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..e75dd03
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,14 @@
+# for testing and reference only
+services:
+  cloud:
+    build: .
+    volumes:
+      - "./data:/image"
+      - "./test.sh:/test.sh"
+    devices:
+      - "/dev/kvm:/dev/kvm"
+    entrypoint: ["/sbin/tini", "/test.sh"]
+    cap_add:
+      - CAP_SYS_ADMIN
+    tty: true
+    stdin_open: true
diff --git a/image/Makefile b/image/Makefile
deleted file mode 100644
index 247b32e..0000000
--- a/image/Makefile
+++ /dev/null
@@ -1,33 +0,0 @@
-SHELL := /bin/sh
-
-# --- configurable ----------------------------------------------------
-IMAGE_NAME    = alpine-vm
-IMAGE_SIZE    ?= 1G
-IMAGE_FORMAT  = raw
-ALPINE_BRANCH ?= latest-stable
-KERNEL_FLAVOR ?= virt
-#INITFS_FEATURES ?= kms scsi virtio
-
-IMAGE_FILE     = vm.$(IMAGE_FORMAT)
-SCRIPT_DIR     = $(dir $(realpath $(lastword $(MAKEFILE_LIST))))
-OVERLAY_DIR    = $(SCRIPT_DIR)/overlay
-CONFIGURE_SH   = $(SCRIPT_DIR)/configure.sh
-
-build:
-	@echo ">>> Building $(IMAGE_FILE) ..."
-	alpine-make-vm-image \
-		--branch         $(ALPINE_BRANCH) \
-		--image-format   $(IMAGE_FORMAT) \
-		--image-size     $(IMAGE_SIZE) \
-		--kernel-flavor  $(KERNEL_FLAVOR) \
-		--serial-console \
-		--fs-skel-dir    $(OVERLAY_DIR) \
-		--fs-skel-chown  root:root \
-		--script-chroot \
-		--packages       "git curl docker docker-cli-buildx docker-cli-compose cronie" \
-		$(IMAGE_FILE) \
-		$(CONFIGURE_SH)
-	@echo ">>> Image built: $(IMAGE_FILE)"
-	@ls -lh $(IMAGE_FILE)
-
-.PHONY: build
diff --git a/image/build-image.sh b/image/build-image.sh
new file mode 100755
index 0000000..938e61b
--- /dev/null
+++ b/image/build-image.sh
@@ -0,0 +1,39 @@
+#!/bin/sh
+IMAGE_NAME="${IMAGE_NAME:=alpine-vm}"
+IMAGE_SIZE="${IMAGE_SIZE:-1G}"
+IMAGE_FORMAT="${IMAGE_FORMAT:=raw}"
+ALPINE_BRANCH="${ALPINE_BRANCH:=latest-stable}"
+KERNEL_FLAVOR="${KERNEL_FLAVOR:=virt}"
+IMAGE_FILE="vm.${IMAGE_FORMAT}"
+SCRIPT_DIR="$PWD"
+OVERLAY_DIR="${SCRIPT_DIR}/overlay"
+CONFIGURE_SH="${SCRIPT_DIR}/configure.sh"
+
+TMP=$(mktemp)
+
+cleanup() {
+	 rm $TMP
+}
+
+trap cleanup INT TERM EXIT
+
+# We use BIOS here to skip creating partitions
+
+alpine-make-vm-image \
+	--boot-mode "BIOS" \
+    --branch "$ALPINE_BRANCH" \
+	--image-format   "$IMAGE_FORMAT" \
+	--image-size     "$IMAGE_SIZE" \
+	--kernel-flavor  "$KERNEL_FLAVOR" \
+	--serial-console \
+	--fs-skel-dir    "$OVERLAY_DIR" \
+	--fs-skel-chown  root:root \
+	--script-chroot \
+	--packages       "git curl docker cronie" \
+	"$IMAGE_FILE" \
+	"$CONFIGURE_SH" | tee $TMP
+
+if grep -q "ERROR" $TMP; then
+    echo "BUILD FAILED"
+    exit 114514
+fi
diff --git a/image/configure.sh b/image/configure.sh
index b4c83e8..44a5305 100755
--- a/image/configure.sh
+++ b/image/configure.sh
@@ -32,7 +32,6 @@ rc-update add net.eth0 default
 rc-update add acpid default
 rc-update add docker default
 rc-update add cronie default
-rc-update add mount boot
 
 step 'Clean up APK cache and documents'
 rm -rf /var/cache/apk/* || true
@@ -43,8 +42,8 @@ rm -rf \
  /usr/share/info
 
 step 'Setup git user'
-git config --user.email bearnet+keeper@sab.ee
-git config --user.name "B.B.K.K.B.K.K"
+git config --global user.email bearnet+keeper@sab.ee
+git config --global user.name "B.B.K.K.B.K.K"
 adduser -S keeper
 mkdir /users
 chown keeper /users
diff --git a/image/overlay/daemon/update-keys.sh b/image/overlay/daemon/update-keys.sh
index 193a153..8a82cca 100755
--- a/image/overlay/daemon/update-keys.sh
+++ b/image/overlay/daemon/update-keys.sh
@@ -4,14 +4,12 @@
 set -euo pipefail
 mkdir -p /users && chown keeper /users && chmod 644 /users
 
-su keeper
-
 init_repo(){ 
-    git clone -b _REVISION_ _REPO_ /users
+    su - keeper 'git clone -b _REVISION_ _REPO_ /users'
 }
 
 if [[ ! -d /users/.git ]]; then
     init_repo
-elif [[ -d /users && cd /users && ! git pull origin _REVISION_ ]]; then
+elif [[ -d /users && cd /users && ! su - keeper 'git pull origin _REVISION_' ]]; then
     init_repo
 fi
\ No newline at end of file
diff --git a/scripts/alpine-make-vm-image b/scripts/alpine-make-vm-image
new file mode 100755
index 0000000..07e5149
--- /dev/null
+++ b/scripts/alpine-make-vm-image
@@ -0,0 +1,749 @@
+#!/bin/sh
+# vim: set ts=4 sw=4:
+# SPDX-FileCopyrightText: © 2017 Jakub Jirutka <jakub@jirutka.cz>
+# SPDX-License-Identifier: MIT
+#---help---
+# Usage: alpine-make-vm-image [options] [--] <image> [<script> [<script-opts...>]]
+#
+# This script creates a bootable Alpine Linux disk image for virtual machines.
+# If running on Alpine system (detected by file /etc/alpine-release), then it
+# also installs needed packages on the host system. On other systems you must
+# install them yourself: qemu-img, qemu-nbd, rsync, sfdisk, dosfstools (for UEFI
+# mode) and mkfs utility for the chosen ROOTFS. If $APK is not available on the
+# host system, then static apk-tools specified by $APK_TOOLS_URI is downloaded
+# and used.
+#
+# Note that in BIOS mode, it does not create any partitions by default (it's
+# really not needed), filesystem is created directly on the image. If you must
+# use some platform that foolishly requires partitions in images, use
+# --partition.
+#
+# Arguments:
+#   <image>                               Path of block device or disk image file to use or create
+#                                         if it does not exist.
+#
+#   <script>                              Path of script to execute after installing base system in
+#                                         the mounted image and before umounting it.
+#
+#   <script-opts>                         Arguments to pass to the script.
+#
+# Options and Environment Variables:
+#   -a --arch ARCH                        Target CPU architecture. If it doesn't match the host's
+#                                         architecture, you must register an interpreter (emulator)
+#                                         for the target architecture in binfmt, e.g. qemu userspace
+#                                         emulator. Options: x86_64, aarch64 (Alpine v3.19+ / edge).
+#
+#   -B --boot-mode BOOT_MODE              Either "BIOS" (default on x86/x86_64) or "UEFI" (default
+#                                         on others). "BIOS" is supported only on x86/x86_64.
+#
+#   -b --branch ALPINE_BRANCH             Alpine branch to install; used only when
+#                                         --repositories-file is not specified. Default is
+#                                         latest-stable.
+#
+#   -S --fs-skel-dir FS_SKEL_DIR          Path of directory which content to recursively copy
+#                                         (using rsync) into / in the image.
+#
+#      --fs-skel-chown FS_SKEL_CHOWN      Force all files from FS_SKEL_DIR to be owned by the
+#                                         specified USER:GROUP.
+#
+#   -P --partition (PARTITION)            Create GUID Partition Table (GPT) with a single partition.
+#                                         GPT is always created if --boot-mode is UEFI.
+#
+#   -f --image-format IMAGE_FORMAT        Format of the disk image (see qemu-img --help). Not
+#                                         applicable if the target image is a block device.
+#
+#   -s --image-size IMAGE_SIZE            Size of the disk image to create in bytes or with suffix
+#                                         (e.g. 1G, 1024M). Default is 2G. Not applicable if the
+#                                         target image is a block device.
+#
+#   -i --initfs-features INITFS_FEATURES  List of additional mkinitfs features (basically modules)
+#                                         to be included in initramfs (see mkinitfs -L). "base" and
+#                                         $ROOTFS is always included, don't specify them here.
+#                                         Default is "kms scsi virtio".
+#
+#   -k --kernel-flavor KERNEL_FLAVOR      The kernel flavour to install; virt (default), lts
+#                                         (Alpine >=3.11), or vanilla (Alpine <3.11).
+#
+#      --keys-dir KEYS_DIR                Path of directory with Alpine keys to copy into the image.
+#                                         Default is /etc/apk/keys if --arch matches the host arch.
+#                                         If does not exist, keys for aarch64 and x86_64 embedded in
+#                                         this script will be used.
+#
+#   -m --mirror-uri ALPINE_MIRROR         URI of the Aports mirror to fetch packages; used only
+#                                         when --repositories-file is not specified. Default is
+#                                         http://dl-cdn.alpinelinux.org/alpine.
+#
+#   -C --no-cleanup (CLEANUP)             Don't umount and disconnect image when done.
+#
+#   -p --packages PACKAGES                Additional packages to install into the image.
+#
+#   -r --repositories-file REPOS_FILE     Path of the repositories file to copy into the rootfs.
+#                                         If not provided, Alpine's main and community repositories
+#                                         on --mirror-uri will be used.
+#
+#      --rootfs ROOTFS                    Filesystem to create on the image. Default is ext4.
+#
+#   -c --script-chroot (SCRIPT_CHROOT)    Bind <script>'s directory at /mnt inside image and chroot
+#                                         into the image before executing <script>.
+#
+#   -t --serial-console (SERIAL_CONSOLE)  Add configuration for a serial console on ttyS0.
+#
+#   -h --help                             Show this help message and exit.
+#
+#   -V --version                          Print version and exit.
+#
+#   APK                                   APK command to use. Default is "apk".
+#
+#   APK_OPTS                              Options to pass into apk on each execution.
+#                                         Default is "--no-progress".
+#
+#   APK_TOOLS_URI                         URL of apk-tools binary to download if $APK is not found
+#                                         on the host system. Default is apk.static from
+#                                         https://gitlab.alpinelinux.org/alpine/apk-tools/-/packages.
+#
+#   APK_TOOLS_SHA256                      SHA-256 checksum of $APK_TOOLS_URI.
+#
+# Each option can be also provided by environment variable. If both option and
+# variable is specified and the option accepts only one argument, then the
+# option takes precedence.
+#
+# https://github.com/alpinelinux/alpine-make-vm-image
+#---help---
+set -eu
+
+# Some distros (e.g. Arch Linux) does not have /bin or /sbin in PATH.
+PATH="$PATH:/usr/sbin:/usr/bin:/sbin:/bin"
+
+readonly PROGNAME='alpine-make-vm-image'
+readonly VERSION='0.13.4'
+readonly VIRTUAL_PKG=".make-$PROGNAME"
+# An opaque string used to detect changes in resolv.conf.
+readonly RESOLVCONF_MARK="### created by $PROGNAME ###"
+
+# Alpine APK keys for verification of packages for x86_64 and aarch64.
+readonly ALPINE_KEYS='
+4a6a0840:MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1yHJxQgsHQREclQu4Ohe\nqxTxd1tHcNnvnQTu/UrTky8wWvgXT+jpveroeWWnzmsYlDI93eLI2ORakxb3gA2O\nQ0Ry4ws8vhaxLQGC74uQR5+/yYrLuTKydFzuPaS1dK19qJPXB8GMdmFOijnXX4SA\njixuHLe1WW7kZVtjL7nufvpXkWBGjsfrvskdNA/5MfxAeBbqPgaq0QMEfxMAn6/R\nL5kNepi/Vr4S39Xvf2DzWkTLEK8pcnjNkt9/aafhWqFVW7m3HCAII6h/qlQNQKSo\nGuH34Q8GsFG30izUENV9avY7hSLq7nggsvknlNBZtFUcmGoQrtx3FmyYsIC8/R+B\nywIDAQAB
+5261cecb:MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlzMkl7b5PBdfMzGdCT0\ncGloRr5xGgVmsdq5EtJvFkFAiN8Ac9MCFy/vAFmS8/7ZaGOXoCDWbYVLTLOO2qtX\nyHRl+7fJVh2N6qrDDFPmdgCi8NaE+3rITWXGrrQ1spJ0B6HIzTDNEjRKnD4xyg4j\ng01FMcJTU6E+V2JBY45CKN9dWr1JDM/nei/Pf0byBJlMp/mSSfjodykmz4Oe13xB\nCa1WTwgFykKYthoLGYrmo+LKIGpMoeEbY1kuUe04UiDe47l6Oggwnl+8XD1MeRWY\nsWgj8sF4dTcSfCMavK4zHRFFQbGp/YFJ/Ww6U9lA3Vq0wyEI6MCMQnoSMFwrbgZw\nwwIDAQAB
+6165ee59:MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAutQkua2CAig4VFSJ7v54\nALyu/J1WB3oni7qwCZD3veURw7HxpNAj9hR+S5N/pNeZgubQvJWyaPuQDm7PTs1+\ntFGiYNfAsiibX6Rv0wci3M+z2XEVAeR9Vzg6v4qoofDyoTbovn2LztaNEjTkB+oK\ntlvpNhg1zhou0jDVYFniEXvzjckxswHVb8cT0OMTKHALyLPrPOJzVtM9C1ew2Nnc\n3848xLiApMu3NBk0JqfcS3Bo5Y2b1FRVBvdt+2gFoKZix1MnZdAEZ8xQzL/a0YS5\nHd0wj5+EEKHfOd3A75uPa/WQmA+o0cBFfrzm69QDcSJSwGpzWrD1ScH3AK8nWvoj\nv7e9gukK/9yl1b4fQQ00vttwJPSgm9EnfPHLAtgXkRloI27H6/PuLoNvSAMQwuCD\nhQRlyGLPBETKkHeodfLoULjhDi1K2gKJTMhtbnUcAA7nEphkMhPWkBpgFdrH+5z4\nLxy+3ek0cqcI7K68EtrffU8jtUj9LFTUC8dERaIBs7NgQ/LfDbDfGh9g6qVj1hZl\nk9aaIPTm/xsi8v3u+0qaq7KzIBc9s59JOoA8TlpOaYdVgSQhHHLBaahOuAigH+VI\nisbC9vmqsThF2QdDtQt37keuqoda2E6sL7PUvIyVXDRfwX7uMDjlzTxHTymvq2Ck\nhtBqojBnThmjJQFgZXocHG8CAwEAAQ==
+58199dcc:MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3v8/ye/V/t5xf4JiXLXa\nhWFRozsnmn3hobON20GdmkrzKzO/eUqPOKTpg2GtvBhK30fu5oY5uN2ORiv2Y2ht\neLiZ9HVz3XP8Fm9frha60B7KNu66FO5P2o3i+E+DWTPqqPcCG6t4Znk2BypILcit\nwiPKTsgbBQR2qo/cO01eLLdt6oOzAaF94NH0656kvRewdo6HG4urbO46tCAizvCR\nCA7KGFMyad8WdKkTjxh8YLDLoOCtoZmXmQAiwfRe9pKXRH/XXGop8SYptLqyVVQ+\ntegOD9wRs2tOlgcLx4F/uMzHN7uoho6okBPiifRX+Pf38Vx+ozXh056tjmdZkCaV\naQIDAQAB
+616ae350:MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyduVzi1mWm+lYo2Tqt/0\nXkCIWrDNP1QBMVPrE0/ZlU2bCGSoo2Z9FHQKz/mTyMRlhNqTfhJ5qU3U9XlyGOPJ\npiM+b91g26pnpXJ2Q2kOypSgOMOPA4cQ42PkHBEqhuzssfj9t7x47ppS94bboh46\nxLSDRff/NAbtwTpvhStV3URYkxFG++cKGGa5MPXBrxIp+iZf9GnuxVdST5PGiVGP\nODL/b69sPJQNbJHVquqUTOh5Ry8uuD2WZuXfKf7/C0jC/ie9m2+0CttNu9tMciGM\nEyKG1/Xhk5iIWO43m4SrrT2WkFlcZ1z2JSf9Pjm4C2+HovYpihwwdM/OdP8Xmsnr\nDzVB4YvQiW+IHBjStHVuyiZWc+JsgEPJzisNY0Wyc/kNyNtqVKpX6dRhMLanLmy+\nf53cCSI05KPQAcGj6tdL+D60uKDkt+FsDa0BTAobZ31OsFVid0vCXtsbplNhW1IF\nHwsGXBTVcfXg44RLyL8Lk/2dQxDHNHzAUslJXzPxaHBLmt++2COa2EI1iWlvtznk\nOk9WP8SOAIj+xdqoiHcC4j72BOVVgiITIJNHrbppZCq6qPR+fgXmXa+sDcGh30m6\n9Wpbr28kLMSHiENCWTdsFij+NQTd5S47H7XTROHnalYDuF1RpS+DpQidT5tUimaT\nJZDr++FjKrnnijbyNF8b98UCAwEAAQ==
+'
+
+readonly HOST_ARCH="$(uname -m)"
+
+# SHA256 checksum of $APK_TOOLS_URI for each architecture.
+case "$HOST_ARCH" in
+	aarch64) : ${APK_TOOLS_SHA256:="e471d35aa221d031abe9b6288aede12a8e9f1a398954e5a2e1d1bce1727b4ef4"};;
+	x86_64) : ${APK_TOOLS_SHA256:="34bb1a96f0258982377a289392d4ea9f3f4b767a4bb5806b1b87179b79ad8a1c"};;
+esac
+
+: ${APK_TOOLS_URI:="https://gitlab.alpinelinux.org/api/v4/projects/5/packages/generic/v2.14.10/$HOST_ARCH/apk.static"}
+: ${APK:="apk"}
+: ${APK_OPTS:="--no-progress"}
+
+
+# For compatibility with systems that does not have "realpath" command.
+if ! command -v realpath >/dev/null; then
+	alias realpath='readlink -f'
+fi
+
+die() {
+	printf '\033[1;31mERROR:\033[0m %s\n' "$@" >&2  # bold red
+	exit 1
+}
+
+einfo() {
+	printf '\n\033[1;36m> %s\033[0m\n' "$@" >&2  # bold cyan
+}
+
+# Prints help and exists with the specified status.
+help() {
+	sed -En '/^#---help---/,/^#---help---/p' "$0" | sed -E 's/^# ?//; 1d;$d;'
+	exit ${1:-0}
+}
+
+# Cleans the host system. This function is executed before exiting the script.
+cleanup() {
+	set +eu
+	trap '' EXIT HUP INT TERM  # unset trap to avoid loop
+
+	cd /
+	if [ -d "$temp_dir" ]; then
+		rm -Rf "$temp_dir"
+	fi
+	if [ "$mount_dir" ]; then
+		umount_recursively "$mount_dir" \
+			|| die "Failed to unmount $mount_dir; unmount it and disconnect $disk_dev manually"
+		rm -Rf "$mount_dir"
+	fi
+	if [ "$disk_dev" ] && ! [ -b "$IMAGE_FILE" ]; then
+		qemu-nbd --disconnect "$disk_dev" \
+			|| die "Failed to disconnect $disk_dev; disconnect it manually"
+	fi
+	if [ "$INSTALL_HOST_PKGS" = yes ]; then
+		_apk del $VIRTUAL_PKG
+	fi
+}
+
+_apk() {
+	"$APK" $APK_OPTS "$@"
+}
+
+# Attaches the specified image as a NBD block device and prints its path.
+attach_image() {
+	local image="$1"
+	local format="${2:-}"
+	local disk_dev
+
+	disk_dev=$(get_available_nbd) || {
+		modprobe nbd max_part=16
+		sleep 1
+		disk_dev=$(get_available_nbd)
+	} || die 'No available nbd device found!'
+
+	qemu-nbd --connect="$disk_dev" --cache=writeback \
+		${format:+--format=$format} "$image" || return 1
+
+	sleep 1  # see #45
+	echo "$disk_dev"
+}
+
+# Prints UUID of filesystem on the specified block device.
+blk_uuid() {
+	local dev="$1"
+	blkid "$dev" | sed -En 's/.*\bUUID="([^"]+)".*/\1/p'
+}
+
+# Creates GPT parition table on the device $1 for boot mode $2 (BIOS or UEFI).
+create_gpt() {
+	local dev="$1"
+	local mode="$2"
+
+	case "$mode" in
+		BIOS) printf '%s\n' \
+			'label: gpt' \
+			'name=system,type=L,bootable,attrs=LegacyBIOSBootable' \
+			| sfdisk "$dev" ;;
+		UEFI) printf '%s\n' \
+			'label: gpt' \
+			'name=efi,type=U,size=128M,bootable' \
+			'name=system,type=L' \
+			| sfdisk "$dev" ;;
+		*) die "Invalid mode: $mode" ;;
+	esac
+}
+
+# Writes Alpine APK keys embedded in this script into directory $1.
+dump_alpine_keys() {
+	local dest_dir="$1"
+	local content id line
+
+	mkdir -p "$dest_dir"
+	for line in $ALPINE_KEYS; do
+		id=${line%%:*}
+		content=${line#*:}
+
+		printf -- "-----BEGIN PUBLIC KEY-----\n$content\n-----END PUBLIC KEY-----\n" \
+			> "$dest_dir/alpine-devel@lists.alpinelinux.org-$id.rsa.pub"
+	done
+}
+
+# Prints path of available nbdX device, or returns 1 if not any.
+get_available_nbd() {
+	local dev; for dev in $(find /dev -maxdepth 2 -name 'nbd[0-9]*'); do
+		if [ "$(blockdev --getsize64 "$dev")" -eq 0 ]; then
+			echo "$dev"; return 0
+		fi
+	done
+	return 1
+}
+
+# Prints name of the package needed for creating the specified filesystem.
+fs_progs_pkg() {
+	local fs="$1"  # filesystem name
+
+	case "$fs" in
+		ext4) echo 'e2fsprogs';;
+		btrfs) echo 'btrfs-progs';;
+		xfs) echo 'xfsprogs';;
+	esac
+}
+
+# Tests if the specified command exists on the system.
+has_cmd() {
+	command -v "$1" >/dev/null
+}
+
+# Binds the directory $1 at the mountpoint $2 and sets propagation to private.
+mount_bind() {
+	mkdir -p "$2"
+	mount --bind "$1" "$2"
+	mount --make-private "$2"
+}
+
+# Prepares chroot at the specified path.
+prepare_chroot() {
+	local dest="$1"
+
+	mkdir -p "$dest"/proc
+	mount -t proc none "$dest"/proc
+	mount_bind /dev "$dest"/dev
+	mount_bind /sys "$dest"/sys
+
+	install -D -m 644 /etc/resolv.conf "$dest"/etc/resolv.conf
+	echo "$RESOLVCONF_MARK" >> "$dest"/etc/resolv.conf
+}
+
+# Adds specified services to the runlevel. Current working directory must be
+# root of the image.
+rc_add() {
+	local runlevel="$1"; shift  # runlevel name
+	local services="$*"  # names of services
+
+	local svc; for svc in $services; do
+		mkdir -p etc/runlevels/$runlevel
+		ln -s /etc/init.d/$svc etc/runlevels/$runlevel/$svc
+		echo " * service $svc added to runlevel $runlevel"
+	done
+}
+
+# Ensures that the specified device node exists.
+settle_dev_node() {
+	local dev="$1"
+
+	[ -e "$dev" ] && return 0
+
+	sleep 1  # give hotplug handler some time to kick in
+	[ -e "$dev" ] && return 0
+
+	if has_cmd udevadm; then
+		udevadm settle --exit-if-exists="$dev"
+	elif has_cmd mdev; then
+		mdev -s
+	fi
+	[ -e "$dev" ] && return 0
+
+	return 1
+}
+
+# Installs and configures extlinux.
+setup_extlinux() {
+	local mnt="$1"  # path of directory where is root device currently mounted
+	local root_dev="$2"  # root device
+	local modules="$3"  # modules which should be loaded before pivot_root
+	local kernel_flavor="$4"  # name of default kernel to boot
+	local serial_port="$5"  # serial port number for serial console
+	local default_kernel="$kernel_flavor"
+	local kernel_opts=''
+
+	[ -z "$serial_port" ] || kernel_opts="console=$serial_port"
+
+	if [ "$kernel_flavor" = 'virt' ]; then
+		_apk search --root . --exact --quiet linux-lts | grep -q . \
+			&& default_kernel='lts' \
+			|| default_kernel='vanilla'
+	fi
+
+	sed -Ei \
+		-e "s|^[# ]*(root)=.*|\1=$root_dev|" \
+		-e "s|^[# ]*(default_kernel_opts)=.*|\1=\"$kernel_opts\"|" \
+		-e "s|^[# ]*(modules)=.*|\1=\"$modules\"|" \
+		-e "s|^[# ]*(default)=.*|\1=$default_kernel|" \
+		-e "s|^[# ]*(serial_port)=.*|\1=$serial_port|" \
+		"$mnt"/etc/update-extlinux.conf
+
+	chroot "$mnt" extlinux --install /boot
+	chroot "$mnt" update-extlinux --warn-only 2>&1 \
+		| { grep -Fv 'extlinux: cannot open device /dev' ||:; } >&2
+}
+
+# Configures mkinitfs.
+setup_mkinitfs() {
+	local mnt="$1"  # path of directory where is root device currently mounted
+	local features="$2"  # list of mkinitfs features
+
+	features=$(printf '%s\n' $features | sort | uniq | xargs)
+
+	sed -Ei "s|^[# ]*(features)=.*|\1=\"$features\"|" \
+		"$mnt"/etc/mkinitfs/mkinitfs.conf
+}
+
+# Unmounts all filesystem under the specified directory tree.
+umount_recursively() {
+	local mount_point="$1"
+	test -n "$mount_point" || return 1
+
+	cat /proc/mounts \
+		| cut -d ' ' -f 2 \
+		| grep "^$mount_point" \
+		| sort -r \
+		| xargs -r -n 1 umount
+}
+
+# Downloads the specified file using wget and checks checksum.
+wgets() (
+	local url="$1"
+	local sha256="$2"
+	local dest="${3:-.}"
+
+	cd "$dest" \
+		&& wget -T 10 --no-verbose "$url" \
+		&& echo "$sha256  ${url##*/}" | sha256sum -c
+)
+
+
+#=============================  M a i n  ==============================#
+
+opts=$(getopt -n $PROGNAME -o a:b:B:cCf:hi:k:m:p:Pr:s:S:tV \
+	-l arch:,boot-mode:,branch:,fs-skel-chown:,fs-skel-dir:,image-format:,image-size:,initfs-features:,kernel-flavor:,keys-dir:,mirror-uri:,no-cleanup,packages:,partition,repositories-file:,rootfs:,script-chroot,serial-console,help,version \
+	-- "$@") || help 1 >&2
+
+eval set -- "$opts"
+while [ $# -gt 0 ]; do
+	n=2
+	case "$1" in
+		-a | --arch) ARCH="$2";;
+		-B | --boot-mode) BOOT_MODE="$2";;
+		-b | --branch) ALPINE_BRANCH="$2";;
+		-S | --fs-skel-dir) FS_SKEL_DIR="$(realpath "$2")";;
+		     --fs-skel-chown) FS_SKEL_CHOWN="$2";;
+		-f | --image-format) IMAGE_FORMAT="$2";;
+		-s | --image-size) IMAGE_SIZE="$2";;
+		-i | --initfs-features) INITFS_FEATURES="${INITFS_FEATURES:-} $2";;
+		-k | --kernel-flavor) KERNEL_FLAVOR="$2";;
+		     --keys-dir) KEYS_DIR="$(realpath "$2")";;
+		-m | --mirror-uri) ALPINE_MIRROR="$2";;
+		-C | --no-cleanup) CLEANUP='no'; n=1;;
+		-p | --packages) PACKAGES="${PACKAGES:-} $2";;
+		-P | --partition) PARTITION='yes'; n=1;;
+		-r | --repositories-file) REPOS_FILE="$(realpath "$2")";;
+		     --rootfs) ROOTFS="$2";;
+		-t | --serial-console) SERIAL_CONSOLE='yes'; n=1;;
+		-c | --script-chroot) SCRIPT_CHROOT='yes'; n=1;;
+		-h | --help) help 0;;
+		-V | --version) echo "$PROGNAME $VERSION"; exit 0;;
+		--) shift; break;;
+	esac
+	shift $n
+done
+
+: ${ALPINE_BRANCH:="latest-stable"}
+: ${ALPINE_MIRROR:="http://dl-cdn.alpinelinux.org/alpine"}
+: ${ARCH:=}
+: ${CLEANUP:="yes"}
+: ${FS_SKEL_CHOWN:=}
+: ${FS_SKEL_DIR:=}
+: ${IMAGE_FORMAT:=}
+: ${IMAGE_SIZE:="2G"}
+# kms includes virtio-gpu drivers used for graphical output. This is needed
+# for aarch64 where '-vga std' is not supported, but useful even for x86_64.
+: ${INITFS_FEATURES:="kms scsi virtio"}
+: ${KERNEL_FLAVOR:="virt"}
+: ${PACKAGES:=}
+: ${PARTITION:="no"}
+: ${REPOS_FILE:=}
+: ${ROOTFS:="ext4"}
+: ${SCRIPT_CHROOT:="no"}
+: ${SERIAL_CONSOLE:="no"}
+
+case "$ALPINE_BRANCH" in
+	[0-9]*) ALPINE_BRANCH="v$ALPINE_BRANCH";;
+esac
+
+if [ -z "$ARCH" ] || [ "$HOST_ARCH" = "$ARCH" ]; then
+	: ${KEYS_DIR:="/etc/apk/keys"}
+else
+	: ${KEYS_DIR:=}
+fi
+
+case "${ARCH:-"$HOST_ARCH"}" in
+	x86*) : ${BOOT_MODE:="BIOS"};;
+	*)    : ${BOOT_MODE:="UEFI"}
+	      [ "$BOOT_MODE" = 'BIOS' ] && die 'BIOS boot mode is supported only on x86/x86_64';;
+esac
+
+case "$BOOT_MODE" in
+	BIOS | UEFI) ;;
+	*) die "Invalid boot-mode: $BOOT_MODE";;
+esac
+
+if [ -f /etc/alpine-release ]; then
+	: ${INSTALL_HOST_PKGS:="yes"}
+else
+	: ${INSTALL_HOST_PKGS:="no"}
+fi
+
+SERIAL_PORT=
+[ "$SERIAL_CONSOLE" = 'no' ] || SERIAL_PORT='ttyS0'
+
+[ $# -ne 0 ] || help 1 >&2
+
+IMAGE_FILE="$1"; shift
+SCRIPT=
+[ $# -eq 0 ] || { SCRIPT=$(realpath "$1"); shift; }
+
+if [ "$CLEANUP" != 'no' ]; then
+	trap 'cleanup' EXIT
+	trap 'cleanup; exit 130' HUP INT TERM
+fi
+
+#-----------------------------------------------------------------------
+if [ "$INSTALL_HOST_PKGS" = yes ]; then
+	einfo 'Installing needed packages on host system'
+
+	# We need load btrfs module to avoid the error message:
+	# 'failed to open /dev/btrfs-control'
+	if ! grep -q -w "$ROOTFS" /proc/filesystems; then
+		modprobe $ROOTFS
+	fi
+
+	[ "$BOOT_MODE" = 'UEFI' ] && vfatpkg='dosfstools' || vfatpkg=
+	_apk add -t $VIRTUAL_PKG qemu-img $(fs_progs_pkg "$ROOTFS") $vfatpkg rsync sfdisk
+fi
+
+#-----------------------------------------------------------------------
+temp_dir=''
+if ! command -v "$APK" >/dev/null; then
+	einfo "$APK not found, downloading static apk-tools"
+
+	temp_dir="$(mktemp -d /tmp/$PROGNAME.XXXXXX)"
+	wgets "$APK_TOOLS_URI" "$APK_TOOLS_SHA256" "$temp_dir"
+	APK="$temp_dir/apk.static"
+	chmod +x "$APK"
+fi
+
+#-----------------------------------------------------------------------
+if [ ! -f "$IMAGE_FILE" ] && [ ! -b "$IMAGE_FILE" ]; then
+	einfo "Creating $IMAGE_FORMAT image of size $IMAGE_SIZE"
+	qemu-img create ${IMAGE_FORMAT:+-f $IMAGE_FORMAT} "$IMAGE_FILE" "$IMAGE_SIZE"
+fi
+
+#-----------------------------------------------------------------------
+if [ -b "$IMAGE_FILE" ]; then
+	echo "Provided target $IMAGE_FILE is a block device" >&2
+
+	disk_dev="$IMAGE_FILE"
+else
+	einfo "Attaching image $IMAGE_FILE as a NBD device"
+
+	disk_dev=$(attach_image "$IMAGE_FILE" "$IMAGE_FORMAT")
+fi
+
+#-----------------------------------------------------------------------
+if [ "$PARTITION" = yes ] || [ "$BOOT_MODE" = 'UEFI' ]; then
+	einfo 'Creating GPT partition table'
+
+	create_gpt "$disk_dev" "$BOOT_MODE"
+
+	if [ "$BOOT_MODE" = 'BIOS' ]; then
+		root_dev="${disk_dev}p1"
+	else
+		esp_dev="${disk_dev}p1"
+		root_dev="${disk_dev}p2"
+	fi
+	# This is needed when running in a container.
+	settle_dev_node "$root_dev" || die "system didn't create $root_dev node"
+else
+	root_dev="$disk_dev"
+fi
+
+#-----------------------------------------------------------------------
+einfo 'Creating filesystem(s)'
+
+if [ "$BOOT_MODE" = 'UEFI' ]; then
+	mkfs.fat -F32 -n EFI "$esp_dev"
+fi
+
+# syslinux 6.0.3 cannot boot from ext4 w/ 64bit feature enabled.
+# -E nodiscard / -K - do not attempt to discard blocks at mkfs time (it's
+# useless for NBD image and prints confusing error).
+[ "$ROOTFS" = ext4 ] && mkfs_args='-O ^64bit -E nodiscard' || mkfs_args='-K'
+
+mkfs.$ROOTFS -L root $mkfs_args "$root_dev"
+
+root_uuid=$(blk_uuid "$root_dev")
+mount_dir=$(mktemp -d /tmp/$PROGNAME.XXXXXX)
+
+#-----------------------------------------------------------------------
+einfo "Mounting image at $mount_dir"
+
+mount "$root_dev" "$mount_dir"
+
+if [ "$BOOT_MODE" = 'UEFI' ]; then
+	install -d -m 000 "$mount_dir"/boot
+	mount -t vfat "$esp_dev" "$mount_dir"/boot
+fi
+
+#-----------------------------------------------------------------------
+einfo 'Installing base system'
+
+cd "$mount_dir"
+
+mkdir -p etc/apk/keys
+if [ "$REPOS_FILE" ]; then
+	install -m 644 "$REPOS_FILE" etc/apk/repositories
+else
+	cat > etc/apk/repositories <<-EOF
+		$ALPINE_MIRROR/$ALPINE_BRANCH/main
+		$ALPINE_MIRROR/$ALPINE_BRANCH/community
+	EOF
+fi
+if [ -d "$KEYS_DIR" ]; then
+	cp "$KEYS_DIR"/* etc/apk/keys/
+else
+	dump_alpine_keys etc/apk/keys/
+fi
+
+# Use APK cache if available.
+if [ -L /etc/apk/cache ]; then
+	ln -s "$(realpath /etc/apk/cache)" etc/apk/cache
+fi
+
+_apk add --root . ${ARCH:+--arch "$ARCH"} --update-cache --initdb alpine-base
+
+fsprogs_pkgs=
+# btrfs doesn't use fsck, so we don't have to install btrfs-progs.
+[ "$ROOTFS" != 'btrfs' ] && fsprogs_pkgs="$(fs_progs_pkg "$ROOTFS")"
+[ "$BOOT_MODE" = 'UEFI' ] && fsprogs_pkgs="$fsprogs_pkgs dosfstools"
+[ "$fsprogs_pkgs" ] && _apk add --root . $fsprogs_pkgs
+
+prepare_chroot .
+
+#-----------------------------------------------------------------------
+einfo "Installing kernel linux-$KERNEL_FLAVOR"
+
+if [ "$KERNEL_FLAVOR" = 'virt' ]; then
+	_apk add --root . linux-$KERNEL_FLAVOR
+else
+	# Avoid installing *all* linux-firmware-* packages (see #21).
+	_apk add --root . linux-$KERNEL_FLAVOR linux-firmware-none
+fi
+
+#-----------------------------------------------------------------------
+einfo "Installing and configuring mkinitfs"
+
+_apk add --root . mkinitfs
+setup_mkinitfs . "base $ROOTFS $INITFS_FEATURES"
+
+#-----------------------------------------------------------------------
+if [ "$BOOT_MODE" = 'BIOS' ]; then
+	einfo 'Setting up extlinux bootloader'
+
+	_apk add --root . --no-scripts syslinux
+	setup_extlinux . "UUID=$root_uuid" "$ROOTFS" "$KERNEL_FLAVOR" "$SERIAL_PORT"
+
+	if [ "$PARTITION" = yes ]; then
+		dd bs=440 count=1 conv=notrunc if=usr/share/syslinux/gptmbr.bin of="$disk_dev"
+		sync
+	fi
+fi
+
+#-----------------------------------------------------------------------
+einfo 'Configuring system'
+
+cat > etc/fstab <<-EOF
+	# <fs>		<mountpoint>	<type>	<opts>		<dump/pass>
+	UUID=$root_uuid	/		$ROOTFS	relatime	0 1
+EOF
+
+if [ "$BOOT_MODE" = 'UEFI' ]; then
+	echo "LABEL=EFI	/boot		vfat\
+	rw,relatime,fmask=0133,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro	0 2" \
+	>> etc/fstab
+
+	# This script is interpreted by UEFI.
+	# NOTE: When console=$SERIAL_PORT is added here, no messages are printed to
+	#  console on QEMU after switch_root. 'console=tty0' must be explicitly set
+	#  for aarch64 (it's the default on x86_64).
+	echo "vmlinuz-$KERNEL_FLAVOR" \
+		"initrd=initramfs-$KERNEL_FLAVOR" \
+		"root=UUID=$root_uuid" \
+		"rootfstype=$ROOTFS" \
+		"modules=$(echo $INITFS_FEATURES | tr ' ' ',')" \
+		'console=tty0' \
+		> boot/startup.nsh
+fi
+
+# We just prepare this config, but don't start the networking service.
+cat > etc/network/interfaces <<-EOF
+	auto eth0
+	iface eth0 inet dhcp
+
+	post-up /etc/network/if-post-up.d/*
+	post-down /etc/network/if-post-down.d/*
+EOF
+
+mkdir -p etc/network/if-post-up.d
+mkdir -p etc/network/if-post-down.d
+
+if [ "$SERIAL_PORT" ]; then
+	echo "$SERIAL_PORT" >> etc/securetty
+	sed -Ei "s|^[# ]*($SERIAL_PORT:.*)|\1|" etc/inittab
+fi
+
+#-----------------------------------------------------------------------
+einfo 'Enabling base system services'
+
+rc_add sysinit devfs dmesg mdev hwdrivers
+[ -e etc/init.d/cgroups ] && rc_add sysinit cgroups ||:  # since v3.8
+
+rc_add boot modules hwclock swap hostname sysctl bootmisc syslog
+# urandom was renamed to seedrng in v3.17
+[ -e etc/init.d/seedrng ] && rc_add boot seedrng || rc_add boot urandom
+
+rc_add shutdown killprocs savecache mount-ro
+
+#-----------------------------------------------------------------------
+if [ "$PACKAGES" ]; then
+	einfo 'Installing additional packages'
+	_apk add --root . $PACKAGES
+fi
+
+#-----------------------------------------------------------------------
+if [ -L /etc/apk/cache ]; then
+	rm etc/apk/cache >/dev/null 2>&1
+fi
+
+#-----------------------------------------------------------------------
+if [ "$FS_SKEL_DIR" ]; then
+	einfo "Copying content of $FS_SKEL_DIR into image"
+
+	[ "$FS_SKEL_CHOWN" ] \
+		&& rsync_opts="--chown $FS_SKEL_CHOWN" \
+		|| rsync_opts='--numeric-ids'
+	rsync --archive --info=NAME2 --whole-file $rsync_opts "$FS_SKEL_DIR"/ . >&2
+
+	# rsync may modify perms of the rootfs dir itself, so make sure it's correct.
+	install -d -m 0755 -o root -g root .
+fi
+
+#-----------------------------------------------------------------------
+if [ "$SCRIPT" ]; then
+	script_name="${SCRIPT##*/}"
+
+	if [ "$SCRIPT_CHROOT" = 'no' ]; then
+		einfo "Executing script: $script_name $*"
+		"$SCRIPT" "$@" || die 'Script failed'
+	else
+		einfo "Executing script in chroot: $script_name $*"
+		mount_bind "${SCRIPT%/*}" mnt/
+		chroot . /bin/sh -c "cd /mnt && ./$script_name \"\$@\"" -- "$@" \
+			|| die 'Script failed'
+	fi
+fi
+
+#-----------------------------------------------------------------------
+if grep -qw "$RESOLVCONF_MARK" etc/resolv.conf 2>/dev/null; then
+	cat > etc/resolv.conf <<-EOF
+		# Default nameservers, replace them with your own.
+		nameserver 1.1.1.1
+		nameserver 2606:4700:4700::1111
+	EOF
+fi
+
+rm -Rf var/cache/apk/* ||:
+
+einfo 'Completed'
+
+cd - >/dev/null
+ls -lh "$IMAGE_FILE"
\ No newline at end of file
diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh
index 7a8dd6d..f91d948 100755
--- a/scripts/entrypoint.sh
+++ b/scripts/entrypoint.sh
@@ -4,7 +4,7 @@ set -euo pipefail
 /usr/bin/cloud-hypervisor \
   --kernel /boot/vmlinuz-virt --initramfs /boot/initramfs-virt \
   --disk path=/image/vm.raw,image_type=raw \
-  --disk path=/image/data.raw,direct=on\
+  --disk path=/image/data.raw,direct=on,image_type=raw \
   --cmdline "root=/dev/vda rootfstype=ext4 modules=ext4a rw console=hvc0" \
   --cpus boot=${CPU_COUNT:-4} \
   --memory size=${MEMORY:-4G},shared=on \
diff --git a/test.sh b/test.sh
new file mode 100755
index 0000000..49870d9
--- /dev/null
+++ b/test.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+set -euo pipefail
+
+/usr/bin/cloud-hypervisor \
+  --kernel /boot/vmlinuz-virt --initramfs /boot/initramfs-virt \
+  --disk path=/image/vm.raw,image_type=raw \
+  --disk path=/image/data.raw,direct=on,image_type=raw \
+  --cmdline "modules=ext4 root=/dev/vda rootfstype=ext4 rw console=hvc0" \
+  --cpus boot=${CPU_COUNT:-4} \
+  --memory size=${MEMORY:-4G},shared=on \
+  $@