mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2026-05-04 19:56:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into dongsu/merge-upstream-2019-01-08

Browse Source 
portage-stable was updated to be in sync with upstream, so that the new
GLSA 201810-10, where systemd v238 got rejected due to security issues.
However, coreos-overlay still uses systemd v238. So we should also
follow the upstream strategy of whitelisting GLSA 201810-10, to build
Flatcar based on the current coreos-overlay.

So simply merge upstream/master into flatcar-master.
This commit is contained in:
Dongsu Park 2019-01-08 13:56:30 +01:00
commit 3af3cf7d9b
24 changed files with 72 additions and 177 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
build_library/build_image_util.sh
View File

@ -103,8 +103,6 @@ generate_update() {
run_ldconfig() {
local root_fs_dir=$1
case ${ARCH} in
arm64)
sudo qemu-aarch64 "${root_fs_dir}"/usr/sbin/ldconfig -r "${root_fs_dir}";;
x86|amd64)
sudo ldconfig -r "${root_fs_dir}";;
*)
@ -115,8 +113,6 @@ run_ldconfig() {
run_localedef() {
local root_fs_dir="$1" loader=()
case ${ARCH} in
arm64)
loader=( qemu-aarch64 -L "${root_fs_dir}" );;
amd64)
loader=( "${root_fs_dir}/usr/lib64/ld-linux-x86-64.so.2" \
--library-path "${root_fs_dir}/usr/lib64" );;
@ -460,7 +456,6 @@ finish_image() {
# Only enable rootfs verification on supported boards.
case "${FLAGS_board}" in
amd64-usr) verity_offset=64 ;;
arm64-usr) verity_offset=512 ;;
*) disable_read_write=${FLAGS_FALSE} ;;
esac
@ -532,7 +527,6 @@ EOF
# Magic alert! Root hash injection works by writing the hash value to a
# known unused SHA256-sized location in the kernel image.
# For amd64 the rdev error message is used.
# For arm64 an area between the EFI headers and the kernel text is used.
# Our modified GRUB extracts the hash and adds it to the cmdline.
printf %s "$(cat ${BUILD_DIR}/${image_name%.bin}_verity.txt)" | \
sudo dd of="${root_fs_dir}/boot/flatcar/vmlinuz-a" conv=notrunc \
@ -570,9 +564,6 @@ EOF
if [[ "${install_grub}" -eq 1 ]]; then
local target
local target_list="i386-pc x86_64-efi x86_64-xen"
if [[ ${BOARD} == "arm64-usr" ]]; then
target_list="arm64-efi"
fi
local grub_args=()
if [[ ${disable_read_write} -eq ${FLAGS_TRUE} ]]; then
grub_args+=(--verity)

2
build_library/catalyst.sh
View File

@ -59,7 +59,7 @@ contents="auto"
digests="md5 sha1 sha512 whirlpool"
hash_function="crc32"
options="pkgcache"
sharedir="/usr/lib/catalyst"
sharedir="/usr/share/catalyst"
storedir="$CATALYST_ROOT"
distdir="$DISTDIR"
envscript="$TEMPDIR/catalystrc"

3
build_library/catalyst_default_stage4.sh
View File

@ -4,3 +4,6 @@ source /tmp/chroot-functions.sh
echo "Double checking everything is fresh and happy."
run_merge -uDN --with-bdeps=y world
echo "Setting the default Python interpreter to Python 2."
eselect python set python2.7

35
build_library/check_root
View File

@ -29,32 +29,10 @@ IGNORE_MISSING = {
SonameAtom("x86_64", "libc.so.6")],
# RPATHs and symlinks apparently confuse the perl-5.24 package
"dev-lang/perl": [SonameAtom("arm_64", "libperl.so.5.24.1"),
SonameAtom("x86_64", "libperl.so.5.24.1")],
"dev-lang/perl": [SonameAtom("x86_64", "libperl.so.5.24.1")],
# https://bugs.gentoo.org/show_bug.cgi?id=554582
"net-firewall/ebtables": [SonameAtom("arm_64", "libebt_802_3.so"),
SonameAtom("arm_64", "libebt_among.so"),
SonameAtom("arm_64", "libebt_arp.so"),
SonameAtom("arm_64", "libebt_arpreply.so"),
SonameAtom("arm_64", "libebt_ip.so"),
SonameAtom("arm_64", "libebt_ip6.so"),
SonameAtom("arm_64", "libebt_limit.so"),
SonameAtom("arm_64", "libebt_log.so"),
SonameAtom("arm_64", "libebt_mark.so"),
SonameAtom("arm_64", "libebt_mark_m.so"),
SonameAtom("arm_64", "libebt_nat.so"),
SonameAtom("arm_64", "libebt_nflog.so"),
SonameAtom("arm_64", "libebt_pkttype.so"),
SonameAtom("arm_64", "libebt_redirect.so"),
SonameAtom("arm_64", "libebt_standard.so"),
SonameAtom("arm_64", "libebt_stp.so"),
SonameAtom("arm_64", "libebt_ulog.so"),
SonameAtom("arm_64", "libebt_vlan.so"),
SonameAtom("arm_64", "libebtable_broute.so"),
SonameAtom("arm_64", "libebtable_filter.so"),
SonameAtom("arm_64", "libebtable_nat.so"),
SonameAtom("x86_64", "libebt_802_3.so"),
"net-firewall/ebtables": [SonameAtom("x86_64", "libebt_802_3.so"),
SonameAtom("x86_64", "libebt_among.so"),
SonameAtom("x86_64", "libebt_arp.so"),
SonameAtom("x86_64", "libebt_arpreply.so"),
@ -77,14 +55,7 @@ IGNORE_MISSING = {
SonameAtom("x86_64", "libebtable_nat.so")],
# Ignore the Rust libraries in their own libdir.
"dev-libs/rustlib": [SonameAtom("arm_64", "librustc_data_structures.so"),
SonameAtom("arm_64", "librustc_errors.so"),
SonameAtom("arm_64", "libserialize.so"),
SonameAtom("arm_64", "libstd.so"),
SonameAtom("arm_64", "libsyntax.so"),
SonameAtom("arm_64", "libsyntax_pos.so"),
SonameAtom("arm_64", "libterm.so"),
SonameAtom("x86_64", "librustc_data_structures.so"),
"dev-libs/rustlib": [SonameAtom("x86_64", "librustc_data_structures.so"),
SonameAtom("x86_64", "librustc_errors.so"),
SonameAtom("x86_64", "libserialize.so"),
SonameAtom("x86_64", "libstd.so"),

1
build_library/ebuild_aci_util.sh
View File

@ -40,7 +40,6 @@ ebuild_aci_write_manifest() {
case "${BOARD}" in
amd64-usr) appc_arch=amd64 ;;
arm64-usr) appc_arch=aarch64 ;;
*) die_notrace "Cannot map \"${BOARD}\" to an appc arch" ;;
esac

19
build_library/grub.cfg
View File

@ -91,32 +91,21 @@ if [ -z "$linux_console" ]; then
terminal_input console serial_com0
terminal_output console serial_com0
elif [ "$grub_platform" = efi ]; then
if [ "$grub_cpu" = arm64 ]; then
set linux_console="console=ttyAMA0,115200n8"
else
set linux_console="console=ttyS0,115200n8 console=tty0"
fi
set linux_console="console=ttyS0,115200n8 console=tty0"
elif [ "$grub_platform" = xen ]; then
set linux_console="console=hvc0"
fi
fi
set extra_options=""
if [ "$grub_cpu" = arm64 ]; then
set extra_options="acpi=force"
fi
set suf=""
# UEFI uses linuxefi/initrdefi instead of linux/initrd except for arm64
# UEFI uses linuxefi/initrdefi instead of linux/initrd
if [ "$grub_platform" = efi ]; then
if [ "$grub_cpu" != arm64 ]; then
set suf="efi"
fi
set suf="efi"
fi
# Assemble the options applicable to all the kernels below
set linux_cmdline="rootflags=rw mount.usrflags=ro consoleblank=0 $linux_root $linux_console $first_boot $randomize_disk_guid $extra_options $oem $linux_append"
set linux_cmdline="rootflags=rw mount.usrflags=ro consoleblank=0 $linux_root $linux_console $first_boot $randomize_disk_guid $oem $linux_append"
# Re-implement grub_abort() since no command exposes it.
function abort {

26
build_library/grub_install.sh
View File

@ -48,10 +48,6 @@ CORE_MODULES=( normal search test fat part_gpt search_fs_uuid gzio search_part_l
# Name of the core image, depends on target
CORE_NAME=
# Whether the SDK's grub or the board root's grub is used. Once amd64 is
# fixed up the board root's grub will always be used.
BOARD_GRUB=0
case "${FLAGS_target}" in
i386-pc)
CORE_MODULES+=( biosdisk serial )
@ -64,21 +60,11 @@ case "${FLAGS_target}" in
x86_64-xen)
CORE_NAME="core.elf"
;;
arm64-efi)
CORE_MODULES+=( serial linux efi_gop getenv smbios efinet verify http tftp )
CORE_NAME="core.efi"
BOARD_GRUB=1
;;
*)
die_notrace "Unknown GRUB target ${FLAGS_target}"
;;
esac
if [[ $BOARD_GRUB -eq 1 ]]; then
info "Updating GRUB in ${BOARD_ROOT}"
emerge-${BOARD} --nodeps --select -qugKN sys-boot/grub
GRUB_SRC="${BOARD_ROOT}/usr/lib/grub/${FLAGS_target}"
fi
[[ -d "${GRUB_SRC}" ]] || die "GRUB not installed at ${GRUB_SRC}"
# In order for grub-setup-bios to properly detect the layout of the disk
@ -230,18 +216,6 @@ case "${FLAGS_target}" in
sudo cp "${BUILD_LIBRARY_DIR}/menu.lst" \
"${ESP_DIR}/boot/grub/menu.lst"
;;
arm64-efi)
info "Installing default arm64 UEFI bootloader."
sudo mkdir -p "${ESP_DIR}/EFI/boot"
#FIXME(andrejro): shim not ported to aarch64
sudo cp "${ESP_DIR}/${GRUB_DIR}/${CORE_NAME}" \
"${ESP_DIR}/EFI/boot/bootaa64.efi"
if [[ -n "${FLAGS_copy_efi_grub}" ]]; then
# copying from vfat so ignore permissions
cp --no-preserve=mode "${ESP_DIR}/EFI/boot/bootaa64.efi" \
"${FLAGS_copy_efi_grub}"
fi
;;
esac
cleanup

1
build_library/oem_aci_util.sh
View File

@ -74,7 +74,6 @@ oem_aci_write_manifest() {
case "${BOARD}" in
amd64-usr) appc_arch=amd64 ;;
arm64-usr) appc_arch=aarch64 ;;
*) die_notrace "Cannot map \"${BOARD}\" to an appc arch" ;;
esac

9
build_library/prod_image_util.sh
View File

@ -85,7 +85,7 @@ create_prod_image() {
# Assert that if this is supposed to be an official build that the
# official update keys have been used.
if [[ ${COREOS_OFFICIAL:-0} -eq 1 && "${BOARD}" != arm64-usr ]]; then
if [[ ${COREOS_OFFICIAL:-0} -eq 1 ]]; then
grep -q official \
"${root_fs_dir}"/var/db/pkg/coreos-base/coreos-au-key-*/USE \
|| die_notrace "coreos-au-key is missing the 'official' use flag"
@ -94,6 +94,8 @@ create_prod_image() {
# clean-ups of things we do not need
sudo rm ${root_fs_dir}/etc/csh.env
sudo rm -rf ${root_fs_dir}/etc/env.d
sudo rm -rf ${root_fs_dir}/usr/include
sudo rm -rf ${root_fs_dir}/var/cache/edb
sudo rm -rf ${root_fs_dir}/var/db/pkg
sudo mv ${root_fs_dir}/etc/profile.env \
@ -139,11 +141,8 @@ EOF
"${BUILD_DIR}/${image_kernel}"
"${BUILD_DIR}/${image_pcr_policy}"
"${BUILD_DIR}/${image_grub}"
"${BUILD_DIR}/${image_shim}"
"${BUILD_DIR}/${image_kconfig}"
)
# FIXME(bgilbert): no shim on arm64
if [[ -f "${BUILD_DIR}/${image_shim}" ]]; then
to_upload+=("${BUILD_DIR}/${image_shim}")
fi
upload_image -d "${BUILD_DIR}/${image_name}.bz2.DIGESTS" "${to_upload[@]}"
}

17
build_library/qemu_template.sh
View File

@ -153,10 +153,6 @@ else
set -- -machine accel=kvm -cpu host -smp "${VM_NCPUS}" "$@" ;;
amd64-usr+*)
set -- -machine pc-q35-2.8 -cpu kvm64 -smp 1 -nographic "$@" ;;
arm64-usr+aarch64)
set -- -machine virt,accel=kvm,gic-version=3 -cpu host -smp "${VM_NCPUS}" -nographic "$@" ;;
arm64-usr+*)
set -- -machine virt -cpu cortex-a57 -smp 1 -nographic "$@" ;;
*)
die "Unsupported arch" ;;
esac
@ -177,10 +173,6 @@ if [ -n "${VM_IMAGE}" ]; then
case "${VM_BOARD}" in
amd64-usr)
set -- -drive if=virtio,file="${SCRIPT_DIR}/${VM_IMAGE}" "$@" ;;
arm64-usr)
set -- -drive if=none,id=blk,file="${SCRIPT_DIR}/${VM_IMAGE}" \
-device virtio-blk-device,drive=blk "$@"
;;
*) die "Unsupported arch" ;;
esac
fi
@ -223,15 +215,6 @@ case "${VM_BOARD}" in
-object rng-random,filename=/dev/urandom,id=rng0 -device virtio-rng-pci,rng=rng0 \
"$@"
;;
arm64-usr)
qemu-system-aarch64 \
-name "$VM_NAME" \
-m ${VM_MEMORY} \
-netdev user,id=eth0,hostfwd=tcp::"${SSH_PORT}"-:22,hostname="${VM_NAME}" \
-device virtio-net-device,netdev=eth0 \
-object rng-random,filename=/dev/urandom,id=rng0 -device virtio-rng-pci,rng=rng0 \
"$@"
;;
*) die "Unsupported arch" ;;
esac

5
build_library/set_lsb_release
View File

@ -31,12 +31,7 @@ OS_ID="flatcar"
OS_ID_LIKE="coreos"
OS_PRETTY_NAME="$OS_NAME $FLATCAR_VERSION (${OS_CODENAME})"
# temporarily point arm at a different appid until update support
# is completed in update_engine and the CoreUpdate service.
FLATCAR_APPID="{e96281a6-d1af-4bde-9a0a-97b76e56dc57}"
if [[ "${FLAGS_board}" == arm64-* ]]; then
FLATCAR_APPID="{103867da-e3a2-4c92-b0b3-7fbd7f7d8b71}"
fi
# DISTRIB_* are the standard lsb-release names
sudo mkdir -p "${ROOT_FS_DIR}/usr/share/flatcar" "${ROOT_FS_DIR}/etc/flatcar"

4
build_library/test_image_content.sh
View File

@ -4,9 +4,7 @@
GLSA_WHITELIST=(
201412-09 # incompatible CA certificate version numbers
201710-23 # we handle Go differently; drop when 1.9 builds everything
201803-03 # same as above, drop when all Go < 1.9 packages are gone
201804-12 # same as above, except this requires only Go 1.10 or later
201810-10 # we fixed the systemd CVEs in 238, but this wants 239
)
glsa_image() {

4
build_library/toolchain_util.sh
View File

@ -189,8 +189,8 @@ get_cross_pkgs() {
# Get portage arguments restricting toolchains to binary packages only.
get_binonly_args() {
local pkgs=( "${TOOLCHAIN_PKGS[@]}" $(get_cross_pkgs "$@") )
# XXX: Drop this exception after stable > 1729.
local tmppkgs=( ${pkgs[*]##*/glibc} )
# XXX: Drop this exception after stable > 1925.
local tmppkgs=( ${pkgs[*]##*/glibc} ) ; tmppkgs=( ${tmppkgs[*]##*/binutils} )
echo "${tmppkgs[@]/#/--useoldpkg-atoms=}" "${pkgs[@]/#/--rebuild-exclude=}"
}

21
build_library/vm_image_util.sh
View File

@ -303,9 +303,6 @@ get_default_vm_type() {
amd64-usr)
echo "qemu"
;;
arm64-usr)
echo "qemu_uefi"
;;
*)
return 1
;;
@ -622,7 +619,6 @@ _write_cpio_disk() {
local grub_arch
case $BOARD in
amd64-usr) grub_arch="x86_64-efi" ;;
arm64-usr) grub_arch="arm64-efi" ;;
esac
cp "${base_dir}/boot/flatcar/grub/${grub_arch}/core.efi" "${dst_dir}/${grub_name}"
@ -716,21 +712,8 @@ _write_qemu_uefi_conf() {
case $BOARD in
amd64-usr)
cp "/usr/share/edk2/OVMF_CODE.fd" "$(_dst_dir)/${flash_ro}"
cp "/usr/share/edk2/OVMF_VARS.fd" "$(_dst_dir)/${flash_rw}"
;;
arm64-usr)
# Get edk2 files into local build workspace.
info "Updating edk2 in /build/${BOARD}"
emerge-${BOARD} --nodeps --select -qugKN sys-firmware/edk2
# Create 64MiB flash device image files.
dd if=/dev/zero bs=1M count=64 of="$(_dst_dir)/${flash_rw}" \
status=none
cp "/build/${BOARD}/usr/share/edk2/QEMU_EFI.fd" \
"$(_dst_dir)/${flash_ro}.work"
truncate --reference="$(_dst_dir)/${flash_rw}" \
"$(_dst_dir)/${flash_ro}.work"
mv "$(_dst_dir)/${flash_ro}.work" "$(_dst_dir)/${flash_ro}"
cp "/usr/share/edk2-ovmf/OVMF_CODE.fd" "$(_dst_dir)/${flash_ro}"
cp "/usr/share/edk2-ovmf/OVMF_VARS.fd" "$(_dst_dir)/${flash_rw}"
;;
esac

8
check_out_of_date.py
View File

@ -67,11 +67,11 @@ def process_emerge_output(eout):
def get_board_packages(board):
""" gets a list of packages used by a board. valid boards are {arm,amd}64-usr, sdk, and bootstrap"""
""" gets a list of packages used by a board. valid boards are amd64-usr, sdk, and bootstrap"""
emerge_args = "--emptytree --pretend --verbose --unordered-display"
if board == "sdk":
cmd = "emerge {} @system sdk-depends sdk-extras".format(emerge_args)
elif board == "amd64-usr" or board == "arm64-usr":
elif board == "amd64-usr":
cmd = "emerge-{} {} @system board-packages".format(board, emerge_args)
elif board == "bootstrap":
pkgs = exec_command_strict("/usr/lib64/catalyst/targets/stage1/build.py")
@ -92,7 +92,6 @@ def print_table(report, head, line_head, line_tail, tail, joiner, pkg_joiner):
"upstream": ["Upstream"],
"tag": "Tag",
"sdk": ["sdk"],
"arm64-usr": ["arm64-usr"],
"amd64-usr": ["amd64-usr"],
"bootstrap": ["bootstrap"],
"modified": "Modified"})
@ -103,7 +102,6 @@ def print_table(report, head, line_head, line_tail, tail, joiner, pkg_joiner):
pkg_joiner.join(entry.get("upstream",[])),
entry.get("tag",""),
pkg_joiner.join(entry.get("sdk", [])),
pkg_joiner.join(entry.get("arm64-usr", [])),
pkg_joiner.join(entry.get("amd64-usr", [])),
pkg_joiner.join(entry.get("bootstrap", [])),
entry.get("modified","")]) + line_tail)
@ -140,7 +138,7 @@ def main():
subprocess.check_call(["git", "-C", args.upstream_path, "pull"])
pkg_lists = {}
sources = ["sdk", "bootstrap", "amd64-usr", "arm64-usr", "image"]
sources = ["sdk", "bootstrap", "amd64-usr", "image"]
for i in sources:
pkg_lists[i] = get_board_packages(i)

18
common.sh
View File

@ -383,6 +383,8 @@ if [[ -f ${GCLIENT_ROOT}/src/scripts/.default_board ]]; then
die ".default_board: invalid name detected; please fix:" \
"'${DEFAULT_BOARD}'"
fi
elif [ -z "${DEFAULT_BOARD-}" ]; then
DEFAULT_BOARD=amd64-usr
fi
# Directory to store built images. Should be set by sourcing script when used.
@ -926,19 +928,10 @@ BOAT
}
# The binfmt_misc support in the kernel is required.
# The aarch64 binaries should be executed through
# "/usr/bin/qemu-aarch64-static"
setup_qemu_static() {
local root_fs_dir="$1"
case "${BOARD}" in
amd64-usr) return 0;;
arm64-usr)
if [[ -f "${root_fs_dir}/sbin/ldconfig" ]]; then
sudo cp /usr/bin/qemu-aarch64 "${root_fs_dir}"/usr/bin/qemu-aarch64-static
else
die "Missing basic layout in target rootfs"
fi
;;
*) die "Unsupported arch" ;;
esac
}
@ -947,13 +940,6 @@ clean_qemu_static() {
local root_fs_dir="$1"
case "${BOARD}" in
amd64-usr) return 0;;
arm64-usr)
if [[ -f "${root_fs_dir}/usr/bin/qemu-aarch64-static" ]]; then
sudo rm "${root_fs_dir}"/usr/bin/qemu-aarch64-static
else
die "File not found"
fi
;;
*) die "Unsupported arch" ;;
esac
}

2
core_dev_sign_update
View File

@ -6,7 +6,7 @@ SCRIPT_ROOT=$(dirname $(readlink -f "$0"))
assert_inside_chroot
DEFINE_string data_dir "" "Directory containing downloaded release artifacts"
DEFINE_string board "" "Board to sign artifacts for"
DEFINE_string board "amd64-usr" "Board to sign artifacts for"
DEFINE_string version "" "Version to sign artifacts for"
DEFINE_integer n_signatures "2" "Number of signatures this release will be signed with"
DEFINE_string output_dir "" "Output directory"

2
image_inject_bootchain
View File

@ -77,11 +77,9 @@ if [[ -n "${FLAGS_kernel_path}" ]]; then
do_copy "${FLAGS_kernel_path}" "/boot/flatcar/vmlinuz-a"
fi
# FIXME(bgilbert): no shim on arm64
if [[ -n "${FLAGS_efi_grub_path}" ]]; then
case "${BOARD}" in
amd64-usr) image_name="grub.efi" ;;
arm64-usr) image_name="bootaa64.efi" ;;
*) die "GRUB filename not known for this board" ;;
esac

5
jenkins/formats-arm64-usr.txt
View File

@ -1,5 +0,0 @@
openstack
openstack_mini
packet
pxe
qemu_uefi

1
jenkins/sdk.sh
View File

@ -14,7 +14,6 @@ gpg --import "${GPG_SECRET_KEY_FILE}"
sudo rm -rf src/build
S=/mnt/host/source/src/scripts
enter ${S}/update_chroot
enter sudo emerge -uv --jobs=2 catalyst
enter sudo ${S}/bootstrap_sdk \
--sign="${SIGNING_USER}" \

3
oem/openstack/glance_load.sh
View File

@ -34,9 +34,6 @@ while [[ $# -gt 0 ]]; do
amd64|amd64-usr)
board="amd64-usr"
;;
arm64|arm64-usr)
board="arm64-usr"
;;
*)
echo "Error: Unknown arg: $1"
exit 1

2
setup_board
View File

@ -59,7 +59,7 @@ DEFINE_string variant "" \
"Board variant."
# builds wrappers like equery-arm-generic.
# builds wrappers like equery-amd64-usr.
# args:
# $1: command to wrap
# rest: extra arguments to pass to the command

49
signing/transfer.sh
View File

@ -46,6 +46,28 @@ download() {
popd >/dev/null
}
devsign() {
local channel="$1"
local version="$2"
"$(dirname $0)/../core_dev_sign_update" \
--data_dir "${BASEDIR}" \
--version "${version}" \
--output_dir "${SIGDIR}"
git -C "${SIGDIR}" add .
git -C "${SIGDIR}" commit -m "Add sigs from ${USER} for ${channel} ${version}"
}
sign() {
local channel="$1"
local version="$2"
"$(dirname $0)/sign.sh" \
"${BASEDIR}/${BOARD}/${version}" \
"${SIGDIR}/${BOARD}/${version}"
}
upload() {
local channel="$1"
local version="$2"
@ -141,6 +163,7 @@ roll() {
usage() {
echo "Usage: $0 {download|upload} <ARTIFACT-DIR> [{-a|-b|-s} <VERSION>]..." >&2
echo "Usage: $0 {devsign|sign} <ARTIFACT-DIR> <SIG-DIR> [{-a|-b|-s} <VERSION>]..." >&2
echo "Usage: $0 ready [{-a|-b|-s} <VERSION>]..." >&2
echo "Usage: $0 roll [{-a|-b|-s} <HOURS-TO-100-PERCENT>]..." >&2
exit 1
@ -150,7 +173,7 @@ usage() {
CMD="${1:-}"
shift ||:
case "${CMD}" in
download)
download|devsign|sign)
;;
upload|ready|roll)
if [[ -e "${HOME}/.config/roller.conf" ]]; then
@ -167,22 +190,34 @@ case "${CMD}" in
;;
esac
# Parse basedir if necessary.
# Parse fixed args if necessary.
case "${CMD}" in
download|upload)
download|devsign|sign|upload)
BASEDIR="${1:-}"
shift ||:
if [[ -z "${BASEDIR}" ]]; then
usage
fi
if [[ -d "${BASEDIR}" && ! -O "${BASEDIR}" ]]; then
echo "Fixing ownership of ${BASEDIR}..."
sudo chown -R "${USER}" "${BASEDIR}"
;;
esac
case "${CMD}" in
devsign|sign)
SIGDIR="${1:-}"
shift ||:
if [[ -z "${SIGDIR}" ]]; then
usage
fi
;;
esac
# Sync SIGDIR exactly once.
case "${CMD}" in
devsign|sign)
echo "Updating ${SIGDIR}..."
git -C "${SIGDIR}" pull -r
;;
esac
# Walk argument pairs.
while [[ $# > 0 ]]; do
c="$1"

3
update_chroot
View File

@ -233,6 +233,9 @@ if [ "${FLAGS_workon}" -eq "${FLAGS_TRUE}" ]; then
done
fi
# XXX: Work around a rename; delete this after SDKs contain the new package.
sudo -E ${EMERGE_CMD} --rage-clean app-crypt/sbsigntool dev-util/cargo 2>/dev/null || :
# Second pass, update everything else.
EMERGE_FLAGS+=( --deep )
info "Updating all SDK packages"