mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2026-01-21 16:32:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

2345.1.0

Browse Source
This commit is contained in:
Flatcar Buildbot 2020-01-15 12:23:18 +01:00 committed by Kai Lüke
parent 7b88b8d4c9
commit 499628c0d0
No known key found for this signature in database
GPG Key ID: E5601DA3A1D902A8
51 changed files with 552 additions and 329 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
bootstrap_sdk
View File

@ -33,7 +33,7 @@
SCRIPT_ROOT=$(dirname $(readlink -f "$0"))
. "${SCRIPT_ROOT}/common.sh" || exit 1
TYPE="coreos-sdk"
TYPE="flatcar-sdk"
. "${BUILD_LIBRARY_DIR}/catalyst.sh" || exit 1
@ -63,7 +63,7 @@ catalyst_init "$@"
check_gsutil_opts
if [[ "$STAGES" =~ stage4 ]]; then
info "Setting release to ${COREOS_VERSION}"
info "Setting release to ${FLATCAR_VERSION}"
rm -rf "${TEMPDIR}/stage4_overlay"
# need to setup the lib->lib64 symlink correctly
libdir=$(get_sdk_libdir)

2
build_docker_aci
View File

@ -94,7 +94,7 @@ case "${version}" in
"/usr/bin/docker-containerd-shim"
"/usr/bin/docker-proxy"
"/usr/bin/docker-runc"
"/usr/lib/coreos/dockerd"
"/usr/lib/flatcar/dockerd"
)
ebuild_aci_create "users.developer.core-os.net/skim/docker" \
"coreos_docker-${BOARD}-${version}_coreos.${aci_version}" \

26
build_image
View File

@ -166,16 +166,16 @@ fix_mtab
if [[ "${CONTAINER}" -eq 1 ]]; then
IMAGE_BUILD_TYPE="container"
create_dev_container "${COREOS_DEVELOPER_CONTAINER_NAME}" "${CONTAINER_LAYOUT}" "${FLAGS_group}" ${FLAGS_base_dev_pkg}
create_dev_container "${FLATCAR_DEVELOPER_CONTAINER_NAME}" "${CONTAINER_LAYOUT}" "${FLAGS_group}" ${FLAGS_base_dev_pkg}
fi
if [[ "${PROD_IMAGE}" -eq 1 ]]; then
IMAGE_BUILD_TYPE="prod"
create_prod_image ${COREOS_PRODUCTION_IMAGE_NAME} ${DISK_LAYOUT} ${FLAGS_group} ${FLAGS_base_pkg}
create_prod_image ${FLATCAR_PRODUCTION_IMAGE_NAME} ${DISK_LAYOUT} ${FLAGS_group} ${FLAGS_base_pkg}
if [[ ${FLAGS_generate_update} -eq ${FLAGS_TRUE} ]]; then
generate_update "${COREOS_PRODUCTION_IMAGE_NAME}" ${DISK_LAYOUT}
generate_update "${FLATCAR_PRODUCTION_IMAGE_NAME}" ${DISK_LAYOUT}
elif [[ ${FLAGS_extract_update} -eq ${FLAGS_TRUE} ]]; then
extract_update "${COREOS_PRODUCTION_IMAGE_NAME}" "${DISK_LAYOUT}"
extract_update "${FLATCAR_PRODUCTION_IMAGE_NAME}" "${DISK_LAYOUT}"
fi
fi
@ -186,15 +186,15 @@ then
fi
# Write out a version.txt file, this will be used by image_to_vm.sh
split_ver "${COREOS_VERSION_ID}" SPLIT
split_ver "${FLATCAR_VERSION_ID}" SPLIT
tee "${BUILD_DIR}/version.txt" <<EOF
COREOS_BUILD=${SPLIT[0]}
COREOS_BRANCH=${SPLIT[1]}
COREOS_PATCH=${SPLIT[2]}
COREOS_VERSION=${COREOS_VERSION}
COREOS_VERSION_ID=${COREOS_VERSION_ID}
COREOS_BUILD_ID="${COREOS_BUILD_ID}"
COREOS_SDK_VERSION=${COREOS_SDK_VERSION}
FLATCAR_BUILD=${SPLIT[0]}
FLATCAR_BRANCH=${SPLIT[1]}
FLATCAR_PATCH=${SPLIT[2]}
FLATCAR_VERSION=${FLATCAR_VERSION}
FLATCAR_VERSION_ID=${FLATCAR_VERSION_ID}
FLATCAR_BUILD_ID="${FLATCAR_BUILD_ID}"
FLATCAR_SDK_VERSION=${FLATCAR_SDK_VERSION}
EOF
upload_image "${BUILD_DIR}/version.txt"
@ -220,7 +220,7 @@ EOF
# Print out the images we generated.
if [[ "${PROD_IMAGE}" -eq 1 ]]; then
echo "CoreOS Production image created as ${COREOS_PRODUCTION_IMAGE_NAME}"
echo "Flatcar Production image created as ${FLATCAR_PRODUCTION_IMAGE_NAME}"
print_image_to_vm
fi

37
build_library/build_image_util.sh
View File

@ -12,7 +12,7 @@
# Use canonical path since some tools (e.g. mount) do not like symlinks.
# Append build attempt to output directory.
if [ -z "${FLAGS_version}" ]; then
IMAGE_SUBDIR="${FLAGS_group}-${COREOS_VERSION}-a${FLAGS_build_attempt}"
IMAGE_SUBDIR="${FLAGS_group}-${FLATCAR_VERSION}-a${FLAGS_build_attempt}"
else
IMAGE_SUBDIR="${FLAGS_group}-${FLAGS_version}"
fi
@ -66,7 +66,7 @@ extract_update() {
zip_update_tools() {
# There isn't a 'dev' variant of this zip, so always call it production.
local update_zip="coreos_production_update.zip"
local update_zip="flatcar_production_update.zip"
info "Generating update tools zip"
# Make sure some vars this script needs are exported
@ -103,6 +103,8 @@ generate_update() {
run_ldconfig() {
local root_fs_dir=$1
case ${ARCH} in
arm64)
sudo qemu-aarch64 "${root_fs_dir}"/usr/sbin/ldconfig -r "${root_fs_dir}";;
x86|amd64)
sudo ldconfig -r "${root_fs_dir}";;
*)
@ -113,6 +115,8 @@ run_ldconfig() {
run_localedef() {
local root_fs_dir="$1" loader=()
case ${ARCH} in
arm64)
loader=( qemu-aarch64 -L "${root_fs_dir}" );;
amd64)
loader=( "${root_fs_dir}/usr/lib64/ld-linux-x86-64.so.2" \
--library-path "${root_fs_dir}/usr/lib64" );;
@ -456,13 +460,14 @@ finish_image() {
# Only enable rootfs verification on supported boards.
case "${FLAGS_board}" in
amd64-usr) verity_offset=64 ;;
arm64-usr) verity_offset=512 ;;
*) disable_read_write=${FLAGS_FALSE} ;;
esac
# Copy kernel to support dm-verity boots
sudo mkdir -p "${root_fs_dir}/boot/coreos"
sudo mkdir -p "${root_fs_dir}/boot/flatcar"
sudo cp "${root_fs_dir}/usr/boot/vmlinuz" \
"${root_fs_dir}/boot/coreos/vmlinuz-a"
"${root_fs_dir}/boot/flatcar/vmlinuz-a"
# Record directories installed to the state partition.
# Explicitly ignore entries covered by existing configs.
@ -483,14 +488,14 @@ finish_image() {
# Create first-boot flag for grub and Ignition
info "Writing first-boot flag"
sudo_clobber "${root_fs_dir}/boot/coreos/first_boot" <<EOF
sudo_clobber "${root_fs_dir}/boot/flatcar/first_boot" <<EOF
If this file exists, Ignition will run and then delete the file.
EOF
fi
if [[ -n "${FLAGS_developer_data}" ]]; then
local data_path="/usr/share/coreos/developer_data"
local unit_path="usr-share-coreos-developer_data"
local data_path="/usr/share/flatcar/developer_data"
local unit_path="usr-share-flatcar-developer_data"
sudo cp "${FLAGS_developer_data}" "${root_fs_dir}/${data_path}"
systemd_enable "${root_fs_dir}" system-config.target \
"system-cloudinit@.service" "system-cloudinit@${unit_path}.service"
@ -527,9 +532,10 @@ EOF
# Magic alert! Root hash injection works by writing the hash value to a
# known unused SHA256-sized location in the kernel image.
# For amd64 the rdev error message is used.
# For arm64 an area between the EFI headers and the kernel text is used.
# Our modified GRUB extracts the hash and adds it to the cmdline.
printf %s "$(cat ${BUILD_DIR}/${image_name%.bin}_verity.txt)" | \
sudo dd of="${root_fs_dir}/boot/coreos/vmlinuz-a" conv=notrunc \
sudo dd of="${root_fs_dir}/boot/flatcar/vmlinuz-a" conv=notrunc \
seek=${verity_offset} count=64 bs=1 status=none
fi
@ -537,22 +543,22 @@ EOF
if [[ ${COREOS_OFFICIAL:-0} -ne 1 ]]; then
sudo sbsign --key /usr/share/sb_keys/DB.key \
--cert /usr/share/sb_keys/DB.crt \
"${root_fs_dir}/boot/coreos/vmlinuz-a"
sudo mv "${root_fs_dir}/boot/coreos/vmlinuz-a.signed" \
"${root_fs_dir}/boot/coreos/vmlinuz-a"
"${root_fs_dir}/boot/flatcar/vmlinuz-a"
sudo mv "${root_fs_dir}/boot/flatcar/vmlinuz-a.signed" \
"${root_fs_dir}/boot/flatcar/vmlinuz-a"
fi
if [[ -n "${image_kernel}" ]]; then
# copying kernel from vfat so ignore the permissions
cp --no-preserve=mode \
"${root_fs_dir}/boot/coreos/vmlinuz-a" \
"${root_fs_dir}/boot/flatcar/vmlinuz-a" \
"${BUILD_DIR}/${image_kernel}"
fi
if [[ -n "${pcr_policy}" ]]; then
mkdir -p "${BUILD_DIR}/pcrs"
${BUILD_LIBRARY_DIR}/generate_kernel_hash.sh \
"${root_fs_dir}/boot/coreos/vmlinuz-a" ${COREOS_VERSION} \
"${root_fs_dir}/boot/flatcar/vmlinuz-a" ${FLATCAR_VERSION} \
>"${BUILD_DIR}/pcrs/kernel.config"
fi
@ -564,6 +570,9 @@ EOF
if [[ "${install_grub}" -eq 1 ]]; then
local target
local target_list="i386-pc x86_64-efi x86_64-xen"
if [[ ${BOARD} == "arm64-usr" ]]; then
target_list="arm64-efi"
fi
local grub_args=()
if [[ ${disable_read_write} -eq ${FLAGS_TRUE} ]]; then
grub_args+=(--verity)
@ -587,7 +596,7 @@ EOF
if [[ -n "${pcr_policy}" ]]; then
${BUILD_LIBRARY_DIR}/generate_grub_hashes.py \
"${disk_img}" /usr/lib/grub/ "${BUILD_DIR}/pcrs" ${COREOS_VERSION}
"${disk_img}" /usr/lib/grub/ "${BUILD_DIR}/pcrs" ${FLATCAR_VERSION}
info "Generating $pcr_policy"
pushd "${BUILD_DIR}" >/dev/null

6
build_library/catalyst.sh
View File

@ -12,7 +12,7 @@
: ${TYPE:="coreos-sdk"}
: ${ARCH:=$(get_sdk_arch)}
: ${DEFAULT_CATALYST_ROOT:="${DEFAULT_BUILD_ROOT}/catalyst"}
: ${DEFAULT_SEED:=${COREOS_SDK_TARBALL_PATH}}
: ${DEFAULT_SEED:=${FLATCAR_SDK_TARBALL_PATH}}
: ${DEFAULT_PROFILE:=$(get_sdk_profile)}
# Set to something like "stage4" to restrict what to build
# FORCE_STAGES=
@ -34,7 +34,7 @@ DEFINE_string coreos_overlay "${SRC_ROOT}/third_party/coreos-overlay" \
"Path to the coreos-overlay git checkout."
DEFINE_string seed_tarball "${DEFAULT_SEED}" \
"Path to an existing stage tarball to start from."
DEFINE_string version "${COREOS_VERSION}" \
DEFINE_string version "${FLATCAR_VERSION}" \
"Version to use for portage snapshot and stage tarballs."
DEFINE_string profile "${DEFAULT_PROFILE}" \
"Portage profile, may be prefixed with repo:"
@ -196,7 +196,7 @@ catalyst_init() {
DISTDIR="$CATALYST_ROOT/distfiles"
# automatically download the current SDK if it is the seed tarball.
if [[ "$FLAGS_seed_tarball" == "${COREOS_SDK_TARBALL_PATH}" ]]; then
if [[ "$FLAGS_seed_tarball" == "${FLATCAR_SDK_TARBALL_PATH}" ]]; then
sdk_download_tarball
fi

5
build_library/catalyst_toolchains.sh
View File

@ -35,6 +35,11 @@ build_target_toolchain() {
# --root is required because run_merge overrides ROOT=
PORTAGE_CONFIGROOT="$ROOT" \
run_merge -u --root="$ROOT" --sysroot="$ROOT" "${TOOLCHAIN_PKGS[@]}"
export clst_myemergeopts="$( echo "$clst_myemergeopts" | sed -e 's/--newuse//' )"
PORTAGE_CONFIGROOT="$ROOT" \
run_merge --root="$ROOT" --sysroot="$ROOT" dev-lang/rust
}
configure_crossdev_overlay / /tmp/crossdev

50
build_library/check_root
View File

@ -29,11 +29,39 @@ IGNORE_MISSING = {
SonameAtom("x86_64", "libc.so.6")],
# RPATHs and symlinks apparently confuse the perl-5.24 package
"dev-lang/perl": [SonameAtom("x86_64", "libperl.so.5.26.2")],
"sys-apps/texinfo": [SonameAtom("x86_64", "libperl.so.5.26")],
"dev-lang/perl": [SonameAtom("arm_64", "libperl.so.5.26.2"),
SonameAtom("x86_64", "libperl.so.5.26.2")],
"dev-perl/XML-Parser": [SonameAtom("x86_64", "libc.so.6"),
SonameAtom("x86_64", "libexpat.so.1")],
"dev-perl/libintl-perl": [SonameAtom("x86_64", "libc.so.6")],
"dev-util/boost-build": [SonameAtom("x86_64", "libc.so.6")],
"net-dns/dnsmasq": [SonameAtom("x86_64", "libc.so.6")],
"sys-apps/texinfo": [SonameAtom("x86_64", "libc.so.6"),
SonameAtom("x86_64", "libperl.so.5.26")],
# https://bugs.gentoo.org/show_bug.cgi?id=554582
"net-firewall/ebtables": [SonameAtom("x86_64", "libebt_802_3.so"),
"net-firewall/ebtables": [SonameAtom("arm_64", "libebt_802_3.so"),
SonameAtom("arm_64", "libebt_among.so"),
SonameAtom("arm_64", "libebt_arp.so"),
SonameAtom("arm_64", "libebt_arpreply.so"),
SonameAtom("arm_64", "libebt_ip.so"),
SonameAtom("arm_64", "libebt_ip6.so"),
SonameAtom("arm_64", "libebt_limit.so"),
SonameAtom("arm_64", "libebt_log.so"),
SonameAtom("arm_64", "libebt_mark.so"),
SonameAtom("arm_64", "libebt_mark_m.so"),
SonameAtom("arm_64", "libebt_nat.so"),
SonameAtom("arm_64", "libebt_nflog.so"),
SonameAtom("arm_64", "libebt_pkttype.so"),
SonameAtom("arm_64", "libebt_redirect.so"),
SonameAtom("arm_64", "libebt_standard.so"),
SonameAtom("arm_64", "libebt_stp.so"),
SonameAtom("arm_64", "libebt_ulog.so"),
SonameAtom("arm_64", "libebt_vlan.so"),
SonameAtom("arm_64", "libebtable_broute.so"),
SonameAtom("arm_64", "libebtable_filter.so"),
SonameAtom("arm_64", "libebtable_nat.so"),
SonameAtom("x86_64", "libebt_802_3.so"),
SonameAtom("x86_64", "libebt_among.so"),
SonameAtom("x86_64", "libebt_arp.so"),
SonameAtom("x86_64", "libebt_arpreply.so"),
@ -56,13 +84,23 @@ IGNORE_MISSING = {
SonameAtom("x86_64", "libebtable_nat.so")],
# Ignore the Rust libraries in their own libdir.
"dev-libs/rustlib": [SonameAtom("x86_64", "librustc_data_structures.so"),
"dev-libs/rustlib": [SonameAtom("arm_64", "librustc_data_structures.so"),
SonameAtom("arm_64", "librustc_errors.so"),
SonameAtom("arm_64", "libserialize.so"),
SonameAtom("arm_64", "libstd.so"),
SonameAtom("arm_64", "libsyntax.so"),
SonameAtom("arm_64", "libsyntax_pos.so"),
SonameAtom("arm_64", "libterm.so"),
SonameAtom("x86_64", "librustc_data_structures.so"),
SonameAtom("x86_64", "librustc_errors.so"),
SonameAtom("x86_64", "libserialize.so"),
SonameAtom("x86_64", "libstd.so"),
SonameAtom("x86_64", "libsyntax.so"),
SonameAtom("x86_64", "libsyntax_pos.so"),
SonameAtom("x86_64", "libterm.so")],
"sys-kernel/coreos-modules": [SonameAtom("x86_64", "libc.so.6"),
SonameAtom("x86_64", "libcrypto.so.1.0.0")],
}
USR_LINKS = ("/bin/", "/sbin/", "/lib/", "/lib32/", "/lib64/")
@ -88,7 +126,9 @@ IGNORE_SYMLINK = (
b"/etc/motd",
# Other
b"/etc/lsb-release" # set later in the build process
b"/etc/lsb-release", # set later in the build process
b"/usr/share/coreos", # set later in the build process
b"/etc/coreos" # set later in the build process
)

4
build_library/configure_bootloaders.sh
View File

@ -45,11 +45,11 @@ configure_pvgrub() {
sudo_clobber "${GRUB_DIR}/menu.lst.A" <<EOF
timeout 0
title CoreOS A Root
title Flatcar A Root
root (hd0,0)
kernel /syslinux/vmlinuz.A ${grub_args} ${slot_a_args}
title CoreOS B Root
title Flatcar B Root
root (hd0,0)
kernel /syslinux/vmlinuz.B ${grub_args} ${slot_b_args}
EOF

6
build_library/dev_container_util.sh
View File

@ -15,7 +15,7 @@ configure_dev_portage() {
sudo mkdir -p "$1/etc/portage/repos.conf"
sudo_clobber "$1/etc/portage/make.conf" <<EOF
# make.conf for CoreOS dev images
# make.conf for Flatcar dev images
ARCH=$(get_board_arch $BOARD)
CHOST=$(get_board_chost $BOARD)
@ -25,8 +25,8 @@ PKGDIR="/var/lib/portage/pkgs"
PORT_LOGDIR="/var/log/portage"
PORTDIR="/var/lib/portage/portage-stable"
PORTDIR_OVERLAY="/var/lib/portage/coreos-overlay"
PORTAGE_BINHOST="http://builds.developer.core-os.net/boards/${BOARD}/${COREOS_VERSION_ID}/pkgs/
http://builds.developer.core-os.net/boards/${BOARD}/${COREOS_VERSION_ID}/toolchain/"
PORTAGE_BINHOST="http://builds.developer.core-os.net/boards/${BOARD}/${FLATCAR_VERSION_ID}/pkgs/
http://builds.developer.core-os.net/boards/${BOARD}/${FLATCAR_VERSION_ID}/toolchain/"
EOF
sudo_clobber "$1/etc/portage/repos.conf/coreos.conf" <<EOF

12
build_library/disk_layout.json
View File

@ -26,7 +26,7 @@
"3":{
"label":"USR-A",
"uuid":"7130c94a-213a-4e5a-8e26-6cce9662f132",
"type":"coreos-rootfs",
"type":"flatcar-rootfs",
"blocks":"2097152",
"fs_blocks":"260094",
"fs_type":"ext2",
@ -36,7 +36,7 @@
"4":{
"label":"USR-B",
"uuid":"e03dd35c-7c2d-4a47-b3fe-27f15780a57c",
"type":"coreos-rootfs",
"type":"flatcar-rootfs",
"blocks":"2097152",
"fs_blocks":"262144"
},
@ -56,18 +56,18 @@
},
"7":{
"label":"OEM-CONFIG",
"type":"coreos-reserved",
"type":"flatcar-reserved",
"blocks":"131072"
},
"8":{
"type":"blank",
"label":"coreos-reserved",
"label":"flatcar-reserved",
"blocks":"0"
},
"9":{
"label":"ROOT",
"fs_label":"ROOT",
"type":"coreos-resize",
"type":"flatcar-resize",
"blocks":"4427776",
"fs_type":"ext4",
"mount":"/"
@ -131,7 +131,7 @@
"label":"ROOT",
"fs_label":"ROOT",
"type":"4f68bce3-e8cd-4db1-96e7-fbcaf984b709",
"blocks":"8388608"
"blocks":"12582912"
}
},
"interoute":{

2
build_library/disk_util
View File

@ -401,7 +401,7 @@ def FormatExt(part, device):
if 'fs_label' in part:
tune_cmd += ['-L', part['fs_label']]
if part['type'] == 'coreos-usr':
if part['type'] == 'flatcar-usr':
tune_cmd += ['-U', 'clear',
'-T', '20091119110000',
'-c', '0', '-i', '0', # Disable auto fsck

7
build_library/ebuild_aci_util.sh
View File

@ -2,7 +2,7 @@
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
# Expects BOARD, BUILD_DIR, BUILD_LIBRARY_DIR, and COREOS_VERSION in env.
# Expects BOARD, BUILD_DIR, BUILD_LIBRARY_DIR, and FLATCAR_VERSION in env.
# Copied from create_prod_image()
create_ebuild_aci_image() {
@ -40,6 +40,7 @@ ebuild_aci_write_manifest() {
case "${BOARD}" in
amd64-usr) appc_arch=amd64 ;;
arm64-usr) appc_arch=aarch64 ;;
*) die_notrace "Cannot map \"${BOARD}\" to an appc arch" ;;
esac
@ -59,7 +60,7 @@ ebuild_aci_create() {
local extra_version="${1?No extra version number given}"; shift
local pkg_files=( "${@}" )
local staging_image="coreos_pkg_staging_aci_stage.bin"
local staging_image="flatcar_pkg_staging_aci_stage.bin"
local ebuild_atom="=${pkg}-${version}"
@ -78,7 +79,7 @@ ebuild_aci_create() {
ebuild_aci_write_manifest \
"${aciroot}/manifest" \
"${aci_name}" \
"${version}_coreos.${extra_version}"
"${version}_flatcar.${extra_version}"
local pkg_files_in_rootfs=( "${pkg_files[@]/#/rootfs}" )

30
build_library/generate_grub_hashes.py
View File

@ -19,9 +19,9 @@ with open(filename, "rb") as f:
corelen = bytearray(diskboot)[508] | bytearray(diskboot)[509] << 8
f.seek(bootoffset+512)
core = f.read(corelen * 512)
hashes = {"4": {"binaryvalues": [{"values": [{"value": hashlib.sha1(boot).hexdigest(), "description": "CoreOS Grub boot.img %s" % version}]}]},
"8": {"binaryvalues" : [{"values": [{"value": hashlib.sha1(diskboot).hexdigest(), "description": "CoreOS Grub diskboot.img %s" % version}]}]},
"9": {"binaryvalues": [{"values": [{"value": hashlib.sha1(core).hexdigest(), "description": "CoreOS Grub core.img %s" % version}]}]}}
hashes = {"4": {"binaryvalues": [{"values": [{"value": hashlib.sha1(boot).hexdigest(), "description": "Flatcar Grub boot.img %s" % version}]}]},
"8": {"binaryvalues" : [{"values": [{"value": hashlib.sha1(diskboot).hexdigest(), "description": "Flatcar Grub diskboot.img %s" % version}]}]},
"9": {"binaryvalues": [{"values": [{"value": hashlib.sha1(core).hexdigest(), "description": "Flatcar Grub core.img %s" % version}]}]}}
with open(os.path.join(outputdir, "grub_loader.config"), "w") as f:
f.write(json.dumps(hashes, sort_keys=True))
@ -33,25 +33,25 @@ for folder, subs, files in os.walk(grubdir):
with open(os.path.join(folder, filename), "rb") as f:
mod = f.read()
value = hashlib.sha1(mod).hexdigest()
description = "CoreOS Grub %s %s" % (filename, version)
description = "Flatcar Grub %s %s" % (filename, version)
hashvalues.append({"value": value, "description": description})
with open(os.path.join(outputdir, "grub_modules.config"), "w") as f:
f.write(json.dumps({"9": {"binaryvalues": [{"prefix": "grub_module", "values": hashvalues}]}}))
with open(os.path.join(outputdir, "kernel_cmdline.config"), "w") as f:
f.write(json.dumps({"8": {"asciivalues": [{"prefix": "grub_kernel_cmdline", "values": [{"value": "rootflags=rw mount.usrflags=ro BOOT_IMAGE=/coreos/vmlinuz-[ab] mount.usr=PARTUUID=\S{36} rootflags=rw mount.usrflags=ro consoleblank=0 root=LABEL=ROOT (console=\S+)? (coreos.autologin=\S+)? verity.usrhash=\\S{64}", "description": "CoreOS kernel command line %s" % version}]}]}}))
f.write(json.dumps({"8": {"asciivalues": [{"prefix": "grub_kernel_cmdline", "values": [{"value": "rootflags=rw mount.usrflags=ro BOOT_IMAGE=/flatcar/vmlinuz-[ab] mount.usr=PARTUUID=\S{36} rootflags=rw mount.usrflags=ro consoleblank=0 root=LABEL=ROOT (console=\S+)? (flatcar.autologin=\S+)? verity.usrhash=\\S{64}", "description": "Flatcar kernel command line %s" % version}]}]}}))
commands = [{"value": '\[.*\]', "description": "CoreOS Grub configuration %s" % version},
{"value": 'gptprio.next -d usr -u usr_uuid', "description": "CoreOS Grub configuration %s" % version},
{"value": 'insmod all_video', "description": "CoreOS Grub configuration %s" % version},
{"value": 'linux /coreos/vmlinuz-[ab] rootflags=rw mount.usrflags=ro consoleblank=0 root=LABEL=ROOT (console=\S+)? (coreos.autologin=\S+)?', "description": "CoreOS Grub configuration %s" % version},
{"value": 'menuentry CoreOS \S+ --id=coreos\S* {', "description": "CoreOS Grub configuration %s" % version},
{"value": 'search --no-floppy --set randomize_disk_guid --disk-uuid 00000000-0000-0000-0000-000000000001', "description": "CoreOS Grub configuration %s" % version},
{"value": 'search --no-floppy --set oem --part-label OEM --hint hd0,gpt1', "description": "CoreOS Grub configuration %s" % version},
{"value": 'set .+', "description": "CoreOS Grub configuration %s" % version},
{"value": 'setparams CoreOS default', "description": "CoreOS Grub configuration %s" % version},
{"value": 'source (hd0,gpt6)/grub.cfg', "description": "CoreOS Grub configuration %s" % version}]
commands = [{"value": '\[.*\]', "description": "Flatcar Grub configuration %s" % version},
{"value": 'gptprio.next -d usr -u usr_uuid', "description": "Flatcar Grub configuration %s" % version},
{"value": 'insmod all_video', "description": "Flatcar Grub configuration %s" % version},
{"value": 'linux /flatcar/vmlinuz-[ab] rootflags=rw mount.usrflags=ro consoleblank=0 root=LABEL=ROOT (console=\S+)? (flatcar.autologin=\S+)?', "description": "Flatcar Grub configuration %s" % version},
{"value": 'menuentry Flatcar \S+ --id=flatcar\S* {', "description": "Flatcar Grub configuration %s" % version},
{"value": 'search --no-floppy --set randomize_disk_guid --disk-uuid 00000000-0000-0000-0000-000000000001', "description": "Flatcar Grub configuration %s" % version},
{"value": 'search --no-floppy --set oem --part-label OEM --hint hd0,gpt1', "description": "Flatcar Grub configuration %s" % version},
{"value": 'set .+', "description": "Flatcar Grub configuration %s" % version},
{"value": 'setparams Flatcar default', "description": "Flatcar Grub configuration %s" % version},
{"value": 'source (hd0,gpt6)/grub.cfg', "description": "Flatcar Grub configuration %s" % version}]
with open(os.path.join(outputdir, "grub_commands.config"), "w") as f:
f.write(json.dumps({"8": {"asciivalues": [{"prefix": "grub_cmd", "values": commands}]}}))

2
build_library/generate_kernel_hash.sh
View File

@ -10,4 +10,4 @@ version=sys.argv[2]
with open(path, "rb") as f:
kernel = f.read()
print json.dumps({"9": {"binaryvalues": [{"prefix": "grub_linux", "values": [{"value": hashlib.sha1(kernel).hexdigest(), "description": "coreos-%s" % version}]}]}})
print json.dumps({"9": {"binaryvalues": [{"prefix": "grub_linux", "values": [{"value": hashlib.sha1(kernel).hexdigest(), "description": "flatcar-%s" % version}]}]}})

51
build_library/grub.cfg
View File

@ -1,17 +1,17 @@
# Main GRUB config
# Set the prefix back to the correct value after we're done with memdisk
set prefix=($root)/coreos/grub
set prefix=($root)/flatcar/grub
# Load any and all video drivers.
# Required under UEFI to boot Linux with a working console.
insmod all_video
# Default menuentry id and boot timeout
set default="coreos"
set default="flatcar"
set timeout=1
# Default kernel args for root filesystem, console, and CoreOS.
# Default kernel args for root filesystem, console, and Flatcar.
set linux_root="root=LABEL=ROOT"
set linux_console=""
set first_boot=""
@ -66,20 +66,20 @@ if [ "$secure_boot" = "0" ]; then
fi
# Determine if this is a first boot.
if [ -f "($root)/coreos/first_boot" ]; then
set first_boot="coreos.first_boot=detected"
if [ -f "($root)/flatcar/first_boot" ]; then
set first_boot="flatcar.first_boot=detected"
fi
# Determine if the disk GUID needs to be randomized.
search --no-floppy --set randomize_disk_guid \
--disk-uuid 00000000-0000-0000-0000-000000000001
if [ -n "$randomize_disk_guid" ]; then
set randomize_disk_guid="coreos.randomize_disk_guid=00000000-0000-0000-0000-000000000001"
set randomize_disk_guid="flatcar.randomize_disk_guid=00000000-0000-0000-0000-000000000001"
fi
set oem=""
if [ -n "$oem_id" ]; then
set oem="coreos.oem.id=$oem_id"
set oem="flatcar.oem.id=$oem_id"
fi
# If no specific console has been set by the OEM then select based on
@ -91,21 +91,32 @@ if [ -z "$linux_console" ]; then
terminal_input console serial_com0
terminal_output console serial_com0
elif [ "$grub_platform" = efi ]; then
set linux_console="console=ttyS0,115200n8 console=tty0"
if [ "$grub_cpu" = arm64 ]; then
set linux_console="console=ttyAMA0,115200n8"
else
set linux_console="console=ttyS0,115200n8 console=tty0"
fi
elif [ "$grub_platform" = xen ]; then
set linux_console="console=hvc0"
fi
fi
set extra_options=""
if [ "$grub_cpu" = arm64 ]; then
set extra_options="acpi=force"
fi
set suf=""
# UEFI uses linuxefi/initrdefi instead of linux/initrd
# UEFI uses linuxefi/initrdefi instead of linux/initrd except for arm64
if [ "$grub_platform" = efi ]; then
set suf="efi"
if [ "$grub_cpu" != arm64 ]; then
set suf="efi"
fi
fi
# Assemble the options applicable to all the kernels below
set linux_cmdline="rootflags=rw mount.usrflags=ro consoleblank=0 $linux_root $linux_console $first_boot $randomize_disk_guid $oem $linux_append"
set linux_cmdline="rootflags=rw mount.usrflags=ro consoleblank=0 $linux_root $linux_console $first_boot $randomize_disk_guid $extra_options $oem $linux_append"
# Re-implement grub_abort() since no command exposes it.
function abort {
@ -122,28 +133,28 @@ function gptprio {
if [ $? -ne 0 -o -z "$usr_uuid" ]; then
echo
echo "Reading or updating the GPT failed!"
echo "Please file a bug with any messages above to CoreOS:"
echo " https://issues.coreos.com"
echo "Please file a bug with any messages above to Flatcar:"
echo " https://issues.flatcar-linux.org"
abort
fi
set gptprio_cmdline="@@MOUNTUSR@@=PARTUUID=$usr_uuid"
if [ "$usr_uuid" = "7130c94a-213a-4e5a-8e26-6cce9662f132" ]; then
set gptprio_kernel="/coreos/vmlinuz-a"
set gptprio_kernel="/flatcar/vmlinuz-a"
else
set gptprio_kernel="/coreos/vmlinuz-b"
set gptprio_kernel="/flatcar/vmlinuz-b"
fi
}
menuentry "CoreOS default" --id=coreos --unrestricted {
menuentry "Flatcar default" --id=flatcar --unrestricted {
gptprio
linux$suf $gptprio_kernel $gptprio_cmdline $linux_cmdline
}
menuentry "CoreOS USR-A" --id=coreos-a {
linux$suf /coreos/vmlinuz-a @@MOUNTUSR@@=PARTLABEL=USR-A $linux_cmdline
menuentry "Flatcar USR-A" --id=flatcar-a {
linux$suf /flatcar/vmlinuz-a @@MOUNTUSR@@=PARTLABEL=USR-A $linux_cmdline
}
menuentry "CoreOS USR-B" --id=coreos-b {
linux$suf /coreos/vmlinuz-b @@MOUNTUSR@@=PARTLABEL=USR-B $linux_cmdline
menuentry "Flatcar USR-B" --id=flatcar-b {
linux$suf /flatcar/vmlinuz-b @@MOUNTUSR@@=PARTLABEL=USR-B $linux_cmdline
}

36
build_library/grub_install.sh
View File

@ -36,8 +36,8 @@ switch_to_strict_mode
. "${BUILD_LIBRARY_DIR}/toolchain_util.sh" || exit 1
. "${BUILD_LIBRARY_DIR}/board_options.sh" || exit 1
# Our GRUB lives under coreos/grub so new pygrub versions cannot find grub.cfg
GRUB_DIR="coreos/grub/${FLAGS_target}"
# Our GRUB lives under flatcar/grub so new pygrub versions cannot find grub.cfg
GRUB_DIR="flatcar/grub/${FLAGS_target}"
# GRUB install location inside the SDK
GRUB_SRC="/usr/lib/grub/${FLAGS_target}"
@ -48,6 +48,10 @@ CORE_MODULES=( normal search test fat part_gpt search_fs_uuid gzio search_part_l
# Name of the core image, depends on target
CORE_NAME=
# Whether the SDK's grub or the board root's grub is used. Once amd64 is
# fixed up the board root's grub will always be used.
BOARD_GRUB=0
case "${FLAGS_target}" in
i386-pc)
CORE_MODULES+=( biosdisk serial )
@ -60,11 +64,21 @@ case "${FLAGS_target}" in
x86_64-xen)
CORE_NAME="core.elf"
;;
arm64-efi)
CORE_MODULES+=( serial linux efi_gop getenv smbios efinet verify http tftp )
CORE_NAME="core.efi"
BOARD_GRUB=1
;;
*)
die_notrace "Unknown GRUB target ${FLAGS_target}"
;;
esac
if [[ $BOARD_GRUB -eq 1 ]]; then
info "Updating GRUB in ${BOARD_ROOT}"
emerge-${BOARD} --nodeps --select -qugKN sys-boot/grub
GRUB_SRC="${BOARD_ROOT}/usr/lib/grub/${FLAGS_target}"
fi
[[ -d "${GRUB_SRC}" ]] || die "GRUB not installed at ${GRUB_SRC}"
# In order for grub-setup-bios to properly detect the layout of the disk
@ -138,7 +152,7 @@ EOF
# this because we need conflicting default behaviors between verity and
# non-verity images.
GRUB_TEMP_DIR=$(mktemp -d)
if [[ ! -f "${ESP_DIR}/coreos/grub/grub.cfg.tar" ]]; then
if [[ ! -f "${ESP_DIR}/flatcar/grub/grub.cfg.tar" ]]; then
info "Generating grub.cfg memdisk"
if [[ ${FLAGS_verity} -eq ${FLAGS_TRUE} ]]; then
@ -152,7 +166,7 @@ if [[ ! -f "${ESP_DIR}/coreos/grub/grub.cfg.tar" ]]; then
sed 's/@@MOUNTUSR@@/mount.usr/' > "${GRUB_TEMP_DIR}/grub.cfg"
fi
sudo tar cf "${ESP_DIR}/coreos/grub/grub.cfg.tar" \
sudo tar cf "${ESP_DIR}/flatcar/grub/grub.cfg.tar" \
-C "${GRUB_TEMP_DIR}" "grub.cfg"
fi
@ -162,7 +176,7 @@ sudo grub-mkimage \
--format "${FLAGS_target}" \
--directory "${GRUB_SRC}" \
--config "${ESP_DIR}/${GRUB_DIR}/load.cfg" \
--memdisk "${ESP_DIR}/coreos/grub/grub.cfg.tar" \
--memdisk "${ESP_DIR}/flatcar/grub/grub.cfg.tar" \
--output "${ESP_DIR}/${GRUB_DIR}/${CORE_NAME}" \
"${CORE_MODULES[@]}"
@ -216,6 +230,18 @@ case "${FLAGS_target}" in
sudo cp "${BUILD_LIBRARY_DIR}/menu.lst" \
"${ESP_DIR}/boot/grub/menu.lst"
;;
arm64-efi)
info "Installing default arm64 UEFI bootloader."
sudo mkdir -p "${ESP_DIR}/EFI/boot"
#FIXME(andrejro): shim not ported to aarch64
sudo cp "${ESP_DIR}/${GRUB_DIR}/${CORE_NAME}" \
"${ESP_DIR}/EFI/boot/bootaa64.efi"
if [[ -n "${FLAGS_copy_efi_grub}" ]]; then
# copying from vfat so ignore permissions
cp --no-preserve=mode "${ESP_DIR}/EFI/boot/bootaa64.efi" \
"${FLAGS_copy_efi_grub}"
fi
;;
esac
cleanup

16
build_library/modify_image_util.sh
View File

@ -14,7 +14,7 @@ start_modify_image() {
FLAGS_from="$(readlink -f "${FLAGS_from}")"
fi
local src_image="${FLAGS_from}/${COREOS_PRODUCTION_IMAGE_NAME}"
local src_image="${FLAGS_from}/${FLATCAR_PRODUCTION_IMAGE_NAME}"
if [[ ! -f "${src_image}" ]]; then
die_notrace "Source image does not exist: ${src_image}"
fi
@ -24,7 +24,7 @@ start_modify_image() {
die_notrace "Source version info does not exist: ${FLAGS_from}/version.txt"
fi
source "${FLAGS_from}/version.txt"
COREOS_VERSION_STRING="${COREOS_VERSION}"
FLATCAR_VERSION_STRING="${FLATCAR_VERSION}"
# Load after version.txt to set the correct output paths
. "${BUILD_LIBRARY_DIR}/toolchain_util.sh"
@ -44,7 +44,7 @@ start_modify_image() {
fi
# Create the output directory and temporary mount points.
DST_IMAGE="${BUILD_DIR}/${COREOS_PRODUCTION_IMAGE_NAME}"
DST_IMAGE="${BUILD_DIR}/${FLATCAR_PRODUCTION_IMAGE_NAME}"
ROOT_FS_DIR="${BUILD_DIR}/rootfs"
mkdir -p "${ROOT_FS_DIR}"
@ -52,10 +52,10 @@ start_modify_image() {
cp "${src_image}" "${DST_IMAGE}"
# Copy all extra useful things, these do not need to be modified.
local update_prefix="${COREOS_PRODUCTION_IMAGE_NAME%_image.bin}_update"
local production_prefix="${COREOS_PRODUCTION_IMAGE_NAME%.bin}"
local container_prefix="${COREOS_DEVELOPER_CONTAINER_NAME%.bin}"
local pcr_data="${COREOS_PRODUCTION_IMAGE_NAME%.bin}_pcr_policy.zip"
local update_prefix="${FLATCAR_PRODUCTION_IMAGE_NAME%_image.bin}_update"
local production_prefix="${FLATCAR_PRODUCTION_IMAGE_NAME%.bin}"
local container_prefix="${FLATCAR_DEVELOPER_CONTAINER_NAME%.bin}"
local pcr_data="${FLATCAR_PRODUCTION_IMAGE_NAME%.bin}_pcr_policy.zip"
EXTRA_FILES=(
"version.txt"
"${update_prefix}.bin"
@ -64,7 +64,7 @@ start_modify_image() {
"${production_prefix}_contents.txt"
"${production_prefix}_packages.txt"
"${production_prefix}_kernel_config.txt"
"${COREOS_DEVELOPER_CONTAINER_NAME}"
"${FLATCAR_DEVELOPER_CONTAINER_NAME}"
"${container_prefix}_contents.txt"
"${container_prefix}_packages.txt"
)

7
build_library/oem_aci_util.sh
View File

@ -2,7 +2,7 @@
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
# Expects BOARD, BUILD_DIR, BUILD_LIBRARY_DIR, and COREOS_VERSION in env.
# Expects BOARD, BUILD_DIR, BUILD_LIBRARY_DIR, and FLATCAR_VERSION in env.
# There must be a manifest template included with the ebuild at
# files/manifest.in, which will have some variable values substituted before
@ -74,13 +74,14 @@ oem_aci_write_manifest() {
case "${BOARD}" in
amd64-usr) appc_arch=amd64 ;;
arm64-usr) appc_arch=aarch64 ;;
*) die_notrace "Cannot map \"${BOARD}\" to an appc arch" ;;
esac
sudo cp "${manifest_template}" "${manifest}"
sudo sed "${manifest}" -i \
-e "s,@ACI_NAME@,${name}," \
-e "s,@ACI_VERSION@,${COREOS_VERSION}," \
-e "s,@ACI_VERSION@,${FLATCAR_VERSION}," \
-e "s,@ACI_ARCH@,${appc_arch},"
}
@ -112,7 +113,7 @@ oem_aci_create() {
"coreos.com/oem-${oem}"
# Write a tar ACI file containing the manifest and mounted rootfs contents.
sudo tar -C "${aciroot}" -czf "${BUILD_DIR}/coreos-oem-${oem}.aci" \
sudo tar -C "${aciroot}" -czf "${BUILD_DIR}/flatcar-oem-${oem}.aci" \
manifest rootfs
# Unmount the staging image, and delete it to save space.

7
build_library/prod_image_util.sh
View File

@ -85,7 +85,7 @@ create_prod_image() {
# Assert that if this is supposed to be an official build that the
# official update keys have been used.
if [[ ${COREOS_OFFICIAL:-0} -eq 1 ]]; then
if [[ ${COREOS_OFFICIAL:-0} -eq 1 && "${BOARD}" != arm64-usr ]]; then
grep -q official \
"${root_fs_dir}"/var/db/pkg/coreos-base/coreos-au-key-*/USE \
|| die_notrace "coreos-au-key is missing the 'official' use flag"
@ -141,8 +141,11 @@ EOF
"${BUILD_DIR}/${image_kernel}"
"${BUILD_DIR}/${image_pcr_policy}"
"${BUILD_DIR}/${image_grub}"
"${BUILD_DIR}/${image_shim}"
"${BUILD_DIR}/${image_kconfig}"
)
# FIXME(bgilbert): no shim on arm64
if [[ -f "${BUILD_DIR}/${image_shim}" ]]; then
to_upload+=("${BUILD_DIR}/${image_shim}")
fi
upload_image -d "${BUILD_DIR}/${image_name}.bz2.DIGESTS" "${to_upload[@]}"
}

23
build_library/qemu_template.sh
View File

@ -21,6 +21,7 @@ SAFE_ARGS=0
USAGE="Usage: $0 [-a authorized_keys] [--] [qemu options...]
Options:
-i FILE File containing an Ignition config
(needs \"-append 'flatcar.first_boot=1'\" for already-booted or PXE images)
-u FILE Cloudinit user-data as either a cloud config or script.
-c FILE Config drive as an iso or fat filesystem image.
-a FILE SSH public keys for login access. [~/.ssh/id_{dsa,rsa}.pub]
@ -33,7 +34,8 @@ The -a option may be used to specify a particular ssh public key to give
login access to. If -a is not provided ~/.ssh/id_{dsa,rsa}.pub is used.
If no public key is provided or found the VM will still boot but you may
be unable to login unless you built the image yourself after setting a
password for the core user with the 'set_shared_user_password.sh' script.
password for the core user with the 'set_shared_user_password.sh' script
or provide the option \"-append 'flatcar.autologin'\".
Any arguments after -a and -p will be passed through to qemu, -- may be
used as an explicit separator. See the qemu(1) man page for more details.
@ -153,6 +155,10 @@ else
set -- -machine accel=kvm -cpu host -smp "${VM_NCPUS}" "$@" ;;
amd64-usr+*)
set -- -machine pc-q35-2.8 -cpu kvm64 -smp 1 -nographic "$@" ;;
arm64-usr+aarch64)
set -- -machine virt,accel=kvm,gic-version=3 -cpu host -smp "${VM_NCPUS}" -nographic "$@" ;;
arm64-usr+*)
set -- -machine virt -cpu cortex-a57 -smp 1 -nographic "$@" ;;
*)
die "Unsupported arch" ;;
esac
@ -173,6 +179,10 @@ if [ -n "${VM_IMAGE}" ]; then
case "${VM_BOARD}" in
amd64-usr)
set -- -drive if=virtio,file="${SCRIPT_DIR}/${VM_IMAGE}" "$@" ;;
arm64-usr)
set -- -drive if=none,id=blk,file="${SCRIPT_DIR}/${VM_IMAGE}" \
-device virtio-blk-device,drive=blk "$@"
;;
*) die "Unsupported arch" ;;
esac
fi
@ -201,7 +211,7 @@ if [ -n "${VM_PFLASH_RO}" ] && [ -n "${VM_PFLASH_RW}" ]; then
fi
if [ -n "${IGNITION_CONFIG_FILE}" ]; then
set -- -fw_cfg name=opt/com.coreos/config,file="${IGNITION_CONFIG_FILE}" "$@"
set -- -fw_cfg name=opt/org.flatcar-linux/config,file="${IGNITION_CONFIG_FILE}" "$@"
fi
case "${VM_BOARD}" in
@ -215,6 +225,15 @@ case "${VM_BOARD}" in
-object rng-random,filename=/dev/urandom,id=rng0 -device virtio-rng-pci,rng=rng0 \
"$@"
;;
arm64-usr)
qemu-system-aarch64 \
-name "$VM_NAME" \
-m ${VM_MEMORY} \
-netdev user,id=eth0,hostfwd=tcp::"${SSH_PORT}"-:22,hostname="${VM_NAME}" \
-device virtio-net-device,netdev=eth0 \
-object rng-random,filename=/dev/urandom,id=rng0 -device virtio-rng-pci,rng=rng0 \
"$@"
;;
*) die "Unsupported arch" ;;
esac

23
build_library/release_util.sh
View File

@ -11,8 +11,8 @@ UPLOAD_DEFAULT=${FLAGS_FALSE}
# Default upload root can be overridden from the environment.
_user="${USER}"
[[ ${USER} == "root" ]] && _user="${SUDO_USER}"
: ${COREOS_UPLOAD_ROOT:=gs://users.developer.core-os.net/${_user}}
: ${COREOS_TORCX_UPLOAD_ROOT:=${COREOS_UPLOAD_ROOT}/torcx}
: ${FLATCAR_UPLOAD_ROOT:=gs://users.developer.core-os.net/${_user}}
: ${FLATCAR_TORCX_UPLOAD_ROOT:=${FLATCAR_UPLOAD_ROOT}/torcx}
unset _user
IMAGE_ZIPPER="lbzip2 --compress --keep"
@ -22,7 +22,7 @@ DEFINE_boolean parallel ${FLAGS_TRUE} \
"Enable parallelism in gsutil."
DEFINE_boolean upload ${UPLOAD_DEFAULT} \
"Upload all packages/images via gsutil."
DEFINE_string upload_root "${COREOS_UPLOAD_ROOT}" \
DEFINE_string upload_root "${FLATCAR_UPLOAD_ROOT}" \
"Upload prefix, board/version/etc will be appended. Must be a gs:// URL."
DEFINE_string upload_path "" \
"Full upload path, overrides --upload_root. Must be a full gs:// URL."
@ -30,7 +30,7 @@ DEFINE_string download_root "" \
"HTTP download prefix, board/version/etc will be appended."
DEFINE_string download_path "" \
"HTTP download path, overrides --download_root."
DEFINE_string torcx_upload_root "${COREOS_TORCX_UPLOAD_ROOT}" \
DEFINE_string torcx_upload_root "${FLATCAR_TORCX_UPLOAD_ROOT}" \
"Tectonic torcx package and manifest Upload prefix. Must be a gs:// URL."
DEFINE_string tectonic_torcx_download_root "" \
"HTTP download prefix for tectonic torcx packages and manifests."
@ -155,7 +155,7 @@ upload_packages() {
[[ -n "${BOARD}" ]] || die "board_options.sh must be sourced first"
local board_packages="${1:-"${BOARD_ROOT}/packages"}"
local def_upload_path="${UPLOAD_ROOT}/boards/${BOARD}/${COREOS_VERSION}"
local def_upload_path="${UPLOAD_ROOT}/boards/${BOARD}/${FLATCAR_VERSION}"
sign_and_upload_files packages ${def_upload_path} "pkgs/" \
"${board_packages}"/*
}
@ -214,7 +214,7 @@ upload_image() {
fi
local log_msg=$(basename "$digests" .DIGESTS)
local def_upload_path="${UPLOAD_ROOT}/boards/${BOARD}/${COREOS_VERSION}"
local def_upload_path="${UPLOAD_ROOT}/boards/${BOARD}/${FLATCAR_VERSION}"
sign_and_upload_files "${log_msg}" "${def_upload_path}" "" "${uploads[@]}"
}
@ -229,18 +229,21 @@ download_image_url() {
local download_root="${FLAGS_download_root:-${UPLOAD_ROOT}}"
local download_path
local download_channel
if [[ -n "${FLAGS_download_path}" ]]; then
download_path="${FLAGS_download_path%%/}"
elif [[ "${download_root}" = *release.core-os.net* ]]; then
elif [[ "${download_root}" == *flatcar-jenkins* ]]; then
download_channel="${download_root##*/}"
download_root="gs://${download_channel}.release.flatcar-linux.net"
# Official release download paths don't include the boards directory
download_path="${download_root%%/}/${BOARD}/${COREOS_VERSION}"
download_path="${download_root%%/}/${BOARD}/${FLATCAR_VERSION}"
else
download_path="${download_root%%/}/boards/${BOARD}/${COREOS_VERSION}"
download_path="${download_root%%/}/boards/${BOARD}/${FLATCAR_VERSION}"
fi
# Just in case download_root was set from UPLOAD_ROOT
if [[ "${download_path}" == gs://* ]]; then
download_path="http://${download_path#gs://}"
download_path="https://${download_path#gs://}"
fi
echo "${download_path}/$1"

51
build_library/set_lsb_release
View File

@ -25,52 +25,59 @@ ROOT_FS_DIR="$FLAGS_root"
[ -n "$ROOT_FS_DIR" ] || die "--root is required."
[ -d "$ROOT_FS_DIR" ] || die "Root FS does not exist? ($ROOT_FS_DIR)"
OS_NAME="Container Linux by CoreOS"
OS_NAME="Flatcar Container Linux by Kinvolk"
OS_CODENAME="Rhyolite"
OS_ID="coreos"
OS_PRETTY_NAME="$OS_NAME $COREOS_VERSION (${OS_CODENAME})"
OS_ID="flatcar"
OS_ID_LIKE="coreos"
OS_PRETTY_NAME="$OS_NAME $FLATCAR_VERSION (${OS_CODENAME})"
COREOS_APPID="{e96281a6-d1af-4bde-9a0a-97b76e56dc57}"
# temporarily point arm at a different appid until update support
# is completed in update_engine and the CoreUpdate service.
FLATCAR_APPID="{e96281a6-d1af-4bde-9a0a-97b76e56dc57}"
if [[ "${FLAGS_board}" == arm64-* ]]; then
FLATCAR_APPID="{103867da-e3a2-4c92-b0b3-7fbd7f7d8b71}"
fi
# DISTRIB_* are the standard lsb-release names
sudo mkdir -p "${ROOT_FS_DIR}/usr/share/coreos" "${ROOT_FS_DIR}/etc/coreos"
sudo_clobber "${ROOT_FS_DIR}/usr/share/coreos/lsb-release" <<EOF
sudo mkdir -p "${ROOT_FS_DIR}/usr/share/flatcar" "${ROOT_FS_DIR}/etc/flatcar"
sudo_clobber "${ROOT_FS_DIR}/usr/share/flatcar/lsb-release" <<EOF
DISTRIB_ID="$OS_NAME"
DISTRIB_RELEASE=$COREOS_VERSION
DISTRIB_RELEASE=$FLATCAR_VERSION
DISTRIB_CODENAME="$OS_CODENAME"
DISTRIB_DESCRIPTION="$OS_PRETTY_NAME"
EOF
sudo ln -sf "../usr/share/coreos/lsb-release" "${ROOT_FS_DIR}/etc/lsb-release"
sudo ln -sf "../usr/share/flatcar/lsb-release" "${ROOT_FS_DIR}/etc/lsb-release"
# And the new standard, os-release
# https://www.freedesktop.org/software/systemd/man/os-release.html
sudo_clobber "${ROOT_FS_DIR}/usr/lib/os-release" <<EOF
NAME="$OS_NAME"
ID=$OS_ID
VERSION=$COREOS_VERSION
VERSION_ID=$COREOS_VERSION_ID
BUILD_ID=$COREOS_BUILD_ID
ID_LIKE=$OS_ID_LIKE
VERSION=$FLATCAR_VERSION
VERSION_ID=$FLATCAR_VERSION_ID
BUILD_ID=$FLATCAR_BUILD_ID
PRETTY_NAME="$OS_PRETTY_NAME"
ANSI_COLOR="38;5;75"
HOME_URL="https://coreos.com/"
BUG_REPORT_URL="https://issues.coreos.com"
COREOS_BOARD="$FLAGS_board"
HOME_URL="https://flatcar-linux.org/"
BUG_REPORT_URL="https://issues.flatcar-linux.org"
FLATCAR_BOARD="$FLAGS_board"
EOF
sudo ln -sf "../usr/lib/os-release" "${ROOT_FS_DIR}/etc/os-release"
sudo ln -sf "../../lib/os-release" "${ROOT_FS_DIR}/usr/share/coreos/os-release"
sudo ln -sf "../../lib/os-release" "${ROOT_FS_DIR}/usr/share/flatcar/os-release"
# Create the defaults for the coreos configuration files in the usr directory
sudo_clobber "${ROOT_FS_DIR}/usr/share/coreos/release" <<EOF
COREOS_RELEASE_VERSION=$COREOS_VERSION
COREOS_RELEASE_BOARD=$FLAGS_board
COREOS_RELEASE_APPID=$COREOS_APPID
sudo_clobber "${ROOT_FS_DIR}/usr/share/flatcar/release" <<EOF
FLATCAR_RELEASE_VERSION=$FLATCAR_VERSION
FLATCAR_RELEASE_BOARD=$FLAGS_board
FLATCAR_RELEASE_APPID=$FLATCAR_APPID
EOF
sudo_clobber "${ROOT_FS_DIR}/usr/share/coreos/update.conf" <<EOF
SERVER=https://public.update.core-os.net/v1/update/
sudo_clobber "${ROOT_FS_DIR}/usr/share/flatcar/update.conf" <<EOF
SERVER=https://public.update.flatcar-linux.net/v1/update/
GROUP=$FLAGS_group
EOF
sudo_clobber "${ROOT_FS_DIR}/etc/coreos/update.conf" <<EOF
sudo_clobber "${ROOT_FS_DIR}/etc/flatcar/update.conf" <<EOF
GROUP=$FLAGS_group
EOF

1
build_library/test_image_content.sh
View File

@ -5,6 +5,7 @@
GLSA_WHITELIST=(
201412-09 # incompatible CA certificate version numbers
201908-14 # backported both CVE fixes
201904-13 # git
201909-01 # Perl, SDK only
201909-08 # backported fix
201911-01 # package too old to even have the affected USE flag

25
build_library/toolchain_util.sh
View File

@ -15,6 +15,7 @@ TOOLCHAIN_PKGS=(
# compiler to build a full native toolchain. Packages are not uploaded.
declare -A CROSS_PROFILES
CROSS_PROFILES["x86_64-cros-linux-gnu"]="coreos:coreos/amd64/generic"
CROSS_PROFILES["aarch64-cros-linux-gnu"]="coreos:coreos/arm64/generic"
# Map board names to CHOSTs and portage profiles. This is the
# definitive list, there is assorted code new and old that either
@ -23,6 +24,9 @@ declare -A BOARD_CHOSTS BOARD_PROFILES
BOARD_CHOSTS["amd64-usr"]="x86_64-cros-linux-gnu"
BOARD_PROFILES["amd64-usr"]="coreos:coreos/amd64/generic"
BOARD_CHOSTS["arm64-usr"]="aarch64-cros-linux-gnu"
BOARD_PROFILES["arm64-usr"]="coreos:coreos/arm64/generic"
BOARD_NAMES=( "${!BOARD_CHOSTS[@]}" )
# Declare the above globals as read-only to avoid accidental conflicts.
@ -139,14 +143,14 @@ get_board_binhost() {
shift
if [[ $# -eq 0 ]]; then
set -- "${COREOS_SDK_VERSION}" "${COREOS_VERSION_ID}"
set -- "${FLATCAR_SDK_VERSION}" "${FLATCAR_VERSION_ID}"
fi
for ver in "$@"; do
if [[ $toolchain_only -eq 0 ]]; then
echo "${COREOS_DEV_BUILDS}/boards/${board}/${ver}/pkgs/"
echo "${FLATCAR_DEV_BUILDS}/boards/${board}/${ver}/pkgs/"
fi
echo "${COREOS_DEV_BUILDS}/boards/${board}/${ver}/toolchain/"
echo "${FLATCAR_DEV_BUILDS}/boards/${board}/${ver}/toolchain/"
done
}
@ -168,12 +172,12 @@ get_sdk_libdir() {
get_sdk_binhost() {
local arch=$(get_sdk_arch) ver
if [[ $# -eq 0 ]]; then
set -- "${COREOS_SDK_VERSION}" "${COREOS_VERSION_ID}"
set -- "${FLATCAR_SDK_VERSION}" "${FLATCAR_VERSION_ID}"
fi
for ver in "$@"; do
echo "${COREOS_DEV_BUILDS}/sdk/${arch}/${ver}/pkgs/"
echo "${COREOS_DEV_BUILDS}/sdk/${arch}/${ver}/toolchain/"
echo "${FLATCAR_DEV_BUILDS}/sdk/${arch}/${ver}/pkgs/"
echo "${FLATCAR_DEV_BUILDS}/sdk/${arch}/${ver}/toolchain/"
done
}
@ -320,6 +324,15 @@ install_cross_toolchain() {
else
$sudo emerge "${emerge_flags[@]}" \
"cross-${cross_chost}/gdb" "${cross_pkgs[@]}"
if [ "${cross_chost}" = aarch64-cros-linux-gnu ]; then
# Here we need to take only the binary packages from the toolchain builds
# because the standard Rust packages don't include the arm64 cross target.
# Building from source is ok because the cross-compiler got installed.
FILTERED="$(echo $PORTAGE_BINHOST | tr ' ' '\n' | grep toolchain | xargs echo)"
# If no aarch64 folder exists, try to remove any existing Rust packages.
[ ! -d /usr/lib/rust-*/rustlib/aarch64-unknown-linux-gnu ] && ($sudo emerge -C dev-lang/rust || true)
$sudo PORTAGE_BINHOST="$FILTERED" emerge "${emerge_flags[@]}" dev-lang/rust
fi
fi
# Setup environment and wrappers for our shiny new toolchain

57
build_library/vm_image_util.sh
View File

@ -303,6 +303,9 @@ get_default_vm_type() {
amd64-usr)
echo "qemu"
;;
arm64-usr)
echo "qemu_uefi"
;;
*)
return 1
;;
@ -352,7 +355,7 @@ set_vm_paths() {
VM_TMP_DIR="${dst_dir}/${dst_name}.vmtmpdir"
VM_TMP_IMG="${VM_TMP_DIR}/disk_image.bin"
VM_TMP_ROOT="${VM_TMP_DIR}/rootfs"
VM_NAME="$(_src_to_dst_name "${src_name}" "")-${COREOS_VERSION}"
VM_NAME="$(_src_to_dst_name "${src_name}" "")-${FLATCAR_VERSION}"
VM_README="${dst_dir}/$(_src_to_dst_name "${src_name}" ".README")"
# Make VM_NAME safe for use as a hostname
@ -438,8 +441,8 @@ setup_disk_image() {
sudo mount -o remount,ro "${VM_TMP_ROOT}"
VM_GROUP=$(grep --no-messages --no-filename ^GROUP= \
"${VM_TMP_ROOT}/usr/share/coreos/update.conf" \
"${VM_TMP_ROOT}/etc/coreos/update.conf" | \
"${VM_TMP_ROOT}/usr/share/flatcar/update.conf" \
"${VM_TMP_ROOT}/etc/flatcar/update.conf" | \
tail -n 1 | sed -e 's/^GROUP=//')
if [[ -z "${VM_GROUP}" ]]; then
die "Unable to determine update group for this image."
@ -483,7 +486,7 @@ install_oem_package() {
install_oem_aci() {
local oem_aci=$(_get_vm_opt OEM_ACI)
local aci_dir="${FLAGS_to}/oem-${oem_aci}-aci"
local aci_path="${aci_dir}/coreos-oem-${oem_aci}.aci"
local aci_path="${aci_dir}/flatcar-oem-${oem_aci}.aci"
local binpkgflags=(--nogetbinpkg)
[ -n "${oem_aci}" ] || return 0
@ -503,7 +506,7 @@ install_oem_aci() {
info "Installing ${oem_aci} OEM ACI"
sudo install -Dpm 0644 \
"${aci_path}" \
"${VM_TMP_ROOT}/usr/share/oem/coreos-oem-${oem_aci}.aci" ||
"${VM_TMP_ROOT}/usr/share/oem/flatcar-oem-${oem_aci}.aci" ||
die "Could not install ${oem_aci} OEM ACI"
}
@ -593,8 +596,8 @@ _write_cpio_common() {
echo "/.noupdate f 444 root root echo -n" >"${VM_TMP_DIR}/extra"
# Set correct group for PXE/ISO, which has no writeable /etc
echo /usr/share/coreos/update.conf f 644 root root \
"sed -e 's/GROUP=.*$/GROUP=${VM_GROUP}/' ${base_dir}/share/coreos/update.conf" \
echo /usr/share/flatcar/update.conf f 644 root root \
"sed -e 's/GROUP=.*$/GROUP=${VM_GROUP}/' ${base_dir}/share/flatcar/update.conf" \
>> "${VM_TMP_DIR}/extra"
# Build the squashfs, embed squashfs into a gzipped cpio
@ -614,14 +617,15 @@ _write_cpio_disk() {
local grub_name="$(_dst_name "_grub.efi")"
_write_cpio_common $@
# Pull the kernel and loader out of the filesystem
cp "${base_dir}"/boot/coreos/vmlinuz-a "${dst_dir}/${vmlinuz_name}"
cp "${base_dir}"/boot/flatcar/vmlinuz-a "${dst_dir}/${vmlinuz_name}"
local grub_arch
case $BOARD in
amd64-usr) grub_arch="x86_64-efi" ;;
arm64-usr) grub_arch="arm64-efi" ;;
esac
cp "${base_dir}/boot/coreos/grub/${grub_arch}/core.efi" "${dst_dir}/${grub_name}"
cp "${base_dir}/boot/flatcar/grub/${grub_arch}/core.efi" "${dst_dir}/${grub_name}"
VM_GENERATED_FILES+=( "${dst_dir}/${vmlinuz_name}" "${dst_dir}/${grub_name}" )
}
@ -633,22 +637,22 @@ _write_iso_disk() {
mkdir "${iso_target}"
pushd "${iso_target}" >/dev/null
mkdir isolinux syslinux coreos
_write_cpio_common "$1" "${iso_target}/coreos/cpio.gz"
cp "${base_dir}"/boot/vmlinuz "${iso_target}/coreos/vmlinuz"
mkdir isolinux syslinux flatcar
_write_cpio_common "$1" "${iso_target}/flatcar/cpio.gz"
cp "${base_dir}"/boot/vmlinuz "${iso_target}/flatcar/vmlinuz"
cp -R /usr/share/syslinux/* isolinux/
cat<<EOF > isolinux/isolinux.cfg
INCLUDE /syslinux/syslinux.cfg
EOF
cat<<EOF > syslinux/syslinux.cfg
default coreos
default flatcar
prompt 1
timeout 15
label coreos
label flatcar
menu default
kernel /coreos/vmlinuz
append initrd=/coreos/cpio.gz coreos.autologin
kernel /flatcar/vmlinuz
append initrd=/flatcar/cpio.gz flatcar.autologin
EOF
mkisofs -v -l -r -J -o $2 -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table .
isohybrid $2
@ -715,6 +719,19 @@ _write_qemu_uefi_conf() {
cp "/usr/share/edk2-ovmf/OVMF_CODE.fd" "$(_dst_dir)/${flash_ro}"
cp "/usr/share/edk2-ovmf/OVMF_VARS.fd" "$(_dst_dir)/${flash_rw}"
;;
arm64-usr)
# Get edk2 files into local build workspace.
info "Updating edk2 in /build/${BOARD}"
emerge-${BOARD} --nodeps --select -qugN sys-firmware/edk2-aarch64
# Create 64MiB flash device image files.
dd if=/dev/zero bs=1M count=64 of="$(_dst_dir)/${flash_rw}" \
status=none
cp "/build/${BOARD}/usr/share/edk2-aarch64/QEMU_EFI.fd" \
"$(_dst_dir)/${flash_ro}.work"
truncate --reference="$(_dst_dir)/${flash_rw}" \
"$(_dst_dir)/${flash_ro}.work"
mv "$(_dst_dir)/${flash_ro}.work" "$(_dst_dir)/${flash_ro}"
;;
esac
sed -e "s%^VM_PFLASH_RO=.*%VM_PFLASH_RO='${flash_ro}'%" \
@ -1091,10 +1108,10 @@ EOF
cat >"${json}" <<EOF
{
"name": "coreos-${VM_GROUP}",
"description": "CoreOS ${VM_GROUP}",
"name": "flatcar-${VM_GROUP}",
"description": "Flatcar ${VM_GROUP}",
"versions": [{
"version": "${COREOS_VERSION_ID}",
"version": "${FLATCAR_VERSION_ID}",
"providers": [{
"name": "${provider}",
"url": "$(download_image_url "$(_dst_name ".box")")",
@ -1186,7 +1203,7 @@ vm_upload() {
cp "${digests}.asc" "${legacy_digests}.asc"
fi
local def_upload_path="${UPLOAD_ROOT}/boards/${BOARD}/${COREOS_VERSION}"
local def_upload_path="${UPLOAD_ROOT}/boards/${BOARD}/${FLATCAR_VERSION}"
upload_files "$(_dst_name)" "${def_upload_path}" "" "${legacy_uploads[@]}"
}

4
build_torcx_store
View File

@ -190,7 +190,7 @@ function torcx_package() {
fi
tmpfile="${BUILD_DIR}/${name}:${version}.torcx.tgz"
tar --force-local -C "${tmppkgroot}" -czf "${tmpfile}" .
tar --force-local --selinux --xattrs -C "${tmppkgroot}" -czf "${tmpfile}" .
sha512sum=$(sha512sum "${tmpfile}" | awk '{print $1}')
# TODO(euank): this opaque digest, if it were reproducible, could save
@ -277,7 +277,7 @@ done
# order to get signed.
sign_and_upload_files \
'torcx manifest' \
"${UPLOAD_ROOT}/torcx/manifests/${BOARD}/${COREOS_VERSION}" \
"${UPLOAD_ROOT}/torcx/manifests/${BOARD}/${FLATCAR_VERSION}" \
"" \
"${manifest_path}"

8
check_out_of_date.py
View File

@ -67,11 +67,11 @@ def process_emerge_output(eout):
def get_board_packages(board):
""" gets a list of packages used by a board. valid boards are amd64-usr, sdk, and bootstrap"""
""" gets a list of packages used by a board. valid boards are {arm,amd}64-usr, sdk, and bootstrap"""
emerge_args = "--emptytree --pretend --verbose --unordered-display"
if board == "sdk":
cmd = "emerge {} @system sdk-depends sdk-extras".format(emerge_args)
elif board == "amd64-usr":
elif board == "amd64-usr" or board == "arm64-usr":
cmd = "emerge-{} {} @system board-packages".format(board, emerge_args)
elif board == "bootstrap":
pkgs = exec_command_strict("/usr/lib64/catalyst/targets/stage1/build.py")
@ -92,6 +92,7 @@ def print_table(report, head, line_head, line_tail, tail, joiner, pkg_joiner):
"upstream": ["Upstream"],
"tag": "Tag",
"sdk": ["sdk"],
"arm64-usr": ["arm64-usr"],
"amd64-usr": ["amd64-usr"],
"bootstrap": ["bootstrap"],
"modified": "Modified"})
@ -102,6 +103,7 @@ def print_table(report, head, line_head, line_tail, tail, joiner, pkg_joiner):
pkg_joiner.join(entry.get("upstream",[])),
entry.get("tag",""),
pkg_joiner.join(entry.get("sdk", [])),
pkg_joiner.join(entry.get("arm64-usr", [])),
pkg_joiner.join(entry.get("amd64-usr", [])),
pkg_joiner.join(entry.get("bootstrap", [])),
entry.get("modified","")]) + line_tail)
@ -138,7 +140,7 @@ def main():
subprocess.check_call(["git", "-C", args.upstream_path, "pull"])
pkg_lists = {}
sources = ["sdk", "bootstrap", "amd64-usr", "image"]
sources = ["sdk", "bootstrap", "amd64-usr", "arm64-usr", "image"]
for i in sources:
pkg_lists[i] = get_board_packages(i)

56
common.sh
View File

@ -46,6 +46,9 @@ fi
# Turn on bash debug support if available for backtraces.
shopt -s extdebug 2>/dev/null
# Source qemu library path
. /etc/profile.d/qemu-aarch64.sh 2> /dev/null || true
# Output a backtrace all the way back to the raw invocation, suppressing
# only the _dump_trace frame itself.
_dump_trace() {
@ -233,7 +236,7 @@ get_gclient_root() {
# Populate the ENVIRONMENT_WHITELIST array.
load_environment_whitelist() {
ENVIRONMENT_WHITELIST=(
COREOS_BUILD_ID
FLATCAR_BUILD_ID
COREOS_OFFICIAL
GIT_AUTHOR_EMAIL
GIT_AUTHOR_NAME
@ -287,39 +290,39 @@ BUILD_LIBRARY_DIR="${SCRIPTS_DIR}/build_library"
REPO_CACHE_DIR="${REPO_ROOT}/.cache"
REPO_MANIFESTS_DIR="${REPO_ROOT}/.repo/manifests"
# Source COREOS_VERSION_ID from manifest.
# Source FLATCAR_VERSION_ID from manifest.
if [[ -f "${REPO_MANIFESTS_DIR}/version.txt" ]]; then
# The build id may be provided externally by the build system.
if [[ -n ${COREOS_BUILD_ID} ]]; then
if [[ -n ${FLATCAR_BUILD_ID} ]]; then
load_environment_var "${REPO_MANIFESTS_DIR}/version.txt" \
COREOS_VERSION_ID COREOS_SDK_VERSION
FLATCAR_VERSION_ID FLATCAR_SDK_VERSION
else
load_environment_var "${REPO_MANIFESTS_DIR}/version.txt" \
COREOS_VERSION_ID COREOS_BUILD_ID COREOS_SDK_VERSION
# Don't promote COREOS_BUILD_ID into an environment variable when it
FLATCAR_VERSION_ID FLATCAR_BUILD_ID FLATCAR_SDK_VERSION
# Don't promote FLATCAR_BUILD_ID into an environment variable when it
# didn't start as one, since we don't want it leaking into the SDK
# chroot environment via ENVIRONMENT_WHITELIST.
declare +x COREOS_BUILD_ID
declare +x FLATCAR_BUILD_ID
fi
: ${COREOS_BUILD_ID:=$(date +%Y-%m-%d-%H%M)}
: ${FLATCAR_BUILD_ID:=$(date +%Y-%m-%d-%H%M)}
elif [[ -f "${SCRIPT_LOCATION}/version.txt" ]]; then
# This only happens in update.zip where we must use the current build id.
load_environment_var "${SCRIPT_LOCATION}/version.txt" \
COREOS_VERSION_ID COREOS_BUILD_ID COREOS_SDK_VERSION
FLATCAR_VERSION_ID FLATCAR_BUILD_ID FLATCAR_SDK_VERSION
else
die "Unable to locate version.txt"
fi
# Official builds must set COREOS_OFFICIAL=1 to use an official version.
# Unofficial builds always appended the build identifier.
if [[ ${COREOS_OFFICIAL:-0} -ne 1 && -n "${COREOS_BUILD_ID}" ]]; then
COREOS_VERSION="${COREOS_VERSION_ID}+${COREOS_BUILD_ID}"
if [[ ${COREOS_OFFICIAL:-0} -ne 1 && -n "${FLATCAR_BUILD_ID}" ]]; then
FLATCAR_VERSION="${FLATCAR_VERSION_ID}+${FLATCAR_BUILD_ID}"
else
COREOS_VERSION="${COREOS_VERSION_ID}"
FLATCAR_VERSION="${FLATCAR_VERSION_ID}"
fi
# Compatibility alias
COREOS_VERSION_STRING="${COREOS_VERSION}"
FLATCAR_VERSION_STRING="${FLATCAR_VERSION}"
# Calculate what today's build version should be, used by release
# scripts to provide a reasonable default value. The value is the number
@ -328,7 +331,7 @@ readonly COREOS_EPOCH=1372636800
TODAYS_VERSION=$(( (`date +%s` - ${COREOS_EPOCH}) / 86400 ))
# Download URL prefix for SDK and board binary packages
: ${COREOS_DEV_BUILDS:=http://builds.developer.core-os.net}
: ${FLATCAR_DEV_BUILDS:=https://storage.googleapis.com/flatcar-jenkins}
# Load developer's custom settings. Default location is in scripts dir,
# since that's available both inside and outside the chroot. By convention,
@ -383,16 +386,15 @@ if [[ -f ${GCLIENT_ROOT}/src/scripts/.default_board ]]; then
die ".default_board: invalid name detected; please fix:" \
"'${DEFAULT_BOARD}'"
fi
elif [ -z "${DEFAULT_BOARD-}" ]; then
DEFAULT_BOARD=amd64-usr
fi
DEFAULT_BOARD="${DEFAULT_BOARD-amd64-usr}"
# Directory to store built images. Should be set by sourcing script when used.
BUILD_DIR=
# Standard filenames
COREOS_DEVELOPER_CONTAINER_NAME="coreos_developer_container.bin"
COREOS_PRODUCTION_IMAGE_NAME="coreos_production_image.bin"
FLATCAR_DEVELOPER_CONTAINER_NAME="flatcar_developer_container.bin"
FLATCAR_PRODUCTION_IMAGE_NAME="flatcar_production_image.bin"
# -----------------------------------------------------------------------------
# Functions
@ -928,10 +930,21 @@ BOAT
}
# The binfmt_misc support in the kernel is required.
# The aarch64 binaries should be executed through
# "/usr/bin/qemu-aarch64-static"
setup_qemu_static() {
local root_fs_dir="$1"
case "${BOARD}" in
amd64-usr) return 0;;
arm64-usr)
if [[ -f "${root_fs_dir}/sbin/ldconfig" ]]; then
sudo cp /usr/bin/qemu-aarch64 "${root_fs_dir}"/usr/bin/qemu-aarch64-static
echo export QEMU_LD_PREFIX=\"/build/arm64-usr/\" | sudo tee /etc/profile.d/qemu-aarch64.sh
. /etc/profile.d/qemu-aarch64.sh
else
die "Missing basic layout in target rootfs"
fi
;;
*) die "Unsupported arch" ;;
esac
}
@ -940,6 +953,13 @@ clean_qemu_static() {
local root_fs_dir="$1"
case "${BOARD}" in
amd64-usr) return 0;;
arm64-usr)
if [[ -f "${root_fs_dir}/usr/bin/qemu-aarch64-static" ]]; then
sudo rm "${root_fs_dir}"/usr/bin/qemu-aarch64-static
else
die "File not found"
fi
;;
*) die "Unsupported arch" ;;
esac
}

26
contrib/create-coreos-vdi
View File

@ -4,16 +4,16 @@ VERSION_ID=stable
USAGE="Usage: $0 [-V version] [-d /target/path]
Options:
-d DEST Create CoreOS VDI image to the given path.
-d DEST Create Flatcar VDI image to the given path.
-V VERSION Version to install (e.g. alpha) [default: ${VERSION_ID}]
-h This help
This tool creates a CoreOS VDI image to be used with VirtualBox.
This tool creates a Flatcar VDI image to be used with VirtualBox.
"
# Image signing key: buildbot@coreos.com
GPG_KEY_URL="https://coreos.com/security/image-signing-key/CoreOS_Image_Signing_Key.pem"
GPG_LONG_ID="50E0885593D2DCB4"
# Image signing key: buildbot@flatcar-linux.org
GPG_KEY_URL="https://flatcar-linux.org/security/image-signing-key/Flatcar_Image_Signing_Key.pem"
GPG_LONG_ID="E25D9AED0593B34A"
GPG_KEY="$(wget -qO- $GPG_KEY_URL)"
while getopts "V:d:a:h" OPTION
@ -52,15 +52,15 @@ WORKDIR="${DEST}/tmp.${RANDOM}"
mkdir "$WORKDIR"
trap "rm -rf '${WORKDIR}'" EXIT
RAW_IMAGE_NAME="coreos_production_image.bin"
RAW_IMAGE_NAME="flatcar_production_image.bin"
IMAGE_NAME="${RAW_IMAGE_NAME}.bz2"
DIGESTS_NAME="${IMAGE_NAME}.DIGESTS.asc"
case ${VERSION_ID} in
stable) BASE_URL="https://stable.release.core-os.net/amd64-usr/current" ;;
alpha) BASE_URL="https://alpha.release.core-os.net/amd64-usr/current" ;;
beta) BASE_URL="https://beta.release.core-os.net/amd64-usr/current" ;;
*) BASE_URL="https://alpha.release.core-os.net/amd64-usr/${VERSION_ID}" ;;
stable) BASE_URL="https://stable.release.flatcar-linux.net/amd64-usr/current" ;;
alpha) BASE_URL="https://alpha.release.flatcar-linux.net/amd64-usr/current" ;;
beta) BASE_URL="https://beta.release.flatcar-linux.net/amd64-usr/current" ;;
*) BASE_URL="https://alpha.release.flatcar-linux.net/amd64-usr/${VERSION_ID}" ;;
esac
IMAGE_URL="${BASE_URL}/${IMAGE_NAME}"
@ -77,12 +77,12 @@ if ! wget --spider --quiet "${DIGESTS_URL}"; then
exit 1
fi
# Gets CoreOS verion from version.txt file
# Gets Flatcar verion from version.txt file
VERSION_NAME="version.txt"
VERSION_URL="${BASE_URL}/${VERSION_NAME}"
wget --no-verbose -O "${WORKDIR}/${VERSION_NAME}" "${VERSION_URL}"
. "${WORKDIR}/${VERSION_NAME}"
VDI_IMAGE_NAME="coreos_production_${COREOS_BUILD}.${COREOS_BRANCH}.${COREOS_PATCH}.vdi"
VDI_IMAGE_NAME="flatcar_production_${FLATCAR_BUILD}.${FLATCAR_BRANCH}.${FLATCAR_PATCH}.vdi"
VDI_IMAGE="${DEST}/${VDI_IMAGE_NAME}"
# Setup GnuPG for verifying the image signature
@ -118,6 +118,6 @@ VBoxManage convertdd "${DOWN_IMAGE}" "${VDI_IMAGE}" --format VDI
rm -rf "${WORKDIR}"
trap - EXIT
echo "Success! CoreOS ${VERSION_ID} VDI image was created on ${VDI_IMAGE_NAME}"
echo "Success! Flatcar ${VERSION_ID} VDI image was created on ${VDI_IMAGE_NAME}"
# vim: ts=4 et

2
core_date
View File

@ -35,7 +35,7 @@ case "$1" in
v="$1"
shift
else
v="${COREOS_VERSION}"
v="${FLATCAR_VERSION}"
fi
# strip of a v prefix or .0.0 suffix

2
core_dev_sign_update
View File

@ -6,7 +6,7 @@ SCRIPT_ROOT=$(dirname $(readlink -f "$0"))
assert_inside_chroot
DEFINE_string data_dir "" "Directory containing downloaded release artifacts"
DEFINE_string board "amd64-usr" "Board to sign artifacts for"
DEFINE_string board "" "Board to sign artifacts for"
DEFINE_string version "" "Version to sign artifacts for"
DEFINE_integer n_signatures "2" "Number of signatures this release will be signed with"
DEFINE_string output_dir "" "Output directory"

2
core_pre_alpha
View File

@ -12,7 +12,7 @@ export GCLIENT_ROOT=$(readlink -f "${SCRIPT_ROOT}/../../")
DEFINE_string board "amd64-usr" \
"Board type of the image"
DEFINE_string version "${COREOS_VERSION}" \
DEFINE_string version "${FLATCAR_VERSION}" \
"Version number to promote."
DEFINE_string build_storage "gs://builds.release.core-os.net" \

2
core_roller_upload
View File

@ -14,7 +14,7 @@ DEFINE_string board "amd64-usr" \
"Board type of the image"
DEFINE_string payload "coreos_production_update.gz" \
"Path to the update payload"
DEFINE_string version "${COREOS_VERSION}" \
DEFINE_string version "${FLATCAR_VERSION}" \
"Version number of this build."
DEFINE_string app_id "e96281a6-d1af-4bde-9a0a-97b76e56dc57" \
"CoreOS AppId in roller."

6
image_inject_bootchain
View File

@ -28,7 +28,7 @@ DEFINE_string board "${DEFAULT_BOARD}" \
DEFINE_string disk_layout "base" \
"The disk layout type to use for this image."
DEFINE_string from "" \
"Directory containing ${COREOS_PRODUCTION_IMAGE_NAME}"
"Directory containing ${FLATCAR_PRODUCTION_IMAGE_NAME}"
DEFINE_string output_root "${DEFAULT_BUILD_ROOT}/images" \
"Directory in which to place image result directories (named by version)"
DEFINE_boolean replace ${FLAGS_FALSE} \
@ -74,12 +74,14 @@ do_copy() {
start_modify_image
if [[ -n "${FLAGS_kernel_path}" ]]; then
do_copy "${FLAGS_kernel_path}" "/boot/coreos/vmlinuz-a"
do_copy "${FLAGS_kernel_path}" "/boot/flatcar/vmlinuz-a"
fi
# FIXME(bgilbert): no shim on arm64
if [[ -n "${FLAGS_efi_grub_path}" ]]; then
case "${BOARD}" in
amd64-usr) image_name="grub.efi" ;;
arm64-usr) image_name="bootaa64.efi" ;;
*) die "GRUB filename not known for this board" ;;
esac

8
image_set_group
View File

@ -20,7 +20,7 @@ DEFINE_string board "${DEFAULT_BOARD}" \
DEFINE_string disk_layout "base" \
"The disk layout type to use for this image."
DEFINE_string from "" \
"Directory containing ${COREOS_PRODUCTION_IMAGE_NAME}"
"Directory containing ${FLATCAR_PRODUCTION_IMAGE_NAME}"
DEFINE_string output_root "${DEFAULT_BUILD_ROOT}/images" \
"Directory in which to place image result directories (named by version)"
DEFINE_boolean replace ${FLAGS_FALSE} \
@ -56,9 +56,9 @@ fi
start_modify_image
info "Replacing /etc/coreos/update.conf"
sudo mkdir -p "${ROOT_FS_DIR}/etc/coreos"
sudo_clobber "${ROOT_FS_DIR}/etc/coreos/update.conf" <<EOF
info "Replacing /etc/flatcar/update.conf"
sudo mkdir -p "${ROOT_FS_DIR}/etc/flatcar"
sudo_clobber "${ROOT_FS_DIR}/etc/flatcar/update.conf" <<EOF
GROUP=${FLAGS_group}
EOF

6
image_to_vm.sh
View File

@ -31,7 +31,7 @@ DEFINE_string board "${DEFAULT_BOARD}" \
DEFINE_string format "" \
"Output format, one of: ${VALID_IMG_TYPES[*]}"
DEFINE_string from "" \
"Directory containing coreos_production_image.bin."
"Directory containing flatcar_production_image.bin."
DEFINE_string disk_layout "" \
"The disk layout type to use for this image."
DEFINE_integer mem "${DEFAULT_MEM}" \
@ -102,10 +102,10 @@ FLAGS_to=`eval readlink -f $FLAGS_to`
# If source includes version.txt switch to its version information
if [ -f "${FLAGS_from}/version.txt" ]; then
source "${FLAGS_from}/version.txt"
COREOS_VERSION_STRING="${COREOS_VERSION}"
FLATCAR_VERSION_STRING="${FLATCAR_VERSION}"
fi
set_vm_paths "${FLAGS_from}" "${FLAGS_to}" "${COREOS_PRODUCTION_IMAGE_NAME}"
set_vm_paths "${FLAGS_from}" "${FLAGS_to}" "${FLATCAR_PRODUCTION_IMAGE_NAME}"
# Make sure things are cleaned up on failure
trap vm_cleanup EXIT

6
jenkins/formats-arm64-usr.txt Normal file
View File

@ -0,0 +1,6 @@
ami_vmdk
openstack
openstack_mini
packet
pxe
qemu_uefi

10
jenkins/images.sh
View File

@ -11,7 +11,7 @@ enter() {
verify_key=--verify-key=/etc/portage/gangue.asc
sudo ln -f "${GS_DEVEL_CREDS}" chroot/etc/portage/gangue.json
bin/cork enter --bind-gpg-agent=false -- env \
COREOS_DEV_BUILDS="${DOWNLOAD_ROOT}" \
FLATCAR_DEV_BUILDS="${DOWNLOAD_ROOT}" \
{FETCH,RESUME}COMMAND_GS="/usr/bin/gangue get \
--json-key=/etc/portage/gangue.json $verify_key \
"'"${URI}" "${DISTDIR}/${FILE}"' \
@ -23,14 +23,14 @@ script() {
}
source .repo/manifests/version.txt
export COREOS_BUILD_ID
export FLATCAR_BUILD_ID
# Set up GPG for signing uploads.
gpg --import "${GPG_SECRET_KEY_FILE}"
script setup_board \
--board="${BOARD}" \
--getbinpkgver="${COREOS_VERSION}" \
--getbinpkgver="${FLATCAR_VERSION}" \
--regen_configs_only
if [ "x${COREOS_OFFICIAL}" == x1 ]
@ -43,7 +43,7 @@ fi
# Retrieve this version's torcx manifest
mkdir -p torcx/pkgs
enter gsutil cp -r \
"${DOWNLOAD_ROOT}/torcx/manifests/${BOARD}/${COREOS_VERSION}/torcx_manifest.json"{,.sig} \
"${DOWNLOAD_ROOT}/torcx/manifests/${BOARD}/${FLATCAR_VERSION}/torcx_manifest.json"{,.sig} \
/mnt/host/source/torcx/
gpg --verify torcx/torcx_manifest.json.sig
@ -67,7 +67,7 @@ script build_image \
--board="${BOARD}" \
--group="${GROUP}" \
--getbinpkg \
--getbinpkgver="${COREOS_VERSION}" \
--getbinpkgver="${FLATCAR_VERSION}" \
--sign="${SIGNING_USER}" \
--sign_digests="${SIGNING_USER}" \
--torcx_manifest=/mnt/host/source/torcx/torcx_manifest.json \

8
jenkins/packages.sh
View File

@ -15,7 +15,7 @@ enter() {
bin/cork enter --bind-gpg-agent=false -- env \
CCACHE_DIR=/mnt/host/source/ccache \
CCACHE_MAXSIZE=5G \
COREOS_DEV_BUILDS="${DOWNLOAD_ROOT}" \
FLATCAR_DEV_BUILDS="${DOWNLOAD_ROOT}" \
{FETCH,RESUME}COMMAND_GS="/usr/bin/gangue get \
--json-key=/etc/portage/gangue.json $verify_key \
"'"${URI}" "${DISTDIR}/${FILE}"' \
@ -27,7 +27,7 @@ script() {
}
source .repo/manifests/version.txt
export COREOS_BUILD_ID
export FLATCAR_BUILD_ID
# Set up GPG for signing uploads.
gpg --import "${GPG_SECRET_KEY_FILE}"
@ -37,13 +37,13 @@ enter ccache --zero-stats
script setup_board \
--board="${BOARD}" \
--getbinpkgver=${RELEASE_BASE:-"${COREOS_VERSION}" --toolchainpkgonly} \
--getbinpkgver=${RELEASE_BASE:-"${FLATCAR_VERSION}" --toolchainpkgonly} \
--skip_chroot_upgrade \
--force
script build_packages \
--board="${BOARD}" \
--getbinpkgver=${RELEASE_BASE:-"${COREOS_VERSION}" --toolchainpkgonly} \
--getbinpkgver=${RELEASE_BASE:-"${FLATCAR_VERSION}" --toolchainpkgonly} \
--skip_chroot_upgrade \
--skip_torcx_store \
--sign="${SIGNING_USER}" \

2
jenkins/sdk.sh
View File

@ -5,7 +5,7 @@ enter() {
}
source .repo/manifests/version.txt
export COREOS_BUILD_ID
export FLATCAR_BUILD_ID
# Set up GPG for signing uploads.
gpg --import "${GPG_SECRET_KEY_FILE}"

2
jenkins/toolchains.sh
View File

@ -5,7 +5,7 @@ enter() {
}
source .repo/manifests/version.txt
export COREOS_BUILD_ID
export FLATCAR_BUILD_ID
# Set up GPG for signing uploads.
gpg --import "${GPG_SECRET_KEY_FILE}"

10
jenkins/vm.sh
View File

@ -11,7 +11,7 @@ enter() {
verify_key=--verify-key=/etc/portage/gangue.asc
sudo ln -f "${GS_DEVEL_CREDS}" chroot/etc/portage/gangue.json
bin/cork enter --bind-gpg-agent=false -- env \
COREOS_DEV_BUILDS="${GS_DEVEL_ROOT}" \
FLATCAR_DEV_BUILDS="${GS_DEVEL_ROOT}" \
{FETCH,RESUME}COMMAND_GS="/usr/bin/gangue get \
--json-key=/etc/portage/gangue.json $verify_key \
"'"${URI}" "${DISTDIR}/${FILE}"' \
@ -23,7 +23,7 @@ script() {
}
source .repo/manifests/version.txt
export COREOS_BUILD_ID
export FLATCAR_BUILD_ID
# Set up GPG for signing uploads.
gpg --import "${GPG_SECRET_KEY_FILE}"
@ -32,13 +32,13 @@ gpg --import "${GPG_SECRET_KEY_FILE}"
mkdir -p src tmp
bin/cork download-image \
--root="${UPLOAD_ROOT}/boards/${BOARD}/${COREOS_VERSION}" \
--root="${UPLOAD_ROOT}/boards/${BOARD}/${FLATCAR_VERSION}" \
--json-key="${GOOGLE_APPLICATION_CREDENTIALS}" \
--cache-dir=./src \
--platform=qemu \
--verify=true $verify_key
img=src/coreos_production_image.bin
img=src/flatcar_production_image.bin
[[ "${img}.bz2" -nt "${img}" ]] &&
enter lbunzip2 -k -f "/mnt/host/source/${img}.bz2"
@ -46,7 +46,7 @@ script image_to_vm.sh \
--board="${BOARD}" \
--format="${FORMAT}" \
--getbinpkg \
--getbinpkgver="${COREOS_VERSION}" \
--getbinpkgver="${FLATCAR_VERSION}" \
--from=/mnt/host/source/src \
--to=/mnt/host/source/tmp \
--sign="${SIGNING_USER}" \

2
lib/cros_vm_constants.sh
View File

@ -7,7 +7,7 @@
# Default values for creating VM's.
DEFAULT_MEM="1024"
DEFAULT_VMDK="ide.vmdk"
DEFAULT_VMX="coreos.vmx"
DEFAULT_VMX="flatcar.vmx"
DEFAULT_VBOX_DISK="os.vdi"
# Minimum sizes for full size vm images -- needed for update.

2
oem/generic/check_etag.sh
View File

@ -15,7 +15,7 @@ release=${1:-"alpha"}
# If the argument is in the form http* allow for watching an arbitrary location
if [[ $1 != http* ]]; then
url="https://${release}.release.core-os.net/amd64-usr/current/version.txt"
url="https://${release}.release.flatcar-linux.net/amd64-usr/current/version.txt"
else
url=$1
release=$(echo ${url} | sed -e 's/http:\/\///1' -e 's/\//-/g' )

23
oem/openstack/glance_load.sh
View File

@ -21,7 +21,7 @@ while [[ $# -gt 0 ]]; do
# For this convoluded trick, we take an arbitrary URL, chop it
# up, and try to turn it into usable input for the rest of the
# script. This is based on urls of the form:
# https://storage.core-os.net/coreos/amd64-usr/master/version.txt
# https://storage.flatcar-linux.net/coreos/amd64-usr/master/version.txt
# where the following sed expression extracts the "master"
# portion
baseurl="${1%/*}"
@ -34,6 +34,9 @@ while [[ $# -gt 0 ]]; do
amd64|amd64-usr)
board="amd64-usr"
;;
arm64|arm64-usr)
board="arm64-usr"
;;
*)
echo "Error: Unknown arg: $1"
exit 1
@ -43,11 +46,11 @@ while [[ $# -gt 0 ]]; do
done
if [[ -z "${baseurl}" ]]; then
baseurl="https://${release}.release.core-os.net/${board}/current"
baseurl="https://${release}.release.flatcar-linux.net/${board}/current"
fi
version_url="${baseurl}/version.txt"
image_url="${baseurl}/coreos_production_openstack_image.img.bz2"
image_url="${baseurl}/flatcar_production_openstack_image.img.bz2"
# use the following location as our local work space
tmplocation=$(mktemp -d /var/tmp/glanceload.XXX)
@ -57,25 +60,25 @@ curl --fail -s -L -O ${version_url}
. version.txt
# if we already have the image don't waste time
if glance image-show "CoreOS-${release}-v${COREOS_VERSION}"; then
if glance image-show "Flatcar-${release}-v${Flatcar_VERSION}"; then
echo "Image already exists."
rm -rf ${tmplocation}
exit
fi
coreosimg="coreos_${COREOS_VERSION}_openstack_image.img"
flatcarimg="flatcar_${FLATCAR_VERSION}_openstack_image.img"
# change the following line to reflect the image to be chosen, openstack
# is used by default
curl --fail -s -L ${image_url} | bunzip2 > ${coreosimg}
curl --fail -s -L ${image_url} | bunzip2 > ${flatcarimg}
# perform actual image creation
# here we set the os_release, os_verison, os_family, and os_distro variables
# for intelligent consumption of images by scripts
glance --os-image-api-version 1 image-create --name CoreOS-${release}-v${COREOS_VERSION} --progress \
--is-public true --property os_distro=coreos --property os_family=coreos \
--property os_version=${COREOS_VERSION} \
--disk-format qcow2 --container-format bare --min-disk 6 --file $coreosimg
glance --os-image-api-version 1 image-create --name Flatcar-${release}-v${FLATCAR_VERSION} --progress \
--is-public true --property os_distro=flatcar --property os_family=flatcar \
--property os_version=${FLATCAR_VERSION} \
--disk-format qcow2 --container-format bare --min-disk 6 --file $flatcarimg
# optionally, set --property os_release=${release} in the glance image-create
# command above and uncomment the two commands below to support searching by

30
sdk_lib/sdk_util.sh
View File

@ -5,13 +5,13 @@
# found in the LICENSE file.
# common.sh must be properly sourced before this file.
[[ -n "${COREOS_SDK_VERSION}" ]] || exit 1
[[ -n "${FLATCAR_SDK_VERSION}" ]] || exit 1
COREOS_SDK_ARCH="amd64" # We are unlikely to support anything else.
COREOS_SDK_TARBALL="coreos-sdk-${COREOS_SDK_ARCH}-${COREOS_SDK_VERSION}.tar.bz2"
COREOS_SDK_TARBALL_CACHE="${REPO_CACHE_DIR}/sdks"
COREOS_SDK_TARBALL_PATH="${COREOS_SDK_TARBALL_CACHE}/${COREOS_SDK_TARBALL}"
COREOS_SDK_URL="${COREOS_DEV_BUILDS}/sdk/${COREOS_SDK_ARCH}/${COREOS_SDK_VERSION}/${COREOS_SDK_TARBALL}"
FLATCAR_SDK_ARCH="amd64" # We are unlikely to support anything else.
FLATCAR_SDK_TARBALL="flatcar-sdk-${FLATCAR_SDK_ARCH}-${FLATCAR_SDK_VERSION}.tar.bz2"
FLATCAR_SDK_TARBALL_CACHE="${REPO_CACHE_DIR}/sdks"
FLATCAR_SDK_TARBALL_PATH="${FLATCAR_SDK_TARBALL_CACHE}/${FLATCAR_SDK_TARBALL}"
FLATCAR_SDK_URL="${FLATCAR_DEV_BUILDS}/sdk/${FLATCAR_SDK_ARCH}/${FLATCAR_SDK_VERSION}/${FLATCAR_SDK_TARBALL}"
# Download the current SDK tarball (if required) and verify digests/sig
sdk_download_tarball() {
@ -19,13 +19,13 @@ sdk_download_tarball() {
return 0
fi
info "Downloading ${COREOS_SDK_TARBALL}"
info "URL: ${COREOS_SDK_URL}"
info "Downloading ${FLATCAR_SDK_TARBALL}"
info "URL: ${FLATCAR_SDK_URL}"
local suffix
for suffix in "" ".DIGESTS"; do # TODO(marineam): download .asc
wget --tries=3 --timeout=30 --continue \
-O "${COREOS_SDK_TARBALL_PATH}${suffix}" \
"${COREOS_SDK_URL}${suffix}" \
-O "${FLATCAR_SDK_TARBALL_PATH}${suffix}" \
"${FLATCAR_SDK_URL}${suffix}" \
|| die_notrace "SDK download failed!"
done
@ -34,21 +34,21 @@ sdk_download_tarball() {
}
sdk_verify_digests() {
if [[ ! -f "${COREOS_SDK_TARBALL_PATH}" || \
! -f "${COREOS_SDK_TARBALL_PATH}.DIGESTS" ]]; then
if [[ ! -f "${FLATCAR_SDK_TARBALL_PATH}" || \
! -f "${FLATCAR_SDK_TARBALL_PATH}.DIGESTS" ]]; then
return 1
fi
# TODO(marineam): Add gpg signature verification too.
verify_digests "${COREOS_SDK_TARBALL_PATH}" || return 1
verify_digests "${FLATCAR_SDK_TARBALL_PATH}" || return 1
}
sdk_clean_cache() {
pushd "${COREOS_SDK_TARBALL_CACHE}" >/dev/null
pushd "${FLATCAR_SDK_TARBALL_CACHE}" >/dev/null
local filename
for filename in *; do
if [[ "${filename}" == "${COREOS_SDK_TARBALL}"* ]]; then
if [[ "${filename}" == "${FLATCAR_SDK_TARBALL}"* ]]; then
continue
fi
info "Cleaning up ${filename}"

19
setup_board
View File

@ -27,6 +27,8 @@ DEFINE_boolean getbinpkg "${FLAGS_TRUE}" \
"Download binary packages from remote repository."
DEFINE_string getbinpkgver "" \
"Use binary packages from a specific version."
DEFINE_string binhost "" \
"Use binary packages from a specific location (e.g. https://storage.googleapis.com/flatcar-jenkins/sdk/amd64/2000.0.0/pkgs)"
DEFINE_boolean toolchainpkgonly "${FLAGS_FALSE}" \
"Use binary packages only for the board toolchain."
DEFINE_integer jobs "${NUM_JOBS}" \
@ -59,7 +61,7 @@ DEFINE_string variant "" \
"Board variant."
# builds wrappers like equery-amd64-usr.
# builds wrappers like equery-arm-generic.
# args:
# $1: command to wrap
# rest: extra arguments to pass to the command
@ -120,9 +122,9 @@ EOF
generate_binhost_list() {
local t
[[ "${FLAGS_toolchainpkgonly}" -eq "${FLAGS_TRUE}" ]] && t="-t"
FLAGS_getbinpkgver="${FLAGS_getbinpkgver/current/${COREOS_VERSION_ID}}"
FLAGS_getbinpkgver="${FLAGS_getbinpkgver/latest/${COREOS_VERSION_ID}}"
FLAGS_getbinpkgver="${FLAGS_getbinpkgver/sdk/${COREOS_SDK_VERSION}}"
FLAGS_getbinpkgver="${FLAGS_getbinpkgver/current/${FLATCAR_VERSION_ID}}"
FLAGS_getbinpkgver="${FLAGS_getbinpkgver/latest/${FLATCAR_VERSION_ID}}"
FLAGS_getbinpkgver="${FLAGS_getbinpkgver/sdk/${FLATCAR_SDK_VERSION}}"
get_board_binhost $t "${BOARD}" ${FLAGS_getbinpkgver}
}
@ -159,7 +161,7 @@ BOARD_ETC="${BOARD_ROOT}/etc"
BOARD_ARCH=$(get_board_arch "$BOARD")
BOARD_CHOST=$(get_board_chost ${BOARD})
PORTAGE_PROFILE=$(get_board_profile "$BOARD")
BOARD_BINHOST=$(generate_binhost_list)
BOARD_BINHOST="$FLAGS_binhost $(generate_binhost_list)"
if [[ ${FLAGS_regen_configs_only} -eq ${FLAGS_TRUE} ]]; then
FLAGS_regen_configs=${FLAGS_TRUE}
@ -198,6 +200,9 @@ if [ "${FLAGS_usepkg}" -eq "${FLAGS_TRUE}" ]; then
else
UPDATE_ARGS+=" --nogetbinpkg "
fi
if [[ -n "${FLAGS_binhost}" ]]; then
UPDATE_ARGS+=" --binhost=${FLAGS_binhost} "
fi
else
UPDATE_ARGS+=" --nousepkg"
fi
@ -318,6 +323,10 @@ if [[ ${FLAGS_regen_configs} -eq ${FLAGS_FALSE} ]]; then
info "Installing toolchain build dependencies"
install_cross_libs "${BOARD_CHOST}" ${EMERGE_FLAGS} --buildpkg=n
info "Building toolchain dependencies"
"${EMERGE_WRAPPER}" --buildpkg --buildpkgonly --onlydeps -e \
--root="/usr/${BOARD_CHOST}" --sysroot="/usr/${BOARD_CHOST}" \
${EMERGE_TOOLCHAIN_FLAGS} "${TOOLCHAIN_PKGS[@]}"
info "Building toolchain"
"${EMERGE_WRAPPER}" --buildpkg --buildpkgonly \
--root="/usr/${BOARD_CHOST}" --sysroot="/usr/${BOARD_CHOST}" \

20
signing/sign.sh
View File

@ -14,12 +14,12 @@ SERVER_ADDR="${3:-10.7.68.102}"
SERVER_PORT="${4:-50051}"
echo "=== Verifying update payload... ==="
gpg2 --verify "${DATA_DIR}/coreos_production_update.bin.bz2.sig"
gpg2 --verify "${DATA_DIR}/coreos_production_image.vmlinuz.sig"
gpg2 --verify "${DATA_DIR}/coreos_production_update.zip.sig"
gpg2 --verify "${DATA_DIR}/flatcar_production_update.bin.bz2.sig"
gpg2 --verify "${DATA_DIR}/flatcar_production_image.vmlinuz.sig"
gpg2 --verify "${DATA_DIR}/flatcar_production_update.zip.sig"
echo "=== Decompressing update payload... ==="
bunzip2 --keep "${DATA_DIR}/coreos_production_update.bin.bz2"
unzip "${DATA_DIR}/coreos_production_update.zip" -d "${DATA_DIR}"
bunzip2 --keep "${DATA_DIR}/flatcar_production_update.bin.bz2"
unzip "${DATA_DIR}/flatcar_production_update.zip" -d "${DATA_DIR}"
payload_signature_files=""
for i in ${SIGS_DIR}/update.sig.*; do
@ -29,10 +29,10 @@ payload_signature_files="${payload_signature_files:1:${#payload_signature_files}
pushd "${DATA_DIR}"
./core_sign_update \
--image "${DATA_DIR}/coreos_production_update.bin" \
--kernel "${DATA_DIR}/coreos_production_image.vmlinuz" \
--output "${DATA_DIR}/coreos_production_update.gz" \
--private_keys "${KEYS_DIR}/devel.key.pem+fero:coreos-image-signing-key" \
--image "${DATA_DIR}/flatcar_production_update.bin" \
--kernel "${DATA_DIR}/flatcar_production_image.vmlinuz" \
--output "${DATA_DIR}/flatcar_production_update.gz" \
--private_keys "${KEYS_DIR}/devel.key.pem+fero:flatcar-image-signing-key" \
--public_keys "${KEYS_DIR}/devel.pub.pem+${KEYS_DIR}/prod-2.pub.pem" \
--keys_separator "+" \
--signing_server_address "$SERVER_ADDR" \
@ -53,7 +53,7 @@ fero-client \
sign \
--file "${DATA_DIR}/torcx_manifest.json" \
--output "${DATA_DIR}/torcx_manifest.json.sig-fero" \
--secret-key coreos-app-signing-key \
--secret-key flatcar-app-signing-key \
${torcx_signature_arg}
gpg2 --enarmor \
--output - \

104
signing/transfer.sh
View File

@ -2,8 +2,9 @@
set -eux
APPID=e96281a6-d1af-4bde-9a0a-97b76e56dc57
BOARD=amd64-usr
declare -A APPID
APPID[amd64-usr]=e96281a6-d1af-4bde-9a0a-97b76e56dc57
APPID[arm64-usr]=103867da-e3a2-4c92-b0b3-7fbd7f7d8b71
declare -A RELEASE_CHANNEL
RELEASE_CHANNEL[alpha]=Alpha
@ -13,22 +14,23 @@ RELEASE_CHANNEL[stable]=Stable
download() {
local channel="$1"
local version="$2"
local board="$3"
local gs="gs://builds.release.core-os.net/${channel}/boards/${BOARD}/${version}"
local dir="${BASEDIR}/${BOARD}/${version}"
local gs="gs://builds.release.core-os.net/${channel}/boards/${board}/${version}"
local dir="${BASEDIR}/${board}/${version}"
mkdir -p "${dir}"
pushd "${dir}" >/dev/null
gsutil -m cp \
"${gs}/coreos_production_image.vmlinuz" \
"${gs}/coreos_production_image.vmlinuz.sig" \
"${gs}/coreos_production_update.bin.bz2" \
"${gs}/coreos_production_update.bin.bz2.sig" \
"${gs}/coreos_production_update.zip" \
"${gs}/coreos_production_update.zip.sig" ./
"${gs}/flatcar_production_image.vmlinuz" \
"${gs}/flatcar_production_image.vmlinuz.sig" \
"${gs}/flatcar_production_update.bin.bz2" \
"${gs}/flatcar_production_update.bin.bz2.sig" \
"${gs}/flatcar_production_update.zip" \
"${gs}/flatcar_production_update.zip.sig" ./
# torcx manifest: try embargoed release bucket first
local torcx_base="gs://builds.release.core-os.net/embargoed/devfiles/torcx/manifests/${BOARD}/${version}"
local torcx_base="gs://builds.release.core-os.net/embargoed/devfiles/torcx/manifests/${board}/${version}"
if ! gsutil -q stat "${torcx_base}/torcx_manifest.json"; then
# Non-embargoed release
local torcx_base="gs://builds.developer.core-os.net/torcx/manifests/${BOARD}/${version}"
@ -38,9 +40,9 @@ download() {
"${torcx_base}/torcx_manifest.json.sig" \
./
gpg2 --verify "coreos_production_image.vmlinuz.sig"
gpg2 --verify "coreos_production_update.bin.bz2.sig"
gpg2 --verify "coreos_production_update.zip.sig"
gpg2 --verify "flatcar_production_image.vmlinuz.sig"
gpg2 --verify "flatcar_production_update.bin.bz2.sig"
gpg2 --verify "flatcar_production_update.zip.sig"
gpg2 --verify "torcx_manifest.json.sig"
popd >/dev/null
@ -49,6 +51,7 @@ download() {
devsign() {
local channel="$1"
local version="$2"
local board="$3"
"$(dirname $0)/../core_dev_sign_update" \
--data_dir "${BASEDIR}" \
@ -62,18 +65,20 @@ devsign() {
sign() {
local channel="$1"
local version="$2"
local board="$3"
"$(dirname $0)/sign.sh" \
"${BASEDIR}/${BOARD}/${version}" \
"${SIGDIR}/${BOARD}/${version}"
"${BASEDIR}/${board}/${version}" \
"${SIGDIR}/${board}/${version}"
}
upload() {
local channel="$1"
local version="$2"
local board="$3"
local dir="${BASEDIR}/${BOARD}/${version}"
local payload="${dir}/coreos_production_update.gz"
local dir="${BASEDIR}/${board}/${version}"
local payload="${dir}/flatcar_production_update.gz"
local torcx_manifest="${dir}/torcx_manifest.json"
local torcx_manifest_sig="${dir}/torcx_manifest.json.asc"
local path
@ -87,8 +92,8 @@ upload() {
"$(dirname $0)/../core_roller_upload" \
--user="${ROLLER_USERNAME}" \
--api_key="${ROLLER_API_KEY}" \
--app_id="${APPID}" \
--board="${BOARD}" \
--app_id="${APPID[${board}]}" \
--board="${board}" \
--version="${version}" \
--payload="${payload}"
@ -96,7 +101,7 @@ upload() {
gsutil cp \
"${torcx_manifest}" \
"${torcx_manifest_sig}" \
"gs://coreos-tectonic-torcx/manifests/${BOARD}/${version}/"
"gs://coreos-tectonic-torcx/manifests/${board}/${version}/"
# Update version in a canary channel if one is defined.
local -n canary_channel="ROLLER_CANARY_CHANNEL_${channel^^}"
@ -106,7 +111,7 @@ upload() {
--user="${ROLLER_USERNAME}" \
--key="${ROLLER_API_KEY}" \
channel update \
--app-id="${APPID}" \
--app-id="${APPID[${board}]}" \
--channel="${canary_channel}" \
--version="${version}"
fi
@ -115,16 +120,17 @@ upload() {
ready() {
local channel="$1"
local version="$2"
local board="$3"
# setting the percent will deactivate (not delete) any existing rollouts for
# this specific group.
echo "Rollout set to 0%"
echo "Rollout set to 0% for ${board}"
updateservicectl \
--server="https://public.update.core-os.net" \
--user="${ROLLER_USERNAME}" \
--key="${ROLLER_API_KEY}" \
group percent \
--app-id="${APPID}" \
--app-id="${APPID[${board}]}" \
--group-id="${channel}" \
--update-percent=0
@ -135,7 +141,7 @@ ready() {
--user="${ROLLER_USERNAME}" \
--key="${ROLLER_API_KEY}" \
channel update \
--app-id="${APPID}" \
--app-id="${APPID[${board}]}" \
--channel="${RELEASE_CHANNEL[${channel}]}" \
--publish=true \
--version="${version}"
@ -144,26 +150,40 @@ ready() {
roll() {
local channel="$1"
local hours="$2"
local board="$3"
local seconds=$((${hours} * 3600))
# creating a new rollout deletes any existing rollout for this group and
# automatically activates the new one.
echo "Creating linear rollout that will get to 100% in ${hours}h"
updateservicectl \
--server="https://public.update.core-os.net" \
--user="${ROLLER_USERNAME}" \
--key="${ROLLER_API_KEY}" \
rollout create linear \
--app-id="${APPID}" \
--group-id="${channel}" \
--duration="${seconds}" \
--frame-size="60"
# Only ramp rollouts on AMD64; ARM64 is too small
if [[ "$board" = "arm64-usr" ]]; then
echo "Setting rollout for arm64-usr to 100%"
updateservicectl \
--server="https://public.update.core-os.net" \
--user="${ROLLER_USERNAME}" \
--key="${ROLLER_API_KEY}" \
group percent \
--app-id="${APPID[${board}]}" \
--group-id="${channel}" \
--update-percent=100
else
# creating a new rollout deletes any existing rollout for this group and
# automatically activates the new one.
echo "Creating linear rollout for ${board} that will get to 100% in ${hours}h"
updateservicectl \
--server="https://public.update.core-os.net" \
--user="${ROLLER_USERNAME}" \
--key="${ROLLER_API_KEY}" \
rollout create linear \
--app-id="${APPID[${board}]}" \
--group-id="${channel}" \
--duration="${seconds}" \
--frame-size="60"
fi
}
usage() {
echo "Usage: $0 {download|upload} <ARTIFACT-DIR> [{-a|-b|-s} <VERSION>]..." >&2
echo "Usage: $0 {devsign|sign} <ARTIFACT-DIR> <SIG-DIR> [{-a|-b|-s} <VERSION>]..." >&2
echo "Usage: $0 {devsign|sign} <ARTIFACT-DIR> <SIG-DIR> [{-a|-b|-s} <VERSION> <BOARD>]..." >&2
echo "Usage: $0 ready [{-a|-b|-s} <VERSION>]..." >&2
echo "Usage: $0 roll [{-a|-b|-s} <HOURS-TO-100-PERCENT>]..." >&2
exit 1
@ -226,13 +246,15 @@ while [[ $# > 0 ]]; do
case "${c}" in
-a)
$CMD "alpha" "${v}"
$CMD "alpha" "${v}" "amd64-usr"
$CMD "alpha" "${v}" "arm64-usr"
;;
-b)
$CMD "beta" "${v}"
$CMD "beta" "${v}" "amd64-usr"
$CMD "beta" "${v}" "arm64-usr"
;;
-s)
$CMD "stable" "${v}"
$CMD "stable" "${v}" "amd64-usr"
;;
*)
usage

22
tag_release
View File

@ -28,7 +28,7 @@ DEFAULT_MINOR=0
DEFAULT_BRANCH=${FLAGS_FALSE}
DEFAULT_BRANCH_PROJECTS=
CURRENT_VERSION=( ${COREOS_VERSION_ID//./ } )
CURRENT_VERSION=( ${FLATCAR_VERSION_ID//./ } )
# Detect if we are on a branch or still tracking master.
DEFAULT_MANIFEST=$(readlink "${REPO_MANIFESTS_DIR}/default.xml") \
@ -48,8 +48,8 @@ fi
DEFINE_integer major ${DEFAULT_MAJOR} "Branch major version (aka 'build')"
DEFINE_integer minor ${DEFAULT_MINOR} "Branch revision or minor version"
DEFINE_integer patch 0 "Branch patch id, normally 0"
DEFINE_string sdk_version "${COREOS_VERSION_ID}" \
"SDK version to use, or 'keep'. (current: ${COREOS_SDK_VERSION})"
DEFINE_string sdk_version "${FLATCAR_VERSION_ID}" \
"SDK version to use, or 'keep'. (current: ${FLATCAR_SDK_VERSION})"
DEFINE_boolean branch ${DEFAULT_BRANCH} "Release branch, diverge from master"
DEFINE_string branch_projects "${DEFAULT_BRANCH_PROJECTS}" \
"Branch the named projects (with a 'coreos/' prefix) in the manifest."
@ -82,7 +82,7 @@ TAG_NAME="v${BRANCH_VERSION}"
if [[ "${FLAGS_sdk_version}" == keep || "${FLAGS_sdk_version}" == current ]]
then
FLAGS_sdk_version="${COREOS_SDK_VERSION}"
FLAGS_sdk_version="${FLATCAR_SDK_VERSION}"
fi
if [[ "${FLAGS_sdk_version}" == "${BRANCH_VERSION}" ]]; then
@ -92,9 +92,9 @@ if [[ "${FLAGS_sdk_version}" == "${BRANCH_VERSION}" ]]; then
fi
# Verify that the specified SDK version exists
COREOS_SDK_VERSION="${FLAGS_sdk_version}"
FLATCAR_SDK_VERSION="${FLAGS_sdk_version}"
. "${SCRIPT_ROOT}/sdk_lib/sdk_util.sh"
if ! curl --head --fail --silent "${COREOS_SDK_URL}" > /dev/null ; then
if ! curl --head --fail --silent "${FLATCAR_SDK_URL}" > /dev/null ; then
die_notrace "SDK version does not exist." \
"Try --sdk_version keep to use the existing SDK."
fi
@ -140,10 +140,10 @@ if [[ ${FLAGS_branch} -eq ${FLAGS_TRUE} ]]; then
fi
tee version.txt <<EOF
COREOS_VERSION=${BRANCH_VERSION}
COREOS_VERSION_ID=${BRANCH_VERSION}
COREOS_BUILD_ID=""
COREOS_SDK_VERSION=${FLAGS_sdk_version}
FLATCAR_VERSION=${BRANCH_VERSION}
FLATCAR_VERSION_ID=${BRANCH_VERSION}
FLATCAR_BUILD_ID=""
FLATCAR_SDK_VERSION=${FLAGS_sdk_version}
EOF
git add version.txt
@ -154,7 +154,7 @@ export GPG_TTY
info "Creating ${BRANCH_NAME} and tag ${TAG_NAME}"
git commit -m "${BRANCH_NAME}: release ${TAG_NAME}"
git branch -f "${BRANCH_NAME}"
git tag "${sign_args[@]}" -m "CoreOS ${TAG_NAME}" "${TAG_NAME}"
git tag "${sign_args[@]}" -m "Flatcar ${TAG_NAME}" "${TAG_NAME}"
# Unpin and branch the important projects, if requested and they are pinned.
if [[ -n "${FLAGS_branch_projects}" ]]; then

9
update_chroot
View File

@ -27,6 +27,8 @@ DEFINE_boolean skip_toolchain_update "${FLAGS_FALSE}" \
"Don't update the toolchains."
DEFINE_string toolchain_boards "" \
"Extra toolchains to setup for the specified boards."
DEFINE_string binhost "" \
"Use binary packages from a specific location (e.g. https://storage.googleapis.com/flatcar-jenkins/sdk/amd64/2000.0.0/pkgs)"
FLAGS_HELP="usage: $(basename $0) [flags]
Performs an update of the chroot. This script is called as part of
@ -57,6 +59,7 @@ PORTAGE_STABLE_OVERLAY="${REPO_ROOT}/src/third_party/portage-stable"
CROSSDEV_OVERLAY="/usr/local/portage/crossdev"
COREOS_OVERLAY="${REPO_ROOT}/src/third_party/coreos-overlay"
COREOS_CONFIG="${COREOS_OVERLAY}/coreos/config"
PORTAGE_BINHOST="$FLAGS_binhost $(get_sdk_binhost)"
# PORTAGE_USERNAME may already be in the env but set just to be safe.
: ${PORTAGE_USERNAME:=${USER}}
@ -83,7 +86,7 @@ PORTDIR_OVERLAY="${CROSSDEV_OVERLAY} ${COREOS_OVERLAY}"
DISTDIR="${REPO_CACHE_DIR}/distfiles"
PKGDIR="/var/lib/portage/pkgs"
PORT_LOGDIR="/var/log/portage"
PORTAGE_BINHOST="$(get_sdk_binhost)"
PORTAGE_BINHOST="$PORTAGE_BINHOST"
PORTAGE_USERNAME="${PORTAGE_USERNAME}"
MAKEOPTS="--jobs=${NUM_JOBS} --load-average=$((NUM_JOBS * 2))"
CCACHE_UMASK="002"
@ -159,14 +162,14 @@ fi
info "Updating chroot:"
info " chroot version: $OLDVER"
info " CoreOS version: $COREOS_VERSION"
info " Flatcar version: $FLATCAR_VERSION"
# Updates should be of the form 1.2.3_desc.sh
for update_script in ${SCRIPTS_DIR}/sdk_lib/updates/*.sh; do
update_name="${update_script##*/}"
update_ver="${update_name%%_*}"
# Run newer updates but don't pass our current version
if ! cmp_ver le "$update_ver" "$COREOS_VERSION"; then
if ! cmp_ver le "$update_ver" "$FLATCAR_VERSION"; then
warn "Skipping update from the future: $update_name"
warn "Perhaps it is time to run a repo sync?"
elif ! cmp_ver ge "$OLDVER" "$update_ver"; then