From 84d7bf63b10167aae14bdf829315932955be8908 Mon Sep 17 00:00:00 2001 From: Thilo Fromm Date: Tue, 2 Mar 2021 14:53:52 +0100 Subject: [PATCH 1/6] bootstrap_sdk: no package updates in stage 1 This change updates the stage1 SDK bootstrap build to use local ("known good") package ebuilds only, preventing updated package ebuilds to apply in stage 1. This fixes SDK build breakage we observed when upgrading core libraries like readline. The change also removes the seed update from stage 1 as it should not be needed anymore now that we postpone any package updates to stage 2. The following package ebuild repos are used for stage 1: - for portage-stable, we simply copy /var/gentoo/repos/gentoo from the SDK root. - coreos-overlay is more complicated since ebuilds are missing from the SDK. So we grok the version the SDK was built with from /mnt/host/source/.repo/manifests/default.xml and then we create a local stage 1 clone of https://github.com/kinvolk/coreos-overlay.git in which we then check out the revision noted in the default mnifest. Signed-off-by: Thilo Fromm --- bootstrap_sdk | 48 +++++++++++++++++++++++++++++++++++++++ build_library/catalyst.sh | 14 ++++-------- 2 files changed, 52 insertions(+), 10 deletions(-) diff --git a/bootstrap_sdk b/bootstrap_sdk index 3dbac8150f..475c5a61cc 100755 --- a/bootstrap_sdk +++ b/bootstrap_sdk @@ -83,6 +83,54 @@ mkdir -p "${ROOT_OVERLAY}/tmp" chmod 1777 "${ROOT_OVERLAY}/tmp" cp "${BUILD_LIBRARY_DIR}/toolchain_util.sh" "${ROOT_OVERLAY}/tmp" + +# Stage 1 uses a different ebuild repo snapshot as well as a different portage_overlay +# the ones from the SDK where ./bootstrap_sdk is being executed - +# to buils a known-good stage 1 (see stages description at top +# of file). This prevents package upgrades from updated ebuild files in the portage/coreos +# to apply in stage 1. +# Stage 1 lacks proper isolation and will link all packages built against its own +# seed libraries instead of against libraries installed to /tmp/stage1root. +build_stage1() { + local stage1_repos="$TEMPDIR/stage1-ebuild-repos" + + write_configs + + # use known-good gentoo base repo from SDK, coreos-overlay from manifest + info "Creating stage 1 ebuild repos and stage 1 snapshot in '$stage1_repos'" + rm -rf "$stage1_repos" + mkdir "$stage1_repos" + cp -R /var/gentoo/repos/gentoo "$stage1_repos" + + local overlay_revision=$( + grep 'name="kinvolk/coreos-overlay"' /mnt/host/source/.repo/manifests/default.xml \ + | sed 's/.*revision="refs\/\(heads\/\)\{0,1\}\([^"]\+\)".*/\2/' ) + + info "Using coreos-overlay revision '$overlay_revision'" + + mkdir "$stage1_repos/coreos-overlay" + ( cd "$stage1_repos/coreos-overlay" \ + && git clone https://github.com/kinvolk/coreos-overlay.git . \ + && git checkout "$overlay_revision" ) + + catalyst_conf > "$TEMPDIR/catalyst-stage1.conf" + sed -i "s:^portdir.*:portdir=\"$stage1_repos/gentoo\":" \ + "$TEMPDIR/catalyst-stage1.conf" + + catalyst $DEBUG -c "$TEMPDIR/catalyst-stage1.conf" -s "$FLAGS_version-stage1" + + sed -i -e "s/^snapshot:.*/snapshot: $FLAGS_version-stage1/" \ + -e "s,^portage_overlay:.*,portage_overlay: $stage1_repos/coreos-overlay," \ + "$TEMPDIR/stage1.spec" + + build_stage stage1 "$SEED" "$TEMPDIR/catalyst-stage1.conf" +} + +if [[ "$STAGES" =~ stage1 ]]; then + build_stage1 + STAGES="${STAGES/stage1/}" +fi + catalyst_build if [[ "$STAGES" =~ stage4 ]]; then diff --git a/build_library/catalyst.sh b/build_library/catalyst.sh index bc7094b11d..5bb6003420 100644 --- a/build_library/catalyst.sh +++ b/build_library/catalyst.sh @@ -120,16 +120,7 @@ cat < Date: Thu, 4 Mar 2021 11:33:30 +0100 Subject: [PATCH 2/6] Spelling fixes in comments Co-authored-by: Krzesimir Nowak --- bootstrap_sdk | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bootstrap_sdk b/bootstrap_sdk index 475c5a61cc..2e998cedd1 100755 --- a/bootstrap_sdk +++ b/bootstrap_sdk @@ -85,8 +85,8 @@ cp "${BUILD_LIBRARY_DIR}/toolchain_util.sh" "${ROOT_OVERLAY}/tmp" # Stage 1 uses a different ebuild repo snapshot as well as a different portage_overlay -# the ones from the SDK where ./bootstrap_sdk is being executed - -# to buils a known-good stage 1 (see stages description at top +# than the ones from the SDK where ./bootstrap_sdk is being executed - +# to build a known-good stage 1 (see stages description at top # of file). This prevents package upgrades from updated ebuild files in the portage/coreos # to apply in stage 1. # Stage 1 lacks proper isolation and will link all packages built against its own From 319e3e702fbeae70769c3289db76e605a8d71402 Mon Sep 17 00:00:00 2001 From: Thilo Fromm Date: Thu, 4 Mar 2021 16:46:35 +0100 Subject: [PATCH 3/6] bootstrap_sdk stage1: more comments, restructured for clarity Signed-off-by: Thilo Fromm --- bootstrap_sdk | 91 ++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 68 insertions(+), 23 deletions(-) diff --git a/bootstrap_sdk b/bootstrap_sdk index 2e998cedd1..ba37b8cfc9 100755 --- a/bootstrap_sdk +++ b/bootstrap_sdk @@ -10,20 +10,32 @@ # # For reference the procedure it performs is this: # -# 1. snapshot: Grab a snapshot of portage-stable. Note that overalys are -# not snapshotted. +# 1. snapshot: Grab a snapshot of the portage-stable repo from +# third_party/... . coreoy-overlay is used as-is from the same source. +# # 2. stage1: Using a "seed" tarball as a build environment, build a # minimal root file system into a clean directory using ROOT=... # and USE=-* The restricted USE flags are key be small and avoid -# circular dependencies. +# circular dependencies. Tarball is built from the current SDK's +# portage-stable and coreos-overlay instead of the ones from 1 +# since stage1 must not contain updated ebuilds (see build_stage1 below). +# This stage uses: +# - portage-stable from the SDK's /var/lib/gentoo/repos/gentoo +# - a fresh check-out of coreos-overlay at the revision used to build the SDK +# # 3. stage2: Run portage-stable/scripts/bootstrap.sh -# This rebuilds the toolchain. Probably not strictly necessary most of -# the time but does super-duper-promise that the toolchain isn't linked +# This rebuilds the toolchain using Gentoo bootstrapping, ensuring it's not linked # to or otherwise influenced by whatever was in the "seed" tarball. -# 4. stage3: Run emerge -e system to rebuild everything using the fresh -# toolchain using the normal USE flags provided by the profile. This +# The toolchain rebuild may contain updates package ebuilds from +# third_party/(portage-stable|coreos-overlay). +# This and all following stages use portage-stable and coreos-overlay +# from third_party/... (see 1.) +# +# 4. stage3: Run emerge -e system to rebuild everything using the fresh updated +# toolchain from 3., using the normal USE flags provided by the profile. This # will also pull in assorted base system packages that weren't included # in the minimal environment stage1 created. +# # 5. stage4: Install any extra packages or other desired tweaks. For the # sdk we just install all the packages normally make_chroot.sh does. # @@ -84,45 +96,78 @@ chmod 1777 "${ROOT_OVERLAY}/tmp" cp "${BUILD_LIBRARY_DIR}/toolchain_util.sh" "${ROOT_OVERLAY}/tmp" -# Stage 1 uses a different ebuild repo snapshot as well as a different portage_overlay -# than the ones from the SDK where ./bootstrap_sdk is being executed - -# to build a known-good stage 1 (see stages description at top -# of file). This prevents package upgrades from updated ebuild files in the portage/coreos -# to apply in stage 1. -# Stage 1 lacks proper isolation and will link all packages built against its own -# seed libraries instead of against libraries installed to /tmp/stage1root. -build_stage1() { - local stage1_repos="$TEMPDIR/stage1-ebuild-repos" +# Stage 1 uses "known-good" ebuild repos (both coreos-overlay and portage-stable) +# to build a minimal toolchain (USE="-*") for stage 2. +# +# No package updates must happen in stage 1, so we use +# - the portage-stable repo included with the current SDK (from the SDK chroot's +# /var/lib/gentoo/repos/gentoo), and +# - the coreos-overlay repo version listed in the current SDK's manifest. +# Unfortunately coreos-overlay is not included in the SDK chroot at all; this +# will be addressed in the future. +# +# "Current SDK" refers to the SDK we entered with 'cork enter', i.e. the SDK +# we run ./bootstrap_sdk in. +# +# Using ebuilds from the above mentioned sources will ensure that stage 1 builds +# a minimal stage 2 from known-good ebuild versions - the same ebuild versions +# that were used to build the very SDK we run ./bootstrap_sdk in. +# +# NOTE that stage 1 lacks proper isolation and will link all packages built for stage 2 +# against its own seed libraries ("/" in the catalyst chroot) instead of against libraries +# installed into the FS root of the stage 2 seed ("/tmp/stage1root" in the catalyst chroot). +# This is why we must prevent any updated package ebuilds to "leak" into stage 1, hence we use +# "known good" ebuild repo versions outlined above. +build_stage1() { + + # First, write out the default 4-stage catalyst configuration files write_configs - # use known-good gentoo base repo from SDK, coreos-overlay from manifest + # Prepare local copies of both the "known-good" portage-stable and the + # "known-good" coreos-overlay ebuild repos info "Creating stage 1 ebuild repos and stage 1 snapshot in '$stage1_repos'" + local stage1_repos="$TEMPDIR/stage1-ebuild-repos" rm -rf "$stage1_repos" mkdir "$stage1_repos" + + # PORTAGE-STABLE + # copy local SDK's "known-good" portage-stable repo into stage 1 tempdir cp -R /var/gentoo/repos/gentoo "$stage1_repos" + # Create a snapshot of "known-good" portage-stable repo copy for use in stage 1 + # This requires us to create a custom catalyst config to point it to the + # repo copy we just created, for snapshotting. + catalyst_conf > "$TEMPDIR/catalyst-stage1.conf" + sed -i "s:^portdir.*:portdir=\"$stage1_repos/gentoo\":" \ + "$TEMPDIR/catalyst-stage1.conf" + # take the "portage directory" (portage-stable copy) snapshot + catalyst $DEBUG -c "$TEMPDIR/catalyst-stage1.conf" -s "$FLAGS_version-stage1" + + # COREOS-OVERLAY + # get revision of coreos-overlay used by the SDK we're currently in so we can + # check out exactly that version. Unfortunately, coreos-overlay is not available + # in /var/lib/gentoo/repos - we might want to change that in the future, after which + # this step will be a lot simpler. local overlay_revision=$( grep 'name="kinvolk/coreos-overlay"' /mnt/host/source/.repo/manifests/default.xml \ | sed 's/.*revision="refs\/\(heads\/\)\{0,1\}\([^"]\+\)".*/\2/' ) info "Using coreos-overlay revision '$overlay_revision'" + # Check out local SDK's "known-good" coreos-overlay version for use in stage 1 mkdir "$stage1_repos/coreos-overlay" ( cd "$stage1_repos/coreos-overlay" \ && git clone https://github.com/kinvolk/coreos-overlay.git . \ && git checkout "$overlay_revision" ) - catalyst_conf > "$TEMPDIR/catalyst-stage1.conf" - sed -i "s:^portdir.*:portdir=\"$stage1_repos/gentoo\":" \ - "$TEMPDIR/catalyst-stage1.conf" - - catalyst $DEBUG -c "$TEMPDIR/catalyst-stage1.conf" -s "$FLAGS_version-stage1" - + # Wire up stage 1 spec to use the "known-good" portage-stable and coreos-overlay + # repository versions from above. sed -i -e "s/^snapshot:.*/snapshot: $FLAGS_version-stage1/" \ -e "s,^portage_overlay:.*,portage_overlay: $stage1_repos/coreos-overlay," \ "$TEMPDIR/stage1.spec" + # Finally, build stage 1 build_stage stage1 "$SEED" "$TEMPDIR/catalyst-stage1.conf" } From 12d59f88e0a3fdf3a3fa448abb3751add014b1b8 Mon Sep 17 00:00:00 2001 From: Thilo Fromm Date: Thu, 4 Mar 2021 18:59:13 +0100 Subject: [PATCH 4/6] build_library/catalyst_sdk.sh: save snapshot of coreos-overlay This change to stage 4 of the SDK bootstrap process will keep a snapshot of coreos-overlay in the SDK tarball. This snapshot can be used in future SDK bootstraps' stage1 to ensure a clean stage 1 output without any package updates. Signed-off-by: Thilo Fromm --- build_library/catalyst_sdk.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/build_library/catalyst_sdk.sh b/build_library/catalyst_sdk.sh index edc739ab98..f194333a6a 100644 --- a/build_library/catalyst_sdk.sh +++ b/build_library/catalyst_sdk.sh @@ -20,3 +20,11 @@ for cross_chost in $(get_chost_list); do PKGDIR="$(portageq envvar PKGDIR)/crossdev" \ install_cross_rust "${cross_chost}" ${clst_myemergeopts} done + +echo "Saving snapshot of coreos-overlay repo for future SDK bootstraps" +# Copy coreos-overlay, which is in /var/gentoo/repos/local/, into a +# local directory. /var/gentoo/repos/local/ is removed before archiving +# and we want to keep a snapshot. This snapshot is used - alongside +# /var/gentoo/repos/gentoo - by stage 1 of future bootstraps. +mkdir -p /var/gentoo/repos/coreos-overlay +cp -R /var/gentoo/repos/local/* /var/gentoo/repos/coreos-overlay From ac31f8ac9a80ca9aa45d696014852254b629cef8 Mon Sep 17 00:00:00 2001 From: Thilo Fromm Date: Thu, 4 Mar 2021 19:03:00 +0100 Subject: [PATCH 5/6] bootstrap_sdk: fix typo in bootstrap process description Co-authored-by: Marga Manterola <62987181+marga-kinvolk@users.noreply.github.com> --- bootstrap_sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bootstrap_sdk b/bootstrap_sdk index ba37b8cfc9..36f0f66216 100755 --- a/bootstrap_sdk +++ b/bootstrap_sdk @@ -26,7 +26,7 @@ # 3. stage2: Run portage-stable/scripts/bootstrap.sh # This rebuilds the toolchain using Gentoo bootstrapping, ensuring it's not linked # to or otherwise influenced by whatever was in the "seed" tarball. -# The toolchain rebuild may contain updates package ebuilds from +# The toolchain rebuild may contain updated package ebuilds from # third_party/(portage-stable|coreos-overlay). # This and all following stages use portage-stable and coreos-overlay # from third_party/... (see 1.) From 659d4bf484df3a28031e1b1e2bd80592c96a8281 Mon Sep 17 00:00:00 2001 From: Thilo Fromm Date: Fri, 5 Mar 2021 12:11:18 +0100 Subject: [PATCH 6/6] bootstrap_sdk: fix typo in top-level stage1 description Co-authored-by: Sayan Chowdhury --- bootstrap_sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bootstrap_sdk b/bootstrap_sdk index 36f0f66216..ccfba3720e 100755 --- a/bootstrap_sdk +++ b/bootstrap_sdk @@ -17,7 +17,7 @@ # minimal root file system into a clean directory using ROOT=... # and USE=-* The restricted USE flags are key be small and avoid # circular dependencies. Tarball is built from the current SDK's -# portage-stable and coreos-overlay instead of the ones from 1 +# portage-stable and coreos-overlay instead of the ones from stage1 # since stage1 must not contain updated ebuilds (see build_stage1 below). # This stage uses: # - portage-stable from the SDK's /var/lib/gentoo/repos/gentoo