Merge pull request #23 from flatcar-linux/dongsu/arm-port

Support for ARM architecture

build_library/build_image_util.sh

@@ -103,6 +103,8 @@ generate_update() {
 run_ldconfig() {
   local root_fs_dir=$1
   case ${ARCH} in
+  arm64)
+    sudo qemu-aarch64 "${root_fs_dir}"/usr/sbin/ldconfig -r "${root_fs_dir}";;
   x86|amd64)
     sudo ldconfig -r "${root_fs_dir}";;
   *)
@@ -113,6 +115,8 @@ run_ldconfig() {
 run_localedef() {
   local root_fs_dir="$1" loader=()
   case ${ARCH} in
+  arm64)
+    loader=( qemu-aarch64 -L "${root_fs_dir}" );;
   amd64)
     loader=( "${root_fs_dir}/usr/lib64/ld-linux-x86-64.so.2" \
                --library-path "${root_fs_dir}/usr/lib64" );;
@@ -456,6 +460,7 @@ finish_image() {
   # Only enable rootfs verification on supported boards.
   case "${FLAGS_board}" in
     amd64-usr) verity_offset=64 ;;
+    arm64-usr) verity_offset=512 ;;
     *) disable_read_write=${FLAGS_FALSE} ;;
   esac
 
@@ -527,6 +532,7 @@ EOF
     # Magic alert!  Root hash injection works by writing the hash value to a
     # known unused SHA256-sized location in the kernel image.
     # For amd64 the rdev error message is used.
+    # For arm64 an area between the EFI headers and the kernel text is used.
     # Our modified GRUB extracts the hash and adds it to the cmdline.
     printf %s "$(cat ${BUILD_DIR}/${image_name%.bin}_verity.txt)" | \
         sudo dd of="${root_fs_dir}/boot/flatcar/vmlinuz-a" conv=notrunc \
@@ -564,6 +570,9 @@ EOF
   if [[ "${install_grub}" -eq 1 ]]; then
     local target
     local target_list="i386-pc x86_64-efi x86_64-xen"
+    if [[ ${BOARD} == "arm64-usr" ]]; then
+      target_list="arm64-efi"
+    fi
     local grub_args=()
     if [[ ${disable_read_write} -eq ${FLAGS_TRUE} ]]; then
       grub_args+=(--verity)

build_library/check_root

@@ -29,11 +29,39 @@ IGNORE_MISSING = {
                                  SonameAtom("x86_64", "libc.so.6")],
 
     # RPATHs and symlinks apparently confuse the perl-5.24 package
-    "dev-lang/perl":            [SonameAtom("x86_64", "libperl.so.5.26.2")],
-    "sys-apps/texinfo":         [SonameAtom("x86_64", "libperl.so.5.26")],
+    "dev-lang/perl":            [SonameAtom("arm_64", "libperl.so.5.26.2"),
+                                 SonameAtom("x86_64", "libperl.so.5.26.2")],
+    "dev-perl/XML-Parser":      [SonameAtom("x86_64", "libc.so.6"),
+                                 SonameAtom("x86_64", "libexpat.so.1")],
+    "dev-perl/libintl-perl":    [SonameAtom("x86_64", "libc.so.6")],
+    "dev-util/boost-build":     [SonameAtom("x86_64", "libc.so.6")],
+    "net-dns/dnsmasq":          [SonameAtom("x86_64", "libc.so.6")],
+    "sys-apps/texinfo":         [SonameAtom("x86_64", "libc.so.6"),
+                                 SonameAtom("x86_64", "libperl.so.5.26")],
 
     # https://bugs.gentoo.org/show_bug.cgi?id=554582
-    "net-firewall/ebtables":    [SonameAtom("x86_64", "libebt_802_3.so"),
+    "net-firewall/ebtables":    [SonameAtom("arm_64", "libebt_802_3.so"),
+                                 SonameAtom("arm_64", "libebt_among.so"),
+                                 SonameAtom("arm_64", "libebt_arp.so"),
+                                 SonameAtom("arm_64", "libebt_arpreply.so"),
+                                 SonameAtom("arm_64", "libebt_ip.so"),
+                                 SonameAtom("arm_64", "libebt_ip6.so"),
+                                 SonameAtom("arm_64", "libebt_limit.so"),
+                                 SonameAtom("arm_64", "libebt_log.so"),
+                                 SonameAtom("arm_64", "libebt_mark.so"),
+                                 SonameAtom("arm_64", "libebt_mark_m.so"),
+                                 SonameAtom("arm_64", "libebt_nat.so"),
+                                 SonameAtom("arm_64", "libebt_nflog.so"),
+                                 SonameAtom("arm_64", "libebt_pkttype.so"),
+                                 SonameAtom("arm_64", "libebt_redirect.so"),
+                                 SonameAtom("arm_64", "libebt_standard.so"),
+                                 SonameAtom("arm_64", "libebt_stp.so"),
+                                 SonameAtom("arm_64", "libebt_ulog.so"),
+                                 SonameAtom("arm_64", "libebt_vlan.so"),
+                                 SonameAtom("arm_64", "libebtable_broute.so"),
+                                 SonameAtom("arm_64", "libebtable_filter.so"),
+                                 SonameAtom("arm_64", "libebtable_nat.so"),
+                                 SonameAtom("x86_64", "libebt_802_3.so"),
                                  SonameAtom("x86_64", "libebt_among.so"),
                                  SonameAtom("x86_64", "libebt_arp.so"),
                                  SonameAtom("x86_64", "libebt_arpreply.so"),
@@ -56,13 +84,23 @@ IGNORE_MISSING = {
                                  SonameAtom("x86_64", "libebtable_nat.so")],
 
     # Ignore the Rust libraries in their own libdir.
-    "dev-libs/rustlib":         [SonameAtom("x86_64", "librustc_data_structures.so"),
+    "dev-libs/rustlib":         [SonameAtom("arm_64", "librustc_data_structures.so"),
+                                 SonameAtom("arm_64", "librustc_errors.so"),
+                                 SonameAtom("arm_64", "libserialize.so"),
+                                 SonameAtom("arm_64", "libstd.so"),
+                                 SonameAtom("arm_64", "libsyntax.so"),
+                                 SonameAtom("arm_64", "libsyntax_pos.so"),
+                                 SonameAtom("arm_64", "libterm.so"),
+                                 SonameAtom("x86_64", "librustc_data_structures.so"),
                                  SonameAtom("x86_64", "librustc_errors.so"),
                                  SonameAtom("x86_64", "libserialize.so"),
                                  SonameAtom("x86_64", "libstd.so"),
                                  SonameAtom("x86_64", "libsyntax.so"),
                                  SonameAtom("x86_64", "libsyntax_pos.so"),
                                  SonameAtom("x86_64", "libterm.so")],
+
+    "sys-kernel/coreos-modules": [SonameAtom("x86_64", "libc.so.6"),
+                                  SonameAtom("x86_64", "libcrypto.so.1.0.0")],
 }
 
 USR_LINKS = ("/bin/", "/sbin/", "/lib/", "/lib32/", "/lib64/")

build_library/ebuild_aci_util.sh

@@ -40,6 +40,7 @@ ebuild_aci_write_manifest() {
 
     case "${BOARD}" in
         amd64-usr) appc_arch=amd64 ;;
+        arm64-usr) appc_arch=aarch64 ;;
         *) die_notrace "Cannot map \"${BOARD}\" to an appc arch" ;;
     esac
 

build_library/grub.cfg

@@ -91,21 +91,32 @@ if [ -z "$linux_console" ]; then
         terminal_input console serial_com0
         terminal_output console serial_com0
     elif [ "$grub_platform" = efi ]; then
-        set linux_console="console=ttyS0,115200n8 console=tty0"
+        if [ "$grub_cpu" = arm64 ]; then
+            set linux_console="console=ttyAMA0,115200n8"
+        else
+            set linux_console="console=ttyS0,115200n8 console=tty0"
+       fi
     elif [ "$grub_platform" = xen ]; then
         set linux_console="console=hvc0"
     fi
 fi
 
+set extra_options=""
+if [ "$grub_cpu" = arm64 ]; then
+	set extra_options="acpi=force"
+fi
+
 set suf=""
 
-# UEFI uses linuxefi/initrdefi instead of linux/initrd
+# UEFI uses linuxefi/initrdefi instead of linux/initrd except for arm64
 if [ "$grub_platform" = efi ]; then
-  set suf="efi"
+  if [ "$grub_cpu" != arm64 ]; then
+    set suf="efi"
+  fi
 fi
 
 # Assemble the options applicable to all the kernels below
-set linux_cmdline="rootflags=rw mount.usrflags=ro consoleblank=0 $linux_root $linux_console $first_boot $randomize_disk_guid $oem $linux_append"
+set linux_cmdline="rootflags=rw mount.usrflags=ro consoleblank=0 $linux_root $linux_console $first_boot $randomize_disk_guid $extra_options $oem $linux_append"
 
 # Re-implement grub_abort() since no command exposes it.
 function abort {

build_library/grub_install.sh

@@ -48,6 +48,10 @@ CORE_MODULES=( normal search test fat part_gpt search_fs_uuid gzio search_part_l
 # Name of the core image, depends on target
 CORE_NAME=
 
+# Whether the SDK's grub or the board root's grub is used. Once amd64 is
+# fixed up the board root's grub will always be used.
+BOARD_GRUB=0
+
 case "${FLAGS_target}" in
     i386-pc)
         CORE_MODULES+=( biosdisk serial )
@@ -60,11 +64,21 @@ case "${FLAGS_target}" in
     x86_64-xen)
         CORE_NAME="core.elf"
         ;;
+    arm64-efi)
+        CORE_MODULES+=( serial linux efi_gop getenv smbios efinet verify http tftp )
+        CORE_NAME="core.efi"
+        BOARD_GRUB=1
+        ;;
     *)
         die_notrace "Unknown GRUB target ${FLAGS_target}"
         ;;
 esac
 
+if [[ $BOARD_GRUB -eq 1 ]]; then
+    info "Updating GRUB in ${BOARD_ROOT}"
+    emerge-${BOARD} --nodeps --select -qugKN sys-boot/grub
+    GRUB_SRC="${BOARD_ROOT}/usr/lib/grub/${FLAGS_target}"
+fi
 [[ -d "${GRUB_SRC}" ]] || die "GRUB not installed at ${GRUB_SRC}"
 
 # In order for grub-setup-bios to properly detect the layout of the disk
@@ -216,6 +230,18 @@ case "${FLAGS_target}" in
         sudo cp "${BUILD_LIBRARY_DIR}/menu.lst" \
             "${ESP_DIR}/boot/grub/menu.lst"
         ;;
+    arm64-efi)
+        info "Installing default arm64 UEFI bootloader."
+        sudo mkdir -p "${ESP_DIR}/EFI/boot"
+        #FIXME(andrejro): shim not ported to aarch64
+        sudo cp "${ESP_DIR}/${GRUB_DIR}/${CORE_NAME}" \
+            "${ESP_DIR}/EFI/boot/bootaa64.efi"
+        if [[ -n "${FLAGS_copy_efi_grub}" ]]; then
+            # copying from vfat so ignore permissions
+            cp --no-preserve=mode "${ESP_DIR}/EFI/boot/bootaa64.efi" \
+                "${FLAGS_copy_efi_grub}"
+        fi
+        ;;
 esac
 
 cleanup

build_library/oem_aci_util.sh

@@ -74,6 +74,7 @@ oem_aci_write_manifest() {
 
     case "${BOARD}" in
         amd64-usr) appc_arch=amd64 ;;
+        arm64-usr) appc_arch=aarch64 ;;
         *) die_notrace "Cannot map \"${BOARD}\" to an appc arch" ;;
     esac
 

build_library/prod_image_util.sh

@@ -85,7 +85,7 @@ create_prod_image() {
 
   # Assert that if this is supposed to be an official build that the
   # official update keys have been used.
-  if [[ ${COREOS_OFFICIAL:-0} -eq 1 ]]; then
+  if [[ ${COREOS_OFFICIAL:-0} -eq 1 && "${BOARD}" != arm64-usr ]]; then
       grep -q official \
           "${root_fs_dir}"/var/db/pkg/coreos-base/coreos-au-key-*/USE \
           || die_notrace "coreos-au-key is missing the 'official' use flag"
@@ -141,8 +141,11 @@ EOF
     "${BUILD_DIR}/${image_kernel}"
     "${BUILD_DIR}/${image_pcr_policy}"
     "${BUILD_DIR}/${image_grub}"
-    "${BUILD_DIR}/${image_shim}"
     "${BUILD_DIR}/${image_kconfig}"
   )
+  # FIXME(bgilbert): no shim on arm64
+  if [[ -f "${BUILD_DIR}/${image_shim}" ]]; then
+    to_upload+=("${BUILD_DIR}/${image_shim}")
+  fi
   upload_image -d "${BUILD_DIR}/${image_name}.bz2.DIGESTS" "${to_upload[@]}"
 }

build_library/qemu_template.sh

@@ -155,6 +155,10 @@ else
             set -- -machine accel=kvm -cpu host -smp "${VM_NCPUS}" "$@" ;;
         amd64-usr+*)
             set -- -machine pc-q35-2.8 -cpu kvm64 -smp 1 -nographic "$@" ;;
+        arm64-usr+aarch64)
+            set -- -machine virt,accel=kvm,gic-version=3 -cpu host -smp "${VM_NCPUS}" -nographic "$@" ;;
+        arm64-usr+*)
+            set -- -machine virt -cpu cortex-a57 -smp 1 -nographic "$@" ;;
         *)
             die "Unsupported arch" ;;
     esac
@@ -175,6 +179,10 @@ if [ -n "${VM_IMAGE}" ]; then
     case "${VM_BOARD}" in
         amd64-usr)
             set -- -drive if=virtio,file="${SCRIPT_DIR}/${VM_IMAGE}" "$@" ;;
+        arm64-usr)
+            set -- -drive if=none,id=blk,file="${SCRIPT_DIR}/${VM_IMAGE}" \
+            -device virtio-blk-device,drive=blk "$@"
+            ;;
         *) die "Unsupported arch" ;;
     esac
 fi
@@ -217,6 +225,15 @@ case "${VM_BOARD}" in
             -object rng-random,filename=/dev/urandom,id=rng0 -device virtio-rng-pci,rng=rng0 \
             "$@"
         ;;
+    arm64-usr)
+        qemu-system-aarch64 \
+            -name "$VM_NAME" \
+            -m ${VM_MEMORY} \
+            -netdev user,id=eth0,hostfwd=tcp::"${SSH_PORT}"-:22,hostname="${VM_NAME}" \
+            -device virtio-net-device,netdev=eth0 \
+            -object rng-random,filename=/dev/urandom,id=rng0 -device virtio-rng-pci,rng=rng0 \
+            "$@"
+        ;;
     *) die "Unsupported arch" ;;
 esac
 

build_library/set_lsb_release

@@ -31,7 +31,12 @@ OS_ID="flatcar"
 OS_ID_LIKE="coreos"
 OS_PRETTY_NAME="$OS_NAME $FLATCAR_VERSION (${OS_CODENAME})"
 
+# temporarily point arm at a different appid until update support
+# is completed in update_engine and the CoreUpdate service.
 FLATCAR_APPID="{e96281a6-d1af-4bde-9a0a-97b76e56dc57}"
+if [[ "${FLAGS_board}" == arm64-* ]]; then
+  FLATCAR_APPID="{103867da-e3a2-4c92-b0b3-7fbd7f7d8b71}"
+fi
 
 # DISTRIB_* are the standard lsb-release names
 sudo mkdir -p "${ROOT_FS_DIR}/usr/share/flatcar" "${ROOT_FS_DIR}/etc/flatcar"

build_library/test_image_content.sh

@@ -5,6 +5,7 @@
 GLSA_WHITELIST=(
 	201412-09 # incompatible CA certificate version numbers
 	201908-14 # backported both CVE fixes
+	201904-13 # git
 	201909-01 # Perl, SDK only
 	201909-08 # backported fix
 )

build_library/toolchain_util.sh

@@ -15,6 +15,7 @@ TOOLCHAIN_PKGS=(
 # compiler to build a full native toolchain. Packages are not uploaded.
 declare -A CROSS_PROFILES
 CROSS_PROFILES["x86_64-cros-linux-gnu"]="coreos:coreos/amd64/generic"
+CROSS_PROFILES["aarch64-cros-linux-gnu"]="coreos:coreos/arm64/generic"
 
 # Map board names to CHOSTs and portage profiles. This is the
 # definitive list, there is assorted code new and old that either
@@ -23,6 +24,9 @@ declare -A BOARD_CHOSTS BOARD_PROFILES
 BOARD_CHOSTS["amd64-usr"]="x86_64-cros-linux-gnu"
 BOARD_PROFILES["amd64-usr"]="coreos:coreos/amd64/generic"
 
+BOARD_CHOSTS["arm64-usr"]="aarch64-cros-linux-gnu"
+BOARD_PROFILES["arm64-usr"]="coreos:coreos/arm64/generic"
+
 BOARD_NAMES=( "${!BOARD_CHOSTS[@]}" )
 
 # Declare the above globals as read-only to avoid accidental conflicts.
@@ -39,6 +43,7 @@ declare -r \
 # Usage: get_portage_arch chost
 get_portage_arch() {
     case "$1" in
+        aarch64*)   echo arm64;;
         alpha*)     echo alpha;;
         arm*)       echo arm;;
         hppa*)      echo hppa;;

build_library/vm_image_util.sh

@@ -303,6 +303,9 @@ get_default_vm_type() {
     amd64-usr)
         echo "qemu"
         ;;
+    arm64-usr)
+        echo "qemu_uefi"
+        ;;
     *)
         return 1
         ;;
@@ -619,6 +622,7 @@ _write_cpio_disk() {
     local grub_arch
     case $BOARD in
         amd64-usr) grub_arch="x86_64-efi" ;;
+        arm64-usr) grub_arch="arm64-efi" ;;
     esac
 
     cp "${base_dir}/boot/flatcar/grub/${grub_arch}/core.efi" "${dst_dir}/${grub_name}"
@@ -715,6 +719,19 @@ _write_qemu_uefi_conf() {
             cp "/usr/share/edk2-ovmf/OVMF_CODE.fd" "$(_dst_dir)/${flash_ro}"
             cp "/usr/share/edk2-ovmf/OVMF_VARS.fd" "$(_dst_dir)/${flash_rw}"
             ;;
+        arm64-usr)
+            # Get edk2 files into local build workspace.
+            info "Updating edk2 in /build/${BOARD}"
+            emerge-${BOARD} --nodeps --select -qugN sys-firmware/edk2-aarch64
+            # Create 64MiB flash device image files.
+            dd if=/dev/zero bs=1M count=64 of="$(_dst_dir)/${flash_rw}" \
+                status=none
+            cp "/build/${BOARD}/usr/share/edk2-aarch64/QEMU_EFI.fd" \
+                "$(_dst_dir)/${flash_ro}.work"
+            truncate --reference="$(_dst_dir)/${flash_rw}" \
+                "$(_dst_dir)/${flash_ro}.work"
+            mv "$(_dst_dir)/${flash_ro}.work" "$(_dst_dir)/${flash_ro}"
+            ;;
     esac
 
     sed -e "s%^VM_PFLASH_RO=.*%VM_PFLASH_RO='${flash_ro}'%" \

check_out_of_date.py

@@ -67,11 +67,11 @@ def process_emerge_output(eout):
 
 
 def get_board_packages(board):
-    """ gets a list of packages used by a board. valid boards are amd64-usr, sdk, and bootstrap"""
+    """ gets a list of packages used by a board. valid boards are {arm,amd}64-usr, sdk, and bootstrap"""
     emerge_args = "--emptytree --pretend --verbose --unordered-display"
     if board == "sdk":
         cmd = "emerge {} @system sdk-depends sdk-extras".format(emerge_args)
-    elif board == "amd64-usr":
+    elif board == "amd64-usr" or board == "arm64-usr":
         cmd = "emerge-{} {} @system board-packages".format(board, emerge_args)
     elif board == "bootstrap":
         pkgs = exec_command_strict("/usr/lib64/catalyst/targets/stage1/build.py")
@@ -92,6 +92,7 @@ def print_table(report, head, line_head, line_tail, tail, joiner, pkg_joiner):
                       "upstream": ["Upstream"],
                       "tag": "Tag",
                       "sdk": ["sdk"],
+                      "arm64-usr": ["arm64-usr"],
                       "amd64-usr": ["amd64-usr"],
                       "bootstrap": ["bootstrap"],
                       "modified": "Modified"})
@@ -102,6 +103,7 @@ def print_table(report, head, line_head, line_tail, tail, joiner, pkg_joiner):
               pkg_joiner.join(entry.get("upstream",[])),
               entry.get("tag",""),
               pkg_joiner.join(entry.get("sdk", [])),
+              pkg_joiner.join(entry.get("arm64-usr", [])),
               pkg_joiner.join(entry.get("amd64-usr", [])),
               pkg_joiner.join(entry.get("bootstrap", [])),
               entry.get("modified","")]) + line_tail)
@@ -138,7 +140,7 @@ def main():
         subprocess.check_call(["git", "-C", args.upstream_path, "pull"])
 
     pkg_lists = {}
-    sources = ["sdk", "bootstrap", "amd64-usr", "image"]
+    sources = ["sdk", "bootstrap", "amd64-usr", "arm64-usr", "image"]
     for i in sources:
         pkg_lists[i] = get_board_packages(i)
 

common.sh

@@ -46,6 +46,9 @@ fi
 # Turn on bash debug support if available for backtraces.
 shopt -s extdebug 2>/dev/null
 
+# Source qemu library path
+. /etc/profile.d/qemu-aarch64.sh 2> /dev/null || true
+
 # Output a backtrace all the way back to the raw invocation, suppressing
 # only the _dump_trace frame itself.
 _dump_trace() {
@@ -383,9 +386,8 @@ if [[ -f ${GCLIENT_ROOT}/src/scripts/.default_board ]]; then
     die ".default_board: invalid name detected; please fix:" \
         "'${DEFAULT_BOARD}'"
   fi
-elif [ -z "${DEFAULT_BOARD-}" ]; then
-  DEFAULT_BOARD=amd64-usr
 fi
+DEFAULT_BOARD="${DEFAULT_BOARD-amd64-usr}"
 
 # Directory to store built images.  Should be set by sourcing script when used.
 BUILD_DIR=
@@ -928,10 +930,21 @@ BOAT
 }
 
 # The binfmt_misc support in the kernel is required.
+# The aarch64 binaries should be executed through
+# "/usr/bin/qemu-aarch64-static"
 setup_qemu_static() {
   local root_fs_dir="$1"
   case "${BOARD}" in
     amd64-usr) return 0;;
+    arm64-usr)
+      if [[ -f "${root_fs_dir}/sbin/ldconfig" ]]; then
+        sudo cp /usr/bin/qemu-aarch64 "${root_fs_dir}"/usr/bin/qemu-aarch64-static
+        echo export QEMU_LD_PREFIX=\"/build/arm64-usr/\" | sudo tee /etc/profile.d/qemu-aarch64.sh
+        . /etc/profile.d/qemu-aarch64.sh
+      else
+        die "Missing basic layout in target rootfs"
+      fi
+    ;;
     *) die "Unsupported arch" ;;
   esac
 }
@@ -940,6 +953,13 @@ clean_qemu_static() {
   local root_fs_dir="$1"
   case "${BOARD}" in
     amd64-usr) return 0;;
+    arm64-usr)
+      if [[ -f "${root_fs_dir}/usr/bin/qemu-aarch64-static" ]]; then
+        sudo rm "${root_fs_dir}"/usr/bin/qemu-aarch64-static
+      else
+        die "File not found"
+      fi
+    ;;
     *) die "Unsupported arch" ;;
   esac
 }

core_dev_sign_update

@@ -6,7 +6,7 @@ SCRIPT_ROOT=$(dirname $(readlink -f "$0"))
 assert_inside_chroot
 
 DEFINE_string data_dir "" "Directory containing downloaded release artifacts"
-DEFINE_string board "amd64-usr" "Board to sign artifacts for"
+DEFINE_string board "" "Board to sign artifacts for"
 DEFINE_string version "" "Version to sign artifacts for"
 DEFINE_integer n_signatures "2" "Number of signatures this release will be signed with"
 DEFINE_string output_dir "" "Output directory"

image_inject_bootchain

@@ -77,9 +77,11 @@ if [[ -n "${FLAGS_kernel_path}" ]]; then
     do_copy "${FLAGS_kernel_path}" "/boot/flatcar/vmlinuz-a"
 fi
 
+# FIXME(bgilbert): no shim on arm64
 if [[ -n "${FLAGS_efi_grub_path}" ]]; then
     case "${BOARD}" in
     amd64-usr) image_name="grub.efi" ;;
+    arm64-usr) image_name="bootaa64.efi" ;;
     *) die "GRUB filename not known for this board" ;;
     esac
 

jenkins/formats-arm64-usr.txt

@@ -0,0 +1,5 @@
+openstack
+openstack_mini
+packet
+pxe
+qemu_uefi

oem/openstack/glance_load.sh

@@ -34,6 +34,9 @@ while [[ $# -gt 0 ]]; do
 	amd64|amd64-usr)
 		board="amd64-usr"
 		;;
+	arm64|arm64-usr)
+		board="arm64-usr"
+		;;
 	*)
 		echo "Error: Unknown arg: $1"
 		exit 1

setup_board

@@ -27,6 +27,8 @@ DEFINE_boolean getbinpkg "${FLAGS_TRUE}" \
   "Download binary packages from remote repository."
 DEFINE_string getbinpkgver "" \
   "Use binary packages from a specific version."
+DEFINE_string binhost "" \
+  "Use binary packages from a specific location (e.g. https://storage.googleapis.com/flatcar-jenkins/sdk/amd64/2000.0.0/pkgs)"
 DEFINE_boolean toolchainpkgonly "${FLAGS_FALSE}" \
   "Use binary packages only for the board toolchain."
 DEFINE_integer jobs "${NUM_JOBS}" \
@@ -59,7 +61,7 @@ DEFINE_string variant "" \
   "Board variant."
 
 
-# builds wrappers like equery-amd64-usr.
+# builds wrappers like equery-arm-generic.
 # args:
 #   $1:  command to wrap
 #   rest:  extra arguments to pass to the command
@@ -159,7 +161,7 @@ BOARD_ETC="${BOARD_ROOT}/etc"
 BOARD_ARCH=$(get_board_arch "$BOARD")
 BOARD_CHOST=$(get_board_chost ${BOARD})
 PORTAGE_PROFILE=$(get_board_profile "$BOARD")
-BOARD_BINHOST=$(generate_binhost_list)
+BOARD_BINHOST="$FLAGS_binhost $(generate_binhost_list)"
 
 if [[ ${FLAGS_regen_configs_only} -eq ${FLAGS_TRUE} ]]; then
   FLAGS_regen_configs=${FLAGS_TRUE}
@@ -198,6 +200,9 @@ if [ "${FLAGS_usepkg}" -eq "${FLAGS_TRUE}" ]; then
   else
     UPDATE_ARGS+=" --nogetbinpkg "
   fi
+  if [[ -n "${FLAGS_binhost}" ]]; then
+    UPDATE_ARGS+=" --binhost=${FLAGS_binhost} "
+  fi
 else
   UPDATE_ARGS+=" --nousepkg"
 fi
@@ -318,6 +323,10 @@ if [[ ${FLAGS_regen_configs} -eq ${FLAGS_FALSE} ]]; then
     info "Installing toolchain build dependencies"
     install_cross_libs "${BOARD_CHOST}" ${EMERGE_FLAGS} --buildpkg=n
 
+    info "Building toolchain dependencies"
+    "${EMERGE_WRAPPER}" --buildpkg --buildpkgonly --onlydeps -e \
+        --root="/usr/${BOARD_CHOST}" --sysroot="/usr/${BOARD_CHOST}" \
+        ${EMERGE_TOOLCHAIN_FLAGS} "${TOOLCHAIN_PKGS[@]}"
     info "Building toolchain"
     "${EMERGE_WRAPPER}" --buildpkg --buildpkgonly \
         --root="/usr/${BOARD_CHOST}" --sysroot="/usr/${BOARD_CHOST}" \

signing/transfer.sh

@@ -2,8 +2,9 @@
 
 set -eux
 
-APPID=e96281a6-d1af-4bde-9a0a-97b76e56dc57
-BOARD=amd64-usr
+declare -A APPID
+APPID[amd64-usr]=e96281a6-d1af-4bde-9a0a-97b76e56dc57
+APPID[arm64-usr]=103867da-e3a2-4c92-b0b3-7fbd7f7d8b71
 
 declare -A RELEASE_CHANNEL
 RELEASE_CHANNEL[alpha]=Alpha
@@ -13,9 +14,10 @@ RELEASE_CHANNEL[stable]=Stable
 download() {
     local channel="$1"
     local version="$2"
+    local board="$3"
 
-    local gs="gs://builds.release.core-os.net/${channel}/boards/${BOARD}/${version}"
-    local dir="${BASEDIR}/${BOARD}/${version}"
+    local gs="gs://builds.release.core-os.net/${channel}/boards/${board}/${version}"
+    local dir="${BASEDIR}/${board}/${version}"
     mkdir -p "${dir}"
     pushd "${dir}" >/dev/null
 
@@ -31,7 +33,7 @@ download() {
     local torcx_base="gs://builds.release.core-os.net/embargoed/devfiles/torcx/manifests/${board}/${version}"
     if ! gsutil -q stat "${torcx_base}/torcx_manifest.json"; then
         # Non-embargoed release
-        local torcx_base="gs://builds.developer.core-os.net/torcx/manifests/${board}/${version}"
+        local torcx_base="gs://builds.developer.core-os.net/torcx/manifests/${BOARD}/${version}"
     fi
     gsutil -m cp \
         "${torcx_base}/torcx_manifest.json" \
@@ -49,6 +51,7 @@ download() {
 devsign() {
     local channel="$1"
     local version="$2"
+    local board="$3"
 
     "$(dirname $0)/../core_dev_sign_update" \
         --data_dir "${BASEDIR}" \
@@ -62,17 +65,19 @@ devsign() {
 sign() {
     local channel="$1"
     local version="$2"
+    local board="$3"
 
     "$(dirname $0)/sign.sh" \
-        "${BASEDIR}/${BOARD}/${version}" \
-        "${SIGDIR}/${BOARD}/${version}"
+        "${BASEDIR}/${board}/${version}" \
+        "${SIGDIR}/${board}/${version}"
 }
 
 upload() {
     local channel="$1"
     local version="$2"
+    local board="$3"
 
-    local dir="${BASEDIR}/${BOARD}/${version}"
+    local dir="${BASEDIR}/${board}/${version}"
     local payload="${dir}/flatcar_production_update.gz"
     local torcx_manifest="${dir}/torcx_manifest.json"
     local torcx_manifest_sig="${dir}/torcx_manifest.json.asc"
@@ -87,8 +92,8 @@ upload() {
     "$(dirname $0)/../core_roller_upload" \
         --user="${ROLLER_USERNAME}" \
         --api_key="${ROLLER_API_KEY}" \
-        --app_id="${APPID}" \
-        --board="${BOARD}" \
+        --app_id="${APPID[${board}]}" \
+        --board="${board}" \
         --version="${version}" \
         --payload="${payload}"
 
@@ -96,7 +101,7 @@ upload() {
     gsutil cp \
         "${torcx_manifest}" \
         "${torcx_manifest_sig}" \
-        "gs://coreos-tectonic-torcx/manifests/${BOARD}/${version}/"
+        "gs://coreos-tectonic-torcx/manifests/${board}/${version}/"
 
     # Update version in a canary channel if one is defined.
     local -n canary_channel="ROLLER_CANARY_CHANNEL_${channel^^}"
@@ -106,7 +111,7 @@ upload() {
             --user="${ROLLER_USERNAME}" \
             --key="${ROLLER_API_KEY}" \
             channel update \
-            --app-id="${APPID}" \
+            --app-id="${APPID[${board}]}" \
             --channel="${canary_channel}" \
             --version="${version}"
     fi
@@ -115,16 +120,17 @@ upload() {
 ready() {
     local channel="$1"
     local version="$2"
+    local board="$3"
 
     # setting the percent will deactivate (not delete) any existing rollouts for
     # this specific group.
-    echo "Rollout set to 0%"
+    echo "Rollout set to 0% for ${board}"
     updateservicectl \
         --server="https://public.update.core-os.net" \
         --user="${ROLLER_USERNAME}" \
         --key="${ROLLER_API_KEY}" \
         group percent \
-        --app-id="${APPID}" \
+        --app-id="${APPID[${board}]}" \
         --group-id="${channel}" \
         --update-percent=0
 
@@ -135,7 +141,7 @@ ready() {
         --user="${ROLLER_USERNAME}" \
         --key="${ROLLER_API_KEY}" \
         channel update \
-        --app-id="${APPID}" \
+        --app-id="${APPID[${board}]}" \
         --channel="${RELEASE_CHANNEL[${channel}]}" \
         --publish=true \
         --version="${version}"
@@ -144,26 +150,40 @@ ready() {
 roll() {
     local channel="$1"
     local hours="$2"
+    local board="$3"
 
     local seconds=$((${hours} * 3600))
 
-    # creating a new rollout deletes any existing rollout for this group and
-    # automatically activates the new one.
-    echo "Creating linear rollout that will get to 100% in ${hours}h"
-    updateservicectl \
-        --server="https://public.update.core-os.net" \
-        --user="${ROLLER_USERNAME}" \
-        --key="${ROLLER_API_KEY}" \
-        rollout create linear \
-        --app-id="${APPID}" \
-        --group-id="${channel}" \
-        --duration="${seconds}" \
-        --frame-size="60"
+    # Only ramp rollouts on AMD64; ARM64 is too small
+    if [[ "$board" = "arm64-usr" ]]; then
+        echo "Setting rollout for arm64-usr to 100%"
+        updateservicectl \
+            --server="https://public.update.core-os.net" \
+            --user="${ROLLER_USERNAME}" \
+            --key="${ROLLER_API_KEY}" \
+            group percent \
+            --app-id="${APPID[${board}]}" \
+            --group-id="${channel}" \
+            --update-percent=100
+    else
+        # creating a new rollout deletes any existing rollout for this group and
+        # automatically activates the new one.
+        echo "Creating linear rollout for ${board} that will get to 100% in ${hours}h"
+        updateservicectl \
+            --server="https://public.update.core-os.net" \
+            --user="${ROLLER_USERNAME}" \
+            --key="${ROLLER_API_KEY}" \
+            rollout create linear \
+            --app-id="${APPID[${board}]}" \
+            --group-id="${channel}" \
+            --duration="${seconds}" \
+            --frame-size="60"
+    fi
 }
 
 usage() {
     echo "Usage: $0 {download|upload} <ARTIFACT-DIR> [{-a|-b|-s} <VERSION>]..." >&2
-    echo "Usage: $0 {devsign|sign} <ARTIFACT-DIR> <SIG-DIR> [{-a|-b|-s} <VERSION>]..." >&2
+    echo "Usage: $0 {devsign|sign} <ARTIFACT-DIR> <SIG-DIR> [{-a|-b|-s} <VERSION> <BOARD>]..." >&2
     echo "Usage: $0 ready [{-a|-b|-s} <VERSION>]..." >&2
     echo "Usage: $0 roll [{-a|-b|-s} <HOURS-TO-100-PERCENT>]..." >&2
     exit 1
@@ -226,13 +246,15 @@ while [[ $# > 0 ]]; do
 
     case "${c}" in
     -a)
-        $CMD "alpha" "${v}"
+        $CMD "alpha" "${v}" "amd64-usr"
+        $CMD "alpha" "${v}" "arm64-usr"
         ;;
     -b)
-        $CMD "beta" "${v}"
+        $CMD "beta" "${v}" "amd64-usr"
+        $CMD "beta" "${v}" "arm64-usr"
         ;;
     -s)
-        $CMD "stable" "${v}"
+        $CMD "stable" "${v}" "amd64-usr"
         ;;
     *)
         usage

update_chroot

@@ -27,6 +27,8 @@ DEFINE_boolean skip_toolchain_update "${FLAGS_FALSE}" \
   "Don't update the toolchains."
 DEFINE_string toolchain_boards "" \
   "Extra toolchains to setup for the specified boards."
+DEFINE_string binhost "" \
+  "Use binary packages from a specific location (e.g. https://storage.googleapis.com/flatcar-jenkins/sdk/amd64/2000.0.0/pkgs)"
 
 FLAGS_HELP="usage: $(basename $0) [flags]
 Performs an update of the chroot. This script is called as part of
@@ -57,6 +59,7 @@ PORTAGE_STABLE_OVERLAY="${REPO_ROOT}/src/third_party/portage-stable"
 CROSSDEV_OVERLAY="/usr/local/portage/crossdev"
 COREOS_OVERLAY="${REPO_ROOT}/src/third_party/coreos-overlay"
 COREOS_CONFIG="${COREOS_OVERLAY}/coreos/config"
+PORTAGE_BINHOST="$FLAGS_binhost $(get_sdk_binhost)"
 
 # PORTAGE_USERNAME may already be in the env but set just to be safe.
 : ${PORTAGE_USERNAME:=${USER}}
@@ -83,7 +86,7 @@ PORTDIR_OVERLAY="${CROSSDEV_OVERLAY} ${COREOS_OVERLAY}"
 DISTDIR="${REPO_CACHE_DIR}/distfiles"
 PKGDIR="/var/lib/portage/pkgs"
 PORT_LOGDIR="/var/log/portage"
-PORTAGE_BINHOST="$(get_sdk_binhost)"
+PORTAGE_BINHOST="$PORTAGE_BINHOST"
 PORTAGE_USERNAME="${PORTAGE_USERNAME}"
 MAKEOPTS="--jobs=${NUM_JOBS} --load-average=$((NUM_JOBS * 2))"
 CCACHE_UMASK="002"