From a78c5fb66511044b1e69e5c3fef4b72347376319 Mon Sep 17 00:00:00 2001 From: Michael Marineau Date: Thu, 27 Mar 2014 21:52:40 -0700 Subject: [PATCH 1/3] fix(vm_image_util): Keep most partitions mounted read-only. This ensures that the only partition being modified is OEM. --- build_library/vm_image_util.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/build_library/vm_image_util.sh b/build_library/vm_image_util.sh index 2623ebc044..0f3c66eaa7 100644 --- a/build_library/vm_image_util.sh +++ b/build_library/vm_image_util.sh @@ -227,6 +227,19 @@ setup_disk_image() { if [[ $(_get_vm_opt BOOT_KERNEL) -eq 0 ]]; then sudo mv "${SYSLINUX_DIR}/default.cfg.A" "${SYSLINUX_DIR}/default.cfg" fi + + # The only filesystem after this point that may be modified is OEM + # Note: it would be more logical for disk_util to mount things read-only + # to begin with but I'm having trouble making that work reliably. + # When mounting w/ ro the automatically allocated loop device will + # also be configured as read-only. blockdev --setrw will change that + # but io will start throwing errors so that clearly isn't sufficient. + local mnt + for mnt in $(findmnt -nrR -o target -T "${VM_TMP_ROOT}"); do + if [[ "${mnt}" != */usr/share/oem ]]; then + sudo mount -o remount,ro "${mnt}" + fi + done } # If the current type defines a oem package install it to the given fs image. From e0cfea50fb0f5a3bee09aadd2037be6b11254a44 Mon Sep 17 00:00:00 2001 From: Michael Marineau Date: Thu, 27 Mar 2014 22:17:32 -0700 Subject: [PATCH 2/3] fix(vm_image_util): Require OEM packages to be aware of /usr/share/oem Installing to a temporary directory and then copying over the final contents of /usr/share/oem allows more complicated OEM packages such as python to be configured with --prefix=/usr/share/oem while previously the atypical use of ROOT=/usr/share/oem would have complicated things. --- build_library/vm_image_util.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/build_library/vm_image_util.sh b/build_library/vm_image_util.sh index 0f3c66eaa7..1cae8d12dd 100644 --- a/build_library/vm_image_util.sh +++ b/build_library/vm_image_util.sh @@ -245,15 +245,17 @@ setup_disk_image() { # If the current type defines a oem package install it to the given fs image. install_oem_package() { local oem_pkg=$(_get_vm_opt OEM_PACKAGE) - local oem_mnt="${VM_TMP_ROOT}/usr/share/oem" + local oem_tmp="${VM_TMP_DIR}/oem" if [[ -z "${oem_pkg}" ]]; then return 0 fi info "Installing ${oem_pkg} to OEM partition" - emerge-${BOARD} --root="${oem_mnt}" --root-deps=rdeps "${oem_pkg}" - sudo rm -rf "${oem_mnt}/var" # clean out /var/pkg/db and friends + emerge-${BOARD} --root="${oem_tmp}" \ + --root-deps=rdeps --usepkg --quiet "${oem_pkg}" + sudo rsync -a "${oem_tmp}/usr/share/oem/" "${VM_TMP_ROOT}/usr/share/oem/" + sudo rm -rf "${oem_tmp}" } # Write the vm disk image to the target directory in the proper format From 691c588c756f9333fb82bc7c5aa48ce092e22de9 Mon Sep 17 00:00:00 2001 From: Michael Marineau Date: Thu, 27 Mar 2014 22:37:28 -0700 Subject: [PATCH 3/3] fix(build_packages): Simplify emerge command, use board-packages ebuild. The extra "dependency check" doesn't appear to be all that useful, so don't waste time on it. Remove some unused command line options for selecting which packages to build. Use new board-packages ebuild which currently just includes 'coreos' and 'coreos-dev' but later can include extra things like 'python-oem' which doesn't land in the base image. --- build_packages | 30 +----------------------------- 1 file changed, 1 insertion(+), 29 deletions(-) diff --git a/build_packages b/build_packages index 0f408aedb8..a46177677a 100755 --- a/build_packages +++ b/build_packages @@ -63,12 +63,6 @@ DEFINE_boolean skip_chroot_upgrade "${FLAGS_FALSE}" \ "Don't run the chroot upgrade automatically; use with care." DEFINE_boolean skip_toolchain_update "${FLAGS_FALSE}" \ "Don't update toolchain automatically." -DEFINE_boolean withdev "${FLAGS_TRUE}" \ - "Build useful developer friendly utilities." -DEFINE_boolean withdebug "${FLAGS_TRUE}" \ - "Build debug versions of Chromium-OS-specific packages." -DEFINE_boolean withtest "${FLAGS_TRUE}" \ - "Build packages required for testing." # The --reuse_pkgs_from_local_boards flag tells Portage to share binary # packages between boards that are built locally, so that the total time @@ -186,28 +180,6 @@ if [[ "${FLAGS_showoutput}" -eq "${FLAGS_TRUE}" && \ EMERGE_FLAGS+=( --show-output ) fi -if [[ "${FLAGS_withdebug}" -eq "${FLAGS_FALSE}" ]]; then - export USE="${USE} -cros-debug" -fi - -# Figure out which packages we should be building. -PACKAGES=( "$@" ) -if [[ $# -eq 0 ]]; then - PACKAGES=( coreos-base/coreos ) - if [[ "${FLAGS_withdev}" -eq "${FLAGS_TRUE}" ]]; then - PACKAGES+=( coreos-base/coreos-dev ) - fi -fi - -# Verify that all packages can be emerged from scratch, without any -# backtracking. Only print the output if this step fails. -info "Checking package dependencies are correct: ${PACKAGES[*]}" -if ! OUTPUT=$(emerge-${FLAGS_board} -pe --backtrack=0 \ - "${PACKAGES[@]}" 2>&1); then - printf "%s\n" "${OUTPUT}" - die_notrace "emerge detected broken ebuilds. See error message above." -fi - # Build cros_workon packages when they are changed. CROS_WORKON_PKGS=() if [ "${FLAGS_noworkon}" -eq "${FLAGS_FALSE}" ]; then @@ -223,7 +195,7 @@ if [[ ${#CROS_WORKON_PKGS[@]} -gt 0 ]]; then fi info "Merging board packages now" -sudo -E "${EMERGE_CMD[@]}" "${EMERGE_FLAGS[@]}" "${PACKAGES[@]}" +sudo -E "${EMERGE_CMD[@]}" "${EMERGE_FLAGS[@]}" coreos-devel/board-packages info "Checking build root" test_image_content "${BOARD_ROOT}"