torcx: remove from scripts, use docker+containerd sysexts

This change removes torcx libraries, references, and commandline options
from build automation scripts and from build_library/.

Containerd and docker are shipped via sysexts which are included in the
base image.

Signed-off-by: Thilo Fromm <thilofromm@microsoft.com>

build_image

@@ -33,10 +33,6 @@ DEFINE_string base_pkg "coreos-base/coreos" \
   "The base portage package to base the build off of (only applies to prod images)"
 DEFINE_string base_dev_pkg "coreos-base/coreos-dev" \
   "The base portage package to base the build off of (only applies to dev containers)"
-DEFINE_string torcx_manifest "${DEFAULT_BUILD_ROOT}/torcx/${DEFAULT_BOARD}/latest/torcx_manifest.json" \
-  "The torcx manifest describing torcx packages for this image (or blank for none)"
-DEFINE_string torcx_root "${DEFAULT_BUILD_ROOT}/torcx" \
-  "Directory in which torcx packages can be found. Will update the default --torcx_manifest if set."
 DEFINE_string output_root "${DEFAULT_BUILD_ROOT}/images" \
   "Directory in which to place image result directories (named by version)"
 DEFINE_string disk_layout "" \
@@ -91,11 +87,6 @@ switch_to_strict_mode
 
 check_gsutil_opts
 
-# Patch around default values not being able to depend on other flags.
-if [ "x${FLAGS_torcx_manifest}" = "x${DEFAULT_BUILD_ROOT}/torcx/${DEFAULT_BOARD}/latest/torcx_manifest.json" ]; then
-  FLAGS_torcx_manifest="${FLAGS_torcx_root}/${FLAGS_board}/latest/torcx_manifest.json"
-fi
-
 # If downloading packages is enabled ensure the board is configured properly.
 if [[ ${FLAGS_getbinpkg} -eq ${FLAGS_TRUE} ]]; then
   "${SRC_ROOT}/scripts/setup_board" --board="${FLAGS_board}" \
@@ -110,7 +101,6 @@ fi
 . "${BUILD_LIBRARY_DIR}/prod_image_util.sh" || exit 1
 . "${BUILD_LIBRARY_DIR}/dev_container_util.sh" || exit 1
 . "${BUILD_LIBRARY_DIR}/test_image_content.sh" || exit 1
-. "${BUILD_LIBRARY_DIR}/torcx_manifest.sh" || exit 1
 . "${BUILD_LIBRARY_DIR}/vm_image_util.sh" || exit 1
 
 PROD_IMAGE=0

build_library/build_image_util.sh

@@ -272,8 +272,7 @@ function package_run_dependencies() (
 )
 
 
-# List packages implicitly contained in rootfs, such as in torcx packages or
-# initramfs.
+# List packages implicitly contained in rootfs, such as in initramfs.
 image_packages_implicit() {
     local profile="${BUILD_DIR}/configroot/etc/portage/profile"
 
@@ -303,12 +302,6 @@ image_packages_implicit() {
         done < "${profile}/package.provided"
     fi
 
-    # Include source packages of all torcx images installed on disk.
-    [ -z "${FLAGS_torcx_manifest}" ] ||
-    torcx_manifest::sources_on_disk "${FLAGS_torcx_manifest}" |
-    while read pkg ; do query_available_package "${pkg}" ; done
-
-
     # Include source packages of all sysext images installed on disk.
     for docker_containerd_package in $(package_run_dependencies docker) $(package_run_dependencies containerd); do
      query_available_package "${docker_containerd_package}" ;
@@ -535,8 +528,6 @@ EOF
 # Add /usr/share/SLSA reports for packages indirectly contained within the rootfs
 # If the package is available in BOARD_ROOT accesses it from there, otherwise
 # needs to download binpkg.
-# Reports for torcx packages are also included when adding the torcx package to
-# rootfs.
 insert_extra_slsa() {
   info "Inserting additional SLSA file"
   local rootfs="$1"
@@ -644,18 +635,33 @@ finish_image() {
   local install_grub=0
   local disk_img="${BUILD_DIR}/${image_name}"
 
-  # Ship the docker systemd-sysext image and rip out torcx in same go; TODO: create seperate sysext images for containerd and docker
-  mkdir -p "${PORTAGE_CONFIGROOT}"/etc/portage/profile
-  query_available_package containerd | sudo_clobber ${PORTAGE_CONFIGROOT}/etc/portage/profile/package.provided # use a temporary package.provided to make emerge believe the dependencies are already installed
-  sudo "${SCRIPTS_DIR}/build_sysext" --board="${BOARD}" --image_builddir=${BUILD_DIR} --squashfs_base="${BUILD_DIR}/${image_sysext_base}" --manglefs_script="${SCRIPTS_DIR}/manglefs_docker" docker-flatcar app-containers/docker
-  sudo install -m 0644 -D "${BUILD_DIR}/docker-flatcar.raw" "${root_fs_dir}"/usr/share/flatcar/
-  sudo mkdir -p "${root_fs_dir}"/etc/extensions/
-  sudo ln -sf /usr/share/flatcar/docker-flatcar.raw "${root_fs_dir}"/etc/extensions/docker-flatcar.raw
-  sudo rm ${PORTAGE_CONFIGROOT}/etc/portage/profile/package.provided
+  info "Creating containerd and docker sysexts."
 
-  sudo "${SCRIPTS_DIR}/build_sysext" --board="${BOARD}" --image_builddir=${BUILD_DIR} --squashfs_base="${BUILD_DIR}/${image_sysext_base}" --manglefs_script="${SCRIPTS_DIR}/manglefs_containerd" containerd-flatcar app-containers/containerd
-  sudo install -m 0644 -D "${BUILD_DIR}/containerd-flatcar.raw" "${root_fs_dir}"/usr/share/flatcar/
-  sudo ln -sf /usr/share/flatcar/containerd-flatcar.raw "${root_fs_dir}"/etc/extensions/containerd-flatcar.raw
+  sudo "${SCRIPTS_DIR}/build_sysext" \
+            --board="${BOARD}" \
+            --image_builddir="${BUILD_DIR}" \
+            --squashfs_base="${BUILD_DIR}/${image_sysext_base}" \
+            --manglefs_script="${SCRIPTS_DIR}/manglefs_containerd" \
+            --generate_pkginfo \
+            containerd app-containers/containerd
+
+  sudo "${SCRIPTS_DIR}/build_sysext" \
+            --board="${BOARD}" \
+            --image_builddir=${BUILD_DIR} \
+            --squashfs_base="${BUILD_DIR}/${image_sysext_base}" \
+            --manglefs_script="${SCRIPTS_DIR}/manglefs_docker" \
+            --base_pkginfo="${BUILD_DIR}/containerd_pkginfo.raw" \
+         docker app-containers/docker
+
+  sudo mkdir -p "${root_fs_dir}"/usr/share/flatcar/sysext
+  sudo install -m 0644 -D "${BUILD_DIR}/containerd.raw" "${root_fs_dir}"/usr/share/flatcar/sysext/
+  sudo install -m 0644 -D "${BUILD_DIR}/docker.raw" "${root_fs_dir}"/usr/share/flatcar/sysext/
+
+  # Install symlinks into /etc/extensions - this will be picked up by the logic to populate
+  # /usr/share/flatcar/etc below, so it will end up below /usr in the final image.
+  sudo mkdir -p "${root_fs_dir}"/etc/extensions/
+  sudo ln -sf /usr/share/flatcar/sysext/containerd.raw "${root_fs_dir}"/etc/extensions/containerd.raw
+  sudo ln -sf /usr/share/flatcar/sysext/docker.raw "${root_fs_dir}"/etc/extensions/docker.raw
 
   # Only enable rootfs verification on prod builds.
   local disable_read_write="${FLAGS_FALSE}"

build_library/release_util.sh

@@ -5,7 +5,6 @@
 GSUTIL_OPTS=
 UPLOAD_ROOT=
 UPLOAD_PATH=
-TORCX_UPLOAD_ROOT=
 UPLOAD_DEFAULT=${FLAGS_FALSE}
 DEFAULT_IMAGE_COMPRESSION_FORMAT="bz2"
 
@@ -13,7 +12,6 @@ DEFAULT_IMAGE_COMPRESSION_FORMAT="bz2"
 _user="${USER}"
 [[ ${USER} == "root" ]] && _user="${SUDO_USER}"
 : ${FLATCAR_UPLOAD_ROOT:=gs://users.developer.core-os.net/${_user}}
-: ${FLATCAR_TORCX_UPLOAD_ROOT:=${FLATCAR_UPLOAD_ROOT}/torcx}
 unset _user
 
 DEFINE_boolean parallel ${FLAGS_TRUE} \
@@ -30,12 +28,6 @@ DEFINE_string download_root "" \
   "HTTP download prefix, board/version/etc will be appended."
 DEFINE_string download_path "" \
   "HTTP download path, overrides --download_root."
-DEFINE_string torcx_upload_root "${FLATCAR_TORCX_UPLOAD_ROOT}" \
-  "Tectonic torcx package and manifest Upload prefix. Must be a gs:// URL."
-DEFINE_string tectonic_torcx_download_root "" \
-  "HTTP download prefix for tectonic torcx packages and manifests."
-DEFINE_string tectonic_torcx_download_path "" \
-  "HTTP download path, overrides --tectonic_torcx_download_root."
 DEFINE_string sign "" \
   "Sign all files to be uploaded with the given GPG key."
 DEFINE_string sign_digests "" \
@@ -164,15 +156,6 @@ check_gsutil_opts() {
         UPLOAD_ROOT="${FLAGS_upload_root%%/}"
     fi
 
-    if [[ -n "${FLAGS_torcx_upload_root}" ]]; then
-        if [[ "${FLAGS_torcx_upload_root}" != gs://* ]] \
-           && [[ "${FLAGS_torcx_upload_root}" != rsync://* ]] ; then
-            die_notrace "--torcx_upload_root must be a gs:// or rsync:// URL"
-        fi
-        # Make sure the path doesn't end with a slash
-        TORCX_UPLOAD_ROOT="${FLAGS_torcx_upload_root%%/}"
-    fi
-
     if [[ -n "${FLAGS_upload_path}" ]]; then
         if [[ "${FLAGS_upload_path}" != gs://* ]] \
            && [[ "${FLAGS_upload_path}" != rsync://* ]] ; then
@@ -373,29 +356,3 @@ download_image_url() {
 
     echo "${download_path}/$1"
 }
-
-# Translate the configured torcx upload URL to a download url
-# This is similar to the download_image_url, other than assuming the release
-# bucket is the tectonic_torcx one.
-download_tectonic_torcx_url() {
-    if [[ ${FLAGS_upload} -ne ${FLAGS_TRUE} ]]; then
-        echo "$1"
-        return 0
-    fi
-
-    local download_root="${FLAGS_tectonic_torcx_download_root:-${TORCX_UPLOAD_ROOT}}"
-
-    local download_path
-    if [[ -n "${FLAGS_tectonic_torcx_download_path}" ]]; then
-        download_path="${FLAGS_tectonic_torcx_download_path%%/}"
-    else
-        download_path="${download_root%%/}"
-    fi
-
-    # Just in case download_root was set from UPLOAD_ROOT
-    if [[ "${download_path}" == gs://* ]]; then
-        download_path="http://${download_path#gs://}"
-    fi
-
-    echo "${download_path}/$1"
-}

build_library/torcx_manifest.sh

@@ -1,150 +0,0 @@
-# Copyright (c) 2017 The Container Linux by CoreOS Authors. All rights
-# reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-
-# torcx_manifest.sh contains helper functions for creating, editing, and
-# reading torcx manifest files.
-
-# create_empty creates an empty torcx manfiest at the given path.
-function torcx_manifest::create_empty() {
-  local path="${1}"
-  jq '.' > "${path}" <<EOF
-{
-  "kind": "torcx-package-list-v0",
-  "value": {
-    "packages": []
-  }
-}
-EOF
-}
-
-# add_pkg adds a new version of a package to the torcx manifest specified by
-# path.
-# That manifest will be edited to include this version, with the associated
-# package of the given name being created as well if necessary.
-function torcx_manifest::add_pkg() {
-  path="${1}"; shift
-  name="${1}"; shift
-  version="${1}"; shift
-  pkg_hash="${1}"; shift
-  cas_digest="${1}"; shift
-  source_package="${1}"; shift
-  meta_package="${1}"; shift
-  update_default="${1}"; shift
-
-  local manifest=$(cat "${path}")
-  local pkg_version_obj=$(jq '.' <<EOF
-{
-  "version": "${version}",
-  "hash": "${pkg_hash}",
-  "casDigest": "${cas_digest}",
-  "sourcePackage": "${source_package}",
-  "metaPackage": "${meta_package}",
-  "locations": []
-}
-EOF
-)
-
-  for location in "${@}"; do
-    if [[ "${location}" == /* ]]; then
-      # filepath
-      pkg_version_obj=$(jq ".locations |= . + [{\"path\": \"${location}\"}]" <(echo "${pkg_version_obj}"))
-    else
-      # url
-      pkg_version_obj=$(jq ".locations |= . + [{\"url\": \"${location}\"}]" <(echo "${pkg_version_obj}"))
-    fi
-  done
-
-
-  local existing_pkg="$(echo "${manifest}" | jq ".value.packages[] | select(.name == \"${name}\")")"
-
-  # If there isn't yet a package in the manifest for $name, initialize it to an empty one.
-  if [[ "${existing_pkg}" == "" ]]; then
-    pkg_json=$(cat <<EOF
-    {
-      "name": "${name}",
-      "versions": []
-    }
-EOF
-)
-    manifest="$(echo "${manifest}" | jq ".value.packages |= . + [${pkg_json}]")"
-  fi
-
-  if [[ "${update_default}" == "true" ]]; then
-    manifest="$(echo "${manifest}" | jq "(.value.packages[] | select(.name = \"${name}\") | .defaultVersion) |= \"${version}\"")"
-  fi
-
-  # append this specific package version to the manifest
-  manifest="$(echo "${manifest}" | jq "(.value.packages[] | select(.name = \"${name}\") | .versions) |= . + [${pkg_version_obj}]")"
-
-  echo "${manifest}" | jq '.' > "${path}"
-}
-
-# get_pkg_names returns the list of packages in a given manifest. Each package
-# may have one or more versions associated with it.
-#
-# Example:
-#     pkg_name_arr=($(torcx_manifest::get_pkg_names "torcx_manifest.json"))
-function torcx_manifest::get_pkg_names() {
-  local file="${1}"
-  jq -r '.value.packages[].name' < "${file}"
-}
-
-# local_store_path returns the in-container-linux store path a given package +
-# version combination should exist at. It returns the empty string if the
-# package shouldn't exist on disk.
-function torcx_manifest::local_store_path() {
-  local file="${1}"
-  local name="${2}"
-  local version="${3}"
-  jq -r ".value.packages[] | select(.name == \"${name}\") | .versions[] | select(.version == \"${version}\") | .locations[] | select(.path).path" < "${file}"
-}
-
-# get_digest returns the cas digest for a given package version
-function torcx_manifest::get_digest() {
-  local file="${1}"
-  local name="${2}"
-  local version="${3}"
-  jq -r ".value.packages[] | select(.name == \"${name}\") | .versions[] | select(.version == \"${version}\") | .casDigest" < "${file}"
-}
-
-# get_digests returns the list of digests for a given package. 
-function torcx_manifest::get_digests() {
-  local file="${1}"
-  local name="${2}"
-  jq -r ".value.packages[] | select(.name == \"${name}\").versions[].casDigest" < "${file}"
-}
-
-# get_versions returns the list of versions for a given package. 
-function torcx_manifest::get_versions() {
-  local file="${1}"
-  local name="${2}"
-  jq -r ".value.packages[] | select(.name == \"${name}\").versions[].version" < "${file}"
-}
-
-# default_version returns the default version for a given package, or an empty string if there isn't one.
-function torcx_manifest::default_version() {
-  local file="${1}"
-  local name="${2}"
-  jq -r ".value.packages[] | select(.name == \"${name}\").defaultVersion" < "${file}"
-}
-
-# sources_on_disk returns the list of source packages of all torcx images installed on disk
-function torcx_manifest::sources_on_disk() {
-  local file="${1}"
-  local torcx_pkg=""
-  jq -r ".value.packages[].versions[] | select(.locations[].path).metaPackage" < "${file}" |
-  while read torcx_pkg; do
-    torcx_dependencies "${torcx_pkg}" | tr ' ' '\n'
-  done
-}
-
-# Print the first level of runtime dependencies for a torcx meta-package.
-function torcx_dependencies() (
-  pkg=${1:?}
-  ebuild=$(equery-${BOARD} w "${pkg}")
-  function inherit() { : ; }
-  . "${ebuild}"
-  echo ${RDEPEND}
-)

build_packages

@@ -36,12 +36,6 @@ DEFINE_boolean skip_toolchain_update "${FLAGS_FALSE}" \
   "Don't update toolchain automatically."
 DEFINE_boolean skip_chroot_upgrade "${FLAGS_FALSE}" \
   "Don't run the chroot upgrade automatically; use with care."
-DEFINE_string torcx_output_root "${DEFAULT_BUILD_ROOT}/torcx" \
-  "Directory in which to place torcx stores and manifests (named by board/version)"
-DEFINE_boolean skip_torcx_store "${FLAGS_FALSE}" \
-  "Don't build a new torcx store from the updated sysroot."
-DEFINE_string torcx_extra_pkg_url "" \
-  "URL to directory where the torcx packages will be available for downloading"
 
 # include upload options
 . "${BUILD_LIBRARY_DIR}/release_util.sh" || exit 1
@@ -329,13 +323,5 @@ test_image_content "${BOARD_ROOT}"
 # upload packages if enabled
 upload_packages
 
-# Build a new torcx store with the updated packages, passing flags through.
-if [ "${FLAGS_skip_torcx_store}" -eq "${FLAGS_FALSE}" ]; then
-  "${SCRIPTS_DIR}"/build_torcx_store \
-                  --board="${BOARD}" \
-                  --output_root="${FLAGS_torcx_output_root}" \
-                  --extra_pkg_url="${FLAGS_torcx_extra_pkg_url}"
-fi
-
 info "Builds complete"
 command_completed

build_torcx_store

@@ -1,287 +0,0 @@
-#!/bin/bash
-
-# Copyright (c) 2017 The CoreOS Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-
-. "$(dirname "$0")/common.sh" || exit 1
-
-# Script must run inside the chroot
-assert_inside_chroot
-
-assert_not_root_user
-
-# Developer-visible flags.
-DEFINE_string board "${DEFAULT_BOARD}" \
-  "The board to build packages for."
-DEFINE_string output_root "${DEFAULT_BUILD_ROOT}/torcx" \
-  "Directory in which to place torcx stores and manifests (named by board/version)"
-DEFINE_string extra_pkg_url "" \
-  "URL to directory where the torcx packages will be available for downloading"
-
-# include upload options
-. "${BUILD_LIBRARY_DIR}/release_util.sh" || exit 1
-
-FLAGS_HELP="usage: $(basename $0) [flags] [images]
-
-This script builds a collection of torcx images to be installed into a torcx
-store.  By default, all supported images are built, but a list of images can be
-given as command arguments.  Note that their order matters, since the version
-specified last will get the default reference symlink.
-"
-show_help_if_requested "$@"
-
-# The following options are advanced options, only available to those willing
-# to read the source code. They are not shown in help output, since they are
-# not needed for the typical developer workflow.
-DEFINE_integer build_attempt 1 \
-  "The build attempt for this image build."
-DEFINE_string group developer \
-  "The update group."
-DEFINE_string version '' \
-  "Overrides version number in name to this version."
-
-# Parse command line
-FLAGS "$@" || exit 1
-eval set -- "${FLAGS_ARGV}"
-
-# Only now can we die on error.  shflags functions leak non-zero error codes,
-# so will die prematurely if 'switch_to_strict_mode' is specified before now.
-switch_to_strict_mode
-
-# Initialize upload options
-check_gsutil_opts
-
-# Define BUILD_DIR and set_build_symlinks.
-. "${BUILD_LIBRARY_DIR}/toolchain_util.sh" || exit 1
-. "${BUILD_LIBRARY_DIR}/board_options.sh" || exit 1
-. "${BUILD_LIBRARY_DIR}/build_image_util.sh" || exit 1
-. "${BUILD_LIBRARY_DIR}/torcx_manifest.sh" || exit 1
-
-TORCX_CAS_ROOT="${FLAGS_output_root}/pkgs/${BOARD}"
-
-# Build and install a package configured as part of a torcx image.
-function torcx_build() (
-        tmproot=${1:?}
-        shift
-        pkgs=( "${@}" )
-
-        export LDFLAGS=-Wl,-rpath,/ORIGIN/../lib
-        export PKGDIR="${tmproot}/var/lib/portage/pkgs"
-
-        # Allow the meta-package to install bashrc to customize the builds.
-        [ -s "${tmproot}/etc/portage/bashrc" ] &&
-        . "${tmproot}/etc/portage/bashrc"
-
-        # Build binary packages using dev files in the board root.
-        emerge-${BOARD} \
-            --jobs="${NUM_JOBS}" \
-            --buildpkg \
-            --buildpkgonly \
-            --nodeps \
-            --oneshot \
-            --verbose \
-            --root-deps=rdeps \
-            "${pkgs[@]}"
-
-        # Install the binary packages in the temporary torcx image root.
-        emerge-${BOARD} \
-            --jobs="${NUM_JOBS}" \
-            --nodeps \
-            --oneshot \
-            --verbose \
-            --root="${tmproot}" \
-            --root-deps=rdeps \
-            --sysroot="${tmproot}" \
-            --usepkgonly \
-            "${pkgs[@]}"
-)
-
-# Create a torcx image from the given meta-package.
-function torcx_package() {
-        local pkg="app-torcx/${1##*/}"
-        local name=${pkg%-[0-9]*}
-        local version=${pkg:${#name}+1}
-        local manifest_path="${2}"
-        local type="${3}"
-        local extra_pkg_url="${4}"
-        local deppkg digest file rpath sha512sum source_pkg rdepends tmproot tmppkgroot update_default tmpfile
-        local pkg_cas_file pkg_cas_root
-        local pkg_locations=()
-        local name=${name##*/}
-        local version=${version%%-r*}
-
-        # Run in a subshell to clean tmproot and tmppkgroot up without
-        # clobbering this shell's EXIT trap.
-        (
-        # Set up the base package layout to dump everything into /bin and /lib.
-        # tmproot is what the packages are installed into.
-        # A subset of the files from tmproot are then moved into tmppkgroot,
-        # which is then archived and uploaded.
-        tmproot=$(sudo mktemp --tmpdir="${BUILD_DIR}" -d)
-        tmppkgroot=$(sudo mktemp --tmpdir="${BUILD_DIR}" -d)
-        trap "sudo rm -rf '${tmproot}' '${tmppkgroot}'" EXIT
-        sudo chmod 0755 "${tmproot}" "${tmppkgroot}"
-        sudo mkdir -p "${tmproot}"/{.torcx,bin,lib,usr}
-        sudo ln -fns ../bin "${tmproot}/usr/bin"
-        sudo ln -fns ../lib "${tmproot}/usr/lib"
-        sudo ln -fns lib "${tmproot}/usr/lib64"
-        sudo ln -fns bin "${tmproot}/usr/sbin"
-        sudo ln -fns lib "${tmproot}/lib64"
-        sudo ln -fns bin "${tmproot}/sbin"
-
-        # Install the meta-package and its direct dependencies.
-        torcx_build "${tmproot}" "=${pkg}" $(torcx_dependencies "${pkg}")
-
-        # by convention, the first dependency in a torcx package is the primary
-        # source package
-        rdepends=($(torcx_dependencies "${pkg}"))
-        source_pkg="${rdepends[0]#=}"
-
-        # Pluck out shared libraries and SONAME links.
-        sudo mv "${tmproot}"/{lib,tmplib}
-        sudo rm -fr "${tmproot}/tmplib/debug"
-        sudo find "${tmproot}/tmplib" -name 'lib*.so' -type l -delete
-        sudo mkdir -p "${tmproot}/lib"
-        sudo find "${tmproot}/tmplib" -name 'lib*.so*' \
-            -exec mv -t "${tmproot}/lib/" {} +
-
-        # Rewrite any units for transparent activation from the torcx root.
-        if [ -e "${tmproot}/tmplib/systemd/system" ]
-        then
-                sudo mkdir -p "${tmproot}/lib/systemd"
-                sudo mv "${tmproot}/tmplib/systemd/system" \
-                    "${tmproot}/lib/systemd/"
-                sudo find "${tmproot}/lib/systemd/system" -type f -exec sed -i \
-                    -e '/^\[Unit]/aRequires=torcx.target\nAfter=torcx.target' \
-                    -e '/^\[Service]/aEnvironmentFile=/run/metadata/torcx' \
-                    -e "/^\[Service]/aEnvironment=TORCX_IMAGEDIR=/${name}" \
-                    -e 's,/usr/s\?bin/,${TORCX_BINDIR}/,g' \
-                    -e 's,^\([^ ]*=\)\(.{TORCX_BINDIR}\)/,\1/usr/bin/env PATH=\2:${PATH} \2/,' {} +
-        fi
-
-        # Network configuration can be installed unmodified.
-        if [ -e "${tmproot}/tmplib/systemd/network" ]
-        then
-                sudo mkdir -p "${tmproot}/lib/systemd"
-                sudo mv "${tmproot}/tmplib/systemd/network" \
-                    "${tmproot}/lib/systemd/"
-        fi
-
-        # Rewrite RPATHs to use the real $ORIGIN value.
-        find -H "${tmproot}"/{bin,lib} -type f |
-        while read file
-        do
-                (
-                rpath=$(sudo patchelf --print-rpath "${file}" 2>/dev/null) &&
-                test "${rpath#/ORIGIN/}" != "${rpath}" &&
-                sudo patchelf --set-rpath "${rpath/#?/\$}" "${file}"
-                ) || :  # Set $? to 0 or the pipeline fails and -e quits.
-        done
-
-        # Move anything we plan to package to its root.
-        sudo mv "${tmproot}"/{.torcx,bin,lib} "${tmppkgroot}"
-        if [ -e "${tmproot}/usr/share" ]
-        then
-                sudo mkdir "${tmppkgroot}/usr"
-                sudo mv "${tmproot}/usr/share" "${tmppkgroot}/usr/"
-        fi
-
-        tmpfile="${BUILD_DIR}/${name}:${version}.torcx.tgz"
-        tar --force-local --selinux --xattrs -C "${tmppkgroot}" -czf "${tmpfile}" .
-        sha512sum=$(sha512sum "${tmpfile}" | awk '{print $1}')
-
-        # TODO(euank): this opaque digest, if it were reproducible, could save
-        # users from having to download things that haven't changed.
-        # For now, use the sha512sum of the final image.
-        # Ideally we should move to something more like a casync digest or tarsum.
-        # The reason this is currently not being done is because to do that we
-        # *MUST* ensure that a given pair of (digest, sha512sum) referenced in
-        # a previous torcx package remains correct.
-        # Because this code, as written, clobbers existing things with the same
-        # digest (but the sha512sum of the .torcx.tgz can differ, e.g. due to ctime)
-        # that property doesn't hold.
-        # To switch this back to a reprodicble digest, we *must* never clobber
-        # existing objects (and thus re-use their sha512sum here).
-        digest="${sha512sum}"
-
-        pkg_cas_root="${TORCX_CAS_ROOT}/${name}/${digest}"
-        pkg_cas_file="${pkg_cas_root}/${name}:${version}.torcx.tgz"
-        mkdir -p "${pkg_cas_root}"
-        mv "${tmpfile}" "${pkg_cas_file}"
-
-        update_default=false
-        if [[ "${type}" == "default" ]]; then
-                update_default=true
-                pkg_locations+=("/usr/share/torcx/store/${name}:${version}.torcx.tgz")
-        fi
-        if [[ "${FLAGS_upload}" -eq ${FLAGS_TRUE} ]]; then
-                pkg_locations+=("$(download_tectonic_torcx_url "pkgs/${BOARD}/${name}/${digest}/${name}:${version}.torcx.tgz")")
-        fi
-        if [[ -n "${extra_pkg_url}" ]]; then
-            pkg_locations+=("${extra_pkg_url}/${name}:${version}.torcx.tgz")
-        fi
-        torcx_manifest::add_pkg "${manifest_path}" \
-            "${name}" \
-            "${version}" \
-            "sha512-${sha512sum}" \
-            "${digest}" \
-            "${source_pkg}" \
-            "${pkg}" \
-            "${update_default}" \
-            "${pkg_locations[@]}"
-        )
-}
-
-# This list defines every torcx image that goes into the vendor store for the
-# current branch's release version.  Note that the default reference symlink
-# for each package will point at the last version specified.  This can handle
-# swapping default package versions for different OS releases by reordering.
-DEFAULT_IMAGES=(
-        =app-torcx/docker-20.10
-)
-
-# This list contains extra images which will be uploaded and included in the
-# generated manifest, but won't be included in the vendor store.
-EXTRA_IMAGES=(
-)
-
-mkdir -p "${BUILD_DIR}"
-manifest_path="${BUILD_DIR}/torcx_manifest.json"
-torcx_manifest::create_empty "${manifest_path}"
-for pkg in "${@:-${DEFAULT_IMAGES[@]}}"; do
-        torcx_package "${pkg#=}" "${manifest_path}" "default" "${FLAGS_extra_pkg_url}"
-done
-for pkg in "${EXTRA_IMAGES[@]}"; do
-        torcx_package "${pkg#=}" "${manifest_path}" "extra" "${FLAGS_extra_pkg_url}"
-done
-
-set_build_symlinks latest "${FLAGS_group}-latest"
-
-# Upload the pkgs referenced by this manifest
-for pkg in $(torcx_manifest::get_pkg_names "${manifest_path}"); do
-        for digest in $(torcx_manifest::get_digests "${manifest_path}" "${pkg}"); do
-            # no need to sign; the manifest includes their shasum and is signed.
-            upload_files \
-                'torcx pkg' \
-                "${TORCX_UPLOAD_ROOT}/pkgs/${BOARD}/${pkg}/${digest}" \
-                "" \
-                "${TORCX_CAS_ROOT}/${pkg}/${digest}"/*.torcx.tgz
-      done
-done
-
-# Upload the manifest
-# Note: the manifest is uploaded to 'UPLOAD_ROOT' rather than
-# 'TORCX_UPLOAD_ROOT'.
-# For non-release builds, those two locations will be the same, so it usually
-# won't matter.
-# However, for release builds, torcx packages may be uploaded directly to their
-# final location, while the manifest still has to go through build bucket in
-# order to get signed.
-sign_and_upload_files \
-    'torcx manifest' \
-    "${UPLOAD_ROOT}/torcx/manifests/${BOARD}/${FLATCAR_VERSION}" \
-    "" \
-    "${manifest_path}"
-
-# vim: tabstop=8 softtabstop=4 shiftwidth=8 expandtab

core_dev_sign_update

@@ -69,18 +69,3 @@ else
 		--armor --detach-sign "${data_dir}/update.hash"
 fi
 echo "=== Update payload signed successfully. ==="
-
-echo "===     Verifying torcx manifest...     ==="
-gpg2 --verify "${data_dir}/torcx_manifest.json.sig"
-echo "===      Signing torcx manifest...      ==="
-if [[ -z "${FLAGS_gpg_key}" ]]; then
-	gpg2 \
-		--output "${output_dir}/torcx_manifest.json.sig.$(whoami)" \
-		--detach-sign --armor "${data_dir}/torcx_manifest.json"
-else
-	gpg2 \
-		--local-user "$FLAGS_gpg_key" \
-		--output "${output_dir}/torcx_manifest.json.sig.$(whoami)" \
-		--detach-sign --armor "${data_dir}/torcx_manifest.json"
-fi
-echo "=== Torcx manifest signed successfully. ==="