diff --git a/build_image b/build_image index 6a2377d69f..c7bef33f10 100755 --- a/build_image +++ b/build_image @@ -33,10 +33,6 @@ DEFINE_string base_pkg "coreos-base/coreos" \ "The base portage package to base the build off of (only applies to prod images)" DEFINE_string base_dev_pkg "coreos-base/coreos-dev" \ "The base portage package to base the build off of (only applies to dev containers)" -DEFINE_string torcx_manifest "${DEFAULT_BUILD_ROOT}/torcx/${DEFAULT_BOARD}/latest/torcx_manifest.json" \ - "The torcx manifest describing torcx packages for this image (or blank for none)" -DEFINE_string torcx_root "${DEFAULT_BUILD_ROOT}/torcx" \ - "Directory in which torcx packages can be found. Will update the default --torcx_manifest if set." DEFINE_string output_root "${DEFAULT_BUILD_ROOT}/images" \ "Directory in which to place image result directories (named by version)" DEFINE_string disk_layout "" \ @@ -91,11 +87,6 @@ switch_to_strict_mode check_gsutil_opts -# Patch around default values not being able to depend on other flags. -if [ "x${FLAGS_torcx_manifest}" = "x${DEFAULT_BUILD_ROOT}/torcx/${DEFAULT_BOARD}/latest/torcx_manifest.json" ]; then - FLAGS_torcx_manifest="${FLAGS_torcx_root}/${FLAGS_board}/latest/torcx_manifest.json" -fi - # If downloading packages is enabled ensure the board is configured properly. if [[ ${FLAGS_getbinpkg} -eq ${FLAGS_TRUE} ]]; then "${SRC_ROOT}/scripts/setup_board" --board="${FLAGS_board}" \ @@ -110,7 +101,6 @@ fi . "${BUILD_LIBRARY_DIR}/prod_image_util.sh" || exit 1 . "${BUILD_LIBRARY_DIR}/dev_container_util.sh" || exit 1 . "${BUILD_LIBRARY_DIR}/test_image_content.sh" || exit 1 -. "${BUILD_LIBRARY_DIR}/torcx_manifest.sh" || exit 1 . "${BUILD_LIBRARY_DIR}/vm_image_util.sh" || exit 1 PROD_IMAGE=0 diff --git a/build_library/build_image_util.sh b/build_library/build_image_util.sh index 8a97889023..f2ba149a64 100755 --- a/build_library/build_image_util.sh +++ b/build_library/build_image_util.sh @@ -272,8 +272,7 @@ function package_run_dependencies() ( ) -# List packages implicitly contained in rootfs, such as in torcx packages or -# initramfs. +# List packages implicitly contained in rootfs, such as in initramfs. image_packages_implicit() { local profile="${BUILD_DIR}/configroot/etc/portage/profile" @@ -303,12 +302,6 @@ image_packages_implicit() { done < "${profile}/package.provided" fi - # Include source packages of all torcx images installed on disk. - [ -z "${FLAGS_torcx_manifest}" ] || - torcx_manifest::sources_on_disk "${FLAGS_torcx_manifest}" | - while read pkg ; do query_available_package "${pkg}" ; done - - # Include source packages of all sysext images installed on disk. for docker_containerd_package in $(package_run_dependencies docker) $(package_run_dependencies containerd); do query_available_package "${docker_containerd_package}" ; @@ -535,8 +528,6 @@ EOF # Add /usr/share/SLSA reports for packages indirectly contained within the rootfs # If the package is available in BOARD_ROOT accesses it from there, otherwise # needs to download binpkg. -# Reports for torcx packages are also included when adding the torcx package to -# rootfs. insert_extra_slsa() { info "Inserting additional SLSA file" local rootfs="$1" @@ -644,18 +635,33 @@ finish_image() { local install_grub=0 local disk_img="${BUILD_DIR}/${image_name}" - # Ship the docker systemd-sysext image and rip out torcx in same go; TODO: create seperate sysext images for containerd and docker - mkdir -p "${PORTAGE_CONFIGROOT}"/etc/portage/profile - query_available_package containerd | sudo_clobber ${PORTAGE_CONFIGROOT}/etc/portage/profile/package.provided # use a temporary package.provided to make emerge believe the dependencies are already installed - sudo "${SCRIPTS_DIR}/build_sysext" --board="${BOARD}" --image_builddir=${BUILD_DIR} --squashfs_base="${BUILD_DIR}/${image_sysext_base}" --manglefs_script="${SCRIPTS_DIR}/manglefs_docker" docker-flatcar app-containers/docker - sudo install -m 0644 -D "${BUILD_DIR}/docker-flatcar.raw" "${root_fs_dir}"/usr/share/flatcar/ - sudo mkdir -p "${root_fs_dir}"/etc/extensions/ - sudo ln -sf /usr/share/flatcar/docker-flatcar.raw "${root_fs_dir}"/etc/extensions/docker-flatcar.raw - sudo rm ${PORTAGE_CONFIGROOT}/etc/portage/profile/package.provided + info "Creating containerd and docker sysexts." - sudo "${SCRIPTS_DIR}/build_sysext" --board="${BOARD}" --image_builddir=${BUILD_DIR} --squashfs_base="${BUILD_DIR}/${image_sysext_base}" --manglefs_script="${SCRIPTS_DIR}/manglefs_containerd" containerd-flatcar app-containers/containerd - sudo install -m 0644 -D "${BUILD_DIR}/containerd-flatcar.raw" "${root_fs_dir}"/usr/share/flatcar/ - sudo ln -sf /usr/share/flatcar/containerd-flatcar.raw "${root_fs_dir}"/etc/extensions/containerd-flatcar.raw + sudo "${SCRIPTS_DIR}/build_sysext" \ + --board="${BOARD}" \ + --image_builddir="${BUILD_DIR}" \ + --squashfs_base="${BUILD_DIR}/${image_sysext_base}" \ + --manglefs_script="${SCRIPTS_DIR}/manglefs_containerd" \ + --generate_pkginfo \ + containerd app-containers/containerd + + sudo "${SCRIPTS_DIR}/build_sysext" \ + --board="${BOARD}" \ + --image_builddir=${BUILD_DIR} \ + --squashfs_base="${BUILD_DIR}/${image_sysext_base}" \ + --manglefs_script="${SCRIPTS_DIR}/manglefs_docker" \ + --base_pkginfo="${BUILD_DIR}/containerd_pkginfo.raw" \ + docker app-containers/docker + + sudo mkdir -p "${root_fs_dir}"/usr/share/flatcar/sysext + sudo install -m 0644 -D "${BUILD_DIR}/containerd.raw" "${root_fs_dir}"/usr/share/flatcar/sysext/ + sudo install -m 0644 -D "${BUILD_DIR}/docker.raw" "${root_fs_dir}"/usr/share/flatcar/sysext/ + + # Install symlinks into /etc/extensions - this will be picked up by the logic to populate + # /usr/share/flatcar/etc below, so it will end up below /usr in the final image. + sudo mkdir -p "${root_fs_dir}"/etc/extensions/ + sudo ln -sf /usr/share/flatcar/sysext/containerd.raw "${root_fs_dir}"/etc/extensions/containerd.raw + sudo ln -sf /usr/share/flatcar/sysext/docker.raw "${root_fs_dir}"/etc/extensions/docker.raw # Only enable rootfs verification on prod builds. local disable_read_write="${FLAGS_FALSE}" diff --git a/build_library/release_util.sh b/build_library/release_util.sh index 16d33f2c93..21d5aa5805 100644 --- a/build_library/release_util.sh +++ b/build_library/release_util.sh @@ -5,7 +5,6 @@ GSUTIL_OPTS= UPLOAD_ROOT= UPLOAD_PATH= -TORCX_UPLOAD_ROOT= UPLOAD_DEFAULT=${FLAGS_FALSE} DEFAULT_IMAGE_COMPRESSION_FORMAT="bz2" @@ -13,7 +12,6 @@ DEFAULT_IMAGE_COMPRESSION_FORMAT="bz2" _user="${USER}" [[ ${USER} == "root" ]] && _user="${SUDO_USER}" : ${FLATCAR_UPLOAD_ROOT:=gs://users.developer.core-os.net/${_user}} -: ${FLATCAR_TORCX_UPLOAD_ROOT:=${FLATCAR_UPLOAD_ROOT}/torcx} unset _user DEFINE_boolean parallel ${FLAGS_TRUE} \ @@ -30,12 +28,6 @@ DEFINE_string download_root "" \ "HTTP download prefix, board/version/etc will be appended." DEFINE_string download_path "" \ "HTTP download path, overrides --download_root." -DEFINE_string torcx_upload_root "${FLATCAR_TORCX_UPLOAD_ROOT}" \ - "Tectonic torcx package and manifest Upload prefix. Must be a gs:// URL." -DEFINE_string tectonic_torcx_download_root "" \ - "HTTP download prefix for tectonic torcx packages and manifests." -DEFINE_string tectonic_torcx_download_path "" \ - "HTTP download path, overrides --tectonic_torcx_download_root." DEFINE_string sign "" \ "Sign all files to be uploaded with the given GPG key." DEFINE_string sign_digests "" \ @@ -164,15 +156,6 @@ check_gsutil_opts() { UPLOAD_ROOT="${FLAGS_upload_root%%/}" fi - if [[ -n "${FLAGS_torcx_upload_root}" ]]; then - if [[ "${FLAGS_torcx_upload_root}" != gs://* ]] \ - && [[ "${FLAGS_torcx_upload_root}" != rsync://* ]] ; then - die_notrace "--torcx_upload_root must be a gs:// or rsync:// URL" - fi - # Make sure the path doesn't end with a slash - TORCX_UPLOAD_ROOT="${FLAGS_torcx_upload_root%%/}" - fi - if [[ -n "${FLAGS_upload_path}" ]]; then if [[ "${FLAGS_upload_path}" != gs://* ]] \ && [[ "${FLAGS_upload_path}" != rsync://* ]] ; then @@ -373,29 +356,3 @@ download_image_url() { echo "${download_path}/$1" } - -# Translate the configured torcx upload URL to a download url -# This is similar to the download_image_url, other than assuming the release -# bucket is the tectonic_torcx one. -download_tectonic_torcx_url() { - if [[ ${FLAGS_upload} -ne ${FLAGS_TRUE} ]]; then - echo "$1" - return 0 - fi - - local download_root="${FLAGS_tectonic_torcx_download_root:-${TORCX_UPLOAD_ROOT}}" - - local download_path - if [[ -n "${FLAGS_tectonic_torcx_download_path}" ]]; then - download_path="${FLAGS_tectonic_torcx_download_path%%/}" - else - download_path="${download_root%%/}" - fi - - # Just in case download_root was set from UPLOAD_ROOT - if [[ "${download_path}" == gs://* ]]; then - download_path="http://${download_path#gs://}" - fi - - echo "${download_path}/$1" -} diff --git a/build_library/torcx_manifest.sh b/build_library/torcx_manifest.sh deleted file mode 100644 index c44402279c..0000000000 --- a/build_library/torcx_manifest.sh +++ /dev/null @@ -1,150 +0,0 @@ -# Copyright (c) 2017 The Container Linux by CoreOS Authors. All rights -# reserved. -# Use of this source code is governed by a BSD-style license that can be -# found in the LICENSE file. - -# torcx_manifest.sh contains helper functions for creating, editing, and -# reading torcx manifest files. - -# create_empty creates an empty torcx manfiest at the given path. -function torcx_manifest::create_empty() { - local path="${1}" - jq '.' > "${path}" < "${path}" -} - -# get_pkg_names returns the list of packages in a given manifest. Each package -# may have one or more versions associated with it. -# -# Example: -# pkg_name_arr=($(torcx_manifest::get_pkg_names "torcx_manifest.json")) -function torcx_manifest::get_pkg_names() { - local file="${1}" - jq -r '.value.packages[].name' < "${file}" -} - -# local_store_path returns the in-container-linux store path a given package + -# version combination should exist at. It returns the empty string if the -# package shouldn't exist on disk. -function torcx_manifest::local_store_path() { - local file="${1}" - local name="${2}" - local version="${3}" - jq -r ".value.packages[] | select(.name == \"${name}\") | .versions[] | select(.version == \"${version}\") | .locations[] | select(.path).path" < "${file}" -} - -# get_digest returns the cas digest for a given package version -function torcx_manifest::get_digest() { - local file="${1}" - local name="${2}" - local version="${3}" - jq -r ".value.packages[] | select(.name == \"${name}\") | .versions[] | select(.version == \"${version}\") | .casDigest" < "${file}" -} - -# get_digests returns the list of digests for a given package. -function torcx_manifest::get_digests() { - local file="${1}" - local name="${2}" - jq -r ".value.packages[] | select(.name == \"${name}\").versions[].casDigest" < "${file}" -} - -# get_versions returns the list of versions for a given package. -function torcx_manifest::get_versions() { - local file="${1}" - local name="${2}" - jq -r ".value.packages[] | select(.name == \"${name}\").versions[].version" < "${file}" -} - -# default_version returns the default version for a given package, or an empty string if there isn't one. -function torcx_manifest::default_version() { - local file="${1}" - local name="${2}" - jq -r ".value.packages[] | select(.name == \"${name}\").defaultVersion" < "${file}" -} - -# sources_on_disk returns the list of source packages of all torcx images installed on disk -function torcx_manifest::sources_on_disk() { - local file="${1}" - local torcx_pkg="" - jq -r ".value.packages[].versions[] | select(.locations[].path).metaPackage" < "${file}" | - while read torcx_pkg; do - torcx_dependencies "${torcx_pkg}" | tr ' ' '\n' - done -} - -# Print the first level of runtime dependencies for a torcx meta-package. -function torcx_dependencies() ( - pkg=${1:?} - ebuild=$(equery-${BOARD} w "${pkg}") - function inherit() { : ; } - . "${ebuild}" - echo ${RDEPEND} -) diff --git a/build_packages b/build_packages index 5989e45e3f..e2b343b50d 100755 --- a/build_packages +++ b/build_packages @@ -36,12 +36,6 @@ DEFINE_boolean skip_toolchain_update "${FLAGS_FALSE}" \ "Don't update toolchain automatically." DEFINE_boolean skip_chroot_upgrade "${FLAGS_FALSE}" \ "Don't run the chroot upgrade automatically; use with care." -DEFINE_string torcx_output_root "${DEFAULT_BUILD_ROOT}/torcx" \ - "Directory in which to place torcx stores and manifests (named by board/version)" -DEFINE_boolean skip_torcx_store "${FLAGS_FALSE}" \ - "Don't build a new torcx store from the updated sysroot." -DEFINE_string torcx_extra_pkg_url "" \ - "URL to directory where the torcx packages will be available for downloading" # include upload options . "${BUILD_LIBRARY_DIR}/release_util.sh" || exit 1 @@ -329,13 +323,5 @@ test_image_content "${BOARD_ROOT}" # upload packages if enabled upload_packages -# Build a new torcx store with the updated packages, passing flags through. -if [ "${FLAGS_skip_torcx_store}" -eq "${FLAGS_FALSE}" ]; then - "${SCRIPTS_DIR}"/build_torcx_store \ - --board="${BOARD}" \ - --output_root="${FLAGS_torcx_output_root}" \ - --extra_pkg_url="${FLAGS_torcx_extra_pkg_url}" -fi - info "Builds complete" command_completed diff --git a/build_torcx_store b/build_torcx_store deleted file mode 100755 index 7e4018c0d5..0000000000 --- a/build_torcx_store +++ /dev/null @@ -1,287 +0,0 @@ -#!/bin/bash - -# Copyright (c) 2017 The CoreOS Authors. All rights reserved. -# Use of this source code is governed by a BSD-style license that can be -# found in the LICENSE file. - -. "$(dirname "$0")/common.sh" || exit 1 - -# Script must run inside the chroot -assert_inside_chroot - -assert_not_root_user - -# Developer-visible flags. -DEFINE_string board "${DEFAULT_BOARD}" \ - "The board to build packages for." -DEFINE_string output_root "${DEFAULT_BUILD_ROOT}/torcx" \ - "Directory in which to place torcx stores and manifests (named by board/version)" -DEFINE_string extra_pkg_url "" \ - "URL to directory where the torcx packages will be available for downloading" - -# include upload options -. "${BUILD_LIBRARY_DIR}/release_util.sh" || exit 1 - -FLAGS_HELP="usage: $(basename $0) [flags] [images] - -This script builds a collection of torcx images to be installed into a torcx -store. By default, all supported images are built, but a list of images can be -given as command arguments. Note that their order matters, since the version -specified last will get the default reference symlink. -" -show_help_if_requested "$@" - -# The following options are advanced options, only available to those willing -# to read the source code. They are not shown in help output, since they are -# not needed for the typical developer workflow. -DEFINE_integer build_attempt 1 \ - "The build attempt for this image build." -DEFINE_string group developer \ - "The update group." -DEFINE_string version '' \ - "Overrides version number in name to this version." - -# Parse command line -FLAGS "$@" || exit 1 -eval set -- "${FLAGS_ARGV}" - -# Only now can we die on error. shflags functions leak non-zero error codes, -# so will die prematurely if 'switch_to_strict_mode' is specified before now. -switch_to_strict_mode - -# Initialize upload options -check_gsutil_opts - -# Define BUILD_DIR and set_build_symlinks. -. "${BUILD_LIBRARY_DIR}/toolchain_util.sh" || exit 1 -. "${BUILD_LIBRARY_DIR}/board_options.sh" || exit 1 -. "${BUILD_LIBRARY_DIR}/build_image_util.sh" || exit 1 -. "${BUILD_LIBRARY_DIR}/torcx_manifest.sh" || exit 1 - -TORCX_CAS_ROOT="${FLAGS_output_root}/pkgs/${BOARD}" - -# Build and install a package configured as part of a torcx image. -function torcx_build() ( - tmproot=${1:?} - shift - pkgs=( "${@}" ) - - export LDFLAGS=-Wl,-rpath,/ORIGIN/../lib - export PKGDIR="${tmproot}/var/lib/portage/pkgs" - - # Allow the meta-package to install bashrc to customize the builds. - [ -s "${tmproot}/etc/portage/bashrc" ] && - . "${tmproot}/etc/portage/bashrc" - - # Build binary packages using dev files in the board root. - emerge-${BOARD} \ - --jobs="${NUM_JOBS}" \ - --buildpkg \ - --buildpkgonly \ - --nodeps \ - --oneshot \ - --verbose \ - --root-deps=rdeps \ - "${pkgs[@]}" - - # Install the binary packages in the temporary torcx image root. - emerge-${BOARD} \ - --jobs="${NUM_JOBS}" \ - --nodeps \ - --oneshot \ - --verbose \ - --root="${tmproot}" \ - --root-deps=rdeps \ - --sysroot="${tmproot}" \ - --usepkgonly \ - "${pkgs[@]}" -) - -# Create a torcx image from the given meta-package. -function torcx_package() { - local pkg="app-torcx/${1##*/}" - local name=${pkg%-[0-9]*} - local version=${pkg:${#name}+1} - local manifest_path="${2}" - local type="${3}" - local extra_pkg_url="${4}" - local deppkg digest file rpath sha512sum source_pkg rdepends tmproot tmppkgroot update_default tmpfile - local pkg_cas_file pkg_cas_root - local pkg_locations=() - local name=${name##*/} - local version=${version%%-r*} - - # Run in a subshell to clean tmproot and tmppkgroot up without - # clobbering this shell's EXIT trap. - ( - # Set up the base package layout to dump everything into /bin and /lib. - # tmproot is what the packages are installed into. - # A subset of the files from tmproot are then moved into tmppkgroot, - # which is then archived and uploaded. - tmproot=$(sudo mktemp --tmpdir="${BUILD_DIR}" -d) - tmppkgroot=$(sudo mktemp --tmpdir="${BUILD_DIR}" -d) - trap "sudo rm -rf '${tmproot}' '${tmppkgroot}'" EXIT - sudo chmod 0755 "${tmproot}" "${tmppkgroot}" - sudo mkdir -p "${tmproot}"/{.torcx,bin,lib,usr} - sudo ln -fns ../bin "${tmproot}/usr/bin" - sudo ln -fns ../lib "${tmproot}/usr/lib" - sudo ln -fns lib "${tmproot}/usr/lib64" - sudo ln -fns bin "${tmproot}/usr/sbin" - sudo ln -fns lib "${tmproot}/lib64" - sudo ln -fns bin "${tmproot}/sbin" - - # Install the meta-package and its direct dependencies. - torcx_build "${tmproot}" "=${pkg}" $(torcx_dependencies "${pkg}") - - # by convention, the first dependency in a torcx package is the primary - # source package - rdepends=($(torcx_dependencies "${pkg}")) - source_pkg="${rdepends[0]#=}" - - # Pluck out shared libraries and SONAME links. - sudo mv "${tmproot}"/{lib,tmplib} - sudo rm -fr "${tmproot}/tmplib/debug" - sudo find "${tmproot}/tmplib" -name 'lib*.so' -type l -delete - sudo mkdir -p "${tmproot}/lib" - sudo find "${tmproot}/tmplib" -name 'lib*.so*' \ - -exec mv -t "${tmproot}/lib/" {} + - - # Rewrite any units for transparent activation from the torcx root. - if [ -e "${tmproot}/tmplib/systemd/system" ] - then - sudo mkdir -p "${tmproot}/lib/systemd" - sudo mv "${tmproot}/tmplib/systemd/system" \ - "${tmproot}/lib/systemd/" - sudo find "${tmproot}/lib/systemd/system" -type f -exec sed -i \ - -e '/^\[Unit]/aRequires=torcx.target\nAfter=torcx.target' \ - -e '/^\[Service]/aEnvironmentFile=/run/metadata/torcx' \ - -e "/^\[Service]/aEnvironment=TORCX_IMAGEDIR=/${name}" \ - -e 's,/usr/s\?bin/,${TORCX_BINDIR}/,g' \ - -e 's,^\([^ ]*=\)\(.{TORCX_BINDIR}\)/,\1/usr/bin/env PATH=\2:${PATH} \2/,' {} + - fi - - # Network configuration can be installed unmodified. - if [ -e "${tmproot}/tmplib/systemd/network" ] - then - sudo mkdir -p "${tmproot}/lib/systemd" - sudo mv "${tmproot}/tmplib/systemd/network" \ - "${tmproot}/lib/systemd/" - fi - - # Rewrite RPATHs to use the real $ORIGIN value. - find -H "${tmproot}"/{bin,lib} -type f | - while read file - do - ( - rpath=$(sudo patchelf --print-rpath "${file}" 2>/dev/null) && - test "${rpath#/ORIGIN/}" != "${rpath}" && - sudo patchelf --set-rpath "${rpath/#?/\$}" "${file}" - ) || : # Set $? to 0 or the pipeline fails and -e quits. - done - - # Move anything we plan to package to its root. - sudo mv "${tmproot}"/{.torcx,bin,lib} "${tmppkgroot}" - if [ -e "${tmproot}/usr/share" ] - then - sudo mkdir "${tmppkgroot}/usr" - sudo mv "${tmproot}/usr/share" "${tmppkgroot}/usr/" - fi - - tmpfile="${BUILD_DIR}/${name}:${version}.torcx.tgz" - tar --force-local --selinux --xattrs -C "${tmppkgroot}" -czf "${tmpfile}" . - sha512sum=$(sha512sum "${tmpfile}" | awk '{print $1}') - - # TODO(euank): this opaque digest, if it were reproducible, could save - # users from having to download things that haven't changed. - # For now, use the sha512sum of the final image. - # Ideally we should move to something more like a casync digest or tarsum. - # The reason this is currently not being done is because to do that we - # *MUST* ensure that a given pair of (digest, sha512sum) referenced in - # a previous torcx package remains correct. - # Because this code, as written, clobbers existing things with the same - # digest (but the sha512sum of the .torcx.tgz can differ, e.g. due to ctime) - # that property doesn't hold. - # To switch this back to a reprodicble digest, we *must* never clobber - # existing objects (and thus re-use their sha512sum here). - digest="${sha512sum}" - - pkg_cas_root="${TORCX_CAS_ROOT}/${name}/${digest}" - pkg_cas_file="${pkg_cas_root}/${name}:${version}.torcx.tgz" - mkdir -p "${pkg_cas_root}" - mv "${tmpfile}" "${pkg_cas_file}" - - update_default=false - if [[ "${type}" == "default" ]]; then - update_default=true - pkg_locations+=("/usr/share/torcx/store/${name}:${version}.torcx.tgz") - fi - if [[ "${FLAGS_upload}" -eq ${FLAGS_TRUE} ]]; then - pkg_locations+=("$(download_tectonic_torcx_url "pkgs/${BOARD}/${name}/${digest}/${name}:${version}.torcx.tgz")") - fi - if [[ -n "${extra_pkg_url}" ]]; then - pkg_locations+=("${extra_pkg_url}/${name}:${version}.torcx.tgz") - fi - torcx_manifest::add_pkg "${manifest_path}" \ - "${name}" \ - "${version}" \ - "sha512-${sha512sum}" \ - "${digest}" \ - "${source_pkg}" \ - "${pkg}" \ - "${update_default}" \ - "${pkg_locations[@]}" - ) -} - -# This list defines every torcx image that goes into the vendor store for the -# current branch's release version. Note that the default reference symlink -# for each package will point at the last version specified. This can handle -# swapping default package versions for different OS releases by reordering. -DEFAULT_IMAGES=( - =app-torcx/docker-20.10 -) - -# This list contains extra images which will be uploaded and included in the -# generated manifest, but won't be included in the vendor store. -EXTRA_IMAGES=( -) - -mkdir -p "${BUILD_DIR}" -manifest_path="${BUILD_DIR}/torcx_manifest.json" -torcx_manifest::create_empty "${manifest_path}" -for pkg in "${@:-${DEFAULT_IMAGES[@]}}"; do - torcx_package "${pkg#=}" "${manifest_path}" "default" "${FLAGS_extra_pkg_url}" -done -for pkg in "${EXTRA_IMAGES[@]}"; do - torcx_package "${pkg#=}" "${manifest_path}" "extra" "${FLAGS_extra_pkg_url}" -done - -set_build_symlinks latest "${FLAGS_group}-latest" - -# Upload the pkgs referenced by this manifest -for pkg in $(torcx_manifest::get_pkg_names "${manifest_path}"); do - for digest in $(torcx_manifest::get_digests "${manifest_path}" "${pkg}"); do - # no need to sign; the manifest includes their shasum and is signed. - upload_files \ - 'torcx pkg' \ - "${TORCX_UPLOAD_ROOT}/pkgs/${BOARD}/${pkg}/${digest}" \ - "" \ - "${TORCX_CAS_ROOT}/${pkg}/${digest}"/*.torcx.tgz - done -done - -# Upload the manifest -# Note: the manifest is uploaded to 'UPLOAD_ROOT' rather than -# 'TORCX_UPLOAD_ROOT'. -# For non-release builds, those two locations will be the same, so it usually -# won't matter. -# However, for release builds, torcx packages may be uploaded directly to their -# final location, while the manifest still has to go through build bucket in -# order to get signed. -sign_and_upload_files \ - 'torcx manifest' \ - "${UPLOAD_ROOT}/torcx/manifests/${BOARD}/${FLATCAR_VERSION}" \ - "" \ - "${manifest_path}" - -# vim: tabstop=8 softtabstop=4 shiftwidth=8 expandtab diff --git a/core_dev_sign_update b/core_dev_sign_update index 46704653a4..6ed848ee34 100755 --- a/core_dev_sign_update +++ b/core_dev_sign_update @@ -69,18 +69,3 @@ else --armor --detach-sign "${data_dir}/update.hash" fi echo "=== Update payload signed successfully. ===" - -echo "=== Verifying torcx manifest... ===" -gpg2 --verify "${data_dir}/torcx_manifest.json.sig" -echo "=== Signing torcx manifest... ===" -if [[ -z "${FLAGS_gpg_key}" ]]; then - gpg2 \ - --output "${output_dir}/torcx_manifest.json.sig.$(whoami)" \ - --detach-sign --armor "${data_dir}/torcx_manifest.json" -else - gpg2 \ - --local-user "$FLAGS_gpg_key" \ - --output "${output_dir}/torcx_manifest.json.sig.$(whoami)" \ - --detach-sign --armor "${data_dir}/torcx_manifest.json" -fi -echo "=== Torcx manifest signed successfully. ==="