mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-06 04:26:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

2345.0.0

Browse Source
This commit is contained in:
Flatcar Buildbot 2019-12-04 14:59:11 +01:00 committed by Dongsu Park
parent 7ee9c9c033
commit c7bbb2b1e2
25 changed files with 265 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
build_library/build_image_util.sh
View File

@ -103,6 +103,8 @@ generate_update() {
run_ldconfig() {
local root_fs_dir=$1
case ${ARCH} in
arm64)
sudo qemu-aarch64 "${root_fs_dir}"/usr/sbin/ldconfig -r "${root_fs_dir}";;
x86|amd64)
sudo ldconfig -r "${root_fs_dir}";;
*)
@ -113,6 +115,8 @@ run_ldconfig() {
run_localedef() {
local root_fs_dir="$1" loader=()
case ${ARCH} in
arm64)
loader=( qemu-aarch64 -L "${root_fs_dir}" );;
amd64)
loader=( "${root_fs_dir}/usr/lib64/ld-linux-x86-64.so.2" \
--library-path "${root_fs_dir}/usr/lib64" );;
@ -456,6 +460,7 @@ finish_image() {
# Only enable rootfs verification on supported boards.
case "${FLAGS_board}" in
amd64-usr) verity_offset=64 ;;
arm64-usr) verity_offset=512 ;;
*) disable_read_write=${FLAGS_FALSE} ;;
esac
@ -527,6 +532,7 @@ EOF
# Magic alert! Root hash injection works by writing the hash value to a
# known unused SHA256-sized location in the kernel image.
# For amd64 the rdev error message is used.
# For arm64 an area between the EFI headers and the kernel text is used.
# Our modified GRUB extracts the hash and adds it to the cmdline.
printf %s "$(cat ${BUILD_DIR}/${image_name%.bin}_verity.txt)" | \
sudo dd of="${root_fs_dir}/boot/flatcar/vmlinuz-a" conv=notrunc \
@ -564,6 +570,9 @@ EOF
if [[ "${install_grub}" -eq 1 ]]; then
local target
local target_list="i386-pc x86_64-efi x86_64-xen"
if [[ ${BOARD} == "arm64-usr" ]]; then
target_list="arm64-efi"
fi
local grub_args=()
if [[ ${disable_read_write} -eq ${FLAGS_TRUE} ]]; then
grub_args+=(--verity)

5
build_library/catalyst_toolchains.sh
View File

@ -35,6 +35,11 @@ build_target_toolchain() {
# --root is required because run_merge overrides ROOT=
PORTAGE_CONFIGROOT="$ROOT" \
run_merge -u --root="$ROOT" --sysroot="$ROOT" "${TOOLCHAIN_PKGS[@]}"
export clst_myemergeopts="$( echo "$clst_myemergeopts" | sed -e 's/--newuse//' )"
PORTAGE_CONFIGROOT="$ROOT" \
run_merge --root="$ROOT" --sysroot="$ROOT" dev-lang/rust
}
configure_crossdev_overlay / /tmp/crossdev

46
build_library/check_root
View File

@ -29,11 +29,39 @@ IGNORE_MISSING = {
SonameAtom("x86_64", "libc.so.6")],
# RPATHs and symlinks apparently confuse the perl-5.24 package
"dev-lang/perl": [SonameAtom("x86_64", "libperl.so.5.26.2")],
"sys-apps/texinfo": [SonameAtom("x86_64", "libperl.so.5.26")],
"dev-lang/perl": [SonameAtom("arm_64", "libperl.so.5.26.2"),
SonameAtom("x86_64", "libperl.so.5.26.2")],
"dev-perl/XML-Parser": [SonameAtom("x86_64", "libc.so.6"),
SonameAtom("x86_64", "libexpat.so.1")],
"dev-perl/libintl-perl": [SonameAtom("x86_64", "libc.so.6")],
"dev-util/boost-build": [SonameAtom("x86_64", "libc.so.6")],
"net-dns/dnsmasq": [SonameAtom("x86_64", "libc.so.6")],
"sys-apps/texinfo": [SonameAtom("x86_64", "libc.so.6"),
SonameAtom("x86_64", "libperl.so.5.26")],
# https://bugs.gentoo.org/show_bug.cgi?id=554582
"net-firewall/ebtables": [SonameAtom("x86_64", "libebt_802_3.so"),
"net-firewall/ebtables": [SonameAtom("arm_64", "libebt_802_3.so"),
SonameAtom("arm_64", "libebt_among.so"),
SonameAtom("arm_64", "libebt_arp.so"),
SonameAtom("arm_64", "libebt_arpreply.so"),
SonameAtom("arm_64", "libebt_ip.so"),
SonameAtom("arm_64", "libebt_ip6.so"),
SonameAtom("arm_64", "libebt_limit.so"),
SonameAtom("arm_64", "libebt_log.so"),
SonameAtom("arm_64", "libebt_mark.so"),
SonameAtom("arm_64", "libebt_mark_m.so"),
SonameAtom("arm_64", "libebt_nat.so"),
SonameAtom("arm_64", "libebt_nflog.so"),
SonameAtom("arm_64", "libebt_pkttype.so"),
SonameAtom("arm_64", "libebt_redirect.so"),
SonameAtom("arm_64", "libebt_standard.so"),
SonameAtom("arm_64", "libebt_stp.so"),
SonameAtom("arm_64", "libebt_ulog.so"),
SonameAtom("arm_64", "libebt_vlan.so"),
SonameAtom("arm_64", "libebtable_broute.so"),
SonameAtom("arm_64", "libebtable_filter.so"),
SonameAtom("arm_64", "libebtable_nat.so"),
SonameAtom("x86_64", "libebt_802_3.so"),
SonameAtom("x86_64", "libebt_among.so"),
SonameAtom("x86_64", "libebt_arp.so"),
SonameAtom("x86_64", "libebt_arpreply.so"),
@ -56,13 +84,23 @@ IGNORE_MISSING = {
SonameAtom("x86_64", "libebtable_nat.so")],
# Ignore the Rust libraries in their own libdir.
"dev-libs/rustlib": [SonameAtom("x86_64", "librustc_data_structures.so"),
"dev-libs/rustlib": [SonameAtom("arm_64", "librustc_data_structures.so"),
SonameAtom("arm_64", "librustc_errors.so"),
SonameAtom("arm_64", "libserialize.so"),
SonameAtom("arm_64", "libstd.so"),
SonameAtom("arm_64", "libsyntax.so"),
SonameAtom("arm_64", "libsyntax_pos.so"),
SonameAtom("arm_64", "libterm.so"),
SonameAtom("x86_64", "librustc_data_structures.so"),
SonameAtom("x86_64", "librustc_errors.so"),
SonameAtom("x86_64", "libserialize.so"),
SonameAtom("x86_64", "libstd.so"),
SonameAtom("x86_64", "libsyntax.so"),
SonameAtom("x86_64", "libsyntax_pos.so"),
SonameAtom("x86_64", "libterm.so")],
"sys-kernel/coreos-modules": [SonameAtom("x86_64", "libc.so.6"),
SonameAtom("x86_64", "libcrypto.so.1.0.0")],
}
USR_LINKS = ("/bin/", "/sbin/", "/lib/", "/lib32/", "/lib64/")

10
build_library/disk_layout.json
View File

@ -26,7 +26,7 @@
"3":{
"label":"USR-A",
"uuid":"7130c94a-213a-4e5a-8e26-6cce9662f132",
"type":"coreos-rootfs",
"type":"flatcar-rootfs",
"blocks":"2097152",
"fs_blocks":"260094",
"fs_type":"ext2",
@ -36,7 +36,7 @@
"4":{
"label":"USR-B",
"uuid":"e03dd35c-7c2d-4a47-b3fe-27f15780a57c",
"type":"coreos-rootfs",
"type":"flatcar-rootfs",
"blocks":"2097152",
"fs_blocks":"262144"
},
@ -56,18 +56,18 @@
},
"7":{
"label":"OEM-CONFIG",
"type":"coreos-reserved",
"type":"flatcar-reserved",
"blocks":"131072"
},
"8":{
"type":"blank",
"label":"coreos-reserved",
"label":"flatcar-reserved",
"blocks":"0"
},
"9":{
"label":"ROOT",
"fs_label":"ROOT",
"type":"coreos-resize",
"type":"flatcar-resize",
"blocks":"4427776",
"fs_type":"ext4",
"mount":"/"

2
build_library/disk_util
View File

@ -400,7 +400,7 @@ def FormatExt(part, device):
if 'fs_label' in part:
tune_cmd += ['-L', part['fs_label']]
if part['type'] == 'coreos-usr':
if part['type'] == 'flatcar-usr':
tune_cmd += ['-U', 'clear',
'-T', '20091119110000',
'-c', '0', '-i', '0', # Disable auto fsck

1
build_library/ebuild_aci_util.sh
View File

@ -40,6 +40,7 @@ ebuild_aci_write_manifest() {
case "${BOARD}" in
amd64-usr) appc_arch=amd64 ;;
arm64-usr) appc_arch=aarch64 ;;
*) die_notrace "Cannot map \"${BOARD}\" to an appc arch" ;;
esac

19
build_library/grub.cfg
View File

@ -91,21 +91,32 @@ if [ -z "$linux_console" ]; then
terminal_input console serial_com0
terminal_output console serial_com0
elif [ "$grub_platform" = efi ]; then
set linux_console="console=ttyS0,115200n8 console=tty0"
if [ "$grub_cpu" = arm64 ]; then
set linux_console="console=ttyAMA0,115200n8"
else
set linux_console="console=ttyS0,115200n8 console=tty0"
fi
elif [ "$grub_platform" = xen ]; then
set linux_console="console=hvc0"
fi
fi
set extra_options=""
if [ "$grub_cpu" = arm64 ]; then
set extra_options="acpi=force"
fi
set suf=""
# UEFI uses linuxefi/initrdefi instead of linux/initrd
# UEFI uses linuxefi/initrdefi instead of linux/initrd except for arm64
if [ "$grub_platform" = efi ]; then
set suf="efi"
if [ "$grub_cpu" != arm64 ]; then
set suf="efi"
fi
fi
# Assemble the options applicable to all the kernels below
set linux_cmdline="rootflags=rw mount.usrflags=ro consoleblank=0 $linux_root $linux_console $first_boot $randomize_disk_guid $oem $linux_append"
set linux_cmdline="rootflags=rw mount.usrflags=ro consoleblank=0 $linux_root $linux_console $first_boot $randomize_disk_guid $extra_options $oem $linux_append"
# Re-implement grub_abort() since no command exposes it.
function abort {

26
build_library/grub_install.sh
View File

@ -48,6 +48,10 @@ CORE_MODULES=( normal search test fat part_gpt search_fs_uuid gzio search_part_l
# Name of the core image, depends on target
CORE_NAME=
# Whether the SDK's grub or the board root's grub is used. Once amd64 is
# fixed up the board root's grub will always be used.
BOARD_GRUB=0
case "${FLAGS_target}" in
i386-pc)
CORE_MODULES+=( biosdisk serial )
@ -60,11 +64,21 @@ case "${FLAGS_target}" in
x86_64-xen)
CORE_NAME="core.elf"
;;
arm64-efi)
CORE_MODULES+=( serial linux efi_gop getenv smbios efinet verify http tftp )
CORE_NAME="core.efi"
BOARD_GRUB=1
;;
*)
die_notrace "Unknown GRUB target ${FLAGS_target}"
;;
esac
if [[ $BOARD_GRUB -eq 1 ]]; then
info "Updating GRUB in ${BOARD_ROOT}"
emerge-${BOARD} --nodeps --select -qugKN sys-boot/grub
GRUB_SRC="${BOARD_ROOT}/usr/lib/grub/${FLAGS_target}"
fi
[[ -d "${GRUB_SRC}" ]] || die "GRUB not installed at ${GRUB_SRC}"
# In order for grub-setup-bios to properly detect the layout of the disk
@ -216,6 +230,18 @@ case "${FLAGS_target}" in
sudo cp "${BUILD_LIBRARY_DIR}/menu.lst" \
"${ESP_DIR}/boot/grub/menu.lst"
;;
arm64-efi)
info "Installing default arm64 UEFI bootloader."
sudo mkdir -p "${ESP_DIR}/EFI/boot"
#FIXME(andrejro): shim not ported to aarch64
sudo cp "${ESP_DIR}/${GRUB_DIR}/${CORE_NAME}" \
"${ESP_DIR}/EFI/boot/bootaa64.efi"
if [[ -n "${FLAGS_copy_efi_grub}" ]]; then
# copying from vfat so ignore permissions
cp --no-preserve=mode "${ESP_DIR}/EFI/boot/bootaa64.efi" \
"${FLAGS_copy_efi_grub}"
fi
;;
esac
cleanup

1
build_library/oem_aci_util.sh
View File

@ -74,6 +74,7 @@ oem_aci_write_manifest() {
case "${BOARD}" in
amd64-usr) appc_arch=amd64 ;;
arm64-usr) appc_arch=aarch64 ;;
*) die_notrace "Cannot map \"${BOARD}\" to an appc arch" ;;
esac

7
build_library/prod_image_util.sh
View File

@ -85,7 +85,7 @@ create_prod_image() {
# Assert that if this is supposed to be an official build that the
# official update keys have been used.
if [[ ${COREOS_OFFICIAL:-0} -eq 1 ]]; then
if [[ ${COREOS_OFFICIAL:-0} -eq 1 && "${BOARD}" != arm64-usr ]]; then
grep -q official \
"${root_fs_dir}"/var/db/pkg/coreos-base/coreos-au-key-*/USE \
|| die_notrace "coreos-au-key is missing the 'official' use flag"
@ -141,8 +141,11 @@ EOF
"${BUILD_DIR}/${image_kernel}"
"${BUILD_DIR}/${image_pcr_policy}"
"${BUILD_DIR}/${image_grub}"
"${BUILD_DIR}/${image_shim}"
"${BUILD_DIR}/${image_kconfig}"
)
# FIXME(bgilbert): no shim on arm64
if [[ -f "${BUILD_DIR}/${image_shim}" ]]; then
to_upload+=("${BUILD_DIR}/${image_shim}")
fi
upload_image -d "${BUILD_DIR}/${image_name}.bz2.DIGESTS" "${to_upload[@]}"
}

21
build_library/qemu_template.sh
View File

@ -21,6 +21,7 @@ SAFE_ARGS=0
USAGE="Usage: $0 [-a authorized_keys] [--] [qemu options...]
Options:
-i FILE File containing an Ignition config
(needs \"-append 'flatcar.first_boot=1'\" for already-booted or PXE images)
-u FILE Cloudinit user-data as either a cloud config or script.
-c FILE Config drive as an iso or fat filesystem image.
-a FILE SSH public keys for login access. [~/.ssh/id_{dsa,rsa}.pub]
@ -33,7 +34,8 @@ The -a option may be used to specify a particular ssh public key to give
login access to. If -a is not provided ~/.ssh/id_{dsa,rsa}.pub is used.
If no public key is provided or found the VM will still boot but you may
be unable to login unless you built the image yourself after setting a
password for the core user with the 'set_shared_user_password.sh' script.
password for the core user with the 'set_shared_user_password.sh' script
or provide the option \"-append 'flatcar.autologin'\".
Any arguments after -a and -p will be passed through to qemu, -- may be
used as an explicit separator. See the qemu(1) man page for more details.
@ -153,6 +155,10 @@ else
set -- -machine accel=kvm -cpu host -smp "${VM_NCPUS}" "$@" ;;
amd64-usr+*)
set -- -machine pc-q35-2.8 -cpu kvm64 -smp 1 -nographic "$@" ;;
arm64-usr+aarch64)
set -- -machine virt,accel=kvm,gic-version=3 -cpu host -smp "${VM_NCPUS}" -nographic "$@" ;;
arm64-usr+*)
set -- -machine virt -cpu cortex-a57 -smp 1 -nographic "$@" ;;
*)
die "Unsupported arch" ;;
esac
@ -173,6 +179,10 @@ if [ -n "${VM_IMAGE}" ]; then
case "${VM_BOARD}" in
amd64-usr)
set -- -drive if=virtio,file="${SCRIPT_DIR}/${VM_IMAGE}" "$@" ;;
arm64-usr)
set -- -drive if=none,id=blk,file="${SCRIPT_DIR}/${VM_IMAGE}" \
-device virtio-blk-device,drive=blk "$@"
;;
*) die "Unsupported arch" ;;
esac
fi
@ -215,6 +225,15 @@ case "${VM_BOARD}" in
-object rng-random,filename=/dev/urandom,id=rng0 -device virtio-rng-pci,rng=rng0 \
"$@"
;;
arm64-usr)
qemu-system-aarch64 \
-name "$VM_NAME" \
-m ${VM_MEMORY} \
-netdev user,id=eth0,hostfwd=tcp::"${SSH_PORT}"-:22,hostname="${VM_NAME}" \
-device virtio-net-device,netdev=eth0 \
-object rng-random,filename=/dev/urandom,id=rng0 -device virtio-rng-pci,rng=rng0 \
"$@"
;;
*) die "Unsupported arch" ;;
esac

5
build_library/set_lsb_release
View File

@ -31,7 +31,12 @@ OS_ID="flatcar"
OS_ID_LIKE="coreos"
OS_PRETTY_NAME="$OS_NAME $FLATCAR_VERSION (${OS_CODENAME})"
# temporarily point arm at a different appid until update support
# is completed in update_engine and the CoreUpdate service.
FLATCAR_APPID="{e96281a6-d1af-4bde-9a0a-97b76e56dc57}"
if [[ "${FLAGS_board}" == arm64-* ]]; then
FLATCAR_APPID="{103867da-e3a2-4c92-b0b3-7fbd7f7d8b71}"
fi
# DISTRIB_* are the standard lsb-release names
sudo mkdir -p "${ROOT_FS_DIR}/usr/share/flatcar" "${ROOT_FS_DIR}/etc/flatcar"

1
build_library/test_image_content.sh
View File

@ -5,6 +5,7 @@
GLSA_WHITELIST=(
201412-09 # incompatible CA certificate version numbers
201908-14 # backported both CVE fixes
201904-13 # git
201909-01 # Perl, SDK only
201909-08 # backported fix
)

5
build_library/toolchain_util.sh
View File

@ -15,6 +15,7 @@ TOOLCHAIN_PKGS=(
# compiler to build a full native toolchain. Packages are not uploaded.
declare -A CROSS_PROFILES
CROSS_PROFILES["x86_64-cros-linux-gnu"]="coreos:coreos/amd64/generic"
CROSS_PROFILES["aarch64-cros-linux-gnu"]="coreos:coreos/arm64/generic"
# Map board names to CHOSTs and portage profiles. This is the
# definitive list, there is assorted code new and old that either
@ -23,6 +24,9 @@ declare -A BOARD_CHOSTS BOARD_PROFILES
BOARD_CHOSTS["amd64-usr"]="x86_64-cros-linux-gnu"
BOARD_PROFILES["amd64-usr"]="coreos:coreos/amd64/generic"
BOARD_CHOSTS["arm64-usr"]="aarch64-cros-linux-gnu"
BOARD_PROFILES["arm64-usr"]="coreos:coreos/arm64/generic"
BOARD_NAMES=( "${!BOARD_CHOSTS[@]}" )
# Declare the above globals as read-only to avoid accidental conflicts.
@ -39,6 +43,7 @@ declare -r \
# Usage: get_portage_arch chost
get_portage_arch() {
case "$1" in
aarch64*) echo arm64;;
alpha*) echo alpha;;
arm*) echo arm;;
hppa*) echo hppa;;

17
build_library/vm_image_util.sh
View File

@ -303,6 +303,9 @@ get_default_vm_type() {
amd64-usr)
echo "qemu"
;;
arm64-usr)
echo "qemu_uefi"
;;
*)
return 1
;;
@ -619,6 +622,7 @@ _write_cpio_disk() {
local grub_arch
case $BOARD in
amd64-usr) grub_arch="x86_64-efi" ;;
arm64-usr) grub_arch="arm64-efi" ;;
esac
cp "${base_dir}/boot/flatcar/grub/${grub_arch}/core.efi" "${dst_dir}/${grub_name}"
@ -715,6 +719,19 @@ _write_qemu_uefi_conf() {
cp "/usr/share/edk2-ovmf/OVMF_CODE.fd" "$(_dst_dir)/${flash_ro}"
cp "/usr/share/edk2-ovmf/OVMF_VARS.fd" "$(_dst_dir)/${flash_rw}"
;;
arm64-usr)
# Get edk2 files into local build workspace.
info "Updating edk2 in /build/${BOARD}"
emerge-${BOARD} --nodeps --select -qugN sys-firmware/edk2-aarch64
# Create 64MiB flash device image files.
dd if=/dev/zero bs=1M count=64 of="$(_dst_dir)/${flash_rw}" \
status=none
cp "/build/${BOARD}/usr/share/edk2-aarch64/QEMU_EFI.fd" \
"$(_dst_dir)/${flash_ro}.work"
truncate --reference="$(_dst_dir)/${flash_rw}" \
"$(_dst_dir)/${flash_ro}.work"
mv "$(_dst_dir)/${flash_ro}.work" "$(_dst_dir)/${flash_ro}"
;;
esac
sed -e "s%^VM_PFLASH_RO=.*%VM_PFLASH_RO='${flash_ro}'%" \

2
build_torcx_store
View File

@ -238,7 +238,7 @@ function torcx_package() {
# swapping default package versions for different OS releases by reordering.
DEFAULT_IMAGES=(
=app-torcx/docker-1.12
=app-torcx/docker-18.06
=app-torcx/docker-19.03
)
# This list contains extra images which will be uploaded and included in the

8
check_out_of_date.py
View File

@ -67,11 +67,11 @@ def process_emerge_output(eout):
def get_board_packages(board):
""" gets a list of packages used by a board. valid boards are amd64-usr, sdk, and bootstrap"""
""" gets a list of packages used by a board. valid boards are {arm,amd}64-usr, sdk, and bootstrap"""
emerge_args = "--emptytree --pretend --verbose --unordered-display"
if board == "sdk":
cmd = "emerge {} @system sdk-depends sdk-extras".format(emerge_args)
elif board == "amd64-usr":
elif board == "amd64-usr" or board == "arm64-usr":
cmd = "emerge-{} {} @system board-packages".format(board, emerge_args)
elif board == "bootstrap":
pkgs = exec_command_strict("/usr/lib64/catalyst/targets/stage1/build.py")
@ -92,6 +92,7 @@ def print_table(report, head, line_head, line_tail, tail, joiner, pkg_joiner):
"upstream": ["Upstream"],
"tag": "Tag",
"sdk": ["sdk"],
"arm64-usr": ["arm64-usr"],
"amd64-usr": ["amd64-usr"],
"bootstrap": ["bootstrap"],
"modified": "Modified"})
@ -102,6 +103,7 @@ def print_table(report, head, line_head, line_tail, tail, joiner, pkg_joiner):
pkg_joiner.join(entry.get("upstream",[])),
entry.get("tag",""),
pkg_joiner.join(entry.get("sdk", [])),
pkg_joiner.join(entry.get("arm64-usr", [])),
pkg_joiner.join(entry.get("amd64-usr", [])),
pkg_joiner.join(entry.get("bootstrap", [])),
entry.get("modified","")]) + line_tail)
@ -138,7 +140,7 @@ def main():
subprocess.check_call(["git", "-C", args.upstream_path, "pull"])
pkg_lists = {}
sources = ["sdk", "bootstrap", "amd64-usr", "image"]
sources = ["sdk", "bootstrap", "amd64-usr", "arm64-usr", "image"]
for i in sources:
pkg_lists[i] = get_board_packages(i)

24
common.sh
View File

@ -46,6 +46,9 @@ fi
# Turn on bash debug support if available for backtraces.
shopt -s extdebug 2>/dev/null
# Source qemu library path
. /etc/profile.d/qemu-aarch64.sh 2> /dev/null || true
# Output a backtrace all the way back to the raw invocation, suppressing
# only the _dump_trace frame itself.
_dump_trace() {
@ -383,9 +386,8 @@ if [[ -f ${GCLIENT_ROOT}/src/scripts/.default_board ]]; then
die ".default_board: invalid name detected; please fix:" \
"'${DEFAULT_BOARD}'"
fi
elif [ -z "${DEFAULT_BOARD-}" ]; then
DEFAULT_BOARD=amd64-usr
fi
DEFAULT_BOARD="${DEFAULT_BOARD-amd64-usr}"
# Directory to store built images. Should be set by sourcing script when used.
BUILD_DIR=
@ -928,10 +930,21 @@ BOAT
}
# The binfmt_misc support in the kernel is required.
# The aarch64 binaries should be executed through
# "/usr/bin/qemu-aarch64-static"
setup_qemu_static() {
local root_fs_dir="$1"
case "${BOARD}" in
amd64-usr) return 0;;
arm64-usr)
if [[ -f "${root_fs_dir}/sbin/ldconfig" ]]; then
sudo cp /usr/bin/qemu-aarch64 "${root_fs_dir}"/usr/bin/qemu-aarch64-static
echo export QEMU_LD_PREFIX=\"/build/arm64-usr/\" | sudo tee /etc/profile.d/qemu-aarch64.sh
. /etc/profile.d/qemu-aarch64.sh
else
die "Missing basic layout in target rootfs"
fi
;;
*) die "Unsupported arch" ;;
esac
}
@ -940,6 +953,13 @@ clean_qemu_static() {
local root_fs_dir="$1"
case "${BOARD}" in
amd64-usr) return 0;;
arm64-usr)
if [[ -f "${root_fs_dir}/usr/bin/qemu-aarch64-static" ]]; then
sudo rm "${root_fs_dir}"/usr/bin/qemu-aarch64-static
else
die "File not found"
fi
;;
*) die "Unsupported arch" ;;
esac
}

2
core_dev_sign_update
View File

@ -6,7 +6,7 @@ SCRIPT_ROOT=$(dirname $(readlink -f "$0"))
assert_inside_chroot
DEFINE_string data_dir "" "Directory containing downloaded release artifacts"
DEFINE_string board "amd64-usr" "Board to sign artifacts for"
DEFINE_string board "" "Board to sign artifacts for"
DEFINE_string version "" "Version to sign artifacts for"
DEFINE_integer n_signatures "2" "Number of signatures this release will be signed with"
DEFINE_string output_dir "" "Output directory"

2
image_inject_bootchain
View File

@ -77,9 +77,11 @@ if [[ -n "${FLAGS_kernel_path}" ]]; then
do_copy "${FLAGS_kernel_path}" "/boot/flatcar/vmlinuz-a"
fi
# FIXME(bgilbert): no shim on arm64
if [[ -n "${FLAGS_efi_grub_path}" ]]; then
case "${BOARD}" in
amd64-usr) image_name="grub.efi" ;;
arm64-usr) image_name="bootaa64.efi" ;;
*) die "GRUB filename not known for this board" ;;
esac

5
jenkins/formats-arm64-usr.txt Normal file
View File

@ -0,0 +1,5 @@
openstack
openstack_mini
packet
pxe
qemu_uefi

3
oem/openstack/glance_load.sh
View File

@ -34,6 +34,9 @@ while [[ $# -gt 0 ]]; do
amd64|amd64-usr)
board="amd64-usr"
;;
arm64|arm64-usr)
board="arm64-usr"
;;
*)
echo "Error: Unknown arg: $1"
exit 1

13
setup_board
View File

@ -27,6 +27,8 @@ DEFINE_boolean getbinpkg "${FLAGS_TRUE}" \
"Download binary packages from remote repository."
DEFINE_string getbinpkgver "" \
"Use binary packages from a specific version."
DEFINE_string binhost "" \
"Use binary packages from a specific location (e.g. https://storage.googleapis.com/flatcar-jenkins/sdk/amd64/2000.0.0/pkgs)"
DEFINE_boolean toolchainpkgonly "${FLAGS_FALSE}" \
"Use binary packages only for the board toolchain."
DEFINE_integer jobs "${NUM_JOBS}" \
@ -59,7 +61,7 @@ DEFINE_string variant "" \
"Board variant."
# builds wrappers like equery-amd64-usr.
# builds wrappers like equery-arm-generic.
# args:
# $1: command to wrap
# rest: extra arguments to pass to the command
@ -159,7 +161,7 @@ BOARD_ETC="${BOARD_ROOT}/etc"
BOARD_ARCH=$(get_board_arch "$BOARD")
BOARD_CHOST=$(get_board_chost ${BOARD})
PORTAGE_PROFILE=$(get_board_profile "$BOARD")
BOARD_BINHOST=$(generate_binhost_list)
BOARD_BINHOST="$FLAGS_binhost $(generate_binhost_list)"
if [[ ${FLAGS_regen_configs_only} -eq ${FLAGS_TRUE} ]]; then
FLAGS_regen_configs=${FLAGS_TRUE}
@ -198,6 +200,9 @@ if [ "${FLAGS_usepkg}" -eq "${FLAGS_TRUE}" ]; then
else
UPDATE_ARGS+=" --nogetbinpkg "
fi
if [[ -n "${FLAGS_binhost}" ]]; then
UPDATE_ARGS+=" --binhost=${FLAGS_binhost} "
fi
else
UPDATE_ARGS+=" --nousepkg"
fi
@ -318,6 +323,10 @@ if [[ ${FLAGS_regen_configs} -eq ${FLAGS_FALSE} ]]; then
info "Installing toolchain build dependencies"
install_cross_libs "${BOARD_CHOST}" ${EMERGE_FLAGS} --buildpkg=n
info "Building toolchain dependencies"
"${EMERGE_WRAPPER}" --buildpkg --buildpkgonly --onlydeps -e \
--root="/usr/${BOARD_CHOST}" --sysroot="/usr/${BOARD_CHOST}" \
${EMERGE_TOOLCHAIN_FLAGS} "${TOOLCHAIN_PKGS[@]}"
info "Building toolchain"
"${EMERGE_WRAPPER}" --buildpkg --buildpkgonly \
--root="/usr/${BOARD_CHOST}" --sysroot="/usr/${BOARD_CHOST}" \

84
signing/transfer.sh
View File

@ -2,8 +2,9 @@
set -eux
APPID=e96281a6-d1af-4bde-9a0a-97b76e56dc57
BOARD=amd64-usr
declare -A APPID
APPID[amd64-usr]=e96281a6-d1af-4bde-9a0a-97b76e56dc57
APPID[arm64-usr]=103867da-e3a2-4c92-b0b3-7fbd7f7d8b71
declare -A RELEASE_CHANNEL
RELEASE_CHANNEL[alpha]=Alpha
@ -13,9 +14,10 @@ RELEASE_CHANNEL[stable]=Stable
download() {
local channel="$1"
local version="$2"
local board="$3"
local gs="gs://builds.release.core-os.net/${channel}/boards/${BOARD}/${version}"
local dir="${BASEDIR}/${BOARD}/${version}"
local gs="gs://builds.release.core-os.net/${channel}/boards/${board}/${version}"
local dir="${BASEDIR}/${board}/${version}"
mkdir -p "${dir}"
pushd "${dir}" >/dev/null
@ -31,7 +33,7 @@ download() {
local torcx_base="gs://builds.release.core-os.net/embargoed/devfiles/torcx/manifests/${board}/${version}"
if ! gsutil -q stat "${torcx_base}/torcx_manifest.json"; then
# Non-embargoed release
local torcx_base="gs://builds.developer.core-os.net/torcx/manifests/${board}/${version}"
local torcx_base="gs://builds.developer.core-os.net/torcx/manifests/${BOARD}/${version}"
fi
gsutil -m cp \
"${torcx_base}/torcx_manifest.json" \
@ -49,6 +51,7 @@ download() {
devsign() {
local channel="$1"
local version="$2"
local board="$3"
"$(dirname $0)/../core_dev_sign_update" \
--data_dir "${BASEDIR}" \
@ -62,17 +65,19 @@ devsign() {
sign() {
local channel="$1"
local version="$2"
local board="$3"
"$(dirname $0)/sign.sh" \
"${BASEDIR}/${BOARD}/${version}" \
"${SIGDIR}/${BOARD}/${version}"
"${BASEDIR}/${board}/${version}" \
"${SIGDIR}/${board}/${version}"
}
upload() {
local channel="$1"
local version="$2"
local board="$3"
local dir="${BASEDIR}/${BOARD}/${version}"
local dir="${BASEDIR}/${board}/${version}"
local payload="${dir}/flatcar_production_update.gz"
local torcx_manifest="${dir}/torcx_manifest.json"
local torcx_manifest_sig="${dir}/torcx_manifest.json.asc"
@ -87,8 +92,8 @@ upload() {
"$(dirname $0)/../core_roller_upload" \
--user="${ROLLER_USERNAME}" \
--api_key="${ROLLER_API_KEY}" \
--app_id="${APPID}" \
--board="${BOARD}" \
--app_id="${APPID[${board}]}" \
--board="${board}" \
--version="${version}" \
--payload="${payload}"
@ -96,7 +101,7 @@ upload() {
gsutil cp \
"${torcx_manifest}" \
"${torcx_manifest_sig}" \
"gs://coreos-tectonic-torcx/manifests/${BOARD}/${version}/"
"gs://coreos-tectonic-torcx/manifests/${board}/${version}/"
# Update version in a canary channel if one is defined.
local -n canary_channel="ROLLER_CANARY_CHANNEL_${channel^^}"
@ -106,7 +111,7 @@ upload() {
--user="${ROLLER_USERNAME}" \
--key="${ROLLER_API_KEY}" \
channel update \
--app-id="${APPID}" \
--app-id="${APPID[${board}]}" \
--channel="${canary_channel}" \
--version="${version}"
fi
@ -115,16 +120,17 @@ upload() {
ready() {
local channel="$1"
local version="$2"
local board="$3"
# setting the percent will deactivate (not delete) any existing rollouts for
# this specific group.
echo "Rollout set to 0%"
echo "Rollout set to 0% for ${board}"
updateservicectl \
--server="https://public.update.core-os.net" \
--user="${ROLLER_USERNAME}" \
--key="${ROLLER_API_KEY}" \
group percent \
--app-id="${APPID}" \
--app-id="${APPID[${board}]}" \
--group-id="${channel}" \
--update-percent=0
@ -135,7 +141,7 @@ ready() {
--user="${ROLLER_USERNAME}" \
--key="${ROLLER_API_KEY}" \
channel update \
--app-id="${APPID}" \
--app-id="${APPID[${board}]}" \
--channel="${RELEASE_CHANNEL[${channel}]}" \
--publish=true \
--version="${version}"
@ -144,26 +150,40 @@ ready() {
roll() {
local channel="$1"
local hours="$2"
local board="$3"
local seconds=$((${hours} * 3600))
# creating a new rollout deletes any existing rollout for this group and
# automatically activates the new one.
echo "Creating linear rollout that will get to 100% in ${hours}h"
updateservicectl \
--server="https://public.update.core-os.net" \
--user="${ROLLER_USERNAME}" \
--key="${ROLLER_API_KEY}" \
rollout create linear \
--app-id="${APPID}" \
--group-id="${channel}" \
--duration="${seconds}" \
--frame-size="60"
# Only ramp rollouts on AMD64; ARM64 is too small
if [[ "$board" = "arm64-usr" ]]; then
echo "Setting rollout for arm64-usr to 100%"
updateservicectl \
--server="https://public.update.core-os.net" \
--user="${ROLLER_USERNAME}" \
--key="${ROLLER_API_KEY}" \
group percent \
--app-id="${APPID[${board}]}" \
--group-id="${channel}" \
--update-percent=100
else
# creating a new rollout deletes any existing rollout for this group and
# automatically activates the new one.
echo "Creating linear rollout for ${board} that will get to 100% in ${hours}h"
updateservicectl \
--server="https://public.update.core-os.net" \
--user="${ROLLER_USERNAME}" \
--key="${ROLLER_API_KEY}" \
rollout create linear \
--app-id="${APPID[${board}]}" \
--group-id="${channel}" \
--duration="${seconds}" \
--frame-size="60"
fi
}
usage() {
echo "Usage: $0 {download|upload} <ARTIFACT-DIR> [{-a|-b|-s} <VERSION>]..." >&2
echo "Usage: $0 {devsign|sign} <ARTIFACT-DIR> <SIG-DIR> [{-a|-b|-s} <VERSION>]..." >&2
echo "Usage: $0 {devsign|sign} <ARTIFACT-DIR> <SIG-DIR> [{-a|-b|-s} <VERSION> <BOARD>]..." >&2
echo "Usage: $0 ready [{-a|-b|-s} <VERSION>]..." >&2
echo "Usage: $0 roll [{-a|-b|-s} <HOURS-TO-100-PERCENT>]..." >&2
exit 1
@ -226,13 +246,15 @@ while [[ $# > 0 ]]; do
case "${c}" in
-a)
$CMD "alpha" "${v}"
$CMD "alpha" "${v}" "amd64-usr"
$CMD "alpha" "${v}" "arm64-usr"
;;
-b)
$CMD "beta" "${v}"
$CMD "beta" "${v}" "amd64-usr"
$CMD "beta" "${v}" "arm64-usr"
;;
-s)
$CMD "stable" "${v}"
$CMD "stable" "${v}" "amd64-usr"
;;
*)
usage

5
update_chroot
View File

@ -27,6 +27,8 @@ DEFINE_boolean skip_toolchain_update "${FLAGS_FALSE}" \
"Don't update the toolchains."
DEFINE_string toolchain_boards "" \
"Extra toolchains to setup for the specified boards."
DEFINE_string binhost "" \
"Use binary packages from a specific location (e.g. https://storage.googleapis.com/flatcar-jenkins/sdk/amd64/2000.0.0/pkgs)"
FLAGS_HELP="usage: $(basename $0) [flags]
Performs an update of the chroot. This script is called as part of
@ -57,6 +59,7 @@ PORTAGE_STABLE_OVERLAY="${REPO_ROOT}/src/third_party/portage-stable"
CROSSDEV_OVERLAY="/usr/local/portage/crossdev"
COREOS_OVERLAY="${REPO_ROOT}/src/third_party/coreos-overlay"
COREOS_CONFIG="${COREOS_OVERLAY}/coreos/config"
PORTAGE_BINHOST="$FLAGS_binhost $(get_sdk_binhost)"
# PORTAGE_USERNAME may already be in the env but set just to be safe.
: ${PORTAGE_USERNAME:=${USER}}
@ -83,7 +86,7 @@ PORTDIR_OVERLAY="${CROSSDEV_OVERLAY} ${COREOS_OVERLAY}"
DISTDIR="${REPO_CACHE_DIR}/distfiles"
PKGDIR="/var/lib/portage/pkgs"
PORT_LOGDIR="/var/log/portage"
PORTAGE_BINHOST="$(get_sdk_binhost)"
PORTAGE_BINHOST="$PORTAGE_BINHOST"
PORTAGE_USERNAME="${PORTAGE_USERNAME}"
MAKEOPTS="--jobs=${NUM_JOBS} --load-average=$((NUM_JOBS * 2))"
CCACHE_UMASK="002"