From c7bbb2b1e294263a1e4386f43d22dae842c19863 Mon Sep 17 00:00:00 2001 From: Flatcar Buildbot Date: Wed, 4 Dec 2019 14:59:11 +0100 Subject: [PATCH] 2345.0.0 --- build_library/build_image_util.sh | 9 +++ build_library/catalyst_toolchains.sh | 5 ++ build_library/check_root | 46 +++++++++++++-- build_library/disk_layout.json | 10 ++-- build_library/disk_util | 2 +- build_library/ebuild_aci_util.sh | 1 + build_library/grub.cfg | 19 +++++-- build_library/grub_install.sh | 26 +++++++++ build_library/oem_aci_util.sh | 1 + build_library/prod_image_util.sh | 7 ++- build_library/qemu_template.sh | 21 ++++++- build_library/set_lsb_release | 5 ++ build_library/test_image_content.sh | 1 + build_library/toolchain_util.sh | 5 ++ build_library/vm_image_util.sh | 17 ++++++ build_torcx_store | 2 +- check_out_of_date.py | 8 ++- common.sh | 24 +++++++- core_dev_sign_update | 2 +- image_inject_bootchain | 2 + jenkins/formats-arm64-usr.txt | 5 ++ oem/openstack/glance_load.sh | 3 + setup_board | 13 ++++- signing/transfer.sh | 84 ++++++++++++++++++---------- update_chroot | 5 +- 25 files changed, 265 insertions(+), 58 deletions(-) create mode 100644 jenkins/formats-arm64-usr.txt diff --git a/build_library/build_image_util.sh b/build_library/build_image_util.sh index 70603c9830..3dde0d6ec1 100755 --- a/build_library/build_image_util.sh +++ b/build_library/build_image_util.sh @@ -103,6 +103,8 @@ generate_update() { run_ldconfig() { local root_fs_dir=$1 case ${ARCH} in + arm64) + sudo qemu-aarch64 "${root_fs_dir}"/usr/sbin/ldconfig -r "${root_fs_dir}";; x86|amd64) sudo ldconfig -r "${root_fs_dir}";; *) @@ -113,6 +115,8 @@ run_ldconfig() { run_localedef() { local root_fs_dir="$1" loader=() case ${ARCH} in + arm64) + loader=( qemu-aarch64 -L "${root_fs_dir}" );; amd64) loader=( "${root_fs_dir}/usr/lib64/ld-linux-x86-64.so.2" \ --library-path "${root_fs_dir}/usr/lib64" );; @@ -456,6 +460,7 @@ finish_image() { # Only enable rootfs verification on supported boards. case "${FLAGS_board}" in amd64-usr) verity_offset=64 ;; + arm64-usr) verity_offset=512 ;; *) disable_read_write=${FLAGS_FALSE} ;; esac @@ -527,6 +532,7 @@ EOF # Magic alert! Root hash injection works by writing the hash value to a # known unused SHA256-sized location in the kernel image. # For amd64 the rdev error message is used. + # For arm64 an area between the EFI headers and the kernel text is used. # Our modified GRUB extracts the hash and adds it to the cmdline. printf %s "$(cat ${BUILD_DIR}/${image_name%.bin}_verity.txt)" | \ sudo dd of="${root_fs_dir}/boot/flatcar/vmlinuz-a" conv=notrunc \ @@ -564,6 +570,9 @@ EOF if [[ "${install_grub}" -eq 1 ]]; then local target local target_list="i386-pc x86_64-efi x86_64-xen" + if [[ ${BOARD} == "arm64-usr" ]]; then + target_list="arm64-efi" + fi local grub_args=() if [[ ${disable_read_write} -eq ${FLAGS_TRUE} ]]; then grub_args+=(--verity) diff --git a/build_library/catalyst_toolchains.sh b/build_library/catalyst_toolchains.sh index 2ab4c46dae..f5ef591e5f 100644 --- a/build_library/catalyst_toolchains.sh +++ b/build_library/catalyst_toolchains.sh @@ -35,6 +35,11 @@ build_target_toolchain() { # --root is required because run_merge overrides ROOT= PORTAGE_CONFIGROOT="$ROOT" \ run_merge -u --root="$ROOT" --sysroot="$ROOT" "${TOOLCHAIN_PKGS[@]}" + + export clst_myemergeopts="$( echo "$clst_myemergeopts" | sed -e 's/--newuse//' )" + + PORTAGE_CONFIGROOT="$ROOT" \ + run_merge --root="$ROOT" --sysroot="$ROOT" dev-lang/rust } configure_crossdev_overlay / /tmp/crossdev diff --git a/build_library/check_root b/build_library/check_root index c3c4ee17a2..2efb15e3c4 100755 --- a/build_library/check_root +++ b/build_library/check_root @@ -29,11 +29,39 @@ IGNORE_MISSING = { SonameAtom("x86_64", "libc.so.6")], # RPATHs and symlinks apparently confuse the perl-5.24 package - "dev-lang/perl": [SonameAtom("x86_64", "libperl.so.5.26.2")], - "sys-apps/texinfo": [SonameAtom("x86_64", "libperl.so.5.26")], + "dev-lang/perl": [SonameAtom("arm_64", "libperl.so.5.26.2"), + SonameAtom("x86_64", "libperl.so.5.26.2")], + "dev-perl/XML-Parser": [SonameAtom("x86_64", "libc.so.6"), + SonameAtom("x86_64", "libexpat.so.1")], + "dev-perl/libintl-perl": [SonameAtom("x86_64", "libc.so.6")], + "dev-util/boost-build": [SonameAtom("x86_64", "libc.so.6")], + "net-dns/dnsmasq": [SonameAtom("x86_64", "libc.so.6")], + "sys-apps/texinfo": [SonameAtom("x86_64", "libc.so.6"), + SonameAtom("x86_64", "libperl.so.5.26")], # https://bugs.gentoo.org/show_bug.cgi?id=554582 - "net-firewall/ebtables": [SonameAtom("x86_64", "libebt_802_3.so"), + "net-firewall/ebtables": [SonameAtom("arm_64", "libebt_802_3.so"), + SonameAtom("arm_64", "libebt_among.so"), + SonameAtom("arm_64", "libebt_arp.so"), + SonameAtom("arm_64", "libebt_arpreply.so"), + SonameAtom("arm_64", "libebt_ip.so"), + SonameAtom("arm_64", "libebt_ip6.so"), + SonameAtom("arm_64", "libebt_limit.so"), + SonameAtom("arm_64", "libebt_log.so"), + SonameAtom("arm_64", "libebt_mark.so"), + SonameAtom("arm_64", "libebt_mark_m.so"), + SonameAtom("arm_64", "libebt_nat.so"), + SonameAtom("arm_64", "libebt_nflog.so"), + SonameAtom("arm_64", "libebt_pkttype.so"), + SonameAtom("arm_64", "libebt_redirect.so"), + SonameAtom("arm_64", "libebt_standard.so"), + SonameAtom("arm_64", "libebt_stp.so"), + SonameAtom("arm_64", "libebt_ulog.so"), + SonameAtom("arm_64", "libebt_vlan.so"), + SonameAtom("arm_64", "libebtable_broute.so"), + SonameAtom("arm_64", "libebtable_filter.so"), + SonameAtom("arm_64", "libebtable_nat.so"), + SonameAtom("x86_64", "libebt_802_3.so"), SonameAtom("x86_64", "libebt_among.so"), SonameAtom("x86_64", "libebt_arp.so"), SonameAtom("x86_64", "libebt_arpreply.so"), @@ -56,13 +84,23 @@ IGNORE_MISSING = { SonameAtom("x86_64", "libebtable_nat.so")], # Ignore the Rust libraries in their own libdir. - "dev-libs/rustlib": [SonameAtom("x86_64", "librustc_data_structures.so"), + "dev-libs/rustlib": [SonameAtom("arm_64", "librustc_data_structures.so"), + SonameAtom("arm_64", "librustc_errors.so"), + SonameAtom("arm_64", "libserialize.so"), + SonameAtom("arm_64", "libstd.so"), + SonameAtom("arm_64", "libsyntax.so"), + SonameAtom("arm_64", "libsyntax_pos.so"), + SonameAtom("arm_64", "libterm.so"), + SonameAtom("x86_64", "librustc_data_structures.so"), SonameAtom("x86_64", "librustc_errors.so"), SonameAtom("x86_64", "libserialize.so"), SonameAtom("x86_64", "libstd.so"), SonameAtom("x86_64", "libsyntax.so"), SonameAtom("x86_64", "libsyntax_pos.so"), SonameAtom("x86_64", "libterm.so")], + + "sys-kernel/coreos-modules": [SonameAtom("x86_64", "libc.so.6"), + SonameAtom("x86_64", "libcrypto.so.1.0.0")], } USR_LINKS = ("/bin/", "/sbin/", "/lib/", "/lib32/", "/lib64/") diff --git a/build_library/disk_layout.json b/build_library/disk_layout.json index 6c91ae736a..84b452c12d 100644 --- a/build_library/disk_layout.json +++ b/build_library/disk_layout.json @@ -26,7 +26,7 @@ "3":{ "label":"USR-A", "uuid":"7130c94a-213a-4e5a-8e26-6cce9662f132", - "type":"coreos-rootfs", + "type":"flatcar-rootfs", "blocks":"2097152", "fs_blocks":"260094", "fs_type":"ext2", @@ -36,7 +36,7 @@ "4":{ "label":"USR-B", "uuid":"e03dd35c-7c2d-4a47-b3fe-27f15780a57c", - "type":"coreos-rootfs", + "type":"flatcar-rootfs", "blocks":"2097152", "fs_blocks":"262144" }, @@ -56,18 +56,18 @@ }, "7":{ "label":"OEM-CONFIG", - "type":"coreos-reserved", + "type":"flatcar-reserved", "blocks":"131072" }, "8":{ "type":"blank", - "label":"coreos-reserved", + "label":"flatcar-reserved", "blocks":"0" }, "9":{ "label":"ROOT", "fs_label":"ROOT", - "type":"coreos-resize", + "type":"flatcar-resize", "blocks":"4427776", "fs_type":"ext4", "mount":"/" diff --git a/build_library/disk_util b/build_library/disk_util index 0e79976860..42b2880c53 100755 --- a/build_library/disk_util +++ b/build_library/disk_util @@ -400,7 +400,7 @@ def FormatExt(part, device): if 'fs_label' in part: tune_cmd += ['-L', part['fs_label']] - if part['type'] == 'coreos-usr': + if part['type'] == 'flatcar-usr': tune_cmd += ['-U', 'clear', '-T', '20091119110000', '-c', '0', '-i', '0', # Disable auto fsck diff --git a/build_library/ebuild_aci_util.sh b/build_library/ebuild_aci_util.sh index 691e35b115..4fc2a5eeff 100644 --- a/build_library/ebuild_aci_util.sh +++ b/build_library/ebuild_aci_util.sh @@ -40,6 +40,7 @@ ebuild_aci_write_manifest() { case "${BOARD}" in amd64-usr) appc_arch=amd64 ;; + arm64-usr) appc_arch=aarch64 ;; *) die_notrace "Cannot map \"${BOARD}\" to an appc arch" ;; esac diff --git a/build_library/grub.cfg b/build_library/grub.cfg index c229cf35cd..90c7675cb4 100644 --- a/build_library/grub.cfg +++ b/build_library/grub.cfg @@ -91,21 +91,32 @@ if [ -z "$linux_console" ]; then terminal_input console serial_com0 terminal_output console serial_com0 elif [ "$grub_platform" = efi ]; then - set linux_console="console=ttyS0,115200n8 console=tty0" + if [ "$grub_cpu" = arm64 ]; then + set linux_console="console=ttyAMA0,115200n8" + else + set linux_console="console=ttyS0,115200n8 console=tty0" + fi elif [ "$grub_platform" = xen ]; then set linux_console="console=hvc0" fi fi +set extra_options="" +if [ "$grub_cpu" = arm64 ]; then + set extra_options="acpi=force" +fi + set suf="" -# UEFI uses linuxefi/initrdefi instead of linux/initrd +# UEFI uses linuxefi/initrdefi instead of linux/initrd except for arm64 if [ "$grub_platform" = efi ]; then - set suf="efi" + if [ "$grub_cpu" != arm64 ]; then + set suf="efi" + fi fi # Assemble the options applicable to all the kernels below -set linux_cmdline="rootflags=rw mount.usrflags=ro consoleblank=0 $linux_root $linux_console $first_boot $randomize_disk_guid $oem $linux_append" +set linux_cmdline="rootflags=rw mount.usrflags=ro consoleblank=0 $linux_root $linux_console $first_boot $randomize_disk_guid $extra_options $oem $linux_append" # Re-implement grub_abort() since no command exposes it. function abort { diff --git a/build_library/grub_install.sh b/build_library/grub_install.sh index 06ca3c57a9..b046e981d0 100755 --- a/build_library/grub_install.sh +++ b/build_library/grub_install.sh @@ -48,6 +48,10 @@ CORE_MODULES=( normal search test fat part_gpt search_fs_uuid gzio search_part_l # Name of the core image, depends on target CORE_NAME= +# Whether the SDK's grub or the board root's grub is used. Once amd64 is +# fixed up the board root's grub will always be used. +BOARD_GRUB=0 + case "${FLAGS_target}" in i386-pc) CORE_MODULES+=( biosdisk serial ) @@ -60,11 +64,21 @@ case "${FLAGS_target}" in x86_64-xen) CORE_NAME="core.elf" ;; + arm64-efi) + CORE_MODULES+=( serial linux efi_gop getenv smbios efinet verify http tftp ) + CORE_NAME="core.efi" + BOARD_GRUB=1 + ;; *) die_notrace "Unknown GRUB target ${FLAGS_target}" ;; esac +if [[ $BOARD_GRUB -eq 1 ]]; then + info "Updating GRUB in ${BOARD_ROOT}" + emerge-${BOARD} --nodeps --select -qugKN sys-boot/grub + GRUB_SRC="${BOARD_ROOT}/usr/lib/grub/${FLAGS_target}" +fi [[ -d "${GRUB_SRC}" ]] || die "GRUB not installed at ${GRUB_SRC}" # In order for grub-setup-bios to properly detect the layout of the disk @@ -216,6 +230,18 @@ case "${FLAGS_target}" in sudo cp "${BUILD_LIBRARY_DIR}/menu.lst" \ "${ESP_DIR}/boot/grub/menu.lst" ;; + arm64-efi) + info "Installing default arm64 UEFI bootloader." + sudo mkdir -p "${ESP_DIR}/EFI/boot" + #FIXME(andrejro): shim not ported to aarch64 + sudo cp "${ESP_DIR}/${GRUB_DIR}/${CORE_NAME}" \ + "${ESP_DIR}/EFI/boot/bootaa64.efi" + if [[ -n "${FLAGS_copy_efi_grub}" ]]; then + # copying from vfat so ignore permissions + cp --no-preserve=mode "${ESP_DIR}/EFI/boot/bootaa64.efi" \ + "${FLAGS_copy_efi_grub}" + fi + ;; esac cleanup diff --git a/build_library/oem_aci_util.sh b/build_library/oem_aci_util.sh index 8cc9a7eca0..90fcd4d700 100644 --- a/build_library/oem_aci_util.sh +++ b/build_library/oem_aci_util.sh @@ -74,6 +74,7 @@ oem_aci_write_manifest() { case "${BOARD}" in amd64-usr) appc_arch=amd64 ;; + arm64-usr) appc_arch=aarch64 ;; *) die_notrace "Cannot map \"${BOARD}\" to an appc arch" ;; esac diff --git a/build_library/prod_image_util.sh b/build_library/prod_image_util.sh index 83400892c6..b3b707381d 100755 --- a/build_library/prod_image_util.sh +++ b/build_library/prod_image_util.sh @@ -85,7 +85,7 @@ create_prod_image() { # Assert that if this is supposed to be an official build that the # official update keys have been used. - if [[ ${COREOS_OFFICIAL:-0} -eq 1 ]]; then + if [[ ${COREOS_OFFICIAL:-0} -eq 1 && "${BOARD}" != arm64-usr ]]; then grep -q official \ "${root_fs_dir}"/var/db/pkg/coreos-base/coreos-au-key-*/USE \ || die_notrace "coreos-au-key is missing the 'official' use flag" @@ -141,8 +141,11 @@ EOF "${BUILD_DIR}/${image_kernel}" "${BUILD_DIR}/${image_pcr_policy}" "${BUILD_DIR}/${image_grub}" - "${BUILD_DIR}/${image_shim}" "${BUILD_DIR}/${image_kconfig}" ) + # FIXME(bgilbert): no shim on arm64 + if [[ -f "${BUILD_DIR}/${image_shim}" ]]; then + to_upload+=("${BUILD_DIR}/${image_shim}") + fi upload_image -d "${BUILD_DIR}/${image_name}.bz2.DIGESTS" "${to_upload[@]}" } diff --git a/build_library/qemu_template.sh b/build_library/qemu_template.sh index 3621956a53..cd84b2116d 100755 --- a/build_library/qemu_template.sh +++ b/build_library/qemu_template.sh @@ -21,6 +21,7 @@ SAFE_ARGS=0 USAGE="Usage: $0 [-a authorized_keys] [--] [qemu options...] Options: -i FILE File containing an Ignition config + (needs \"-append 'flatcar.first_boot=1'\" for already-booted or PXE images) -u FILE Cloudinit user-data as either a cloud config or script. -c FILE Config drive as an iso or fat filesystem image. -a FILE SSH public keys for login access. [~/.ssh/id_{dsa,rsa}.pub] @@ -33,7 +34,8 @@ The -a option may be used to specify a particular ssh public key to give login access to. If -a is not provided ~/.ssh/id_{dsa,rsa}.pub is used. If no public key is provided or found the VM will still boot but you may be unable to login unless you built the image yourself after setting a -password for the core user with the 'set_shared_user_password.sh' script. +password for the core user with the 'set_shared_user_password.sh' script +or provide the option \"-append 'flatcar.autologin'\". Any arguments after -a and -p will be passed through to qemu, -- may be used as an explicit separator. See the qemu(1) man page for more details. @@ -153,6 +155,10 @@ else set -- -machine accel=kvm -cpu host -smp "${VM_NCPUS}" "$@" ;; amd64-usr+*) set -- -machine pc-q35-2.8 -cpu kvm64 -smp 1 -nographic "$@" ;; + arm64-usr+aarch64) + set -- -machine virt,accel=kvm,gic-version=3 -cpu host -smp "${VM_NCPUS}" -nographic "$@" ;; + arm64-usr+*) + set -- -machine virt -cpu cortex-a57 -smp 1 -nographic "$@" ;; *) die "Unsupported arch" ;; esac @@ -173,6 +179,10 @@ if [ -n "${VM_IMAGE}" ]; then case "${VM_BOARD}" in amd64-usr) set -- -drive if=virtio,file="${SCRIPT_DIR}/${VM_IMAGE}" "$@" ;; + arm64-usr) + set -- -drive if=none,id=blk,file="${SCRIPT_DIR}/${VM_IMAGE}" \ + -device virtio-blk-device,drive=blk "$@" + ;; *) die "Unsupported arch" ;; esac fi @@ -215,6 +225,15 @@ case "${VM_BOARD}" in -object rng-random,filename=/dev/urandom,id=rng0 -device virtio-rng-pci,rng=rng0 \ "$@" ;; + arm64-usr) + qemu-system-aarch64 \ + -name "$VM_NAME" \ + -m ${VM_MEMORY} \ + -netdev user,id=eth0,hostfwd=tcp::"${SSH_PORT}"-:22,hostname="${VM_NAME}" \ + -device virtio-net-device,netdev=eth0 \ + -object rng-random,filename=/dev/urandom,id=rng0 -device virtio-rng-pci,rng=rng0 \ + "$@" + ;; *) die "Unsupported arch" ;; esac diff --git a/build_library/set_lsb_release b/build_library/set_lsb_release index 97b278c8e9..c6a680135d 100755 --- a/build_library/set_lsb_release +++ b/build_library/set_lsb_release @@ -31,7 +31,12 @@ OS_ID="flatcar" OS_ID_LIKE="coreos" OS_PRETTY_NAME="$OS_NAME $FLATCAR_VERSION (${OS_CODENAME})" +# temporarily point arm at a different appid until update support +# is completed in update_engine and the CoreUpdate service. FLATCAR_APPID="{e96281a6-d1af-4bde-9a0a-97b76e56dc57}" +if [[ "${FLAGS_board}" == arm64-* ]]; then + FLATCAR_APPID="{103867da-e3a2-4c92-b0b3-7fbd7f7d8b71}" +fi # DISTRIB_* are the standard lsb-release names sudo mkdir -p "${ROOT_FS_DIR}/usr/share/flatcar" "${ROOT_FS_DIR}/etc/flatcar" diff --git a/build_library/test_image_content.sh b/build_library/test_image_content.sh index 260acc0c61..476eb3445d 100644 --- a/build_library/test_image_content.sh +++ b/build_library/test_image_content.sh @@ -5,6 +5,7 @@ GLSA_WHITELIST=( 201412-09 # incompatible CA certificate version numbers 201908-14 # backported both CVE fixes + 201904-13 # git 201909-01 # Perl, SDK only 201909-08 # backported fix ) diff --git a/build_library/toolchain_util.sh b/build_library/toolchain_util.sh index 293d9656af..5ab2c6e470 100644 --- a/build_library/toolchain_util.sh +++ b/build_library/toolchain_util.sh @@ -15,6 +15,7 @@ TOOLCHAIN_PKGS=( # compiler to build a full native toolchain. Packages are not uploaded. declare -A CROSS_PROFILES CROSS_PROFILES["x86_64-cros-linux-gnu"]="coreos:coreos/amd64/generic" +CROSS_PROFILES["aarch64-cros-linux-gnu"]="coreos:coreos/arm64/generic" # Map board names to CHOSTs and portage profiles. This is the # definitive list, there is assorted code new and old that either @@ -23,6 +24,9 @@ declare -A BOARD_CHOSTS BOARD_PROFILES BOARD_CHOSTS["amd64-usr"]="x86_64-cros-linux-gnu" BOARD_PROFILES["amd64-usr"]="coreos:coreos/amd64/generic" +BOARD_CHOSTS["arm64-usr"]="aarch64-cros-linux-gnu" +BOARD_PROFILES["arm64-usr"]="coreos:coreos/arm64/generic" + BOARD_NAMES=( "${!BOARD_CHOSTS[@]}" ) # Declare the above globals as read-only to avoid accidental conflicts. @@ -39,6 +43,7 @@ declare -r \ # Usage: get_portage_arch chost get_portage_arch() { case "$1" in + aarch64*) echo arm64;; alpha*) echo alpha;; arm*) echo arm;; hppa*) echo hppa;; diff --git a/build_library/vm_image_util.sh b/build_library/vm_image_util.sh index edc4749e5a..631ad37720 100644 --- a/build_library/vm_image_util.sh +++ b/build_library/vm_image_util.sh @@ -303,6 +303,9 @@ get_default_vm_type() { amd64-usr) echo "qemu" ;; + arm64-usr) + echo "qemu_uefi" + ;; *) return 1 ;; @@ -619,6 +622,7 @@ _write_cpio_disk() { local grub_arch case $BOARD in amd64-usr) grub_arch="x86_64-efi" ;; + arm64-usr) grub_arch="arm64-efi" ;; esac cp "${base_dir}/boot/flatcar/grub/${grub_arch}/core.efi" "${dst_dir}/${grub_name}" @@ -715,6 +719,19 @@ _write_qemu_uefi_conf() { cp "/usr/share/edk2-ovmf/OVMF_CODE.fd" "$(_dst_dir)/${flash_ro}" cp "/usr/share/edk2-ovmf/OVMF_VARS.fd" "$(_dst_dir)/${flash_rw}" ;; + arm64-usr) + # Get edk2 files into local build workspace. + info "Updating edk2 in /build/${BOARD}" + emerge-${BOARD} --nodeps --select -qugN sys-firmware/edk2-aarch64 + # Create 64MiB flash device image files. + dd if=/dev/zero bs=1M count=64 of="$(_dst_dir)/${flash_rw}" \ + status=none + cp "/build/${BOARD}/usr/share/edk2-aarch64/QEMU_EFI.fd" \ + "$(_dst_dir)/${flash_ro}.work" + truncate --reference="$(_dst_dir)/${flash_rw}" \ + "$(_dst_dir)/${flash_ro}.work" + mv "$(_dst_dir)/${flash_ro}.work" "$(_dst_dir)/${flash_ro}" + ;; esac sed -e "s%^VM_PFLASH_RO=.*%VM_PFLASH_RO='${flash_ro}'%" \ diff --git a/build_torcx_store b/build_torcx_store index 926182974d..d18c458bcf 100755 --- a/build_torcx_store +++ b/build_torcx_store @@ -238,7 +238,7 @@ function torcx_package() { # swapping default package versions for different OS releases by reordering. DEFAULT_IMAGES=( =app-torcx/docker-1.12 - =app-torcx/docker-18.06 + =app-torcx/docker-19.03 ) # This list contains extra images which will be uploaded and included in the diff --git a/check_out_of_date.py b/check_out_of_date.py index f0b99f072c..0f32991cab 100755 --- a/check_out_of_date.py +++ b/check_out_of_date.py @@ -67,11 +67,11 @@ def process_emerge_output(eout): def get_board_packages(board): - """ gets a list of packages used by a board. valid boards are amd64-usr, sdk, and bootstrap""" + """ gets a list of packages used by a board. valid boards are {arm,amd}64-usr, sdk, and bootstrap""" emerge_args = "--emptytree --pretend --verbose --unordered-display" if board == "sdk": cmd = "emerge {} @system sdk-depends sdk-extras".format(emerge_args) - elif board == "amd64-usr": + elif board == "amd64-usr" or board == "arm64-usr": cmd = "emerge-{} {} @system board-packages".format(board, emerge_args) elif board == "bootstrap": pkgs = exec_command_strict("/usr/lib64/catalyst/targets/stage1/build.py") @@ -92,6 +92,7 @@ def print_table(report, head, line_head, line_tail, tail, joiner, pkg_joiner): "upstream": ["Upstream"], "tag": "Tag", "sdk": ["sdk"], + "arm64-usr": ["arm64-usr"], "amd64-usr": ["amd64-usr"], "bootstrap": ["bootstrap"], "modified": "Modified"}) @@ -102,6 +103,7 @@ def print_table(report, head, line_head, line_tail, tail, joiner, pkg_joiner): pkg_joiner.join(entry.get("upstream",[])), entry.get("tag",""), pkg_joiner.join(entry.get("sdk", [])), + pkg_joiner.join(entry.get("arm64-usr", [])), pkg_joiner.join(entry.get("amd64-usr", [])), pkg_joiner.join(entry.get("bootstrap", [])), entry.get("modified","")]) + line_tail) @@ -138,7 +140,7 @@ def main(): subprocess.check_call(["git", "-C", args.upstream_path, "pull"]) pkg_lists = {} - sources = ["sdk", "bootstrap", "amd64-usr", "image"] + sources = ["sdk", "bootstrap", "amd64-usr", "arm64-usr", "image"] for i in sources: pkg_lists[i] = get_board_packages(i) diff --git a/common.sh b/common.sh index 4ad736ca20..37cee5e809 100644 --- a/common.sh +++ b/common.sh @@ -46,6 +46,9 @@ fi # Turn on bash debug support if available for backtraces. shopt -s extdebug 2>/dev/null +# Source qemu library path +. /etc/profile.d/qemu-aarch64.sh 2> /dev/null || true + # Output a backtrace all the way back to the raw invocation, suppressing # only the _dump_trace frame itself. _dump_trace() { @@ -383,9 +386,8 @@ if [[ -f ${GCLIENT_ROOT}/src/scripts/.default_board ]]; then die ".default_board: invalid name detected; please fix:" \ "'${DEFAULT_BOARD}'" fi -elif [ -z "${DEFAULT_BOARD-}" ]; then - DEFAULT_BOARD=amd64-usr fi +DEFAULT_BOARD="${DEFAULT_BOARD-amd64-usr}" # Directory to store built images. Should be set by sourcing script when used. BUILD_DIR= @@ -928,10 +930,21 @@ BOAT } # The binfmt_misc support in the kernel is required. +# The aarch64 binaries should be executed through +# "/usr/bin/qemu-aarch64-static" setup_qemu_static() { local root_fs_dir="$1" case "${BOARD}" in amd64-usr) return 0;; + arm64-usr) + if [[ -f "${root_fs_dir}/sbin/ldconfig" ]]; then + sudo cp /usr/bin/qemu-aarch64 "${root_fs_dir}"/usr/bin/qemu-aarch64-static + echo export QEMU_LD_PREFIX=\"/build/arm64-usr/\" | sudo tee /etc/profile.d/qemu-aarch64.sh + . /etc/profile.d/qemu-aarch64.sh + else + die "Missing basic layout in target rootfs" + fi + ;; *) die "Unsupported arch" ;; esac } @@ -940,6 +953,13 @@ clean_qemu_static() { local root_fs_dir="$1" case "${BOARD}" in amd64-usr) return 0;; + arm64-usr) + if [[ -f "${root_fs_dir}/usr/bin/qemu-aarch64-static" ]]; then + sudo rm "${root_fs_dir}"/usr/bin/qemu-aarch64-static + else + die "File not found" + fi + ;; *) die "Unsupported arch" ;; esac } diff --git a/core_dev_sign_update b/core_dev_sign_update index d08b9a5c71..46704653a4 100755 --- a/core_dev_sign_update +++ b/core_dev_sign_update @@ -6,7 +6,7 @@ SCRIPT_ROOT=$(dirname $(readlink -f "$0")) assert_inside_chroot DEFINE_string data_dir "" "Directory containing downloaded release artifacts" -DEFINE_string board "amd64-usr" "Board to sign artifacts for" +DEFINE_string board "" "Board to sign artifacts for" DEFINE_string version "" "Version to sign artifacts for" DEFINE_integer n_signatures "2" "Number of signatures this release will be signed with" DEFINE_string output_dir "" "Output directory" diff --git a/image_inject_bootchain b/image_inject_bootchain index 5c768ba86c..721f86da1d 100755 --- a/image_inject_bootchain +++ b/image_inject_bootchain @@ -77,9 +77,11 @@ if [[ -n "${FLAGS_kernel_path}" ]]; then do_copy "${FLAGS_kernel_path}" "/boot/flatcar/vmlinuz-a" fi +# FIXME(bgilbert): no shim on arm64 if [[ -n "${FLAGS_efi_grub_path}" ]]; then case "${BOARD}" in amd64-usr) image_name="grub.efi" ;; + arm64-usr) image_name="bootaa64.efi" ;; *) die "GRUB filename not known for this board" ;; esac diff --git a/jenkins/formats-arm64-usr.txt b/jenkins/formats-arm64-usr.txt new file mode 100644 index 0000000000..fe6f2e2598 --- /dev/null +++ b/jenkins/formats-arm64-usr.txt @@ -0,0 +1,5 @@ +openstack +openstack_mini +packet +pxe +qemu_uefi diff --git a/oem/openstack/glance_load.sh b/oem/openstack/glance_load.sh index c6810a331f..162753bf6e 100755 --- a/oem/openstack/glance_load.sh +++ b/oem/openstack/glance_load.sh @@ -34,6 +34,9 @@ while [[ $# -gt 0 ]]; do amd64|amd64-usr) board="amd64-usr" ;; + arm64|arm64-usr) + board="arm64-usr" + ;; *) echo "Error: Unknown arg: $1" exit 1 diff --git a/setup_board b/setup_board index 7c7ce16f9b..24e3fa11cf 100755 --- a/setup_board +++ b/setup_board @@ -27,6 +27,8 @@ DEFINE_boolean getbinpkg "${FLAGS_TRUE}" \ "Download binary packages from remote repository." DEFINE_string getbinpkgver "" \ "Use binary packages from a specific version." +DEFINE_string binhost "" \ + "Use binary packages from a specific location (e.g. https://storage.googleapis.com/flatcar-jenkins/sdk/amd64/2000.0.0/pkgs)" DEFINE_boolean toolchainpkgonly "${FLAGS_FALSE}" \ "Use binary packages only for the board toolchain." DEFINE_integer jobs "${NUM_JOBS}" \ @@ -59,7 +61,7 @@ DEFINE_string variant "" \ "Board variant." -# builds wrappers like equery-amd64-usr. +# builds wrappers like equery-arm-generic. # args: # $1: command to wrap # rest: extra arguments to pass to the command @@ -159,7 +161,7 @@ BOARD_ETC="${BOARD_ROOT}/etc" BOARD_ARCH=$(get_board_arch "$BOARD") BOARD_CHOST=$(get_board_chost ${BOARD}) PORTAGE_PROFILE=$(get_board_profile "$BOARD") -BOARD_BINHOST=$(generate_binhost_list) +BOARD_BINHOST="$FLAGS_binhost $(generate_binhost_list)" if [[ ${FLAGS_regen_configs_only} -eq ${FLAGS_TRUE} ]]; then FLAGS_regen_configs=${FLAGS_TRUE} @@ -198,6 +200,9 @@ if [ "${FLAGS_usepkg}" -eq "${FLAGS_TRUE}" ]; then else UPDATE_ARGS+=" --nogetbinpkg " fi + if [[ -n "${FLAGS_binhost}" ]]; then + UPDATE_ARGS+=" --binhost=${FLAGS_binhost} " + fi else UPDATE_ARGS+=" --nousepkg" fi @@ -318,6 +323,10 @@ if [[ ${FLAGS_regen_configs} -eq ${FLAGS_FALSE} ]]; then info "Installing toolchain build dependencies" install_cross_libs "${BOARD_CHOST}" ${EMERGE_FLAGS} --buildpkg=n + info "Building toolchain dependencies" + "${EMERGE_WRAPPER}" --buildpkg --buildpkgonly --onlydeps -e \ + --root="/usr/${BOARD_CHOST}" --sysroot="/usr/${BOARD_CHOST}" \ + ${EMERGE_TOOLCHAIN_FLAGS} "${TOOLCHAIN_PKGS[@]}" info "Building toolchain" "${EMERGE_WRAPPER}" --buildpkg --buildpkgonly \ --root="/usr/${BOARD_CHOST}" --sysroot="/usr/${BOARD_CHOST}" \ diff --git a/signing/transfer.sh b/signing/transfer.sh index 387aec5eac..361146c773 100755 --- a/signing/transfer.sh +++ b/signing/transfer.sh @@ -2,8 +2,9 @@ set -eux -APPID=e96281a6-d1af-4bde-9a0a-97b76e56dc57 -BOARD=amd64-usr +declare -A APPID +APPID[amd64-usr]=e96281a6-d1af-4bde-9a0a-97b76e56dc57 +APPID[arm64-usr]=103867da-e3a2-4c92-b0b3-7fbd7f7d8b71 declare -A RELEASE_CHANNEL RELEASE_CHANNEL[alpha]=Alpha @@ -13,9 +14,10 @@ RELEASE_CHANNEL[stable]=Stable download() { local channel="$1" local version="$2" + local board="$3" - local gs="gs://builds.release.core-os.net/${channel}/boards/${BOARD}/${version}" - local dir="${BASEDIR}/${BOARD}/${version}" + local gs="gs://builds.release.core-os.net/${channel}/boards/${board}/${version}" + local dir="${BASEDIR}/${board}/${version}" mkdir -p "${dir}" pushd "${dir}" >/dev/null @@ -31,7 +33,7 @@ download() { local torcx_base="gs://builds.release.core-os.net/embargoed/devfiles/torcx/manifests/${board}/${version}" if ! gsutil -q stat "${torcx_base}/torcx_manifest.json"; then # Non-embargoed release - local torcx_base="gs://builds.developer.core-os.net/torcx/manifests/${board}/${version}" + local torcx_base="gs://builds.developer.core-os.net/torcx/manifests/${BOARD}/${version}" fi gsutil -m cp \ "${torcx_base}/torcx_manifest.json" \ @@ -49,6 +51,7 @@ download() { devsign() { local channel="$1" local version="$2" + local board="$3" "$(dirname $0)/../core_dev_sign_update" \ --data_dir "${BASEDIR}" \ @@ -62,17 +65,19 @@ devsign() { sign() { local channel="$1" local version="$2" + local board="$3" "$(dirname $0)/sign.sh" \ - "${BASEDIR}/${BOARD}/${version}" \ - "${SIGDIR}/${BOARD}/${version}" + "${BASEDIR}/${board}/${version}" \ + "${SIGDIR}/${board}/${version}" } upload() { local channel="$1" local version="$2" + local board="$3" - local dir="${BASEDIR}/${BOARD}/${version}" + local dir="${BASEDIR}/${board}/${version}" local payload="${dir}/flatcar_production_update.gz" local torcx_manifest="${dir}/torcx_manifest.json" local torcx_manifest_sig="${dir}/torcx_manifest.json.asc" @@ -87,8 +92,8 @@ upload() { "$(dirname $0)/../core_roller_upload" \ --user="${ROLLER_USERNAME}" \ --api_key="${ROLLER_API_KEY}" \ - --app_id="${APPID}" \ - --board="${BOARD}" \ + --app_id="${APPID[${board}]}" \ + --board="${board}" \ --version="${version}" \ --payload="${payload}" @@ -96,7 +101,7 @@ upload() { gsutil cp \ "${torcx_manifest}" \ "${torcx_manifest_sig}" \ - "gs://coreos-tectonic-torcx/manifests/${BOARD}/${version}/" + "gs://coreos-tectonic-torcx/manifests/${board}/${version}/" # Update version in a canary channel if one is defined. local -n canary_channel="ROLLER_CANARY_CHANNEL_${channel^^}" @@ -106,7 +111,7 @@ upload() { --user="${ROLLER_USERNAME}" \ --key="${ROLLER_API_KEY}" \ channel update \ - --app-id="${APPID}" \ + --app-id="${APPID[${board}]}" \ --channel="${canary_channel}" \ --version="${version}" fi @@ -115,16 +120,17 @@ upload() { ready() { local channel="$1" local version="$2" + local board="$3" # setting the percent will deactivate (not delete) any existing rollouts for # this specific group. - echo "Rollout set to 0%" + echo "Rollout set to 0% for ${board}" updateservicectl \ --server="https://public.update.core-os.net" \ --user="${ROLLER_USERNAME}" \ --key="${ROLLER_API_KEY}" \ group percent \ - --app-id="${APPID}" \ + --app-id="${APPID[${board}]}" \ --group-id="${channel}" \ --update-percent=0 @@ -135,7 +141,7 @@ ready() { --user="${ROLLER_USERNAME}" \ --key="${ROLLER_API_KEY}" \ channel update \ - --app-id="${APPID}" \ + --app-id="${APPID[${board}]}" \ --channel="${RELEASE_CHANNEL[${channel}]}" \ --publish=true \ --version="${version}" @@ -144,26 +150,40 @@ ready() { roll() { local channel="$1" local hours="$2" + local board="$3" local seconds=$((${hours} * 3600)) - # creating a new rollout deletes any existing rollout for this group and - # automatically activates the new one. - echo "Creating linear rollout that will get to 100% in ${hours}h" - updateservicectl \ - --server="https://public.update.core-os.net" \ - --user="${ROLLER_USERNAME}" \ - --key="${ROLLER_API_KEY}" \ - rollout create linear \ - --app-id="${APPID}" \ - --group-id="${channel}" \ - --duration="${seconds}" \ - --frame-size="60" + # Only ramp rollouts on AMD64; ARM64 is too small + if [[ "$board" = "arm64-usr" ]]; then + echo "Setting rollout for arm64-usr to 100%" + updateservicectl \ + --server="https://public.update.core-os.net" \ + --user="${ROLLER_USERNAME}" \ + --key="${ROLLER_API_KEY}" \ + group percent \ + --app-id="${APPID[${board}]}" \ + --group-id="${channel}" \ + --update-percent=100 + else + # creating a new rollout deletes any existing rollout for this group and + # automatically activates the new one. + echo "Creating linear rollout for ${board} that will get to 100% in ${hours}h" + updateservicectl \ + --server="https://public.update.core-os.net" \ + --user="${ROLLER_USERNAME}" \ + --key="${ROLLER_API_KEY}" \ + rollout create linear \ + --app-id="${APPID[${board}]}" \ + --group-id="${channel}" \ + --duration="${seconds}" \ + --frame-size="60" + fi } usage() { echo "Usage: $0 {download|upload} [{-a|-b|-s} ]..." >&2 - echo "Usage: $0 {devsign|sign} [{-a|-b|-s} ]..." >&2 + echo "Usage: $0 {devsign|sign} [{-a|-b|-s} ]..." >&2 echo "Usage: $0 ready [{-a|-b|-s} ]..." >&2 echo "Usage: $0 roll [{-a|-b|-s} ]..." >&2 exit 1 @@ -226,13 +246,15 @@ while [[ $# > 0 ]]; do case "${c}" in -a) - $CMD "alpha" "${v}" + $CMD "alpha" "${v}" "amd64-usr" + $CMD "alpha" "${v}" "arm64-usr" ;; -b) - $CMD "beta" "${v}" + $CMD "beta" "${v}" "amd64-usr" + $CMD "beta" "${v}" "arm64-usr" ;; -s) - $CMD "stable" "${v}" + $CMD "stable" "${v}" "amd64-usr" ;; *) usage diff --git a/update_chroot b/update_chroot index 254b89dc5f..3e93c7e8fd 100755 --- a/update_chroot +++ b/update_chroot @@ -27,6 +27,8 @@ DEFINE_boolean skip_toolchain_update "${FLAGS_FALSE}" \ "Don't update the toolchains." DEFINE_string toolchain_boards "" \ "Extra toolchains to setup for the specified boards." +DEFINE_string binhost "" \ + "Use binary packages from a specific location (e.g. https://storage.googleapis.com/flatcar-jenkins/sdk/amd64/2000.0.0/pkgs)" FLAGS_HELP="usage: $(basename $0) [flags] Performs an update of the chroot. This script is called as part of @@ -57,6 +59,7 @@ PORTAGE_STABLE_OVERLAY="${REPO_ROOT}/src/third_party/portage-stable" CROSSDEV_OVERLAY="/usr/local/portage/crossdev" COREOS_OVERLAY="${REPO_ROOT}/src/third_party/coreos-overlay" COREOS_CONFIG="${COREOS_OVERLAY}/coreos/config" +PORTAGE_BINHOST="$FLAGS_binhost $(get_sdk_binhost)" # PORTAGE_USERNAME may already be in the env but set just to be safe. : ${PORTAGE_USERNAME:=${USER}} @@ -83,7 +86,7 @@ PORTDIR_OVERLAY="${CROSSDEV_OVERLAY} ${COREOS_OVERLAY}" DISTDIR="${REPO_CACHE_DIR}/distfiles" PKGDIR="/var/lib/portage/pkgs" PORT_LOGDIR="/var/log/portage" -PORTAGE_BINHOST="$(get_sdk_binhost)" +PORTAGE_BINHOST="$PORTAGE_BINHOST" PORTAGE_USERNAME="${PORTAGE_USERNAME}" MAKEOPTS="--jobs=${NUM_JOBS} --load-average=$((NUM_JOBS * 2))" CCACHE_UMASK="002"