mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-07 04:56:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

2345.0.0

Browse Source
This commit is contained in:
Flatcar Buildbot 2019-12-04 14:59:11 +01:00 committed by Dongsu Park
parent 7ee9c9c033
commit c7bbb2b1e2
25 changed files with 265 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
build_library/build_image_util.sh
View File

@ -103,6 +103,8 @@ generate_update() {
run_ldconfig() { run_ldconfig() {
local root_fs_dir=$1 local root_fs_dir=$1
case ${ARCH} in case ${ARCH} in
arm64)
sudo qemu-aarch64 "${root_fs_dir}"/usr/sbin/ldconfig -r "${root_fs_dir}";;
x86|amd64) x86|amd64)
sudo ldconfig -r "${root_fs_dir}";; sudo ldconfig -r "${root_fs_dir}";;
*) *)
@ -113,6 +115,8 @@ run_ldconfig() {
run_localedef() { run_localedef() {
local root_fs_dir="$1" loader=() local root_fs_dir="$1" loader=()
case ${ARCH} in case ${ARCH} in
arm64)
loader=( qemu-aarch64 -L "${root_fs_dir}" );;
amd64) amd64)
loader=( "${root_fs_dir}/usr/lib64/ld-linux-x86-64.so.2" \ loader=( "${root_fs_dir}/usr/lib64/ld-linux-x86-64.so.2" \
--library-path "${root_fs_dir}/usr/lib64" );; --library-path "${root_fs_dir}/usr/lib64" );;
@ -456,6 +460,7 @@ finish_image() {
# Only enable rootfs verification on supported boards. # Only enable rootfs verification on supported boards.
case "${FLAGS_board}" in case "${FLAGS_board}" in
amd64-usr) verity_offset=64 ;; amd64-usr) verity_offset=64 ;;
arm64-usr) verity_offset=512 ;;
*) disable_read_write=${FLAGS_FALSE} ;; *) disable_read_write=${FLAGS_FALSE} ;;
esac esac
@ -527,6 +532,7 @@ EOF
# Magic alert! Root hash injection works by writing the hash value to a # Magic alert! Root hash injection works by writing the hash value to a
# known unused SHA256-sized location in the kernel image. # known unused SHA256-sized location in the kernel image.
# For amd64 the rdev error message is used. # For amd64 the rdev error message is used.
# For arm64 an area between the EFI headers and the kernel text is used.
# Our modified GRUB extracts the hash and adds it to the cmdline. # Our modified GRUB extracts the hash and adds it to the cmdline.
printf %s "$(cat ${BUILD_DIR}/${image_name%.bin}_verity.txt)" | \ printf %s "$(cat ${BUILD_DIR}/${image_name%.bin}_verity.txt)" | \
sudo dd of="${root_fs_dir}/boot/flatcar/vmlinuz-a" conv=notrunc \ sudo dd of="${root_fs_dir}/boot/flatcar/vmlinuz-a" conv=notrunc \
@ -564,6 +570,9 @@ EOF
if [[ "${install_grub}" -eq 1 ]]; then if [[ "${install_grub}" -eq 1 ]]; then
local target local target
local target_list="i386-pc x86_64-efi x86_64-xen" local target_list="i386-pc x86_64-efi x86_64-xen"
if [[ ${BOARD} == "arm64-usr" ]]; then
target_list="arm64-efi"
fi
local grub_args=() local grub_args=()
if [[ ${disable_read_write} -eq ${FLAGS_TRUE} ]]; then if [[ ${disable_read_write} -eq ${FLAGS_TRUE} ]]; then
grub_args+=(--verity) grub_args+=(--verity)

5
build_library/catalyst_toolchains.sh
View File

@ -35,6 +35,11 @@ build_target_toolchain() {
# --root is required because run_merge overrides ROOT= # --root is required because run_merge overrides ROOT=
PORTAGE_CONFIGROOT="$ROOT" \ PORTAGE_CONFIGROOT="$ROOT" \
run_merge -u --root="$ROOT" --sysroot="$ROOT" "${TOOLCHAIN_PKGS[@]}" run_merge -u --root="$ROOT" --sysroot="$ROOT" "${TOOLCHAIN_PKGS[@]}"
export clst_myemergeopts="$( echo "$clst_myemergeopts" | sed -e 's/--newuse//' )"
PORTAGE_CONFIGROOT="$ROOT" \
run_merge --root="$ROOT" --sysroot="$ROOT" dev-lang/rust
} }
configure_crossdev_overlay / /tmp/crossdev configure_crossdev_overlay / /tmp/crossdev

46
build_library/check_root
View File

@ -29,11 +29,39 @@ IGNORE_MISSING = {
SonameAtom("x86_64", "libc.so.6")], SonameAtom("x86_64", "libc.so.6")],
# RPATHs and symlinks apparently confuse the perl-5.24 package # RPATHs and symlinks apparently confuse the perl-5.24 package
"dev-lang/perl": [SonameAtom("x86_64", "libperl.so.5.26.2")], "dev-lang/perl": [SonameAtom("arm_64", "libperl.so.5.26.2"),
"sys-apps/texinfo": [SonameAtom("x86_64", "libperl.so.5.26")], SonameAtom("x86_64", "libperl.so.5.26.2")],
"dev-perl/XML-Parser": [SonameAtom("x86_64", "libc.so.6"),
SonameAtom("x86_64", "libexpat.so.1")],
"dev-perl/libintl-perl": [SonameAtom("x86_64", "libc.so.6")],
"dev-util/boost-build": [SonameAtom("x86_64", "libc.so.6")],
"net-dns/dnsmasq": [SonameAtom("x86_64", "libc.so.6")],
"sys-apps/texinfo": [SonameAtom("x86_64", "libc.so.6"),
SonameAtom("x86_64", "libperl.so.5.26")],
# https://bugs.gentoo.org/show_bug.cgi?id=554582 # https://bugs.gentoo.org/show_bug.cgi?id=554582
"net-firewall/ebtables": [SonameAtom("x86_64", "libebt_802_3.so"), "net-firewall/ebtables": [SonameAtom("arm_64", "libebt_802_3.so"),
SonameAtom("arm_64", "libebt_among.so"),
SonameAtom("arm_64", "libebt_arp.so"),
SonameAtom("arm_64", "libebt_arpreply.so"),
SonameAtom("arm_64", "libebt_ip.so"),
SonameAtom("arm_64", "libebt_ip6.so"),
SonameAtom("arm_64", "libebt_limit.so"),
SonameAtom("arm_64", "libebt_log.so"),
SonameAtom("arm_64", "libebt_mark.so"),
SonameAtom("arm_64", "libebt_mark_m.so"),
SonameAtom("arm_64", "libebt_nat.so"),
SonameAtom("arm_64", "libebt_nflog.so"),
SonameAtom("arm_64", "libebt_pkttype.so"),
SonameAtom("arm_64", "libebt_redirect.so"),
SonameAtom("arm_64", "libebt_standard.so"),
SonameAtom("arm_64", "libebt_stp.so"),
SonameAtom("arm_64", "libebt_ulog.so"),
SonameAtom("arm_64", "libebt_vlan.so"),
SonameAtom("arm_64", "libebtable_broute.so"),
SonameAtom("arm_64", "libebtable_filter.so"),
SonameAtom("arm_64", "libebtable_nat.so"),
SonameAtom("x86_64", "libebt_802_3.so"),
SonameAtom("x86_64", "libebt_among.so"), SonameAtom("x86_64", "libebt_among.so"),
SonameAtom("x86_64", "libebt_arp.so"), SonameAtom("x86_64", "libebt_arp.so"),
SonameAtom("x86_64", "libebt_arpreply.so"), SonameAtom("x86_64", "libebt_arpreply.so"),
@ -56,13 +84,23 @@ IGNORE_MISSING = {
SonameAtom("x86_64", "libebtable_nat.so")], SonameAtom("x86_64", "libebtable_nat.so")],
# Ignore the Rust libraries in their own libdir. # Ignore the Rust libraries in their own libdir.
"dev-libs/rustlib": [SonameAtom("x86_64", "librustc_data_structures.so"), "dev-libs/rustlib": [SonameAtom("arm_64", "librustc_data_structures.so"),
SonameAtom("arm_64", "librustc_errors.so"),
SonameAtom("arm_64", "libserialize.so"),
SonameAtom("arm_64", "libstd.so"),
SonameAtom("arm_64", "libsyntax.so"),
SonameAtom("arm_64", "libsyntax_pos.so"),
SonameAtom("arm_64", "libterm.so"),
SonameAtom("x86_64", "librustc_data_structures.so"),
SonameAtom("x86_64", "librustc_errors.so"), SonameAtom("x86_64", "librustc_errors.so"),
SonameAtom("x86_64", "libserialize.so"), SonameAtom("x86_64", "libserialize.so"),
SonameAtom("x86_64", "libstd.so"), SonameAtom("x86_64", "libstd.so"),
SonameAtom("x86_64", "libsyntax.so"), SonameAtom("x86_64", "libsyntax.so"),
SonameAtom("x86_64", "libsyntax_pos.so"), SonameAtom("x86_64", "libsyntax_pos.so"),
SonameAtom("x86_64", "libterm.so")], SonameAtom("x86_64", "libterm.so")],
"sys-kernel/coreos-modules": [SonameAtom("x86_64", "libc.so.6"),
SonameAtom("x86_64", "libcrypto.so.1.0.0")],
} }
USR_LINKS = ("/bin/", "/sbin/", "/lib/", "/lib32/", "/lib64/") USR_LINKS = ("/bin/", "/sbin/", "/lib/", "/lib32/", "/lib64/")

10
build_library/disk_layout.json
View File

@ -26,7 +26,7 @@
"3":{ "3":{
"label":"USR-A", "label":"USR-A",
"uuid":"7130c94a-213a-4e5a-8e26-6cce9662f132", "uuid":"7130c94a-213a-4e5a-8e26-6cce9662f132",
"type":"coreos-rootfs", "type":"flatcar-rootfs",
"blocks":"2097152", "blocks":"2097152",
"fs_blocks":"260094", "fs_blocks":"260094",
"fs_type":"ext2", "fs_type":"ext2",
@ -36,7 +36,7 @@
"4":{ "4":{
"label":"USR-B", "label":"USR-B",
"uuid":"e03dd35c-7c2d-4a47-b3fe-27f15780a57c", "uuid":"e03dd35c-7c2d-4a47-b3fe-27f15780a57c",
"type":"coreos-rootfs", "type":"flatcar-rootfs",
"blocks":"2097152", "blocks":"2097152",
"fs_blocks":"262144" "fs_blocks":"262144"
}, },
@ -56,18 +56,18 @@
}, },
"7":{ "7":{
"label":"OEM-CONFIG", "label":"OEM-CONFIG",
"type":"coreos-reserved", "type":"flatcar-reserved",
"blocks":"131072" "blocks":"131072"
}, },
"8":{ "8":{
"type":"blank", "type":"blank",
"label":"coreos-reserved", "label":"flatcar-reserved",
"blocks":"0" "blocks":"0"
}, },
"9":{ "9":{
"label":"ROOT", "label":"ROOT",
"fs_label":"ROOT", "fs_label":"ROOT",
"type":"coreos-resize", "type":"flatcar-resize",
"blocks":"4427776", "blocks":"4427776",
"fs_type":"ext4", "fs_type":"ext4",
"mount":"/" "mount":"/"

2
build_library/disk_util
View File

@ -400,7 +400,7 @@ def FormatExt(part, device):
if 'fs_label' in part: if 'fs_label' in part:
tune_cmd += ['-L', part['fs_label']] tune_cmd += ['-L', part['fs_label']]
if part['type'] == 'coreos-usr': if part['type'] == 'flatcar-usr':
tune_cmd += ['-U', 'clear', tune_cmd += ['-U', 'clear',
'-T', '20091119110000', '-T', '20091119110000',
'-c', '0', '-i', '0', # Disable auto fsck '-c', '0', '-i', '0', # Disable auto fsck

1
build_library/ebuild_aci_util.sh
View File

@ -40,6 +40,7 @@ ebuild_aci_write_manifest() {
case "${BOARD}" in case "${BOARD}" in
amd64-usr) appc_arch=amd64 ;; amd64-usr) appc_arch=amd64 ;;
arm64-usr) appc_arch=aarch64 ;;
*) die_notrace "Cannot map \"${BOARD}\" to an appc arch" ;; *) die_notrace "Cannot map \"${BOARD}\" to an appc arch" ;;
esac esac

19
build_library/grub.cfg
View File

@ -91,21 +91,32 @@ if [ -z "$linux_console" ]; then
terminal_input console serial_com0 terminal_input console serial_com0
terminal_output console serial_com0 terminal_output console serial_com0
elif [ "$grub_platform" = efi ]; then elif [ "$grub_platform" = efi ]; then
set linux_console="console=ttyS0,115200n8 console=tty0" if [ "$grub_cpu" = arm64 ]; then
set linux_console="console=ttyAMA0,115200n8"
else
set linux_console="console=ttyS0,115200n8 console=tty0"
fi
elif [ "$grub_platform" = xen ]; then elif [ "$grub_platform" = xen ]; then
set linux_console="console=hvc0" set linux_console="console=hvc0"
fi fi
fi fi
set extra_options=""
if [ "$grub_cpu" = arm64 ]; then
set extra_options="acpi=force"
fi
set suf="" set suf=""
# UEFI uses linuxefi/initrdefi instead of linux/initrd # UEFI uses linuxefi/initrdefi instead of linux/initrd except for arm64
if [ "$grub_platform" = efi ]; then if [ "$grub_platform" = efi ]; then
set suf="efi" if [ "$grub_cpu" != arm64 ]; then
set suf="efi"
fi
fi fi
# Assemble the options applicable to all the kernels below # Assemble the options applicable to all the kernels below
set linux_cmdline="rootflags=rw mount.usrflags=ro consoleblank=0 $linux_root $linux_console $first_boot $randomize_disk_guid $oem $linux_append" set linux_cmdline="rootflags=rw mount.usrflags=ro consoleblank=0 $linux_root $linux_console $first_boot $randomize_disk_guid $extra_options $oem $linux_append"
# Re-implement grub_abort() since no command exposes it. # Re-implement grub_abort() since no command exposes it.
function abort { function abort {

26
build_library/grub_install.sh
View File

@ -48,6 +48,10 @@ CORE_MODULES=( normal search test fat part_gpt search_fs_uuid gzio search_part_l
# Name of the core image, depends on target # Name of the core image, depends on target
CORE_NAME= CORE_NAME=
# Whether the SDK's grub or the board root's grub is used. Once amd64 is
# fixed up the board root's grub will always be used.
BOARD_GRUB=0
case "${FLAGS_target}" in case "${FLAGS_target}" in
i386-pc) i386-pc)
CORE_MODULES+=( biosdisk serial ) CORE_MODULES+=( biosdisk serial )
@ -60,11 +64,21 @@ case "${FLAGS_target}" in
x86_64-xen) x86_64-xen)
CORE_NAME="core.elf" CORE_NAME="core.elf"
;; ;;
arm64-efi)
CORE_MODULES+=( serial linux efi_gop getenv smbios efinet verify http tftp )
CORE_NAME="core.efi"
BOARD_GRUB=1
;;
*) *)
die_notrace "Unknown GRUB target ${FLAGS_target}" die_notrace "Unknown GRUB target ${FLAGS_target}"
;; ;;
esac esac
if [[ $BOARD_GRUB -eq 1 ]]; then
info "Updating GRUB in ${BOARD_ROOT}"
emerge-${BOARD} --nodeps --select -qugKN sys-boot/grub
GRUB_SRC="${BOARD_ROOT}/usr/lib/grub/${FLAGS_target}"
fi
[[ -d "${GRUB_SRC}" ]] || die "GRUB not installed at ${GRUB_SRC}" [[ -d "${GRUB_SRC}" ]] || die "GRUB not installed at ${GRUB_SRC}"
# In order for grub-setup-bios to properly detect the layout of the disk # In order for grub-setup-bios to properly detect the layout of the disk
@ -216,6 +230,18 @@ case "${FLAGS_target}" in
sudo cp "${BUILD_LIBRARY_DIR}/menu.lst" \ sudo cp "${BUILD_LIBRARY_DIR}/menu.lst" \
"${ESP_DIR}/boot/grub/menu.lst" "${ESP_DIR}/boot/grub/menu.lst"
;; ;;
arm64-efi)
info "Installing default arm64 UEFI bootloader."
sudo mkdir -p "${ESP_DIR}/EFI/boot"
#FIXME(andrejro): shim not ported to aarch64
sudo cp "${ESP_DIR}/${GRUB_DIR}/${CORE_NAME}" \
"${ESP_DIR}/EFI/boot/bootaa64.efi"
if [[ -n "${FLAGS_copy_efi_grub}" ]]; then
# copying from vfat so ignore permissions
cp --no-preserve=mode "${ESP_DIR}/EFI/boot/bootaa64.efi" \
"${FLAGS_copy_efi_grub}"
fi
;;
esac esac
cleanup cleanup

1
build_library/oem_aci_util.sh
View File

@ -74,6 +74,7 @@ oem_aci_write_manifest() {
case "${BOARD}" in case "${BOARD}" in
amd64-usr) appc_arch=amd64 ;; amd64-usr) appc_arch=amd64 ;;
arm64-usr) appc_arch=aarch64 ;;
*) die_notrace "Cannot map \"${BOARD}\" to an appc arch" ;; *) die_notrace "Cannot map \"${BOARD}\" to an appc arch" ;;
esac esac

7
build_library/prod_image_util.sh
View File

@ -85,7 +85,7 @@ create_prod_image() {
# Assert that if this is supposed to be an official build that the # Assert that if this is supposed to be an official build that the
# official update keys have been used. # official update keys have been used.
if [[ ${COREOS_OFFICIAL:-0} -eq 1 ]]; then if [[ ${COREOS_OFFICIAL:-0} -eq 1 && "${BOARD}" != arm64-usr ]]; then
grep -q official \ grep -q official \
"${root_fs_dir}"/var/db/pkg/coreos-base/coreos-au-key-*/USE \ "${root_fs_dir}"/var/db/pkg/coreos-base/coreos-au-key-*/USE \
|| die_notrace "coreos-au-key is missing the 'official' use flag" || die_notrace "coreos-au-key is missing the 'official' use flag"
@ -141,8 +141,11 @@ EOF
"${BUILD_DIR}/${image_kernel}" "${BUILD_DIR}/${image_kernel}"
"${BUILD_DIR}/${image_pcr_policy}" "${BUILD_DIR}/${image_pcr_policy}"
"${BUILD_DIR}/${image_grub}" "${BUILD_DIR}/${image_grub}"
"${BUILD_DIR}/${image_shim}"
"${BUILD_DIR}/${image_kconfig}" "${BUILD_DIR}/${image_kconfig}"
) )
# FIXME(bgilbert): no shim on arm64
if [[ -f "${BUILD_DIR}/${image_shim}" ]]; then
to_upload+=("${BUILD_DIR}/${image_shim}")
fi
upload_image -d "${BUILD_DIR}/${image_name}.bz2.DIGESTS" "${to_upload[@]}" upload_image -d "${BUILD_DIR}/${image_name}.bz2.DIGESTS" "${to_upload[@]}"
} }

21
build_library/qemu_template.sh
View File

@ -21,6 +21,7 @@ SAFE_ARGS=0
USAGE="Usage: $0 [-a authorized_keys] [--] [qemu options...] USAGE="Usage: $0 [-a authorized_keys] [--] [qemu options...]
Options: Options:
-i FILE File containing an Ignition config -i FILE File containing an Ignition config
(needs \"-append 'flatcar.first_boot=1'\" for already-booted or PXE images)
-u FILE Cloudinit user-data as either a cloud config or script. -u FILE Cloudinit user-data as either a cloud config or script.
-c FILE Config drive as an iso or fat filesystem image. -c FILE Config drive as an iso or fat filesystem image.
-a FILE SSH public keys for login access. [~/.ssh/id_{dsa,rsa}.pub] -a FILE SSH public keys for login access. [~/.ssh/id_{dsa,rsa}.pub]
@ -33,7 +34,8 @@ The -a option may be used to specify a particular ssh public key to give
login access to. If -a is not provided ~/.ssh/id_{dsa,rsa}.pub is used. login access to. If -a is not provided ~/.ssh/id_{dsa,rsa}.pub is used.
If no public key is provided or found the VM will still boot but you may If no public key is provided or found the VM will still boot but you may
be unable to login unless you built the image yourself after setting a be unable to login unless you built the image yourself after setting a
password for the core user with the 'set_shared_user_password.sh' script. password for the core user with the 'set_shared_user_password.sh' script
or provide the option \"-append 'flatcar.autologin'\".
Any arguments after -a and -p will be passed through to qemu, -- may be Any arguments after -a and -p will be passed through to qemu, -- may be
used as an explicit separator. See the qemu(1) man page for more details. used as an explicit separator. See the qemu(1) man page for more details.
@ -153,6 +155,10 @@ else
set -- -machine accel=kvm -cpu host -smp "${VM_NCPUS}" "$@" ;; set -- -machine accel=kvm -cpu host -smp "${VM_NCPUS}" "$@" ;;
amd64-usr+*) amd64-usr+*)
set -- -machine pc-q35-2.8 -cpu kvm64 -smp 1 -nographic "$@" ;; set -- -machine pc-q35-2.8 -cpu kvm64 -smp 1 -nographic "$@" ;;
arm64-usr+aarch64)
set -- -machine virt,accel=kvm,gic-version=3 -cpu host -smp "${VM_NCPUS}" -nographic "$@" ;;
arm64-usr+*)
set -- -machine virt -cpu cortex-a57 -smp 1 -nographic "$@" ;;
*) *)
die "Unsupported arch" ;; die "Unsupported arch" ;;
esac esac
@ -173,6 +179,10 @@ if [ -n "${VM_IMAGE}" ]; then
case "${VM_BOARD}" in case "${VM_BOARD}" in
amd64-usr) amd64-usr)
set -- -drive if=virtio,file="${SCRIPT_DIR}/${VM_IMAGE}" "$@" ;; set -- -drive if=virtio,file="${SCRIPT_DIR}/${VM_IMAGE}" "$@" ;;
arm64-usr)
set -- -drive if=none,id=blk,file="${SCRIPT_DIR}/${VM_IMAGE}" \
-device virtio-blk-device,drive=blk "$@"
;;
*) die "Unsupported arch" ;; *) die "Unsupported arch" ;;
esac esac
fi fi
@ -215,6 +225,15 @@ case "${VM_BOARD}" in
-object rng-random,filename=/dev/urandom,id=rng0 -device virtio-rng-pci,rng=rng0 \ -object rng-random,filename=/dev/urandom,id=rng0 -device virtio-rng-pci,rng=rng0 \
"$@" "$@"
;; ;;
arm64-usr)
qemu-system-aarch64 \
-name "$VM_NAME" \
-m ${VM_MEMORY} \
-netdev user,id=eth0,hostfwd=tcp::"${SSH_PORT}"-:22,hostname="${VM_NAME}" \
-device virtio-net-device,netdev=eth0 \
-object rng-random,filename=/dev/urandom,id=rng0 -device virtio-rng-pci,rng=rng0 \
"$@"
;;
*) die "Unsupported arch" ;; *) die "Unsupported arch" ;;
esac esac

5
build_library/set_lsb_release
View File

@ -31,7 +31,12 @@ OS_ID="flatcar"
OS_ID_LIKE="coreos" OS_ID_LIKE="coreos"
OS_PRETTY_NAME="$OS_NAME $FLATCAR_VERSION (${OS_CODENAME})" OS_PRETTY_NAME="$OS_NAME $FLATCAR_VERSION (${OS_CODENAME})"
# temporarily point arm at a different appid until update support
# is completed in update_engine and the CoreUpdate service.
FLATCAR_APPID="{e96281a6-d1af-4bde-9a0a-97b76e56dc57}" FLATCAR_APPID="{e96281a6-d1af-4bde-9a0a-97b76e56dc57}"
if [[ "${FLAGS_board}" == arm64-* ]]; then
FLATCAR_APPID="{103867da-e3a2-4c92-b0b3-7fbd7f7d8b71}"
fi
# DISTRIB_* are the standard lsb-release names # DISTRIB_* are the standard lsb-release names
sudo mkdir -p "${ROOT_FS_DIR}/usr/share/flatcar" "${ROOT_FS_DIR}/etc/flatcar" sudo mkdir -p "${ROOT_FS_DIR}/usr/share/flatcar" "${ROOT_FS_DIR}/etc/flatcar"

1
build_library/test_image_content.sh
View File

@ -5,6 +5,7 @@
GLSA_WHITELIST=( GLSA_WHITELIST=(
201412-09 # incompatible CA certificate version numbers 201412-09 # incompatible CA certificate version numbers
201908-14 # backported both CVE fixes 201908-14 # backported both CVE fixes
201904-13 # git
201909-01 # Perl, SDK only 201909-01 # Perl, SDK only
201909-08 # backported fix 201909-08 # backported fix
) )

5
build_library/toolchain_util.sh
View File

@ -15,6 +15,7 @@ TOOLCHAIN_PKGS=(
# compiler to build a full native toolchain. Packages are not uploaded. # compiler to build a full native toolchain. Packages are not uploaded.
declare -A CROSS_PROFILES declare -A CROSS_PROFILES
CROSS_PROFILES["x86_64-cros-linux-gnu"]="coreos:coreos/amd64/generic" CROSS_PROFILES["x86_64-cros-linux-gnu"]="coreos:coreos/amd64/generic"
CROSS_PROFILES["aarch64-cros-linux-gnu"]="coreos:coreos/arm64/generic"
# Map board names to CHOSTs and portage profiles. This is the # Map board names to CHOSTs and portage profiles. This is the
# definitive list, there is assorted code new and old that either # definitive list, there is assorted code new and old that either
@ -23,6 +24,9 @@ declare -A BOARD_CHOSTS BOARD_PROFILES
BOARD_CHOSTS["amd64-usr"]="x86_64-cros-linux-gnu" BOARD_CHOSTS["amd64-usr"]="x86_64-cros-linux-gnu"
BOARD_PROFILES["amd64-usr"]="coreos:coreos/amd64/generic" BOARD_PROFILES["amd64-usr"]="coreos:coreos/amd64/generic"
BOARD_CHOSTS["arm64-usr"]="aarch64-cros-linux-gnu"
BOARD_PROFILES["arm64-usr"]="coreos:coreos/arm64/generic"
BOARD_NAMES=( "${!BOARD_CHOSTS[@]}" ) BOARD_NAMES=( "${!BOARD_CHOSTS[@]}" )
# Declare the above globals as read-only to avoid accidental conflicts. # Declare the above globals as read-only to avoid accidental conflicts.
@ -39,6 +43,7 @@ declare -r \
# Usage: get_portage_arch chost # Usage: get_portage_arch chost
get_portage_arch() { get_portage_arch() {
case "$1" in case "$1" in
aarch64*) echo arm64;;
alpha*) echo alpha;; alpha*) echo alpha;;
arm*) echo arm;; arm*) echo arm;;
hppa*) echo hppa;; hppa*) echo hppa;;

17
build_library/vm_image_util.sh
View File

@ -303,6 +303,9 @@ get_default_vm_type() {
amd64-usr) amd64-usr)
echo "qemu" echo "qemu"
;; ;;
arm64-usr)
echo "qemu_uefi"
;;
*) *)
return 1 return 1
;; ;;
@ -619,6 +622,7 @@ _write_cpio_disk() {
local grub_arch local grub_arch
case $BOARD in case $BOARD in
amd64-usr) grub_arch="x86_64-efi" ;; amd64-usr) grub_arch="x86_64-efi" ;;
arm64-usr) grub_arch="arm64-efi" ;;
esac esac
cp "${base_dir}/boot/flatcar/grub/${grub_arch}/core.efi" "${dst_dir}/${grub_name}" cp "${base_dir}/boot/flatcar/grub/${grub_arch}/core.efi" "${dst_dir}/${grub_name}"
@ -715,6 +719,19 @@ _write_qemu_uefi_conf() {
cp "/usr/share/edk2-ovmf/OVMF_CODE.fd" "$(_dst_dir)/${flash_ro}" cp "/usr/share/edk2-ovmf/OVMF_CODE.fd" "$(_dst_dir)/${flash_ro}"
cp "/usr/share/edk2-ovmf/OVMF_VARS.fd" "$(_dst_dir)/${flash_rw}" cp "/usr/share/edk2-ovmf/OVMF_VARS.fd" "$(_dst_dir)/${flash_rw}"
;; ;;
arm64-usr)
# Get edk2 files into local build workspace.
info "Updating edk2 in /build/${BOARD}"
emerge-${BOARD} --nodeps --select -qugN sys-firmware/edk2-aarch64
# Create 64MiB flash device image files.
dd if=/dev/zero bs=1M count=64 of="$(_dst_dir)/${flash_rw}" \
status=none
cp "/build/${BOARD}/usr/share/edk2-aarch64/QEMU_EFI.fd" \
"$(_dst_dir)/${flash_ro}.work"
truncate --reference="$(_dst_dir)/${flash_rw}" \
"$(_dst_dir)/${flash_ro}.work"
mv "$(_dst_dir)/${flash_ro}.work" "$(_dst_dir)/${flash_ro}"
;;
esac esac
sed -e "s%^VM_PFLASH_RO=.*%VM_PFLASH_RO='${flash_ro}'%" \ sed -e "s%^VM_PFLASH_RO=.*%VM_PFLASH_RO='${flash_ro}'%" \

2
build_torcx_store
View File

@ -238,7 +238,7 @@ function torcx_package() {
# swapping default package versions for different OS releases by reordering. # swapping default package versions for different OS releases by reordering.
DEFAULT_IMAGES=( DEFAULT_IMAGES=(
=app-torcx/docker-1.12 =app-torcx/docker-1.12
=app-torcx/docker-18.06 =app-torcx/docker-19.03
) )
# This list contains extra images which will be uploaded and included in the # This list contains extra images which will be uploaded and included in the

8
check_out_of_date.py
View File

@ -67,11 +67,11 @@ def process_emerge_output(eout):
def get_board_packages(board): def get_board_packages(board):
""" gets a list of packages used by a board. valid boards are amd64-usr, sdk, and bootstrap""" """ gets a list of packages used by a board. valid boards are {arm,amd}64-usr, sdk, and bootstrap"""
emerge_args = "--emptytree --pretend --verbose --unordered-display" emerge_args = "--emptytree --pretend --verbose --unordered-display"
if board == "sdk": if board == "sdk":
cmd = "emerge {} @system sdk-depends sdk-extras".format(emerge_args) cmd = "emerge {} @system sdk-depends sdk-extras".format(emerge_args)
elif board == "amd64-usr": elif board == "amd64-usr" or board == "arm64-usr":
cmd = "emerge-{} {} @system board-packages".format(board, emerge_args) cmd = "emerge-{} {} @system board-packages".format(board, emerge_args)
elif board == "bootstrap": elif board == "bootstrap":
pkgs = exec_command_strict("/usr/lib64/catalyst/targets/stage1/build.py") pkgs = exec_command_strict("/usr/lib64/catalyst/targets/stage1/build.py")
@ -92,6 +92,7 @@ def print_table(report, head, line_head, line_tail, tail, joiner, pkg_joiner):
"upstream": ["Upstream"], "upstream": ["Upstream"],
"tag": "Tag", "tag": "Tag",
"sdk": ["sdk"], "sdk": ["sdk"],
"arm64-usr": ["arm64-usr"],
"amd64-usr": ["amd64-usr"], "amd64-usr": ["amd64-usr"],
"bootstrap": ["bootstrap"], "bootstrap": ["bootstrap"],
"modified": "Modified"}) "modified": "Modified"})
@ -102,6 +103,7 @@ def print_table(report, head, line_head, line_tail, tail, joiner, pkg_joiner):
pkg_joiner.join(entry.get("upstream",[])), pkg_joiner.join(entry.get("upstream",[])),
entry.get("tag",""), entry.get("tag",""),
pkg_joiner.join(entry.get("sdk", [])), pkg_joiner.join(entry.get("sdk", [])),
pkg_joiner.join(entry.get("arm64-usr", [])),
pkg_joiner.join(entry.get("amd64-usr", [])), pkg_joiner.join(entry.get("amd64-usr", [])),
pkg_joiner.join(entry.get("bootstrap", [])), pkg_joiner.join(entry.get("bootstrap", [])),
entry.get("modified","")]) + line_tail) entry.get("modified","")]) + line_tail)
@ -138,7 +140,7 @@ def main():
subprocess.check_call(["git", "-C", args.upstream_path, "pull"]) subprocess.check_call(["git", "-C", args.upstream_path, "pull"])
pkg_lists = {} pkg_lists = {}
sources = ["sdk", "bootstrap", "amd64-usr", "image"] sources = ["sdk", "bootstrap", "amd64-usr", "arm64-usr", "image"]
for i in sources: for i in sources:
pkg_lists[i] = get_board_packages(i) pkg_lists[i] = get_board_packages(i)

24
common.sh
View File

@ -46,6 +46,9 @@ fi
# Turn on bash debug support if available for backtraces. # Turn on bash debug support if available for backtraces.
shopt -s extdebug 2>/dev/null shopt -s extdebug 2>/dev/null
# Source qemu library path
. /etc/profile.d/qemu-aarch64.sh 2> /dev/null || true
# Output a backtrace all the way back to the raw invocation, suppressing # Output a backtrace all the way back to the raw invocation, suppressing
# only the _dump_trace frame itself. # only the _dump_trace frame itself.
_dump_trace() { _dump_trace() {
@ -383,9 +386,8 @@ if [[ -f ${GCLIENT_ROOT}/src/scripts/.default_board ]]; then
die ".default_board: invalid name detected; please fix:" \ die ".default_board: invalid name detected; please fix:" \
"'${DEFAULT_BOARD}'" "'${DEFAULT_BOARD}'"
fi fi
elif [ -z "${DEFAULT_BOARD-}" ]; then
DEFAULT_BOARD=amd64-usr
fi fi
DEFAULT_BOARD="${DEFAULT_BOARD-amd64-usr}"
# Directory to store built images. Should be set by sourcing script when used. # Directory to store built images. Should be set by sourcing script when used.
BUILD_DIR= BUILD_DIR=
@ -928,10 +930,21 @@ BOAT
} }
# The binfmt_misc support in the kernel is required. # The binfmt_misc support in the kernel is required.
# The aarch64 binaries should be executed through
# "/usr/bin/qemu-aarch64-static"
setup_qemu_static() { setup_qemu_static() {
local root_fs_dir="$1" local root_fs_dir="$1"
case "${BOARD}" in case "${BOARD}" in
amd64-usr) return 0;; amd64-usr) return 0;;
arm64-usr)
if [[ -f "${root_fs_dir}/sbin/ldconfig" ]]; then
sudo cp /usr/bin/qemu-aarch64 "${root_fs_dir}"/usr/bin/qemu-aarch64-static
echo export QEMU_LD_PREFIX=\"/build/arm64-usr/\" | sudo tee /etc/profile.d/qemu-aarch64.sh
. /etc/profile.d/qemu-aarch64.sh
else
die "Missing basic layout in target rootfs"
fi
;;
*) die "Unsupported arch" ;; *) die "Unsupported arch" ;;
esac esac
} }
@ -940,6 +953,13 @@ clean_qemu_static() {
local root_fs_dir="$1" local root_fs_dir="$1"
case "${BOARD}" in case "${BOARD}" in
amd64-usr) return 0;; amd64-usr) return 0;;
arm64-usr)
if [[ -f "${root_fs_dir}/usr/bin/qemu-aarch64-static" ]]; then
sudo rm "${root_fs_dir}"/usr/bin/qemu-aarch64-static
else
die "File not found"
fi
;;
*) die "Unsupported arch" ;; *) die "Unsupported arch" ;;
esac esac
} }

2
core_dev_sign_update
View File

@ -6,7 +6,7 @@ SCRIPT_ROOT=$(dirname $(readlink -f "$0"))
assert_inside_chroot assert_inside_chroot
DEFINE_string data_dir "" "Directory containing downloaded release artifacts" DEFINE_string data_dir "" "Directory containing downloaded release artifacts"
DEFINE_string board "amd64-usr" "Board to sign artifacts for" DEFINE_string board "" "Board to sign artifacts for"
DEFINE_string version "" "Version to sign artifacts for" DEFINE_string version "" "Version to sign artifacts for"
DEFINE_integer n_signatures "2" "Number of signatures this release will be signed with" DEFINE_integer n_signatures "2" "Number of signatures this release will be signed with"
DEFINE_string output_dir "" "Output directory" DEFINE_string output_dir "" "Output directory"

2
image_inject_bootchain
View File

@ -77,9 +77,11 @@ if [[ -n "${FLAGS_kernel_path}" ]]; then
do_copy "${FLAGS_kernel_path}" "/boot/flatcar/vmlinuz-a" do_copy "${FLAGS_kernel_path}" "/boot/flatcar/vmlinuz-a"
fi fi
# FIXME(bgilbert): no shim on arm64
if [[ -n "${FLAGS_efi_grub_path}" ]]; then if [[ -n "${FLAGS_efi_grub_path}" ]]; then
case "${BOARD}" in case "${BOARD}" in
amd64-usr) image_name="grub.efi" ;; amd64-usr) image_name="grub.efi" ;;
arm64-usr) image_name="bootaa64.efi" ;;
*) die "GRUB filename not known for this board" ;; *) die "GRUB filename not known for this board" ;;
esac esac

5
jenkins/formats-arm64-usr.txt Normal file
View File

@ -0,0 +1,5 @@
openstack
openstack_mini
packet
pxe
qemu_uefi

3
oem/openstack/glance_load.sh
View File

@ -34,6 +34,9 @@ while [[ $# -gt 0 ]]; do
amd64|amd64-usr) amd64|amd64-usr)
board="amd64-usr" board="amd64-usr"
;; ;;
arm64|arm64-usr)
board="arm64-usr"
;;
*) *)
echo "Error: Unknown arg: $1" echo "Error: Unknown arg: $1"
exit 1 exit 1

13
setup_board
View File

@ -27,6 +27,8 @@ DEFINE_boolean getbinpkg "${FLAGS_TRUE}" \
"Download binary packages from remote repository." "Download binary packages from remote repository."
DEFINE_string getbinpkgver "" \ DEFINE_string getbinpkgver "" \
"Use binary packages from a specific version." "Use binary packages from a specific version."
DEFINE_string binhost "" \
"Use binary packages from a specific location (e.g. https://storage.googleapis.com/flatcar-jenkins/sdk/amd64/2000.0.0/pkgs)"
DEFINE_boolean toolchainpkgonly "${FLAGS_FALSE}" \ DEFINE_boolean toolchainpkgonly "${FLAGS_FALSE}" \
"Use binary packages only for the board toolchain." "Use binary packages only for the board toolchain."
DEFINE_integer jobs "${NUM_JOBS}" \ DEFINE_integer jobs "${NUM_JOBS}" \
@ -59,7 +61,7 @@ DEFINE_string variant "" \
"Board variant." "Board variant."
# builds wrappers like equery-amd64-usr. # builds wrappers like equery-arm-generic.
# args: # args:
# $1: command to wrap # $1: command to wrap
# rest: extra arguments to pass to the command # rest: extra arguments to pass to the command
@ -159,7 +161,7 @@ BOARD_ETC="${BOARD_ROOT}/etc"
BOARD_ARCH=$(get_board_arch "$BOARD") BOARD_ARCH=$(get_board_arch "$BOARD")
BOARD_CHOST=$(get_board_chost ${BOARD}) BOARD_CHOST=$(get_board_chost ${BOARD})
PORTAGE_PROFILE=$(get_board_profile "$BOARD") PORTAGE_PROFILE=$(get_board_profile "$BOARD")
BOARD_BINHOST=$(generate_binhost_list) BOARD_BINHOST="$FLAGS_binhost $(generate_binhost_list)"
if [[ ${FLAGS_regen_configs_only} -eq ${FLAGS_TRUE} ]]; then if [[ ${FLAGS_regen_configs_only} -eq ${FLAGS_TRUE} ]]; then
FLAGS_regen_configs=${FLAGS_TRUE} FLAGS_regen_configs=${FLAGS_TRUE}
@ -198,6 +200,9 @@ if [ "${FLAGS_usepkg}" -eq "${FLAGS_TRUE}" ]; then
else else
UPDATE_ARGS+=" --nogetbinpkg " UPDATE_ARGS+=" --nogetbinpkg "
fi fi
if [[ -n "${FLAGS_binhost}" ]]; then
UPDATE_ARGS+=" --binhost=${FLAGS_binhost} "
fi
else else
UPDATE_ARGS+=" --nousepkg" UPDATE_ARGS+=" --nousepkg"
fi fi
@ -318,6 +323,10 @@ if [[ ${FLAGS_regen_configs} -eq ${FLAGS_FALSE} ]]; then
info "Installing toolchain build dependencies" info "Installing toolchain build dependencies"
install_cross_libs "${BOARD_CHOST}" ${EMERGE_FLAGS} --buildpkg=n install_cross_libs "${BOARD_CHOST}" ${EMERGE_FLAGS} --buildpkg=n
info "Building toolchain dependencies"
"${EMERGE_WRAPPER}" --buildpkg --buildpkgonly --onlydeps -e \
--root="/usr/${BOARD_CHOST}" --sysroot="/usr/${BOARD_CHOST}" \
${EMERGE_TOOLCHAIN_FLAGS} "${TOOLCHAIN_PKGS[@]}"
info "Building toolchain" info "Building toolchain"
"${EMERGE_WRAPPER}" --buildpkg --buildpkgonly \ "${EMERGE_WRAPPER}" --buildpkg --buildpkgonly \
--root="/usr/${BOARD_CHOST}" --sysroot="/usr/${BOARD_CHOST}" \ --root="/usr/${BOARD_CHOST}" --sysroot="/usr/${BOARD_CHOST}" \

84
signing/transfer.sh
View File

@ -2,8 +2,9 @@
set -eux set -eux
APPID=e96281a6-d1af-4bde-9a0a-97b76e56dc57 declare -A APPID
BOARD=amd64-usr APPID[amd64-usr]=e96281a6-d1af-4bde-9a0a-97b76e56dc57
APPID[arm64-usr]=103867da-e3a2-4c92-b0b3-7fbd7f7d8b71
declare -A RELEASE_CHANNEL declare -A RELEASE_CHANNEL
RELEASE_CHANNEL[alpha]=Alpha RELEASE_CHANNEL[alpha]=Alpha
@ -13,9 +14,10 @@ RELEASE_CHANNEL[stable]=Stable
download() { download() {
local channel="$1" local channel="$1"
local version="$2" local version="$2"
local board="$3"
local gs="gs://builds.release.core-os.net/${channel}/boards/${BOARD}/${version}" local gs="gs://builds.release.core-os.net/${channel}/boards/${board}/${version}"
local dir="${BASEDIR}/${BOARD}/${version}" local dir="${BASEDIR}/${board}/${version}"
mkdir -p "${dir}" mkdir -p "${dir}"
pushd "${dir}" >/dev/null pushd "${dir}" >/dev/null
@ -31,7 +33,7 @@ download() {
local torcx_base="gs://builds.release.core-os.net/embargoed/devfiles/torcx/manifests/${board}/${version}" local torcx_base="gs://builds.release.core-os.net/embargoed/devfiles/torcx/manifests/${board}/${version}"
if ! gsutil -q stat "${torcx_base}/torcx_manifest.json"; then if ! gsutil -q stat "${torcx_base}/torcx_manifest.json"; then
# Non-embargoed release # Non-embargoed release
local torcx_base="gs://builds.developer.core-os.net/torcx/manifests/${board}/${version}" local torcx_base="gs://builds.developer.core-os.net/torcx/manifests/${BOARD}/${version}"
fi fi
gsutil -m cp \ gsutil -m cp \
"${torcx_base}/torcx_manifest.json" \ "${torcx_base}/torcx_manifest.json" \
@ -49,6 +51,7 @@ download() {
devsign() { devsign() {
local channel="$1" local channel="$1"
local version="$2" local version="$2"
local board="$3"
"$(dirname $0)/../core_dev_sign_update" \ "$(dirname $0)/../core_dev_sign_update" \
--data_dir "${BASEDIR}" \ --data_dir "${BASEDIR}" \
@ -62,17 +65,19 @@ devsign() {
sign() { sign() {
local channel="$1" local channel="$1"
local version="$2" local version="$2"
local board="$3"
"$(dirname $0)/sign.sh" \ "$(dirname $0)/sign.sh" \
"${BASEDIR}/${BOARD}/${version}" \ "${BASEDIR}/${board}/${version}" \
"${SIGDIR}/${BOARD}/${version}" "${SIGDIR}/${board}/${version}"
} }
upload() { upload() {
local channel="$1" local channel="$1"
local version="$2" local version="$2"
local board="$3"
local dir="${BASEDIR}/${BOARD}/${version}" local dir="${BASEDIR}/${board}/${version}"
local payload="${dir}/flatcar_production_update.gz" local payload="${dir}/flatcar_production_update.gz"
local torcx_manifest="${dir}/torcx_manifest.json" local torcx_manifest="${dir}/torcx_manifest.json"
local torcx_manifest_sig="${dir}/torcx_manifest.json.asc" local torcx_manifest_sig="${dir}/torcx_manifest.json.asc"
@ -87,8 +92,8 @@ upload() {
"$(dirname $0)/../core_roller_upload" \ "$(dirname $0)/../core_roller_upload" \
--user="${ROLLER_USERNAME}" \ --user="${ROLLER_USERNAME}" \
--api_key="${ROLLER_API_KEY}" \ --api_key="${ROLLER_API_KEY}" \
--app_id="${APPID}" \ --app_id="${APPID[${board}]}" \
--board="${BOARD}" \ --board="${board}" \
--version="${version}" \ --version="${version}" \
--payload="${payload}" --payload="${payload}"
@ -96,7 +101,7 @@ upload() {
gsutil cp \ gsutil cp \
"${torcx_manifest}" \ "${torcx_manifest}" \
"${torcx_manifest_sig}" \ "${torcx_manifest_sig}" \
"gs://coreos-tectonic-torcx/manifests/${BOARD}/${version}/" "gs://coreos-tectonic-torcx/manifests/${board}/${version}/"
# Update version in a canary channel if one is defined. # Update version in a canary channel if one is defined.
local -n canary_channel="ROLLER_CANARY_CHANNEL_${channel^^}" local -n canary_channel="ROLLER_CANARY_CHANNEL_${channel^^}"
@ -106,7 +111,7 @@ upload() {
--user="${ROLLER_USERNAME}" \ --user="${ROLLER_USERNAME}" \
--key="${ROLLER_API_KEY}" \ --key="${ROLLER_API_KEY}" \
channel update \ channel update \
--app-id="${APPID}" \ --app-id="${APPID[${board}]}" \
--channel="${canary_channel}" \ --channel="${canary_channel}" \
--version="${version}" --version="${version}"
fi fi
@ -115,16 +120,17 @@ upload() {
ready() { ready() {
local channel="$1" local channel="$1"
local version="$2" local version="$2"
local board="$3"
# setting the percent will deactivate (not delete) any existing rollouts for # setting the percent will deactivate (not delete) any existing rollouts for
# this specific group. # this specific group.
echo "Rollout set to 0%" echo "Rollout set to 0% for ${board}"
updateservicectl \ updateservicectl \
--server="https://public.update.core-os.net" \ --server="https://public.update.core-os.net" \
--user="${ROLLER_USERNAME}" \ --user="${ROLLER_USERNAME}" \
--key="${ROLLER_API_KEY}" \ --key="${ROLLER_API_KEY}" \
group percent \ group percent \
--app-id="${APPID}" \ --app-id="${APPID[${board}]}" \
--group-id="${channel}" \ --group-id="${channel}" \
--update-percent=0 --update-percent=0
@ -135,7 +141,7 @@ ready() {
--user="${ROLLER_USERNAME}" \ --user="${ROLLER_USERNAME}" \
--key="${ROLLER_API_KEY}" \ --key="${ROLLER_API_KEY}" \
channel update \ channel update \
--app-id="${APPID}" \ --app-id="${APPID[${board}]}" \
--channel="${RELEASE_CHANNEL[${channel}]}" \ --channel="${RELEASE_CHANNEL[${channel}]}" \
--publish=true \ --publish=true \
--version="${version}" --version="${version}"
@ -144,26 +150,40 @@ ready() {
roll() { roll() {
local channel="$1" local channel="$1"
local hours="$2" local hours="$2"
local board="$3"
local seconds=$((${hours} * 3600)) local seconds=$((${hours} * 3600))
# creating a new rollout deletes any existing rollout for this group and # Only ramp rollouts on AMD64; ARM64 is too small
# automatically activates the new one. if [[ "$board" = "arm64-usr" ]]; then
echo "Creating linear rollout that will get to 100% in ${hours}h" echo "Setting rollout for arm64-usr to 100%"
updateservicectl \ updateservicectl \
--server="https://public.update.core-os.net" \ --server="https://public.update.core-os.net" \
--user="${ROLLER_USERNAME}" \ --user="${ROLLER_USERNAME}" \
--key="${ROLLER_API_KEY}" \ --key="${ROLLER_API_KEY}" \
rollout create linear \ group percent \
--app-id="${APPID}" \ --app-id="${APPID[${board}]}" \
--group-id="${channel}" \ --group-id="${channel}" \
--duration="${seconds}" \ --update-percent=100
--frame-size="60" else
# creating a new rollout deletes any existing rollout for this group and
# automatically activates the new one.
echo "Creating linear rollout for ${board} that will get to 100% in ${hours}h"
updateservicectl \
--server="https://public.update.core-os.net" \
--user="${ROLLER_USERNAME}" \
--key="${ROLLER_API_KEY}" \
rollout create linear \
--app-id="${APPID[${board}]}" \
--group-id="${channel}" \
--duration="${seconds}" \
--frame-size="60"
fi
} }
usage() { usage() {
echo "Usage: $0 {download|upload} <ARTIFACT-DIR> [{-a|-b|-s} <VERSION>]..." >&2 echo "Usage: $0 {download|upload} <ARTIFACT-DIR> [{-a|-b|-s} <VERSION>]..." >&2
echo "Usage: $0 {devsign|sign} <ARTIFACT-DIR> <SIG-DIR> [{-a|-b|-s} <VERSION>]..." >&2 echo "Usage: $0 {devsign|sign} <ARTIFACT-DIR> <SIG-DIR> [{-a|-b|-s} <VERSION> <BOARD>]..." >&2
echo "Usage: $0 ready [{-a|-b|-s} <VERSION>]..." >&2 echo "Usage: $0 ready [{-a|-b|-s} <VERSION>]..." >&2
echo "Usage: $0 roll [{-a|-b|-s} <HOURS-TO-100-PERCENT>]..." >&2 echo "Usage: $0 roll [{-a|-b|-s} <HOURS-TO-100-PERCENT>]..." >&2
exit 1 exit 1
@ -226,13 +246,15 @@ while [[ $# > 0 ]]; do
case "${c}" in case "${c}" in
-a) -a)
$CMD "alpha" "${v}" $CMD "alpha" "${v}" "amd64-usr"
$CMD "alpha" "${v}" "arm64-usr"
;; ;;
-b) -b)
$CMD "beta" "${v}" $CMD "beta" "${v}" "amd64-usr"
$CMD "beta" "${v}" "arm64-usr"
;; ;;
-s) -s)
$CMD "stable" "${v}" $CMD "stable" "${v}" "amd64-usr"
;; ;;
*) *)
usage usage

5
update_chroot
View File

@ -27,6 +27,8 @@ DEFINE_boolean skip_toolchain_update "${FLAGS_FALSE}" \
"Don't update the toolchains." "Don't update the toolchains."
DEFINE_string toolchain_boards "" \ DEFINE_string toolchain_boards "" \
"Extra toolchains to setup for the specified boards." "Extra toolchains to setup for the specified boards."
DEFINE_string binhost "" \
"Use binary packages from a specific location (e.g. https://storage.googleapis.com/flatcar-jenkins/sdk/amd64/2000.0.0/pkgs)"
FLAGS_HELP="usage: $(basename $0) [flags] FLAGS_HELP="usage: $(basename $0) [flags]
Performs an update of the chroot. This script is called as part of Performs an update of the chroot. This script is called as part of
@ -57,6 +59,7 @@ PORTAGE_STABLE_OVERLAY="${REPO_ROOT}/src/third_party/portage-stable"
CROSSDEV_OVERLAY="/usr/local/portage/crossdev" CROSSDEV_OVERLAY="/usr/local/portage/crossdev"
COREOS_OVERLAY="${REPO_ROOT}/src/third_party/coreos-overlay" COREOS_OVERLAY="${REPO_ROOT}/src/third_party/coreos-overlay"
COREOS_CONFIG="${COREOS_OVERLAY}/coreos/config" COREOS_CONFIG="${COREOS_OVERLAY}/coreos/config"
PORTAGE_BINHOST="$FLAGS_binhost $(get_sdk_binhost)"
# PORTAGE_USERNAME may already be in the env but set just to be safe. # PORTAGE_USERNAME may already be in the env but set just to be safe.
: ${PORTAGE_USERNAME:=${USER}} : ${PORTAGE_USERNAME:=${USER}}
@ -83,7 +86,7 @@ PORTDIR_OVERLAY="${CROSSDEV_OVERLAY} ${COREOS_OVERLAY}"
DISTDIR="${REPO_CACHE_DIR}/distfiles" DISTDIR="${REPO_CACHE_DIR}/distfiles"
PKGDIR="/var/lib/portage/pkgs" PKGDIR="/var/lib/portage/pkgs"
PORT_LOGDIR="/var/log/portage" PORT_LOGDIR="/var/log/portage"
PORTAGE_BINHOST="$(get_sdk_binhost)" PORTAGE_BINHOST="$PORTAGE_BINHOST"
PORTAGE_USERNAME="${PORTAGE_USERNAME}" PORTAGE_USERNAME="${PORTAGE_USERNAME}"
MAKEOPTS="--jobs=${NUM_JOBS} --load-average=$((NUM_JOBS * 2))" MAKEOPTS="--jobs=${NUM_JOBS} --load-average=$((NUM_JOBS * 2))"
CCACHE_UMASK="002" CCACHE_UMASK="002"