2345.0.0

build_library/build_image_util.sh

@@ -103,6 +103,8 @@ generate_update() {
 run_ldconfig() {
   local root_fs_dir=$1
   case ${ARCH} in
+  arm64)
+    sudo qemu-aarch64 "${root_fs_dir}"/usr/sbin/ldconfig -r "${root_fs_dir}";;
   x86|amd64)
     sudo ldconfig -r "${root_fs_dir}";;
   *)
@@ -113,6 +115,8 @@ run_ldconfig() {
 run_localedef() {
   local root_fs_dir="$1" loader=()
   case ${ARCH} in
+  arm64)
+    loader=( qemu-aarch64 -L "${root_fs_dir}" );;
   amd64)
     loader=( "${root_fs_dir}/usr/lib64/ld-linux-x86-64.so.2" \
                --library-path "${root_fs_dir}/usr/lib64" );;
@@ -456,6 +460,7 @@ finish_image() {
   # Only enable rootfs verification on supported boards.
   case "${FLAGS_board}" in
     amd64-usr) verity_offset=64 ;;
+    arm64-usr) verity_offset=512 ;;
     *) disable_read_write=${FLAGS_FALSE} ;;
   esac
 
@@ -527,6 +532,7 @@ EOF
     # Magic alert!  Root hash injection works by writing the hash value to a
     # known unused SHA256-sized location in the kernel image.
     # For amd64 the rdev error message is used.
+    # For arm64 an area between the EFI headers and the kernel text is used.
     # Our modified GRUB extracts the hash and adds it to the cmdline.
     printf %s "$(cat ${BUILD_DIR}/${image_name%.bin}_verity.txt)" | \
         sudo dd of="${root_fs_dir}/boot/flatcar/vmlinuz-a" conv=notrunc \
@@ -564,6 +570,9 @@ EOF
   if [[ "${install_grub}" -eq 1 ]]; then
     local target
     local target_list="i386-pc x86_64-efi x86_64-xen"
+    if [[ ${BOARD} == "arm64-usr" ]]; then
+      target_list="arm64-efi"
+    fi
     local grub_args=()
     if [[ ${disable_read_write} -eq ${FLAGS_TRUE} ]]; then
       grub_args+=(--verity)

build_library/catalyst_toolchains.sh

@@ -35,6 +35,11 @@ build_target_toolchain() {
     # --root is required because run_merge overrides ROOT=
     PORTAGE_CONFIGROOT="$ROOT" \
         run_merge -u --root="$ROOT" --sysroot="$ROOT" "${TOOLCHAIN_PKGS[@]}"
+
+    export clst_myemergeopts="$( echo "$clst_myemergeopts" | sed -e 's/--newuse//' )"
+
+    PORTAGE_CONFIGROOT="$ROOT" \
+        run_merge --root="$ROOT" --sysroot="$ROOT" dev-lang/rust
 }
 
 configure_crossdev_overlay / /tmp/crossdev

build_library/check_root

@@ -29,11 +29,39 @@ IGNORE_MISSING = {
                                  SonameAtom("x86_64", "libc.so.6")],
 
     # RPATHs and symlinks apparently confuse the perl-5.24 package
-    "dev-lang/perl":            [SonameAtom("x86_64", "libperl.so.5.26.2")],
-    "sys-apps/texinfo":         [SonameAtom("x86_64", "libperl.so.5.26")],
+    "dev-lang/perl":            [SonameAtom("arm_64", "libperl.so.5.26.2"),
+                                 SonameAtom("x86_64", "libperl.so.5.26.2")],
+    "dev-perl/XML-Parser":      [SonameAtom("x86_64", "libc.so.6"),
+                                 SonameAtom("x86_64", "libexpat.so.1")],
+    "dev-perl/libintl-perl":    [SonameAtom("x86_64", "libc.so.6")],
+    "dev-util/boost-build":     [SonameAtom("x86_64", "libc.so.6")],
+    "net-dns/dnsmasq":          [SonameAtom("x86_64", "libc.so.6")],
+    "sys-apps/texinfo":         [SonameAtom("x86_64", "libc.so.6"),
+                                 SonameAtom("x86_64", "libperl.so.5.26")],
 
     # https://bugs.gentoo.org/show_bug.cgi?id=554582
-    "net-firewall/ebtables":    [SonameAtom("x86_64", "libebt_802_3.so"),
+    "net-firewall/ebtables":    [SonameAtom("arm_64", "libebt_802_3.so"),
+                                 SonameAtom("arm_64", "libebt_among.so"),
+                                 SonameAtom("arm_64", "libebt_arp.so"),
+                                 SonameAtom("arm_64", "libebt_arpreply.so"),
+                                 SonameAtom("arm_64", "libebt_ip.so"),
+                                 SonameAtom("arm_64", "libebt_ip6.so"),
+                                 SonameAtom("arm_64", "libebt_limit.so"),
+                                 SonameAtom("arm_64", "libebt_log.so"),
+                                 SonameAtom("arm_64", "libebt_mark.so"),
+                                 SonameAtom("arm_64", "libebt_mark_m.so"),
+                                 SonameAtom("arm_64", "libebt_nat.so"),
+                                 SonameAtom("arm_64", "libebt_nflog.so"),
+                                 SonameAtom("arm_64", "libebt_pkttype.so"),
+                                 SonameAtom("arm_64", "libebt_redirect.so"),
+                                 SonameAtom("arm_64", "libebt_standard.so"),
+                                 SonameAtom("arm_64", "libebt_stp.so"),
+                                 SonameAtom("arm_64", "libebt_ulog.so"),
+                                 SonameAtom("arm_64", "libebt_vlan.so"),
+                                 SonameAtom("arm_64", "libebtable_broute.so"),
+                                 SonameAtom("arm_64", "libebtable_filter.so"),
+                                 SonameAtom("arm_64", "libebtable_nat.so"),
+                                 SonameAtom("x86_64", "libebt_802_3.so"),
                                  SonameAtom("x86_64", "libebt_among.so"),
                                  SonameAtom("x86_64", "libebt_arp.so"),
                                  SonameAtom("x86_64", "libebt_arpreply.so"),
@@ -56,13 +84,23 @@ IGNORE_MISSING = {
                                  SonameAtom("x86_64", "libebtable_nat.so")],
 
     # Ignore the Rust libraries in their own libdir.
-    "dev-libs/rustlib":         [SonameAtom("x86_64", "librustc_data_structures.so"),
+    "dev-libs/rustlib":         [SonameAtom("arm_64", "librustc_data_structures.so"),
+                                 SonameAtom("arm_64", "librustc_errors.so"),
+                                 SonameAtom("arm_64", "libserialize.so"),
+                                 SonameAtom("arm_64", "libstd.so"),
+                                 SonameAtom("arm_64", "libsyntax.so"),
+                                 SonameAtom("arm_64", "libsyntax_pos.so"),
+                                 SonameAtom("arm_64", "libterm.so"),
+                                 SonameAtom("x86_64", "librustc_data_structures.so"),
                                  SonameAtom("x86_64", "librustc_errors.so"),
                                  SonameAtom("x86_64", "libserialize.so"),
                                  SonameAtom("x86_64", "libstd.so"),
                                  SonameAtom("x86_64", "libsyntax.so"),
                                  SonameAtom("x86_64", "libsyntax_pos.so"),
                                  SonameAtom("x86_64", "libterm.so")],
+
+    "sys-kernel/coreos-modules": [SonameAtom("x86_64", "libc.so.6"),
+                                  SonameAtom("x86_64", "libcrypto.so.1.0.0")],
 }
 
 USR_LINKS = ("/bin/", "/sbin/", "/lib/", "/lib32/", "/lib64/")

build_library/disk_layout.json

@@ -26,7 +26,7 @@
       "3":{
         "label":"USR-A",
         "uuid":"7130c94a-213a-4e5a-8e26-6cce9662f132",
-        "type":"coreos-rootfs",
+        "type":"flatcar-rootfs",
         "blocks":"2097152",
         "fs_blocks":"260094",
         "fs_type":"ext2",
@@ -36,7 +36,7 @@
       "4":{
         "label":"USR-B",
         "uuid":"e03dd35c-7c2d-4a47-b3fe-27f15780a57c",
-        "type":"coreos-rootfs",
+        "type":"flatcar-rootfs",
         "blocks":"2097152",
         "fs_blocks":"262144"
       },
@@ -56,18 +56,18 @@
       },
       "7":{
         "label":"OEM-CONFIG",
-        "type":"coreos-reserved",
+        "type":"flatcar-reserved",
         "blocks":"131072"
       },
       "8":{
         "type":"blank",
-        "label":"coreos-reserved",
+        "label":"flatcar-reserved",
         "blocks":"0"
       },
       "9":{
         "label":"ROOT",
         "fs_label":"ROOT",
-        "type":"coreos-resize",
+        "type":"flatcar-resize",
         "blocks":"4427776",
         "fs_type":"ext4",
         "mount":"/"

build_library/disk_util

@@ -400,7 +400,7 @@ def FormatExt(part, device):
   if 'fs_label' in part:
     tune_cmd += ['-L', part['fs_label']]
 
-  if part['type'] == 'coreos-usr':
+  if part['type'] == 'flatcar-usr':
     tune_cmd += ['-U', 'clear',
                  '-T', '20091119110000',
                  '-c', '0', '-i', '0', # Disable auto fsck

build_library/ebuild_aci_util.sh

@@ -40,6 +40,7 @@ ebuild_aci_write_manifest() {
 
     case "${BOARD}" in
         amd64-usr) appc_arch=amd64 ;;
+        arm64-usr) appc_arch=aarch64 ;;
         *) die_notrace "Cannot map \"${BOARD}\" to an appc arch" ;;
     esac
 

build_library/grub.cfg

@@ -91,21 +91,32 @@ if [ -z "$linux_console" ]; then
         terminal_input console serial_com0
         terminal_output console serial_com0
     elif [ "$grub_platform" = efi ]; then
+        if [ "$grub_cpu" = arm64 ]; then
+            set linux_console="console=ttyAMA0,115200n8"
+        else
             set linux_console="console=ttyS0,115200n8 console=tty0"
+       fi
     elif [ "$grub_platform" = xen ]; then
         set linux_console="console=hvc0"
     fi
 fi
 
+set extra_options=""
+if [ "$grub_cpu" = arm64 ]; then
+	set extra_options="acpi=force"
+fi
+
 set suf=""
 
-# UEFI uses linuxefi/initrdefi instead of linux/initrd
+# UEFI uses linuxefi/initrdefi instead of linux/initrd except for arm64
 if [ "$grub_platform" = efi ]; then
+  if [ "$grub_cpu" != arm64 ]; then
     set suf="efi"
+  fi
 fi
 
 # Assemble the options applicable to all the kernels below
-set linux_cmdline="rootflags=rw mount.usrflags=ro consoleblank=0 $linux_root $linux_console $first_boot $randomize_disk_guid $oem $linux_append"
+set linux_cmdline="rootflags=rw mount.usrflags=ro consoleblank=0 $linux_root $linux_console $first_boot $randomize_disk_guid $extra_options $oem $linux_append"
 
 # Re-implement grub_abort() since no command exposes it.
 function abort {

build_library/grub_install.sh

@@ -48,6 +48,10 @@ CORE_MODULES=( normal search test fat part_gpt search_fs_uuid gzio search_part_l
 # Name of the core image, depends on target
 CORE_NAME=
 
+# Whether the SDK's grub or the board root's grub is used. Once amd64 is
+# fixed up the board root's grub will always be used.
+BOARD_GRUB=0
+
 case "${FLAGS_target}" in
     i386-pc)
         CORE_MODULES+=( biosdisk serial )
@@ -60,11 +64,21 @@ case "${FLAGS_target}" in
     x86_64-xen)
         CORE_NAME="core.elf"
         ;;
+    arm64-efi)
+        CORE_MODULES+=( serial linux efi_gop getenv smbios efinet verify http tftp )
+        CORE_NAME="core.efi"
+        BOARD_GRUB=1
+        ;;
     *)
         die_notrace "Unknown GRUB target ${FLAGS_target}"
         ;;
 esac
 
+if [[ $BOARD_GRUB -eq 1 ]]; then
+    info "Updating GRUB in ${BOARD_ROOT}"
+    emerge-${BOARD} --nodeps --select -qugKN sys-boot/grub
+    GRUB_SRC="${BOARD_ROOT}/usr/lib/grub/${FLAGS_target}"
+fi
 [[ -d "${GRUB_SRC}" ]] || die "GRUB not installed at ${GRUB_SRC}"
 
 # In order for grub-setup-bios to properly detect the layout of the disk
@@ -216,6 +230,18 @@ case "${FLAGS_target}" in
         sudo cp "${BUILD_LIBRARY_DIR}/menu.lst" \
             "${ESP_DIR}/boot/grub/menu.lst"
         ;;
+    arm64-efi)
+        info "Installing default arm64 UEFI bootloader."
+        sudo mkdir -p "${ESP_DIR}/EFI/boot"
+        #FIXME(andrejro): shim not ported to aarch64
+        sudo cp "${ESP_DIR}/${GRUB_DIR}/${CORE_NAME}" \
+            "${ESP_DIR}/EFI/boot/bootaa64.efi"
+        if [[ -n "${FLAGS_copy_efi_grub}" ]]; then
+            # copying from vfat so ignore permissions
+            cp --no-preserve=mode "${ESP_DIR}/EFI/boot/bootaa64.efi" \
+                "${FLAGS_copy_efi_grub}"
+        fi
+        ;;
 esac
 
 cleanup

build_library/oem_aci_util.sh

@@ -74,6 +74,7 @@ oem_aci_write_manifest() {
 
     case "${BOARD}" in
         amd64-usr) appc_arch=amd64 ;;
+        arm64-usr) appc_arch=aarch64 ;;
         *) die_notrace "Cannot map \"${BOARD}\" to an appc arch" ;;
     esac
 

build_library/prod_image_util.sh

@@ -85,7 +85,7 @@ create_prod_image() {
 
   # Assert that if this is supposed to be an official build that the
   # official update keys have been used.
-  if [[ ${COREOS_OFFICIAL:-0} -eq 1 ]]; then
+  if [[ ${COREOS_OFFICIAL:-0} -eq 1 && "${BOARD}" != arm64-usr ]]; then
       grep -q official \
           "${root_fs_dir}"/var/db/pkg/coreos-base/coreos-au-key-*/USE \
           || die_notrace "coreos-au-key is missing the 'official' use flag"
@@ -141,8 +141,11 @@ EOF
     "${BUILD_DIR}/${image_kernel}"
     "${BUILD_DIR}/${image_pcr_policy}"
     "${BUILD_DIR}/${image_grub}"
-    "${BUILD_DIR}/${image_shim}"
     "${BUILD_DIR}/${image_kconfig}"
   )
+  # FIXME(bgilbert): no shim on arm64
+  if [[ -f "${BUILD_DIR}/${image_shim}" ]]; then
+    to_upload+=("${BUILD_DIR}/${image_shim}")
+  fi
   upload_image -d "${BUILD_DIR}/${image_name}.bz2.DIGESTS" "${to_upload[@]}"
 }

build_library/qemu_template.sh

@@ -21,6 +21,7 @@ SAFE_ARGS=0
 USAGE="Usage: $0 [-a authorized_keys] [--] [qemu options...]
 Options:
     -i FILE     File containing an Ignition config
+                (needs \"-append 'flatcar.first_boot=1'\" for already-booted or PXE images)
     -u FILE     Cloudinit user-data as either a cloud config or script.
     -c FILE     Config drive as an iso or fat filesystem image.
     -a FILE     SSH public keys for login access. [~/.ssh/id_{dsa,rsa}.pub]
@@ -33,7 +34,8 @@ The -a option may be used to specify a particular ssh public key to give
 login access to. If -a is not provided ~/.ssh/id_{dsa,rsa}.pub is used.
 If no public key is provided or found the VM will still boot but you may
 be unable to login unless you built the image yourself after setting a
-password for the core user with the 'set_shared_user_password.sh' script.
+password for the core user with the 'set_shared_user_password.sh' script
+or provide the option \"-append 'flatcar.autologin'\".
 
 Any arguments after -a and -p will be passed through to qemu, -- may be
 used as an explicit separator. See the qemu(1) man page for more details.
@@ -153,6 +155,10 @@ else
             set -- -machine accel=kvm -cpu host -smp "${VM_NCPUS}" "$@" ;;
         amd64-usr+*)
             set -- -machine pc-q35-2.8 -cpu kvm64 -smp 1 -nographic "$@" ;;
+        arm64-usr+aarch64)
+            set -- -machine virt,accel=kvm,gic-version=3 -cpu host -smp "${VM_NCPUS}" -nographic "$@" ;;
+        arm64-usr+*)
+            set -- -machine virt -cpu cortex-a57 -smp 1 -nographic "$@" ;;
         *)
             die "Unsupported arch" ;;
     esac
@@ -173,6 +179,10 @@ if [ -n "${VM_IMAGE}" ]; then
     case "${VM_BOARD}" in
         amd64-usr)
             set -- -drive if=virtio,file="${SCRIPT_DIR}/${VM_IMAGE}" "$@" ;;
+        arm64-usr)
+            set -- -drive if=none,id=blk,file="${SCRIPT_DIR}/${VM_IMAGE}" \
+            -device virtio-blk-device,drive=blk "$@"
+            ;;
         *) die "Unsupported arch" ;;
     esac
 fi
@@ -215,6 +225,15 @@ case "${VM_BOARD}" in
             -object rng-random,filename=/dev/urandom,id=rng0 -device virtio-rng-pci,rng=rng0 \
             "$@"
         ;;
+    arm64-usr)
+        qemu-system-aarch64 \
+            -name "$VM_NAME" \
+            -m ${VM_MEMORY} \
+            -netdev user,id=eth0,hostfwd=tcp::"${SSH_PORT}"-:22,hostname="${VM_NAME}" \
+            -device virtio-net-device,netdev=eth0 \
+            -object rng-random,filename=/dev/urandom,id=rng0 -device virtio-rng-pci,rng=rng0 \
+            "$@"
+        ;;
     *) die "Unsupported arch" ;;
 esac
 

build_library/set_lsb_release

@@ -31,7 +31,12 @@ OS_ID="flatcar"
 OS_ID_LIKE="coreos"
 OS_PRETTY_NAME="$OS_NAME $FLATCAR_VERSION (${OS_CODENAME})"
 
+# temporarily point arm at a different appid until update support
+# is completed in update_engine and the CoreUpdate service.
 FLATCAR_APPID="{e96281a6-d1af-4bde-9a0a-97b76e56dc57}"
+if [[ "${FLAGS_board}" == arm64-* ]]; then
+  FLATCAR_APPID="{103867da-e3a2-4c92-b0b3-7fbd7f7d8b71}"
+fi
 
 # DISTRIB_* are the standard lsb-release names
 sudo mkdir -p "${ROOT_FS_DIR}/usr/share/flatcar" "${ROOT_FS_DIR}/etc/flatcar"

build_library/test_image_content.sh

@@ -5,6 +5,7 @@
 GLSA_WHITELIST=(
 	201412-09 # incompatible CA certificate version numbers
 	201908-14 # backported both CVE fixes
+	201904-13 # git
 	201909-01 # Perl, SDK only
 	201909-08 # backported fix
 )

build_library/toolchain_util.sh

@@ -15,6 +15,7 @@ TOOLCHAIN_PKGS=(
 # compiler to build a full native toolchain. Packages are not uploaded.
 declare -A CROSS_PROFILES
 CROSS_PROFILES["x86_64-cros-linux-gnu"]="coreos:coreos/amd64/generic"
+CROSS_PROFILES["aarch64-cros-linux-gnu"]="coreos:coreos/arm64/generic"
 
 # Map board names to CHOSTs and portage profiles. This is the
 # definitive list, there is assorted code new and old that either
@@ -23,6 +24,9 @@ declare -A BOARD_CHOSTS BOARD_PROFILES
 BOARD_CHOSTS["amd64-usr"]="x86_64-cros-linux-gnu"
 BOARD_PROFILES["amd64-usr"]="coreos:coreos/amd64/generic"
 
+BOARD_CHOSTS["arm64-usr"]="aarch64-cros-linux-gnu"
+BOARD_PROFILES["arm64-usr"]="coreos:coreos/arm64/generic"
+
 BOARD_NAMES=( "${!BOARD_CHOSTS[@]}" )
 
 # Declare the above globals as read-only to avoid accidental conflicts.
@@ -39,6 +43,7 @@ declare -r \
 # Usage: get_portage_arch chost
 get_portage_arch() {
     case "$1" in
+        aarch64*)   echo arm64;;
         alpha*)     echo alpha;;
         arm*)       echo arm;;
         hppa*)      echo hppa;;

build_library/vm_image_util.sh

@@ -303,6 +303,9 @@ get_default_vm_type() {
     amd64-usr)
         echo "qemu"
         ;;
+    arm64-usr)
+        echo "qemu_uefi"
+        ;;
     *)
         return 1
         ;;
@@ -619,6 +622,7 @@ _write_cpio_disk() {
     local grub_arch
     case $BOARD in
         amd64-usr) grub_arch="x86_64-efi" ;;
+        arm64-usr) grub_arch="arm64-efi" ;;
     esac
 
     cp "${base_dir}/boot/flatcar/grub/${grub_arch}/core.efi" "${dst_dir}/${grub_name}"
@@ -715,6 +719,19 @@ _write_qemu_uefi_conf() {
             cp "/usr/share/edk2-ovmf/OVMF_CODE.fd" "$(_dst_dir)/${flash_ro}"
             cp "/usr/share/edk2-ovmf/OVMF_VARS.fd" "$(_dst_dir)/${flash_rw}"
             ;;
+        arm64-usr)
+            # Get edk2 files into local build workspace.
+            info "Updating edk2 in /build/${BOARD}"
+            emerge-${BOARD} --nodeps --select -qugN sys-firmware/edk2-aarch64
+            # Create 64MiB flash device image files.
+            dd if=/dev/zero bs=1M count=64 of="$(_dst_dir)/${flash_rw}" \
+                status=none
+            cp "/build/${BOARD}/usr/share/edk2-aarch64/QEMU_EFI.fd" \
+                "$(_dst_dir)/${flash_ro}.work"
+            truncate --reference="$(_dst_dir)/${flash_rw}" \
+                "$(_dst_dir)/${flash_ro}.work"
+            mv "$(_dst_dir)/${flash_ro}.work" "$(_dst_dir)/${flash_ro}"
+            ;;
     esac
 
     sed -e "s%^VM_PFLASH_RO=.*%VM_PFLASH_RO='${flash_ro}'%" \

build_torcx_store

@@ -238,7 +238,7 @@ function torcx_package() {
 # swapping default package versions for different OS releases by reordering.
 DEFAULT_IMAGES=(
         =app-torcx/docker-1.12
-        =app-torcx/docker-18.06
+        =app-torcx/docker-19.03
 )
 
 # This list contains extra images which will be uploaded and included in the

check_out_of_date.py

@@ -67,11 +67,11 @@ def process_emerge_output(eout):
 
 
 def get_board_packages(board):
-    """ gets a list of packages used by a board. valid boards are amd64-usr, sdk, and bootstrap"""
+    """ gets a list of packages used by a board. valid boards are {arm,amd}64-usr, sdk, and bootstrap"""
     emerge_args = "--emptytree --pretend --verbose --unordered-display"
     if board == "sdk":
         cmd = "emerge {} @system sdk-depends sdk-extras".format(emerge_args)
-    elif board == "amd64-usr":
+    elif board == "amd64-usr" or board == "arm64-usr":
         cmd = "emerge-{} {} @system board-packages".format(board, emerge_args)
     elif board == "bootstrap":
         pkgs = exec_command_strict("/usr/lib64/catalyst/targets/stage1/build.py")
@@ -92,6 +92,7 @@ def print_table(report, head, line_head, line_tail, tail, joiner, pkg_joiner):
                       "upstream": ["Upstream"],
                       "tag": "Tag",
                       "sdk": ["sdk"],
+                      "arm64-usr": ["arm64-usr"],
                       "amd64-usr": ["amd64-usr"],
                       "bootstrap": ["bootstrap"],
                       "modified": "Modified"})
@@ -102,6 +103,7 @@ def print_table(report, head, line_head, line_tail, tail, joiner, pkg_joiner):
               pkg_joiner.join(entry.get("upstream",[])),
               entry.get("tag",""),
               pkg_joiner.join(entry.get("sdk", [])),
+              pkg_joiner.join(entry.get("arm64-usr", [])),
               pkg_joiner.join(entry.get("amd64-usr", [])),
               pkg_joiner.join(entry.get("bootstrap", [])),
               entry.get("modified","")]) + line_tail)
@@ -138,7 +140,7 @@ def main():
         subprocess.check_call(["git", "-C", args.upstream_path, "pull"])
 
     pkg_lists = {}
-    sources = ["sdk", "bootstrap", "amd64-usr", "image"]
+    sources = ["sdk", "bootstrap", "amd64-usr", "arm64-usr", "image"]
     for i in sources:
         pkg_lists[i] = get_board_packages(i)
 

common.sh

@@ -46,6 +46,9 @@ fi
 # Turn on bash debug support if available for backtraces.
 shopt -s extdebug 2>/dev/null
 
+# Source qemu library path
+. /etc/profile.d/qemu-aarch64.sh 2> /dev/null || true
+
 # Output a backtrace all the way back to the raw invocation, suppressing
 # only the _dump_trace frame itself.
 _dump_trace() {
@@ -383,9 +386,8 @@ if [[ -f ${GCLIENT_ROOT}/src/scripts/.default_board ]]; then
     die ".default_board: invalid name detected; please fix:" \
         "'${DEFAULT_BOARD}'"
   fi
-elif [ -z "${DEFAULT_BOARD-}" ]; then
-  DEFAULT_BOARD=amd64-usr
 fi
+DEFAULT_BOARD="${DEFAULT_BOARD-amd64-usr}"
 
 # Directory to store built images.  Should be set by sourcing script when used.
 BUILD_DIR=
@@ -928,10 +930,21 @@ BOAT
 }
 
 # The binfmt_misc support in the kernel is required.
+# The aarch64 binaries should be executed through
+# "/usr/bin/qemu-aarch64-static"
 setup_qemu_static() {
   local root_fs_dir="$1"
   case "${BOARD}" in
     amd64-usr) return 0;;
+    arm64-usr)
+      if [[ -f "${root_fs_dir}/sbin/ldconfig" ]]; then
+        sudo cp /usr/bin/qemu-aarch64 "${root_fs_dir}"/usr/bin/qemu-aarch64-static
+        echo export QEMU_LD_PREFIX=\"/build/arm64-usr/\" | sudo tee /etc/profile.d/qemu-aarch64.sh
+        . /etc/profile.d/qemu-aarch64.sh
+      else
+        die "Missing basic layout in target rootfs"
+      fi
+    ;;
     *) die "Unsupported arch" ;;
   esac
 }
@@ -940,6 +953,13 @@ clean_qemu_static() {
   local root_fs_dir="$1"
   case "${BOARD}" in
     amd64-usr) return 0;;
+    arm64-usr)
+      if [[ -f "${root_fs_dir}/usr/bin/qemu-aarch64-static" ]]; then
+        sudo rm "${root_fs_dir}"/usr/bin/qemu-aarch64-static
+      else
+        die "File not found"
+      fi
+    ;;
     *) die "Unsupported arch" ;;
   esac
 }

core_dev_sign_update

@@ -6,7 +6,7 @@ SCRIPT_ROOT=$(dirname $(readlink -f "$0"))
 assert_inside_chroot
 
 DEFINE_string data_dir "" "Directory containing downloaded release artifacts"
-DEFINE_string board "amd64-usr" "Board to sign artifacts for"
+DEFINE_string board "" "Board to sign artifacts for"
 DEFINE_string version "" "Version to sign artifacts for"
 DEFINE_integer n_signatures "2" "Number of signatures this release will be signed with"
 DEFINE_string output_dir "" "Output directory"

image_inject_bootchain

@@ -77,9 +77,11 @@ if [[ -n "${FLAGS_kernel_path}" ]]; then
     do_copy "${FLAGS_kernel_path}" "/boot/flatcar/vmlinuz-a"
 fi
 
+# FIXME(bgilbert): no shim on arm64
 if [[ -n "${FLAGS_efi_grub_path}" ]]; then
     case "${BOARD}" in
     amd64-usr) image_name="grub.efi" ;;
+    arm64-usr) image_name="bootaa64.efi" ;;
     *) die "GRUB filename not known for this board" ;;
     esac
 

jenkins/formats-arm64-usr.txt

@@ -0,0 +1,5 @@
+openstack
+openstack_mini
+packet
+pxe
+qemu_uefi

oem/openstack/glance_load.sh

@@ -34,6 +34,9 @@ while [[ $# -gt 0 ]]; do
 	amd64|amd64-usr)
 		board="amd64-usr"
 		;;
+	arm64|arm64-usr)
+		board="arm64-usr"
+		;;
 	*)
 		echo "Error: Unknown arg: $1"
 		exit 1

setup_board

@@ -27,6 +27,8 @@ DEFINE_boolean getbinpkg "${FLAGS_TRUE}" \
   "Download binary packages from remote repository."
 DEFINE_string getbinpkgver "" \
   "Use binary packages from a specific version."
+DEFINE_string binhost "" \
+  "Use binary packages from a specific location (e.g. https://storage.googleapis.com/flatcar-jenkins/sdk/amd64/2000.0.0/pkgs)"
 DEFINE_boolean toolchainpkgonly "${FLAGS_FALSE}" \
   "Use binary packages only for the board toolchain."
 DEFINE_integer jobs "${NUM_JOBS}" \
@@ -59,7 +61,7 @@ DEFINE_string variant "" \
   "Board variant."
 
 
-# builds wrappers like equery-amd64-usr.
+# builds wrappers like equery-arm-generic.
 # args:
 #   $1:  command to wrap
 #   rest:  extra arguments to pass to the command
@@ -159,7 +161,7 @@ BOARD_ETC="${BOARD_ROOT}/etc"
 BOARD_ARCH=$(get_board_arch "$BOARD")
 BOARD_CHOST=$(get_board_chost ${BOARD})
 PORTAGE_PROFILE=$(get_board_profile "$BOARD")
-BOARD_BINHOST=$(generate_binhost_list)
+BOARD_BINHOST="$FLAGS_binhost $(generate_binhost_list)"
 
 if [[ ${FLAGS_regen_configs_only} -eq ${FLAGS_TRUE} ]]; then
   FLAGS_regen_configs=${FLAGS_TRUE}
@@ -198,6 +200,9 @@ if [ "${FLAGS_usepkg}" -eq "${FLAGS_TRUE}" ]; then
   else
     UPDATE_ARGS+=" --nogetbinpkg "
   fi
+  if [[ -n "${FLAGS_binhost}" ]]; then
+    UPDATE_ARGS+=" --binhost=${FLAGS_binhost} "
+  fi
 else
   UPDATE_ARGS+=" --nousepkg"
 fi
@@ -318,6 +323,10 @@ if [[ ${FLAGS_regen_configs} -eq ${FLAGS_FALSE} ]]; then
     info "Installing toolchain build dependencies"
     install_cross_libs "${BOARD_CHOST}" ${EMERGE_FLAGS} --buildpkg=n
 
+    info "Building toolchain dependencies"
+    "${EMERGE_WRAPPER}" --buildpkg --buildpkgonly --onlydeps -e \
+        --root="/usr/${BOARD_CHOST}" --sysroot="/usr/${BOARD_CHOST}" \
+        ${EMERGE_TOOLCHAIN_FLAGS} "${TOOLCHAIN_PKGS[@]}"
     info "Building toolchain"
     "${EMERGE_WRAPPER}" --buildpkg --buildpkgonly \
         --root="/usr/${BOARD_CHOST}" --sysroot="/usr/${BOARD_CHOST}" \

signing/transfer.sh

@@ -2,8 +2,9 @@
 
 set -eux
 
-APPID=e96281a6-d1af-4bde-9a0a-97b76e56dc57
-BOARD=amd64-usr
+declare -A APPID
+APPID[amd64-usr]=e96281a6-d1af-4bde-9a0a-97b76e56dc57
+APPID[arm64-usr]=103867da-e3a2-4c92-b0b3-7fbd7f7d8b71
 
 declare -A RELEASE_CHANNEL
 RELEASE_CHANNEL[alpha]=Alpha
@@ -13,9 +14,10 @@ RELEASE_CHANNEL[stable]=Stable
 download() {
     local channel="$1"
     local version="$2"
+    local board="$3"
 
-    local gs="gs://builds.release.core-os.net/${channel}/boards/${BOARD}/${version}"
-    local dir="${BASEDIR}/${BOARD}/${version}"
+    local gs="gs://builds.release.core-os.net/${channel}/boards/${board}/${version}"
+    local dir="${BASEDIR}/${board}/${version}"
     mkdir -p "${dir}"
     pushd "${dir}" >/dev/null
 
@@ -31,7 +33,7 @@ download() {
     local torcx_base="gs://builds.release.core-os.net/embargoed/devfiles/torcx/manifests/${board}/${version}"
     if ! gsutil -q stat "${torcx_base}/torcx_manifest.json"; then
         # Non-embargoed release
-        local torcx_base="gs://builds.developer.core-os.net/torcx/manifests/${board}/${version}"
+        local torcx_base="gs://builds.developer.core-os.net/torcx/manifests/${BOARD}/${version}"
     fi
     gsutil -m cp \
         "${torcx_base}/torcx_manifest.json" \
@@ -49,6 +51,7 @@ download() {
 devsign() {
     local channel="$1"
     local version="$2"
+    local board="$3"
 
     "$(dirname $0)/../core_dev_sign_update" \
         --data_dir "${BASEDIR}" \
@@ -62,17 +65,19 @@ devsign() {
 sign() {
     local channel="$1"
     local version="$2"
+    local board="$3"
 
     "$(dirname $0)/sign.sh" \
-        "${BASEDIR}/${BOARD}/${version}" \
-        "${SIGDIR}/${BOARD}/${version}"
+        "${BASEDIR}/${board}/${version}" \
+        "${SIGDIR}/${board}/${version}"
 }
 
 upload() {
     local channel="$1"
     local version="$2"
+    local board="$3"
 
-    local dir="${BASEDIR}/${BOARD}/${version}"
+    local dir="${BASEDIR}/${board}/${version}"
     local payload="${dir}/flatcar_production_update.gz"
     local torcx_manifest="${dir}/torcx_manifest.json"
     local torcx_manifest_sig="${dir}/torcx_manifest.json.asc"
@@ -87,8 +92,8 @@ upload() {
     "$(dirname $0)/../core_roller_upload" \
         --user="${ROLLER_USERNAME}" \
         --api_key="${ROLLER_API_KEY}" \
-        --app_id="${APPID}" \
-        --board="${BOARD}" \
+        --app_id="${APPID[${board}]}" \
+        --board="${board}" \
         --version="${version}" \
         --payload="${payload}"
 
@@ -96,7 +101,7 @@ upload() {
     gsutil cp \
         "${torcx_manifest}" \
         "${torcx_manifest_sig}" \
-        "gs://coreos-tectonic-torcx/manifests/${BOARD}/${version}/"
+        "gs://coreos-tectonic-torcx/manifests/${board}/${version}/"
 
     # Update version in a canary channel if one is defined.
     local -n canary_channel="ROLLER_CANARY_CHANNEL_${channel^^}"
@@ -106,7 +111,7 @@ upload() {
             --user="${ROLLER_USERNAME}" \
             --key="${ROLLER_API_KEY}" \
             channel update \
-            --app-id="${APPID}" \
+            --app-id="${APPID[${board}]}" \
             --channel="${canary_channel}" \
             --version="${version}"
     fi
@@ -115,16 +120,17 @@ upload() {
 ready() {
     local channel="$1"
     local version="$2"
+    local board="$3"
 
     # setting the percent will deactivate (not delete) any existing rollouts for
     # this specific group.
-    echo "Rollout set to 0%"
+    echo "Rollout set to 0% for ${board}"
     updateservicectl \
         --server="https://public.update.core-os.net" \
         --user="${ROLLER_USERNAME}" \
         --key="${ROLLER_API_KEY}" \
         group percent \
-        --app-id="${APPID}" \
+        --app-id="${APPID[${board}]}" \
         --group-id="${channel}" \
         --update-percent=0
 
@@ -135,7 +141,7 @@ ready() {
         --user="${ROLLER_USERNAME}" \
         --key="${ROLLER_API_KEY}" \
         channel update \
-        --app-id="${APPID}" \
+        --app-id="${APPID[${board}]}" \
         --channel="${RELEASE_CHANNEL[${channel}]}" \
         --publish=true \
         --version="${version}"
@@ -144,26 +150,40 @@ ready() {
 roll() {
     local channel="$1"
     local hours="$2"
+    local board="$3"
 
     local seconds=$((${hours} * 3600))
 
+    # Only ramp rollouts on AMD64; ARM64 is too small
+    if [[ "$board" = "arm64-usr" ]]; then
+        echo "Setting rollout for arm64-usr to 100%"
+        updateservicectl \
+            --server="https://public.update.core-os.net" \
+            --user="${ROLLER_USERNAME}" \
+            --key="${ROLLER_API_KEY}" \
+            group percent \
+            --app-id="${APPID[${board}]}" \
+            --group-id="${channel}" \
+            --update-percent=100
+    else
         # creating a new rollout deletes any existing rollout for this group and
         # automatically activates the new one.
-    echo "Creating linear rollout that will get to 100% in ${hours}h"
+        echo "Creating linear rollout for ${board} that will get to 100% in ${hours}h"
         updateservicectl \
             --server="https://public.update.core-os.net" \
             --user="${ROLLER_USERNAME}" \
             --key="${ROLLER_API_KEY}" \
             rollout create linear \
-        --app-id="${APPID}" \
+            --app-id="${APPID[${board}]}" \
             --group-id="${channel}" \
             --duration="${seconds}" \
             --frame-size="60"
+    fi
 }
 
 usage() {
     echo "Usage: $0 {download|upload} <ARTIFACT-DIR> [{-a|-b|-s} <VERSION>]..." >&2
-    echo "Usage: $0 {devsign|sign} <ARTIFACT-DIR> <SIG-DIR> [{-a|-b|-s} <VERSION>]..." >&2
+    echo "Usage: $0 {devsign|sign} <ARTIFACT-DIR> <SIG-DIR> [{-a|-b|-s} <VERSION> <BOARD>]..." >&2
     echo "Usage: $0 ready [{-a|-b|-s} <VERSION>]..." >&2
     echo "Usage: $0 roll [{-a|-b|-s} <HOURS-TO-100-PERCENT>]..." >&2
     exit 1
@@ -226,13 +246,15 @@ while [[ $# > 0 ]]; do
 
     case "${c}" in
     -a)
-        $CMD "alpha" "${v}"
+        $CMD "alpha" "${v}" "amd64-usr"
+        $CMD "alpha" "${v}" "arm64-usr"
         ;;
     -b)
-        $CMD "beta" "${v}"
+        $CMD "beta" "${v}" "amd64-usr"
+        $CMD "beta" "${v}" "arm64-usr"
         ;;
     -s)
-        $CMD "stable" "${v}"
+        $CMD "stable" "${v}" "amd64-usr"
         ;;
     *)
         usage

update_chroot

@@ -27,6 +27,8 @@ DEFINE_boolean skip_toolchain_update "${FLAGS_FALSE}" \
   "Don't update the toolchains."
 DEFINE_string toolchain_boards "" \
   "Extra toolchains to setup for the specified boards."
+DEFINE_string binhost "" \
+  "Use binary packages from a specific location (e.g. https://storage.googleapis.com/flatcar-jenkins/sdk/amd64/2000.0.0/pkgs)"
 
 FLAGS_HELP="usage: $(basename $0) [flags]
 Performs an update of the chroot. This script is called as part of
@@ -57,6 +59,7 @@ PORTAGE_STABLE_OVERLAY="${REPO_ROOT}/src/third_party/portage-stable"
 CROSSDEV_OVERLAY="/usr/local/portage/crossdev"
 COREOS_OVERLAY="${REPO_ROOT}/src/third_party/coreos-overlay"
 COREOS_CONFIG="${COREOS_OVERLAY}/coreos/config"
+PORTAGE_BINHOST="$FLAGS_binhost $(get_sdk_binhost)"
 
 # PORTAGE_USERNAME may already be in the env but set just to be safe.
 : ${PORTAGE_USERNAME:=${USER}}
@@ -83,7 +86,7 @@ PORTDIR_OVERLAY="${CROSSDEV_OVERLAY} ${COREOS_OVERLAY}"
 DISTDIR="${REPO_CACHE_DIR}/distfiles"
 PKGDIR="/var/lib/portage/pkgs"
 PORT_LOGDIR="/var/log/portage"
-PORTAGE_BINHOST="$(get_sdk_binhost)"
+PORTAGE_BINHOST="$PORTAGE_BINHOST"
 PORTAGE_USERNAME="${PORTAGE_USERNAME}"
 MAKEOPTS="--jobs=${NUM_JOBS} --load-average=$((NUM_JOBS * 2))"
 CCACHE_UMASK="002"