mirror of
https://github.com/flatcar/scripts.git
synced 2026-02-07 08:42:23 +01:00
0a61979e9b
Switching to a selinux profile caused more USE flags to be enabled (selinux, audit, caps), thus more dependencies to be pulled. More dependencies caused two things: - cyclic dependencies appeared - sys-apps/baselayout is being pulled in Cyclic dependencies need to be handled in a similar way it was done in build_packages, thus factor out the code doing it into a separate and reusable part. The dependency on baselayout needs to be handled by installing the package as a first thing in $ROOT, followed by a more careful way of copying things from $SYSROOT to $ROOT (due to split-usr differences), followed by installing the rest of the packages. Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
324 lines
12 KiB
Bash
Executable File
324 lines
12 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
|
|
# Use of this source code is governed by a BSD-style license that can be
|
|
# found in the LICENSE file.
|
|
|
|
. "$(dirname "$0")/common.sh" || exit 1
|
|
|
|
# Script must run inside the chroot
|
|
assert_inside_chroot
|
|
|
|
assert_not_root_user
|
|
|
|
# Developer-visible flags.
|
|
DEFINE_string board "${DEFAULT_BOARD}" \
|
|
"The board to build packages for."
|
|
DEFINE_boolean usepkg "${FLAGS_TRUE}" \
|
|
"Use binary packages when possible."
|
|
DEFINE_boolean usepkgonly "${FLAGS_FALSE}" \
|
|
"Only use/download binary packages. Implies --noworkon"
|
|
DEFINE_string usepkg_exclude "" \
|
|
"Exclude these binary packages."
|
|
DEFINE_boolean getbinpkg "${FLAGS_TRUE}" \
|
|
"Download binary packages from remote repository."
|
|
DEFINE_string getbinpkgver "" \
|
|
"Use binary packages from a specific version."
|
|
DEFINE_boolean workon "${FLAGS_TRUE}" \
|
|
"Automatically rebuild updated flatcar-workon packages."
|
|
DEFINE_boolean fetchonly "${FLAGS_FALSE}" \
|
|
"Don't build anything, instead only fetch what is needed."
|
|
DEFINE_boolean rebuild "${FLAGS_FALSE}" \
|
|
"Automatically rebuild dependencies."
|
|
DEFINE_boolean skip_toolchain_update "${FLAGS_FALSE}" \
|
|
"Don't update toolchain automatically."
|
|
DEFINE_boolean skip_chroot_upgrade "${FLAGS_FALSE}" \
|
|
"Don't run the chroot upgrade automatically; use with care."
|
|
DEFINE_boolean only_resolve_circular_deps "${FLAGS_FALSE}" \
|
|
"Don't build all packages; only resolve circular dependencies, then stop."
|
|
DEFINE_boolean debug_emerge "${FLAGS_FALSE}" \
|
|
"Enable debug output for emerge."
|
|
|
|
# include upload options
|
|
. "${BUILD_LIBRARY_DIR}/release_util.sh" || exit 1
|
|
|
|
FLAGS_HELP="usage: $(basename $0) [flags] [packages]
|
|
|
|
build_packages updates the set of binary packages needed by CoreOS. It will
|
|
cross compile all packages that have been updated into the given target's root
|
|
and build binary packages as a side-effect. The output packages will be picked
|
|
up by the build_image script to put together a bootable CoreOS image.
|
|
|
|
If [packages] are specified, only build those specific packages (and any
|
|
dependencies they might need).
|
|
"
|
|
|
|
# Parse command line
|
|
FLAGS "$@" || exit 1
|
|
eval set -- "${FLAGS_ARGV}"
|
|
|
|
# Die on any errors.
|
|
switch_to_strict_mode
|
|
|
|
# TODO(marineam): specify the default top-level ebuild in the portage profile.
|
|
# I could have sworn we did that or similar but maybe got lost at some point.
|
|
if [[ $# -eq 0 ]]; then
|
|
set -- @system coreos-devel/board-packages
|
|
fi
|
|
|
|
if [[ -z "${FLAGS_board}" ]]; then
|
|
echo "Error: --board is required."
|
|
exit 1
|
|
fi
|
|
|
|
if [[ "${FLAGS_usepkgonly}" -eq "${FLAGS_TRUE}" ]]; then
|
|
for flag in usepkg getbinpkg; do
|
|
fvar="FLAGS_${flag}"
|
|
if [[ "${!fvar}" -ne "${FLAGS_TRUE}" ]]; then
|
|
die_notrace "--usepkgonly is incompatible with --no${flag}"
|
|
fi
|
|
done
|
|
if [[ "${FLAGS_rebuild}" -eq "${FLAGS_TRUE}" ]]; then
|
|
die_notrace "--usepkgonly is incompatible with --rebuild"
|
|
fi
|
|
FLAGS_workon="${FLAGS_FALSE}"
|
|
fi
|
|
|
|
# Before we can run any tools, we need to update chroot or setup_board.
|
|
UPDATE_ARGS=( --regen_configs )
|
|
if [ "${FLAGS_usepkg}" -eq "${FLAGS_TRUE}" ]; then
|
|
UPDATE_ARGS+=( --usepkg )
|
|
if [[ "${FLAGS_usepkgonly}" -eq "${FLAGS_TRUE}" ]]; then
|
|
UPDATE_ARGS+=( --usepkgonly )
|
|
else
|
|
UPDATE_ARGS+=( --nousepkgonly )
|
|
fi
|
|
if [[ "${FLAGS_getbinpkg}" -eq "${FLAGS_TRUE}" ]]; then
|
|
UPDATE_ARGS+=( --getbinpkg )
|
|
else
|
|
UPDATE_ARGS+=( --nogetbinpkg )
|
|
fi
|
|
if [[ -n "${FLAGS_getbinpkgver}" ]]; then
|
|
UPDATE_ARGS+=( --getbinpkgver="${FLAGS_getbinpkgver}" )
|
|
fi
|
|
else
|
|
UPDATE_ARGS+=( --nousepkg )
|
|
fi
|
|
if [ "${FLAGS_skip_toolchain_update}" -eq "${FLAGS_TRUE}" ]; then
|
|
UPDATE_ARGS+=( --skip_toolchain_update )
|
|
fi
|
|
if [ "${FLAGS_skip_chroot_upgrade}" -eq "${FLAGS_TRUE}" ]; then
|
|
UPDATE_ARGS+=( --skip_chroot_upgrade )
|
|
fi
|
|
|
|
"${SCRIPTS_DIR}"/setup_board --quiet --board=${FLAGS_board} "${UPDATE_ARGS[@]}"
|
|
|
|
# set BOARD and BOARD_ROOT
|
|
. "${BUILD_LIBRARY_DIR}/toolchain_util.sh" || exit 1
|
|
. "${BUILD_LIBRARY_DIR}/board_options.sh" || exit 1
|
|
. "${BUILD_LIBRARY_DIR}/test_image_content.sh" || exit 1
|
|
. "${BUILD_LIBRARY_DIR}/extra_sysexts.sh" || exit 1
|
|
. "${BUILD_LIBRARY_DIR}/oem_sysexts.sh" || exit 1
|
|
|
|
# Setup all the emerge command/flags.
|
|
EMERGE_FLAGS=( --update --deep --newuse --verbose --backtrack=30 --select )
|
|
REBUILD_FLAGS=( --verbose )
|
|
EMERGE_CMD=( "emerge-${FLAGS_board}" )
|
|
if [[ "${FLAGS_fetchonly}" -eq "${FLAGS_TRUE}" ]]; then
|
|
EMERGE_CMD+=( --fetchonly )
|
|
fi
|
|
|
|
EMERGE_CMD+=( ${EXTRA_BOARD_FLAGS} )
|
|
|
|
if [[ "${FLAGS_usepkg}" -eq "${FLAGS_TRUE}" ]]; then
|
|
# Use binary packages. Include all build-time dependencies,
|
|
# so as to avoid unnecessary differences between source
|
|
# and binary builds except for --usepkgonly for speed.
|
|
if [[ "${FLAGS_usepkgonly}" -eq "${FLAGS_TRUE}" ]]; then
|
|
EMERGE_FLAGS+=( --usepkgonly --rebuilt-binaries n )
|
|
else
|
|
EMERGE_FLAGS+=( --usepkg --with-bdeps y )
|
|
|
|
# Only update toolchain when binpkgs are available.
|
|
EMERGE_FLAGS+=( $(get_binonly_args) )
|
|
REBUILD_FLAGS+=( $(get_binonly_args) )
|
|
fi
|
|
if [[ "${FLAGS_getbinpkg}" -eq "${FLAGS_TRUE}" ]]; then
|
|
EMERGE_FLAGS+=( --getbinpkg )
|
|
fi
|
|
if [[ -n "${FLAGS_usepkg_exclude}" ]]; then
|
|
EMERGE_FLAGS+=("--usepkg-exclude=${FLAGS_usepkg_exclude}")
|
|
fi
|
|
fi
|
|
|
|
EMERGE_FLAGS+=( "--jobs=${NUM_JOBS}" )
|
|
REBUILD_FLAGS+=( "--jobs=${NUM_JOBS}" )
|
|
|
|
if [[ "${FLAGS_rebuild}" -eq "${FLAGS_TRUE}" ]]; then
|
|
EMERGE_FLAGS+=( --rebuild-if-unbuilt )
|
|
fi
|
|
|
|
if [[ "${FLAGS_debug_emerge}" -eq "${FLAGS_TRUE}" ]]; then
|
|
EMERGE_FLAGS+=( --debug )
|
|
fi
|
|
|
|
# Build flatcar_workon packages when they are changed.
|
|
WORKON_PKGS=()
|
|
if [[ ${FLAGS_workon} -eq "${FLAGS_TRUE}" ]]; then
|
|
mapfile -t WORKON_PKGS < <("${SRC_ROOT}"/scripts/flatcar_workon list --board="${FLAGS_board}")
|
|
fi
|
|
|
|
if [[ ${#WORKON_PKGS[@]} -gt 0 ]]; then
|
|
EMERGE_FLAGS+=(
|
|
--reinstall-atoms="${WORKON_PKGS[*]}"
|
|
--usepkg-exclude="${WORKON_PKGS[*]}"
|
|
)
|
|
fi
|
|
|
|
if [[ "${FLAGS_usepkgonly}" -eq "${FLAGS_FALSE}" ]]; then
|
|
. "${BUILD_LIBRARY_DIR}/break_dep_loop.sh" || exit 1
|
|
|
|
function bp_bdl_emerge() {
|
|
sudo -E "${EMERGE_CMD[@]}" "${EMERGE_FLAGS[@]}" "${@}"
|
|
}
|
|
# Breaking the following loops here:
|
|
#
|
|
# util-linux[udev] -> virtual/udev -> systemd -> util-linux
|
|
# util-linux[systemd] -> systemd -> util-linux
|
|
# util-linux[cryptsetup] -> cryptsetup -> util-linux
|
|
# cryptsetup[udev] -> virtual/udev -> systemd[cryptsetup] -> cryptsetup
|
|
# lvm2[udev] -> virtual/udev -> systemd[cryptsetup] -> cryptsetup -> lvm2
|
|
# lvm2[systemd] -> systemd[cryptsetup] -> cryptsetup -> lvm2
|
|
# systemd[cryptsetup] -> cryptsetup[udev] -> virtual/udev -> systemd
|
|
# systemd[tpm] -> tpm2-tss -> util-linux[udev] -> virtual/udev -> systemd
|
|
# curl[http2] -> nghttp2[systemd] -> systemd[curl] -> curl
|
|
# sys-libs/pam[systemd] -> sys-apps/system[pam] -> sys-libs/pam
|
|
# not dropping pam from sys-apps/systemd, otherwise we would need
|
|
# to drop pam from sys-auth/pambase
|
|
args_for_bdl=(
|
|
sys-apps/util-linux udev,systemd,cryptsetup
|
|
sys-fs/cryptsetup udev
|
|
sys-fs/lvm2 udev,systemd
|
|
sys-apps/systemd cryptsetup,tpm
|
|
net-misc/curl http2
|
|
net-libs/nghttp2 systemd
|
|
sys-libs/pam systemd
|
|
)
|
|
BDL_ROOT=${BOARD_ROOT} \
|
|
BDL_PORTAGEQ=portageq-"${BOARD}" \
|
|
BDL_EQUERY=equery-"${BOARD}" \
|
|
BDL_EMERGE=bp_bdl_emerge \
|
|
BDL_INFO=info \
|
|
break_dep_loop "${args_for_bdl[@]}"
|
|
unset bp_bdl_emerge args_for_bdl
|
|
fi
|
|
|
|
if [[ "${FLAGS_only_resolve_circular_deps}" -eq "${FLAGS_TRUE}" ]]; then
|
|
info "Circular dependencies resolved. Stopping as requested."
|
|
exit
|
|
fi
|
|
|
|
export KBUILD_BUILD_USER="${BUILD_USER:-build}"
|
|
export KBUILD_BUILD_HOST="${BUILD_HOST:-pony-truck.infra.kinvolk.io}"
|
|
|
|
# Build sysext packages from an array of sysext definitions.
|
|
# Usage: build_sysext_packages "description" "${SYSEXT_ARRAY[@]}"
|
|
# Array format: "name|packages|useflags|arches"
|
|
build_sysext_packages() {
|
|
local description="$1"
|
|
shift
|
|
local sysexts=("$@")
|
|
|
|
info "Merging ${description} packages now"
|
|
for sysext in "${sysexts[@]}"; do
|
|
local sysext_name package_atoms useflags arches
|
|
IFS="|" read -r sysext_name package_atoms useflags arches <<< "$sysext"
|
|
[[ -z ${arches} || ,${arches}, == *,"${ARCH}",* ]] || continue
|
|
|
|
info "Building packages for $sysext_name sysext with USE=$useflags"
|
|
IFS=,
|
|
for package in $package_atoms; do
|
|
# --buildpkgonly does not install dependencies, so we install them
|
|
# separately before building the binary package
|
|
sudo --preserve-env=MODULES_SIGN_KEY,MODULES_SIGN_CERT \
|
|
env USE="$useflags" FEATURES="-ebuild-locks binpkg-multi-instance" "${EMERGE_CMD[@]}" \
|
|
"${EMERGE_FLAGS[@]}" \
|
|
--quiet \
|
|
--onlydeps \
|
|
--binpkg-respect-use=y \
|
|
"${package}"
|
|
|
|
sudo --preserve-env=MODULES_SIGN_KEY,MODULES_SIGN_CERT \
|
|
env USE="$useflags" FEATURES="-ebuild-locks binpkg-multi-instance" "${EMERGE_CMD[@]}" \
|
|
"${EMERGE_FLAGS[@]}" \
|
|
--quiet \
|
|
--buildpkgonly \
|
|
--binpkg-respect-use=y \
|
|
"${package}"
|
|
done
|
|
unset IFS
|
|
done
|
|
}
|
|
|
|
info "Merging board packages now"
|
|
sudo -E "${EMERGE_CMD[@]}" "${EMERGE_FLAGS[@]}" "$@"
|
|
|
|
build_sysext_packages "extra sysexts" "${EXTRA_SYSEXTS[@]}"
|
|
|
|
declare -a oem_sysexts
|
|
get_oem_sysext_matrix "${ARCH}" oem_sysexts
|
|
if [[ ${#oem_sysexts[@]} -gt 0 ]]; then
|
|
build_sysext_packages "OEM sysexts" "${oem_sysexts[@]}"
|
|
fi
|
|
|
|
info "Removing obsolete packages"
|
|
# The return value of emerge is not clearly reliable. It may fail with
|
|
# an output like following:
|
|
#
|
|
# Calculating dependencies... done!
|
|
# dev-libs/gmp-6.3.0 pulled in by:
|
|
# cross-aarch64-cros-linux-gnu/gcc-12.3.1_p20230526 requires >=dev-libs/gmp-4.3.2:0/10.4=, >=dev-libs/gmp-4.3.2:0=
|
|
# cross-aarch64-cros-linux-gnu/gdb-13.2-r1 requires dev-libs/gmp:=, dev-libs/gmp:0/10.4=
|
|
# cross-x86_64-cros-linux-gnu/gcc-12.3.1_p20230526 requires >=dev-libs/gmp-4.3.2:0/10.4=, >=dev-libs/gmp-4.3.2:0=
|
|
# cross-x86_64-cros-linux-gnu/gdb-13.2-r1 requires dev-libs/gmp:0/10.4=, dev-libs/gmp:=
|
|
# dev-libs/mpc-1.2.1 requires >=dev-libs/gmp-5.0.0:0=[abi_x86_64(-)], >=dev-libs/gmp-5.0.0:0/10.4=[abi_x86_64(-)]
|
|
# dev-libs/mpfr-4.1.0-r1 requires >=dev-libs/gmp-5.0.0:=[abi_x86_64(-)], >=dev-libs/gmp-5.0.0:0/10.4=[abi_x86_64(-)]
|
|
# dev-libs/nettle-3.9.1 requires >=dev-libs/gmp-6.1:0/10.4=[abi_x86_64(-)], >=dev-libs/gmp-6.1:=[abi_x86_64(-)]
|
|
# net-libs/gnutls-3.8.0 requires >=dev-libs/gmp-5.1.3-r1:0/10.4=[abi_x86_64(-)], >=dev-libs/gmp-5.1.3-r1:=[abi_x86_64(-)]
|
|
# sys-devel/gcc-12.3.1_p20230526 requires >=dev-libs/gmp-4.3.2:0=, >=dev-libs/gmp-4.3.2:0/10.4=
|
|
#
|
|
# >>> No packages selected for removal by depclean
|
|
#
|
|
# Which gives you completely no reason for returning with non-zero
|
|
# status. Ignore emerge failures here.
|
|
#
|
|
# Well, actually, technically the reason for failure is that we asked
|
|
# for a removal of the unavailable packages and emerge found that
|
|
# dev-libs/gmp-6.3.0 is not available but didn't remove it, because
|
|
# it's pulled as a dependency by other packages. Question is why
|
|
# emerge thinks that dev-libs/gmp-6.3.0 is not available.
|
|
sudo -E "${EMERGE_CMD[@]}" --verbose --depclean @unavailable || :
|
|
|
|
if [[ "${FLAGS_usepkgonly}" -eq "${FLAGS_FALSE}" ]]; then
|
|
if "portageq-${BOARD}" list_preserved_libs "${BOARD_ROOT}" >/dev/null; then
|
|
sudo -E "${EMERGE_CMD[@]}" "${REBUILD_FLAGS[@]}" @preserved-rebuild
|
|
fi
|
|
fi
|
|
|
|
exclusions_file=$(mktemp)
|
|
if [ ! -f "$exclusions_file" ]; then
|
|
die_notrace "Couldn't create temporary exclusions file $exclusions_file for eclean"
|
|
fi
|
|
get_unversioned_sysext_packages > "$exclusions_file"
|
|
eclean-"$BOARD" -d --exclude-file="$exclusions_file" packages
|
|
rm -f "$exclusions_file"
|
|
# run eclean again, this time without the --deep option, to clean old versions
|
|
# of sysext packages (those, for which .ebuild file no longer exists)
|
|
eclean-"$BOARD" packages
|
|
|
|
info "Checking build root"
|
|
test_image_content "${BOARD_ROOT}"
|
|
|
|
info "Builds complete"
|
|
command_completed
|