mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-07 21:16:57 +02:00
Code Issues Packages Projects Releases Wiki Activity
872ea6d14d
flatcar-scripts/bootstrap_sdk
James Le Cuirot 872ea6d14d
Don't use repo snapshots for stage1 by updating seed the new way 
This is what upstream Gentoo does. They would previously update the
entire seed, but this took a long time. Our seeds are much bigger, so we
kept repo snapshots to build stage1 against these instead. The new
method of only rebuilding packages with changed sub-slots is a good
compromise and removes the need to write stage1 hooks that selectively
catch the repository up.

This also avoids some conflicts by adding the `--ignore-world` option.
Gentoo seeds have nothing in @world. We have much more, but none of that
is needed for stage1.

This continues to exclude cross-*-cros-linux-gnu/* as that is not needed
for stage1. It now also excludes dev-lang/rust, because it is never a
DEPEND, so it would not break other packages in this way. It may fail to
run due to a sub-slot change in one of its own dependencies, but it is
also unlikely to be needed in stage1 and it is not configured to use the
system LLVM. If needs be, we could improve the behaviour of Portage's
@changed-subslot to respect `--with-bdeps`.

In my testing, it was unable to handle an SDK from 17 months ago, but
one from 7 months ago did work. In practise, we will always use a much
more recent one, which is far more likely to work.

Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
2024-07-15 14:28:03 +01:00

164 lines
6.7 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
#
# Copyright (c) 2013 The CoreOS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
#
# This uses Gentoo's catalyst for very thoroughly building images from scratch.
# For reference the procedure it performs is this:
#
# 1. seed: Take a recent SDK, dev container, or custom tarball as a seed to
# build stage 1 with. Before proceeding, update relevant packages that have
# changed sub-slot to avoid missing library issues later in the build.
#
# 2. stage1: Using the above seed tarball as a build environment, build a
# minimal root file system into a clean directory using ROOT=... and USE=-*
# The restricted USE flags are key be small and avoid circular dependencies.
# NOTE that stage1 LACKS PROPER STAGE ISOLATION. Binaries produced in stage1
# will be linked against the SEED SDK libraries, NOT against libraries built
# in stage 1.
#
# 3. stage2: Run portage-stable/scripts/bootstrap.sh
# This rebuilds the toolchain using Gentoo bootstrapping, ensuring it's not linked
# to or otherwise influenced by whatever was in the "seed" tarball.
# The toolchain rebuild may contain updated package ebuilds from
# third_party/(portage-stable|coreos-overlay).
# This and all following stages use portage-stable and coreos-overlay
# from third_party/... (see 1.)
#
# 4. stage3: Run emerge -e system to rebuild everything using the fresh updated
# toolchain from 3., using the normal USE flags provided by the profile. This
# will also pull in assorted base system packages that weren't included
# in the minimal environment stage1 created.
#
# 5. stage4: Install any extra packages or other desired tweaks. For the
# sdk we just install all the packages normally make_chroot.sh does.
#
# Usage: bootstrap_sdk [stage1 stage2 etc]
# By default all four stages will be built using the latest stage4 as a seed.
SCRIPT_ROOT=$(dirname $(readlink -f "$0"))
. "${SCRIPT_ROOT}/common.sh" || exit 1
TYPE="flatcar-sdk"
. "${BUILD_LIBRARY_DIR}/catalyst.sh" || exit 1
# include upload options
. "${BUILD_LIBRARY_DIR}/release_util.sh" || exit 1
## Define the stage4 config template
catalyst_stage4() {
cat <<EOF
pkgcache_path: $BINPKGS
stage4/packages: coreos-devel/sdk-depends
stage4/fsscript: ${BUILD_LIBRARY_DIR}/catalyst_sdk.sh
stage4/root_overlay: ${ROOT_OVERLAY}
stage4/empty: /root /var/cache/edb
stage4/rm: /etc/machine-id /etc/resolv.conf
EOF
catalyst_stage_default 4
}
# Switch to HTTP because early boostrap stages do not have SSL support.
GENTOO_MIRRORS=$(portageq envvar GENTOO_MIRRORS)
GENTOO_MIRRORS="${GENTOO_MIRRORS//https:\/\//http://}"
export GENTOO_MIRRORS
catalyst_init "$@"
check_gsutil_opts
ROOT_OVERLAY=${TEMPDIR}/stage4_overlay
if [[ "$STAGES" =~ stage4 ]]; then
info "Setting release to ${FLATCAR_VERSION}"
rm -rf "${ROOT_OVERLAY}"
# need to setup the lib->lib64 symlink correctly
libdir=$(get_sdk_libdir)
mkdir -p "${ROOT_OVERLAY}/usr/${libdir}"
if [[ "${libdir}" != lib ]]; then
if [[ "$(get_sdk_symlink_lib)" == "yes" ]]; then
ln -s "${libdir}" "${ROOT_OVERLAY}/usr/lib"
else
mkdir -p "${ROOT_OVERLAY}/usr/lib"
fi
fi
"${BUILD_LIBRARY_DIR}/set_lsb_release" \
--root "${ROOT_OVERLAY}"
fi
# toolchain_util.sh is required by catalyst_sdk.sh
# To copy it, we need to create /tmp with the right permissions as it will be
# used in the exported chroot.
mkdir -p "${ROOT_OVERLAY}/tmp"
chmod 1777 "${ROOT_OVERLAY}/tmp"
cp "${BUILD_LIBRARY_DIR}/toolchain_util.sh" "${ROOT_OVERLAY}/tmp"
# Stage 1 uses "known-good" ebuilds (from both coreos-overlay and portage-stable)
# to build a minimal toolchain (USE="-*") for stage 2.
#
# No package updates must happen in stage 1, so we use the portage-stable and
# coreos-overlay paths included with the current SDK (from the SDK chroot's
# /var/gentoo/repos/). "Current SDK" refers to the SDK we entered with
# 'cork enter', i.e. the SDK we run ./bootstrap_sdk in.
#
# Using ebuilds from the above mentioned sources will ensure that stage 1 builds
# a minimal stage 2 from known-good ebuild versions - the same ebuild versions
# that were used to build the very SDK we run ./bootstrap_sdk in.
#
# DANGER ZONE
#
# Stage 1 lacks proper isolation and will link all packages built for
# stage 2 against its own seed libraries ("/" in the catalyst chroot) instead of against libraries
# installed into the FS root of the stage 2 seed ("/tmp/stage1root" in the catalyst chroot).
# This is why we must prevent any updated package ebuilds to "leak" into stage 1, hence we use
# "known good" ebuild repo versions outlined above.
#
# In special circumstances it may be required to circumvent this and use custom paths
# for either (or both) portage and overlay. The command line options
# --stage1-portage-path and --stage1-overlay-path may be used to specify
# a repo path known to work for stage1. In that case the stage1 seed (i.e. the seed SDK)
# will be updated prior to starting to build stage 2.
# NOTE that this should never be used to introduce library updates in stage 1. All binaries
# produced in stage 1 are linked against libraries in the seed tarball, NOT libraries produced
# by stage one. Therefore, these binaries will cease to work in stage 2 when linked against
# outdated "seed tarball" libraries which have been updated to newer versions in stage 1.
catalyst_build
if [[ "$STAGES" =~ stage4 ]]; then
info "Build complete! Changing output name to something more sensible."
build_name="stage4-${ARCH}-${FLAGS_version}.tar.bz2"
release_name="${TYPE}-${ARCH}-${FLAGS_version}.tar.bz2"
build_image="${BUILDS}/${build_name}"
release_image="${BUILDS}/${release_name}"
build_contents="${build_image}.CONTENTS.gz"
release_contents="${release_image}.CONTENTS.gz"
build_digests="${build_image}.DIGESTS"
release_digests="${release_image}.DIGESTS"
ln -f "${build_image}" "${release_image}"
ln -f "${build_contents}" "${release_contents}"
sed -e "s/${build_name}/${release_name}/" \
"${build_digests}" > "${release_digests}"
# Validate we didn't break the DIGESTS with sed
verify_digests "${release_image}" "${release_contents}"
info "SDK ready: ${release_image}"
def_upload_path="${UPLOAD_ROOT}/sdk/${ARCH}/${FLAGS_version}"
sign_and_upload_files "tarball" "${def_upload_path}" "" \
"${release_image}" "${release_contents}" "${release_digests}"
sign_and_upload_files "packages" "${def_upload_path}" "pkgs/" \
"${BINPKGS}"/*
if [ -d "${BINPKGS}/crossdev" ]; then
# Upload the SDK toolchain packages
sign_and_upload_files "cross toolchain packages" "${def_upload_path}" \
"toolchain/" "${BINPKGS}/crossdev"/*
fi
fi
command_completed
Reference in New Issue View Git Blame Copy Permalink