mirror of
https://github.com/flatcar/scripts.git
synced 2025-08-06 20:47:00 +02:00
aa70fc929f
The update payload needs the kernel, which isn't signed during the image job. Secure Boot is not currently enabled for update tests, but we may as well do this properly. The production update upload is generated manually at the end after everything has already been signed. Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
233 lines
8.6 KiB
Bash
Executable File
233 lines
8.6 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
|
|
# Use of this source code is governed by a BSD-style license that can be
|
|
# found in the LICENSE file.
|
|
|
|
# Script to build a bootable keyfob-based chromeos system image from within
|
|
# a coreos setup. This assumes that all needed packages have been built into
|
|
# the given target's root with binary packages turned on. This script will
|
|
# build the Chrome OS image using only pre-built binary packages.
|
|
|
|
SCRIPT_ROOT=$(dirname $(readlink -f "$0"))
|
|
. "${SCRIPT_ROOT}/common.sh" || exit 1
|
|
|
|
# Script must run inside the chroot
|
|
assert_inside_chroot
|
|
|
|
assert_not_root_user
|
|
|
|
DEFAULT_GROUP=developer
|
|
DEFAULT_DEVCONTAINER_BINHOST="${SETTING_BINPKG_SERVER_PROD}"
|
|
|
|
# Developer-visible flags.
|
|
DEFINE_string board "${DEFAULT_BOARD}" \
|
|
"The board to build an image for."
|
|
DEFINE_boolean getbinpkg "${FLAGS_FALSE}" \
|
|
"Download binary packages from remote repository."
|
|
DEFINE_string getbinpkgver "" \
|
|
"Use binary packages from a specific version."
|
|
DEFINE_boolean enable_rootfs_verification ${FLAGS_TRUE} \
|
|
"Default all bootloaders to use kernel-based root fs integrity checking."
|
|
DEFINE_string base_pkg "coreos-base/coreos" \
|
|
"The base portage package to base the build off of (only applies to prod images)"
|
|
DEFINE_string base_dev_pkg "coreos-base/coreos-dev" \
|
|
"The base portage package to base the build off of (only applies to dev containers)"
|
|
DEFINE_string base_sysexts "containerd-flatcar:app-containers/containerd,docker-flatcar:app-containers/docker&app-containers/docker-cli&app-containers/docker-buildx" \
|
|
"Comma-separated list of name:package[&package[&package]] - build 'package' (a single package or a list of packages separated by '&') into sysext 'name', and include with OS image and update payload. Must be in order of dependencies, base sysexts come first."
|
|
DEFINE_string output_root "${DEFAULT_BUILD_ROOT}/images" \
|
|
"Directory in which to place image result directories (named by version)"
|
|
DEFINE_string disk_layout "" \
|
|
"The disk layout type to use for this image."
|
|
DEFINE_string group "${DEFAULT_GROUP}" \
|
|
"The update group."
|
|
DEFINE_boolean extract_update "${FLAGS_TRUE}" \
|
|
"Extract the /usr partition for generating updates. Only valid for the prod image."
|
|
DEFINE_boolean generate_update "${FLAGS_TRUE}" \
|
|
"Generate update payload for testing. The update is signed with a dev key. The kernel is signed with a dev key (unofficial builds) or not at all (official builds). Only valid for the prod image. Implies --extract_update."
|
|
DEFINE_string developer_data "" \
|
|
"Insert a custom cloudinit file into the image."
|
|
DEFINE_string devcontainer_binhost "${DEFAULT_DEVCONTAINER_BINHOST}" \
|
|
"Override portage binhost configuration used in development container."
|
|
|
|
# include upload options
|
|
. "${BUILD_LIBRARY_DIR}/release_util.sh" || exit 1
|
|
|
|
FLAGS_HELP="USAGE: build_image [flags] [list of images to build].
|
|
This script is used to build a CoreOS image. CoreOS comes in many
|
|
different forms. This scripts can be used to build the following:
|
|
|
|
prod - Production image for CoreOS. This image is for booting (default if no argument is given).
|
|
prodtar - Production container tar ball (implies prod). This can e.g. be used to run the Flatcar production image as a container (run machinectl import-tar or docker import).
|
|
container - Developer image with single filesystem, bootable by nspawn.
|
|
|
|
Examples:
|
|
|
|
build_image --board=<board> [prod] [prodtar] [container] - builds developer and production images/tars.
|
|
...
|
|
"
|
|
show_help_if_requested "$@"
|
|
|
|
# The following options are advanced options, only available to those willing
|
|
# to read the source code. They are not shown in help output, since they are
|
|
# not needed for the typical developer workflow.
|
|
DEFINE_integer build_attempt 1 \
|
|
"The build attempt for this image build."
|
|
DEFINE_boolean replace ${FLAGS_FALSE} \
|
|
"Overwrite existing output, if any."
|
|
DEFINE_string version "" \
|
|
"Overrides version number in name to this version."
|
|
|
|
# Parse command line.
|
|
FLAGS "$@" || exit 1
|
|
|
|
eval set -- "${FLAGS_ARGV:-prod}"
|
|
|
|
# Only now can we die on error. shflags functions leak non-zero error codes,
|
|
# so will die prematurely if 'switch_to_strict_mode' is specified before now.
|
|
switch_to_strict_mode
|
|
|
|
# If downloading packages is enabled ensure the board is configured properly.
|
|
if [[ ${FLAGS_getbinpkg} -eq ${FLAGS_TRUE} ]]; then
|
|
"${SRC_ROOT}/scripts/setup_board" --board="${FLAGS_board}" \
|
|
--getbinpkgver="${FLAGS_getbinpkgver}" --regen_configs_only
|
|
fi
|
|
|
|
# N.B. Ordering matters for some of the libraries below, because
|
|
# some of the files contain initialization used by later files.
|
|
. "${BUILD_LIBRARY_DIR}/toolchain_util.sh" || exit 1
|
|
. "${BUILD_LIBRARY_DIR}/board_options.sh" || exit 1
|
|
. "${BUILD_LIBRARY_DIR}/build_image_util.sh" || exit 1
|
|
. "${BUILD_LIBRARY_DIR}/prod_image_util.sh" || exit 1
|
|
. "${BUILD_LIBRARY_DIR}/dev_container_util.sh" || exit 1
|
|
. "${BUILD_LIBRARY_DIR}/test_image_content.sh" || exit 1
|
|
. "${BUILD_LIBRARY_DIR}/vm_image_util.sh" || exit 1
|
|
. "${BUILD_LIBRARY_DIR}/extra_sysexts.sh" || exit 1
|
|
|
|
PROD_IMAGE=0
|
|
PROD_TAR=0
|
|
CONTAINER=0
|
|
SYSEXT=0
|
|
for arg in "$@"; do
|
|
case "${arg}" in
|
|
prod) PROD_IMAGE=1 ;;
|
|
prodtar) PROD_IMAGE=1 PROD_TAR=1 ;;
|
|
container) CONTAINER=1 ;;
|
|
sysext) SYSEXT=1 ;;
|
|
*) die_notrace "Unknown image type ${arg}" ;;
|
|
esac
|
|
done
|
|
|
|
# Check that the build root is sane.
|
|
if [[ ${skip_test_build_root} -ne 1 ]]; then
|
|
info "Checking build root"
|
|
test_image_content "${BOARD_ROOT}"
|
|
fi
|
|
|
|
# Handle existing directory.
|
|
if [[ -e "${BUILD_DIR}" ]] && [[ "${PROD_IMAGE}" = 1 ]]; then
|
|
if [[ ${FLAGS_replace} -eq ${FLAGS_TRUE} ]]; then
|
|
sudo rm -rf "${BUILD_DIR}"
|
|
else
|
|
error "Directory ${BUILD_DIR} already exists."
|
|
error "Use --build_attempt option to specify an unused attempt."
|
|
error "Or use --replace if you want to overwrite this directory."
|
|
die "Unwilling to overwrite ${BUILD_DIR}."
|
|
fi
|
|
fi
|
|
|
|
# Create the output directory and temporary mount points.
|
|
mkdir -p "${BUILD_DIR}"
|
|
|
|
# --generate_update implies --extract_update.
|
|
if [[ ${FLAGS_generate_update} -eq ${FLAGS_TRUE} ]]; then
|
|
FLAGS_extract_update=${FLAGS_TRUE}
|
|
fi
|
|
|
|
DISK_LAYOUT="${FLAGS_disk_layout:-base}"
|
|
CONTAINER_LAYOUT="${FLAGS_disk_layout:-container}"
|
|
|
|
if [[ -n "${FLAGS_developer_data}" ]]; then
|
|
if [[ ! -f "${FLAGS_developer_data}" ]]; then
|
|
die_notrace "Developer data is not a file: ${FLAGS_developer_data}"
|
|
fi
|
|
info "Using developer cloudinit data: ${FLAGS_developer_data}"
|
|
elif [[ -s /etc/shared_user_passwd.txt ]]; then
|
|
FLAGS_developer_data="${BUILD_DIR}/developer_data"
|
|
info "Generating developer cloudinit with shared user password."
|
|
cat >"${FLAGS_developer_data}" <<EOF
|
|
#cloud-config
|
|
|
|
users:
|
|
- name: core
|
|
passwd: $(</etc/shared_user_passwd.txt)
|
|
EOF
|
|
fi
|
|
|
|
fix_mtab
|
|
|
|
if [[ "${CONTAINER}" -eq 1 ]]; then
|
|
IMAGE_BUILD_TYPE="container"
|
|
create_dev_container "${FLATCAR_DEVELOPER_CONTAINER_NAME}" "${CONTAINER_LAYOUT}" "${FLAGS_devcontainer_binhost}" "${FLAGS_group}" ${FLAGS_base_dev_pkg}
|
|
fi
|
|
|
|
if [[ "${PROD_IMAGE}" -eq 1 ]]; then
|
|
IMAGE_BUILD_TYPE="prod"
|
|
create_prod_image ${FLATCAR_PRODUCTION_IMAGE_NAME} ${DISK_LAYOUT} ${FLAGS_group} ${FLAGS_base_pkg} ${FLAGS_base_sysexts}
|
|
if [[ ${FLAGS_extract_update} -eq ${FLAGS_TRUE} ]]; then
|
|
extract_update "${FLATCAR_PRODUCTION_IMAGE_NAME}" "${DISK_LAYOUT}"
|
|
fi
|
|
if [[ ${FLAGS_generate_update} -eq ${FLAGS_TRUE} && ${COREOS_OFFICIAL:-0} -ne 1 ]]; then
|
|
generate_update "${FLATCAR_PRODUCTION_IMAGE_NAME}" "${DISK_LAYOUT}"
|
|
fi
|
|
if [[ "${PROD_TAR}" -eq 1 ]]; then
|
|
create_prod_tar ${FLATCAR_PRODUCTION_IMAGE_NAME}
|
|
fi
|
|
fi
|
|
if [[ "${SYSEXT}" -eq 1 ]]; then
|
|
create_prod_sysexts "${FLATCAR_PRODUCTION_IMAGE_NAME}"
|
|
fi
|
|
|
|
if [[ ${FLAGS_extract_update} -eq ${FLAGS_TRUE} ]]; then
|
|
zip_update_tools
|
|
fi
|
|
|
|
# Write out a version.txt file, this will be used by image_to_vm.sh
|
|
split_ver "${FLATCAR_VERSION_ID}" SPLIT
|
|
tee "${BUILD_DIR}/version.txt" <<EOF
|
|
FLATCAR_BUILD=${SPLIT[0]}
|
|
FLATCAR_BRANCH=${SPLIT[1]}
|
|
FLATCAR_PATCH=${SPLIT[2]}
|
|
FLATCAR_VERSION=${FLATCAR_VERSION}
|
|
FLATCAR_VERSION_ID=${FLATCAR_VERSION_ID}
|
|
FLATCAR_BUILD_ID="${FLATCAR_BUILD_ID}"
|
|
FLATCAR_SDK_VERSION=${FLATCAR_SDK_VERSION}
|
|
EOF
|
|
|
|
# Create a named symlink.
|
|
set_build_symlinks latest "${FLAGS_group}-latest"
|
|
|
|
echo "Done. Image(s) created in ${BUILD_DIR}"
|
|
|
|
print_image_to_vm() {
|
|
flags=
|
|
if [ $# = 1 ]; then
|
|
flags="--${1}_image"
|
|
fi
|
|
|
|
cat << EOF
|
|
To convert it to a virtual machine image, use:
|
|
./image_to_vm.sh --from=${OUTSIDE_OUTPUT_DIR} --board=${BOARD} ${flags}
|
|
|
|
The default type is $(get_default_vm_type ${BOARD}), see ./image_to_vm.sh --help for other options.
|
|
EOF
|
|
}
|
|
|
|
# Print out the images we generated.
|
|
if [[ "${PROD_IMAGE}" -eq 1 ]]; then
|
|
echo "Flatcar Production image created as ${FLATCAR_PRODUCTION_IMAGE_NAME}"
|
|
print_image_to_vm
|
|
fi
|
|
|
|
command_completed
|