mirror of
https://github.com/flatcar/scripts.git
synced 2025-10-24 05:41:04 +02:00
This change removes Flatcar specific builds of docker[-cli], containerd, runc, and cri-tools and instead switches to upstream Gentoo ebuilds added to portage-stable. The change updates docker to 24.0.6. NOTE that there currently is no upstream ebuild for containerd-1.7.7, so this change adds that ebuild based on the upstream containerd-1.7.6 ebuild. Flatcar customisations like systemd units etc. are now applied in the manglefs script of the respective sysexts, based on file system trees in coreos-overlay/coreos/sysext/(containerd|docker). The build_sysext script has been extended by an option to strip all binaries in a sysext; the option is active by default. This takes care of removing debug symbols from docker and containerd - which are not removed by the default Gentoo build. The overall size of both containerd and docker sysext is reduced by ~50%. Lastly, the sysext command line syntax of build_image has been extended to allow specifying multiple packages for a sysext. This was necessary because docker-cli and docker do not have any runtime relationships and therefore must both be specified for installation to correctly mirror Flatcar's own docker packaging. Signed-off-by: Thilo Fromm <thilofromm@microsoft.com>
229 lines
8.1 KiB
Bash
Executable File
229 lines
8.1 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
|
|
# Use of this source code is governed by a BSD-style license that can be
|
|
# found in the LICENSE file.
|
|
|
|
# Script to build a bootable keyfob-based chromeos system image from within
|
|
# a coreos setup. This assumes that all needed packages have been built into
|
|
# the given target's root with binary packages turned on. This script will
|
|
# build the Chrome OS image using only pre-built binary packages.
|
|
|
|
SCRIPT_ROOT=$(dirname $(readlink -f "$0"))
|
|
. "${SCRIPT_ROOT}/common.sh" || exit 1
|
|
|
|
# Script must run inside the chroot
|
|
assert_inside_chroot
|
|
|
|
assert_not_root_user
|
|
|
|
DEFAULT_GROUP=developer
|
|
DEFAULT_DEVCONTAINER_BINHOST="${SETTING_BINPKG_SERVER_PROD}"
|
|
|
|
# Developer-visible flags.
|
|
DEFINE_string board "${DEFAULT_BOARD}" \
|
|
"The board to build an image for."
|
|
DEFINE_boolean getbinpkg "${FLAGS_FALSE}" \
|
|
"Download binary packages from remote repository."
|
|
DEFINE_string getbinpkgver "" \
|
|
"Use binary packages from a specific version."
|
|
DEFINE_boolean enable_rootfs_verification ${FLAGS_TRUE} \
|
|
"Default all bootloaders to use kernel-based root fs integrity checking."
|
|
DEFINE_string base_pkg "coreos-base/coreos" \
|
|
"The base portage package to base the build off of (only applies to prod images)"
|
|
DEFINE_string base_dev_pkg "coreos-base/coreos-dev" \
|
|
"The base portage package to base the build off of (only applies to dev containers)"
|
|
DEFINE_string base_sysexts "containerd-flatcar:app-containers/containerd,docker-flatcar:app-containers/docker&app-containers/docker-cli" \
|
|
"Comma-separated list of name:package[&package[&package]] - build 'package' (a single package or a list of packages separated by '&') into sysext 'name', and include with OS image and update payload. Must be in order of dependencies, base sysexts come first."
|
|
DEFINE_string output_root "${DEFAULT_BUILD_ROOT}/images" \
|
|
"Directory in which to place image result directories (named by version)"
|
|
DEFINE_string disk_layout "" \
|
|
"The disk layout type to use for this image."
|
|
DEFINE_string group "${DEFAULT_GROUP}" \
|
|
"The update group."
|
|
DEFINE_boolean generate_update "${FLAGS_FALSE}" \
|
|
"Generate update payload. (prod only)"
|
|
DEFINE_boolean extract_update "${FLAGS_TRUE}" \
|
|
"Extract the /usr partition for generating updates."
|
|
DEFINE_string developer_data "" \
|
|
"Insert a custom cloudinit file into the image."
|
|
DEFINE_string devcontainer_binhost "${DEFAULT_DEVCONTAINER_BINHOST}" \
|
|
"Override portage binhost configuration used in development container."
|
|
|
|
# include upload options
|
|
. "${BUILD_LIBRARY_DIR}/release_util.sh" || exit 1
|
|
|
|
FLAGS_HELP="USAGE: build_image [flags] [list of images to build].
|
|
This script is used to build a CoreOS image. CoreOS comes in many
|
|
different forms. This scripts can be used to build the following:
|
|
|
|
prod - Production image for CoreOS. This image is for booting (default if no argument is given).
|
|
prodtar - Production container tar ball (implies prod). This can e.g. be used to run the Flatcar production image as a container (run machinectl import-tar or docker import).
|
|
container - Developer image with single filesystem, bootable by nspawn.
|
|
|
|
Examples:
|
|
|
|
build_image --board=<board> [prod] [prodtar] [container] - builds developer and production images/tars.
|
|
...
|
|
"
|
|
show_help_if_requested "$@"
|
|
|
|
# The following options are advanced options, only available to those willing
|
|
# to read the source code. They are not shown in help output, since they are
|
|
# not needed for the typical developer workflow.
|
|
DEFINE_integer build_attempt 1 \
|
|
"The build attempt for this image build."
|
|
DEFINE_boolean replace ${FLAGS_FALSE} \
|
|
"Overwrite existing output, if any."
|
|
DEFINE_string version "" \
|
|
"Overrides version number in name to this version."
|
|
|
|
# Parse command line.
|
|
FLAGS "$@" || exit 1
|
|
|
|
eval set -- "${FLAGS_ARGV:-prod}"
|
|
|
|
# Only now can we die on error. shflags functions leak non-zero error codes,
|
|
# so will die prematurely if 'switch_to_strict_mode' is specified before now.
|
|
switch_to_strict_mode
|
|
|
|
check_gsutil_opts
|
|
|
|
# If downloading packages is enabled ensure the board is configured properly.
|
|
if [[ ${FLAGS_getbinpkg} -eq ${FLAGS_TRUE} ]]; then
|
|
"${SRC_ROOT}/scripts/setup_board" --board="${FLAGS_board}" \
|
|
--getbinpkgver="${FLAGS_getbinpkgver}" --regen_configs_only
|
|
fi
|
|
|
|
# N.B. Ordering matters for some of the libraries below, because
|
|
# some of the files contain initialization used by later files.
|
|
. "${BUILD_LIBRARY_DIR}/toolchain_util.sh" || exit 1
|
|
. "${BUILD_LIBRARY_DIR}/board_options.sh" || exit 1
|
|
. "${BUILD_LIBRARY_DIR}/build_image_util.sh" || exit 1
|
|
. "${BUILD_LIBRARY_DIR}/prod_image_util.sh" || exit 1
|
|
. "${BUILD_LIBRARY_DIR}/dev_container_util.sh" || exit 1
|
|
. "${BUILD_LIBRARY_DIR}/test_image_content.sh" || exit 1
|
|
. "${BUILD_LIBRARY_DIR}/vm_image_util.sh" || exit 1
|
|
|
|
PROD_IMAGE=0
|
|
PROD_TAR=0
|
|
CONTAINER=0
|
|
for arg in "$@"; do
|
|
case "${arg}" in
|
|
prod) PROD_IMAGE=1 ;;
|
|
prodtar) PROD_IMAGE=1 PROD_TAR=1 ;;
|
|
container) CONTAINER=1 ;;
|
|
*) die_notrace "Unknown image type ${arg}" ;;
|
|
esac
|
|
done
|
|
|
|
# Check that the build root is sane.
|
|
if [[ ${skip_test_build_root} -ne 1 ]]; then
|
|
info "Checking build root"
|
|
test_image_content "${BOARD_ROOT}"
|
|
fi
|
|
|
|
# Handle existing directory.
|
|
if [[ -e "${BUILD_DIR}" ]]; then
|
|
if [[ ${FLAGS_replace} -eq ${FLAGS_TRUE} ]]; then
|
|
sudo rm -rf "${BUILD_DIR}"
|
|
else
|
|
error "Directory ${BUILD_DIR} already exists."
|
|
error "Use --build_attempt option to specify an unused attempt."
|
|
error "Or use --replace if you want to overwrite this directory."
|
|
die "Unwilling to overwrite ${BUILD_DIR}."
|
|
fi
|
|
fi
|
|
|
|
# Create the output directory and temporary mount points.
|
|
mkdir -p "${BUILD_DIR}"
|
|
|
|
DISK_LAYOUT="${FLAGS_disk_layout:-base}"
|
|
CONTAINER_LAYOUT="${FLAGS_disk_layout:-container}"
|
|
|
|
if [[ -n "${FLAGS_developer_data}" ]]; then
|
|
if [[ ! -f "${FLAGS_developer_data}" ]]; then
|
|
die_notrace "Developer data is not a file: ${FLAGS_developer_data}"
|
|
fi
|
|
info "Using developer cloudinit data: ${FLAGS_developer_data}"
|
|
elif [[ -s /etc/shared_user_passwd.txt ]]; then
|
|
FLAGS_developer_data="${BUILD_DIR}/developer_data"
|
|
info "Generating developer cloudinit with shared user password."
|
|
cat >"${FLAGS_developer_data}" <<EOF
|
|
#cloud-config
|
|
|
|
users:
|
|
- name: core
|
|
passwd: $(</etc/shared_user_passwd.txt)
|
|
EOF
|
|
fi
|
|
|
|
fix_mtab
|
|
|
|
if [[ "${CONTAINER}" -eq 1 ]]; then
|
|
IMAGE_BUILD_TYPE="container"
|
|
create_dev_container "${FLATCAR_DEVELOPER_CONTAINER_NAME}" "${CONTAINER_LAYOUT}" "${FLAGS_devcontainer_binhost}" "${FLAGS_group}" ${FLAGS_base_dev_pkg}
|
|
fi
|
|
|
|
if [[ "${PROD_IMAGE}" -eq 1 ]]; then
|
|
IMAGE_BUILD_TYPE="prod"
|
|
create_prod_image ${FLATCAR_PRODUCTION_IMAGE_NAME} ${DISK_LAYOUT} ${FLAGS_group} ${FLAGS_base_pkg} ${FLAGS_base_sysexts}
|
|
if [[ ${FLAGS_generate_update} -eq ${FLAGS_TRUE} ]]; then
|
|
generate_update "${FLATCAR_PRODUCTION_IMAGE_NAME}" ${DISK_LAYOUT}
|
|
elif [[ ${FLAGS_extract_update} -eq ${FLAGS_TRUE} ]]; then
|
|
extract_update "${FLATCAR_PRODUCTION_IMAGE_NAME}" "${DISK_LAYOUT}"
|
|
fi
|
|
if [[ "${PROD_TAR}" -eq 1 ]]; then
|
|
create_prod_tar ${FLATCAR_PRODUCTION_IMAGE_NAME}
|
|
fi
|
|
fi
|
|
|
|
if [[ ${FLAGS_generate_update} -eq ${FLAGS_TRUE} ]] || \
|
|
[[ ${FLAGS_extract_update} -eq ${FLAGS_TRUE} ]]
|
|
then
|
|
zip_update_tools
|
|
fi
|
|
|
|
# Write out a version.txt file, this will be used by image_to_vm.sh
|
|
split_ver "${FLATCAR_VERSION_ID}" SPLIT
|
|
tee "${BUILD_DIR}/version.txt" <<EOF
|
|
FLATCAR_BUILD=${SPLIT[0]}
|
|
FLATCAR_BRANCH=${SPLIT[1]}
|
|
FLATCAR_PATCH=${SPLIT[2]}
|
|
FLATCAR_VERSION=${FLATCAR_VERSION}
|
|
FLATCAR_VERSION_ID=${FLATCAR_VERSION_ID}
|
|
FLATCAR_BUILD_ID="${FLATCAR_BUILD_ID}"
|
|
FLATCAR_SDK_VERSION=${FLATCAR_SDK_VERSION}
|
|
EOF
|
|
|
|
upload_image "${BUILD_DIR}/version.txt"
|
|
|
|
# Create a named symlink.
|
|
set_build_symlinks latest "${FLAGS_group}-latest"
|
|
|
|
echo "Done. Image(s) created in ${BUILD_DIR}"
|
|
|
|
print_image_to_vm() {
|
|
flags=
|
|
if [ $# = 1 ]; then
|
|
flags="--${1}_image"
|
|
fi
|
|
|
|
cat << EOF
|
|
To convert it to a virtual machine image, use:
|
|
./image_to_vm.sh --from=${OUTSIDE_OUTPUT_DIR} --board=${BOARD} ${flags}
|
|
|
|
The default type is $(get_default_vm_type ${BOARD}), see ./image_to_vm.sh --help for other options.
|
|
EOF
|
|
}
|
|
|
|
# Print out the images we generated.
|
|
if [[ "${PROD_IMAGE}" -eq 1 ]]; then
|
|
echo "Flatcar Production image created as ${FLATCAR_PRODUCTION_IMAGE_NAME}"
|
|
print_image_to_vm
|
|
fi
|
|
|
|
command_completed
|
|
|
|
|