forked from coreos/coreos-assembler
-
Notifications
You must be signed in to change notification settings - Fork 0
/
build.sh
executable file
·145 lines (121 loc) · 5.45 KB
/
build.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
#!/usr/bin/env bash
set -euo pipefail
# Currently used to determine the version of `oc` we install
OCP_VERSION=4.10
# Keep this script idempotent for local development rebuild use cases:
# any consecutive runs should produce the same result.
# Detect what platform we are on
if ! grep -q '^Fedora' /etc/redhat-release; then
echo 1>&2 "should be on either Fedora"
exit 1
fi
arch=$(uname -m)
if [ $# -gt 1 ]; then
echo Usage: "build.sh [CMD]"
echo "Supported commands:"
echo " configure_user"
echo " configure_yum_repos"
echo " install_rpms"
echo " make_and_makeinstall"
exit 1
fi
set -x
srcdir=$(pwd)
configure_yum_repos() {
local version_id
version_id=$(. /etc/os-release && echo ${VERSION_ID})
# Add continuous tag for latest build tools and mark as required so we
# can depend on those latest tools being available in all container
# builds.
echo -e "[f${version_id}-coreos-continuous]\nenabled=1\nmetadata_expire=1m\nbaseurl=https://kojipkgs.fedoraproject.org/repos-dist/f${version_id}-coreos-continuous/latest/\$basearch/\ngpgcheck=0\nskip_if_unavailable=False\n" > /etc/yum.repos.d/coreos.repo
}
install_rpms() {
local builddeps
local frozendeps
# freeze kernel due to https://github.com/coreos/coreos-assembler/issues/2707
frozendeps=$(echo kernel{,-core,-modules}-5.15.18-200.fc35)
# First, a general update; this is best practice. We also hit an issue recently
# where qemu implicitly depended on an updated libusbx but didn't have a versioned
# requires https://bugzilla.redhat.com/show_bug.cgi?id=1625641
yum -y distro-sync
# xargs is part of findutils, which may not be installed
yum -y install /usr/bin/xargs
# These are only used to build things in here. Today
# we ship these in the container too to make it easier
# to use the container as a development environment for itself.
# Down the line we may strip these out, or have a separate
# development version.
builddeps=$(grep -v '^#' "${srcdir}"/src/build-deps.txt)
# Process our base dependencies + build dependencies and install
(echo "${builddeps}" && echo "${frozendeps}" && "${srcdir}"/src/print-dependencies.sh) | xargs yum -y install
# Add fast-tracked packages here. We don't want to wait on bodhi for rpm-ostree
# as we want to enable fast iteration there.
yum --enablerepo=updates-testing upgrade rpm-ostree
# Commented out for now, see above
#dnf remove -y ${builddeps}
# can't remove grubby on el7 because libguestfs-tools depends on it
# Add --exclude for s390utils-base because we need it to not get removed.
rpm -q grubby && yum remove --exclude=s390utils-base -y grubby
# Allow Kerberos Auth to work from a keytab. The keyring is not
# available in a Container.
sed -e "s/^.*default_ccache_name/# default_ccache_name/g" -i /etc/krb5.conf
# Open up permissions on /boot/efi files so we can copy them
# for our ISO installer image, skip if not present
if [ -e /boot/efi ]; then
chmod -R a+rX /boot/efi
fi
# Similarly for kernel data and SELinux policy, which we want to inject into supermin
chmod -R a+rX /usr/lib/modules /usr/share/selinux/targeted
# Further cleanup
yum clean all
}
# For now, we ship `oc` in coreos-assembler as {Fedora,RHEL} CoreOS is an essential part of OCP4,
# and it is very useful to have in the same place/flow as where we do builds/tests related
# to CoreOS.
install_ocp_tools() {
curl -L https://mirror.openshift.com/pub/openshift-v4/"$(arch)"/clients/ocp/latest-$OCP_VERSION/openshift-client-linux.tar.gz | tar zxf - oc \
&& mv oc /usr/bin
}
make_and_makeinstall() {
make && make install
}
configure_user(){
# /dev/kvm might be bound in, but will have the gid from the host, and not all distros
# a+rw permissions on /dev/kvm. create groups for all the common kvm gids and then add
# builder to them.
# systemd defaults to 0666 but other packages like qemu sometimes override this with 0660.
# Adding the user to the kvm group should always work.
# fedora uses gid 36 for kvm
getent group kvm78 || groupadd -g 78 -o -r kvm78 # arch, gentoo
getent group kvm124 || groupadd -g 124 -o -r kvm124 # debian
getent group kvm232 || groupadd -g 232 -o -r kvm232 # ubuntu
# We want to run what builds we can as an unprivileged user;
# running as non-root is much better for the libvirt stack in particular
# for the cases where we have --privileged in the container run for other reasons.
# At some point we may make this the default.
getent passwd builder || useradd builder --uid 1000 -G wheel,kvm,kvm78,kvm124,kvm232
echo '%wheel ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/wheel-nopasswd
# Contents of /etc/sudoers.d need not to be world writable
chmod 600 /etc/sudoers.d/wheel-nopasswd
}
write_archive_info() {
# shellcheck source=src/cmdlib.sh
. "${srcdir}/src/cmdlib.sh"
mkdir -p /cosa /lib/coreos-assembler
touch -f /lib/coreos-assembler/.clean
prepare_git_artifacts "${srcdir}" /cosa/coreos-assembler-git.tar.gz /cosa/coreos-assembler-git.json
}
if [ $# -ne 0 ]; then
# Run the function specified by the calling script
${1}
else
# Otherwise, just run all the steps. NOTE: This is presently not actually
# used in `Dockerfile`, so if you add a stage you'll need to do it both
# here and there.
configure_yum_repos
install_rpms
write_archive_info
make_and_makeinstall
install_ocp_tools
configure_user
fi