From f10642c82beacd8f04d21d9f8116796d74bdc087 Mon Sep 17 00:00:00 2001 From: Jakob Naucke Date: Wed, 22 Dec 2021 19:06:26 +0100 Subject: [PATCH 1/2] osbuilder: Source .cargo/env before checking Rust We install Rust in the build containers, but we also install Rust in `rootfs.sh` if it is missing. It makes sense to install Rust in the build containers so it does not have to be installed every time, but for that check to work on non-login shells, we should source `.cargo/env` before running it. Signed-off-by: Jakob Naucke --- tools/osbuilder/rootfs-builder/rootfs.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/osbuilder/rootfs-builder/rootfs.sh b/tools/osbuilder/rootfs-builder/rootfs.sh index 20c14b2e82..b13dc3cbc1 100755 --- a/tools/osbuilder/rootfs-builder/rootfs.sh +++ b/tools/osbuilder/rootfs-builder/rootfs.sh @@ -554,6 +554,7 @@ EOT echo "WARNING: Forcing LIBC=gnu because $ARCH has no musl Rust target" fi [ "$LIBC" == "musl" ] && bash ${script_dir}/../../../ci/install_musl.sh + test -r "${HOME}/.cargo/env" && source "${HOME}/.cargo/env" # rust agent needs ${arch}-unknown-linux-${LIBC} if ! (rustup show | grep -v linux-${LIBC} > /dev/null); then if [ "$RUST_VERSION" == "null" ]; then From 573a37b33b4100deaf1026af61aadd03fbc37abe Mon Sep 17 00:00:00 2001 From: Jakob Naucke Date: Wed, 22 Dec 2021 19:06:26 +0100 Subject: [PATCH 2/2] osbuilder: Add CentOS Stream rootfs to cover a Red Hat (adjacent) rootfs with great cross-platform compatibility and a workable release cadence. The previous CentOS & Fedora workflows are simplified. Also remove unnecessary `/usr/share` files as on Ubuntu and mark Alpine as unuspported on ppc64le (due to musl, for a while already). Fixes: #3340 Signed-off-by: Jakob Naucke --- tools/osbuilder/.gitignore | 2 +- tools/osbuilder/README.md | 12 +++--- .../rootfs-builder/centos/Dockerfile.in | 18 ++++++++ .../osbuilder/rootfs-builder/centos/config.sh | 17 ++++++++ tools/osbuilder/rootfs-builder/rootfs.sh | 9 ---- tools/osbuilder/scripts/lib.sh | 43 ++++--------------- 6 files changed, 51 insertions(+), 50 deletions(-) create mode 100644 tools/osbuilder/rootfs-builder/centos/Dockerfile.in create mode 100644 tools/osbuilder/rootfs-builder/centos/config.sh diff --git a/tools/osbuilder/.gitignore b/tools/osbuilder/.gitignore index b70d4aa8ca..5936792d5c 100644 --- a/tools/osbuilder/.gitignore +++ b/tools/osbuilder/.gitignore @@ -3,7 +3,7 @@ dracut/Dockerfile dracut/dracut.conf.d/15-extra-libs.conf /.*.done /*_rootfs -/kata-Centos-dnf.conf +/kata-centos-dnf.conf /kata-containers-initrd.img /kata-containers.img rootfs-builder/centos/RPM-GPG-KEY-* diff --git a/tools/osbuilder/README.md b/tools/osbuilder/README.md index b97839361e..343d2bf60a 100644 --- a/tools/osbuilder/README.md +++ b/tools/osbuilder/README.md @@ -209,9 +209,9 @@ of the the osbuilder distributions. > Note: this table is not relevant for the dracut build method, since it supports any Linux distribution and architecture where dracut is available. -| |Alpine |Clear Linux |Debian/Ubuntu | -|-- |-- |-- |-- | -|**ARM64** |:heavy_check_mark:| | | -|**PPC64le**|:heavy_check_mark:| |:heavy_check_mark:| -|**s390x** | | |:heavy_check_mark:| -|**x86_64** |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:| +| |Alpine |CentOS Stream |Clear Linux |Debian/Ubuntu | +|-- |-- |-- |-- |-- | +|**ARM64** |:heavy_check_mark:|:heavy_check_mark:| | | +|**PPC64le**| |:heavy_check_mark:| |:heavy_check_mark:| +|**s390x** | |:heavy_check_mark:| |:heavy_check_mark:| +|**x86_64** |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:| diff --git a/tools/osbuilder/rootfs-builder/centos/Dockerfile.in b/tools/osbuilder/rootfs-builder/centos/Dockerfile.in new file mode 100644 index 0000000000..fce8059947 --- /dev/null +++ b/tools/osbuilder/rootfs-builder/centos/Dockerfile.in @@ -0,0 +1,18 @@ +# Copyright (c) 2018 Intel Corporation, 2021 IBM Corp. +# +# SPDX-License-Identifier: Apache-2.0 + +FROM quay.io/centos/centos:@OS_VERSION@ +@SET_PROXY@ + +RUN dnf -y update && \ + dnf -y install dnf-plugins-core && \ + dnf config-manager --set-enabled crb && \ + dnf -y install \ + diffutils \ + file \ + g++ \ + git \ + protobuf-compiler + +@INSTALL_RUST@ diff --git a/tools/osbuilder/rootfs-builder/centos/config.sh b/tools/osbuilder/rootfs-builder/centos/config.sh new file mode 100644 index 0000000000..d9d51e5d76 --- /dev/null +++ b/tools/osbuilder/rootfs-builder/centos/config.sh @@ -0,0 +1,17 @@ +#!/bin/sh +# Copyright (c) 2018 Intel Corporation, 2021 IBM Corp. +# +# SPDX-License-Identifier: Apache-2.0 + +OS_NAME=centos +OS_VERSION=${OS_VERSION:-stream9} +PACKAGES=chrony +[ "$AGENT_INIT" = no ] && PACKAGES+=" systemd" +[ "$SECCOMP" = yes ] && PACKAGES+=" libseccomp" + +# Container registry tag is different from metalink repo, e.g. "stream9" => "9-stream" +os_repo_version="$(sed -E "s/(stream)(.+)/\2-\1/" <<< "$OS_VERSION")" + +METALINK="https://mirrors.centos.org/metalink?repo=centos-baseos-$os_repo_version&arch=\$basearch" +GPG_KEY_FILE=RPM-GPG-KEY-CentOS-Official +GPG_KEY_URL="https://centos.org/keys/$GPG_KEY_FILE" diff --git a/tools/osbuilder/rootfs-builder/rootfs.sh b/tools/osbuilder/rootfs-builder/rootfs.sh index b13dc3cbc1..80633a0451 100755 --- a/tools/osbuilder/rootfs-builder/rootfs.sh +++ b/tools/osbuilder/rootfs-builder/rootfs.sh @@ -45,9 +45,6 @@ ARCH=$(uname -m) # distro-specific config file typeset -r CONFIG_SH="config.sh" -# optional arch-specific config file -typeset -r CONFIG_ARCH_SH="config_${ARCH}.sh" - # Name of an optional distro-specific file which, if it exists, must implement the # build_rootfs() function. typeset -r LIB_SH="rootfs_lib.sh" @@ -308,12 +305,6 @@ build_rootfs_distro() rootfs_config="${distro_config_dir}/${CONFIG_SH}" source "${rootfs_config}" - # Source arch-specific config file - rootfs_arch_config="${distro_config_dir}/${CONFIG_ARCH_SH}" - if [ -f "${rootfs_arch_config}" ]; then - source "${rootfs_arch_config}" - fi - if [ -z "$ROOTFS_DIR" ]; then ROOTFS_DIR="${script_dir}/rootfs-${OS_NAME}" fi diff --git a/tools/osbuilder/scripts/lib.sh b/tools/osbuilder/scripts/lib.sh index 857eed57c7..9f806d0394 100644 --- a/tools/osbuilder/scripts/lib.sh +++ b/tools/osbuilder/scripts/lib.sh @@ -57,36 +57,18 @@ check_root() generate_dnf_config() { - REPO_NAME=${REPO_NAME:-"base"} - CACHE_DIR=${CACHE_DIR:-"/var/cache/dnf"} cat > "${DNF_CONF}" << EOF [main] -cachedir=${CACHE_DIR} -logfile=${LOG_FILE} -keepcache=0 -debuglevel=2 -exactarch=1 -obsoletes=1 -plugins=0 -installonly_limit=3 reposdir=/root/mash -retries=5 + +[base] +name=${OS_NAME}-${OS_VERSION} base +releasever=${OS_VERSION} EOF if [ "$BASE_URL" != "" ]; then - cat >> "${DNF_CONF}" << EOF -[base] -name=${OS_NAME}-${OS_VERSION} ${REPO_NAME} -failovermethod=priority -baseurl=${BASE_URL} -enabled=1 -EOF - elif [ "$MIRROR_LIST" != "" ]; then - cat >> "${DNF_CONF}" << EOF -[base] -name=${OS_NAME}-${OS_VERSION} ${REPO_NAME} -mirrorlist=${MIRROR_LIST} -enabled=1 -EOF + echo "baseurl=$BASE_URL" >> "$DNF_CONF" + elif [ "$METALINK" != "" ]; then + echo "metalink=$METALINK" >> "$DNF_CONF" fi if [ -n "$GPG_KEY_URL" ]; then @@ -99,15 +81,6 @@ gpgkey=file://${CONFIG_DIR}/${GPG_KEY_FILE} EOF fi - if [ -n "$GPG_KEY_ARCH_URL" ]; then - if [ ! -f "${CONFIG_DIR}/${GPG_KEY_ARCH_FILE}" ]; then - curl -L "${GPG_KEY_ARCH_URL}" -o "${CONFIG_DIR}/${GPG_KEY_ARCH_FILE}" - fi - cat >> "${DNF_CONF}" << EOF - file://${CONFIG_DIR}/${GPG_KEY_ARCH_FILE} -EOF - fi - } build_rootfs() @@ -151,6 +124,8 @@ build_rootfs() info "install packages for rootfs" $DNF install ${EXTRA_PKGS} ${PACKAGES} + + rm -rf ${ROOTFS_DIR}/usr/share/{bash-completion,cracklib,doc,info,locale,man,misc,pixmaps,terminfo,zoneinfo,zsh} } # Create a YAML metadata file inside the rootfs.