update gentoo to allow building arm64 images

Adds:

1. grub-efi package mappings
2. efi-64 support
3. default (openrc) arm64 profile
4. systemd arm64 profile

Cleans up the keywords and use flags in 02-gentoo-02-flags.  Most stuff
was stablized.  Also cleaned up some formatting for the if statements.

Enables less trusted overlays (up to the end user to verify).

in 10-gentoo-image I cleaned up some bash lint things as well.
using && instead of -a and avoiding $?

Change-Id: I3dffe1aab4bbdc4946a9bf2269bf0cde49529a4e
This commit is contained in:
Matthew Thode 2020-08-12 22:23:29 -05:00
parent 1291dcba51
commit bea81bd234
No known key found for this signature in database
GPG Key ID: 64A37BEAAE19A4E8
4 changed files with 40 additions and 31 deletions

View File

@ -18,7 +18,10 @@
"dkms_package": "", "dkms_package": "",
"extlinux": "syslinux", "extlinux": "syslinux",
"grub-pc": "grub", "grub-pc": "grub",
"grub-efi": "grub" "grub-efi": "grub",
"grub-efi-amd64": "grub",
"grub-efi-arm64": "grub",
"grub-efi-aarch64": "grub"
}, },
"suse": { "suse": {
"dkms_package": "", "dkms_package": "",

View File

@ -9,9 +9,7 @@ set -o pipefail
# get the directories in order # get the directories in order
mkdir -p /etc/portage/profile mkdir -p /etc/portage/profile
mkdir -p /etc/portage/package.accept_keywords mkdir -p /etc/portage/package.accept_keywords
if [ -f /etc/portage/package.keywords ]; then if [[ -f /etc/portage/package.keywords ]]; then mv /etc/portage/package.keywords /etc/portage/package.accept_keywords/prebuilt-1; fi
mv /etc/portage/package.keywords /etc/portage/package.accept_keywords/prebuilt-1
fi
mkdir -p /etc/portage/package.mask mkdir -p /etc/portage/package.mask
mkdir -p /etc/portage/package.unmask mkdir -p /etc/portage/package.unmask
mkdir -p /etc/portage/package.use mkdir -p /etc/portage/package.use
@ -21,22 +19,14 @@ echo 'dev-python/pip vanilla' >> /etc/portage/package.use/pip
# needed to create disk images # needed to create disk images
echo 'sys-fs/lvm2 -thin' >> /etc/portage/package.use/grub echo 'sys-fs/lvm2 -thin' >> /etc/portage/package.use/grub
echo 'sys-boot/grub device-mapper' >> /etc/portage/package.use/grub echo 'sys-boot/grub device-mapper' >> /etc/portage/package.use/grub
echo 'sys-boot/grub grub_platforms_efi-64' >> /etc/portage/package.use/grub # always enable efi-64
if [[ 'x86_64' == "${ARCH}" ]]; then echo 'sys-boot/grub grub_platforms_pc' >> /etc/portage/package.use/grub; fi # bios support for bios systems
# needed in order to install pip packages as root
echo '=dev-python/pip-9.0.1-r2 ~amd64' >> /etc/portage/package.accept_keywords/pip
# needed to install static kernel # needed to install static kernel
echo '~sys-apps/debianutils-4.9.1 ~amd64' >> /etc/portage/package.accept_keywords/kernel if [[ 'x86_64' == "${ARCH}" ]]; then echo 'sys-kernel/gentoo-kernel-bin ~amd64' >> /etc/portage/package.accept_keywords/kernel; fi
echo 'sys-kernel/installkernel-gentoo ~amd64' >> /etc/portage/package.accept_keywords/kernel if [[ 'arm64' == "${ARCH}" ]]; then echo 'sys-kernel/gentoo-kernel-bin ~arm64' >> /etc/portage/package.accept_keywords/kernel; fi
echo 'sys-kernel/gentoo-kernel-bin ~amd64' >> /etc/portage/package.accept_keywords/kernel
# needed for sfdisk to work
echo '~sys-apps/util-linux-2.35.2 ~amd64 # sfdisk growpart fix' >> /etc/portage/package.accept_keywords/util-linux
if [[ "${GENTOO_PROFILE}" == *"systemd"* ]]; then
# systemd import-tar is broken, use a more recent (fixed) version
echo '~sys-apps/systemd-241 ~amd64' >> /etc/portage/package.accept_keywords/systemd
fi
# musl only valid for amd64 for now
if [[ "${GENTOO_PROFILE}" == *"musl"* ]]; then if [[ "${GENTOO_PROFILE}" == *"musl"* ]]; then
echo "dev-vcs/git -gpg" >> /etc/portage/package.use/musl # gpg doesn't build on musl profiles echo "dev-vcs/git -gpg" >> /etc/portage/package.use/musl # gpg doesn't build on musl profiles
echo "~sys-block/open-iscsi-2.0.878 ~amd64" >> /etc/portage/package.accept_keywords/musl echo "~sys-block/open-iscsi-2.0.878 ~amd64" >> /etc/portage/package.accept_keywords/musl

View File

@ -22,6 +22,8 @@ if [[ ${GENTOO_OVERLAYS} != '' ]]; then
emerge ${GENTOO_EMERGE_DEFAULT_OPTS} --oneshot openssl openssh emerge ${GENTOO_EMERGE_DEFAULT_OPTS} --oneshot openssl openssh
# install layman # install layman
emerge ${GENTOO_EMERGE_DEFAULT_OPTS} --deep --ignore-built-slot-operator-deps=y layman emerge ${GENTOO_EMERGE_DEFAULT_OPTS} --deep --ignore-built-slot-operator-deps=y layman
# set layman config options
sed -i 's/^check_official.*/check_official : No/g' /etc/layman/layman.cfg # allow unoffical repos
# sync the initial overlay list # sync the initial overlay list
layman -S layman -S
# enable the various overlays, ignore failures (overlay my already be enabled) # enable the various overlays, ignore failures (overlay my already be enabled)

View File

@ -28,8 +28,8 @@ if [ 'amd64' = "${ARCH}" ] ; then
ARCH='x86_64' ARCH='x86_64'
fi fi
if ! [ 'x86_64' = "${ARCH}" ] ; then if [[ 'x86_64' != "${ARCH}" ]] && [[ 'arm64' != "${ARCH}" ]]; then
echo "Only x86_64 images are currently available but ARCH is set to ${ARCH}." echo "Only x86_64 or arm64 images are currently available but ARCH is set to ${ARCH}."
exit 1 exit 1
fi fi
@ -38,24 +38,32 @@ fi
# default/linux/amd64/13.0/no-multilib # default/linux/amd64/13.0/no-multilib
# hardened/linux/amd64 # hardened/linux/amd64
# hardened/linux/amd64/no-multilib # hardened/linux/amd64/no-multilib
# default/linux/arm64/17.0
# default/linux/arm64/17.0/systemd
GENTOO_PROFILE=${GENTOO_PROFILE:-'default/linux/amd64/17.1'} GENTOO_PROFILE=${GENTOO_PROFILE:-'default/linux/amd64/17.1'}
if [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1" ]]; then if [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1" ]]; then
FILENAME_BASE='gentoo-stage3' FILENAME_BASE='amd64_gentoo-stage3'
SIGNED_SOURCE_SUFFIX='' SIGNED_SOURCE_SUFFIX=''
elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1/no-multilib" ]]; then elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1/no-multilib" ]]; then
FILENAME_BASE='gentoo-stage3-nomultilib' FILENAME_BASE='amd64_gentoo-stage3-nomultilib'
SIGNED_SOURCE_SUFFIX='-nomultilib' SIGNED_SOURCE_SUFFIX='-nomultilib'
elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1/hardened" ]]; then elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1/hardened" ]]; then
FILENAME_BASE='gentoo-stage3-hardened' FILENAME_BASE='amd64_gentoo-stage3-hardened'
SIGNED_SOURCE_SUFFIX='-hardened' SIGNED_SOURCE_SUFFIX='-hardened'
elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1/no-multilib/hardened" ]]; then elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1/no-multilib/hardened" ]]; then
FILENAME_BASE='gentoo-stage3-hardened-nomultilib' FILENAME_BASE='amd64_gentoo-stage3-hardened-nomultilib'
SIGNED_SOURCE_SUFFIX='-hardened+nomultilib' SIGNED_SOURCE_SUFFIX='-hardened+nomultilib'
elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.0/musl/hardened" ]]; then elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.0/musl/hardened" ]]; then
FILENAME_BASE='gentoo-stage3-hardened-musl' FILENAME_BASE='amd64_gentoo-stage3-hardened-musl'
SIGNED_SOURCE_SUFFIX='-musl-hardened' SIGNED_SOURCE_SUFFIX='-musl-hardened'
elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1/systemd" ]]; then elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1/systemd" ]]; then
FILENAME_BASE='gentoo-stage3-systemd' FILENAME_BASE='amd64_gentoo-stage3-systemd'
SIGNED_SOURCE_SUFFIX='-systemd'
elif [[ "${GENTOO_PROFILE}" == "default/linux/arm64/17.0" ]]; then
FILENAME_BASE='arm64_gentoo-stage3'
SIGNED_SOURCE_SUFFIX=''
elif [[ "${GENTOO_PROFILE}" == "default/linux/arm64/17.0/systemd" ]]; then
FILENAME_BASE='arm64_gentoo-stage3-systemd'
SIGNED_SOURCE_SUFFIX='-systemd' SIGNED_SOURCE_SUFFIX='-systemd'
else else
echo 'invalid profile, please select from the following profiles' echo 'invalid profile, please select from the following profiles'
@ -64,17 +72,24 @@ else
echo 'default/linux/amd64/17.1/hardened' echo 'default/linux/amd64/17.1/hardened'
echo 'default/linux/amd64/17.1/no-multilib/hardened' echo 'default/linux/amd64/17.1/no-multilib/hardened'
echo 'default/linux/amd64/17.1/systemd' echo 'default/linux/amd64/17.1/systemd'
echo 'default/linux/arm64/17.0'
echo 'default/linux/arm64/17.0/systemd'
exit 1 exit 1
fi fi
DIB_CLOUD_SOURCE=${DIB_CLOUD_SOURCE:-"http://distfiles.gentoo.org/releases/amd64/autobuilds/latest-stage3-amd64${SIGNED_SOURCE_SUFFIX}.txt"} if [[ "${GENTOO_PROFILE}" == *'amd64'* ]]; then
BASE_IMAGE_FILE=${BASE_IMAGE_FILE:-"http://distfiles.gentoo.org/releases/amd64/autobuilds/$(curl ${DIB_CLOUD_SOURCE} -s -f | tail -n 1 | cut -d\ -f 1)"} ARCH_PATH='amd64'
BASE_IMAGE_FILE_SUFFIX=${BASE_IMAGE_FILE_SUFFIX:-"$(basename ${BASE_IMAGE_FILE} | cut -d. -f 2,3)"} elif [[ "${GENTOO_PROFILE}" == *'arm64'* ]]; then
ARCH_PATH='arm64'
fi
DIB_CLOUD_SOURCE=${DIB_CLOUD_SOURCE:-"http://distfiles.gentoo.org/releases/${ARCH_PATH}/autobuilds/latest-stage3-${ARCH_PATH}${SIGNED_SOURCE_SUFFIX}.txt"}
BASE_IMAGE_FILE=${BASE_IMAGE_FILE:-"http://distfiles.gentoo.org/releases/${ARCH_PATH}/autobuilds/$(curl "${DIB_CLOUD_SOURCE}" -s -f | tail -n 1 | cut -d\ -f 1)"}
BASE_IMAGE_FILE_SUFFIX=${BASE_IMAGE_FILE_SUFFIX:-"$(basename "${BASE_IMAGE_FILE}" | cut -d. -f 2,3)"}
SIGNATURE_FILE="${SIGNATURE_FILE:-${BASE_IMAGE_FILE}.DIGESTS.asc}" SIGNATURE_FILE="${SIGNATURE_FILE:-${BASE_IMAGE_FILE}.DIGESTS.asc}"
CACHED_FILE="${DIB_IMAGE_CACHE}/${FILENAME_BASE}.${BASE_IMAGE_FILE_SUFFIX}" CACHED_FILE="${DIB_IMAGE_CACHE}/${FILENAME_BASE}.${BASE_IMAGE_FILE_SUFFIX}"
CACHED_SIGNATURE_FILE="${DIB_IMAGE_CACHE}/${FILENAME_BASE}.asc" CACHED_SIGNATURE_FILE="${DIB_IMAGE_CACHE}/${FILENAME_BASE}.asc"
if [ -n "${DIB_OFFLINE}" -a -f "${CACHED_FILE}" ] ; then if [[ -n "${DIB_OFFLINE}" ]] && [[ -f "${CACHED_FILE}" ]] ; then
echo "Not checking freshness of cached ${CACHED_FILE}" echo "Not checking freshness of cached ${CACHED_FILE}"
else else
echo 'Fetching Base Image' echo 'Fetching Base Image'
@ -87,8 +102,7 @@ else
# https://dev.gentoo.org/~dolsen/releases/keyrings/gentoo-keys-*.tar.xz # https://dev.gentoo.org/~dolsen/releases/keyrings/gentoo-keys-*.tar.xz
# http://distfiles.gentoo.org/distfiles/gentoo-keys-*.tar.xz # http://distfiles.gentoo.org/distfiles/gentoo-keys-*.tar.xz
# check the sig file # check the sig file
gpgv --keyring "${TMP_HOOKS_PATH}"/extra-data.d/gentoo-releng.gpg "${CACHED_SIGNATURE_FILE}" if ! gpgv --keyring "${TMP_HOOKS_PATH}"/extra-data.d/gentoo-releng.gpg "${CACHED_SIGNATURE_FILE}"; then
if [[ "${?}" != 0 ]]; then
echo 'invalid signature file' echo 'invalid signature file'
exit 1 exit 1
fi fi