update gentoo to allow building arm64 images
Adds: 1. grub-efi package mappings 2. efi-64 support 3. default (openrc) arm64 profile 4. systemd arm64 profile Cleans up the keywords and use flags in 02-gentoo-02-flags. Most stuff was stablized. Also cleaned up some formatting for the if statements. Enables less trusted overlays (up to the end user to verify). in 10-gentoo-image I cleaned up some bash lint things as well. using && instead of -a and avoiding $? Change-Id: I3dffe1aab4bbdc4946a9bf2269bf0cde49529a4e
This commit is contained in:
parent
1291dcba51
commit
bea81bd234
@ -18,7 +18,10 @@
|
|||||||
"dkms_package": "",
|
"dkms_package": "",
|
||||||
"extlinux": "syslinux",
|
"extlinux": "syslinux",
|
||||||
"grub-pc": "grub",
|
"grub-pc": "grub",
|
||||||
"grub-efi": "grub"
|
"grub-efi": "grub",
|
||||||
|
"grub-efi-amd64": "grub",
|
||||||
|
"grub-efi-arm64": "grub",
|
||||||
|
"grub-efi-aarch64": "grub"
|
||||||
},
|
},
|
||||||
"suse": {
|
"suse": {
|
||||||
"dkms_package": "",
|
"dkms_package": "",
|
||||||
|
@ -9,9 +9,7 @@ set -o pipefail
|
|||||||
# get the directories in order
|
# get the directories in order
|
||||||
mkdir -p /etc/portage/profile
|
mkdir -p /etc/portage/profile
|
||||||
mkdir -p /etc/portage/package.accept_keywords
|
mkdir -p /etc/portage/package.accept_keywords
|
||||||
if [ -f /etc/portage/package.keywords ]; then
|
if [[ -f /etc/portage/package.keywords ]]; then mv /etc/portage/package.keywords /etc/portage/package.accept_keywords/prebuilt-1; fi
|
||||||
mv /etc/portage/package.keywords /etc/portage/package.accept_keywords/prebuilt-1
|
|
||||||
fi
|
|
||||||
mkdir -p /etc/portage/package.mask
|
mkdir -p /etc/portage/package.mask
|
||||||
mkdir -p /etc/portage/package.unmask
|
mkdir -p /etc/portage/package.unmask
|
||||||
mkdir -p /etc/portage/package.use
|
mkdir -p /etc/portage/package.use
|
||||||
@ -21,22 +19,14 @@ echo 'dev-python/pip vanilla' >> /etc/portage/package.use/pip
|
|||||||
# needed to create disk images
|
# needed to create disk images
|
||||||
echo 'sys-fs/lvm2 -thin' >> /etc/portage/package.use/grub
|
echo 'sys-fs/lvm2 -thin' >> /etc/portage/package.use/grub
|
||||||
echo 'sys-boot/grub device-mapper' >> /etc/portage/package.use/grub
|
echo 'sys-boot/grub device-mapper' >> /etc/portage/package.use/grub
|
||||||
|
echo 'sys-boot/grub grub_platforms_efi-64' >> /etc/portage/package.use/grub # always enable efi-64
|
||||||
|
if [[ 'x86_64' == "${ARCH}" ]]; then echo 'sys-boot/grub grub_platforms_pc' >> /etc/portage/package.use/grub; fi # bios support for bios systems
|
||||||
|
|
||||||
# needed in order to install pip packages as root
|
|
||||||
echo '=dev-python/pip-9.0.1-r2 ~amd64' >> /etc/portage/package.accept_keywords/pip
|
|
||||||
# needed to install static kernel
|
# needed to install static kernel
|
||||||
echo '~sys-apps/debianutils-4.9.1 ~amd64' >> /etc/portage/package.accept_keywords/kernel
|
if [[ 'x86_64' == "${ARCH}" ]]; then echo 'sys-kernel/gentoo-kernel-bin ~amd64' >> /etc/portage/package.accept_keywords/kernel; fi
|
||||||
echo 'sys-kernel/installkernel-gentoo ~amd64' >> /etc/portage/package.accept_keywords/kernel
|
if [[ 'arm64' == "${ARCH}" ]]; then echo 'sys-kernel/gentoo-kernel-bin ~arm64' >> /etc/portage/package.accept_keywords/kernel; fi
|
||||||
echo 'sys-kernel/gentoo-kernel-bin ~amd64' >> /etc/portage/package.accept_keywords/kernel
|
|
||||||
|
|
||||||
# needed for sfdisk to work
|
|
||||||
echo '~sys-apps/util-linux-2.35.2 ~amd64 # sfdisk growpart fix' >> /etc/portage/package.accept_keywords/util-linux
|
|
||||||
|
|
||||||
if [[ "${GENTOO_PROFILE}" == *"systemd"* ]]; then
|
|
||||||
# systemd import-tar is broken, use a more recent (fixed) version
|
|
||||||
echo '~sys-apps/systemd-241 ~amd64' >> /etc/portage/package.accept_keywords/systemd
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
# musl only valid for amd64 for now
|
||||||
if [[ "${GENTOO_PROFILE}" == *"musl"* ]]; then
|
if [[ "${GENTOO_PROFILE}" == *"musl"* ]]; then
|
||||||
echo "dev-vcs/git -gpg" >> /etc/portage/package.use/musl # gpg doesn't build on musl profiles
|
echo "dev-vcs/git -gpg" >> /etc/portage/package.use/musl # gpg doesn't build on musl profiles
|
||||||
echo "~sys-block/open-iscsi-2.0.878 ~amd64" >> /etc/portage/package.accept_keywords/musl
|
echo "~sys-block/open-iscsi-2.0.878 ~amd64" >> /etc/portage/package.accept_keywords/musl
|
||||||
|
@ -22,6 +22,8 @@ if [[ ${GENTOO_OVERLAYS} != '' ]]; then
|
|||||||
emerge ${GENTOO_EMERGE_DEFAULT_OPTS} --oneshot openssl openssh
|
emerge ${GENTOO_EMERGE_DEFAULT_OPTS} --oneshot openssl openssh
|
||||||
# install layman
|
# install layman
|
||||||
emerge ${GENTOO_EMERGE_DEFAULT_OPTS} --deep --ignore-built-slot-operator-deps=y layman
|
emerge ${GENTOO_EMERGE_DEFAULT_OPTS} --deep --ignore-built-slot-operator-deps=y layman
|
||||||
|
# set layman config options
|
||||||
|
sed -i 's/^check_official.*/check_official : No/g' /etc/layman/layman.cfg # allow unoffical repos
|
||||||
# sync the initial overlay list
|
# sync the initial overlay list
|
||||||
layman -S
|
layman -S
|
||||||
# enable the various overlays, ignore failures (overlay my already be enabled)
|
# enable the various overlays, ignore failures (overlay my already be enabled)
|
||||||
|
@ -28,8 +28,8 @@ if [ 'amd64' = "${ARCH}" ] ; then
|
|||||||
ARCH='x86_64'
|
ARCH='x86_64'
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! [ 'x86_64' = "${ARCH}" ] ; then
|
if [[ 'x86_64' != "${ARCH}" ]] && [[ 'arm64' != "${ARCH}" ]]; then
|
||||||
echo "Only x86_64 images are currently available but ARCH is set to ${ARCH}."
|
echo "Only x86_64 or arm64 images are currently available but ARCH is set to ${ARCH}."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -38,24 +38,32 @@ fi
|
|||||||
# default/linux/amd64/13.0/no-multilib
|
# default/linux/amd64/13.0/no-multilib
|
||||||
# hardened/linux/amd64
|
# hardened/linux/amd64
|
||||||
# hardened/linux/amd64/no-multilib
|
# hardened/linux/amd64/no-multilib
|
||||||
|
# default/linux/arm64/17.0
|
||||||
|
# default/linux/arm64/17.0/systemd
|
||||||
GENTOO_PROFILE=${GENTOO_PROFILE:-'default/linux/amd64/17.1'}
|
GENTOO_PROFILE=${GENTOO_PROFILE:-'default/linux/amd64/17.1'}
|
||||||
if [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1" ]]; then
|
if [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1" ]]; then
|
||||||
FILENAME_BASE='gentoo-stage3'
|
FILENAME_BASE='amd64_gentoo-stage3'
|
||||||
SIGNED_SOURCE_SUFFIX=''
|
SIGNED_SOURCE_SUFFIX=''
|
||||||
elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1/no-multilib" ]]; then
|
elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1/no-multilib" ]]; then
|
||||||
FILENAME_BASE='gentoo-stage3-nomultilib'
|
FILENAME_BASE='amd64_gentoo-stage3-nomultilib'
|
||||||
SIGNED_SOURCE_SUFFIX='-nomultilib'
|
SIGNED_SOURCE_SUFFIX='-nomultilib'
|
||||||
elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1/hardened" ]]; then
|
elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1/hardened" ]]; then
|
||||||
FILENAME_BASE='gentoo-stage3-hardened'
|
FILENAME_BASE='amd64_gentoo-stage3-hardened'
|
||||||
SIGNED_SOURCE_SUFFIX='-hardened'
|
SIGNED_SOURCE_SUFFIX='-hardened'
|
||||||
elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1/no-multilib/hardened" ]]; then
|
elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1/no-multilib/hardened" ]]; then
|
||||||
FILENAME_BASE='gentoo-stage3-hardened-nomultilib'
|
FILENAME_BASE='amd64_gentoo-stage3-hardened-nomultilib'
|
||||||
SIGNED_SOURCE_SUFFIX='-hardened+nomultilib'
|
SIGNED_SOURCE_SUFFIX='-hardened+nomultilib'
|
||||||
elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.0/musl/hardened" ]]; then
|
elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.0/musl/hardened" ]]; then
|
||||||
FILENAME_BASE='gentoo-stage3-hardened-musl'
|
FILENAME_BASE='amd64_gentoo-stage3-hardened-musl'
|
||||||
SIGNED_SOURCE_SUFFIX='-musl-hardened'
|
SIGNED_SOURCE_SUFFIX='-musl-hardened'
|
||||||
elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1/systemd" ]]; then
|
elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1/systemd" ]]; then
|
||||||
FILENAME_BASE='gentoo-stage3-systemd'
|
FILENAME_BASE='amd64_gentoo-stage3-systemd'
|
||||||
|
SIGNED_SOURCE_SUFFIX='-systemd'
|
||||||
|
elif [[ "${GENTOO_PROFILE}" == "default/linux/arm64/17.0" ]]; then
|
||||||
|
FILENAME_BASE='arm64_gentoo-stage3'
|
||||||
|
SIGNED_SOURCE_SUFFIX=''
|
||||||
|
elif [[ "${GENTOO_PROFILE}" == "default/linux/arm64/17.0/systemd" ]]; then
|
||||||
|
FILENAME_BASE='arm64_gentoo-stage3-systemd'
|
||||||
SIGNED_SOURCE_SUFFIX='-systemd'
|
SIGNED_SOURCE_SUFFIX='-systemd'
|
||||||
else
|
else
|
||||||
echo 'invalid profile, please select from the following profiles'
|
echo 'invalid profile, please select from the following profiles'
|
||||||
@ -64,17 +72,24 @@ else
|
|||||||
echo 'default/linux/amd64/17.1/hardened'
|
echo 'default/linux/amd64/17.1/hardened'
|
||||||
echo 'default/linux/amd64/17.1/no-multilib/hardened'
|
echo 'default/linux/amd64/17.1/no-multilib/hardened'
|
||||||
echo 'default/linux/amd64/17.1/systemd'
|
echo 'default/linux/amd64/17.1/systemd'
|
||||||
|
echo 'default/linux/arm64/17.0'
|
||||||
|
echo 'default/linux/arm64/17.0/systemd'
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
DIB_CLOUD_SOURCE=${DIB_CLOUD_SOURCE:-"http://distfiles.gentoo.org/releases/amd64/autobuilds/latest-stage3-amd64${SIGNED_SOURCE_SUFFIX}.txt"}
|
if [[ "${GENTOO_PROFILE}" == *'amd64'* ]]; then
|
||||||
BASE_IMAGE_FILE=${BASE_IMAGE_FILE:-"http://distfiles.gentoo.org/releases/amd64/autobuilds/$(curl ${DIB_CLOUD_SOURCE} -s -f | tail -n 1 | cut -d\ -f 1)"}
|
ARCH_PATH='amd64'
|
||||||
BASE_IMAGE_FILE_SUFFIX=${BASE_IMAGE_FILE_SUFFIX:-"$(basename ${BASE_IMAGE_FILE} | cut -d. -f 2,3)"}
|
elif [[ "${GENTOO_PROFILE}" == *'arm64'* ]]; then
|
||||||
|
ARCH_PATH='arm64'
|
||||||
|
fi
|
||||||
|
DIB_CLOUD_SOURCE=${DIB_CLOUD_SOURCE:-"http://distfiles.gentoo.org/releases/${ARCH_PATH}/autobuilds/latest-stage3-${ARCH_PATH}${SIGNED_SOURCE_SUFFIX}.txt"}
|
||||||
|
BASE_IMAGE_FILE=${BASE_IMAGE_FILE:-"http://distfiles.gentoo.org/releases/${ARCH_PATH}/autobuilds/$(curl "${DIB_CLOUD_SOURCE}" -s -f | tail -n 1 | cut -d\ -f 1)"}
|
||||||
|
BASE_IMAGE_FILE_SUFFIX=${BASE_IMAGE_FILE_SUFFIX:-"$(basename "${BASE_IMAGE_FILE}" | cut -d. -f 2,3)"}
|
||||||
SIGNATURE_FILE="${SIGNATURE_FILE:-${BASE_IMAGE_FILE}.DIGESTS.asc}"
|
SIGNATURE_FILE="${SIGNATURE_FILE:-${BASE_IMAGE_FILE}.DIGESTS.asc}"
|
||||||
CACHED_FILE="${DIB_IMAGE_CACHE}/${FILENAME_BASE}.${BASE_IMAGE_FILE_SUFFIX}"
|
CACHED_FILE="${DIB_IMAGE_CACHE}/${FILENAME_BASE}.${BASE_IMAGE_FILE_SUFFIX}"
|
||||||
CACHED_SIGNATURE_FILE="${DIB_IMAGE_CACHE}/${FILENAME_BASE}.asc"
|
CACHED_SIGNATURE_FILE="${DIB_IMAGE_CACHE}/${FILENAME_BASE}.asc"
|
||||||
|
|
||||||
if [ -n "${DIB_OFFLINE}" -a -f "${CACHED_FILE}" ] ; then
|
if [[ -n "${DIB_OFFLINE}" ]] && [[ -f "${CACHED_FILE}" ]] ; then
|
||||||
echo "Not checking freshness of cached ${CACHED_FILE}"
|
echo "Not checking freshness of cached ${CACHED_FILE}"
|
||||||
else
|
else
|
||||||
echo 'Fetching Base Image'
|
echo 'Fetching Base Image'
|
||||||
@ -87,8 +102,7 @@ else
|
|||||||
# https://dev.gentoo.org/~dolsen/releases/keyrings/gentoo-keys-*.tar.xz
|
# https://dev.gentoo.org/~dolsen/releases/keyrings/gentoo-keys-*.tar.xz
|
||||||
# http://distfiles.gentoo.org/distfiles/gentoo-keys-*.tar.xz
|
# http://distfiles.gentoo.org/distfiles/gentoo-keys-*.tar.xz
|
||||||
# check the sig file
|
# check the sig file
|
||||||
gpgv --keyring "${TMP_HOOKS_PATH}"/extra-data.d/gentoo-releng.gpg "${CACHED_SIGNATURE_FILE}"
|
if ! gpgv --keyring "${TMP_HOOKS_PATH}"/extra-data.d/gentoo-releng.gpg "${CACHED_SIGNATURE_FILE}"; then
|
||||||
if [[ "${?}" != 0 ]]; then
|
|
||||||
echo 'invalid signature file'
|
echo 'invalid signature file'
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
Loading…
Reference in New Issue
Block a user