Commit Graph

52 Commits

Author SHA1 Message Date
Gregory Haynes
45df304d48 Perform package install outside of debootstrap
Debootstrap only supports one apt repository to install packages from.
As a result, we do not consider the updates repo during debootstrap
causing us install a second kernel when we do an apt-get dist-upgrade
during build.

Lets use debootstrap to get us a minimal chroot, then add our repos and
install the correct packages from the start.

We also have to reorder the dpkg root.d scripts which configure apt so
they run before we perform our package installs.

Change-Id: I6a592db6f0a01d3b19d8e0786e63f1315a1ef647
Closes-Bug: #1637516
2016-11-30 15:16:46 +11:00
Jenkins
5f4cac3303 Merge "Add a best-effort sudo safety check" 2016-05-26 17:31:00 +00:00
Gregory Haynes
642f906476 Add install-bin element
The various distro elements include a copy of this script which installs
all files in the bin/ dir of the copied element hooks in to
/usr/local/bin. Lets share code rather than repeating ourselves.

Change-Id: I354382f8c42ede2e9b8c548b7df8367c03e6836e
2016-05-13 11:52:23 +10:00
Ian Wienand
672705831f Add a best-effort sudo safety check
As motivation for this; we have had two breakouts of dib in recent
memory.  One was a failure to unmount through symlinks in the core
code (I335316019ef948758392b03e91f9869102a472b9) and the other was
removing host keys on the build-system
(Ib01d71ff9415a0ae04d963f6e380aab9ac2260ce).

For the most part, dib runs unprivileged.  Bits of the core code are
hopefully well tested (modulo bugs like the first one!).  We give free
reign inside the chroot (although there is still some potential there
for adverse external affects via bind mounts).  Where we could be a
bit safer (and could have prevented at least the second of these
breakouts) is with some better checking that the "sudo" calls
*outside* the chroot at least looked sane.

This adds a basic check that we're using chroot or image paths when
calling sudo in those parts of elements that run *outside* the chroot.
Various files are updated to accomodate this check; mostly by just
ignoring it for existing code (I have not audited these calls).

Nobody is pretending this type of checking makes dib magically safe,
or removes the issues with it needing to do things as root during the
build.  But this can help find egregious errors like the key removal.

Change-Id: I161a5aea1d29dcdc7236f70d372c53246ec73749
2016-05-09 15:41:38 +10:00
Yolanda Robla
d5a6a7cb44 Add force-confdef in debian package install
In certain cases, with packages cached that need an upgrade,
when performing that action the system hangs waiting for
a prompt.
Add force-confdef option, that will let dpkg overwrite
configuration packages that were not modified. In combination
with already existing force-confold flag, it will allow
to avoid any conffile prompt.

Change-Id: Ifb177f9ac2c9ad29f8b92309c5b8cfe8e60a4e14
2016-02-16 14:10:19 +01:00
Colleen Murphy
a9b38d0b60 Fix dpkg element for Ubuntu Xenial
The Ubuntu Xenial cloud server images set the mode of
/var/lib/apt/lists/partial to 700, so when mounted it's inaccessible to
an unprivileged user, resulting in an error:

  find: `/tmp/image.aDQKdkRi/mnt/var/lib/apt/lists/partial': Permission denied

There's no reason an image should come with anything already in
/var/lib/apt/lists/partial, so just avoid trying to descend into that
directory when fixing the apt translations packages.

Change-Id: Id27f0166bfb09d67200f337a5ffff2f2037b7c1c
2016-02-10 12:50:43 -08:00
Augustina Ragwitz
2cffdcda30 Update dpkg elements README from free text to table formatting
Change-Id: Iaf890c85b72f01999d3ae31398bdb65a356218e7
2015-08-31 13:43:04 -07:00
Mathieu Gagné
34a196b8e7 Download of translations not properly disabled in APT
The wrong APT config name is used to disable download of translations.
It's Acquire::Languages, not APT::Acquire::Languages.

Change-Id: Ie0c12d444bab19b4486845944ef51031e9133470
Closes-bug: #1436523
2015-03-25 15:23:45 -04:00
Jenkins
dd5a917571 Merge "Allow disabling apt-get clean" 2015-03-17 18:20:11 +00:00
Gregory Haynes
d2f4c3b843 Allow disabling apt-get clean
Sometimes users want to maintain the apt cache in their images.

Change-Id: Id49a04896cf3eeaf1557f1d644e4d8ba64716392
2015-03-06 17:07:29 +00:00
Jenkins
c5cbc93693 Merge "Use package-installs on dpkg-based elements" 2015-03-05 01:14:07 +00:00
Pino Toscano
4d716bcbc4 Use package-installs on dpkg-based elements
This allows them to install packages already specified in .yaml files
for them, which are not installed otherwise since the migration to .yaml
files.

Change-Id: Iac8c7eb55116938616e5299b84487cd52e0cbf6f
2015-03-03 09:24:14 +01:00
Ian Wienand
36b59c001c Standarise tracing for scripts
There is a wide variety of tracing options through the various shell
scripts.  Some use "set -eux", others explicity set xtrace and others
do nothing.  There is a "-x" option to bin/disk-image-create but it
doesn't flow down to the many scripts it calls.

This adds a global integer variable set by disk-image-create
DIB_DEBUG_TRACE.  All scripts have a stanza added to detect this and
turn on tracing.  Any other tracing methods are rolled into this.  So
the standard header is

---
if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then
    set -x
fi
set -eu
set -o pipefail
---

Multiple -x options can be specified to dib-create-image, which
increases the value of DIB_DEBUG_TRACE.  If script authors feel their
script should only trace at higher levels, they should modify the
"-gt" value.  If they feel it should trace by default, they can modify
the default value also.

Changes to pachset 16 : scripts which currently trace themselves by
default have retained this behaviour with DIB_DEBUG_TRACE defaulting
to "1".  This was done by running [1] on patch set 15.  See the thread
beginning at [2]

dib-lint is also updated to look for the variable being matched.

[1] https://gist.github.com/ianw/71bbda9e6acc74ccd0fd
[2] http://lists.openstack.org/pipermail/openstack-dev/2014-November/051575.html

Change-Id: I6c5a962260741dcf6f89da9a33b96372a719b7b0
2015-02-12 10:41:32 +11:00
Gregory Haynes
c4bbb6f3bc Create docs site containing element READMEs
We currently do not have the ability to create a docs site which
outlines all the elements.

Change-Id: I77ccf61e0c4b1509b3e7ce9b8f15ea5ccfd50d9b
2015-02-10 11:45:35 -08:00
Clark Boylan
bab9595524 Use DIB_IMAGE_CACHE in dpkg element
The dpkg element was hardcoding ~/.cache/image-create as the cache path,
but elements should use DIB_IMAGE_CACHE as the root for the cache to
allow users to override the path. Replace the hardcoded path with one
that is rooted at $DIB_IMAGE_CACHE.

Change-Id: I76030654e7dfc7b7d4dfa87e082c14e7cee479b9
2015-01-13 14:22:10 -08:00
Monty Taylor
6be5c396d1 Add some speedups to dpkg
The docker build folks obsess about image size and speed a bit. Grab a
few of their optimizations from their debootstrap build process and
apply them to ours.

Change-Id: Ic3d3565423b0ae090896d99fd3bf1145eca6303d
2014-12-10 06:53:17 -08:00
AzherKhan
bb38d0e325 Optimize speed of deletion in find command
I would like to recommend to use + instead of \; in the find
command. As this will ensure the removal of all selected
directories in a single invocation.

Hence improve the speed of deletion.

Change-Id: I409fe11aae217afb6f790491591005c679264ed4
2014-10-27 21:04:09 -07:00
Jon-Paul Sullivan
4d65e44472 Move dpkg manifest creation to finalise
As some finalise steps can install packages we need to generate the
dpkg manifest after that has occurred.

Change-Id: I2177db2e64d4d9c21deeac7cf017919888a2d524
2014-09-29 16:08:15 +01:00
Jenkins
1f130f7e49 Merge "Cleanup apt cache after grub install" 2014-09-01 10:01:58 +00:00
Endre Karlson
ccce52fd21 Cleanup apt cache after grub install
Grub installation happens in finalize.d so cleanup should be done after this.

This reapplies I6322b8b529e31fd1b7251dd9e07cc85f442f7e81 after the revert,
but working.

Change-Id: Ie1873e64d407552da37a8dbedc13c3adbf79c085
2014-07-30 15:04:12 +01:00
Steve Kowalik
eac2d7f588 Revert "Cleanup apt cache after grub install"
This calls chroot as a non-root user, which will always fail with
EPERM.

This reverts commit ab2d1a31f2.

Change-Id: Ie674fef694ad66e1ebc22083dec2a0bc34371e7b
2014-07-23 21:56:40 -04:00
Endre Karlson
ab2d1a31f2 Cleanup apt cache after grub install
Grub installation happens in finalize.d so cleanup should be done after this.

Change-Id: I6322b8b529e31fd1b7251dd9e07cc85f442f7e81
2014-07-22 09:28:06 +00:00
Jon-Paul Sullivan
94a0947a60 Don't try to install if packages is empty
After running through pkg-map we could have no packages to install,
if so, don't attempt to run a malformed command.

Change-Id: Ia8e0aed62bcf814bf85c86b54ff0837da49ae7dd
2014-07-16 11:17:40 +01:00
AzherKhan
d06a1caafb Correction: if then statement code style.
Corrected the if; then statement to follow bash convention.

Change-Id: Ia3f80520bb9446c4feb5ce36dccffa2b1c1d72c4
2014-07-07 03:43:15 -07:00
Dan Prince
9340ea309b dpkg: support pkg-map in bin/install-packages
Updates the dpkg element's bin/install-packages script
so that if supports using pkg-map for package mapping.
To make use of the new change simply add the -m <element name>
to allow install-packages to know which element namespace to use
when installing packages.

Use of the new -m option is off by default.

As part of this change we also updated install-packages
to use getopt for in script argument parsing.

Change-Id: Idfc40f2d75828a0f09d227f0332ccef8f0183efc
2014-06-20 16:02:28 -04:00
Jenkins
da9dfc854a Merge "dpkg: local cache for .deb files" 2014-06-19 19:46:46 +00:00
Jenkins
8d7e6dbec5 Merge "Fix package removal" 2014-06-13 17:17:04 +00:00
Dan Prince
3145e4a970 Name 01-install-bin uniquely
While an end user would never use these elements at the same time we
should always use unique names for things per DIB conventions.

Change-Id: I53b10522183e8566c62922b91878e5cf767fe2c6
2014-06-11 08:16:41 -04:00
Gonéri Le Bouder
eca59b2e97 dpkg: local cache for .deb files
With this patch, /var/cache/apt/archives directory content is preserved.
The directory is actually a bind mount of the
~/.cache/image-create/apt/$DISTRO_NAME directory, much like what we do
for ccache.
You can use DIB_APT_LOCAL_CACHE=0 to disable this behavior.

This trivial change improve performance A LOT (>30%), even if a local
HTTP proxy because:
 - there is no need to copy again and again the same files
 - we avoid network latency

The patch has been tested with Debian and Ubuntu with every elements
from the tripleo-image-elements repository, the final size of the cache
directory is about 700MB per distribution subdirectory.

Change-Id: I4fab499493f734c7c546d4d23b1a98f0e7523a39
2014-06-10 17:20:37 +02:00
Juerg Haefliger
562546ecb6 Fix package removal
Shift first to drop the first commandline argument (-e).

Change-Id: I73a0100484b6443ad5bdf500dd032af20eac7d3b
2014-05-27 07:50:42 +02:00
Gonéri Le Bouder
ea3f4dd459 4 spaces indent
ensure 4 spaces indentation is used everywhere.

Change-Id: Ieb48faacb4c96b7b358771d70c17f2f22d0354f4
2014-05-10 11:17:29 +02:00
Ben Nemec
16be6d7ce0 set -u and -o pipefail everywhere
As with the previous similar changes, this is intended to catch
problems as they happen instead of ignoring them and continuing on
to potentially fail later.  Setting this on all existing scripts
will allow us to enforce use via Jenkins.

Change-Id: Iad2d490c86dceab148ea9ab08f457c49a5d5352e
2014-05-06 15:51:07 -05:00
Jenkins
301dc5cc0e Merge "set -e all the things" 2014-04-29 11:29:43 +00:00
Jenkins
59a2ccc6c3 Merge "Add package uninstall support" 2014-04-29 08:10:31 +00:00
Ben Nemec
f6ba2aeaf4 set -e all the things
Using set -e in all of our scripts will prevent some subtle bugs
from slipping in, and will allow us to enforce use of set -e with
tooling.

This change also adds -u and set -o pipefail in the less complex
scripts where it is unlikely to cause problems.  A follow-up change
will enable those options in the complex scripts so that if it
breaks something it can be reverted easily.

Change-Id: I0ad358ccb98da7277a0ee2e9ce8fda98438675eb
2014-04-25 17:38:51 -05:00
Monty Taylor
1c07d4ba1a Remove All Rights Reserved
The phrase is no longer needed as of August 23, 2000 with Nicaragua's
joining of the Berne Convention.

Additionally, in at least one instance,
elements/cache-url/bin/cache-url, its existence in the file between
Copyright lines is just weird and feels misleading, even though it is
not.

Remove all of the lines, because sanity.

Change-Id: I24fd76c2b4f66b8036010b5079db39ead729abee
2014-04-25 11:25:10 -07:00
James Slagle
6824181354 Add package uninstall support
Adds the ability to uninstall packages to our install-packages scripts.

Change-Id: I72e0252968a151d71176aa479c7233f6df0a10ac
2014-04-24 16:57:20 -04:00
Jenkins
a9c0a7bf27 Merge "Add ability to add extra apt keys" 2014-04-17 22:47:58 +00:00
Ben Nemec
381ff6ab1d Fix set -eu and pipefail failures
Fixes problems found by set -eu and pipefail, including:
-Many unset variables
-Commands that can fail under normal circumstances, which breaks
with set -e.  This change swallows those expected errors to allow
our existing error code to handle them.
-The dkms element was not finding Fedora kernel versions correctly.
This may be an issue for other distros too, but since Fedora was
working fine without this functionality I only changed it to print
a warning message rather than failing the build when it happens.
-The ramdisk init script will not be set -eu because if it fails
the result is a kernel panic, which can be tricky to debug.
However, in testing with set -e a few failing commands were found
and have been fixed in this patch.

Change-Id: I44cf98dfc80cfcaec54b88cc83be80a3dbf2cec3
2014-04-15 20:53:15 -05:00
Jon-Paul Sullivan
4c467964f5 Standardise manifest creation and retrieval
* Create a standard element to copy manifests out of the image and
  into the build area.
* Ensure all current manifests are copied into a standard manifests
  directory

Change-Id: I37eff5a13a14564e1adc33eb4f0144d571267617
2014-04-10 12:25:13 +01:00
Steven DuChene
2408569566 Add ability to add extra apt keys
Adds an environment variable DIB_ADD_APT_KEYS pointing to a folder of
apt repo GPG keys. Each key will be verified and installed with apt-key
to the apt keyring.

Change-Id: I4b15347a76aa3241e741931bb94f17598641ae42
2014-04-07 13:51:30 +01:00
Jon-Paul Sullivan
843085a7cd Write a dpkg manifest to list installed packages
To create an auditable log of packages installed in an image use
dpkg-query to create a json data file with the package names, version
and install status.

Change-Id: I59018221edcb944a876ad47b402538c63c426bc7
2014-03-28 18:12:02 +00:00
Thom Leggett
46a14ae0e6 Uses policy-rc.d to prevent dpkg starting daemons
Currently the dpkg element fakes start-stop-daemon, initctl and
invoke-rc.d to stop dpkg from starting a bunch of daemons in the
chroot. This is problematic when packages use service, start, stop or
restart commands.

This patch uses a policy-rc.d instead of faking invoke-rc.d to achieve
the same thing. This approach now aligns exactly with debootstrap.
Without this patch DIB runs on some debian distributions fail
when trying to umount the chroot loop device as there are daemons
running.

The log will now show "invoke-rc.d: policy-rc.d denied execution of
start." instead of "Warning: Fake invoke-rc.s called, doing nothing."

Change-Id: I6db192127aca19b5b7915179b781f5192078bfc7
Related-Bug: #1211564
2014-03-26 20:59:49 +00:00
James Slagle
f5d4d8c711 Mark install-packages +x.
install-packages is an executable script, it should be +x.  The install
command that was installing it is setting permissions to 755, so we were
fine there.  However, I was trying to test the script outside of an
image build to test a change, and it's helpful to have it +x in the
repository for that context like all the other scripts under bin.

Change-Id: Ic300cc56d463640d119db4e310d375c66ed133ca
2014-01-07 07:54:47 -05:00
Jenkins
6fb7a22166 Merge "/bin/bash all the things." 2013-11-18 09:36:01 +00:00
Victor Lowther
43b70ce224 /bin/bash all the things.
Since we are using bash syntax in some of the element fragments,
we should make sure we use bash for all of them, so that things don't
break on systems where /bin/sh != /bin/bash.

Change-Id: If2f043c57aa4e1492b7f9839213ef6123f683612
2013-11-17 16:59:31 -06:00
Russell Sim
b9348447b9 Don't block the upstart daemon if it doesn't exist
Check if Upstart exists before blocking the daemon.  Not all dpkg based
OS's have Upstart installed so this should help increase compatibility.

Closes-Bug: #1251949
Change-Id: I2dcb1ff3641778b5653ca5762a728398adb57da1
2013-11-17 14:46:14 +11:00
Jenkins
0a1bf74c32 Merge "Adds support for post-install scripts." 2013-04-22 22:18:25 +00:00
Robert Myers
1001e750e7 Fix a small typo in fake init scripts.
Change-Id: Iaae4e8424ce2e87b0d19391fa2994042aed832e5
2013-04-18 13:57:55 -05:00
Lucas Alvares Gomes
45173ccdb5 Adds support for post-install scripts.
Post install scripts are useful because they can perform tasks you want
to handle after the OS/application install but before the first boot
of the image. e.g: Clean the cache left by the package manager reducing
the size of the image.

Change-Id: I03e77f602192bbdce29c02999d1b57fac8051ddc
Fixes: Bug #1145786
2013-04-17 09:47:51 +01:00