#!/bin/bash # Intended to be called from the root.d cloud-image script as follows: # $TMP_HOOKS_PATH/bin/extract-image $BASE_IMAGE_FILE $BASE_IMAGE_TAR $IMAGE_LOCATION $CACHED_IMAGE if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then set -x fi set -eu set -o pipefail BASE_IMAGE_FILE=$1 BASE_IMAGE_TAR=$2 IMAGE_LOCATION=$3 CACHED_IMAGE=$4 CACHED_TAR=$DIB_IMAGE_CACHE/$BASE_IMAGE_TAR DIB_LOCAL_IMAGE=${DIB_LOCAL_IMAGE:-""} TAR_LOCK=$CACHED_TAR.lock # GPT GUIDs of interest. # See https://en.wikipedia.org/wiki/GUID_Partition_Table#Partition_type_GUIDs # also https://systemd.io/BOOT_LOADER_SPECIFICATION/ GUID_EFI="c12a7328-f81f-11d2-ba4b-00a0c93ec93b" GUID_LINUX_BOOT="bc13c2ff-59e6-4262-a352-b275fd6f7172" function extract_image() { if [ -n "$DIB_OFFLINE" -a -f "$CACHED_TAR" ] ; then echo "Not checking freshness of cached $CACHED_TAR." else if [ -z "$DIB_LOCAL_IMAGE" ]; then echo "Fetching Base Image" # There seems to be some bad Fedora mirrors returning http 404's for the cloud image. # If the image fails to download due to a 404 we retry once. set +e $TMP_HOOKS_PATH/bin/cache-url $IMAGE_LOCATION $CACHED_IMAGE RV=$? set -e if [ "$RV" == "44" ] ; then $TMP_HOOKS_PATH/bin/cache-url $IMAGE_LOCATION $CACHED_IMAGE elif [ "$RV" != "0" ] ; then exit 1 fi fi if [ ! -f $CACHED_TAR -o \ $CACHED_IMAGE -nt $CACHED_TAR ] ; then echo "Repacking base image as tarball." WORKING=$(mktemp --tmpdir=${TMP_DIR:-/tmp} -d) EACTION="rm -r $WORKING" trap "$EACTION" EXIT echo "Working in $WORKING" RAW_FILE=$(mktemp --tmpdir=$WORKING XXXXXX.raw) if [ "${CACHED_IMAGE: -3}" == ".xz" ] ; then QCOW2_FILE=$(mktemp --tmpdir=$WORKING XXXXXX.qcow2) # This leaves the old image in place so cache-url wont get it again unxz --stdout $CACHED_IMAGE > $QCOW2_FILE CACHED_IMAGE=$QCOW2_FILE fi qemu-img convert -f qcow2 -O raw $CACHED_IMAGE $RAW_FILE # kpartx fails if no /dev/loop* exists, "losetup -f" prints first unused # loop device and creates it if it doesn't exist LOOPDEV_BASE=$(basename $(sudo losetup -f)) # add partition mappings sudo kpartx -av $RAW_FILE # If running inside Docker, make our nodes manually, because udev will not be working. if [ -f /.dockerenv ]; then sudo dmsetup --noudevsync mknodes fi if ! timeout 5 sh -c "while ! ls /dev/mapper/${LOOPDEV_BASE}p* ; do sleep 1; done"; then echo "Error: Could not find any ${LOOPDEV_BASE} devices" exit 1 fi EACTION="sudo kpartx -d $RAW_FILE ; $EACTION" trap "$EACTION" EXIT ROOT_LOOPDEV="" BOOT_LOOPDEV="" EFI_LOOPDEV="" LOOPDEVS=$(ls /dev/mapper/${LOOPDEV_BASE}p* | sort -r) for LOOPDEV in ${LOOPDEVS}; do lsblk --all --nodeps -P --output-all $LOOPDEV fstype=$(lsblk --all --nodeps --noheadings --output FSTYPE $LOOPDEV) label=$(lsblk --all --nodeps --noheadings --output LABEL $LOOPDEV) part_type_name=$(lsblk --all --nodeps --noheadings --output PARTTYPENAME $LOOPDEV || echo "") part_type=$(lsblk --all --nodeps --noheadings --output PARTTYPE $LOOPDEV) if [ -z "${fstype}" ]; then # Ignore block device with no filesystem type continue fi # look for EFI partition to mount at /boot/efi either by GUID or # label convention if [ -z "$EFI_LOOPDEV" ]; then if [[ ${part_type} == ${GUID_EFI} || ${part_type_name} == "EFI System" ]]; then EFI_LOOPDEV=$LOOPDEV continue fi fi # look for EFI partition to mount at /boot/efi either by GUID or # label convention. if [ -z "$BOOT_LOOPDEV" ]; then if [[ ${part_type} == ${GUID_LINUX_BOOT} || ${label} == "boot" ]]; then BOOT_LOOPDEV=$LOOPDEV continue fi fi if [ -z "$ROOT_LOOPDEV" ]; then ROOT_LOOPDEV=$LOOPDEV continue fi done mkdir $WORKING/mnt if [ "xfs" = "$(sudo blkid -o value -s TYPE $ROOT_LOOPDEV)" ]; then # mount xfs with nouuid, just in case that uuid is already mounted # use ro to avoid/workaround xfs uuid issues on older # kernels with newer rhel images which seem to set # flags to generate unique uuid's: # xfs superblock has incompatible features (0x4) # we don't need to worry about this, we just want the data MOUNTOPTS="-o nouuid,ro" else MOUNTOPTS="" fi sudo mount $MOUNTOPTS $ROOT_LOOPDEV $WORKING/mnt EACTION="sudo umount -f $WORKING/mnt ; $EACTION" trap "$EACTION" EXIT if [ ! -z "$BOOT_LOOPDEV" ]; then # mount to /boot sudo mount $BOOT_LOOPDEV $WORKING/mnt/boot EACTION="sudo umount -f $BOOT_LOOPDEV ; $EACTION" trap "$EACTION" EXIT fi if [ ! -z "$EFI_LOOPDEV" ]; then # mount to /boot/efi sudo mount $EFI_LOOPDEV $WORKING/mnt/boot/efi EACTION="sudo umount -f $EFI_LOOPDEV ; $EACTION" trap "$EACTION" EXIT fi # find out if chroot tar has full xattr support if [ 0 == `sudo chroot $WORKING/mnt bin/tar --help | grep -c xattrs-exclude` ]; then TAROPTS="--no-xattrs" else TAROPTS="--xattrs --xattrs-include=* --xattrs-exclude=security.selinux" fi # Chroot in so that we get the correct uid/gid sudo chroot $WORKING/mnt bin/tar $TAROPTS -cz . > $WORKING/tmp.tar mv $WORKING/tmp.tar $CACHED_TAR else echo "Using cached tar from $CACHED_TAR" fi fi # Extract the base image (use --numeric-owner to avoid UID/GID mismatch between # image tarball and host OS e.g. when building Fedora image on an openSUSE host) # Include all xattrs except selinux because the selinux ones cause issues in our # chroot environment, and we restore all of those at the end of the build anyway. echo "Extracting base root image from $CACHED_TAR" sudo tar -C $TARGET_ROOT --numeric-owner --xattrs --xattrs-include='*' --xattrs-exclude='security.selinux' -xzf $CACHED_TAR } ( echo "Getting $TAR_LOCK: $(date)" # Wait up to 20 minutes for another process to download if ! flock -w 1200 9 ; then echo "Did not get $TAR_LOCK: $(date)" exit 1 fi extract_image ) 9> $TAR_LOCK