041bdd331a
The main reason for using the stage4 is now gone (kernel compile). Install and use the distro provided binary kernel package. In addition to this, set the locale and timezone, beyond that very little was done in the gentoo stage4. Change-Id: I541b7d9b807e2357398ae1c249b1978958dd1137 Signed-off-by: Matthew Thode <mthode@mthode.org>
116 lines
4.8 KiB
Bash
Executable file
116 lines
4.8 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
# Copyright 2016 Matthew Thode
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then
|
|
set -x
|
|
fi
|
|
set -eu
|
|
set -o pipefail
|
|
|
|
[ -n "${ARCH}" ]
|
|
[ -n "${TARGET_ROOT}" ]
|
|
|
|
if [ 'amd64' = "${ARCH}" ] ; then
|
|
ARCH='x86_64'
|
|
fi
|
|
|
|
if ! [ 'x86_64' = "${ARCH}" ] ; then
|
|
echo "Only x86_64 images are currently available but ARCH is set to ${ARCH}."
|
|
exit 1
|
|
fi
|
|
|
|
# valid gentoo profiles are as follows
|
|
# default/linux/amd64/13.0
|
|
# default/linux/amd64/13.0/no-multilib
|
|
# hardened/linux/amd64
|
|
# hardened/linux/amd64/no-multilib
|
|
GENTOO_PROFILE=${GENTOO_PROFILE:-'default/linux/amd64/17.1'}
|
|
if [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1" ]]; then
|
|
FILENAME_BASE='gentoo-stage3'
|
|
SIGNED_SOURCE_SUFFIX=''
|
|
elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1/no-multilib" ]]; then
|
|
FILENAME_BASE='gentoo-stage3-nomultilib'
|
|
SIGNED_SOURCE_SUFFIX='-nomultilib'
|
|
elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1/hardened" ]]; then
|
|
FILENAME_BASE='gentoo-stage3-hardened'
|
|
SIGNED_SOURCE_SUFFIX='-hardened'
|
|
elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1/no-multilib/hardened" ]]; then
|
|
FILENAME_BASE='gentoo-stage3-hardened-nomultilib'
|
|
SIGNED_SOURCE_SUFFIX='-hardened+nomultilib'
|
|
elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1/systemd" ]]; then
|
|
FILENAME_BASE='gentoo-stage3-systemd'
|
|
SIGNED_SOURCE_SUFFIX='-systemd'
|
|
else
|
|
echo 'invalid profile, please select from the following profiles'
|
|
echo 'default/linux/amd64/17.1'
|
|
echo 'default/linux/amd64/17.1/no-multilib'
|
|
echo 'default/linux/amd64/17.1/hardened'
|
|
echo 'default/linux/amd64/17.1/no-multilib/hardened'
|
|
echo 'default/linux/amd64/17.1/systemd'
|
|
exit 1
|
|
fi
|
|
|
|
DIB_CLOUD_SOURCE=${DIB_CLOUD_SOURCE:-"http://distfiles.gentoo.org/releases/amd64/autobuilds/latest-stage3-amd64${SIGNED_SOURCE_SUFFIX}.txt"}
|
|
BASE_IMAGE_FILE=${BASE_IMAGE_FILE:-"http://distfiles.gentoo.org/releases/amd64/autobuilds/$(curl ${DIB_CLOUD_SOURCE} -s -f | tail -n 1 | cut -d\ -f 1)"}
|
|
BASE_IMAGE_FILE_SUFFIX=${BASE_IMAGE_FILE_SUFFIX:-"$(basename ${BASE_IMAGE_FILE} | cut -d. -f 2,3)"}
|
|
SIGNATURE_FILE="${SIGNATURE_FILE:-${BASE_IMAGE_FILE}.DIGESTS.asc}"
|
|
CACHED_FILE="${DIB_IMAGE_CACHE}/${FILENAME_BASE}.${BASE_IMAGE_FILE_SUFFIX}"
|
|
CACHED_SIGNATURE_FILE="${DIB_IMAGE_CACHE}/${FILENAME_BASE}.asc"
|
|
|
|
if [ -n "${DIB_OFFLINE}" -a -f "${CACHED_FILE}" ] ; then
|
|
echo "Not checking freshness of cached ${CACHED_FILE}"
|
|
else
|
|
echo 'Fetching Base Image'
|
|
"${TMP_HOOKS_PATH}"/bin/cache-url "${SIGNATURE_FILE}" "${CACHED_SIGNATURE_FILE}"
|
|
"${TMP_HOOKS_PATH}"/bin/cache-url "${BASE_IMAGE_FILE}" "${CACHED_FILE}"
|
|
pushd "${DIB_IMAGE_CACHE}"
|
|
# import the key
|
|
# this key can be verified at one of the following places
|
|
# https://wiki.gentoo.org/wiki/Project:RelEng#Keys
|
|
# https://dev.gentoo.org/~dolsen/releases/keyrings/gentoo-keys-*.tar.xz
|
|
# http://distfiles.gentoo.org/distfiles/gentoo-keys-*.tar.xz
|
|
GPGDIR=$(mktemp -d -t)
|
|
gpg --no-default-keyring --keyring "${GPGDIR}"/gentookeys.gpg --import "${TMP_HOOKS_PATH}"/extra-data.d/gentoo-releng.gpg
|
|
# check the sig file
|
|
gpgv --keyring "${GPGDIR}"/gentookeys.gpg "${CACHED_SIGNATURE_FILE}"
|
|
if [[ "${?}" != 0 ]]; then
|
|
echo 'invalid signature file'
|
|
exit 1
|
|
fi
|
|
rm -rf "${GPGDIR}"
|
|
echo 'valid key used'
|
|
CACHED_SHA512SUM=$(grep -A1 -e 'SHA512' "${CACHED_SIGNATURE_FILE}" | grep -e "${BASE_IMAGE_FILE_SUFFIX}$" | cut -d\ -f 1)
|
|
ACTUAL_SHA512SUM=$(sha512sum "${CACHED_FILE}" | cut -d\ -f 1)
|
|
if [[ "${ACTUAL_SHA512SUM}" != "${CACHED_SHA512SUM}" ]]; then
|
|
echo "invalid checksum on downloaded tarball: ${CACHED_FILE}"
|
|
exit 1
|
|
fi
|
|
echo 'valid checksum'
|
|
popd
|
|
fi
|
|
|
|
# Extract the base image (use --numeric-owner to avoid UID/GID mismatch between
|
|
# image tarball and host OS)
|
|
sudo tar -C "${TARGET_ROOT}" --numeric-owner --xattrs -xf "${CACHED_FILE}"
|
|
|
|
# Put in a dummy /etc/resolv.conf over the temporary one we used
|
|
# to bootstrap. systemd has a bug/feature [1] that it will assume
|
|
# you want systemd-networkd as the network manager and create a
|
|
# broken symlink to /run/... if the base image doesn't have one.
|
|
# This broken link confuses things like dhclient.
|
|
# [1] https://bugzilla.redhat.com/show_bug.cgi?id=1197204
|
|
echo -e "# This file intentionally left blank\n" | sudo tee "${TARGET_ROOT}"/etc/resolv.conf
|