diskimage-builder/diskimage_builder/elements/gentoo/root.d/10-gentoo-image
Matthew Thode 041bdd331a
use stage3 instead of stage4 for gentoo builds
The main reason for using the stage4 is now gone (kernel compile).
Install and use the distro provided binary kernel package.

In addition to this, set the locale and timezone, beyond that very
little was done in the gentoo stage4.

Change-Id: I541b7d9b807e2357398ae1c249b1978958dd1137
Signed-off-by: Matthew Thode <mthode@mthode.org>
2020-05-27 18:50:16 -05:00

116 lines
4.8 KiB
Bash
Executable file

#!/bin/bash
# Copyright 2016 Matthew Thode
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
[ -n "${ARCH}" ]
[ -n "${TARGET_ROOT}" ]
if [ 'amd64' = "${ARCH}" ] ; then
ARCH='x86_64'
fi
if ! [ 'x86_64' = "${ARCH}" ] ; then
echo "Only x86_64 images are currently available but ARCH is set to ${ARCH}."
exit 1
fi
# valid gentoo profiles are as follows
# default/linux/amd64/13.0
# default/linux/amd64/13.0/no-multilib
# hardened/linux/amd64
# hardened/linux/amd64/no-multilib
GENTOO_PROFILE=${GENTOO_PROFILE:-'default/linux/amd64/17.1'}
if [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1" ]]; then
FILENAME_BASE='gentoo-stage3'
SIGNED_SOURCE_SUFFIX=''
elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1/no-multilib" ]]; then
FILENAME_BASE='gentoo-stage3-nomultilib'
SIGNED_SOURCE_SUFFIX='-nomultilib'
elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1/hardened" ]]; then
FILENAME_BASE='gentoo-stage3-hardened'
SIGNED_SOURCE_SUFFIX='-hardened'
elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1/no-multilib/hardened" ]]; then
FILENAME_BASE='gentoo-stage3-hardened-nomultilib'
SIGNED_SOURCE_SUFFIX='-hardened+nomultilib'
elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1/systemd" ]]; then
FILENAME_BASE='gentoo-stage3-systemd'
SIGNED_SOURCE_SUFFIX='-systemd'
else
echo 'invalid profile, please select from the following profiles'
echo 'default/linux/amd64/17.1'
echo 'default/linux/amd64/17.1/no-multilib'
echo 'default/linux/amd64/17.1/hardened'
echo 'default/linux/amd64/17.1/no-multilib/hardened'
echo 'default/linux/amd64/17.1/systemd'
exit 1
fi
DIB_CLOUD_SOURCE=${DIB_CLOUD_SOURCE:-"http://distfiles.gentoo.org/releases/amd64/autobuilds/latest-stage3-amd64${SIGNED_SOURCE_SUFFIX}.txt"}
BASE_IMAGE_FILE=${BASE_IMAGE_FILE:-"http://distfiles.gentoo.org/releases/amd64/autobuilds/$(curl ${DIB_CLOUD_SOURCE} -s -f | tail -n 1 | cut -d\ -f 1)"}
BASE_IMAGE_FILE_SUFFIX=${BASE_IMAGE_FILE_SUFFIX:-"$(basename ${BASE_IMAGE_FILE} | cut -d. -f 2,3)"}
SIGNATURE_FILE="${SIGNATURE_FILE:-${BASE_IMAGE_FILE}.DIGESTS.asc}"
CACHED_FILE="${DIB_IMAGE_CACHE}/${FILENAME_BASE}.${BASE_IMAGE_FILE_SUFFIX}"
CACHED_SIGNATURE_FILE="${DIB_IMAGE_CACHE}/${FILENAME_BASE}.asc"
if [ -n "${DIB_OFFLINE}" -a -f "${CACHED_FILE}" ] ; then
echo "Not checking freshness of cached ${CACHED_FILE}"
else
echo 'Fetching Base Image'
"${TMP_HOOKS_PATH}"/bin/cache-url "${SIGNATURE_FILE}" "${CACHED_SIGNATURE_FILE}"
"${TMP_HOOKS_PATH}"/bin/cache-url "${BASE_IMAGE_FILE}" "${CACHED_FILE}"
pushd "${DIB_IMAGE_CACHE}"
# import the key
# this key can be verified at one of the following places
# https://wiki.gentoo.org/wiki/Project:RelEng#Keys
# https://dev.gentoo.org/~dolsen/releases/keyrings/gentoo-keys-*.tar.xz
# http://distfiles.gentoo.org/distfiles/gentoo-keys-*.tar.xz
GPGDIR=$(mktemp -d -t)
gpg --no-default-keyring --keyring "${GPGDIR}"/gentookeys.gpg --import "${TMP_HOOKS_PATH}"/extra-data.d/gentoo-releng.gpg
# check the sig file
gpgv --keyring "${GPGDIR}"/gentookeys.gpg "${CACHED_SIGNATURE_FILE}"
if [[ "${?}" != 0 ]]; then
echo 'invalid signature file'
exit 1
fi
rm -rf "${GPGDIR}"
echo 'valid key used'
CACHED_SHA512SUM=$(grep -A1 -e 'SHA512' "${CACHED_SIGNATURE_FILE}" | grep -e "${BASE_IMAGE_FILE_SUFFIX}$" | cut -d\ -f 1)
ACTUAL_SHA512SUM=$(sha512sum "${CACHED_FILE}" | cut -d\ -f 1)
if [[ "${ACTUAL_SHA512SUM}" != "${CACHED_SHA512SUM}" ]]; then
echo "invalid checksum on downloaded tarball: ${CACHED_FILE}"
exit 1
fi
echo 'valid checksum'
popd
fi
# Extract the base image (use --numeric-owner to avoid UID/GID mismatch between
# image tarball and host OS)
sudo tar -C "${TARGET_ROOT}" --numeric-owner --xattrs -xf "${CACHED_FILE}"
# Put in a dummy /etc/resolv.conf over the temporary one we used
# to bootstrap. systemd has a bug/feature [1] that it will assume
# you want systemd-networkd as the network manager and create a
# broken symlink to /run/... if the base image doesn't have one.
# This broken link confuses things like dhclient.
# [1] https://bugzilla.redhat.com/show_bug.cgi?id=1197204
echo -e "# This file intentionally left blank\n" | sudo tee "${TARGET_ROOT}"/etc/resolv.conf