97c01e48ed
Currently we have all our elements and library files in a top-level directory and install them into <root>/share/diskimage-builder/[elements|lib] (where root is either / or the root of a virtualenv). The problem with this is that editable/development installs (pip -e) do *not* install data_files. Thus we have no canonical location to look for elements -- leading to the various odd things we do such as a whole bunch of guessing at the top of disk-image-create and having a special test-loader in tests/test_elements.py so we can run python unit tests on those elements that have it. data_files is really the wrong thing to use for what are essentially assets of the program. data_files install works well for things like config-files, init.d files or dropping documentation files. By moving the elements under the diskimage_builder package, we always know where they are relative to where we import from. In fact, pkg_resources has an api for this which we wrap in the new diskimage_builder/paths.py helper [1]. We use this helper to find the correct path in the couple of places we need to find the base-elements dir, and for the paths to import the library shell functions. Elements such as svc-map and pkg-map include python unit-tests, which we do not need tests/test_elements.py to special-case load any more. They just get found automatically by the normal subunit loader. I have a follow-on change (I69ca3d26fede0506a6353c077c69f735c8d84d28) to move disk-image-create to a regular python entry-point. Unfortunately, this has to move to work with setuptools. You'd think a symlink under diskimage_builder/[elements|lib] would work, but it doesn't. [1] this API handles stuff like getting files out of .zip archive modules, which we don't do. Essentially for us it's returning __file__. Change-Id: I5e3e3c97f385b1a4ff2031a161a55b231895df5b
103 lines
4 KiB
Bash
Executable file
103 lines
4 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
# Copyright 2016 Matthew Thode
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then
|
|
set -x
|
|
fi
|
|
set -eu
|
|
set -o pipefail
|
|
|
|
[ -n "${ARCH}" ]
|
|
[ -n "${TARGET_ROOT}" ]
|
|
|
|
if [ 'amd64' = "${ARCH}" ] ; then
|
|
ARCH='x86_64'
|
|
fi
|
|
|
|
if ! [ 'x86_64' = "${ARCH}" ] ; then
|
|
echo "Only x86_64 images are currently available but ARCH is set to ${ARCH}."
|
|
exit 1
|
|
fi
|
|
|
|
# valid gentoo profiles are as follows
|
|
# default/linux/amd64/13.0
|
|
# default/linux/amd64/13.0/no-multilib
|
|
# hardened/linux/amd64
|
|
# hardened/linux/amd64/no-multilib
|
|
GENTOO_PROFILE=${GENTOO_PROFILE:-'default/linux/amd64/13.0'}
|
|
if [[ "${GENTOO_PROFILE}" == "default/linux/amd64/13.0" ]]; then
|
|
FILENAME_BASE='gentoo-stage4'
|
|
SIGNED_SOURCE_SUFFIX='minimal'
|
|
elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/13.0/no-multilib" ]]; then
|
|
FILENAME_BASE='gentoo-stage4-nomultilib'
|
|
SIGNED_SOURCE_SUFFIX='minimal-nomultilib'
|
|
elif [[ "${GENTOO_PROFILE}" == "hardened/linux/amd64" ]]; then
|
|
FILENAME_BASE='gentoo-stage4-hardened'
|
|
SIGNED_SOURCE_SUFFIX='hardened+minimal'
|
|
elif [[ "${GENTOO_PROFILE}" == "hardened/linux/amd64/no-multilib" ]]; then
|
|
FILENAME_BASE='gentoo-stage4-hardened-nomultilib'
|
|
SIGNED_SOURCE_SUFFIX='hardened+minimal-nomultilib'
|
|
else
|
|
echo 'invalid profile, please select from the following profiles'
|
|
echo 'default/linux/amd64/13.0'
|
|
echo 'default/linux/amd64/13.0/no-multilib'
|
|
echo 'hardened/linux/amd64'
|
|
echo 'hardened/linux/amd64/no-multilib'
|
|
exit 1
|
|
fi
|
|
|
|
DIB_CLOUD_SOURCE=${DIB_CLOUD_SOURCE:-"http://distfiles.gentoo.org/releases/amd64/autobuilds/latest-stage4-amd64-${SIGNED_SOURCE_SUFFIX}.txt"}
|
|
BASE_IMAGE_FILE=${BASE_IMAGE_FILE:-"http://distfiles.gentoo.org/releases/amd64/autobuilds/$(curl ${DIB_CLOUD_SOURCE} -s | tail -n 1 | cut -d\ -f 1)"}
|
|
SIGNATURE_FILE="${SIGNATURE_FILE:-${BASE_IMAGE_FILE}.DIGESTS.asc}"
|
|
CACHED_FILE="${DIB_IMAGE_CACHE}/${FILENAME_BASE}.tar.bz2"
|
|
CACHED_SIGNATURE_FILE="${DIB_IMAGE_CACHE}/${FILENAME_BASE}.asc"
|
|
|
|
if [ -n "${DIB_OFFLINE}" -a -f "${CACHED_FILE}" ] ; then
|
|
echo "Not checking freshness of cached ${CACHED_FILE}"
|
|
else
|
|
echo 'Fetching Base Image'
|
|
"${TMP_HOOKS_PATH}"/bin/cache-url "${SIGNATURE_FILE}" "${CACHED_SIGNATURE_FILE}"
|
|
"${TMP_HOOKS_PATH}"/bin/cache-url "${BASE_IMAGE_FILE}" "${CACHED_FILE}"
|
|
pushd "${DIB_IMAGE_CACHE}"
|
|
# import the key
|
|
# this key can be verified at one of the following places
|
|
# https://wiki.gentoo.org/wiki/Project:RelEng#Keys
|
|
# https://dev.gentoo.org/~dolsen/releases/keyrings/gentoo-keys-*.tar.xz
|
|
# http://distfiles.gentoo.org/distfiles/gentoo-keys-*.tar.xz
|
|
GPGDIR=$(mktemp -d -t)
|
|
gpg --no-default-keyring --keyring "${GPGDIR}"/gentookeys.gpg --import "${TMP_HOOKS_PATH}"/extra-data.d/gentoo-releng.gpg
|
|
# check the sig file
|
|
gpgv --keyring "${GPGDIR}"/gentookeys.gpg "${CACHED_SIGNATURE_FILE}"
|
|
if [[ "${?}" != 0 ]]; then
|
|
echo 'invalid signature file'
|
|
exit 1
|
|
fi
|
|
rm -rf "${GPGDIR}"
|
|
echo 'valid key used'
|
|
CACHED_SHA512SUM=$(grep -A1 -e 'SHA512' "${CACHED_SIGNATURE_FILE}" | grep -e 'tar.bz2$' | cut -d\ -f 1)
|
|
ACTUAL_SHA512SUM=$(sha512sum "${CACHED_FILE}" | cut -d\ -f 1)
|
|
if [[ "${ACTUAL_SHA512SUM}" != "${CACHED_SHA512SUM}" ]]; then
|
|
echo "invalid checksum on downloaded tarball: ${CACHED_FILE}"
|
|
exit 1
|
|
fi
|
|
echo 'valid checksum'
|
|
popd
|
|
fi
|
|
|
|
# Extract the base image (use --numeric-owner to avoid UID/GID mismatch between
|
|
# image tarball and host OS)
|
|
sudo tar -C "${TARGET_ROOT}" --numeric-owner --xattrs -xjpf "${CACHED_FILE}"
|