AimeeOS
/
container-images
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: AimeeOS:base/main
Branches Tags
AimeeOS:base/main
AimeeOS:rust-cross/main
AimeeOS:build/main
AimeeOS:cross/main
AimeeOS:main
AimeeOS:lib/main
...
pull from: AimeeOS:main
Branches Tags
AimeeOS:base/main
AimeeOS:rust-cross/main
AimeeOS:build/main
AimeeOS:cross/main
AimeeOS:main
AimeeOS:lib/main

No commits in common. "base/main" and "main" have entirely different histories.
base/main ... main

26 changed files with 55 additions and 270 deletions
Show Stats Expand all files Collapse all files

7
.editorconfig
View File

@ -1,7 +0,0 @@
root = true
[*.sh]
end_of_line = lf
insert_final_newline = true
indent_style = space
indent_size = 4

2
.gitignore vendored
View File

@ -1,2 +0,0 @@
stage3-*.tar.*
latest-*.txt

55
README.md Normal file
View File

@ -0,0 +1,55 @@
# Aimee OS Build Container Images
This repository contains the build scripts for the container images that
provide the build environment for Aimee OS projects. Most projects will use
the _build/build-{target}_ image, which contains a cross-compiler toolchain for
the _{target}_ system (e.g. _aarch64-unknown-linux-gnu_) with Rust support, as
well as several other tools for compiling software and creating bootable OS
images.
## Container Images
There are several images in the collection:
```
gentoo/stage3 †
build/base
└── build/cross-aarch64-unknown-linux-gnu
└── build/build-aarch64-unknown-linux-gnu ‡
```
† The _gentoo/stage3_ image contains an unmodified Gentoo stage3 system. It is
used to bootstrap the _build/base_ image.
‡ Although the _build/build-{target}_ image is initially populated from the
corresponding _build/cross-{target}_ image, the final image is "squashed" into
a single layer to minimize download size.
## Git Branches
To enable building images in Jenkins without building all of the preceding
images, each image has its own Jenkins job. Since Jenkins does not support
(auto discovering) multiple jobs in a single Git repository branch, the build
scripts for the images are tracked in separate branches. Each branch is named
like _{image}/{sub-branch}_, where _{image}_ is the short name of the image
(e.g. `base`, `cross`, etc) and _{sub-branch}_ is an arbitrary name (e.g.
_main_).
* _base/main_: This branch is responsible for building _gentoo/stage3_ and
_build/base_.
* _cross/main_: This branch contains the build script for
_build/cross-{target}_.
* _build/main_: This branch builds _build/build-{target}_.
In addition to the per-image branches, there is also _lib/{sub-branch}_.
Code shared by multiple image build scripts is tracked here. Build scripts
expect the shared code to be available in the `lib` directory, which is
generally populated using a Git worktree, e.g.:
```sh
git worktree add lib lib/main
```
The _main_ branch itself is empty except for this README.

29
bootstrap.sh
View File

@ -1,29 +0,0 @@
#!/bin/sh
set -e
mkdir -p /mnt/gentoo
USE=build \
emerge -kvnuUDj --rebuilt-binaries=y --root=/mnt/gentoo sys-apps/baselayout
# Portage itself only requires Python and Bash. Actually building
# packages requires a lot more. These dependencies are implicit because
# they are listed in @system. We do not want everything from @system,
# though, so we have to explicitly install several packages.
#
# At some point, we may end up with an Aimee OS profile for Portage.
# If/when that happens, we can override @system to remove the stuff we
# don't want, like virtual/service-manager and virtual/openssh.
xargs emerge -kvnuUDj --rebuilt-binaries=y --root=/mnt/gentoo <<EOF
app-arch/gzip
dev-build/make
net-misc/wget
sys-apps/diffutils
sys-apps/gawk
sys-apps/grep
sys-apps/portage
sys-devel/binutils
sys-devel/gcc
sys-devel/patch
EOF

39
build.sh
View File

@ -1,39 +0,0 @@
#!/bin/sh
SELF=$(readlink -f "$0")
SRCDIR=${SELF%/*}
. "${SRCDIR}"/lib/common.sh
base=aimee-os.org/gentoo/stage3-amd64-nomultilib-openrc:latest
while [ $# -gt 0 ]; do
case "$1" in
-b|--base)
shift
base="$1"
;;
*)
printf 'Unknown argument: %s\n' "$1" >&2
exit 2
;;
esac
done
set -e
builddir=$(export TMPDIR=${TMPDIR:-${PWD}} && mktemp -d gentoo.XXXXXX)
builddir=$(readlink -f "${builddir}")
work=$(buildah from -v "${builddir}":/mnt/gentoo:rw,Z "${base}")
buildah add "${work}" portage /etc/portage/
buildah_run_script "${work}" "${SRCDIR}"/lib/sync.sh
buildah_run_script "${work}" "${SRCDIR}"/bootstrap.sh
cid=$(buildah from scratch)
buildah copy "${cid}" "${builddir}" /
buildah_run_script "${cid}" "${SRCDIR}"/profile.sh
buildah config --cmd /bin/bash "${cid}"
buildah commit --rm --squash "${cid}" aimee-os.org/build/base
buildah run "${work}" find /mnt/gentoo -mindepth 1 -delete
buildah rm "${work}"
rmdir "${builddir}"

77
ci/Jenkinsfile vendored
View File

@ -1,77 +0,0 @@
pipeline {
triggers {
cron 'H H * * H'
}
agent {
kubernetes {
yamlFile 'ci/podTemplate.yaml'
yamlMergeStrategy merge()
defaultContainer 'buildah'
}
}
stages {
stage('Prepare') {
steps {
container('jnlp') {
// TODO checkout lib/ branch based on $BRANCH_NAME
sh 'git fetch origin lib/main:lib/main'
sh 'git worktree add lib lib/main'
}
}
}
stage('Gentoo Stage 3') {
steps {
sh 'sh -e gentoo-stage3.sh'
}
}
stage('Base') {
steps {
sh 'sh -e build.sh'
}
}
stage('Push') {
steps {
withEnv([
"REGISTRY_AUTH_FILE=${env.WORKSPACE_TMP}/auth.json"
]) {
withCredentials([usernamePassword(
credentialsId: 'jenkins-packages',
usernameVariable: 'BUILDAH_USERNAME',
passwordVariable: 'BUILDAH_PASSWORD',
)]) {
sh """
buildah login \
--username \${BUILDAH_USERNAME} \
--password \${BUILDAH_PASSWORD} \
git.pyrocufflink.net
"""
}
sh 'buildah push aimee-os.org/build/base git.pyrocufflink.net/aimeeos/build/base'
}
}
}
}
post {
success {
build([
job: "${BRANCH_NAME.replace('base/', 'cross%2F')}",
wait: false,
])
}
failure {
sh 'unshare -Ur --map-auto chown root:root -R tmp log'
dir('tmp/portage') {
archiveArtifacts '*/*/temp/*.log'
}
archiveArtifacts 'log/**/*'
}
}
}

25
ci/podTemplate.yaml
View File

@ -1,25 +0,0 @@
spec:
containers:
- name: buildah
image: quay.io/containers/buildah:v1
command:
- sh
- -c
- |
trap 'kill $!; exit' TERM
rm -f ~/.config/containers/storage.conf
sleep infinity &
wait
securityContext:
runAsUser: 1000
runAsGroup: 1000
resources:
limits:
github.com/fuse: 1
cpu: 6
memory: 8G
requests:
cpu: 6
memory: 8G
tolerations:
- key: du5t1n.me/jenkins

24
fetch-stage3.sh
View File

@ -1,24 +0,0 @@
#!/bin/sh
: "${GENTOO_MIRROR:=http://mirror.leaseweb.com/gentoo}"
URLPATH=releases/amd64/autobuilds
GENTOO_KEY=13EBBDBEDE7A12775DFDB1BABB572E0E2D182910
GENTOO_KEYSERVER=hkps://keys.gentoo.org
stage3="${1:-amd64-nomultilib-openrc}"
set -e
gpg --keyserver ${GENTOO_KEYSERVER} --recv-keys ${GENTOO_KEY}
curl -fLO "${GENTOO_MIRROR}/${URLPATH}/latest-stage3-${stage3}.txt"
gpg --verify "latest-stage3-${stage3}.txt"
tarball=$(gpg --decrypt "latest-stage3-${stage3}.txt" | awk '$1!="#"{print $1}')
if [ ! -f "${tarball##*/}" ]; then
curl -fLO "${GENTOO_MIRROR}/${URLPATH}/${tarball}"
fi
if [ ! -f "${tarball##*/}.asc" ]; then
curl -fLO "${GENTOO_MIRROR}/${URLPATH}/${tarball}.asc"
fi
gpg --verify "${tarball##*/}.asc"
echo "${tarball##*/}"

22
gentoo-stage3.sh
View File

@ -1,22 +0,0 @@
#!/bin/sh
SELF=$(readlink -f "$0")
SRCDIR=${SELF%/*}
tarball=$1
set -e
if [ -z "${tarball}" ]; then
tarball=$(sh "${SRCDIR}"/fetch-stage3.sh "$@")
fi
stage3=${tarball%.tar.*}
version=${stage3##*-}
stage3=${stage3%-*}
cid=$(buildah from scratch)
buildah add "${cid}" "${tarball}"
buildah config --cmd /bin/bash "${cid}"
buildah commit --rm --squash "${cid}" "aimee-os.org/gentoo/${stage3}:${version}"
buildah tag "aimee-os.org/gentoo/${stage3}:${version}" \
"aimee-os.org/gentoo/${stage3}:latest"

1
portage/env/nobuildpkg vendored
View File

@ -1 +0,0 @@
FEATURES=-buildpkg

1
portage/make.conf/15-keywords.conf
View File

@ -1 +0,0 @@
ACCEPT_KEYWORDS="${ARCH}"

2
portage/make.conf/20-binpkgs.conf
View File

@ -1,2 +0,0 @@
FEATURES="${FEATURES} binpkg-multi-instance buildpkg"
EMERGE_DEFAULT_OPTS="${EMERGE_DEFAULT_OPTS} --usepkg --binpkg-respect-use=y"

1
portage/make.conf/60-nls.conf
View File

@ -1 +0,0 @@
USE="${USE} -nls"

2
portage/make.conf/80-quiet.conf
View File

@ -1,2 +0,0 @@
EMERGE_DEFAULT_OPTS="${EMERGE_DEFAULT_OPTS} --quiet-build=y --quiet-fail=y"
FEATURES="${FEATURES} -news"

1
portage/package.accept_keywords/genimage
View File

@ -1 +0,0 @@
sys-fs/genimage ~amd64

1
portage/package.accept_keywords/kernel
View File

@ -1 +0,0 @@
sys-kernel/raspberrypi-sources **

6
portage/package.env/kernel
View File

@ -1,6 +0,0 @@
# vim: set ft=gentoo-package-use :
# Dustin C. Hatch <dustin@hatch.name> (09 Feb 2023)
# Do not build binary packages for kernel sources
sys-kernel/gentoo-sources nobuildpkg
sys-kernel/raspberrypi-sources nobuildpkg

1
portage/package.use/btrfs-progs
View File

@ -1 +0,0 @@
sys-fs/btrfs-progs -man

1
portage/package.use/git
View File

@ -1 +0,0 @@
dev-vcs/git -perl

1
portage/package.use/grub
View File

@ -1 +0,0 @@
sys-boot/grub -* GRUB_PLATFORMS: -*

2
portage/package.use/kernel
View File

@ -1,2 +0,0 @@
sys-kernel/gentoo-sources symlink
sys-kernel/raspberrypi-sources symlink

5
portage/package.use/qemu
View File

@ -1,5 +0,0 @@
# vim: set ft=gentoo-package-use :
# Dustin C. Hatch <dustin@hatch.name> (11 Dec 2024)
# Build a minimal QEMU for chrooting into the target environment
app-emulation/qemu -* QEMU_USER_TARGETS: aarch64 PYTHON_TARGETS: python3_12

2
portage/package.use/selinux
View File

@ -1,2 +0,0 @@
sys-libs/libselinux python
sys-process/audit python

1
portage/package.use/squashfs-tools
View File

@ -1 +0,0 @@
sys-fs/squashfs-tools zstd

6
portage/package.use/systemd
View File

@ -1,6 +0,0 @@
sys-apps/dbus systemd
sys-apps/systemd -* PYTHON_SINGLE_TARGET: python3_12
sec-policy/selinux-base systemd
sec-policy/selinux-base-policy systemd
virtual/tmpfiles systemd
virtual/udev systemd

11
profile.sh
View File

@ -1,11 +0,0 @@
#!/bin/sh
arch=$(uname -m)
case ${arch} in
x86_64) arch=amd64 ;;
aarch64) arch=arm64 ;;
esac
mkdir -p /etc/portage
eselect profile set default/linux/"${arch}"/23.0/no-multilib