26 changed files with 55 additions and 270 deletions
--- a/.editorconfig
+++ b/.editorconfig
@ -1,7 +0,0 @@
 root = true
 [*.sh]
 end_of_line = lf
 insert_final_newline = true
 indent_style = space
 indent_size = 4
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +0,0 @@
 stage3-*.tar.*
 latest-*.txt
--- a/README.md
+++ b/README.md
@ -0,0 +1,55 @@
 # Aimee OS Build Container Images
 This repository contains the build scripts for the container images that
 provide the build environment for Aimee OS projects.  Most projects will use
 the _build/build-{target}_ image, which contains a cross-compiler toolchain for
 the _{target}_ system (e.g. _aarch64-unknown-linux-gnu_) with Rust support, as
 well as several other tools for compiling software and creating bootable OS
 images.
 ## Container Images
 There are several images in the collection:
 ```
 gentoo/stage3 †
 build/base
 └── build/cross-aarch64-unknown-linux-gnu
    └── build/build-aarch64-unknown-linux-gnu ‡
 ```
 † The _gentoo/stage3_ image contains an unmodified Gentoo stage3 system.  It is
 used to bootstrap the _build/base_ image.
 ‡ Although the _build/build-{target}_ image is initially populated from the
 corresponding _build/cross-{target}_ image, the final image is "squashed" into
 a single layer to minimize download size.
 ## Git Branches
 To enable building images in Jenkins without building all of the preceding
 images, each image has its own Jenkins job.  Since Jenkins does not support
 (auto discovering) multiple jobs in a single Git repository branch, the build
 scripts for the images are tracked in separate branches.  Each branch is named
 like _{image}/{sub-branch}_, where _{image}_ is the short name of the image
 (e.g. `base`, `cross`, etc) and _{sub-branch}_ is an arbitrary name (e.g.
 _main_).
 * _base/main_: This branch is responsible for building _gentoo/stage3_ and
  _build/base_.
 * _cross/main_: This branch contains the build script for
  _build/cross-{target}_.
 * _build/main_: This branch builds _build/build-{target}_.
 In addition to the per-image branches, there is also _lib/{sub-branch}_.
 Code shared by multiple image build scripts is tracked here.  Build scripts
 expect the shared code to be available in the `lib` directory, which is
 generally populated using a Git worktree, e.g.:
 ```sh
 git worktree add lib lib/main
 ```
 The _main_ branch itself is empty except for this README.
--- a/bootstrap.sh
+++ b/bootstrap.sh
@ -1,29 +0,0 @@
 #!/bin/sh
 set -e
 mkdir -p /mnt/gentoo
 USE=build \
 emerge -kvnuUDj --rebuilt-binaries=y --root=/mnt/gentoo sys-apps/baselayout
 # Portage itself only requires Python and Bash.  Actually building
 # packages requires a lot more.  These dependencies are implicit because
 # they are listed in @system.  We do not want everything from @system,
 # though, so we have to explicitly install several packages.
 #
 # At some point, we may end up with an Aimee OS profile for Portage.
 # If/when that happens, we can override @system to remove the stuff we
 # don't want, like virtual/service-manager and virtual/openssh.
 xargs emerge -kvnuUDj --rebuilt-binaries=y --root=/mnt/gentoo <<EOF
 app-arch/gzip
 dev-build/make
 net-misc/wget
 sys-apps/diffutils
 sys-apps/gawk
 sys-apps/grep
 sys-apps/portage
 sys-devel/binutils
 sys-devel/gcc
 sys-devel/patch
 EOF
--- a/build.sh
+++ b/build.sh
@ -1,39 +0,0 @@
 #!/bin/sh
 SELF=$(readlink -f "$0")
 SRCDIR=${SELF%/*}
 . "${SRCDIR}"/lib/common.sh
 base=aimee-os.org/gentoo/stage3-amd64-nomultilib-openrc:latest
 while [ $# -gt 0 ]; do
    case "$1" in
    -b|--base)
        shift
        base="$1"
        ;;
    *)
        printf 'Unknown argument: %s\n' "$1" >&2
        exit 2
        ;;
    esac
 done
 set -e
 builddir=$(export TMPDIR=${TMPDIR:-${PWD}} && mktemp -d gentoo.XXXXXX)
 builddir=$(readlink -f "${builddir}")
 work=$(buildah from -v "${builddir}":/mnt/gentoo:rw,Z "${base}")
 buildah add "${work}" portage /etc/portage/
 buildah_run_script "${work}" "${SRCDIR}"/lib/sync.sh
 buildah_run_script "${work}" "${SRCDIR}"/bootstrap.sh
 cid=$(buildah from scratch)
 buildah copy "${cid}" "${builddir}" /
 buildah_run_script "${cid}" "${SRCDIR}"/profile.sh
 buildah config --cmd /bin/bash "${cid}"
 buildah commit --rm --squash "${cid}" aimee-os.org/build/base
 buildah run "${work}" find /mnt/gentoo -mindepth 1 -delete
 buildah rm "${work}"
 rmdir "${builddir}"
--- a/ci/Jenkinsfile
+++ b/ci/Jenkinsfile
@ -1,77 +0,0 @@
 pipeline {
    triggers {
        cron 'H H * * H'
    }
    agent {
        kubernetes {
            yamlFile 'ci/podTemplate.yaml'
            yamlMergeStrategy merge()
            defaultContainer 'buildah'
        }
    }
    stages {
        stage('Prepare') {
            steps {
                container('jnlp') {
                    // TODO checkout lib/ branch based on $BRANCH_NAME
                    sh 'git fetch origin lib/main:lib/main'
                    sh 'git worktree add lib lib/main'
                }
            }
        }
        stage('Gentoo Stage 3') {
            steps {
                sh 'sh -e gentoo-stage3.sh'
            }
        }
        stage('Base') {
            steps {
                sh 'sh -e build.sh'
            }
        }
        stage('Push') {
            steps {
                withEnv([
                    "REGISTRY_AUTH_FILE=${env.WORKSPACE_TMP}/auth.json"
                ]) {
                    withCredentials([usernamePassword(
                        credentialsId: 'jenkins-packages',
                        usernameVariable: 'BUILDAH_USERNAME',
                        passwordVariable: 'BUILDAH_PASSWORD',
                    )]) {
                        sh """
                            buildah login \
                            --username \${BUILDAH_USERNAME} \
                            --password \${BUILDAH_PASSWORD} \
                            git.pyrocufflink.net
                        """
                    }
                    sh 'buildah push aimee-os.org/build/base git.pyrocufflink.net/aimeeos/build/base'
                }
            }
        }
    }
    post {
        success {
            build([
                job: "${BRANCH_NAME.replace('base/', 'cross%2F')}",
                wait: false,
            ])
        }
        failure {
            sh 'unshare -Ur --map-auto chown root:root -R tmp log'
            dir('tmp/portage') {
                archiveArtifacts '*/*/temp/*.log'
            }
            archiveArtifacts 'log/**/*'
        }
    }
 }
--- a/ci/podTemplate.yaml
+++ b/ci/podTemplate.yaml
@ -1,25 +0,0 @@
 spec:
  containers:
  - name: buildah
    image: quay.io/containers/buildah:v1
    command:
    - sh
    - -c
    - |
      trap 'kill $!; exit' TERM
      rm -f ~/.config/containers/storage.conf
      sleep infinity &
      wait
    securityContext:
      runAsUser: 1000
      runAsGroup: 1000
    resources:
      limits:
        github.com/fuse: 1
        cpu: 6
        memory: 8G
      requests:
        cpu: 6
        memory: 8G
  tolerations:
  - key: du5t1n.me/jenkins
--- a/fetch-stage3.sh
+++ b/fetch-stage3.sh
@ -1,24 +0,0 @@
 #!/bin/sh
 : "${GENTOO_MIRROR:=http://mirror.leaseweb.com/gentoo}"
 URLPATH=releases/amd64/autobuilds
 GENTOO_KEY=13EBBDBEDE7A12775DFDB1BABB572E0E2D182910
 GENTOO_KEYSERVER=hkps://keys.gentoo.org
 stage3="${1:-amd64-nomultilib-openrc}"
 set -e
 gpg --keyserver ${GENTOO_KEYSERVER} --recv-keys ${GENTOO_KEY}
 curl -fLO "${GENTOO_MIRROR}/${URLPATH}/latest-stage3-${stage3}.txt"
 gpg --verify "latest-stage3-${stage3}.txt"
 tarball=$(gpg --decrypt "latest-stage3-${stage3}.txt" | awk '$1!="#"{print $1}')
 if [ ! -f "${tarball##*/}" ]; then
    curl -fLO "${GENTOO_MIRROR}/${URLPATH}/${tarball}"
 fi
 if [ ! -f "${tarball##*/}.asc" ]; then
    curl -fLO "${GENTOO_MIRROR}/${URLPATH}/${tarball}.asc"
 fi
 gpg --verify "${tarball##*/}.asc"
 echo "${tarball##*/}"
--- a/gentoo-stage3.sh
+++ b/gentoo-stage3.sh
@ -1,22 +0,0 @@
 #!/bin/sh
 SELF=$(readlink -f "$0")
 SRCDIR=${SELF%/*}
 tarball=$1
 set -e
 if [ -z "${tarball}" ]; then
    tarball=$(sh "${SRCDIR}"/fetch-stage3.sh "$@")
 fi
 stage3=${tarball%.tar.*}
 version=${stage3##*-}
 stage3=${stage3%-*}
 cid=$(buildah from scratch)
 buildah add "${cid}" "${tarball}"
 buildah config --cmd /bin/bash "${cid}"
 buildah commit --rm --squash "${cid}" "aimee-os.org/gentoo/${stage3}:${version}"
 buildah tag "aimee-os.org/gentoo/${stage3}:${version}" \
    "aimee-os.org/gentoo/${stage3}:latest"
--- a/portage/env/nobuildpkg
+++ b/portage/env/nobuildpkg
@ -1 +0,0 @@
 FEATURES=-buildpkg
--- a/portage/make.conf/15-keywords.conf
+++ b/portage/make.conf/15-keywords.conf
@ -1 +0,0 @@
 ACCEPT_KEYWORDS="${ARCH}"
--- a/portage/make.conf/20-binpkgs.conf
+++ b/portage/make.conf/20-binpkgs.conf
@ -1,2 +0,0 @@
 FEATURES="${FEATURES} binpkg-multi-instance buildpkg"
 EMERGE_DEFAULT_OPTS="${EMERGE_DEFAULT_OPTS} --usepkg --binpkg-respect-use=y"
--- a/portage/make.conf/60-nls.conf
+++ b/portage/make.conf/60-nls.conf
@ -1 +0,0 @@
 USE="${USE} -nls"
--- a/portage/make.conf/80-quiet.conf
+++ b/portage/make.conf/80-quiet.conf
@ -1,2 +0,0 @@
 EMERGE_DEFAULT_OPTS="${EMERGE_DEFAULT_OPTS} --quiet-build=y --quiet-fail=y"
 FEATURES="${FEATURES} -news"
--- a/portage/package.accept_keywords/genimage
+++ b/portage/package.accept_keywords/genimage
@ -1 +0,0 @@
 sys-fs/genimage ~amd64
--- a/portage/package.accept_keywords/kernel
+++ b/portage/package.accept_keywords/kernel
@ -1 +0,0 @@
 sys-kernel/raspberrypi-sources **
--- a/portage/package.env/kernel
+++ b/portage/package.env/kernel
@ -1,6 +0,0 @@
 # vim: set ft=gentoo-package-use :
 # Dustin C. Hatch <dustin@hatch.name> (09 Feb 2023)
 # Do not build binary packages for kernel sources
 sys-kernel/gentoo-sources nobuildpkg
 sys-kernel/raspberrypi-sources nobuildpkg
--- a/portage/package.use/btrfs-progs
+++ b/portage/package.use/btrfs-progs
@ -1 +0,0 @@
 sys-fs/btrfs-progs -man
--- a/portage/package.use/git
+++ b/portage/package.use/git
@ -1 +0,0 @@
 dev-vcs/git -perl
--- a/portage/package.use/grub
+++ b/portage/package.use/grub
@ -1 +0,0 @@
 sys-boot/grub -* GRUB_PLATFORMS: -*
--- a/portage/package.use/kernel
+++ b/portage/package.use/kernel
@ -1,2 +0,0 @@
 sys-kernel/gentoo-sources symlink
 sys-kernel/raspberrypi-sources symlink
--- a/portage/package.use/qemu
+++ b/portage/package.use/qemu
@ -1,5 +0,0 @@
 # vim: set ft=gentoo-package-use :
 # Dustin C. Hatch <dustin@hatch.name> (11 Dec 2024)
 # Build a minimal QEMU for chrooting into the target environment
 app-emulation/qemu -* QEMU_USER_TARGETS: aarch64 PYTHON_TARGETS: python3_12
--- a/portage/package.use/selinux
+++ b/portage/package.use/selinux
@ -1,2 +0,0 @@
 sys-libs/libselinux python
 sys-process/audit python
--- a/portage/package.use/squashfs-tools
+++ b/portage/package.use/squashfs-tools
@ -1 +0,0 @@
 sys-fs/squashfs-tools zstd
--- a/portage/package.use/systemd
+++ b/portage/package.use/systemd
@ -1,6 +0,0 @@
 sys-apps/dbus systemd
 sys-apps/systemd -* PYTHON_SINGLE_TARGET: python3_12
 sec-policy/selinux-base systemd
 sec-policy/selinux-base-policy systemd
 virtual/tmpfiles systemd
 virtual/udev systemd
--- a/profile.sh
+++ b/profile.sh
@ -1,11 +0,0 @@
 #!/bin/sh
 arch=$(uname -m)
 case ${arch} in
 x86_64) arch=amd64 ;;
 aarch64) arch=arm64 ;;
 esac
 mkdir -p /etc/portage
 eselect profile set default/linux/"${arch}"/23.0/no-multilib
		`@ -1,2 +0,0 @@`
			`FEATURES="${FEATURES} binpkg-multi-instance buildpkg"`
			`EMERGE_DEFAULT_OPTS="${EMERGE_DEFAULT_OPTS} --usepkg --binpkg-respect-use=y"`
		`@ -1,2 +0,0 @@`
			`EMERGE_DEFAULT_OPTS="${EMERGE_DEFAULT_OPTS} --quiet-build=y --quiet-fail=y"`
			`FEATURES="${FEATURES} -news"`
		`@ -1,2 +0,0 @@`
			`sys-kernel/gentoo-sources symlink`
			`sys-kernel/raspberrypi-sources symlink`
		`@ -1,2 +0,0 @@`
			`sys-libs/libselinux python`
			`sys-process/audit python`