AimeeOS
/
container-images
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: AimeeOS:build/main
Branches Tags
AimeeOS:base/main
AimeeOS:rust-cross/main
AimeeOS:build/main
AimeeOS:cross/main
AimeeOS:main
AimeeOS:lib/main
..
compare: AimeeOS:main
Branches Tags
AimeeOS:base/main
AimeeOS:rust-cross/main
AimeeOS:build/main
AimeeOS:cross/main
AimeeOS:main
AimeeOS:lib/main

No commits in common. "build/main" and "main" have entirely different histories.
build/main ... main

23 changed files with 55 additions and 210 deletions
Show Stats Expand all files Collapse all files

7
.editorconfig
View File

@ -1,7 +0,0 @@
root = true
[*.sh]
end_of_line = lf
insert_final_newline = true
indent_style = space
indent_size = 4

2
.gitignore vendored
View File

@ -1,2 +0,0 @@
stage3-*.tar.*
latest-*.txt

55
README.md Normal file
View File

@ -0,0 +1,55 @@
# Aimee OS Build Container Images
This repository contains the build scripts for the container images that
provide the build environment for Aimee OS projects. Most projects will use
the _build/build-{target}_ image, which contains a cross-compiler toolchain for
the _{target}_ system (e.g. _aarch64-unknown-linux-gnu_) with Rust support, as
well as several other tools for compiling software and creating bootable OS
images.
## Container Images
There are several images in the collection:
```
gentoo/stage3 †
build/base
└── build/cross-aarch64-unknown-linux-gnu
└── build/build-aarch64-unknown-linux-gnu ‡
```
† The _gentoo/stage3_ image contains an unmodified Gentoo stage3 system. It is
used to bootstrap the _build/base_ image.
‡ Although the _build/build-{target}_ image is initially populated from the
corresponding _build/cross-{target}_ image, the final image is "squashed" into
a single layer to minimize download size.
## Git Branches
To enable building images in Jenkins without building all of the preceding
images, each image has its own Jenkins job. Since Jenkins does not support
(auto discovering) multiple jobs in a single Git repository branch, the build
scripts for the images are tracked in separate branches. Each branch is named
like _{image}/{sub-branch}_, where _{image}_ is the short name of the image
(e.g. `base`, `cross`, etc) and _{sub-branch}_ is an arbitrary name (e.g.
_main_).
* _base/main_: This branch is responsible for building _gentoo/stage3_ and
_build/base_.
* _cross/main_: This branch contains the build script for
_build/cross-{target}_.
* _build/main_: This branch builds _build/build-{target}_.
In addition to the per-image branches, there is also _lib/{sub-branch}_.
Code shared by multiple image build scripts is tracked here. Build scripts
expect the shared code to be available in the `lib` directory, which is
generally populated using a Git worktree, e.g.:
```sh
git worktree add lib lib/main
```
The _main_ branch itself is empty except for this README.

36
build.sh
View File

@ -1,36 +0,0 @@
#!/bin/sh
SELF=$(readlink -f "$0")
SRCDIR=${SELF%/*}
. "${SRCDIR}"/lib/common.sh
target=aarch64-unknown-linux-gnu
while [ $# -gt 0 ]; do
case "$1" in
-t|--target)
shift
target="$1"
;;
-b|--base)
shift
base="$1"
;;
*)
printf 'Unknown argument: %s\n' "$1" >&2
exit 2
;;
esac
shift
done
if [ -z "${base-}" ]; then
base=aimee-os.org/build/cross-"${target}"
fi
set -e
cid=$(buildah from "${base}")
buildah add "${cid}" portage /etc/portage
buildah_run_script "${cid}" "${SRCDIR}"/lib/sync.sh
buildah_run_script "${cid}" "${SRCDIR}"/tools.sh
buildah commit --rm --squash "${cid}" "aimee-os.org/build/build-${target}"

60
ci/Jenkinsfile vendored
View File

@ -1,60 +0,0 @@
pipeline {
agent {
kubernetes {
yamlFile 'ci/podTemplate.yaml'
yamlMergeStrategy merge()
defaultContainer 'buildah'
}
}
stages {
stage('Prepare') {
steps {
container('jnlp') {
// TODO checkout lib/ branch based on $BRANCH_NAME
sh 'git fetch origin lib/main:lib/main'
sh 'git worktree add lib lib/main'
}
}
}
stage('Build') {
steps {
sh 'sh -e build.sh --base git.pyrocufflink.net/aimeeos/build/rust-cross-aarch64-unknown-linux-gnu'
}
}
stage('Push') {
steps {
withEnv([
"REGISTRY_AUTH_FILE=${env.WORKSPACE_TMP}/auth.json"
]) {
withCredentials([usernamePassword(
credentialsId: 'jenkins-packages',
usernameVariable: 'BUILDAH_USERNAME',
passwordVariable: 'BUILDAH_PASSWORD',
)]) {
sh """
buildah login \
--username \${BUILDAH_USERNAME} \
--password \${BUILDAH_PASSWORD} \
git.pyrocufflink.net
"""
}
sh 'buildah push aimee-os.org/build/build-aarch64-unknown-linux-gnu git.pyrocufflink.net/aimeeos/build/build-aarch64-unknown-linux-gnu'
}
}
}
}
post {
failure {
sh 'unshare -Ur --map-auto chown root:root -R tmp log'
dir('tmp/portage') {
archiveArtifacts '*/*/temp/*.log'
}
archiveArtifacts 'log/**/*'
}
}
}

51
ci/podTemplate.yaml
View File

@ -1,51 +0,0 @@
spec:
containers:
- name: buildah
image: quay.io/containers/buildah:v1
command:
- sh
- -c
- |
trap 'kill $!; exit' TERM
sleep infinity &
wait
securityContext:
runAsUser: 1000
runAsGroup: 1000
readOnlyRootFilesystem: true
resources:
limits:
github.com/fuse: 1
cpu: 6
memory: 8G
requests:
cpu: 6
memory: 8G
volumeMounts:
- mountPath: /home/build
name: tmp
subPath: home
- mountPath: /home/build/.local/share/containers
name: data
subPath: containers
- mountPath: /tmp
name: tmp
subPath: tmp
- mountPath: /var/tmp
name: data
subPath: tmp
tolerations:
- key: du5t1n.me/jenkins
volumes:
- name: data
ephemeral:
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 16Gi
- name: tmp
emptyDir:
medium: Memory

1
portage/env/nobuildpkg vendored
View File

@ -1 +0,0 @@
FEATURES=-buildpkg

1
portage/make.conf/15-keywords.conf
View File

@ -1 +0,0 @@
ACCEPT_KEYWORDS="${ARCH}"

2
portage/make.conf/20-binpkgs.conf
View File

@ -1,2 +0,0 @@
FEATURES="${FEATURES} binpkg-multi-instance buildpkg"
EMERGE_DEFAULT_OPTS="${EMERGE_DEFAULT_OPTS} --usepkg --binpkg-respect-use=y"

1
portage/make.conf/60-nls.conf
View File

@ -1 +0,0 @@
USE="${USE} -nls"

2
portage/make.conf/80-quiet.conf
View File

@ -1,2 +0,0 @@
EMERGE_DEFAULT_OPTS="${EMERGE_DEFAULT_OPTS} --quiet-build=y --quiet-fail=y"
FEATURES="${FEATURES} -news"

1
portage/package.accept_keywords/genimage
View File

@ -1 +0,0 @@
sys-fs/genimage ~amd64

1
portage/package.accept_keywords/kernel
View File

@ -1 +0,0 @@
sys-kernel/raspberrypi-sources **

6
portage/package.env/kernel
View File

@ -1,6 +0,0 @@
# vim: set ft=gentoo-package-use :
# Dustin C. Hatch <dustin@hatch.name> (09 Feb 2023)
# Do not build binary packages for kernel sources
sys-kernel/gentoo-sources nobuildpkg
sys-kernel/raspberrypi-sources nobuildpkg

1
portage/package.use/btrfs-progs
View File

@ -1 +0,0 @@
sys-fs/btrfs-progs -man

1
portage/package.use/git
View File

@ -1 +0,0 @@
dev-vcs/git -perl

1
portage/package.use/grub
View File

@ -1 +0,0 @@
sys-boot/grub -* GRUB_PLATFORMS: -*

2
portage/package.use/kernel
View File

@ -1,2 +0,0 @@
sys-kernel/gentoo-sources symlink
sys-kernel/raspberrypi-sources symlink

5
portage/package.use/qemu
View File

@ -1,5 +0,0 @@
# vim: set ft=gentoo-package-use :
# Dustin C. Hatch <dustin@hatch.name> (11 Dec 2024)
# Build a minimal QEMU for chrooting into the target environment
app-emulation/qemu -* QEMU_USER_TARGETS: aarch64 PYTHON_TARGETS: python3_12

2
portage/package.use/selinux
View File

@ -1,2 +0,0 @@
sys-libs/libselinux python
sys-process/audit python

1
portage/package.use/squashfs-tools
View File

@ -1 +0,0 @@
sys-fs/squashfs-tools zstd

6
portage/package.use/systemd
View File

@ -1,6 +0,0 @@
sys-apps/dbus systemd
sys-apps/systemd -* PYTHON_SINGLE_TARGET: python3_12
sec-policy/selinux-base systemd
sec-policy/selinux-base-policy systemd
virtual/tmpfiles systemd
virtual/udev systemd

20
tools.sh
View File

@ -1,20 +0,0 @@
#!/bin/sh
xargs -r emerge -vnuUj --rebuilt-binaries=y <<EOF
sys-apps/shadow
EOF
xargs -r emerge -vnuUj --rebuilt-binaries=y <<EOF
app-emulation/qemu
sec-policy/selinux-base
sys-apps/policycoreutils
sys-apps/kmod
sys-apps/systemd
sys-boot/grub
sys-fs/btrfs-progs
sys-fs/dosfstools
sys-fs/genimage
sys-fs/mtools
sys-fs/squashfs-tools
tini
EOF