1st working version

.gitignore

@@ -6,4 +6,5 @@ latest-stage3-*
 *~
 *.sublime-workspace
 .DS_Store
+Dockerfile
 

.latest-stage3

@@ -1 +0,0 @@
-releases/amd64/autobuilds/20171012/hardened/stage3-amd64-hardened+nomultilib-20171012.tar.bz2

Dockerfile.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+cat <<EOF
+FROM scratch
+LABEL com.rbkmoney.$SERVICE_NAME.parent=null \
+	com.rbkmoney.$SERVICE_NAME.branch=$BRANCH \
+	com.rbkmoney.$SERVICE_NAME.commit_id=$COMMIT \
+	com.rbkmoney.$SERVICE_NAME.commit_number=`git rev-list --count HEAD`
+
+WORKDIR /
+
+COPY /portage-root/ /
+
+CMD ["/bin/bash"]
+EOF

Jenkinsfile

@@ -13,9 +13,6 @@ build("image-embedded", 'docker-host') {
       sh 'make repos'
     }
   }
-  runStage('stage3 download') {
-    sh 'make .latest-stage3.loaded'
-  }
   runStage('embedded image build') {
     sh 'make embedded'
   }

Makefile

@@ -34,29 +34,13 @@ submodules: $(SUBTARGETS)
 
 repos: $(REPOS_TARGET)
 
-update-latest-stage3: $(UTILS_PATH)/sh/getstage3.sh .git
-	$(UTILS_PATH)/sh/getstage3.sh find-latest -D "http://gentoo.bakka.su/gentoo-distfiles" \
-		amd64 -hardened+nomultilib | tail -n 1 > .latest-stage3
+Dockerfile: Dockerfile.sh
+	SERVICE_NAME=$(SERVICE_NAME) BRANCH=$(BRANCH) COMMIT=$(COMMIT) ./Dockerfile.sh > Dockerfile
 
-.latest-stage3.loaded: .latest-stage3
-	$(UTILS_PATH)/sh/getstage3.sh get-path -D "http://gentoo.bakka.su/gentoo-distfiles" \
-		$(shell cat .latest-stage3) | tail -n 1 > $@
-
-.state: .latest-stage3.loaded $(PACKER) $(REPOS_TARGET) packer.json files/packer.sh files/portage.make.conf
-	$(eval STAGE3 := $(shell cat .latest-stage3.loaded))
-	$(shell test -z "$(STAGE3)" && exit 1)
-	$(DOCKER) run -v `pwd`:/tmp/pwd -w /tmp/repack busybox /bin/sh -c \
-	"tar xjf /tmp/pwd/$(STAGE3); tar cjf /tmp/pwd/$(STAGE3).repack *"
-	$(DOCKER) import $(STAGE3).repack "$(REGISTRY)/$(ORG_NAME)/stage3-amd64-hardened-nomultilib"
+.state: $(PACKER) $(REPOS_TARGET) packer.json files/packer.sh files/portage.make.conf Dockerfile
+	mkdir -p portage-root
 	$(PACKER) build -var 'image-tag=$(TAG)' packer.json
-	printf "FROM $(SERVICE_IMAGE_NAME):$(TAG)\n \
-	LABEL com.rbkmoney.$(SERVICE_NAME).parent=null \
-	com.rbkmoney.$(SERVICE_NAME).stage3-used=$(STAGE3) \
-	com.rbkmoney.$(SERVICE_NAME).branch=$(BRANCH) \
-	com.rbkmoney.$(SERVICE_NAME).commit_id=$(COMMIT) \
-	com.rbkmoney.$(SERVICE_NAME).commit_number=`git rev-list --count HEAD`" \
-	| docker build -t $(SERVICE_IMAGE_NAME):$(TAG) -
-	echo $(TAG) > $@
+	docker build -t $(SERVICE_IMAGE_NAME):$(TAG) .
 
 test:
 	$(DOCKER) run "$(SERVICE_IMAGE_NAME):$(shell cat .state)" \

files/packer.sh

@@ -1,123 +1,33 @@
-#!/bin/bash
+#!/bin/sh
 source /lib/gentoo/functions.sh
 
-export EMERGE="emerge -q"
-SALT_VERSION="2015.8.13"
+# XXX Fix broken build image
+USE="multitarget graphite go"
+emerge --getbinpkgonly --backtrack=50 glibc binutils binutils-libs gcc
+eselect binutils set x86_64-pc-linux-gnu-2.28.1
+gcc-config x86_64-pc-linux-gnu-5.4.0
+
+# Set portage root and install stuff
+export ROOT=/tmp/portage-root
+mkdir -p $ROOT/etc
 
-# Get utf-8 support with default locale
 ebegin "Setting locales to generate"
-# DK uses 24h time
-cat <<EOF> /etc/locale.gen
+cat <<EOF> $ROOT/etc/locale.gen
 en_DK.UTF-8 UTF-8
 EOF
 eend $? "Failed" || exit $?
 ebegin "Setting locales to preserve"
-cat <<EOF> /etc/locale.nopurge
+cat <<EOF> $ROOT/etc/locale.nopurge
 MANDELETE
 SHOWFREEDSPACE
 en_DK.UTF-8 UTF-8
 EOF
 eend $? "Failed" || exit $?
 
-locale-gen || exit $?
+
+emerge --quiet-build=n --verbose --verbose-conflicts --tree openssl iproute2 grep gawk \
+    coreutils attr util-linux net-misc/curl sed
 
 eselect locale set en_DK.utf8 || exit $?
 
-# Get cert for loading packages from bakka repo via HTTPS
-ebegin "Downloading CA for the package repository"
-mkdir -p /usr/local/share/ca-certificates \
-    && wget -q http://bakka.su/ca/baka_bakka.crt -O /usr/local/share/ca-certificates/baka_bakka.crt
-eend $? "Failed" || exit $?
-ebegin "Updating CA cerificates"
-update-ca-certificates --fresh > /dev/null
-eend $? "Failed" || exit $?
-
-# /tmp/data mount set in packer.json
-ebegin "Copying portage/make.conf"
-cp /tmp/data/portage.make.conf /etc/portage/make.conf
-eend $? "Failed" || exit $?
-
-ebegin "Adding repos.conf/gentoo"
-mkdir -p /etc/portage/repos.conf \
-    && cat <<EOF> /etc/portage/repos.conf/gentoo.conf
-[DEFAULT]
-main-repo = gentoo
-
-[gentoo]
-location = /usr/portage
-sync-type = rsync
-auto-sync = false
-EOF
-eend $? "Failed" || exit $?
-
-# https://wiki.gentoo.org/wiki/Profile_(Portage)
-ebegin "Selecting profile"
-eselect profile set hardened/linux/amd64/no-multilib
-eend $? "Failed" || exit $?
-
-ebegin "Setting bootstrap flags"
-mkdir -p /etc/portage/package.{accept_keywords,keywords,use,env} \
-    && touch /etc/portage/package.keywords/bootstrap
-eend $? "Failed" || exit $?
-
-# XXX we may need to remove openssh
-ebegin "Removing openssh (to skip it's rebuilding with -bindist)"
-${EMERGE} -C openssh
-eend $? "Failed" || exit $?
-
-# bakka.su cert is ECDSA and to get this supported we rebuild openssl without
-# bindist
-ebegin "Rebuilding openssl -bindist"
-FEATURES="-getbinpkg" ${EMERGE} --verbose=n openssl
-eend $? "Failed" || exit $?
-
-# Enable bakka.su mirrors
-ebegin "Uncommenting GENTOO_MIRRORS and other vars in make.conf"
-sed -i "s|\# sed-remove||g" /etc/portage/make.conf
-eend $? "Failed" || exit $?
-
-ebegin "Emerging localepurge qemacs nvi openssh"
-${EMERGE} --verbose=n qemacs nvi app-admin/localepurge
-eend $? "Failed" || exit $?
-
-# XXX python2.7 is needed by salt
-#ebegin "Selecting python2.7 as default python interpreter"
-#eselect python set python2.7
-#eend $? "Failed" || exit $?
-
-ebegin "Selecting pager"
-eselect pager set /usr/bin/less
-eend $? "Failed" || exit $?
-
-# XXX perl is needed by at least localepurge
-einfo "Updating perl"
-perl-cleaner --reallyall || exit $?
-
-ebegin "Updating world"
-${EMERGE} -uDN @world
-eend $? "Failed" || exit $?
-
-# remove orphaned deps
-ebegin "Cleaning deps"
-${EMERGE} --verbose=n --depclean
-eend $? "Failed" || exit $?
-
-einfo "Purging extra locales"
-localepurge || exit $?
-
-find /usr/share/gtk-doc -delete
-find /usr/share/man -delete
-find /usr/share/doc -delete
-find /usr/share/sgml -print -delete
-find /usr/share/i18n -print
-find /usr/share/misc -print
-find / -name '*.pyc' -delete
-
-ebegin "Removing temporary directories and logs"
-rm -rf /var/tmp/{portage,packages,distfiles}
-find /var/log -type f ! -name '.keep*' -print -delete
-eend $? "Failed" || exit $?
-
-einfo "And here are some resulting space consumption details"
-find / -mindepth 2 -maxdepth 4 -exec 'du' '-hsx' '{}' ';' | sort -h | tail -n 50
-find / -maxdepth 1 -exec 'du' '-hsx' '{}' ';' | sort -h | tail -n 50
+rm -rf $ROOT/var/cache/edb/*

files/portage.make.conf

@@ -12,8 +12,6 @@ PORT_LOGDIR="/var/log/portage"
 # sed-remove PORTAGE_BINHOST="https://gentoo.bakka.su/gentoo-packages/amd64/corei7-avx/packages"
 PORTAGE_SSH_OPTS=""
 ACCEPT_KEYWORDS="amd64"
-#PYTHON_TARGETS="python2_7"
-#USE_PYTHON="2.7"
 L10N="en"
 
 CPU_FLAGS_X86="mmx mmxext sse sse2 sse3 ssse3 sse4 sse4_1 sse4_2 aes avx"

packer.json

@@ -2,17 +2,19 @@
     "variables": {
 	"docker-registry": "dr.rbkmoney.com",
 	"files-dir": "{{env `PWD`}}/files/",
+	"portage-root-dir": "{{env `PWD`}}/portage-root/",
 	"shared-dir": "{{env `HOME`}}/.cache/rbkmoney/images/shared/",
 	"image-tag": null
     },
     "builders": [
 	{
 	    "type": "docker",
-	    "image": "{{user `docker-registry`}}/rbkmoney/stage3-amd64-hardened-nomultilib",
-	    "run_command": ["-d", "-i", "-t", "{{.Image}}", "/bin/bash"],
+            "image": "{{user `docker-registry`}}/rbkmoney/build:10ace69bc3a1fc3179672098b7be081f9f6018b2",
+	    "run_command": ["-d", "-i", "-t", "{{.Image}}", "/bin/sh"],
 	    "volumes": {
 		"{{user `files-dir`}}": "/tmp/data:ro",
-		"{{user `shared-dir`}}/portage": "/usr/portage:ro"
+		"{{user `portage-root-dir`}}": "/tmp/portage-root",
+		"{{user `shared-dir`}}/portage": "/usr/portage:rw"
 	    },
 	    "pull": "false",
 	    "commit": "true"
@@ -23,12 +25,5 @@
 	    "type": "shell",
 	    "script": "{{user `files-dir`}}/packer.sh"
 	}
-    ],
-    "post-processors": [
-	{
-	    "type": "docker-tag",
-	    "repository": "{{user `docker-registry`}}/rbkmoney/embedded",
-	    "tag": "{{user `image-tag`}}"
-	}
     ]
 }