diff --git a/.gitignore b/.gitignore index 5943320..498356c 100644 --- a/.gitignore +++ b/.gitignore @@ -6,4 +6,5 @@ latest-stage3-* *~ *.sublime-workspace .DS_Store +Dockerfile diff --git a/.latest-stage3 b/.latest-stage3 deleted file mode 100644 index a65dafd..0000000 --- a/.latest-stage3 +++ /dev/null @@ -1 +0,0 @@ -releases/amd64/autobuilds/20171012/hardened/stage3-amd64-hardened+nomultilib-20171012.tar.bz2 diff --git a/Dockerfile.sh b/Dockerfile.sh new file mode 100755 index 0000000..a223c6f --- /dev/null +++ b/Dockerfile.sh @@ -0,0 +1,14 @@ +#!/bin/sh +cat < .latest-stage3 +Dockerfile: Dockerfile.sh + SERVICE_NAME=$(SERVICE_NAME) BRANCH=$(BRANCH) COMMIT=$(COMMIT) ./Dockerfile.sh > Dockerfile -.latest-stage3.loaded: .latest-stage3 - $(UTILS_PATH)/sh/getstage3.sh get-path -D "http://gentoo.bakka.su/gentoo-distfiles" \ - $(shell cat .latest-stage3) | tail -n 1 > $@ - -.state: .latest-stage3.loaded $(PACKER) $(REPOS_TARGET) packer.json files/packer.sh files/portage.make.conf - $(eval STAGE3 := $(shell cat .latest-stage3.loaded)) - $(shell test -z "$(STAGE3)" && exit 1) - $(DOCKER) run -v `pwd`:/tmp/pwd -w /tmp/repack busybox /bin/sh -c \ - "tar xjf /tmp/pwd/$(STAGE3); tar cjf /tmp/pwd/$(STAGE3).repack *" - $(DOCKER) import $(STAGE3).repack "$(REGISTRY)/$(ORG_NAME)/stage3-amd64-hardened-nomultilib" +.state: $(PACKER) $(REPOS_TARGET) packer.json files/packer.sh files/portage.make.conf Dockerfile + mkdir -p portage-root $(PACKER) build -var 'image-tag=$(TAG)' packer.json - printf "FROM $(SERVICE_IMAGE_NAME):$(TAG)\n \ - LABEL com.rbkmoney.$(SERVICE_NAME).parent=null \ - com.rbkmoney.$(SERVICE_NAME).stage3-used=$(STAGE3) \ - com.rbkmoney.$(SERVICE_NAME).branch=$(BRANCH) \ - com.rbkmoney.$(SERVICE_NAME).commit_id=$(COMMIT) \ - com.rbkmoney.$(SERVICE_NAME).commit_number=`git rev-list --count HEAD`" \ - | docker build -t $(SERVICE_IMAGE_NAME):$(TAG) - - echo $(TAG) > $@ + docker build -t $(SERVICE_IMAGE_NAME):$(TAG) . test: $(DOCKER) run "$(SERVICE_IMAGE_NAME):$(shell cat .state)" \ diff --git a/files/.packer.sh.swp b/files/.packer.sh.swp new file mode 100644 index 0000000..8abbb98 Binary files /dev/null and b/files/.packer.sh.swp differ diff --git a/files/packer.sh b/files/packer.sh index d2eca54..2c39284 100644 --- a/files/packer.sh +++ b/files/packer.sh @@ -1,123 +1,33 @@ -#!/bin/bash +#!/bin/sh source /lib/gentoo/functions.sh -export EMERGE="emerge -q" -SALT_VERSION="2015.8.13" +# XXX Fix broken build image +USE="multitarget graphite go" +emerge --getbinpkgonly --backtrack=50 glibc binutils binutils-libs gcc +eselect binutils set x86_64-pc-linux-gnu-2.28.1 +gcc-config x86_64-pc-linux-gnu-5.4.0 + +# Set portage root and install stuff +export ROOT=/tmp/portage-root +mkdir -p $ROOT/etc -# Get utf-8 support with default locale ebegin "Setting locales to generate" -# DK uses 24h time -cat < /etc/locale.gen +cat < $ROOT/etc/locale.gen en_DK.UTF-8 UTF-8 EOF eend $? "Failed" || exit $? ebegin "Setting locales to preserve" -cat < /etc/locale.nopurge +cat < $ROOT/etc/locale.nopurge MANDELETE SHOWFREEDSPACE en_DK.UTF-8 UTF-8 EOF eend $? "Failed" || exit $? -locale-gen || exit $? + +emerge --quiet-build=n --verbose --verbose-conflicts --tree openssl iproute2 grep gawk \ + coreutils attr util-linux net-misc/curl sed eselect locale set en_DK.utf8 || exit $? -# Get cert for loading packages from bakka repo via HTTPS -ebegin "Downloading CA for the package repository" -mkdir -p /usr/local/share/ca-certificates \ - && wget -q http://bakka.su/ca/baka_bakka.crt -O /usr/local/share/ca-certificates/baka_bakka.crt -eend $? "Failed" || exit $? -ebegin "Updating CA cerificates" -update-ca-certificates --fresh > /dev/null -eend $? "Failed" || exit $? - -# /tmp/data mount set in packer.json -ebegin "Copying portage/make.conf" -cp /tmp/data/portage.make.conf /etc/portage/make.conf -eend $? "Failed" || exit $? - -ebegin "Adding repos.conf/gentoo" -mkdir -p /etc/portage/repos.conf \ - && cat < /etc/portage/repos.conf/gentoo.conf -[DEFAULT] -main-repo = gentoo - -[gentoo] -location = /usr/portage -sync-type = rsync -auto-sync = false -EOF -eend $? "Failed" || exit $? - -# https://wiki.gentoo.org/wiki/Profile_(Portage) -ebegin "Selecting profile" -eselect profile set hardened/linux/amd64/no-multilib -eend $? "Failed" || exit $? - -ebegin "Setting bootstrap flags" -mkdir -p /etc/portage/package.{accept_keywords,keywords,use,env} \ - && touch /etc/portage/package.keywords/bootstrap -eend $? "Failed" || exit $? - -# XXX we may need to remove openssh -ebegin "Removing openssh (to skip it's rebuilding with -bindist)" -${EMERGE} -C openssh -eend $? "Failed" || exit $? - -# bakka.su cert is ECDSA and to get this supported we rebuild openssl without -# bindist -ebegin "Rebuilding openssl -bindist" -FEATURES="-getbinpkg" ${EMERGE} --verbose=n openssl -eend $? "Failed" || exit $? - -# Enable bakka.su mirrors -ebegin "Uncommenting GENTOO_MIRRORS and other vars in make.conf" -sed -i "s|\# sed-remove||g" /etc/portage/make.conf -eend $? "Failed" || exit $? - -ebegin "Emerging localepurge qemacs nvi openssh" -${EMERGE} --verbose=n qemacs nvi app-admin/localepurge -eend $? "Failed" || exit $? - -# XXX python2.7 is needed by salt -#ebegin "Selecting python2.7 as default python interpreter" -#eselect python set python2.7 -#eend $? "Failed" || exit $? - -ebegin "Selecting pager" -eselect pager set /usr/bin/less -eend $? "Failed" || exit $? - -# XXX perl is needed by at least localepurge -einfo "Updating perl" -perl-cleaner --reallyall || exit $? - -ebegin "Updating world" -${EMERGE} -uDN @world -eend $? "Failed" || exit $? - -# remove orphaned deps -ebegin "Cleaning deps" -${EMERGE} --verbose=n --depclean -eend $? "Failed" || exit $? - -einfo "Purging extra locales" -localepurge || exit $? - -find /usr/share/gtk-doc -delete -find /usr/share/man -delete -find /usr/share/doc -delete -find /usr/share/sgml -print -delete -find /usr/share/i18n -print -find /usr/share/misc -print -find / -name '*.pyc' -delete - -ebegin "Removing temporary directories and logs" -rm -rf /var/tmp/{portage,packages,distfiles} -find /var/log -type f ! -name '.keep*' -print -delete -eend $? "Failed" || exit $? - -einfo "And here are some resulting space consumption details" -find / -mindepth 2 -maxdepth 4 -exec 'du' '-hsx' '{}' ';' | sort -h | tail -n 50 -find / -maxdepth 1 -exec 'du' '-hsx' '{}' ';' | sort -h | tail -n 50 +rm -rf $ROOT/var/cache/edb/* diff --git a/files/portage.make.conf b/files/portage.make.conf index e58e51f..be3f382 100644 --- a/files/portage.make.conf +++ b/files/portage.make.conf @@ -12,8 +12,6 @@ PORT_LOGDIR="/var/log/portage" # sed-remove PORTAGE_BINHOST="https://gentoo.bakka.su/gentoo-packages/amd64/corei7-avx/packages" PORTAGE_SSH_OPTS="" ACCEPT_KEYWORDS="amd64" -#PYTHON_TARGETS="python2_7" -#USE_PYTHON="2.7" L10N="en" CPU_FLAGS_X86="mmx mmxext sse sse2 sse3 ssse3 sse4 sse4_1 sse4_2 aes avx" diff --git a/packer.json b/packer.json index d74d5ab..0005ba8 100644 --- a/packer.json +++ b/packer.json @@ -2,17 +2,19 @@ "variables": { "docker-registry": "dr.rbkmoney.com", "files-dir": "{{env `PWD`}}/files/", + "portage-root-dir": "{{env `PWD`}}/portage-root/", "shared-dir": "{{env `HOME`}}/.cache/rbkmoney/images/shared/", "image-tag": null }, "builders": [ { "type": "docker", - "image": "{{user `docker-registry`}}/rbkmoney/stage3-amd64-hardened-nomultilib", - "run_command": ["-d", "-i", "-t", "{{.Image}}", "/bin/bash"], + "image": "{{user `docker-registry`}}/rbkmoney/build:10ace69bc3a1fc3179672098b7be081f9f6018b2", + "run_command": ["-d", "-i", "-t", "{{.Image}}", "/bin/sh"], "volumes": { "{{user `files-dir`}}": "/tmp/data:ro", - "{{user `shared-dir`}}/portage": "/usr/portage:ro" + "{{user `portage-root-dir`}}": "/tmp/portage-root", + "{{user `shared-dir`}}/portage": "/usr/portage:rw" }, "pull": "false", "commit": "true" @@ -23,12 +25,5 @@ "type": "shell", "script": "{{user `files-dir`}}/packer.sh" } - ], - "post-processors": [ - { - "type": "docker-tag", - "repository": "{{user `docker-registry`}}/rbkmoney/embedded", - "tag": "{{user `image-tag`}}" - } ] }