e49f05028c
Currently, during ramdisk optimization steps, the find tool is used to look for files to remove. We pipe all files found by find to the rm command running as sudo. This is necessary because of the ownership of the files to be removed. This commit uses the "--no-run-if-empty" GNU extension to xargs. This extension should be present on all machines running the TinyIPA build, because non-GNU systems simply cannot build TinyIPA. An alternative would have been to use the -delete flag to find, and to run find as root. Change-Id: I78854c8901433b7d45e014dd18e7a5ff794a9c45 Closes-bug: #1661219
189 lines
7.0 KiB
Bash
Executable File
189 lines
7.0 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
set -ex
|
|
WORKDIR=$(readlink -f $0 | xargs dirname)
|
|
source ${WORKDIR}/tc-mirror.sh
|
|
BUILDDIR="$WORKDIR/tinyipabuild"
|
|
FINALDIR="$WORKDIR/tinyipafinal"
|
|
BUILD_AND_INSTALL_TINYIPA=${BUILD_AND_INSTALL_TINYIPA:-true}
|
|
TINYCORE_MIRROR_URL=${TINYCORE_MIRROR_URL:-}
|
|
ENABLE_SSH=${ENABLE_SSH:-false}
|
|
SSH_PUBLIC_KEY=${SSH_PUBLIC_KEY:-}
|
|
PYOPTIMIZE_TINYIPA=${PYOPTIMIZE_TINYIPA:-true}
|
|
|
|
TC=1001
|
|
STAFF=50
|
|
|
|
CHROOT_PATH="/tmp/overides:/usr/local/sbin:/usr/local/bin:/apps/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
|
CHROOT_CMD="sudo chroot $FINALDIR /usr/bin/env -i PATH=$CHROOT_PATH http_proxy=$http_proxy https_proxy=$https_proxy no_proxy=$no_proxy"
|
|
TC_CHROOT_CMD="sudo chroot --userspec=$TC:$STAFF $FINALDIR /usr/bin/env -i PATH=$CHROOT_PATH http_proxy=$http_proxy https_proxy=$https_proxy no_proxy=$no_proxy"
|
|
|
|
echo "Finalising tinyipa:"
|
|
|
|
# Find a working TC mirror if none is explicitly provided
|
|
choose_tc_mirror
|
|
|
|
|
|
if $ENABLE_SSH ; then
|
|
echo "Validating location of public SSH key"
|
|
if [ -n "$SSH_PUBLIC_KEY" ]; then
|
|
if [ -f "$SSH_PUBLIC_KEY" ]; then
|
|
_found_ssh_key="$SSH_PUBLIC_KEY"
|
|
fi
|
|
else
|
|
for fmt in rsa dsa; do
|
|
if [ -f "$HOME/.ssh/id_$fmt.pub" ]; then
|
|
_found_ssh_key="$HOME/.ssh/id_$fmt.pub"
|
|
break
|
|
fi
|
|
done
|
|
fi
|
|
|
|
if [ -z $_found_ssh_key ]; then
|
|
echo "Failed to find neither provided nor default SSH key"
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
sudo -v
|
|
|
|
if [ -d "$FINALDIR" ]; then
|
|
sudo rm -rf "$FINALDIR"
|
|
fi
|
|
|
|
mkdir "$FINALDIR"
|
|
|
|
# Extract rootfs from .gz file
|
|
( cd "$FINALDIR" && zcat $WORKDIR/build_files/corepure64.gz | sudo cpio -i -H newc -d )
|
|
|
|
# Download get-pip into ramdisk
|
|
( cd "$FINALDIR/tmp" && wget https://bootstrap.pypa.io/get-pip.py )
|
|
|
|
#####################################
|
|
# Setup Final Dir
|
|
#####################################
|
|
|
|
sudo cp $FINALDIR/etc/resolv.conf $FINALDIR/etc/resolv.conf.old
|
|
sudo cp /etc/resolv.conf $FINALDIR/etc/resolv.conf
|
|
|
|
sudo cp -a $FINALDIR/opt/tcemirror $FINALDIR/opt/tcemirror.old
|
|
sudo sh -c "echo $TINYCORE_MIRROR_URL > $FINALDIR/opt/tcemirror"
|
|
|
|
# Modify ldconfig for x86-64
|
|
$CHROOT_CMD cp /sbin/ldconfig /sbin/ldconfigold
|
|
printf '/sbin/ldconfigold $@ | sed "s/unknown/libc6,x86-64/"' | $CHROOT_CMD tee -a /sbin/ldconfignew
|
|
$CHROOT_CMD cp /sbin/ldconfignew /sbin/ldconfig
|
|
$CHROOT_CMD chmod u+x /sbin/ldconfig
|
|
|
|
# Copy python wheels from build to final dir
|
|
cp -Rp "$BUILDDIR/tmp/wheels" "$FINALDIR/tmp/wheelhouse"
|
|
|
|
mkdir -p $FINALDIR/tmp/builtin/optional
|
|
$CHROOT_CMD chown -R tc.staff /tmp/builtin
|
|
$CHROOT_CMD chmod -R a+w /tmp/builtin
|
|
$CHROOT_CMD ln -sf /tmp/builtin /etc/sysconfig/tcedir
|
|
echo "tc" | $CHROOT_CMD tee -a /etc/sysconfig/tcuser
|
|
|
|
cp $WORKDIR/build_files/tgt.* $FINALDIR/tmp/builtin/optional
|
|
cp $WORKDIR/build_files/qemu-utils.* $FINALDIR/tmp/builtin/optional
|
|
|
|
# Mount /proc for chroot commands
|
|
sudo mount --bind /proc $FINALDIR/proc
|
|
|
|
mkdir $FINALDIR/tmp/overides
|
|
cp $WORKDIR/build_files/fakeuname $FINALDIR/tmp/overides/uname
|
|
|
|
while read line; do
|
|
$TC_CHROOT_CMD tce-load -wic $line
|
|
done < $WORKDIR/build_files/finalreqs.lst
|
|
|
|
if $ENABLE_SSH ; then
|
|
# Install and configure bare minimum for SSH access
|
|
$TC_CHROOT_CMD tce-load -wic openssh
|
|
# Configure OpenSSH
|
|
$CHROOT_CMD cp /usr/local/etc/ssh/sshd_config.orig /usr/local/etc/ssh/sshd_config
|
|
echo "PasswordAuthentication no" | $CHROOT_CMD tee -a /usr/local/etc/ssh/sshd_config
|
|
# Generate and configure host keys - RSA, DSA, Ed25519
|
|
# NOTE(pas-ha) ECDSA host key will still be re-generated fresh on every image boot
|
|
$CHROOT_CMD ssh-keygen -t rsa -N "" -f /usr/local/etc/ssh/ssh_host_rsa_key
|
|
$CHROOT_CMD ssh-keygen -t dsa -N "" -f /usr/local/etc/ssh/ssh_host_dsa_key
|
|
$CHROOT_CMD ssh-keygen -t ed25519 -N "" -f /usr/local/etc/ssh/ssh_host_ed25519_key
|
|
echo "HostKey /usr/local/etc/ssh/ssh_host_rsa_key" | $CHROOT_CMD tee -a /usr/local/etc/ssh/sshd_config
|
|
echo "HostKey /usr/local/etc/ssh/ssh_host_dsa_key" | $CHROOT_CMD tee -a /usr/local/etc/ssh/sshd_config
|
|
echo "HostKey /usr/local/etc/ssh/ssh_host_ed25519_key" | $CHROOT_CMD tee -a /usr/local/etc/ssh/sshd_config
|
|
|
|
# setup user and SSH keys
|
|
$CHROOT_CMD mkdir -p /home/tc
|
|
$CHROOT_CMD chown -R tc.staff /home/tc
|
|
$TC_CHROOT_CMD mkdir -p /home/tc/.ssh
|
|
cat $_found_ssh_key | $TC_CHROOT_CMD tee /home/tc/.ssh/authorized_keys
|
|
$CHROOT_CMD chown tc.staff /home/tc/.ssh/authorized_keys
|
|
$TC_CHROOT_CMD chmod 600 /home/tc/.ssh/authorized_keys
|
|
fi
|
|
|
|
$TC_CHROOT_CMD tce-load -ic /tmp/builtin/optional/tgt.tcz
|
|
$TC_CHROOT_CMD tce-load -ic /tmp/builtin/optional/qemu-utils.tcz
|
|
|
|
# Ensure tinyipa picks up installed kernel modules
|
|
$CHROOT_CMD depmod -a `$WORKDIR/build_files/fakeuname -r`
|
|
|
|
# If flag is set install the python now
|
|
if $BUILD_AND_INSTALL_TINYIPA ; then
|
|
cp -a $BUILDDIR/tmp/upper-constraints.txt $FINALDIR/tmp/upper-constraints.txt
|
|
$CHROOT_CMD python /tmp/get-pip.py -c /tmp/upper-constraints.txt --no-wheel --no-index --find-links=file:///tmp/wheelhouse ironic_python_agent
|
|
rm -rf $FINALDIR/tmp/upper-constraints.txt
|
|
rm -rf $FINALDIR/tmp/wheelhouse
|
|
rm -rf $FINALDIR/tmp/get-pip.py
|
|
fi
|
|
|
|
# Unmount /proc and clean up everything
|
|
sudo umount $FINALDIR/proc
|
|
sudo rm -rf $FINALDIR/tmp/builtin
|
|
sudo rm -rf $FINALDIR/tmp/tcloop
|
|
sudo rm -rf $FINALDIR/usr/local/tce.installed
|
|
sudo mv $FINALDIR/opt/tcemirror.old $FINALDIR/opt/tcemirror
|
|
sudo mv $FINALDIR/etc/resolv.conf.old $FINALDIR/etc/resolv.conf
|
|
sudo rm $FINALDIR/etc/sysconfig/tcuser
|
|
sudo rm $FINALDIR/etc/sysconfig/tcedir
|
|
|
|
# Copy bootlocal.sh to opt
|
|
sudo cp "$WORKDIR/build_files/bootlocal.sh" "$FINALDIR/opt/."
|
|
|
|
# Disable ZSwap
|
|
sudo sed -i '/# Main/a NOZSWAP=1' "$FINALDIR/etc/init.d/tc-config"
|
|
# sudo cp $WORKDIR/build_files/tc-config $FINALDIR/etc/init.d/tc-config
|
|
|
|
if $PYOPTIMIZE_TINYIPA; then
|
|
# Precompile all python
|
|
set +e
|
|
$CHROOT_CMD /bin/bash -c "python -OO -m compileall /usr/local/lib/python2.7"
|
|
set -e
|
|
find $FINALDIR/usr/local/lib/python2.7 -name "*.py" -not -path "*ironic_python_agent/api/config.py" | sudo xargs --no-run-if-empty rm
|
|
find $FINALDIR/usr/local/lib/python2.7 -name "*.pyc" | sudo xargs --no-run-if-empty rm
|
|
else
|
|
sudo sed -i "s/PYTHONOPTIMIZE=1/PYTHONOPTIMIZE=0/" "$FINALDIR/opt/bootlocal.sh"
|
|
fi
|
|
|
|
# Delete unnecessary Babel .dat files
|
|
find $FINALDIR -path "*babel/locale-data/*.dat" -not -path "*en_US*" | sudo xargs --no-run-if-empty rm
|
|
|
|
# Allow an extension to be added to the generated files by specifying
|
|
# $BRANCH_PATH e.g. export BRANCH_PATH=master results in tinyipa-master.gz etc
|
|
branch_ext=''
|
|
if [ -n "$BRANCH_PATH" ]; then
|
|
branch_ext="-$BRANCH_PATH"
|
|
fi
|
|
|
|
# Rebuild build directory into gz file
|
|
( cd "$FINALDIR" && sudo find | sudo cpio -o -H newc | gzip -9 > "$WORKDIR/tinyipa${branch_ext}.gz" )
|
|
|
|
# Copy vmlinuz to new name
|
|
cp "$WORKDIR/build_files/vmlinuz64" "$WORKDIR/tinyipa${branch_ext}.vmlinuz"
|
|
|
|
# Create tar.gz containing tinyipa files
|
|
tar czf tinyipa${branch_ext}.tar.gz tinyipa${branch_ext}.gz tinyipa${branch_ext}.vmlinuz
|
|
|
|
# Output files with sizes created by this script
|
|
echo "Produced files:"
|
|
du -h tinyipa${branch_ext}.gz tinyipa${branch_ext}.tar.gz tinyipa${branch_ext}.vmlinuz
|