From 3e7d239e2b4d8d9e7c9e96028f8f1e6fecced3cc Mon Sep 17 00:00:00 2001
From: Leonardo Fagundes Luz Serrano
 <Leonardo.FagundesLuzSerrano@windriver.com>
Date: Thu, 24 Oct 2024 18:16:30 -0300
Subject: [PATCH] patch-iso-debian: Use ostree repo from deploy dir

This commit reverts a change made in [1].

The input ostree repo should be the one in DEPLOY_DIR,
not the one in the Input ISO.

This is because the script that generates patches has a
"reuse initramfs" feature, which modifies the ostree commit before creating the patch and saves this change on DEPLOY_DIR as well [2],
but not in the "raw" ISO (the one created by "build-image --keep").

The requirement for the DEPLOY_DIR env variable
has been re-introduced.

Note that, instead of pulling just the latest ostree commit,
all commits are pulled and then the old ones (all except the latest)
are deleted from the repo. By doing this, their respective
"tombstone" files are created, which are internal ostree flags
stating that those commits are missing *intentionally*.
Without them, some ostree operations throw errors
for the missing commits.

Ref:
[1] https://review.opendev.org/c/starlingx/root/+/923771
[2] https://opendev.org/starlingx/update/src/commit/d963ae7f51c966095a3cff846fb31ba8c3e7e7e9/sw-patch/cgcs-patch/cgcs_make_patch/make_patch.py#L794-L804

Test Plan:
pass - create pre-patched ISO by running script in LAT container
pass - install pre-patched ISO
pass - "sw-patch query" shows previous patches
pass - output ostree repo has tombstones for deleted ostree commits

Story: 2011098
Task: 51227

Change-Id: If2ed17220484d6900976d6413983791c50f53516
Signed-off-by: Leonardo Fagundes Luz Serrano <Leonardo.FagundesLuzSerrano@windriver.com>
---
 build-tools/patch-iso-debian | 104 +++++++++++++++++++++++------------
 1 file changed, 70 insertions(+), 34 deletions(-)

diff --git a/build-tools/patch-iso-debian b/build-tools/patch-iso-debian
index 42cb8193..b2daa695 100755
--- a/build-tools/patch-iso-debian
+++ b/build-tools/patch-iso-debian
@@ -4,16 +4,7 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 #
-# This script takes as input an ISO and one or more patches
-# and generates as output an ISO with the following changes:
-#
-# - Contains only the latest ostree commit from the input ISO
-# - ISO has a "patches" folder with the patches' metadata files.
-#   This folder is processed by kickstart during install, so that
-#   'sw-patch query' has access to this info.
-#
-# The intent is for the system to have record of the patches that are
-# already pre-installed in the system.
+# Script to generate pre-patched ISOs.
 #
 
 BUILD_TOOLS_DIR="$(dirname "$0")"
@@ -21,21 +12,40 @@ BUILD_TOOLS_DIR="$(dirname "$0")"
 # shellcheck source="./build-tools/image-utils.sh"
 source "${BUILD_TOOLS_DIR}/image-utils.sh"
 
-# Define MY_REPO, which is the path to the 'root' repo. Eg.: $REPO_ROOT/cgcs_root
-# Value is used to locate the following file for ISO signing:
-# ${MY_REPO}/build-tools/signing/dev-private-key.pem
-if [ -z "${MY_REPO}" ]; then
-    MY_REPO="$(dirname "${BUILD_TOOLS_DIR}")"
-fi
+usage="
+Script to generate pre-patched ISOs.
+
+Inputs:
+- an ISO
+- one or more patches
+- ostree repo (assumed to be in \${DEPLOY_DIR}/ostree_repo/
+  or \${STX_BUILD_HOME}/localdisk/deploy/ostree_repo/)
+
+It generates as output an ISO with the following changes:
+
+- Contains only the latest ostree commit from the input ostree repo
+- ISO has a 'patches' folder with the patches' metadata files.
+  This folder is processed by kickstart during install, so that
+  'sw-patch query' has access to this info to list the patches
+  (each of them refers to one of the older commits in the ostree repo)
+
+The intent is for the system to have record of the patches that are
+already pre-installed in the system.
+
+Usage:
+    $(basename "$0") -i <input filename.iso> -o <output filename.iso> [ -p ] <patch> ...
+        -i <file>: Specify input ISO file
+        -o <file>: Specify output ISO file
+        -p <file>: Patch files. Can be called multiple times.
+
+Attention:
+- Either the DEPLOY_DIR or the STX_BUILD_HOME env variable must be defined.
+  It's used to find the input ostree repo.
+
+"
 
 function usage() {
-    echo ""
-    echo "Usage: "
-    echo "   $(basename "$0") -i <input filename.iso> -o <output filename.iso> [ -p ] <patch> ..."
-    echo "        -i <file>: Specify input ISO file"
-    echo "        -o <file>: Specify output ISO file"
-    echo "        -p <file>: Patch files. You can call it multiple times."
-    echo ""
+    echo "${usage}"
 }
 
 function extract_ostree_commit_from_metadata_xml() {
@@ -79,6 +89,7 @@ function extract_metadata() {
 
 declare INPUT_ISO=
 declare OUTPUT_ISO=
+declare BUILDDIR=
 
 while getopts "i:o:p:" opt; do
     case $opt in
@@ -128,7 +139,6 @@ done
 
 shift $((OPTIND-1))
 
-declare BUILDDIR=
 
 function check_requirements {
     # Next to each requirement is the deb package which provides the command listed.
@@ -185,6 +195,23 @@ check_requirements
 # Run cleanup() when finishing/interrupting execution
 trap cleanup EXIT
 
+# Define MY_REPO, which is the path to the 'root' repo. Eg.: $REPO_ROOT/cgcs_root
+# Value is used to locate the following file for ISO signing:
+# ${MY_REPO}/build-tools/signing/dev-private-key.pem
+if [ -z "${MY_REPO}" ]; then
+    MY_REPO="$(dirname "${BUILD_TOOLS_DIR}")"
+fi
+
+# Define DEPLOY_DIR, which is the directory containing the input ostree repo
+if [ -z "${DEPLOY_DIR}" ]; then
+    if [ -n "${STX_BUILD_HOME}" ]; then
+        DEPLOY_DIR="${STX_BUILD_HOME}/localdisk/deploy"
+    else
+        echo "ERROR: Please define either the DEPLOY_DIR or the STX_BUILD_HOME env variables."
+        exit 1
+    fi
+fi
+
 # Create temporary build directory
 BUILDDIR=$(mktemp -d -p "$PWD" patchiso_build_XXXXXX)
 if [ -z "${BUILDDIR}" ] || [ ! -d "${BUILDDIR}" ]; then
@@ -192,6 +219,17 @@ if [ -z "${BUILDDIR}" ] || [ ! -d "${BUILDDIR}" ]; then
     exit 1
 fi
 
+echo "Extracting Input ISO contents (except ostree repo)..."
+if ! 7z x "${INPUT_ISO}" -o"${BUILDDIR}" -x\!ostree_repo 1>/dev/null ; then
+    echo "ERROR: Failed to extract ISO contents"
+    exit 1
+fi
+
+# Deleting '[BOOT]' directory. It will be re-created when packing the output ISO.
+if [ -d "${BUILDDIR}/[BOOT]" ]; then
+    rm -rf "${BUILDDIR}/[BOOT]"
+fi
+
 # Fix for permission denied if not running as root
 chmod +w "${BUILDDIR}"
 if [ -d "${BUILDDIR}/isolinux" ]; then
@@ -204,20 +242,18 @@ if [ -d "${BUILDDIR}/patches" ]; then
     rm -rf "${BUILDDIR}/patches"
 fi
 
+echo "List contents extracted from Input ISO (after adjustments):"
+ls -lh "${BUILDDIR}"
+
 # Create the directory where patch metadata will be stored
 mkdir -p "${BUILDDIR}/patches"
 chmod -R +w "${BUILDDIR}/patches"
 
-echo "Extracting Input ISO contents..."
-if ! 7z x "${INPUT_ISO}" -o"${BUILDDIR}" 1>/dev/null ; then
-    echo "ERROR: Extract ISO contents"
-    exit 1
-fi
-
-# Delete boot directory. It will be re-created when packing the output ISO
-if [ -d "${BUILDDIR}/[BOOT]" ]; then
-    rm -rf "${BUILDDIR}/[BOOT]"
-fi
+echo "Create a copy of the input ostree repo in the temp build directory..."
+echo "Input ostree repo: ${DEPLOY_DIR}/ostree_repo/"
+ostree --repo="${BUILDDIR}/ostree_repo" init --mode=archive-z2
+ostree --repo="${BUILDDIR}/ostree_repo" pull-local --depth=-1 "${DEPLOY_DIR}/ostree_repo/" starlingx
+ostree --repo="${BUILDDIR}/ostree_repo" summary --update
 
 echo "Extracting patch metadata..."
 for PATCH in "${PATCH_FILES[@]}";