diff --git a/barney.yaml b/barney.yaml index 437ce77c..06051a64 100644 --- a/barney.yaml +++ b/barney.yaml @@ -5,43 +5,42 @@ generators: images: - internal/alma-9.1-bootstrap: + internal/bootstrap/iso-extraction-floor: + entry: + mutables: + - /var/work units: - - image: barney.ci/docker%image/quay.io/almalinuxorg/9-minimal//9.4-20240506 - - sources: [] - build: | - mkdir -p /dest/etc - touch /dest/etc/resolv.conf - finalizers: - - | - export DNF_HOST="https://artifactory.infra.corp.arista.io/artifactory" - export DNF_ARCH="$(arch)" - export DNF_DISTRO_REPO="alma-vault/9.1" - export DNF_EPEL9_REPO_VERSION="v20240127-1" - export DNF_EPEL9_REPO="eext-snapshots-local/epel9/${DNF_EPEL9_REPO_VERSION}/9/Everything" - echo '#!/bin/sh - microdnf --assumeyes --installroot=/dest --noplugins --config=/etc/dnf/dnf.conf \ - --setopt=cachedir=/var/cache/microdnf --setopt=reposdir=/etc/yum.repos.d \ - --setopt=varsdir=/etc/dnf --releasever=9.1 install "$@" - ' > /usr/bin/install-rpms - chmod 755 /usr/bin/install-rpms - rm -rf /etc/yum.repos.d - mkdir -p /etc/yum.repos.d - echo "[epel9-subset] - baseurl=${DNF_HOST}/${DNF_EPEL9_REPO}/${DNF_ARCH}/ - enabled=1 - gpgcheck=0 - " > /etc/yum.repos.d/eext-externaldeps.repo - echo "[BaseOS] - baseurl=${DNF_HOST}/${DNF_DISTRO_REPO}/BaseOS/${DNF_ARCH}/os/ - enabled=1 - " > /etc/yum.repos.d/BaseOS.repo - echo "[AppStream] - baseurl=${DNF_HOST}/${DNF_DISTRO_REPO}/AppStream/${DNF_ARCH}/os/ - exclude=podman - enabled=1 - " > /etc/yum.repos.d/AppStream.repo + - image: barney.ci/alpine%pkg/alpine-base + - image: barney.ci/alpine%pkg/gettext + - image: barney.ci/alpine%pkg/wget + - image: barney.ci/alpine%network + - image: barney.ci/alpine%apk-finalizers + - build: | + mkdir -p /dest/var/work + + internal/bootstrap/src-deps: + no-create-mountpoints: true + units: + - build: | + cp -a bootstrap/* /dest/ + cp -a pki/rpmkeys/alma9-b86b3716-gpg-pubkey.pem /dest/ + cp -a pki/rpmkeys/epel9-3228467c-gpg-pubkey.pem /dest/ + rm -f /dest/README* + + internal/bootstrap: + description: | + Minimal bootstrapping environment used to bootstrap almalinux. + + This needs to be based off of an rpm-based distro, + we're using CentOS-stream as a suitable tarball and CHECKSUM file + is readily available on the mirror. This is seldom changed and + any change here will update all eext snapshots. + We wipe out the dnf/yum repo configuration in the tarball, + and setup our own curated set of frozen almalinux repos. + + We also include an install-rpms script which is used to bootstrap + the almalinux image. entry: share-net: true mounts: @@ -51,10 +50,64 @@ images: mutables: - /var/cache - /var/lib/dnf + units: + - floor: .%internal/bootstrap/iso-extraction-floor + entry: + env: + DNF_HOST: ${eext-dnf-host.url:-https://artifactory.infra.corp.arista.io/artifactory} + BOOTSTRAP_PATH: eext-sources/bootstrap/CentOS-Stream + BOOTSTRAP_FILE: CentOS-Stream-Container-Base-9-20240715.0 + BOOTSTRAP_EXTENSION: tar.xz + DNF_DISTRO_REPO: alma-vault + DNF_DISTRO_REPO_VERSION: "9.3" + DNF_EPEL_REPO: eext-snapshots-local/epel9 + DNF_EPEL_REPO_SNAPSHOT_VERSION: v20240127-1 + DNF_EPEL_REPO_DISTRO_VERSION: "9" + sources: [] + mappings: + /src/bootstrap: .%internal/bootstrap/src-deps + build: | + # URL of tarball with OS image + export ARCH=$(uname -m) + bootstrap_filename="${BOOTSTRAP_FILE}.${ARCH}.${BOOTSTRAP_EXTENSION}" + bootstrap_url="${DNF_HOST}/${BOOTSTRAP_PATH}/${bootstrap_filename}" + + # Download the tarball into the mutable working dir + cd /var/work + wget ${bootstrap_url} + + # Validate downloaded tarball + grep "${bootstrap_filename}" /src/bootstrap/CHECKSUM | sha256sum -wc + + # Extract tarball and setup rootfs + # This is a nested tarball, the real rootfs is in layer.tar + # Extract the firt level tarball inside the extr subdirectory + # within the working directory and and then extract the + # second level layer.tar directly to /dest + mkdir extr + tar --strip-components=1 -C ./extr -xf ./${bootstrap_filename} + tar -xf ./extr/layer.tar -C /dest + + # Now modify the extracted file system to remove unwanted + # stuff and add extra stuff. + + # Remove any pre-configured yum repos + rm /dest/etc/yum.repos.d/* + # Setup install-rpms shell script + mkdir -p /dest/usr/bin + chmod 555 /dest/usr/bin + cp -a /src/bootstrap/install-rpms /dest/usr/bin/ + chmod 0755 /dest/usr/bin/install-rpms + # Setup gpg keys + mkdir -p /dest/usr/share/distribution-gpg-keys + chmod 555 /dest/usr/share/distribution-gpg-keys + cp -a /src/bootstrap/*.pem /dest/usr/share/distribution-gpg-keys/ + # Setup curated frozen dnf repo list for build reproducibility + envsubst < /src/bootstrap/eext-repos-build.repo.template > /dest/etc/yum.repos.d/eext-repos-build.repo base-image: units: - - floor: .%internal/alma-9.1-bootstrap + - floor: .%internal/bootstrap sources: [] build: install-rpms autoconf automake coreutils git rpm rpmdevtools rpm-build make mock python3-devel quilt @@ -103,7 +156,7 @@ images: - build: | mkdir -p /dest/var/cache/go mkdir -p /dest/var/ext - - floor: .%internal/alma-9.1-bootstrap + - floor: .%internal/bootstrap sources: [] build: | install-rpms autoconf automake coreutils golang git rpm rpmdevtools rpm-build make mock python3-devel quilt diff --git a/bootstrap/CHECKSUM b/bootstrap/CHECKSUM new file mode 100644 index 00000000..0b7cc214 --- /dev/null +++ b/bootstrap/CHECKSUM @@ -0,0 +1,2 @@ +c2a4f505ffa543fa46f9a077d201d54d8d94f431079b5e776c15cb200c03bb73 CentOS-Stream-Container-Base-9-20240715.0.x86_64.tar.xz +af064c53839e2b54c7a42f7c6d1f4c4ed597e4ba6981ea90a1e6914278dfe855 CentOS-Stream-Container-Base-9-20240715.0.aarch64.tar.xz diff --git a/bootstrap/README.md b/bootstrap/README.md new file mode 100644 index 00000000..dc3fa8a0 --- /dev/null +++ b/bootstrap/README.md @@ -0,0 +1,13 @@ +# Uploading Bootstrap Tarball + +1. Download a CentOS-Stream-Container-Base tarball with a timestamp in its name, like `20230704`, from: + - [https://cloud.centos.org/centos/9-stream/x86_64/images/](https://cloud.centos.org/centos/9-stream/x86_64/images/) + - [https://cloud.centos.org/centos/9-stream/aarch64/images/](https://cloud.centos.org/centos/9-stream/aarch64/images/) +2. Upload them to artifactory in the subpath `eext-sources/bootstrap/CentOS-Stream/` +``` + curl -H "Authorization: Bearer ${ARTIFACTORY_TOKEN}" -X PUT https://artifactory.infra.corp.arista.io/artifactory/eext-sources/bootstrap/CentOS-Stream/ -T +``` +3. Update the `CHECKSUM` file in the local repo for the new entries from the `CHECKSUM` files: + - [https://cloud.centos.org/centos/9-stream/x86_64/images/CHECKSUM](https://cloud.centos.org/centos/9-stream/x86_64/images/CHECKSUM) + - [https://cloud.centos.org/centos/9-stream/aarch64/images/CHECKSUM](https://cloud.centos.org/centos/9-stream/aarch64/images/CHECKSUM) +4. Update the `EEXT_BOOTSTRAP_VERSION` environment variable in `barney.yaml`. diff --git a/bootstrap/eext-repos-build.repo.template b/bootstrap/eext-repos-build.repo.template new file mode 100644 index 00000000..fde11aad --- /dev/null +++ b/bootstrap/eext-repos-build.repo.template @@ -0,0 +1,16 @@ +[BaseOS] +baseurl=${DNF_HOST}/${DNF_DISTRO_REPO}/${DNF_DISTRO_REPO_VERSION}/BaseOS/${ARCH}/os/ +enabled=1 +gpgkey=file:///usr/share/distribution-gpg-keys/alma9-b86b3716-gpg-pubkey.pem + +[AppStream] +baseurl=${DNF_HOST}/${DNF_DISTRO_REPO}/${DNF_DISTRO_REPO_VERSION}/AppStream/${ARCH}/os/ +exclude=podman +enabled=1 +gpgkey=file:///usr/share/distribution-gpg-keys/alma9-b86b3716-gpg-pubkey.pem + +[epel9-snapshot] +baseurl=${DNF_HOST}/${DNF_EPEL_REPO}/${DNF_EPEL_REPO_SNAPSHOT_VERSION}/${DNF_EPEL_REPO_DISTRO_VERSION}/Everything/${ARCH}/ +enabled=1 +gpgkey=file:///usr/share/distribution-gpg-keys/epel9-3228467c-gpg-pubkey.pem + diff --git a/bootstrap/install-rpms b/bootstrap/install-rpms new file mode 100644 index 00000000..40c776ab --- /dev/null +++ b/bootstrap/install-rpms @@ -0,0 +1,7 @@ +#!/bin/sh +dnf --assumeyes --installroot=/dest --noplugins \ + --config=/etc/dnf/dnf.conf \ + --setopt=cachedir=/var/cache/dnf \ + --setopt=reposdir=/etc/yum.repos.d \ + --setopt=varsdir=/etc/dnf \ + install "$@"