edannenberg / kubler Goto Github PK

on a fresh core-os install

core@core-01 ~/gentoo-bb $ ./build.sh -s update
--> Updating DATE from 20141127 to 20141204 in ./build.sh and /push.sh
core@core-01 ~/gentoo-bb $ ./build.sh -s build 
--> import stage3
--> tag gentoobb/stage3-import:latest
-->  portage
--> tag gentoobb/portage-data:latest
env: envsubst: No such file or directory
--> build repo portage-data
--> extract Busybox binary to portage-data
gentoobb-gentoo-20141204-extract-busybox
--> build gentoobb/portage-data:20141204
Sending build context to Docker daemon 1.957 MB
Sending build context to Docker daemon 
2014/12/07 09:17:52 Error: Dockerfile cannot be empty
failed to build portage-data

It was brought up somewhere else that we should have test cases for this. And I agree. I just started to discover TAP and this seems that could help:
CI - travis-ci
Integration test - https://github.com/sstephenson/bats
Lint - https://github.com/openstack-dev/bashate https://github.com/koalaman/shellcheck

now that docker also supports appc, acbuild, baci or any of the other appcontainer builders might be a better way of creating containers. Optimally, not having to require docker nor rocket (or systemd, ..) would make it even simpler to play with gentoo, seeing how we can lean on crossdev or just folders for building.

The specification for appcontainers can be found here: https://github.com/appc/spec

..shaves 1.8mb off size: https://github.com/ncopa/su-exec#why-reinvent-gosu

Hi. I am building anything from scratch using yesterday's clonned code
I just changed builder for busybox to bob.

On building glibc, I receive multiple messages

removing intermediate container 27a602fcd302
Successfully built 38348d736218
--> tag bb/busybox:latest
--> build repo bb/glibc
--> building rootfs
--> run bb/bob-busybox:20170127

• Generating locale-archive: forcing # of jobs to 1
• These locales have been duplicated in your config:
  en_US.UTF-8 UTF-8
  en_US.UTF-8 UTF-8
• Some might be filtered, but you must fix it.
• Generating 2 locales (this might take a while) with 1 jobs
• (1/2) Generating en_US.ISO-8859-1 ... [ ok ]
• (2/2) Generating en_US.UTF-8 ... [ ok ]
• Generation complete
  Invalid package name in package.provided: sys-apps/busybox-1.25.1::gentoo
  See portage(5) for correct package.provided usage.
  Invalid package name in package.provided: sys-apps/busybox-1.25.1::gentoo
  See portage(5) for correct package.provided usage.
  At argv[2]='+~amd64': ~amd64 seems to be an incorrect keyword for sys-devel/libtool
  Invalid package name in package.provided: sys-apps/busybox-1.25.1::gentoo
  See portage(5) for correct package.provided usage.
  Invalid package name in package.provided: sys-apps/busybox-1.25.1::gentoo
  See portage(5) for correct package.provided usage.
  Invalid package name in package.provided: sys-apps/busybox-1.25.1::gentoo
  See portage(5) for correct package.provided usage.
  Invalid package name in package.provided: sys-apps/busybox-1.25.1::gentoo
  See portage(5) for correct package.provided usage.
  Invalid package name in package.provided: sys-apps/busybox-1.25.1::gentoo
  See portage(5) for correct package.provided usage.
  Invalid package name in package.provided: sys-apps/busybox-1.25.1::gentoo
  See portage(5) for correct package.provided usage.
  Invalid package name in package.provided: sys-apps/busybox-1.25.1::gentoo
  See portage(5) for correct package.provided usage.
  Invalid package name in package.provided: sys-apps/busybox-1.25.1::gentoo
  See portage(5) for correct package.provided usage.
  Invalid package name in package.provided: sys-apps/busybox-1.25.1::gentoo
  See portage(5) for correct package.provided usage.

then

Calculating dependencies... done!
[binary N ] sys-apps/baselayout-2.3::gentoo to /emerge-root/ USE="-build" 0 KiB

Total: 1 package (1 new, 1 binary), Size of downloads: 0 KiB

Emerging binary (1 of 1) sys-apps/baselayout-2.3::gentoo for /emerge-root/
Installing (1 of 1) sys-apps/baselayout-2.3::gentoo to /emerge-root/
Jobs: 1 of 1 complete Load avg: 6.2, 10.0, 8.8

• Messages for package sys-apps/baselayout-2.3 merged to /emerge-root/:

• Initializing /emerge-root/lib as a symlink

• Initializing /emerge-root/usr/lib as a symlink

• Initializing /emerge-root/usr/local/lib as a symlink

• You should reboot the system now to get /run mounted with tmpfs!

Auto-cleaning packages...

Using system located in ROOT tree /emerge-root/

No outdated packages were found on your system.

• IMPORTANT: 5 news items need reading for repository 'gentoo'.
• Use eselect news read to view new items.

Invalid package name in package.provided: sys-apps/busybox-1.25.1::gentoo
Invalid package name in package.provided: sys-apps/portage-2.3.3::gentoo
See portage(5) for correct package.provided usage.
Invalid package name in package.provided: sys-apps/busybox-1.25.1::gentoo
Invalid package name in package.provided: sys-apps/portage-2.3.3::gentoo
See portage(5) for correct package.provided usage.

glibc is still building. why this is caused?

Since we're copying timezone into /etc, I don't really see a need for the binaries (tzselect, zinc, zdump) nor basically everything in /usr/share/zoneinfo. If we kill it, thats another two megs. See any reason to keep it?

Hello. I think this project is a big future of Docker mess.
Man, this is the most acceptable way to use Docker, but there are little problems:

1. Nobody knows about it. I can't find any info at google, only a few blog posts and nothing more. I am sure, that people new to Gentoo, but familiar with Docker will like this way of managing containers. Anyone who have a blog, please tell about this great project! Many people use Gentoo for host and default crappy dockerhub's ubuntu images.
2. No any documentation. I needed much time to understand and to be sure use it in production (being advanced gentoo user), coz for such big thing one little readme.md is nothing. The first problem also links here.

After resolving 2nd issue, I will post an article on russian's biggest it-blog - geektimes.ru, it means many contributors, users and much attention.

So as I created an issue, let the topic will be documentation. I prepared some questions after monthly use of your project. It may be a starting point for some detailed doc.

The questions may be annonying or a kind of stupid, but I don't have time to learn all bash scripts and imagine how they works. I found your project while preparing a big production. I think many people will have same questions after using your project.

1. Some of packages use gentoobb/bash as source container, some packages use 'provide_package bash' and sources s6/openssl in their config. What is the difference? Please tell more about provide_package. As I understood, it add all package's file, if it is installed in upstream parent container(s). What I need to use, if I want to see bash in all containers? Just use FROM bash, instead of FROM s6?
2. Tell us more about bob-interactive. Sometimes I tried to use it to emerge manually, but after it starts following Buildconfig.sh and rebuilds again. Maybe some more examples?
3. I failed to build bind-9.11.0 with configure: error: cannot compute suffix of object files: cannot compile.
   It was successfully built with bob-interactive, and then rebuilt again with buildroot. Autogen and binutils was added in provide_package
4. After creating some custom packages, there was some missing libraries. Examples: latest mariadb (~amd64) was missing liblzma.5.so, after adding it worked. bind dns server is missing libdb-4.8.so, but host don't have it, it is still unresolved for me now. How to avoid it? Maybe call ldd on executables automatically and copy all missing libs? It must be easy to add such functionality.
5. Why I can't see running service in top and ps inside container? Is it possible somehow?
6. How to restart s6 service, instead of restarting the whole container?
7. Is it possible to add a package to existing container without rebuilding?
8. (a bit offtopic) Is there any reason to use more updated toolchain and main utils (like newer glibc, gcc, etc). Gcc is already at 6.0 version, but gentoo considers stable only 4.9.3... same with many other apps.
9. You said s6 is optional. How to use default openrc and not spent time to create s6/run and other things? It is hard to average user to do so (ex. for bind, which runs in chroot by default)
10. I use bob as default builder. Busybox is built with bob-musl. And my images contains a mix? How it works?
11. Please describe more functions configure_bob, configure_rootfs_build and finish_rootfs_build. Please use more examples in your future doc.
12. Why sometimes curl and some packages are providing, unproviding, etc? Can you tell us more, to avoid mistakes of creating new packages.
13. I found your project when was preparing a high-load production server. I created 7-10 containers, containing different services. How rebuilding everything works? As I understood, if I have some containers (not images) depending on some image, it will be not deleted, and I am not sure it will update. Tags? Who will have :latest? Also, I was forced to add emerge --sync to some images, coz I needed latest version of package, but had month-old stage3. Is there any way to call emerge --sync at least once a day for some parent container? I am afraid to call update/rebuild to anything, coz I am not fully understand how it works. Please describe some steps/examples, how to update anything in production environment, and keep emerge synced for all new images.
14. Why you call 'emerge php' in configure_bob, but in all other packages emerge is called from build script? what's the difference?
15. When I need to use 'copy_gcc_libs' on new images? Why some work, some not?

Man, you made a great cool thing, you can't imagine how big is future of this project. I see it in such way:
Big documentation, many examples, many repos of prepared packages for gentoobb, many blog posts/success stories, and mentioning on Gentoo.org Docker's wiki pages, also adding it to portage or some overlays.

Please pay some attention to the 'cover' of project, coz the kernel and all inside is just fine. We need some more attention and pull requests from other people.

I will help as I can, but have a hard-time of preparing production servers.

Thank you very much!
Good luck!

log https://transfer.sh/U5vHf/cross-x86-64-pc-linux-musl-linux-headers.log.xz

>>> Installing (2 of 6) sys-libs/pam-1.2.1-r99::musl
 * suid/sgid file(s) with suspicious hardlink(s):
 *
 *      /sbin/unix_chkpwd
 *
 * See the Gentoo Security Handbook guide for advice on how to proceed.

>>> Failed to install sys-libs/pam-1.2.1-r99, Log file:

>>>  '/var/tmp/portage/sys-libs/pam-1.2.1-r99/temp/build.log'
 * Messages for package sys-libs/pam-1.2.1-r99:
 * suid/sgid file(s) with suspicious hardlink(s):
 *
 *      /sbin/unix_chkpwd
 *
 * See the Gentoo Security Handbook guide for advice on how to proceed.

When I run ./build.sh it breaks on building cadvisor. The build.sh script states: -

 # cadvisor 0.23.x is not compatible with go 1.7, planned for 0.24
    echo '>=dev-lang/go-1.7.0' > /etc/portage/package.mask/go
    emerge -v go mercurial

But looking at dev-lang/go there's no version < 1.7.0: -

gentoobb-bob-glibc / # eix dev-lang/go -v
* dev-lang/go
     Available versions:  [m]1.7.4(0/1.7.4) [m]~1.7.5(0/1.7.5) [m]**9999(0/9999)^s
     IUSE (all versions): gccgo
     Installed versions:  Version:   1.7.4
                          Date:      23:43:50 02/03/17
                          USE:       -gccgo
                          RDEPEND:   !<dev-go/go-tools-0_pre20150902
                          EAPI:      6
     Recommendation:      Downgrade
     Homepage:            http://www.golang.org
     Find open bugs:      https://bugs.gentoo.org/buglist.cgi?quicksearch=dev-lang%2Fgo
     Description:         A concurrent garbage collected and typesafe programming language
     License:             BSD

Also I see that a > 0.24 version of cAdvisor is being used, which from the comment might support go > 1.7.0. I haven't confirmed this.

CADVISOR_VERSION="0.24.1"

./build.sh log failing to emerge

--> build repo gentoobb/cadvisor
--> building rootfs
--> run gentoobb/bob-glibc:20170127

These are the packages that would be merged, in order:

Calculating dependencies... done!
[binary   R   #] dev-lang/go-1.7.4:0/1.7.4::gentoo  USE="(-gccgo)" 0 KiB
[ebuild  N     ] dev-vcs/mercurial-3.8.4::gentoo  USE="-bugzilla -emacs -gpg {-test} -tk" PYTHON_TARGETS="python2_7" 4,664 KiB

Total: 2 packages (1 new, 1 reinstall, 1 binary), Size of downloads: 4,664 KiB

The following mask changes are necessary to proceed:
 (see "package.unmask" in the portage(5) man page for more details)
# required by go (argument)
# /etc/portage/package.mask/go:
=dev-lang/go-1.7.4

NOTE: The --autounmask-keep-masks option will prevent emerge
      from creating package.unmask or ** keyword changes.

Use --autounmask-write to write changes to config files (honoring
CONFIG_PROTECT). Carefully examine the list of proposed changes,
paying special attention to mask or keyword changes that may expose
experimental or unstable packages.
failed to run image gentoobb/bob-glibc:20170127

I will skip cAdvisor as I'm more interested in learning how to use gentoobb to build my own minimal docker images.

Usually a bad idea to recurse, especially since we're passing a lot of paths around. Lets review all places recursive deletion is used and see if we can avoid it.

More a discussion than a hitlist. A few things that could be improved:

1. Makeopts -jN could be populated from nproc
2. Add -ipv6 to default USE-flags since docker doesn't support ipv6 from inside a container (yet)
3. Use ${MIRROR} for gentoo mirror instead of static mirrors (or some other global default)
4. Update default USE based on the profile in use. We can remove a fair bit of default use flags.

I didn't notice this bug until I was working on a machine behind proxy.

The first time when build.sh is run, it will pull portage tree then stage3 tarball and save them to ./tmp/downloads. While /tmp/downloads/ doesn't exist (maybe git ignored it as it was empty), the builder will try to pull portage tree inside container when building bob-core. There's no proxy configuration inside container so that emerge failed.

In ./inc/core.sh at line 41:
https://github.com/edannenberg/gentoo-bb/blob/956a25034bdf7f0ae3e7b2b580bf66159d845b38/inc/core.sh
[ -d ${DL_PATH} ] || mkdir ${DL_PATH}
mkdir missing -p here.
at line 88 -p is there for stage3 downloading so stage3-import is built correctly.

Basically what topic says. Should manage:

• creating directory structure if it doesn't exist
• adding use flags
• possibly checking duplicity and/or overwriting current variables ( for instance USE="foo" would overwrite a previous USE="-foo", not just add to file for readability)

Thanks for posting this work. Mentioning ${REPO} in the die messages is a good idea, and I've patched my build.sh to do that too. I haven't had time to look over your new build framework, but I'm excited about that too. Is your project under the BSD license too, so I can just cherry pick from you? And feel free to add your own copyright to build.sh now that you've made some fairly substantial changes.

about 5MB get's removed from /usr/share/terminfo (the ebuild does a rm -rf) alpine does something similar with some backup on /etc http://git.alpinelinux.org/cgit/aports/tree/main/ncurses/APKBUILD so far It worked for me but don't know about the images you use

For Docker best practices images should be configured to not run as root if they do not need the privileges, this also jives with the Least Privilege Principal. I would like to use gentoo-bb to make Docker images that do not run as root. I'm not sure of the best way to achieve this. This might seem simple to others but I'm still learning.

Extending on the figlet example from the README, in the Dockerfile I want a line like USER figlet, this requires that /etc/passwd in the image has the user figlet. As I want to create minimal images I don't want to rely on having useradd (or similar tools like adduser) in the image. I don't complete grok how gentoo-bb works yet, and if I can use tools like adduser at the build time inside the bob container or if I should modify the build.sh or similar.

• Drop portage containers, install via websync in bob
• Provide common default packages like git on build container
• Refactor build process:
• FROM scratch defaults to configured build container
• FROM gentoobb/busybox would use gentoobb/bob-busybox as build container
• After each rootfs build commit the used build container as bob-$current_repo

This will preserve exact build state over image dependencies and lets us drop the current file juggling in $REPO/tmp to transfer parent data like passwd/group etc. Another approach would be to just put the $REPO/tmp files into an companion image instead of commiting the build container which would be much smaller, but less clean.

• Preserve headers etc in build container before pruning instead of copying to host
• Support multiple namespaces
• Configurable build container per image, bob should be easily extendable

For configuring the build container a pseudo tag in the docker file is introduced:

#BUILD_FROM gentoobb/bob-uclibc
FROM scratch

This mimics the several proposals for docker sub builds. The tag is optional, if omitted the FROM tag is parsed to determine the build container to use.

To define a default build container per namespace a build.conf file can be supplied:

BUILD_CONTAINER="myns/bob"

To skip the rootfs phase of the build:

#SKIP_ROOTFS
FROM ...

New directory layout:

gentoo-bb/
    bob-core/ <- just stage3/portage/build-root.sh
    dock/
        gentoobb/
            builder/
                bob/ <- add git, crossdev, layman
                bob-uclibc/ <- add crossdev uclibc toolchain
            images/
            build.conf
        my_namespace/ <- git sub module
            builder/
                bob/ <- do whatever you want, optional, could also just use a gentoobb builder
            images/
            build.conf
build.conf
build.sh

Should make creating/maintaining custom images pretty straight forward i hope.

/cc @jbergstroem

Regression in docker 1.10.0-1.10.1. See moby/moby#20296.

Stick with docker 1.9.x for building until 1.10.2 is out.

http://pastebin.com/BJsrRuLF

https://github.com/gentoo/gentoo/blob/d321ab3053915b22883a6681cead236190b994e6/eclass/gnome2-utils.eclass#L450 pointing to $EPREFIX inster of $ROOT, and so it fails.

i tried this in configure_rootfs and configure_bob:
sed -i -e 's|updater=${EPREFIX}/usr/bin/gtk-query-immodules-2.0|/emerge-root/usr/bin/gtk-query-immodules-2.0|g' /usr/portage/eclass/gnome2-utils.eclass
but it still pointing to /usr/bin/gtk-query-immodules-2.0 and fails, maybe this code not changing eclass.
Perhaps you can tell how to solve this problem?

I've tried this two:

> ~/git/gentoo-bb $ ./push.sh fdsfgsglibc
pushing to docker.io/u/fdsfgsglibc
Password:
Email: [email protected]
Error response from daemon: Wrong login/password, please try again

> ~/git/gentoo-bb $ ./push.sh -h docker.io/u fdsfgsglibc                                                          pushing to docker.io/u
docker tag 339fff3cc752 docker.io/u/fdsfgsglibc/bash
pushing docker.io/u/fdsfgsglibc/bash
The push refers to a repository [docker.io/u/fdsfgsglibc/bash]
4b951e8e2f64: Preparing
898928f11aed: Preparing
ba80a6000159: Preparing
73e778e20186: Preparing
79508c00b87a: Preparing
06cbf8a0e45a: Waiting
c0e5f79a3284: Waiting
f554530344c2: Waiting
unauthorized: authentication required

Plain docker push fdsfgsglibc/bash works.

Basically take care of most of the boilerplate by running something like:

./build.sh add namespace foo
./build.sh add image foo/bar
./build.sh add builder foo/baz

• Create a namespace
• Create an image
• Create a builder

I found a simple way to skip an image in a namespace. Simply rename it as a hidden directory by putting a . at the start of it's name. e.g.: -

cd dock/gentoobb/images/
mv cadvisor .cadvisor

For me I wanted to build the gentoobb namespace for learning purposes but cadvisor wasn't working, no other images depend on it as seen from the very useful https://gist.github.com/azimut/74e2702074bd179953753c360bf17a1a and I'm not interested in using cadvisor at the moment so I wanted to skip it. Not fully groking gentoo-bb yet I didn't know a way to skip an image without deleting it or creating a new namespace with all images bar the ones I wanted to skip, this trick worked. If there's a proper way to do it I think it should be added to the README.md or a FAQ, or at least commented here so others can find it.

Pulling repository docker.io/gentoobb/bob
Error: image gentoobb/bob:latest not found
failed to build gentoobb/builder/bob

!!! 'net-misc/openssh' (virtual/ssh) is part of your system profile.
!!! Unmerging it may be damaging to your system.


 net-misc/openssh
    selected: 7.3_p1-r6 
   protected: none 
     omitted: none 

All selected packages: =net-misc/openssh-7.3_p1-r6

>>> 'Selected' packages are slated for removal.
>>> 'Protected' and 'omitted' packages will not be removed.

>>> Waiting 5 seconds before starting...
>>> (Control-C to abort)...
>>> Unmerging in: 5 4 3 2 1
>>> Unmerging (1 of 1) net-misc/openssh-7.3_p1-r6...
 * suid/sgid file(s) with suspicious hardlink(s):
 * 
 *  /usr/lib64/misc/ssh-keysign
 * 
 * See the Gentoo Security Handbook guide for advice on how to proceed.

rm /usr/lib64/misc/ssh-keysign is needed before emerge -C

Hi. I had this issue 2 month ago, and it is still unresolved for me.
I am trying to build bind (I like oldschool)

I get this:
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking whether make sets $(MAKE)... yes
checking how to print strings... printf
checking for x86_64-pc-linux-gnu-gcc... x86_64-pc-linux-gnu-gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... configure: error: in `/var/tmp/portage/net-dns/bind-9.11.0_p2/work/bind-9.11.0-P2':
configure: error: cannot compute suffix of object files: cannot compile

I googled it and found this:
https://gcc.gnu.org/wiki/FAQ#Configuration_fails_with_.27.27configure:_error:_cannot_compute_suffix_of_object_files:_cannot_compile.27.27._What_is_the_problem.3F

But can't really understand, why this happen.
It successfully builds with bob-interactive, but I don't understand, how to create a container with bob-interactive.
Please help fix this error or build gentoobb/bind using bob-interactive.

I think other untested packages also can have this error

Thanks

The Quick Start documentation states: -

$ git clone https://github.com/edannenberg/gentoo-bb.git
$ cd gentoo-bb
$ ./build.sh

I do a git clone, cd into the directory and try the ./build/sh: -

gentoo@gentoo ~/gentoo-bb $ ./build.sh
--> generate build order
failed to expand requested images, typo in namespace or image name?

Reading the README.md, and I'm now reading the code to try to work out how to get started.

I know the repos in gentoobb namespace's purpose are to server as examples, but I've noticed unnecessary dependencies, which are triggering my OCD. I'm learning S6 (especially in Docker) and came across these whilst looking for examples of how it was used: -

At least some are probably using OpenSSL but not S6, which gentoobb/openssl depends on.

If I understand correctly the current design is Single Inheritance and doesn't support Multiple Inheritance nor Mixins, or similar concepts. One of the strengths I like about gentoo-bb is the ability to easily build minimal images. It would be cool IMO if some sort of composing could be done. I think composing would allow inheriting from say both gentoo/nginx using both gentoo/s6 and gentoobb/openssl (and gentoobb/openssl depends on gentoobb/glibc rather than gentoobb/s6).

Hi,

This project looks pretty awesome! A single question remains for me though: how should I load a custom overlay into my builder?

Thanks :)

The reference gentoobb/glibc image, which is served as base image for all glibc-based containers, doesn't copy compiled locale-archive to rootfs.tar when building.

You will encounter locale errors

~ docker run -i -t gentoobb/glibc
/ # locale -a
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_COLLATE to default locale: No such file or directory
C
POSIX

This is because locale-gen will generate compiled locale-archive into /usr/lib/locale/locale-archive, while this specific file isn't copied into rootfs.tar. BTW gentoo-bb is based on gentoo nomultilib profile, then /usr/lib is actually a symlink to /usr/lib64.

The locale-gen source has been removed when building gentoobb/glibc image, thus you can no longer rebuild locale inside container by running locale-gen.

To solve this problem I added manually locale-archive to $EMERGE_ROOT before tar'ing the rootfs.

In gentoo-bb/dock/gentoobb/images/glibc/Buildconfig.sh

# Add following lines into either configure_rootfs_build() or finish_rootfs_build()

# copy complied locales into rootfs
mkdir -p $EMERGE_ROOT/usr/lib64/locale
cp /usr/lib64/locale/locale-archive $EMERGE_ROOT/usr/lib64/locale/

This way we can expose relevant stuff to the portage build environment, such as MIRROR (straight inherit from build.sh), but also expand into stuff like PKG_INSTALL_MASK, MAKEOPTS or USE.

This will fix warnings like:

<snip>
--> tag gentoobb/portage-data:latest
--> running repo portage-data as portage-data
2014/11/13 10:18:16 Error response from daemon: Conflict, The name portage-data is already assigned to 5b54d0ba65de. You have to delete (or rename) that container to be able to assign portage-data to a container again.
--> build repo bob
--> tag gentoobb/bob:latest
<snip>

The only consumer within bb-dock seems to be entr at the moment.

No real space saver here; rather use gentoo's built in support for not installing stuff we don't need.

A few suggestions:

*.a # static libraries
/usr/lib64/gconv
/usr/lib64/systemd # not using systemd

Also, do we really need /usr/include at this point within the image?

Could you please publish edannenberg/gentoo-bb to Docker Hub to make it easier for others to use this?

1. Setup a Docker Hub account and repository.
2. docker push edannenberg/gentoo-bb

This 93e1f6a broken the build on coreos.

core@machine ~/git/gentoobb $ ./build.sh -s build fdsfgs
shasum is required for this script to run. Please install and try again
core@machine ~/git/gentoobb $ which sha512sum
/usr/bin/sha512sum
core@machine ~/git/gentoobb $ which shasum   
which: no shasum in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin)

Whilst logged in with docker, I was not able to build bob.

~/dev/gentoo-bb $ ./build.sh
--> generate build order
--> required engines: dummy docker
--> required builders: dummy/bob-core gentoobb/bob gentoobb/bob-musl
--> build sequence: dummy/busybox gentoobb/busybox gentoobb/glibc gentoobb/s6 gentoobb/openssl gentoobb/bash gentoobb/cadvisor gentoobb/jre-oracle gentoobb/clojure gentoobb/docker-registry gentoobb/elasticsearch gentoobb/gcc gentoobb/grafana gentoobb/influxdb gentoobb/jdk-icedtea gentoobb/jdk-oracle gentoobb/kibana gentoobb/ruby-gcc gentoobb/log-collector gentoobb/mariadb gentoobb/memcache gentoobb/mysql gentoobb/nginx gentoobb/nginx-php5.5 gentoobb/nginx-php7 gentoobb/nginx-proxy gentoobb/nginx-proxy-conf gentoobb/nodejs gentoobb/opensmtpd gentoobb/postgres gentoobb/python2 gentoobb/python3 gentoobb/redis gentoobb/riemann gentoobb/riemann-dash gentoobb/ruby
--> validate dummy engine
--> building dummy core
--> build gentoobb/stage3-import
--> build repo gentoobb/bob-core
--> build gentoobb/bob-core:20160616
Sending build context to Docker daemon 20.48 kB
Step 1 : FROM gentoobb/stage3-import
Pulling repository docker.io/gentoobb/stage3-import
Error: image gentoobb/stage3-import:latest not found
failed to build gentoobb/builder/bob-core

1. We should expose locales when building glibc (locale.gen). Suggesting defaulting to
   en_US ISO-8859-1 en_US.UTF-8 UTF-8
2. Remove un-neeed locales in /usr/share/locale (localepurge can help us here, otherwise just use locale.gen)
3. Optionally reduce locales used by iconv/gconv (lives in /usr/lib64/gconv). I know chromium has done some stuff here.

Thanks for this fantastic project, at first!
I want to add to the project support cross-compiling across different platforms, with the choice of the host architecture, with the ultimate choice of architecture which will be collected under the program. But the code in the project quite a lot, and I will leave a lot of time on understanding how it works, and adding support for cross-compilation one even longer, so I wanted to ask you, are you interested in this? If yes, would you help me to work on the support of all of this? Well, if you are not interested, then can I ask your advice as you best understand how it all works?
With your help we can make the greatest and thin containers for any architecture!

If you are interested in this, will continue to be a rough outline of what should be done:

Parameters that need to be setuped in build.sh (list is incomplete):

1. $BOB_BITS detected from list of the 32bit chosts (and change all lib64 to lib${BOB_BITS})
2. HCHOST (host chost, for build containers), needed for:
3. build.conf (BOB_BUILDER_{CFLAGS,CHOST})
4. bob-core/build-root.sh
5. bob-core/portage-defaults.sh
6. TCHOST (target chost, for crossdev), needed for :
7. build.conf (BOB_{CFLAGS,CHOST})
8. setup DEF_BUILD_CONTAINER the pass to:
9. dock/${NAMESPACE}/build.conf
10. build.conf
11. Final architecture alias (eg armv7a to arm), needed for universal builder containers:
12. ACCEPT_KEYWORDS=$ARCH
13. CFLAGS for TCHOST
14. BOB_BUSYBOX_BUILDER and BOB_BUSYBOX_CHOST created from BUILDER_ARCH (created from HCHOST)
15. multi-arch DATE in build.conf
16. update script for updating DATE

also i tried to create new format for the builders, just single file with something like here (https://github.com/azimut/gentoo-bb/commit/c332ed987d840895946ce1eb7692ad1a251aa4b3#diff-f441b4865ba6d36dc97960983d439f9fR27):

EMERGE_BIN="emerge${HCHOST}"
CROSSDEV_TARGET="${TCHOST}"

configure_bob() {
    if [ "${HCHOST}" == "15453654" ]; then
       do something that this host chost need
    fi
    fi [ "${TCHOST}"  == "d565665" ]; then
       do something that this target chost is need
    fi
    crossdev -S --init-target --target ${TCHOST}
    mkdir -p /usr/${CROSSDEV_TARGET}/etc/portage/package.{mask,unmask,use,keywords} /usr/${TCHOST}/tmp/
    rm /usr/${TCHOST}/etc/portage/make.profile
    ln -s /usr/portage/profiles/hardened/linux/${LIBC}/${ARCH}/${ARCH_FROM_CHOST} /usr/${TCHOST}/etc/portage/make.profile

    head -n -3 /etc/portage/make.conf > /usr/${TCHOST}/etc/portage/make.conf
    sed -i '7i CHOST=${TCHOST} \
CC=${CHOST}-gcc \
CFLAGS="-O2 -pipe -march=${BOB_CFLAGS}" \
CBUILD=${HCHOST} \
HOSTCC=${HCHOST}-gcc \
ROOT=/usr/${TCHOST}/ \
ACCEPT_KEYWORDS="*" \
PORTAGE_TMPDIR=${ROOT}tmp/ \
PKG_CONFIG_PATH="${ROOT}usr/lib/pkgconfig/" \
PKGDIR="/packages/${TCHOST}"' /usr/${TCHOST}/etc/portage/make.conf

    sed -i -e 's/^ACCEPT_KEYWORDS=" ~"/ACCEPT_KEYWORDS="${ARCH}"/g' /usr/${TCHOST}/etc/portage/make.conf

    # quick'n'dirty workaround as libsanitize currently breaks the tool chain build
    echo "cross-${TCHOST}/gcc -sanitize" > /etc/portage/package.use/gcc

    # init portage env defaults..
    source /etc/profile
    # ..but unset CHOST as it overrides make.conf
    if [ "${HCHOST}" != "${TCHOST}" ]
        unset CHOST CC CFLAGS CXXFLAGS
    else
        unset  CC CFLAGS CXXFLAGS
     fi
}

same for universal images:

configure_bob() { 
   if [ "${HCHOST}" == "15453654" ]; then
       do something that this host chost need
    fi
    fi [ "${TCHOST}"  == "d565665" ]; then
       do something that this target chost is need
    fi
}

for universal {images,builders} we need ability to save and run builders and images with names like gentoobb-builder-$TCHOST-$DATE for builders and gentoobb-$IMAGENAME-$TCHOST-$DATE for images.

Also still have to make many other changes to make it all work.

I am sorry that the text is so badly drafted, I did not fully understand how it works, and I wrote it all the dead of night.

Oh, and most importantly, the branch in which I am slowly starting to work on it all:
https://github.com/soredake/gentoo-bb/tree/universal

Apparently glibc installs require --privileged container option since Docker 1.10.x. See moby/moby#1916. Fortunately we don't use docker build to install packages, as a workaround add --privileged here.

Due to #38 I looked into supporting multiple stage3 base containers, i.e. have a glibc and musl based stage3 coexist. This would enable us to drop all the crossdev overhead just to get a static musl busybox binary, while also avoiding future crossdev problems with musl as Gentoo's musl maintainer, by his own words, is not really interested in cross compiling support. Should also speed up the build quite a bit.

Got a working prototype so far but needs some more refactoring to make it generic and configurable.

Todo:

• Configure stage3 per build container

Probably the biggest refactor, but kinda required for the planned acbuild support anyways:

• Add a build.conf file to each build container/image, stage3 is only configurable for builder images:

Example builder config:

#BUILDER="${NAMESPACE}/foo"

# ..or bootstrap a fresh stage3, overrides BUILDER if defined
STAGE3_DATE="20170104"
STAGE3_BASE="stage3-amd64-musl-hardened"
ARCH="amd64"
ARCH_URL="${MIRROR}experimental/${ARCH}/musl/"

# run build container in privileged mode, defaults to false
BUILD_PRIVILEGED=true

# important: changing any of the below requires core image rebuild (pass -c on rebuild)
BOB_CHOST="x86_64-gentoo-linux-musl"
#BOB_CFLAGS="${BOB_CFLAGS:--mtune=generic -O2 -pipe}"
#BOB_CXXFLAGS="${BOB_CXXFLAGS:-${BOB_CFLAGS}}"

# active in configure_bob() hook, generally only differs when using crossdev
#BOB_BUILDER_CHOST="${BOB_BUILDER_CHOST:-${BOB_CHOST}}"
#BOB_BUILDER_CFLAGS="${BOB_BUILDER_CFLAGS:-${BOB_CFLAGS}}"
#BOB_BUILDER_CXXFLAGS="${BOB_BUILDER_CXXFLAGS:-${BOB_CXXFLAGS}}"

Example image config:

BUILDER="ns/build_container" # prev. BUILD_FROM in Dockerfile
IMAGE_PARENT="ns/parent_image" # = FROM in Dockerfile
BUILD_PRIVILEGED=true

BUILDER is optional for images, a DEFAULT_BUILDER can be configured via namespace build.conf.

This prepares nicely for acbuild as Dockerfile.template becomes an implementation detail.

• Rename Buildconfig.sh to build.sh, with the impending rebranding of the project the root build.sh will most likely get renamed.

├── build.conf <- sourced on host
├── build.sh <- sourced in build container 
└── Dockerfile.template

• Default build container naming

Build container names generally start with gentoobb/bob, when a new build container state is committed the current image name gets appended. For example gentoobb/bob-openssl refers to the container used to build the gentoobb/openssl image.

This will possibly need some rework as the DEFAULT_BUILD_CONTAINER name is different for each stage3.

• Different DATE for autobuilds and experimental stage3 files like musl

Currently DATE (or essentially the tag used when creating docker images) is coupled to stage3 date, doesn't make much sense with multiple stage3 that (possibily) each have their own date and should probably just be the local build date. Maybe rename DATE to IMAGE_TAG for clarity.

• Refactor binary package location depending on stage3 and CHOST, currently only CHOST is considered

Edit: CHOST is actually enough, but it needs to be set only once per stage3 core builder.

• Refactor build.sh update

Currently we just scrape autobuilds/latest-stage3.txt, this won't do for experimental stage3 files.

• Update should collect configured stage3 across all namespaces, fetch latest date for each and update corresponding build.conf
• Ability to list possible stage3 files from gentoo mirror, ideally it should output some copy pasta text for build.conf (see #53) / edit: not worth the effort imo, should be well documented though

More than happy if anyone wants to help out with the build.sh update / Gentoo mirror scraping stuff, I'll make a branch shortly.

in Dockerfile you can pass:

ENV foo=bar \
  bar=baz \
  qux="foo bar"

..to avoid the multiple layers of images. Lets do this for our builders.

(not doing a PR atm since it's against the multistage3 branch)

I just wanted to file an issue based on the chat's we've had on IRC about this.

The gist is that Buildconfig.sh scripts should have two phases; one for building the runtime docker image, and one for building the assets put in. For instance, a django project might need to be pulled over git while the actual docker image has no need for it [git].

071d363699c3 tmp # tar zxvf unzip60.tar.gz
tar: short read

071d363699c3 tmp # unzip infozip_binaries_linux_x64.zip
Archive: infozip_binaries_linux_x64.zip
inflating: zip
unzip: inflate error

When building from scratch the following will throw a build error:

./build.sh build gentoobb/busybox
--> generate build order
--> required engines:  docker
--> required builders: gentoobb/bob-musl
--> build sequence:    gentoobb/busybox
--> build gentoobb/stage3-import
--> build repo gentoobb/bob-core
--> build repo gentoobb/bob-musl
--> building rootfs
--> run gentoobb/bob:20170105
Unable to find image 'gentoobb/bob:20170105' locally
docker: Error response from daemon: repository gentoobb/bob not found: does not exist or no pull access.
See 'docker run --help'.
failed to run image gentoobb/bob:20170105

Targeting the next image gentoobb/glibc will resolve the issue. Looks like a bug in the image dependency resolution as gentoobb/bob is not picked up as a required builder, hence not getting built and then missing when gentoobb/bob-musl is built.

gcc libvtv appears to depend on having execinfo.h which musl lacks. for now this can be worked around by configuring USE=-vtv for bob-musl (maybe uclibc too).