edannenberg / kubler Goto Github PK
View Code? Open in Web Editor NEWA generic, extendable build orchestrator.
License: BSD 2-Clause "Simplified" License
A generic, extendable build orchestrator.
License: BSD 2-Clause "Simplified" License
on a fresh core-os install
core@core-01 ~/gentoo-bb $ ./build.sh -s update
--> Updating DATE from 20141127 to 20141204 in ./build.sh and /push.sh
core@core-01 ~/gentoo-bb $ ./build.sh -s build
--> import stage3
--> tag gentoobb/stage3-import:latest
--> portage
--> tag gentoobb/portage-data:latest
env: envsubst: No such file or directory
--> build repo portage-data
--> extract Busybox binary to portage-data
gentoobb-gentoo-20141204-extract-busybox
--> build gentoobb/portage-data:20141204
Sending build context to Docker daemon 1.957 MB
Sending build context to Docker daemon
2014/12/07 09:17:52 Error: Dockerfile cannot be empty
failed to build portage-data
It was brought up somewhere else that we should have test cases for this. And I agree. I just started to discover TAP and this seems that could help:
CI - travis-ci
Integration test - https://github.com/sstephenson/bats
Lint - https://github.com/openstack-dev/bashate https://github.com/koalaman/shellcheck
now that docker also supports appc, acbuild, baci or any of the other appcontainer builders might be a better way of creating containers. Optimally, not having to require docker nor rocket (or systemd, ..) would make it even simpler to play with gentoo, seeing how we can lean on crossdev or just folders for building.
The specification for appcontainers can be found here: https://github.com/appc/spec
..shaves 1.8mb off size: https://github.com/ncopa/su-exec#why-reinvent-gosu
Hi. I am building anything from scratch using yesterday's clonned code
I just changed builder for busybox to bob.
On building glibc, I receive multiple messages
removing intermediate container 27a602fcd302
Successfully built 38348d736218
--> tag bb/busybox:latest
--> build repo bb/glibc
--> building rootfs
--> run bb/bob-busybox:20170127
then
Calculating dependencies... done!
[binary N ] sys-apps/baselayout-2.3::gentoo to /emerge-root/ USE="-build" 0 KiB
Total: 1 package (1 new, 1 binary), Size of downloads: 0 KiB
Emerging binary (1 of 1) sys-apps/baselayout-2.3::gentoo for /emerge-root/
Installing (1 of 1) sys-apps/baselayout-2.3::gentoo to /emerge-root/
Jobs: 1 of 1 complete Load avg: 6.2, 10.0, 8.8
Messages for package sys-apps/baselayout-2.3 merged to /emerge-root/:
Initializing /emerge-root/lib as a symlink
Initializing /emerge-root/usr/lib as a symlink
Initializing /emerge-root/usr/local/lib as a symlink
You should reboot the system now to get /run mounted with tmpfs!
Auto-cleaning packages...
Using system located in ROOT tree /emerge-root/
No outdated packages were found on your system.
Invalid package name in package.provided: sys-apps/busybox-1.25.1::gentoo
Invalid package name in package.provided: sys-apps/portage-2.3.3::gentoo
See portage(5) for correct package.provided usage.
Invalid package name in package.provided: sys-apps/busybox-1.25.1::gentoo
Invalid package name in package.provided: sys-apps/portage-2.3.3::gentoo
See portage(5) for correct package.provided usage.
glibc is still building. why this is caused?
Since we're copying timezone into /etc, I don't really see a need for the binaries (tzselect, zinc, zdump) nor basically everything in /usr/share/zoneinfo. If we kill it, thats another two megs. See any reason to keep it?
Hello. I think this project is a big future of Docker mess.
Man, this is the most acceptable way to use Docker, but there are little problems:
After resolving 2nd issue, I will post an article on russian's biggest it-blog - geektimes.ru, it means many contributors, users and much attention.
So as I created an issue, let the topic will be documentation. I prepared some questions after monthly use of your project. It may be a starting point for some detailed doc.
The questions may be annonying or a kind of stupid, but I don't have time to learn all bash scripts and imagine how they works. I found your project while preparing a big production. I think many people will have same questions after using your project.
Man, you made a great cool thing, you can't imagine how big is future of this project. I see it in such way:
Big documentation, many examples, many repos of prepared packages for gentoobb, many blog posts/success stories, and mentioning on Gentoo.org Docker's wiki pages, also adding it to portage or some overlays.
Please pay some attention to the 'cover' of project, coz the kernel and all inside is just fine. We need some more attention and pull requests from other people.
I will help as I can, but have a hard-time of preparing production servers.
Thank you very much!
Good luck!
log https://transfer.sh/U5vHf/cross-x86-64-pc-linux-musl-linux-headers.log.xz
>>> Installing (2 of 6) sys-libs/pam-1.2.1-r99::musl
* suid/sgid file(s) with suspicious hardlink(s):
*
* /sbin/unix_chkpwd
*
* See the Gentoo Security Handbook guide for advice on how to proceed.
>>> Failed to install sys-libs/pam-1.2.1-r99, Log file:
>>> '/var/tmp/portage/sys-libs/pam-1.2.1-r99/temp/build.log'
* Messages for package sys-libs/pam-1.2.1-r99:
* suid/sgid file(s) with suspicious hardlink(s):
*
* /sbin/unix_chkpwd
*
* See the Gentoo Security Handbook guide for advice on how to proceed.
When I run ./build.sh
it breaks on building cadvisor. The build.sh script states: -
# cadvisor 0.23.x is not compatible with go 1.7, planned for 0.24
echo '>=dev-lang/go-1.7.0' > /etc/portage/package.mask/go
emerge -v go mercurial
But looking at dev-lang/go there's no version < 1.7.0: -
gentoobb-bob-glibc / # eix dev-lang/go -v
* dev-lang/go
Available versions: [m]1.7.4(0/1.7.4) [m]~1.7.5(0/1.7.5) [m]**9999(0/9999)^s
IUSE (all versions): gccgo
Installed versions: Version: 1.7.4
Date: 23:43:50 02/03/17
USE: -gccgo
RDEPEND: !<dev-go/go-tools-0_pre20150902
EAPI: 6
Recommendation: Downgrade
Homepage: http://www.golang.org
Find open bugs: https://bugs.gentoo.org/buglist.cgi?quicksearch=dev-lang%2Fgo
Description: A concurrent garbage collected and typesafe programming language
License: BSD
Also I see that a > 0.24 version of cAdvisor is being used, which from the comment might support go > 1.7.0. I haven't confirmed this.
CADVISOR_VERSION="0.24.1"
--> build repo gentoobb/cadvisor
--> building rootfs
--> run gentoobb/bob-glibc:20170127
These are the packages that would be merged, in order:
Calculating dependencies... done!
[binary R #] dev-lang/go-1.7.4:0/1.7.4::gentoo USE="(-gccgo)" 0 KiB
[ebuild N ] dev-vcs/mercurial-3.8.4::gentoo USE="-bugzilla -emacs -gpg {-test} -tk" PYTHON_TARGETS="python2_7" 4,664 KiB
Total: 2 packages (1 new, 1 reinstall, 1 binary), Size of downloads: 4,664 KiB
The following mask changes are necessary to proceed:
(see "package.unmask" in the portage(5) man page for more details)
# required by go (argument)
# /etc/portage/package.mask/go:
=dev-lang/go-1.7.4
NOTE: The --autounmask-keep-masks option will prevent emerge
from creating package.unmask or ** keyword changes.
Use --autounmask-write to write changes to config files (honoring
CONFIG_PROTECT). Carefully examine the list of proposed changes,
paying special attention to mask or keyword changes that may expose
experimental or unstable packages.
failed to run image gentoobb/bob-glibc:20170127
I will skip cAdvisor as I'm more interested in learning how to use gentoobb to build my own minimal docker images.
Usually a bad idea to recurse, especially since we're passing a lot of paths around. Lets review all places recursive deletion is used and see if we can avoid it.
More a discussion than a hitlist. A few things that could be improved:
-jN
could be populated from nproc-ipv6
to default USE-flags since docker doesn't support ipv6 from inside a container (yet)${MIRROR}
for gentoo mirror instead of static mirrors (or some other global default)I didn't notice this bug until I was working on a machine behind proxy.
The first time when build.sh
is run, it will pull portage tree then stage3 tarball and save them to ./tmp/downloads
. While /tmp/downloads/
doesn't exist (maybe git ignored it as it was empty), the builder will try to pull portage tree inside container when building bob-core
. There's no proxy configuration inside container so that emerge failed.
In ./inc/core.sh
at line 41:
https://github.com/edannenberg/gentoo-bb/blob/956a25034bdf7f0ae3e7b2b580bf66159d845b38/inc/core.sh
[ -d ${DL_PATH} ] || mkdir ${DL_PATH}
mkdir
missing -p here.
at line 88 -p
is there for stage3 downloading so stage3-import
is built correctly.
Basically what topic says. Should manage:
Thanks for posting this work. Mentioning ${REPO}
in the die
messages is a good idea, and I've patched my build.sh
to do that too. I haven't had time to look over your new build framework, but I'm excited about that too. Is your project under the BSD license too, so I can just cherry pick from you? And feel free to add your own copyright to build.sh
now that you've made some fairly substantial changes.
about 5MB get's removed from /usr/share/terminfo (the ebuild does a rm -rf) alpine does something similar with some backup on /etc http://git.alpinelinux.org/cgit/aports/tree/main/ncurses/APKBUILD so far It worked for me but don't know about the images you use
For Docker best practices images should be configured to not run as root if they do not need the privileges, this also jives with the Least Privilege Principal. I would like to use gentoo-bb to make Docker images that do not run as root. I'm not sure of the best way to achieve this. This might seem simple to others but I'm still learning.
Extending on the figlet example from the README, in the Dockerfile I want a line like USER figlet
, this requires that /etc/passwd
in the image has the user figlet. As I want to create minimal images I don't want to rely on having useradd
(or similar tools like adduser
) in the image. I don't complete grok how gentoo-bb works yet, and if I can use tools like adduser
at the build time inside the bob container or if I should modify the build.sh or similar.
This will preserve exact build state over image dependencies and lets us drop the current file juggling in $REPO/tmp to transfer parent data like passwd/group etc. Another approach would be to just put the $REPO/tmp files into an companion image instead of commiting the build container which would be much smaller, but less clean.
For configuring the build container a pseudo tag in the docker file is introduced:
#BUILD_FROM gentoobb/bob-uclibc
FROM scratch
This mimics the several proposals for docker sub builds. The tag is optional, if omitted the FROM tag is parsed to determine the build container to use.
To define a default build container per namespace a build.conf file can be supplied:
BUILD_CONTAINER="myns/bob"
To skip the rootfs phase of the build:
#SKIP_ROOTFS
FROM ...
New directory layout:
gentoo-bb/
bob-core/ <- just stage3/portage/build-root.sh
dock/
gentoobb/
builder/
bob/ <- add git, crossdev, layman
bob-uclibc/ <- add crossdev uclibc toolchain
images/
build.conf
my_namespace/ <- git sub module
builder/
bob/ <- do whatever you want, optional, could also just use a gentoobb builder
images/
build.conf
build.conf
build.sh
Should make creating/maintaining custom images pretty straight forward i hope.
/cc @jbergstroem
Regression in docker 1.10.0-1.10.1. See moby/moby#20296.
Stick with docker 1.9.x for building until 1.10.2 is out.
https://github.com/gentoo/gentoo/blob/d321ab3053915b22883a6681cead236190b994e6/eclass/gnome2-utils.eclass#L450 pointing to $EPREFIX inster of $ROOT, and so it fails.
i tried this in configure_rootfs and configure_bob:
sed -i -e 's|updater=${EPREFIX}/usr/bin/gtk-query-immodules-2.0|/emerge-root/usr/bin/gtk-query-immodules-2.0|g' /usr/portage/eclass/gnome2-utils.eclass
but it still pointing to /usr/bin/gtk-query-immodules-2.0 and fails, maybe this code not changing eclass.
Perhaps you can tell how to solve this problem?
I've tried this two:
> ~/git/gentoo-bb $ ./push.sh fdsfgsglibc
pushing to docker.io/u/fdsfgsglibc
Password:
Email: [email protected]
Error response from daemon: Wrong login/password, please try again
> ~/git/gentoo-bb $ ./push.sh -h docker.io/u fdsfgsglibc pushing to docker.io/u
docker tag 339fff3cc752 docker.io/u/fdsfgsglibc/bash
pushing docker.io/u/fdsfgsglibc/bash
The push refers to a repository [docker.io/u/fdsfgsglibc/bash]
4b951e8e2f64: Preparing
898928f11aed: Preparing
ba80a6000159: Preparing
73e778e20186: Preparing
79508c00b87a: Preparing
06cbf8a0e45a: Waiting
c0e5f79a3284: Waiting
f554530344c2: Waiting
unauthorized: authentication required
Plain docker push fdsfgsglibc/bash
works.
Basically take care of most of the boilerplate by running something like:
./build.sh add namespace foo
./build.sh add image foo/bar
./build.sh add builder foo/baz
--> build repo gentoobb/nginx-php7
--> building rootfs
--> run gentoobb/bob:20161020
At argv[2]='+~amd64': ~amd64 seems to be an incorrect keyword for app-eselect/eselect-php
I found a simple way to skip an image in a namespace. Simply rename it as a hidden directory by putting a .
at the start of it's name. e.g.: -
cd dock/gentoobb/images/
mv cadvisor .cadvisor
For me I wanted to build the gentoobb namespace for learning purposes but cadvisor wasn't working, no other images depend on it as seen from the very useful https://gist.github.com/azimut/74e2702074bd179953753c360bf17a1a and I'm not interested in using cadvisor at the moment so I wanted to skip it. Not fully groking gentoo-bb yet I didn't know a way to skip an image without deleting it or creating a new namespace with all images bar the ones I wanted to skip, this trick worked. If there's a proper way to do it I think it should be added to the README.md or a FAQ, or at least commented here so others can find it.
Pulling repository docker.io/gentoobb/bob
Error: image gentoobb/bob:latest not found
failed to build gentoobb/builder/bob
!!! 'net-misc/openssh' (virtual/ssh) is part of your system profile.
!!! Unmerging it may be damaging to your system.
net-misc/openssh
selected: 7.3_p1-r6
protected: none
omitted: none
All selected packages: =net-misc/openssh-7.3_p1-r6
>>> 'Selected' packages are slated for removal.
>>> 'Protected' and 'omitted' packages will not be removed.
>>> Waiting 5 seconds before starting...
>>> (Control-C to abort)...
>>> Unmerging in: 5 4 3 2 1
>>> Unmerging (1 of 1) net-misc/openssh-7.3_p1-r6...
* suid/sgid file(s) with suspicious hardlink(s):
*
* /usr/lib64/misc/ssh-keysign
*
* See the Gentoo Security Handbook guide for advice on how to proceed.
rm /usr/lib64/misc/ssh-keysign
is needed before emerge -C
* vhosts USE flag not set - auto-installing using webapp-config
* This is an installation
* rutorrent-3.7 is not installed - using install mode
* Running /emerge-root/usr/sbin/webapp-config -h localhost -u root -d /rutorrent -I rutorrent 3.7
* Fatal error: Unable to determine location of master copy
* Fatal error(s) - aborting
Hi. I had this issue 2 month ago, and it is still unresolved for me.
I am trying to build bind (I like oldschool)
I get this:
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking whether make sets $(MAKE)... yes
checking how to print strings... printf
checking for x86_64-pc-linux-gnu-gcc... x86_64-pc-linux-gnu-gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... configure: error: in `/var/tmp/portage/net-dns/bind-9.11.0_p2/work/bind-9.11.0-P2':
configure: error: cannot compute suffix of object files: cannot compile
I googled it and found this:
https://gcc.gnu.org/wiki/FAQ#Configuration_fails_with_.27.27configure:_error:_cannot_compute_suffix_of_object_files:_cannot_compile.27.27._What_is_the_problem.3F
But can't really understand, why this happen.
It successfully builds with bob-interactive, but I don't understand, how to create a container with bob-interactive.
Please help fix this error or build gentoobb/bind using bob-interactive.
I think other untested packages also can have this error
Thanks
The Quick Start documentation states: -
$ git clone https://github.com/edannenberg/gentoo-bb.git
$ cd gentoo-bb
$ ./build.sh
I do a git clone, cd into the directory and try the ./build/sh
: -
gentoo@gentoo ~/gentoo-bb $ ./build.sh
--> generate build order
failed to expand requested images, typo in namespace or image name?
Reading the README.md, and I'm now reading the code to try to work out how to get started.
I know the repos in gentoobb namespace's purpose are to server as examples, but I've noticed unnecessary dependencies, which are triggering my OCD. I'm learning S6 (especially in Docker) and came across these whilst looking for examples of how it was used: -
image | unnecessary dependency |
---|---|
docker-registry | openssl -> s6 |
grafana | openssl -> s6 |
nodejs | openssl -> s6 |
opensmtpd | openssl -> s6 |
At least some are probably using OpenSSL but not S6, which gentoobb/openssl depends on.
If I understand correctly the current design is Single Inheritance and doesn't support Multiple Inheritance nor Mixins, or similar concepts. One of the strengths I like about gentoo-bb is the ability to easily build minimal images. It would be cool IMO if some sort of composing could be done. I think composing would allow inheriting from say both gentoo/nginx using both gentoo/s6 and gentoobb/openssl (and gentoobb/openssl depends on gentoobb/glibc rather than gentoobb/s6).
Hi,
This project looks pretty awesome! A single question remains for me though: how should I load a custom overlay into my builder?
Thanks :)
The reference gentoobb/glibc image, which is served as base image for all glibc-based containers, doesn't copy compiled locale-archive to rootfs.tar when building.
You will encounter locale errors
~ docker run -i -t gentoobb/glibc
/ # locale -a
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_COLLATE to default locale: No such file or directory
C
POSIX
This is because locale-gen will generate compiled locale-archive into /usr/lib/locale/locale-archive, while this specific file isn't copied into rootfs.tar. BTW gentoo-bb is based on gentoo nomultilib profile, then /usr/lib is actually a symlink to /usr/lib64.
The locale-gen source has been removed when building gentoobb/glibc image, thus you can no longer rebuild locale inside container by running locale-gen.
To solve this problem I added manually locale-archive to $EMERGE_ROOT before tar'ing the rootfs.
In gentoo-bb/dock/gentoobb/images/glibc/Buildconfig.sh
# Add following lines into either configure_rootfs_build() or finish_rootfs_build()
# copy complied locales into rootfs
mkdir -p $EMERGE_ROOT/usr/lib64/locale
cp /usr/lib64/locale/locale-archive $EMERGE_ROOT/usr/lib64/locale/
--> tag gentoobb/nginx:latest
--> build repo gentoobb/nginx-php7
--> building rootfs
--> run gentoobb/bob-nginx:20160929
At argv[6]='+gd': Ambiguous argument: gd (matches lic, use).
Aborting.
failed to run image gentoobb/bob-nginx:20160929
This way we can expose relevant stuff to the portage build environment, such as MIRROR (straight inherit from build.sh), but also expand into stuff like PKG_INSTALL_MASK, MAKEOPTS or USE.
This will fix warnings like:
<snip>
--> tag gentoobb/portage-data:latest
--> running repo portage-data as portage-data
2014/11/13 10:18:16 Error response from daemon: Conflict, The name portage-data is already assigned to 5b54d0ba65de. You have to delete (or rename) that container to be able to assign portage-data to a container again.
--> build repo bob
--> tag gentoobb/bob:latest
<snip>
The only consumer within bb-dock seems to be entr at the moment.
No real space saver here; rather use gentoo's built in support for not installing stuff we don't need.
A few suggestions:
*.a # static libraries
/usr/lib64/gconv
/usr/lib64/systemd # not using systemd
Also, do we really need /usr/include
at this point within the image?
Could you please publish edannenberg/gentoo-bb to Docker Hub to make it easier for others to use this?
docker push edannenberg/gentoo-bb
This 93e1f6a broken the build on coreos.
core@machine ~/git/gentoobb $ ./build.sh -s build fdsfgs
shasum is required for this script to run. Please install and try again
core@machine ~/git/gentoobb $ which sha512sum
/usr/bin/sha512sum
core@machine ~/git/gentoobb $ which shasum
which: no shasum in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin)
./build.sh -sfFcC build gentoobb
--> generate build order
sed: can't read gentoobb/images/sass-gulp/Dockerfile.template: No such file or directory
error executing get_image_builder(): error while generating gentoobb/images/sass-gulp/Dockerfile
Whilst logged in with docker, I was not able to build bob.
~/dev/gentoo-bb $ ./build.sh
--> generate build order
--> required engines: dummy docker
--> required builders: dummy/bob-core gentoobb/bob gentoobb/bob-musl
--> build sequence: dummy/busybox gentoobb/busybox gentoobb/glibc gentoobb/s6 gentoobb/openssl gentoobb/bash gentoobb/cadvisor gentoobb/jre-oracle gentoobb/clojure gentoobb/docker-registry gentoobb/elasticsearch gentoobb/gcc gentoobb/grafana gentoobb/influxdb gentoobb/jdk-icedtea gentoobb/jdk-oracle gentoobb/kibana gentoobb/ruby-gcc gentoobb/log-collector gentoobb/mariadb gentoobb/memcache gentoobb/mysql gentoobb/nginx gentoobb/nginx-php5.5 gentoobb/nginx-php7 gentoobb/nginx-proxy gentoobb/nginx-proxy-conf gentoobb/nodejs gentoobb/opensmtpd gentoobb/postgres gentoobb/python2 gentoobb/python3 gentoobb/redis gentoobb/riemann gentoobb/riemann-dash gentoobb/ruby
--> validate dummy engine
--> building dummy core
--> build gentoobb/stage3-import
--> build repo gentoobb/bob-core
--> build gentoobb/bob-core:20160616
Sending build context to Docker daemon 20.48 kB
Step 1 : FROM gentoobb/stage3-import
Pulling repository docker.io/gentoobb/stage3-import
Error: image gentoobb/stage3-import:latest not found
failed to build gentoobb/builder/bob-core
en_US ISO-8859-1 en_US.UTF-8 UTF-8
Thanks for this fantastic project, at first!
I want to add to the project support cross-compiling across different platforms, with the choice of the host architecture, with the ultimate choice of architecture which will be collected under the program. But the code in the project quite a lot, and I will leave a lot of time on understanding how it works, and adding support for cross-compilation one even longer, so I wanted to ask you, are you interested in this? If yes, would you help me to work on the support of all of this? Well, if you are not interested, then can I ask your advice as you best understand how it all works?
With your help we can make the greatest and thin containers for any architecture!
If you are interested in this, will continue to be a rough outline of what should be done:
Parameters that need to be setuped in build.sh (list is incomplete):
also i tried to create new format for the builders, just single file with something like here (https://github.com/azimut/gentoo-bb/commit/c332ed987d840895946ce1eb7692ad1a251aa4b3#diff-f441b4865ba6d36dc97960983d439f9fR27):
EMERGE_BIN="emerge${HCHOST}"
CROSSDEV_TARGET="${TCHOST}"
configure_bob() {
if [ "${HCHOST}" == "15453654" ]; then
do something that this host chost need
fi
fi [ "${TCHOST}" == "d565665" ]; then
do something that this target chost is need
fi
crossdev -S --init-target --target ${TCHOST}
mkdir -p /usr/${CROSSDEV_TARGET}/etc/portage/package.{mask,unmask,use,keywords} /usr/${TCHOST}/tmp/
rm /usr/${TCHOST}/etc/portage/make.profile
ln -s /usr/portage/profiles/hardened/linux/${LIBC}/${ARCH}/${ARCH_FROM_CHOST} /usr/${TCHOST}/etc/portage/make.profile
head -n -3 /etc/portage/make.conf > /usr/${TCHOST}/etc/portage/make.conf
sed -i '7i CHOST=${TCHOST} \
CC=${CHOST}-gcc \
CFLAGS="-O2 -pipe -march=${BOB_CFLAGS}" \
CBUILD=${HCHOST} \
HOSTCC=${HCHOST}-gcc \
ROOT=/usr/${TCHOST}/ \
ACCEPT_KEYWORDS="*" \
PORTAGE_TMPDIR=${ROOT}tmp/ \
PKG_CONFIG_PATH="${ROOT}usr/lib/pkgconfig/" \
PKGDIR="/packages/${TCHOST}"' /usr/${TCHOST}/etc/portage/make.conf
sed -i -e 's/^ACCEPT_KEYWORDS=" ~"/ACCEPT_KEYWORDS="${ARCH}"/g' /usr/${TCHOST}/etc/portage/make.conf
# quick'n'dirty workaround as libsanitize currently breaks the tool chain build
echo "cross-${TCHOST}/gcc -sanitize" > /etc/portage/package.use/gcc
# init portage env defaults..
source /etc/profile
# ..but unset CHOST as it overrides make.conf
if [ "${HCHOST}" != "${TCHOST}" ]
unset CHOST CC CFLAGS CXXFLAGS
else
unset CC CFLAGS CXXFLAGS
fi
}
same for universal images:
configure_bob() {
if [ "${HCHOST}" == "15453654" ]; then
do something that this host chost need
fi
fi [ "${TCHOST}" == "d565665" ]; then
do something that this target chost is need
fi
}
for universal {images,builders} we need ability to save and run builders and images with names like gentoobb-builder-$TCHOST-$DATE for builders and gentoobb-$IMAGENAME-$TCHOST-$DATE for images.
Also still have to make many other changes to make it all work.
I am sorry that the text is so badly drafted, I did not fully understand how it works, and I wrote it all the dead of night.
Oh, and most importantly, the branch in which I am slowly starting to work on it all:
https://github.com/soredake/gentoo-bb/tree/universal
Apparently glibc installs require --privileged
container option since Docker 1.10.x. See moby/moby#1916. Fortunately we don't use docker build
to install packages, as a workaround add --privileged
here.
Due to #38 I looked into supporting multiple stage3 base containers, i.e. have a glibc
and musl
based stage3 coexist. This would enable us to drop all the crossdev
overhead just to get a static musl busybox binary, while also avoiding future crossdev problems with musl
as Gentoo's musl maintainer, by his own words, is not really interested in cross compiling support. Should also speed up the build quite a bit.
Got a working prototype so far but needs some more refactoring to make it generic and configurable.
Todo:
Probably the biggest refactor, but kinda required for the planned acbuild
support anyways:
build.conf
file to each build container/image, stage3 is only configurable for builder images:Example builder config:
#BUILDER="${NAMESPACE}/foo"
# ..or bootstrap a fresh stage3, overrides BUILDER if defined
STAGE3_DATE="20170104"
STAGE3_BASE="stage3-amd64-musl-hardened"
ARCH="amd64"
ARCH_URL="${MIRROR}experimental/${ARCH}/musl/"
# run build container in privileged mode, defaults to false
BUILD_PRIVILEGED=true
# important: changing any of the below requires core image rebuild (pass -c on rebuild)
BOB_CHOST="x86_64-gentoo-linux-musl"
#BOB_CFLAGS="${BOB_CFLAGS:--mtune=generic -O2 -pipe}"
#BOB_CXXFLAGS="${BOB_CXXFLAGS:-${BOB_CFLAGS}}"
# active in configure_bob() hook, generally only differs when using crossdev
#BOB_BUILDER_CHOST="${BOB_BUILDER_CHOST:-${BOB_CHOST}}"
#BOB_BUILDER_CFLAGS="${BOB_BUILDER_CFLAGS:-${BOB_CFLAGS}}"
#BOB_BUILDER_CXXFLAGS="${BOB_BUILDER_CXXFLAGS:-${BOB_CXXFLAGS}}"
Example image config:
BUILDER="ns/build_container" # prev. BUILD_FROM in Dockerfile
IMAGE_PARENT="ns/parent_image" # = FROM in Dockerfile
BUILD_PRIVILEGED=true
BUILDER
is optional for images, a DEFAULT_BUILDER
can be configured via namespace build.conf
.
This prepares nicely for acbuild
as Dockerfile.template
becomes an implementation detail.
Buildconfig.sh
to build.sh
, with the impending rebranding of the project the root build.sh
will most likely get renamed.├── build.conf <- sourced on host
├── build.sh <- sourced in build container
└── Dockerfile.template
Build container names generally start with gentoobb/bob, when a new build container state is committed the current image name gets appended. For example gentoobb/bob-openssl refers to the container used to build the gentoobb/openssl image.
This will possibly need some rework as the DEFAULT_BUILD_CONTAINER
name is different for each stage3.
musl
Currently DATE (or essentially the tag used when creating docker images) is coupled to stage3 date, doesn't make much sense with multiple stage3 that (possibily) each have their own date and should probably just be the local build date. Maybe rename DATE
to IMAGE_TAG
for clarity.
CHOST
, currently only CHOST
is consideredEdit: CHOST
is actually enough, but it needs to be set only once per stage3 core builder.
build.sh update
Currently we just scrape autobuilds/latest-stage3.txt
, this won't do for experimental stage3 files.
build.conf
build.conf
(see #53) / edit: not worth the effort imo, should be well documented thoughMore than happy if anyone wants to help out with the build.sh update
/ Gentoo mirror scraping stuff, I'll make a branch shortly.
in Dockerfile
you can pass:
ENV foo=bar \
bar=baz \
qux="foo bar"
..to avoid the multiple layers of images. Lets do this for our builders.
(not doing a PR atm since it's against the multistage3 branch)
I just wanted to file an issue based on the chat's we've had on IRC about this.
The gist is that Buildconfig.sh
scripts should have two phases; one for building the runtime docker image, and one for building the assets put in. For instance, a django project might need to be pulled over git while the actual docker image has no need for it [git].
071d363699c3 tmp # tar zxvf unzip60.tar.gz
tar: short read
071d363699c3 tmp # unzip infozip_binaries_linux_x64.zip
Archive: infozip_binaries_linux_x64.zip
inflating: zip
unzip: inflate error
When building from scratch the following will throw a build error:
./build.sh build gentoobb/busybox
--> generate build order
--> required engines: docker
--> required builders: gentoobb/bob-musl
--> build sequence: gentoobb/busybox
--> build gentoobb/stage3-import
--> build repo gentoobb/bob-core
--> build repo gentoobb/bob-musl
--> building rootfs
--> run gentoobb/bob:20170105
Unable to find image 'gentoobb/bob:20170105' locally
docker: Error response from daemon: repository gentoobb/bob not found: does not exist or no pull access.
See 'docker run --help'.
failed to run image gentoobb/bob:20170105
Targeting the next image gentoobb/glibc
will resolve the issue. Looks like a bug in the image dependency resolution as gentoobb/bob
is not picked up as a required builder, hence not getting built and then missing when gentoobb/bob-musl
is built.
gcc libvtv appears to depend on having execinfo.h
which musl lacks. for now this can be worked around by configuring USE=-vtv
for bob-musl
(maybe uclibc too).
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.