Offspring

Merge lp:~notnownikki/offspring/post-build-chroot into lp:offspring

  1. post-build-chroot
  2. Merge into trunk
Proposed by Nicola Heald
Status: Merged
Merged at revision: 180
Proposed branch: lp:~notnownikki/offspring/post-build-chroot
Merge into: lp:offspring
Diff against target: 111 lines (+53/-3)
3 files modified
lib/offspring/build/bin/offspring-build (+38/-1)
lib/offspring/build/functions/exit.sh (+8/-0)
lib/offspring/build/functions/files.sh (+7/-2)
To merge this branch: bzr merge lp:~notnownikki/offspring/post-build-chroot
Reviewer Review Type Date Requested Status
Timothy R. Chavez Approve
Review via email: mp+192018@code.launchpad.net

Description of the change

Adds a routine that looks for a post-build bash script in the project config, and builds a chroot with access to the built image to run it in if it's there.

Requires the following commands to be runnable with sudo:

umount /var/tmp/lexbuild*
rm -rf /var/tmp/lexbuild*
debbootstrap
mkdir /var/tmp/lexbuild*
mount -o bind
chroot /var/tmp/lexbuild*
/bin/chown

Tim, can you check through and make sure I've got those extra sudo command right for our environment before I go merging anything? Cheers!

To post a comment you must log in.
Revision history for this message
Timothy R. Chavez (timrchavez) wrote :

Hey, I looked at this and will look at it again in the morning. I also want to speak with you to get some clarifications on some things.

Revision history for this message
Timothy R. Chavez (timrchavez) wrote :

Okay, after some discussion with Kevin and Mike, I think we've agreed to not copy the ssh keys or apt sources into the post-build hook chroot since there is no post-build hook use case that requires either and raises some concerns about security (though to be perfectly honest these concerns already exist due to the fact that people can build in the buildd environment directly if they choose too) :/

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'lib/offspring/build/bin/offspring-build'
2--- lib/offspring/build/bin/offspring-build 2012-06-13 09:11:32 +0000
3+++ lib/offspring/build/bin/offspring-build 2013-10-21 16:46:38 +0000
4@@ -120,7 +120,6 @@
5
6 Info "Saving copy of build setup to build results directory."
7 Export_project_config "${PROJECT}" "${RESULTDIR_CONFIGFILES}/"
8-
9 Buildtool_build
10
11 Catch_faults permit_errors
12@@ -150,6 +149,43 @@
13 Info "Build stage completed at %s" "`date`"
14 }
15
16+_PostBuild() {
17+ IBS_USER_ID=`id -u`
18+ IBS_GROUP_ID=`id -g`
19+ POST_BUILD_SCRIPT="$IBS_PROJECTCONFIGDIR/post-build"
20+ POST_BUILD_CHROOT_DIR="$IBS_WORK_DIR/post-build-chroot"
21+ Info "Checking post build script at $POST_BUILD_SCRIPT"
22+ if [ -e $POST_BUILD_SCRIPT ]
23+ then
24+ Info "Preparing chroot"
25+ Info "Reading SSH keys"
26+ SSH_KEY=$(<~/.ssh/id_rsa)
27+ SSH_PUB_KEY=$(<~/.ssh/id_rsa.pub)
28+ mkdir $POST_BUILD_CHROOT_DIR
29+ Info "Copying extra apt sources"
30+ mkdir -p $POST_BUILD_CHROOT_DIR/etc/apt/sources.list.d
31+ cp /etc/apt/sources.list.d/* $POST_BUILD_CHROOT_DIR/etc/apt/sources.list.d
32+ Info "Bootstrapping"
33+ sudo debootstrap --variant=buildd precise $POST_BUILD_CHROOT_DIR
34+ Info "Mounting project and build directories"
35+ sudo mkdir $POST_BUILD_CHROOT_DIR/project
36+ sudo mkdir $POST_BUILD_CHROOT_DIR/build
37+ sudo mount -o bind $IBS_PROJECTCONFIGDIR $POST_BUILD_CHROOT_DIR/project
38+ sudo mount -o bind $NEWMANIFESTDIR $POST_BUILD_CHROOT_DIR/build
39+ Info "Installing ssh keys"
40+ sudo chroot $POST_BUILD_CHROOT_DIR /bin/bash -c "mkdir -p ~/.ssh"
41+ sudo chroot $POST_BUILD_CHROOT_DIR /bin/bash -c "echo \"$SSH_KEY\" > ~/.ssh/id_rsa"
42+ sudo chroot $POST_BUILD_CHROOT_DIR /bin/bash -c "echo \"$SSH_PUB_KEY\" > ~/.ssh/id_rsa.pub"
43+ sudo chroot $POST_BUILD_CHROOT_DIR /bin/bash -c "chmod 600 ~/.ssh/id_rsa"
44+ Info "Installing apt keys"
45+ apt-key exportall | sudo chroot $POST_BUILD_CHROOT_DIR /bin/bash -c "apt-key add -"
46+ Info "Executing post-build script"
47+ sudo chroot $POST_BUILD_CHROOT_DIR /bin/bash -c "PROJECT=$PROJECT BUILD_DATE=$DATE BUILD_ORDER=$BUILDCOUNT ISO_PATH=/build/$IBS_BUILT_ISO_FILENAME RESULT_DIR=/build /bin/bash /project/post-build"
48+ Info "Restoring ownership of files in the build directory"
49+ sudo /bin/chown $IBS_USER_ID:$IBS_GROUP_ID $NEWMANIFESTDIR/*
50+ fi
51+}
52+
53 _GenerateReports() {
54 mkdir -p "${RESULTDIR_REPORTS}"
55 generateTreeGraph
56@@ -204,5 +240,6 @@
57
58 # Perform the build
59 _Build
60+_PostBuild
61 _GenerateReports
62 _Culminate
63
64=== modified file 'lib/offspring/build/functions/exit.sh'
65--- lib/offspring/build/functions/exit.sh 2012-04-30 19:43:01 +0000
66+++ lib/offspring/build/functions/exit.sh 2013-10-21 16:46:38 +0000
67@@ -61,6 +61,14 @@
68 Action_done
69 fi
70
71+ if [ -e "$IBS_WORK_DIR/post-build-chroot" ]
72+ then
73+ Info "Cleaning up post-build chroot"
74+ sudo umount $IBS_WORK_DIR/post-build-chroot/project
75+ sudo umount $IBS_WORK_DIR/post-build-chroot/build
76+ sudo rm -rf $IBS_WORK_DIR/post-build-chroot
77+ fi
78+
79 Action "Removing build statefile"
80 rm ${IBS_BUILD_STATEFILE}
81 Action_done
82
83=== modified file 'lib/offspring/build/functions/files.sh'
84--- lib/offspring/build/functions/files.sh 2013-02-28 12:31:01 +0000
85+++ lib/offspring/build/functions/files.sh 2013-10-21 16:46:38 +0000
86@@ -23,7 +23,7 @@
87 fi
88
89 _EXT="$(echo ${_FILE_PATH} | rev | cut -d'.' -f1 | rev)"
90- if [ "${_EXT}" = "zsync" ]
91+ if [ "${_EXT}" = "zsync" ] && [ -z "${_DONT_RENAME}" ]
92 then
93 _ORIGINAL_TARGET="$(basename ${_FILE_PATH} | sed s/.zsync$//)"
94 _NEW_TARGET="$(echo ${_NEW_FILENAME} | sed s/.zsync$//)"
95@@ -52,10 +52,15 @@
96 _FILE_HASH="$(Calculate_hash ${_CHECKSUM_TYPE} ${_FILE_PATH})"
97 echo "${_FILE_HASH} ${_NEW_FILENAME}" >> "${_DESTINATION}/${PROJECT}-${BUILDNAME}.${_CHECKSUM_TYPE}sums.txt"
98 done
99-
100+
101 Debug "Copying file '${_FILE_PATH}' to '${_DESTINATION}/${_NEW_FILENAME}'"
102 cp "${_FILE_PATH}" "${_DESTINATION}/${_NEW_FILENAME}"
103
104+ if [ "${_EXT}" = "iso" ]
105+ then
106+ IBS_BUILT_ISO_FILENAME=$_NEW_FILENAME
107+ fi
108+
109 Debug "Verifying integrity of copy"
110 for _CHECKSUM_TYPE in ${IBS_CHECKSUM_TYPES}
111 do

Subscribers

People subscribed via source and target branches