2021-01-31 16:23:04 +01:00
|
|
|
#!/usr/bin/env bash
|
|
|
|
#
|
2021-05-10 22:49:56 +02:00
|
|
|
# This script is run within a virtual environment to build the available archiso profiles and their available build
|
|
|
|
# modes and create checksum files for the resulting images.
|
2021-01-31 16:23:04 +01:00
|
|
|
# The script needs to be run as root and assumes $PWD to be the root of the repository.
|
2021-05-10 22:49:56 +02:00
|
|
|
#
|
|
|
|
# Dependencies:
|
|
|
|
# * all archiso dependencies
|
2021-05-13 13:16:51 +02:00
|
|
|
# * coreutils
|
|
|
|
# * gnupg
|
|
|
|
# * openssl
|
2021-05-10 22:49:56 +02:00
|
|
|
# * zsync
|
|
|
|
#
|
|
|
|
# $1: profile
|
|
|
|
# $2: buildmode
|
|
|
|
|
|
|
|
set -euo pipefail
|
|
|
|
shopt -s extglob
|
2021-01-31 16:23:04 +01:00
|
|
|
|
|
|
|
readonly orig_pwd="${PWD}"
|
|
|
|
readonly output="${orig_pwd}/output"
|
2021-05-13 13:16:51 +02:00
|
|
|
readonly tmpdir_base="${orig_pwd}/tmp"
|
2021-05-10 22:49:56 +02:00
|
|
|
readonly profile="${1}"
|
|
|
|
readonly buildmode="${2}"
|
|
|
|
readonly install_dir="arch"
|
|
|
|
|
2021-04-25 16:48:35 +02:00
|
|
|
tmpdir=""
|
2021-05-13 13:16:51 +02:00
|
|
|
tmpdir="$(mktemp --dry-run --directory --tmpdir="${tmpdir_base}")"
|
2021-05-01 15:41:35 +02:00
|
|
|
gnupg_homedir=""
|
2021-05-10 22:49:56 +02:00
|
|
|
codesigning_dir=""
|
|
|
|
codesigning_cert=""
|
|
|
|
codesigning_key=""
|
2021-05-01 15:41:35 +02:00
|
|
|
pgp_key_id=""
|
2021-01-31 16:23:04 +01:00
|
|
|
|
2021-05-13 13:16:51 +02:00
|
|
|
print_section_start() {
|
|
|
|
# gitlab collapsible sections start: https://docs.gitlab.com/ee/ci/jobs/#custom-collapsible-sections
|
|
|
|
local _section _title
|
|
|
|
_section="${1}"
|
|
|
|
_title="${2}"
|
|
|
|
|
|
|
|
printf "\e[0Ksection_start:%(%s)T:%s\r\e[0K%s\n" '-1' "${_section}" "${_title}"
|
|
|
|
}
|
|
|
|
|
|
|
|
print_section_end() {
|
|
|
|
# gitlab collapsible sections end: https://docs.gitlab.com/ee/ci/jobs/#custom-collapsible-sections
|
|
|
|
local _section
|
|
|
|
_section="${1}"
|
|
|
|
|
|
|
|
printf "\e[0Ksection_end:%(%s)T:%s\r\e[0K\n" '-1' "${_section}"
|
|
|
|
}
|
|
|
|
|
2021-01-31 16:23:04 +01:00
|
|
|
cleanup() {
|
|
|
|
# clean up temporary directories
|
2021-05-13 13:16:51 +02:00
|
|
|
print_section_start "cleanup" "Cleaning up temporary directory"
|
2021-05-10 22:49:56 +02:00
|
|
|
|
2021-05-13 13:16:51 +02:00
|
|
|
if [ -n "${tmpdir_base:-}" ]; then
|
|
|
|
rm -fr "${tmpdir_base}"
|
2021-01-31 16:23:04 +01:00
|
|
|
fi
|
2021-05-10 22:49:56 +02:00
|
|
|
|
2021-05-13 13:16:51 +02:00
|
|
|
print_section_end "cleanup"
|
2021-01-31 16:23:04 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
create_checksums() {
|
2021-05-10 22:49:56 +02:00
|
|
|
# create checksums for files
|
|
|
|
# $@: files
|
2021-05-13 13:16:51 +02:00
|
|
|
local _file_path _file_name _current_pwd
|
|
|
|
_current_pwd="${PWD}"
|
|
|
|
|
|
|
|
print_section_start "checksums" "Creating checksums"
|
|
|
|
|
|
|
|
for _file_path in "$@"; do
|
|
|
|
cd "$(dirname "${_file_path}")"
|
|
|
|
_file_name="$(basename "${_file_path}")"
|
|
|
|
b2sum "${_file_name}" > "${_file_name}.b2"
|
|
|
|
md5sum "${_file_name}" > "${_file_name}.md5"
|
|
|
|
sha1sum "${_file_name}" > "${_file_name}.sha1"
|
|
|
|
sha256sum "${_file_name}" > "${_file_name}.sha256"
|
|
|
|
sha512sum "${_file_name}" > "${_file_name}.sha512"
|
|
|
|
ls -lah "${_file_name}."{b2,md5,sha{1,256,512}}
|
|
|
|
cat "${_file_name}."{b2,md5,sha{1,256,512}}
|
2021-05-10 22:49:56 +02:00
|
|
|
done
|
2021-05-13 13:16:51 +02:00
|
|
|
cd "${_current_pwd}"
|
2021-05-10 22:49:56 +02:00
|
|
|
|
2021-05-13 13:16:51 +02:00
|
|
|
print_section_end "checksums"
|
2021-01-31 16:23:04 +01:00
|
|
|
}
|
|
|
|
|
2021-03-04 21:58:59 +01:00
|
|
|
create_zsync_delta() {
|
2021-05-10 22:49:56 +02:00
|
|
|
# create zsync control files for files
|
|
|
|
# $@: files
|
|
|
|
local _file
|
|
|
|
|
2021-05-13 13:16:51 +02:00
|
|
|
print_section_start "zsync_delta" "Creating zsync delta"
|
|
|
|
|
2021-05-10 22:49:56 +02:00
|
|
|
for _file in "$@"; do
|
|
|
|
if [[ "${buildmode}" == "bootstrap" ]]; then
|
|
|
|
# zsyncmake fails on 'too long between blocks' with default block size on bootstrap image
|
2021-05-13 13:16:51 +02:00
|
|
|
zsyncmake -v -b 512 -C -u "${_file##*/}" -o "${_file}".zsync "${_file}"
|
2021-05-10 22:49:56 +02:00
|
|
|
else
|
2021-05-13 13:16:51 +02:00
|
|
|
zsyncmake -v -C -u "${_file##*/}" -o "${_file}".zsync "${_file}"
|
2021-05-10 22:49:56 +02:00
|
|
|
fi
|
|
|
|
done
|
|
|
|
|
2021-05-13 13:16:51 +02:00
|
|
|
print_section_end "zsync_delta"
|
2021-03-04 21:58:59 +01:00
|
|
|
}
|
|
|
|
|
2021-04-02 11:23:18 +02:00
|
|
|
create_metrics() {
|
2021-06-30 23:23:21 +02:00
|
|
|
local _metrics="${output}/metrics.txt"
|
2021-04-02 11:23:18 +02:00
|
|
|
# create metrics
|
2021-05-13 13:16:51 +02:00
|
|
|
print_section_start "metrics" "Creating metrics"
|
2021-05-10 22:49:56 +02:00
|
|
|
|
2021-04-02 11:23:18 +02:00
|
|
|
{
|
2021-05-10 22:49:56 +02:00
|
|
|
# create metrics based on buildmode
|
|
|
|
case "${buildmode}" in
|
|
|
|
iso)
|
|
|
|
printf 'image_size_mebibytes{image="%s"} %s\n' \
|
|
|
|
"${profile}" \
|
2021-06-30 23:23:21 +02:00
|
|
|
"$(du -m -- "${output}/"*.iso | cut -f1)"
|
2021-05-10 22:49:56 +02:00
|
|
|
printf 'package_count{image="%s"} %s\n' \
|
|
|
|
"${profile}" \
|
2021-06-30 23:23:21 +02:00
|
|
|
"$(sort -u -- "${tmpdir}/iso/"*/pkglist.*.txt | wc -l)"
|
|
|
|
if [[ -e "${tmpdir}/efiboot.img" ]]; then
|
2021-05-10 22:49:56 +02:00
|
|
|
printf 'eltorito_efi_image_size_mebibytes{image="%s"} %s\n' \
|
|
|
|
"${profile}" \
|
2021-06-30 23:23:21 +02:00
|
|
|
"$(du -m -- "${tmpdir}/efiboot.img" | cut -f1)"
|
2021-05-10 22:49:56 +02:00
|
|
|
fi
|
|
|
|
# shellcheck disable=SC2046
|
|
|
|
# shellcheck disable=SC2183
|
|
|
|
printf 'initramfs_size_mebibytes{image="%s",initramfs="%s"} %s\n' \
|
2021-06-30 23:23:21 +02:00
|
|
|
$(du -m -- "${tmpdir}/iso/"*/boot/**/initramfs*.img | \
|
2021-05-10 22:49:56 +02:00
|
|
|
awk -v profile="${profile}" \
|
|
|
|
'function basename(file) {
|
|
|
|
sub(".*/", "", file)
|
|
|
|
return file
|
|
|
|
}
|
|
|
|
{ print profile, basename($2), $1 }'
|
|
|
|
)
|
|
|
|
;;
|
|
|
|
netboot)
|
|
|
|
printf 'netboot_size_mebibytes{image="%s"} %s\n' \
|
|
|
|
"${profile}" \
|
2021-06-30 23:23:21 +02:00
|
|
|
"$(du -m -- "${output}/${install_dir}/" | tail -n1 | cut -f1)"
|
2021-05-10 22:49:56 +02:00
|
|
|
printf 'netboot_package_count{image="%s"} %s\n' \
|
|
|
|
"${profile}" \
|
2021-06-30 23:23:21 +02:00
|
|
|
"$(sort -u -- "${tmpdir}/iso/"*/pkglist.*.txt | wc -l)"
|
2021-05-10 22:49:56 +02:00
|
|
|
;;
|
|
|
|
bootstrap)
|
|
|
|
printf 'bootstrap_size_mebibytes{image="%s"} %s\n' \
|
|
|
|
"${profile}" \
|
2021-06-30 23:23:21 +02:00
|
|
|
"$(du -m -- "${output}/"*.tar*(.gz|.xz|.zst) | cut -f1)"
|
2021-05-10 22:49:56 +02:00
|
|
|
printf 'bootstrap_package_count{image="%s"} %s\n' \
|
|
|
|
"${profile}" \
|
2021-06-30 23:23:21 +02:00
|
|
|
"$(sort -u -- "${tmpdir}/"*/bootstrap/root.*/pkglist.*.txt | wc -l)"
|
2021-05-10 22:49:56 +02:00
|
|
|
;;
|
|
|
|
esac
|
2021-05-13 13:16:51 +02:00
|
|
|
} > "${_metrics}"
|
|
|
|
ls -lah "${_metrics}"
|
|
|
|
cat "${_metrics}"
|
2021-05-10 22:49:56 +02:00
|
|
|
|
2021-05-13 13:16:51 +02:00
|
|
|
print_section_end "metrics"
|
2021-04-02 11:23:18 +02:00
|
|
|
}
|
|
|
|
|
2021-05-10 22:49:56 +02:00
|
|
|
create_ephemeral_pgp_key() {
|
2021-05-01 15:41:35 +02:00
|
|
|
# create an ephemeral PGP key for signing the rootfs image
|
2021-05-13 13:16:51 +02:00
|
|
|
print_section_start "ephemeral_pgp_key" "Creating ephemeral PGP key"
|
2021-05-10 22:49:56 +02:00
|
|
|
|
2021-05-01 15:41:35 +02:00
|
|
|
gnupg_homedir="$tmpdir/.gnupg"
|
|
|
|
mkdir -p "${gnupg_homedir}"
|
|
|
|
chmod 700 "${gnupg_homedir}"
|
|
|
|
|
|
|
|
cat << __EOF__ > "${gnupg_homedir}"/gpg.conf
|
|
|
|
quiet
|
|
|
|
batch
|
|
|
|
no-tty
|
|
|
|
no-permission-warning
|
|
|
|
export-options no-export-attributes,export-clean
|
|
|
|
list-options no-show-keyring
|
|
|
|
armor
|
|
|
|
no-emit-version
|
|
|
|
__EOF__
|
|
|
|
|
|
|
|
gpg --homedir "${gnupg_homedir}" --gen-key <<EOF
|
|
|
|
%echo Generating ephemeral Arch Linux release engineering key pair...
|
|
|
|
Key-Type: default
|
|
|
|
Key-Length: 3072
|
|
|
|
Key-Usage: sign
|
|
|
|
Name-Real: Arch Linux Release Engineering
|
|
|
|
Name-Comment: Ephemeral Signing Key
|
|
|
|
Name-Email: arch-releng@lists.archlinux.org
|
|
|
|
Expire-Date: 0
|
|
|
|
%no-protection
|
|
|
|
%commit
|
|
|
|
%echo Done
|
|
|
|
EOF
|
|
|
|
|
|
|
|
pgp_key_id="$(
|
|
|
|
gpg --homedir "${gnupg_homedir}" \
|
|
|
|
--list-secret-keys \
|
|
|
|
--with-colons \
|
|
|
|
| awk -F':' '{if($1 ~ /sec/){ print $5 }}'
|
|
|
|
)"
|
2021-05-10 22:49:56 +02:00
|
|
|
|
2021-05-13 13:16:51 +02:00
|
|
|
print_section_end "ephemeral_pgp_key"
|
2021-05-10 22:49:56 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
create_ephemeral_codesigning_key() {
|
|
|
|
# create ephemeral certificates used for codesigning
|
2021-05-13 13:16:51 +02:00
|
|
|
print_section_start "ephemeral_codesigning_key" "Creating ephemeral codesigning key"
|
2021-05-10 22:49:56 +02:00
|
|
|
|
|
|
|
codesigning_dir="${tmpdir}/.codesigning/"
|
|
|
|
local codesigning_conf="${codesigning_dir}/openssl.cnf"
|
|
|
|
local codesigning_subj="/C=DE/ST=Berlin/L=Berlin/O=Arch Linux/OU=Release Engineering/CN=archlinux.org"
|
|
|
|
codesigning_cert="${codesigning_dir}/codesign.crt"
|
|
|
|
codesigning_key="${codesigning_dir}/codesign.key"
|
|
|
|
mkdir -p "${codesigning_dir}"
|
|
|
|
cp -- /etc/ssl/openssl.cnf "${codesigning_conf}"
|
|
|
|
printf "\n[codesigning]\nkeyUsage=digitalSignature\nextendedKeyUsage=codeSigning\n" >> "${codesigning_conf}"
|
|
|
|
openssl req \
|
|
|
|
-newkey rsa:4096 \
|
|
|
|
-keyout "${codesigning_key}" \
|
|
|
|
-nodes \
|
|
|
|
-sha256 \
|
|
|
|
-x509 \
|
|
|
|
-days 365 \
|
|
|
|
-out "${codesigning_cert}" \
|
|
|
|
-config "${codesigning_conf}" \
|
|
|
|
-subj "${codesigning_subj}" \
|
|
|
|
-extensions codesigning
|
|
|
|
|
2021-05-13 13:16:51 +02:00
|
|
|
print_section_end "ephemeral_codesigning_key"
|
2021-05-01 15:41:35 +02:00
|
|
|
}
|
|
|
|
|
2021-01-31 16:23:04 +01:00
|
|
|
run_mkarchiso() {
|
|
|
|
# run mkarchiso
|
2021-05-10 22:49:56 +02:00
|
|
|
create_ephemeral_pgp_key
|
|
|
|
create_ephemeral_codesigning_key
|
|
|
|
|
2021-05-13 13:16:51 +02:00
|
|
|
print_section_start "mkarchiso" "Running mkarchiso"
|
2021-06-30 23:23:21 +02:00
|
|
|
mkdir -p "${output}/" "${tmpdir}/"
|
2021-05-01 15:41:35 +02:00
|
|
|
GNUPGHOME="${gnupg_homedir}" ./archiso/mkarchiso \
|
2021-05-10 22:49:56 +02:00
|
|
|
-D "${install_dir}" \
|
|
|
|
-c "${codesigning_cert} ${codesigning_key}" \
|
2021-05-01 15:41:35 +02:00
|
|
|
-g "${pgp_key_id}" \
|
2021-06-30 23:23:21 +02:00
|
|
|
-o "${output}/" \
|
|
|
|
-w "${tmpdir}/" \
|
2021-05-10 22:49:56 +02:00
|
|
|
-m "${buildmode}" \
|
|
|
|
-v "configs/${profile}"
|
|
|
|
|
2021-05-13 13:16:51 +02:00
|
|
|
print_section_end "mkarchiso"
|
2021-05-10 22:49:56 +02:00
|
|
|
|
|
|
|
if [[ "${buildmode}" =~ "iso" ]]; then
|
2021-06-30 23:23:21 +02:00
|
|
|
create_zsync_delta "${output}/"*.iso
|
|
|
|
create_checksums "${output}/"*.iso
|
2021-05-10 22:49:56 +02:00
|
|
|
fi
|
|
|
|
if [[ "${buildmode}" == "bootstrap" ]]; then
|
2021-06-30 23:23:21 +02:00
|
|
|
create_zsync_delta "${output}/"*.tar*(.gz|.xz|.zst)
|
|
|
|
create_checksums "${output}/"*.tar*(.gz|.xz|.zst)
|
2021-05-10 22:49:56 +02:00
|
|
|
fi
|
|
|
|
create_metrics
|
2021-05-13 13:16:51 +02:00
|
|
|
|
|
|
|
print_section_start "ownership" "Setting ownership on output"
|
|
|
|
|
|
|
|
if [[ -n "${SUDO_UID:-}" ]] && [[ -n "${SUDO_GID:-}" ]]; then
|
|
|
|
chown -Rv "${SUDO_UID}:${SUDO_GID}" -- "${output}"
|
|
|
|
fi
|
|
|
|
print_section_end "ownership"
|
2021-01-31 16:23:04 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
trap cleanup EXIT
|
|
|
|
|
2021-05-10 22:49:56 +02:00
|
|
|
run_mkarchiso
|