Compare commits

...

2 commits

Author SHA1 Message Date
7554d1246d
gitlab-ci: drop
All checks were successful
/ build-test (pull_request) Successful in 12m12s
2024-08-21 15:02:32 -04:00
4b365531b5
forgejo-ci: move to forgejo actions 2024-08-21 15:02:08 -04:00
5 changed files with 227 additions and 112 deletions

View file

@ -0,0 +1,184 @@
diff --git a/cleanup_image b/cleanup_image
index 224c04a..911b238 100755
--- a/cleanup_image
+++ b/cleanup_image
@@ -1,6 +1,7 @@
#!/bin/sh
export INSTALLDIR=$1
+export TEMPLATE_USE_FUSE=1
. ./builder_setup
@@ -20,5 +21,8 @@ fi
echo "--> Cleaning up image file..."
$SCRIPTSDIR/09_cleanup.sh
-echo "--> Compacting image file..."
-/sbin/fstrim -v "$INSTALLDIR"
+# fstrim not supported in userspace
+if [ "$TEMPLATE_USE_FUSE" -ne 1 ]; then
+ echo "--> Compacting image file..."
+ /sbin/fstrim -v "$INSTALLDIR"
+fi
diff --git a/prepare_image b/prepare_image
index 6334879..de1a2af 100755
--- a/prepare_image
+++ b/prepare_image
@@ -19,6 +19,8 @@ RETCODE=0
. ./builder_setup >/dev/null
. ./umount_kill.sh >/dev/null
+export TEMPLATE_USE_FUSE=1
+
if ! [ $# -eq 1 ]; then
echo "usage ${0} <img_file_name>"
exit
@@ -55,11 +57,20 @@ echo "-> Preparing instalation of ${DIST} template..."
if [ -f "${IMG}" ]; then
echo "-> Image file already exists, assuming *update*..."
if [ "0$TEMPLATE_ROOT_WITH_PARTITIONS" -eq 1 ]; then
- IMG_LOOP=$(/sbin/losetup -P -f --show "$IMG")
- IMG_DEV=${IMG_LOOP}p3
+ if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then
+ echo "Fuse mode not implemented when TEMPLATE_ROOT_WITH_PARTITIONS is true"
+ exit
+ else
+ IMG_LOOP=$(/sbin/losetup -P -f --show "$IMG")
+ IMG_DEV=${IMG_LOOP}p3
+ fi
else
- IMG_LOOP=$(/sbin/losetup -f --show "$IMG")
- IMG_DEV=${IMG_LOOP}
+ if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then
+ IMG_DEV=$IMG
+ else
+ IMG_LOOP=$(/sbin/losetup -f --show "$IMG")
+ IMG_DEV=${IMG_LOOP}
+ fi
fi
udevadm settle --exit-if-exists="$IMG_DEV"
else
@@ -78,11 +89,20 @@ size=2MiB, type=21686148-6449-6E6F-744E-656564454649, uuid=1e6c9db4-1e91-46c4-84
type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, uuid=693244e6-3e07-47bf-ad79-acade4293fe7, name="Root filesystem"
EOF
- IMG_LOOP=$(/sbin/losetup -P -f --show "$IMG")
- IMG_DEV=${IMG_LOOP}p3
+ if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then
+ echo "Fuse mode not implemented when TEMPLATE_ROOT_WITH_PARTITIONS is true"
+ exit
+ else
+ IMG_LOOP=$(/sbin/losetup -P -f --show "$IMG")
+ IMG_DEV=${IMG_LOOP}p3
+ fi
else
- IMG_LOOP=$(/sbin/losetup -f --show "$IMG")
- IMG_DEV=${IMG_LOOP}
+ if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then
+ IMG_DEV=$IMG
+ else
+ IMG_LOOP=$(/sbin/losetup -f --show "$IMG")
+ IMG_DEV=${IMG_LOOP}
+ fi
fi
udevadm settle --exit-if-exists="$IMG_DEV"
@@ -90,7 +110,9 @@ EOF
/sbin/mkfs.ext4 -q -F "${IMG_DEV}" || exit 1
fi
-mount "${IMG_DEV}" "${INSTALLDIR}" || exit 1
+if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then
+ fuse2fs "${IMG_DEV}" "${INSTALLDIR}" || exit 1
+fi
trap "umount_kill $(readlink -m ${INSTALLDIR})" EXIT
"${SCRIPTSDIR}/01_install_core.sh"
@@ -107,6 +129,8 @@ trap - EXIT
echo "-> Unmounting prepared_image..."
umount_kill "$(readlink -m ${INSTALLDIR})" || true
-/sbin/losetup -d ${IMG_LOOP}
+if [ "$TEMPLATE_USE_FUSE" -ne 1 ]; then
+ /sbin/losetup -d ${IMG_LOOP}
+fi
exit ${RETCODE}
diff --git a/qubeize_image b/qubeize_image
index 19c37cb..9e5179d 100755
--- a/qubeize_image
+++ b/qubeize_image
@@ -13,6 +13,8 @@ export CLEANIMG="$1"
export NAME="$2"
export LC_ALL=POSIX
+export TEMPLATE_USE_FUSE=1
+
. ./builder_setup >/dev/null
. ./umount_kill.sh >/dev/null
@@ -50,7 +52,9 @@ function cleanup() {
trap - ERR
trap
umount_kill "$PWD/mnt" || true
- /sbin/losetup -d ${IMG_LOOP}
+ if [ "$TEMPLATE_USE_FUSE" -ne 1 ]; then
+ /sbin/losetup -d ${IMG_LOOP}
+ fi
exit $errval
}
trap cleanup ERR
@@ -72,14 +76,27 @@ fi
echo "--> Mounting $IMG"
mkdir -p mnt
if [ "0$TEMPLATE_ROOT_WITH_PARTITIONS" -eq 1 ]; then
- IMG_LOOP=$(/sbin/losetup -P -f --show "$IMG")
- IMG_DEV=${IMG_LOOP}p3
+ if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then
+ echo "Fuse mode not implemented when TEMPLATE_ROOT_WITH_PARTITIONS is true"
+ exit
+ else
+ IMG_LOOP=$(/sbin/losetup -P -f --show "$IMG")
+ IMG_DEV=${IMG_LOOP}p3
+ fi
else
- IMG_LOOP=$(/sbin/losetup -f --show "$IMG")
- IMG_DEV=${IMG_LOOP}
+ if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then
+ IMG_DEV=$IMG
+ else
+ IMG_LOOP=$(/sbin/losetup -f --show "$IMG")
+ IMG_DEV=${IMG_LOOP}
+ fi
fi
udevadm settle --exit-if-exists="$IMG_DEV"
-mount "$IMG_DEV" mnt || exit 1
+if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then
+ fuse2fs "$IMG_DEV" mnt
+else
+ mount "$IMG_DEV" mnt || exit 1
+fi
export INSTALLDIR=mnt
# prepare for template.conf, so the qubeize script may generate it dynamically
@@ -159,7 +176,9 @@ ls -als $IMG
# ------------------------------------------------------------------------------
echo "--> Unmounting $IMG"
umount_kill "$PWD/mnt" || true
-/sbin/losetup -d ${IMG_LOOP}
+if [ "$TEMPLATE_USE_FUSE" -ne 1 ]; then
+ /sbin/losetup -d ${IMG_LOOP}
+fi
echo "Qubeized image stored at: $IMG"
diff --git a/templates.spec b/templates.spec
index e1a82e9..210ef57 100644
--- a/templates.spec
+++ b/templates.spec
@@ -193,3 +193,4 @@ rm -rf $RPM_BUILD_ROOT
%attr (664,root,qubes) %{dest_dir}/vm-whitelisted-appmenus.list
%attr (664,root,qubes) %{dest_dir}/netvm-whitelisted-appmenus.list
%attr (664,root,qubes) %{dest_dir}/template.conf
+%define _arch x86_64

View file

@ -0,0 +1,36 @@
on:
pull_request:
types: [ assigned, opened, synchronize, reopened ]
jobs:
build-test:
runs-on: x86_64
container:
image: alpine:3.20
steps:
- name: Environment setup
run: |
apk add rpm wget coreutils eudev e2fsprogs xen doas sudo curl nodejs git alpine-sdk fuse2fs patch findutils grep
cd /etc/apk/keys
curl -JO https://ayakael.net/api/packages/forge/alpine/key
- name: Repo pull
uses: actions/checkout@v4
with:
fetch-depth: 500
- name: RPM build
run: |
git clone https://github.com/QubesOS/qubes-builder
mkdir qubes-builder/qubes-src
ln -s $GITHUB_WORKSPACE qubes-builder/qubes-src/builder-alpine
cp builder.conf qubes-builder/.
git clone https://github.com/QubesOS/qubes-linux-template-builder qubes-builder/qubes-src/linux-template-builder
patch -d qubes-builder/qubes-src/linux-template-builder -p1 -i $GITHUB_WORKSPACE/.forgejo/patches/linux-template-builder_use-fuse.patch
echo "%define _arch x86_64" >> qubes-builder/qubes-src/linux-template-builder/templates.spec
cd qubes-builder
make linux-template-builder
cp qubes-src/linux-template-builder/rpm/noarch/qubes-template-*.rpm $GITHUB_WORKSPACE/.
- name: Package upload
uses: forgejo/upload-artifact@v3
with:
name: package
path: qubes-template-*.rpm

View file

@ -1,107 +0,0 @@
stages:
- build
- release
variables:
GIT_STRATEGY: clone
GIT_DEPTH: "500"
.verify:
stage: build
rules:
- if: $CI_MERGE_REQUEST_ID
interruptible: true
script:
- |
sudo apk add rpm wget losetup coreutils eudev e2fsprogs xen
doas addgroup $USER abuild
export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin"
git clone https://github.com/QubesOS/qubes-builder
mkdir qubes-builder/qubes-src
ln -s $CI_PROJECT_DIR qubes-builder/qubes-src/builder-alpine
cp builder.conf qubes-builder/.
git clone https://github.com/QubesOS/qubes-linux-template-builder qubes-builder/qubes-src/linux-template-builder
echo "%define _arch x86_64" >> qubes-builder/qubes-src/linux-template-builder/templates.spec
cd qubes-builder
make linux-template-builder
cp qubes-src/linux-template-builder/rpm/noarch/qubes-template-*.rpm $CI_PROJECT_DIR/.
artifacts:
paths:
- qubes-template-*.rpm
expire_in: 7 days
when: always
tags:
- qubes-template
verify-alpine320:
extends: .verify
variables:
CI_ALPINE_TARGET_RELEASE: alpine320
.build:
stage: build
rules:
- if: $CI_COMMIT_TAG
interruptible: true
script:
- |
sudo apk add rpm wget losetup coreutils eudev e2fsprogs xen
doas addgroup $USER abuild
export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin"
git clone https://github.com/QubesOS/qubes-builder
mkdir qubes-builder/qubes-src
ln -s $CI_PROJECT_DIR qubes-builder/qubes-src/builder-alpine
cp builder.conf qubes-builder/.
git clone https://github.com/QubesOS/qubes-linux-template-builder qubes-builder/qubes-src/linux-template-builder
echo "%define _arch x86_64" >> qubes-builder/qubes-src/linux-template-builder/templates.spec
cd qubes-builder
make linux-template-builder
cp qubes-src/linux-template-builder/rpm/noarch/qubes-template-*.rpm $CI_PROJECT_DIR/.
cd $CI_PROJECT_DIR
CI_ALPINE_RPM_NAME="$(find qubes-template*.rpm)"
echo "ALPINE_RPM_NAME=$CI_ALPINE_RPM_NAME" > job.env
echo "Generating sha512sum"
sha512sum $CI_ALPINE_RPM_NAME > $CI_ALPINE_RPM_NAME.sha512sum
after_script:
- echo "JOB_ID=$CI_JOB_ID" >> job.env
artifacts:
paths:
- qubes-template*.rpm
- qubes-template*.sha512sum
expire_in: never
when: always
reports:
dotenv: job.env
tags:
- qubes-template
build-alpine320:
extends: .build
variables:
CI_ALPINE_TARGET_RELEASE: alpine320
release:
stage: release
allow_failure: false
tags:
- qubes-template
rules:
- if: $CI_COMMIT_TAG
when: on_success
script:
- echo "Create Release $GI_COMMIT_TAG"
- echo $JOB_ID
- echo $ALPINE_RPM_NAME
release:
name: 'Release $CI_COMMIT_TAG'
description: 'Release $CI_COMMIT_TAG'
tag_name: '$CI_COMMIT_TAG'
ref: '$CI_COMMIT_SHA'
assets:
links:
- name: "$ALPINE_RPM_NAME"
filepath: "/template/qubes-template-$CI_COMMIT_TAG.rpm"
url: "https://lab.ilot.io/ayakael/qubes-builder-alpine/-/jobs/$JOB_ID/artifacts/raw/$ALPINE_RPM_NAME"
- name: "$ALPINE_RPM_NAME.sha512sum"
filepath: "/template/qubes-template-$CI_COMMIT_TAG.rpm.sha512sum"
url: "https://lab.ilot.io/ayakael/qubes-builder-alpine/-/jobs/$JOB_ID/artifacts/raw/$ALPINE_RPM_NAME.sha512sum"

View file

@ -17,8 +17,8 @@ fi
APKTOOLS_CACHE_DIR="${CACHEDIR}/apk_cache"
ALPINELINUX_VERSION=${DIST_VER:-latest-stable}
QUBESALPINE_MIRROR="${QUBESALPINE_MIRROR:-https://lab.ilot.io/ayakael/repo-apk/-/raw}"
QUBESALPINE_KEYFILE="${QUBESALPINE_KEYFILE:-antoine.martin@protonmail.com-5b3109ad.rsa.pub}"
QUBESALPINE_MIRROR="${QUBESALPINE_MIRROR:-https://ayakael.net/api/packages/forge/alpine}"
QUBESALPINE_KEYFILE="${QUBESALPINE_KEYFILE:-https://ayakael.net/api/packages/forge/alpine/key}"
QUBES_REL="${QUBES_REL:-r4.2}"
export APK_CACHE_DIR
@ -28,8 +28,10 @@ if [ "$VERBOSE" -ge 2 ] || [ "$DEBUG" -gt 0 ]; then
fi
echo " --> Adding Qubes custom repository..."
su -c "echo '$QUBESALPINE_MIRROR/$ALPINELINUX_VERSION/qubes/$QUBES_REL' >> $INSTALLDIR/etc/apk/repositories"
wget "$QUBESALPINE_MIRROR/$ALPINELINUX_VERSION/$QUBESALPINE_KEYFILE" -P "$INSTALLDIR"/etc/apk/keys
su -c "echo '$QUBESALPINE_MIRROR/$ALPINELINUX_VERSION/qubes-$QUBES_REL' >> $INSTALLDIR/etc/apk/repositories"
pushd "$INSTALLDIR"/etc/apk/keys
curl -JO "$QUBESALPINE_KEYFILE"
popd
echo " --> Synchronize resolv.conf..."
cp /etc/resolv.conf "${INSTALLDIR}/etc/resolv.conf"

View file

@ -31,7 +31,7 @@ chroot_setup() {
chroot_add_mount sys "$1/sys" -t sysfs -o nosuid,noexec,nodev,ro &&
# alpine-chroot will never have occasion to use efivars, so don't bother
# mounting efivarfs here
chroot_add_mount udev "$1/dev" -t devtmpfs -o mode=0755,nosuid &&
chroot_add_mount /dev "$1/dev" -o bind &&
chroot_add_mount devpts "$1/dev/pts" -t devpts -o mode=0620,gid=5,nosuid,noexec &&
chroot_add_mount shm "$1/dev/shm" -t tmpfs -o mode=1777,nosuid,nodev &&
chroot_add_mount run "$1/run" -t tmpfs -o nosuid,nodev,mode=0755 &&