folkslinux
/
VMware-Photon-OS
mirror of https://github.com/vmware/photon.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

support/package-builder: add support to customize chroot by dropping a script 

Change-Id: I465c8e822bf2b1d90e9453324bebbe2a09faf6e2
Signed-off-by: Shreenidhi Shedi <shreenidhi.shedi@broadcom.com>
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/c/photon/+/24207
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Srinidhi Rao <srinidhi.rao@broadcom.com>
This commit is contained in:
Shreenidhi Shedi 2024-07-04 20:39:33 +05:30
parent 2490f7a902
commit 4573e7537e
8 changed files with 50 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
build-config.json
View File

@ -29,7 +29,11 @@
"pull-sources-config": "https://packages.vmware.com/photon/photon_sources/1.0",
"publishrpm-url": "https://packages.vmware.com/photon/photon_publish_rpms",
"publishXrpm-url": "https://packages.vmware.com/photon/photon_publish_x_rpms"
"publishXrpm-url": "https://packages.vmware.com/photon/photon_publish_x_rpms",
"copy-to-sandbox": {
"adjust-gcc-specs": {"src": "tools/scripts/adjust-gcc-specs.sh", "dest": "/tmp"},
"chroot-env-setup-script": {}
}
},
"photon-path": "",
"stage-path": "",

6
build.py
View File

@ -1534,6 +1534,12 @@ def initialize_constants():
bool(configdict["photon-build-param"]["resume-build"])
)
filesToCopyToSb = configdict.get("photon-build-param", {}).get("copy-to-sandbox", "")
for k, v in filesToCopyToSb.items():
if not v:
continue
constants.storeScriptsToCopy(k, v)
constants.initialize()
check_prerequesite["initialize-constants"] = True

2
help.txt
View File

@ -137,6 +137,8 @@ RPMCHECK
THREADS
- Number of packages to build in parallel, doesn't work like `make -j`
CHROOT_ENV_SETUP_SCRIPT
- Script's absolute path to customize chroot build environment
Examples:

2
support/package-builder/PackageBuilder.py
View File

@ -93,6 +93,8 @@ class PackageBuilder(object):
self._installDependencies(constants.targetArch)
pkgUtils = PackageUtils(self.logName, self.logPath)
for _, v in constants.CopyToSandboxDict.items():
pkgUtils.copyFileToSandbox(self.sandbox, v["src"], v["dest"])
pkgUtils.adjustGCCSpecs(self.sandbox, self.package, self.version)
pkgUtils.buildRPMSForGivenPackage(
self.sandbox, self.package, self.version, self.logPath

14
support/package-builder/PackageUtils.py
View File

@ -15,6 +15,7 @@ class PackageUtils(object):
logName = "PackageUtils"
if logPath is None:
logPath = constants.logPath
self.scriptDir = os.path.dirname(__file__)
self.logName = logName
self.logPath = logPath
self.logger = Logger.getLogger(logName, logPath, constants.logLevel)
@ -282,10 +283,6 @@ class PackageUtils(object):
opt = " " + SPECS.getData().getSecurityHardeningOption(
package, version
)
sandbox.put(
os.path.join(os.path.dirname(__file__), self.adjustGCCSpecScript),
"/tmp",
)
cmd = f"/tmp/{self.adjustGCCSpecScript}{opt}"
if not sandbox.run(cmd, logfn=self.logger.debug):
return
@ -302,6 +299,15 @@ class PackageUtils(object):
self.logger.error("Failed while adjusting gcc specs")
raise Exception("Failed while adjusting gcc specs")
def copyFileToSandbox(self, sandbox, src, dest):
if not os.path.isfile(src):
raise Exception(f"'{src}' is not present ...")
if not os.path.isabs(src):
src = f"{constants.photonDir}/{src}"
sandbox.put(src, dest)
def _verifyShaAndGetSourcePath(self, source, package, version):
# Fetch/verify sources if checksum not None.
checksum = SPECS.getData().getChecksum(package, version, source)

6
support/package-builder/constants.py
View File

@ -2,6 +2,7 @@
import platform
from copy import deepcopy
from Logger import Logger
from CommandUtils import CommandUtils as cmdUtils
@ -53,6 +54,7 @@ class constants(object):
resume_build = False
buildDbgInfoRpmList = []
extraPackagesList = []
CopyToSandboxDict = {}
noDepsPackageList = [
"texinfo",
@ -560,6 +562,10 @@ class constants(object):
macros[k] = v
return macros
@staticmethod
def storeScriptsToCopy(key, val):
constants.CopyToSandboxDict[key] = deepcopy(val)
def checkIfHostRpmNotUsable():
if constants.hostRpmIsNotUsable >= 0:
return constants.hostRpmIsNotUsable

2
support/package-builder/run-in-chroot.sh
View File

@ -40,4 +40,4 @@ $CHROOT_CMD "${BUILDROOT}" \
LC_ALL=en_US.UTF-8 \
/bin/bash --login +h -c "$*"
exit 0
exit $?

40
support/package-builder/adjust-gcc-specs.sh → tools/scripts/adjust-gcc-specs.sh
View File

@ -8,13 +8,11 @@ USE_PIE=1
USE_ZRELRO=1
USE_ZNOW=1
echo "Using options:" $@
SPECFILE="`dirname $(gcc --print-libgcc-file-name)`/../specs"
echo "Using options: $@"
SPECFILE="$(dirname $(gcc --print-libgcc-file-name))/../specs"
# Enable/disable triggers
case $1 in
none)
rm -f $SPECFILE
@ -33,9 +31,7 @@ nonow)
;;
esac
# Populate gcc spec variables in according to enabled triggers
CC1_EXTRA=""
CC1PLUS_EXTRA=""
CPP_EXTRA=""
@ -68,35 +64,33 @@ if [ $USE_ZNOW -eq 1 ]; then
fi
# Create gcc spec file
echo "# Security hardening flags" > $SPECFILE
if [ -n "$CC1_EXTRA" ]; then
echo >> $SPECFILE
echo "*cc1:" >> $SPECFILE
echo "+$CC1_EXTRA" >> $SPECFILE
echo -en "\n
*cc1:
+$CC1_EXTRA" >> $SPECFILE
fi
if [ -n "$CC1PLUS_EXTRA" ]; then
echo >> $SPECFILE
echo "*cc1plus:" >> $SPECFILE
echo "+$CC1PLUS_EXTRA" >> $SPECFILE
echo -en "\n
*cc1plus:
+$CC1PLUS_EXTRA" >> $SPECFILE
fi
if [ -n "$CPP_EXTRA" ]; then
echo >> $SPECFILE
echo "*cpp:" >> $SPECFILE
echo "+$CPP_EXTRA" >> $SPECFILE
echo -en "\n
*cpp:
+$CPP_EXTRA" >> $SPECFILE
fi
if [ -n "$LIBGCC_EXTRA" ]; then
echo >> $SPECFILE
echo "*libgcc:" >> $SPECFILE
echo "+$LIBGCC_EXTRA" >> $SPECFILE
echo -en "\n
*libgcc:
+$LIBGCC_EXTRA" >> $SPECFILE
fi
if [ -n "$LINK_EXTRA" ]; then
echo >> $SPECFILE
echo "*link:" >> $SPECFILE
echo "+$LINK_EXTRA" >> $SPECFILE
echo -en "\n
*link:
+$LINK_EXTRA" >> $SPECFILE
fi