Skip to content

Commit

Permalink
Merge pull request #127 from endlessm/T35019-ostree-buildroot
Browse files Browse the repository at this point in the history
Use ostree checkout for buildroot
  • Loading branch information
wjt authored Nov 14, 2023
2 parents aebb65d + 17ab9dd commit ec864d1
Show file tree
Hide file tree
Showing 13 changed files with 252 additions and 1,572 deletions.
4 changes: 1 addition & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -69,10 +69,8 @@ Setup

Known to work on Debian Buster (10) and newer. Required packages:

* mmdebstrap
* gnupg
* ostree
* python3
* rsync

Image signing
-------------
Expand Down
10 changes: 0 additions & 10 deletions config/defaults.ini
Original file line number Diff line number Diff line change
Expand Up @@ -47,22 +47,12 @@ tmpconfig = ${tmpdir}/config.ini
tmpfullconfig = ${tmpdir}/fullconfig.ini
baselib = ${srcdir}/lib/eib.sh
ssh_options = -i ${sysconfdir}/ssh-key.pem -o StrictHostKeyChecking=no
keyring = ${tmpdir}/eib-keyring.gpg
manifestdir = ${tmpdir}/manifest

[buildroot]
# Directories to mount in the buildroot
mounts_add =

# Debian package repository setup for the buildroot
repo = https://deb.endlessos.org/debian
arch = ${build:arch}
codename = ${build:branch}
components = core endless

# Debian release to base on
base = bullseye

# Packages to install in the buildroot
packages_add =
attr
Expand Down
1,211 changes: 0 additions & 1,211 deletions data/keys/debian-archive-keyring.asc

This file was deleted.

29 changes: 0 additions & 29 deletions data/keys/endless-archive-key.asc

This file was deleted.

29 changes: 29 additions & 0 deletions data/keys/eos-ostree-signing-key.asc
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFNzuygBEADeDqJZ3xU2SNfjCiSVcM2NT5G+7tieRtq4gZA0qfEww3J668Bf
2nUaWgQHMEoShaNbfpjANhv41mGF+rJ/yR8ZANmx80n6EvYm9NCtOAhc4O3i3elZ
f26qaEgWUmNZzemqgM2K/rK0aWOEHd8aOW4SrNlW0BIqciUWHPxOUzBbBfUsBxjp
/Xukd9qzi3koHEzvZ7/gWqLIPaaIl3V0owhmcjnbbciJlO7MZbGjaNjrsObxHVtD
KzaB5fLyyN7POZbXL5p1NCPmrqj5U2XY+yW5S6ryQJfkVJ5w0Nv4sLz+R28r1STl
kBjU/is5nN7yAg/5sofQjnmih5Nl4ZKOoKZ8ZShMTmc1aJfSZNRqOPACnJOqc1Bt
kADm6YgB9xoPZ7T+dL612hwsxrRHCCCzoGhLXl8S5/iPkBMe2MPBeYxkq5r3WMzq
uavyFLHTHtQcJmK2bFaD5cHv2MQBKw+oZo80mk0447chBkAWolxFoPSlOE5h0KV8
0WMswq6eEtCN3GPO1mvHXGhcqd6R2nOZkxfVE0sOoRI56iz/GXqpOoVuF4Foj7BT
XpAe8GUBdxe5mu28ogCvNdoyDyUxd+HgrV+7+WQYGcA9T88KC8WM4vdpVcuzQRrf
9NFvlZbGf1ZpWlCRzsg6kWU3TS3TGaz2ImZUVsLULDms6lDojaEezcHG9QARAQAB
tDtFT1MgT1NUcmVlIFNpZ25pbmcgS2V5IDEgKEVPU0sxKSA8bWFpbnRhaW5lcnNA
ZW5kbGVzc20uY29tPokCVQQTAQIAPwIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgEC
F4AWIQRjw/zTxI+/EWovSsyeCNjaugL8RgUCXRzVQwUJHHUdGwAKCRCeCNjaugL8
RjC4EACQX8b2nq5b28Vu1SNFizdRARh6+Zn3FzPVaU9UEAHbs+vjCCbuKVs5y0ZG
jt549niTXIXVVuBMw3NndTB2vzXm+rRLX2CnL/0WDYKcbx3qah5+W7nDLShS016d
CBTuw/6CNzg5+yVZbWU7Fi+5Ebfvsk0UQHhXCxk3sukgFmSWIp7tm4/vekER1hfu
L7IVXprzIl4t0Z/ixx1pMu8+6Gvbucq8jUTtE49t0tF3pQZuwECPOJgTA9HFEERc
kyyNqC8bsQa1pnTZMpgo7onL4kzS0ZTOQcO0rE6jaPJu9ZB8iNlVqPTDJ8N8miO/
6l11rMK0lxHnF6vjvcttWE+Em5ls+B1J1RmJKk66DukJn/ZE8gKBRyj9ZmW4sxat
OAtwPsg3ml0xjwqL4BLj03KKnaz/o/THWzlQyKM1WUAJ3fV+28tZNvYfXEkWgIFb
/EZGGh6dhE+GWkwpDbm90UZd4GUvEIOaSg16w39Yj2kGLPUWfZtEW8vQTfVLP1dI
GXS/hTUfo1oi1WpjENEJFONntJUMTxpNitjkq75kdt7ihHMD4kC0cLdiTHNnWCVl
fNFMAPcTQaEJkSP6KEAYFSX1bqVZGPplt+5wE4G/oV4h4QjylkzJovEhbC+6dEFR
yY82fonAdBFWQWkDETqPpZEX/46BwUBUdB4p3YjgmqKoZrIhHg==
=Sic7
-----END PGP PUBLIC KEY BLOCK-----
30 changes: 0 additions & 30 deletions data/keys/eos-pub-archive-key.asc

This file was deleted.

8 changes: 0 additions & 8 deletions helpers/mmdebstrap-cleanup

This file was deleted.

32 changes: 0 additions & 32 deletions helpers/mmdebstrap-setup

This file was deleted.

61 changes: 19 additions & 42 deletions lib/eib.py
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,6 @@
import struct
import subprocess
import sys
import tempfile
import time

logger = logging.getLogger(__name__)
Expand Down Expand Up @@ -402,49 +401,27 @@ def setup_logging():
logging.basicConfig(level=level, format=log_format, datefmt=date_format)


def get_keyring(config):
"""Get the path to the temporary GPG keyring
def get_ostree_trusted_keys(config):
"""Get the paths to all ostree GPG trusted keys
If it doesn't exist, it will be created.
All GPG keys in data/keys/*.asc and <localdir>/data/keys/*.asc are
included.
"""
keyring = config['build']['keyring']

if not os.path.isfile(keyring):
logger.info('Creating temporary GPG keyring %s', keyring)

keyspaths = [os.path.join(config['build']['datadir'], 'keys')]
if 'localdatadir' in config['build']:
keyspaths.append(os.path.join(config['build']['localdatadir'],
'keys'))

keysdirs = list(filter(os.path.isdir, keyspaths))
if len(keysdirs) == 0:
raise ImageBuildError('No gpg keys directories at',
' or '.join(keyspaths))

keys = list(itertools.chain.from_iterable(
[glob.iglob(os.path.join(d, '*.asc')) for d in keysdirs]
))
if len(keys) == 0:
raise ImageBuildError('No gpg keys in', ' or '.join(keysdirs))

# Use a temporary gpg homedir
with tempfile.TemporaryDirectory(dir=config['build']['tmpdir'],
prefix='eib-keyring') as homedir:
# Import the keys
for key in keys:
logger.info('Importing GPG key %s', key)
subprocess.check_call(['gpg', '--batch', '--quiet',
'--homedir', homedir,
'--import', key])

# Export all the keys as a normal PGP stream since newer
# gnupg imports to a keybox.
subprocess.check_call(['gpg', '--batch', '--quiet',
'--homedir', homedir,
'--export', '--output', keyring])

return keyring
keyspaths = [os.path.join(config['build']['datadir'], 'keys')]
if 'localdatadir' in config['build']:
keyspaths.append(os.path.join(config['build']['localdatadir'], 'keys'))

keysdirs = list(filter(os.path.isdir, keyspaths))
if len(keysdirs) == 0:
raise ImageBuildError('No gpg keys directories in', ' '.join(keyspaths))

keys = sorted(itertools.chain.from_iterable(
glob.iglob(os.path.join(d, '*.asc')) for d in keysdirs
))
if len(keys) == 0:
raise ImageBuildError('No gpg keys in', ' '.join(keysdirs))

return keys


def disk_usage(path):
Expand Down
Loading

0 comments on commit ec864d1

Please sign in to comment.