build-extensions-container: add command to build the extensions container

cmd/build-extensions-container.go

@@ -0,0 +1,97 @@
+package main
+
+import (
+	"fmt"
+	"github.com/coreos/coreos-assembler-schema/cosa"
+	"github.com/coreos/coreos-assembler/internal/pkg/cosash"
+
+	"crypto/sha256"
+	"encoding/json"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+)
+
+func buildExtensionContainer() error {
+	lastBuild, buildPath, err := cosa.ReadBuild("builds", "", "")
+	if err != nil {
+		return err
+	}
+	buildID := lastBuild.BuildID
+	fmt.Printf("Generating extensions container for build: %s\n", buildID)
+
+	arch := cosa.BuilderArch()
+	sh, err := cosash.NewCosaSh()
+	if err != nil {
+		return err
+	}
+	if _, err := sh.PrepareBuild(); err != nil {
+		return err
+	}
+	targetname := "extensions-container-" + buildID + "." + arch + ".ociarchive"
+	process := "runvm -- /usr/lib/coreos-assembler/build-extensions-oscontainer.sh " + arch + " $tmp_builddir/" + targetname
+	if err := sh.Process(process); err != nil {
+		return err
+	}
+	// Find the temporary directory allocated by the shell process, and put the OCI archive in its final place
+	tmpdir, err := sh.ProcessWithReply("echo $tmp_builddir>&3\n")
+	if err != nil {
+		return err
+	}
+	targetPath := filepath.Join(buildPath, targetname)
+	err = os.Rename(filepath.Join(tmpdir, targetname), targetPath)
+	if err != nil {
+		return err
+	}
+	// Gather metadata of the OCI archive (sha256, size)
+	file, err := os.Open(targetPath)
+	if err != nil {
+		return err
+	}
+	defer file.Close()
+	hash := sha256.New()
+	if _, err := io.Copy(hash, file); err != nil {
+		return err
+	}
+	stat, err := file.Stat()
+	if err != nil {
+		return err
+	}
+	sha256sum := fmt.Sprintf("%x", hash.Sum(nil))
+
+	// Update the meta.json to include metadata for our OCI archive
+	metapath := filepath.Join(buildPath, "meta.json")
+	jsonFile, err := os.Open(metapath)
+	if err != nil {
+		fmt.Println(err)
+	}
+	defer jsonFile.Close()
+	jsonBytes, err := ioutil.ReadAll(jsonFile)
+	if err != nil {
+		return err
+	}
+	var cosaBuild cosa.Build
+	err = json.Unmarshal(jsonBytes, &cosaBuild)
+	if err != nil {
+		return err
+	}
+
+	cosaBuild.BuildArtifacts.ExtensionsContainer = &cosa.Artifact{
+		Path:            targetname,
+		Sha256:          sha256sum,
+		SizeInBytes:     float64(stat.Size()),
+		SkipCompression: false,
+	}
+
+	newBytes, err := json.MarshalIndent(cosaBuild, "", "    ")
+	if err != nil {
+		return err
+	}
+
+	err = ioutil.WriteFile(metapath, newBytes, 0644)
+	if err != nil {
+		return err
+	}
+	return nil
+}

cmd/coreos-assembler.go

@@ -15,7 +15,7 @@ import (
 var buildCommands = []string{"init", "fetch", "build", "run", "prune", "clean", "list"}
 var advancedBuildCommands = []string{"buildfetch", "buildupload", "oc-adm-release", "push-container", "upload-oscontainer"}
 var buildextendCommands = []string{"aliyun", "aws", "azure", "digitalocean", "exoscale", "gcp", "ibmcloud", "kubevirt", "live", "metal", "metal4k", "nutanix", "openstack", "qemu", "secex", "virtualbox", "vmware", "vultr"}
-var utilityCommands = []string{"aws-replicate", "compress", "generate-hashlist", "koji-upload", "kola", "push-container-manifest", "remote-build-container", "remote-prune", "remote-session", "sign", "tag"}
+var utilityCommands = []string{"aws-replicate", "build-extensions-container", "compress", "generate-hashlist", "koji-upload", "kola", "push-container-manifest", "remote-build-container", "remote-prune", "remote-session", "sign", "tag"}
 var otherCommands = []string{"shell", "meta"}
 
 func init() {
@@ -86,6 +86,8 @@ func run(argv []string) error {
 		return runClean(argv)
 	case "remote-session":
 		return runRemoteSession(argv)
+	case "build-extensions-container":
+		return buildExtensionContainer()
 	}
 
 	target := fmt.Sprintf("/usr/lib/coreos-assembler/cmd-%s", cmd)

go.mod

@@ -5,6 +5,18 @@ go 1.17
 require github.com/spf13/cobra v1.5.0
 
 require (
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/sirupsen/logrus v1.9.0 // indirect
+	github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect
+	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
+	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
+	golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect
+)
+
+require (
+	github.com/coreos/coreos-assembler-schema v0.0.0-00010101000000-000000000000
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 )
+
+replace github.com/coreos/coreos-assembler-schema => ./schema

go.sum

@@ -1,10 +1,34 @@
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
+github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU=
 github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c=
+github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
+github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
+github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
+github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
+github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f h1:v4INt8xihDGvnrfjMDVXGxw9wrfxYyCjk0KbXjhR55s=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

internal/pkg/cosash/cosash.go

@@ -117,7 +117,7 @@ func NewCosaSh() (*CosaSh, error) {
 	}()
 
 	// Initialize the internal library
-	err = r.process(fmt.Sprintf("%s\n. /usr/lib/coreos-assembler/cmdlib.sh\n", bashexec.StrictMode))
+	err = r.Process(fmt.Sprintf("%s\n. /usr/lib/coreos-assembler/cmdlib.sh\n", bashexec.StrictMode))
 	if err != nil {
 		return nil, fmt.Errorf("failed to init cosash: %w", err)
 	}
@@ -126,7 +126,7 @@ func NewCosaSh() (*CosaSh, error) {
 }
 
 // write sends content to the shell's stdin, synchronously wait for the reply
-func (r *CosaSh) processWithReply(buf string) (string, error) {
+func (r *CosaSh) ProcessWithReply(buf string) (string, error) {
 	// Inject code which writes the serial reply prefix
 	cmd := fmt.Sprintf("echo -n \"%d \" >&3\n", r.ackserial)
 	if _, err := io.WriteString(r.input, cmd); err != nil {
@@ -146,9 +146,9 @@ func (r *CosaSh) processWithReply(buf string) (string, error) {
 	}
 }
 
-func (sh *CosaSh) process(buf string) error {
+func (sh *CosaSh) Process(buf string) error {
 	buf = fmt.Sprintf("%s\necho OK >&3\n", buf)
-	r, err := sh.processWithReply(buf)
+	r, err := sh.ProcessWithReply(buf)
 	if err != nil {
 		return err
 	}
@@ -160,14 +160,14 @@ func (sh *CosaSh) process(buf string) error {
 
 // PrepareBuild prepares for a build, returning the newly allocated build directory
 func (sh *CosaSh) PrepareBuild() (string, error) {
-	return sh.processWithReply(`prepare_build
+	return sh.ProcessWithReply(`prepare_build
 pwd >&3
 `)
 }
 
 // HasPrivileges checks if we can use sudo
 func (sh *CosaSh) HasPrivileges() (bool, error) {
-	r, err := sh.processWithReply(`
+	r, err := sh.ProcessWithReply(`
 if has_privileges; then
   echo true >&3
 else

schema/cosa/cosa_v1.go

@@ -1,7 +1,7 @@
 package cosa
 
 // generated by 'make schema'
-// source hash: 3c3307f0eaec12fc59e103513b3634651c446f2aa77283ae419d4f780208d910
+// source hash: 144450d458f89f637ca487d353af3dfd60096ddbf3179da8e2b42b2bd2d0a6eb
 
 type AdvisoryDiff []AdvisoryDiffItems
 
@@ -94,6 +94,7 @@ type BuildArtifacts struct {
 	Dasd                *Artifact `json:"dasd,omitempty"`
 	DigitalOcean        *Artifact `json:"digitalocean,omitempty"`
 	Exoscale            *Artifact `json:"exoscale,omitempty"`
+	ExtensionsContainer *Artifact `json:"extensions-container,omitempty"`
 	Gcp                 *Artifact `json:"gcp,omitempty"`
 	IbmCloud            *Artifact `json:"ibmcloud,omitempty"`
 	Initramfs           *Artifact `json:"initramfs,omitempty"`

schema/cosa/schema_doc.go

@@ -1,5 +1,5 @@
 // Generated by ./generate-schema.sh
-// Source hash: 3c3307f0eaec12fc59e103513b3634651c446f2aa77283ae419d4f780208d910
+// Source hash: 144450d458f89f637ca487d353af3dfd60096ddbf3179da8e2b42b2bd2d0a6eb
 // DO NOT EDIT
 
 package cosa
@@ -445,6 +445,7 @@ var generatedSchemaJSON = `{
         "dasd",
         "digitalocean",
         "exoscale",
+        "extensions-container",
         "gcp",
         "kubevirt",
         "ibmcloud",
@@ -485,6 +486,12 @@ var generatedSchemaJSON = `{
           "title": "exoscale",
           "$ref": "#/definitions/artifact"
         },
+        "extensions-container": {
+          "$id": "#/properties/images/properties/extensions-container",
+          "type": "object",
+          "title": "extensions-container",
+          "$ref": "#/definitions/artifact"
+        },
         "qemu": {
           "$id": "#/properties/images/properties/qemu",
           "type": "object",

schema/v1.json

@@ -439,6 +439,7 @@
         "dasd",
         "digitalocean",
         "exoscale",
+        "extensions-container",
         "gcp",
         "kubevirt",
         "ibmcloud",
@@ -479,6 +480,12 @@
           "title": "exoscale",
           "$ref": "#/definitions/artifact"
         },
+        "extensions-container": {
+          "$id": "#/properties/images/properties/extensions-container",
+          "type": "object",
+          "title": "extensions-container",
+          "$ref": "#/definitions/artifact"
+        },
         "qemu": {
           "$id": "#/properties/images/properties/qemu",
           "type": "object",

src/build-extensions-oscontainer.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+#Used by cmd/build-extensions-container.go
+#Find the RHCOS ociarchive.
+set -euo pipefail
+buildid=$1
+shift
+filename=$1
+shift
+builddir="$PWD/builds/latest/${buildid}"
+ostree_ociarchive=$(ls "${builddir}"/*-ostree*.ociarchive)
+# Build the image, replacing the FROM directive with the local image we have
+(cd src/config
+ set -x
+ podman build --from oci-archive:"$ostree_ociarchive" --network=host --build-arg COSA=true -t localhost/extensions-container -f extensions/Dockerfile .
+)
+# Call skopeo to export it from the container storage to an oci-archive.
+(set -x
+ skopeo copy containers-storage:localhost/extensions-container oci-archive:"$filename" )

src/cmd-push-container

@@ -23,6 +23,7 @@ parser.add_argument("--authfile", help="Authentication file",
 parser.add_argument("--format", help="Image format for destination", choices=['oci', 'v2s2'], action='store')
 parser.add_argument("--tag-suffix", metavar='SUFFIX', help="Append SUFFIX to container tag")
 parser.add_argument("name", metavar='NAME[:TAG]', help="destination image reference")
+parser.add_argument("--image", default='ostree', help="Container image to push", choices=['ostree', 'extensions-container'])
 
 args = parser.parse_args()
 
@@ -37,7 +38,7 @@ latest_build_path = f"builds/{latest_build}/{arch}"
 metapath = f"{latest_build_path}/meta.json"
 with open(metapath) as f:
     meta = json.load(f)
-ociarchive = os.path.join(latest_build_path, meta['images']['ostree']['path'])
+ociarchive = os.path.join(latest_build_path, meta['images'][args.image]['path'])
 
 skopeoargs = ['skopeo', 'copy']
 if args.authfile is None:
@@ -64,7 +65,10 @@ with tempfile.NamedTemporaryFile(dir='tmp', prefix='push-container-digestfile')
     df.seek(0)
     digest = df.read().decode('utf-8').strip()
     # Inject the oscontainer with SHA256 into the build metadata
-    meta['base-oscontainer'] = {'image': f"{container_name}@{digest}"}
+    container = 'base-oscontainer'
+    if args.image != 'ostree':
+        container = args.image
+    meta[container] = {'image': f"{container_name}@{digest}"}
     metapath_new = f"{metapath}.new"
     with open(metapath_new, 'w') as f:
         json.dump(meta, f, sort_keys=True)

src/cosalib/builds.py

@@ -136,7 +136,7 @@ def init_build_meta_json(self, ostree_commit, parent_build, destdir):
                 with open(metapath) as f:
                     previous_buildmeta = json.load(f)
                 previous_commit = previous_buildmeta['ostree-commit']
-                previous_image_genver = int(previous_buildmeta[genver_key])
+                previous_image_genver = int(previous_buildmeta.get(genver_key, 0))
                 if previous_commit == ostree_commit:
                     image_genver = previous_image_genver + 1
                     buildid = f"{version}-{image_genver}"