From de15a8a3db9430073e5246f21fe1e9b5b44915c4 Mon Sep 17 00:00:00 2001 From: Colin Percival Date: Tue, 5 Nov 2024 13:35:17 -0800 Subject: [PATCH 01/19] release: Include -dbg files in dvd image In 2016, commit 8834318685bc reworked the code for excluding -dbg files from install media, and in the process accidentally broke it for dvd images ('grep -v' should have been 'grep -vE'). FreeBSD Update builds later began to depend on this, and in any case since DVD images are intended as "include everything" images there's no point excluding those; so remove the (broken) filtering from DVD image builds. Sponsored by: Amazon MFC after: 2 days (cherry picked from commit cdfd0600dc8882f0a0d0e6d9a1cdcf926edba6d6) --- release/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/release/Makefile b/release/Makefile index 6ac0946c19fb..defc31740760 100644 --- a/release/Makefile +++ b/release/Makefile @@ -246,7 +246,7 @@ dvd: packagesystem done .if defined(NO_ROOT) echo "./usr/freebsd-dist type=dir uname=root gname=wheel mode=0755" >> ${.TARGET}/METALOG - for dist in MANIFEST *.txz; \ + for dist in MANIFEST $$(ls *.txz); \ do echo "./usr/freebsd-dist/$${dist} type=file uname=root gname=wheel mode=0644" >> ${.TARGET}/METALOG; \ done .endif From 88c4322059ddb548ed7828bd3497384e4e1ec8b1 Mon Sep 17 00:00:00 2001 From: Doug Rabson Date: Wed, 14 Aug 2024 16:39:24 +0100 Subject: [PATCH 02/19] release: add optional OCI images This adds three OCI archive format files to the release containing FreeBSD base images suitable for static linked, dynamic linked and shell workloads. The shell image also contains pkg-bootstrap and can be easily extended by installing packages (including pkgbase packages). Reviewed by: dch, cpersiva, jlduran, zlei Differential Revision: https://reviews.freebsd.org/D46759 MFC after: 2 days (cherry picked from commit d03c82c28da86e0812b98b051d24ae5980804ad7) --- release/Makefile | 11 +++-- release/Makefile.oci | 34 +++++++++++++++ release/release.conf.sample | 4 ++ release/release.sh | 47 ++++++++++++++++++++- release/scripts/make-oci-image.sh | 63 ++++++++++++++++++++++++++++ release/tools/oci-image-dynamic.conf | 11 +++++ release/tools/oci-image-minimal.conf | 19 +++++++++ release/tools/oci-image-static.conf | 42 +++++++++++++++++++ share/examples/Makefile | 6 +++ share/examples/oci/Containerfile.pkg | 27 ++++++++++++ share/examples/oci/README | 7 ++++ share/man/man7/release.7 | 14 ++++++- 12 files changed, 279 insertions(+), 6 deletions(-) create mode 100644 release/Makefile.oci create mode 100644 release/scripts/make-oci-image.sh create mode 100644 release/tools/oci-image-dynamic.conf create mode 100644 release/tools/oci-image-minimal.conf create mode 100644 release/tools/oci-image-static.conf create mode 100644 share/examples/oci/Containerfile.pkg create mode 100644 share/examples/oci/README diff --git a/release/Makefile b/release/Makefile index defc31740760..993ef02eb162 100644 --- a/release/Makefile +++ b/release/Makefile @@ -7,14 +7,16 @@ # memstick: Builds memory stick image (memstick.img) # mini-memstick: Builds minimal memory stick image (mini-memstick.img) # ftp: Sets up FTP distribution area (ftp) -# release: Invokes real-release, vm-release, and cloudware-release targets +# release: Invokes real-release, vm-release, cloudware-release and oci-release targets # real-release: Build all media and FTP distribution area # vm-release: Build all virtual machine image targets # cloudware-release: Build all cloud hosting provider targets -# install: Invokes the release-install and vm-install targets +# oci-release: Build all OCI container images +# install: Invokes the release-install, vm-install and oci-install targets # release-install: Copies all release installation media into ${DESTDIR} # vm-install: Copies all virtual machine images into ${DESTDIR} # cloud-install: Copies non-uploaded cloud images into ${DESTDIR} +# oci-install: Copies all OCI container images into ${DESTDIR} # # Variables affecting the build process: # WORLDDIR: location of src tree -- must have built world and default kernel @@ -316,7 +318,7 @@ ftp: packagesystem mkdir -p ftp cp *.txz MANIFEST ftp -release: real-release vm-release cloudware-release +release: real-release vm-release cloudware-release oci-release ${MAKE} -C ${.CURDIR} ${.MAKEFLAGS} release-done true @@ -327,7 +329,7 @@ real-release: ${MAKE} -C ${.CURDIR} ${.MAKEFLAGS} obj ${MAKE} -C ${.CURDIR} ${.MAKEFLAGS} ${RELEASE_TARGETS} -install: release-install vm-install .WAIT cloud-install +install: release-install vm-install oci-install .WAIT cloud-install release-install: .if defined(DESTDIR) && !empty(DESTDIR) @@ -347,3 +349,4 @@ release-install: .include "${.CURDIR}/Makefile.inc1" .include "${.CURDIR}/Makefile.vm" +.include "${.CURDIR}/Makefile.oci" diff --git a/release/Makefile.oci b/release/Makefile.oci new file mode 100644 index 000000000000..461c95f49636 --- /dev/null +++ b/release/Makefile.oci @@ -0,0 +1,34 @@ +# +# +# +# Makefile for building OCI container images. +# + +.if defined(WITH_OCIIMAGES) && !empty(WITH_OCIIMAGES) +OCI_IMAGES= static dynamic minimal +.endif + +oci-install: +.if defined(WITH_OCIIMAGES) && !empty(WITH_OCIIMAGES) + mkdir -p ${DESTDIR}/ociimages +. for _IMG in ${OCI_IMAGES} + cp -p ${.OBJDIR}/container-image-${_IMG}.txz ${DESTDIR}/ociimages +. endfor +.endif + +OCI_TARGETS= +OCI_DEPS_static= +OCI_DEPS_dynamic= container-image-static.txz +OCI_DEPS_minimal= container-image-dynamic.txz + +.for _IMG in ${OCI_IMAGES} +OCI_TARGETS+= container-image-${_IMG}.txz +container-image-${_IMG}.txz: ${OCI_DEPS_${_IMG}} + sh ${.CURDIR}/scripts/make-oci-image.sh ${.CURDIR} ${REVISION} ${BRANCH} ${TARGET_ARCH} ${_IMG} + skopeo copy \ + containers-storage:localhost/freebsd${REVISION:R}-${_IMG}:latest \ + oci-archive:${.OBJDIR}/container-image-${_IMG}.tar:freebsd${REVISION:R}-${_IMG}:${REVISION}-${BRANCH}-${TARGET_ARCH} + ${XZ_CMD} < ${.OBJDIR}/container-image-${_IMG}.tar > ${.OBJDIR}/container-image-${_IMG}.txz +.endfor + +oci-release: ${OCI_TARGETS} diff --git a/release/release.conf.sample b/release/release.conf.sample index c306efb13b65..e583e49828d4 100644 --- a/release/release.conf.sample +++ b/release/release.conf.sample @@ -114,3 +114,7 @@ PORTBRANCH="main" ## If WITH_CLOUDWARE is set to a non-empty value, this is a list of providers ## to create disk images. #CLOUDWARE="EC2 GCE ORACLE VAGRANT-VIRTUALBOX VAGRANT-VMWARE" + +## If WITH_OCIIMAGES is set to a non-empty value, build Open Container +## Initiative (OCI) base images as part of the release. +#WITH_OCIIMAGES= diff --git a/release/release.sh b/release/release.sh index cee0fbd5643d..d6752e016994 100755 --- a/release/release.sh +++ b/release/release.sh @@ -120,6 +120,9 @@ env_setup() { # cloud providers as part of the release. WITH_CLOUDWARE= + # Set to non-empty to build OCI images as part of the release + WITH_OCIIMAGES= + return 0 } # env_setup() @@ -195,7 +198,8 @@ env_check() { RELEASE_RMAKEFLAGS="${ARCH_FLAGS} ${RELEASE_FLAGS} \ KERNCONF=\"${KERNEL}\" ${CONF_FILES} ${SRCPORTS} \ WITH_DVD=${WITH_DVD} WITH_VMIMAGES=${WITH_VMIMAGES} \ - WITH_CLOUDWARE=${WITH_CLOUDWARE} XZ_THREADS=${XZ_THREADS}" + WITH_CLOUDWARE=${WITH_CLOUDWARE} WITH_OCIIMAGES=${WITH_OCIIMAGES} \ + XZ_THREADS=${XZ_THREADS}" return 0 } # env_check() @@ -288,6 +292,44 @@ extra_chroot_setup() { fi fi + if [ ! -z "${WITH_OCIIMAGES}" ]; then + # Install buildah and skopeo from ports if the ports tree is available; + # otherwise install the pkg. + if [ -d ${CHROOTDIR}/usr/ports ]; then + # Trick the ports 'run-autotools-fixup' target to do the right + # thing. + _OSVERSION=$(chroot ${CHROOTDIR} /usr/bin/uname -U) + REVISION=$(chroot ${CHROOTDIR} make -C /usr/src/release -V REVISION) + BRANCH=$(chroot ${CHROOTDIR} make -C /usr/src/release -V BRANCH) + UNAME_r=${REVISION}-${BRANCH} + GITUNSETOPTS="CONTRIB CURL CVS GITWEB GUI HTMLDOCS" + GITUNSETOPTS="${GITUNSETOPTS} ICONV NLS P4 PERL" + GITUNSETOPTS="${GITUNSETOPTS} SEND_EMAIL SUBTREE SVN" + GITUNSETOPTS="${GITUNSETOPTS} PCRE PCRE2" + PBUILD_FLAGS="OSVERSION=${_OSVERSION} BATCH=yes" + PBUILD_FLAGS="${PBUILD_FLAGS} UNAME_r=${UNAME_r}" + PBUILD_FLAGS="${PBUILD_FLAGS} OSREL=${REVISION}" + PBUILD_FLAGS="${PBUILD_FLAGS} WRKDIRPREFIX=/tmp/ports" + PBUILD_FLAGS="${PBUILD_FLAGS} DISTDIR=/tmp/distfiles" + for _PORT in sysutils/buildah sysutils/skopeo; do + eval chroot ${CHROOTDIR} env ${PBUILD_FLAGS} make -C \ + /usr/ports/${_PORT} \ + FORCE_PKG_REGISTER=1 deinstall install clean distclean + done + else + eval chroot ${CHROOTDIR} env ASSUME_ALWAYS_YES=yes \ + pkg install -y sysutils/buildah sysutils/skopeo + eval chroot ${CHROOTDIR} env ASSUME_ALWAYS_YES=yes \ + pkg clean -y + fi + # Use the vfs storage driver so that this works whether or not + # the build directory is on ZFS. The images are small so the + # performance difference is negligible. + eval chroot ${CHROOTDIR} sed -I .bak -e '/^driver/s/zfs/vfs/' /usr/local/etc/containers/storage.conf + # Remove any stray images from previous builds + eval chroot ${CHROOTDIR} buildah rmi -af + fi + if [ ! -z "${EMBEDDEDPORTS}" ]; then _OSVERSION=$(chroot ${CHROOTDIR} /usr/bin/uname -U) REVISION=$(chroot ${CHROOTDIR} make -C /usr/src/release -V REVISION) @@ -323,6 +365,9 @@ chroot_build_target() { fi eval chroot ${CHROOTDIR} make -C /usr/src ${RELEASE_WMAKEFLAGS} buildworld eval chroot ${CHROOTDIR} make -C /usr/src ${RELEASE_KMAKEFLAGS} buildkernel + if [ ! -z "${WITH_OCIIMAGES}" ]; then + eval chroot ${CHROOTDIR} make -C /usr/src ${RELEASE_WMAKEFLAGS} packages + fi return 0 } # chroot_build_target diff --git a/release/scripts/make-oci-image.sh b/release/scripts/make-oci-image.sh new file mode 100644 index 000000000000..a139a38d1930 --- /dev/null +++ b/release/scripts/make-oci-image.sh @@ -0,0 +1,63 @@ +#! /bin/sh + +# Build an Open Container Initiative (OCI) container image + +curdir=$1; shift +rev=$1; shift +branch=$1; shift +arch=$1; shift +image=$1; shift + +major=${rev%.*} +minor=${rev#*.} + +abi=FreeBSD:${major}:${arch} + +echo "Building OCI freebsd${major}-${image} image for ${abi}" + +. ${curdir}/tools/oci-image-${image}.conf + +init_workdir() { + local abi=$1; shift + local workdir=$(mktemp -d -t oci-images) + + mkdir ${workdir}/repos + cat > ${workdir}/repos/base.conf < /dev/null + mtree -deU -p $m/var -f /etc/mtree/BSD.var.dist > /dev/null + mtree -deU -p $m/usr -f /etc/mtree/BSD.usr.dist > /dev/null + mtree -deU -p $m/usr/include -f /etc/mtree/BSD.include.dist > /dev/null + mtree -deU -p $m/usr/lib -f /etc/mtree/BSD.debug.dist > /dev/null + install_packages ${abi} ${workdir} $m FreeBSD-caroot FreeBSD-zoneinfo + cp /etc/master.passwd $m/etc + pwd_mkdb -p -d $m/etc $m/etc/master.passwd || return $? + cp /etc/group $m/etc || return $? + cp /etc/termcap.small $m/etc/termcap.small || return $? + cp /etc/termcap.small $m/usr/share/misc/termcap || return $? + env DESTDIR=$m /usr/sbin/certctl rehash + # Generate a suitable repo config for pkgbase + case ${branch} in + CURRENT|STABLE|BETA*) + repo=base_latest + ;; + *) + repo=base_release_${minor} + ;; + esac + mkdir -p $m/usr/local/etc/pkg/repos + cat > $m/usr/local/etc/pkg/repos/base.conf < Date: Wed, 6 Nov 2024 14:24:34 -0800 Subject: [PATCH 03/19] release: Remove useless ls Replace "$((ls *.txz))" with "*.txz" Reported by: jrtc27 (cherry picked from commit e166fea685da4ac6a6891f10b07f98d0e9fcfce3) --- release/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/release/Makefile b/release/Makefile index 993ef02eb162..8812c87717a0 100644 --- a/release/Makefile +++ b/release/Makefile @@ -248,7 +248,7 @@ dvd: packagesystem done .if defined(NO_ROOT) echo "./usr/freebsd-dist type=dir uname=root gname=wheel mode=0755" >> ${.TARGET}/METALOG - for dist in MANIFEST $$(ls *.txz); \ + for dist in MANIFEST *.txz; \ do echo "./usr/freebsd-dist/$${dist} type=file uname=root gname=wheel mode=0644" >> ${.TARGET}/METALOG; \ done .endif From fb17e2232e09e37247a55616bbc10489aaffa5a8 Mon Sep 17 00:00:00 2001 From: Colin Percival Date: Thu, 14 Nov 2024 14:30:44 -0800 Subject: [PATCH 04/19] release: Exclude container images from globs We use a *.txz glob to get all of the "distributions" which comprise the FreeBSD release, but we now (optionally) also build container images which are .txz files. Grep those out from the distribution lists. A better long-term fix would probably be to generate an explicit list of the .txz files we want rather than using an overbroad glob and filtering out the files we *don't* want. Fixes: d03c82c28da8 ("release: add optional OCI images") MFC after: 1 minute Sponsored by: Amazon (cherry picked from commit 47866cdcc7278faa27250dcea16374231c676050) --- release/Makefile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/release/Makefile b/release/Makefile index 8812c87717a0..6b2c874132d1 100644 --- a/release/Makefile +++ b/release/Makefile @@ -171,12 +171,12 @@ disc1: packagesystem -DDB_FROM_SRC ) # Copy distfiles mkdir -p ${.TARGET}/usr/freebsd-dist - for dist in MANIFEST *.txz; \ + for dist in MANIFEST $$(ls *.txz | grep -v container | grep -vE -- '(${base ${_ALL_libcompats}:L:ts|})-dbg'); \ do cp $${dist} ${.TARGET}/usr/freebsd-dist; \ done .if defined(NO_ROOT) echo "./usr/freebsd-dist type=dir uname=root gname=wheel mode=0755" >> ${.TARGET}/METALOG - for dist in MANIFEST *.txz; \ + for dist in MANIFEST $$(ls *.txz | grep -v container | grep -vE -- '(${base ${_ALL_libcompats}:L:ts|})-dbg'); \ do echo "./usr/freebsd-dist/$${dist} type=file uname=root gname=wheel mode=0644" >> ${.TARGET}/METALOG; \ done .endif @@ -243,12 +243,12 @@ dvd: packagesystem -DDB_FROM_SRC ) # Copy distfiles mkdir -p ${.TARGET}/usr/freebsd-dist - for dist in MANIFEST *.txz; \ + for dist in MANIFEST $$(ls *.txz | grep -v container); \ do cp $${dist} ${.TARGET}/usr/freebsd-dist; \ done .if defined(NO_ROOT) echo "./usr/freebsd-dist type=dir uname=root gname=wheel mode=0755" >> ${.TARGET}/METALOG - for dist in MANIFEST *.txz; \ + for dist in MANIFEST $$(ls *.txz | grep -v container); \ do echo "./usr/freebsd-dist/$${dist} type=file uname=root gname=wheel mode=0644" >> ${.TARGET}/METALOG; \ done .endif @@ -297,7 +297,7 @@ mini-memstick.img: bootonly-memstick cd bootonly-memstick && sh ${.CURDIR}/${TARGET}/make-memstick.sh .${NO_ROOT:D/METALOG} ../${.TARGET} packagesystem: ${DISTRIBUTIONS} - sh ${.CURDIR}/scripts/make-manifest.sh *.txz > MANIFEST + sh ${.CURDIR}/scripts/make-manifest.sh $$(ls *.txz | grep -v container) > MANIFEST touch ${.TARGET} pkg-stage: dvd From 1ca88cba78f9614f336c9ecff83b49e272317094 Mon Sep 17 00:00:00 2001 From: Colin Percival Date: Fri, 15 Nov 2024 13:38:06 -0800 Subject: [PATCH 05/19] release: Don't copy container images into /ftp/ These are installed into /ociimages/ and stage onto the download site at /OCI-IMAGES/; they don't belong in the same directory as the "distribution" .txz files. Fixes: d03c82c28da8 ("release: add optional OCI images") MFC after: 1 minute Sponsored by: Amazon (cherry picked from commit 976e1d36be688166e140cbaded01d433c61e6d47) --- release/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/release/Makefile b/release/Makefile index 6b2c874132d1..59ab61e75997 100644 --- a/release/Makefile +++ b/release/Makefile @@ -317,6 +317,7 @@ ftp: packagesystem rm -rf ftp mkdir -p ftp cp *.txz MANIFEST ftp + rm -f ftp/container-*.txz release: real-release vm-release cloudware-release oci-release ${MAKE} -C ${.CURDIR} ${.MAKEFLAGS} release-done From fabfd7605ad4f3e5b543d631b8dd21881dd8a581 Mon Sep 17 00:00:00 2001 From: Ed Maste Date: Wed, 11 Dec 2024 20:36:15 -0500 Subject: [PATCH 06/19] release: Always use NO_ROOT for distribute* and package* We used to have two different code paths for generating release media dist sets, one which expected to run as root, and one which did not. It was possible that the two different paths could generate different results. We can use the path that does not *require* root also when running as root, so use it always. We'll want to do eventually do the same for all release targets, but these ones are an easy place to start. Reviewed by: brooks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48041 (cherry picked from commit 41adc5f29ba6955e09f46e4d2c25da6fcd263ba2) --- release/Makefile | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/release/Makefile b/release/Makefile index 59ab61e75997..c26d8ed3d40e 100644 --- a/release/Makefile +++ b/release/Makefile @@ -120,26 +120,24 @@ clean: beforeclean base.txz: mkdir -p ${DISTDIR} - ( cd ${WORLDDIR} && ${IMAKE} distributeworld DISTDIR=${.OBJDIR}/${DISTDIR} ) + ( cd ${WORLDDIR} && ${IMAKE} -DNO_ROOT distributeworld DISTDIR=${.OBJDIR}/${DISTDIR} ) # Bootstrap etcupdate(8) database. sh ${WORLDDIR}/usr.sbin/etcupdate/etcupdate.sh extract -B \ -m "${MAKE}" -M "TARGET_ARCH=${TARGET_ARCH} TARGET=${TARGET}" \ -s ${WORLDDIR} -d "${.OBJDIR}/${DISTDIR}/base/var/db/etcupdate" \ - -L /dev/null ${NO_ROOT:D-N} -.if defined(NO_ROOT) + -L /dev/null -N echo "./var/db/etcupdate type=dir uname=root gname=wheel mode=0755" >> ${.OBJDIR}/${DISTDIR}/base.meta sed -n 's,^\.,./var/db/etcupdate/current,p' ${.OBJDIR}/${DISTDIR}/base/var/db/etcupdate/current/METALOG \ >> ${.OBJDIR}/${DISTDIR}/base.meta rm ${.OBJDIR}/${DISTDIR}/base/var/db/etcupdate/current/METALOG -.endif # Package all components - ( cd ${WORLDDIR} && ${IMAKE} packageworld DISTDIR=${.OBJDIR}/${DISTDIR} ) + ( cd ${WORLDDIR} && ${IMAKE} -DNO_ROOT packageworld DISTDIR=${.OBJDIR}/${DISTDIR} ) mv ${DISTDIR}/*.txz . kernel.txz: mkdir -p ${DISTDIR} - ( cd ${WORLDDIR} && ${IMAKE} distributekernel DISTDIR=${.OBJDIR}/${DISTDIR} ) - ( cd ${WORLDDIR} && ${IMAKE} packagekernel DISTDIR=${.OBJDIR}/${DISTDIR} ) + ( cd ${WORLDDIR} && ${IMAKE} -DNO_ROOT distributekernel DISTDIR=${.OBJDIR}/${DISTDIR} ) + ( cd ${WORLDDIR} && ${IMAKE} -DNO_ROOT packagekernel DISTDIR=${.OBJDIR}/${DISTDIR} ) mv ${DISTDIR}/kernel*.txz . src.txz: From 9d1c62873ea9fd87a9c2533dcdcc2e31e6c75cdc Mon Sep 17 00:00:00 2001 From: Pat Maddox Date: Fri, 13 Dec 2024 13:15:45 -0800 Subject: [PATCH 07/19] release: Sort etcupdate entries for base metalog Supports reproducible builds. PR: 283214 Reviewed-by: emaste Signed-off-by: Pat Maddox (cherry picked from commit 950401d21e33df7ac63ef1d2316a18f09ffbaabe) --- release/Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/release/Makefile b/release/Makefile index c26d8ed3d40e..143863d15503 100644 --- a/release/Makefile +++ b/release/Makefile @@ -127,8 +127,9 @@ base.txz: -s ${WORLDDIR} -d "${.OBJDIR}/${DISTDIR}/base/var/db/etcupdate" \ -L /dev/null -N echo "./var/db/etcupdate type=dir uname=root gname=wheel mode=0755" >> ${.OBJDIR}/${DISTDIR}/base.meta - sed -n 's,^\.,./var/db/etcupdate/current,p' ${.OBJDIR}/${DISTDIR}/base/var/db/etcupdate/current/METALOG \ - >> ${.OBJDIR}/${DISTDIR}/base.meta + sed -n 's,^\.,./var/db/etcupdate/current,p' \ + ${.OBJDIR}/${DISTDIR}/base/var/db/etcupdate/current/METALOG | \ + env -i LC_COLLATE=C sort >> ${.OBJDIR}/${DISTDIR}/base.meta rm ${.OBJDIR}/${DISTDIR}/base/var/db/etcupdate/current/METALOG # Package all components ( cd ${WORLDDIR} && ${IMAKE} -DNO_ROOT packageworld DISTDIR=${.OBJDIR}/${DISTDIR} ) From 525476c0fc1349f2c6a24ddbf5d87be97859090c Mon Sep 17 00:00:00 2001 From: Colin Percival Date: Wed, 29 Jan 2025 11:38:18 -0800 Subject: [PATCH 08/19] vmimage.subr: Redirect etcupdate log to stdout While we're here, send the etcupdate log from generating base.txz to stdout instead of /dev/null (see e972e408d19a) as well. Reviewed by: emaste, gordon, jrtc27 MFC after: 1 week Sponsored by: Amazon Differential Revision: https://reviews.freebsd.org/D48719 (cherry picked from commit ace4637ee0c666c6f5a1c664f8956f7302234edd) --- release/Makefile | 2 +- release/tools/vmimage.subr | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/release/Makefile b/release/Makefile index 143863d15503..57ed1bbb11f9 100644 --- a/release/Makefile +++ b/release/Makefile @@ -125,7 +125,7 @@ base.txz: sh ${WORLDDIR}/usr.sbin/etcupdate/etcupdate.sh extract -B \ -m "${MAKE}" -M "TARGET_ARCH=${TARGET_ARCH} TARGET=${TARGET}" \ -s ${WORLDDIR} -d "${.OBJDIR}/${DISTDIR}/base/var/db/etcupdate" \ - -L /dev/null -N + -L /dev/stdout -N echo "./var/db/etcupdate type=dir uname=root gname=wheel mode=0755" >> ${.OBJDIR}/${DISTDIR}/base.meta sed -n 's,^\.,./var/db/etcupdate/current,p' \ ${.OBJDIR}/${DISTDIR}/base/var/db/etcupdate/current/METALOG | \ diff --git a/release/tools/vmimage.subr b/release/tools/vmimage.subr index 5d98b8990705..fc66b219b5ad 100644 --- a/release/tools/vmimage.subr +++ b/release/tools/vmimage.subr @@ -60,7 +60,8 @@ vm_install_base() { mkdir -p ${DESTDIR}/var/db/etcupdate etcupdate extract -B \ -M "TARGET=${TARGET} TARGET_ARCH=${TARGET_ARCH}" \ - -s ${WORLDDIR} -d ${DESTDIR}/var/db/etcupdate + -s ${WORLDDIR} -d ${DESTDIR}/var/db/etcupdate \ + -L /dev/stdout echo '# Custom /etc/fstab for FreeBSD VM images' \ > ${DESTDIR}/etc/fstab From ef8fe8b050d3e4ebe1d114eb925f447ad80a6750 Mon Sep 17 00:00:00 2001 From: Ed Maste Date: Fri, 7 Mar 2025 06:46:01 -0500 Subject: [PATCH 09/19] release: Use unprivileged mode for bootonly and mini-memstick This in effect always builds these targets in NO_ROOT mode, removing one more instance where release artifact builds require a privileged user (root). These artifacts are now always built the same way. Reviewed by: brooks, Pat Maddox Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48121 (cherry picked from commit cbba69fb5793c238cfd31697667bdff6ce1920b6) --- release/Makefile | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/release/Makefile b/release/Makefile index 57ed1bbb11f9..fa660cef1315 100644 --- a/release/Makefile +++ b/release/Makefile @@ -208,14 +208,12 @@ bootonly: packagesystem MK_TOOLCHAIN=no MK_PROFILE=no \ MK_RESCUE=no MK_DICT=no \ MK_KERNEL_SYMBOLS=no MK_TESTS=no MK_DEBUG_FILES=no \ - -DDB_FROM_SRC ) + -DDB_FROM_SRC -DNO_ROOT) # Copy manifest only (no distfiles) to get checksums mkdir -p ${.TARGET}/usr/freebsd-dist cp MANIFEST ${.TARGET}/usr/freebsd-dist -.if defined(NO_ROOT) echo "./usr/freebsd-dist type=dir uname=root gname=wheel mode=0755" >> ${.TARGET}/METALOG echo "./usr/freebsd-dist/MANIFEST type=file uname=root gname=wheel mode=0644" >> ${.TARGET}/METALOG -.endif # Set up installation environment ln -fs /tmp/bsdinstall_etc/resolv.conf ${.TARGET}/etc/resolv.conf echo sendmail_enable=\"NONE\" > ${.TARGET}/etc/rc.conf @@ -225,13 +223,11 @@ bootonly: packagesystem echo kernels_autodetect=\"NO\" >> ${.TARGET}/boot/loader.conf echo loader_menu_multi_user_prompt=\"Installer\" >> ${.TARGET}/boot/loader.conf cp ${.CURDIR}/rc.local ${.TARGET}/etc -.if defined(NO_ROOT) echo "./etc/resolv.conf type=link uname=root gname=wheel mode=0644 link=/tmp/bsdinstall_etc/resolv.conf" >> ${.TARGET}/METALOG echo "./etc/rc.conf type=file uname=root gname=wheel mode=0644" >> ${.TARGET}/METALOG echo "./etc/sysctl.conf type=file uname=root gname=wheel mode=0644" >> ${.TARGET}/METALOG echo "./boot/loader.conf type=file uname=root gname=wheel mode=0644" >> ${.TARGET}/METALOG echo "./etc/rc.local type=file uname=root gname=wheel mode=0644" >> ${.TARGET}/METALOG -.endif dvd: packagesystem # Install system @@ -285,7 +281,7 @@ dvd1.iso: dvd pkg-stage cd dvd && sh ${.CURDIR}/${TARGET}/mkisoimages.sh -b ${VOLUME_LABEL}_DVD ../${.TARGET} .${NO_ROOT:D/METALOG} ${XTRADIR} bootonly.iso: bootonly-bootonly - cd bootonly-bootonly && sh ${.CURDIR}/${TARGET}/mkisoimages.sh -b ${VOLUME_LABEL}_BO ../${.TARGET} .${NO_ROOT:D/METALOG} ${XTRADIR} + cd bootonly-bootonly && sh ${.CURDIR}/${TARGET}/mkisoimages.sh -b ${VOLUME_LABEL}_BO ../${.TARGET} ./METALOG ${XTRADIR} memstick: memstick.img memstick.img: disc1-memstick @@ -293,7 +289,7 @@ memstick.img: disc1-memstick mini-memstick: mini-memstick.img mini-memstick.img: bootonly-memstick - cd bootonly-memstick && sh ${.CURDIR}/${TARGET}/make-memstick.sh .${NO_ROOT:D/METALOG} ../${.TARGET} + cd bootonly-memstick && sh ${.CURDIR}/${TARGET}/make-memstick.sh ./METALOG ../${.TARGET} packagesystem: ${DISTRIBUTIONS} sh ${.CURDIR}/scripts/make-manifest.sh $$(ls *.txz | grep -v container) > MANIFEST From cc426f306daf70f8b2e0b52f859dd74cc0997a53 Mon Sep 17 00:00:00 2001 From: Colin Percival Date: Tue, 10 Dec 2024 11:57:52 -0800 Subject: [PATCH 10/19] release: Standardize on *-${FS}.* VM image naming We publish three sets of VM images on download.freebsd.org: * Generic VM images * BASIC-CLOUDINIT VM images * BASIC-CI VM images Of these, the first had names like FreeBSD-14.2-RELEASE-amd64-ufs.raw.xz, the second had names like FreeBSD-14.2-RELEASE-amd64-BASIC-CLOUDINIT.ufs.qcow2.xz, and the third had names like FreeBSD-14.2-RELEASE-amd64-BASIC-CI.ufs.raw.xz but were listed in the CHECKSUM files with names like FreeBSD-14.2-RELEASE-amd64-BASIC-CI-ufs.raw.xz Standardize these to consistently use a hyphen before the filesystem type rather than a period. Note: On FreeBSD 14 we ship images without the -${FS} component in their names; these are hardlinks to the -ufs images for compatibility purposes. On FreeBSD 13 we only have UFS images and don't include the filesystem in the name. MFC after: 1 week Reported by: jmg Sponsored by: Amazon (cherry picked from commit 35623ccc375846648f4dcdfc47c7e84fc9db4852) --- release/Makefile.mirrors | 28 ++++++++++++++-------------- release/Makefile.vm | 4 ++-- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/release/Makefile.mirrors b/release/Makefile.mirrors index 8a6888ccc96c..2fe704c14429 100644 --- a/release/Makefile.mirrors +++ b/release/Makefile.mirrors @@ -207,13 +207,13 @@ vm-images-stage: . for VMFORMAT in ${${CW}_FORMAT} . for FS in ${${CW}_FSLIST} cd ${RELEASEDIR}/vmimages && \ - mv ${OSRELEASE}-${CW}.${FS}.${VMFORMAT}.xz \ - ${OSRELEASE}-${CW}-${SNAP_SUFFIX}.${FS}.${VMFORMAT}.xz - cp -p ${RELEASEDIR}/vmimages/${OSRELEASE}-${CW}-${SNAP_SUFFIX}.${FS}.${VMFORMAT}.xz \ - ${VM_DIR}/${BUILDDATE}/${OSRELEASE}-${CW}-${SNAP_SUFFIX}.${FS}.${VMFORMAT}.xz + mv ${OSRELEASE}-${CW}-${FS}.${VMFORMAT}.xz \ + ${OSRELEASE}-${CW}-${SNAP_SUFFIX}-${FS}.${VMFORMAT}.xz + cp -p ${RELEASEDIR}/vmimages/${OSRELEASE}-${CW}-${SNAP_SUFFIX}-${FS}.${VMFORMAT}.xz \ + ${VM_DIR}/${BUILDDATE}/${OSRELEASE}-${CW}-${SNAP_SUFFIX}-${FS}.${VMFORMAT}.xz cd ${VM_DIR}/Latest && \ - ln -s ../${BUILDDATE}/${OSRELEASE}-${CW}-${SNAP_SUFFIX}.${FS}.${VMFORMAT}.xz \ - ${OSRELEASE}-${CW}.${FS}.${VMFORMAT}.xz + ln -s ../${BUILDDATE}/${OSRELEASE}-${CW}-${SNAP_SUFFIX}-${FS}.${VMFORMAT}.xz \ + ${OSRELEASE}-${CW}-${FS}.${VMFORMAT}.xz . endfor . endfor . endif @@ -245,8 +245,8 @@ vm-images-stage: . if ${CW} == BASIC-CLOUDINIT . for VMFORMAT in ${${CW}_FORMAT} . for FS in ${${CW}_FSLIST} - cp -p ${RELEASEDIR}/vmimages/${OSRELEASE}-${CW}.${FS}.${VMFORMAT}.xz \ - ${VM_DIR}/Latest/${OSRELEASE}-${CW}.${FS}.${VMFORMAT}.xz + cp -p ${RELEASEDIR}/vmimages/${OSRELEASE}-${CW}-${FS}.${VMFORMAT}.xz \ + ${VM_DIR}/Latest/${OSRELEASE}-${CW}-${FS}.${VMFORMAT}.xz . endfor . endfor . endif @@ -272,12 +272,12 @@ ci-images-stage: . for FS in ${${CW}_FSLIST} cd ${RELEASEDIR}/ciimages && \ mv ${OSRELEASE}-${CW}-${FS}.${VMFORMAT}.xz \ - ${OSRELEASE}-${CW}-${SNAP_SUFFIX}.${FS}.${VMFORMAT}.xz - cp -p ${RELEASEDIR}/ciimages/${OSRELEASE}-${CW}-${SNAP_SUFFIX}.${FS}.${VMFORMAT}.xz \ - ${CI_DIR}/${BUILDDATE}/${OSRELEASE}-${CW}-${SNAP_SUFFIX}.${FS}.${VMFORMAT}.xz + ${OSRELEASE}-${CW}-${SNAP_SUFFIX}-${FS}.${VMFORMAT}.xz + cp -p ${RELEASEDIR}/ciimages/${OSRELEASE}-${CW}-${SNAP_SUFFIX}-${FS}.${VMFORMAT}.xz \ + ${CI_DIR}/${BUILDDATE}/${OSRELEASE}-${CW}-${SNAP_SUFFIX}-${FS}.${VMFORMAT}.xz cd ${CI_DIR}/Latest && \ - ln -s ../${BUILDDATE}/${OSRELEASE}-${CW}-${SNAP_SUFFIX}.${FS}.${VMFORMAT}.xz \ - ${OSRELEASE}-${CW}.${FS}.${VMFORMAT}.xz + ln -s ../${BUILDDATE}/${OSRELEASE}-${CW}-${SNAP_SUFFIX}-${FS}.${VMFORMAT}.xz \ + ${OSRELEASE}-${CW}-${FS}.${VMFORMAT}.xz . endfor . endfor . endif @@ -302,7 +302,7 @@ ci-images-stage: . for VMFORMAT in ${${CW}_FORMAT} . for FS in ${${CW}_FSLIST} cp -p ${RELEASEDIR}/ciimages/${OSRELEASE}-${CW}-${FS}.${VMFORMAT}.xz \ - ${CI_DIR}/Latest/${OSRELEASE}-${CW}.${FS}.${VMFORMAT}.xz + ${CI_DIR}/Latest/${OSRELEASE}-${CW}-${FS}.${VMFORMAT}.xz . endfor . endfor . endif diff --git a/release/Makefile.vm b/release/Makefile.vm index 5ae603b05983..5aa506ff6787 100644 --- a/release/Makefile.vm +++ b/release/Makefile.vm @@ -239,8 +239,8 @@ cloud-install-BASIC-CLOUDINIT: .for _FS in ${BASIC-CLOUDINIT_FSLIST} . for _FMT in ${BASIC-CLOUDINIT_FORMAT} cp -p ${.OBJDIR}/${BASIC-CLOUDINIT${_FS:tu}${_FMT:tu}IMAGE} \ - ${DESTDIR}/vmimages/${OSRELEASE}-BASIC-CLOUDINIT.${_FS}.${_FMT} - ${XZ_CMD} ${DESTDIR}/vmimages/${OSRELEASE}-BASIC-CLOUDINIT.${_FS}.${_FMT} + ${DESTDIR}/vmimages/${OSRELEASE}-BASIC-CLOUDINIT-${_FS}.${_FMT} + ${XZ_CMD} ${DESTDIR}/vmimages/${OSRELEASE}-BASIC-CLOUDINIT-${_FS}.${_FMT} . endfor .endfor cd ${DESTDIR}/vmimages && sha512 ${OSRELEASE}* > \ From b6b8342db819721bf309e03cfd5b66dba052b36e Mon Sep 17 00:00:00 2001 From: Dave Cottlehuber Date: Tue, 4 Mar 2025 23:56:00 +0000 Subject: [PATCH 11/19] release: add cloudware oracle targets to package and upload .oci files - requires base tar & flua, qemu-tools & curl from ports - set ORACLE_PAR_URL to upload to local file:/// dir or cloud buckets Reviewed by: emaste Approved by: cperciva Differential Revision: https://reviews.freebsd.org/D48382 Sponsored by: SkunkWerks, GmbH (cherry picked from commit 0ce9a414adc33af29607adbd81e0760e014fcd76) --- release/Makefile.oracle | 101 ++++++++++++++++++ release/Makefile.vm | 1 + .../oracle/arm64_shape_compatibilities.json | 24 +++++ .../oracle/default_shape_compatibilities.json | 1 + release/scripts/oracle/generate_metadata.lua | 74 +++++++++++++ .../scripts/oracle/image_capability_data.json | 96 +++++++++++++++++ release/scripts/oracle/image_metadata.json | 21 ++++ 7 files changed, 318 insertions(+) create mode 100644 release/Makefile.oracle create mode 100644 release/scripts/oracle/arm64_shape_compatibilities.json create mode 100644 release/scripts/oracle/default_shape_compatibilities.json create mode 100755 release/scripts/oracle/generate_metadata.lua create mode 100644 release/scripts/oracle/image_capability_data.json create mode 100644 release/scripts/oracle/image_metadata.json diff --git a/release/Makefile.oracle b/release/Makefile.oracle new file mode 100644 index 000000000000..b4f3bbdf86f2 --- /dev/null +++ b/release/Makefile.oracle @@ -0,0 +1,101 @@ +#D48382 +# Makefile for preparing & uploading Oracle Cloud images from existing +# .raw files created by cloudware-release. +# +# Overview: +# +# The base image is already created by cloudware-release. +# +# Construct the custom OCI metadata, derived from exported official OCI images. +# It is architecture-specific but appears mostly stable over time. +# Compress the raw image and place it in the same directory as the metadata. +# Make a GNU format tarball of these files. +# Upload the tarball to Oracle Cloud via a pre-approved curl URI, into +# the FreeBSD Foundation's Oracle Cloud account. +# +# These images go into the "re" bucket in us-ashburn-1 region, which +# is mounted into the FreeBSD Foundation Oracle Marketplace account. +# Once uploaded, a manual step is needed to import the images as local +# custom images. These can then be tested within the us-ashburn-1 region. +# Once tested, follow the manual Oracle Marketplace import process to +# create a new FreeBSD version, attach the images, and initiate validation +# by Oracle. This can take up to 5 working days. Once complete, a final +# manual step is needed to mark the currently private images, public. +# Syncing to all sites should take 2-3 hours after this final step. + +ORACLE_BASENAME= ${OSRELEASE}-${BUILDDATE}${GITREV:C/^(.+)/-\1/} +ORACLE_PORTS_LIST= ftp/curl emulators/qemu@tools +CLEANFILES+= cw-oracle-portinstall + +cw-oracle-portinstall: .PHONY +.if !exists(/usr/local/bin/curl) || !exists(/usr/local/bin/qemu-img) +. if !exists(${PORTSDIR}/Makefile) +. if !exists(/usr/local/sbin/pkg-static) + env ASSUME_ALWAYS_YES=yes pkg bootstrap -yf +. endif + env ASSUME_ALWAYS_YES=yes pkg install -y ${ORACLE_PORTS_LIST} +. else + env UNAME_r=${UNAME_r} make -C \ + ${PORTSDIR}/ftp/curl \ + BATCH=1 WRKDIRPREFIX=/tmp/ports DISTDIR=/tmp/distfiles \ + all install clean + env UNAME_r=${UNAME_r} FLAVOR=tools make -C \ + ${PORTSDIR}/emulators/qemu \ + BATCH=1 WRKDIRPREFIX=/tmp/ports DISTDIR=/tmp/distfiles \ + all install clean +. endif +.endif + +.for _FS in ${ORACLE_FSLIST} +ORACLE_OCI_LIST+= cw-oracle-${_FS}.oci +ORACLE_UPLOAD_LIST+= cw-oracle-upload-${_FS} +CLEANFILES+= cw-oracle-${_FS}.oci +ORACLE_TMP_${_FS}= cw-oracle-${_FS}.oci.tmpdir +CLEANDIRS+= ${ORACLE_TMP_${_FS}} +ORACLE_METADATA= ${.CURDIR}/scripts/oracle +ORACLE_CAPABILITY= ${.CURDIR}/scripts/oracle/image_capability_data.json +ORACLE_TEMPLATE= ${.CURDIR}/scripts/oracle/image_metadata.json +ORACLE_OUTPUT_${_FS}= ${ORACLE_TMP_${_FS}}/image_metadata.json +.if ${TARGET} == "arm64" +ORACLE_SHAPES= ${ORACLE_METADATA}/arm64_shape_compatibilities.json +.else +ORACLE_SHAPES= ${ORACLE_METADATA}/default_shape_compatibilities.json +.endif + +cw-oracle-${_FS}.oci: cw-oracle-portinstall cw-oracle-${_FS}-raw + mkdir -p ${ORACLE_TMP_${_FS}} + # create architecture-specific JSON metadata + env TYPE="${TYPE}" \ + OSRELEASE="${OSRELEASE}" \ + ORACLE_CAPABILITY="${ORACLE_CAPABILITY}" \ + ORACLE_SHAPES="${ORACLE_SHAPES}" \ + ORACLE_TEMPLATE="${ORACLE_TEMPLATE}" \ + ORACLE_OUTPUT="${ORACLE_OUTPUT_${_FS}}" \ + ${ORACLE_METADATA}/generate_metadata.lua + + # convert raw to native qcow2 for zstd compression, saves ~ 8GiB + qemu-img convert -S 512b -p -O qcow2 -c -o compression_type=zstd \ + ${.OBJDIR}/${ORACLE${_FS:tu}RAWIMAGE} \ + ${ORACLE_TMP_${_FS}}/output.QCOW2 + + # Create GNU-compatible tarball using BSD tar + tar --format=gnutar -cf ${.TARGET} -C ${ORACLE_TMP_${_FS}} \ + image_metadata.json output.QCOW2 + + echo "Oracle image ${.TARGET} is ready for upload." + +cw-oracle-upload-${_FS}: cw-oracle-${_FS}.oci +.if !defined(ORACLE_PAR_URL) || empty(ORACLE_PAR_URL) + @echo "--------------------------------------------------------------" + @echo ">>> ORACLE_PAR_URL must be set for Oracle image upload" + @echo ">>> for testing, use a file:/// URL to a local directory" + @echo "--------------------------------------------------------------" + @false +.endif + echo "Please wait ... uploading cw-oracle-${_FS}.oci to ${ORACLE_BASENAME}-${_FS}.oci" + curl -s ${ORACLE_PAR_URL}/${ORACLE_BASENAME}-${_FS}.oci --upload-file cw-oracle-${_FS}.oci + echo "Uploaded cw-oracle-${_FS}.oci as ${ORACLE_BASENAME}-${_FS}.oci" + touch ${.TARGET} +.endfor + +cw-oracle-upload: cw-oracle-portinstall ${ORACLE_UPLOAD_LIST} diff --git a/release/Makefile.vm b/release/Makefile.vm index 5aa506ff6787..ec3e734285ce 100644 --- a/release/Makefile.vm +++ b/release/Makefile.vm @@ -274,5 +274,6 @@ cloudware-release: .include "${.CURDIR}/Makefile.ec2" .include "${.CURDIR}/Makefile.firecracker" .include "${.CURDIR}/Makefile.gce" +.include "${.CURDIR}/Makefile.oracle" .include "${.CURDIR}/Makefile.vagrant" .include "${.CURDIR}/Makefile.inc1" diff --git a/release/scripts/oracle/arm64_shape_compatibilities.json b/release/scripts/oracle/arm64_shape_compatibilities.json new file mode 100644 index 000000000000..dfd066b5474f --- /dev/null +++ b/release/scripts/oracle/arm64_shape_compatibilities.json @@ -0,0 +1,24 @@ +[ + { + "internalShapeName": "VM.Standard.A1.Flex", + "ocpuConstraints": { + "min": 1, + "max": 80 + }, + "memoryConstraints": { + "minInGBs": 1, + "maxInGBs": 512 + } + }, + { + "internalShapeName": "VM.Standard.A2.Flex", + "ocpuConstraints": { + "min": 1, + "max": 78 + }, + "memoryConstraints": { + "minInGBs": 1, + "maxInGBs": 946 + } + } +] diff --git a/release/scripts/oracle/default_shape_compatibilities.json b/release/scripts/oracle/default_shape_compatibilities.json new file mode 100644 index 000000000000..fe51488c7066 --- /dev/null +++ b/release/scripts/oracle/default_shape_compatibilities.json @@ -0,0 +1 @@ +[] diff --git a/release/scripts/oracle/generate_metadata.lua b/release/scripts/oracle/generate_metadata.lua new file mode 100755 index 000000000000..751b9680cc29 --- /dev/null +++ b/release/scripts/oracle/generate_metadata.lua @@ -0,0 +1,74 @@ +#!/usr/libexec/flua + +local ucl = require("ucl") + +-- read from environment variables +local os_type = os.getenv("TYPE") +local os_version = os.getenv("OSRELEASE") +-- the raw file +local capability_file = os.getenv("ORACLE_CAPABILITY") +-- the platform-specific file +local shapes_file = os.getenv("ORACLE_SHAPES") +-- base template +local template_file = os.getenv("ORACLE_TEMPLATE") +local output_file = os.getenv("ORACLE_OUTPUT") + +if not os_type or not os_version or not capability_file or + not shapes_file or not template_file or not output_file then + io.stderr:write("Error: Oracle metadata script is missing required environment variables:\n") + io.stderr:write("TYPE, OSRELEASE, ORACLE_CAPABILITY, ORACLE_SHAPES, ORACLE_TEMPLATE, ORACLE_OUTPUT\n") + os.exit(1) +end + +-- read files +local function read_file(path) + local f = io.open(path, "r") + if not f then + io.stderr:write("Error: Oracle metadata script cannot open file: " .. path .. "\n") + os.exit(1) + end + local content = f:read("*a") + f:close() + return content +end + +-- parse the template +local template = read_file(template_file) +local metadata = ucl.parser() +metadata:parse_string(template) +local data = metadata:get_object() + +-- update the simple fields +data.operatingSystem = os_type +data.operatingSystemVersion = os_version + +-- capability data is actually JSON, but needs to be inserted as a raw blob +local caps = read_file(capability_file) +-- remove all newlines and preceding spaces to match Oracle's format +caps = caps:gsub("\n", "") +caps = caps:gsub("%s+", "") +-- is it still valid JSON? +local caps_parser = ucl.parser() +if not caps_parser:parse_string(caps) then + io.stderr:write("Error: Oracle metadata script found invalid JSON in capability file\n") + os.exit(1) +end +-- insert as a raw blob +data.imageCapabilityData = caps + +-- parse and insert architecture-dependent shape compatibilities data +local shapes_data = read_file(shapes_file) +local shapes = ucl.parser() +shapes:parse_string(shapes_data) +data.additionalMetadata.shapeCompatibilities = shapes:get_object() + +-- save the metadata file +local dir = os.getenv("PWD") +local out = io.open(output_file, "w") +if not out then + io.stderr:write("Error: Oracle metadata script cannot create output file: " + .. dir .. "/" .. output_file .. "\n") + os.exit(1) +end +out:write(ucl.to_format(data, "json", {pretty = true})) +out:close() diff --git a/release/scripts/oracle/image_capability_data.json b/release/scripts/oracle/image_capability_data.json new file mode 100644 index 000000000000..01af71f73031 --- /dev/null +++ b/release/scripts/oracle/image_capability_data.json @@ -0,0 +1,96 @@ +{ + "capabilities": { + "Compute.AMD_SecureEncryptedVirtualization": { + "descriptorType": "boolean", + "defaultValue": false + }, + "Storage.BootVolumeType": { + "descriptorType": "enumstring", + "values": [ + "ISCSI", + "PARAVIRTUALIZED", + "SCSI", + "IDE", + "NVME" + ], + "defaultValue": "PARAVIRTUALIZED" + }, + "Storage.Iscsi.MultipathDeviceSupported": { + "descriptorType": "boolean", + "defaultValue": false + }, + "Storage.ParaVirtualization.EncryptionInTransit": { + "descriptorType": "boolean", + "defaultValue": true + }, + "Storage.ConsistentVolumeNaming": { + "descriptorType": "boolean", + "defaultValue": true + }, + "Compute.SecureBoot": { + "descriptorType": "boolean", + "defaultValue": false + }, + "Storage.ParaVirtualization.AttachmentVersion": { + "descriptorType": "enuminteger", + "values": [ + 1, + 2 + ], + "defaultValue": 2 + }, + "Storage.LocalDataVolumeType": { + "descriptorType": "enumstring", + "values": [ + "ISCSI", + "PARAVIRTUALIZED", + "SCSI", + "IDE", + "NVME" + ], + "defaultValue": "PARAVIRTUALIZED" + }, + "Network.AttachmentType": { + "descriptorType": "enumstring", + "values": [ + "PARAVIRTUALIZED", + "VDPA" + ], + "defaultValue": "PARAVIRTUALIZED" + }, + "Storage.RemoteDataVolumeType": { + "descriptorType": "enumstring", + "values": [ + "ISCSI", + "PARAVIRTUALIZED", + "SCSI", + "IDE", + "NVME" + ], + "defaultValue": "PARAVIRTUALIZED" + }, + "Compute.LaunchMode": { + "descriptorType": "enumstring", + "values": [ + "NATIVE", + "EMULATED", + "VDPA", + "PARAVIRTUALIZED", + "CUSTOM" + ], + "defaultValue": "PARAVIRTUALIZED" + }, + "Network.IPv6Only": { + "descriptorType": "boolean", + "defaultValue": false + }, + "Compute.Firmware": { + "descriptorType": "enumstring", + "values": [ + "BIOS", + "UEFI_64" + ], + "defaultValue": "UEFI_64" + } + } +} diff --git a/release/scripts/oracle/image_metadata.json b/release/scripts/oracle/image_metadata.json new file mode 100644 index 000000000000..eaea3dd1cad2 --- /dev/null +++ b/release/scripts/oracle/image_metadata.json @@ -0,0 +1,21 @@ +{ + "version": 2, + "externalLaunchOptions": { + "firmware": "UEFI_64", + "networkType": "PARAVIRTUALIZED", + "bootVolumeType": "PARAVIRTUALIZED", + "remoteDataVolumeType": "PARAVIRTUALIZED", + "localDataVolumeType": "PARAVIRTUALIZED", + "launchOptionsSource": "PARAVIRTUALIZED", + "pvAttachmentVersion": 2, + "pvEncryptionInTransitEnabled": false, + "consistentVolumeNamingEnabled": false + }, + "imageCapabilityData": "REPLACE", + "imageCapsFormatVersion": "23cfd738-ad9c-4f56-9281-67be6c8cd14c", + "operatingSystem": "REPLACE", + "operatingSystemVersion": "REPLACE", + "additionalMetadata": { + "shapeCompatibilities": "REPLACE" + } +} From 167d34093bfb1f51335223057665416255475a33 Mon Sep 17 00:00:00 2001 From: Brooks Davis Date: Wed, 12 Mar 2025 21:05:33 +0000 Subject: [PATCH 12/19] release/vm: add a WITHOUT_QEMU option This option disables trying to build a qemu--static and simply doesn't do any of the operations that rely on it. This disables package installation which is required by most, but not all image types. Disable all CLOUDWARE variants that require pkg when WITHOUT_QEMU is set to avoid broken images. Reviewed by: emaste Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D49310 (cherry picked from commit 92d399a3be0e53622b9af16a82f9b7c7b62b34f7) --- release/Makefile.vm | 9 ++++++++- release/tools/vmimage.subr | 11 +++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/release/Makefile.vm b/release/Makefile.vm index ec3e734285ce..b711d7891f11 100644 --- a/release/Makefile.vm +++ b/release/Makefile.vm @@ -21,6 +21,10 @@ VMDK_DESC= VMWare, VirtualBox disk image QCOW2_DESC= Qemu, KVM disk image RAW_DESC= Unformatted raw disk image +.if defined(WITHOUT_QEMU) +CLOUDWARE_TYPES?= \ + BASIC-CI +.else CLOUDWARE_TYPES?= AZURE \ BASIC-CI \ BASIC-CLOUDINIT \ @@ -28,6 +32,7 @@ CLOUDWARE_TYPES?= AZURE \ GCE \ ORACLE \ VAGRANT +.endif AZURE_FORMAT= vhdf AZURE_FSLIST?= ufs zfs AZURE_DESC= Microsoft Azure platform image @@ -94,7 +99,7 @@ emulator-portinstall: .endif touch ${.TARGET} -.if ${TARGET_ARCH} != ${MACHINE_ARCH} +.if ${TARGET_ARCH} != ${MACHINE_ARCH} && !defined(WITHOUT_QEMU) .if ( ${TARGET_ARCH} != "i386" ) || ( ${MACHINE_ARCH} != "amd64" ) QEMUSTATIC=/usr/local/bin/qemu-${TARGET_ARCH}-static QEMUTGT=emulator-portinstall @@ -120,6 +125,7 @@ cw-${_CW:tl}-${_FS}-${_FMT}: ${QEMUTGT} mkdir -p ${.OBJDIR}/${.TARGET} env TARGET=${TARGET} TARGET_ARCH=${TARGET_ARCH} SWAPSIZE=${SWAPSIZE} \ QEMUSTATIC=${QEMUSTATIC} \ + WITHOUT_QEMU=${WITHOUT_QEMU:Dtrue} \ ${.CURDIR}/scripts/mk-vmimage.sh \ -C ${.CURDIR}/tools/vmimage.subr -d ${.OBJDIR}/${.TARGET} -F ${_FS} \ -i ${.OBJDIR}/${_CW:tl}.${_FS}.${_FMT}.img -s ${VMSIZE} -f ${_FMT} \ @@ -169,6 +175,7 @@ vm-image: ${QEMUTGT} mkdir -p ${.OBJDIR}/${.TARGET}-${FORMAT}-${FS} env TARGET=${TARGET} TARGET_ARCH=${TARGET_ARCH} SWAPSIZE=${SWAPSIZE} \ QEMUSTATIC=${QEMUSTATIC} \ + WITHOUT_QEMU=${WITHOUT_QEMU:Dtrue} \ ${.CURDIR}/scripts/mk-vmimage.sh \ -C ${.CURDIR}/tools/vmimage.subr \ -d ${.OBJDIR}/${.TARGET}-${FORMAT}-${FS} -F ${FS} \ diff --git a/release/tools/vmimage.subr b/release/tools/vmimage.subr index fc66b219b5ad..d3fb200b8c70 100644 --- a/release/tools/vmimage.subr +++ b/release/tools/vmimage.subr @@ -89,6 +89,9 @@ vm_install_base() { } vm_emulation_setup() { + if [ -n "${WITHOUT_QEMU}" ]; then + return 0 + fi if ! [ -z "${QEMUSTATIC}" ]; then export EMULATOR=/qemu cp ${QEMUSTATIC} ${DESTDIR}/${EMULATOR} @@ -130,6 +133,10 @@ vm_extra_enable_services() { } vm_extra_install_packages() { + if [ -n "${WITHOUT_QEMU}" ]; then + return 0 + fi + if [ -z "${VM_EXTRA_PACKAGES}" ]; then return 0 fi @@ -158,6 +165,10 @@ vm_extra_pre_umount() { } vm_emulation_cleanup() { + if [ -n "${WITHOUT_QEMU}" ]; then + return 0 + fi + if ! [ -z "${QEMUSTATIC}" ]; then rm -f ${DESTDIR}/${EMULATOR} fi From bbfe6a3222f1977daedc97c2376c669ee0370c52 Mon Sep 17 00:00:00 2001 From: Brooks Davis Date: Wed, 12 Mar 2025 21:05:39 +0000 Subject: [PATCH 13/19] release/vm: partially support NO_ROOT For images that don't require QEMU, support NO_ROOT. This entails: - Passing NO_ROOT down to mk-vmimage.sh (which sets it for installworld, etc) - Handling etcupdate bootstrapping - Adding assorted config file METALOG entries - Running makefs in the right directory and adding -D for dups The main gap in basic NO_ROOT support is package installation. Each image type must also be updated to add METALOG entries for any files it adds. Reviewed by: emaste Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D49320 (cherry picked from commit c41ba99779d0431c37ac06a674e7744d15de8045) --- release/Makefile.vm | 5 +++++ release/tools/basic-ci.conf | 4 +++- release/tools/vmimage.subr | 33 +++++++++++++++++++++++++++------ 3 files changed, 35 insertions(+), 7 deletions(-) diff --git a/release/Makefile.vm b/release/Makefile.vm index b711d7891f11..0dc7bdbe1fe5 100644 --- a/release/Makefile.vm +++ b/release/Makefile.vm @@ -108,6 +108,10 @@ QEMUTGT=emulator-portinstall QEMUTGT?= .if defined(WITH_CLOUDWARE) && !empty(WITH_CLOUDWARE) && !empty(CLOUDWARE) +.if (defined(WITHOUT_QEMU) && !defined(NO_ROOT)) || \ + (!defined(WITHOUT_QEMU) && defined(NO_ROOT)) +.error WITHOUT_QEMU requires NO_ROOT (and vice versa) +.endif . for _CW in ${CLOUDWARE} . if exists(${.CURDIR}/tools/${_CW:tl}.conf) && !defined(${_CW:tu}CONF) ${_CW:tu}CONF?= ${.CURDIR}/tools/${_CW:tl}.conf @@ -126,6 +130,7 @@ cw-${_CW:tl}-${_FS}-${_FMT}: ${QEMUTGT} env TARGET=${TARGET} TARGET_ARCH=${TARGET_ARCH} SWAPSIZE=${SWAPSIZE} \ QEMUSTATIC=${QEMUSTATIC} \ WITHOUT_QEMU=${WITHOUT_QEMU:Dtrue} \ + NO_ROOT=${NO_ROOT:Dtrue} \ ${.CURDIR}/scripts/mk-vmimage.sh \ -C ${.CURDIR}/tools/vmimage.subr -d ${.OBJDIR}/${.TARGET} -F ${_FS} \ -i ${.OBJDIR}/${_CW:tl}.${_FS}.${_FMT}.img -s ${VMSIZE} -f ${_FMT} \ diff --git a/release/tools/basic-ci.conf b/release/tools/basic-ci.conf index 5acc04b1e530..12c9abb15fb1 100644 --- a/release/tools/basic-ci.conf +++ b/release/tools/basic-ci.conf @@ -21,6 +21,8 @@ beastie_disable="YES" loader_logo="none" console="comconsole,vidconsole" EOF + metalog_add_data ./boot/loader.conf + cat <> ${DESTDIR}/etc/ssh/sshd_config PermitRootLogin yes PasswordAuthentication yes @@ -28,7 +30,7 @@ PermitEmptyPasswords yes UsePAM no EOF - touch ${DESTDIR}/firstboot + touch_firstboot return 0 } diff --git a/release/tools/vmimage.subr b/release/tools/vmimage.subr index d3fb200b8c70..090793f5e6df 100644 --- a/release/tools/vmimage.subr +++ b/release/tools/vmimage.subr @@ -37,6 +37,13 @@ cleanup() { return 0 } +metalog_add_data() { + if [ -n "${NO_ROOT}" ]; then + echo "$1 type=file uname=root gname=wheel mode=0644" >> \ + ${DESTDIR}/METALOG + fi +} + vm_create_base() { mkdir -p ${DESTDIR} @@ -61,7 +68,14 @@ vm_install_base() { etcupdate extract -B \ -M "TARGET=${TARGET} TARGET_ARCH=${TARGET_ARCH}" \ -s ${WORLDDIR} -d ${DESTDIR}/var/db/etcupdate \ - -L /dev/stdout + -L /dev/stdout ${NO_ROOT:+-N} + if [ -n "${NO_ROOT}" ]; then + # Reroot etcupdate's internal METALOG to the whole tree + sed -n 's,^\.,./var/db/etcupdate/current,p' \ + ${DESTDIR}/var/db/etcupdate/current/METALOG | \ + env -i LC_COLLATE=C sort >> ${DESTDIR}/METALOG + rm ${DESTDIR}/var/db/etcupdate/current/METALOG + fi echo '# Custom /etc/fstab for FreeBSD VM images' \ > ${DESTDIR}/etc/fstab @@ -73,16 +87,19 @@ vm_install_base() { echo '/dev/gpt/swapfs none swap sw 0 0' \ >> ${DESTDIR}/etc/fstab fi + metalog_add_data ./etc/fstab local hostname hostname="$(echo $(uname -o) | tr '[:upper:]' '[:lower:]')" echo "hostname=\"${hostname}\"" >> ${DESTDIR}/etc/rc.conf + metalog_add_data ./etc/rc.conf if [ "${VMFS}" = zfs ]; then echo "zfs_enable=\"YES\"" >> ${DESTDIR}/etc/rc.conf echo "zpool_reguid=\"zroot\"" >> ${DESTDIR}/etc/rc.conf echo "zpool_upgrade=\"zroot\"" >> ${DESTDIR}/etc/rc.conf echo "kern.geom.label.disk_ident.enable=0" >> ${DESTDIR}/boot/loader.conf echo "zfs_load=YES" >> ${DESTDIR}/boot/loader.conf + metalog_add_data ./boot/loader.conf fi return 0 @@ -191,11 +208,11 @@ buildfs() { case "${VMFS}" in ufs) - makefs ${MAKEFSARGS} -o label=rootfs -o version=2 -o softupdates=1 \ - ${VMBASE} ${DESTDIR} + cd ${DESTDIR} && makefs ${MAKEFSARGS} -o label=rootfs -o version=2 -o softupdates=1 \ + ${VMBASE} .${NO_ROOT:+/METALOG} ;; zfs) - makefs -t zfs ${MAKEFSARGS} \ + cd ${DESTDIR} && makefs -t zfs ${MAKEFSARGS} \ -o poolname=zroot -o bootfs=zroot/ROOT/default -o rootpath=/ \ -o fs=zroot\;mountpoint=none \ -o fs=zroot/ROOT\;mountpoint=none \ @@ -212,7 +229,7 @@ buildfs() { -o fs=zroot/var/log\;setuid=off\;exec=off \ -o fs=zroot/var/mail\;atime=on \ -o fs=zroot/var/tmp\;setuid=off \ - ${VMBASE} ${DESTDIR} + ${VMBASE} .${NO_ROOT:+/METALOG} ;; *) echo "Unexpected VMFS value '${VMFS}'" @@ -276,7 +293,7 @@ vm_create_disk() { WITH_UNIFIED_OBJDIR=yes \ make -C ${WORLDDIR}/stand -V .OBJDIR)" BOOTFILES="$(realpath ${BOOTFILES})" - MAKEFSARGS="-s ${VMSIZE}" + MAKEFSARGS="-s ${VMSIZE} -D" case "${TARGET}:${TARGET_ARCH}" in amd64:amd64 | i386:i386) @@ -345,3 +362,7 @@ vm_extra_create_disk() { return 0 } +touch_firstboot() { + touch ${DESTDIR}/firstboot + metalog_add_data ./firstboot +} From 456d93a0fea26f60053a628b9ccea26d72706db1 Mon Sep 17 00:00:00 2001 From: Brooks Davis Date: Wed, 12 Mar 2025 21:05:17 +0000 Subject: [PATCH 14/19] release/vm: force replacement of compressed images Without this, rebuilding vm images will fail due to the .xz file existing. Reviewed by: emaste Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D49321 (cherry picked from commit 59c529f2c856ec557954aa81b47603df8871ec25) --- release/Makefile.vm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/release/Makefile.vm b/release/Makefile.vm index 0dc7bdbe1fe5..1f56bdb03f97 100644 --- a/release/Makefile.vm +++ b/release/Makefile.vm @@ -222,7 +222,7 @@ vm-install: . for FORMAT in ${VMFORMATS} . for FS in ${VMFSLIST} # Don't keep the originals. There is a copy in ${.OBJDIR} if needed. - ${XZ_CMD} ${DESTDIR}/vmimages/${OSRELEASE}-${FS}.${FORMAT} + ${XZ_CMD} -f ${DESTDIR}/vmimages/${OSRELEASE}-${FS}.${FORMAT} . endfor . endfor . endif @@ -238,7 +238,7 @@ cloud-install-BASIC-CI: . for _FMT in ${BASIC-CI_FORMAT} cp -p ${.OBJDIR}/${BASIC-CI${_FS:tu}${_FMT:tu}IMAGE} \ ${DESTDIR}/ciimages/${OSRELEASE}-BASIC-CI-${_FS}.${_FMT} - ${XZ_CMD} ${DESTDIR}/ciimages/${OSRELEASE}-BASIC-CI-${_FS}.${_FMT} + ${XZ_CMD} -f ${DESTDIR}/ciimages/${OSRELEASE}-BASIC-CI-${_FS}.${_FMT} . endfor .endfor cd ${DESTDIR}/ciimages && sha512 ${OSRELEASE}* > \ @@ -252,7 +252,7 @@ cloud-install-BASIC-CLOUDINIT: . for _FMT in ${BASIC-CLOUDINIT_FORMAT} cp -p ${.OBJDIR}/${BASIC-CLOUDINIT${_FS:tu}${_FMT:tu}IMAGE} \ ${DESTDIR}/vmimages/${OSRELEASE}-BASIC-CLOUDINIT-${_FS}.${_FMT} - ${XZ_CMD} ${DESTDIR}/vmimages/${OSRELEASE}-BASIC-CLOUDINIT-${_FS}.${_FMT} + ${XZ_CMD} -f ${DESTDIR}/vmimages/${OSRELEASE}-BASIC-CLOUDINIT-${_FS}.${_FMT} . endfor .endfor cd ${DESTDIR}/vmimages && sha512 ${OSRELEASE}* > \ From 20c7bf3382feabf7d88c610a9aceada5ee03b2a1 Mon Sep 17 00:00:00 2001 From: Brooks Davis Date: Fri, 7 Mar 2025 00:02:15 +0000 Subject: [PATCH 15/19] release/vm: don't reject aarch64c, etc --- Jenkinsfile | 2 +- release/tools/vmimage.subr | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 2a2bc8db2e57..bab0a7645e12 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -184,7 +184,7 @@ def buildRelease(params, String suffix) { // params.extraArgs includes --install-prefix=/rootfs but we // don't want the release media to end up there, so override it // to the top-level output directory. - script: "./cheribuild/jenkins-cheri-build.py --build cheribsd-release-${suffix} --cheribsd-release/install-dir=\${WORKSPACE}/tarball ${params.extraArgs}" + script: "./cheribuild/jenkins-cheri-build.py --build cheribsd-release-${suffix} --cheribsd-release/install-dir=\${WORKSPACE}/tarball --cheribsd-release/build-vm-images ${params.extraArgs}" } } } diff --git a/release/tools/vmimage.subr b/release/tools/vmimage.subr index 090793f5e6df..2d81da93794f 100644 --- a/release/tools/vmimage.subr +++ b/release/tools/vmimage.subr @@ -303,7 +303,7 @@ vm_create_disk() { ROOTFSPART="-p ${FSPARTTYPE}/rootfs:=${VMBASE}" MAKEFSARGS="$MAKEFSARGS -B little" ;; - arm:armv7 | arm64:aarch64 | riscv:riscv64*) + arm:armv7 | arm64:aarch64* | riscv:riscv64*) ESP=yes BOOTPARTS= ROOTFSPART="-p ${FSPARTTYPE}/rootfs:=${VMBASE}" From bf85813fd3cef06e1e63c38e0126dff007a617c9 Mon Sep 17 00:00:00 2001 From: Brooks Davis Date: Thu, 27 Mar 2025 16:02:30 +0000 Subject: [PATCH 16/19] release/vm: empty sh functions are disallowed This happens to work with FreeBSD's shell, but is rejected by dash and bash. Reported by: def Reviewed by: emaste Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D49526 (cherry picked from commit 9eb6cdafe5e2c2cfc9ddebc34ecabd1e7cbdc3ca) --- release/tools/vmimage.subr | 1 + 1 file changed, 1 insertion(+) diff --git a/release/tools/vmimage.subr b/release/tools/vmimage.subr index 2d81da93794f..b9400784aabb 100644 --- a/release/tools/vmimage.subr +++ b/release/tools/vmimage.subr @@ -53,6 +53,7 @@ vm_create_base() { vm_copy_base() { # Defunct + return 0 } vm_install_base() { From f3a73a7055a8f6f020d3f9f927620b70db3db04c Mon Sep 17 00:00:00 2001 From: Brooks Davis Date: Thu, 27 Mar 2025 23:40:47 +0000 Subject: [PATCH 17/19] release/vm: fix setting NO_ROOT and WITHOUT_QEMU To support common shell patterns (test -n and -z) we want NO_ROOT and WITHOUT_QEMU to be set and not empty in mk-vmimage.sh if they are set at all in the Makefile. Actually do this rather than making them always set (which propogates to submakes run by mk-vmimage.sh and unconditionally enables NO_ROOT with undesirable side effects such as installing a /METALOG in vm images). Reported by: cperciva Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D49544 (cherry picked from commit e6e5cd297ab4cae4995895b99c713df9cf6e8c0f) --- release/Makefile.vm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/release/Makefile.vm b/release/Makefile.vm index 1f56bdb03f97..f58c7c7fd092 100644 --- a/release/Makefile.vm +++ b/release/Makefile.vm @@ -129,8 +129,8 @@ cw-${_CW:tl}-${_FS}-${_FMT}: ${QEMUTGT} mkdir -p ${.OBJDIR}/${.TARGET} env TARGET=${TARGET} TARGET_ARCH=${TARGET_ARCH} SWAPSIZE=${SWAPSIZE} \ QEMUSTATIC=${QEMUSTATIC} \ - WITHOUT_QEMU=${WITHOUT_QEMU:Dtrue} \ - NO_ROOT=${NO_ROOT:Dtrue} \ + ${WITHOUT_QEMU:DWITHOUT_QEMU=true} \ + ${NO_ROOT:DNO_ROOT=true} \ ${.CURDIR}/scripts/mk-vmimage.sh \ -C ${.CURDIR}/tools/vmimage.subr -d ${.OBJDIR}/${.TARGET} -F ${_FS} \ -i ${.OBJDIR}/${_CW:tl}.${_FS}.${_FMT}.img -s ${VMSIZE} -f ${_FMT} \ From 4bc30049b52176e503d4e92d01ae1100a4c4a5ce Mon Sep 17 00:00:00 2001 From: Li-Wen Hsu Date: Sat, 29 Mar 2025 02:16:30 +0800 Subject: [PATCH 18/19] release/azure: Update instruction of publishing to Azure Marketplace Using Compute Gallery as the source is the preferred method now. Reviewed by: brooks, emaste Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D49528 (cherry picked from commit 09f991f5f6f224f75f3cc9f666f0e0e2e9621432) --- release/Makefile.azure | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/release/Makefile.azure b/release/Makefile.azure index 36f3f8715de1..577221ee3899 100644 --- a/release/Makefile.azure +++ b/release/Makefile.azure @@ -1,6 +1,4 @@ # -# -# # Makefile for uploading Microsoft Azure disk images. # @@ -18,9 +16,6 @@ AZURE${VAR}!= grep -E '^AZURE${VAR}' ${AZURE_UPLOAD_CONF} | awk -F ' ' '{print $ SNAPSHOT_DATE!= date +-${BUILDDATE} .endif -START_DATE!= date -v-1d -I -u -EXPIRY_DATE!= date -v+1m -I -u - azure-upload: ${AZURE_UPLOAD_TGTS} azure-check-depends: @@ -52,19 +47,16 @@ azure-do-upload-${_FS}: --account-name ${AZURE_ACCOUNT} --account-key ${AZURE_KEY} \ --container-name ${AZURE_STORAGE} --type page \ --file ${AZURE_IMG_${_FS}} --name ${AZURE_TARGET_${_FS}}.vhd - @echo "The disk access URL with shared access signature is:" + @echo "The disk has been uploaded to Storage Account, use following information" + @echo "to create an image in Compute Gallery:" @echo - @echo -n https://${AZURE_ACCOUNT}.blob.core.windows.net/${AZURE_STORAGE}/${AZURE_TARGET_${_FS}}.vhd? - @/usr/local/bin/az storage container generate-sas \ - --account-name ${AZURE_ACCOUNT} --account-key ${AZURE_KEY} \ - --name ${AZURE_STORAGE} \ - --permissions lr \ - --start ${START_DATE} \ - --expiry ${EXPIRY_DATE} | cut -d '"' -f 2 + @echo "Storage Account name: ${AZURE_ACCOUNT}" + @echo "Container name: ${AZURE_STORAGE}" + @echo "Blob name: ${AZURE_TARGET_${_FS}}.vhd" @echo @echo "Please go to Microsoft Partner Center to create a new offer and publish it:" @echo - @echo "https://partner.microsoft.com/dashboard/commercial-marketplace/overview" + @echo "https://partner.microsoft.com/dashboard/marketplace-offers/overview" @echo @echo "After the new offer status is live, you can delete the disk file with:" @echo From 91c8e3cdcbed80541a8265fefe7c532f4ecd2389 Mon Sep 17 00:00:00 2001 From: Brooks Davis Date: Mon, 7 Apr 2025 02:24:21 +0100 Subject: [PATCH 19/19] release/vm: finish fixing WITHOUT_QEMU To support common shell patterns (test -n and -z) we want WITHOUT_QEMU to be set and not empty in mk-vmimage.sh if it is defined at all in the Makefile. Fix a case I missed previously. Reported by: cperciva Fixes: e6e5cd297ab4 ("release/vm: fix setting NO_ROOT and WITHOUT_QEMU") Sponsored by: DARPA, AFRL Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D49666 (cherry picked from commit 75ae454d58144d23672607a4a02b9b36532caf76) --- release/Makefile.vm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/release/Makefile.vm b/release/Makefile.vm index f58c7c7fd092..3b0ae4227453 100644 --- a/release/Makefile.vm +++ b/release/Makefile.vm @@ -180,7 +180,7 @@ vm-image: ${QEMUTGT} mkdir -p ${.OBJDIR}/${.TARGET}-${FORMAT}-${FS} env TARGET=${TARGET} TARGET_ARCH=${TARGET_ARCH} SWAPSIZE=${SWAPSIZE} \ QEMUSTATIC=${QEMUSTATIC} \ - WITHOUT_QEMU=${WITHOUT_QEMU:Dtrue} \ + ${WITHOUT_QEMU:DWITHOUT_QEMU=true} \ ${.CURDIR}/scripts/mk-vmimage.sh \ -C ${.CURDIR}/tools/vmimage.subr \ -d ${.OBJDIR}/${.TARGET}-${FORMAT}-${FS} -F ${FS} \