diff --git a/build.sh b/build.sh index b2217e9cf7..2cbc2b99be 100755 --- a/build.sh +++ b/build.sh @@ -90,6 +90,17 @@ install_rpms() { fi # Similarly for kernel data and SELinux policy, which we want to inject into supermin chmod -R a+rX /usr/lib/modules /usr/share/selinux/targeted + + # Symlink the CentOS Stream GPG keys to /etc to make it easier to build + # CentOS-based artifacts. + if [ ! -e "/etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial" ]; then + ln -s /usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial + ln -s {/usr/share/distribution-gpg-keys/centos,/etc/pki/rpm-gpg}/RPM-GPG-KEY-CentOS-SIG-Cloud + ln -s {/usr/share/distribution-gpg-keys/centos,/etc/pki/rpm-gpg}/RPM-GPG-KEY-CentOS-SIG-Extras-SHA512 + ln -s {/usr/share/distribution-gpg-keys/centos,/etc/pki/rpm-gpg}/RPM-GPG-KEY-CentOS-SIG-NFV + ln -s {/usr/share/distribution-gpg-keys/centos,/etc/pki/rpm-gpg}/RPM-GPG-KEY-CentOS-SIG-Virtualization + fi + # Further cleanup yum clean all } diff --git a/src/cmd-podman-build b/src/cmd-podman-build new file mode 100755 index 0000000000..83d468ff41 --- /dev/null +++ b/src/cmd-podman-build @@ -0,0 +1,46 @@ +#!/bin/bash +set -xeuo pipefail + +meta=builds/latest/$(arch)/meta.json +name=$(jq -r .name "${meta}") +version=$(jq -r '."ostree-version"' "${meta}") + +# can't use `rpm-ostree --print-json | jq .` here because the manifest may have +# variables that need to be set +ocp_version=$(python3 < src/config/packages-openshift.yaml -c ' +import yaml, sys +y = yaml.safe_load(sys.stdin) +print(y["metadata"]["ocp_version"])') + +node_tag=localhost/${name}-${ocp_version}-${version}-node +extensions_tag=localhost/${name}-${ocp_version}-${version}-extensions + +target=${1:-} +case "${target}" in + node) + from=oci-archive:builds/latest/$(arch)/$(jq .images.ostree.path "$meta") + containerfile="src/config/Containerfile" + tag=${node_tag} + ;; + extensions) + from=${node_tag} + containerfile="src/config/extensions/Dockerfile" + tag=${extensions_tag} + ;; + "") echo "Usage: $0 (node|extensions) [extra podman args...]" >&2; exit 1;; +esac +shift + +cat src/config/*.repo > tmp/all.repo +if [ -d src/yumrepos ]; then + cat src/yumrepos/*.repo >> tmp/all.repo +fi +repos=$(realpath tmp/all.repo) + +set -x +podman build --from "$from" \ + -t "${tag}" \ + -f "${containerfile}" \ + --secret id=yumrepos,src="$repos" \ + -v /etc/pki/ca-trust:/etc/pki/ca-trust:ro \ + --security-opt label=disable src/config "$@"