More stuff
This commit is contained in:
+44
-16
@@ -112,6 +112,16 @@ impl Builder {
|
||||
self.preflight_container()?;
|
||||
let repo = self.pkgs_dir();
|
||||
fs::create_dir_all(&repo)?;
|
||||
// Nothing to index yet — leave it alone so callers don't trip on a
|
||||
// failing `*.apk` glob.
|
||||
let has_apks = fs::read_dir(&repo)?.any(|e| {
|
||||
e.ok()
|
||||
.and_then(|e| e.path().extension().map(|x| x == "apk"))
|
||||
.unwrap_or(false)
|
||||
});
|
||||
if !has_apks {
|
||||
return Ok(());
|
||||
}
|
||||
log::step(
|
||||
"index",
|
||||
&format!("signing repository at {}", repo.display()),
|
||||
@@ -121,14 +131,14 @@ impl Builder {
|
||||
if !key.exists() || !pubkey.exists() {
|
||||
bail!("signing key is not configured or missing; run `distro init-key` first");
|
||||
}
|
||||
let index_name = "APKINDEX.adb";
|
||||
let index_name = "APKINDEX.tar.gz";
|
||||
let status = Command::new(&self.config.container_runtime)
|
||||
.arg("run")
|
||||
.arg("--rm")
|
||||
.arg("-v")
|
||||
.arg(format!("{}:/repo", repo.display()))
|
||||
.arg("-v")
|
||||
.arg(format!("{}:/keys/private.rsa:ro", key.display()))
|
||||
.arg(format!("{}:/keys/distro.rsa:ro", key.display()))
|
||||
.arg("-v")
|
||||
.arg(format!(
|
||||
"{}:/etc/apk/keys/distro.rsa.pub:ro",
|
||||
@@ -138,7 +148,7 @@ impl Builder {
|
||||
.arg("/bin/sh")
|
||||
.arg("-lc")
|
||||
.arg(format!(
|
||||
"cd /repo && apk --sign-key /keys/private.rsa mkndx -o {index_name} *.apk"
|
||||
"cd /repo && apk --sign-key /keys/distro.rsa mkndx -o {index_name} *.apk"
|
||||
))
|
||||
.status()
|
||||
.context("failed to run repository index command")?;
|
||||
@@ -207,7 +217,7 @@ impl Builder {
|
||||
.arg("-v")
|
||||
.arg(format!("{}:/rootfs", root.display()))
|
||||
.arg("-v")
|
||||
.arg(format!("{}:/repo:ro", self.pkgs_dir().display()))
|
||||
.arg(format!("{}:/repo:ro", self.pkgs_root().display()))
|
||||
.arg("-v")
|
||||
.arg(format!(
|
||||
"{}:/etc/apk/keys/distro.rsa.pub:ro",
|
||||
@@ -217,8 +227,11 @@ impl Builder {
|
||||
.arg("apk")
|
||||
.arg("--root")
|
||||
.arg("/rootfs")
|
||||
.arg("--keys-dir")
|
||||
.arg("/etc/apk/keys")
|
||||
.arg("--initdb")
|
||||
.arg("--repository")
|
||||
.arg("/repo/APKINDEX.adb")
|
||||
.arg("/repo")
|
||||
.arg("add")
|
||||
.args(packages)
|
||||
.status()
|
||||
@@ -315,7 +328,7 @@ impl Builder {
|
||||
&source_dir,
|
||||
&build_dir,
|
||||
dest_dir,
|
||||
sysroot.as_deref(),
|
||||
sysroot.as_ref().map(|s| s.path()),
|
||||
)?;
|
||||
|
||||
self.apk_mkpkg(output, dest_dir)?;
|
||||
@@ -466,11 +479,11 @@ impl Builder {
|
||||
.arg("-v")
|
||||
.arg(format!("{}:/out", repo.display()))
|
||||
.arg("-v")
|
||||
.arg(format!("{}:/keys/private.rsa:ro", signing_key.display()))
|
||||
.arg(format!("{}:/keys/distro.rsa:ro", signing_key.display()))
|
||||
.arg(&self.config.container_image)
|
||||
.arg("apk")
|
||||
.arg("--sign-key")
|
||||
.arg("/keys/private.rsa")
|
||||
.arg("/keys/distro.rsa")
|
||||
.args(plan.args)
|
||||
.status()
|
||||
.context("failed to run apk mkpkg command")?;
|
||||
@@ -627,11 +640,11 @@ impl Builder {
|
||||
Ok(Some(sandbox))
|
||||
}
|
||||
|
||||
fn materialize_sysroot(&self, recipe: &Recipe) -> Result<Option<PathBuf>> {
|
||||
fn materialize_sysroot(&self, recipe: &Recipe) -> Result<Option<tempfile::TempDir>> {
|
||||
let mut deps: Vec<String> = recipe
|
||||
.build_deps
|
||||
.iter()
|
||||
.chain(recipe.run_deps.iter())
|
||||
.chain(recipe.deps.iter())
|
||||
.cloned()
|
||||
.collect();
|
||||
deps.sort();
|
||||
@@ -639,23 +652,29 @@ impl Builder {
|
||||
if deps.is_empty() {
|
||||
return Ok(None);
|
||||
}
|
||||
// The local repo index must be present and current so apk can resolve
|
||||
// and verify the just-built target packages.
|
||||
self.repo_index()?;
|
||||
let pubkey = self.abs_config_path(&self.config.signing_pubkey);
|
||||
if !pubkey.exists() {
|
||||
bail!("target dependency sysroot requires a configured public signing key");
|
||||
}
|
||||
let sysroot = self.repo.join("build/sysroots").join(&recipe.id);
|
||||
fs::create_dir_all(self.repo.join("build"))?;
|
||||
let sysroot = tempfile::Builder::new()
|
||||
.prefix(&format!("sysroot-{}-", recipe.id))
|
||||
.tempdir_in(self.repo.join("build"))
|
||||
.context("failed to create sysroot tempdir")?;
|
||||
log::info(
|
||||
"sysroot",
|
||||
&format!("{} <- [{}]", recipe.id, deps.join(", ")),
|
||||
);
|
||||
Self::recreate(&sysroot)?;
|
||||
let status = Command::new(&self.config.container_runtime)
|
||||
.arg("run")
|
||||
.arg("--rm")
|
||||
.arg("-v")
|
||||
.arg(format!("{}:/sysroot", sysroot.display()))
|
||||
.arg(format!("{}:/sysroot", sysroot.path().display()))
|
||||
.arg("-v")
|
||||
.arg(format!("{}:/repo:ro", self.pkgs_dir().display()))
|
||||
.arg(format!("{}:/repo:ro", self.pkgs_root().display()))
|
||||
.arg("-v")
|
||||
.arg(format!(
|
||||
"{}:/etc/apk/keys/distro.rsa.pub:ro",
|
||||
@@ -665,8 +684,11 @@ impl Builder {
|
||||
.arg("apk")
|
||||
.arg("--root")
|
||||
.arg("/sysroot")
|
||||
.arg("--keys-dir")
|
||||
.arg("/etc/apk/keys")
|
||||
.arg("--initdb")
|
||||
.arg("--repository")
|
||||
.arg("/repo/APKINDEX.adb")
|
||||
.arg("/repo")
|
||||
.arg("add")
|
||||
.args(&deps)
|
||||
.status()
|
||||
@@ -817,9 +839,15 @@ impl Builder {
|
||||
fn host_pkg_dir_by_id(&self, host_recipe_id: &str) -> PathBuf {
|
||||
self.repo.join("build/host-pkgs").join(host_recipe_id)
|
||||
}
|
||||
fn pkgs_dir(&self) -> PathBuf {
|
||||
/// Root of the target package repo. apk treats this as the repo root and
|
||||
/// expects `<root>/<arch>/APKINDEX.tar.gz` underneath.
|
||||
fn pkgs_root(&self) -> PathBuf {
|
||||
self.repo.join("build/pkgs")
|
||||
}
|
||||
/// Arch-specific package directory: where .apk files and the index live.
|
||||
fn pkgs_dir(&self) -> PathBuf {
|
||||
self.pkgs_root().join(&self.config.target_arch)
|
||||
}
|
||||
fn manifest_path(&self, output_key: &str) -> PathBuf {
|
||||
// Output keys may contain `:` (e.g. `host:gcc`); the manifest file
|
||||
// name uses the filesystem-safe slug form instead.
|
||||
|
||||
Reference in New Issue
Block a user