diff --git a/Cargo.lock b/Cargo.lock index 9871117..ced8c3f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -88,7 +88,6 @@ version = "0.5.0" dependencies = [ "base32", "clap", - "lxd", "plain", "rand", "reqwest", @@ -518,16 +517,6 @@ version = "0.4.20" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" -[[package]] -name = "lxd" -version = "0.1.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "918a314b8eb7d4e19c3d154b4069b12aa37c25a68bae4f2c2a69f50bf47c7c5a" -dependencies = [ - "serde", - "serde_json", -] - [[package]] name = "memchr" version = "2.6.3" diff --git a/Cargo.toml b/Cargo.toml index bdda6e1..8813376 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -20,7 +20,6 @@ doc = false [dependencies] base32 = "0.4.0" clap = "3.2.25" -lxd = "0.1.9" plain = "0.2.3" rand = "0.8.5" reqwest = { version = "0.11.20", features = ["blocking"] } diff --git a/buildchain.json b/buildchain.json index 4b6a3dc..9aff1ab 100644 --- a/buildchain.json +++ b/buildchain.json @@ -1,6 +1,5 @@ { "name": "buildchain", - "base": "ubuntu:16.04", "prepare": [ ["apt-get", "update"], ["apt-get", "dist-upgrade", "-y"], diff --git a/deps.sh b/deps.sh deleted file mode 100755 index 86428a6..0000000 --- a/deps.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/bash -sudo apt install lxd lxd-client diff --git a/example/buildchain.json b/example/buildchain.json index 30773fd..8071301 100644 --- a/example/buildchain.json +++ b/example/buildchain.json @@ -1,6 +1,5 @@ { "name": "example", - "base": "ubuntu:16.04", "prepare": [ ["echo", "prepare"] ], diff --git a/src/build.rs b/src/build.rs index 771e7ed..776ef29 100644 --- a/src/build.rs +++ b/src/build.rs @@ -1,131 +1,53 @@ // SPDX-License-Identifier: GPL-3.0-only -use serde::{Deserialize, Serialize}; use std::fs; use std::io; +use std::env; use std::path::Path; use std::process::Command; -use lxd::{Container, Image, Location}; use tempfile::TempDir; -use crate::{sign_manifest, Config, Sha384, Source, Store}; +use crate::{sign_manifest, Config, Source, Store}; -/// A temporary structure used to generate a unique build environment -#[derive(Clone, Debug, Eq, PartialEq, Deserialize, Serialize)] -struct BuildEnvironmentConfig { - /// The LXC base to use - pub base: String, - /// The commands to run to generate a build environment - pub prepare: Vec>, -} - -fn prepare(config: &Config, location: &Location) -> io::Result { - let build_json = serde_json::to_string(&BuildEnvironmentConfig { - base: config.base.clone(), - prepare: config.prepare.clone(), - }) - .map_err(|err| io::Error::new(io::ErrorKind::Other, err))?; - - let build_sha = Sha384::new(&mut build_json.as_bytes()) - .map_err(|err| io::Error::new(io::ErrorKind::Other, err))?; - - let build_sha_str = serde_json::to_string(&build_sha) - .map_err(|err| io::Error::new(io::ErrorKind::Other, err))?; - - let container_name = format!("buildchain-{}-prepare", config.name); - let build_image = format!( - "buildchain-{}-{}", - config.name, - build_sha_str.trim_matches('"') - ); - - if Image::new(location.clone(), &build_image).is_ok() { - println!("Build environment cached as {}", build_image); - } else { - let mut container = if config.privileged { - println!( - "Create privileged container {} from {}", - container_name, &config.base - ); - unsafe { Container::new_privileged(location.clone(), &container_name, &config.base)? } - } else { - println!("Create container {} from {}", container_name, &config.base); - Container::new(location.clone(), &container_name, &config.base)? - }; - - for command in config.prepare.iter() { - let mut args = vec![]; - for arg in command.iter() { - args.push(arg.as_str()); - } - - println!("Prepare command {:?}", args); - container.exec(&args)?; +fn prepare(config: &Config) -> io::Result<()> { + for command in config.prepare.iter() { + let mut args = Vec::new(); + for arg in command.iter().skip(1) { + args.push(arg.as_str()); } - println!("Snapshot build environment as {}", build_image); - let snapshot = container.snapshot(&build_image)?; - - println!("Publish build environment as {}", build_image); - snapshot.publish(&build_image)?; + println!("Prepare command: {} {:?}", &command[0], args); + Command::new(&command[0]).args(&args).status()?; } - Ok(build_image) + Ok(()) } -fn run, Q: AsRef>( - config: &Config, - location: &Location, - build_image: &str, - source_path: P, - temp_path: Q, -) -> io::Result<()> { - let source_path = source_path.as_ref(); - let temp_path = temp_path.as_ref(); - - let container_name = format!("buildchain-{}-build", config.name); - - let mut container = if config.privileged { - println!( - "Create privileged container {} from {}", - container_name, build_image - ); - unsafe { Container::new_privileged(location.clone(), &container_name, build_image)? } - } else { - println!("Create container {} from {}", container_name, build_image); - Container::new(location.clone(), &container_name, build_image)? - }; - - println!("Push source"); - container.push(source_path, "/root", true)?; - +fn run(config: &Config) -> io::Result<()> { for command in config.build.iter() { let mut args = Vec::new(); - for arg in command.iter() { + for arg in command.iter().skip(1) { args.push(arg.as_str()); } - println!("Build command {:?}", args); - container.exec(&args)?; + println!("Build command: {} {:?}", &command[0], args); + Command::new(&command[0]).args(&args).status()?; } println!("Create artifact directory"); - container.exec(&["mkdir", "/root/artifacts"])?; + fs::create_dir_all("artifacts")?; for command in config.publish.iter() { let mut args = Vec::new(); - for arg in command.iter() { + for arg in command.iter().skip(1) { args.push(arg.as_str()); } - println!("Publish command {:?}", args); - container.exec(&args)?; + println!("Publish command: {} {:?}", &command[0], args); + Command::new(&command[0]).args(&args).status()?; } - println!("Pull artifacts"); - container.pull("/root/artifacts", temp_path, true)?; - Ok(()) } @@ -163,7 +85,6 @@ pub struct BuildArguments<'a> { pub output_path: &'a str, pub project_name: &'a str, pub branch_name: &'a str, - pub remote_opt: Option<&'a str>, pub source_url: &'a str, pub source_kind: &'a str, pub use_pihsm: bool, @@ -186,23 +107,16 @@ pub fn build(args: BuildArguments) -> io::Result<()> { let string = fs::read_to_string(source_path.join(config_path))?; let config = serde_json::from_str::(&string)?; - let location = if let Some(remote) = args.remote_opt { - println!("buildchain: building {} on {}", config.name, remote); - Location::Remote(remote.to_string()) - } else { - println!("buildchain: building {} locally", config.name); - Location::Local - }; + println!("buildchain: building {}", config.name); + + // Run all commands from the context of the buildroot. + let cwd = env::current_dir()?; + env::set_current_dir(&temp_dir)?; - let build_image = prepare(&config, &location)?; + prepare(&config)?; + run(&config)?; - run( - &config, - &location, - &build_image, - &source_path, - temp_dir.path(), - )?; + env::set_current_dir(cwd)?; let store = Store::new(&temp_dir); let manifest = store.import_artifacts(source_time)?; diff --git a/src/config.rs b/src/config.rs index 0ee6139..c495082 100644 --- a/src/config.rs +++ b/src/config.rs @@ -7,15 +7,10 @@ use serde::{Deserialize, Serialize}; pub struct Config { /// The name of this build project pub name: String, - /// The LXC base to use - pub base: String, - /// True if the LXC container for builds should be privileged - #[serde(default = "Default::default")] - pub privileged: bool, /// The commands to run to generate a build environment pub prepare: Vec>, - /// The commands to run that build the artifacts in /root/source + /// The commands to run that build the artifacts in `source/` pub build: Vec>, - /// The commands to run that publish the artifacts to /root/artifacts + /// The commands to run that publish the artifacts to `artifacts/` pub publish: Vec>, } diff --git a/src/lib.rs b/src/lib.rs index be3f06f..3a60833 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -4,8 +4,6 @@ #![allow(clippy::uninlined_format_args)] -pub use lxd::Location; - pub use crate::block::Block; pub use crate::build::{build, BuildArguments}; pub use crate::config::Config; diff --git a/src/main.rs b/src/main.rs index 8e52702..2378a44 100644 --- a/src/main.rs +++ b/src/main.rs @@ -43,13 +43,6 @@ fn buildchain() -> Result<(), String> { .takes_value(true) .help("Tail signature branch name"), ) - .arg( - Arg::with_name("remote") - .short('r') - .long("remote") - .takes_value(true) - .help("Remote LXC server"), - ) .arg( Arg::with_name("source_url") .takes_value(true) @@ -114,7 +107,6 @@ fn buildchain() -> Result<(), String> { output_path: matches.value_of("output").unwrap_or("buildchain.tar"), project_name: matches.value_of("project").unwrap_or("default"), branch_name: matches.value_of("branch").unwrap_or("master"), - remote_opt: matches.value_of("remote"), source_url: matches.value_of("source_url").unwrap_or("."), source_kind: matches.value_of("source_kind").unwrap_or("dir"), use_pihsm: matches.is_present("use_pihsm"),