feat: initial implementation

Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
siderolabs · Jun 12, 2019 · 3001501 · 3001501
1 parent ad5ad0a
commit 3001501
Show file tree

Hide file tree

Showing 20 changed files with 634 additions and 1 deletion.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+.pkg.dockerfile
diff --git a/Makefile b/Makefile
@@ -0,0 +1,20 @@
+PKGS := ca-certificates
+PKGS += musl
+PKGS += base
+PKGS += cni
+PKGS += libseccomp
+PKGS += containerd
+PKGS += crictl
+PKGS += dosfstools
+PKGS += fhs
+PKGS += iptables
+PKGS += kubeadm
+PKGS += libressl
+PKGS += runc
+PKGS += socat
+PKGS += syslinux
+PKGS += xfsprogs
+
+.PHONY: pkgs
+pkgs: $(PKGS)
+	@$(foreach pkg,$^, echo "Building $(pkg)" && bldr pack -f $(pkg)/pkg.yaml || exit 1 ;)
diff --git a/README.md b/README.md
@@ -1 +1,10 @@
-# pkgs
+# pkgs
+
+This repository produces a set of packages that can be used to build a rootfs suitable for creating custom Linux distributions.
+The builds use a base container that has been built using a toolchain that creates binaries with a search path of `/toolchain/lib`.
+The toolchain has been adjusted to produce binaries with standard search paths.
+
+## Resources
+
+- https://gcc.gnu.org/onlinedocs/gccint/Configure-Terms.html
+- https://wiki.osdev.org/Target_Triplet
diff --git a/base/pkg.yaml b/base/pkg.yaml
@@ -0,0 +1,16 @@
+name: base
+dependencies:
+  - name: tools
+    version: ffcbed1
+    to: /toolchain
+  - name: musl
+finalize:
+  - from: /toolchain
+    to: /
+variant: scratch
+shell: /toolchain/bin/bash
+steps:
+  - prepare: |
+      cp -R /toolchain/lib/gcc /lib
+      cp -R /toolchain/lib/libgcc* /lib
+      adjust.sh
diff --git a/ca-certificates/pkg.yaml b/ca-certificates/pkg.yaml
@@ -0,0 +1,14 @@
+name: ca-certificates
+finalize:
+  - from: /rootfs
+    to: /
+steps:
+  - sources:
+      - url: https://curl.haxx.se/ca/cacert.pem
+        destination: cacert.pem
+        sha256: cb2eca3fbfa232c9e3874e3852d43b33589f27face98eef10242a853d83a437a
+        sha512: 6dff0130bdc7c9b211d437598d6caf1b5bb7f7268ce66713e9701890f8924c98ab5a4c0df28dac4fdfea439ad61b46861d0c5b2986ac8c8b4a47218a2b9ba02f
+
+    install: |
+      mkdir -p /rootfs/etc/ssl/certs
+      mv cacert.pem /rootfs/etc/ssl/certs/ca-certificates
diff --git a/cni/pkg.yaml b/cni/pkg.yaml
@@ -0,0 +1,40 @@
+name: cni
+finalize:
+  - from: /rootfs
+    to: /
+steps:
+  - sources:
+      - url: https://github.com/containernetworking/cni/releases/download/v0.6.0/cni-amd64-v0.6.0.tgz
+        destination: cni-amd64-v0.6.0.tgz
+        sha256: a7f84a742c8f3a95843b3cc636444742554a4853835649ec371a07c841daebab
+        sha512: 348a11d87d869625feb41c4abc2e1ed06efd5b131183ce0039b06222910d045407b1a0de1200d123693df7a33d4cc0801ed268e608caf307303627746c0119fc
+      - url: https://github.com/containernetworking/plugins/releases/download/v0.7.4/cni-plugins-amd64-v0.7.4.tgz
+        destination: cni-plugins-amd64-v0.7.4.tgz
+        sha256: 5f30e4c9090cbb5314452f4c2bcce48907f003b1614a7fc9615ddedbde31cf00
+        sha512: e53956b8a9d2d6acfd55758e9323aae408f38f834fbf6ec789ab755e14d429c353f518bf8212338ab864a65c37c2b5abd2a7884656b44405ace2d88c21679341
+      - url: https://github.com/containernetworking/cni/releases/download/v0.6.0/cni-arm64-v0.6.0.tgz
+        destination: cni-arm64-v0.6.0.tgz
+        sha256: 2e62dc66d2f908c571ca61b600f52ff59dd1e8ac1b6bcd605ffe4e3b76b258d3
+        sha512: aa63deaa96fffff863ab41386654f2bf0f419bbe5ec43f311e39991096de7455c68af3f5bbdbeadc11fd4e93adedbd1480f43d8249964e754d8eb9cf48667a79
+      - url: https://github.com/containernetworking/plugins/releases/download/v0.7.4/cni-plugins-arm64-v0.7.4.tgz
+        destination: cni-plugins-arm64-v0.7.4.tgz
+        sha256: d85ebf5dfcd34eda7d9c9e9d4ab609e24541d0877c4bcb9d5837cfab207ab653
+        sha512: 54efa6fb3aa892cd6213a7f4efaa88adae8b851dbb53f8bd464a5050cc635153d74d7ff59b682653fa2db345b718dafd1684c91b0bd2561213b780439f951387
+
+    install: |
+      mkdir -p /rootfs/opt/cni/bin
+
+      case $ARCH in
+          x86_64)
+              tar -xzvf cni-amd64-v0.6.0.tgz -C /rootfs/opt/cni/bin
+              tar -xzvf cni-plugins-amd64-v0.7.4.tgz -C /rootfs/opt/cni/bin
+          ;;
+          aarch64)
+              tar -xzvf cni-arm64-v0.6.0.tgz -C /rootfs/opt/cni/bin
+              tar -xzvf cni-plugins-arm64-v0.7.4.tgz -C /rootfs/opt/cni/bin
+          ;;
+          *)
+              echo "unsupported arch ${ARCH}"
+              exit 1
+          ;;
+      esac
diff --git a/containerd/pkg.yaml b/containerd/pkg.yaml
@@ -0,0 +1,47 @@
+name: containerd
+dependencies:
+  - name: base
+    to: /toolchain
+  - name: musl
+  - name: ca-certificates
+  - name: libseccomp
+finalize:
+  - from: /rootfs
+    to: /
+variant: scratch
+shell: /toolchain/bin/bash
+steps:
+  - sources:
+      - url: https://github.com/containerd/containerd/archive/v1.2.6.tar.gz
+        destination: containerd.tar.gz
+        sha256: f2d578b743fb9faa5b3477b7cf4b33d00501087043a53b27754f14bbe741f891
+        sha512: 287b064cb3e57369e34f6debb434526d6bd4857e337e489c56e4ca484c66e161bbda911b4fc29cb49808a756f6ec7af5629e46d693644500e3bf2d9e45e87e73
+
+    prepare: |
+      export GOPATH=/go
+      mkdir -p ${GOPATH}/src/github.com/containerd/containerd
+      tar -xzvf containerd.tar.gz --strip-components=1 -C ${GOPATH}/src/github.com/containerd/containerd
+
+      mkdir /bin
+      ln -sv /toolchain/bin/bash /bin/bash
+      ln -sv /toolchain/bin/bash /bin/sh
+      cp -R /toolchain/lib/gcc /lib
+      cp -R /toolchain/lib/libgcc* /lib
+
+    build: |
+      export PKG_CONFIG_PATH=/usr/lib/pkgconfig
+      export CC=/toolchain/bin/cc
+      export CGO_CFLAGS="-L/usr/lib -I/usr/include"
+      export CGO_LDFLAGS="-L/usr/lib -I/usr/include"
+      # This is required due to "loadinternal: cannot find runtime/cgo".
+      export CGO_ENABLED=1
+      export GOPATH=/go
+      export PATH=${PATH}:${TOOLCHAIN}/go/bin
+      cd ${GOPATH}/src/github.com/containerd/containerd
+      make bin/containerd bin/containerd-shim BUILDTAGS='seccomp no_btrfs' VERSION=v1.2.6 REVISION=894b81a4b802e4eb2a91d1ce216b8817763c29fb
+
+    install: |
+      mkdir -p /rootfs/bin
+      export GOPATH=/go
+      cp ${GOPATH}/src/github.com/containerd/containerd/bin/containerd /rootfs/bin
+      cp ${GOPATH}/src/github.com/containerd/containerd/bin/containerd-shim /rootfs/bin
diff --git a/crictl/pkg.yaml b/crictl/pkg.yaml
@@ -0,0 +1,30 @@
+name: crictl
+finalize:
+  - from: /rootfs
+    to: /
+steps:
+  - sources:
+      - url: https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.13.0/crictl-v1.13.0-linux-amd64.tar.gz
+        destination: crictl-v1.13.0-linux-amd64.tar.gz
+        sha256: 9bdbea7a2b382494aff2ff014da328a042c5aba9096a7772e57fdf487e5a1d51
+        sha512: 0ff8cbc9718b2f8f024cd7ff353a42c56c5520eabb9815b882a6de80eb08873e71a8e8dbb92b72b0caf6f7c2e3b6df00407f5ac10e63213ecf9099ecc42153de
+      - url: https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.13.0/crictl-v1.13.0-linux-arm64.tar.gz
+        destination: crictl-v1.13.0-linux-arm64.tar.gz
+        sha256: 68949c0cb5a37e7604c145d189cf1e109c08c93d9c710ba663db026b9c6f2746
+        sha512: e310e8ef38387778b58a1ff86ccef51f6a309c83355030e80c181bbea4dc5bed7f46207e725981079eae1e086e13aebf297f0ec7104393b919e8c584d2ef8a4c
+
+    install: |
+      mkdir -p /rootfs/bin
+
+      case $ARCH in
+          x86_64)
+              tar -xzvf crictl-v1.13.0-linux-amd64.tar.gz -C /rootfs/bin
+          ;;
+          aarch64)
+              tar -xzvf crictl-v1.13.0-linux-arm64.tar.gz -C /rootfs/bin
+          ;;
+          *)
+              echo "unsupported arch ${ARCH}"
+              exit 1
+          ;;
+      esac
diff --git a/dosfstools/pkg.yaml b/dosfstools/pkg.yaml
@@ -0,0 +1,41 @@
+name: dosfstools
+dependencies:
+  - name: base
+    to: /toolchain
+  - name: musl
+  - name: ca-certificates
+finalize:
+  - from: /rootfs
+    to: /
+variant: scratch
+shell: /toolchain/bin/bash
+steps:
+  - sources:
+      - url: https://github.com/dosfstools/dosfstools/releases/download/v4.1/dosfstools-4.1.tar.xz
+        destination: dosfstools.tar.xz
+        sha256: e6b2aca70ccc3fe3687365009dd94a2e18e82b688ed4e260e04b7412471cc173
+        sha512: e7a8aab34255d15e6865a7b031971352af1255134fab83389673bcc3cbd6ba255241bd2429070aeb4b927f8d7d73ccf1aeafe94566b133e88e7586897c317b78
+
+    prepare: |
+      tar -xJvf dosfstools.tar.xz --strip-components=1
+
+      mkdir /bin
+      ln -sv /toolchain/bin/bash /bin/bash
+      ln -sv /toolchain/bin/bash /bin/sh
+      cp -R /toolchain/lib/gcc /lib
+      cp -R /toolchain/lib/libgcc* /lib
+
+      mkdir build
+      cd build
+
+      ../configure \
+      --prefix=/ \
+      --enable-compat-symlinks
+
+    build: |
+      cd build
+      make -j $(nproc)
+
+    install: |
+      cd build
+      make install DESTDIR=/rootfs
diff --git a/fhs/pkg.yaml b/fhs/pkg.yaml
@@ -0,0 +1,13 @@
+name: fhs
+finalize:
+  - from: /rootfs
+    to: /
+steps:
+  - install: |
+      PREFIX=/rootfs
+      mkdir -pv ${PREFIX}/{dev,lib,proc,sys,bin,sbin,etc,opt,run}
+      mkdir -pv ${PREFIX}/usr/{bin,sbin,lib,var,include}
+      mkdir -pv ${PREFIX}/usr/local/{bin,sbin,lib,include}
+      mkdir -pv ${PREFIX}/var/{log,mail,spool}
+      install -dv -m 0750 ${PREFIX}/root
+      install -dv -m 1777 ${PREFIX}/tmp ${PREFIX}/var/tmp
diff --git a/iptables/pkg.yaml b/iptables/pkg.yaml
@@ -0,0 +1,46 @@
+name: iptables
+dependencies:
+  - name: base
+    to: /toolchain
+  - name: musl
+  - name: ca-certificates
+finalize:
+  - from: /rootfs
+    to: /
+variant: scratch
+shell: /toolchain/bin/bash
+steps:
+  - sources:
+      - url: http://www.netfilter.org/projects/iptables/files/iptables-1.8.2.tar.bz2
+        destination: iptables.tar.bz2
+        sha256: a3778b50ed1a3256f9ca975de82c2204e508001fc2471238c8c97f3d1c4c12af
+        sha512: 8cf0f515764e1dc6e03284581d682d1949b33e8f25fea29c27ae856f1089fe8ca7b1814524b85f4378fd1fc7c7c7d002f06557b257ae2bbc945f8555bad0dc76
+
+    prepare: |
+      tar -xjvf iptables.tar.bz2 --strip-components=1
+
+      mkdir /bin
+      ln -sv /toolchain/bin/bash /bin/bash
+      ln -sv /toolchain/bin/bash /bin/sh
+      cp -R /toolchain/lib/gcc /lib
+      cp -R /toolchain/lib/libgcc* /lib
+
+      mkdir build
+      cd build
+
+      ../configure \
+      --prefix=/usr \
+      --libexecdir=/usr/libexec \
+      --disable-static \
+      --sbindir=/sbin \
+      --disable-nftables \
+      --enable-libipq \
+      --with-xtlibdir=/lib/xtables
+
+    build: |
+      cd build
+      make -j $(nproc)
+
+    install: |
+      cd build
+      make install DESTDIR=/rootfs
diff --git a/kubeadm/pkg.yaml b/kubeadm/pkg.yaml
@@ -0,0 +1,32 @@
+name: kubeadm
+finalize:
+  - from: /rootfs
+    to: /
+steps:
+  - sources:
+      - url: https://storage.googleapis.com/kubernetes-release/release/v1.15.0-beta.1/bin/linux/amd64/kubeadm
+        destination: kubeadm-linux-amd64
+        sha256: 5d10335e05ef1c4ef2b3fe0ff624dadf166c5b60de3f4672f0e6d0629986539e
+        sha512: 06dbee2c8b431706514cfdc2bfe9654753c3669c0e34029d5538df06f35a8ca969a57a4ffdcd3c637d4f664eb6e9ff4e89d1f5dee50443f6e43fce57364ccf66
+      - url: https://storage.googleapis.com/kubernetes-release/release/v1.15.0-beta.1/bin/linux/arm64/kubeadm
+        destination: kubeadm-linux-arm64
+        sha256: 6e4a16edd6625d1e4782805d66ddf641332fd7275c7de8830e1977b214dd03ee
+        sha512: f20ad7e8dd9c158731c8dc511d713733c9410ae9f61ef15ce8f284f68619919ede40a0b46adaf0ff135405a541a5325eb06ed622eb33a3f30a3a15cb7875fc99
+
+    install: |
+      mkdir -p /rootfs/bin
+
+      case $ARCH in
+          x86_64)
+              cp kubeadm-linux-amd64 /rootfs/bin/kubeadm
+          ;;
+          aarch64)
+              cp kubeadm-linux-arm64 /rootfs/bin/kubeadm
+          ;;
+          *)
+              echo "unsupported arch ${ARCH}"
+              exit 1
+          ;;
+      esac
+
+      chmod +x /rootfs/bin/kubeadm
diff --git a/libressl/pkg.yaml b/libressl/pkg.yaml
@@ -0,0 +1,35 @@
+name: libressl
+dependencies:
+  - name: base
+    to: /toolchain
+  - name: musl
+  - name: ca-certificates
+finalize:
+  - from: /rootfs
+    to: /
+variant: scratch
+shell: /toolchain/bin/bash
+steps:
+  - sources:
+      - url: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.9.0.tar.gz
+        destination: libressl.tar.gz
+        sha256: eb5f298408b723f11a0ca0192c122ecb79b4855bfdf7eea183a6264296a13cf4
+        sha512: db7fec664bef8d76204ca691c11df236abce3c85b2a51011eec5bd302e273b62fa3cfce0430980915c3f3ce34176d5ef9c187902f0b39d7fc151e69e552b499c
+
+    prepare: |
+      tar -xzvf libressl.tar.gz --strip-components=1
+
+      mkdir /bin
+      ln -sv /toolchain/bin/bash /bin/bash
+      ln -sv /toolchain/bin/bash /bin/sh
+      cp -R /toolchain/lib/gcc /lib
+      cp -R /toolchain/lib/libgcc* /lib
+
+      ./configure \
+      --prefix=/usr
+
+    build: |
+      make -j $(nproc)
+
+    install: |
+      make install DESTDIR=/rootfs