forked from rpm-software-management/mock
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
export_buildroot_image: new plugin for OCI image exports
The --enable-plugin=export_buildroot_image option automatically wraps the <chroot>/root directory as OCI-image-as-tarball file, and stores it into Mock's resultdir. We exclude the /builddir/build directory from the generated image; it could contain RPMs, SRPMs, extracted sources, etc. Relates: rpm-software-management#1482
- Loading branch information
Showing
6 changed files
with
133 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,62 @@ | ||
| --- | ||
| layout: default | ||
| title: Plugin export_buildroot_image | ||
| --- | ||
|
|
||
| This plugin allows you to (on demand) export the Mock chroot as an OCI image in | ||
| local archive format (tarball). This tarball can provide additional convenience | ||
| for local build reproducibility. See the example below for details. | ||
|
|
||
| By default, this plugin is **disabled**. You can enable it using the | ||
| `--enable-plugin export_buildroot_image` option in `--rebuild` mode. | ||
|
|
||
| This plugin has been added in Mock v6.0. | ||
|
|
||
| ## Example use-case | ||
|
|
||
| First, let's start a standard Mock build, but enable the OCI archive generator: | ||
|
|
||
| $ mock -r fedora-rawhide-x86_64 --enable-plugin export_buildroot_image \ | ||
| /tmp/quick-package/dummy-pkg-20241212_1114-1.src.rpm | ||
| ... mock installs all build-deps, and does other chroot tweaks ... | ||
| Start: producing buildroot as OCI image | ||
| ... mock performs the rpmbuild ... | ||
| INFO: Results and/or logs in: /var/lib/mock/fedora-rawhide-x86_64/result | ||
| Finish: run | ||
|
|
||
| The archive has been saved in the result directory: | ||
|
|
||
| $ ls /var/lib/mock/fedora-rawhide-x86_64/result/*.tar | ||
| /var/lib/mock/fedora-rawhide-x86_64/result/buildroot-oci.tar | ||
|
|
||
| Then, you can try re-running the build without Mock, like this: | ||
|
|
||
| $ chmod a+r /tmp/quick-package/dummy-pkg-20241212_1114-1.src.rpm | ||
| $ podman run --rm -ti \ | ||
| -v /tmp/quick-package/dummy-pkg-20241212_1114-1.src.rpm:/dummy-pkg.src.rpm:z \ | ||
| oci-archive:/var/lib/mock/fedora-rawhide-x86_64/result/buildroot-oci.tar \ | ||
| rpmbuild --rebuild /dummy-pkg.src.rpm | ||
|
|
||
| Installing /dummy-pkg.src.rpm | ||
| setting SOURCE_DATE_EPOCH=1401926400 | ||
| Executing(%mkbuilddir): /bin/sh -e /var/tmp/rpm-tmp.XIm441 | ||
| ... | ||
| Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.pqJ9hu | ||
| ... | ||
| Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.iaeMZG | ||
| ... | ||
| Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.SHktaE | ||
| ... | ||
| Processing files: dummy-pkg-20241212_1114-1.fc42.x86_64 | ||
| ... | ||
| Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.E71FWH | ||
| ... | ||
| + exit 0 | ||
|
|
||
| **Warning:** This method of reproducing a Mock build is not recommended for | ||
| production use. During a normal/full Mock rebuild, Mock ensures the buildroot | ||
| is fully up-to-date. Using just plain `rpmbuild` within Podman may result in | ||
| outdated files, different structure in the kernel-driven filesystems like | ||
| `/proc`, `/dev`, and `/sys`, different SELinux assumptions, permissions, etc. | ||
| Proceed with caution, and be prepared to encounter some differences (and perhaps | ||
| different build failures). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,63 @@ | ||
| """ | ||
| Generate OCI from prepared build chroot. | ||
| Use given OCI image as build chroot (TODO). | ||
| """ | ||
|
|
||
| import os | ||
| import mockbuild.util | ||
| from mockbuild.trace_decorator import getLog | ||
|
|
||
| requires_api_version = "1.1" | ||
|
|
||
|
|
||
| def init(plugins, conf, buildroot): | ||
| """ The obligatory plugin entry point """ | ||
| OCIAsBuildroot(plugins, conf, buildroot) | ||
|
|
||
|
|
||
| class OCIAsBuildroot: | ||
| """ | ||
| OCIAsBuildroot plugin (class). | ||
| """ | ||
| def __init__(self, plugins, conf, buildroot): | ||
| self.buildroot = buildroot | ||
| self.state = buildroot.state | ||
| self.conf = conf | ||
| plugins.add_hook("postdeps", self.produce_buildroot_image) | ||
|
|
||
| def do(self, cmd): | ||
| """ Execute command on host (as root) """ | ||
| getLog().info("Executing %s", ' '.join(cmd)) | ||
| mockbuild.util.do(cmd, returnOutput=True, returnStderr=True) | ||
|
|
||
| def _produce_image_as_root(self): | ||
| name = f"mock-container-{self.buildroot.config['root']}" | ||
| tarball = os.path.join(self.buildroot.resultdir, "buildroot-oci.tar") | ||
| chroot = self.buildroot.make_chroot_path() | ||
|
|
||
| # Add the whole chroot directory into the container | ||
| self.do(["buildah", "from", "--name", name, "scratch"]) | ||
| self.do(["buildah", "add", name, chroot, "/"]) | ||
|
|
||
| # Keep just /builddir directory, make it correctly owned | ||
| self.do(["buildah", "run", name, "rm", "-r", | ||
| self.buildroot.config["chroothome"] + "/build"]) | ||
| self.do(["buildah", "run", name, "chown", "-R", "mockbuild:mock", | ||
| self.buildroot.config["chroothome"]]) | ||
|
|
||
| # When starting container, switch to mockbuild user directly | ||
| self.do(["buildah", "config", "--user", "mockbuild:mock", name]) | ||
|
|
||
| # Export the image as OCI archive, and remove the WIP container | ||
| self.do(["buildah", "commit", "--format", "oci", name, | ||
| "oci-archive:" + tarball]) | ||
| self.do(["buildah", "rm", name]) | ||
|
|
||
| def produce_buildroot_image(self): | ||
| """ Generate OCI image from buildroot using Buildah """ | ||
| try: | ||
| self.state.start("producing buildroot as OCI image") | ||
| with self.buildroot.uid_manager.elevated_privileges(): | ||
| self._produce_image_as_root() | ||
| finally: | ||
| self.state.finish("producing buildroot as OCI image") |
3 changes: 3 additions & 0 deletions
3
releng/release-notes-next/export-import-oci-buildroot-image.feature
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| A new plugin, `export_buildroot_image`, has been added. This plugin can export | ||
| the Mock chroot as an OCI archive once all the build dependencies have been | ||
| installed (when the chroot is ready-made for runnign `/bin/rpmbuild -bb`). |