From: Jan Kiszka <jan.kiszka@siemens.com>
To: cip-dev <cip-dev@lists.cip-project.org>
Subject: [isar-cip-core][PATCH] Update to kas 4.3
Date: Tue, 12 Mar 2024 11:00:17 +0100 [thread overview]
Message-ID: <a2ade114-6b49-46d6-a9da-b314b26e0086@siemens.com> (raw)
From: Jan Kiszka <jan.kiszka@siemens.com>
Less noise outputs of kas, reproducible build container and more.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
.gitlab-ci.yml | 2 +-
kas-container | 110 +++++++++++++++++++++++++++++++------------------
2 files changed, 70 insertions(+), 42 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 67e341e1..4dae1d80 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -12,7 +12,7 @@
# SPDX-License-Identifier: MIT
#
-image: ghcr.io/siemens/kas/kas-isar:4.0
+image: ghcr.io/siemens/kas/kas-isar:4.3
variables:
GIT_STRATEGY: clone
diff --git a/kas-container b/kas-container
index 8fa2d16e..85412383 100755
--- a/kas-container
+++ b/kas-container
@@ -29,11 +29,12 @@ set -e
usage()
{
- printf "%b" "Usage: $0 [OPTIONS] { build | shell } [KASOPTIONS] [KASFILE]\n"
- printf "%b" " $0 [OPTIONS] { checkout | dump } [KASOPTIONS] [KASFILE]\n"
- printf "%b" " $0 [OPTIONS] for-all-repos [KASOPTIONS] [KASFILE] COMMAND\n"
- printf "%b" " $0 [OPTIONS] { clean | cleansstate | cleanall}\n"
- printf "%b" " $0 [OPTIONS] menu [KCONFIG]\n"
+ SELF="${KAS_CONTAINER_SELF_NAME}"
+ printf "%b" "Usage: ${SELF} [OPTIONS] { build | shell } [KASOPTIONS] [KASFILE]\n"
+ printf "%b" " ${SELF} [OPTIONS] { checkout | dump } [KASOPTIONS] [KASFILE]\n"
+ printf "%b" " ${SELF} [OPTIONS] for-all-repos [KASOPTIONS] [KASFILE] COMMAND\n"
+ printf "%b" " ${SELF} [OPTIONS] { clean | cleansstate | cleanall} [KASFILE]\n"
+ printf "%b" " ${SELF} [OPTIONS] menu [KCONFIG]\n"
printf "%b" "\nPositional arguments:\n"
printf "%b" "build\t\t\tCheck out repositories and build target.\n"
printf "%b" "checkout\t\tCheck out repositories but do not build.\n"
@@ -80,6 +81,15 @@ usage()
exit 1
}
+fatal_error(){
+ echo "${KAS_CONTAINER_SELF_NAME}: Error: $*" >&2
+ exit 1
+}
+
+warning(){
+ echo "${KAS_CONTAINER_SELF_NAME}: Warning: $*" >&2
+}
+
trace()
{
[ -n "${KAS_VERBOSE}" ] && echo "+ $*" >&2
@@ -113,7 +123,6 @@ enable_oe_mode() {
run_clean() {
if [ -n "${KAS_ISAR_ARGS}" ]; then
- set_container_image_var
# SC2086: Double quote to prevent globbing and word splitting.
# shellcheck disable=2086
trace ${KAS_CONTAINER_COMMAND} run -v "${KAS_BUILD_DIR}":/build:rw \
@@ -135,9 +144,10 @@ run_clean() {
fi
}
-KAS_IMAGE_VERSION_DEFAULT="4.0"
+KAS_IMAGE_VERSION_DEFAULT="4.3"
KAS_CONTAINER_IMAGE_PATH_DEFAULT="ghcr.io/siemens/kas"
KAS_CONTAINER_IMAGE_NAME_DEFAULT="kas"
+KAS_CONTAINER_SELF_NAME="$(basename "$0")"
set_container_image_var() {
KAS_IMAGE_VERSION="${KAS_IMAGE_VERSION:-${KAS_IMAGE_VERSION_DEFAULT}}"
@@ -168,14 +178,12 @@ if [ -z "${KAS_CONTAINER_ENGINE}" ]; then
;;
*)
# The docker command is an unknown engine
- echo "$0: docker command found, but unknown engine detected" >&2
- exit 1
+ fatal_error "docker command found, but unknown engine detected"
esac
elif command -v podman >/dev/null; then
KAS_CONTAINER_ENGINE=podman
else
- echo "$0: no container engine found, need docker or podman" >&2
- exit 1
+ fatal_error "no container engine found, need docker or podman"
fi
fi
@@ -190,8 +198,7 @@ podman)
KAS_RUNTIME_ARGS="${KAS_RUNTIME_ARGS} --security-opt label=disable"
;;
*)
- echo "$0: unknown container engine '${KAS_CONTAINER_ENGINE}'" >&2
- exit 1
+ fatal_error "unknown container engine '${KAS_CONTAINER_ENGINE}'"
;;
esac
@@ -205,8 +212,7 @@ while [ $# -gt 0 ]; do
--with-loop-dev)
if ! KAS_LOOP_DEV=$(/sbin/losetup -f 2>/dev/null); then
if [ "$(id -u)" -eq 0 ]; then
- echo "Error: loop device not available!"
- exit 1
+ fatal_error "loop device not available!"
fi
sudo_command="/sbin/losetup -f"
sudo_message="[sudo] enter password to setup loop"
@@ -216,10 +222,9 @@ while [ $# -gt 0 ]; do
# shellcheck disable=2086
if ! KAS_LOOP_DEV=$(sudo -p "$sudo_message" $sudo_command \
2>/dev/null); then
- echo "Error: loop device setup unsuccessful!"
- echo "try calling '$sudo_command' with root" \
- "permissions manually."
- exit 1
+ fatal_error "loop device setup unsuccessful!" \
+ "try calling '$sudo_command' with root" \
+ "permissions manually."
fi
fi
KAS_WITH_LOOP_DEV="--device ${KAS_LOOP_DEV}"
@@ -236,6 +241,9 @@ while [ $# -gt 0 ]; do
shift 2
;;
--ssh-agent)
+ if [ -z "${SSH_AUTH_SOCK}" ]; then
+ fatal_error "no SSH agent running"
+ fi
KAS_SSH_AUTH_SOCK=$(readlink -fv "$SSH_AUTH_SOCK")
shift 1
;;
@@ -274,16 +282,16 @@ while [ $# -gt 0 ]; do
shift 2
;;
--version)
- echo "$(basename "$0") $KAS_IMAGE_VERSION_DEFAULT"
+ echo "${KAS_CONTAINER_SELF_NAME} $KAS_IMAGE_VERSION_DEFAULT"
exit 0
;;
--*)
usage
;;
clean|cleansstate|cleanall)
- [ $# -eq 1 ] || usage
- run_clean "$1"
- exit 0
+ KAS_CMD=$1
+ shift 1
+ break
;;
shell)
KAS_REPO_MOUNT_OPT_DEFAULT="rw"
@@ -329,8 +337,7 @@ while [ $# -gt 0 ] && [ $KAS_EXTRA_BITBAKE_ARGS -eq 0 ]; do
shift 2
;;
-E|--preserve-env)
- echo "$1 is not supported with kas-container"
- exit 1
+ fatal_error "$1 is not supported with ${KAS_CONTAINER_SELF_NAME}"
;;
--)
KAS_EXTRA_BITBAKE_ARGS=$#
@@ -345,8 +352,7 @@ while [ $# -gt 0 ] && [ $KAS_EXTRA_BITBAKE_ARGS -eq 0 ]; do
# shellcheck disable=2086
for FILE in $(IFS=':'; echo $1); do
if ! KAS_REAL_FILE="$(realpath -qe "$FILE")"; then
- echo "Error: configuration file '${FILE}' not found"
- exit 1
+ fatal_error "configuration file '${FILE}' not found"
fi
if [ -z "${KAS_FILES}" ]; then
KAS_FIRST_FILE="${KAS_REAL_FILE}"
@@ -416,15 +422,21 @@ fi
set_container_image_var
+# short circuit for clean* commands. We just need
+# the build-system information, but no repo mounts, etc...
+if echo "${KAS_CMD}" | grep -qe "^clean"; then
+ run_clean "${KAS_CMD}"
+ exit 0
+fi
+
KAS_REPO_MOUNT_OPT="${KAS_REPO_MOUNT_OPT:-${KAS_REPO_MOUNT_OPT_DEFAULT}}"
KAS_FILES="$(echo "${KAS_FILES}" | sed 's|'"${KAS_REPO_DIR}"'/|/repo/|g')"
if [ "$(id -u)" -eq 0 ] && [ "${KAS_ALLOW_ROOT}" != "yes" ] ; then
- echo "Error: Running as root - may break certain recipes."
- echo "Better give a regular user docker access. Set" \
- "KAS_ALLOW_ROOT=yes to override."
- exit 1
+ fatal_error "Running as root - may break certain recipes." \
+ "Better give a regular user docker access. Set" \
+ "KAS_ALLOW_ROOT=yes to override."
fi
set -- "$@" -v "${KAS_REPO_DIR}":/repo:${KAS_REPO_MOUNT_OPT} \
@@ -436,16 +448,14 @@ set -- "$@" -v "${KAS_REPO_DIR}":/repo:${KAS_REPO_MOUNT_OPT} \
if [ -n "${KAS_SSH_DIR}" ] ; then
if [ ! -d "${KAS_SSH_DIR}" ]; then
- echo "Passed KAS_SSH_DIR '${KAS_SSH_DIR}' is not a directory"
- exit 1
+ fatal_error "passed KAS_SSH_DIR '${KAS_SSH_DIR}' is not a directory"
fi
set -- "$@" -v "$(readlink -fv "${KAS_SSH_DIR}")":/var/kas/userdata/.ssh:ro
fi
if [ -n "${KAS_SSH_AUTH_SOCK}" ]; then
if [ ! -S "${KAS_SSH_AUTH_SOCK}" ]; then
- echo "Passed SSH_AUTH_SOCK '${KAS_SSH_AUTH_SOCK}' is not a socket"
- exit 1
+ fatal_error "passed SSH_AUTH_SOCK '${KAS_SSH_AUTH_SOCK}' is not a socket"
fi
set -- "$@" -v "${KAS_SSH_AUTH_SOCK}":/ssh-agent/ssh-auth-sock \
-e SSH_AUTH_SOCK=/ssh-agent/ssh-auth-sock
@@ -453,20 +463,27 @@ fi
if [ -n "${KAS_AWS_DIR}" ] ; then
if [ ! -d "${KAS_AWS_DIR}" ]; then
- echo "Passed KAS_AWS_DIR '${KAS_AWS_DIR}' is not a directory"
- exit 1
+ fatal_error "passed KAS_AWS_DIR '${KAS_AWS_DIR}' is not a directory"
fi
set -- "$@" -v "$(readlink -fv "${KAS_AWS_DIR}")":/var/kas/userdata/.aws:ro \
-e AWS_CONFIG_FILE="${AWS_CONFIG_FILE:-/var/kas/userdata/.aws/config}" \
-e AWS_SHARED_CREDENTIALS_FILE="${AWS_SHARED_CREDENTIALS_FILE:-/var/kas/userdata/.aws/credentials}"
fi
+if [ -n "${AWS_WEB_IDENTITY_TOKEN_FILE}" ] ; then
+ if [ ! -f "${AWS_WEB_IDENTITY_TOKEN_FILE}" ]; then
+ echo "Passed AWS_WEB_IDENTITY_TOKEN_FILE '${AWS_WEB_IDENTITY_TOKEN_FILE}' is not a directory"
+ exit 1
+ fi
+ set -- "$@" -v "$(readlink -fv "${AWS_WEB_IDENTITY_TOKEN_FILE}")":/var/kas/userdata/.aws/web_identity_token:ro \
+ -e AWS_WEB_IDENTITY_TOKEN_FILE="${AWS_CONFIG_FILE:-/var/kas/userdata/.aws/web_identity_token}" \
+ -e AWS_ROLE_ARN="${AWS_ROLE_ARN}"
+fi
KAS_GIT_CREDENTIAL_HELPER_DEFAULT=""
if [ -n "${KAS_GIT_CREDENTIAL_STORE}" ] ; then
if [ ! -f "${KAS_GIT_CREDENTIAL_STORE}" ]; then
- echo "Passed KAS_GIT_CREDENTIAL_STORE '${KAS_GIT_CREDENTIAL_STORE}' is not a file"
- exit 1
+ fatal_error "passed KAS_GIT_CREDENTIAL_STORE '${KAS_GIT_CREDENTIAL_STORE}' is not a file"
fi
KAS_GIT_CREDENTIAL_HELPER_DEFAULT="store --file=/var/kas/userdata/.git-credentials"
set -- "$@" -v "$(readlink -fv "${KAS_GIT_CREDENTIAL_STORE}")":/var/kas/userdata/.git-credentials:ro
@@ -483,6 +500,11 @@ if [ -f "${NETRC_FILE}" ]; then
-e NETRC_FILE="/var/kas/userdata/.netrc"
fi
+if [ -f "${GITCONFIG_FILE}" ]; then
+ set -- "$@" -v "$(readlink -fv "${GITCONFIG_FILE}")":/var/kas/userdata/.gitconfig:ro \
+ -e GITCONFIG_FILE="/var/kas/userdata/.gitconfig"
+fi
+
if [ -t 1 ]; then
set -- "$@" -t -i
fi
@@ -500,11 +522,17 @@ if [ -n "${SSTATE_DIR}" ]; then
-v "$(readlink -fv "${SSTATE_DIR}")":/sstate:rw \
-e SSTATE_DIR=/sstate
fi
+if [ -n "${SSTATE_MIRRORS}" ]; then
+ if echo "${SSTATE_MIRRORS}" | grep -q "file:///"; then
+ warning "SSTATE_MIRRORS contains a local path." \
+ "Make sure to make this path available inside the container."
+ fi
+ set -- "$@" -e "SSTATE_MIRRORS=${SSTATE_MIRRORS}"
+fi
if [ -n "${KAS_REPO_REF_DIR}" ]; then
if [ ! -d "${KAS_REPO_REF_DIR}" ]; then
- echo "Passed KAS_REPO_REF_DIR '${KAS_REPO_REF_DIR}' is not a directory"
- exit 1
+ fatal_error "Passed KAS_REPO_REF_DIR '${KAS_REPO_REF_DIR}' is not a directory"
fi
set -- "$@" \
-v "$(readlink -fv "${KAS_REPO_REF_DIR}")":/repo-ref:rw \
--
2.35.3
reply other threads:[~2024-03-12 10:00 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a2ade114-6b49-46d6-a9da-b314b26e0086@siemens.com \
--to=jan.kiszka@siemens.com \
--cc=cip-dev@lists.cip-project.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.