release: add optional OCI images
Some checks are pending
Cross-build Kernel / ${{ matrix.target_arch }} ${{ matrix.os }} (${{ matrix.compiler }}) (clang-14, /usr/lib/llvm-14/bin, ubuntu-22.04, bmake libarchive-dev clang-14 lld-14, amd64, amd64) (push) Waiting to run
Cross-build Kernel / ${{ matrix.target_arch }} ${{ matrix.os }} (${{ matrix.compiler }}) (clang-14, /usr/lib/llvm-14/bin, ubuntu-22.04, bmake libarchive-dev clang-14 lld-14, arm64, aarch64) (push) Waiting to run
Cross-build Kernel / ${{ matrix.target_arch }} ${{ matrix.os }} (${{ matrix.compiler }}) (clang-18, /opt/homebrew/opt/llvm@18/bin, macos-latest, bmake libarchive llvm@18, amd64, amd64) (push) Waiting to run
Cross-build Kernel / ${{ matrix.target_arch }} ${{ matrix.os }} (${{ matrix.compiler }}) (clang-18, /opt/homebrew/opt/llvm@18/bin, macos-latest, bmake libarchive llvm@18, arm64, aarch64) (push) Waiting to run
Cross-build Kernel / ${{ matrix.target_arch }} ${{ matrix.os }} (${{ matrix.compiler }}) (clang-18, /usr/lib/llvm-18/bin, ubuntu-24.04, bmake libarchive-dev clang-18 lld-18, amd64, amd64) (push) Waiting to run
Cross-build Kernel / ${{ matrix.target_arch }} ${{ matrix.os }} (${{ matrix.compiler }}) (clang-18, /usr/lib/llvm-18/bin, ubuntu-24.04, bmake libarchive-dev clang-18 lld-18, arm64, aarch64) (push) Waiting to run

This adds three OCI archive format files to the release containing
FreeBSD base images suitable for static linked, dynamic linked and shell
workloads. The shell image also contains pkg-bootstrap and can be easily
extended by installing packages (including pkgbase packages).

Reviewed by: dch, cpersiva, jlduran, zlei
Differential Revision: https://reviews.freebsd.org/D46759
MFC after: 2 days
This commit is contained in:
Doug Rabson 2024-08-14 16:39:24 +01:00
parent f11b6ce4a3
commit d03c82c28d
12 changed files with 279 additions and 6 deletions

View File

@ -7,14 +7,16 @@
# memstick: Builds memory stick image (memstick.img) # memstick: Builds memory stick image (memstick.img)
# mini-memstick: Builds minimal memory stick image (mini-memstick.img) # mini-memstick: Builds minimal memory stick image (mini-memstick.img)
# ftp: Sets up FTP distribution area (ftp) # ftp: Sets up FTP distribution area (ftp)
# release: Invokes real-release, vm-release, and cloudware-release targets # release: Invokes real-release, vm-release, cloudware-release and oci-release targets
# real-release: Build all media and FTP distribution area # real-release: Build all media and FTP distribution area
# vm-release: Build all virtual machine image targets # vm-release: Build all virtual machine image targets
# cloudware-release: Build all cloud hosting provider targets # cloudware-release: Build all cloud hosting provider targets
# install: Invokes the release-install and vm-install targets # oci-release: Build all OCI container images
# install: Invokes the release-install, vm-install and oci-install targets
# release-install: Copies all release installation media into ${DESTDIR} # release-install: Copies all release installation media into ${DESTDIR}
# vm-install: Copies all virtual machine images into ${DESTDIR} # vm-install: Copies all virtual machine images into ${DESTDIR}
# cloud-install: Copies non-uploaded cloud images into ${DESTDIR} # cloud-install: Copies non-uploaded cloud images into ${DESTDIR}
# oci-install: Copies all OCI container images into ${DESTDIR}
# #
# Variables affecting the build process: # Variables affecting the build process:
# WORLDDIR: location of src tree -- must have built world and default kernel # WORLDDIR: location of src tree -- must have built world and default kernel
@ -316,7 +318,7 @@ ftp: packagesystem
mkdir -p ftp mkdir -p ftp
cp *.txz MANIFEST ftp cp *.txz MANIFEST ftp
release: real-release vm-release cloudware-release release: real-release vm-release cloudware-release oci-release
${MAKE} -C ${.CURDIR} ${.MAKEFLAGS} release-done ${MAKE} -C ${.CURDIR} ${.MAKEFLAGS} release-done
true true
@ -327,7 +329,7 @@ real-release:
${MAKE} -C ${.CURDIR} ${.MAKEFLAGS} obj ${MAKE} -C ${.CURDIR} ${.MAKEFLAGS} obj
${MAKE} -C ${.CURDIR} ${.MAKEFLAGS} ${RELEASE_TARGETS} ${MAKE} -C ${.CURDIR} ${.MAKEFLAGS} ${RELEASE_TARGETS}
install: release-install vm-install .WAIT cloud-install install: release-install vm-install oci-install .WAIT cloud-install
release-install: release-install:
.if defined(DESTDIR) && !empty(DESTDIR) .if defined(DESTDIR) && !empty(DESTDIR)
@ -347,3 +349,4 @@ release-install:
.include "${.CURDIR}/Makefile.inc1" .include "${.CURDIR}/Makefile.inc1"
.include "${.CURDIR}/Makefile.vm" .include "${.CURDIR}/Makefile.vm"
.include "${.CURDIR}/Makefile.oci"

34
release/Makefile.oci Normal file
View File

@ -0,0 +1,34 @@
#
#
#
# Makefile for building OCI container images.
#
.if defined(WITH_OCIIMAGES) && !empty(WITH_OCIIMAGES)
OCI_IMAGES= static dynamic minimal
.endif
oci-install:
.if defined(WITH_OCIIMAGES) && !empty(WITH_OCIIMAGES)
mkdir -p ${DESTDIR}/ociimages
. for _IMG in ${OCI_IMAGES}
cp -p ${.OBJDIR}/container-image-${_IMG}.txz ${DESTDIR}/ociimages
. endfor
.endif
OCI_TARGETS=
OCI_DEPS_static=
OCI_DEPS_dynamic= container-image-static.txz
OCI_DEPS_minimal= container-image-dynamic.txz
.for _IMG in ${OCI_IMAGES}
OCI_TARGETS+= container-image-${_IMG}.txz
container-image-${_IMG}.txz: ${OCI_DEPS_${_IMG}}
sh ${.CURDIR}/scripts/make-oci-image.sh ${.CURDIR} ${REVISION} ${BRANCH} ${TARGET_ARCH} ${_IMG}
skopeo copy \
containers-storage:localhost/freebsd${REVISION:R}-${_IMG}:latest \
oci-archive:${.OBJDIR}/container-image-${_IMG}.tar:freebsd${REVISION:R}-${_IMG}:${REVISION}-${BRANCH}-${TARGET_ARCH}
${XZ_CMD} < ${.OBJDIR}/container-image-${_IMG}.tar > ${.OBJDIR}/container-image-${_IMG}.txz
.endfor
oci-release: ${OCI_TARGETS}

View File

@ -114,3 +114,7 @@ PORTBRANCH="main"
## If WITH_CLOUDWARE is set to a non-empty value, this is a list of providers ## If WITH_CLOUDWARE is set to a non-empty value, this is a list of providers
## to create disk images. ## to create disk images.
#CLOUDWARE="EC2 GCE ORACLE VAGRANT-VIRTUALBOX VAGRANT-VMWARE" #CLOUDWARE="EC2 GCE ORACLE VAGRANT-VIRTUALBOX VAGRANT-VMWARE"
## If WITH_OCIIMAGES is set to a non-empty value, build Open Container
## Initiative (OCI) base images as part of the release.
#WITH_OCIIMAGES=

View File

@ -120,6 +120,9 @@ env_setup() {
# cloud providers as part of the release. # cloud providers as part of the release.
WITH_CLOUDWARE= WITH_CLOUDWARE=
# Set to non-empty to build OCI images as part of the release
WITH_OCIIMAGES=
return 0 return 0
} # env_setup() } # env_setup()
@ -195,7 +198,8 @@ env_check() {
RELEASE_RMAKEFLAGS="${ARCH_FLAGS} ${RELEASE_FLAGS} \ RELEASE_RMAKEFLAGS="${ARCH_FLAGS} ${RELEASE_FLAGS} \
KERNCONF=\"${KERNEL}\" ${CONF_FILES} ${SRCPORTS} \ KERNCONF=\"${KERNEL}\" ${CONF_FILES} ${SRCPORTS} \
WITH_DVD=${WITH_DVD} WITH_VMIMAGES=${WITH_VMIMAGES} \ WITH_DVD=${WITH_DVD} WITH_VMIMAGES=${WITH_VMIMAGES} \
WITH_CLOUDWARE=${WITH_CLOUDWARE} XZ_THREADS=${XZ_THREADS}" WITH_CLOUDWARE=${WITH_CLOUDWARE} WITH_OCIIMAGES=${WITH_OCIIMAGES} \
XZ_THREADS=${XZ_THREADS}"
return 0 return 0
} # env_check() } # env_check()
@ -288,6 +292,44 @@ extra_chroot_setup() {
fi fi
fi fi
if [ ! -z "${WITH_OCIIMAGES}" ]; then
# Install buildah and skopeo from ports if the ports tree is available;
# otherwise install the pkg.
if [ -d ${CHROOTDIR}/usr/ports ]; then
# Trick the ports 'run-autotools-fixup' target to do the right
# thing.
_OSVERSION=$(chroot ${CHROOTDIR} /usr/bin/uname -U)
REVISION=$(chroot ${CHROOTDIR} make -C /usr/src/release -V REVISION)
BRANCH=$(chroot ${CHROOTDIR} make -C /usr/src/release -V BRANCH)
UNAME_r=${REVISION}-${BRANCH}
GITUNSETOPTS="CONTRIB CURL CVS GITWEB GUI HTMLDOCS"
GITUNSETOPTS="${GITUNSETOPTS} ICONV NLS P4 PERL"
GITUNSETOPTS="${GITUNSETOPTS} SEND_EMAIL SUBTREE SVN"
GITUNSETOPTS="${GITUNSETOPTS} PCRE PCRE2"
PBUILD_FLAGS="OSVERSION=${_OSVERSION} BATCH=yes"
PBUILD_FLAGS="${PBUILD_FLAGS} UNAME_r=${UNAME_r}"
PBUILD_FLAGS="${PBUILD_FLAGS} OSREL=${REVISION}"
PBUILD_FLAGS="${PBUILD_FLAGS} WRKDIRPREFIX=/tmp/ports"
PBUILD_FLAGS="${PBUILD_FLAGS} DISTDIR=/tmp/distfiles"
for _PORT in sysutils/buildah sysutils/skopeo; do
eval chroot ${CHROOTDIR} env ${PBUILD_FLAGS} make -C \
/usr/ports/${_PORT} \
FORCE_PKG_REGISTER=1 deinstall install clean distclean
done
else
eval chroot ${CHROOTDIR} env ASSUME_ALWAYS_YES=yes \
pkg install -y sysutils/buildah sysutils/skopeo
eval chroot ${CHROOTDIR} env ASSUME_ALWAYS_YES=yes \
pkg clean -y
fi
# Use the vfs storage driver so that this works whether or not
# the build directory is on ZFS. The images are small so the
# performance difference is negligible.
eval chroot ${CHROOTDIR} sed -I .bak -e '/^driver/s/zfs/vfs/' /usr/local/etc/containers/storage.conf
# Remove any stray images from previous builds
eval chroot ${CHROOTDIR} buildah rmi -af
fi
if [ ! -z "${EMBEDDEDPORTS}" ]; then if [ ! -z "${EMBEDDEDPORTS}" ]; then
_OSVERSION=$(chroot ${CHROOTDIR} /usr/bin/uname -U) _OSVERSION=$(chroot ${CHROOTDIR} /usr/bin/uname -U)
REVISION=$(chroot ${CHROOTDIR} make -C /usr/src/release -V REVISION) REVISION=$(chroot ${CHROOTDIR} make -C /usr/src/release -V REVISION)
@ -323,6 +365,9 @@ chroot_build_target() {
fi fi
eval chroot ${CHROOTDIR} make -C /usr/src ${RELEASE_WMAKEFLAGS} buildworld eval chroot ${CHROOTDIR} make -C /usr/src ${RELEASE_WMAKEFLAGS} buildworld
eval chroot ${CHROOTDIR} make -C /usr/src ${RELEASE_KMAKEFLAGS} buildkernel eval chroot ${CHROOTDIR} make -C /usr/src ${RELEASE_KMAKEFLAGS} buildkernel
if [ ! -z "${WITH_OCIIMAGES}" ]; then
eval chroot ${CHROOTDIR} make -C /usr/src ${RELEASE_WMAKEFLAGS} packages
fi
return 0 return 0
} # chroot_build_target } # chroot_build_target

View File

@ -0,0 +1,63 @@
#! /bin/sh
# Build an Open Container Initiative (OCI) container image
curdir=$1; shift
rev=$1; shift
branch=$1; shift
arch=$1; shift
image=$1; shift
major=${rev%.*}
minor=${rev#*.}
abi=FreeBSD:${major}:${arch}
echo "Building OCI freebsd${major}-${image} image for ${abi}"
. ${curdir}/tools/oci-image-${image}.conf
init_workdir() {
local abi=$1; shift
local workdir=$(mktemp -d -t oci-images)
mkdir ${workdir}/repos
cat > ${workdir}/repos/base.conf <<EOF
FreeBSD-base: {
url: "file:///usr/obj/usr/src/repo/${abi}/latest"
signature_type: "none"
fingerprints: "none"
}
EOF
cp /etc/pkg/FreeBSD.conf ${workdir}/repos
echo ${workdir}
}
install_packages() {
local abi=$1; shift
local workdir=$1; shift
local rootdir=$1; shift
if [ ! -d ${rootdir}/usr/share/keys/pkg/trusted ]; then
mkdir -p ${rootdir}/usr/share/keys/pkg/trusted
fi
cp /usr/share/keys/pkg/trusted/* ${rootdir}/usr/share/keys/pkg/trusted
# We install the packages and then remove repository metadata (keeping the
# metadata for what was installed). This trims more than 40Mb from the
# resulting image.
env IGNORE_OSVERSION=yes ABI=${abi} pkg --rootdir ${rootdir} --repo-conf-dir ${workdir}/repos \
install -yq "$@" || exit $?
rm -rf ${rootdir}/var/db/pkg/repos
}
workdir=$(init_workdir ${abi})
if [ -n "${OCI_BASE_IMAGE}" ]; then
base_image=freebsd${major}-${OCI_BASE_IMAGE}
else
base_image=scratch
fi
c=$(buildah from ${base_image})
m=$(buildah mount $c)
oci_image_build
buildah unmount $c
buildah commit --rm $c freebsd${major}-${image}:latest

View File

@ -0,0 +1,11 @@
#! /bin/sh
# Build Open Container Initiative (OCI) container image suitable as a base for
# dynamic-linked workloads. This adds libraries from the FreeBSD-clibs and
# FreeBSD-openssl-lib packages.
OCI_BASE_IMAGE=static
oci_image_build() {
install_packages ${abi} ${workdir} $m FreeBSD-clibs FreeBSD-openssl-lib
}

View File

@ -0,0 +1,19 @@
#! /bin/sh
# Build Open Container Initiative (OCI) container image suitable as a base for
# shell-based workloads. This adds FreeBSD-runtime, FreeBSD-pkg-bootstrap and a
# handful of others packages to create a small image which can be easily
# extended by installing packages.
OCI_BASE_IMAGE=dynamic
oci_image_build() {
install_packages ${abi} ${workdir} $m \
FreeBSD-runtime \
FreeBSD-certctl \
FreeBSD-kerberos-lib \
FreeBSD-libexecinfo \
FreeBSD-rc \
FreeBSD-pkg-bootstrap \
FreeBSD-mtree
}

View File

@ -0,0 +1,42 @@
#! /bin/sh
# Build Open Container Initiative (OCI) container image suitable as a base for
# static-linked workloads. This contains mtree directories, SSL certificates and
# a few other config files.
OCI_BASE_IMAGE=
oci_image_build() {
mtree -deU -p $m/ -f /etc/mtree/BSD.root.dist > /dev/null
mtree -deU -p $m/var -f /etc/mtree/BSD.var.dist > /dev/null
mtree -deU -p $m/usr -f /etc/mtree/BSD.usr.dist > /dev/null
mtree -deU -p $m/usr/include -f /etc/mtree/BSD.include.dist > /dev/null
mtree -deU -p $m/usr/lib -f /etc/mtree/BSD.debug.dist > /dev/null
install_packages ${abi} ${workdir} $m FreeBSD-caroot FreeBSD-zoneinfo
cp /etc/master.passwd $m/etc
pwd_mkdb -p -d $m/etc $m/etc/master.passwd || return $?
cp /etc/group $m/etc || return $?
cp /etc/termcap.small $m/etc/termcap.small || return $?
cp /etc/termcap.small $m/usr/share/misc/termcap || return $?
env DESTDIR=$m /usr/sbin/certctl rehash
# Generate a suitable repo config for pkgbase
case ${branch} in
CURRENT|STABLE|BETA*)
repo=base_latest
;;
*)
repo=base_release_${minor}
;;
esac
mkdir -p $m/usr/local/etc/pkg/repos
cat > $m/usr/local/etc/pkg/repos/base.conf <<EOF
FreeBSD-base: {
url: "https://pkg.FreeBSD.org/\${ABI}/${repo}",
mirror_type: "srv",
signature_type: "fingerprints",
fingerprints: "/usr/share/keys/pkg",
enabled: yes
}
EOF
}

View File

@ -21,6 +21,7 @@ LDIRS= BSD_daemon \
libvgl \ libvgl \
mdoc \ mdoc \
netgraph \ netgraph \
oci \
perfmon \ perfmon \
ppi \ ppi \
ppp \ ppp \
@ -199,6 +200,11 @@ SE_NETGRAPH= \
virtual.chain \ virtual.chain \
virtual.lan \ virtual.lan \
SE_DIRS+= oci
SE_OCI= \
README \
Containerfile.pkg
SE_DIRS+= perfmon SE_DIRS+= perfmon
SE_PERFMON= \ SE_PERFMON= \
Makefile \ Makefile \

View File

@ -0,0 +1,27 @@
# This is an example showing how to extend the freebsd-minimal OCI image by
# installing additional packages while keeping the resulting image as small as
# possible.
# The OS version matching the desired freebsd-minimal image
ARG version=15.0-CURRENT-amd64
# Select freebsd-minimal as our starting point.
FROM localhost/freebsd-minimal:${version}
# A list of package(s) to install
ARG packages
# Install package management tools. We specify 'FreeBSD' as the repository to
# use for downloading pkg since the freebsd-minimal image has both FreeBSD and
# FreeBSD-base pkg repo configs installed and FreeBSD-base does not contain the
# pkg package.
RUN env ASSUME_ALWAYS_YES=yes pkg bootstrap -r FreeBSD && pkg update
# Install some package(s).
RUN pkg install -y ${packages}
# Clean up and remove package management overhead. We delete downloaded
# packages, uninstall pkg and delete the repository metadata downloaded by 'pkg
# install'. This retains the record of which packages are installed in the
# image.
RUN pkg clean -ay && pkg delete -fy pkg && rm -rf /var/db/pkg/repos

View File

@ -0,0 +1,7 @@
This example Containerfile shows how to add packages to freebsd-minimal while
minimising the package metadata overhead.
For instance, To build a new image called 'my-new-image:latest' containing the
nginx package:
# podman build --squash --build-arg packages=nginx --tag my-new-image:latest -f Containerfile.pkg

View File

@ -22,7 +22,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE. .\" SUCH DAMAGE.
.\" .\"
.Dd August 6, 2023 .Dd September 26, 2024
.Dt RELEASE 7 .Dt RELEASE 7
.Os .Os
.Sh NAME .Sh NAME
@ -443,6 +443,18 @@ values, run:
cd /usr/src cd /usr/src
make -C release list-cloudware make -C release list-cloudware
.Ed .Ed
.Sh OCI IMAGES
The
.Fx
release build tools have experimental support for building
Open Container Initiative (OCI) format container base images.
This is enabled using a
.Fa release.conf
variable:
.Bl -tag -width Ev
.It Va WITH_OCIIMAGES
Set to a non-null value to build OCI base images.
.El
.Sh MAKEFILE TARGETS .Sh MAKEFILE TARGETS
The release makefile The release makefile
.Pq Pa src/release/Makefile .Pq Pa src/release/Makefile