initial commit

README.md

@@ -0,0 +1,49 @@
+# rkt-builder
+
+This repository holds scripts and releases for the rkt-in-rkt builder ACI.
+
+## Usage
+
+### Building a new rkt-in-rkt builder ACI
+
+To build the builder ACI image, first update the version variable `IMG_VERSION` in `acbuild.sh`, and execute:
+
+    $ sudo ./acbuild.sh
+
+The rkt project key must be used to sign the generated image. `$RKTSUBKEYID` is the key ID of the rkt Yubikey. Connect the key and run `gpg2 --card-status` to get the ID.
+
+The public key for GPG signing can be found at [CoreOS Application Signing Key](https://coreos.com/security/app-signing-key) and is assumed as trusted.
+
+    $ gpg2 -u $RKTSUBKEYID'!' --armor --output rkt-builder.aci.asc --detach-sign rkt-builder.aci
+
+Commit any changes to `acbuild.sh`, and push them.
+
+Add a signed tag:
+
+    $ GIT_COMMITTER_NAME="CoreOS Application Signing Key" GIT_COMMITTER_EMAIL="security@coreos.com" git tag -u $RKTSUBKEYID'!' -s v1.0.0 -m "rkt-builder v1.0.0"`
+
+Push the tag to GitHub:
+
+    $ git push --tags
+
+### Building rkt-in-rkt
+
+    $ git clone github.com/coreos/rkt
+    $ cd rkt
+    $ sudo rkt run \
+        --volume src-dir,kind=host,source="$(pwd)" \
+        --volume build-dir,kind=host,source="$(pwd)/release-build" \
+        --interactive \
+        coreos.com/rkt/builder:v1.0.0
+
+## Overview
+
+This repository consists of two scripts:
+
+- `acbuild.sh`: This script builds the rkt-in-rkt builder ACI.
+- `build.sh`: This script is added to the rkt-in-rkt builder ACI as `/scripts/build.sh`, and is defined as the entrypoint.
+
+The built rkt-in-rkt ACI declares the following volumes:
+
+- `src-dir`: Points to the directory holding the rkt source code.
+- `build-dir`: Points to the output directory where the build artifacts are being placed.

acbuild.sh

@@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+set -ex
+
+if [[ $EUID -ne 0 ]]; then
+   echo "This script must be run as root" 1>&2
+   exit 1
+fi
+
+IMG_NAME="coreos.com/rkt/builder"
+VERSION="1.0.0"
+ARCH=amd64
+OS=linux
+
+FLAGS=${FLAGS:-""}
+ACI_FILE=rkt-builder-"${VERSION}"-"${OS}"-"${ARCH}".aci
+BUILDDIR=/opt/build-rkt
+SRC_DIR=/opt/rkt
+ACI_GOPATH=/go
+
+DEBIAN_SID_DEPS="ca-certificates gcc libc6-dev make automake wget git golang-go cpio squashfs-tools realpath autoconf file xz-utils patch bc locales libacl1-dev libssl-dev libsystemd-dev gnupg"
+
+function acbuildend() {
+    export EXIT=$?;
+    acbuild --debug end && rm -rf rootfs && exit $EXIT;
+}
+
+echo "Generating debian sid tree"
+
+mkdir rootfs
+debootstrap --force-check-gpg --variant=minbase --components=main --include="${DEBIAN_SID_DEPS}" sid rootfs http://httpredir.debian.org/debian/
+rm -rf rootfs/var/cache/apt/archives/*
+
+echo "Version: v${VERSION}"
+echo "Building ${ACI_FILE}"
+
+acbuild begin ./rootfs
+trap acbuildend EXIT
+
+acbuild $FLAGS set-name $IMG_NAME
+acbuild $FLAGS label add version v$VERSION
+acbuild $FLAGS set-user 0
+acbuild $FLAGS set-group 0
+acbuild $FLAGS environment add OS_VERSION sid
+acbuild $FLAGS environment add GOPATH $ACI_GOPATH
+acbuild $FLAGS environment add BUILDDIR $BUILDDIR
+acbuild $FLAGS environment add SRC_DIR $SRC_DIR
+acbuild $FLAGS mount add build-dir $BUILDDIR
+acbuild $FLAGS mount add src-dir $SRC_DIR
+acbuild $FLAGS set-working-dir $SRC_DIR
+acbuild $FLAGS copy-to-dir build.sh /scripts
+acbuild $FLAGS run /bin/mkdir -- -p $ACI_GOPATH
+acbuild $FLAGS run /bin/sh -- -c "GOPATH=${ACI_GOPATH} go get github.com/appc/spec/actool"
+acbuild $FLAGS set-exec /bin/bash /scripts/build.sh
+acbuild write --overwrite $ACI_FILE

build.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+set -e
+
+./autogen.sh
+./configure \
+	--enable-tpm=no \
+	--with-stage1-default-images-directory=/usr/lib/rkt/stage1-images \
+	--with-stage1-default-location=/usr/lib/rkt/stage1-images/stage1-coreos.aci
+make manpages
+make bash-completion
+make -j4