#!/bin/sh # # kas - setup tool for bitbake based projects # # Copyright (c) Siemens AG, 2018-2021 # # Authors: # Jan Kiszka <jan.kiszka@siemens.com> # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to deal # in the Software without restriction, including without limitation the rights # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell # copies of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be # included in all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE # SOFTWARE. set -e usage() { printf "%b" "Usage: $0 [OPTIONS] { build | shell } [KASOPTIONS] KASFILE\n" printf "%b" " $0 [OPTIONS] clean\n" printf "%b" "\nPositional arguments:\n" printf "%b" "build\t\t\tCheck out repositories and build target.\n" printf "%b" "shell\t\t\tRun a shell in the build environment.\n" printf "%b" "clean\t\t\tClean build artifacts, keep downloads.\n" printf "%b" "\nOptional arguments:\n" printf "%b" "--isar\t\t\tUse kas-isar container to build Isar image.\n" printf "%b" "--with-loop-dev Pass a loop device to the " \ "container. Only required if\n" printf "%b" "\t\t\tloop-mounting is used by recipes.\n" printf "%b" "--runtime-args\t\tAdditional arguments to pass to the " \ "container runtime\n" printf "%b" "\t\t\tfor running the build.\n" printf "%b" "--docker-args\t\tSame as --runtime-args (deprecated).\n" printf "%b" "-d\t\t\tPrint debug output.\n" printf "%b" "-v\t\t\tSame as -d (deprecated).\n" printf "%b" "--version\t\tprint program version.\n" printf "%b" "--ssh-dir\t\tDirectory containing SSH configurations.\n" printf "%b" "\t\t\tAvoid \$HOME/.ssh unless you fully trust the " \ "container.\n" printf "%b" "--aws-dir\t\tDirectory containing AWScli configuration.\n" printf "%b" "--git-credential-store\tFile path to the git credential " \ "store\n" printf "%b" "--no-proxy-from-env\tDo not inherit proxy settings from " \ "environment.\n" printf "%b" "--repo-ro\t\tMount current repository read-only\n" \ "\t\t\t(default for build command)\n" printf "%b" "--repo-rw\t\tMount current repository writeable\n" \ "\t\t\t(default for shell command)\n" printf "%b" "\n" printf "%b" "You can force the use of podman over docker using " \ "KAS_CONTAINER_ENGINE=podman.\n" exit 1 } trace() { [ -n "${KAS_VERBOSE}" ] && echo "+ $*" "$@" } enable_isar_mode() { KAS_CONTAINER_IMAGE_NAME_DEFAULT="kas-isar" KAS_ISAR_ARGS="--privileged" if [ "${KAS_CONTAINER_ENGINE}" = "podman" ]; then # sudo is needed for a privileged podman container KAS_CONTAINER_COMMAND="sudo ${KAS_CONTAINER_COMMAND}" KAS_ISAR_ARGS="${KAS_ISAR_ARGS} --pid=host" fi } KAS_IMAGE_VERSION_DEFAULT="2.4" KAS_CONTAINER_IMAGE_PATH_DEFAULT="ghcr.io/siemens/kas" KAS_CONTAINER_IMAGE_NAME_DEFAULT="kas" set_container_image_var() { KAS_IMAGE_VERSION="${KAS_IMAGE_VERSION:-${KAS_IMAGE_VERSION_DEFAULT}}" KAS_CONTAINER_IMAGE_NAME="${KAS_CONTAINER_IMAGE_NAME:-${KAS_CONTAINER_IMAGE_NAME_DEFAULT}}" KAS_CONTAINER_IMAGE_PATH="${KAS_CONTAINER_IMAGE_PATH:-${KAS_CONTAINER_IMAGE_PATH_DEFAULT}}" KAS_CONTAINER_IMAGE_DEFAULT="${KAS_CONTAINER_IMAGE_PATH}/${KAS_CONTAINER_IMAGE_NAME}:${KAS_IMAGE_VERSION}" KAS_CONTAINER_IMAGE="${KAS_CONTAINER_IMAGE:-${KAS_CONTAINER_IMAGE_DEFAULT}}" } KAS_WORK_DIR=$(readlink -f "${KAS_WORK_DIR:-$(pwd)}") KAS_BUILD_DIR=$(readlink -f "${KAS_BUILD_DIR:-${KAS_WORK_DIR}/build}") KAS_CONTAINER_ENGINE="${KAS_CONTAINER_ENGINE:-${KAS_DOCKER_ENGINE}}" if [ -z "${KAS_CONTAINER_ENGINE}" ]; then # Try to auto-detect a container engine if command -v docker >/dev/null; then KAS_CONTAINER_ENGINE=docker elif command -v podman >/dev/null; then KAS_CONTAINER_ENGINE=podman else echo "$0: no container engine found, need docker or podman" >&2 exit 1 fi fi case "${KAS_CONTAINER_ENGINE}" in docker) KAS_CONTAINER_COMMAND="docker" ;; podman) KAS_CONTAINER_COMMAND="podman" KAS_RUNTIME_ARGS="--userns=keep-id --security-opt label=disable" ;; *) echo "$0: unknown container engine '${KAS_CONTAINER_ENGINE}'" >&2 exit 1 ;; esac # parse kas-container options while [ $# -gt 0 ]; do case "$1" in --isar) enable_isar_mode shift 1 ;; --with-loop-dev) if ! KAS_LOOP_DEV=$(/sbin/losetup -f 2>/dev/null); then if [ "$(id -u)" -eq 0 ]; then echo "Error: loop device not available!" exit 1 fi sudo_command="/sbin/losetup -f" sudo_message="[sudo] enter password to setup loop" sudo_message="$sudo_message devices by calling" sudo_message="$sudo_message '$sudo_command': " # SC2086: Double quote to prevent globbing and word splitting. # shellcheck disable=2086 if ! KAS_LOOP_DEV=$(sudo -p "$sudo_message" $sudo_command \ 2>/dev/null); then echo "Error: loop device setup unsuccessful!" echo "try calling '$sudo_command' with root" \ "permissions manually." exit 1 fi fi KAS_WITH_LOOP_DEV="--device ${KAS_LOOP_DEV}" shift 1 ;; --runtime-args|--docker-args) [ $# -gt 0 ] || usage KAS_RUNTIME_ARGS="${KAS_RUNTIME_ARGS} $2" shift 2 ;; --ssh-dir) [ $# -gt 2 ] || usage KAS_SSH_DIR="$2" shift 2 ;; --aws-dir) [ $# -gt 2 ] || usage KAS_AWS_DIR="$2" shift 2 ;; --git-credential-store) [ $# -gt 2 ] || usage KAS_GIT_CREDENTIAL_STORE="$2" shift 2 ;; --no-proxy-from-env) KAS_NO_PROXY_FROM_ENV=1 shift 1 ;; --repo-ro) KAS_REPO_MOUNT_OPT="ro" shift 1 ;; --repo-rw) KAS_REPO_MOUNT_OPT="rw" shift 1 ;; -v | -d) KAS_VERBOSE=1 KAS_OPTIONS_DIRECT="${KAS_OPTIONS_DIRECT} -d" shift 1 ;; --version) echo "$(basename "$0") $KAS_IMAGE_VERSION_DEFAULT" exit 0 ;; --*) usage ;; clean) [ $# -eq 1 ] || usage if [ -n "${KAS_ISAR_ARGS}" ]; then set_container_image_var # SC2086: Double quote to prevent globbing and word splitting. # shellcheck disable=2086 trace ${KAS_CONTAINER_COMMAND} run -v "${KAS_BUILD_DIR}":/build:rw \ --workdir=/build --rm ${KAS_ISAR_ARGS} \ ${KAS_CONTAINER_IMAGE} \ sudo rm -rf tmp else trace rm -rf "${KAS_BUILD_DIR}/tmp" fi exit 0 ;; shell) KAS_REPO_MOUNT_OPT_DEFAULT="rw" KAS_CMD=$1 shift 1 break ;; build) KAS_REPO_MOUNT_OPT_DEFAULT="ro" KAS_CMD=$1 shift 1 break ;; *) usage ;; esac done [ -n "${KAS_CMD}" ] || usage KAS_EXTRA_BITBAKE_ARGS=0 # parse kas sub-command (build or shell) options while [ $# -gt 0 ] && [ $KAS_EXTRA_BITBAKE_ARGS -eq 0 ]; do case "$1" in -h|--help) set_container_image_var # SC2086: Double quote to prevent globbing and word splitting. # shellcheck disable=2086 trace ${KAS_CONTAINER_COMMAND} run ${KAS_CONTAINER_IMAGE} ${KAS_CMD} --help exit 0 ;; --skip|--target|--task) KAS_OPTIONS="${KAS_OPTIONS} $1 $2" shift 2 ;; -c|--cmd|--command) KAS_BITBAKE_C_OPTION_ARGS="$2" shift 2 ;; --) KAS_EXTRA_BITBAKE_ARGS=$# ;; -*) KAS_OPTIONS="${KAS_OPTIONS} $1" shift 1 ;; *) KAS_FILES= # SC2086: Double quote to prevent globbing and word splitting. # shellcheck disable=2086 for FILE in $(IFS=':'; echo $1); do if ! KAS_REAL_FILE="$(realpath -qe "$FILE")"; then echo "Error: configuration file '${FILE}' not found" exit 1 fi if [ -z "${KAS_FILES}" ]; then KAS_FIRST_FILE="${KAS_REAL_FILE}" KAS_FILES="${KAS_REAL_FILE}" else KAS_FILES="${KAS_FILES}:${KAS_REAL_FILE}" fi done shift 1 ;; esac done [ -n "${KAS_FIRST_FILE}" ] || usage BUILD_SYSTEM=$(grep -e "^build_system: " "${KAS_FIRST_FILE}" 2>/dev/null | sed 's/build_system:[ ]\+//') if [ "${BUILD_SYSTEM}" = "isar" ]; then enable_isar_mode fi set_container_image_var KAS_FILE_DIR="$(dirname "${KAS_FIRST_FILE}")" KAS_REPO_DIR=$(git -C "${KAS_FILE_DIR}" rev-parse --show-toplevel 2>/dev/null) \ || KAS_REPO_DIR=$(hg --cwd "${KAS_FILE_DIR}" root 2>/dev/null) \ || KAS_REPO_DIR=${KAS_FILE_DIR} KAS_REPO_MOUNT_OPT="${KAS_REPO_MOUNT_OPT:-${KAS_REPO_MOUNT_OPT_DEFAULT}}" KAS_FILES=/repo/"$(echo "${KAS_FILES}" | sed 's|'"${KAS_REPO_DIR}"'/||g;s|:|:/repo/|g')" trace mkdir -p "${KAS_WORK_DIR}" trace mkdir -p "${KAS_BUILD_DIR}" if [ "$(id -u)" -eq 0 ] && [ "${KAS_ALLOW_ROOT}" != "yes" ] ; then echo "Error: Running as root - may break certain recipes." echo "Better give a regular user docker access. Set" \ "KAS_ALLOW_ROOT=yes to override." exit 1 fi set -- "$@" -v "${KAS_REPO_DIR}":/repo:${KAS_REPO_MOUNT_OPT} \ -v "${KAS_WORK_DIR}":/work:rw --workdir=/work \ -v "${KAS_BUILD_DIR}":/build:rw \ -e KAS_BUILD_DIR=/build \ -e USER_ID="$(id -u)" -e GROUP_ID="$(id -g)" --rm if [ -n "${KAS_SSH_DIR}" ] ; then if [ ! -d "${KAS_SSH_DIR}" ]; then echo "Passed KAS_SSH_DIR '${KAS_SSH_DIR}' is not a directory" exit 1 fi set -- "$@" -v "$(readlink -f "${KAS_SSH_DIR}")":/etc/skel/.ssh:ro fi if [ -n "${KAS_AWS_DIR}" ] ; then if [ ! -d "${KAS_AWS_DIR}" ]; then echo "Passed KAS_AWS_DIR '${KAS_AWS_DIR}' is not a directory" exit 1 fi set -- "$@" -v "$(readlink -f "${KAS_AWS_DIR}")":/etc/skel/.aws:ro \ -e AWS_CONFIG_FILE="${AWS_CONFIG_FILE:-/etc/skel/.aws/config}" \ -e AWS_SHARED_CREDENTIALS_FILE="${AWS_SHARED_CREDENTIALS_FILE:-/etc/skel/.aws/credentials}" fi KAS_GIT_CREDENTIAL_HELPER_DEFAULT="" if [ -n "${KAS_GIT_CREDENTIAL_STORE}" ] ; then if [ ! -f "${KAS_GIT_CREDENTIAL_STORE}" ]; then echo "Passed KAS_GIT_CREDENTIAL_STORE '${KAS_AWS_DIR}' is not a file" exit 1 fi KAS_GIT_CREDENTIAL_HELPER_DEFAULT="store --file=/etc/skel/.git-credentials" set -- "$@" -v "$(readlink -f "${KAS_GIT_CREDENTIAL_STORE}")":/etc/skel/.git-credentials:ro fi GIT_CREDENTIAL_HELPER="${GIT_CREDENTIAL_HELPER:-${KAS_GIT_CREDENTIAL_HELPER_DEFAULT}}" if [ -n "${GIT_CREDENTIAL_HELPER}" ] ; then set -- "$@" -e GIT_CREDENTIAL_HELPER="${GIT_CREDENTIAL_HELPER}" fi if [ -t 1 ]; then set -- "$@" -t -i fi if [ -n "${DL_DIR}" ]; then trace mkdir -p "${DL_DIR}" set -- "$@" \ -v "$(readlink -f "${DL_DIR}")":/downloads:rw \ -e DL_DIR=/downloads fi if [ -n "${SSTATE_DIR}" ]; then trace mkdir -p "${SSTATE_DIR}" set -- "$@" \ -v "$(readlink -f "${SSTATE_DIR}")":/sstate:rw \ -e SSTATE_DIR=/sstate fi if [ -n "${KAS_REPO_REF_DIR}" ]; then set -- "$@" \ -v "$(readlink -f "${KAS_REPO_REF_DIR}")":/repo-ref:ro \ -e KAS_REPO_REF_DIR=/repo-ref fi for var in TERM KAS_DISTRO KAS_MACHINE KAS_TARGET KAS_TASK \ KAS_PREMIRRORS; do if [ -n "$(eval echo \$${var})" ]; then set -- "$@" -e "${var}=$(eval echo \"\$${var}\")" fi done # propagate only supported SHELL settings case "$SHELL" in /bin/sh|/bin/bash|/bin/dash) set -- "$@" -e "SHELL=$SHELL" ;; *) set -- "$@" -e "SHELL=/bin/bash" ;; esac if [ -z "${KAS_NO_PROXY_FROM_ENV+x}" ]; then for var in http_proxy https_proxy ftp_proxy no_proxy NO_PROXY; do if [ -n "$(eval echo \$${var})" ]; then set -- "$@" -e "${var}=$(eval echo \$${var})" fi done fi # SC2086: Double quote to prevent globbing and word splitting. # shellcheck disable=2086 set -- "$@" ${KAS_ISAR_ARGS} ${KAS_WITH_LOOP_DEV} ${KAS_RUNTIME_ARGS} \ ${KAS_CONTAINER_IMAGE} ${KAS_OPTIONS_DIRECT} ${KAS_CMD} ${KAS_OPTIONS} if [ -n "${KAS_BITBAKE_C_OPTION_ARGS}" ]; then set -- "$@" -c "${KAS_BITBAKE_C_OPTION_ARGS}" fi # SC2086: Double quote to prevent globbing and word splitting. # shellcheck disable=2086 set -- "$@" ${KAS_FILES} # rotate any extra bitbake args from the front to the end of the argument list while [ $KAS_EXTRA_BITBAKE_ARGS -gt 0 ]; do arg="$1" shift 1 set -- "$@" "$arg" KAS_EXTRA_BITBAKE_ARGS=$((KAS_EXTRA_BITBAKE_ARGS - 1)) done trace ${KAS_CONTAINER_COMMAND} run "$@"