Page MenuHomeFreeBSD
Files F112516522

D46759.id143754.diff
No OneTemporary
Actions

D46759.id143754.diff
View Options

diff --git a/release/Makefile b/release/Makefile
--- a/release/Makefile
+++ b/release/Makefile
@@ -83,6 +83,9 @@
.if !defined(NOSRC)
DISTRIBUTIONS+= src.txz
.endif
+.if defined(WITH_OCIIMAGES) && !empty(WITH_OCIIMAGES)
+DISTRIBUTIONS+= container-image-static.txz container-image-dynamic.txz container-image-minimal.txz
+.endif
RELEASE_TARGETS= ftp
IMAGES=
@@ -156,6 +159,20 @@
--exclude 'usr/ports/INDEX*' --exclude work usr/ports | \
${XZ_CMD} > ${.OBJDIR}/ports.txz )
+.if defined(WITH_OCIIMAGES) && !empty(WITH_OCIIMAGES)
+oci-images:
+ sh ${.CURDIR}/scripts/make-oci-images.sh ${REVISION} ${BRANCH} ${TARGET_ARCH}
+
+.for _IMG in static dynamic minimal
+container-image-${_IMG}.txz: oci-images
+ skopeo copy \
+ containers-storage:localhost/freebsd${REVISION:R}-${_IMG}:latest \
+ oci-archive:${.OBJDIR}/container-image-${_IMG}.tar:freebsd${REVISION:R}-${_IMG}:${REVISION}-${BRANCH}-${TARGET_ARCH}
+ ${XZ_CMD} < ${.OBJDIR}/container-image-${_IMG}.tar > ${.OBJDIR}/container-image-${_IMG}.txz
+.endfor
+
+.endif
+
disc1: packagesystem
# Install system
mkdir -p ${.TARGET}
diff --git a/release/release.conf.sample b/release/release.conf.sample
--- a/release/release.conf.sample
+++ b/release/release.conf.sample
@@ -114,3 +114,7 @@
## If WITH_CLOUDWARE is set to a non-empty value, this is a list of providers
## to create disk images.
#CLOUDWARE="EC2 GCE OCI VAGRANT-VIRTUALBOX VAGRANT-VMWARE"
+
+## If WITH_OCIIMAGES is set to a non-empty value, build Open Container
+## Initiative (ICO) base images as part of the release.
+#WITH_OCIIMAGES=
diff --git a/release/release.sh b/release/release.sh
--- a/release/release.sh
+++ b/release/release.sh
@@ -120,6 +120,9 @@
# cloud providers as part of the release.
WITH_CLOUDWARE=
+ # Set to non-empty to build OCI images as part of the release
+ WITH_OCIIMAGES=
+
return 0
} # env_setup()
@@ -288,6 +291,42 @@
fi
fi
+ if [ ! -z "${WITH_OCIIMAGES}" ]; then
+ # Install buildah and skopeo from ports if the ports tree is available;
+ # otherwise install the pkg.
+ if [ -d ${CHROOTDIR}/usr/ports ]; then
+ # Trick the ports 'run-autotools-fixup' target to do the right
+ # thing.
+ _OSVERSION=$(chroot ${CHROOTDIR} /usr/bin/uname -U)
+ REVISION=$(chroot ${CHROOTDIR} make -C /usr/src/release -V REVISION)
+ BRANCH=$(chroot ${CHROOTDIR} make -C /usr/src/release -V BRANCH)
+ UNAME_r=${REVISION}-${BRANCH}
+ GITUNSETOPTS="CONTRIB CURL CVS GITWEB GUI HTMLDOCS"
+ GITUNSETOPTS="${GITUNSETOPTS} ICONV NLS P4 PERL"
+ GITUNSETOPTS="${GITUNSETOPTS} SEND_EMAIL SUBTREE SVN"
+ GITUNSETOPTS="${GITUNSETOPTS} PCRE PCRE2"
+ PBUILD_FLAGS="OSVERSION=${_OSVERSION} BATCH=yes"
+ PBUILD_FLAGS="${PBUILD_FLAGS} UNAME_r=${UNAME_r}"
+ PBUILD_FLAGS="${PBUILD_FLAGS} OSREL=${REVISION}"
+ PBUILD_FLAGS="${PBUILD_FLAGS} WRKDIRPREFIX=/tmp/ports"
+ PBUILD_FLAGS="${PBUILD_FLAGS} DISTDIR=/tmp/distfiles"
+ for _PORT in sysutils/buildah sysutils/skopeo; do
+ eval chroot ${CHROOTDIR} env ${PBUILD_FLAGS} make -C \
+ /usr/ports/${_PORT} \
+ FORCE_PKG_REGISTER=1 deinstall install clean distclean
+ done
+ else
+ eval chroot ${CHROOTDIR} env ASSUME_ALWAYS_YES=yes \
+ pkg install -y sysutils/buildah sysutils/skopeo
+ eval chroot ${CHROOTDIR} env ASSUME_ALWAYS_YES=yes \
+ pkg clean -y
+ fi
+ # Use the vfs storage driver so that this works whether or not
+ # the build directory is on ZFS. The images are small so the
+ # performance difference is negligible.
+ eval chroot ${CHROOTDIR} sed -I .bak -e '/^driver/s/zfs/vfs/' /usr/local/etc/containers/storage.conf
+ fi
+
if [ ! -z "${EMBEDDEDPORTS}" ]; then
_OSVERSION=$(chroot ${CHROOTDIR} /usr/bin/uname -U)
REVISION=$(chroot ${CHROOTDIR} make -C /usr/src/release -V REVISION)
@@ -323,6 +362,9 @@
fi
eval chroot ${CHROOTDIR} make -C /usr/src ${RELEASE_WMAKEFLAGS} buildworld
eval chroot ${CHROOTDIR} make -C /usr/src ${RELEASE_KMAKEFLAGS} buildkernel
+ if [ ! -z "${WITH_OCIIMAGES}" ]; then
+ eval chroot ${CHROOTDIR} make -C /usr/src ${RELEASE_WMAKEFLAGS} packages
+ fi
return 0
} # chroot_build_target
@@ -343,7 +385,8 @@
VMFORMATS=\"${VMFORMATS}\" VMSIZE=${VMSIZE}"
fi
eval chroot ${CHROOTDIR} make -C /usr/src/release \
- ${RELEASE_RMAKEFLAGS} release
+ ${RELEASE_RMAKEFLAGS} release \
+ WITH_OCIIMAGES=${WITH_OCIIMAGES}
eval chroot ${CHROOTDIR} make -C /usr/src/release \
${RELEASE_RMAKEFLAGS} install DESTDIR=/R \
WITH_COMPRESSED_IMAGES=${WITH_COMPRESSED_IMAGES} \
diff --git a/release/scripts/make-manifest.sh b/release/scripts/make-manifest.sh
--- a/release/scripts/make-manifest.sh
+++ b/release/scripts/make-manifest.sh
@@ -14,6 +14,9 @@
src="System source tree"
lib32="32-bit compatibility libraries"
tests="Test suite"
+oci_static="OCI base image for static-linked workloads"
+oci_dynamic="OCI base image for dynamic-linked workloads"
+oci_minimal="OCI base image for minimal shell workloads"
desc_base="${base} (MANDATORY)"
desc_base_dbg="${base} (Debugging)"
@@ -26,6 +29,9 @@
desc_ports="${ports}"
desc_src="${src}"
desc_tests="${tests}"
+desc_oci_static="${oci_static} (Optional)"
+desc_oci_dynamic="${oci_dynamic} (Optional)"
+desc_oci_minimal="${oci_minimal} (Optional)"
default_src=off
default_ports=off
@@ -35,6 +41,9 @@
default_kernel_alt=off
default_kernel_dbg=on
default_kernel_alt_dbg=off
+default_oci_static=off
+default_oci_dynamic=off
+default_oci_minimal=off
for i in ${*}; do
dist="${i}"
diff --git a/release/scripts/make-oci-images.sh b/release/scripts/make-oci-images.sh
new file mode 100644
--- /dev/null
+++ b/release/scripts/make-oci-images.sh
@@ -0,0 +1,106 @@
+#! /bin/sh
+
+# Build Open Container Initiative (OCI) container images.
+#
+# Three images are built:
+#
+# - static which contains mtree directories, SSL certificates and a few other
+# config files
+# - dynamic which adds some dynamic libs on top of static
+# - minimal which adds FreeBSD-runtime to support minimal shell workloads
+
+buildah rmi -af
+
+rev=$1; shift
+branch=$1; shift
+arch=$1; shift
+
+major=${rev%.*}
+minor=${rev#*.}
+
+abi=FreeBSD:${major}:${arch}
+
+echo "Building OCI images for ${abi}"
+
+workdir=$(mktemp -d -t oci-images)
+
+mkdir ${workdir}/repos
+cat > ${workdir}/repos/base.conf <<EOF
+FreeBSD-base: {
+ url: "file:///usr/obj/usr/src/repo/${abi}/latest"
+ signature_type: "none"
+ fingerprints: "none"
+}
+EOF
+cp /etc/pkg/FreeBSD.conf ${workdir}/repos
+
+install_packages() {
+ local workdir=$1; shift
+ local rootdir=$1; shift
+ if [ ! -d ${rootdir}/usr/share/keys/pkg/trusted ]; then
+ mkdir -p ${rootdir}/usr/share/keys/pkg/trusted
+ fi
+ cp /usr/share/keys/pkg/trusted/* ${rootdir}/usr/share/keys/pkg/trusted
+ # We install the packages and then remote repository metadata (keeping the
+ # metadata for what was installed). This trims more than 40Mb from the
+ # resulting image.
+ env IGNORE_OSVERSION=yes ABI=${abi} pkg --rootdir ${rootdir} --repo-conf-dir ${workdir}/repos \
+ install -yq "$@" || exit $?
+ rm -rf ${rootdir}/var/db/pkg/repos
+}
+
+c=$(buildah from scratch)
+m=$(buildah mount $c)
+mtree -deU -p $m/ -f /etc/mtree/BSD.root.dist > /dev/null
+mtree -deU -p $m/var -f /etc/mtree/BSD.var.dist > /dev/null
+mtree -deU -p $m/usr -f /etc/mtree/BSD.usr.dist > /dev/null
+mtree -deU -p $m/usr/include -f /etc/mtree/BSD.include.dist > /dev/null
+mtree -deU -p $m/usr/lib -f /etc/mtree/BSD.debug.dist > /dev/null
+install_packages ${workdir} $m FreeBSD-caroot FreeBSD-zoneinfo
+cp /etc/master.passwd $m/etc
+pwd_mkdb -p -d $m/etc $m/etc/master.passwd || return $?
+cp /etc/group $m/etc || return $?
+cp /etc/termcap.small $m/etc/termcap.small || return $?
+cp /etc/termcap.small $m/usr/share/misc/termcap || return $?
+env DESTDIR=$m /usr/sbin/certctl rehash
+# Generate a suitable repo config for pkgbase
+case ${branch} in
+ CURRENT|STABLE|BETA*)
+ repo=base_latest
+ ;;
+ *)
+ repo=base_release_${minor}
+ ;;
+esac
+mkdir -p $m/usr/local/etc/pkg/repos
+cat > $m/usr/local/etc/pkg/repos/base.conf <<EOF
+FreeBSD-base: {
+ url: "https://pkg.FreeBSD.org/\${ABI}/${repo}",
+ mirror_type: "srv",
+ signature_type: "fingerprints",
+ fingerprints: "/usr/share/keys/pkg",
+ enabled: yes
+}
+EOF
+buildah unmount $c
+buildah commit --rm $c freebsd${major}-static:latest
+
+c=$(buildah from freebsd${major}-static)
+m=$(buildah mount $c)
+install_packages ${workdir} $m FreeBSD-clibs FreeBSD-openssl-lib
+buildah unmount $c
+buildah commit --rm $c freebsd${major}-dynamic:latest
+
+c=$(buildah from freebsd${major}-dynamic)
+m=$(buildah mount $c)
+install_packages ${workdir} $m \
+ FreeBSD-runtime \
+ FreeBSD-certctl \
+ FreeBSD-kerberos-lib \
+ FreeBSD-libexecinfo \
+ FreeBSD-rc \
+ FreeBSD-pkg-bootstrap \
+ FreeBSD-mtree
+buildah unmount $c
+buildah config --cmd /bin/sh $c
+buildah commit --rm $c freebsd${major}-minimal:latest
diff --git a/share/examples/Makefile b/share/examples/Makefile
--- a/share/examples/Makefile
+++ b/share/examples/Makefile
@@ -21,6 +21,7 @@
libvgl \
mdoc \
netgraph \
+ oci \
perfmon \
ppi \
ppp \
@@ -199,6 +200,11 @@
virtual.chain \
virtual.lan \
+SE_DIRS+= oci
+SE_OCI= \
+ README \
+ Containerfile.pkg
+
SE_DIRS+= perfmon
SE_PERFMON= \
Makefile \
diff --git a/share/examples/oci/Containerfile.pkg b/share/examples/oci/Containerfile.pkg
new file mode 100644
--- /dev/null
+++ b/share/examples/oci/Containerfile.pkg
@@ -0,0 +1,27 @@
+# This is an example showing how to extend the freebsd-minimal OCI image by
+# install additional packages while keeping the resulting image as small as
+# possible.
+
+# The OS version matching the desired freebsd-minimal image
+ARG version=15.0-CURRENT-amd64
+
+# Select freebsd-minimal as our starting point.
+FROM localhost/freebsd-minimal:${version}
+
+# A list of package(s) to install
+ARG packages
+
+# Install package management tools. We specify 'FreeBSD' as the repository to
+# use for downloading pkg since the freebsd-minimal image has both FreeBSD and
+# FreeBSD-base pkg repo configs installed and FreeBSD-base does not contain the
+# pkg package.
+RUN env ASSUME_ALWAYS_YES=yes pkg bootstrap -r FreeBSD && pkg update
+
+# Install some package(s).
+RUN pkg install -y ${packages}
+
+# Clean up and remove package management overhead. We delete downloaded
+# packages, uninstall pkg and delete the repository metadata downloaded by 'pkg
+# install'. This retains the record of which packages are installed in the
+# image.
+RUN pkg clean -ay && pkg delete -fy pkg && rm -rf /var/db/pkg/repos
diff --git a/share/examples/oci/README b/share/examples/oci/README
new file mode 100644
--- /dev/null
+++ b/share/examples/oci/README
@@ -0,0 +1,7 @@
+This example Containerfile shows how to add packages to freebsd-minimal while
+minimising the package metadata overhead.
+
+For instance, To build a new image called 'my-new-image:latest' containing the
+nginx package:
+
+# podman build --squash --build-arg packages=nginx --tag my-new-image:latest -f Containerfile.pkg
diff --git a/share/man/man7/release.7 b/share/man/man7/release.7
--- a/share/man/man7/release.7
+++ b/share/man/man7/release.7
@@ -22,7 +22,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd August 6, 2023
+.Dd September 26, 2024
.Dt RELEASE 7
.Os
.Sh NAME
@@ -443,6 +443,18 @@
cd /usr/src
make -C release list-cloudware
.Ed
+.Sh OCI IMAGES
+The
+.Fx
+release build tools have experimental support for building
+Open Container Initiative (OCI) format container base images.
+This is enabled using a
+.Fa release.conf
+variable:
+.Bl -tag -width Ev
+.It Va WITH_OCIIMAGES
+Set to a non-null value to build OCI base images.
+.El
.Sh MAKEFILE TARGETS
The release makefile
.Pq Pa src/release/Makefile

File Metadata

Mime Type
text/plain
Expires
Thu, Mar 20, 5:00 AM (14 h, 58 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
17226685
Default Alt Text
D46759.id143754.diff (11 KB)

Event Timeline