build: add Docker-based build infrastructure

Note: when the user invoking the script requires the use of `sudo` when invoking Docker, invoke the build using ``` $ make DOCKER='sudo docker' ```
scality · Oct 9, 2019 · 4de91ed · 4de91ed
1 parent 3a52f21
commit 4de91ed
Show file tree

Hide file tree

Showing 5 changed files with 93 additions and 0 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,3 @@
+.git/
+RPMS/
+SRPMS/
diff --git a/.gitignore b/.gitignore
@@ -3,3 +3,9 @@ SOURCES/kernel-kabi-dw-1062.tar.bz2
 SOURCES/linux-3.10.0-1062.1.2.el7.tar.xz
 SOURCES/rheldup3.x509
 SOURCES/rhelkpatch1.x509
+
+.container
+.rpms
+
+/RPMS/
+/SRPMS/
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,34 @@
+FROM centos:7.6.1810
+
+# https://wiki.centos.org/HowTos/I_need_the_Kernel_Source#head-a8dae925eec15786df9f6f8c918eff16bf67be0d
+RUN yum install -y \
+        asciidoc audit-libs-devel bash bc binutils binutils-devel bison diffutils elfutils \
+        elfutils-devel elfutils-libelf-devel findutils flex gawk gcc gettext gzip hmaccalc hostname java-devel \
+        m4 make module-init-tools ncurses-devel net-tools newt-devel numactl-devel openssl \
+        patch pciutils-devel perl perl-ExtUtils-Embed pesign python-devel python-docutils redhat-rpm-config \
+        rpm-build sh-utils tar xmlto xz zlib-devel \
+        && \
+    yum install -y \
+        git \
+        && \
+    yum clean all
+
+RUN useradd -d /home/build -m -U build
+USER build
+
+WORKDIR /home/build
+RUN git clone https://git.centos.org/git/centos-git-common.git
+
+# Create `.git` to trick `get_sources.sh`
+RUN mkdir kernel kernel/.git kernel/SOURCES kernel/SPECS
+WORKDIR /home/build/kernel
+
+COPY build.sh .
+
+COPY .kernel.metadata .
+RUN /home/build/centos-git-common/get_sources.sh -b c7
+
+COPY SOURCES/* SOURCES/
+COPY SPECS/kernel.spec SPECS/
+
+ENTRYPOINT ["/home/build/kernel/build.sh"]
diff --git a/Makefile b/Makefile
@@ -0,0 +1,36 @@
+DOCKER ?= $(shell command -v docker)
+CONTAINER_NAME ?= localhost/centos-kernel-build
+CONTAINER_TAG ?= latest
+
+PWD := $(shell pwd)
+
+CONTAINER = $(CONTAINER_NAME):$(CONTAINER_TAG)
+
+RPM_SOURCES = $(shell git ls-files SOURCES)
+RPM_SPECS = SPECS/kernel.spec
+
+default: .rpms
+
+.container: Dockerfile build.sh .kernel.metadata $(RPM_SOURCES) $(RPM_SPECS)
+	$(DOCKER) build -t "$(CONTAINER)" .
+	touch $@
+
+# Note: SOURCES and SPECS are copied inside the container during its build
+# phase, so this stage no longer depends on them. All we do is execute the
+# container.
+.rpms: .container
+	mkdir -p RPMS; chmod 0777 RPMS
+	mkdir -p SRPMS; chmod 0777 SRPMS
+	$(DOCKER) run \
+		-ti --rm \
+		--read-only \
+		--network none \
+		--name build \
+		--tmpfs /home/build/kernel/BUILD:rw,exec,nosuid,nodev,size=16G \
+		--tmpfs /home/build/kernel/BUILDROOT \
+		-v $(PWD)/RPMS:/home/build/kernel/RPMS:Z \
+		-v $(PWD)/SRPMS:/home/build/kernel/SRPMS:Z \
+		--tmpfs /var/tmp \
+		--tmpfs /tmp \
+		"$(CONTAINER)"
+	touch $@
diff --git a/build.sh b/build.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+set -xue -o pipefail
+
+test -d SPECS || (echo "SPECS is not a directory"; exit 1)
+test -f SPECS/kernel.spec || (echo "SPECS/kernel.spec is not a file"; exit 1)
+test -d SOURCES || (echo "SOURCES is not a directory"; exit 1)
+
+test -d RPMS || (echo "RPMS is not a directory"; exit 1)
+test -d SRPMS || (echo "SRPMS is not a directory"; exit 1)
+test -w RPMS || (echo "RPMS is not writable"; exit 1)
+test -w SRPMS || (echo "SRPMS is not writable"; exit 1)
+
+exec rpmbuild --define "%_topdir $(pwd)" -ba --target=$(uname -m) SPECS/kernel.spec "$@"