[gentoo-commits] proj/releng:master commit in: tools-musl/portage.amd64.hardened-stage4/package.use/, tools-musl/

Matt Thode Wed, 04 Jan 2017 15:21:06 -0800

commit:     70ac10ef17473f220bd942dfc8401446e7d0ab39
Author:     Matthew Thode <mthode <AT> mthode <DOT> org>
AuthorDate: Wed Jan  4 23:19:47 2017 +0000
Commit:     Matt Thode <prometheanfire <AT> gentoo <DOT> org>
CommitDate: Wed Jan  4 23:19:47 2017 +0000
URL:        https://gitweb.gentoo.org/proj/releng.git/commit/?id=70ac10ef


make smaller stage4 musl tarballs and allow them to be versioned by date

 .../package.use/stage4                             |  1 +
 tools-musl/run-stage4.sh                           | 18 ++++++++++++++++++
 tools-musl/stage4-fsscript.sh                      | 17 ++++++++++++++---
 tools-musl/stage4-hardened-amd64.spec              | 22 +++++-----------------
 4 files changed, 38 insertions(+), 20 deletions(-)

diff --git a/tools-musl/portage.amd64.hardened-stage4/package.use/stage4 
b/tools-musl/portage.amd64.hardened-stage4/package.use/stage4
index 4b84ae6..7c0a650 100644
--- a/tools-musl/portage.amd64.hardened-stage4/package.use/stage4
+++ b/tools-musl/portage.amd64.hardened-stage4/package.use/stage4
@@ -1 +1,2 @@
 sys-boot/grub grub_platforms_pc
+app-admin/syslog-ng -tcpd

diff --git a/tools-musl/run-stage4.sh b/tools-musl/run-stage4.sh
index e79acc7..5bfe74e 100755
--- a/tools-musl/run-stage4.sh
+++ b/tools-musl/run-stage4.sh
@@ -1,5 +1,23 @@
+#!/bin/bash
+
+set -eu
+
+source /etc/catalyst/catalyst.conf
+
 MUSL_DIR="$( cd "$( dirname ${BASH_SOURCE[0]} )" && pwd )"
+MY_DATE="$(date +%Y%m%d)"
+
+# munge specfile for this run
 cp "${MUSL_DIR}"/stage4-hardened-amd64.spec 
"${MUSL_DIR}"/stage4-hardened-amd64-configured.spec
 sed -i "s|@REPO_DIR@|${MUSL_DIR}|g" 
"${MUSL_DIR}"/stage4-hardened-amd64-configured.spec
+sed -i "s|MY_DATE|${MY_DATE}|g" 
"${MUSL_DIR}"/stage4-hardened-amd64-configured.spec
 
+# catalyst stuff
 catalyst -f "${MUSL_DIR}"/stage4-hardened-amd64-configured.spec | tee -a 
"${MUSL_DIR}"/zzz.log
+
+# update link, rm -f returns 0 if file isn't there yet
+rm -f 
"${storedir}/builds/musl/hardened/amd64/stage4-amd64-musl-hardened.tar.bz2"
+ln -s 
"${storedir}/builds/musl/hardened/amd64/stage4-amd64-musl-hardened-${MY_DATE}.tar.bz2"
 "${storedir}/builds/musl/hardened/amd64/stage4-amd64-musl-hardened.tar.bz2"
+
+# remove old specfile
+rm "${MUSL_DIR}"/stage4-hardened-amd64-configured.spec

diff --git a/tools-musl/stage4-fsscript.sh b/tools-musl/stage4-fsscript.sh
index f222b1f..00777ba 100755
--- a/tools-musl/stage4-fsscript.sh
+++ b/tools-musl/stage4-fsscript.sh
@@ -51,6 +51,19 @@ nameserver 8.8.8.8
 nameserver 2001:4860:4860::8888
 EOL
 
+# make sure musl stuff is available
+echo "=app-portage/layman-2.4.1-r1 ~amd64" >> 
/etc/portage/package.keywords/layman
+echo "=dev-python/ssl-fetch-0.4 ~amd64" >> /etc/portage/package.keywords/layman
+emerge -vq --jobs=4 layman dev-vcs/git
+layman -L
+layman -a musl
+
+# shrink stuff down
+eselect python set python3.4
+emerge -C -q dev-lang/python:2.7 sys-boot/grub sys-devel/bc
+USE="-build" emerge -q --jobs=2 --usepkg=n --buildpkg=y @preserved-rebuild
+USE="-build" emerge --verbose=n --depclean
+
 # let's upgrade (security fixes and otherwise)
 USE="-build" emerge -uDNv --with-bdeps=y --buildpkg=y --jobs=2 @world
 USE="-build" emerge --verbose=n --depclean
@@ -59,13 +72,11 @@ etc-update --automode -5
 
 # Clean up portage
 emerge --verbose=n --depclean
-if [[ -a /usr/bin/eix ]]; then
-  eix-update
-fi
 emaint all -f
 eselect news read all
 eclean-dist --destructive
 sed -i '/^USE=\"\${USE}\ \ build\"$/d' /etc/portage/make.conf
+sed -i '/dev-util\/pkgconf/d' /var/lib/portage/world
 
 # clean up system
 passwd -d root

diff --git a/tools-musl/stage4-hardened-amd64.spec 
b/tools-musl/stage4-hardened-amd64.spec
index e4623cb..aae24bf 100644
--- a/tools-musl/stage4-hardened-amd64.spec
+++ b/tools-musl/stage4-hardened-amd64.spec
@@ -1,7 +1,7 @@
 subarch: amd64
 target: stage4
-version_stamp: hardened-musl-cloud-latest
-rel_type: default
+version_stamp: musl-hardened-MY_DATE
+rel_type: musl/hardened/amd64
 profile: hardened/linux/musl/amd64
 snapshot: current
 source_subpath: musl/hardened/amd64/stage3-amd64-musl-hardened
@@ -20,21 +20,10 @@ stage4/use:
        urandom
 
 stage4/packages:
-       app-admin/logrotate
-       app-admin/sudo
        app-admin/syslog-ng
-       app-editors/vim
-       app-portage/eix
-       app-portage/gentoolkit
+  dev-util/pkgconf
        net-misc/dhcpcd
-       net-misc/iputils
-       sys-boot/grub
-       sys-apps/dmidecode
-       sys-apps/gptfdisk
        sys-apps/iproute2
-       sys-apps/lsb-release
-       sys-apps/pciutils
-       sys-block/parted
        sys-devel/bc
        sys-power/acpid
        sys-process/cronie
@@ -59,15 +48,14 @@ stage4/empty:
        /tmp
        /usr/portage/distfiles
        /usr/src
-       /var/cache/edb/dep
-       /var/cache/genkernel
-       /var/cache/portage/distfiles
+  /var/cache
        /var/empty
        /var/run
        /var/state
        /var/tmp
 
 stage4/rm:
+       /boot/System.map-genkernel*
        /etc/*-
        /etc/*.old
        /etc/ssh/ssh_host_*

[gentoo-commits] proj/releng:master commit in: tools-musl/portage.amd64.hardened-stage4/package.use/, tools-musl/

Reply via email to