From 972be9b5b8e91b5370a3ee146e790ecfe33546c7 Mon Sep 17 00:00:00 2001 From: "Lance R. Vick" Date: Sat, 27 Jan 2024 21:49:38 -0800 Subject: [PATCH] Standardize on OCI build output with compat checks --- Makefile | 5 ++- src/compat.sh | 91 +++++++++++++++++++++++++++++++++++++++++++++++++++ src/macros.mk | 9 +++-- 3 files changed, 102 insertions(+), 3 deletions(-) create mode 100644 src/compat.sh diff --git a/Makefile b/Makefile index a1d5d65..01cd82a 100644 --- a/Makefile +++ b/Makefile @@ -9,9 +9,12 @@ include src/core/build.mk include src/libs/build.mk include src/tools/build.mk +compat: + ./src/compat.sh + DEFAULT_GOAL := default .PHONY: default -default: bootstrap core +default: compat bootstrap core out/graph.svg: Makefile $(MAKE) -Bnd | make2graph | dot -Tsvg -o graph.svg diff --git a/src/compat.sh b/src/compat.sh new file mode 100644 index 0000000..581d9f0 --- /dev/null +++ b/src/compat.sh @@ -0,0 +1,91 @@ +#!/usr/bin/env bash +set -e + +readonly MIN_BASH_VERSION=5 +readonly MIN_DOCKER_VERSION=25 +readonly MIN_JQ_VERSION=1.6 +readonly MIN_GPG_VERSION=2.2 + +### Exit with error message +die() { + echo "$@" >&2 + exit 1 +} + +### Bail and instruct user on missing package to install for their platform +die_pkg() { + local -r package=${1?} + local -r version=${2?} + local install_cmd + case "$OSTYPE" in + linux*) + if command -v "apt" >/dev/null; then + install_cmd="apt install ${package}" + elif command -v "yum" >/dev/null; then + install_cmd="yum install ${package}" + elif command -v "pacman" >/dev/null; then + install_cmd="pacman -Ss ${package}" + elif command -v "emerge" >/dev/null; then + install_cmd="emerge ${package}" + elif command -v "nix-env" >/dev/null; then + install_cmd="nix-env -i ${package}" + fi + ;; + bsd*) install_cmd="pkg install ${package}" ;; + darwin*) install_cmd="port install ${package}" ;; + *) die "Error: Your operating system is not supported" ;; + esac + echo "Error: ${package} ${version}+ does not appear to be installed." >&2 + [ -n "$install_cmd" ] && echo "Try: \`${install_cmd}\`" >&2 + exit 1 +} + +### Check if actual binary version is >= minimum version +check_version(){ + local pkg="${1?}" + local have="${2?}" + local need="${3?}" + local i ver1 ver2 IFS='.' + [[ "$have" == "$need" ]] && return 0 + read -r -a ver1 <<< "$have" + read -r -a ver2 <<< "$need" + for ((i=${#ver1[@]}; i<${#ver2[@]}; i++)); + do ver1[i]=0; + done + for ((i=0; i<${#ver1[@]}; i++)); do + [[ -z ${ver2[i]} ]] && ver2[i]=0 + ((10#${ver1[i]} > 10#${ver2[i]})) && return 0 + ((10#${ver1[i]} < 10#${ver2[i]})) && die_pkg "${pkg}" "${need}" + done +} + +### Check if required binaries are installed at appropriate versions +check_tools(){ + if [ -z "${BASH_VERSINFO[0]}" ] \ + || [ "${BASH_VERSINFO[0]}" -lt "${MIN_BASH_VERSION}" ]; then + die_pkg "bash" "${MIN_BASH_VERSION}" + fi + for cmd in "$@"; do + command -v "$1" >/dev/null || die "Error: $cmd not found" + case $cmd in + jq) + version=$(jq -V | sed 's/.*-//g') + check_version "jq" "${version}" "${MIN_JQ_VERSION}" + ;; + gpg) + version=$(gpg --version | head -n1 | cut -d" " -f3) + check_version "gnupg" "${version}" "${MIN_GPG_VERSION}" + ;; + docker) + version=$(docker version -f json | jq -r '.Server.Version') + check_version "docker" "${version}" "${MIN_DOCKER_VERSION}" + ;; + esac + done +} + +check_tools jq gpg docker; + +docker info -f '{{ .DriverStatus }}' \ + | grep "io.containerd.snapshotter.v1" >/dev/null \ +|| die "Error: Docker Engine is not using containerd for image storage" diff --git a/src/macros.mk b/src/macros.mk index 59554df..5fd7d4a 100644 --- a/src/macros.mk +++ b/src/macros.mk @@ -26,8 +26,10 @@ define build $(eval VERSION := $(if $(3),$(3),latest)) $(eval TARGET := $(if $(4),$(4),package)) $(eval EXTRA_ARGS := $(if $(5),$(5),)) + $(eval REVISION := $(shell git rev-list HEAD -1 src/$(CATEGORY)/$(NAME))) $(eval BUILD_CMD := \ DOCKER_BUILDKIT=1 \ + BUILDKIT_MULTI_PLATFORM=1 \ SOURCE_DATE_EPOCH=1 \ $(BUILDER) \ build \ @@ -35,16 +37,19 @@ define build -t $(REGISTRY)/$(NAME):$(VERSION) \ --build-arg REGISTRY=$(REGISTRY) \ --platform $(PLATFORM) \ - --network=host \ --progress=plain \ $(if $(filter latest,$(VERSION)),,--build-arg VERSION=$(VERSION)) \ + --output type=oci,force-compression=true,name=$(NAME),annotation-index.org.opencontainers.image.revision=$(REVISION),annotation-index.org.opencontainers.image.version=$(VERSION),dest=- \ --target $(TARGET) \ $(EXTRA_ARGS) \ src/$(CATEGORY)/$(NAME) \ + | gzip > $@; \ ) $(eval TIMESTAMP := $(shell TZ=GMT date +"%Y-%m-%dT%H:%M:%SZ")) mkdir -p out/ echo $(TIMESTAMP) $(BUILD_CMD) >> out/build.log $(BUILD_CMD) - $(if $(filter package,$(TARGET)),$(BUILDER) save $(REGISTRY)/$(NAME):$(VERSION) -o $@,) + tar -xf $@ index.json -O \ + | jq -r '.manifests[].digest | sub("sha256:";"")' \ + > $@.digest endef