forked from dtantsur/ironic-agent-image
-
Notifications
You must be signed in to change notification settings - Fork 18
/
Copy pathprepare-image.sh
executable file
·102 lines (82 loc) · 4.01 KB
/
prepare-image.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
#!/usr/bin/bash
set -euxo pipefail
echo "install_weak_deps=False" >> /etc/dnf/dnf.conf
# Tell RPM to skip installing documentation
echo "tsflags=nodocs" >> /etc/dnf/dnf.conf
dnf upgrade -y
grep -vE '^(#|$)' /tmp/${PKGS_LIST} | xargs -rtd'\n' dnf install -y
if [[ -s /tmp/${PKGS_LIST}-$(arch) ]]; then
grep -vE '^(#|$)' /tmp/${PKGS_LIST}-$(arch) | xargs -rtd'\n' dnf install -y
fi
if [[ ! -z ${EXTRA_PKGS_LIST:-} ]]; then
if [[ -s /tmp/${EXTRA_PKGS_LIST} ]]; then
grep -vE '^(#|$)' /tmp/${EXTRA_PKGS_LIST} | xargs -rtd'\n' dnf install -y
fi
fi
### cachito magic works for OCP only
if [[ -f /tmp/packages-list.ocp ]]; then
REQS="${REMOTE_SOURCES_DIR}/requirements.cachito"
ls -la "${REMOTE_SOURCES_DIR}/" # DEBUG
# load cachito variables only if they're available
if [[ -d "${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps" ]]; then
source "${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/cachito.env"
REQS="${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/app/requirements.cachito"
fi
### source install ###
BUILD_DEPS="git python3-devel gcc gcc-c++ python3-wheel"
# NOTE(elfosardo): wheel is needed because of pip "no-build-isolation" option
# setting installation of setuptoools here as we may want to remove it
# in teh future once the container build is done
dnf install -y python3-pip 'python3-setuptools >= 64.0.0' $BUILD_DEPS
# NOTE(elfosardo): --no-index is used to install the packages emulating
# an isolated environment in CI. Do not use the option for downstream
# builds.
# NOTE(janders): adding --no-compile option to avoid issues in FIPS
# enabled environments. See https://issues.redhat.com/browse/RHEL-29028
# for more information
# NOTE(elfosardo): --no-build-isolation is needed to allow build engine
# to use build tools already installed in the system, for our case
# setuptools and pbr, instead of installing them in the isolated
# pip environment. We may change this in the future and just use
# full isolated environment and source build dependencies.
PIP_OPTIONS="--no-compile --no-cache-dir --no-build-isolation"
if [[ ! -d "${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps" ]]; then
PIP_OPTIONS="$PIP_OPTIONS --no-index"
fi
# NOTE(elfosardo): download all the libraries and dependencies first, removing
# --no-index but using --no-deps to avoid chain-downloading packages.
# This forces to download only the packages specified in the requirements file,
# but we leave the --no-index in the installation phase to again avoid
# downloading unexpected packages and install only the downloaded ones.
# This is done to allow testing any source code package in CI emulating
# the cachito downstream build pipeline.
# See https://issues.redhat.com/browse/METAL-1049 for more details.
PIP_SOURCES_DIR="all_sources"
mkdir $PIP_SOURCES_DIR
python3 -m pip download --no-build-isolation --no-deps -r "${REQS}" -d $PIP_SOURCES_DIR
python3 -m pip install $PIP_OPTIONS --prefix /usr -r "${REQS}" -f $PIP_SOURCES_DIR
# NOTE(janders) since we set --no-compile at install time, we need to
# compile post-install (see RHEL-29028)
python3 -m compileall --invalidation-mode=timestamp /usr
dnf remove -y $BUILD_DEPS
rm -fr $PIP_SOURCES_DIR
if [[ -d "${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps" ]]; then
rm -rf $REMOTE_SOURCES_DIR
fi
fi
###
if [[ ! -z ${PATCH_LIST:-} ]]; then
if [[ -s "/tmp/${PATCH_LIST}" ]]; then
/bin/patch-image.sh;
fi
fi
rm -f /bin/patch-image.sh
# No subscriptions are required (or possible) in this container.
rpm -q subscription-manager && \
dnf remove -y subscription-manager dnf-plugin-subscription-manager || true
# Pbr pulls in Git (30+ MiB), but actually only uses it in development context.
rpm -q git-core && rpm -e --nodeps git-core || true
dnf clean all
rm -rf /var/cache/{yum,dnf}/*
# This goes last since it violates package integrity.
rm -rf /var/log/anaconda /var/lib/dnf/history.* /usr/share/licenses/*