Support for a v9 build-env

Dockerfile-7.x

@@ -1,4 +1,6 @@
-FROM    centos:7.2.1511
+ARG     CENTOS_VERSION=7.2.1511
+
+FROM    centos:${CENTOS_VERSION}
 
 ARG     CUSTOM_BUILDER_UID=""
 ARG     CUSTOM_BUILDER_GID=""
@@ -7,11 +9,15 @@ ARG     CUSTOM_BUILDER_GID=""
 RUN     rm /etc/yum.repos.d/*
 
 # Add only the specific CentOS 7.2 repositories, because that's what XS used for the majority of packages
-COPY    files/tmp-CentOS-Vault.repo /etc/yum.repos.d/CentOS-Vault-7.2.repo
+ARG     CENTOS_VERSION
+COPY    files/CentOS-Vault.repo.in /etc/yum.repos.d/CentOS-Vault-7.2.repo
+RUN     sed -e "s/@CENTOS_VERSION@/${CENTOS_VERSION}/g" -i /etc/yum.repos.d/CentOS-Vault-7.2.repo
 
 # Add our repositories
 # Repository file depends on the target version of XCP-ng, and is pre-processed by build.sh
-COPY    files/tmp-xcp-ng.repo /etc/yum.repos.d/xcp-ng.repo
+ARG     XCP_NG_BRANCH=7.6
+COPY    files/xcp-ng.repo.7.x.in /etc/yum.repos.d/xcp-ng.repo
+RUN     sed -e "s/@XCP_NG_BRANCH@/${XCP_NG_BRANCH}/g" -i /etc/yum.repos.d/xcp-ng.repo
 
 # Fix invalid rpmdb checksum error with overlayfs, see https://github.com/docker/docker/issues/10180
 RUN     yum install -y yum-plugin-ovl
@@ -43,6 +49,9 @@ RUN     yum install -y \
             wget \
             which
 
+# clean package cache to avoid download errors
+RUN     yum clean all
+
 # OCaml in XS is slightly older than in CentOS
 RUN     sed -i "/gpgkey/a exclude=ocaml*" /etc/yum.repos.d/Cent* /etc/yum.repos.d/epel*
 

Dockerfile-8.x

@@ -1,4 +1,6 @@
-FROM    centos:7.5.1804
+ARG     CENTOS_VERSION=7.5.1804
+
+FROM    centos:${CENTOS_VERSION}
 
 ARG     CUSTOM_BUILDER_UID=""
 ARG     CUSTOM_BUILDER_GID=""
@@ -7,11 +9,15 @@ ARG     CUSTOM_BUILDER_GID=""
 RUN     rm /etc/yum.repos.d/*
 
 # Add only the specific CentOS 7.5 repositories, because that's what XS used for the majority of packages
-COPY    files/tmp-CentOS-Vault.repo /etc/yum.repos.d/CentOS-Vault-7.5.repo
+ARG     CENTOS_VERSION
+COPY    files/CentOS-Vault.repo.in /etc/yum.repos.d/CentOS-Vault-7.5.repo
+RUN     sed -e "s/@CENTOS_VERSION@/${CENTOS_VERSION}/g" -i /etc/yum.repos.d/CentOS-Vault-7.5.repo
 
 # Add our repositories
 # Repository file depends on the target version of XCP-ng, and is pre-processed by build.sh
-COPY    files/tmp-xcp-ng.repo /etc/yum.repos.d/xcp-ng.repo
+ARG     XCP_NG_BRANCH=8.3
+COPY    files/xcp-ng.repo.8.x.in /etc/yum.repos.d/xcp-ng.repo
+RUN     sed -e "s/@XCP_NG_BRANCH@/${XCP_NG_BRANCH}/g" -i /etc/yum.repos.d/xcp-ng.repo
 
 # Install GPG key
 RUN     curl -sSf https://xcp-ng.org/RPM-GPG-KEY-xcpng -o /etc/pki/rpm-gpg/RPM-GPG-KEY-xcpng
@@ -46,6 +52,9 @@ RUN     yum install -y \
             wget \
             which
 
+# clean package cache to avoid download errors
+RUN     yum clean all
+
 # OCaml in XS may be older than in CentOS
 RUN     sed -i "/gpgkey/a exclude=ocaml*" /etc/yum.repos.d/Cent* /etc/yum.repos.d/epel*
 

Dockerfile-9.x

@@ -0,0 +1,79 @@
+FROM    ghcr.io/almalinux/10-base:10.0
+
+ARG     CUSTOM_BUILDER_UID=""
+ARG     CUSTOM_BUILDER_GID=""
+
+# Add our repositories
+# temporary bootstrap repository
+COPY    files/xcp-ng-8.99.repo /etc/yum.repos.d/xcp-ng.repo
+# Almalinux 10 devel
+COPY    files/Alma10-devel.repo /etc/yum.repos.d/
+
+# Install GPG key
+RUN     curl -sSf https://xcp-ng.org/RPM-GPG-KEY-xcpng -o /etc/pki/rpm-gpg/RPM-GPG-KEY-xcpng
+
+# Update
+RUN     dnf update -y
+
+# Common build requirements
+RUN     dnf install -y \
+            gcc \
+            gcc-c++ \
+            git \
+            make \
+            rpm-build \
+            redhat-rpm-config \
+            python3-rpm \
+            sudo \
+            dnf-plugins-core \
+            epel-release
+
+# EPEL: needs epel-release installed first
+RUN     dnf install -y \
+            epel-rpm-macros \
+            almalinux-git-utils
+
+# Niceties
+RUN     dnf install -y \
+            bash-completion \
+            vim \
+            wget \
+            which
+
+# clean package cache to avoid download errors
+RUN     yum clean all
+
+# -release*, to be commented out to boostrap the build-env until it gets built
+# FIXME: isn't it already pulled as almalinux-release when available?
+RUN     dnf install -y \
+            xcp-ng-release \
+            xcp-ng-release-presets
+
+# enable repositories commonly required to build
+RUN     dnf config-manager --enable crb
+
+# workaround sudo not working (e.g. in podman 4.9.3 in Ubuntu 24.04)
+RUN     chmod 0400 /etc/shadow
+
+# Set up the builder user
+RUN     bash -c ' \
+            OPTS=(); \
+            if [ -n "${CUSTOM_BUILDER_UID}" ]; then \
+                OPTS+=("-u" "${CUSTOM_BUILDER_UID}"); \
+            fi; \
+            if [ -n "${CUSTOM_BUILDER_GID}" ]; then \
+                OPTS+=("-g" "${CUSTOM_BUILDER_GID}"); \
+                if ! getent group "${CUSTOM_BUILDER_GID}" >/dev/null; then \
+                    groupadd -g "${CUSTOM_BUILDER_GID}" builder; \
+                fi; \
+            fi; \
+            useradd "${OPTS[@]}" builder; \
+        ' \
+        && echo "builder:builder" | chpasswd \
+        && echo "builder ALL=(ALL:ALL) NOPASSWD: ALL" >> /etc/sudoers
+
+RUN     mkdir -p /usr/local/bin
+COPY    files/init-container.sh /usr/local/bin/init-container.sh
+
+# FIXME: check it we really need any of this
+# COPY    files/rpmmacros /home/builder/.rpmmacros

README.md

@@ -126,6 +126,29 @@ git clone https://github.com/xcp-ng-rpms/xapi.git
 * `--rm` destroys the container on exit. Helps preventing containers from using too much space on disk. You can still reclaim space afterwards by running `docker container prune` and `docker image prune`
 * `-v` / `--volume` (see *Mounting repos from outside the container* below)
 
+**Refreshing fuzzy patches**
+
+In XCP-ng 9.0, `rpmbuild` rejects fuzzy patches.  The easiest-known
+way to get them refreshed is to let `quilt` do the job, but that's not
+fully automated.
+
+1. modify the specfile to add `-Squilt` to `%autosetup` or
+   `%autopatch` in the `%prep` block; add `BuildRequires: quilt`
+2. let quilt apply them in a 8.3 buildenv (`quilt` in 8.3 is only in EPEL) and get you a shell:
+   ```
+xcpng/build-env/run.py --rm -b 8.3 -l . --rpmbuild-stage=p -n --enablerepo=epel
+   ```
+3. ask `quilt` to refresh all your patches (alternatively just the one you want)
+   ```
+$ cd rpmbuild/BUILD/$dir
+$ quilt pop -a --refresh
+$ cp patches/* ../../SOURCES/
+   ```
+4. carefully pick up the bits you need
+
+Note: unfortunately `rpmbuild` (in 8.3 at least) does not add all
+patches in `patches/series` upfront, so in case of real conflict this
+has to be redone from step 2 each time.
 
 ## Building packages manually
 

build.sh

@@ -1,12 +1,50 @@
 #!/usr/bin/env bash
-
 set -e
 
-if [ -z "$1" ]; then
-    echo "Usage: $0 {version}"
-    echo "... where {version} is a 'x.y' version such as 8.0."
-    exit
-fi
+die() {
+    echo >&2
+    echo >&2 "ERROR: $*"
+    echo >&2
+    exit 1
+}
+
+die_usage() {
+    usage >&2
+    die "$*"
+}
+
+usage() {
+    cat <<EOF
+Usage: $0 [--platform PF] <version>
+... where <version> is a 'x.y' version such as 8.0.
+
+--platform override the default platform for the build container.
+EOF
+}
+
+PLATFORM=
+while [ $# -ge 1 ]; do
+    case "$1" in
+        --help|-h)
+            usage
+            exit 0
+            ;;
+        --platform)
+            [ $# -ge 2 ] || die_usage "$1 needs an argument"
+            PLATFORM="$2"
+            shift
+            ;;
+        -*)
+            die_usage "unknown flag '$1'"
+            ;;
+        *)
+            break
+            ;;
+    esac
+    shift
+done
+
+[ -n "$1" ] || die_usage "version parameter missing"
 
 RUNNER=""
 if [ -n "$XCPNG_OCI_RUNNER" ]; then
@@ -29,31 +67,28 @@ cd $(dirname "$0")
 
 CUSTOM_ARGS=()
 
+ALMA_VERSION=
+CENTOS_VERSION=
 case "$1" in
-    7.*)
-        REPO_FILE=files/xcp-ng.repo.7.x.in
-        DOCKERFILE=Dockerfile-7.x
-        CENTOS_VERSION=7.2.1511
+    9.*)
+        DOCKERFILE=Dockerfile-9.x
+        ALMA_VERSION=10.0
+        : ${PLATFORM:=linux/amd64/v2}
         ;;
     8.*)
-        REPO_FILE=files/xcp-ng.repo.8.x.in
         DOCKERFILE=Dockerfile-8.x
-        CENTOS_VERSION=7.5.1804
+        : ${PLATFORM:=linux/amd64}
+        ;;
+    7.*)
+        DOCKERFILE=Dockerfile-7.x
+        : ${PLATFORM:=linux/amd64}
         ;;
     *)
         echo >&2 "Unsupported release '$1'"
         exit 1
         ;;
 esac
 
-sed -e "s/@XCP_NG_BRANCH@/${1}/g" "$REPO_FILE" > files/tmp-xcp-ng.repo
-sed -e "s/@CENTOS_VERSION@/${CENTOS_VERSION}/g" files/CentOS-Vault.repo.in > files/tmp-CentOS-Vault.repo
-
-# Support using docker on other archs (e.g. arm64 for Apple Silicon), building for amd64
-if [ "$(uname -m)" != "x86_64" ]; then
-    CUSTOM_ARGS+=( "--platform" "linux/amd64" )
-fi
-
 CUSTOM_UID="$(id -u)"
 CUSTOM_GID="$(id -g)"
 
@@ -74,10 +109,9 @@ CUSTOM_ARGS+=( "--build-arg" "CUSTOM_BUILDER_UID=${CUSTOM_UID}" )
 CUSTOM_ARGS+=( "--build-arg" "CUSTOM_BUILDER_GID=${CUSTOM_GID}" )
 
 "$RUNNER" build \
+    --platform "$PLATFORM" \
     "${CUSTOM_ARGS[@]}" \
-    -t xcp-ng/xcp-ng-build-env:${1} \
+    -t ghcr.io/xcp-ng/xcp-ng-build-env:${1} \
+    --build-arg XCP_NG_BRANCH=${1} \
     --ulimit nofile=1024 \
     -f $DOCKERFILE .
-
-rm -f files/tmp-xcp-ng.repo
-rm -f files/tmp-CentOS-Vault.repo

files/Alma10-devel.repo

@@ -0,0 +1,5 @@
+[alma10-devel]
+name=Almalinux 10 devel
+baseurl=https://repo.almalinux.org/almalinux/10/devel/$basearch/os/
+enabled=1
+gpgcheck=1