gnome-shell/.gitlab-ci/build-toolbox-image.sh
Florian Müllner ee384d85da ci: Wrap calls with sudo when building toolbox
The mutter image now sets up a non-root default user, so we have
to wrap everything with sudo or su.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2806>
2023-06-20 02:25:30 +02:00

104 lines
2.8 KiB
Bash
Executable File

#!/bin/bash
# vi: sw=2 ts=4
set -e
die() {
echo "$@" >&2
exit 1
}
check_image_base() {
local base=$(
skopeo inspect docker://$TOOLBOX_IMAGE 2>/dev/null |
jq -r '.Labels["org.opencontainers.image.base.name"]')
[[ "$base" == "$MUTTER_CI_IMAGE" ]]
}
buildah_run() {
buildah run $build_cntr sudo "$@"
}
build_container() {
echo Building $TOOLBOX_IMAGE from $MUTTER_CI_IMAGE
export BUILDAH_ISOLATION=chroot
export BUILDAH_FORMAT=docker
local build_cntr=$(buildah from $MUTTER_CI_IMAGE)
local build_mnt=$(buildah mount $build_cntr)
[[ -n "$build_mnt" && -n "$build_cntr" ]] || die "Failed to mount the container"
local extra_packages=(
passwd # needed by toolbox
gdb
gnome-console # can't do without *some* terminal
flatpak-spawn # run host commands
flatpak # for host apps
abattis-cantarell-fonts # system font
gnome-backgrounds # no blank background!
)
buildah_run dnf config-manager --set-disabled '*-modular,*-openh264'
buildah_run dnf install -y "${extra_packages[@]}"
buildah_run dnf clean all
buildah_run rm -rf /var/lib/cache/dnf
# work around non-working pkexec
local fake_pkexec=$(mktemp)
cat > $fake_pkexec <<-'EOF'
#!/bin/sh
exec su -c "$*"
EOF
buildah copy --chmod 755 $build_cntr $fake_pkexec /usr/bin/pkexec
# disable gnome-keyring activation:
# it either asks for unlocking the login keyring on startup, or it detects
# the running host daemon and doesn't export the object on the bus, which
# blocks the activating service until it hits the timeout
buildah_run rm /usr/share/dbus-1/services/org.freedesktop.secrets.service
local srcdir=$(realpath $(dirname $0))
buildah copy --chmod 755 $build_cntr $srcdir/install-meson-project.sh /usr/libexec
# include convenience script for updating mutter dependency
local update_mutter=$(mktemp)
cat > $update_mutter <<-EOF
#!/bin/sh
/usr/libexec/install-meson-project.sh https://gitlab.gnome.org/GNOME/mutter.git $MUTTER_BRANCH
EOF
buildah copy --chmod 755 $build_cntr $update_mutter /usr/bin/update-mutter
buildah config --env HOME- \
--label com.github.containers.toolbox=true \
--label org.opencontainers.image.base.name=$MUTTER_CI_IMAGE \
$build_cntr
buildah commit $build_cntr $TOOLBOX_IMAGE
}
MUTTER_CI_IMAGE=$1
MUTTER_BRANCH=${2:-$CI_COMMIT_BRANCH}
TOOLBOX_IMAGE=$CI_REGISTRY_IMAGE/toolbox:${MUTTER_BRANCH#gnome-}
[[ -n "$MUTTER_CI_IMAGE" && -n "$MUTTER_BRANCH" ]] ||
die "Usage: $(basename $0) MUTTER_CI_IMAGE [MUTTER_BRANCH]"
if [[ -z "$FORCE_REBUILD" ]]; then
if check_image_base; then
echo Image $TOOLBOX_IMAGE exists and is up to date.
exit 0
fi
fi
[[ -n "$CI_REGISTRY" && -n "$CI_REGISTRY_USER" && -n "$CI_REGISTRY_PASSWORD" ]] ||
die "Insufficient information to log in."
podman login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
build_container
podman push $TOOLBOX_IMAGE