David Rheinsberg d1b9304a56 buildroot: use bwrap to contain stages

This swaps the `systemd-nspawn` implementation for `bubblewrap` to
contain sub-processes. It also adjusts the `BuildRoot` implementation
to reduce the number of mounts required to keep locally.

This has the following advantages:

  * We know exactly how the build-root looks like. Only the bits and
    pieces we select will end up in the build-root. We can let RPM
    authors know what environment their post-install scripts need to
    run in, and we can reliably test this.

  * We no longer need any D-Bus access or access to other PID1
    facilities. Bubblewrap allows us to execute from any environment,
    including containers and sandboxes.

  * Bubblewrap setup is significantly faster than nspawn. This is a
    minor point though, since nspawn is still fast enough compared to
    the operations we perform in the container.

  * Bubblewrap does not require root.

At the same time, we have a bunch of downsides which might increase the
workload in the future:

  * We now control the build-root, which also means we have to make sure
    it works on all our supported architectures, all quirks are
    included, and all required resources are accessible from within the
    build-root.
    The good thing here is that we have lots of previous-art we can
    follow, and all the other ones just play whack-a-mole, so we can
    join that fun.

The `bubblewrap` project is used by podman and flatpak, it is packaged
for all major distributions, and looks like a stable dependency.

2020-07-21 14:20:32 +02:00

1.6 KiB

Raw Blame History

OSBuild

Build-Pipelines for Operating System Artifacts

OSBuild is a pipeline-based build system for operating system artifacts. It defines a universal pipeline description and a build system to execute them, producing artifacts like operating system images, working towards an image build pipeline that is more comprehensible, reproducible, and extendable.

See the osbuild(1) man-page for details on how to run osbuild, the definition of the pipeline description, and more.

Project

Website: https://www.osbuild.org
Bug Tracker: https://github.com/osbuild/osbuild/issues

Requirements

The requirements for this project are:

bubblewrap >= 0.4.0
python >= 3.7

Additionally, the built-in stages require:

bash >= 5.0
coreutils >= 8.31
curl >= 7.68
qemu-img >= 4.2.0
rpm >= 4.15
tar >= 1.32
util-linux >= 235

At build-time, the following software is required:

python-docutils >= 0.13
pkg-config >= 0.29

Build

The standard python package system is used. Consult upstream documentation for detailed help. In most situations the following commands are sufficient to build and install from source:

python setup.py build
python setup.py install --skip-build --root=/

The man-pages require python-docutils and can be built via:

rst2man docs/<input-file>.rst <output-file>

Repository:

web: https://github.com/osbuild/osbuild
https: https://github.com/osbuild/osbuild.git
ssh: git@github.com:osbuild/osbuild.git

License:

Apache-2.0
See LICENSE file for details.

1.6 KiB Raw Blame History