diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..d67e799 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,40 @@ +# SPDX-License-Identifier: MIT +# Author: Nils Freydank +# +# =========================================================================== +# Update the source image. +# =========================================================================== +FROM gentoo/stage3:amd64-nomultilib-systemd as bootstrap +# Migrate to a merged-usr form. +RUN emerge --quiet-build=y --oneshot merge-usr +RUN merge-usr +RUN eselect profile set "default/linux/amd64/17.1/no-multilib/systemd/merged-usr" +# Replace /etc/portage/make.conf. +RUN rm --one-file-system /etc/portage/make.conf +COPY make.conf /etc/portage/make.conf +RUN chown root:root -R /etc/portage/make.conf +# Update the compiler +RUN emerge --oneshot --usepkg sys-devel/gcc:13 +RUN eselect gcc set x86_64-pc-linux-gnu-13 && source /etc/profile +# Update libtool after the compiler update. +RUN emerge --oneshot sys-devel/libtool +# Rebuild the whole world set, probably mostly with binpkgs. +RUN emerge --emptytree --verbose --usepkg @world +# Install further toolchains +RUN emerge --usepkg --noreplace dev-lang/rust dev-lang/go \ + @rust-rebuild @golang-rebuild +# Rebuild packages if necessary. +RUN emerge @preserved-rebuild + +# =========================================================================== +# Clean up the image. +# =========================================================================== +RUN rm --verbose --recursive --preserve-root /var/tmp/ + +# =========================================================================== +# Create the new image +# =========================================================================== +FROM scratch +COPY --from=bootstrap / / + +# vim:fileencoding=utf-8:ts=4:syntax=dockerfile:expandtab diff --git a/build.sh b/build.sh new file mode 100755 index 0000000..55e6ec9 --- /dev/null +++ b/build.sh @@ -0,0 +1,48 @@ +#!/bin/bash +# SPDX-License-Identifier: MIT +# Author: Nils Freydank +PATH="/usr/bin:/bin:/usr/sbin:/sbin" +set -uxa + +GPG_SIGNING_KEY="${GPG_SIGNING_KEY:-0x0F1DEAB2D36AD112}" + +IMAGE_TAG="gentoo-bootstrap-1:$(date --utc +%Y%m%d_%H%M%S)" +REPOS="${REPOS:-/var/db/repos}" +DISTFILES="${DISTFILES:-/var/cache/distfiles-podman-1}" +BINPKG="${BINPKG:-/var/cache/packages-podman-1}" +LOGDIR="${LOGDIR:-$(pwd)/logs}" +DOCKER_FILE="${DOCKER_FILE:-$(pwd)/Dockerfile}" + +podman_build_args=( + # Limit the memory to be used. + --memory=20G + --memory-swap=1G + --shm-size=2G + # Share the gentoo repo, overlays etc. + -v "${REPOS}:/var/db/repos:ro" + # Share the distfiles, i.e. typically source archives. + -v "${DISTFILES}:/var/cache/distfiles:rw,U" + # Share the binpkgs r/w cache. + -v "${BINPKG}:/var/cache/packages:rw,U" + # Keep the logs out of the container. + -v "${LOGDIR}:/var/log:rw,U" + # Use the given OCI file/Dockerfile. + -f "${DOCKER_FILE}" + # Tag the generated image. + -t "${IMAGE_TAG}" + # Label the image. + --label="gentoo-nfr-${IMAGE_TAG}" + # Sign the image. + #--sign-by="${GPG_SIGNING_KEY}" + --no-cache +) + +mkdir -p "${REPOS}" +mkdir -p "${DISTFILES}" +mkdir -p "${BINPKG}" +mkdir -p "${LOGDIR}" + +podman pull gentoo/stage3:amd64-nomultilib-systemd +podman build "${podman_build_args[@]}" + +# vim:fileencoding=utf-8:ts=4:syntax=bash:expandtab diff --git a/make.conf/LLVM_TARGETS b/make.conf/LLVM_TARGETS new file mode 100644 index 0000000..9a94d9f --- /dev/null +++ b/make.conf/LLVM_TARGETS @@ -0,0 +1 @@ +LLVM_TARGETS="BPF X86" diff --git a/make.conf/elogv b/make.conf/elogv new file mode 100644 index 0000000..3d63e89 --- /dev/null +++ b/make.conf/elogv @@ -0,0 +1,2 @@ +PORTAGE_ELOG_SYSTEM="save" +PORTAGE_ELOG_CLASSES="warn error info log qa" diff --git a/make.conf/flags b/make.conf/flags new file mode 100644 index 0000000..19c48ce --- /dev/null +++ b/make.conf/flags @@ -0,0 +1,13 @@ +COMMON_FLAGS="-O3 -pipe -march=x86-64-v3" +CFLAGS="${COMMON_FLAGS} -D_FORTIFY_SOURCE=3" +CXXFLAGS="${COMMON_FLAGS} -D_FORTIFY_SOURCE=3 -D_GLIBCXX_ASSERTIONS" +FCFLAGS="${COMMON_FLAGS}" +FFLAGS="${COMMON_FLAGS}" +# -Wl,-O1 -Wl,-as-needed are the default flags +# '-fdiagnostics-color=always': print colourful diagnostic messages, see man ld +# '__gentoo_check_ldflags__' : print QA linker flags +# '-Wl,-z,relro' : make segments RO after relocation +# '-Wl,-z,now' : disable lazy-binding +LDFLAGS="-Wl,-O2 -Wl,--as-needed -Wl,-z,relro -Wl,-z,now -fdiagnostics-color=always -Wl,--defsym=__gentoo_check_ldflags__=0" + +CPU_FLAGS_X86="aes" diff --git a/make.conf/global_use b/make.conf/global_use new file mode 100644 index 0000000..0fce73b --- /dev/null +++ b/make.conf/global_use @@ -0,0 +1,2 @@ +USE="-cet -filecaps -python -nls -sslv3 -tcpd" +USE="${USE} caps hardened" diff --git a/make.conf/portage b/make.conf/portage new file mode 100644 index 0000000..28aff24 --- /dev/null +++ b/make.conf/portage @@ -0,0 +1,27 @@ +ACCEPT_KEYWORDS="~amd64" +EMERGE_DEFAULT_OPTS="--quiet-build --autounmask=n --binpkg-respect-use=y" +FEATURES="buildpkg clean-logs compress-build-logs noinfo preserve-libs" +FEATURES="${FEATURES} -ipc-sandbox -network-sandbox -pid-sandbox" +MAKEOPTS="-j7 -l8" +# +BINPKG_FORMAT="gpkg" +PORTAGE_COMPRESS="xz" +PORTAGE_COMPRESS_FLAGS="-9 -T6 --memlimit-decompress=1500M" +BINPKG_COMPRESS="${PORTAGE_COMPRESS}" +BINPKG_COMPRESS_FLAGS="${PORTAGE_COMPRESS_FLAGS}" +#BINPKG_GPG_SIGNING_GPG_HOME="/var/lib/portage/home/.gnupg" +#BINPKG_GPG_SIGNING_KEY="0x1234567890ABCDEF" +#FEATURES="${FEATURES} binpkg-signing" + +# see bug #662982 +P_BASE="/var/cache" +DISTDIR="${P_BASE}/distfiles" +PKGDIR="${P_BASE}/packages" + +PORT_LOGDIR="/var/log/portage" +PORT_LOGDIR_CLEAN="find \"${PORT_LOGDIR}\" -type f ! -name \"summary.log*\" -mtime +84 -delete" + +# This sets the language of build output to English. +# Please keep this setting intact when reporting bugs. +LC_MESSAGES=C +# EOF