feat: use skopeo and proot to create base image sandbox [DO-NOT-MERGE]

Change-Id: Id28e2d75c3e0cc7a399f4c7a01bf57b88b2e3e2d

bin/yashchiki

@@ -348,10 +348,14 @@ env.update({"YASHCHIKI_META_DIR": meta_dir})
 run("lib/yashchiki/create_caches.sh", env)
 run("lib/yashchiki/fetch.sh", env)
 if config.get("docker_base_image", False):
-    run("lib/yashchiki/build_base_sandbox.sh", env, [base_sandbox_recipe])
-run(str(pathlib.Path("share", "yashchiki", "styles", args.style,
-                     "create_recipe.sh")),
-    env)
+    run("lib/yashchiki/build_base_sandbox.sh", env)# FIXME: , [base_sandbox_recipe])
+# FIXME: dispatch to apptainer-based build or proot via style config?
+#        (for proot we don't use a apptainer recipe)
+create_recipe_script = pathlib.Path("share", "yashchiki", "styles", args.style,
+        "create_recipe.sh")
+if create_recipe_script.exists():
+    run(str(create_recipe_script), env)
+
 run("lib/yashchiki/build_sandbox.sh", env)
 run("lib/yashchiki/build_image.sh", env)
 

lib/yashchiki/build_base_sandbox.sh

@@ -23,4 +23,49 @@ TARGET_FOLDER="${YASHCHIKI_SANDBOXES}/${CONTAINER_STYLE}"
 
 mkdir -p ${YASHCHIKI_SANDBOXES}
 
-apptainer build --fakeroot --force ${YASHCHIKI_BASEIMAGE_NAME} $1
+#apptainer -d build --fakeroot --force ${YASHCHIKI_BASEIMAGE_NAME} $1
+
+set -x
+skopeo copy docker://${DOCKER_BASE_IMAGE} docker-archive:archive-file.tar:${DOCKER_BASE_IMAGE}
+ARCHIVE_FILE=$(realpath archive-file.tar)
+mkdir -p ${YASHCHIKI_SANDBOXES}/tmp
+pushd ${YASHCHIKI_SANDBOXES}/tmp >/dev/null
+tar xf ${ARCHIVE_FILE}
+ls
+popd >/dev/null
+rm -f ${ARCHIVE_FILE}
+
+mkdir -p ${YASHCHIKI_SANDBOXES}/base_image
+pushd ${YASHCHIKI_SANDBOXES}/base_image >/dev/null
+find ${YASHCHIKI_SANDBOXES}/tmp -name "*.tar" -exec tar xf {} \;
+rm -rf ${YASHCHIKI_SANDBOXES}/tmp
+ls
+popd >/dev/null
+
+mkdir -p "${YASHCHIKI_SANDBOXES}/base_image/opt/spack_install_scripts"
+rsync -aLv --chmod 0755 "${ROOT_DIR}"/share/yashchiki/styles/${CONTAINER_STYLE}/*.sh "${YASHCHIKI_SANDBOXES}/base_image/opt/spack_install_scripts"
+rsync -aLv --chmod 0755 "${ROOT_DIR}"/lib/yashchiki/*.sh "${YASHCHIKI_SANDBOXES}/base_image/opt/spack_install_scripts"
+rsync -aLv "${ROOT_DIR}"/lib/yashchiki/*.awk "${YASHCHIKI_SANDBOXES}/base_image/opt/spack_install_scripts"
+rsync -aLv "${ROOT_DIR}"/share/yashchiki/patches "${YASHCHIKI_SANDBOXES}/base_image/opt/spack_install_scripts"
+
+# create a fingerprint by which we can identify the container from within
+cat /proc/sys/kernel/random/uuid > "${YASHCHIKI_SANDBOXES}/base_image/opt/fingerprint"
+
+cat <<EOF > ${YASHCHIKI_SANDBOXES}/base_image/prepare.sh
+# prerequisites
+ls /opt/spack_install_scripts
+RUNLEVEL=1 /opt/spack_install_scripts/install_prerequisites.sh || exit 1
+# cannot specify permissions in files-section
+chmod 440 /etc/sudoers
+chown root:root /etc/sudoers
+# install locales
+/usr/sbin/locale-gen
+EOF
+
+pushd /
+echo proot -S ${YASHCHIKI_SANDBOXES}/base_image -w /root /bin/dash ${YASHCHIKI_SANDBOXES}/base_image/prepare.sh
+PROOT_NO_SECCOMP=1 TMPDIR=/tmp proot -S ${YASHCHIKI_SANDBOXES}/base_image -w /root /bin/dash ${YASHCHIKI_SANDBOXES}/base_image/prepare.sh
+popd
+echo apptainer -d build --fakeroot --force ${YASHCHIKI_BASEIMAGE_NAME} ${YASHCHIKI_SANDBOXES}/base_image
+TMPDIR=/tmp apptainer -d build --fakeroot --force ${YASHCHIKI_BASEIMAGE_NAME} ${YASHCHIKI_SANDBOXES}/base_image
+rm -rf ${YASHCHIKI_SANDBOXES}/base_image

lib/yashchiki/build_image.sh

@@ -3,6 +3,10 @@
 set -euo pipefail
 shopt -s inherit_errexit 2>/dev/null || true
 
+# for env vars
+SOURCE_DIR="$(dirname "$(readlink -m "${BASH_SOURCE[0]}")")"
+source "${SOURCE_DIR}/commons.sh"
+
 if [ -z "${YASHCHIKI_ENABLE_STAGE_IMAGE:-}" ]; then
     echo "Skipping stage build-base-sandbox."
     exit 0
@@ -15,4 +19,5 @@ if test -f "${YASHCHIKI_IMAGE_NAME}"; then
     exit 1
 fi
 
-apptainer build --fakeroot ${YASHCHIKI_IMAGE_NAME} "${TARGET_FOLDER}"
+set -x
+TMPDIR=/tmp apptainer -d build --fakeroot --bind ${YASHCHIKI_SPACK_PATH}:/opt/spack,ro ${YASHCHIKI_IMAGE_NAME} "${TARGET_FOLDER}"

lib/yashchiki/build_sandbox.sh

@@ -3,6 +3,10 @@
 set -euo pipefail
 shopt -s inherit_errexit 2>/dev/null || true
 
+# for env vars
+SOURCE_DIR="$(dirname "$(readlink -m "${BASH_SOURCE[0]}")")"
+source "${SOURCE_DIR}/commons.sh"
+
 if [ -z "${YASHCHIKI_ENABLE_STAGE_BUILD_BASE:-}" ]; then
     echo "Skipping stage build-base."
     exit 0
@@ -23,11 +27,95 @@ TARGET_FOLDER="${YASHCHIKI_SANDBOXES}/${CONTAINER_STYLE}"
 
 mkdir -p ${YASHCHIKI_SANDBOXES}
 
-apptainer build \
-    --bind ${YASHCHIKI_CACHES_ROOT}/download_cache:/opt/spack/var/spack/cache \
-    --bind ${YASHCHIKI_CACHES_ROOT}/spack_ccache:/opt/ccache \
-    --bind ${YASHCHIKI_CACHES_ROOT}/build_caches:/opt/build_cache \
-    --bind ${YASHCHIKI_CACHES_ROOT}/preserved_packages:/opt/preserved_packages \
-    --bind ${JOB_TMP_SPACK}:/tmp/spack \
-    --bind ${YASHCHIKI_SPACK_CONFIG}:/tmp/spack_config \
-    --fakeroot --sandbox "${TARGET_FOLDER}" "${YASHCHIKI_RECIPE_PATH}" | tee out_singularity_build_recipe.txt
+set -x
+skopeo copy sif:${YASHCHIKI_BASEIMAGE_NAME} docker-archive:archive-file.tar
+ARCHIVE_FILE=$(realpath archive-file.tar)
+mkdir -p ${YASHCHIKI_SANDBOXES}/tmp
+pushd ${YASHCHIKI_SANDBOXES}/tmp >/dev/null
+tar xf ${ARCHIVE_FILE}
+ls
+popd >/dev/null
+rm -f ${ARCHIVE_FILE}
+
+mkdir -p ${TARGET_FOLDER}
+pushd ${TARGET_FOLDER} >/dev/null
+find ${YASHCHIKI_SANDBOXES}/tmp -name "*.tar" -exec tar xf {} \;
+rm -rf ${YASHCHIKI_SANDBOXES}/tmp
+ls
+popd >/dev/null
+
+ls ${TARGET_FOLDER}
+
+# FIXME: from recipe
+# location to bind-mount spack-folder
+mkdir ${TARGET_FOLDER}/opt/spack
+# location to bind-mount spack-source-cache-folder
+mkdir -p ${TARGET_FOLDER}/opt/spack/var/spack/cache/
+# copy spack repo
+rsync -a ${YASHCHIKI_SPACK_PATH}/ ${TARGET_FOLDER}/opt/spack
+# location to bind-mount ccache
+mkdir ${TARGET_FOLDER}/opt/ccache
+# location to bind-mount build_cache
+mkdir -p "${TARGET_FOLDER}${BUILD_CACHE_INSIDE}"
+# # create buildcache directory if it does not exist
+[ ! -d "${BUILD_CACHE_OUTSIDE}" ] && mkdir -p "${BUILD_CACHE_OUTSIDE}"
+# location to mount the full build cache folder into container because some files might be symlinked to other buildcaches
+# mount --no-mtab --bind "${BASE_BUILD_CACHE_OUTSIDE}" "\${APPTAINER_ROOTFS}${BASE_BUILD_CACHE_INSIDE}"
+# location to bind-mount preserved packages in case the build fails
+mkdir -p "${TARGET_FOLDER}${PRESERVED_PACKAGES_INSIDE}"
+# location to bind-mount tmp-folder
+mkdir -p "${TARGET_FOLDER}/tmp/spack"
+# location to bind-mount spack config tmp-folder
+mkdir -p "${TARGET_FOLDER}/tmp/spack_config"
+# copy install scripts
+#mkdir "\${APPTAINER_ROOTFS}/${SPACK_INSTALL_SCRIPTS}"
+rsync -a --chmod 0755 "${ROOT_DIR}"/share/yashchiki/styles/${CONTAINER_STYLE}/*.sh "${TARGET_FOLDER}${SPACK_INSTALL_SCRIPTS}"
+rsync -a --chmod 0755 "${ROOT_DIR}"/lib/yashchiki/*.sh "${TARGET_FOLDER}${SPACK_INSTALL_SCRIPTS}"
+rsync -a "${ROOT_DIR}"/lib/yashchiki/*.awk "${TARGET_FOLDER}${SPACK_INSTALL_SCRIPTS}"
+rsync -a "${ROOT_DIR}"/share/yashchiki/patches "${TARGET_FOLDER}/${SPACK_INSTALL_SCRIPTS}"
+mkdir -p "${TARGET_FOLDER}/${META_DIR_INSIDE}"
+rsync -a "${META_DIR_OUTSIDE}/" "${TARGET_FOLDER}/${META_DIR_INSIDE}"
+# init scripts for user convenience
+mkdir -p "${TARGET_FOLDER}/opt/init"
+rsync -a "${ROOT_DIR}"/share/yashchiki/misc-files/init/*.sh "${TARGET_FOLDER}/opt/init"
+
+rsync -a ${ROOT_DIR}/share/yashchiki/misc-files/setup-spack.sh ${TARGET_FOLDER}/etc/profile.d/setup-spack.sh
+rsync -a ${ROOT_DIR}/share/yashchiki/misc-files/locale.gen ${TARGET_FOLDER}/etc/locale.gen
+rsync -a ${ROOT_DIR}/share/yashchiki/misc-files/locale.alias ${TARGET_FOLDER}/etc/locale.alias
+#rsync -a ${ROOT_DIR}/share/yashchiki/misc-files/sudoers ${TARGET_FOLDER}/etc/sudoers # FIXME: permission denied?
+
+
+cat <<EOF > ${TARGET_FOLDER}/build.sh
+# propagate environment variables to container recipe
+export DEPENDENCY_PYTHON="${DEPENDENCY_PYTHON}"
+export YASHCHIKI_BUILD_SPACK_GCC="${YASHCHIKI_BUILD_SPACK_GCC}"
+export YASHCHIKI_SPACK_GCC="${YASHCHIKI_SPACK_GCC}"
+export YASHCHIKI_SPACK_GCC_VERSION="${YASHCHIKI_SPACK_GCC_VERSION}"
+export YASHCHIKI_JOBS="${YASHCHIKI_JOBS}"
+export YASHCHIKI_SPACK_CONFIG="/tmp/spack_config"
+export YASHCHIKI_CACHES_ROOT="${YASHCHIKI_CACHES_ROOT}"
+export YASHCHIKI_BUILD_CACHE_NAME="${YASHCHIKI_BUILD_CACHE_NAME}"
+export YASHCHIKI_BUILD_CACHE_ON_FAILURE_NAME="${YASHCHIKI_BUILD_CACHE_ON_FAILURE_NAME:-}"
+export YASHCHIKI_SPACK_VERBOSE="${YASHCHIKI_SPACK_VERBOSE}"
+export YASHCHIKI_DEBUG=${YASHCHIKI_DEBUG}
+export CONTAINER_STYLE="${CONTAINER_STYLE}"
+"${SPACK_INSTALL_SCRIPTS}/complete_spack_install_routine_called_in_post.sh"
+EOF
+
+PROOT_NO_SECCOMP=1 proot -w / -S ${TARGET_FOLDER} \
+    --bind=${YASHCHIKI_CACHES_ROOT}/download_cache:/opt/spack/var/spack/cache \
+    --bind=${YASHCHIKI_CACHES_ROOT}/spack_ccache:/opt/ccache \
+    --bind=${YASHCHIKI_CACHES_ROOT}/build_caches:/opt/build_cache \
+    --bind=${YASHCHIKI_CACHES_ROOT}/preserved_packages:/opt/preserved_packages \
+    --bind=${JOB_TMP_SPACK}:/tmp/spack \
+    --bind=${YASHCHIKI_SPACK_CONFIG}:/tmp/spack_config \
+    /bin/dash /build.sh
+
+#apptainer -d build --fakeroot \
+#    --bind ${YASHCHIKI_CACHES_ROOT}/download_cache:/opt/spack/var/spack/cache \
+#    --bind ${YASHCHIKI_CACHES_ROOT}/spack_ccache:/opt/ccache \
+#    --bind ${YASHCHIKI_CACHES_ROOT}/build_caches:/opt/build_cache \
+#    --bind ${YASHCHIKI_CACHES_ROOT}/preserved_packages:/opt/preserved_packages \
+#    --bind ${JOB_TMP_SPACK}:/tmp/spack \
+#    --bind ${YASHCHIKI_SPACK_CONFIG}:/tmp/spack_config \
+#    --sandbox "${TARGET_FOLDER}" "${YASHCHIKI_RECIPE_PATH}" | tee out_singularity_build_recipe.txt

lib/yashchiki/update_build_cache.sh

@@ -3,6 +3,10 @@
 set -euo pipefail
 shopt -s inherit_errexit 2>/dev/null || true
 
+# for env vars
+SOURCE_DIR="$(dirname "$(readlink -m "${BASH_SOURCE[0]}")")"
+source "${SOURCE_DIR}/commons.sh"
+
 usage() { echo "Usage: ${0} -c <container>" 1>&2; exit 1; }
 
 while getopts ":c:" opts; do
@@ -29,10 +33,16 @@ source "${SOURCE_DIR}/commons.sh"
 # update script inside the container
 set +e
 # Arguments needed once we switch to singularity3: --writable-tmpfs
-apptainer exec\
-    -B "${BUILD_CACHE_OUTSIDE}:${BUILD_CACHE_INSIDE}:rw"\
-    "${IMAGE_NAME}" \
-    /opt/spack_install_scripts/update_build_cache_in_container.sh -j ${YASHCHIKI_JOBS} -q || exit 0
+#apptainer exec\
+#    -B "${BUILD_CACHE_OUTSIDE}:${BUILD_CACHE_INSIDE}:rw"\
+#    "${IMAGE_NAME}" \
+#    /opt/spack_install_scripts/update_build_cache_in_container.sh -j ${YASHCHIKI_JOBS} -q || exit 0
+
+TARGET_FOLDER="${YASHCHIKI_SANDBOXES}/${CONTAINER_STYLE}"
+
+proot -w / -S ${TARGET_FOLDER} \
+    --bind="${BUILD_CACHE_OUTSIDE}:${BUILD_CACHE_INSIDE}" \
+    /opt/spack_install_scripts/update_build_cache_in_container.sh -q || exit 0
 
 if [ -n "${CACHE_BUILD_TYPE:-}" ]; then
     if [ ${CACHE_SOURCE_TYPE} != "oci" ]; then