Merge pull request #617 from amazonlinux/versions

versions: Differentiate between build version and image version

Dockerfile

@@ -87,9 +87,11 @@ COPY --from=rpmbuild /home/builder/rpmbuild/RPMS/*/*.rpm /output/
 FROM sdk AS imgbuild
 ARG PACKAGES
 ARG ARCH
+ARG VERSION_ID
+ARG BUILD_ID
 ARG NOCACHE
 ARG VARIANT
-ENV VARIANT=${VARIANT}
+ENV VARIANT=${VARIANT} VERSION_ID=${VERSION_ID} BUILD_ID=${BUILD_ID}
 WORKDIR /root
 
 USER root

Makefile.toml

@@ -8,7 +8,8 @@ BUILDSYS_OUTPUT_DIR = "${BUILDSYS_ROOT_DIR}/build"
 BUILDSYS_TOOLS_DIR = "${BUILDSYS_ROOT_DIR}/tools"
 BUILDSYS_SOURCES_DIR = "${BUILDSYS_ROOT_DIR}/workspaces"
 BUILDSYS_TIMESTAMP = { script = ["date +%s"] }
-BUILDSYS_VERSION = { script = ["git describe --tag --dirty || date +%Y%m%d"] }
+BUILDSYS_VERSION_BUILD = { script = ["git describe --always --dirty --exclude '*' || echo 00000000"] }
+BUILDSYS_VERSION_IMAGE = { script = ["awk -F '[ =\"]+' '$1 == \"version\" {print $2}' Release.toml"] }
 BUILDSYS_VARIANT = "aws-k8s"
 
 CARGO_HOME = "${BUILDSYS_ROOT_DIR}/.cargo"
@@ -165,43 +166,10 @@ script = [
 '''
 ]
 
-[tasks.link-clean]
-dependencies = ["fetch"]
-script = [
-'''
-PREFIX="thar-${BUILDSYS_ARCH}-${BUILDSYS_VARIANT}"
-for link in ${BUILDSYS_OUTPUT_DIR}/${PREFIX}-*.lz4; do
-  if [ -L "${link}" ]; then
-    rm ${link}
-  fi
-done
-'''
-]
-
-[tasks.link-variant]
-script = [
-'''
-PREFIX="thar-${BUILDSYS_ARCH}-${BUILDSYS_VARIANT}"
-VERSIONED="${PREFIX}-${BUILDSYS_VERSION}"
-ln -snf ${BUILDSYS_OUTPUT_DIR}/${PREFIX}.img.lz4 \
-  ${BUILDSYS_OUTPUT_DIR}/${VERSIONED}.img.lz4
-ln -snf ${BUILDSYS_OUTPUT_DIR}/${PREFIX}-data.img.lz4 \
-  ${BUILDSYS_OUTPUT_DIR}/${VERSIONED}-data.img.lz4
-ln -snf ${BUILDSYS_OUTPUT_DIR}/${PREFIX}-boot.ext4.lz4 \
-  ${BUILDSYS_OUTPUT_DIR}/${VERSIONED}-boot.ext4.lz4
-ln -snf ${BUILDSYS_OUTPUT_DIR}/${PREFIX}-root.ext4.lz4 \
-  ${BUILDSYS_OUTPUT_DIR}/${VERSIONED}-root.ext4.lz4
-ln -snf ${BUILDSYS_OUTPUT_DIR}/${PREFIX}-root.verity.lz4 \
-  ${BUILDSYS_OUTPUT_DIR}/${VERSIONED}-root.verity.lz4
-'''
-]
-
 [tasks.build]
 dependencies = [
-    "link-clean",
     "build-variant",
     "check-licenses",
-    "link-variant",
 ]
 
 [tasks.world]

packages/release/release.spec

@@ -1,8 +1,8 @@
 %global _cross_first_party 1
 
 Name: %{_cross_os}release
-Version: 0.2.1
-Release: 1%{?dist}
+Version: 0.0
+Release: 0%{?dist}
 Summary: Thar release
 License: LicenseRef-Pending
 
@@ -78,9 +78,7 @@ install -p -m 0644 %{S:99} %{buildroot}%{_cross_tmpfilesdir}/release.conf
 
 cat >%{buildroot}%{_cross_libdir}/os-release <<EOF
 NAME=Thar
-PRETTY_NAME="Thar, The Operating System (%{version})"
 ID=thar
-VERSION_ID=%{version}
 EOF
 
 install -d %{buildroot}%{_cross_unitdir}

tools/buildsys/src/builder.rs

@@ -58,6 +58,8 @@ impl VariantBuilder {
         let packages = packages.join("|");
         let arch = getenv("BUILDSYS_ARCH")?;
         let variant = getenv("BUILDSYS_VARIANT")?;
+        let version_image = getenv("BUILDSYS_VERSION_IMAGE")?;
+        let version_build = getenv("BUILDSYS_VERSION_BUILD")?;
 
         // Always rebuild variants since they are located in a different workspace,
         // and don't directly track changes in the underlying packages.
@@ -67,10 +69,14 @@ impl VariantBuilder {
         let build_args = format!(
             "--build-arg PACKAGES={packages} \
              --build-arg ARCH={arch} \
-             --build-arg VARIANT={variant}",
+             --build-arg VARIANT={variant} \
+             --build-arg VERSION_ID={version_image} \
+             --build-arg BUILD_ID={version_build}",
             packages = packages,
             arch = arch,
             variant = variant,
+            version_image = version_image,
+            version_build = version_build,
         );
         let tag = format!("buildsys-var-{variant}-{arch}", variant = variant, arch = arch);
 

tools/rpm2img

@@ -13,11 +13,12 @@ done
 
 mkdir -p "${OUTPUT_DIR}"
 
-DISK_IMAGE_NAME="thar-${ARCH}-${VARIANT}.img.lz4"
-BOOT_IMAGE_NAME="thar-${ARCH}-${VARIANT}-boot.ext4.lz4"
-VERITY_IMAGE_NAME="thar-${ARCH}-${VARIANT}-root.verity.lz4"
-ROOT_IMAGE_NAME="thar-${ARCH}-${VARIANT}-root.ext4.lz4"
-DATA_IMAGE_NAME="thar-${ARCH}-${VARIANT}-data.img.lz4"
+FILENAME_PREFIX="thar-${ARCH}-${VARIANT}-${VERSION_ID}-${BUILD_ID}"
+DISK_IMAGE_NAME="${FILENAME_PREFIX}.img.lz4"
+BOOT_IMAGE_NAME="${FILENAME_PREFIX}-boot.ext4.lz4"
+VERITY_IMAGE_NAME="${FILENAME_PREFIX}-root.verity.lz4"
+ROOT_IMAGE_NAME="${FILENAME_PREFIX}-root.ext4.lz4"
+DATA_IMAGE_NAME="${FILENAME_PREFIX}-data.img.lz4"
 
 DISK_IMAGE="$(mktemp)"
 BOOT_IMAGE="$(mktemp)"
@@ -111,8 +112,11 @@ fi
 # Now that we're done messing with /, move /boot out of it
 mv "${ROOT_MOUNT}/boot"/* "${BOOT_MOUNT}"
 
-# Set the Thar variant
+# Set the Thar variant, version, and build-id
+echo "PRETTY_NAME=\"Thar, The Operating System (${VERSION_ID})\"" >> ${ROOT_MOUNT}/${SYS_ROOT}/usr/lib/os-release
 echo "VARIANT_ID=${VARIANT}" >> ${ROOT_MOUNT}/${SYS_ROOT}/usr/lib/os-release
+echo "VERSION_ID=${VERSION_ID}" >> ${ROOT_MOUNT}/${SYS_ROOT}/usr/lib/os-release
+echo "BUILD_ID=${BUILD_ID}" >> ${ROOT_MOUNT}/${SYS_ROOT}/usr/lib/os-release
 
 # THAR-ROOT-A
 mkfs.ext4 -O ^has_journal -b "${VERITY_DATA_BLOCK_SIZE}" -d "${ROOT_MOUNT}" "${ROOT_IMAGE}" 920M

tools/update_sign_tuf_repo/README.md

@@ -11,7 +11,7 @@ Using a signing key that it pulls down via SSM Secure Parameters, it will sign t
 ## Running
 
 In order the run this code, you must have:
-* Current `Thar` code repository (more specifically `RELEASE.toml`, and a trusted `root.json`)
+* Current `Thar` code repository (more specifically `Release.toml`, and a trusted `root.json`)
 * Built Thar artifacts in a directory (the images that end up in `/build` and suffixed with `.lz4`)
 * The metadata and target URLs for an existing TUF repository (most likely in S3)
 
@@ -34,4 +34,4 @@ All items (other than `manifest.json`) are signed and are suitable for syncing t
 
 ## Colophon
 
-This text was generated using [cargo-readme](https://crates.io/crates/cargo-readme), and includes the rustdoc from `src/main.rs`.
+This text was generated using [cargo-readme](https://crates.io/crates/cargo-readme), and includes the rustdoc from `src/main.rs`.

tools/update_sign_tuf_repo/src/main.rs

@@ -8,7 +8,7 @@ Using a signing key that it pulls down via SSM Secure Parameters, it will sign t
 # Running
 
 In order the run this code, you must have:
-* Current `Thar` code repository (more specifically `RELEASE.toml`, and a trusted `root.json`)
+* Current `Thar` code repository (more specifically `Release.toml`, and a trusted `root.json`)
 * Built Thar artifacts in a directory (the images that end up in `/build` and suffixed with `.lz4`)
 * The metadata and target URLs for an existing TUF repository (most likely in S3)
 
@@ -66,7 +66,7 @@ const EXISTING_TUF_REPO_DIR: &str = "/tmp/tuf_in";
 const UPDATED_TUF_REPO_DIR: &str = "/tmp/tuf_out";
 const ROOT_JSON: &str = "root.json";
 const TUF_MANIFEST_JSON: &str = "manifest.json";
-const RELEASE_TOML: &str = "RELEASE.toml";
+const RELEASE_TOML: &str = "Release.toml";
 const FILES_TO_SIGN: &[&str] = &["boot", "root", "verity"];
 const OS_NAME: &str = "thar";
 
@@ -231,7 +231,7 @@ struct EnvVars {
     timestamp_refresh_days: i64,
 }
 
-// Represents RELEASE.toml
+// Represents Release.toml
 // TODO: Make this into a crate
 #[derive(Deserialize, Debug)]
 struct ReleaseInfo {
@@ -240,7 +240,7 @@ struct ReleaseInfo {
     migrations: Vec<Migration>,
 }
 
-// Represents migration info from RELEASE.toml
+// Represents migration info from Release.toml
 #[derive(Deserialize, Debug)]
 struct Migration {
     from: String,
@@ -484,9 +484,9 @@ fn run() -> Result<()> {
         Err(error) => return Err(error).context(error::EnvironmentVariables)?,
     };
 
-    // Parse the RELEASE.toml into a ReleaseInfo struct
-    // RELEASE.toml is located at ${CODEBUILD_SRC_DIR}/RELEASE.toml
-    info!("Reading and deserializing RELEASE.toml");
+    // Parse the Release.toml into a ReleaseInfo struct
+    // Release.toml is located at ${CODEBUILD_SRC_DIR}/Release.toml
+    info!("Reading and deserializing Release.toml");
     let release_path = Path::new(&env_vars.codebuild_src_dir).join(RELEASE_TOML);
     let release_reader = File::open(&release_path).context(error::FileOpen {
         path: &release_path,

workspaces/updater/updog/src/main.rs

@@ -146,13 +146,17 @@ fn running_version() -> Result<(SemVer, String)> {
                 version = Some(
                     SemVer::parse(&line[key.len()..]).context(error::VersionIdParse { line })?,
                 );
+                continue;
             }
-        } else if flavor.is_none() {
+        }
+        if flavor.is_none() {
             let key = "VARIANT_ID=";
             if line.starts_with(key) {
                 flavor = Some(String::from(&line[key.len()..]));
+                continue;
             }
-        } else {
+        }
+        if version.is_some() && flavor.is_some() {
             break;
         }
     }