-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathinitbuilder
executable file
·119 lines (104 loc) · 4.37 KB
/
initbuilder
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
#!/bin/bash
: "${OSG_BUILD_IMAGE:=opensciencegrid/osg-build}"
CONTAINER_NAME=osg-build
MOUNT_POINT=/home/build/work
INSIDE_UID=1000 # UID of "build" user inside the container
INSIDE_GID=1000 # GID of "build" user inside the container
die () {
echo "$@" 1>&2
exit 1
}
usage_and_die () {
echo "Usage: $(basename "$0") <work-dir>"
echo
echo "work-dir is the name of a directory above your repository checkouts."
echo "For example, if you did an svn checkout of native/redhat into ~/work/redhat"
echo "then you can specify either ~/work or ~/redhat. (Or just plain ~ if you want"
echo "to mount your entire home directory into the container.)"
echo
echo "Whichever you choose, You need to make sure that your .svn or .git directory"
echo "or directories for the package(s) you want to build are inside work-dir."
echo
echo "The directory will be mounted under $MOUNT_POINT"
exit 2
}
[[ -r $HOME/.globus/usercert.pem ]] || die "~/.globus/usercert.pem not found or not readable"
[[ -r $HOME/.globus/userkey.pem ]] || die "~/.globus/userkey.pem not found or not readable"
[[ -L $HOME/.globus/usercert.pem ]] && die "~/.globus/usercert.pem is a symlink; turn it into a regular file"
[[ -L $HOME/.globus/userkey.pem ]] && die "~/.globus/userkey.pem is a symlink; turn it into a regular file"
work_dir=${1-}
set -eu
# Check which container runtime we're using. If we have podman, use that --
# docker is probably an alias anyway.
docker=docker
using_podman=false
rootless_podman=false
if command -v podman &>/dev/null; then
docker=podman
using_podman=true
if [[ $(id -u) -ne 0 ]]; then
rootless_podman=true
fi
fi
# Check if we already have a container with this name; if we do, then
# we don't have to create it and set it up, just start it.
hash=$($docker ps -a --latest --quiet --filter name=$CONTAINER_NAME)
if [[ -n $hash ]]; then
container_already_exists=true
else
container_already_exists=false
fi
if ! $container_already_exists; then
if [[ ! $work_dir ]]; then
usage_and_die
fi
[[ -x $work_dir ]] || die "$work_dir not found or not readable"
work_dir=$(cd "$work_dir" && pwd -P) || die "error getting absolute path of $work_dir"
echo -n "Creating container $CONTAINER_NAME: "
if $rootless_podman; then
# We're using user namespaces; we need to make sure the current user
# is mapped to the "build" user inside the container for the permissions
# of the bind-mounted volumes to work.
userns_arg="--userns=keep-id:uid=${INSIDE_UID},gid=${INSIDE_GID}"
else
userns_arg=
fi
if [[ -e /etc/localtime ]]; then
localtime_arg="--volume /etc/localtime:/etc/localtime:ro"
else
localtime_arg=""
fi
$docker create -i \
--volume "$HOME/.globus":/root/globus:ro \
--volume "$work_dir":"$MOUNT_POINT" \
$localtime_arg \
--name $CONTAINER_NAME \
$userns_arg \
"$OSG_BUILD_IMAGE" && \
sleep 2
fi
$docker start $CONTAINER_NAME
sleep 2
if $container_already_exists; then
existing_work_dir=$($docker exec $CONTAINER_NAME cat /home/build/.work_dir)
echo "Container $CONTAINER_NAME already exists; work dir is $existing_work_dir"
fi
if $container_already_exists && [[ $work_dir ]]; then # make sure work_dir is same as inside
real_work_dir=$(cd "$work_dir" 2>/dev/null && pwd -P)
if [[ $real_work_dir ]]; then
existing_work_dir=$($docker exec $CONTAINER_NAME cat /home/build/.work_dir)
if [[ $real_work_dir != $existing_work_dir ]]; then
$docker stop $CONTAINER_NAME
die "Specified work dir $work_dir does not match work dir of existing container $existing_work_dir"
fi
fi
fi
# We mounted the grid credentials in a separate directory, so we can copy
# them to ~build/.globus and have the permissions be correct. Do that --
# we need to be root inside.
$docker exec -u 0 $CONTAINER_NAME install -m 0644 -o ${INSIDE_UID} -g ${INSIDE_GID} /root/globus/usercert.pem /home/build/.globus/usercert.pem
$docker exec -u 0 $CONTAINER_NAME install -m 0600 -o ${INSIDE_UID} -g ${INSIDE_GID} /root/globus/userkey.pem /home/build/.globus/userkey.pem
if ! $container_already_exists; then
$docker exec $CONTAINER_NAME \
bash -c "echo '$work_dir' > /home/build/.work_dir"
fi