@@ -52,17 +52,18 @@ sealed_buildargs := "--build-arg=variant=" + variant + " --secret=id=secureboot_
5252# The default target: build the container image from current sources.
5353# Note commonly you might want to override the base image via e.g.
5454# `just build --build-arg=base=quay.io/fedora/fedora-bootc:42`
55- #
56- # This first builds RPMs via the `package` target, then injects them
5755# into the container image.
56+ #
57+ # Note you can set `BOOTC_SKIP_PACKAGE=1` in the environment to bypass this stage.
5858build : package _keygen && _pull-lbi-images
59- @ just _build-from-package target/ packages
60-
61- # Build container image using pre-existing packages from PATH.
62- # This skips the package build step - useful when packages are provided
63- # externally (e.g. downloaded from CI artifacts).
64- build-from-packages PATH : _keygen && _pull-lbi-images
65- @ just _build-from-package {{ PATH}}
59+ #!/ bin/ bash
60+ set -xeuo pipefail
61+ test -d target/ packages
62+ # Resolve to absolute path for podman volume mount
63+ # Use :z for SELinux relabeling
64+ pkg_path=$(realpath target/ packages)
65+ podman build --target=final -v " ${pkg_path}"/ run/ packages:ro,z -t {{ base_img}} {{ buildargs}}
66+ ./ hack/ build-sealed {{ variant}} {{ base_img}} {{ base_img}} {{ sealed_buildargs}}
6667
6768# Pull images used by hack/lbi
6869_ pull-lbi-images :
@@ -91,36 +92,32 @@ _git-build-vars:
9192_ keygen :
9293 ./ hack/ generate-secureboot-keys
9394
94- # Internal helper: build container image from packages at PATH
95- _ build-from-package PATH :
96- #!/ bin/ bash
97- set -xeuo pipefail
98- # Resolve to absolute path for podman volume mount
99- # Use :z for SELinux relabeling
100- pkg_path=$(realpath " {{ PATH}}
101- podman build --target=final -v " ${pkg_path}"/ run/ packages:ro,z -t {{ base_img}} {{ buildargs}}
102- ./ hack/ build-sealed {{ variant}} {{ base_img}} {{ base_img}} {{ sealed_buildargs}}
103-
10495# Build a sealed image from current sources.
10596build-sealed :
10697 @ just --justfile {{ justfile ()}}
10798
108- # Build packages (e.g. RPM) using a container buildroot
109- _ packagecontainer :
99+ # Build packages (e.g. RPM) into target/packages/
100+ # Any old packages will be removed.
101+ # Set BOOTC_SKIP_PACKAGE=1 in the environment to bypass this stage. We don't
102+ # yet have an accurate ability to avoid rebuilding this in CI yet.
103+ package :
110104 #!/ bin/ bash
111105 set -xeuo pipefail
106+ packages=target/ packages
107+ if test -n " ${BOOTC_SKIP_PACKAGE:-}"
108+ if test ' !'" ${packages}"
109+ echo " BOOTC_SKIP_PACKAGE is set, but missing ${packages}"1 >&2 ; exit 1
110+ fi
111+ exit 0
112+ fi
112113 eval $(just _git-build-vars)
113114 echo " Building RPM with version: ${VERSION}"
114115 podman build {{ base_buildargs}} / bootc-pkg --target=build .
115-
116- # Build packages (e.g. RPM) into target/packages/
117- # Any old packages will be removed.
118- package : _packagecontainer
119- mkdir -p target/ packages
120- rm -vf target/ packages/ *.rpm
121- podman run --rm localhost/ bootc-pkg tar -C / out/ -cf - . | tar -C target/ packages/ -xvf -
122- chmod a+ rx target target/ packages
123- chmod a+ r target/ packages/ *.rpm
116+ mkdir -p " ${packages}"
117+ rm -vf " ${packages}"/ *.rpm
118+ podman run --rm localhost/ bootc-pkg tar -C / out/ -cf - . | tar -C " ${packages}"/ -xvf -
119+ chmod a+ rx target " ${packages}"
120+ chmod a+ r " ${packages}"/ *.rpm
124121 # Keep localhost/bootc-pkg for layer caching; use `just clean-local-images` to reclaim space
125122
126123# Build+test using the `composefs-sealeduki-sdboot` variant.
0 commit comments