Add functionality to support app update

Signed-off-by: Mike Sul <[email protected]>
foundriesio · Jul 3, 2024 · fb4a9a9 · fb4a9a9
1 parent 5289e4a
commit fb4a9a9
Show file tree

Hide file tree

Showing 10 changed files with 181 additions and 40 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,6 +1,3 @@
 build/
-.sysroot
-.init-rootfs
 .device
-.env
 CMakeLists.txt.user
diff --git a/Makefile b/Makefile
@@ -1,15 +1,16 @@
-FACTORYCXX ?= clang++
+CXX ?= clang++
 CC ?= clang
 BUILD_DIR ?= build
 CCACHE_DIR = $(shell pwd)/.ccache
 TARGET ?= sotactl
+BIN = ${BUILD_DIR}/${TARGET}
 
-DEVICE_DIR ?= ${PWD}/.device
+SOTA_DIR ?= ${PWD}/.device/sota
 DEVICE_FACTORY ?= ${FACTORY}
 DEVICE_TOKEN ?= ${AUTH_TOKEN}
 
-OSTREE_SYSROOT ?= ${PWD}/.sysroot
-INIT_ROOTFS ?= ${PWD}/.init-rootfs
+OSTREE_SYSROOT ?= ${PWD}/.device/.sysroot
+INIT_ROOTFS ?= ${PWD}/.device/.init-rootfs
 OS ?= lmp
 
 .PHONY: config build
@@ -22,43 +23,42 @@ config:
 build: config
 	cmake --build ${BUILD_DIR} --target ${TARGET}
 
-${DEVICE_DIR}:
-	mkdir -p ${DEVICE_DIR}
+${SOTA_DIR}:
+	mkdir -p ${SOTA_DIR}
 
-register: ${DEVICE_DIR}
-	DEVICE_FACTORY=${DEVICE_FACTORY} lmp-device-register -T ${DEVICE_TOKEN} --start-daemon 0 -d ${DEVICE_DIR} -t master
-	@echo "[pacman]\nsysroot = ${OSTREE_SYSROOT}" > ${DEVICE_DIR}/z-90-ostree-sysroot-path.toml
-	@echo "os = ${OS}" >> ${DEVICE_DIR}/z-90-ostree-sysroot-path.toml
-	@echo "booted = 0" >> ${DEVICE_DIR}/z-90-ostree-sysroot-path.toml
-	@echo "[bootloader]\nreboot_sentinel_dir = ${DEVICE_DIR}" > ${DEVICE_DIR}/z-91-bootloader.toml
-	@echo "reboot_command = /usr/bin/true" >> ${DEVICE_DIR}/z-91-bootloader.toml
+register: ${SOTA_DIR}
+	DEVICE_FACTORY=${DEVICE_FACTORY} lmp-device-register -T ${DEVICE_TOKEN} --start-daemon 0 -d ${SOTA_DIR} -t master
+	@echo "[pacman]\nsysroot = ${OSTREE_SYSROOT}" > ${SOTA_DIR}/z-90-ostree-sysroot-path.toml
+	@echo "os = ${OS}" >> ${SOTA_DIR}/z-90-ostree-sysroot-path.toml
+	@echo "booted = 0" >> ${SOTA_DIR}/z-90-ostree-sysroot-path.toml
+	@echo "[bootloader]\nreboot_sentinel_dir = ${SOTA_DIR}" > ${SOTA_DIR}/z-91-bootloader.toml
+	@echo "reboot_command = /usr/bin/true" >> ${SOTA_DIR}/z-91-bootloader.toml
 
 unregister:
-	rm -rf ${DEVICE_DIR}/sql.db
-	rm ${DEVICE_DIR}/*.toml
+	@rm -rf ${SOTA_DIR}/sql.db
+	@rm ${SOTA_DIR}/*.toml
 
 ${OSTREE_SYSROOT}:
-	mkdir -p ${OSTREE_SYSROOT}
+	@mkdir -p ${OSTREE_SYSROOT}
 
 ostree: ${OSTREE_SYSROOT}
-	ostree admin init-fs ${OSTREE_SYSROOT}
-	OSTREE_SYSROOT=${OSTREE_SYSROOT} ostree admin os-init ${OS}
-	ostree config --repo="${OSTREE_SYSROOT}/ostree/repo" set core.mode bare-user
-
-init-rootfs:
-	/aklite/aktualizr-lite/tests/make_sys_rootfs.sh ${INIT_ROOTFS} lmp intel-corei7-64 lmp
-	COMMIT=$$(ostree --repo="${OSTREE_SYSROOT}/ostree/repo" commit ${INIT_ROOTFS} --branch lmp); \
+	@ostree admin init-fs ${OSTREE_SYSROOT}
+	@OSTREE_SYSROOT=${OSTREE_SYSROOT} ostree admin os-init ${OS}
+	@ostree config --repo="${OSTREE_SYSROOT}/ostree/repo" set core.mode bare-user
+	@/aklite/aktualizr-lite/tests/make_sys_rootfs.sh ${INIT_ROOTFS} lmp intel-corei7-64 lmp
+	@COMMIT=$$(ostree --repo="${OSTREE_SYSROOT}/ostree/repo" commit ${INIT_ROOTFS} --branch lmp); \
 	ostree admin --sysroot=${OSTREE_SYSROOT} deploy --os=lmp $$COMMIT
+	@rm -rf ${INIT_ROOTFS}
 
-check-meta:
-	AKLITE_CONFIG_DIR=${DEVICE_DIR} ${BUILD_DIR}/${TARGET} check
+check:
+	${BIN} check
 
-run-update:
-	ostree config --repo="${OSTREE_SYSROOT}/ostree/repo" set core.mode bare-user
-	AKLITE_CONFIG_DIR=${DEVICE_DIR} ${BUILD_DIR}/${TARGET} pull
-	ostree config --repo="${OSTREE_SYSROOT}/ostree/repo" set core.mode bare-user-only
-	AKLITE_CONFIG_DIR=${DEVICE_DIR} ${BUILD_DIR}/${TARGET} install
+update:
+	@ostree config --repo="${OSTREE_SYSROOT}/ostree/repo" set core.mode bare-user
+	${BIN} pull
+	@ostree config --repo="${OSTREE_SYSROOT}/ostree/repo" set core.mode bare-user-only
+	${BIN} install
 
-run-finalize:
-	rm -f ${DEVICE_DIR}/need_reboot
-	AKLITE_CONFIG_DIR=${DEVICE_DIR} ${BUILD_DIR}/${TARGET} run
+run:
+	@rm -f ${SOTA_DIR}/need_reboot
+	${BIN} run
diff --git a/build.sh b/build.sh
diff --git a/dev-shell.sh b/dev-shell.sh
@@ -1 +1,12 @@
-docker run --rm -it -u $(id -u):$(id -g) -v $PWD:$PWD -w $PWD --env-file=$PWD/.env sotactl bash
+#!/bin/bash
+
+# Function to execute custom commands before exiting
+down() {
+	docker compose --env-file=$PWD/docker/.env.dev -f $PWD/docker/docker-compose.yml down --remove-orphans
+}
+
+# Register the cleanup function to be called on EXIT
+trap down EXIT
+
+mkdir -p $PWD/.device
+docker compose --env-file=$PWD/docker/.env.dev -f $PWD/docker/docker-compose.yml run -e DEV_USER=$(id -u) -e DEV_GROUP=$(id -g) sotactl
diff --git a/docker/.env.dev b/docker/.env.dev
@@ -0,0 +1,7 @@
+FACTORY=$USER_FACTORY
+AUTH_TOKEN=$USER_TOKEN
+
+SOTA_DIR=$PWD/.device/sota
+DOCKER_DATA_ROOT=$PWD/.device/docker/data
+DOCKER_RUN_ROOT=$PWD/.device/docker/run
+
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -1,3 +1,10 @@
+FROM golang:1.22.2-bookworm AS composeapp
+# Build composeapp
+WORKDIR /build
+RUN git clone https://github.com/foundriesio/composeapp.git && cd composeapp \
+    && STOREROOT=/var/sota/reset-apps COMPOSEROOT=/var/sota/compose-apps BASESYSTEMCONFIG=/usr/lib/docker make \
+    && cp ./bin/composectl /usr/bin/
+
 FROM foundries/aklite-dev as aklite
 
 ARG CCACHE_DIR=${PWD}/.ccache
@@ -10,9 +17,45 @@ RUN git clone https://github.com/foundriesio/aktualizr-lite.git && cd aktualizr-
 WORKDIR /aklite/aktualizr-lite
 RUN make -f dev-flow.mk config install && ldconfig
 
-RUN  apt-get install -y g++ libboost-program-options-dev libboost-filesystem-dev libboost-iostreams-dev
+
+# Install composectl
+COPY --from=composeapp /build/composeapp/bin/composectl /usr/bin/
+
+# Install lmp-device-register
+RUN  apt-get install -y libboost-iostreams-dev
 
 RUN git clone https://github.com/foundriesio/lmp-device-register \
   && cd lmp-device-register && git checkout mp-90 \
-  && cmake -S . -B ./build -DHARDWARE_ID=intel-corei7-64 && cmake --build ./build --target install
+  && cmake -S . -B ./build -DDOCKER_COMPOSE_APP=ON -DHARDWARE_ID=intel-corei7-64 && cmake --build ./build --target install
+
+
+# Add Docker's official GPG key:
+RUN apt-get update && apt-get install -y ca-certificates curl
+RUN install -m 0755 -d /etc/apt/keyrings
+RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
+RUN chmod a+r /etc/apt/keyrings/docker.asc
+
+# Add the repository to Apt sources:
+RUN echo \
+  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
+  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
+  tee /etc/apt/sources.list.d/docker.list > /dev/null
+
+RUN apt-get update && apt-get install -y docker-ce-cli docker-compose-plugin
+
+# Install docker credential helper and auth configuration
+COPY config.json /usr/lib/docker/config.json
+COPY docker-credential-fio-helper /usr/bin/docker-credential-fio-helper
+
+# Install gosu required for the entry/startup script to add a user and group in the container
+RUN wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/1.14/gosu-amd64" && \
+    chmod +x /usr/local/bin/gosu && \
+    gosu nobody true
+
+# Copy the entrypoint script
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+RUN chmod +x /usr/local/bin/entrypoint.sh
 
+# Set entrypoint
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+CMD ["bash"]
diff --git a/docker/config.json b/docker/config.json
@@ -0,0 +1,6 @@
+{
+        "credHelpers": {
+                "hub.foundries.io": "fio-helper"
+        }
+}
+
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
@@ -0,0 +1,33 @@
+version: '3.8'
+
+services:
+  dockerd:
+    image: docker:25.0-dind 
+    command: ["dockerd", "-H", "unix:///var/run/docker/docker.sock"] 
+    volumes:
+      - ${DOCKER_DATA_ROOT}:/var/lib/docker
+      - ${DOCKER_RUN_ROOT}:/var/run/docker
+    privileged: true
+
+  sotactl:
+      build:
+        context: .
+        dockerfile: Dockerfile
+
+      image: sotactl:latest
+      volumes:
+        - "${PWD}:${PWD}"
+        - ${DOCKER_RUN_ROOT}:/var/run/docker
+        - ${SOTA_DIR}:/var/sota
+      working_dir: "${PWD}"
+      hostname: device
+      user: "root"
+      environment:
+        - FACTORY=${FACTORY}
+        - AUTH_TOKEN=${AUTH_TOKEN}
+        - DOCKER_HOST=unix:///var/run/docker/docker.sock
+        - SOTA_DIR=/var/sota
+        - AKLITE_CONFIG_DIR=/var/sota
+        - DOCKER_CONFIG=/usr/lib/docker
+      depends_on:
+      - dockerd
diff --git a/docker/docker-credential-fio-helper b/docker/docker-credential-fio-helper
@@ -0,0 +1,19 @@
+#!/bin/sh -e
+
+# Use stderr for logging err output in libaktualizr
+export LOG_STDERR=1
+SOTA_DIR="${SOTA_DIR-/var/sota}"
+
+LOGLEVEL="${CREDS_LOGLEVEL-4}"
+
+if [ "$1" = "get" ] ; then
+    if [ ! -f ${SOTA_DIR}/sota.toml ] ; then
+        echo "ERROR: Device does not appear to be registered under $SOTA_DIR"
+        exit 1
+    fi
+    server=$(grep -m1 '^[[:space:]]*server' ${SOTA_DIR}/sota.toml | cut -d\" -f2)
+    if [ -z $server ] ; then
+        server="https://ota-lite.foundries.io:8443"
+    fi
+    exec /usr/local/bin/aktualizr-get --loglevel $LOGLEVEL -u ${server}/hub-creds/
+fi
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+if [ -z $DEV_USER ] || [ -z $DEV_GROUP ]; then
+    echo "DEV_USER and DEV_GROUP environment variables must be set."
+    exit 1
+fi
+
+# Create a group with the specified GID if it doesn't already exist
+if ! getent group $DEV_GROUP >/dev/null; then
+    groupadd -g $DEV_GROUP devgrp
+fi
+
+# Create a user with the specified UID and GID if it doesn't already exist
+if ! getent passwd $DEV_USER >/dev/null; then
+    useradd -u $DEV_USER -g $DEV_GROUP -m dev
+fi
+
+# Change ownership of the home directory to the appuser
+chown -R dev:devgrp /home/dev
+
+chown dev:devgrp /var/run/docker/docker.sock
+
+chown -R dev:devgrp /var/sota
+
+# Run the command as the created user
+exec gosu $DEV_USER:$DEV_GROUP "$@"