1#!/bin/bash 2 3# Copyright 2018 Google Inc. All rights reserved. 4 5# Licensed under the Apache License, Version 2.0 (the "License"); 6# you may not use this file except in compliance with the License. 7# You may obtain a copy of the License at 8 9# http://www.apache.org/licenses/LICENSE-2.0 10 11# Unless required by applicable law or agreed to in writing, software 12# distributed under the License is distributed on an "AS IS" BASIS, 13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14# See the License for the specific language governing permissions and 15# limitations under the License. 16 17set -x 18set -o errexit 19shopt -s extglob 20 21# If "true" install host orchestration capabilities. 22host_orchestration_flag="false" 23 24while getopts ":o" flag; do 25 case "${flag}" in 26 o) host_orchestration_flag="true";; 27 esac 28done 29 30sudo apt-get update 31 32sudo apt install -y debconf-utils 33 34# Avoids blocking "Default mirror not found" popup prompt when pbuilder is installed. 35echo "pbuilder pbuilder/mirrorsite string https://deb.debian.org/debian" | sudo debconf-set-selections 36 37# Stuff we need to get build support 38sudo apt install -y debhelper ubuntu-dev-tools equivs "${extra_packages[@]}" 39 40function install_bazel() { 41 # From https://bazel.build/install/ubuntu 42 echo "Installing bazel" 43 sudo apt install apt-transport-https curl gnupg -y 44 curl -fsSL https://bazel.build/bazel-release.pub.gpg | gpg --dearmor >bazel-archive-keyring.gpg 45 sudo mv bazel-archive-keyring.gpg /usr/share/keyrings 46 echo "deb [arch=amd64 signed-by=/usr/share/keyrings/bazel-archive-keyring.gpg] https://storage.googleapis.com/bazel-apt stable jdk1.8" | sudo tee /etc/apt/sources.list.d/bazel.list 47 # bazel needs the zip command to gather test outputs but doesn't depend on it 48 sudo apt-get update && sudo apt-get install -y bazel zip unzip 49} 50 51install_bazel 52 53# Resize 54sudo apt install -y cloud-utils 55sudo apt install -y cloud-guest-utils 56sudo apt install -y fdisk 57sudo growpart /dev/sdb 1 || /bin/true 58sudo e2fsck -f -y /dev/sdb1 || /bin/true 59sudo resize2fs /dev/sdb1 60 61# Install the cuttlefish build deps 62 63for dsc in *.dsc; do 64 yes | sudo mk-build-deps -i "${dsc}" -t apt-get 65done 66 67# Installing the build dependencies left some .deb files around. Remove them 68# to keep them from landing on the image. 69yes | rm -f *.deb 70 71for dsc in *.dsc; do 72 # Unpack the source and build it 73 74 dpkg-source -x "${dsc}" 75 dir="$(basename "${dsc}" .dsc)" 76 dir="${dir/_/-}" 77 pushd "${dir}/" 78 debuild -uc -us 79 popd 80done 81 82# Now gather all of the relevant .deb files to copy them into the image 83debs=(!(cuttlefish-orchestration*).deb) 84if [[ "${host_orchestration_flag}" == "true" ]]; then 85 debs+=( cuttlefish-orchestration*.deb ) 86fi 87 88tmp_debs=() 89for i in "${debs[@]}"; do 90 tmp_debs+=(/tmp/"$(basename "$i")") 91done 92 93# Now install the packages on the disk 94sudo mkdir -p /mnt/image 95sudo mount /dev/sdb1 /mnt/image 96cp "${debs[@]}" /mnt/image/tmp 97sudo mount -t sysfs none /mnt/image/sys 98sudo mount -t proc none /mnt/image/proc 99sudo mount --bind /boot/efi /mnt/image/boot/efi 100sudo mount --bind /dev/ /mnt/image/dev 101sudo mount --bind /dev/pts /mnt/image/dev/pts 102sudo mount --bind /run /mnt/image/run 103# resolv.conf is needed on Debian but not Ubuntu 104if [ ! -f /mnt/image/etc/resolv.conf ]; then 105 sudo cp /etc/resolv.conf /mnt/image/etc/ 106fi 107sudo chroot /mnt/image /usr/bin/apt update 108sudo chroot /mnt/image /usr/bin/apt install -y "${tmp_debs[@]}" 109 110# Install JDK. 111# 112# JDK it's not required to launch a CF device. It's required to run 113# some of Tradefed tests that are run from the CF host side like 114# some CF gfx tests, adb tests, etc. 115sudo chroot /mnt/image /usr/bin/wget -P /usr/java https://download.java.net/java/GA/jdk21.0.2/f2283984656d49d69e91c558476027ac/13/GPL/openjdk-21.0.2_linux-x64_bin.tar.gz 116# https://download.java.net/java/GA/jdk21.0.2/f2283984656d49d69e91c558476027ac/13/GPL/openjdk-21.0.2_linux-x64_bin.tar.gz.sha256 117export JDK21_SHA256SUM=a2def047a73941e01a73739f92755f86b895811afb1f91243db214cff5bdac3f 118if ! echo "$JDK21_SHA256SUM /usr/java/openjdk-21.0.2_linux-x64_bin.tar.gz" | sudo chroot /mnt/image /usr/bin/sha256sum -c ; then 119 echo "** ERROR: KEY MISMATCH **"; popd >/dev/null; exit 1; 120fi 121sudo chroot /mnt/image /usr/bin/tar xvzf /usr/java/openjdk-21.0.2_linux-x64_bin.tar.gz -C /usr/java 122sudo chroot /mnt/image /usr/bin/rm /usr/java/openjdk-21.0.2_linux-x64_bin.tar.gz 123echo 'JAVA_HOME=/usr/java/jdk-21.0.2' | sudo chroot /mnt/image /usr/bin/tee -a /etc/environment >/dev/null 124echo 'JAVA_HOME=/usr/java/jdk-21.0.2' | sudo chroot /mnt/image /usr/bin/tee -a /etc/profile >/dev/null 125echo 'PATH=$JAVA_HOME/bin:$PATH' | sudo chroot /mnt/image /usr/bin/tee -a /etc/profile >/dev/null 126 127# install tools dependencies 128sudo chroot /mnt/image /usr/bin/apt install -y unzip bzip2 lzop 129sudo chroot /mnt/image /usr/bin/apt install -y aapt 130sudo chroot /mnt/image /usr/bin/apt install -y screen # needed by tradefed 131 132sudo chroot /mnt/image /usr/bin/find /home -ls 133sudo chroot /mnt/image /usr/bin/apt install -t bookworm-security -y linux-image-cloud-amd64 134 135# update QEMU version to most recent backport 136sudo chroot /mnt/image /usr/bin/apt install -y --only-upgrade qemu-system-x86 -t bookworm 137sudo chroot /mnt/image /usr/bin/apt install -y --only-upgrade qemu-system-arm -t bookworm 138sudo chroot /mnt/image /usr/bin/apt install -y --only-upgrade qemu-system-misc -t bookworm 139 140# Install GPU driver dependencies 141sudo cp install_nvidia.sh /mnt/image/ 142sudo chroot /mnt/image /usr/bin/bash install_nvidia.sh 143sudo rm /mnt/image/install_nvidia.sh 144 145# Vulkan loader 146sudo chroot /mnt/image /usr/bin/apt install -y libvulkan1 -t bookworm 147 148# Wayland-server needed to have Nvidia driver fail gracefully when attempting to 149# use the EGL API on GCE instances without a GPU. 150sudo chroot /mnt/image /usr/bin/apt install -y libwayland-server0 -t bookworm 151 152# Clean up the builder's version of resolv.conf 153sudo rm /mnt/image/etc/resolv.conf 154 155# Make sure the image has /var/empty, and allow unprivileged_userns_clone for 156# minijail process sandboxing 157sudo chroot /mnt/image /usr/bin/mkdir -p /var/empty 158sudo tee /mnt/image/etc/sysctl.d/80-nsjail.conf >/dev/null <<EOF 159kernel.unprivileged_userns_clone=1 160EOF 161 162# Skip unmounting: 163# Sometimes systemd starts, making it hard to unmount 164# In any case we'll unmount cleanly when the instance shuts down 165 166echo IMAGE_WAS_CREATED 167