gardenlinux
diff --git a/‎Dockerfile‎
Lines changed: 4 additions & 2 deletions b/‎Dockerfile‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎build‎
Lines changed: 1 addition & 4 deletions b/‎build‎
Lines changed: 1 addition & 4 deletions
diff --git a/‎builder/Makefile‎
Lines changed: 16 additions & 17 deletions b/‎builder/Makefile‎
Lines changed: 16 additions & 17 deletions
diff --git a/‎builder/make_get_image_dependencies‎
Lines changed: 7 additions & 7 deletions b/‎builder/make_get_image_dependencies‎
Lines changed: 7 additions & 7 deletions
diff --git a/‎builder/make_list_build_artifacts‎
Lines changed: 5 additions & 6 deletions b/‎builder/make_list_build_artifacts‎
Lines changed: 5 additions & 6 deletions
@@ -27,7 +27,7 @@ COPY --from=resizefat32 /usr/bin/resizefat32 /usr/bin/resizefat32
 RUN curl "https://github.com/gardenlinux/aws-kms-pkcs11/releases/download/latest/aws_kms_pkcs11-$(dpkg --print-architecture).so" -sLo "/usr/lib/$(uname -m)-linux-gnu/pkcs11/aws_kms_pkcs11.so"
 COPY builder /builder
 RUN mkdir /builder/cert
-COPY setup_namespace /usr/sbin/setup_namespace
+COPY setup_env /usr/sbin/setup_env
 RUN curl -sSLf https://github.com/gardenlinux/seccomp_fake_xattr/releases/download/latest/seccomp_fake_xattr-$(uname -m).tar.gz \
 	| gzip -d \
 	| tar -xO seccomp_fake_xattr-$(uname -m)/fake_xattr > /usr/bin/fake_xattr \
@@ -37,4 +37,6 @@ RUN mkdir /tmp/sbsign \
 	&& curl -sSLf https://github.com/gardenlinux/package-sbsigntool/releases/download/0.9.4-3.2gl0/build.tar.xz.0000 | xz -d | tar -x \
 	&& dpkg -i sbsigntool_*_$(dpkg --print-architecture).deb
 RUN echo 'root:1:65535' | tee /etc/subuid /etc/subgid > /dev/null
-ENTRYPOINT [ "/usr/sbin/setup_namespace" ]
+RUN python3 -m venv /root/.local/builder-python-venv
+RUN /root/.local/builder-python-venv/bin/pip install -r "/builder/requirements.txt"
+ENTRYPOINT [ "/usr/sbin/setup_env" ]
@@ -92,12 +92,9 @@ commit="$(./get_commit)"
 timestamp="$(./get_timestamp)"
 default_version="$(./get_version)"
 
-
 if [ "$resolve_cname" = 1 ]; then
 	arch="$("$container_engine" run --rm "${container_run_opts[@]}" "${container_mount_opts[@]}" "$container_image" dpkg --print-architecture)"
-	cname="$("$container_engine" run --rm "${container_run_opts[@]}" "${container_mount_opts[@]}" "$container_image" /builder/parse_features --feature-dir /builder/features --default-arch "$arch" --default-version "$default_version" --cname "$1")"
-	short_commit="$(head -c 8 <<< "$commit")"
-	echo "$cname-$short_commit" >&3
+	echo "$("$container_engine" run --rm "${container_run_opts[@]}" "${container_mount_opts[@]}" "$container_image" gl-cname --feature-dir /builder/features --arch "$arch" --version "${default_version}-${commit}" "$1")"
 	exit 0
 fi
 
 
@@ -10,11 +10,6 @@ export BASH_ENV := make_bash_env
 
 MAKEFLAGS += --no-builtin-rules
 
-lastword = $(word $(words $1),$1)
-prelastword = $(word $(words $1),_ $1)
-cname_version = $(call lastword,$(subst -, ,$1))
-cname_arch = $(call prelastword,$(subst -, ,$1))
-
 define require_var =
 ifndef $1
 $$(error '$1 undefined')
@@ -28,6 +23,10 @@ SHORT_COMMIT := $(shell head -c 8 <<< '$(COMMIT)')
 
 DEFAULT_ARCH := $(shell dpkg --print-architecture)
 
+cname_gl_version = $(shell gl-features-parse --feature-dir features --default-arch '$(NATIVE_ARCH)' --default-version '$(DEFAULT_VERSION)-$(SHORT_COMMIT)' --cname '$1' version)
+cname_arch = $(shell gl-features-parse --feature-dir features --default-arch '$(NATIVE_ARCH)' --default-version '$(DEFAULT_VERSION)-$(SHORT_COMMIT)' --cname '$1' arch)
+gl_version = $(firstword $(subst -, ,$(call cname_gl_version,$1)))
+
 export AWS_DEFAULT_REGION AWS_REGION AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN
 
 .PHONY: clean
@@ -38,19 +37,19 @@ clean:
 .build/%.sentinel:
 	true
 
-.build/bootstrap-%-$(SHORT_COMMIT).tar: $$(shell ./make_repo_sentinel $$(REPO) $$(call cname_version,$$*))
+.build/bootstrap-%.tar: $$(shell ./make_repo_sentinel $$(REPO) $$(call cname_gl_version,$$*))
 	target '$@'
-	info 'bootstrapping $*-$(SHORT_COMMIT)'
+	info 'bootstrapping $*'
 	arch='$(call cname_arch,$*)'
-	version='$(call cname_version,$*)'
+	version='$(call gl_version,$*)'
 	./bootstrap "$$arch" "$$version" '$(REPO)' keyring.gpg '$@'
 
-.build/%-$(SHORT_COMMIT).tar: .build/bootstrap-$$(call cname_arch,$$*)-$$(call cname_version,$$*)-$(SHORT_COMMIT).tar $(shell ./make_directory_sentinel features) $(shell ./make_directory_sentinel cert)
+.build/%.tar: .build/bootstrap-$$(call cname_arch,$$*)-$$(call cname_gl_version,$$*).tar $(shell ./make_directory_sentinel features) $(shell ./make_directory_sentinel cert)
 	target '$@' '$<'
-	info 'configuring rootfs $*-$(SHORT_COMMIT)'
-	features="$$(./parse_features --feature-dir features --cname '$*' features)"
+	info 'configuring rootfs $*'
+	features="$$(gl-features-parse --feature-dir features --cname '$*' features)"
 	BUILDER_CNAME='$*'
-	BUILDER_VERSION='$(call cname_version,$*)'
+	BUILDER_VERSION='$(call gl_version,$*)'
 	BUILDER_ARCH='$(call cname_arch,$*)'
 	BUILDER_TIMESTAMP='$(TIMESTAMP)'
 	BUILDER_COMMIT='$(COMMIT)'
@@ -59,14 +58,14 @@ clean:
 	./configure '$(word 1,$^)' '$@'
 
 define artifact_template =
-.build/%-$(SHORT_COMMIT).$1: $$$$(shell COMMIT=$(SHORT_COMMIT) ./make_get_image_dependencies '$$$$@') $$(shell ./make_directory_sentinel features) $$(shell ./make_directory_sentinel cert)
+.build/%.$1: $$$$(shell COMMIT=$(SHORT_COMMIT) ./make_get_image_dependencies '$$$$@') $$(shell ./make_directory_sentinel features) $$(shell ./make_directory_sentinel cert)
 	script='$$(word 1,$$^)'
 	input='$$(word 2,$$^)'
 	target '$$@' "$$$$input"
 	info 'building $1 image $$*'
-	features="$$$$(./parse_features --feature-dir features --cname '$$*' features)"
+	features="$$$$(gl-features-parse --feature-dir features --cname '$$*' features)"
 	BUILDER_CNAME='$$*'
-	BUILDER_VERSION='$$(call cname_version,$$*)'
+	BUILDER_VERSION='$$(call gl_version,$$*)'
 	BUILDER_ARCH='$$(call cname_arch,$$*)'
 	BUILDER_TIMESTAMP='$$(TIMESTAMP)'
 	BUILDER_COMMIT='$$(COMMIT)'
@@ -77,15 +76,15 @@ endef
 
 $(foreach artifact_rule,$(shell ./make_get_artifact_rules),$(eval $(call artifact_template,$(artifact_rule))))
 
-.build/%-$(SHORT_COMMIT).artifacts: $$(shell COMMIT=$(SHORT_COMMIT) ./make_list_build_artifacts '$$*')
+.build/%.artifacts: $$(shell COMMIT=$(SHORT_COMMIT) DEFAULT_VERSION=$(DEFAULT_VERSION) NATIVE_ARCH=$(NATIVE_ARCH) ./make_list_build_artifacts '$$*')
 	target '$@'
 	echo -n > '$@'
 	for f in $^; do
 		basename "$$f" | tee -a '$@'
 		echo "$$(basename "$$f").log" | tee -a '$@'
 	done
 
-%: .build/$$(shell ./parse_features --feature-dir features --default-arch '$$(DEFAULT_ARCH)' --default-version '$$(DEFAULT_VERSION)' --cname '$$*')-$(SHORT_COMMIT).artifacts
+%: .build/$$(shell gl-features-parse --feature-dir features --default-arch '$$(DEFAULT_ARCH)' --default-version '$$(DEFAULT_VERSION)-$$(SHORT_COMMIT)' --cname '$$*').artifacts
 	ln -f -s -r '$<' '.build/$*'
 
 # prevents match anything rule from applying to Makefile and image/convert scripts
 
@@ -7,7 +7,7 @@ exec 1>&2
 
 # get longest chain of extensions, but not extensions starting with a number to prevent parsing minor version as extension
 extension="$(grep -E -o '(\.[a-z][a-zA-Z0-9\-_]*)*$' <<< "$1")"
-artifact_base="${1%"-$COMMIT$extension"}"
+artifact_base="${1%"$extension"}"
 cname="$(basename "$artifact_base")"
 
 [ "$extension" != ".raw" ] || extension=
@@ -18,15 +18,15 @@ input=
 
 if [ -f "image$extension" ]; then
 	script="image$extension"
-	input="$artifact_base-$COMMIT.tar"
+	input="$artifact_base.tar"
 fi
 
 if [ -f "convert$extension" ]; then
 	script="convert$extension"
-	input="$artifact_base-$COMMIT.raw"
+	input="$artifact_base.raw"
 fi
 
-IFS=',' read -r -a features < <(./parse_features --feature-dir features --cname "$cname" features)
+IFS=',' read -r -a features < <(gl-features-parse --feature-dir features --cname "$cname" features)
 
 for feature in "${features[@]}"; do
 	if [ -s "features/$feature/image$extension" ]; then
@@ -36,7 +36,7 @@ for feature in "${features[@]}"; do
 		fi
 		is_feature_script=1
 		script="features/$feature/image$extension"
-		input="$artifact_base-$COMMIT.tar"
+		input="$artifact_base.tar"
 	fi
 
 	if [ -s "features/$feature/convert$extension" ]; then
@@ -46,7 +46,7 @@ for feature in "${features[@]}"; do
 		fi
 		is_feature_script=1
 		script="features/$feature/convert$extension"
-		input="$artifact_base-$COMMIT.raw"
+		input="$artifact_base.raw"
 	fi
 
 	# temporarily enable file globbing (+f)
@@ -68,7 +68,7 @@ for feature in "${features[@]}"; do
 		fi
 		is_feature_script=1
 		script="$i"
-		input="$artifact_base-$COMMIT.${i##*~}"
+		input="$artifact_base.${i##*~}"
 	done
 done
 
 
@@ -5,21 +5,20 @@ shopt -s nullglob
 
 cname="$1"
 
-IFS=',' read -r -a features < <(./parse_features --feature-dir features --cname "$cname" features)
-
-artifacts=(".build/$cname-$COMMIT.tar" ".build/$cname-$COMMIT.release" ".build/$cname-$COMMIT.manifest" ".build/$cname-$COMMIT.requirements")
+IFS=',' read -r -a features < <(gl-features-parse --feature-dir features --default-arch "${NATIVE_ARCH}" --default-version "${DEFAULT_VERSION}-${COMMIT}" --cname "$cname" features)
+artifacts=(".build/$cname.tar" ".build/$cname.release" ".build/$cname.manifest" ".build/$cname.requirements")
 
 for feature in "${features[@]}"; do
 	for i in "features/$feature/"{image,convert}.*; do
 		# get target artifact file extension, usually this is the image/convert script extension
 		# except if the script extension is of the form filename.extA~extB in which case the artifact extension is .extA only
 		extension="$(grep -E -o '(\.[a-z][a-zA-Z0-9\-_~]*)*$' <<< "$i")"
-		artifacts+=(".build/$cname-$COMMIT${extension%~*}")
+		artifacts+=(".build/$cname${extension%~*}")
 	done
 done
 
-if [ "${#artifacts[@]}" = 4 ] && [ -n "$(./parse_features --feature-dir "features" --cname "$cname" platforms)" ]; then
-	artifacts+=(".build/$cname-$COMMIT.raw")
+if [ "${#artifacts[@]}" = 4 ] && [ -n "$(gl-features-parse --feature-dir "features" --default-arch "${NATIVE_ARCH}" --default-version "${DEFAULT_VERSION}-${COMMIT}" --cname "$cname" platforms)" ]; then
+	artifacts+=(".build/$cname.raw")
 fi
 
 echo "${artifacts[@]}"