Browse Source

Merge pull request #27 from gavinandresen/virtualbox

Virtualbox support
pull/28/head
Dev Random 10 years ago
parent
commit
11d8efec50
  1. 67
      README.md
  2. 19
      libexec/make-clean-vm
  3. 20
      libexec/start-target
  4. 21
      libexec/stop-target

67
README.md

@ -8,28 +8,80 @@ This package can do a deterministic build of a package inside a VM. @@ -8,28 +8,80 @@ This package can do a deterministic build of a package inside a VM.
This performs a build inside a VM, with deterministic inputs and outputs. If the build script takes care of all sources of non-determinism (mostly caused by timestamps), the result will always be the same. This allows multiple independent verifiers to sign a binary with the assurance that it really came from the source they reviewed.
## Synopsis:
## Prerequisites:
Install prereqs:
Linux:
sudo apt-get install apt-cacher-ng python-vm-builder ruby
sudo apt-get install git apache2 apt-cacher-ng python-vm-builder ruby
OSX with MacPorts:
sudo port install ruby coreutils
export PATH=$PATH:/opt/local/libexec/gnubin # Needed for sha256sum
### KVM
If you want to use kvm:
sudo apt-get install qemu-kvm
or alternatively, lxc (no need for hardware support):
### LXC (no need for hardware support):
sudo apt-get install debootstrap lxc
Create the base VM for use in further builds (requires sudo, please review the script):
### VirtualBox
Install virtualbox from virtualbox.org, and make sure VBoxManage is in your $PATH.
## Create the base VM for use in further builds (requires sudo, please review the script):
### KVM
bin/make-base-vm
bin/make-base-vm --arch i386
or for lxc:
### LXC
bin/make-base-vm --lxc
bin/make-base-vm --lxc --arch i386
Set the USE_LXC environment variable to use LXC instead of KVM:
export USE_LXC=1
### VirtualBox
Command-line VBoxManage must be in your PATH
Setup:
make-base-vm cannot yet make VirtualBox virtual machines (patches welcome-- it should be possible to use VBoxManage, boot-from-network Linux images and PXE booting to do it). So you must either get or manually create VirtualBox machines that:
1. Are named "Gitian-<suite>-<arch>" -- e.g. Gitian-lucid-i386 for a 32-bit, Ubuntu 10 machine.
2. Have a booted-up snapshot named "Gitian-Clean" . The build script resets the VM to that snapshot to get reproducible builds.
3. Has the VM's NAT networking setup to forward port localhost:2223 on the host machine to port 22 of the VM; e.g.:
VBoxManage modifyvm Gitian-lucid-i386 --natpf1 "guestssh,tcp,,2223,,22"
The final setup needed is to create an ssh key that will be used to login to the virtual machine:
ssh-keygen -t dsa -f var/id_dsa -N ""
ssh -p 2223 ubuntu@localhost 'mkdir -p .ssh && chmod 700 .ssh && cat >> .ssh/authorized_keys' < var/id_dsa.pub
ssh -p 2223 ubuntu@localhost
On VM: sudo bash
On VM: mkdir -p .ssh && chmod 700 .ssh && cat ~ubuntu/.ssh/authorized_keys >> .ssh/authorized_keys
Set the USE_VBOX environment variable to use LXC instead of KVM:
export USE_VBOX=1
## Sanity-testing
If you have everything set-up properly, you should be able to:
PATH=$PATH:$(pwd)/libexec
make-clean-vm --suite lucid --arch i386
start-target 32 lucid-i386
on-target ls -la
stop-target
## Building
Copy any additional build inputs into a directory named _inputs_.
Then execute the build using a YAML description file (can be run as non-root):
@ -53,6 +105,7 @@ After you've merged everybody's signatures, verify them: @@ -53,6 +105,7 @@ After you've merged everybody's signatures, verify them:
bin/gverify --release <release-name> <package>.yml
## Poking around
* Log files are captured to the _var_ directory

19
libexec/make-clean-vm

@ -4,6 +4,13 @@ set -e @@ -4,6 +4,13 @@ set -e
SUITE=lucid
ARCH=amd64
VMSW=KVM
if [ -n "$USE_LXC" ]; then
VMSW=LXC
elif [ -n "$USE_VBOX" ]; then
VMSW=VBOX
fi
usage() {
echo "Usage: ${0##*/} [OPTION]..."
echo "Make a clean copy of the base client."
@ -44,9 +51,15 @@ fi @@ -44,9 +51,15 @@ fi
BASE=base-$SUITE-$ARCH
OUT=target-$SUITE-$ARCH
if [ -z "$USE_LXC" ]; then
case $VMSW in
KVM)
qemu-img create -f qcow2 -o backing_file="$BASE.qcow2" "$OUT.qcow2"
else
;;
LXC)
cp -a $BASE $OUT
on-target -u root bash < target-bin/bootstrap-fixup
fi
;;
VBOX)
VBoxManage snapshot "Gitian-${SUITE}-${ARCH}" restore "Gitian-Clean"
;;
esac

20
libexec/start-target

@ -5,11 +5,25 @@ @@ -5,11 +5,25 @@
ARCH=qemu$1
SUFFIX=$2
if [ -z "$USE_LXC" ]; then
VMSW=KVM
if [ -n "$USE_LXC" ]; then
VMSW=LXC
elif [ -n "$USE_VBOX" ]; then
VMSW=VBOX
fi
case $VMSW in
KVM)
kvm -cpu $ARCH -m ${VMEM:-2000} -smp ${NPROCS:-2} -drive file=target-$SUFFIX.qcow2,cache=writeback -net nic,model=virtio -net user,hostfwd=tcp:127.0.0.1:$VM_SSH_PORT-:22 -vnc 127.0.0.1:16 > var/target.log 2>&1 &
echo $! > var/target.pid
wait
rm var/target.pid
else
;;
LXC)
true #sudo lxc-start -n gitian -c var/target.log -f lxc.config
fi
;;
VBOX)
VBoxManage startvm "Gitian-${2}" # --type headless
echo "Gitian-${2}" > var/target.vmname
;;
esac

21
libexec/stop-target

@ -1,6 +1,14 @@ @@ -1,6 +1,14 @@
#!/bin/sh
if [ -z "$USE_LXC" ]; then
VMSW=KVM
if [ -n "$USE_LXC" ]; then
VMSW=LXC
elif [ -n "$USE_VBOX" ]; then
VMSW=VBOX
fi
case $VMSW in
KVM)
if [ ! -e var/target.pid ]; then exit; fi
on-target -u root halt
@ -13,6 +21,13 @@ if [ -z "$USE_LXC" ]; then @@ -13,6 +21,13 @@ if [ -z "$USE_LXC" ]; then
echo Killing target since it did not shutdown within 10 seconds
kill `cat var/target.pid`
else
;;
LXC)
true
fi
;;
VBOX)
if [ ! -e var/target.vmname ]; then exit; fi
VBoxManage controlvm `cat var/target.vmname` savestate
rm var/target.vmname
;;
esac

Loading…
Cancel
Save