oem: port GCE to sysext image

build_library/vm_image_util.sh

@@ -256,8 +256,9 @@ IMG_iso_MEM=2048
 ## gce, image tarball
 IMG_gce_DISK_LAYOUT=vm
 IMG_gce_CONF_FORMAT=gce
-IMG_gce_OEM_PACKAGE=oem-gce
-IMG_gce_OEM_ACI=gce
+IMG_gce_OEM_PACKAGE=common-oem-files
+IMG_gce_OEM_USE=gce
+IMG_gce_OEM_SYSEXT=oem-gce
 
 ## rackspace
 IMG_rackspace_OEM_PACKAGE=oem-rackspace

changelog/changes/2023-11-29-sysext-for-gce-oem.md

@@ -0,0 +1 @@
+- GCP OEM images now use a systemd-sysext image for layering additional platform-specific software on top of `/usr` and being part of the OEM A/B updates ([flatcar#1146](https://github.com/flatcar/Flatcar/issues/1146))

sdk_container/src/third_party/coreos-overlay/coreos-base/common-oem-files/common-oem-files-0-r4.ebuild → sdk_container/src/third_party/coreos-overlay/coreos-base/common-oem-files/common-oem-files-0-r5.ebuild

@@ -31,6 +31,7 @@ fi
 COMMON_OEMIDS=(
     ami
     azure
+    gce
     openstack
     packet
     qemu

sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/grub.cfg → sdk_container/src/third_party/coreos-overlay/coreos-base/common-oem-files/files/gce/grub.cfg.frag

@@ -1,7 +1,3 @@
-# Flatcar GRUB settings
-
-set oem_id="gce"
-
 # GCE only has a serial console.
 set linux_console="console=ttyS0,115200n8"
 serial com0 --speed=115200 --word=8 --parity=no

sdk_container/src/third_party/coreos-overlay/coreos-base/misc-files/files/oems/gce

@@ -0,0 +1,13 @@
+/etc/systemd/system/multi-user.target.wants/oem-cloudinit.service
+/etc/systemd/system/multi-user.target.wants/oem-gce.service
+/etc/systemd/system/oem-cloudinit.service
+/etc/systemd/system/oem-gce-enable-oslogin.service
+/etc/systemd/system/oem-gce.service
+/etc/systemd/system/sysinit.target.wants/oem-gce-enable-oslogin.service
+/oem/base/
+/oem/bin/
+/oem/files/
+/oem/flatcar-oem-gce.aci
+/oem/units/
+/var/lib/flatcar-oem-gce
+/var/lib/flatcar-oem-gce.img

sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/files/manglefs.sh → sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/bin/init.sh

@@ -1,11 +1,7 @@
-#!/bin/sh
-set -e
-
+#!/bin/bash -ex
 # GCE can work with our normal file system, but it needs an "init system".
 # Here is a better place to install this script so it doesn't get put in real
 # images built from the GCE Python package.
-cat << 'EOF' > init.sh && chmod 755 init.sh
-#!/bin/bash -ex
 
 # Write a configuration template if it does not exist.
 [ -e /etc/default/instance_configs.cfg.template ] ||
@@ -38,20 +34,3 @@ test -n "$stopping" || exit 1
 
 # Otherwise, run the shutdown script before quitting.
 exec /usr/bin/google_metadata_script_runner --script-type shutdown
-EOF
-
-# Disable PAM checks in the container.
-rm -f usr/lib/pam.d/*
-cat << 'EOF' > usr/lib/pam.d/other
-account optional pam_permit.so
-auth optional pam_permit.so
-password optional pam_permit.so
-session optional pam_permit.so
-EOF
-
-# Don't bundle these paths, since they are useless to us.
-mv usr/lib/systemd/lib*.so* usr/lib64/
-rm -fr boot etc/* usr/lib/systemd var/db/pkg
-
-# Remove test stuff from python - it's quite large.
-rm -rf usr/lib/python*/test

sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/units/10-oem-gce.conf

@@ -0,0 +1,2 @@
+[Unit]
+Upholds=oem-gce-enable-oslogin.service setup-oem.service oem-gce.service

sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/units/oem-gce-enable-oslogin.service

@@ -10,7 +10,7 @@ Before=sshd.socket
 Type=oneshot
 RemainAfterExit=true
 
-ExecStart=/oem/bin/enable-oslogin
+ExecStart=/usr/bin/enable-oslogin
 
 [Install]
 WantedBy=sysinit.target

sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/units/oem-gce.service

@@ -12,20 +12,7 @@ RestartSec=5
 KillMode=process
 KillSignal=SIGTERM
 
-ExecStartPre=/usr/bin/rm -f /var/lib/flatcar-oem-gce.img
-ExecStartPre=/usr/bin/truncate -s 1G /var/lib/flatcar-oem-gce.img
-ExecStartPre=/usr/sbin/mkfs.ext4 /var/lib/flatcar-oem-gce.img
-ExecStartPre=/usr/bin/rm -rf /var/lib/flatcar-oem-gce
-ExecStartPre=/usr/bin/mkdir -p /var/lib/flatcar-oem-gce
-ExecStartPre=-/usr/bin/umount /var/lib/flatcar-oem-gce.img
-ExecStartPre=/usr/bin/mount /var/lib/flatcar-oem-gce.img /var/lib/flatcar-oem-gce
-ExecStartPre=/usr/bin/tar --directory=/var/lib/flatcar-oem-gce --extract --file=/oem/flatcar-oem-gce.aci --strip-components=1 rootfs
-ExecStartPre=/usr/bin/umount /var/lib/flatcar-oem-gce.img
-# the container expects to be able to optmize irq settings in /proc/irq and /sys/
-Environment=SYSTEMD_NSPAWN_API_VFS_WRITABLE=1
-ExecStart=/usr/bin/systemd-nspawn --keep-unit --register=no --link-journal=no \
-    --machine=oem-gce --capability=CAP_NET_ADMIN --bind=/dev/log --bind=/run/systemd --tmpfs=/run/lock --bind=/etc --bind=/home --bind-ro=/usr/share/google-oslogin/nsswitch.conf \
-    --read-only --volatile=overlay --image=/var/lib/flatcar-oem-gce.img --kill-signal=SIGTERM /init.sh
+ExecStart=/usr/bin/init.sh
 
 [Install]
 WantedBy=multi-user.target

sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/units/setup-oem.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=Setup OEM
+Before=oem-gce-enable-oslogin.service
+DefaultDependencies=false
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=-/usr/bin/ln --symbolic --force /usr/share/gce/hosts /etc/hosts
+ExecStart=-/usr/bin/ln --symbolic /usr/share/gce/google-cloud-sdk.sh /etc/profile.d/google-cloud-sdk.sh
+[Install]
+WantedBy=sysinit.target

sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20180823-r6.ebuild

@@ -0,0 +1,41 @@
+# Copyright (c) 2013 CoreOS, Inc.. All rights reserved.
+# Distributed under the terms of the GNU General Public License v2
+# Copyright (c) 2020 Kinvolk GmbH. All rights reserved.
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit systemd
+
+DESCRIPTION="OEM suite for Google Compute Engine images"
+HOMEPAGE="https://cloud.google.com/products/compute-engine/"
+SRC_URI=""
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="amd64"
+IUSE=""
+
+# no source directory
+S="${WORKDIR}"
+
+RDEPEND="
+    app-emulation/google-compute-engine
+"
+
+OEM_NAME="Google Compute Engine"
+
+src_install() {
+    systemd_dounit "${FILESDIR}/units/oem-gce.service"
+    systemd_dounit "${FILESDIR}/units/oem-gce-enable-oslogin.service"
+    systemd_dounit "${FILESDIR}/units/setup-oem.service"
+    systemd_install_dropin "multi-user.target" "${FILESDIR}/units/10-oem-gce.conf"
+
+    dobin "${FILESDIR}/bin/enable-oslogin"
+    dobin "${FILESDIR}/bin/init.sh"
+
+    # These files will be symlinked to /etc via 'setup-oem.service'
+    insinto /usr/share/gce/
+    doins "${FILESDIR}/files/hosts"
+    doins "${FILESDIR}/files/google-cloud-sdk.sh"
+}

sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1.ebuild

@@ -20,8 +20,8 @@ IUSE=""
 DEPEND=""
 RDEPEND="
 	amd64? (
+		app-emulation/google-compute-engine
 		app-emulation/open-vm-tools
-		coreos-base/coreos-oem-gce
 		coreos-base/nova-agent-container
 		coreos-base/nova-agent-watcher
 	)