Refactor

11 files changed, 87 insertions, 171 deletions

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..1be0fe1
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,12 @@
+framebuf/Xvfb_screen0
+.git
+.gitignore
+*.log
+Makefile
+ratinox
+README.md
+stage1
+stage2
+*.stamp
+Xilinx_ISE_DS_Lin_14.7_1015_1.tar
+Xilinx.lic
diff --git a/stage3/Dockerfile.later b/Dockerfile
index 0cf505c..0a787bf 100644
--- a/stage3/Dockerfile.later
+++ b/Dockerfile
@@ -1,12 +1,12 @@
-FROM cryptech-builder:stage3
+FROM cryptech-builder:stage2
 
 RUN echo 'deb http://deb.debian.org/debian jessie-backports main' > /etc/apt/sources.list.d/backports.list
 
-# An assortment of normal Debian packages.  Might want to move this to
-# after the horrible XiLinx stuff so we don't have to redo that very often.
+# Stuff we need we need to build firmware and client packages.  This
+# stuff is much more likely to change than the XiLinx tools, so we put
+# it at the end of the build where we can use normal Docker tooling.
 
-RUN apt-get update \
-	&& \
+RUN apt-get update && \
     apt-get install -y \
 	    avr-libc \
 	    binutils-avr \
@@ -19,7 +19,6 @@ RUN apt-get update \
 	    reprepro \
 	    ubuntu-archive-keyring \
 	    ubuntu-dev-tools \
-	    pbuilder \
-	&& \
+	    pbuilder && \
     apt-get -t jessie-backports install -y \
 	    debootstrap distro-info-data
diff --git a/Makefile b/Makefile
index b31cb27..2ddd1e4 100644
--- a/Makefile
+++ b/Makefile
@@ -1,29 +1,31 @@
-all: debug
-
-build: stage0.stamp stage1.stamp stage2.stamp # stage3.stamp
-
-debug: stage2.stamp
-	docker container prune -f
-	mkdir -p framebuf
-	docker run -it --mount type=bind,source=$(abspath framebuf),target=/framebuf cryptech-builder:stage2 /xilinx-unpack/builder
+all: stage0.stamp stage1.stamp stage2.stamp stage3.stamp
 
 stage0.stamp:
-	mkdir -p stage0/jessie_chroot
-	cd stage0; sudo /usr/sbin/debootstrap --foreign jessie jessie_chroot
-	sudo tar -C stage0/jessie_chroot -c . | docker import - cryptech-builder:stage0
-	sudo rm -rf stage0/jessie_chroot
+	mkdir -p fs/cryptech-builder
+	sudo /usr/sbin/debootstrap --foreign jessie fs
+	sudo tar -C fs -xf Xilinx_ISE_DS_Lin_14.7_1015_1.tar
+	sudo tar -C fs -c . | docker import - cryptech-builder:stage0
+	sudo rm -rf fs
 	touch $@
 
-stage1.stamp: stage0.stamp stage1/Dockerfile
-	cd stage1; docker build -t cryptech-builder:stage1 .
+stage1.stamp: stage0.stamp
+	docker run -it --name cryptech-builder-stage1 \
+		--mount type=bind,source=$(abspath .),target=/cryptech-builder \
+		cryptech-builder:stage0 /cryptech-builder/stage1
+	docker commit -c 'USER builder' cryptech-builder-stage1 cryptech-builder:stage2
+	docker container rm cryptech-builder-stage1
 	touch $@
 
-stage2.stamp: stage1.stamp stage2/Dockerfile
-	cd stage2; docker build -t cryptech-builder:stage2 .
+stage2.stamp: stage1.stamp
+	docker run -it --name cryptech-builder-stage2 \
+		--mount type=bind,source=$(abspath .),target=/cryptech-builder \
+		cryptech-builder:stage1 /cryptech-builder/stage2
+	docker commit -c 'USER builder' cryptech-builder-stage2 cryptech-builder:stage2
+	docker container rm cryptech-builder-stage2
 	touch $@
 
-stage3.stamp: stage2.stamp stage3/Dockerfile
-	cd stage3; docker build -t cryptech-builder:stage3 .
+stage3.stamp: stage2.stamp
+	docker build -t cryptech-builder .
 	touch $@
 
 clean:
diff --git a/ratinox b/ratinox
index 86667a0..33243b4 100755
--- a/ratinox
+++ b/ratinox
@@ -42,12 +42,12 @@ def snooze(how_long = 15):
 
 def installer():
 
-    with Ratinox(fbdir = "/framebuf") as rat:
+    with Ratinox(fbdir = "/cryptech-builder") as rat:
         print("DISPLAY={}".format(os.getenv("DISPLAY")))
 
         snooze()
         print("Starting XiLinx installer")
-        xsetup = subprocess.Popen(("./xsetup",), cwd = "/xilinx-unpack/Xilinx_ISE_DS_Lin_14.7_1015_1")
+        xsetup = subprocess.Popen(("./xsetup",), cwd = "/Xilinx_ISE_DS_Lin_14.7_1015_1")
 
         snooze()
         print("First screen")
@@ -89,7 +89,7 @@ def installer():
 
 def licenser():
 
-    with Ratinox(fbdir = "/framebuf") as rat:
+    with Ratinox(fbdir = "/cryptech-builder") as rat:
         print("DISPLAY={}".format(os.getenv("DISPLAY")))
 
         snooze()
diff --git a/stage1 b/stage1
new file mode 100755
index 0000000..a4cfa56
--- /dev/null
+++ b/stage1
@@ -0,0 +1,35 @@
+#!/bin/sh -
+
+set -ex
+
+# Finish debootstrap (stage0 did debootstrap --foreign)
+
+sed -i '/mount -t proc /d; /mount -t sysfs /d' /debootstrap/functions
+/debootstrap/debootstrap --second-stage
+			    
+# The XiLinx tools don't like dash but are OK with bash.
+
+ln -sf /bin/bash /bin/sh
+
+# Jump through hoops to install the XiLinx software in this container.
+
+apt-get update
+
+apt-get install -y \
+    libglib2.0-0 \
+    libxrandr2 \
+    python-xvfbwrapper \
+    ratpoison \
+    sudo
+
+/cryptech-builder/ratinox ise-install
+
+# Assuming we survived that, we're done with the 6GB
+# XiLinxinstallation package.
+
+rm -rf /Xilinx_ISE_DS_Lin_14.7_1015_1
+
+# Create non-root user (with sudo privs, for pbuilder)
+
+adduser --disabled-password --gecos 'Cryptech Build Bot' --shell /bin/sh builder
+echo >/etc/sudoers.d/builder 'builder ALL = (ALL) NOPASSWD: SETENV: ALL'
diff --git a/stage1/Dockerfile b/stage1/Dockerfile
deleted file mode 100644
index 810ce10..0000000
--- a/stage1/Dockerfile
+++ /dev/null
@@ -1,12 +0,0 @@
-FROM cryptech-builder:stage0
-
-# Finish debootstrap (stage0 did debootstrap --foreign)
-
-RUN sed -i '/mount -t proc /d; /mount -t sysfs /d' /debootstrap/functions && \
-    /debootstrap/debootstrap --second-stage
-			    
-# Our goal here is just to load the XiLinx tarball into a Debian Jessie image.
-# Overriding reason for making this a separate image: we don't want to have
-# to send 6GB of build context every time we touch a later stage.
-
-ADD Xilinx_ISE_DS_Lin_14.7_1015_1.tar /xilinx-unpack/
diff --git a/stage2 b/stage2
new file mode 100755
index 0000000..01b67a8
--- /dev/null
+++ b/stage2
@@ -0,0 +1,11 @@
+#!/bin/sh -
+
+set -ex
+
+# We should now be running as a non-root user, set up the XiLinx license
+
+sudo install -o builder -g builder /cryptech-builder/Xilinx.lic $HOME/builder
+
+/cryptech-builder/ratinox license-user
+
+rm $HOME/builder
diff --git a/stage2/Dockerfile b/stage2/Dockerfile
deleted file mode 100644
index f9fc768..0000000
--- a/stage2/Dockerfile
+++ /dev/null
@@ -1,17 +0,0 @@
-FROM cryptech-builder:stage1
-
-RUN ln -sf /bin/bash /bin/sh
-
-RUN apt-get update && apt-get install -y \
-    libglib2.0-0 \
-    libxrandr2 \
-    python-xvfbwrapper \
-    ratpoison
-
-COPY builder installer licenser /xilinx-unpack/
-
-# For the moment we're licensing as root.  Probably need to change
-# that since building as root is a really bad idea.  License file goes
-# in home directory of user who will be running the builds.
-
-COPY Xilinx.lic /root
diff --git a/stage2/builder b/stage2/builder
deleted file mode 100755
index ac3432b..0000000
--- a/stage2/builder
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/sh
-
-set -ex
-cd /xilinx-unpack
-./installer
-./licenser
diff --git a/stage2/installer b/stage2/installer
deleted file mode 100755
index b3bb5ba..0000000
--- a/stage2/installer
+++ /dev/null
@@ -1,66 +0,0 @@
-#!/usr/bin/env python
-
-import subprocess, os, time, xvfbwrapper, itertools
-
-def run(*args, **kwargs):
-    return subprocess.Popen(args, **kwargs)
-
-def ratpoison(*args):
-    return subprocess.check_output(("ratpoison",) + tuple(itertools.chain.from_iterable(("-c", a) for a in args)))
-
-def snooze(how_long = 15):
-    time.sleep(how_long)
-
-def main():
-    with xvfbwrapper.Xvfb(fbdir = "/framebuf"):
-        print("DISPLAY={}".format(os.getenv("DISPLAY")))
-
-        print("Starting rodent-free window manager")
-        rat = run("ratpoison")
-
-        snooze()
-        print("Starting XiLinx installer")
-        xsetup = run("./xsetup", cwd = "/xilinx-unpack/Xilinx_ISE_DS_Lin_14.7_1015_1")
-
-        snooze()
-        print("First screen")
-        ratpoison("ratwarp 650 610", "ratclick")
-
-        snooze()
-        print("Second screen")
-        ratpoison("ratwarp 250 420", "ratclick",
-                  "ratwarp 250 444", "ratclick",
-                  "ratwarp 650 610", "ratclick")
-
-        snooze()
-        print("Third screen")
-        ratpoison("ratwarp 600 560", "ratclick",
-                  "ratwarp 650 610", "ratclick")
-
-        snooze()
-        print("Fourth screen")
-        ratpoison("ratwarp 300 100", "ratclick",
-                  "ratwarp 650 610", "ratclick")
-
-        for ith in ("Fifth", "Sixth", "Seventh"):
-            snooze()
-            print(ith + " screen")
-            ratpoison("ratclick")
-
-        print("Waiting half an hour for XiLinx installer to run, ^C if you get bored")
-        snooze(1800)
-
-        # In theory we could use visgrep to check for the "finish" button.
-        # In practice ... this is such a kludge, what's one more, let's just
-        # try blindly clicking where the finish button should be and see
-        # if that results in a usable image.
-
-        print("Blindly clicking where finish button should be, then shutting down")
-        ratpoison("ratwarp 720 610", "ratclick",
-                  "quit")
-
-        print("xsetup exited with status {}".format(xsetup.wait()))
-        print("ratpoison exited with status {}".format(rat.wait()))
-
-if __name__ == "__main__":
-    main()
diff --git a/stage2/licenser b/stage2/licenser
deleted file mode 100755
index 3bccb83..0000000
--- a/stage2/licenser
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/usr/bin/env python
-
-import subprocess, os, time, xvfbwrapper, itertools
-
-def ratpoison(*args):
-    return subprocess.check_output(("ratpoison",) + tuple(itertools.chain.from_iterable(("-c", a) for a in args)))
-
-def snooze(how_long = 15):
-    time.sleep(how_long)
-
-def main():
-    with xvfbwrapper.Xvfb(fbdir = "/framebuf"):
-        print("DISPLAY={}".format(os.getenv("DISPLAY")))
-
-        print("Starting rodent-free window manager")
-        rat = subprocess.Popen(["ratpoison"])
-
-        snooze()
-        print("Starting XiLinx license manager")
-        xlcm = ". /opt/Xilinx/14.7/ISE_DS/settings64.sh; /opt/Xilinx/14.7/ISE_DS/common/bin/lin64/xlcm -manage"
-        xlcm = subprocess.Popen(xlcm, shell = True)
-
-        snooze()
-        print("First screen")
-        ratpoison("ratwarp 100 116", "ratclick")
-
-        snooze()
-        print("Second screen")
-        ratpoison("ratwarp 220 170", "ratclick",
-                  "ratwarp 680 490", "ratclick")
-
-        snooze()
-        print("Third screen")
-        ratpoison("ratwarp 400 360", "ratclick",
-                  "ratwarp 750 650", "ratclick",
-                  "quit")
-
-        print("xlcm exited with status {}".format(xlcm.wait()))
-        print("ratpoison exited with status {}".format(rat.wait()))
-
-if __name__ == "__main__":
-    main()