first

.github/workflows/build-container.yml

@@ -0,0 +1,35 @@
+name: Build catalyst container
+on:
+  push:
+    paths:
+      - 'Dockerfile'
+jobs:
+  build-container:
+    name: Build Container
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    steps:
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          tags: ghcr.io/whatamisupposedtoputhere/fex-rootfs-catalyst:latest
+      - name: Clean
+        uses: quartx-analytics/ghcr-cleaner@v1
+        with:
+          owner-type: user
+          token: ${{ secrets.PAT_TOKEN }}
+          repository_owner: ${{ github.repository_owner }}
+          delete-untagged: true
+          repository-name: ${{ github.repository }}

.github/workflows/build.yml

@@ -0,0 +1,212 @@
+name: Build rootfs
+on:
+  push:
+    paths:
+      - 'envs.sh'
+      - 'stage1-systemd-23.spec'
+      - 'stage3d-systemd-23.spec'
+      - 'stage4-llvm.spec'
+      - 'stage4-fex.spec'
+      - 'build.sh'
+      - 'assemble.sh'
+      - 'config/**'
+jobs:
+  build-stage-1:
+    name: Build Stage 1
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
+    container:
+      image: "ghcr.io/whatamisupposedtoputhere/fex-rootfs-catalyst:latest"
+      options: --user root --privileged
+    steps:
+      - name: Checkout
+        uses: "actions/checkout@v4"
+      - name: Cache pkgs
+        uses: "actions/cache@v4"
+        with:
+          path: "/var/tmp/catalyst/packages/23.0-default/stage1-amd64"
+          key: "stage1-pkgs-${{ hashFiles('envs.sh', 'stage1-systemd-23.spec', 'config/**') }}"
+          restore-keys: "stage1-pkgs"
+      - name: "Get envs"
+        run: |
+          echo "TIMESTAMP_L=$(source envs.sh; echo $TIMESTAMP_L)" >> $GITHUB_ENV
+          echo "TIMESTAMP_S=$(source envs.sh; echo $TIMESTAMP_S)" >> $GITHUB_ENV
+      - name: Cache seed
+        uses: "actions/cache@v4"
+        with:
+          path: "/var/tmp/catalyst/stage3-amd64-systemd-${{env.TIMESTAMP_L}}.tar.xz"
+          key: "seed-${{ env.TIMESTAMP_L }}"
+      - name: Cache snapshot
+        uses: "actions/cache@v4"
+        with:
+          path: "/var/tmp/catalyst/gentoo-${{env.TIMESTAMP_S}}.xz.sqfs"
+          key: "snapshot-${{ env.TIMESTAMP_S }}"
+      - name: Build
+        run: "bash build.sh stage1-systemd-23.spec"
+        env:
+          GIT_SHA: ${{ github.sha }}
+          DOWNLOAD_SEED: 1
+      - name: Upload
+        uses: "actions/upload-artifact@v4"
+        with:
+          name: stage1-tarball
+          path: "/var/tmp/catalyst/builds/23.0-default/stage1-amd64-systemd.tar.xz"
+  build-stage-3:
+    name: Build Stage 3
+    needs: build-stage-1
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
+    container:
+      image: "ghcr.io/whatamisupposedtoputhere/fex-rootfs-catalyst:latest"
+      options: --user root --privileged
+    steps:
+      - name: Checkout
+        uses: "actions/checkout@v4"
+      - name: Download Stage 1
+        uses: actions/download-artifact@v4
+        with:
+          name: stage1-tarball
+          path: "/var/tmp/catalyst/builds/23.0-default/"
+      - name: Cache pkgs
+        uses: "actions/cache@v4"
+        with:
+          path: "/var/tmp/catalyst/packages/23.0-default/stage3-amd64"
+          key: "stage3-pkgs-${{ hashFiles('envs.sh', 'stage3d-systemd-23.spec', 'config/**') }}"
+          restore-keys: "stage3-pkgs"
+      - name: "Get envs"
+        run: |
+          echo "TIMESTAMP_S=$(source envs.sh; echo $TIMESTAMP_S)" >> $GITHUB_ENV
+      - name: Cache snapshot
+        uses: "actions/cache@v4"
+        with:
+          path: "/var/tmp/catalyst/gentoo-${{env.TIMESTAMP_S}}.xz.sqfs"
+          key: "snapshot-${{ env.TIMESTAMP_S }}"
+      - name: Build
+        run: "bash build.sh stage3d-systemd-23.spec"
+        env:
+          GIT_SHA: ${{ github.sha }}
+      - name: Upload
+        uses: "actions/upload-artifact@v4"
+        with:
+          name: stage3-tarball
+          path: "/var/tmp/catalyst/builds/23.0-default/stage3-amd64-systemd.tar.xz"
+  build-stage-4-clang:
+    name: Build Stage 4 Clang
+    needs: build-stage-3
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
+    container:
+      image: "ghcr.io/whatamisupposedtoputhere/fex-rootfs-catalyst:latest"
+      options: --user root --privileged --memory=10g
+    steps:
+      - name: Checkout
+        uses: "actions/checkout@v4"
+      - name: Download Stage 3
+        uses: actions/download-artifact@v4
+        with:
+          name: stage3-tarball
+          path: "/var/tmp/catalyst/builds/23.0-default/"
+      - name: Cache pkgs
+        uses: "actions/cache@v4"
+        with:
+          path: "/var/tmp/catalyst/packages/23.0-default/stage4-amd64"
+          key: "stage4-pkgs-${{ hashFiles('envs.sh', 'stage4-llvm.spec', 'config/**') }}"
+          restore-keys: |
+            stage4-pkgs-f
+            stage4-pkgs
+      - name: "Get envs"
+        run: |
+          echo "TIMESTAMP_S=$(source envs.sh; echo $TIMESTAMP_S)" >> $GITHUB_ENV
+      - name: Cache snapshot
+        uses: "actions/cache@v4"
+        with:
+          path: "/var/tmp/catalyst/gentoo-${{env.TIMESTAMP_S}}.xz.sqfs"
+          key: "snapshot-${{ env.TIMESTAMP_S }}"
+      - name: Build
+        run: "bash build.sh stage4-llvm.spec"
+        env:
+          GIT_SHA: ${{ github.sha }}
+      - name: Upload
+        uses: "actions/upload-artifact@v4"
+        with:
+          name: stage4-clang-tarball
+          path: "/var/tmp/catalyst/builds/23.0-default/stage4-amd64-clang.tar.xz"
+  build-stage-4:
+    name: Build Stage 4
+    needs: build-stage-4-clang
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
+    container:
+      image: "ghcr.io/whatamisupposedtoputhere/fex-rootfs-catalyst:latest"
+      options: --user root --privileged
+    steps:
+      - name: Checkout
+        uses: "actions/checkout@v4"
+      - name: Download Stage 4 Clang
+        uses: actions/download-artifact@v4
+        with:
+          name: stage4-clang-tarball
+          path: "/var/tmp/catalyst/builds/23.0-default/"
+      - name: Cache snapshot
+        uses: "actions/cache@v4"
+        with:
+          path: "/var/tmp/catalyst/packages/23.0-default/stage4-amd64"
+          key: "stage4-pkgs-f-${{ hashFiles('envs.sh', 'stage4-fex.spec', 'config/**') }}"
+          restore-keys: |
+            stage4-pkgs-f
+            stage4-pkgs
+      - name: "Get envs"
+        run: |
+          echo "TIMESTAMP_S=$(source envs.sh; echo $TIMESTAMP_S)" >> $GITHUB_ENV
+      - name: Cache snapshot
+        uses: "actions/cache@v4"
+        with:
+          path: "/var/tmp/catalyst/gentoo-${{env.TIMESTAMP_S}}.xz.sqfs"
+          key: "snapshot-${{ env.TIMESTAMP_S }}"
+      - name: Build
+        run: "bash build.sh stage4-fex.spec"
+        env:
+          GIT_SHA: ${{ github.sha }}
+      - name: Upload
+        uses: "actions/upload-artifact@v4"
+        with:
+          name: stage4-tarball
+          path: "/var/tmp/catalyst/builds/23.0-default/stage4-amd64-desktop-systemd.tar.xz"
+  assemble-squashfs:
+    name: Assemble squashfs image
+    needs: build-stage-4
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
+    container:
+      image: "ghcr.io/whatamisupposedtoputhere/fex-rootfs-catalyst:latest"
+      options: --user root --privileged
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout
+        uses: "actions/checkout@v4"
+      - name: Download Stage 4
+        uses: actions/download-artifact@v4
+        with:
+          name: stage4-tarball
+      - name: Squash
+        run: "bash assemble.sh"
+      - name: "Get release"
+        run: echo "RELEASE=$(source envs.sh; echo $RELEASE)" >> $GITHUB_ENV
+      - name: Release
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: ${{ env.RELEASE }}
+          files: |
+            fex-rootfs.sqfs
+            fex-chroot.sqfs

Dockerfile

@@ -0,0 +1,12 @@
+ARG DATE=20240913
+FROM docker.io/gentoo/stage3:${DATE}
+RUN emerge-webrsync --revert=${DATE} && \
+    export USE="-iso python" && \
+    export MAKEOPTS="-j$(nproc)" && \
+    echo 'dev-util/catalyst ~arm64 arm64' >/etc/portage/package.accept_keywords/catalyst && \
+    emerge -j util-linux && \
+    emerge -j catalyst && \
+    USE=zstd emerge -j squashfs-tools && \
+    echo 'jobs = 40' >>/etc/catalyst/catalyst.conf && \
+    echo 'export MAKEOPTS="-j$(nproc)"' >>/etc/catalyst/catalystrc && \
+    rm -rf /var/db/repos/gentoo

assemble.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+set -euo pipefail
+mkdir -p rootfs chroot/{etc,dev,proc,sys} chroot/var/{cache,lib,lib/dbus}/
+cd rootfs
+tar xf ../stage4-amd64-desktop-systemd.tar.xz
+rm -r sys dev proc
+mv etc/{hosts,resolv.conf,localtime,passwd,group,{,g}shadow,fstab,sub{u,g}id} ../chroot/etc
+mv boot home media mnt root tmp run ../chroot/
+mv var/{tmp,run,lock} ../chroot/var/
+mv var/lib/dbus/machine-id ../chroot/var/lib/dbus/
+cd ..
+mksquashfs rootfs fex-rootfs.sqfs -comp zstd
+mksquashfs chroot fex-chroot.sqfs -comp zstd

build.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+source envs.sh
+set -euo pipefail
+cd /var/tmp/catalyst/
+git init
+git remote add origin https://github.com/WhatAmISupposedToPutHere/fex-rootfs
+git fetch -a origin
+git checkout "${GIT_SHA}"
+mkdir -p builds/23.0-default
+if [[ "x${DOWNLOAD_SEED-}" != x ]]; then
+    name="stage3-amd64-systemd-${TIMESTAMP_L}.tar.xz"
+    [ -f "${name}" ] || wget "https://distfiles.gentoo.org/releases/amd64/autobuilds/${TIMESTAMP_L}/${name}"
+    cp "${name}" builds/23.0-default/
+fi
+name="gentoo-${TIMESTAMP_S}.xz.sqfs"
+[ -f "${name}" ] || wget "https://distfiles.gentoo.org/snapshots/squashfs/${name}"
+mkdir -p snapshots
+cp "${name}" snapshots/
+sed -i "s/@TIMESTAMP@/${TIMESTAMP_L}/g" *.spec
+sed -i "s/@TREEISH@/${TIMESTAMP_S}/g" *.spec
+catalyst -af "$1"

config/stages/package.accept_keywords/stage13/clinfo

@@ -0,0 +1,2 @@
+dev-util/clinfo ~amd64
+

config/stages/package.accept_keywords/stage13/intel_clc

@@ -0,0 +1 @@
+dev-util/intel_clc amd64 ~amd64

config/stages/package.accept_keywords/stage13/libnss

@@ -0,0 +1 @@
+sys-auth/libnss-nis ~amd64

config/stages/package.accept_keywords/stage13/musl

@@ -0,0 +1 @@
+=sys-libs/musl-1.2.2-r5

config/stages/package.accept_keywords/stage4/clinfo

@@ -0,0 +1,2 @@
+dev-util/clinfo ~amd64
+

config/stages/package.accept_keywords/stage4/intel_clc

@@ -0,0 +1 @@
+dev-util/intel_clc amd64 ~amd64

config/stages/package.accept_keywords/stage4/libnss

@@ -0,0 +1 @@
+sys-auth/libnss-nis ~amd64

config/stages/package.accept_keywords/stage4/musl

@@ -0,0 +1 @@
+=sys-libs/musl-1.2.2-r5

config/stages/package.accept_keywords/stage4/spirv-llvm-translator

@@ -0,0 +1 @@
+dev-util/spirv-llvm-translator amd64 ~amd64

config/stages/package.mask/stage13/glibc

@@ -0,0 +1,5 @@
+# preemptively...
+# new glibc tends to lead to trouble with sandbox (and qemu),
+# especially for the unstable arches
+#
+>=sys-libs/glibc-2.40

config/stages/package.mask/stage13/rust

@@ -0,0 +1,2 @@
+# force using rust-bin (this affects only "desktop stages")
+dev-lang/rust

config/stages/package.mask/stage4/glibc

@@ -0,0 +1,5 @@
+# preemptively...
+# new glibc tends to lead to trouble with sandbox (and qemu),
+# especially for the unstable arches
+#
+>=sys-libs/glibc-2.40

config/stages/package.mask/stage4/rust

@@ -0,0 +1,2 @@
+# force using rust-bin (this affects only "desktop stages")
+dev-lang/rust

config/stages/package.use/stage13/cet

@@ -0,0 +1,8 @@
+# Hardened profiles default to USE=cet but our -* in stage1 builds ends up
+# mixing -cet/+cet causing build failures or unmet deps.  This will keep the
+# flag enbled consistently.  This has no effect on non-hardened profiles
+# since the flag is masked there.
+sys-devel/binutils cet
+sys-devel/gcc cet
+sys-libs/binutils-libs cet
+sys-libs/glibc cet

config/stages/package.use/stage13/circular

@@ -0,0 +1,6 @@
+# this makes only a difference for the "desktop" stages
+dev-db/sqlite -icu
+dev-lang/python -bluetooth
+
+# this is also needed for normal stage3
+net-misc/curl -http2 -http3 -quic -curl_quic_openssl

config/stages/package.use/stage13/clang

@@ -0,0 +1,2 @@
+# required by sys-devel/clang-common for clang stage1
+sys-libs/llvm-libunwind static-libs

config/stages/package.use/stage13/gmp

@@ -0,0 +1,2 @@
+# testing this for bug 894134
+dev-libs/gmp asm cpudetection

config/stages/package.use/stage13/libpcre

@@ -0,0 +1,5 @@
+# required by sys-libs/libselinux-2.7
+dev-libs/libpcre static-libs
+
+# required by dev-vcs/git
+dev-libs/libpcre2 jit

config/stages/package.use/stage13/multilib

@@ -0,0 +1 @@
+*/* abi_x86_32 abi_x86_64

config/stages/package.use/stage13/musl

@@ -0,0 +1,5 @@
+# we need this here to make sure musl stages build
+# note: tried building musl only with built-in crypt, but
+# that leads to a dependency mess when emerge refuses to
+# downgrade the libcrypt virtual...
+sys-libs/musl -crypt

config/stages/package.use/stage13/no-filecaps

@@ -0,0 +1,7 @@
+# For stage building, we cannot be sure the final unpack destination will have
+# xattr/fcaps support.  To be safe, we build stages without filecaps, but allow
+# filecaps to be turned back on @ next full world upgrade.  The ebuilds using
+# fcaps eclass will have more logic to safely fall back in case of missing
+# support.
+
+*/* -filecaps

config/stages/package.use/stage13/openmp

@@ -0,0 +1,6 @@
+
+# compilers from stage1 do not have openmp capability, so turn this off
+# here to avoid failures in stage3
+app-crypt/libb2 -openmp
+app-portage/portage-utils -openmp
+sys-devel/gettext -openmp

config/stages/package.use/stage4/cet

@@ -0,0 +1,8 @@
+# Hardened profiles default to USE=cet but our -* in stage1 builds ends up
+# mixing -cet/+cet causing build failures or unmet deps.  This will keep the
+# flag enbled consistently.  This has no effect on non-hardened profiles
+# since the flag is masked there.
+sys-devel/binutils cet
+sys-devel/gcc cet
+sys-libs/binutils-libs cet
+sys-libs/glibc cet