tjkirch · August 7, 2020 18:21
diff --git a/bottlerocket-pr1010-address-feedback.patch b/bottlerocket-pr1010-address-feedback.patch
 diff --git a/Makefile.toml b/Makefile.toml
 index 624dead..e784a39 100644
 --- a/Makefile.toml
 +++ b/Makefile.toml
 @@ -339,13 +339,23 @@ script = [
 set -e
 
 cleanup() {
 -   [ -n "${root_image}" ] && rm -f "${root_image}"
 -   [ -n "${data_image}" ] && rm -f "${data_image}"
 +   [ -f "${root_image}" ] && rm -f "${root_image}"
 +   [ -f "${data_image}" ] && rm -f "${data_image}"
 }
 trap 'cleanup' EXIT
 
 export PATH="${BUILDSYS_TOOLS_DIR}/bin:${PATH}"
 
 +# Canonicalize architecture identifier to the value recognized by EC2.
 +case "${BUILDSYS_ARCH,,}" in
 +   arm64|aarch64)
 +      arch=arm64 ;;
 +   x86_64|amd64)
 +      arch=x86_64 ;;
 +   *)
 +      arch="${BUILDSYS_ARCH}" ;;
 +esac
 +
 # Unlz4 the root / data images
 rootlz4="${BUILDSYS_OUTPUT_DIR}/${BUILDSYS_NAME_FULL}.img.lz4"
 root_image="${rootlz4%.lz4}"
 @@ -365,7 +375,7 @@ pubsys \
    ${PUBLISH_ROOT_VOLUME_SIZE:+--root-volume-size "${PUBLISH_ROOT_VOLUME_SIZE}"} \
    --data-volume-size "${PUBLISH_DATA_VOLUME_SIZE}" \
    \
 -   --arch "${BUILDSYS_ARCH}" \
 +   --arch "${arch}" \
    --name "${PUBLISH_AMI_NAME}" \
    --description "${PUBLISH_AMI_DESCRIPTION:-${PUBLISH_AMI_NAME}}" \
    ${NO_PROGRESS:+--no-progress} \
 diff --git a/tools/pubsys/Infra.toml.example b/tools/pubsys/Infra.toml.example
 index 2dd8541..6446150 100644
 --- a/tools/pubsys/Infra.toml.example
 +++ b/tools/pubsys/Infra.toml.example
 @@ -31,6 +31,11 @@ signing_keys = { default = { file = { path = "/home/user/key.pem" } } }
 # The list of regions in which you want to publish AMIs. We register an AMI in
 # the first region and copy it to all other regions.
 regions = ["us-west-2", "us-east-1", "us-east-2"]
 +# If specified, we use this named profile from ~/.aws/credentials, rather than
 +# the default path of trying credentials from the environment, from a
 +# credential process, from the default profile, and then from an IAM instance
 +# profile.
 +profile = "my-profile"
 # If specified, we assume this role before making any API calls.
 role = "arn:aws:iam::012345678901:role/assume-global"
 
 diff --git a/tools/pubsys/src/aws/ami/mod.rs b/tools/pubsys/src/aws/ami/mod.rs
 index d619456..1340654 100644
 --- a/tools/pubsys/src/aws/ami/mod.rs
 +++ b/tools/pubsys/src/aws/ami/mod.rs
 @@ -85,8 +85,7 @@ pub(crate) async fn run(args: &Args, ami_args: &AmiArgs) -> Result<()> {
     .map(|name| region_from_string(&name, &aws))
     .collect::<Result<VecDeque<Region>>>()?;
 
 -    // Prefer to start with the first region in the aws.regions list, fall back to the region in
 -    // the profile, if they gave one, and finally fall back to the default region.
 +    // We register in this base region first, then copy from there to any other regions.
     let base_region = regions.pop_front().context(error::MissingConfig {
         missing: "aws.regions",
     })?;
 diff --git a/tools/pubsys/src/aws/ami/register.rs b/tools/pubsys/src/aws/ami/register.rs
 index 94a7e80..8e9a3cc 100644
 --- a/tools/pubsys/src/aws/ami/register.rs
 +++ b/tools/pubsys/src/aws/ami/register.rs
 @@ -15,6 +15,7 @@ const DATA_DEVICE_NAME: &str = "/dev/xvdb";
 const VIRT_TYPE: &str = "hvm";
 const VOLUME_TYPE: &str = "gp2";
 const SRIOV: &str = "simple";
 +const ENA: bool = true;
 
 /// Helper for `register_image`.  Inserts registered snapshot IDs into `cleanup_snapshot_ids` so
 /// they can be cleaned up on failure if desired.
 @@ -96,7 +97,7 @@ async fn _register_image(
         architecture: Some(ami_args.arch.clone()),
         block_device_mappings: Some(vec![root_bdm, data_bdm]),
         description: ami_args.description.clone(),
 -        ena_support: Some(true),
 +        ena_support: Some(ENA),
         name: ami_args.name.clone(),
         root_device_name: Some(ROOT_DEVICE_NAME.to_string()),
         sriov_net_support: Some(SRIOV.to_string()),
 diff --git a/tools/pubsys/src/aws/ami/wait.rs b/tools/pubsys/src/aws/ami/wait.rs
 index 23e7bb0..c1570e8 100644
 --- a/tools/pubsys/src/aws/ami/wait.rs
 +++ b/tools/pubsys/src/aws/ami/wait.rs
 @@ -60,7 +60,7 @@ pub(crate) async fn wait_for_ami(
                 .context(error::DescribeImages {
                     region: region.name(),
                 })?;
 -        // The response contains an Option<Vec<Snapshot>>, so we have to check that we got a
 +        // The response contains an Option<Vec<Image>>, so we have to check that we got a
         // list at all, and then that the list contains the ID in question.
         if let Some(images) = describe_response.images {
             let mut saw_it = false;
 @@ -94,7 +94,7 @@ pub(crate) async fn wait_for_ami(
                 }
             }
             if !saw_it {
 -                // Did not find snapshot in list; reset success count and try again (if we have spare attempts)
 +                // Did not find image in list; reset success count and try again (if we have spare attempts)
                 successes = 0;
             }
         } else {
	diff --git a/Makefile.toml b/Makefile.toml
	index 624dead..e784a39 100644
	--- a/Makefile.toml
	+++ b/Makefile.toml
	@@ -339,13 +339,23 @@ script = [
	set -e

	cleanup() {
	- [ -n "${root_image}" ] && rm -f "${root_image}"
	- [ -n "${data_image}" ] && rm -f "${data_image}"
	+ [ -f "${root_image}" ] && rm -f "${root_image}"
	+ [ -f "${data_image}" ] && rm -f "${data_image}"
	}
	trap 'cleanup' EXIT

	export PATH="${BUILDSYS_TOOLS_DIR}/bin:${PATH}"

	+# Canonicalize architecture identifier to the value recognized by EC2.
	+case "${BUILDSYS_ARCH,,}" in
	+ arm64\|aarch64)
	+ arch=arm64 ;;
	+ x86_64\|amd64)
	+ arch=x86_64 ;;
	+ *)
	+ arch="${BUILDSYS_ARCH}" ;;
	+esac
	+
	# Unlz4 the root / data images
	rootlz4="${BUILDSYS_OUTPUT_DIR}/${BUILDSYS_NAME_FULL}.img.lz4"
	root_image="${rootlz4%.lz4}"
	@@ -365,7 +375,7 @@ pubsys \
	${PUBLISH_ROOT_VOLUME_SIZE:+--root-volume-size "${PUBLISH_ROOT_VOLUME_SIZE}"} \
	--data-volume-size "${PUBLISH_DATA_VOLUME_SIZE}" \
	\
	- --arch "${BUILDSYS_ARCH}" \
	+ --arch "${arch}" \
	--name "${PUBLISH_AMI_NAME}" \
	--description "${PUBLISH_AMI_DESCRIPTION:-${PUBLISH_AMI_NAME}}" \
	${NO_PROGRESS:+--no-progress} \
	diff --git a/tools/pubsys/Infra.toml.example b/tools/pubsys/Infra.toml.example
	index 2dd8541..6446150 100644
	--- a/tools/pubsys/Infra.toml.example
	+++ b/tools/pubsys/Infra.toml.example
	@@ -31,6 +31,11 @@ signing_keys = { default = { file = { path = "/home/user/key.pem" } } }
	# The list of regions in which you want to publish AMIs. We register an AMI in
	# the first region and copy it to all other regions.
	regions = ["us-west-2", "us-east-1", "us-east-2"]
	+# If specified, we use this named profile from ~/.aws/credentials, rather than
	+# the default path of trying credentials from the environment, from a
	+# credential process, from the default profile, and then from an IAM instance
	+# profile.
	+profile = "my-profile"
	# If specified, we assume this role before making any API calls.
	role = "arn:aws:iam::012345678901:role/assume-global"

	diff --git a/tools/pubsys/src/aws/ami/mod.rs b/tools/pubsys/src/aws/ami/mod.rs
	index d619456..1340654 100644
	--- a/tools/pubsys/src/aws/ami/mod.rs
	+++ b/tools/pubsys/src/aws/ami/mod.rs
	@@ -85,8 +85,7 @@ pub(crate) async fn run(args: &Args, ami_args: &AmiArgs) -> Result<()> {
	.map(\|name\| region_from_string(&name, &aws))
	.collect::<Result<VecDeque<Region>>>()?;

	- // Prefer to start with the first region in the aws.regions list, fall back to the region in
	- // the profile, if they gave one, and finally fall back to the default region.
	+ // We register in this base region first, then copy from there to any other regions.
	let base_region = regions.pop_front().context(error::MissingConfig {
	missing: "aws.regions",
	})?;
	diff --git a/tools/pubsys/src/aws/ami/register.rs b/tools/pubsys/src/aws/ami/register.rs
	index 94a7e80..8e9a3cc 100644
	--- a/tools/pubsys/src/aws/ami/register.rs
	+++ b/tools/pubsys/src/aws/ami/register.rs
	@@ -15,6 +15,7 @@ const DATA_DEVICE_NAME: &str = "/dev/xvdb";
	const VIRT_TYPE: &str = "hvm";
	const VOLUME_TYPE: &str = "gp2";
	const SRIOV: &str = "simple";
	+const ENA: bool = true;

	/// Helper for `register_image`. Inserts registered snapshot IDs into `cleanup_snapshot_ids` so
	/// they can be cleaned up on failure if desired.
	@@ -96,7 +97,7 @@ async fn _register_image(
	architecture: Some(ami_args.arch.clone()),
	block_device_mappings: Some(vec![root_bdm, data_bdm]),
	description: ami_args.description.clone(),
	- ena_support: Some(true),
	+ ena_support: Some(ENA),
	name: ami_args.name.clone(),
	root_device_name: Some(ROOT_DEVICE_NAME.to_string()),
	sriov_net_support: Some(SRIOV.to_string()),
	diff --git a/tools/pubsys/src/aws/ami/wait.rs b/tools/pubsys/src/aws/ami/wait.rs
	index 23e7bb0..c1570e8 100644
	--- a/tools/pubsys/src/aws/ami/wait.rs
	+++ b/tools/pubsys/src/aws/ami/wait.rs
	@@ -60,7 +60,7 @@ pub(crate) async fn wait_for_ami(
	.context(error::DescribeImages {
	region: region.name(),
	})?;
	- // The response contains an Option<Vec<Snapshot>>, so we have to check that we got a
	+ // The response contains an Option<Vec<Image>>, so we have to check that we got a
	// list at all, and then that the list contains the ID in question.
	if let Some(images) = describe_response.images {
	let mut saw_it = false;
	@@ -94,7 +94,7 @@ pub(crate) async fn wait_for_ami(
	}
	}
	if !saw_it {
	- // Did not find snapshot in list; reset success count and try again (if we have spare attempts)
	+ // Did not find image in list; reset success count and try again (if we have spare attempts)
	successes = 0;
	}
	} else {