buildsys: add targets for raw installation and sysexts

The following targets should be self-explanatory:

    # make install
    $ make DESTDIR=$SOME_PATH install
    # make proxmox-sys-install
    $ make DESTDIR=$SOME_PATH proxmox-sys-install
    # make proxmox-<any other crate name>-install

Additionally, these are used as building blocks to create
systemd-sysext(8) images:

    $ make proxmox-sys-sysext

builds an `extensions/proxmox-sys.raw`

This can be copied/symlinked to `/run/extensions/` and then activated.
As root:

    # ln -s $REPO_DIR/extensions/proxmox-sys.raw /run/extensions/
    # systemd-systext refresh

For the complete workspace, an `extensions/proxmox-workspace.raw` can
be built via

    $ make sysext

This also takes a `CRATES` var to limit the crates which should be
included, and takes an optional `NOCLEAN=1` which prevents cleaning
out the previously installed to "add" new crates on the go:
Assuming there's a symlink like:

    # ln -s $REPO_DIR/extensions/proxmox-workspace.raw /run/extensions/proxmox-workspace.raw

One can modify the installed crates like this:

    $ make CRATES=proxmox-sys sysext
    $ sudo systemd-sysext refresh

Now only the current proxmox-sys crate is overridden.

    $ make NOCLEAN=1 CRATES=proxmox-time sysext
    $ sudo systemd-sysext refresh

Now proxmox-sys as well as proxmox-time are installed.

To undo the changes, either just do, as root:

    # systemd-sysext unmerge

or remove the files which should specifically be dropped from
/run/extensions/ and run as root:

    # systemd-sysext refresh

Another way to temporarily install single crates is to just have the
extensions/ folder *be* the `/run/extensions` folder:

    # rmdir /run/extensions
    # ln -s $REPO_DIR/extensions /run/extensions

Then just build individual extensions:

    $ make proxmox-sys-sysext
    $ sudo systemd-sysext refresh
    $ make proxmox-router-sysext
    $ sudo systemd-sysext refresh

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

Makefile

@@ -74,3 +74,69 @@ update:
 	    | grep -v '.changes$$' \
 	    | tar -cf "$@.tar" -T-; \
 	    cat "$@.tar" | ssh -X repoman@repo.proxmox.com upload --product devel --dist bookworm
+
+%-install:
+	rm -rf build/install/$*
+	mkdir -p build/install/$*
+	BUILDDIR=build/install/$* BUILDCMD=/usr/bin/true NOCONTROL=1 ./build.sh "$*" || true
+	version="$$(dpkg-parsechangelog -l $*/debian/changelog -SVersion | sed -e 's/-.*//')"; \
+	  install -m755 -Dd "$(DESTDIR)/usr/share/cargo/registry/$*-$${version}"; \
+	  rm -rf "$(DESTDIR)/usr/share/cargo/registry/$*-$${version}"; \
+	  mv "build/install/$*/$*" \
+	    "$(DESTDIR)/usr/share/cargo/registry/$*-$${version}"; \
+	  mv "$(DESTDIR)/usr/share/cargo/registry/$*-$${version}/debian/cargo-checksum.json" \
+	    "$(DESTDIR)/usr/share/cargo/registry/$*-$${version}/.cargo-checksum.json"; \
+	  rm -rf "$(DESTDIR)/usr/share/cargo/registry/$*-$${version}/debian" \
+
+.PHONY: install
+install: $(foreach c,$(CRATES), $c-install)
+
+%-install-overlay: %-install
+	version="$$(dpkg-parsechangelog -l $*/debian/changelog -SVersion | sed -e 's/-.*//')"; \
+	  setfattr -n trusted.overlay.opaque -v y \
+	    "$(DESTDIR)/usr/share/cargo/registry/$*-$${version}"
+	install -m755 -Dd $(DESTDIR)/usr/lib/extension-release.d
+	echo 'ID=_any' >$(DESTDIR)/usr/lib/extension-release.d/extension-release.$*
+
+.PHONY: install-overlay
+install-overlay: $(foreach c,$(CRATES), $c-install-overlay)
+
+# To make sure a sysext *replaces* a crate, rather than "merging" with it, we
+# need to be able to set the 'trusted.overlay.opaque' xattr. Since we cannot do
+# this as a user, we utilize `fakeroot` which keeps track of this for us, and
+# turn the final directory into an 'erofs' file system image.
+#
+# The reason is that if a crate gets changed like this:
+#
+#     old:
+#         src/foo.rs
+#     new:
+#         src/foo/mod.rs
+#
+# if its /usr/share/cargo/registry/$crate-$version directory was not marked as
+# "opaque", the merged file system would end up with both
+#
+#         src/foo.rs
+#         src/foo/mod.rs
+#
+# together.
+#
+# See https://docs.kernel.org/filesystems/overlayfs.html
+%-sysext:
+	fakeroot $(MAKE) $*-sysext-do
+%-sysext-do:
+	rm -f extensions/$*.raw
+	$(MAKE) DESTDIR=build/sysext/$* $*-install-overlay
+	mkdir -p extensions
+	mkfs.erofs extensions/$*.raw build/sysext/$*
+
+sysext:
+	fakeroot $(MAKE) sysext-do
+sysext-do:
+	rm -f extensions/proxmox-workspace.raw
+	[ -n "$(NOCLEAN)" ] || rm -rf build/sysext/workspace
+	$(MAKE) DESTDIR=build/sysext/workspace $(foreach c,$(CRATES), $c-install)
+	install -m755 -Dd build/sysext/workspace/usr/lib/extension-release.d
+	echo 'ID=_any' >build/sysext/workspace/usr/lib/extension-release.d/extension-release.proxmox-workspace
+	mkdir -p extensions
+	mkfs.erofs extensions/proxmox-workspace.raw build/sysext/workspace

build.sh

@@ -7,29 +7,30 @@ export RUSTC=/usr/bin/rustc
 
 CRATE=$1
 BUILDCMD=${BUILDCMD:-"dpkg-buildpackage -b -uc -us"}
+BUILDDIR="${BUILDDIR:-"build"}"
 
-mkdir -p build
-echo system >build/rust-toolchain
-rm -rf "build/${CRATE}"
+mkdir -p "${BUILDDIR}"
+echo system >"${BUILDDIR}"/rust-toolchain
+rm -rf ""${BUILDDIR}"/${CRATE}"
 
 CONTROL="$PWD/${CRATE}/debian/control"
 
 if [ -e "$CONTROL" ]; then
     # check but only warn, debcargo fails anyway if crates are missing
     dpkg-checkbuilddeps $PWD/${CRATE}/debian/control || true
-    rm -f "$PWD/${CRATE}/debian/control"
+    [ "x$NOCONTROL" = 'x' ] && rm -f "$PWD/${CRATE}/debian/control"
 fi
 
 debcargo package \
     --config "$PWD/${CRATE}/debian/debcargo.toml" \
     --changelog-ready \
     --no-overlay-write-back \
-    --directory "$PWD/build/${CRATE}" \
+    --directory "$PWD/"${BUILDDIR}"/${CRATE}" \
     "${CRATE}" \
     "$(dpkg-parsechangelog -l "${CRATE}/debian/changelog" -SVersion | sed -e 's/-.*//')"
 
-cd "build/${CRATE}"
+cd ""${BUILDDIR}"/${CRATE}"
 rm -f debian/source/format.debcargo.hint
 ${BUILDCMD}
 
-cp debian/control "$CONTROL"
+[ "x$NOCONTROL" = "x" ] && cp debian/control "$CONTROL"