From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6916819859940573184
X-Received: by 2002:a1c:1bcc:: with SMTP id b195mr3181666wmb.131.1610451413085;
        Tue, 12 Jan 2021 03:36:53 -0800 (PST)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:adf:eb0e:: with SMTP id s14ls3170050wrn.2.gmail; Tue, 12 Jan
 2021 03:36:52 -0800 (PST)
X-Google-Smtp-Source: ABdhPJxTOn9r4dzk7dklEaWMpz8zxheFca1g3Ur2OKTywg2Zlb9rBe2Cfb88HGJ6ZB3oVVsiYRY6
X-Received: by 2002:adf:ca0c:: with SMTP id o12mr3941586wrh.154.1610451412248;
        Tue, 12 Jan 2021 03:36:52 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1610451412; cv=none;
        d=google.com; s=arc-20160816;
        b=ZhFS312Fe4WHGOCXa7HHkEh9uuEGVMQQHvJ26rU+ht0l6ddERnWTDseDDi1ClHJyci
         Sn/9SWCkb8NfKXu56Ez9F3+cbpikELW3J+ikO5Yk6pUm5Zz3vqwQZrz5QIVEhAQ1s7AV
         A31npEfBXUFwqF7N5wlVfhh30KBq/yKcG8ynPMBCMkhtmglh1OqvZgI3AbijC1rveihW
         JnKDxc4tFp4t8dRmxUHM0ksi6z/VPoinkmxJuauXFFylLjnEoZ/n1fw9zJj/xiARYy4y
         d/zcTZBJuxgzwtl2+es2cK8YMLm3z0hJqjDRKLI+5xAtwO/Hh1LEzBrFtkAQnKI9FqI/
         A4iw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:subject:cc:to:from:date;
        bh=oduN2QagnQgPlWIZ60C7st0q/VQVA8fRz/UnXrbdhIw=;
        b=sqHNNU0Idgj0EOq0oRakStSevxXcqwRl4svrQUs3tg9XP79dlel8F8/SeyWF7IPUij
         MuS6AfKSN2GFE6J8VZ5YcqpWMtxqxQbhCh0UWXWPlehYdxh9NhKMvcsjC3rgFHNOFzOp
         tRdyxNBNOUCfaivpUwW3lma+/Zj+fRhfhpK8me3R1tidWG0hr2VKd97uVk1SByou1s1H
         vruPw6D4LYehtsLB3xR+StTu3Ea2QZcYpTAYjETZiHT/8RJX79t8x2JS7B3vcR0C4klV
         0mbIW8ZN9vbL5XTJ4DRXelzjF3jLu9zcOJ2N67BbxaNZTs1RFCGmB/WBnhi7XFys0Bco
         xPLQ==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=henning.schild@siemens.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com
Return-Path: <henning.schild@siemens.com>
Received: from david.siemens.de (david.siemens.de. [192.35.17.14])
        by gmr-mx.google.com with ESMTPS id j13si64151wmq.3.2021.01.12.03.36.52
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 12 Jan 2021 03:36:52 -0800 (PST)
Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.14 as permitted sender) client-ip=192.35.17.14;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=henning.schild@siemens.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com
Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66])
	by david.siemens.de (8.15.2/8.15.2) with ESMTPS id 10CBapwK011648
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
	for <isar-users@googlegroups.com>; Tue, 12 Jan 2021 12:36:52 +0100
Received: from md1za8fc.ad001.siemens.net ([139.22.47.251])
	by mail2.sbs.de (8.15.2/8.15.2) with ESMTP id 10CBaprv026511;
	Tue, 12 Jan 2021 12:36:51 +0100
Date: Tue, 12 Jan 2021 12:36:50 +0100
From: Henning Schild <henning.schild@siemens.com>
To: "[ext] Silvano Cirujano Cuesta" <silvano.cirujano-cuesta@siemens.com>
Cc: isar-users@googlegroups.com
Subject: Re: [RFC PATCH 1/2] sdk: support creation of container image
Message-ID: <20210112123650.6ef81c19@md1za8fc.ad001.siemens.net>
In-Reply-To: <20210112103338.14712-2-silvano.cirujano-cuesta@siemens.com>
References: <20210112103338.14712-1-silvano.cirujano-cuesta@siemens.com>
	<20210112103338.14712-2-silvano.cirujano-cuesta@siemens.com>
X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.32; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-TUID: tF6DTGfFGFGU

Am Tue, 12 Jan 2021 11:33:37 +0100
schrieb "[ext] Silvano Cirujano Cuesta"
<silvano.cirujano-cuesta@siemens.com>:

> Extend task "populate_sdk" to support the creation of a container
> image containing the SDK.
> 
> Signed-off-by: Silvano Cirujano Cuesta
> <silvano.cirujano-cuesta@siemens.com> ---
>  meta/classes/image-sdk-extension.bbclass | 99
> ++++++++++++++++++++++-- 1 file changed, 92 insertions(+), 7
> deletions(-)
> 
> diff --git a/meta/classes/image-sdk-extension.bbclass
> b/meta/classes/image-sdk-extension.bbclass index a8c708a..9317256
> 100644 --- a/meta/classes/image-sdk-extension.bbclass
> +++ b/meta/classes/image-sdk-extension.bbclass
> @@ -6,10 +6,77 @@
>  # This class extends the image.bbclass to supply the creation of a
> sdk 
>  SDK_INCLUDE_ISAR_APT ?= "0"
> +SDK_GENERATE_FORMATS = "${@d.getVar("SDK_FORMATS", "tar")}"

I do not understand why there are two variables, maybe one is enough.
And i think a ?= assignment would be a better choice here.

> +sdk_tar() {

I think this should be tar_xz or tar.xz

> +    # Copy mount_chroot.sh for convenience
> +    sudo cp ${SCRIPTSDIR}/mount_chroot.sh ${SDKCHROOT_DIR}
> +
> +    # Create SDK archive
> +    cd -P ${SDKCHROOT_DIR}/..
> +    sudo tar --transform="s|^rootfs|sdk-${DISTRO}-${DISTRO_ARCH}|" \
> +        -c rootfs | xz -T0 >
> ${DEPLOY_DIR_IMAGE}/sdk-${DISTRO}-${DISTRO_ARCH}.tar.xz +}
> +
> +sdk_container_images() {
> +    local cmd="/bin/dash"
> +    local empty_tag="empty"
> +    local full_tag="latest"
> +    local oci_img_dir="${WORKDIR}/oci-image"
> +    local sdk_container_formats="$1"
> +
> +    # prepare OCI container image skeleton
> +    sudo umoci init --layout "${oci_img_dir}"
> +    sudo umoci new --image "${oci_img_dir}:${empty_tag}"
> +    sudo umoci config --image "${oci_img_dir}:${empty_tag}" \
> +        --config.cmd="${cmd}"
> +    sudo umoci unpack --image "${oci_img_dir}:${empty_tag}" \
> +        "${oci_img_dir}_unpacked"
> +
> +    # add SDK root filesystem as the flesh of the skeleton
> +    sudo cp -a "${SDKCHROOT_DIR}"/* "${oci_img_dir}_unpacked/rootfs/"
> +
> +    # pack container image
> +    sudo umoci repack --image "${oci_img_dir}:${full_tag}" \
> +        "${oci_img_dir}_unpacked"
> +    sudo umoci remove --image "${oci_img_dir}:${empty_tag}"
> +    sudo rm -rf "${oci_img_dir}_unpacked"
> +
> +    # no root needed anymore
> +    sudo chown --recursive $(id -u):$(id -g) "${oci_img_dir}"
> +
> +    # convert the OCI container image to the desired format
> +    sdk_id="sdk-${DISTRO}-${DISTRO_ARCH}"
> +    image_name="isar-${sdk_id}"
> +    image_archive="${DEPLOY_DIR_IMAGE}/${sdk_id}-${sdk_format}.tar"
> +    for sdk_format in ${sdk_container_formats} ; do
> +        case "${sdk_format}" in
> +            "docker-archive" | "oci-archive")
> +                if [ "${sdk_format}" = "oci-archive" ] ; then
> +                    target="${sdk_format}:${image_archive}:latest"
> +                else
> +
> target="${sdk_format}:${image_archive}:${image_name}:latest"
> +                fi
> +                skopeo --insecure-policy copy \
> +                    "oci:${oci_img_dir}:${full_tag}" "${target}"
> +                xz -T0 "${image_archive}"
> +                ;;
> +            "oci")
> +                tar --create --xz --directory "${oci_img_dir}" \
> +                    --file "${image_archive}.xz" .
> +                ;;

do we not already have tar_xz code we can maybe reuse?

> +            "docker-daemon" | "containers-storage")
> +                skopeo --insecure-policy copy \
> +                    "oci:${oci_img_dir}:${full_tag}" \
> +                    "${sdk_format}:${image_name}:latest"
> +                ;;

i really would not trust "skopeo" to generate valid docker images, the
container world is full of incompatible stuff and compat fake news

> +        esac
> +    done

This is using "umoci" and "skopeo", new runtime deps ... which might
only be available/working in pretty bleeding edge debian.

Henning

> +}
>  
>  do_populate_sdk[stamp-extra-info] = "${DISTRO}-${MACHINE}"
>  do_populate_sdk[depends] = "sdkchroot:do_build"
> -do_populate_sdk[vardeps] += "SDK_INCLUDE_ISAR_APT"
> +do_populate_sdk[vardeps] += "SDK_INCLUDE_ISAR_APT
> SDK_GENERATE_FORMATS" do_populate_sdk() {
>      if [ "${SDK_INCLUDE_ISAR_APT}" = "1" ]; then
>          # Copy isar-apt with deployed Isar packages
> @@ -48,12 +115,30 @@ do_populate_sdk() {
>          done
>      done
>  
> -    # Copy mount_chroot.sh for convenience
> -    sudo cp ${SCRIPTSDIR}/mount_chroot.sh ${SDKCHROOT_DIR}
> +    # separate SDK formats: TAR and container formats
> +    container_formats=""
> +    for sdk_format in ${SDK_GENERATE_FORMATS} ; do
> +        case ${sdk_format} in
> +            tar)
> +                sdk_tar
> +                ;;
> +            "docker-archive" | "oci" | "oci-archive")
> +                container_formats="${container_formats}
> ${sdk_format}"
> +                ;;
> +            "docker-daemon" | "containers-storage")
> +                if [ -f /.dockerenv ] || [ -f /run/.containerenv ] ;
> then
> +                    die "Adding the SDK container image to a
> container runtime (${sdk_format}) not supported if running from a
> container (e.g. 'kas-container')"
> +                fi
> +                ;;
> +            *)
> +                die "unsupported SDK format specified: ${sdk_format}"
> +                ;;
> +        esac
> +    done
>  
> -    # Create SDK archive
> -    cd -P ${SDKCHROOT_DIR}/..
> -    sudo tar --transform="s|^rootfs|sdk-${DISTRO}-${DISTRO_ARCH}|" \
> -        -c rootfs | xz -T0 >
> ${DEPLOY_DIR_IMAGE}/sdk-${DISTRO}-${DISTRO_ARCH}.tar.xz
> +    # generate the SDK in all the desired container formats
> +    if [ -n "${container_formats}" ] ; then
> +        sdk_container_images "${container_formats}"
> +    fi
>  }
>  addtask populate_sdk after do_rootfs