From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6925703955981795328
X-Received: by 2002:a5d:4d08:: with SMTP id z8mr3924096wrt.240.1612516109387;
        Fri, 05 Feb 2021 01:08:29 -0800 (PST)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:adf:fd09:: with SMTP id e9ls3451648wrr.0.gmail; Fri, 05 Feb
 2021 01:08:28 -0800 (PST)
X-Google-Smtp-Source: ABdhPJwDDzp4+conjIlg/XXXuGwZLVjv1fLQv6MYS9wI7k1pdvWZD8r1KM08ukPiMOJUVb1yRc03
X-Received: by 2002:a5d:4402:: with SMTP id z2mr3779811wrq.265.1612516108697;
        Fri, 05 Feb 2021 01:08:28 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1612516108; cv=none;
        d=google.com; s=arc-20160816;
        b=bBq0KGVaHeNeiwVQu6JxpBYfzH165MTBMlSWbGd1KUa4EtFkCxa3ZTwVom7MmjCtcO
         F8vR9v4LPw/l5qTnwMCVIqLc5JN3am523ULJmwQCmE+eHjBYPcrbPErLX53R+rDKRKYf
         xjXb40OiYfJw4xrAo/5gZsqykxRSyRNxbkd/sw4vZL3WJE0bjN+87WVbZQZ1iUr/eAnf
         nzk6iHFZgAIA+dp/365/yUhtDkJAeghTHQXOk+3XjviAnJj/1zpg30L5QnzTAftVDeXT
         y3wC1EqRPPYzJvvA7TV/N9BaUetB5QgwFxCum01S+yfz4bOhtEnaW0LyqNdFSUSgMU/E
         dlsQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from;
        bh=upoybnwR79jsndVV7zJ9DQ+OpYVoQ75BGx+eOz3azmU=;
        b=oufmsG7VAYSa9xBySPuAP/93QiJXiC+BAAwqHVaymtJMqn/ZpjpyrACbTbyNRVmOMF
         f0viZyu5kMzOOqMCbBKQIbauB201Kxw7Gqr+JRo2P4BWOadivufJ4NZ+vXumJwIvB++W
         ZdQrN6PIvX+8YYRMzBpHsQU3i3TXh7pcoPUR1CbO3uXOuGNhRqsKMUSRfg7jZnS4zSJ/
         1MwpgH/xB0J8lj6yCDC6GW3Kxjsr4GfiALV0vXNM1IySOJJolXdLdYs1Tf6x8012Rt/z
         GpQd/J6md30rXMz0gT5BtGQ50lgdEVrfOhyS5WyBZPoZkMjQXVtEO6Nd1N/ZA1Au83D3
         7lKw==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of silvano.cirujano-cuesta@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=silvano.cirujano-cuesta@siemens.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com
Return-Path: <silvano.cirujano-cuesta@siemens.com>
Received: from david.siemens.de (david.siemens.de. [192.35.17.14])
        by gmr-mx.google.com with ESMTPS id t16si966757wmi.3.2021.02.05.01.08.28
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 05 Feb 2021 01:08:28 -0800 (PST)
Received-SPF: pass (google.com: domain of silvano.cirujano-cuesta@siemens.com designates 192.35.17.14 as permitted sender) client-ip=192.35.17.14;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: domain of silvano.cirujano-cuesta@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=silvano.cirujano-cuesta@siemens.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com
Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35])
	by david.siemens.de (8.15.2/8.15.2) with ESMTPS id 11598SwB031215
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
	for <isar-users@googlegroups.com>; Fri, 5 Feb 2021 10:08:28 +0100
Received: from md1sf36c.ad001.siemens.net ([167.87.60.163])
	by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id 11598RW0000712
	for <isar-users@googlegroups.com>; Fri, 5 Feb 2021 10:08:28 +0100
From: Silvano Cirujano Cuesta <silvano.cirujano-cuesta@siemens.com>
To: isar-users@googlegroups.com
Subject: [PATCH 2/2] docs: document usage of sdk container images
Date: Fri,  5 Feb 2021 10:08:27 +0100
Message-Id: <20210205090827.17788-3-silvano.cirujano-cuesta@siemens.com>
X-Mailer: git-send-email 2.30.0
In-Reply-To: <20210205090827.17788-1-silvano.cirujano-cuesta@siemens.com>
References: <20210205090827.17788-1-silvano.cirujano-cuesta@siemens.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-TUID: hZmWCBIRa9z7

Signed-off-by: Silvano Cirujano Cuesta <silvano.cirujano-cuesta@siemens.com>
---
 doc/user_manual.md | 79 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 79 insertions(+)

diff --git a/doc/user_manual.md b/doc/user_manual.md
index a4f3d1d..7863241 100644
--- a/doc/user_manual.md
+++ b/doc/user_manual.md
@@ -19,6 +19,7 @@ Copyright (C) 2016-2019, ilbers GmbH
  - [Add a Custom Application](#add-a-custom-application)
  - [Enabling Cross-compilation](#isar-cross-compilation)
  - [Create an ISAR SDK root filesystem](#create-an-isar-sdk-root-filesystem)
+ - [Create a containerized ISAR SDK root filesystem](#create-a-containerized-isar-sdk-root-filesystem)
  - [Creation of local apt repo caching upstream Debian packages](#creation-of-local-apt-repo-caching-upstream-debian-packages)
 
 
@@ -84,6 +85,9 @@ If your host is >= buster, also install the following package.
 apt install python3-distutils
 ```
 
+If you want to generate containerized SDKs, also install the following packages: `umoci` and `skopeo`.
+Umoci is provided by Debian Buster and can be installed with `apt install umoci`, Skopeo is provided by Debian Bullseye/Unstable and has to be installed either manually downloading the DEB and installing it (no other packages required) or with `apt install -t bullseye skopeo` (if unstable/bullseye included in `/etc/apt/sources.list[.d]`).
+
 Notes:
 
 * BitBake requires Python 3.4+.
@@ -834,6 +838,81 @@ ii  crossbuild-essential-armhf           12.3                   all          Inf
 ~#
 ```
 
+## Create a containerized ISAR SDK root filesystem
+
+### Motivation
+
+Distributing and using the SDK root filesystem created following the instructions in "[Create an ISAR SDK root filesystem](#create-an-isar-sdk-root-filesystem)" becomes easier using container images (at least for those using containers anyway)
+A "containerized" SDK adds to those advantages of a normal SDK root filesystem the comfort of container images.
+
+### Approach
+
+Create container image with SDK root filesystem with installed cross-toolchain for target architecture and ability to install already prebuilt target binary artifacts.
+Developer:
+ - runs a container based on the resulting container image mounting the source code to be built,
+ - develops applications for target platform on the container and
+ - leaves the container getting the results on the mounted directory.
+
+### Solution
+
+User specifies the variable `SDK_FORMAT` providing a space-separated list of SDK formats to generate.
+
+Supported formats are:
+ - `tar-xz`: (default) is the non-containerized format that results from following the instructions in "[Create an ISAR SDK root filesystem](#create-an-isar-sdk-root-filesystem)"
+ - `docker-archive`: an archive containing a Docker image that can be imported with [`docker import`](https://docs.docker.com/engine/reference/commandline/import/)
+ - `docker-daemon`: resulting container image is made available on the local Docker Daemon
+ - `containers-storage`: resulting container image is made available to tools using containers/storage back-end (e.g. Podman, CRIO, buildah,...)
+ - `oci-archive`: an archive containing an OCI image, mostly for archiving as seed for any of the above formats
+
+User manually triggers creation of SDK formats for his target platform by launching the task `do_populate_sdk` for target image, f.e.
+`bitbake -c do_populate_sdk mc:${MACHINE}-${DISTRO}:isar-image-base`.
+Packages that should be additionally installed into the SDK can be appended to `SDK_PREINSTALL` (external repositories) and `SDK_INSTALL` (self-built).
+
+Following formats don't work if running `bitbake -c do_populate_sdk ...` (to generate the containerized SDK) from inside of a container (e.g. using `kas-container`): `docker-daemon` and `containers-storage`.
+It's technically possible, but requires making host resources (e.g. the Docker Daemon socket) accessible in the container.
+What can endanger the stability and security of the host.
+
+The resulting SDK formats are archived into `tmp/deploy/images/${MACHINE}/sdk-${DISTRO}-${DISTRO_ARCH}-${sdk_format}.tar.xz` (being `sdk_format` each one of the formats specified in `SDK_FORMATS`).
+The SDK container directory `/isar-apt` contains a copy of isar-apt repo with locally prebuilt target debian packages (for <HOST_DISTRO>).
+One may get into an SDK container and install required target packages with the help of `apt-get install <package_name>:<DISTRO_ARCH>` command.
+The directory with the source code to develop on should be mounted on the container (with `--volume <host-directory>:<container-directory>`) to be able to edit files in the host with an IDE and build in the container.
+
+### Example
+
+ - Make the SDK formats to generate available to the task
+
+For one-shot builds (use `local.conf` otherwise):
+
+```
+export BB_ENV_EXTRAWHITE="$BB_ENV_EXTRAWHITE SDK_FORMATS"
+export SDK_FORMATS="docker-archive"
+```
+
+ - Trigger creation of SDK root filesystem
+
+```
+bitbake -c do_populate_sdk mc:qemuarm-buster:isar-image-base
+```
+
+ - Load the SDK container image into the Docker Daemon
+
+```
+xzcat build/tmp/deploy/images/qemuarm/sdk-debian-buster-armhf-docker-archive.tar.xz | docker load
+```
+
+ - Run a container using the SDK container image (following commands starting with `#~:` are to be run in the container)
+
+```
+docker run --rm -ti --volume "$(pwd):/build" isar-sdk-buster-armhf:latest
+```
+
+ - Check that cross toolchains are installed
+
+```
+:~# dpkg -l | grep crossbuild-essential-armhf
+ii  crossbuild-essential-armhf           12.3                   all          Informational list of cross-build-essential packages
+```
+
 ## Creation of local apt repo caching upstream Debian packages
 
 ### Motivation
-- 
2.30.0