From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6927266035414335488 X-Received: by 2002:a05:6512:558:: with SMTP id h24mr1029417lfl.531.1613120776360; Fri, 12 Feb 2021 01:06:16 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a2e:9696:: with SMTP id q22ls749101lji.9.gmail; Fri, 12 Feb 2021 01:06:15 -0800 (PST) X-Google-Smtp-Source: ABdhPJzpExSB+I7aojK5Vh4hrSjT/D3ap3HuZeNZcCa8zLgxLrdEGa18kO8CESxGjYksNoPWsVfg X-Received: by 2002:a2e:93c7:: with SMTP id p7mr1136515ljh.75.1613120775369; Fri, 12 Feb 2021 01:06:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1613120775; cv=none; d=google.com; s=arc-20160816; b=s/O1s9caAj5p8FWesrNA4kY2MUvxqU3UkPGrSyiPeQXGKtuBjplqC18WXrnxijAPs1 d61n42JyTCpJfgBnK35OI7+YiwGjttBRC6V5so4pze88YrqdZMmgoOU7S/YJjuQoVVhc A3kxcaE4xQy4FRe/ZDqWD/DUXccDJGYkbWvFv8a8S3VyLr9xCXcnApB8z4yDFmg0kr+M I6ozz3QKm4p27S08GQgi59dW96EyA1TGA6dNya9lCopuIIW2NZ72BV8XfrLAu+cd0hZB XRsEGwiG/kjDxmRq3iETKbM4QvzeCoGubmauOtBrXxMEcseEXqurm7/qvWt6RRFGxGc0 hyyQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from; bh=ec0f5w+LaAA2X2q7zzFtsJSYyJPrZpWY9PekOIYKCYM=; b=rZ98eaE7f9QLXb4qsogaa8loSWKZktdlhLEIj5usMTUgRBdWNDiibRK2DAN9ze2Vfq pGBPWpIZY+Mc1pb5SsVX4HoAOh3lfv9zxPQwp5580OKsNXNs5DwhFUQXLhU0dyX9Ld8W FnEmG6jpIdM1O6h5BjOfjb8/X/wUSxf/KStypzO0N6UYEU4PU9Vmy+p2ALFEmUu7XM92 2gDCBpCrcBDwi78qkj25QNDRxT+i5dPffpzdpdw4xrK/Jwkbthi+UZMAEa+y89x58LBf JsktxsjQDsS8w2IYjsXAuYZTKGsoSxwH87koqGDHsA8vBbAeavZ6XNyrNAyknm2WAiNN Ktrg== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of silvano.cirujano-cuesta@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=silvano.cirujano-cuesta@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from gecko.sbs.de (gecko.sbs.de. [194.138.37.40]) by gmr-mx.google.com with ESMTPS id y8si8966lfy.2.2021.02.12.01.06.15 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 12 Feb 2021 01:06:15 -0800 (PST) Received-SPF: pass (google.com: domain of silvano.cirujano-cuesta@siemens.com designates 194.138.37.40 as permitted sender) client-ip=194.138.37.40; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of silvano.cirujano-cuesta@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=silvano.cirujano-cuesta@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66]) by gecko.sbs.de (8.15.2/8.15.2) with ESMTPS id 11C96EQA006224 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Fri, 12 Feb 2021 10:06:14 +0100 Received: from md1sf36c.ad001.siemens.net ([167.87.23.75]) by mail2.sbs.de (8.15.2/8.15.2) with ESMTP id 11C8pDgL017325 for ; Fri, 12 Feb 2021 09:51:14 +0100 From: Silvano Cirujano Cuesta To: isar-users@googlegroups.com Subject: [PATCH v3 1/2] images: add support for container images Date: Fri, 12 Feb 2021 09:51:12 +0100 Message-Id: <20210212085113.11013-2-silvano.cirujano-cuesta@siemens.com> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210212085113.11013-1-silvano.cirujano-cuesta@siemens.com> References: <20210212085113.11013-1-silvano.cirujano-cuesta@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-TUID: B/wlBJhZVqYq Add support for creation of container images with the build root filesystems. Extend also task "populate_sdk" to support the creation of a container image containing the SDK. Signed-off-by: Silvano Cirujano Cuesta --- meta/classes/container-img.bbclass | 88 ++++++++++++++++++++++++ meta/classes/image-sdk-extension.bbclass | 51 ++++++++++++-- meta/classes/image.bbclass | 1 + 3 files changed, 133 insertions(+), 7 deletions(-) create mode 100644 meta/classes/container-img.bbclass diff --git a/meta/classes/container-img.bbclass b/meta/classes/container-img.bbclass new file mode 100644 index 0000000..35c7bbc --- /dev/null +++ b/meta/classes/container-img.bbclass @@ -0,0 +1,88 @@ +# This software is a part of ISAR. +# Copyright (C) Siemens AG, 2021 +# +# SPDX-License-Identifier: MIT +# +# This class provides the tasks 'containerize_rootfs' and 'containerize_sdk' +# to create container images containing the target rootfs and the SDK +# respectively. + +CONTAINER_FORMATS ?= "docker-archive" + +containerize_rootfs() { + local cmd="/bin/dash" + local empty_tag="empty" + local full_tag="latest" + local oci_img_dir="${WORKDIR}/oci-image" + local rootfs="$1" + local rootfs_id="$2" + local container_formats="$3" + + # prepare OCI container image skeleton + bbdebug 1 "prepare OCI container image skeleton" + rm -rf "${oci_img_dir}" + sudo umoci init --layout "${oci_img_dir}" + sudo umoci new --image "${oci_img_dir}:${empty_tag}" + sudo umoci config --image "${oci_img_dir}:${empty_tag}" \ + --config.cmd="${cmd}" + sudo umoci unpack --image "${oci_img_dir}:${empty_tag}" \ + "${oci_img_dir}_unpacked" + + # add root filesystem as the flesh of the skeleton + sudo cp -a "${rootfs}"/* "${oci_img_dir}_unpacked/rootfs/" + + # pack container image + bbdebug 1 "pack container image" + sudo umoci repack --image "${oci_img_dir}:${full_tag}" \ + "${oci_img_dir}_unpacked" + sudo umoci remove --image "${oci_img_dir}:${empty_tag}" + sudo rm -rf "${oci_img_dir}_unpacked" + + # no root needed anymore + sudo chown --recursive $(id -u):$(id -g) "${oci_img_dir}" + + # convert the OCI container image to the desired format + image_name="isar-${rootfs_id}" + for image_type in ${CONTAINER_FORMATS} ; do + image_archive="${DEPLOY_DIR_IMAGE}/${rootfs_id}-${image_type}.tar" + bbdebug 1 "Creating container image type: ${image_type}" + case "${image_type}" in + "docker-archive" | "oci-archive") + if [ "${image_type}" = "oci-archive" ] ; then + target="${image_type}:${image_archive}:latest" + else + target="${image_type}:${image_archive}:${image_name}:latest" + fi + rm -f "${image_archive}" "${image_archive}.xz" + bbdebug 2 "Converting OCI image to ${image_type}" + skopeo --insecure-policy copy \ + "oci:${oci_img_dir}:${full_tag}" "${target}" + bbdebug 2 "Compressing image" + xz -T0 "${image_archive}" + ;; + "oci") + tar --create --xz --directory "${oci_img_dir}" \ + --file "${image_archive}.xz" . + ;; + "docker-daemon" | "containers-storage") + skopeo --insecure-policy copy \ + "oci:${oci_img_dir}:${full_tag}" \ + "${image_type}:${image_name}:latest" + ;; + *) + die "Unsupported format for containerize_rootfs: ${image_type}" + ;; + esac + done +} + +do_container_image[stamp-extra-info] = "${DISTRO}-${MACHINE}" +do_container_image[vardeps] += "CONTAINER_FORMATS" +do_container_image(){ + rootfs_id="${DISTRO}-${DISTRO_ARCH}" + + bbnote "Generate container image in these formats: ${CONTAINER_FORMATS}" + containerize_rootfs "${IMAGE_ROOTFS}" "${rootfs_id}" "${CONTAINER_FORMATS}" +} + +addtask container_image before do_image after do_image_tools diff --git a/meta/classes/image-sdk-extension.bbclass b/meta/classes/image-sdk-extension.bbclass index a8c708a..63138da 100644 --- a/meta/classes/image-sdk-extension.bbclass +++ b/meta/classes/image-sdk-extension.bbclass @@ -6,11 +6,25 @@ # This class extends the image.bbclass to supply the creation of a sdk SDK_INCLUDE_ISAR_APT ?= "0" +SDK_FORMATS ?= "tar-xz" + +sdk_tar_xz() { + # Copy mount_chroot.sh for convenience + sudo cp ${SCRIPTSDIR}/mount_chroot.sh ${SDKCHROOT_DIR} + + # Create SDK archive + cd -P ${SDKCHROOT_DIR}/.. + sudo tar --transform="s|^rootfs|sdk-${DISTRO}-${DISTRO_ARCH}|" \ + -c rootfs | xz -T0 > ${DEPLOY_DIR_IMAGE}/sdk-${DISTRO}-${DISTRO_ARCH}.tar.xz + bbnote "SDK rootfs available in ${DEPLOY_DIR_IMAGE}/sdk-${DISTRO}-${DISTRO_ARCH}.tar.xz" +} do_populate_sdk[stamp-extra-info] = "${DISTRO}-${MACHINE}" do_populate_sdk[depends] = "sdkchroot:do_build" -do_populate_sdk[vardeps] += "SDK_INCLUDE_ISAR_APT" +do_populate_sdk[vardeps] += "SDK_INCLUDE_ISAR_APT SDK_FORMATS" do_populate_sdk() { + local sdk_container_formats="" + if [ "${SDK_INCLUDE_ISAR_APT}" = "1" ]; then # Copy isar-apt with deployed Isar packages sudo cp -Trpfx ${REPO_ISAR_DIR}/${DISTRO} ${SDKCHROOT_DIR}/isar-apt @@ -48,12 +62,35 @@ do_populate_sdk() { done done - # Copy mount_chroot.sh for convenience - sudo cp ${SCRIPTSDIR}/mount_chroot.sh ${SDKCHROOT_DIR} + # separate SDK formats: TAR and container formats + for sdk_format in ${SDK_FORMATS} ; do + case ${sdk_format} in + "tar-xz") + sdk_tar_xz + ;; + "docker-archive" | "oci" | "oci-archive") + if [ -z "${sdk_container_formats}" ] ; then + sdk_container_formats="${sdk_format}" + else + sdk_container_formats="${sdk_container_formats} ${sdk_format}" + fi + ;; + "docker-daemon" | "containers-storage") + if [ -f /.dockerenv ] || [ -f /run/.containerenv ] ; then + die "Adding the SDK container image to a container runtime (${sdk_format}) not supported if running from a container (e.g. 'kas-container')" + fi + ;; + *) + die "unsupported SDK format specified: ${sdk_format}" + ;; + esac + done - # Create SDK archive - cd -P ${SDKCHROOT_DIR}/.. - sudo tar --transform="s|^rootfs|sdk-${DISTRO}-${DISTRO_ARCH}|" \ - -c rootfs | xz -T0 > ${DEPLOY_DIR_IMAGE}/sdk-${DISTRO}-${DISTRO_ARCH}.tar.xz + # generate the SDK in all the desired container formats + if [ -n "${sdk_container_formats}" ] ; then + bbnote "Generating SDK container in ${sdk_container_formats} format" + containerize_rootfs "${SDKCHROOT_DIR}" "sdk-${DISTRO}-${DISTRO_ARCH}" "${sdk_container_formats}" + fi } + addtask populate_sdk after do_rootfs diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index eddc444..7fb7b7e 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass @@ -76,6 +76,7 @@ inherit image-tools-extension inherit image-postproc-extension inherit image-locales-extension inherit image-account-extension +inherit container-img # Extra space for rootfs in MB ROOTFS_EXTRA ?= "64" -- 2.30.0