From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6927266035414335488 X-Received: by 2002:a7b:c750:: with SMTP id w16mr14861453wmk.184.1615579726539; Fri, 12 Mar 2021 12:08:46 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:6000:162d:: with SMTP id v13ls1047815wrb.1.gmail; Fri, 12 Mar 2021 12:08:45 -0800 (PST) X-Google-Smtp-Source: ABdhPJyee6wtwR8wcrE08epMXUBt3z/Eo91qKEpXWr/htm1Im8rwWG1TEKYNph5eUWvQlCn+xR0B X-Received: by 2002:a05:6000:147:: with SMTP id r7mr16070731wrx.25.1615579725756; Fri, 12 Mar 2021 12:08:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1615579725; cv=none; d=google.com; s=arc-20160816; b=sXHaWsx3DTPc0z9kDMZcUqo4nc0WH7a67Q/onUAeSdG3WYJ2j+VgmBo1E9COfAhJkL Ge4Ss3YJiQAA4pCdyDKGmQtz/atcOpHsfK6Urf2ucsrwTdMF36qclpC0n/3IguAfv/om ZHB+VaeQ+p58HZJc2VUtvyjjSHwdu3j3XmuGAliDqrkAZt0Zl/9khrKSE6ch5kAxUh3l yiy8YvKCRdDGgbm+ikfAwsMEy3oiTB3otwYFwWgL1LbOdjdI5mtqNyLCiizqVwpdOCLn VJJJ+H4UJzhjSKZ96xdz8vY8B7FF83K7I856YktT74P6KvZeKHB6tDpxrrtMO2BqOPGL jUvA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from; bh=hlaoZgXF0Ea0UtX9BYK3I62dMu7qGh3UU6LJrND6RGM=; b=JyAppMcFZfhGKhlTlpd7sBGW6/Ak3Z2BDk8pQntAeH0iOuf74XEfai7tXaTtc3hV6Q sBbB4Cf7LElfVyoZAqSCcEhM/6bgZEmVz3Y6AesD7ovtpxL8adW7aRKP2XfiEGnes9le DXtyJKnMNfiGVbLGHxl4/lbfjjLMqA51k1SqROK5mzLf4sM1OKGJ3AX3hfAp7HTvtRhr CEubkCFfeDpLSLJetGRGdeapVxupNVVg8pU/DU6RiAjloPXG+b7slBeGLzT+XzOpxt+V odbNPvxn2tnfarq3kYt97XOyINPg/6WrWNgCrDiNZM8RqoTBPC8SmmjbjjS4LuWv4ysv V/hw== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of silvano.cirujano-cuesta@siemens.com designates 194.138.37.39 as permitted sender) smtp.mailfrom=silvano.cirujano-cuesta@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from lizzard.sbs.de (lizzard.sbs.de. [194.138.37.39]) by gmr-mx.google.com with ESMTPS id p65si629556wmp.0.2021.03.12.12.08.45 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 12 Mar 2021 12:08:45 -0800 (PST) Received-SPF: pass (google.com: domain of silvano.cirujano-cuesta@siemens.com designates 194.138.37.39 as permitted sender) client-ip=194.138.37.39; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of silvano.cirujano-cuesta@siemens.com designates 194.138.37.39 as permitted sender) smtp.mailfrom=silvano.cirujano-cuesta@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by lizzard.sbs.de (8.15.2/8.15.2) with ESMTPS id 12CK8j2H025882 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Fri, 12 Mar 2021 21:08:45 +0100 Received: from md1sf36c.ad001.siemens.net ([167.87.3.106]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id 12CJwiaN008930 for ; Fri, 12 Mar 2021 20:58:45 +0100 From: Silvano Cirujano Cuesta To: isar-users@googlegroups.com Subject: [PATCH v7 1/5] classes: add root filesystem containerizing class Date: Fri, 12 Mar 2021 20:58:39 +0100 Message-Id: <20210312195843.96000-2-silvano.cirujano-cuesta@siemens.com> X-Mailer: git-send-email 2.30.1 In-Reply-To: <20210312195843.96000-1-silvano.cirujano-cuesta@siemens.com> References: <20210312195843.96000-1-silvano.cirujano-cuesta@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-TUID: rX9cHOoicz59 This class can be used to create container images which root filesystem is that generated by the do_rootfs task. Containerized root filesystems have following possible use-cases: - Using ISAR as a container image builder. - Simplify distribution of runtime rootfs (binaries, libraries, configurations, ...) for application development or testing. - Distributing SDKs. Signed-off-by: Silvano Cirujano Cuesta --- .../classes/image-container-extension.bbclass | 82 +++++++++++++++++++ meta/classes/image.bbclass | 1 + 2 files changed, 83 insertions(+) create mode 100644 meta/classes/image-container-extension.bbclass diff --git a/meta/classes/image-container-extension.bbclass b/meta/classes/image-container-extension.bbclass new file mode 100644 index 0000000..f693627 --- /dev/null +++ b/meta/classes/image-container-extension.bbclass @@ -0,0 +1,82 @@ +# This software is a part of ISAR. +# Copyright (C) Siemens AG, 2021 +# +# SPDX-License-Identifier: MIT +# +# This class extends the image.bbclass for containerizing the root filesystem. + +CONTAINER_FORMATS ?= "docker-archive" +IMAGE_INSTALL += "isar-exclude-docs isar-disable-apt-cache" + +containerize_rootfs() { + local cmd="/bin/dash" + local empty_tag="empty" + local full_tag="latest" + local oci_img_dir="${WORKDIR}/oci-image" + local rootfs="$1" + local rootfs_id="$2" + local container_formats="$3" + + # prepare OCI container image skeleton + bbdebug 1 "prepare OCI container image skeleton" + rm -rf "${oci_img_dir}" + sudo umoci init --layout "${oci_img_dir}" + sudo umoci new --image "${oci_img_dir}:${empty_tag}" + sudo umoci config --image "${oci_img_dir}:${empty_tag}" \ + --config.cmd="${cmd}" + sudo umoci unpack --image "${oci_img_dir}:${empty_tag}" \ + "${oci_img_dir}_unpacked" + + # add root filesystem as the flesh of the skeleton + sudo cp -a "${rootfs}"/* "${oci_img_dir}_unpacked/rootfs/" + # clean-up temporary files + sudo find "${oci_img_dir}_unpacked/rootfs/tmp" -mindepth 1 -delete + + # pack container image + bbdebug 1 "pack container image" + sudo umoci repack --image "${oci_img_dir}:${full_tag}" \ + "${oci_img_dir}_unpacked" + sudo umoci remove --image "${oci_img_dir}:${empty_tag}" + sudo rm -rf "${oci_img_dir}_unpacked" + + # no root needed anymore + sudo chown --recursive $(id -u):$(id -g) "${oci_img_dir}" + + # convert the OCI container image to the desired format + image_name="isar-${rootfs_id}" + for image_type in ${CONTAINER_FORMATS} ; do + image_archive="${DEPLOY_DIR_IMAGE}/${rootfs_id}-${image_type}.tar" + bbdebug 1 "Creating container image type: ${image_type}" + case "${image_type}" in + "docker-archive" | "oci-archive") + if [ "${image_type}" = "oci-archive" ] ; then + target="${image_type}:${image_archive}:latest" + else + target="${image_type}:${image_archive}:${image_name}:latest" + fi + rm -f "${image_archive}" "${image_archive}.xz" + bbdebug 2 "Converting OCI image to ${image_type}" + skopeo --insecure-policy copy \ + "oci:${oci_img_dir}:${full_tag}" "${target}" + bbdebug 2 "Compressing image" + xz -T0 "${image_archive}" + ;; + "oci") + tar --create --xz --directory "${oci_img_dir}" \ + --file "${image_archive}.xz" . + ;; + "docker-daemon" | "containers-storage") + if [ -f /.dockerenv ] || [ -f /run/.containerenv ] ; then + die "Adding the container image to a container runtime (${image_type}) not supported if running from a container (e.g. 'kas-container')" + fi + skopeo --insecure-policy copy \ + "oci:${oci_img_dir}:${full_tag}" \ + "${image_type}:${image_name}:latest" + ;; + *) + die "Unsupported format for containerize_rootfs: ${image_type}" + ;; + esac + done +} + diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index eddc444..ec93cab 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass @@ -76,6 +76,7 @@ inherit image-tools-extension inherit image-postproc-extension inherit image-locales-extension inherit image-account-extension +inherit image-container-extension # Extra space for rootfs in MB ROOTFS_EXTRA ?= "64" -- 2.30.1