From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6945105578761912320
X-Received: by 2002:a1c:a98a:: with SMTP id s132mr26087952wme.12.1617033402408;
        Mon, 29 Mar 2021 08:56:42 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:adf:d1c8:: with SMTP id b8ls9370560wrd.3.gmail; Mon, 29 Mar
 2021 08:56:41 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJy3GbvVdh42+9kxcY4OSO+G+B5cA+KmgywfV+HmSiRIsn2hYPynmYqjYZ4W7GWg1W72XRYh
X-Received: by 2002:a5d:4dd2:: with SMTP id f18mr29189331wru.366.1617033401588;
        Mon, 29 Mar 2021 08:56:41 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1617033401; cv=none;
        d=google.com; s=arc-20160816;
        b=fwNtYVqvRLynyzWvjkjQwNOAUUKYL3r3El2HmwHAJCzSOpTjjWpUHHLluB09tJh8+W
         gnefJ0QaDXENwpb2FcKoB2M+mz78WSbR2YE1P+HQgYeU4r02dkVIBh9W6+OtSTq/pcaQ
         aNIAo5cHnk/iCHI4itQaCnyk+MwZypT/hjDZciB5cQYCNQ1gEGLFGPAqCbWwZjrMA6go
         FHpRkrIqCF/gVKfBvGOV42X/ANdTPc+c5wPxmeaQtYNYf84/SB9u0AqnGnHZ5l+ksky7
         nFdUYksZcbYHDBKQF0HvL5vRPyOp8sgdXCeND1kCO4W+fnqW2j3NpWIrVsMMiTQYZJTE
         eGFw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:message-id:date:subject:to
         :from;
        bh=yHoCU04XxwvWmnrkJTeq3p3ZiaqeAxvgoUmrH6zUW3M=;
        b=X3DXTbedI5tNJ3WLggfpy1gyVFWE12Gxt1UQQa8/S3B60w6SCTBCC4K34KtQs0OE2N
         JIqQdj0lDbk3GRxIrfY78/z7XWUj2Xd6Iq1Jcdd2c11bDRvSRhCX0eVhnkqU2f1aTpqA
         nr59G0I6J23DaPqFLvDoyRXEvSNLBTcjo/bK267VZsShJH0de1SvtqOm6CEb7xZtJQCq
         6qy5MrG6NjRs+OQ+hTTA9vNefwAq8etXILZv3HD6vLxYOXzzyoTmxdjDZJ2DVWDxzWjA
         rIYgfd6y2yj3dIYpxt5SqODt3hNkOtmKaIIKxQiTvcQvUQ/HqOxkZiDtdOCrVSbyMiwx
         7HOw==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of silvano.cirujano-cuesta@siemens.com designates 194.138.37.39 as permitted sender) smtp.mailfrom=silvano.cirujano-cuesta@siemens.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com
Return-Path: <silvano.cirujano-cuesta@siemens.com>
Received: from lizzard.sbs.de (lizzard.sbs.de. [194.138.37.39])
        by gmr-mx.google.com with ESMTPS id p65si16648wmp.0.2021.03.29.08.56.41
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 29 Mar 2021 08:56:41 -0700 (PDT)
Received-SPF: pass (google.com: domain of silvano.cirujano-cuesta@siemens.com designates 194.138.37.39 as permitted sender) client-ip=194.138.37.39;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: domain of silvano.cirujano-cuesta@siemens.com designates 194.138.37.39 as permitted sender) smtp.mailfrom=silvano.cirujano-cuesta@siemens.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com
Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35])
	by lizzard.sbs.de (8.15.2/8.15.2) with ESMTPS id 12TFufP6010082
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
	for <isar-users@googlegroups.com>; Mon, 29 Mar 2021 17:56:41 +0200
Received: from md1sf36c.ad001.siemens.net ([167.87.46.205])
	by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id 12TFufsj031984
	for <isar-users@googlegroups.com>; Mon, 29 Mar 2021 17:56:41 +0200
From: Silvano Cirujano Cuesta <silvano.cirujano-cuesta@siemens.com>
To: isar-users@googlegroups.com
Subject: [PATCH v8 0/5] Add support for containerized root filesystems
Date: Mon, 29 Mar 2021 17:56:35 +0200
Message-Id: <20210329155640.62445-1-silvano.cirujano-cuesta@siemens.com>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-TUID: kifC554ugRQm

v8: cosmetic changes in docs and small fix in CI script

v7: issues in sample configurations and CI script fixed and tested on
two different CI environments.

This patch series provides support for containerized root filesystems,
for both target images and SDKs.

For containerized target images the new image type `container-img` has
been added.

For containerized SDKs the task `populate_sdk` has been extended.

Containerized root filesystems are easy to distribute and run, enabling
this way following scenarios:
 - Use ISAR to build container images meant to be run only in containers.
 - Use the same ISAR configuration to build images for containers, VMs
   and bare-metal.
 - Easy SDK distribution and "installation".
 - Quickly testing certain applications in the workstation using the
   target root filesystem.

In order to build containerized target root filesystems `IMAGE_TYPE` has
to be `container-img`, additionally the container image format can be
selected with the variable `CONTAINER_FORMATS`. The default format is
`docker-archive`.

In order to build containerized SDKs the variable `SDK_FORMAT` has to
provide any of the supported container formats (e.g. `docker-archive`).
The default format is the legacy non-containerized: `tar_xz`.

It also provides a sample machine, multiconfigs and ci-testing.

More information about its usage is documented in the file
docs/user_manual.md.

A PoC/demo of this functionality (only the SDK part) has been created
based on the project https://github.com/siemens/meta-iot2050.
Jan Kiszka already tested and liked it! =>
https://github.com/siemens/meta-iot2050/issues/86#issuecomment-768907845

Successful builds of both containerized target and SDK are available on
the same PoC project:
 - https://github.com/Silvanoc/meta-iot2050/actions/runs/558311580
 - https://github.com/Silvanoc/meta-iot2050/actions/runs/558311581
and also the resulting images:
 - https://github.com/users/Silvanoc/packages/container/package/meta-iot2050%2Fiot2050-debian-arm64
 - https://github.com/users/Silvanoc/packages/container/package/meta-iot2050%2Fiot2050-debian-sdk-arm64

In order to get a feeling about its usage (you need Docker or Podman),
follow these simple copy&paste instructions:
https://github.com/Silvanoc/meta-iot2050/blob/master/kas/BUILDING-SDK-CONTAINER.md#running-the-sdk
Build instructions are available in the upper part of that document.

Two new dependencies (umoci and skopeo -backporting from bullseye to
buster works easily) are required to create containerized root
filesystems (as specified in the documentation).

Typical container image management actions (e.g. push an image to a
container image regitry) are out of scope. Available tools (Docker,
Skopeo, Buildah, Podman,...) should be used for these actions.

A patch will follow this one to get the dependencies into the container
images being provided by the project
https://github.com/siemens/kas (for `kas-container`, for example).

Silvano Cirujano Cuesta (5):
  classes: add root filesystem containerizing class
  classes: add new image type 'container-img'
  sdk: add support for containerized sdk
  docs: document creation of container images
  ci: add container image sample configurations

 doc/user_manual.md                            | 179 ++++++++++++++++++
 meta-isar/conf/local.conf.sample              |   3 +
 meta-isar/conf/machine/container.conf         |   5 +
 .../conf/multiconfig/container-bullseye.conf  |   4 +
 .../conf/multiconfig/container-buster.conf    |   4 +
 .../conf/multiconfig/container-stretch.conf   |   4 +
 meta/classes/container-img.bbclass            |  18 ++
 .../classes/image-container-extension.bbclass |  82 ++++++++
 meta/classes/image-sdk-extension.bbclass      |  42 +++-
 meta/classes/image.bbclass                    |   1 +
 scripts/ci_build.sh                           |  29 ++-
 11 files changed, 363 insertions(+), 8 deletions(-)
 create mode 100644 meta-isar/conf/machine/container.conf
 create mode 100644 meta-isar/conf/multiconfig/container-bullseye.conf
 create mode 100644 meta-isar/conf/multiconfig/container-buster.conf
 create mode 100644 meta-isar/conf/multiconfig/container-stretch.conf
 create mode 100644 meta/classes/container-img.bbclass
 create mode 100644 meta/classes/image-container-extension.bbclass

-- 
2.30.2