[PATCH v8 0/5] Add support for containerized root filesystems

[PATCH v8 0/5] Add support for containerized root filesystems

[Silvano Cirujano Cuesta]

v8: cosmetic changes in docs and small fix in CI script

v7: issues in sample configurations and CI script fixed and tested on
two different CI environments.

This patch series provides support for containerized root filesystems,
for both target images and SDKs.

For containerized target images the new image type `container-img` has
been added.

For containerized SDKs the task `populate_sdk` has been extended.

Containerized root filesystems are easy to distribute and run, enabling
this way following scenarios:
 - Use ISAR to build container images meant to be run only in containers.
 - Use the same ISAR configuration to build images for containers, VMs
   and bare-metal.
 - Easy SDK distribution and "installation".
 - Quickly testing certain applications in the workstation using the
   target root filesystem.

In order to build containerized target root filesystems `IMAGE_TYPE` has
to be `container-img`, additionally the container image format can be
selected with the variable `CONTAINER_FORMATS`. The default format is
`docker-archive`.

In order to build containerized SDKs the variable `SDK_FORMAT` has to
provide any of the supported container formats (e.g. `docker-archive`).
The default format is the legacy non-containerized: `tar_xz`.

It also provides a sample machine, multiconfigs and ci-testing.

More information about its usage is documented in the file
docs/user_manual.md.

A PoC/demo of this functionality (only the SDK part) has been created
based on the project https://github.com/siemens/meta-iot2050.
Jan Kiszka already tested and liked it! =>
https://github.com/siemens/meta-iot2050/issues/86#issuecomment-768907845

Successful builds of both containerized target and SDK are available on
the same PoC project:
 - https://github.com/Silvanoc/meta-iot2050/actions/runs/558311580
 - https://github.com/Silvanoc/meta-iot2050/actions/runs/558311581
and also the resulting images:
 - https://github.com/users/Silvanoc/packages/container/package/meta-iot2050%2Fiot2050-debian-arm64
 - https://github.com/users/Silvanoc/packages/container/package/meta-iot2050%2Fiot2050-debian-sdk-arm64

In order to get a feeling about its usage (you need Docker or Podman),
follow these simple copy&paste instructions:
https://github.com/Silvanoc/meta-iot2050/blob/master/kas/BUILDING-SDK-CONTAINER.md#running-the-sdk
Build instructions are available in the upper part of that document.

Two new dependencies (umoci and skopeo -backporting from bullseye to
buster works easily) are required to create containerized root
filesystems (as specified in the documentation).

Typical container image management actions (e.g. push an image to a
container image regitry) are out of scope. Available tools (Docker,
Skopeo, Buildah, Podman,...) should be used for these actions.

A patch will follow this one to get the dependencies into the container
images being provided by the project
https://github.com/siemens/kas (for `kas-container`, for example).

Silvano Cirujano Cuesta (5):
  classes: add root filesystem containerizing class
  classes: add new image type 'container-img'
  sdk: add support for containerized sdk
  docs: document creation of container images
  ci: add container image sample configurations

 doc/user_manual.md                            | 179 ++++++++++++++++++
 meta-isar/conf/local.conf.sample              |   3 +
 meta-isar/conf/machine/container.conf         |   5 +
 .../conf/multiconfig/container-bullseye.conf  |   4 +
 .../conf/multiconfig/container-buster.conf    |   4 +
 .../conf/multiconfig/container-stretch.conf   |   4 +
 meta/classes/container-img.bbclass            |  18 ++
 .../classes/image-container-extension.bbclass |  82 ++++++++
 meta/classes/image-sdk-extension.bbclass      |  42 +++-
 meta/classes/image.bbclass                    |   1 +
 scripts/ci_build.sh                           |  29 ++-
 11 files changed, 363 insertions(+), 8 deletions(-)
 create mode 100644 meta-isar/conf/machine/container.conf
 create mode 100644 meta-isar/conf/multiconfig/container-bullseye.conf
 create mode 100644 meta-isar/conf/multiconfig/container-buster.conf
 create mode 100644 meta-isar/conf/multiconfig/container-stretch.conf
 create mode 100644 meta/classes/container-img.bbclass
 create mode 100644 meta/classes/image-container-extension.bbclass

-- 
2.30.2

[PATCH v8 1/5] classes: add root filesystem containerizing class

[Silvano Cirujano Cuesta]

This class can be used to create container images which root filesystem
is that generated by the do_rootfs task.

Containerized root filesystems have following possible use-cases:
 - Using ISAR as a container image builder.
 - Simplify distribution of runtime rootfs (binaries, libraries,
   configurations, ...) for application development or testing.
 - Distributing SDKs.

Signed-off-by: Silvano Cirujano Cuesta <silvano.cirujano-cuesta@siemens.com>
---
 .../classes/image-container-extension.bbclass | 82 +++++++++++++++++++
 meta/classes/image.bbclass                    |  1 +
 2 files changed, 83 insertions(+)
 create mode 100644 meta/classes/image-container-extension.bbclass

diff --git a/meta/classes/image-container-extension.bbclass b/meta/classes/image-container-extension.bbclass
new file mode 100644
index 0000000..f693627
--- /dev/null
+++ b/meta/classes/image-container-extension.bbclass
@@ -0,0 +1,82 @@
+# This software is a part of ISAR.
+# Copyright (C) Siemens AG, 2021
+#
+# SPDX-License-Identifier: MIT
+#
+# This class extends the image.bbclass for containerizing the root filesystem.
+
+CONTAINER_FORMATS ?= "docker-archive"
+IMAGE_INSTALL += "isar-exclude-docs isar-disable-apt-cache"
+
+containerize_rootfs() {
+    local cmd="/bin/dash"
+    local empty_tag="empty"
+    local full_tag="latest"
+    local oci_img_dir="${WORKDIR}/oci-image"
+    local rootfs="$1"
+    local rootfs_id="$2"
+    local container_formats="$3"
+
+    # prepare OCI container image skeleton
+    bbdebug 1 "prepare OCI container image skeleton"
+    rm -rf "${oci_img_dir}"
+    sudo umoci init --layout "${oci_img_dir}"
+    sudo umoci new --image "${oci_img_dir}:${empty_tag}"
+    sudo umoci config --image "${oci_img_dir}:${empty_tag}" \
+        --config.cmd="${cmd}"
+    sudo umoci unpack --image "${oci_img_dir}:${empty_tag}" \
+        "${oci_img_dir}_unpacked"
+
+    # add root filesystem as the flesh of the skeleton
+    sudo cp -a "${rootfs}"/* "${oci_img_dir}_unpacked/rootfs/"
+    # clean-up temporary files
+    sudo find "${oci_img_dir}_unpacked/rootfs/tmp" -mindepth 1 -delete
+
+    # pack container image
+    bbdebug 1 "pack container image"
+    sudo umoci repack --image "${oci_img_dir}:${full_tag}" \
+        "${oci_img_dir}_unpacked"
+    sudo umoci remove --image "${oci_img_dir}:${empty_tag}"
+    sudo rm -rf "${oci_img_dir}_unpacked"
+
+    # no root needed anymore
+    sudo chown --recursive $(id -u):$(id -g) "${oci_img_dir}"
+
+    # convert the OCI container image to the desired format
+    image_name="isar-${rootfs_id}"
+    for image_type in ${CONTAINER_FORMATS} ; do
+        image_archive="${DEPLOY_DIR_IMAGE}/${rootfs_id}-${image_type}.tar"
+        bbdebug 1 "Creating container image type: ${image_type}"
+        case "${image_type}" in
+            "docker-archive" | "oci-archive")
+                if [ "${image_type}" = "oci-archive" ] ; then
+                    target="${image_type}:${image_archive}:latest"
+                else
+                    target="${image_type}:${image_archive}:${image_name}:latest"
+                fi
+                rm -f "${image_archive}" "${image_archive}.xz"
+                bbdebug 2 "Converting OCI image to ${image_type}"
+                skopeo --insecure-policy copy \
+                    "oci:${oci_img_dir}:${full_tag}" "${target}"
+                bbdebug 2 "Compressing image"
+                xz -T0 "${image_archive}"
+                ;;
+            "oci")
+                tar --create --xz --directory "${oci_img_dir}" \
+                    --file "${image_archive}.xz" .
+                ;;
+            "docker-daemon" | "containers-storage")
+                if [ -f /.dockerenv ] || [ -f /run/.containerenv ] ; then
+                    die "Adding the container image to a container runtime (${image_type}) not supported if running from a container (e.g. 'kas-container')"
+                fi
+                skopeo --insecure-policy copy \
+                    "oci:${oci_img_dir}:${full_tag}" \
+                    "${image_type}:${image_name}:latest"
+                ;;
+            *)
+                die "Unsupported format for containerize_rootfs: ${image_type}"
+                ;;
+        esac
+    done
+}
+
diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
index eddc444..ec93cab 100644
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -76,6 +76,7 @@ inherit image-tools-extension
 inherit image-postproc-extension
 inherit image-locales-extension
 inherit image-account-extension
+inherit image-container-extension
 
 # Extra space for rootfs in MB
 ROOTFS_EXTRA ?= "64"
-- 
2.30.2

[PATCH v8 2/5] classes: add new image type 'container-img'

[Silvano Cirujano Cuesta]

Add a new "image" class for generating a container image containing the
target root filesystem.

Signed-off-by: Silvano Cirujano Cuesta <silvano.cirujano-cuesta@siemens.com>
---
 meta/classes/container-img.bbclass | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 meta/classes/container-img.bbclass

diff --git a/meta/classes/container-img.bbclass b/meta/classes/container-img.bbclass
new file mode 100644
index 0000000..79ef3e8
--- /dev/null
+++ b/meta/classes/container-img.bbclass
@@ -0,0 +1,18 @@
+# This software is a part of ISAR.
+# Copyright (C) Siemens AG, 2021
+#
+# SPDX-License-Identifier: MIT
+#
+# This class provides the task 'containerize_rootfs'
+# to create container images containing the target rootfs.
+
+do_container_image[stamp-extra-info] = "${DISTRO}-${MACHINE}"
+do_container_image[vardeps] += "CONTAINER_FORMATS"
+do_container_image(){
+    rootfs_id="${DISTRO}-${DISTRO_ARCH}"
+
+    bbdebug 1 "Generate container image in these formats: ${CONTAINER_FORMATS}"
+    containerize_rootfs "${IMAGE_ROOTFS}" "${rootfs_id}" "${CONTAINER_FORMATS}"
+}
+
+addtask container_image before do_image after do_image_tools
-- 
2.30.2

[PATCH v8 3/5] sdk: add support for containerized sdk

[Silvano Cirujano Cuesta]

Extend also task "populate_sdk" to support the creation of a container image
containing the SDK.

Signed-off-by: Silvano Cirujano Cuesta <silvano.cirujano-cuesta@siemens.com>
---
 meta/classes/image-sdk-extension.bbclass | 42 ++++++++++++++++++++----
 1 file changed, 35 insertions(+), 7 deletions(-)

diff --git a/meta/classes/image-sdk-extension.bbclass b/meta/classes/image-sdk-extension.bbclass
index a8c708a..426b925 100644
--- a/meta/classes/image-sdk-extension.bbclass
+++ b/meta/classes/image-sdk-extension.bbclass
@@ -6,11 +6,25 @@
 # This class extends the image.bbclass to supply the creation of a sdk
 
 SDK_INCLUDE_ISAR_APT ?= "0"
+SDK_FORMATS ?= "tar-xz"
+
+sdk_tar_xz() {
+    # Copy mount_chroot.sh for convenience
+    sudo cp ${SCRIPTSDIR}/mount_chroot.sh ${SDKCHROOT_DIR}
+
+    # Create SDK archive
+    cd -P ${SDKCHROOT_DIR}/..
+    sudo tar --transform="s|^rootfs|sdk-${DISTRO}-${DISTRO_ARCH}|" \
+        -c rootfs | xz -T0 > ${DEPLOY_DIR_IMAGE}/sdk-${DISTRO}-${DISTRO_ARCH}.tar.xz
+    bbdebug 1 "SDK rootfs available in ${DEPLOY_DIR_IMAGE}/sdk-${DISTRO}-${DISTRO_ARCH}.tar.xz"
+}
 
 do_populate_sdk[stamp-extra-info] = "${DISTRO}-${MACHINE}"
 do_populate_sdk[depends] = "sdkchroot:do_build"
-do_populate_sdk[vardeps] += "SDK_INCLUDE_ISAR_APT"
+do_populate_sdk[vardeps] += "SDK_INCLUDE_ISAR_APT SDK_FORMATS"
 do_populate_sdk() {
+    local sdk_container_formats=""
+
     if [ "${SDK_INCLUDE_ISAR_APT}" = "1" ]; then
         # Copy isar-apt with deployed Isar packages
         sudo cp -Trpfx ${REPO_ISAR_DIR}/${DISTRO} ${SDKCHROOT_DIR}/isar-apt
@@ -48,12 +62,26 @@ do_populate_sdk() {
         done
     done
 
-    # Copy mount_chroot.sh for convenience
-    sudo cp ${SCRIPTSDIR}/mount_chroot.sh ${SDKCHROOT_DIR}
+    # separate SDK formats: TAR and container formats
+    for sdk_format in ${SDK_FORMATS} ; do
+        case ${sdk_format} in
+            "tar-xz")
+                sdk_tar_xz
+                ;;
+            "docker-archive" | "oci" | "oci-archive" | "docker-daemon" | "containers-storage")
+                sdk_container_formats="${sdk_container_formats} ${sdk_format}"
+                ;;
+            *)
+                die "unsupported SDK format specified: ${sdk_format}"
+                ;;
+        esac
+    done
 
-    # Create SDK archive
-    cd -P ${SDKCHROOT_DIR}/..
-    sudo tar --transform="s|^rootfs|sdk-${DISTRO}-${DISTRO_ARCH}|" \
-        -c rootfs | xz -T0 > ${DEPLOY_DIR_IMAGE}/sdk-${DISTRO}-${DISTRO_ARCH}.tar.xz
+    # generate the SDK in all the desired container formats
+    if [ -n "${sdk_container_formats}" ] ; then
+        bbnote "Generating SDK container in ${sdk_container_formats} format"
+        containerize_rootfs "${SDKCHROOT_DIR}" "sdk-${DISTRO}-${DISTRO_ARCH}" "${sdk_container_formats}"
+    fi
 }
+
 addtask populate_sdk after do_rootfs
-- 
2.30.2

[PATCH v8 4/5] docs: document creation of container images

[Silvano Cirujano Cuesta]

Signed-off-by: Silvano Cirujano Cuesta <silvano.cirujano-cuesta@siemens.com>
---
 doc/user_manual.md | 179 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 179 insertions(+)

diff --git a/doc/user_manual.md b/doc/user_manual.md
index a4f3d1d..e57551b 100644
--- a/doc/user_manual.md
+++ b/doc/user_manual.md
@@ -19,6 +19,7 @@ Copyright (C) 2016-2019, ilbers GmbH
  - [Add a Custom Application](#add-a-custom-application)
  - [Enabling Cross-compilation](#isar-cross-compilation)
  - [Create an ISAR SDK root filesystem](#create-an-isar-sdk-root-filesystem)
+ - [Create a containerized Isar SDK root filesystem](#create-a-containerized-isar-sdk-root-filesystem)
  - [Creation of local apt repo caching upstream Debian packages](#creation-of-local-apt-repo-caching-upstream-debian-packages)
 
 
@@ -84,6 +85,14 @@ If your host is >= buster, also install the following package.
 apt install python3-distutils
 ```
 
+If you want to generate containerized SDKs, also install the following 
+packages: `umoci` and `skopeo`.
+Umoci is provided by Debian Buster and can be installed with 
+`apt install umoci`, Skopeo is provided by Debian Bullseye/Unstable and has to 
+be installed either manually downloading the DEB and installing it (no other 
+packages required) or with `apt install -t bullseye skopeo` (if 
+unstable/bullseye included in `/etc/apt/sources.list[.d]`).
+
 Notes:
 
 * BitBake requires Python 3.4+.
@@ -223,6 +232,73 @@ qemu-system-x86_64 -m 256M -nographic -bios edk2/Build/OvmfX64/RELEASE_*/FV/OVMF
 qemu-system-i386 -m 256M -nographic -hda tmp/deploy/images/qemui386/isar-image-base-debian-buster-qemui386.wic.img
 ```
 
+### Generate container image with root filesystem
+
+A runnable container image is generated if you set IMAGE_TYPE to 
+'container-img'.
+Getting a container image can be the main purpose of an Isar configuration, 
+but not only.
+A container image created from an Isar configuration meant for bare-metal or 
+virtual machines can be helpfull to test certain applications which 
+requirements (e.g. libraries) can be easily resolved in a containerized 
+environment.
+
+Container images can be generated in different formats, selected with the 
+variable `CONTAINER_FORMAT`. One or more (whitespace separated) of following 
+options can be given:
+ - `docker-archive`: (default) an archive containing a Docker image that can 
+   be imported with [`docker import`](https://docs.docker.com/engine/reference/commandline/import/)
+ - `docker-daemon`: resulting container image is made available on the local 
+   Docker Daemon
+ - `containers-storage`: resulting container image is made available to tools 
+   using containers/storage back-end (e.g. Podman, CRIO, buildah,...)
+ - `oci-archive`: an archive containing an OCI image, mostly for archiving as 
+   seed for any of the above formats
+
+Following formats don't work if running `bitbake ...` (to build the image) 
+from inside of a container (e.g. using `kas-container`): `docker-daemon` and 
+`containers-storage`.
+It's technically possible, but requires making host resources (e.g. the 
+Docker Daemon socket) accessible in the container, which can endanger the 
+stability and security of the host.
+
+The resulting container image archives (only for `docker-archive` and 
+`oci-archive`) are made available as 
+`tmp/deploy/images/${MACHINE}/${DISTRO}-${DISTRO_ARCH}-${container_format}.tar.xz` 
+(being `container_format` each one of the formats specified in 
+`CONTAINER_FORMAT`).
+
+### Example
+
+ - Make the relevant environment variables available to the task
+
+For one-shot builds (use `local.conf` otherwise):
+
+```
+export BB_ENV_EXTRAWHITE="$BB_ENV_EXTRAWHITE IMAGE_TYPE CONTAINER_FORMAT"
+export IMAGE_TYPE="container-img"
+export CONTAINER_FORMAT="docker-archive"
+```
+
+ - Trigger creation of container image from root filesystem
+
+```
+bitbake mc:qemuarm-buster:isar-image-base
+```
+
+ - Load the container image into the Docker Daemon
+
+```
+xzcat build/tmp/deploy/images/qemuarm/debian-buster-armhf-docker-archive.tar.xz | docker load
+```
+
+ - Run a container using the container image (following commands starting with 
+   `#~:` are to be run in the container)
+
+```
+docker run --rm -ti --volume "$(pwd):/build" isar-buster-armhf:latest
+```
+
 ---
 
 ## Terms and Definitions
@@ -834,6 +910,109 @@ ii  crossbuild-essential-armhf           12.3                   all          Inf
 ~#
 ```
 
+## Create a containerized Isar SDK root filesystem
+
+### Motivation
+
+Distributing and using the SDK root filesystem created following the 
+instructions in 
+"[Create an Isar SDK root filesystem](#create-an-isar-sdk-root-filesystem)" 
+becomes easier using container images (at least for those using containers 
+anyway).
+A "containerized" SDK adds to those advantages of a normal SDK root filesystem 
+the comfort of container images.
+
+### Approach
+
+Create container image with SDK root filesystem with installed cross-toolchain 
+for target architecture and ability to install already prebuilt target binary 
+artifacts.
+Developer:
+ - runs a container based on the resulting container image mounting the source 
+   code to be built,
+ - develops applications for target platform on the container and
+ - leaves the container getting the results on the mounted directory.
+
+### Solution
+
+User specifies the variable `SDK_FORMATS` providing a space-separated list of 
+SDK formats to generate.
+
+Supported formats are:
+ - `tar-xz`: (default) is the non-containerized format that results from 
+   following the instructions in 
+   "[Create an ISAR SDK root filesystem](#create-an-isar-sdk-root-filesystem)"
+ - `docker-archive`: an archive containing a Docker image that can be imported 
+   with 
+   [`docker import`](https://docs.docker.com/engine/reference/commandline/import/)
+ - `docker-daemon`: resulting container image is made available on the local 
+   Docker Daemon
+ - `containers-storage`: resulting container image is made available to tools 
+   using containers/storage back-end (e.g. Podman, CRIO, buildah,...)
+ - `oci-archive`: an archive containing an OCI image, mostly for archiving as 
+   seed for any of the above formats
+
+User manually triggers creation of SDK formats for his target platform by 
+launching the task `do_populate_sdk` for target image, f.e.
+`bitbake -c do_populate_sdk mc:${MACHINE}-${DISTRO}:isar-image-base`.
+Packages that should be additionally installed into the SDK can be appended to 
+`SDK_PREINSTALL` (external repositories) and `SDK_INSTALL` (self-built).
+
+Following formats don't work if running `bitbake -c do_populate_sdk ...` (to 
+generate the containerized SDK) from inside of a container (e.g. using 
+`kas-container`): `docker-daemon` and `containers-storage`.
+It's technically possible, but requires making host resources (e.g. the Docker 
+Daemon socket) accessible in the container.
+What can endanger the stability and security of the host.
+
+The resulting SDK formats are archived into 
+`tmp/deploy/images/${MACHINE}/sdk-${DISTRO}-${DISTRO_ARCH}-${sdk_format}.tar.xz` 
+(being `sdk_format` each one of the formats specified in `SDK_FORMATS`).
+The SDK container directory `/isar-apt` contains a copy of isar-apt repo with 
+locally prebuilt target debian packages (for <HOST_DISTRO>).
+One may get into an SDK container and install required target packages with 
+the help of `apt-get install <package_name>:<DISTRO_ARCH>` command.
+The directory with the source code to develop on should be mounted on the 
+container (with `--volume <host-directory>:<container-directory>`) to be able 
+to edit files in the host with an IDE and build in the container.
+
+### Example
+
+ - Make the SDK formats to generate available to the task
+
+For one-shot builds (use `local.conf` otherwise):
+
+```
+export BB_ENV_EXTRAWHITE="$BB_ENV_EXTRAWHITE SDK_FORMATS"
+export SDK_FORMATS="docker-archive"
+```
+
+ - Trigger creation of SDK root filesystem
+
+```
+bitbake -c do_populate_sdk mc:qemuarm-buster:isar-image-base
+```
+
+ - Load the SDK container image into the Docker Daemon
+
+```
+xzcat build/tmp/deploy/images/qemuarm/sdk-debian-buster-armhf-docker-archive.tar.xz | docker load
+```
+
+ - Run a container using the SDK container image (following commands starting 
+   with `#~:` are to be run in the container)
+
+```
+docker run --rm -ti --volume "$(pwd):/build" isar-sdk-buster-armhf:latest
+```
+
+ - Check that cross toolchains are installed
+
+```
+:~# dpkg -l | grep crossbuild-essential-armhf
+ii  crossbuild-essential-armhf           12.3                   all          Informational list of cross-build-essential packages
+```
+
 ## Creation of local apt repo caching upstream Debian packages
 
 ### Motivation
-- 
2.30.2

[PATCH v8 5/5] ci: add container image sample configurations

[Silvano Cirujano Cuesta]

Add samples for the creation of container images and containerized SDKs
as well as testing configurations to the CI script.

Signed-off-by: Silvano Cirujano Cuesta <silvano.cirujano-cuesta@siemens.com>
---
 meta-isar/conf/local.conf.sample              |  3 ++
 meta-isar/conf/machine/container.conf         |  5 ++++
 .../conf/multiconfig/container-bullseye.conf  |  4 +++
 .../conf/multiconfig/container-buster.conf    |  4 +++
 .../conf/multiconfig/container-stretch.conf   |  4 +++
 scripts/ci_build.sh                           | 29 ++++++++++++++++++-
 6 files changed, 48 insertions(+), 1 deletion(-)
 create mode 100644 meta-isar/conf/machine/container.conf
 create mode 100644 meta-isar/conf/multiconfig/container-bullseye.conf
 create mode 100644 meta-isar/conf/multiconfig/container-buster.conf
 create mode 100644 meta-isar/conf/multiconfig/container-stretch.conf

diff --git a/meta-isar/conf/local.conf.sample b/meta-isar/conf/local.conf.sample
index 107496c..87ba26f 100644
--- a/meta-isar/conf/local.conf.sample
+++ b/meta-isar/conf/local.conf.sample
@@ -51,6 +51,9 @@ BBMULTICONFIG = " \
     qemuamd64-buster \
     qemuamd64-buster-tgz \
     qemuamd64-bullseye \
+    container-stretch \
+    container-buster \
+    container-bullseye \
     qemumipsel-stretch \
     qemumipsel-buster \
     qemumipsel-bullseye \
diff --git a/meta-isar/conf/machine/container.conf b/meta-isar/conf/machine/container.conf
new file mode 100644
index 0000000..367d790
--- /dev/null
+++ b/meta-isar/conf/machine/container.conf
@@ -0,0 +1,5 @@
+# This software is a part of ISAR.
+# Copyright (C) 2015-2017 ilbers GmbH
+
+IMAGE_TYPE = "container-img"
+
diff --git a/meta-isar/conf/multiconfig/container-bullseye.conf b/meta-isar/conf/multiconfig/container-bullseye.conf
new file mode 100644
index 0000000..200b241
--- /dev/null
+++ b/meta-isar/conf/multiconfig/container-bullseye.conf
@@ -0,0 +1,4 @@
+# This software is a part of ISAR.
+
+MACHINE ?= "container"
+DISTRO ?= "debian-bullseye"
diff --git a/meta-isar/conf/multiconfig/container-buster.conf b/meta-isar/conf/multiconfig/container-buster.conf
new file mode 100644
index 0000000..78b0324
--- /dev/null
+++ b/meta-isar/conf/multiconfig/container-buster.conf
@@ -0,0 +1,4 @@
+# This software is a part of ISAR.
+
+MACHINE ?= "container"
+DISTRO ?= "debian-buster"
diff --git a/meta-isar/conf/multiconfig/container-stretch.conf b/meta-isar/conf/multiconfig/container-stretch.conf
new file mode 100644
index 0000000..3ff8bcb
--- /dev/null
+++ b/meta-isar/conf/multiconfig/container-stretch.conf
@@ -0,0 +1,4 @@
+# This software is a part of ISAR.
+
+MACHINE ?= "container"
+DISTRO ?= "debian-stretch"
diff --git a/scripts/ci_build.sh b/scripts/ci_build.sh
index 3868fb6..6445b10 100755
--- a/scripts/ci_build.sh
+++ b/scripts/ci_build.sh
@@ -17,6 +17,15 @@ cd "$(dirname "$0")/.."
 # Start build in Isar tree by default
 BUILD_DIR=./build
 
+# Check dependencies
+DEPENDENCIES="umoci skopeo"
+for prog in ${DEPENDENCIES} ; do
+    if [ ! -x "$(which $prog)" ] ; then
+        echo "missing $prog in PATH, exiting" >&2
+        exit 1
+    fi
+done
+
 BB_ARGS="-v"
 
 TARGETS_SET="\
@@ -33,7 +42,8 @@ TARGETS_SET="\
             mc:qemumipsel-buster:isar-image-base \
             mc:nand-ubi-demo-buster:isar-image-ubi \
             mc:rpi-stretch:isar-image-base \
-            mc:qemuamd64-focal:isar-image-base"
+            mc:qemuamd64-focal:isar-image-base \
+            "
           # qemu-user-static of <= buster too old to build that
           # mc:qemuarm64-buster:isar-image-base
           # mc:qemuarm64-bullseye:isar-image-base
@@ -45,6 +55,12 @@ TARGETS_SET_BULLSEYE="\
     mc:qemumipsel-bullseye:isar-image-base \
 "
 
+TARGETS_CONTAINERS="\
+    mc:container-stretch:isar-image-base \
+    mc:container-buster:isar-image-base \
+    mc:container-bullseye:isar-image-base \
+"
+
 CROSS_TARGETS_SET="\
                   mc:qemuarm-stretch:isar-image-base \
                   mc:qemuarm-buster:isar-image-base \
@@ -237,3 +253,14 @@ bitbake $BB_ARGS mc:qemuamd64-stretch:isar-image-base
 mv "${LAYERDIR_isar}/scripts/lib/wic/canned-wks/sdimage-efi.wks.ci-backup" "${LAYERDIR_isar}/scripts/lib/wic/canned-wks/sdimage-efi.wks"
 mv ${BUILDDIR}/tmp/deploy/images/qemuamd64/isar-image-base-debian-stretch-qemuamd64.wic.img.ci-backup \
     ${BUILDDIR}/tmp/deploy/images/qemuamd64/isar-image-base-debian-stretch-qemuamd64.wic.img
+
+# Finalize with containerized images, since they remove some not-needed packages from the local.conf
+sed -i -e 's/\(IMAGE_INSTALL = .*\) example-module-${KERNEL_NAME}\(.*\)/\1\2/g' conf/local.conf
+sed -i -e 's/\(IMAGE_INSTALL = .*\) enable-fsck\(.*\)/\1\2/g' conf/local.conf
+bitbake $BB_ARGS $TARGETS_CONTAINERS
+while [ -e bitbake.sock ]; do sleep 1; done
+# and SDK container image creation
+echo 'SDK_FORMATS = "docker-archive"' >> conf/local.conf
+bitbake $BB_ARGS -c do_populate_sdk mc:container-stretch:isar-image-base
+while [ -e bitbake.sock ]; do sleep 1; done
+
-- 
2.30.2

Re: [PATCH v8 0/5] Add support for containerized root filesystems

[Anton Mikanovich]

29.03.2021 18:56, Silvano Cirujano Cuesta wrote:
> v8: cosmetic changes in docs and small fix in CI script
>
> v7: issues in sample configurations and CI script fixed and tested on
> two different CI environments.
>
> This patch series provides support for containerized root filesystems,
> for both target images and SDKs.
>
> For containerized target images the new image type `container-img` has
> been added.
>
> For containerized SDKs the task `populate_sdk` has been extended.
>
> Containerized root filesystems are easy to distribute and run, enabling
> this way following scenarios:
>   - Use ISAR to build container images meant to be run only in containers.
>   - Use the same ISAR configuration to build images for containers, VMs
>     and bare-metal.
>   - Easy SDK distribution and "installation".
>   - Quickly testing certain applications in the workstation using the
>     target root filesystem.
>
> In order to build containerized target root filesystems `IMAGE_TYPE` has
> to be `container-img`, additionally the container image format can be
> selected with the variable `CONTAINER_FORMATS`. The default format is
> `docker-archive`.
>
> In order to build containerized SDKs the variable `SDK_FORMAT` has to
> provide any of the supported container formats (e.g. `docker-archive`).
> The default format is the legacy non-containerized: `tar_xz`.
>
> It also provides a sample machine, multiconfigs and ci-testing.
>
> More information about its usage is documented in the file
> docs/user_manual.md.
>
> A PoC/demo of this functionality (only the SDK part) has been created
> based on the project https://github.com/siemens/meta-iot2050.
> Jan Kiszka already tested and liked it! =>
> https://github.com/siemens/meta-iot2050/issues/86#issuecomment-768907845
>
> Successful builds of both containerized target and SDK are available on
> the same PoC project:
>   - https://github.com/Silvanoc/meta-iot2050/actions/runs/558311580
>   - https://github.com/Silvanoc/meta-iot2050/actions/runs/558311581
> and also the resulting images:
>   - https://github.com/users/Silvanoc/packages/container/package/meta-iot2050%2Fiot2050-debian-arm64
>   - https://github.com/users/Silvanoc/packages/container/package/meta-iot2050%2Fiot2050-debian-sdk-arm64
>
> In order to get a feeling about its usage (you need Docker or Podman),
> follow these simple copy&paste instructions:
> https://github.com/Silvanoc/meta-iot2050/blob/master/kas/BUILDING-SDK-CONTAINER.md#running-the-sdk
> Build instructions are available in the upper part of that document.
>
> Two new dependencies (umoci and skopeo -backporting from bullseye to
> buster works easily) are required to create containerized root
> filesystems (as specified in the documentation).
>
> Typical container image management actions (e.g. push an image to a
> container image regitry) are out of scope. Available tools (Docker,
> Skopeo, Buildah, Podman,...) should be used for these actions.
>
> A patch will follow this one to get the dependencies into the container
> images being provided by the project
> https://github.com/siemens/kas (for `kas-container`, for example).
>
> Silvano Cirujano Cuesta (5):
>    classes: add root filesystem containerizing class
>    classes: add new image type 'container-img'
>    sdk: add support for containerized sdk
>    docs: document creation of container images
>    ci: add container image sample configurations
>
>   doc/user_manual.md                            | 179 ++++++++++++++++++
>   meta-isar/conf/local.conf.sample              |   3 +
>   meta-isar/conf/machine/container.conf         |   5 +
>   .../conf/multiconfig/container-bullseye.conf  |   4 +
>   .../conf/multiconfig/container-buster.conf    |   4 +
>   .../conf/multiconfig/container-stretch.conf   |   4 +
>   meta/classes/container-img.bbclass            |  18 ++
>   .../classes/image-container-extension.bbclass |  82 ++++++++
>   meta/classes/image-sdk-extension.bbclass      |  42 +++-
>   meta/classes/image.bbclass                    |   1 +
>   scripts/ci_build.sh                           |  29 ++-
>   11 files changed, 363 insertions(+), 8 deletions(-)
>   create mode 100644 meta-isar/conf/machine/container.conf
>   create mode 100644 meta-isar/conf/multiconfig/container-bullseye.conf
>   create mode 100644 meta-isar/conf/multiconfig/container-buster.conf
>   create mode 100644 meta-isar/conf/multiconfig/container-stretch.conf
>   create mode 100644 meta/classes/container-img.bbclass
>   create mode 100644 meta/classes/image-container-extension.bbclass
>
Applied to next, thanks.

-- 
Anton Mikanovich
Promwad Ltd.
External service provider of ilbers GmbH
Maria-Merian-Str. 8
85521 Ottobrunn, Germany
+49 (89) 122 67 24-0
Commercial register Munich, HRB 214197
General Manager: Baurzhan Ismagulov

Re: [PATCH v8 0/5] Add support for containerized root filesystems

[Silvano Cirujano Cuesta]

On 02/04/2021 17:18, Anton Mikanovich wrote:
> 29.03.2021 18:56, Silvano Cirujano Cuesta wrote:
>> v8: cosmetic changes in docs and small fix in CI script
>>
>> v7: issues in sample configurations and CI script fixed and tested on
>> two different CI environments.
>>
>> This patch series provides support for containerized root filesystems,
>> for both target images and SDKs.
>>
>> For containerized target images the new image type `container-img` has
>> been added.
>>
>> For containerized SDKs the task `populate_sdk` has been extended.
>>
>> Containerized root filesystems are easy to distribute and run, enabling
>> this way following scenarios:
>>   - Use ISAR to build container images meant to be run only in containers.
>>   - Use the same ISAR configuration to build images for containers, VMs
>>     and bare-metal.
>>   - Easy SDK distribution and "installation".
>>   - Quickly testing certain applications in the workstation using the
>>     target root filesystem.
>>
>> In order to build containerized target root filesystems `IMAGE_TYPE` has
>> to be `container-img`, additionally the container image format can be
>> selected with the variable `CONTAINER_FORMATS`. The default format is
>> `docker-archive`.
>>
>> In order to build containerized SDKs the variable `SDK_FORMAT` has to
>> provide any of the supported container formats (e.g. `docker-archive`).
>> The default format is the legacy non-containerized: `tar_xz`.
>>
>> It also provides a sample machine, multiconfigs and ci-testing.
>>
>> More information about its usage is documented in the file
>> docs/user_manual.md.
>>
>> A PoC/demo of this functionality (only the SDK part) has been created
>> based on the project https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsiemens%2Fmeta-iot2050&data=04%7C01%7Csilvano.cirujano-cuesta%40siemens.com%7C0eb5495ba8304b61405c08d8f5eaa010%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637529735344476107%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Qn7AC217uocq9S2VK9b6ifhy3KO8KfIO%2F8kFpvUaLQU%3D&reserved=0.
>> Jan Kiszka already tested and liked it! =>
>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsiemens%2Fmeta-iot2050%2Fissues%2F86%23issuecomment-768907845&data=04%7C01%7Csilvano.cirujano-cuesta%40siemens.com%7C0eb5495ba8304b61405c08d8f5eaa010%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637529735344476107%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=L6Yj0Oenvr4jHAoiBOwAcNSK9na45Jg5cijDjEXwYbM%3D&reserved=0
>>
>> Successful builds of both containerized target and SDK are available on
>> the same PoC project:
>>   - https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FSilvanoc%2Fmeta-iot2050%2Factions%2Fruns%2F558311580&data=04%7C01%7Csilvano.cirujano-cuesta%40siemens.com%7C0eb5495ba8304b61405c08d8f5eaa010%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637529735344476107%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Z55KmOGcG3%2Fd3eNjvekAPFMma0rYQ6nJzUMkj5lFKUA%3D&reserved=0
>>   - https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FSilvanoc%2Fmeta-iot2050%2Factions%2Fruns%2F558311581&data=04%7C01%7Csilvano.cirujano-cuesta%40siemens.com%7C0eb5495ba8304b61405c08d8f5eaa010%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637529735344476107%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=ftwBFlyfCsU0ONIb%2BqF%2B%2FGfbo5Ch0orp2EV1s1HA5W4%3D&reserved=0
>> and also the resulting images:
>>   - https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fusers%2FSilvanoc%2Fpackages%2Fcontainer%2Fpackage%2Fmeta-iot2050%252Fiot2050-debian-arm64&data=04%7C01%7Csilvano.cirujano-cuesta%40siemens.com%7C0eb5495ba8304b61405c08d8f5eaa010%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637529735344476107%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=HAcPrba0iJRZNKCVCVMllvlOZWlPH4mIKJ1%2FkDGiM7I%3D&reserved=0
>>   - https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fusers%2FSilvanoc%2Fpackages%2Fcontainer%2Fpackage%2Fmeta-iot2050%252Fiot2050-debian-sdk-arm64&data=04%7C01%7Csilvano.cirujano-cuesta%40siemens.com%7C0eb5495ba8304b61405c08d8f5eaa010%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637529735344476107%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=7qKBrGsnTSrcD%2BEPEx88ZG%2FYzyxie7eXzVnzst%2B5qbQ%3D&reserved=0
>>
>> In order to get a feeling about its usage (you need Docker or Podman),
>> follow these simple copy&paste instructions:
>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FSilvanoc%2Fmeta-iot2050%2Fblob%2Fmaster%2Fkas%2FBUILDING-SDK-CONTAINER.md%23running-the-sdk&data=04%7C01%7Csilvano.cirujano-cuesta%40siemens.com%7C0eb5495ba8304b61405c08d8f5eaa010%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637529735344486101%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=v%2BYo4Y%2F317MnncO5jWxFRtlIt2JVE4kSJmR5sJhpROg%3D&reserved=0
>> Build instructions are available in the upper part of that document.
>>
>> Two new dependencies (umoci and skopeo -backporting from bullseye to
>> buster works easily) are required to create containerized root
>> filesystems (as specified in the documentation).
>>
>> Typical container image management actions (e.g. push an image to a
>> container image regitry) are out of scope. Available tools (Docker,
>> Skopeo, Buildah, Podman,...) should be used for these actions.
>>
>> A patch will follow this one to get the dependencies into the container
>> images being provided by the project
>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsiemens%2Fkas&data=04%7C01%7Csilvano.cirujano-cuesta%40siemens.com%7C0eb5495ba8304b61405c08d8f5eaa010%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637529735344486101%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=t9vv0Zgd6ZFbaYDdl749dyKMtLpthK4dN3kDT%2BUXsns%3D&reserved=0 (for `kas-container`, for example).
>>
>> Silvano Cirujano Cuesta (5):
>>    classes: add root filesystem containerizing class
>>    classes: add new image type 'container-img'
>>    sdk: add support for containerized sdk
>>    docs: document creation of container images
>>    ci: add container image sample configurations
>>
>>   doc/user_manual.md                            | 179 ++++++++++++++++++
>>   meta-isar/conf/local.conf.sample              |   3 +
>>   meta-isar/conf/machine/container.conf         |   5 +
>>   .../conf/multiconfig/container-bullseye.conf  |   4 +
>>   .../conf/multiconfig/container-buster.conf    |   4 +
>>   .../conf/multiconfig/container-stretch.conf   |   4 +
>>   meta/classes/container-img.bbclass            |  18 ++
>>   .../classes/image-container-extension.bbclass |  82 ++++++++
>>   meta/classes/image-sdk-extension.bbclass      |  42 +++-
>>   meta/classes/image.bbclass                    |   1 +
>>   scripts/ci_build.sh                           |  29 ++-
>>   11 files changed, 363 insertions(+), 8 deletions(-)
>>   create mode 100644 meta-isar/conf/machine/container.conf
>>   create mode 100644 meta-isar/conf/multiconfig/container-bullseye.conf
>>   create mode 100644 meta-isar/conf/multiconfig/container-buster.conf
>>   create mode 100644 meta-isar/conf/multiconfig/container-stretch.conf
>>   create mode 100644 meta/classes/container-img.bbclass
>>   create mode 100644 meta/classes/image-container-extension.bbclass
>>
> Applied to next, thanks.
>
Thanks for the information. I'm glad that the effort brought a result.

Re: [PATCH v8 1/5] classes: add root filesystem containerizing class

[Jan Kiszka]

On 29.03.21 17:56, [ext] Silvano Cirujano Cuesta wrote:
> This class can be used to create container images which root filesystem
> is that generated by the do_rootfs task.
> 
> Containerized root filesystems have following possible use-cases:
>  - Using ISAR as a container image builder.
>  - Simplify distribution of runtime rootfs (binaries, libraries,
>    configurations, ...) for application development or testing.
>  - Distributing SDKs.
> 
> Signed-off-by: Silvano Cirujano Cuesta <silvano.cirujano-cuesta@siemens.com>
> ---
>  .../classes/image-container-extension.bbclass | 82 +++++++++++++++++++
>  meta/classes/image.bbclass                    |  1 +
>  2 files changed, 83 insertions(+)
>  create mode 100644 meta/classes/image-container-extension.bbclass
> 
> diff --git a/meta/classes/image-container-extension.bbclass b/meta/classes/image-container-extension.bbclass
> new file mode 100644
> index 0000000..f693627
> --- /dev/null
> +++ b/meta/classes/image-container-extension.bbclass
> @@ -0,0 +1,82 @@
> +# This software is a part of ISAR.
> +# Copyright (C) Siemens AG, 2021
> +#
> +# SPDX-License-Identifier: MIT
> +#
> +# This class extends the image.bbclass for containerizing the root filesystem.
> +
> +CONTAINER_FORMATS ?= "docker-archive"
> +IMAGE_INSTALL += "isar-exclude-docs isar-disable-apt-cache"
> +

Quirin tried latest Isar on meta-iot2050, and that now fails during
setup of openjdk:

Setting up openjdk-11-jre-headless:arm64 (11.0.9.1+1-1~deb10u2) ...



update-alternatives: using /usr/lib/jvm/java-11-openjdk-arm64/bin/rmid
to provide /usr/bin/rmid (rmid) in auto mode


update-alternatives: error: error creating symbolic link
'/usr/share/man/man1/rmid.1.gz.dpkg-tmp': No such file or directory



While watching the installation, I happened to see isar-exclude-docs
suddenly being installed while not being selected explicitly,
specifically not for the target image. I bet it's coming in via this
class and its unconditional extension of the IMAGE_INSTALL list.

That leads to (at least) two questions:
 - Why do we have isar-exclude-docs here, and also
   isar-disable-apt-cache?
 - Does isar-exclude-docs have some issue that prevents the usage
   together with openjdk, or are those simply incompatible by design?

In any case, we have a regression.

Jan

> +containerize_rootfs() {
> +    local cmd="/bin/dash"
> +    local empty_tag="empty"
> +    local full_tag="latest"
> +    local oci_img_dir="${WORKDIR}/oci-image"
> +    local rootfs="$1"
> +    local rootfs_id="$2"
> +    local container_formats="$3"
> +
> +    # prepare OCI container image skeleton
> +    bbdebug 1 "prepare OCI container image skeleton"
> +    rm -rf "${oci_img_dir}"
> +    sudo umoci init --layout "${oci_img_dir}"
> +    sudo umoci new --image "${oci_img_dir}:${empty_tag}"
> +    sudo umoci config --image "${oci_img_dir}:${empty_tag}" \
> +        --config.cmd="${cmd}"
> +    sudo umoci unpack --image "${oci_img_dir}:${empty_tag}" \
> +        "${oci_img_dir}_unpacked"
> +
> +    # add root filesystem as the flesh of the skeleton
> +    sudo cp -a "${rootfs}"/* "${oci_img_dir}_unpacked/rootfs/"
> +    # clean-up temporary files
> +    sudo find "${oci_img_dir}_unpacked/rootfs/tmp" -mindepth 1 -delete
> +
> +    # pack container image
> +    bbdebug 1 "pack container image"
> +    sudo umoci repack --image "${oci_img_dir}:${full_tag}" \
> +        "${oci_img_dir}_unpacked"
> +    sudo umoci remove --image "${oci_img_dir}:${empty_tag}"
> +    sudo rm -rf "${oci_img_dir}_unpacked"
> +
> +    # no root needed anymore
> +    sudo chown --recursive $(id -u):$(id -g) "${oci_img_dir}"
> +
> +    # convert the OCI container image to the desired format
> +    image_name="isar-${rootfs_id}"
> +    for image_type in ${CONTAINER_FORMATS} ; do
> +        image_archive="${DEPLOY_DIR_IMAGE}/${rootfs_id}-${image_type}.tar"
> +        bbdebug 1 "Creating container image type: ${image_type}"
> +        case "${image_type}" in
> +            "docker-archive" | "oci-archive")
> +                if [ "${image_type}" = "oci-archive" ] ; then
> +                    target="${image_type}:${image_archive}:latest"
> +                else
> +                    target="${image_type}:${image_archive}:${image_name}:latest"
> +                fi
> +                rm -f "${image_archive}" "${image_archive}.xz"
> +                bbdebug 2 "Converting OCI image to ${image_type}"
> +                skopeo --insecure-policy copy \
> +                    "oci:${oci_img_dir}:${full_tag}" "${target}"
> +                bbdebug 2 "Compressing image"
> +                xz -T0 "${image_archive}"
> +                ;;
> +            "oci")
> +                tar --create --xz --directory "${oci_img_dir}" \
> +                    --file "${image_archive}.xz" .
> +                ;;
> +            "docker-daemon" | "containers-storage")
> +                if [ -f /.dockerenv ] || [ -f /run/.containerenv ] ; then
> +                    die "Adding the container image to a container runtime (${image_type}) not supported if running from a container (e.g. 'kas-container')"
> +                fi
> +                skopeo --insecure-policy copy \
> +                    "oci:${oci_img_dir}:${full_tag}" \
> +                    "${image_type}:${image_name}:latest"
> +                ;;
> +            *)
> +                die "Unsupported format for containerize_rootfs: ${image_type}"
> +                ;;
> +        esac
> +    done
> +}
> +
> diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
> index eddc444..ec93cab 100644
> --- a/meta/classes/image.bbclass
> +++ b/meta/classes/image.bbclass
> @@ -76,6 +76,7 @@ inherit image-tools-extension
>  inherit image-postproc-extension
>  inherit image-locales-extension
>  inherit image-account-extension
> +inherit image-container-extension
>  
>  # Extra space for rootfs in MB
>  ROOTFS_EXTRA ?= "64"
> 

-- 
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux

Re: [PATCH v8 1/5] classes: add root filesystem containerizing class

[Silvano Cirujano Cuesta]

On 08/04/2021 19:55, Jan Kiszka wrote:
> On 29.03.21 17:56, [ext] Silvano Cirujano Cuesta wrote: >> This class can be used to create container images which root >> filesystem is that generated by the do_rootfs task. >> >> Containerized root filesystems have following possible use-cases: - >> Using ISAR as a container image builder. - Simplify distribution of >> runtime rootfs (binaries, libraries, configurations, ...) for >> application development or testing. - Distributing SDKs. >> >> Signed-off-by: Silvano Cirujano Cuesta >> <silvano.cirujano-cuesta@siemens.com> --- >> .../classes/image-container-extension.bbclass | 82 >> +++++++++++++++++++ meta/classes/image.bbclass | >> 1 + 2 files 
changed, 83 insertions(+) create mode 100644 >> meta/classes/image-container-extension.bbclass >> >> diff --git a/meta/classes/image-container-extension.bbclass >> b/meta/classes/image-container-extension.bbclass new file mode >> 100644 index 0000000..f693627 --- /dev/null +++ >> b/meta/classes/image-container-extension.bbclass @@ -0,0 +1,82 @@ >> +# This software is a part of ISAR. +#
Copyright (C) Siemens AG, >> 2021 +# +# SPDX-License-Identifier: MIT +# +# This class extends >> the image.bbclass for containerizing the root filesystem. + >> +CONTAINER_FORMATS ?= "docker-archive" +IMAGE_INSTALL += 
>> "isar-exclude-docs isar-disable-apt-cache" + > Quirin tried latest Isar on meta-iot2050, and that now fails during > setup of openjdk: > > Setting up openjdk-11-jre-headless:arm64 (11.0.9.1+1-1~deb10u2) ... > > > > update-alternatives: using > /usr/lib/jvm/java-11-openjdk-arm64/bin/rmid to provide /usr/bin/rmid > (rmid) in auto mode > > > update-alternatives: error: error creating symbolic link > '/usr/share/man/man1/rmid.1.gz.dpkg-tmp': No such file or directory > > > > While watching the installation, 
I happened to see isar-exclude-docs > suddenly being installed while not being selected explicitly, > specifically not for the target image. I bet 
it's coming in via this > class and its unconditional extension of the IMAGE_INSTALL list.
You're right, it was a late addition and I didn't realized that I was unconditionally adding it to image.bbclass.

My fault, I'll provide a fix.

> That leads to (at least) two questions: - Why do we have > isar-exclude-docs here, and also isar-disable-apt-cache?
This exclusion was only meant for container images, you don't want to have manpages and APT caches in a container image.

As mentioned above, it shouldn't be an unconditional addition to the IMAGE_INSTALL list, but only for container images.

> - Does isar-exclude-docs have some issue that prevents the usage > together with openjdk, or are those simply incompatible by design?
In any case if someone wants to get rid of manpages for very small devices, the recipe isar-exclude-docs should help on that.

The same applies to isar-disable-apt-cache.

My error just triggered a hidden issue: the incompatibility between the implementation of the isar-exclude-docs recipe and other components (for example, openjdk). IMO this issue should get fix too (apart from the unconditional addition of the recipe).

> In any case, we have a regression.

Yes, we do.

> Jan

  Silvano

>> +containerize_rootfs() { +    local cmd="/bin/dash" +    local >> empty_tag="empty" + local full_tag="latest" + local >> oci_img_dir="${WORKDIR}/oci-image" + local rootfs="$1" + >> local rootfs_id="$2" + local container_formats="$3" + + # >> prepare OCI container image skeleton + bbdebug 1 "prepare OCI >> container image skeleton" + rm -rf "${oci_img_dir}" + sudo >> umoci init --layout "${oci_img_dir}" + sudo umoci new --image >> "${oci_img_dir}:${empty_tag}" + sudo umoci config --image >> 
"${oci_img_dir}:${empty_tag}" \ + --config.cmd="${cmd}" + >> sudo umoci 
unpack --image "${oci_img_dir}:${empty_tag}" \ + >> "${oci_img_dir}_unpacked" + + # add root filesystem as the flesh >> of the skeleton + sudo cp -a "${rootfs}"/* >> "${oci_img_dir}_unpacked/rootfs/" + # clean-up temporary files + >> sudo find "${oci_img_dir}_unpacked/rootfs/tmp" -mindepth 1 
-delete >> + + # pack container image + bbdebug 1 "pack container >> image" + sudo umoci repack --image "${oci_img_dir}:${full_tag}" >> \ + "${oci_img_dir}_unpacked" + sudo umoci remove
--image >> "${oci_img_dir}:${empty_tag}" + sudo rm -rf >> "${oci_img_dir}_unpacked" + + # no root needed anymore + sudo >> chown --recursive $(id -u):$(id -g) "${oci_img_dir}" + + # >> convert the OCI container image to 
the desired format + >> image_name="isar-${rootfs_id}" + for image_type 
in >> ${CONTAINER_FORMATS} ; do + >> image_archive="${DEPLOY_DIR_IMAGE}/${rootfs_id}-${image_type}.tar" >> + bbdebug 1 "Creating container image 
type: ${image_type}" + >> case "${image_type}" in + "docker-archive" | >> 
"oci-archive") + if [ "${image_type}" = >> "oci-archive" ] ; then + >> target="${image_type}:${image_archive}:latest" + >> else + >> target="${image_type}:${image_archive}:${image_name}:latest" + >> fi + rm -f "${image_archive}" "${image_archive}.xz" >> + bbdebug 2 "Converting OCI image to ${image_type}" >> + skopeo --insecure-policy copy \ + >> "oci:${oci_img_dir}:${full_tag}" "${target}" + >> bbdebug 2 "Compressing image" + xz 
-T0 >> "${image_archive}" + ;; + "oci") + >>
tar --create --xz --directory "${oci_img_dir}" \ + >> --file "${image_archive}.xz" . + ;; + >> "docker-daemon" | "containers-storage") + if [ -f >> /.dockerenv ] || [ -f /run/.containerenv ] ; then + >> die "Adding the container image to a container runtime >> (${image_type}) not supported if running from a container (e.g. >> 'kas-container')" + fi + skopeo >> --insecure-policy copy \ + >> "oci:${oci_img_dir}:${full_tag}" \ + >> "${image_type}:${image_name}:latest" + ;; + >> *) + die "Unsupported format for >> containerize_rootfs: ${image_type}" + ;; + >> esac + done +} + diff --git a/meta/classes/image.bbclass >> b/meta/classes/image.bbclass index eddc444..ec93cab 100644 --- >> a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass @@ >> -76,6 +76,7 @@ inherit image-tools-extension inherit >> image-postproc-extension inherit image-locales-extension inherit 
>> image-account-extension +inherit image-container-extension >> >> # Extra space for rootfs in MB ROOTFS_EXTRA
?= "64" >>   Silvano Cirujano Cuesta
-- 
Siemens AG, T RDA IOT SES-DE
Corporate Competence Center Embedded Linux

Re: [PATCH v8 1/5] classes: add root filesystem containerizing class

[Silvano Cirujano Cuesta]

Apparently my mail client mangled my previous reply... :-/
Thanks to Jan for making me aware of it.

This one should be readable.

On 08/04/2021 19:55, Jan Kiszka wrote:
> On 29.03.21 17:56, [ext] Silvano Cirujano Cuesta wrote:
>> This class can be used to create container images which root filesystem
>> is that generated by the do_rootfs task.
>>
>> Containerized root filesystems have following possible use-cases:
>>  - Using ISAR as a container image builder.
>>  - Simplify distribution of runtime rootfs (binaries, libraries,
>>    configurations, ...) for application development or testing.
>>  - Distributing SDKs.
>>
>> Signed-off-by: Silvano Cirujano Cuesta <silvano.cirujano-cuesta@siemens.com>
>> ---
>>  .../classes/image-container-extension.bbclass | 82 +++++++++++++++++++
>>  meta/classes/image.bbclass                    |  1 +
>>  2 files changed, 83 insertions(+)
>>  create mode 100644 meta/classes/image-container-extension.bbclass
>>
>> diff --git a/meta/classes/image-container-extension.bbclass b/meta/classes/image-container-extension.bbclass
>> new file mode 100644
>> index 0000000..f693627
>> --- /dev/null
>> +++ b/meta/classes/image-container-extension.bbclass
>> @@ -0,0 +1,82 @@
>> +# This software is a part of ISAR.
>> +# Copyright (C) Siemens AG, 2021
>> +#
>> +# SPDX-License-Identifier: MIT
>> +#
>> +# This class extends the image.bbclass for containerizing the root filesystem.
>> +
>> +CONTAINER_FORMATS ?= "docker-archive"
>> +IMAGE_INSTALL += "isar-exclude-docs isar-disable-apt-cache"
>> +
> 
> Quirin tried latest Isar on meta-iot2050, and that now fails during
> setup of openjdk:
> 
> Setting up openjdk-11-jre-headless:arm64 (11.0.9.1+1-1~deb10u2) ...
> 
> 
> 
> update-alternatives: using /usr/lib/jvm/java-11-openjdk-arm64/bin/rmid
> to provide /usr/bin/rmid (rmid) in auto mode
> 
> 
> update-alternatives: error: error creating symbolic link
> '/usr/share/man/man1/rmid.1.gz.dpkg-tmp': No such file or directory
> 
> 
> 
> While watching the installation, I happened to see isar-exclude-docs
> suddenly being installed while not being selected explicitly,
> specifically not for the target image. I bet it's coming in via this
> class and its unconditional extension of the IMAGE_INSTALL list.

You're right, it was a late addition and I didn't realized that I was unconditionally adding it to image.bbclass.

This exclusion was only meant for container images, you don't want to have manpages and APT caches in a container image.

My fault, I'll provide a fix.

> 
> That leads to (at least) two questions:
>  - Why do we have isar-exclude-docs here, and also
>    isar-disable-apt-cache?
>  - Does isar-exclude-docs have some issue that prevents the usage
>    together with openjdk, or are those simply incompatible by design?

IMO if someone wants to get rid of manpages for very small devices, the recipe isar-exclude-docs should help on that.
The same applies to isar-disable-apt-cache.

My error just triggered a hidden issue: the incompatibility between the implementation of the isar-exclude-docs recipe and other components (for example, openjdk).
IMO this issue should get fix too (apart from the unconditional addition of the recipe).
Unless such a configuration is unsupported, but I think that's the scope of the other thread that you opened ;-)

> 
> In any case, we have a regression.

Yes, we do.

   Silvano

> 
> Jan
> 
>> +containerize_rootfs() {
>> +    local cmd="/bin/dash"
>> +    local empty_tag="empty"
>> +    local full_tag="latest"
>> +    local oci_img_dir="${WORKDIR}/oci-image"
>> +    local rootfs="$1"
>> +    local rootfs_id="$2"
>> +    local container_formats="$3"
>> +
>> +    # prepare OCI container image skeleton
>> +    bbdebug 1 "prepare OCI container image skeleton"
>> +    rm -rf "${oci_img_dir}"
>> +    sudo umoci init --layout "${oci_img_dir}"
>> +    sudo umoci new --image "${oci_img_dir}:${empty_tag}"
>> +    sudo umoci config --image "${oci_img_dir}:${empty_tag}" \
>> +        --config.cmd="${cmd}"
>> +    sudo umoci unpack --image "${oci_img_dir}:${empty_tag}" \
>> +        "${oci_img_dir}_unpacked"
>> +
>> +    # add root filesystem as the flesh of the skeleton
>> +    sudo cp -a "${rootfs}"/* "${oci_img_dir}_unpacked/rootfs/"
>> +    # clean-up temporary files
>> +    sudo find "${oci_img_dir}_unpacked/rootfs/tmp" -mindepth 1 -delete
>> +
>> +    # pack container image
>> +    bbdebug 1 "pack container image"
>> +    sudo umoci repack --image "${oci_img_dir}:${full_tag}" \
>> +        "${oci_img_dir}_unpacked"
>> +    sudo umoci remove --image "${oci_img_dir}:${empty_tag}"
>> +    sudo rm -rf "${oci_img_dir}_unpacked"
>> +
>> +    # no root needed anymore
>> +    sudo chown --recursive $(id -u):$(id -g) "${oci_img_dir}"
>> +
>> +    # convert the OCI container image to the desired format
>> +    image_name="isar-${rootfs_id}"
>> +    for image_type in ${CONTAINER_FORMATS} ; do
>> +        image_archive="${DEPLOY_DIR_IMAGE}/${rootfs_id}-${image_type}.tar"
>> +        bbdebug 1 "Creating container image type: ${image_type}"
>> +        case "${image_type}" in
>> +            "docker-archive" | "oci-archive")
>> +                if [ "${image_type}" = "oci-archive" ] ; then
>> +                    target="${image_type}:${image_archive}:latest"
>> +                else
>> +                    target="${image_type}:${image_archive}:${image_name}:latest"
>> +                fi
>> +                rm -f "${image_archive}" "${image_archive}.xz"
>> +                bbdebug 2 "Converting OCI image to ${image_type}"
>> +                skopeo --insecure-policy copy \
>> +                    "oci:${oci_img_dir}:${full_tag}" "${target}"
>> +                bbdebug 2 "Compressing image"
>> +                xz -T0 "${image_archive}"
>> +                ;;
>> +            "oci")
>> +                tar --create --xz --directory "${oci_img_dir}" \
>> +                    --file "${image_archive}.xz" .
>> +                ;;
>> +            "docker-daemon" | "containers-storage")
>> +                if [ -f /.dockerenv ] || [ -f /run/.containerenv ] ; then
>> +                    die "Adding the container image to a container runtime (${image_type}) not supported if running from a container (e.g. 'kas-container')"
>> +                fi
>> +                skopeo --insecure-policy copy \
>> +                    "oci:${oci_img_dir}:${full_tag}" \
>> +                    "${image_type}:${image_name}:latest"
>> +                ;;
>> +            *)
>> +                die "Unsupported format for containerize_rootfs: ${image_type}"
>> +                ;;
>> +        esac
>> +    done
>> +}
>> +
>> diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
>> index eddc444..ec93cab 100644
>> --- a/meta/classes/image.bbclass
>> +++ b/meta/classes/image.bbclass
>> @@ -76,6 +76,7 @@ inherit image-tools-extension
>>  inherit image-postproc-extension
>>  inherit image-locales-extension
>>  inherit image-account-extension
>> +inherit image-container-extension
>>  
>>  # Extra space for rootfs in MB
>>  ROOTFS_EXTRA ?= "64"
>>
> 
-- 
  Silvano Cirujano Cuesta
-- 
Siemens AG, T RDA IOT SES-DE
Corporate Competence Center Embedded Linux

Re: [PATCH v8 1/5] classes: add root filesystem containerizing class

[Bezdeka, Florian]

On Mon, 2021-03-29 at 17:56 +0200, [ext] Silvano Cirujano Cuesta wrote:
> This class can be used to create container images which root filesystem
> is that generated by the do_rootfs task.
> 
> Containerized root filesystems have following possible use-cases:
>  - Using ISAR as a container image builder.
>  - Simplify distribution of runtime rootfs (binaries, libraries,
>    configurations, ...) for application development or testing.
>  - Distributing SDKs.
> 
> Signed-off-by: Silvano Cirujano Cuesta <silvano.cirujano-cuesta@siemens.com>
> ---
>  .../classes/image-container-extension.bbclass | 82 +++++++++++++++++++
>  meta/classes/image.bbclass                    |  1 +
>  2 files changed, 83 insertions(+)
>  create mode 100644 meta/classes/image-container-extension.bbclass
> 
> diff --git a/meta/classes/image-container-extension.bbclass b/meta/classes/image-container-extension.bbclass
> new file mode 100644
> index 0000000..f693627
> --- /dev/null
> +++ b/meta/classes/image-container-extension.bbclass
> @@ -0,0 +1,82 @@
> +# This software is a part of ISAR.
> +# Copyright (C) Siemens AG, 2021
> +#
> +# SPDX-License-Identifier: MIT
> +#
> +# This class extends the image.bbclass for containerizing the root filesystem.
> +
> +CONTAINER_FORMATS ?= "docker-archive"
> +IMAGE_INSTALL += "isar-exclude-docs isar-disable-apt-cache"
> +
> +containerize_rootfs() {
> +    local cmd="/bin/dash"
> +    local empty_tag="empty"
> +    local full_tag="latest"
> +    local oci_img_dir="${WORKDIR}/oci-image"
> +    local rootfs="$1"
> +    local rootfs_id="$2"
> +    local container_formats="$3"
> +
> +    # prepare OCI container image skeleton
> +    bbdebug 1 "prepare OCI container image skeleton"
> +    rm -rf "${oci_img_dir}"
> +    sudo umoci init --layout "${oci_img_dir}"

Sorry for replying to this quite old thread but the timestamp of the
commit actually delivered this patch as root cause:

Who makes sure umoci is available?

We updated to recent ISAR-next and got a build failure. umoci not
found.

Sounds like a missing IMAGER_INSTALL += "umoci" or similar.

Florian

> +    sudo umoci new --image "${oci_img_dir}:${empty_tag}"
> +    sudo umoci config --image "${oci_img_dir}:${empty_tag}" \
> +        --config.cmd="${cmd}"
> +    sudo umoci unpack --image "${oci_img_dir}:${empty_tag}" \
> +        "${oci_img_dir}_unpacked"
> +
> +    # add root filesystem as the flesh of the skeleton
> +    sudo cp -a "${rootfs}"/* "${oci_img_dir}_unpacked/rootfs/"
> +    # clean-up temporary files
> +    sudo find "${oci_img_dir}_unpacked/rootfs/tmp" -mindepth 1 -delete
> +
> +    # pack container image
> +    bbdebug 1 "pack container image"
> +    sudo umoci repack --image "${oci_img_dir}:${full_tag}" \
> +        "${oci_img_dir}_unpacked"
> +    sudo umoci remove --image "${oci_img_dir}:${empty_tag}"
> +    sudo rm -rf "${oci_img_dir}_unpacked"
> +
> +    # no root needed anymore
> +    sudo chown --recursive $(id -u):$(id -g) "${oci_img_dir}"
> +
> +    # convert the OCI container image to the desired format
> +    image_name="isar-${rootfs_id}"
> +    for image_type in ${CONTAINER_FORMATS} ; do
> +        image_archive="${DEPLOY_DIR_IMAGE}/${rootfs_id}-${image_type}.tar"
> +        bbdebug 1 "Creating container image type: ${image_type}"
> +        case "${image_type}" in
> +            "docker-archive" | "oci-archive")
> +                if [ "${image_type}" = "oci-archive" ] ; then
> +                    target="${image_type}:${image_archive}:latest"
> +                else
> +                    target="${image_type}:${image_archive}:${image_name}:latest"
> +                fi
> +                rm -f "${image_archive}" "${image_archive}.xz"
> +                bbdebug 2 "Converting OCI image to ${image_type}"
> +                skopeo --insecure-policy copy \
> +                    "oci:${oci_img_dir}:${full_tag}" "${target}"
> +                bbdebug 2 "Compressing image"
> +                xz -T0 "${image_archive}"
> +                ;;
> +            "oci")
> +                tar --create --xz --directory "${oci_img_dir}" \
> +                    --file "${image_archive}.xz" .
> +                ;;
> +            "docker-daemon" | "containers-storage")
> +                if [ -f /.dockerenv ] || [ -f /run/.containerenv ] ; then
> +                    die "Adding the container image to a container runtime (${image_type}) not supported if running from a container (e.g. 'kas-container')"
> +                fi
> +                skopeo --insecure-policy copy \
> +                    "oci:${oci_img_dir}:${full_tag}" \
> +                    "${image_type}:${image_name}:latest"
> +                ;;
> +            *)
> +                die "Unsupported format for containerize_rootfs: ${image_type}"
> +                ;;
> +        esac
> +    done
> +}
> +
> diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
> index eddc444..ec93cab 100644
> --- a/meta/classes/image.bbclass
> +++ b/meta/classes/image.bbclass
> @@ -76,6 +76,7 @@ inherit image-tools-extension
>  inherit image-postproc-extension
>  inherit image-locales-extension
>  inherit image-account-extension
> +inherit image-container-extension
>  
>  # Extra space for rootfs in MB
>  ROOTFS_EXTRA ?= "64"
> -- 
> 2.30.2
> 

Re: [PATCH v8 1/5] classes: add root filesystem containerizing class

[Jan Kiszka]

On 19.08.21 22:43, Bezdeka, Florian wrote:
> On Mon, 2021-03-29 at 17:56 +0200, [ext] Silvano Cirujano Cuesta wrote:
>> This class can be used to create container images which root filesystem
>> is that generated by the do_rootfs task.
>>
>> Containerized root filesystems have following possible use-cases:
>>  - Using ISAR as a container image builder.
>>  - Simplify distribution of runtime rootfs (binaries, libraries,
>>    configurations, ...) for application development or testing.
>>  - Distributing SDKs.
>>
>> Signed-off-by: Silvano Cirujano Cuesta <silvano.cirujano-cuesta@siemens.com>
>> ---
>>  .../classes/image-container-extension.bbclass | 82 +++++++++++++++++++
>>  meta/classes/image.bbclass                    |  1 +
>>  2 files changed, 83 insertions(+)
>>  create mode 100644 meta/classes/image-container-extension.bbclass
>>
>> diff --git a/meta/classes/image-container-extension.bbclass b/meta/classes/image-container-extension.bbclass
>> new file mode 100644
>> index 0000000..f693627
>> --- /dev/null
>> +++ b/meta/classes/image-container-extension.bbclass
>> @@ -0,0 +1,82 @@
>> +# This software is a part of ISAR.
>> +# Copyright (C) Siemens AG, 2021
>> +#
>> +# SPDX-License-Identifier: MIT
>> +#
>> +# This class extends the image.bbclass for containerizing the root filesystem.
>> +
>> +CONTAINER_FORMATS ?= "docker-archive"
>> +IMAGE_INSTALL += "isar-exclude-docs isar-disable-apt-cache"
>> +
>> +containerize_rootfs() {
>> +    local cmd="/bin/dash"
>> +    local empty_tag="empty"
>> +    local full_tag="latest"
>> +    local oci_img_dir="${WORKDIR}/oci-image"
>> +    local rootfs="$1"
>> +    local rootfs_id="$2"
>> +    local container_formats="$3"
>> +
>> +    # prepare OCI container image skeleton
>> +    bbdebug 1 "prepare OCI container image skeleton"
>> +    rm -rf "${oci_img_dir}"
>> +    sudo umoci init --layout "${oci_img_dir}"
> 
> Sorry for replying to this quite old thread but the timestamp of the
> commit actually delivered this patch as root cause:
> 
> Who makes sure umoci is available?
> 

The build environment you need to prepare for Isar, either a manually
installed Debian or a container like kas-isar.

Jan

-- 
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux

Re: [PATCH v8 1/5] classes: add root filesystem containerizing class

[Silvano Cirujano Cuesta]

On 20/08/2021 08:54, Jan Kiszka wrote:
> On 19.08.21 22:43, Bezdeka, Florian wrote:
>> On Mon, 2021-03-29 at 17:56 +0200, [ext] Silvano Cirujano Cuesta wrote:
>>> This class can be used to create container images which root filesystem
>>> is that generated by the do_rootfs task.
>>>
>>> Containerized root filesystems have following possible use-cases:
>>>  - Using ISAR as a container image builder.
>>>  - Simplify distribution of runtime rootfs (binaries, libraries,
>>>    configurations, ...) for application development or testing.
>>>  - Distributing SDKs.
>>>
>>> Signed-off-by: Silvano Cirujano Cuesta <silvano.cirujano-cuesta@siemens.com>
>>> ---
>>>  .../classes/image-container-extension.bbclass | 82 +++++++++++++++++++
>>>  meta/classes/image.bbclass                    |  1 +
>>>  2 files changed, 83 insertions(+)
>>>  create mode 100644 meta/classes/image-container-extension.bbclass
>>>
>>> diff --git a/meta/classes/image-container-extension.bbclass b/meta/classes/image-container-extension.bbclass
>>> new file mode 100644
>>> index 0000000..f693627
>>> --- /dev/null
>>> +++ b/meta/classes/image-container-extension.bbclass
>>> @@ -0,0 +1,82 @@
>>> +# This software is a part of ISAR.
>>> +# Copyright (C) Siemens AG, 2021
>>> +#
>>> +# SPDX-License-Identifier: MIT
>>> +#
>>> +# This class extends the image.bbclass for containerizing the root filesystem.
>>> +
>>> +CONTAINER_FORMATS ?= "docker-archive"
>>> +IMAGE_INSTALL += "isar-exclude-docs isar-disable-apt-cache"
>>> +
>>> +containerize_rootfs() {
>>> +    local cmd="/bin/dash"
>>> +    local empty_tag="empty"
>>> +    local full_tag="latest"
>>> +    local oci_img_dir="${WORKDIR}/oci-image"
>>> +    local rootfs="$1"
>>> +    local rootfs_id="$2"
>>> +    local container_formats="$3"
>>> +
>>> +    # prepare OCI container image skeleton
>>> +    bbdebug 1 "prepare OCI container image skeleton"
>>> +    rm -rf "${oci_img_dir}"
>>> +    sudo umoci init --layout "${oci_img_dir}"
>>
>> Sorry for replying to this quite old thread but the timestamp of the
>> commit actually delivered this patch as root cause:
>>
>> Who makes sure umoci is available?
>>
> 
> The build environment you need to prepare for Isar, either a manually
> installed Debian or a container like kas-isar.
> 
> Jan
> 

Let me add that the needed packages are officially available for the freshly released Debian Stable/Bullseye/11.

Manually backporting them to Buster might work though if stricktly needed...
-- 
  Silvano Cirujano Cuesta
-- 
Siemens AG, T RDA IOT SES-DE
Corporate Competence Center Embedded Linux