* [PATCH v8 1/5] classes: add root filesystem containerizing class
2021-03-29 15:56 [PATCH v8 0/5] Add support for containerized root filesystems Silvano Cirujano Cuesta
@ 2021-03-29 15:56 ` Silvano Cirujano Cuesta
2021-04-08 17:55 ` Jan Kiszka
2021-08-19 20:43 ` Bezdeka, Florian
2021-03-29 15:56 ` [PATCH v8 2/5] classes: add new image type 'container-img' Silvano Cirujano Cuesta
` (4 subsequent siblings)
5 siblings, 2 replies; 14+ messages in thread
From: Silvano Cirujano Cuesta @ 2021-03-29 15:56 UTC (permalink / raw)
To: isar-users
This class can be used to create container images which root filesystem
is that generated by the do_rootfs task.
Containerized root filesystems have following possible use-cases:
- Using ISAR as a container image builder.
- Simplify distribution of runtime rootfs (binaries, libraries,
configurations, ...) for application development or testing.
- Distributing SDKs.
Signed-off-by: Silvano Cirujano Cuesta <silvano.cirujano-cuesta@siemens.com>
---
.../classes/image-container-extension.bbclass | 82 +++++++++++++++++++
meta/classes/image.bbclass | 1 +
2 files changed, 83 insertions(+)
create mode 100644 meta/classes/image-container-extension.bbclass
diff --git a/meta/classes/image-container-extension.bbclass b/meta/classes/image-container-extension.bbclass
new file mode 100644
index 0000000..f693627
--- /dev/null
+++ b/meta/classes/image-container-extension.bbclass
@@ -0,0 +1,82 @@
+# This software is a part of ISAR.
+# Copyright (C) Siemens AG, 2021
+#
+# SPDX-License-Identifier: MIT
+#
+# This class extends the image.bbclass for containerizing the root filesystem.
+
+CONTAINER_FORMATS ?= "docker-archive"
+IMAGE_INSTALL += "isar-exclude-docs isar-disable-apt-cache"
+
+containerize_rootfs() {
+ local cmd="/bin/dash"
+ local empty_tag="empty"
+ local full_tag="latest"
+ local oci_img_dir="${WORKDIR}/oci-image"
+ local rootfs="$1"
+ local rootfs_id="$2"
+ local container_formats="$3"
+
+ # prepare OCI container image skeleton
+ bbdebug 1 "prepare OCI container image skeleton"
+ rm -rf "${oci_img_dir}"
+ sudo umoci init --layout "${oci_img_dir}"
+ sudo umoci new --image "${oci_img_dir}:${empty_tag}"
+ sudo umoci config --image "${oci_img_dir}:${empty_tag}" \
+ --config.cmd="${cmd}"
+ sudo umoci unpack --image "${oci_img_dir}:${empty_tag}" \
+ "${oci_img_dir}_unpacked"
+
+ # add root filesystem as the flesh of the skeleton
+ sudo cp -a "${rootfs}"/* "${oci_img_dir}_unpacked/rootfs/"
+ # clean-up temporary files
+ sudo find "${oci_img_dir}_unpacked/rootfs/tmp" -mindepth 1 -delete
+
+ # pack container image
+ bbdebug 1 "pack container image"
+ sudo umoci repack --image "${oci_img_dir}:${full_tag}" \
+ "${oci_img_dir}_unpacked"
+ sudo umoci remove --image "${oci_img_dir}:${empty_tag}"
+ sudo rm -rf "${oci_img_dir}_unpacked"
+
+ # no root needed anymore
+ sudo chown --recursive $(id -u):$(id -g) "${oci_img_dir}"
+
+ # convert the OCI container image to the desired format
+ image_name="isar-${rootfs_id}"
+ for image_type in ${CONTAINER_FORMATS} ; do
+ image_archive="${DEPLOY_DIR_IMAGE}/${rootfs_id}-${image_type}.tar"
+ bbdebug 1 "Creating container image type: ${image_type}"
+ case "${image_type}" in
+ "docker-archive" | "oci-archive")
+ if [ "${image_type}" = "oci-archive" ] ; then
+ target="${image_type}:${image_archive}:latest"
+ else
+ target="${image_type}:${image_archive}:${image_name}:latest"
+ fi
+ rm -f "${image_archive}" "${image_archive}.xz"
+ bbdebug 2 "Converting OCI image to ${image_type}"
+ skopeo --insecure-policy copy \
+ "oci:${oci_img_dir}:${full_tag}" "${target}"
+ bbdebug 2 "Compressing image"
+ xz -T0 "${image_archive}"
+ ;;
+ "oci")
+ tar --create --xz --directory "${oci_img_dir}" \
+ --file "${image_archive}.xz" .
+ ;;
+ "docker-daemon" | "containers-storage")
+ if [ -f /.dockerenv ] || [ -f /run/.containerenv ] ; then
+ die "Adding the container image to a container runtime (${image_type}) not supported if running from a container (e.g. 'kas-container')"
+ fi
+ skopeo --insecure-policy copy \
+ "oci:${oci_img_dir}:${full_tag}" \
+ "${image_type}:${image_name}:latest"
+ ;;
+ *)
+ die "Unsupported format for containerize_rootfs: ${image_type}"
+ ;;
+ esac
+ done
+}
+
diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
index eddc444..ec93cab 100644
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -76,6 +76,7 @@ inherit image-tools-extension
inherit image-postproc-extension
inherit image-locales-extension
inherit image-account-extension
+inherit image-container-extension
# Extra space for rootfs in MB
ROOTFS_EXTRA ?= "64"
--
2.30.2
^ permalink raw reply [flat|nested] 14+ messages in thread* Re: [PATCH v8 1/5] classes: add root filesystem containerizing class
2021-03-29 15:56 ` [PATCH v8 1/5] classes: add root filesystem containerizing class Silvano Cirujano Cuesta
@ 2021-04-08 17:55 ` Jan Kiszka
2021-04-12 7:14 ` Silvano Cirujano Cuesta
2021-04-12 8:20 ` Silvano Cirujano Cuesta
2021-08-19 20:43 ` Bezdeka, Florian
1 sibling, 2 replies; 14+ messages in thread
From: Jan Kiszka @ 2021-04-08 17:55 UTC (permalink / raw)
To: [ext] Silvano Cirujano Cuesta, isar-users, Quirin Gylstorff
On 29.03.21 17:56, [ext] Silvano Cirujano Cuesta wrote:
> This class can be used to create container images which root filesystem
> is that generated by the do_rootfs task.
>
> Containerized root filesystems have following possible use-cases:
> - Using ISAR as a container image builder.
> - Simplify distribution of runtime rootfs (binaries, libraries,
> configurations, ...) for application development or testing.
> - Distributing SDKs.
>
> Signed-off-by: Silvano Cirujano Cuesta <silvano.cirujano-cuesta@siemens.com>
> ---
> .../classes/image-container-extension.bbclass | 82 +++++++++++++++++++
> meta/classes/image.bbclass | 1 +
> 2 files changed, 83 insertions(+)
> create mode 100644 meta/classes/image-container-extension.bbclass
>
> diff --git a/meta/classes/image-container-extension.bbclass b/meta/classes/image-container-extension.bbclass
> new file mode 100644
> index 0000000..f693627
> --- /dev/null
> +++ b/meta/classes/image-container-extension.bbclass
> @@ -0,0 +1,82 @@
> +# This software is a part of ISAR.
> +# Copyright (C) Siemens AG, 2021
> +#
> +# SPDX-License-Identifier: MIT
> +#
> +# This class extends the image.bbclass for containerizing the root filesystem.
> +
> +CONTAINER_FORMATS ?= "docker-archive"
> +IMAGE_INSTALL += "isar-exclude-docs isar-disable-apt-cache"
> +
Quirin tried latest Isar on meta-iot2050, and that now fails during
setup of openjdk:
Setting up openjdk-11-jre-headless:arm64 (11.0.9.1+1-1~deb10u2) ...
update-alternatives: using /usr/lib/jvm/java-11-openjdk-arm64/bin/rmid
to provide /usr/bin/rmid (rmid) in auto mode
update-alternatives: error: error creating symbolic link
'/usr/share/man/man1/rmid.1.gz.dpkg-tmp': No such file or directory
While watching the installation, I happened to see isar-exclude-docs
suddenly being installed while not being selected explicitly,
specifically not for the target image. I bet it's coming in via this
class and its unconditional extension of the IMAGE_INSTALL list.
That leads to (at least) two questions:
- Why do we have isar-exclude-docs here, and also
isar-disable-apt-cache?
- Does isar-exclude-docs have some issue that prevents the usage
together with openjdk, or are those simply incompatible by design?
In any case, we have a regression.
Jan
> +containerize_rootfs() {
> + local cmd="/bin/dash"
> + local empty_tag="empty"
> + local full_tag="latest"
> + local oci_img_dir="${WORKDIR}/oci-image"
> + local rootfs="$1"
> + local rootfs_id="$2"
> + local container_formats="$3"
> +
> + # prepare OCI container image skeleton
> + bbdebug 1 "prepare OCI container image skeleton"
> + rm -rf "${oci_img_dir}"
> + sudo umoci init --layout "${oci_img_dir}"
> + sudo umoci new --image "${oci_img_dir}:${empty_tag}"
> + sudo umoci config --image "${oci_img_dir}:${empty_tag}" \
> + --config.cmd="${cmd}"
> + sudo umoci unpack --image "${oci_img_dir}:${empty_tag}" \
> + "${oci_img_dir}_unpacked"
> +
> + # add root filesystem as the flesh of the skeleton
> + sudo cp -a "${rootfs}"/* "${oci_img_dir}_unpacked/rootfs/"
> + # clean-up temporary files
> + sudo find "${oci_img_dir}_unpacked/rootfs/tmp" -mindepth 1 -delete
> +
> + # pack container image
> + bbdebug 1 "pack container image"
> + sudo umoci repack --image "${oci_img_dir}:${full_tag}" \
> + "${oci_img_dir}_unpacked"
> + sudo umoci remove --image "${oci_img_dir}:${empty_tag}"
> + sudo rm -rf "${oci_img_dir}_unpacked"
> +
> + # no root needed anymore
> + sudo chown --recursive $(id -u):$(id -g) "${oci_img_dir}"
> +
> + # convert the OCI container image to the desired format
> + image_name="isar-${rootfs_id}"
> + for image_type in ${CONTAINER_FORMATS} ; do
> + image_archive="${DEPLOY_DIR_IMAGE}/${rootfs_id}-${image_type}.tar"
> + bbdebug 1 "Creating container image type: ${image_type}"
> + case "${image_type}" in
> + "docker-archive" | "oci-archive")
> + if [ "${image_type}" = "oci-archive" ] ; then
> + target="${image_type}:${image_archive}:latest"
> + else
> + target="${image_type}:${image_archive}:${image_name}:latest"
> + fi
> + rm -f "${image_archive}" "${image_archive}.xz"
> + bbdebug 2 "Converting OCI image to ${image_type}"
> + skopeo --insecure-policy copy \
> + "oci:${oci_img_dir}:${full_tag}" "${target}"
> + bbdebug 2 "Compressing image"
> + xz -T0 "${image_archive}"
> + ;;
> + "oci")
> + tar --create --xz --directory "${oci_img_dir}" \
> + --file "${image_archive}.xz" .
> + ;;
> + "docker-daemon" | "containers-storage")
> + if [ -f /.dockerenv ] || [ -f /run/.containerenv ] ; then
> + die "Adding the container image to a container runtime (${image_type}) not supported if running from a container (e.g. 'kas-container')"
> + fi
> + skopeo --insecure-policy copy \
> + "oci:${oci_img_dir}:${full_tag}" \
> + "${image_type}:${image_name}:latest"
> + ;;
> + *)
> + die "Unsupported format for containerize_rootfs: ${image_type}"
> + ;;
> + esac
> + done
> +}
> +
> diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
> index eddc444..ec93cab 100644
> --- a/meta/classes/image.bbclass
> +++ b/meta/classes/image.bbclass
> @@ -76,6 +76,7 @@ inherit image-tools-extension
> inherit image-postproc-extension
> inherit image-locales-extension
> inherit image-account-extension
> +inherit image-container-extension
>
> # Extra space for rootfs in MB
> ROOTFS_EXTRA ?= "64"
>
--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux
^ permalink raw reply [flat|nested] 14+ messages in thread* Re: [PATCH v8 1/5] classes: add root filesystem containerizing class
2021-04-08 17:55 ` Jan Kiszka
@ 2021-04-12 7:14 ` Silvano Cirujano Cuesta
2021-04-12 8:20 ` Silvano Cirujano Cuesta
1 sibling, 0 replies; 14+ messages in thread
From: Silvano Cirujano Cuesta @ 2021-04-12 7:14 UTC (permalink / raw)
To: Jan Kiszka, isar-users, Quirin Gylstorff
On 08/04/2021 19:55, Jan Kiszka wrote:
> On 29.03.21 17:56, [ext] Silvano Cirujano Cuesta wrote: >> This class can be used to create container images which root >> filesystem is that generated by the do_rootfs task. >> >> Containerized root filesystems have following possible use-cases: - >> Using ISAR as a container image builder. - Simplify distribution of >> runtime rootfs (binaries, libraries, configurations, ...) for >> application development or testing. - Distributing SDKs. >> >> Signed-off-by: Silvano Cirujano Cuesta >> <silvano.cirujano-cuesta@siemens.com> --- >> .../classes/image-container-extension.bbclass | 82 >> +++++++++++++++++++ meta/classes/image.bbclass | >> 1 + 2 files
changed, 83 insertions(+) create mode 100644 >> meta/classes/image-container-extension.bbclass >> >> diff --git a/meta/classes/image-container-extension.bbclass >> b/meta/classes/image-container-extension.bbclass new file mode >> 100644 index 0000000..f693627 --- /dev/null +++ >> b/meta/classes/image-container-extension.bbclass @@ -0,0 +1,82 @@ >> +# This software is a part of ISAR. +#
Copyright (C) Siemens AG, >> 2021 +# +# SPDX-License-Identifier: MIT +# +# This class extends >> the image.bbclass for containerizing the root filesystem. + >> +CONTAINER_FORMATS ?= "docker-archive" +IMAGE_INSTALL +=
>> "isar-exclude-docs isar-disable-apt-cache" + > Quirin tried latest Isar on meta-iot2050, and that now fails during > setup of openjdk: > > Setting up openjdk-11-jre-headless:arm64 (11.0.9.1+1-1~deb10u2) ... > > > > update-alternatives: using > /usr/lib/jvm/java-11-openjdk-arm64/bin/rmid to provide /usr/bin/rmid > (rmid) in auto mode > > > update-alternatives: error: error creating symbolic link > '/usr/share/man/man1/rmid.1.gz.dpkg-tmp': No such file or directory > > > > While watching the installation,
I happened to see isar-exclude-docs > suddenly being installed while not being selected explicitly, > specifically not for the target image. I bet
it's coming in via this > class and its unconditional extension of the IMAGE_INSTALL list.
You're right, it was a late addition and I didn't realized that I was unconditionally adding it to image.bbclass.
My fault, I'll provide a fix.
> That leads to (at least) two questions: - Why do we have > isar-exclude-docs here, and also isar-disable-apt-cache?
This exclusion was only meant for container images, you don't want to have manpages and APT caches in a container image.
As mentioned above, it shouldn't be an unconditional addition to the IMAGE_INSTALL list, but only for container images.
> - Does isar-exclude-docs have some issue that prevents the usage > together with openjdk, or are those simply incompatible by design?
In any case if someone wants to get rid of manpages for very small devices, the recipe isar-exclude-docs should help on that.
The same applies to isar-disable-apt-cache.
My error just triggered a hidden issue: the incompatibility between the implementation of the isar-exclude-docs recipe and other components (for example, openjdk). IMO this issue should get fix too (apart from the unconditional addition of the recipe).
> In any case, we have a regression.
Yes, we do.
> Jan
Silvano
>> +containerize_rootfs() { + local cmd="/bin/dash" + local >> empty_tag="empty" + local full_tag="latest" + local >> oci_img_dir="${WORKDIR}/oci-image" + local rootfs="$1" + >> local rootfs_id="$2" + local container_formats="$3" + + # >> prepare OCI container image skeleton + bbdebug 1 "prepare OCI >> container image skeleton" + rm -rf "${oci_img_dir}" + sudo >> umoci init --layout "${oci_img_dir}" + sudo umoci new --image >> "${oci_img_dir}:${empty_tag}" + sudo umoci config --image >>
"${oci_img_dir}:${empty_tag}" \ + --config.cmd="${cmd}" + >> sudo umoci
unpack --image "${oci_img_dir}:${empty_tag}" \ + >> "${oci_img_dir}_unpacked" + + # add root filesystem as the flesh >> of the skeleton + sudo cp -a "${rootfs}"/* >> "${oci_img_dir}_unpacked/rootfs/" + # clean-up temporary files + >> sudo find "${oci_img_dir}_unpacked/rootfs/tmp" -mindepth 1
-delete >> + + # pack container image + bbdebug 1 "pack container >> image" + sudo umoci repack --image "${oci_img_dir}:${full_tag}" >> \ + "${oci_img_dir}_unpacked" + sudo umoci remove
--image >> "${oci_img_dir}:${empty_tag}" + sudo rm -rf >> "${oci_img_dir}_unpacked" + + # no root needed anymore + sudo >> chown --recursive $(id -u):$(id -g) "${oci_img_dir}" + + # >> convert the OCI container image to
the desired format + >> image_name="isar-${rootfs_id}" + for image_type
in >> ${CONTAINER_FORMATS} ; do + >> image_archive="${DEPLOY_DIR_IMAGE}/${rootfs_id}-${image_type}.tar" >> + bbdebug 1 "Creating container image
type: ${image_type}" + >> case "${image_type}" in + "docker-archive" | >>
"oci-archive") + if [ "${image_type}" = >> "oci-archive" ] ; then + >> target="${image_type}:${image_archive}:latest" + >> else + >> target="${image_type}:${image_archive}:${image_name}:latest" + >> fi + rm -f "${image_archive}" "${image_archive}.xz" >> + bbdebug 2 "Converting OCI image to ${image_type}" >> + skopeo --insecure-policy copy \ + >> "oci:${oci_img_dir}:${full_tag}" "${target}" + >> bbdebug 2 "Compressing image" + xz
-T0 >> "${image_archive}" + ;; + "oci") + >>
tar --create --xz --directory "${oci_img_dir}" \ + >> --file "${image_archive}.xz" . + ;; + >> "docker-daemon" | "containers-storage") + if [ -f >> /.dockerenv ] || [ -f /run/.containerenv ] ; then + >> die "Adding the container image to a container runtime >> (${image_type}) not supported if running from a container (e.g. >> 'kas-container')" + fi + skopeo >> --insecure-policy copy \ + >> "oci:${oci_img_dir}:${full_tag}" \ + >> "${image_type}:${image_name}:latest" + ;; + >> *) + die "Unsupported format for >> containerize_rootfs: ${image_type}" + ;; + >> esac + done +} + diff --git a/meta/classes/image.bbclass >> b/meta/classes/image.bbclass index eddc444..ec93cab 100644 --- >> a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass @@ >> -76,6 +76,7 @@ inherit image-tools-extension inherit >> image-postproc-extension inherit image-locales-extension inherit
>> image-account-extension +inherit image-container-extension >> >> # Extra space for rootfs in MB ROOTFS_EXTRA
?= "64" >> Silvano Cirujano Cuesta
--
Siemens AG, T RDA IOT SES-DE
Corporate Competence Center Embedded Linux
^ permalink raw reply [flat|nested] 14+ messages in thread* Re: [PATCH v8 1/5] classes: add root filesystem containerizing class
2021-04-08 17:55 ` Jan Kiszka
2021-04-12 7:14 ` Silvano Cirujano Cuesta
@ 2021-04-12 8:20 ` Silvano Cirujano Cuesta
1 sibling, 0 replies; 14+ messages in thread
From: Silvano Cirujano Cuesta @ 2021-04-12 8:20 UTC (permalink / raw)
To: Jan Kiszka, isar-users, Quirin Gylstorff
Apparently my mail client mangled my previous reply... :-/
Thanks to Jan for making me aware of it.
This one should be readable.
On 08/04/2021 19:55, Jan Kiszka wrote:
> On 29.03.21 17:56, [ext] Silvano Cirujano Cuesta wrote:
>> This class can be used to create container images which root filesystem
>> is that generated by the do_rootfs task.
>>
>> Containerized root filesystems have following possible use-cases:
>> - Using ISAR as a container image builder.
>> - Simplify distribution of runtime rootfs (binaries, libraries,
>> configurations, ...) for application development or testing.
>> - Distributing SDKs.
>>
>> Signed-off-by: Silvano Cirujano Cuesta <silvano.cirujano-cuesta@siemens.com>
>> ---
>> .../classes/image-container-extension.bbclass | 82 +++++++++++++++++++
>> meta/classes/image.bbclass | 1 +
>> 2 files changed, 83 insertions(+)
>> create mode 100644 meta/classes/image-container-extension.bbclass
>>
>> diff --git a/meta/classes/image-container-extension.bbclass b/meta/classes/image-container-extension.bbclass
>> new file mode 100644
>> index 0000000..f693627
>> --- /dev/null
>> +++ b/meta/classes/image-container-extension.bbclass
>> @@ -0,0 +1,82 @@
>> +# This software is a part of ISAR.
>> +# Copyright (C) Siemens AG, 2021
>> +#
>> +# SPDX-License-Identifier: MIT
>> +#
>> +# This class extends the image.bbclass for containerizing the root filesystem.
>> +
>> +CONTAINER_FORMATS ?= "docker-archive"
>> +IMAGE_INSTALL += "isar-exclude-docs isar-disable-apt-cache"
>> +
>
> Quirin tried latest Isar on meta-iot2050, and that now fails during
> setup of openjdk:
>
> Setting up openjdk-11-jre-headless:arm64 (11.0.9.1+1-1~deb10u2) ...
>
>
>
> update-alternatives: using /usr/lib/jvm/java-11-openjdk-arm64/bin/rmid
> to provide /usr/bin/rmid (rmid) in auto mode
>
>
> update-alternatives: error: error creating symbolic link
> '/usr/share/man/man1/rmid.1.gz.dpkg-tmp': No such file or directory
>
>
>
> While watching the installation, I happened to see isar-exclude-docs
> suddenly being installed while not being selected explicitly,
> specifically not for the target image. I bet it's coming in via this
> class and its unconditional extension of the IMAGE_INSTALL list.
You're right, it was a late addition and I didn't realized that I was unconditionally adding it to image.bbclass.
This exclusion was only meant for container images, you don't want to have manpages and APT caches in a container image.
My fault, I'll provide a fix.
>
> That leads to (at least) two questions:
> - Why do we have isar-exclude-docs here, and also
> isar-disable-apt-cache?
> - Does isar-exclude-docs have some issue that prevents the usage
> together with openjdk, or are those simply incompatible by design?
IMO if someone wants to get rid of manpages for very small devices, the recipe isar-exclude-docs should help on that.
The same applies to isar-disable-apt-cache.
My error just triggered a hidden issue: the incompatibility between the implementation of the isar-exclude-docs recipe and other components (for example, openjdk).
IMO this issue should get fix too (apart from the unconditional addition of the recipe).
Unless such a configuration is unsupported, but I think that's the scope of the other thread that you opened ;-)
>
> In any case, we have a regression.
Yes, we do.
Silvano
>
> Jan
>
>> +containerize_rootfs() {
>> + local cmd="/bin/dash"
>> + local empty_tag="empty"
>> + local full_tag="latest"
>> + local oci_img_dir="${WORKDIR}/oci-image"
>> + local rootfs="$1"
>> + local rootfs_id="$2"
>> + local container_formats="$3"
>> +
>> + # prepare OCI container image skeleton
>> + bbdebug 1 "prepare OCI container image skeleton"
>> + rm -rf "${oci_img_dir}"
>> + sudo umoci init --layout "${oci_img_dir}"
>> + sudo umoci new --image "${oci_img_dir}:${empty_tag}"
>> + sudo umoci config --image "${oci_img_dir}:${empty_tag}" \
>> + --config.cmd="${cmd}"
>> + sudo umoci unpack --image "${oci_img_dir}:${empty_tag}" \
>> + "${oci_img_dir}_unpacked"
>> +
>> + # add root filesystem as the flesh of the skeleton
>> + sudo cp -a "${rootfs}"/* "${oci_img_dir}_unpacked/rootfs/"
>> + # clean-up temporary files
>> + sudo find "${oci_img_dir}_unpacked/rootfs/tmp" -mindepth 1 -delete
>> +
>> + # pack container image
>> + bbdebug 1 "pack container image"
>> + sudo umoci repack --image "${oci_img_dir}:${full_tag}" \
>> + "${oci_img_dir}_unpacked"
>> + sudo umoci remove --image "${oci_img_dir}:${empty_tag}"
>> + sudo rm -rf "${oci_img_dir}_unpacked"
>> +
>> + # no root needed anymore
>> + sudo chown --recursive $(id -u):$(id -g) "${oci_img_dir}"
>> +
>> + # convert the OCI container image to the desired format
>> + image_name="isar-${rootfs_id}"
>> + for image_type in ${CONTAINER_FORMATS} ; do
>> + image_archive="${DEPLOY_DIR_IMAGE}/${rootfs_id}-${image_type}.tar"
>> + bbdebug 1 "Creating container image type: ${image_type}"
>> + case "${image_type}" in
>> + "docker-archive" | "oci-archive")
>> + if [ "${image_type}" = "oci-archive" ] ; then
>> + target="${image_type}:${image_archive}:latest"
>> + else
>> + target="${image_type}:${image_archive}:${image_name}:latest"
>> + fi
>> + rm -f "${image_archive}" "${image_archive}.xz"
>> + bbdebug 2 "Converting OCI image to ${image_type}"
>> + skopeo --insecure-policy copy \
>> + "oci:${oci_img_dir}:${full_tag}" "${target}"
>> + bbdebug 2 "Compressing image"
>> + xz -T0 "${image_archive}"
>> + ;;
>> + "oci")
>> + tar --create --xz --directory "${oci_img_dir}" \
>> + --file "${image_archive}.xz" .
>> + ;;
>> + "docker-daemon" | "containers-storage")
>> + if [ -f /.dockerenv ] || [ -f /run/.containerenv ] ; then
>> + die "Adding the container image to a container runtime (${image_type}) not supported if running from a container (e.g. 'kas-container')"
>> + fi
>> + skopeo --insecure-policy copy \
>> + "oci:${oci_img_dir}:${full_tag}" \
>> + "${image_type}:${image_name}:latest"
>> + ;;
>> + *)
>> + die "Unsupported format for containerize_rootfs: ${image_type}"
>> + ;;
>> + esac
>> + done
>> +}
>> +
>> diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
>> index eddc444..ec93cab 100644
>> --- a/meta/classes/image.bbclass
>> +++ b/meta/classes/image.bbclass
>> @@ -76,6 +76,7 @@ inherit image-tools-extension
>> inherit image-postproc-extension
>> inherit image-locales-extension
>> inherit image-account-extension
>> +inherit image-container-extension
>>
>> # Extra space for rootfs in MB
>> ROOTFS_EXTRA ?= "64"
>>
>
--
Silvano Cirujano Cuesta
--
Siemens AG, T RDA IOT SES-DE
Corporate Competence Center Embedded Linux
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH v8 1/5] classes: add root filesystem containerizing class
2021-03-29 15:56 ` [PATCH v8 1/5] classes: add root filesystem containerizing class Silvano Cirujano Cuesta
2021-04-08 17:55 ` Jan Kiszka
@ 2021-08-19 20:43 ` Bezdeka, Florian
2021-08-20 6:54 ` Jan Kiszka
1 sibling, 1 reply; 14+ messages in thread
From: Bezdeka, Florian @ 2021-08-19 20:43 UTC (permalink / raw)
To: isar-users, Cirujano Cuesta, Silvano
Cc: jan.kiszka, felix.moeser, henning.schild
On Mon, 2021-03-29 at 17:56 +0200, [ext] Silvano Cirujano Cuesta wrote:
> This class can be used to create container images which root filesystem
> is that generated by the do_rootfs task.
>
> Containerized root filesystems have following possible use-cases:
> - Using ISAR as a container image builder.
> - Simplify distribution of runtime rootfs (binaries, libraries,
> configurations, ...) for application development or testing.
> - Distributing SDKs.
>
> Signed-off-by: Silvano Cirujano Cuesta <silvano.cirujano-cuesta@siemens.com>
> ---
> .../classes/image-container-extension.bbclass | 82 +++++++++++++++++++
> meta/classes/image.bbclass | 1 +
> 2 files changed, 83 insertions(+)
> create mode 100644 meta/classes/image-container-extension.bbclass
>
> diff --git a/meta/classes/image-container-extension.bbclass b/meta/classes/image-container-extension.bbclass
> new file mode 100644
> index 0000000..f693627
> --- /dev/null
> +++ b/meta/classes/image-container-extension.bbclass
> @@ -0,0 +1,82 @@
> +# This software is a part of ISAR.
> +# Copyright (C) Siemens AG, 2021
> +#
> +# SPDX-License-Identifier: MIT
> +#
> +# This class extends the image.bbclass for containerizing the root filesystem.
> +
> +CONTAINER_FORMATS ?= "docker-archive"
> +IMAGE_INSTALL += "isar-exclude-docs isar-disable-apt-cache"
> +
> +containerize_rootfs() {
> + local cmd="/bin/dash"
> + local empty_tag="empty"
> + local full_tag="latest"
> + local oci_img_dir="${WORKDIR}/oci-image"
> + local rootfs="$1"
> + local rootfs_id="$2"
> + local container_formats="$3"
> +
> + # prepare OCI container image skeleton
> + bbdebug 1 "prepare OCI container image skeleton"
> + rm -rf "${oci_img_dir}"
> + sudo umoci init --layout "${oci_img_dir}"
Sorry for replying to this quite old thread but the timestamp of the
commit actually delivered this patch as root cause:
Who makes sure umoci is available?
We updated to recent ISAR-next and got a build failure. umoci not
found.
Sounds like a missing IMAGER_INSTALL += "umoci" or similar.
Florian
> + sudo umoci new --image "${oci_img_dir}:${empty_tag}"
> + sudo umoci config --image "${oci_img_dir}:${empty_tag}" \
> + --config.cmd="${cmd}"
> + sudo umoci unpack --image "${oci_img_dir}:${empty_tag}" \
> + "${oci_img_dir}_unpacked"
> +
> + # add root filesystem as the flesh of the skeleton
> + sudo cp -a "${rootfs}"/* "${oci_img_dir}_unpacked/rootfs/"
> + # clean-up temporary files
> + sudo find "${oci_img_dir}_unpacked/rootfs/tmp" -mindepth 1 -delete
> +
> + # pack container image
> + bbdebug 1 "pack container image"
> + sudo umoci repack --image "${oci_img_dir}:${full_tag}" \
> + "${oci_img_dir}_unpacked"
> + sudo umoci remove --image "${oci_img_dir}:${empty_tag}"
> + sudo rm -rf "${oci_img_dir}_unpacked"
> +
> + # no root needed anymore
> + sudo chown --recursive $(id -u):$(id -g) "${oci_img_dir}"
> +
> + # convert the OCI container image to the desired format
> + image_name="isar-${rootfs_id}"
> + for image_type in ${CONTAINER_FORMATS} ; do
> + image_archive="${DEPLOY_DIR_IMAGE}/${rootfs_id}-${image_type}.tar"
> + bbdebug 1 "Creating container image type: ${image_type}"
> + case "${image_type}" in
> + "docker-archive" | "oci-archive")
> + if [ "${image_type}" = "oci-archive" ] ; then
> + target="${image_type}:${image_archive}:latest"
> + else
> + target="${image_type}:${image_archive}:${image_name}:latest"
> + fi
> + rm -f "${image_archive}" "${image_archive}.xz"
> + bbdebug 2 "Converting OCI image to ${image_type}"
> + skopeo --insecure-policy copy \
> + "oci:${oci_img_dir}:${full_tag}" "${target}"
> + bbdebug 2 "Compressing image"
> + xz -T0 "${image_archive}"
> + ;;
> + "oci")
> + tar --create --xz --directory "${oci_img_dir}" \
> + --file "${image_archive}.xz" .
> + ;;
> + "docker-daemon" | "containers-storage")
> + if [ -f /.dockerenv ] || [ -f /run/.containerenv ] ; then
> + die "Adding the container image to a container runtime (${image_type}) not supported if running from a container (e.g. 'kas-container')"
> + fi
> + skopeo --insecure-policy copy \
> + "oci:${oci_img_dir}:${full_tag}" \
> + "${image_type}:${image_name}:latest"
> + ;;
> + *)
> + die "Unsupported format for containerize_rootfs: ${image_type}"
> + ;;
> + esac
> + done
> +}
> +
> diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
> index eddc444..ec93cab 100644
> --- a/meta/classes/image.bbclass
> +++ b/meta/classes/image.bbclass
> @@ -76,6 +76,7 @@ inherit image-tools-extension
> inherit image-postproc-extension
> inherit image-locales-extension
> inherit image-account-extension
> +inherit image-container-extension
>
> # Extra space for rootfs in MB
> ROOTFS_EXTRA ?= "64"
> --
> 2.30.2
>
^ permalink raw reply [flat|nested] 14+ messages in thread* Re: [PATCH v8 1/5] classes: add root filesystem containerizing class
2021-08-19 20:43 ` Bezdeka, Florian
@ 2021-08-20 6:54 ` Jan Kiszka
2021-08-31 12:56 ` Silvano Cirujano Cuesta
0 siblings, 1 reply; 14+ messages in thread
From: Jan Kiszka @ 2021-08-20 6:54 UTC (permalink / raw)
To: Bezdeka, Florian, isar-users, Cirujano Cuesta, Silvano
Cc: felix.moeser, henning.schild
On 19.08.21 22:43, Bezdeka, Florian wrote:
> On Mon, 2021-03-29 at 17:56 +0200, [ext] Silvano Cirujano Cuesta wrote:
>> This class can be used to create container images which root filesystem
>> is that generated by the do_rootfs task.
>>
>> Containerized root filesystems have following possible use-cases:
>> - Using ISAR as a container image builder.
>> - Simplify distribution of runtime rootfs (binaries, libraries,
>> configurations, ...) for application development or testing.
>> - Distributing SDKs.
>>
>> Signed-off-by: Silvano Cirujano Cuesta <silvano.cirujano-cuesta@siemens.com>
>> ---
>> .../classes/image-container-extension.bbclass | 82 +++++++++++++++++++
>> meta/classes/image.bbclass | 1 +
>> 2 files changed, 83 insertions(+)
>> create mode 100644 meta/classes/image-container-extension.bbclass
>>
>> diff --git a/meta/classes/image-container-extension.bbclass b/meta/classes/image-container-extension.bbclass
>> new file mode 100644
>> index 0000000..f693627
>> --- /dev/null
>> +++ b/meta/classes/image-container-extension.bbclass
>> @@ -0,0 +1,82 @@
>> +# This software is a part of ISAR.
>> +# Copyright (C) Siemens AG, 2021
>> +#
>> +# SPDX-License-Identifier: MIT
>> +#
>> +# This class extends the image.bbclass for containerizing the root filesystem.
>> +
>> +CONTAINER_FORMATS ?= "docker-archive"
>> +IMAGE_INSTALL += "isar-exclude-docs isar-disable-apt-cache"
>> +
>> +containerize_rootfs() {
>> + local cmd="/bin/dash"
>> + local empty_tag="empty"
>> + local full_tag="latest"
>> + local oci_img_dir="${WORKDIR}/oci-image"
>> + local rootfs="$1"
>> + local rootfs_id="$2"
>> + local container_formats="$3"
>> +
>> + # prepare OCI container image skeleton
>> + bbdebug 1 "prepare OCI container image skeleton"
>> + rm -rf "${oci_img_dir}"
>> + sudo umoci init --layout "${oci_img_dir}"
>
> Sorry for replying to this quite old thread but the timestamp of the
> commit actually delivered this patch as root cause:
>
> Who makes sure umoci is available?
>
The build environment you need to prepare for Isar, either a manually
installed Debian or a container like kas-isar.
Jan
--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux
^ permalink raw reply [flat|nested] 14+ messages in thread* Re: [PATCH v8 1/5] classes: add root filesystem containerizing class
2021-08-20 6:54 ` Jan Kiszka
@ 2021-08-31 12:56 ` Silvano Cirujano Cuesta
0 siblings, 0 replies; 14+ messages in thread
From: Silvano Cirujano Cuesta @ 2021-08-31 12:56 UTC (permalink / raw)
To: Jan Kiszka, Bezdeka, Florian, isar-users; +Cc: felix.moeser, henning.schild
On 20/08/2021 08:54, Jan Kiszka wrote:
> On 19.08.21 22:43, Bezdeka, Florian wrote:
>> On Mon, 2021-03-29 at 17:56 +0200, [ext] Silvano Cirujano Cuesta wrote:
>>> This class can be used to create container images which root filesystem
>>> is that generated by the do_rootfs task.
>>>
>>> Containerized root filesystems have following possible use-cases:
>>> - Using ISAR as a container image builder.
>>> - Simplify distribution of runtime rootfs (binaries, libraries,
>>> configurations, ...) for application development or testing.
>>> - Distributing SDKs.
>>>
>>> Signed-off-by: Silvano Cirujano Cuesta <silvano.cirujano-cuesta@siemens.com>
>>> ---
>>> .../classes/image-container-extension.bbclass | 82 +++++++++++++++++++
>>> meta/classes/image.bbclass | 1 +
>>> 2 files changed, 83 insertions(+)
>>> create mode 100644 meta/classes/image-container-extension.bbclass
>>>
>>> diff --git a/meta/classes/image-container-extension.bbclass b/meta/classes/image-container-extension.bbclass
>>> new file mode 100644
>>> index 0000000..f693627
>>> --- /dev/null
>>> +++ b/meta/classes/image-container-extension.bbclass
>>> @@ -0,0 +1,82 @@
>>> +# This software is a part of ISAR.
>>> +# Copyright (C) Siemens AG, 2021
>>> +#
>>> +# SPDX-License-Identifier: MIT
>>> +#
>>> +# This class extends the image.bbclass for containerizing the root filesystem.
>>> +
>>> +CONTAINER_FORMATS ?= "docker-archive"
>>> +IMAGE_INSTALL += "isar-exclude-docs isar-disable-apt-cache"
>>> +
>>> +containerize_rootfs() {
>>> + local cmd="/bin/dash"
>>> + local empty_tag="empty"
>>> + local full_tag="latest"
>>> + local oci_img_dir="${WORKDIR}/oci-image"
>>> + local rootfs="$1"
>>> + local rootfs_id="$2"
>>> + local container_formats="$3"
>>> +
>>> + # prepare OCI container image skeleton
>>> + bbdebug 1 "prepare OCI container image skeleton"
>>> + rm -rf "${oci_img_dir}"
>>> + sudo umoci init --layout "${oci_img_dir}"
>>
>> Sorry for replying to this quite old thread but the timestamp of the
>> commit actually delivered this patch as root cause:
>>
>> Who makes sure umoci is available?
>>
>
> The build environment you need to prepare for Isar, either a manually
> installed Debian or a container like kas-isar.
>
> Jan
>
Let me add that the needed packages are officially available for the freshly released Debian Stable/Bullseye/11.
Manually backporting them to Buster might work though if stricktly needed...
--
Silvano Cirujano Cuesta
--
Siemens AG, T RDA IOT SES-DE
Corporate Competence Center Embedded Linux
^ permalink raw reply [flat|nested] 14+ messages in thread
* [PATCH v8 2/5] classes: add new image type 'container-img'
2021-03-29 15:56 [PATCH v8 0/5] Add support for containerized root filesystems Silvano Cirujano Cuesta
2021-03-29 15:56 ` [PATCH v8 1/5] classes: add root filesystem containerizing class Silvano Cirujano Cuesta
@ 2021-03-29 15:56 ` Silvano Cirujano Cuesta
2021-03-29 15:56 ` [PATCH v8 3/5] sdk: add support for containerized sdk Silvano Cirujano Cuesta
` (3 subsequent siblings)
5 siblings, 0 replies; 14+ messages in thread
From: Silvano Cirujano Cuesta @ 2021-03-29 15:56 UTC (permalink / raw)
To: isar-users
Add a new "image" class for generating a container image containing the
target root filesystem.
Signed-off-by: Silvano Cirujano Cuesta <silvano.cirujano-cuesta@siemens.com>
---
meta/classes/container-img.bbclass | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
create mode 100644 meta/classes/container-img.bbclass
diff --git a/meta/classes/container-img.bbclass b/meta/classes/container-img.bbclass
new file mode 100644
index 0000000..79ef3e8
--- /dev/null
+++ b/meta/classes/container-img.bbclass
@@ -0,0 +1,18 @@
+# This software is a part of ISAR.
+# Copyright (C) Siemens AG, 2021
+#
+# SPDX-License-Identifier: MIT
+#
+# This class provides the task 'containerize_rootfs'
+# to create container images containing the target rootfs.
+
+do_container_image[stamp-extra-info] = "${DISTRO}-${MACHINE}"
+do_container_image[vardeps] += "CONTAINER_FORMATS"
+do_container_image(){
+ rootfs_id="${DISTRO}-${DISTRO_ARCH}"
+
+ bbdebug 1 "Generate container image in these formats: ${CONTAINER_FORMATS}"
+ containerize_rootfs "${IMAGE_ROOTFS}" "${rootfs_id}" "${CONTAINER_FORMATS}"
+}
+
+addtask container_image before do_image after do_image_tools
--
2.30.2
^ permalink raw reply [flat|nested] 14+ messages in thread* [PATCH v8 3/5] sdk: add support for containerized sdk
2021-03-29 15:56 [PATCH v8 0/5] Add support for containerized root filesystems Silvano Cirujano Cuesta
2021-03-29 15:56 ` [PATCH v8 1/5] classes: add root filesystem containerizing class Silvano Cirujano Cuesta
2021-03-29 15:56 ` [PATCH v8 2/5] classes: add new image type 'container-img' Silvano Cirujano Cuesta
@ 2021-03-29 15:56 ` Silvano Cirujano Cuesta
2021-03-29 15:56 ` [PATCH v8 4/5] docs: document creation of container images Silvano Cirujano Cuesta
` (2 subsequent siblings)
5 siblings, 0 replies; 14+ messages in thread
From: Silvano Cirujano Cuesta @ 2021-03-29 15:56 UTC (permalink / raw)
To: isar-users
Extend also task "populate_sdk" to support the creation of a container image
containing the SDK.
Signed-off-by: Silvano Cirujano Cuesta <silvano.cirujano-cuesta@siemens.com>
---
meta/classes/image-sdk-extension.bbclass | 42 ++++++++++++++++++++----
1 file changed, 35 insertions(+), 7 deletions(-)
diff --git a/meta/classes/image-sdk-extension.bbclass b/meta/classes/image-sdk-extension.bbclass
index a8c708a..426b925 100644
--- a/meta/classes/image-sdk-extension.bbclass
+++ b/meta/classes/image-sdk-extension.bbclass
@@ -6,11 +6,25 @@
# This class extends the image.bbclass to supply the creation of a sdk
SDK_INCLUDE_ISAR_APT ?= "0"
+SDK_FORMATS ?= "tar-xz"
+
+sdk_tar_xz() {
+ # Copy mount_chroot.sh for convenience
+ sudo cp ${SCRIPTSDIR}/mount_chroot.sh ${SDKCHROOT_DIR}
+
+ # Create SDK archive
+ cd -P ${SDKCHROOT_DIR}/..
+ sudo tar --transform="s|^rootfs|sdk-${DISTRO}-${DISTRO_ARCH}|" \
+ -c rootfs | xz -T0 > ${DEPLOY_DIR_IMAGE}/sdk-${DISTRO}-${DISTRO_ARCH}.tar.xz
+ bbdebug 1 "SDK rootfs available in ${DEPLOY_DIR_IMAGE}/sdk-${DISTRO}-${DISTRO_ARCH}.tar.xz"
+}
do_populate_sdk[stamp-extra-info] = "${DISTRO}-${MACHINE}"
do_populate_sdk[depends] = "sdkchroot:do_build"
-do_populate_sdk[vardeps] += "SDK_INCLUDE_ISAR_APT"
+do_populate_sdk[vardeps] += "SDK_INCLUDE_ISAR_APT SDK_FORMATS"
do_populate_sdk() {
+ local sdk_container_formats=""
+
if [ "${SDK_INCLUDE_ISAR_APT}" = "1" ]; then
# Copy isar-apt with deployed Isar packages
sudo cp -Trpfx ${REPO_ISAR_DIR}/${DISTRO} ${SDKCHROOT_DIR}/isar-apt
@@ -48,12 +62,26 @@ do_populate_sdk() {
done
done
- # Copy mount_chroot.sh for convenience
- sudo cp ${SCRIPTSDIR}/mount_chroot.sh ${SDKCHROOT_DIR}
+ # separate SDK formats: TAR and container formats
+ for sdk_format in ${SDK_FORMATS} ; do
+ case ${sdk_format} in
+ "tar-xz")
+ sdk_tar_xz
+ ;;
+ "docker-archive" | "oci" | "oci-archive" | "docker-daemon" | "containers-storage")
+ sdk_container_formats="${sdk_container_formats} ${sdk_format}"
+ ;;
+ *)
+ die "unsupported SDK format specified: ${sdk_format}"
+ ;;
+ esac
+ done
- # Create SDK archive
- cd -P ${SDKCHROOT_DIR}/..
- sudo tar --transform="s|^rootfs|sdk-${DISTRO}-${DISTRO_ARCH}|" \
- -c rootfs | xz -T0 > ${DEPLOY_DIR_IMAGE}/sdk-${DISTRO}-${DISTRO_ARCH}.tar.xz
+ # generate the SDK in all the desired container formats
+ if [ -n "${sdk_container_formats}" ] ; then
+ bbnote "Generating SDK container in ${sdk_container_formats} format"
+ containerize_rootfs "${SDKCHROOT_DIR}" "sdk-${DISTRO}-${DISTRO_ARCH}" "${sdk_container_formats}"
+ fi
}
+
addtask populate_sdk after do_rootfs
--
2.30.2
^ permalink raw reply [flat|nested] 14+ messages in thread* [PATCH v8 4/5] docs: document creation of container images
2021-03-29 15:56 [PATCH v8 0/5] Add support for containerized root filesystems Silvano Cirujano Cuesta
` (2 preceding siblings ...)
2021-03-29 15:56 ` [PATCH v8 3/5] sdk: add support for containerized sdk Silvano Cirujano Cuesta
@ 2021-03-29 15:56 ` Silvano Cirujano Cuesta
2021-03-29 15:56 ` [PATCH v8 5/5] ci: add container image sample configurations Silvano Cirujano Cuesta
2021-04-02 15:18 ` [PATCH v8 0/5] Add support for containerized root filesystems Anton Mikanovich
5 siblings, 0 replies; 14+ messages in thread
From: Silvano Cirujano Cuesta @ 2021-03-29 15:56 UTC (permalink / raw)
To: isar-users
Signed-off-by: Silvano Cirujano Cuesta <silvano.cirujano-cuesta@siemens.com>
---
doc/user_manual.md | 179 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 179 insertions(+)
diff --git a/doc/user_manual.md b/doc/user_manual.md
index a4f3d1d..e57551b 100644
--- a/doc/user_manual.md
+++ b/doc/user_manual.md
@@ -19,6 +19,7 @@ Copyright (C) 2016-2019, ilbers GmbH
- [Add a Custom Application](#add-a-custom-application)
- [Enabling Cross-compilation](#isar-cross-compilation)
- [Create an ISAR SDK root filesystem](#create-an-isar-sdk-root-filesystem)
+ - [Create a containerized Isar SDK root filesystem](#create-a-containerized-isar-sdk-root-filesystem)
- [Creation of local apt repo caching upstream Debian packages](#creation-of-local-apt-repo-caching-upstream-debian-packages)
@@ -84,6 +85,14 @@ If your host is >= buster, also install the following package.
apt install python3-distutils
```
+If you want to generate containerized SDKs, also install the following
+packages: `umoci` and `skopeo`.
+Umoci is provided by Debian Buster and can be installed with
+`apt install umoci`, Skopeo is provided by Debian Bullseye/Unstable and has to
+be installed either manually downloading the DEB and installing it (no other
+packages required) or with `apt install -t bullseye skopeo` (if
+unstable/bullseye included in `/etc/apt/sources.list[.d]`).
+
Notes:
* BitBake requires Python 3.4+.
@@ -223,6 +232,73 @@ qemu-system-x86_64 -m 256M -nographic -bios edk2/Build/OvmfX64/RELEASE_*/FV/OVMF
qemu-system-i386 -m 256M -nographic -hda tmp/deploy/images/qemui386/isar-image-base-debian-buster-qemui386.wic.img
```
+### Generate container image with root filesystem
+
+A runnable container image is generated if you set IMAGE_TYPE to
+'container-img'.
+Getting a container image can be the main purpose of an Isar configuration,
+but not only.
+A container image created from an Isar configuration meant for bare-metal or
+virtual machines can be helpfull to test certain applications which
+requirements (e.g. libraries) can be easily resolved in a containerized
+environment.
+
+Container images can be generated in different formats, selected with the
+variable `CONTAINER_FORMAT`. One or more (whitespace separated) of following
+options can be given:
+ - `docker-archive`: (default) an archive containing a Docker image that can
+ be imported with [`docker import`](https://docs.docker.com/engine/reference/commandline/import/)
+ - `docker-daemon`: resulting container image is made available on the local
+ Docker Daemon
+ - `containers-storage`: resulting container image is made available to tools
+ using containers/storage back-end (e.g. Podman, CRIO, buildah,...)
+ - `oci-archive`: an archive containing an OCI image, mostly for archiving as
+ seed for any of the above formats
+
+Following formats don't work if running `bitbake ...` (to build the image)
+from inside of a container (e.g. using `kas-container`): `docker-daemon` and
+`containers-storage`.
+It's technically possible, but requires making host resources (e.g. the
+Docker Daemon socket) accessible in the container, which can endanger the
+stability and security of the host.
+
+The resulting container image archives (only for `docker-archive` and
+`oci-archive`) are made available as
+`tmp/deploy/images/${MACHINE}/${DISTRO}-${DISTRO_ARCH}-${container_format}.tar.xz`
+(being `container_format` each one of the formats specified in
+`CONTAINER_FORMAT`).
+
+### Example
+
+ - Make the relevant environment variables available to the task
+
+For one-shot builds (use `local.conf` otherwise):
+
+```
+export BB_ENV_EXTRAWHITE="$BB_ENV_EXTRAWHITE IMAGE_TYPE CONTAINER_FORMAT"
+export IMAGE_TYPE="container-img"
+export CONTAINER_FORMAT="docker-archive"
+```
+
+ - Trigger creation of container image from root filesystem
+
+```
+bitbake mc:qemuarm-buster:isar-image-base
+```
+
+ - Load the container image into the Docker Daemon
+
+```
+xzcat build/tmp/deploy/images/qemuarm/debian-buster-armhf-docker-archive.tar.xz | docker load
+```
+
+ - Run a container using the container image (following commands starting with
+ `#~:` are to be run in the container)
+
+```
+docker run --rm -ti --volume "$(pwd):/build" isar-buster-armhf:latest
+```
+
---
## Terms and Definitions
@@ -834,6 +910,109 @@ ii crossbuild-essential-armhf 12.3 all Inf
~#
```
+## Create a containerized Isar SDK root filesystem
+
+### Motivation
+
+Distributing and using the SDK root filesystem created following the
+instructions in
+"[Create an Isar SDK root filesystem](#create-an-isar-sdk-root-filesystem)"
+becomes easier using container images (at least for those using containers
+anyway).
+A "containerized" SDK adds to those advantages of a normal SDK root filesystem
+the comfort of container images.
+
+### Approach
+
+Create container image with SDK root filesystem with installed cross-toolchain
+for target architecture and ability to install already prebuilt target binary
+artifacts.
+Developer:
+ - runs a container based on the resulting container image mounting the source
+ code to be built,
+ - develops applications for target platform on the container and
+ - leaves the container getting the results on the mounted directory.
+
+### Solution
+
+User specifies the variable `SDK_FORMATS` providing a space-separated list of
+SDK formats to generate.
+
+Supported formats are:
+ - `tar-xz`: (default) is the non-containerized format that results from
+ following the instructions in
+ "[Create an ISAR SDK root filesystem](#create-an-isar-sdk-root-filesystem)"
+ - `docker-archive`: an archive containing a Docker image that can be imported
+ with
+ [`docker import`](https://docs.docker.com/engine/reference/commandline/import/)
+ - `docker-daemon`: resulting container image is made available on the local
+ Docker Daemon
+ - `containers-storage`: resulting container image is made available to tools
+ using containers/storage back-end (e.g. Podman, CRIO, buildah,...)
+ - `oci-archive`: an archive containing an OCI image, mostly for archiving as
+ seed for any of the above formats
+
+User manually triggers creation of SDK formats for his target platform by
+launching the task `do_populate_sdk` for target image, f.e.
+`bitbake -c do_populate_sdk mc:${MACHINE}-${DISTRO}:isar-image-base`.
+Packages that should be additionally installed into the SDK can be appended to
+`SDK_PREINSTALL` (external repositories) and `SDK_INSTALL` (self-built).
+
+Following formats don't work if running `bitbake -c do_populate_sdk ...` (to
+generate the containerized SDK) from inside of a container (e.g. using
+`kas-container`): `docker-daemon` and `containers-storage`.
+It's technically possible, but requires making host resources (e.g. the Docker
+Daemon socket) accessible in the container.
+What can endanger the stability and security of the host.
+
+The resulting SDK formats are archived into
+`tmp/deploy/images/${MACHINE}/sdk-${DISTRO}-${DISTRO_ARCH}-${sdk_format}.tar.xz`
+(being `sdk_format` each one of the formats specified in `SDK_FORMATS`).
+The SDK container directory `/isar-apt` contains a copy of isar-apt repo with
+locally prebuilt target debian packages (for <HOST_DISTRO>).
+One may get into an SDK container and install required target packages with
+the help of `apt-get install <package_name>:<DISTRO_ARCH>` command.
+The directory with the source code to develop on should be mounted on the
+container (with `--volume <host-directory>:<container-directory>`) to be able
+to edit files in the host with an IDE and build in the container.
+
+### Example
+
+ - Make the SDK formats to generate available to the task
+
+For one-shot builds (use `local.conf` otherwise):
+
+```
+export BB_ENV_EXTRAWHITE="$BB_ENV_EXTRAWHITE SDK_FORMATS"
+export SDK_FORMATS="docker-archive"
+```
+
+ - Trigger creation of SDK root filesystem
+
+```
+bitbake -c do_populate_sdk mc:qemuarm-buster:isar-image-base
+```
+
+ - Load the SDK container image into the Docker Daemon
+
+```
+xzcat build/tmp/deploy/images/qemuarm/sdk-debian-buster-armhf-docker-archive.tar.xz | docker load
+```
+
+ - Run a container using the SDK container image (following commands starting
+ with `#~:` are to be run in the container)
+
+```
+docker run --rm -ti --volume "$(pwd):/build" isar-sdk-buster-armhf:latest
+```
+
+ - Check that cross toolchains are installed
+
+```
+:~# dpkg -l | grep crossbuild-essential-armhf
+ii crossbuild-essential-armhf 12.3 all Informational list of cross-build-essential packages
+```
+
## Creation of local apt repo caching upstream Debian packages
### Motivation
--
2.30.2
^ permalink raw reply [flat|nested] 14+ messages in thread* [PATCH v8 5/5] ci: add container image sample configurations
2021-03-29 15:56 [PATCH v8 0/5] Add support for containerized root filesystems Silvano Cirujano Cuesta
` (3 preceding siblings ...)
2021-03-29 15:56 ` [PATCH v8 4/5] docs: document creation of container images Silvano Cirujano Cuesta
@ 2021-03-29 15:56 ` Silvano Cirujano Cuesta
2021-04-02 15:18 ` [PATCH v8 0/5] Add support for containerized root filesystems Anton Mikanovich
5 siblings, 0 replies; 14+ messages in thread
From: Silvano Cirujano Cuesta @ 2021-03-29 15:56 UTC (permalink / raw)
To: isar-users
Add samples for the creation of container images and containerized SDKs
as well as testing configurations to the CI script.
Signed-off-by: Silvano Cirujano Cuesta <silvano.cirujano-cuesta@siemens.com>
---
meta-isar/conf/local.conf.sample | 3 ++
meta-isar/conf/machine/container.conf | 5 ++++
.../conf/multiconfig/container-bullseye.conf | 4 +++
.../conf/multiconfig/container-buster.conf | 4 +++
.../conf/multiconfig/container-stretch.conf | 4 +++
scripts/ci_build.sh | 29 ++++++++++++++++++-
6 files changed, 48 insertions(+), 1 deletion(-)
create mode 100644 meta-isar/conf/machine/container.conf
create mode 100644 meta-isar/conf/multiconfig/container-bullseye.conf
create mode 100644 meta-isar/conf/multiconfig/container-buster.conf
create mode 100644 meta-isar/conf/multiconfig/container-stretch.conf
diff --git a/meta-isar/conf/local.conf.sample b/meta-isar/conf/local.conf.sample
index 107496c..87ba26f 100644
--- a/meta-isar/conf/local.conf.sample
+++ b/meta-isar/conf/local.conf.sample
@@ -51,6 +51,9 @@ BBMULTICONFIG = " \
qemuamd64-buster \
qemuamd64-buster-tgz \
qemuamd64-bullseye \
+ container-stretch \
+ container-buster \
+ container-bullseye \
qemumipsel-stretch \
qemumipsel-buster \
qemumipsel-bullseye \
diff --git a/meta-isar/conf/machine/container.conf b/meta-isar/conf/machine/container.conf
new file mode 100644
index 0000000..367d790
--- /dev/null
+++ b/meta-isar/conf/machine/container.conf
@@ -0,0 +1,5 @@
+# This software is a part of ISAR.
+# Copyright (C) 2015-2017 ilbers GmbH
+
+IMAGE_TYPE = "container-img"
+
diff --git a/meta-isar/conf/multiconfig/container-bullseye.conf b/meta-isar/conf/multiconfig/container-bullseye.conf
new file mode 100644
index 0000000..200b241
--- /dev/null
+++ b/meta-isar/conf/multiconfig/container-bullseye.conf
@@ -0,0 +1,4 @@
+# This software is a part of ISAR.
+
+MACHINE ?= "container"
+DISTRO ?= "debian-bullseye"
diff --git a/meta-isar/conf/multiconfig/container-buster.conf b/meta-isar/conf/multiconfig/container-buster.conf
new file mode 100644
index 0000000..78b0324
--- /dev/null
+++ b/meta-isar/conf/multiconfig/container-buster.conf
@@ -0,0 +1,4 @@
+# This software is a part of ISAR.
+
+MACHINE ?= "container"
+DISTRO ?= "debian-buster"
diff --git a/meta-isar/conf/multiconfig/container-stretch.conf b/meta-isar/conf/multiconfig/container-stretch.conf
new file mode 100644
index 0000000..3ff8bcb
--- /dev/null
+++ b/meta-isar/conf/multiconfig/container-stretch.conf
@@ -0,0 +1,4 @@
+# This software is a part of ISAR.
+
+MACHINE ?= "container"
+DISTRO ?= "debian-stretch"
diff --git a/scripts/ci_build.sh b/scripts/ci_build.sh
index 3868fb6..6445b10 100755
--- a/scripts/ci_build.sh
+++ b/scripts/ci_build.sh
@@ -17,6 +17,15 @@ cd "$(dirname "$0")/.."
# Start build in Isar tree by default
BUILD_DIR=./build
+# Check dependencies
+DEPENDENCIES="umoci skopeo"
+for prog in ${DEPENDENCIES} ; do
+ if [ ! -x "$(which $prog)" ] ; then
+ echo "missing $prog in PATH, exiting" >&2
+ exit 1
+ fi
+done
+
BB_ARGS="-v"
TARGETS_SET="\
@@ -33,7 +42,8 @@ TARGETS_SET="\
mc:qemumipsel-buster:isar-image-base \
mc:nand-ubi-demo-buster:isar-image-ubi \
mc:rpi-stretch:isar-image-base \
- mc:qemuamd64-focal:isar-image-base"
+ mc:qemuamd64-focal:isar-image-base \
+ "
# qemu-user-static of <= buster too old to build that
# mc:qemuarm64-buster:isar-image-base
# mc:qemuarm64-bullseye:isar-image-base
@@ -45,6 +55,12 @@ TARGETS_SET_BULLSEYE="\
mc:qemumipsel-bullseye:isar-image-base \
"
+TARGETS_CONTAINERS="\
+ mc:container-stretch:isar-image-base \
+ mc:container-buster:isar-image-base \
+ mc:container-bullseye:isar-image-base \
+"
+
CROSS_TARGETS_SET="\
mc:qemuarm-stretch:isar-image-base \
mc:qemuarm-buster:isar-image-base \
@@ -237,3 +253,14 @@ bitbake $BB_ARGS mc:qemuamd64-stretch:isar-image-base
mv "${LAYERDIR_isar}/scripts/lib/wic/canned-wks/sdimage-efi.wks.ci-backup" "${LAYERDIR_isar}/scripts/lib/wic/canned-wks/sdimage-efi.wks"
mv ${BUILDDIR}/tmp/deploy/images/qemuamd64/isar-image-base-debian-stretch-qemuamd64.wic.img.ci-backup \
${BUILDDIR}/tmp/deploy/images/qemuamd64/isar-image-base-debian-stretch-qemuamd64.wic.img
+
+# Finalize with containerized images, since they remove some not-needed packages from the local.conf
+sed -i -e 's/\(IMAGE_INSTALL = .*\) example-module-${KERNEL_NAME}\(.*\)/\1\2/g' conf/local.conf
+sed -i -e 's/\(IMAGE_INSTALL = .*\) enable-fsck\(.*\)/\1\2/g' conf/local.conf
+bitbake $BB_ARGS $TARGETS_CONTAINERS
+while [ -e bitbake.sock ]; do sleep 1; done
+# and SDK container image creation
+echo 'SDK_FORMATS = "docker-archive"' >> conf/local.conf
+bitbake $BB_ARGS -c do_populate_sdk mc:container-stretch:isar-image-base
+while [ -e bitbake.sock ]; do sleep 1; done
+
--
2.30.2
^ permalink raw reply [flat|nested] 14+ messages in thread* Re: [PATCH v8 0/5] Add support for containerized root filesystems
2021-03-29 15:56 [PATCH v8 0/5] Add support for containerized root filesystems Silvano Cirujano Cuesta
` (4 preceding siblings ...)
2021-03-29 15:56 ` [PATCH v8 5/5] ci: add container image sample configurations Silvano Cirujano Cuesta
@ 2021-04-02 15:18 ` Anton Mikanovich
2021-04-06 5:23 ` Silvano Cirujano Cuesta
5 siblings, 1 reply; 14+ messages in thread
From: Anton Mikanovich @ 2021-04-02 15:18 UTC (permalink / raw)
To: Silvano Cirujano Cuesta, isar-users
29.03.2021 18:56, Silvano Cirujano Cuesta wrote:
> v8: cosmetic changes in docs and small fix in CI script
>
> v7: issues in sample configurations and CI script fixed and tested on
> two different CI environments.
>
> This patch series provides support for containerized root filesystems,
> for both target images and SDKs.
>
> For containerized target images the new image type `container-img` has
> been added.
>
> For containerized SDKs the task `populate_sdk` has been extended.
>
> Containerized root filesystems are easy to distribute and run, enabling
> this way following scenarios:
> - Use ISAR to build container images meant to be run only in containers.
> - Use the same ISAR configuration to build images for containers, VMs
> and bare-metal.
> - Easy SDK distribution and "installation".
> - Quickly testing certain applications in the workstation using the
> target root filesystem.
>
> In order to build containerized target root filesystems `IMAGE_TYPE` has
> to be `container-img`, additionally the container image format can be
> selected with the variable `CONTAINER_FORMATS`. The default format is
> `docker-archive`.
>
> In order to build containerized SDKs the variable `SDK_FORMAT` has to
> provide any of the supported container formats (e.g. `docker-archive`).
> The default format is the legacy non-containerized: `tar_xz`.
>
> It also provides a sample machine, multiconfigs and ci-testing.
>
> More information about its usage is documented in the file
> docs/user_manual.md.
>
> A PoC/demo of this functionality (only the SDK part) has been created
> based on the project https://github.com/siemens/meta-iot2050.
> Jan Kiszka already tested and liked it! =>
> https://github.com/siemens/meta-iot2050/issues/86#issuecomment-768907845
>
> Successful builds of both containerized target and SDK are available on
> the same PoC project:
> - https://github.com/Silvanoc/meta-iot2050/actions/runs/558311580
> - https://github.com/Silvanoc/meta-iot2050/actions/runs/558311581
> and also the resulting images:
> - https://github.com/users/Silvanoc/packages/container/package/meta-iot2050%2Fiot2050-debian-arm64
> - https://github.com/users/Silvanoc/packages/container/package/meta-iot2050%2Fiot2050-debian-sdk-arm64
>
> In order to get a feeling about its usage (you need Docker or Podman),
> follow these simple copy&paste instructions:
> https://github.com/Silvanoc/meta-iot2050/blob/master/kas/BUILDING-SDK-CONTAINER.md#running-the-sdk
> Build instructions are available in the upper part of that document.
>
> Two new dependencies (umoci and skopeo -backporting from bullseye to
> buster works easily) are required to create containerized root
> filesystems (as specified in the documentation).
>
> Typical container image management actions (e.g. push an image to a
> container image regitry) are out of scope. Available tools (Docker,
> Skopeo, Buildah, Podman,...) should be used for these actions.
>
> A patch will follow this one to get the dependencies into the container
> images being provided by the project
> https://github.com/siemens/kas (for `kas-container`, for example).
>
> Silvano Cirujano Cuesta (5):
> classes: add root filesystem containerizing class
> classes: add new image type 'container-img'
> sdk: add support for containerized sdk
> docs: document creation of container images
> ci: add container image sample configurations
>
> doc/user_manual.md | 179 ++++++++++++++++++
> meta-isar/conf/local.conf.sample | 3 +
> meta-isar/conf/machine/container.conf | 5 +
> .../conf/multiconfig/container-bullseye.conf | 4 +
> .../conf/multiconfig/container-buster.conf | 4 +
> .../conf/multiconfig/container-stretch.conf | 4 +
> meta/classes/container-img.bbclass | 18 ++
> .../classes/image-container-extension.bbclass | 82 ++++++++
> meta/classes/image-sdk-extension.bbclass | 42 +++-
> meta/classes/image.bbclass | 1 +
> scripts/ci_build.sh | 29 ++-
> 11 files changed, 363 insertions(+), 8 deletions(-)
> create mode 100644 meta-isar/conf/machine/container.conf
> create mode 100644 meta-isar/conf/multiconfig/container-bullseye.conf
> create mode 100644 meta-isar/conf/multiconfig/container-buster.conf
> create mode 100644 meta-isar/conf/multiconfig/container-stretch.conf
> create mode 100644 meta/classes/container-img.bbclass
> create mode 100644 meta/classes/image-container-extension.bbclass
>
Applied to next, thanks.
--
Anton Mikanovich
Promwad Ltd.
External service provider of ilbers GmbH
Maria-Merian-Str. 8
85521 Ottobrunn, Germany
+49 (89) 122 67 24-0
Commercial register Munich, HRB 214197
General Manager: Baurzhan Ismagulov
^ permalink raw reply [flat|nested] 14+ messages in thread* Re: [PATCH v8 0/5] Add support for containerized root filesystems
2021-04-02 15:18 ` [PATCH v8 0/5] Add support for containerized root filesystems Anton Mikanovich
@ 2021-04-06 5:23 ` Silvano Cirujano Cuesta
0 siblings, 0 replies; 14+ messages in thread
From: Silvano Cirujano Cuesta @ 2021-04-06 5:23 UTC (permalink / raw)
To: Anton Mikanovich, isar-users
On 02/04/2021 17:18, Anton Mikanovich wrote:
> 29.03.2021 18:56, Silvano Cirujano Cuesta wrote:
>> v8: cosmetic changes in docs and small fix in CI script
>>
>> v7: issues in sample configurations and CI script fixed and tested on
>> two different CI environments.
>>
>> This patch series provides support for containerized root filesystems,
>> for both target images and SDKs.
>>
>> For containerized target images the new image type `container-img` has
>> been added.
>>
>> For containerized SDKs the task `populate_sdk` has been extended.
>>
>> Containerized root filesystems are easy to distribute and run, enabling
>> this way following scenarios:
>> - Use ISAR to build container images meant to be run only in containers.
>> - Use the same ISAR configuration to build images for containers, VMs
>> and bare-metal.
>> - Easy SDK distribution and "installation".
>> - Quickly testing certain applications in the workstation using the
>> target root filesystem.
>>
>> In order to build containerized target root filesystems `IMAGE_TYPE` has
>> to be `container-img`, additionally the container image format can be
>> selected with the variable `CONTAINER_FORMATS`. The default format is
>> `docker-archive`.
>>
>> In order to build containerized SDKs the variable `SDK_FORMAT` has to
>> provide any of the supported container formats (e.g. `docker-archive`).
>> The default format is the legacy non-containerized: `tar_xz`.
>>
>> It also provides a sample machine, multiconfigs and ci-testing.
>>
>> More information about its usage is documented in the file
>> docs/user_manual.md.
>>
>> A PoC/demo of this functionality (only the SDK part) has been created
>> based on the project https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsiemens%2Fmeta-iot2050&data=04%7C01%7Csilvano.cirujano-cuesta%40siemens.com%7C0eb5495ba8304b61405c08d8f5eaa010%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637529735344476107%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Qn7AC217uocq9S2VK9b6ifhy3KO8KfIO%2F8kFpvUaLQU%3D&reserved=0.
>> Jan Kiszka already tested and liked it! =>
>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsiemens%2Fmeta-iot2050%2Fissues%2F86%23issuecomment-768907845&data=04%7C01%7Csilvano.cirujano-cuesta%40siemens.com%7C0eb5495ba8304b61405c08d8f5eaa010%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637529735344476107%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=L6Yj0Oenvr4jHAoiBOwAcNSK9na45Jg5cijDjEXwYbM%3D&reserved=0
>>
>> Successful builds of both containerized target and SDK are available on
>> the same PoC project:
>> - https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FSilvanoc%2Fmeta-iot2050%2Factions%2Fruns%2F558311580&data=04%7C01%7Csilvano.cirujano-cuesta%40siemens.com%7C0eb5495ba8304b61405c08d8f5eaa010%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637529735344476107%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Z55KmOGcG3%2Fd3eNjvekAPFMma0rYQ6nJzUMkj5lFKUA%3D&reserved=0
>> - https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FSilvanoc%2Fmeta-iot2050%2Factions%2Fruns%2F558311581&data=04%7C01%7Csilvano.cirujano-cuesta%40siemens.com%7C0eb5495ba8304b61405c08d8f5eaa010%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637529735344476107%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=ftwBFlyfCsU0ONIb%2BqF%2B%2FGfbo5Ch0orp2EV1s1HA5W4%3D&reserved=0
>> and also the resulting images:
>> - https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fusers%2FSilvanoc%2Fpackages%2Fcontainer%2Fpackage%2Fmeta-iot2050%252Fiot2050-debian-arm64&data=04%7C01%7Csilvano.cirujano-cuesta%40siemens.com%7C0eb5495ba8304b61405c08d8f5eaa010%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637529735344476107%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=HAcPrba0iJRZNKCVCVMllvlOZWlPH4mIKJ1%2FkDGiM7I%3D&reserved=0
>> - https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fusers%2FSilvanoc%2Fpackages%2Fcontainer%2Fpackage%2Fmeta-iot2050%252Fiot2050-debian-sdk-arm64&data=04%7C01%7Csilvano.cirujano-cuesta%40siemens.com%7C0eb5495ba8304b61405c08d8f5eaa010%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637529735344476107%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=7qKBrGsnTSrcD%2BEPEx88ZG%2FYzyxie7eXzVnzst%2B5qbQ%3D&reserved=0
>>
>> In order to get a feeling about its usage (you need Docker or Podman),
>> follow these simple copy&paste instructions:
>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FSilvanoc%2Fmeta-iot2050%2Fblob%2Fmaster%2Fkas%2FBUILDING-SDK-CONTAINER.md%23running-the-sdk&data=04%7C01%7Csilvano.cirujano-cuesta%40siemens.com%7C0eb5495ba8304b61405c08d8f5eaa010%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637529735344486101%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=v%2BYo4Y%2F317MnncO5jWxFRtlIt2JVE4kSJmR5sJhpROg%3D&reserved=0
>> Build instructions are available in the upper part of that document.
>>
>> Two new dependencies (umoci and skopeo -backporting from bullseye to
>> buster works easily) are required to create containerized root
>> filesystems (as specified in the documentation).
>>
>> Typical container image management actions (e.g. push an image to a
>> container image regitry) are out of scope. Available tools (Docker,
>> Skopeo, Buildah, Podman,...) should be used for these actions.
>>
>> A patch will follow this one to get the dependencies into the container
>> images being provided by the project
>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsiemens%2Fkas&data=04%7C01%7Csilvano.cirujano-cuesta%40siemens.com%7C0eb5495ba8304b61405c08d8f5eaa010%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637529735344486101%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=t9vv0Zgd6ZFbaYDdl749dyKMtLpthK4dN3kDT%2BUXsns%3D&reserved=0 (for `kas-container`, for example).
>>
>> Silvano Cirujano Cuesta (5):
>> classes: add root filesystem containerizing class
>> classes: add new image type 'container-img'
>> sdk: add support for containerized sdk
>> docs: document creation of container images
>> ci: add container image sample configurations
>>
>> doc/user_manual.md | 179 ++++++++++++++++++
>> meta-isar/conf/local.conf.sample | 3 +
>> meta-isar/conf/machine/container.conf | 5 +
>> .../conf/multiconfig/container-bullseye.conf | 4 +
>> .../conf/multiconfig/container-buster.conf | 4 +
>> .../conf/multiconfig/container-stretch.conf | 4 +
>> meta/classes/container-img.bbclass | 18 ++
>> .../classes/image-container-extension.bbclass | 82 ++++++++
>> meta/classes/image-sdk-extension.bbclass | 42 +++-
>> meta/classes/image.bbclass | 1 +
>> scripts/ci_build.sh | 29 ++-
>> 11 files changed, 363 insertions(+), 8 deletions(-)
>> create mode 100644 meta-isar/conf/machine/container.conf
>> create mode 100644 meta-isar/conf/multiconfig/container-bullseye.conf
>> create mode 100644 meta-isar/conf/multiconfig/container-buster.conf
>> create mode 100644 meta-isar/conf/multiconfig/container-stretch.conf
>> create mode 100644 meta/classes/container-img.bbclass
>> create mode 100644 meta/classes/image-container-extension.bbclass
>>
> Applied to next, thanks.
>
Thanks for the information. I'm glad that the effort brought a result.
^ permalink raw reply [flat|nested] 14+ messages in thread