From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 7032253102499561472
X-Received: by 2002:a1c:4d0b:: with SMTP id o11mr2928257wmh.68.1637672696144;
        Tue, 23 Nov 2021 05:04:56 -0800 (PST)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a1c:770f:: with SMTP id t15ls684535wmi.3.gmail; Tue, 23 Nov
 2021 05:04:55 -0800 (PST)
X-Google-Smtp-Source: ABdhPJzbaTHpNadHWTb+VSG1Pl1BzeBRROo0SeWqZb19M+pwmNXNmY39/l+8Ox3NAsPY41HKB0CS
X-Received: by 2002:a7b:cd96:: with SMTP id y22mr2839316wmj.121.1637672694972;
        Tue, 23 Nov 2021 05:04:54 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1637672694; cv=none;
        d=google.com; s=arc-20160816;
        b=kPwjnP67dV5gn4cWXg9DtD7c3V1LAFRCJaZExar0JWwuQyrNOs6PjLtMy/4mKfi99K
         VwSfwX8WSFWmjov2R33BM7Y9QKBFjXtsWvLQPoY0xliaZzwAqYgCHxLyygfuyIdY5QS1
         5oLxHbUJwDTmdhuUmeooeAV78Qlu4qTPKPjpaYR9dbR7yH+76PvvkAK/bDp/dMC8x/Q+
         xqnB6cmWpVZNaL0qPESuHA64O4lW/0j35dX/ynETFWJhEK/XDmdl68wuTM1vd6OOz/kI
         bCuxPM7YIUlBr5wA8sNDFeMthZd818+3t+yiYzbLJOOB9Ivr1/hFU9XjekJhs6euNSjt
         zHBA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from;
        bh=p4phJQ9AFOy3K2oBGcnbRdvKXvT2oZWY4KlzM9Pff5s=;
        b=XSUa7JPdvypx0xrT51X6KR2cBkM5ZIJ/6jwkaVBNoitOmafYNUdqoKZkX3wSnuEyyh
         +LA7hY1CV3k33/VNVcdZ6nKMjyoLpYC1RQW6fPCSvFz10pZAmF78E1fQAZkUzaol3hK/
         97PkbAJcp7Rtho/xFq6dA//w3hMjDxLG08Ojb2QDGGfmBS62wpEt05qJJAmtNjmyf/A7
         6xrXZ1M6S90HzOVrJdBmzyEeIIRRXrRmuTTj+DXWTrHYriWuIQ1aHnz+8P/xS2nGOJTB
         42VljRBi1ScxxVf0bKdS4zgUWO6rK5SnnQBeyBygn1P77t8PdC52CeaEpw9ZnJlodPdL
         0e+Q==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de
Return-Path: <ubely@ilbers.de>
Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166])
        by gmr-mx.google.com with ESMTPS id z64si66594wmc.0.2021.11.23.05.04.54
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
        Tue, 23 Nov 2021 05:04:54 -0800 (PST)
Received-SPF: pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de
Received: from home.localnet (44-208-124-178-static.mgts.by [178.124.208.44] (may be forged))
	(authenticated bits=0)
	by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8) with ESMTPSA id 1AND4rGP009359
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
	for <isar-users@googlegroups.com>; Tue, 23 Nov 2021 14:04:54 +0100
From: Uladzimir Bely <ubely@ilbers.de>
To: isar-users@googlegroups.com
Subject: Re: [PATCH v2 00/24] Sbuild/Schroot migration
Date: Tue, 23 Nov 2021 16:05:00 +0300
Message-ID: <2071114.yiUUSuA9gR@home>
In-Reply-To: <20211119121333.13805-1-ubely@ilbers.de>
References: <20211119121333.13805-1-ubely@ilbers.de>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED
	autolearn=unavailable autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de
X-TUID: qaYE0jpky58W

In the email from Friday, 19 Nov 2021 =D0=B3. 15:13:09 +03 user Uladzimir B=
ely=20
wrote:
> This is a patchset showing how sbuild/schroot tools can be integrated
> into Isar build system.
>
> ...
>=20
> Current limitations:
> - there is an unsolved problem with building foreigh architectures
> using kas-docker.
>=20
> - qemuamd64 images are buildable in kas-docker, but some changes
> in kas are reqired (like installing additional packages and adding
> 'builder' user to 'sbuild group). I used the following changes to
> build ghcr.io/siemens/kas/kas-isar:2.6.2-sbuild image based on
> current ghcr.io/siemens/kas/kas-isar:2.6.2:
> https://github.com/WiseLord/kas/commit/5b7b02aa33
>=20
> ...
> meta/recipes-kernel/linux-module/files/debian/{rules =3D> rules.tmpl} (50=
%)

Here I would like to add some info regarding running the patchset with `kas-
docker` and/or using Gitlab CI.

Initially, the patchset was checked in Jenkins CI (that doesn't use docker)=
=20
and sent to the maillist then. But there are some docker-related issues sol=
ved=20
a bit later. So here I'll try to explain them (and this is to be added to u=
ser=20
docs in the following patchset version), so someone could play with sbuild=
=20
patchset.

1. Additional packages required.

The patchset requires 'schroot' and 'sbuild' packages to be installed on th=
e=20
host. Also, they both should have at least "bullseye" version, otherwise so=
me=20
things won't work properly (like caching .deb via 'sbuild' or foreign=20
architectures support in 'schroot').

While current (ghcr.io/siemens/kas/kas-isar:2.6.2) image doesn't include th=
e=20
required packages, I temporary prepared and upuloaded one based on it=20
(ghcr.io/wiselord/kas-isar:2.6.2-sbuild). Look at Dockerfile.isar.sbuild ch=
unk=20
in the patch https://github.com/WiseLord/kas/commit/38f4f11f11 for details.

Gitlab

Gitlab uses .gitlab-ci.yml for setup. So, to use modified image in Gitlab C=
I=20
user should simply change the first line:

> - image: ghcr.io/siemens/kas/kas-isar:latest
> + image: ghcr.io/wiselord/kas-isar:2.6.2-sbuild

This is required until official kas-isar image have everything included.

2. User should be added to 'sbuild' group.

In case of 'kas-docker' it happend to be a bit tricky, because 'builder' us=
er=20
is created 'on the fly', when container is run. I'm not an expert in 'kas' =
so=20
I simply pathced container-entrypoint to add user to sbuild group. Look at
`container.entrypoint` chunk in the patch for details.

3. Overlayfs restrictions.

Docker uses overlayfs to mount dockerimage rootfs. Schroot uses /var/lib/
schroot/union/{overlay,underlay} directories to keep 'basic' image and=20
temporary layers on top of it.

So we happen to have 'overlayfs over overlayfs' situation that is not=20
supported by overlayfs kernel driver.

The solutionis to use an external volume for the /var/lib/schroot/union/. L=
ook=20
at 'kas-container' chunk in the patch for details.

Gitlab

It seems there is no way to say gitlab using external volume via the=20
configuration file `.gitlab-ci.yml`. But it can be done by the following=20
changes in /etc/gitlab/runner/config.toml:

> -volumes =3D ["/cache"]
> +volumes =3D ["/m/ws-10/schroot-10a/union:/var/lib/schroot/union", "/cach=
e"]

So, gitlab will use external ("/m/ws-10/schroot-10a/union") directory on ho=
st.=20
Also, there should be empty "overlay" and "underlay" directories created in=
=20
it.

=2D-=20
Uladzimir Bely
Promwad Ltd.
External service provider of ilbers GmbH
Maria-Merian-Str. 8
85521 Ottobrunn, Germany
+49 (89) 122 67 24-0
Commercial register Munich, HRB 214197
General Manager: Baurzhan Ismagulov