From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6945105578761912320
X-Received: by 2002:ac2:5394:: with SMTP id g20mr7702826lfh.8.1617904764077;
        Thu, 08 Apr 2021 10:59:24 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a2e:588:: with SMTP id 130ls795850ljf.9.gmail; Thu, 08 Apr
 2021 10:59:23 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxiBGTO3rcyNKOIz3lDJW0EjtPLjmkFTpr7WGypUPut2EXyqplQH2SxCyw0y0DUWt8L0yGW
X-Received: by 2002:a2e:509:: with SMTP id 9mr6762014ljf.170.1617904762931;
        Thu, 08 Apr 2021 10:59:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1617904762; cv=none;
        d=google.com; s=arc-20160816;
        b=NACxAN+zuBhfrIh4f6QKGOv73Fh8HD38b/AlqCzbgNu4yNToM2MU6cJ0ToskoajcmE
         KTsNS4CRreQod1jt4yh8JTefv4BoBR/J0HkHQjUduNaXEJX67SUUtndlH+rgaax8DWE+
         iNleX/f+cuKepwGqWqumeHfoeAwtojhDmWveY/g1fMdmXn+bhrktbhZW6NXjlzcWb6sP
         jdgTxXw9Ov9ZpKwOZdu3nkOPakcFTeC0ozf2rTAKFcH5Kd6We8gW1CJW3oF+wYuhC2EU
         mVj6fKQi4ByttmGkwhFR7CalY/1QQqT4BC4bKS5rRdDAOUX88sz1hCSqc9Z3XTquxcMv
         dnCA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:content-language:in-reply-to:mime-version
         :user-agent:date:message-id:from:references:to:subject;
        bh=FWR4nNsulb6P/NHQ3S42bG+8z7RCf+T12WuF9i6C3Lc=;
        b=AB57PukKvyNuYgVQcH/ERU4O9ws2MkT3Qhv/xMKvV+sqtC3yRhg7L7d2GUV4M8tu04
         jksPCkW1vYUO0XaXnJNOnPbLNvyygW5JVjQ0UUAn3uUxRVV658l62RAk7mKiqThRBKmG
         XmfvrjS65AkWI7rKaV2DLc0+yLYMX6fcw/6u/Cq784F+ymfm8oaPxNfZScpV/JGBr4zE
         q2SPuJ1GqiQji1zOFZK8Gm/lN505dDollMXOIR40FjXOsPMAYuZLRdLDz9PGiK/lCSQW
         c3nE2woGeR2bhy6nNsVxKzmAerZLX9zUG7LUZIrmVSScry74zJlgF2LduXFYC7e1AWHS
         03NQ==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of jan.kiszka@siemens.com designates 194.138.37.39 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com
Return-Path: <jan.kiszka@siemens.com>
Received: from lizzard.sbs.de (lizzard.sbs.de. [194.138.37.39])
        by gmr-mx.google.com with ESMTPS id d19si14756ljo.1.2021.04.08.10.59.22
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 08 Apr 2021 10:59:22 -0700 (PDT)
Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 194.138.37.39 as permitted sender) client-ip=194.138.37.39;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: domain of jan.kiszka@siemens.com designates 194.138.37.39 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com
Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66])
	by lizzard.sbs.de (8.15.2/8.15.2) with ESMTPS id 138HxLx1006248
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
	for <isar-users@googlegroups.com>; Thu, 8 Apr 2021 19:59:21 +0200
Received: from [139.22.47.56] ([139.22.47.56])
	by mail2.sbs.de (8.15.2/8.15.2) with ESMTP id 138Htddj009428;
	Thu, 8 Apr 2021 19:55:39 +0200
Subject: Re: [PATCH v8 1/5] classes: add root filesystem containerizing class
To: "[ext] Silvano Cirujano Cuesta" <silvano.cirujano-cuesta@siemens.com>,
        isar-users@googlegroups.com,
        Quirin Gylstorff <quirin.gylstorff@siemens.com>
References: <20210329155640.62445-1-silvano.cirujano-cuesta@siemens.com>
 <20210329155640.62445-2-silvano.cirujano-cuesta@siemens.com>
From: Jan Kiszka <jan.kiszka@siemens.com>
Message-ID: <24c63901-abd1-7239-0dcb-b069c5e5894e@siemens.com>
Date: Thu, 8 Apr 2021 19:55:39 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.8.0
MIME-Version: 1.0
In-Reply-To: <20210329155640.62445-2-silvano.cirujano-cuesta@siemens.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-TUID: niFS97PwHgD4

On 29.03.21 17:56, [ext] Silvano Cirujano Cuesta wrote:
> This class can be used to create container images which root filesystem
> is that generated by the do_rootfs task.
> 
> Containerized root filesystems have following possible use-cases:
>  - Using ISAR as a container image builder.
>  - Simplify distribution of runtime rootfs (binaries, libraries,
>    configurations, ...) for application development or testing.
>  - Distributing SDKs.
> 
> Signed-off-by: Silvano Cirujano Cuesta <silvano.cirujano-cuesta@siemens.com>
> ---
>  .../classes/image-container-extension.bbclass | 82 +++++++++++++++++++
>  meta/classes/image.bbclass                    |  1 +
>  2 files changed, 83 insertions(+)
>  create mode 100644 meta/classes/image-container-extension.bbclass
> 
> diff --git a/meta/classes/image-container-extension.bbclass b/meta/classes/image-container-extension.bbclass
> new file mode 100644
> index 0000000..f693627
> --- /dev/null
> +++ b/meta/classes/image-container-extension.bbclass
> @@ -0,0 +1,82 @@
> +# This software is a part of ISAR.
> +# Copyright (C) Siemens AG, 2021
> +#
> +# SPDX-License-Identifier: MIT
> +#
> +# This class extends the image.bbclass for containerizing the root filesystem.
> +
> +CONTAINER_FORMATS ?= "docker-archive"
> +IMAGE_INSTALL += "isar-exclude-docs isar-disable-apt-cache"
> +

Quirin tried latest Isar on meta-iot2050, and that now fails during
setup of openjdk:

Setting up openjdk-11-jre-headless:arm64 (11.0.9.1+1-1~deb10u2) ...



update-alternatives: using /usr/lib/jvm/java-11-openjdk-arm64/bin/rmid
to provide /usr/bin/rmid (rmid) in auto mode


update-alternatives: error: error creating symbolic link
'/usr/share/man/man1/rmid.1.gz.dpkg-tmp': No such file or directory



While watching the installation, I happened to see isar-exclude-docs
suddenly being installed while not being selected explicitly,
specifically not for the target image. I bet it's coming in via this
class and its unconditional extension of the IMAGE_INSTALL list.

That leads to (at least) two questions:
 - Why do we have isar-exclude-docs here, and also
   isar-disable-apt-cache?
 - Does isar-exclude-docs have some issue that prevents the usage
   together with openjdk, or are those simply incompatible by design?

In any case, we have a regression.

Jan

> +containerize_rootfs() {
> +    local cmd="/bin/dash"
> +    local empty_tag="empty"
> +    local full_tag="latest"
> +    local oci_img_dir="${WORKDIR}/oci-image"
> +    local rootfs="$1"
> +    local rootfs_id="$2"
> +    local container_formats="$3"
> +
> +    # prepare OCI container image skeleton
> +    bbdebug 1 "prepare OCI container image skeleton"
> +    rm -rf "${oci_img_dir}"
> +    sudo umoci init --layout "${oci_img_dir}"
> +    sudo umoci new --image "${oci_img_dir}:${empty_tag}"
> +    sudo umoci config --image "${oci_img_dir}:${empty_tag}" \
> +        --config.cmd="${cmd}"
> +    sudo umoci unpack --image "${oci_img_dir}:${empty_tag}" \
> +        "${oci_img_dir}_unpacked"
> +
> +    # add root filesystem as the flesh of the skeleton
> +    sudo cp -a "${rootfs}"/* "${oci_img_dir}_unpacked/rootfs/"
> +    # clean-up temporary files
> +    sudo find "${oci_img_dir}_unpacked/rootfs/tmp" -mindepth 1 -delete
> +
> +    # pack container image
> +    bbdebug 1 "pack container image"
> +    sudo umoci repack --image "${oci_img_dir}:${full_tag}" \
> +        "${oci_img_dir}_unpacked"
> +    sudo umoci remove --image "${oci_img_dir}:${empty_tag}"
> +    sudo rm -rf "${oci_img_dir}_unpacked"
> +
> +    # no root needed anymore
> +    sudo chown --recursive $(id -u):$(id -g) "${oci_img_dir}"
> +
> +    # convert the OCI container image to the desired format
> +    image_name="isar-${rootfs_id}"
> +    for image_type in ${CONTAINER_FORMATS} ; do
> +        image_archive="${DEPLOY_DIR_IMAGE}/${rootfs_id}-${image_type}.tar"
> +        bbdebug 1 "Creating container image type: ${image_type}"
> +        case "${image_type}" in
> +            "docker-archive" | "oci-archive")
> +                if [ "${image_type}" = "oci-archive" ] ; then
> +                    target="${image_type}:${image_archive}:latest"
> +                else
> +                    target="${image_type}:${image_archive}:${image_name}:latest"
> +                fi
> +                rm -f "${image_archive}" "${image_archive}.xz"
> +                bbdebug 2 "Converting OCI image to ${image_type}"
> +                skopeo --insecure-policy copy \
> +                    "oci:${oci_img_dir}:${full_tag}" "${target}"
> +                bbdebug 2 "Compressing image"
> +                xz -T0 "${image_archive}"
> +                ;;
> +            "oci")
> +                tar --create --xz --directory "${oci_img_dir}" \
> +                    --file "${image_archive}.xz" .
> +                ;;
> +            "docker-daemon" | "containers-storage")
> +                if [ -f /.dockerenv ] || [ -f /run/.containerenv ] ; then
> +                    die "Adding the container image to a container runtime (${image_type}) not supported if running from a container (e.g. 'kas-container')"
> +                fi
> +                skopeo --insecure-policy copy \
> +                    "oci:${oci_img_dir}:${full_tag}" \
> +                    "${image_type}:${image_name}:latest"
> +                ;;
> +            *)
> +                die "Unsupported format for containerize_rootfs: ${image_type}"
> +                ;;
> +        esac
> +    done
> +}
> +
> diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
> index eddc444..ec93cab 100644
> --- a/meta/classes/image.bbclass
> +++ b/meta/classes/image.bbclass
> @@ -76,6 +76,7 @@ inherit image-tools-extension
>  inherit image-postproc-extension
>  inherit image-locales-extension
>  inherit image-account-extension
> +inherit image-container-extension
>  
>  # Extra space for rootfs in MB
>  ROOTFS_EXTRA ?= "64"
> 

-- 
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux