From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6925703955981795328 X-Received: by 2002:a05:6402:105a:: with SMTP id e26mr1376900edu.60.1612523259942; Fri, 05 Feb 2021 03:07:39 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a17:906:364e:: with SMTP id r14ls3028977ejb.3.gmail; Fri, 05 Feb 2021 03:07:38 -0800 (PST) X-Google-Smtp-Source: ABdhPJzC0zsvR6FgjizKOcZ9fj2FC3D1jLbGSE8qWv/KjvVMIUxcPpt8k8xKFaeGEktM7gXgGgcf X-Received: by 2002:a17:906:3881:: with SMTP id q1mr3623065ejd.490.1612523258878; Fri, 05 Feb 2021 03:07:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612523258; cv=none; d=google.com; s=arc-20160816; b=SmupWGxRozgzaK9XKFVuqZ1g37GbujgjWf5QZQzft/Ma2MJ/+SNJib0Uo7zn+n+AWK VkMriydmHH3+I9wyBkRC9SVLguy38wmAmCkoyDWCw6lhmUkF/jl/jAwNxV7gvP/P0G/L 7llRrtM+hVDIsanEyKDOZODInH1Or5IOOOBh1KilltIf8vZ7echxEF14mzwr787OhF2A ExHSM9ENZUwZNqwNN0mJKnysztAgDcnZYA5kYp/hsbTEGbzkBj6EYOsGDpEnbccixUO+ mO05882OSVd3tGSELD1wzmUWOxGtWrV/R+p7F5vS9/81+hI5HKLxhvYBPKG+1VKw7swI fwMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:in-reply-to:mime-version :user-agent:date:message-id:from:references:to:subject; bh=ZS+mi3xKA83OfA0PT95TGMSTyTaq8/8bQkvOQa9RLW0=; b=nQhufrBnKLOFRmhBFRsKuzANk6Q++Ve2jczN52tVIo1F5cXjewvqV9f5ojf9MWGJT0 esrL4AXUJrdAL3sDDOzo1+DqO2Q2gbGoRNyIpiTDCz6EKw0SL+DE6CapMGBYlLrJA7EU 4xfrLxu1LqWcOB3rweUg8mHQbh51DBUpFKWlLDa4ehQCHvNxye3hnZtf1XhG3kNdX35Z cSPU4lNANn4ZI5ZCHoOagGCwO0RWDI0YgE+rOynH1T38DHVLfAQlctR9+SCiYnCcq7cx kENeTKjUZP3TczvX3jeQVMVOnhaKmfcln4aR8sIKV3z5vNZFObmmPd2TZsE+M/jVSKQD a8wQ== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of jan.kiszka@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from gecko.sbs.de (gecko.sbs.de. [194.138.37.40]) by gmr-mx.google.com with ESMTPS id ce26si486638edb.2.2021.02.05.03.07.38 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 05 Feb 2021 03:07:38 -0800 (PST) Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 194.138.37.40 as permitted sender) client-ip=194.138.37.40; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of jan.kiszka@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66]) by gecko.sbs.de (8.15.2/8.15.2) with ESMTPS id 115B7cfU015467 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Fri, 5 Feb 2021 12:07:38 +0100 Received: from [167.87.72.79] ([167.87.72.79]) by mail2.sbs.de (8.15.2/8.15.2) with ESMTP id 115B7ban026021; Fri, 5 Feb 2021 12:07:38 +0100 Subject: Re: [PATCH 2/2] docs: document usage of sdk container images To: "[ext] Silvano Cirujano Cuesta" , isar-users@googlegroups.com References: <20210205090827.17788-1-silvano.cirujano-cuesta@siemens.com> <20210205090827.17788-3-silvano.cirujano-cuesta@siemens.com> From: Jan Kiszka Message-ID: <90e5388b-cc20-1a1c-3a53-4734168d8205@siemens.com> Date: Fri, 5 Feb 2021 12:07:37 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0 MIME-Version: 1.0 In-Reply-To: <20210205090827.17788-3-silvano.cirujano-cuesta@siemens.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-TUID: n9TAJjGqGs3N On 05.02.21 10:08, [ext] Silvano Cirujano Cuesta wrote: > Signed-off-by: Silvano Cirujano Cuesta > --- > doc/user_manual.md | 79 ++++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 79 insertions(+) > > diff --git a/doc/user_manual.md b/doc/user_manual.md > index a4f3d1d..7863241 100644 > --- a/doc/user_manual.md > +++ b/doc/user_manual.md > @@ -19,6 +19,7 @@ Copyright (C) 2016-2019, ilbers GmbH > - [Add a Custom Application](#add-a-custom-application) > - [Enabling Cross-compilation](#isar-cross-compilation) > - [Create an ISAR SDK root filesystem](#create-an-isar-sdk-root-filesystem) > + - [Create a containerized ISAR SDK root filesystem](#create-a-containerized-isar-sdk-root-filesystem) > - [Creation of local apt repo caching upstream Debian packages](#creation-of-local-apt-repo-caching-upstream-debian-packages) > > > @@ -84,6 +85,9 @@ If your host is >= buster, also install the following package. > apt install python3-distutils > ``` > > +If you want to generate containerized SDKs, also install the following packages: `umoci` and `skopeo`. This packages should probably also be listed under https://github.com/ilbers/isar/blob/master/doc/user_manual.md#install-host-tools, as optional and with a pointer to here for all the details. > +Umoci is provided by Debian Buster and can be installed with `apt install umoci`, Skopeo is provided by Debian Bullseye/Unstable and has to be installed either manually downloading the DEB and installing it (no other packages required) or with `apt install -t bullseye skopeo` (if unstable/bullseye included in `/etc/apt/sources.list[.d]`). > + > Notes: > > * BitBake requires Python 3.4+. > @@ -834,6 +838,81 @@ ii crossbuild-essential-armhf 12.3 all Inf > ~# > ``` > > +## Create a containerized ISAR SDK root filesystem > + > +### Motivation > + > +Distributing and using the SDK root filesystem created following the instructions in "[Create an ISAR SDK root filesystem](#create-an-isar-sdk-root-filesystem)" becomes easier using container images (at least for those using containers anyway) > +A "containerized" SDK adds to those advantages of a normal SDK root filesystem the comfort of container images. > + > +### Approach > + > +Create container image with SDK root filesystem with installed cross-toolchain for target architecture and ability to install already prebuilt target binary artifacts. > +Developer: > + - runs a container based on the resulting container image mounting the source code to be built, > + - develops applications for target platform on the container and > + - leaves the container getting the results on the mounted directory. > + > +### Solution > + > +User specifies the variable `SDK_FORMAT` providing a space-separated list of SDK formats to generate. > + > +Supported formats are: > + - `tar-xz`: (default) is the non-containerized format that results from following the instructions in "[Create an ISAR SDK root filesystem](#create-an-isar-sdk-root-filesystem)" > + - `docker-archive`: an archive containing a Docker image that can be imported with [`docker import`](https://docs.docker.com/engine/reference/commandline/import/) > + - `docker-daemon`: resulting container image is made available on the local Docker Daemon > + - `containers-storage`: resulting container image is made available to tools using containers/storage back-end (e.g. Podman, CRIO, buildah,...) > + - `oci-archive`: an archive containing an OCI image, mostly for archiving as seed for any of the above formats > + > +User manually triggers creation of SDK formats for his target platform by launching the task `do_populate_sdk` for target image, f.e. > +`bitbake -c do_populate_sdk mc:${MACHINE}-${DISTRO}:isar-image-base`. > +Packages that should be additionally installed into the SDK can be appended to `SDK_PREINSTALL` (external repositories) and `SDK_INSTALL` (self-built). > + > +Following formats don't work if running `bitbake -c do_populate_sdk ...` (to generate the containerized SDK) from inside of a container (e.g. using `kas-container`): `docker-daemon` and `containers-storage`. > +It's technically possible, but requires making host resources (e.g. the Docker Daemon socket) accessible in the container. > +What can endanger the stability and security of the host. > + > +The resulting SDK formats are archived into `tmp/deploy/images/${MACHINE}/sdk-${DISTRO}-${DISTRO_ARCH}-${sdk_format}.tar.xz` (being `sdk_format` each one of the formats specified in `SDK_FORMATS`). > +The SDK container directory `/isar-apt` contains a copy of isar-apt repo with locally prebuilt target debian packages (for ). > +One may get into an SDK container and install required target packages with the help of `apt-get install :` command. > +The directory with the source code to develop on should be mounted on the container (with `--volume :`) to be able to edit files in the host with an IDE and build in the container. > + > +### Example > + > + - Make the SDK formats to generate available to the task > + > +For one-shot builds (use `local.conf` otherwise): > + > +``` > +export BB_ENV_EXTRAWHITE="$BB_ENV_EXTRAWHITE SDK_FORMATS" > +export SDK_FORMATS="docker-archive" > +``` > + > + - Trigger creation of SDK root filesystem > + > +``` > +bitbake -c do_populate_sdk mc:qemuarm-buster:isar-image-base > +``` > + > + - Load the SDK container image into the Docker Daemon > + > +``` > +xzcat build/tmp/deploy/images/qemuarm/sdk-debian-buster-armhf-docker-archive.tar.xz | docker load > +``` > + > + - Run a container using the SDK container image (following commands starting with `#~:` are to be run in the container) > + > +``` > +docker run --rm -ti --volume "$(pwd):/build" isar-sdk-buster-armhf:latest > +``` > + > + - Check that cross toolchains are installed > + > +``` > +:~# dpkg -l | grep crossbuild-essential-armhf > +ii crossbuild-essential-armhf 12.3 all Informational list of cross-build-essential packages > +``` > + > ## Creation of local apt repo caching upstream Debian packages > > ### Motivation > Jan -- Siemens AG, T RDA IOT Corporate Competence Center Embedded Linux