From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6436388820095074304 X-Received: by 10.46.21.2 with SMTP id s2mr1255402ljd.14.1498588551360; Tue, 27 Jun 2017 11:35:51 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 10.46.5.21 with SMTP id 21ls353521ljf.39.gmail; Tue, 27 Jun 2017 11:35:50 -0700 (PDT) X-Received: by 10.25.15.23 with SMTP id e23mr1409200lfi.15.1498588550900; Tue, 27 Jun 2017 11:35:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1498588550; cv=none; d=google.com; s=arc-20160816; b=jVDfI6si5jhX/RuJUglS+YZw+/dsWeAUJ1oo3YkbUFgW4neT8X+cOvzEUbQ8RVHihC /wbGiktXykHQOCqoMRyIRfy+zY0LJilh5AMsN4gvVoSBLgroDhvWV4T2O/6mxHVB64aa FO4HIR1Rm0wJinAVnv84K3E3U7cYijj/1QfgUHvavYmSKJCgdJTE73LTNFtomH+FEHBB Y2XjHSlD9Ex+1AqXJqNZuOQw9cJcVW0jqe72je6M2L62+tGZ4bYdGbAPt1hCUKsAoi36 yt6JusG9U6jFdYV412NOvKg1Kr58wlLW6GTm/cIkxr5qleFrYIO7ieCugcveSG2sd1jh F1Vw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:mime-version:user-agent :date:message-id:subject:from:cc:to:arc-authentication-results; bh=2XKB0T2xlELfQNujLsxeMG/SWTm+KdOTgr3NBkgQfO8=; b=P2UvdqSSPNo9BN6lvl3e0rATVNamZ3sQukhH885J7hop50yZvCVnJrkSlXb6OodYDX J+WZyxueOgklRPLOsbJ/hbSmHS1+xRbiwb/YfWAe+HsbXP4J9DsStNEwDOQ5ONVL2htS L2Fvh12h0a5vjhtbkvV6Whzxb+/3NvG9NIbzVDJEj+RKVM6kwYlZx32ZTCwSwcO0Ou3Q 7OBoqHXAIw1otZ8Wu+VDAwhHa1iyNeAIDTV/19PSft0i+2EtYBTy+NkDRe091p36btnX YaX3TI9qJlbrH/l/MQIDVm1cIRwSKloD1bSHtkItuWb4101S1topnDn3U4pcBVp1lJoV grBg== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=neutral (google.com: 192.35.17.14 is neither permitted nor denied by best guess record for domain of jan.kiszka@siemens.com) smtp.mailfrom=jan.kiszka@siemens.com Return-Path: Received: from david.siemens.de (david.siemens.de. [192.35.17.14]) by gmr-mx.google.com with ESMTPS id 132si1193685wmn.6.2017.06.27.11.35.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 27 Jun 2017 11:35:50 -0700 (PDT) Received-SPF: neutral (google.com: 192.35.17.14 is neither permitted nor denied by best guess record for domain of jan.kiszka@siemens.com) client-ip=192.35.17.14; Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 192.35.17.14 is neither permitted nor denied by best guess record for domain of jan.kiszka@siemens.com) smtp.mailfrom=jan.kiszka@siemens.com Received: from mail3.siemens.de (mail3.siemens.de [139.25.208.14]) by david.siemens.de (8.15.2/8.15.2) with ESMTPS id v5RIZoxX004956 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 27 Jun 2017 20:35:50 +0200 Received: from md1f2u6c.ww002.siemens.net ([139.25.68.37]) by mail3.siemens.de (8.15.2/8.15.2) with ESMTP id v5RIZo43009278; Tue, 27 Jun 2017 20:35:50 +0200 To: kas-devel Cc: isar-users From: Jan Kiszka Subject: [RFC][PATCH] Add Dockerfile for Isar image builder Message-ID: Date: Tue, 27 Jun 2017 20:35:49 +0200 User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.1.12) Gecko/20080226 SUSE/2.0.0.12-1.1 Thunderbird/2.0.0.12 Mnenhy/0.7.5.666 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-TUID: Y/+wy6wMCS9P From: Jan Kiszka Isar requires a number of extra packages compared to a Yocto build. It also needs a newer e2fsprogs version which can be taken from backports. Last but not least, its keystone multistrap contains a nasty bug [1] under in jessie so that we need to pull the updated version from stretch. The value of having this image still based on jessie is that it can be used for both purposes: Yocto (2.1/2.2) and Isar builds. Isar still requires some raised privileges. Therefore, the image has to be started with the additional switches "--cap-add=SYS_ADMIN --cap-add=MKNOD --device $(/sbin/losetup -f)". [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774698 Signed-off-by: Jan Kiszka --- The alternative to having a separate image (and Dockerfile) is merging everything into the official one. Adds 122M unpacked and 44M packed. If we decide to take the path of separate images, I'll also update travis. Preview is currently available under jankiszka/kas-isar. Dockerfile.isar | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 Dockerfile.isar diff --git a/Dockerfile.isar b/Dockerfile.isar new file mode 100644 index 0000000..0119720 --- /dev/null +++ b/Dockerfile.isar @@ -0,0 +1,22 @@ +FROM kasproject/kas:latest + +ENV DEBIAN_FRONTEND noninteractive + +RUN echo 'deb http://deb.debian.org/debian jessie-backports main' >> /etc/apt/sources.list.d/backports.list && \ + echo 'deb http://deb.debian.org/debian stretch main' >> /etc/apt/sources.list.d/backports.list + +ENV LC_ALL=en_US.UTF-8 +RUN apt-get update && \ + apt-get install -y -f --no-install-recommends --target-release jessie \ + autoconf automake gdisk libtool bash-completion \ + sudo grub2 grub-efi-amd64-bin grub-efi-ia32-bin qemu-user-static \ + reprepro python3 && \ + apt-get install -y -f --no-install-recommends --target-release jessie-backports \ + e2fsprogs && \ + apt-get install -y -f --no-install-recommends --target-release stretch \ + multistrap && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp* + +RUN echo "builder ALL=NOPASSWD: ALL" > /etc/sudoers.d/builder-nopasswd && \ + chmod 660 /etc/sudoers.d/builder-nopasswd