flatdeb-builder: Add new builder

This allows to use flatdeb to build Mildenhall runtime and SDK, using kvm or UML runners. `ARG RELEASE` should be declared a second time after `FROM` to be accessible by `RUN` commands, cf. https://ryandaniels.ca/blog/docker-dockerfile-arg-from-arg-trouble/ Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

flatdeb-builder: Add new builder
This allows to use flatdeb to build Mildenhall runtime and SDK, using kvm or UML runners. `ARG RELEASE` should be declared a second time after `FROM` to be accessible by `RUN` commands, cf. https://ryandaniels.ca/blog/docker-dockerfile-arg-from-arg-trouble/ Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>
db7b32ec · Frederic Danis · 8a6e6809 · db7b32ec · db7b32ec · db7b32ec
Commit db7b32ec authored 4 years ago by Frederic Danis
--- a/apertis-flatdeb-builder/Dockerfile
+++ b/apertis-flatdeb-builder/Dockerfile
+ARG REGISTRY=registry.gitlab.apertis.org/infrastructure/apertis-docker-images
+ARG RELEASE
+ARG TAG=latest
+
+# Build Debos from source to use the wip/uml fakemachine branch
+# with the UML backend
+FROM debian:buster-slim AS debos-builder
+ENV DEBIAN_FRONTEND=noninteractive
+ENV GOPATH=/usr/local/go
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+        ca-certificates \
+        gcc \
+        git \
+        golang-go \
+        libc6-dev \
+        libostree-dev && \
+    rm -rf /var/lib/apt/lists/*
+RUN go get -v -d github.com/go-debos/debos/cmd/debos
+RUN git -C ${GOPATH}/src/github.com/go-debos/fakemachine checkout wip/uml && \
+    go install github.com/go-debos/debos/cmd/debos
+
+# Build the slirp helpers, needed by UML for unprivileged networking
+FROM rust:1.42-slim-buster AS slirp-builder
+RUN echo 'deb http://deb.debian.org/debian bullseye main' > /etc/apt/sources.list.d/debian-bullseye.list && \
+    printf 'Package: *\nPin: release a=testing\nPin-Priority: 400\n' > /etc/apt/preferences.d/50-testing && \
+    apt-get update && \
+    apt-get install -y --no-install-recommends \
+        git \
+        libdbus-1-dev \
+        libglib2.0-dev \
+        libslirp-dev \
+        pkg-config && \
+    rm -rf /var/lib/apt/lists/*
+RUN git clone https://gitlab.freedesktop.org/sjoerd/libslirp-rs -b wip/sjoerd/slirp-seq /tmp/libslirp-rs && \
+    cd /tmp/libslirp-rs && \
+    cargo install --all-features --verbose --path . --root /usr/local
+
+# Build the main image
+FROM $REGISTRY/$RELEASE-base:$TAG
+ARG RELEASE
+ENV LANG=C.UTF-8
+ENV LC_ALL C.UTF-8
+
+# Need $HOME to point to somewhere writable for UML
+ENV HOME="/scratch"
+
+ENV DEBIAN_FRONTEND=noninteractive
+ENV GOPATH=/usr/local/go
+
+# Need tmp to be somewhere we can write
+# It needs to be a tmpfs with exec enabled
+# /scratch on the apertis gitlab runner is such a tmpfs
+ENV TMP="/scratch"
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+        apt-transport-https \
+        bash \
+        binfmt-support \
+        binutils \
+        ca-certificates \
+        devscripts \
+        flatpak \
+        flatpak-builder \
+        git \
+        libnss-wrapper \
+        linux-image-amd64 \
+        openssh-client \
+        ostree \
+        ostree-push \
+        pigz \
+        python3 \
+        python3-debian \
+        python3-gi \
+        python3-yaml \
+        qemu-system-x86 \
+        qemu-utils \
+        qemu-user-static \
+        systemd-container \
+        time \
+        user-mode-linux \
+        udev
+
+# Create /lib/modules as fakemachine will try to mount the uml modules at that
+# location
+RUN mkdir -p /lib/modules
+
+# FIXME: move to a packaged version
+RUN apt-get update  && \
+    apt-get install --no-install-recommends -y busybox systemd-container debootstrap
+ENV PATH=$PATH:/usr/local/go/bin
+COPY bin/debos-wrapper /usr/bin/debos
+COPY --from=debos-builder ${GOPATH}/bin/debos ${GOPATH}/bin/debos.real
+
+# FIXME: move to a packaged version
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends libslirp0
+COPY --from=slirp-builder /usr/local/bin/* /usr/local/bin/
+
+# FIXME: move to a packaged version
+RUN git clone --branch apertis/$RELEASE --depth 1 https://gitlab.apertis.org/infrastructure/apertis-flatdeb.git /opt/apertis-flatdeb
+
+# Defer libnss-unknown package installation to the end to avoid possible UID/GID problems
+RUN apt-get update  && \
+    apt-get install --no-install-recommends -y libnss-unknown
+
+# Allow to connect to unknown hosts for non-interactive ssh
+# NB: possible security issue
+RUN echo "    StrictHostKeyChecking no" >> /etc/ssh/ssh_config
--- a/apertis-flatdeb-builder/bin/debos-wrapper
+++ b/apertis-flatdeb-builder/bin/debos-wrapper
+#!/bin/sh
+
+set -e
+
+if [ -f /tmp/libslirp ]; then
+    rm /tmp/libslirp
+fi
+
+slirp-seq --listen-seqsocket-path=/tmp/libslirp \
+          --exit-with-parent &
+
+
+exec debos.real "$@"
--- a/apertis-flatdeb-builder/flatdeb-builder-gitlab-ci.yml
+++ b/apertis-flatdeb-builder/flatdeb-builder-gitlab-ci.yml
+stages:
+  - test
+
+test-image-builder:
+  stage: test
+  image:
+    name: $CI_REGISTRY_IMAGE/%RELEASE%-flatdeb-builder:%TAG%
+    entrypoint: [ "" ]
+  script:
+    - debos -t suite:%RELEASE% apertis-flatdeb-builder/test-recipe.yaml
--- a/apertis-flatdeb-builder/keyring/apertis-archive-keyring.gpg
+++ b/apertis-flatdeb-builder/keyring/apertis-archive-keyring.gpg
--- a/apertis-flatdeb-builder/test-recipe.yaml
+++ b/apertis-flatdeb-builder/test-recipe.yaml
+{{- $architecture := or .architecture "arm64" }}
+{{- $mirror := or .mirror "https://repositories.apertis.org/apertis/" -}}
+{{- $suite := or .suite "v2021dev1" -}}
+
+architecture: {{ $architecture }}
+
+actions:
+  - action: debootstrap
+    suite: {{ $suite }}
+    components:
+      - target
+    mirror: {{ $mirror }}
+    variant: minbase
+    keyring-package: apertis-archive-keyring
+    keyring-file: keyring/apertis-archive-keyring.gpg
+    merged-usr: true