diff --git a/contrib/dockerfile/Dockerfile-devel.in b/contrib/dockerfile/Dockerfile-devel.in new file mode 100644 index 000000000..d4e118502 --- /dev/null +++ b/contrib/dockerfile/Dockerfile-devel.in @@ -0,0 +1,114 @@ +# +# ELBE - Debian Based Embedded Rootfilesystem Builder +# Copyright (c) 2014-2015 Silvio Fricke +# Copyright (c) 2018 Manuel Traut +# +# SPDX-License-Identifier: GPL-3.0-or-later + +# This Dockefile generate a image for the elbe buildsystem +FROM registry.hub.docker.com/library/debian:bullseye + +USER root +ENV DEBIAN_FRONTEND noninteractive + +RUN groupmod -g 1000 nogroup +RUN groupadd -g 1001 libvirt-qemu +RUN usermod -u 1000 -g nogroup nobody +RUN useradd -u 1001 -g libvirt-qemu libvirt-qemu + +# use a sources.list including backports and security +RUN echo "deb http://ftp.debian.org/debian bullseye-backports main" >> /etc/apt/sources.list; \ + echo "deb http://security.debian.org/ bullseye-security main" >> /etc/apt/sources.list + +# update, upgrade and install elbe runtime-dependencies +RUN apt-get update -y ;\ + apt-get install -y --no-install-recommends \ + -o Dpkg::Options::="--force-confnew" \ + systemd \ + ca-certificates \ + sudo \ + vim-nox \ + elbe-archive-keyring \ + software-properties-common \ + gnupg \ + python3-setuptools \ + python3-yaml \ + python3-jsonschema \ + locales \ + gcc \ + g++ \ + diffstat \ + texinfo \ + gawk \ + chrpath \ + python3-mako \ + fuseiso9660 \ + aptly \ + debian-archive-keyring \ + qemu-system-x86 +RUN apt install -y \ + wget \ + cpio \ + python3 \ + python3-debian \ + python3-mako \ + python3-lxml \ + python3-apt \ + python3-gpg \ + python3-suds \ + python3-libvirt \ + qemu-utils \ + qemu-kvm \ + p7zip-full \ + make \ + python3-passlib \ + libvirt-clients \ + libvirt-daemon-system \ + debian-archive-keyring + +RUN rm -rf /var/lib/apt/lists/* + +RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen + +ENV LANG en_US.UTF-8 +ENV LANGUAGE en_US:en +ENV LC_ALL en_US.UTF-8 + +# create elbe user +RUN groupadd -g @KVMGID@ -o -r kvm-elbe +RUN useradd -d /home/elbe -l -U -G kvm-elbe,libvirt -m -s /bin/bash -u @USERID@ elbe +RUN echo "root:elbe" | chpasswd +RUN echo "elbe:elbe" | chpasswd + +RUN rm -f /lib/systemd/system/multi-user.target.wants/*;\ + rm -f /etc/systemd/system/*.wants/*;\ + rm -f /lib/systemd/system/local-fs.target.wants/*; \ + rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ + rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ + rm -f /lib/systemd/system/basic.target.wants/*;\ + rm -f /lib/systemd/system/anaconda.target.wants/*; + +VOLUME [ "/sys/fs/cgroup" ] +VOLUME [ "/elbe" ] +VOLUME [ "/var/cache/elbe" ] + +# sudo for elbe +RUN echo "%elbe ALL=(ALL:ALL) NOPASSWD: ALL" > /etc/sudoers.d/elbegrp +RUN chmod 0440 /etc/sudoers.d/elbegrp + +# necessary since CS8 to have ELBE working (on C8 it was fine) +# https://bugzilla.redhat.com/show_bug.cgi?id=1774373 +RUN echo 'remember_owner = 0' >> /etc/libvirt/qemu.conf +# run qemu as root +RUN echo 'user = "root"' >> /etc/libvirt/qemu.conf +RUN echo 'group = "root"' >> /etc/libvirt/qemu.conf + +# run libvirt in systemd on startup +RUN systemctl enable libvirtd + +# install elbe from current sources +COPY ./ /elbe-tool/ + +ENV PATH="/elbe-tool:${PATH}" + +CMD [ "/lib/systemd/systemd" ] diff --git a/contrib/dockerfile/Dockerfile.in b/contrib/dockerfile/Dockerfile.in index 0920525d9..c01103d3f 100644 --- a/contrib/dockerfile/Dockerfile.in +++ b/contrib/dockerfile/Dockerfile.in @@ -5,12 +5,17 @@ # # SPDX-License-Identifier: GPL-3.0-or-later -# This Dockerfile generate a image for the elbe buildsystem -FROM debian:bullseye +# This Dockefile generate a image for the elbe buildsystem +FROM registry.hub.docker.com/library/debian:bullseye USER root ENV DEBIAN_FRONTEND noninteractive +RUN groupmod -g 1000 nogroup +RUN groupadd -g 1001 libvirt-qemu +RUN usermod -u 1000 -g nogroup nobody +RUN useradd -u 1001 -g libvirt-qemu libvirt-qemu + # use a sources.list including backports and security RUN echo "deb http://ftp.debian.org/debian bullseye-backports main" >> /etc/apt/sources.list; \ echo "deb http://security.debian.org/ bullseye-security main" >> /etc/apt/sources.list @@ -79,6 +84,10 @@ VOLUME [ "/var/cache/elbe" ] RUN echo "%elbe ALL=(ALL:ALL) NOPASSWD: ALL" > /etc/sudoers.d/elbegrp RUN chmod 0440 /etc/sudoers.d/elbegrp + +# On RHEL family, the following option is necessary since CentOS Stream 8 +# https://bugzilla.redhat.com/show_bug.cgi?id=1774373 +RUN echo 'remember_owner = 0' >> /etc/libvirt/qemu.conf # run qemu as root RUN echo 'user = "root"' >> /etc/libvirt/qemu.conf RUN echo 'group = "root"' >> /etc/libvirt/qemu.conf diff --git a/contrib/dockerfile/Makefile b/contrib/dockerfile/Makefile index f66de31a6..5a5489d49 100644 --- a/contrib/dockerfile/Makefile +++ b/contrib/dockerfile/Makefile @@ -4,11 +4,19 @@ # # SPDX-License-Identifier: GPL-3.0-or-later +DOCKERFILE ?= Dockerfile +TAG ?= latest +ifneq ($(TAG),latest) +DOCKERFILE = Dockerfile-$(TAG) +endif + IMAGENAME ?= elbe-devel-image -CONTAINERNAME ?= elbe-devel +CONTAINERNAME ?= elbe-devel-$(TAG) KVMGID ?= $(shell ls -n /dev/kvm | awk '{ print $$4 }') UID ?= $(shell id -u) +PROJECTDIR ?= $(shell pwd)/../../ + # docker commands build: test -c /dev/kvm || ( echo "/dev/kvm not found" && false ) @@ -16,13 +24,14 @@ build: test -n "$(KVMGID)" || ( echo "detecting groupid of /dev/kvm failed" && false ) sed -e "s#@KVMGID@#$(KVMGID)#g" \ -e "s#@USERID@#$(UID)#g" \ - Dockerfile.in > Dockerfile + $(DOCKERFILE).in > $(DOCKERFILE) docker build --build-arg http_proxy=$(http_proxy) \ --build-arg https_proxy=$(https_proxy) \ --build-arg no_proxy=$(no_proxy) \ --no-cache \ - -t $(IMAGENAME) . - rm Dockerfile + --file $(DOCKERFILE) \ + -t $(IMAGENAME):$(TAG) $(PROJECTDIR) + rm $(DOCKERFILE) start: docker ps | grep $(CONTAINERNAME)$$ || \ @@ -39,7 +48,7 @@ start: --group-add kvm \ --device /dev/kvm \ --device /dev/fuse \ - $(IMAGENAME) + $(IMAGENAME):$(TAG) stop: -docker stop $(CONTAINERNAME) @@ -48,7 +57,7 @@ stoprm: stop -docker rm $(CONTAINERNAME) clean: stoprm - -docker rmi $(IMAGENAME) + -docker rmi $(IMAGENAME):$(TAG) connect: start docker exec -tiu $(UID) $(CONTAINERNAME) /bin/bash