Martin Roth (martinroth@google.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/16239
-gerrit
commit a9e266706539cbf09e0c6fbc9087e9b48040434e Author: Martin Roth martinroth@google.com Date: Mon May 16 11:27:56 2016 -0600
util/docker: Update docker files for coreboot-sdk & jenkins builders
- Check out the specific toolchain version we want before building the toolchain (This version uses 1.42). - Add additional libraries and tools needed to build coreboot related packages. - Move everything required to build any of the coreboot or related packages into the coreboot-sdk from coreboot-jenkins-node Dockerfile. - Separate the text of the commands in the Dockerfiles. - Use nproc to get the number of processors for building the toolchain - Add some additional comments about why things are done the way that they are to the README - Update the version of coreboot-sdk that coreboot-jenkins-node uses to 1.42. (This matches the toolchain version) - Move ccache setup from jenkins-node to coreboot-sdk. - Update the maintainer.
Change-Id: I293285ef72e3e70259355d924d425fea98ee773d Signed-off-by: Martin Roth martinroth@google.com --- util/docker/coreboot-jenkins-node/Dockerfile | 39 +++++++++++++++++----------- util/docker/coreboot-jenkins-node/README.md | 11 ++++++-- util/docker/coreboot-sdk/Dockerfile | 27 ++++++++++++++++--- 3 files changed, 56 insertions(+), 21 deletions(-)
diff --git a/util/docker/coreboot-jenkins-node/Dockerfile b/util/docker/coreboot-jenkins-node/Dockerfile index b675f80..b60466d 100644 --- a/util/docker/coreboot-jenkins-node/Dockerfile +++ b/util/docker/coreboot-jenkins-node/Dockerfile @@ -1,21 +1,30 @@ -FROM coreboot/coreboot-sdk:1.37 -MAINTAINER Patrick Georgi patrick@georgi-clan.de +FROM coreboot/coreboot-sdk:1.42 +MAINTAINER Martin Roth gaumless@gmail.com USER root -ADD https://raw.githubusercontent.com/pgeorgi/encapsulate/master/encapsulate.c /tmp/encapsulate.c -COPY authorized_keys /home/coreboot/.ssh/authorized_keys -RUN mount |grep "on /dev type tmpfs" > /dev/null || exit 1 + +# Check to make sure /dev is a tmpfs file system +RUN mount | grep "on /dev type tmpfs" > /dev/null || exit 1 + RUN apt-get -y update && \ apt-get -y install \ - curl p7zip-full unrar-free libusb-1.0-0-dev pkg-config libreadline-dev libglib2.0-dev \ - subversion libpci-dev libusb-dev libftdi-dev \ - lua5.3 liblua5.3-dev \ - ccache openjdk-8-jre-headless openssh-server libssl-dev vim-common libgmp-dev && \ - apt-get clean && \ - mkdir /home/coreboot/.ccache && chown coreboot /home/coreboot/.ccache && \ - mkdir -p /home/coreboot/.ssh && chown -R coreboot /home/coreboot/.ssh && chmod 0700 /home/coreboot/.ssh && chmod 0600 /home/coreboot/.ssh/authorized_keys && \ - gcc -o /usr/sbin/encapsulate /tmp/encapsulate.c && chown root /usr/sbin/encapsulate && chmod +s /usr/sbin/encapsulate && \ - mkdir /var/run/sshd && chmod 0755 /var/run/sshd -VOLUME /home/coreboot/.ccache + lua5.3 liblua5.3-dev openjdk-8-jre-headless openssh-server && \ + apt-get clean + +COPY authorized_keys /home/coreboot/.ssh/authorized_keys +RUN chown -R coreboot /home/coreboot/.ssh && \ + chmod 0700 /home/coreboot/.ssh && \ + chmod 0600 /home/coreboot/.ssh/authorized_keys + +RUN mkdir /var/run/sshd && \ + chmod 0755 /var/run/sshd + +# Build encapsulate tool +ADD https://raw.githubusercontent.com/pgeorgi/encapsulate/master/encapsulate.c /tmp/encapsulate.c +RUN gcc -o /usr/sbin/encapsulate /tmp/encapsulate.c && \ + chown root /usr/sbin/encapsulate && \ + chmod +s /usr/sbin/encapsulate + + VOLUME /data/cache ENTRYPOINT mkdir /dev/cb-build && chown coreboot /dev/cb-build && /usr/sbin/sshd -p 49151 -D EXPOSE 49151 diff --git a/util/docker/coreboot-jenkins-node/README.md b/util/docker/coreboot-jenkins-node/README.md index 839ccb1..34162b2 100644 --- a/util/docker/coreboot-jenkins-node/README.md +++ b/util/docker/coreboot-jenkins-node/README.md @@ -1,3 +1,10 @@ -run with +This builds the coreboot tree in /dev/cb-build so that's a directory that uses +a tmpfs. This helps to speed up the build and doesn't write the output to +the SSD.
- docker run --privileged --restart=always -d -p 49151:49151 -v $host/path/to/ccache:/home/coreboot/.ccache -v $host/path/to/data/cache:/data/cache coreboot/coreboot-jenkins-node +The encapsulate tool that the coreboot build runs under for security requires +that docker be run using the --privileged command to work correctly. + +Run with the command: + + docker run --privileged --restart=always -d -p 49151:49151 -v $host_path_to_ccache:/home/coreboot/.ccache -v $host_path_to_data_cache:/data/cache coreboot/coreboot-jenkins-node diff --git a/util/docker/coreboot-sdk/Dockerfile b/util/docker/coreboot-sdk/Dockerfile index 18c165d..cb0023c 100644 --- a/util/docker/coreboot-sdk/Dockerfile +++ b/util/docker/coreboot-sdk/Dockerfile @@ -1,15 +1,34 @@ FROM debian:sid -MAINTAINER Patrick Georgi patrick@georgi-clan.de +MAINTAINER Martin Roth gaumless@gmail.com + RUN \ useradd -p locked -m coreboot && \ apt-get -qq update && \ - apt-get -qqy install git gcc g++ make patch python diffutils bison flex m4 wget bzip2 libssl-dev libgmp-dev vim-common cmake xz-utils zlib1g-dev && \ - apt-get clean && \ + apt-get -qq upgrade && \ + apt-get -qqy install gcc g++ make patch python diffutils bison flex \ + git doxygen ccache subversion p7zip-full unrar-free \ + m4 wget curl bzip2 vim-common cmake xz-utils pkg-config \ + dh-autoreconf unifont \ + libssl-dev libgmp-dev zlib1g-dev libpci-dev liblzma-dev \ + libyaml-dev libncurses5-dev uuid-dev libusb-dev libftdi-dev \ + libusb-1.0-0-dev libreadline-dev libglib2.0-dev libgmp-dev \ + libelf-dev libxml2-dev libfreetype6-dev && \ + apt-get clean + +RUN \ cd /root && \ git clone http://review.coreboot.org/coreboot && \ cd coreboot/util/crossgcc && \ - make all_without_gdb CPUS=$(grep -c "^processor>" /proc/cpuinfo) DEST=/opt/xgcc && \ + git checkout 589ef9de8fa && \ + make all_without_gdb CPUS=$(nproc) DEST=/opt/xgcc && \ cd /root && \ rm -rf coreboot + +RUN mkdir /home/coreboot/.ccache && \ + chown coreboot:coreboot /home/coreboot/.ccache && \ + mkdir /home/coreboot/cb_build && \ + chown coreboot:coreboot /home/coreboot/cb_build +VOLUME /home/coreboot/.ccache + ENV PATH $PATH:/opt/xgcc/bin USER coreboot