[coreboot-gerrit] Patch set updated for coreboot: util/docker: Update dockerfiles & build method

Fri Feb 3 02:16:25 CET 2017

Martin Roth (martinroth at google.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/18001

-gerrit

commit c83ccbcb92ab0358726a846e05a2fca325c3a576
Author: Martin Roth <gaumless at gmail.com>
Date:   Fri Dec 30 17:00:19 2016 -0700

    util/docker: Update dockerfiles & build method
    
    All files:
    - Previously, various things were hardcoded into the docker containers
    that made it necessary to update the Dockerfile files for each new
    version of the sdk.  Turn those into 'Variables" that are updated during
    the build step.  Because the makefile is piping the dockerfile through
    the sed command and back into the docker build command, the normal
    docker "COPY" keyword doesn't work.
    
    coreboot-jenkins-node changes:
    - Run ssh-keygen -A to explicitly generate the ssh keys.  This fixes an
    error:  Could not load host key: /etc/ssh/ssh_host_dsa_key
    
    coreboot-sdk changes:
    - Remove apt-get upgrade command - The Dockerfile guide recommends
    not to run this.
    - Change libssl-dev to libssl1.0-dev. libssl-dev's header files won't
    build the Chrome-EC codebase.
    - Add libisl-dev, needed to build the riscv toolchain.
    - Build the toolchain using the -b option
    - Add environment variables containing the version and commit that the
    coreboot-sdk was built from.
    
    Makefile:
    - Update targets to use the version and commit variables
    
    Change-Id: I2c1376fe4b791da2a62fca11bc92c4774cbef1c8
    Signed-off-by: Martin Roth <gaumless at gmail.com>
---
 util/docker/Makefile                         | 31 +++++++++++++++++++++-------
 util/docker/coreboot-jenkins-node/Dockerfile | 30 +++++++++++++++++++++------
 util/docker/coreboot-sdk/Dockerfile          | 27 ++++++++++++++++++------
 3 files changed, 69 insertions(+), 19 deletions(-)

diff --git a/util/docker/Makefile b/util/docker/Makefile
index f669b93..7df6851 100644
--- a/util/docker/Makefile
+++ b/util/docker/Makefile
@@ -14,7 +14,13 @@
 ##
 export top=$(abspath $(CURDIR)/../..)
 export crossgcc_version=$(shell $(top)/util/crossgcc/buildgcc --version | grep 'cross toolchain' | sed 's/^.*\sv//' | sed 's/\s.*$$//')
-export DOCKER:=$(shell env sh -c "command -v docker")
+export DOCKER:=$(shell $(SHELL) -c "command -v docker")
+
+# Version of the jenkins / sdk container
+export COREBOOT_CONTAINER_VERSION?=$(crossgcc_version)
+
+# Commit id to build from
+export DOCKER_COMMIT?=$(shell git log -n 1 --pretty=%h)
 
 test-docker:
 	$(if $(DOCKER),,\
@@ -28,16 +34,23 @@ test-docker-login: test-docker
 		$(error Docker authentication file not found.  Run 'docker login'))
 
 coreboot-sdk: test-docker
-	$(DOCKER) build -t coreboot/coreboot-sdk:$(crossgcc_version) coreboot-sdk
+	@echo "Building coreboot SDK $(crossgcc_version) from commit $(DOCKER_COMMIT)"
+	cat coreboot-sdk/Dockerfile | \
+		sed "s/{{DOCKER_COMMIT}}/$(DOCKER_COMMIT)/" | \
+		sed "s/{{SDK_VERSION}}/$(COREBOOT_CONTAINER_VERSION)/" | \
+		$(DOCKER) build -t coreboot/coreboot-sdk:$(COREBOOT_CONTAINER_VERSION) -
 
 upload-coreboot-sdk: test-docker-login
-	$(DOCKER) push coreboot/coreboot-sdk:$(crossgcc_version)
+	$(DOCKER) push coreboot/coreboot-sdk:$(COREBOOT_CONTAINER_VERSION)
 
 coreboot-jenkins-node: test-docker
-	$(DOCKER) build -t coreboot/coreboot-jenkins-node:$(crossgcc_version) coreboot-jenkins-node
+	cat coreboot-jenkins-node/Dockerfile | \
+		sed "s/{{SDK_VERSION}}/$(COREBOOT_CONTAINER_VERSION)/" | \
+		sed "s|{{SSH_KEY}}|$$(cat coreboot-jenkins-node/authorized_keys)|" | \
+		$(DOCKER) build -t coreboot/coreboot-jenkins-node:$(COREBOOT_CONTAINER_VERSION) -
 
 upload-coreboot-jenkins-node: test-docker-login
-	$(DOCKER) push coreboot/coreboot-jenkins-node:$(crossgcc_version)
+	$(DOCKER) push coreboot/coreboot-jenkins-node:$(COREBOOT_CONTAINER_VERSION)
 
 docker-killall: test-docker
 	@if [ -n "$$($(DOCKER) ps | grep 'coreboot')" ]; then \
@@ -52,7 +65,7 @@ clean-coreboot-images: docker-killall
 
 docker-build-coreboot: test-docker
 	$(DOCKER) run -u root -it -v $(top):/home/coreboot/coreboot \
-		--rm coreboot/coreboot-sdk:$(crossgcc_version) \
+		--rm coreboot/coreboot-sdk:$(COREBOOT_CONTAINER_VERSION) \
 		/bin/bash -c "cd /home/coreboot/coreboot && \
 		make clean && \
 		make $(BUILD_CMD)"
@@ -62,7 +75,7 @@ docker-build-coreboot: test-docker
 
 docker-abuild: test-docker
 	$(DOCKER) run -u root -it -v $(top):/home/coreboot/coreboot \
-		--rm coreboot/coreboot-sdk:$(crossgcc_version) \
+		--rm coreboot/coreboot-sdk:$(COREBOOT_CONTAINER_VERSION) \
 		/bin/bash -c "cd /home/coreboot/coreboot && \
 		make clean && \
 		util/abuild/abuild $(ABUILD_ARGS)"
@@ -82,6 +95,10 @@ help:
 	@echo "Commands for using docker images"
 	@echo "  docker-build-coreboot <BUILD_CMD=target>  - Build coreboot under coreboot-sdk"
 	@echo "  docker-abuild <ABUILD_ARGS='-a -B'>       - Run abuild under coreboot-sdk"
+	@echo
+	@echo "Variables:"
+	@echo "  COREBOOT_CONTAINER_VERSION = $(COREBOOT_CONTAINER_VERSION)"
+	@echo "  DOCKER_COMMIT = $(DOCKER_COMMIT)"
 
 .PHONY: test-docker test-docker-login
 .PHONY: coreboot-jenkins-node upload-coreboot-jenkins-node
diff --git a/util/docker/coreboot-jenkins-node/Dockerfile b/util/docker/coreboot-jenkins-node/Dockerfile
index b60466d..230842c 100644
--- a/util/docker/coreboot-jenkins-node/Dockerfile
+++ b/util/docker/coreboot-jenkins-node/Dockerfile
@@ -1,5 +1,20 @@
-FROM coreboot/coreboot-sdk:1.42
-MAINTAINER Martin Roth <gaumless at gmail.com>
+# This dockerfile is not meant to be used directly by docker.  The
+# {{}} varibles are replaced with values by the makefile.  Please generate
+# the docker image for this file by running:
+#
+#   make coreboot-jenkins-node
+#
+# Variables can be updated on the make command line or left blank to use
+# the default values set by the makefile.
+#
+#  SDK_VERSION is used to name the version of the coreboot sdk to use.
+#              Typically, this corresponds to the toolchain version.
+#  SSH_KEY is the contents of the file coreboot-jenkins-node/authorized_keys
+#          Because we're piping the contents of the dockerfile into the
+#          docker build command, the 'COPY' keyword isn't valid.
+
+FROM coreboot/coreboot-sdk:{{SDK_VERSION}}
+MAINTAINER Martin Roth <martin at coreboot.org>
 USER root
 
 # Check to make sure /dev is a tmpfs file system
@@ -10,13 +25,17 @@ RUN apt-get -y update && \
 	lua5.3 liblua5.3-dev openjdk-8-jre-headless openssh-server && \
 	apt-get clean
 
-COPY authorized_keys /home/coreboot/.ssh/authorized_keys
-RUN chown -R coreboot /home/coreboot/.ssh && \
+# Because of the way that the variables are being replaced, docker's 'COPY'
+# command does not work
+RUN mkdir -p /home/coreboot/.ssh && \
+	echo "{{SSH_KEY}}" > /home/coreboot/.ssh/authorized_keys && \
+	chown -R coreboot:coreboot /home/coreboot/.ssh && \
 	chmod 0700 /home/coreboot/.ssh && \
 	chmod 0600 /home/coreboot/.ssh/authorized_keys
 
 RUN mkdir /var/run/sshd && \
-	chmod 0755 /var/run/sshd
+	chmod 0755 /var/run/sshd && \
+	/usr/bin/ssh-keygen -A
 
 # Build encapsulate tool
 ADD https://raw.githubusercontent.com/pgeorgi/encapsulate/master/encapsulate.c /tmp/encapsulate.c
@@ -24,7 +43,6 @@ RUN gcc -o /usr/sbin/encapsulate /tmp/encapsulate.c && \
 	chown root /usr/sbin/encapsulate && \
 	chmod +s /usr/sbin/encapsulate
 
-
 VOLUME /data/cache
 ENTRYPOINT mkdir /dev/cb-build && chown coreboot /dev/cb-build && /usr/sbin/sshd -p 49151 -D
 EXPOSE 49151
diff --git a/util/docker/coreboot-sdk/Dockerfile b/util/docker/coreboot-sdk/Dockerfile
index cb0023c..feaf843 100644
--- a/util/docker/coreboot-sdk/Dockerfile
+++ b/util/docker/coreboot-sdk/Dockerfile
@@ -1,26 +1,39 @@
+# This dockerfile is not meant to be used directly by docker.  The
+# {{}} varibles are replaced with values by the makefile.  Please generate
+# the docker image for this file by running:
+#
+#   make coreboot-sdk
+#
+# Variables can be updated on the make command line or left blank to use
+# the default values set by the makefile.
+#
+#  SDK_VERSION is used to name the version of the coreboot sdk to use.
+#              Typically, this corresponds to the toolchain version.  This
+#              is used to identify this docker image.
+#  DOCKER_COMMIT is the coreboot Commit-ID to build the toolchain from.
+
 FROM debian:sid
-MAINTAINER Martin Roth <gaumless at gmail.com>
+MAINTAINER Martin Roth <martin at coreboot.org>
 
 RUN \
 	useradd -p locked -m coreboot && \
 	apt-get -qq update && \
-	apt-get -qq upgrade && \
 	apt-get -qqy install gcc g++ make patch python diffutils bison flex \
 		git doxygen ccache subversion p7zip-full unrar-free \
 		m4 wget curl bzip2 vim-common cmake xz-utils pkg-config \
 		dh-autoreconf unifont \
-		libssl-dev libgmp-dev zlib1g-dev libpci-dev liblzma-dev \
+		libssl1.0-dev libgmp-dev zlib1g-dev libpci-dev liblzma-dev \
 		libyaml-dev libncurses5-dev uuid-dev libusb-dev libftdi-dev \
 		libusb-1.0-0-dev libreadline-dev libglib2.0-dev libgmp-dev \
-		libelf-dev libxml2-dev libfreetype6-dev && \
+		libelf-dev libxml2-dev libfreetype6-dev libisl-dev && \
 	apt-get clean
 
 RUN \
 	cd /root && \
 	git clone http://review.coreboot.org/coreboot && \
 	cd coreboot/util/crossgcc && \
-	git checkout 589ef9de8fa && \
-	make all_without_gdb CPUS=$(nproc) DEST=/opt/xgcc && \
+	git checkout {{DOCKER_COMMIT}} && \
+	make all_without_gdb CPUS=$(nproc) DEST=/opt/xgcc BUILDGCC_OPTIONS=-b && \
 	cd /root && \
 	rm -rf coreboot
 
@@ -31,4 +44,6 @@ RUN mkdir /home/coreboot/.ccache && \
 VOLUME /home/coreboot/.ccache
 
 ENV PATH $PATH:/opt/xgcc/bin
+ENV SDK_VERSION={{SDK_VERSION}}
+ENV SDK_COMMIT={{DOCKER_COMMIT}}
 USER coreboot

