diff options
author | Leonardo Sandoval <leonardo.sandoval@linaro.org> | 2020-10-29 17:12:15 -0600 |
---|---|---|
committer | Leonardo Sandoval <leonardo.sandoval@linaro.org> | 2020-10-30 10:30:52 -0600 |
commit | 5c131e4c763f45cbef691ca654d2f57d07037ead (patch) | |
tree | ddb05e4da70cbc3c3e9244b28b6313310848ce3b /bionic-amd64-tf-a-build | |
parent | 7ec9f3f67e3b2119300891fd3449c53c3591e614 (diff) | |
download | dockerfiles-5c131e4c763f45cbef691ca654d2f57d07037ead.tar.gz |
Introduce bionic-amd64-tf-a-build dockerfile and build infrastructure
There is a need to have separate docker images, each one targeted for
specific project, i.e. TF-A, TF-M and Hafnium, otherwise some
toolchain triplets may collide, i.e arm-none-eabi for M-Profiles and
arm-none-eabi for A-profiles, or there could be different toolchain
versions requirements as seen in [1,2]. This commit introduce the definition of
the docker image (Dockerfile), its dependencies and build script for
the TF-A project. At this moment, the only difference between TF-A and
TF-M dockerfile is the arm-none-eabi, each targeting its profile.
As a consequence of this new image, the corresponding project-name is
now part of the image, leading to two new images:
* trustedfirmware/ci-amd64-tf-a-ubuntu:bionic
* trustedfirmware/ci-amd64-tf-m-ubuntu:bionic
[1] https://trustedfirmware-a.readthedocs.io/en/latest/getting_started/prerequisites.html?highlight=arm-none-eabi-gcc#toolchain
[2] https://ci.trustedfirmware.org/view/TF-M/job/tf-m-build-docs-nightly/lastStableBuild/artifact/trusted-firmware-m/build/install/doc/user_guide/html/docs/getting_started/tfm_sw_requirement.html
Signed-off-by: Leonardo Sandoval <leonardo.sandoval@linaro.org>
Change-Id: Ia36551b29818d57dc08fb839032a16474dc59b79
Diffstat (limited to 'bionic-amd64-tf-a-build')
-rw-r--r-- | bionic-amd64-tf-a-build/Dockerfile | 137 | ||||
-rwxr-xr-x | bionic-amd64-tf-a-build/build.sh | 22 | ||||
-rw-r--r-- | bionic-amd64-tf-a-build/jenkins-slave | 100 | ||||
-rw-r--r-- | bionic-amd64-tf-a-build/requirements_python2.txt | 1 | ||||
-rw-r--r-- | bionic-amd64-tf-a-build/requirements_python3.txt | 13 |
5 files changed, 273 insertions, 0 deletions
diff --git a/bionic-amd64-tf-a-build/Dockerfile b/bionic-amd64-tf-a-build/Dockerfile new file mode 100644 index 0000000..5f516e5 --- /dev/null +++ b/bionic-amd64-tf-a-build/Dockerfile @@ -0,0 +1,137 @@ +FROM ubuntu:bionic + +ARG TOOLS_DIR=/home/buildslave/tools + +ENV ARMLMD_LICENSE_FILE=27000@ci.trustedfirmware.org +ENV DEBIAN_FRONTEND=noninteractive +ENV PATH=$TOOLS_DIR/bin:${PATH} +ENV PLANTUML_JAR_PATH=/usr/share/plantuml/plantuml.jar +ENV PKG_DEPS="\ + bison \ + build-essential \ + clang-tools-6.0 \ + curl \ + default-jre \ + device-tree-compiler \ + doxygen \ + exuberant-ctags \ + flex \ + g++-multilib \ + gcc-multilib \ + git \ + graphviz \ + jq \ + lcov \ + libffi-dev \ + libssl-dev \ + libxml-libxml-perl \ + openjdk-8-jdk \ + openssh-server \ + perl \ + python \ + python-psutil \ + python3 \ + python3-crypto \ + python3-dev \ + python3-psutil \ + python3-pyasn1 \ + srecord \ + sudo \ + tree \ + unzip \ + virtualenv \ + wget \ + zip \ +" + +# Can be overriden at build time +ARG BUILDSLAVE_PASSWORD=buildslave +ARG VERSION=3.28 + +COPY requirements_*.txt /opt/ +COPY jenkins-slave /usr/local/bin/jenkins-slave +COPY setup-sshd /usr/sbin/setup-sshd + +RUN set -e ;\ + apt update -q=2 ;\ + apt dist-upgrade -q=2 --yes ;\ + apt install -q=2 --yes --no-install-recommends ${PKG_DEPS} ;\ + curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash ;\ + apt update -q=2 ;\ + apt install -q=2 --yes --no-install-recommends git-lfs ;\ + # Install Python requirements + curl -s https://bootstrap.pypa.io/get-pip.py -o /tmp/get-pip.py ;\ + python2 /tmp/get-pip.py ;\ + pip2 install --no-cache-dir -r /opt/requirements_python2.txt ;\ + python3 /tmp/get-pip.py ;\ + pip3 install --no-cache-dir -r /opt/requirements_python3.txt ;\ + # Set Python 3 as default + ln -s -f /usr/bin/python3 /usr/bin/python ;\ + # Setup buildslave user for Jenkins + useradd -m -s /bin/bash buildslave ;\ + echo "buildslave:$BUILDSLAVE_PASSWORD" | chpasswd ;\ + echo 'buildslave ALL = NOPASSWD: ALL' > /etc/sudoers.d/jenkins ;\ + chmod 0440 /etc/sudoers.d/jenkins ;\ + mkdir -p /var/run/sshd /home/buildslave/tools ;\ + # Install cppcheck + wget -q http://github.com/danmar/cppcheck/releases/download/1.81/cppcheck-1.81.tar.gz -O /tmp/cppcheck.tar.gz ;\ + tar -xf /tmp/cppcheck.tar.gz -C /opt ;\ + (cd /opt/cppcheck-*; make CFGDIR=/opt/cppcheck-1.81/cfg; make install; make clean) ;\ + # Install PlantUML + curl --create-dirs -fsSLo ${PLANTUML_JAR_PATH} https://repo1.maven.org/maven2/net/sourceforge/plantuml/plantuml/1.2019.6/plantuml-1.2019.6.jar ;\ + # Install Jenkins remoting + curl --create-dirs -fsSLo /usr/share/jenkins/slave.jar https://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/${VERSION}/remoting-${VERSION}.jar ;\ + # Install CMake + curl --create-dirs -fsSLo /tmp/cmake-Linux-x86_64.tar.gz https://cmake.org/files/v3.15/cmake-3.15.0-Linux-x86_64.tar.gz ;\ + tar -xf /tmp/cmake-Linux-x86_64.tar.gz -C /home/buildslave/tools --strip-components=1 ;\ + # Fix permissions + chmod 0755 /usr/share/jenkins ;\ + chmod 0644 /usr/share/jenkins/slave.jar ;\ + chmod 0755 /usr/local/bin/jenkins-slave ;\ + chown -R buildslave:buildslave /home/buildslave/tools /usr/share/plantuml ;\ + # Cleanup + apt clean ;\ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +### Install GNU toolchain (arm-none-eabi) +ARG GNU_GCC_ARM_VERSION="9.2-2019.12" +ARG GNU_GCC_ARM_TAR="gcc-arm-${GNU_GCC_ARM_VERSION}-x86_64-arm-none-eabi.tar.xz" +ARG GNU_GCC_ARM_URL="https://developer.arm.com/-/media/Files/downloads/gnu-a/${GNU_GCC_ARM_VERSION}/binrel/${GNU_GCC_ARM_TAR}" + +RUN curl --create-dirs -fsSLo /tmp/${GNU_GCC_ARM_TAR} ${GNU_GCC_ARM_URL} && \ + tar -xf /tmp/${GNU_GCC_ARM_TAR} -C ${TOOLS_DIR} --strip-components=1 && \ + rm /tmp/${GNU_GCC_ARM_TAR} + +### Install GNU toolchain (aarch64-none-elf) +ARG GNU_GCC_AARCH64_VERSION="9.2-2019.12" +ARG GNU_GCC_AARCH64_TAR="gcc-arm-${GNU_GCC_AARCH64_VERSION}-x86_64-aarch64-none-elf.tar.xz" +ARG GNU_GCC_AARCH64_URL="https://developer.arm.com/-/media/Files/downloads/gnu-a/$GNU_GCC_AARCH64_VERSION/binrel/${GNU_GCC_AARCH64_TAR}" + +RUN curl --create-dirs -fsSLo /tmp/${GNU_GCC_AARCH64_TAR} ${GNU_GCC_AARCH64_URL} && \ + tar -xf /tmp/${GNU_GCC_AARCH64_TAR} -C ${TOOLS_DIR} --strip-components=1 && \ + rm /tmp/${GNU_GCC_AARCH64_TAR} + +### Install Arm Clang (armclang) +ARG ARM_CLANG_VERSION="6.13" +ARG ARM_CLANG_TAR="DS500-BN-00026-r5p0-15rel0.tgz" +ARG ARM_CLANG_URL="https://developer.arm.com/-/media/Files/downloads/compiler/DS500-BN-00026-r5p0-15rel0.tgz\ +?revision=6a961cf7-1d9a-4664-900b-11d20552dbc7?product=Download%20Arm%20Compiler,64-bit,,Linux,6.13" +ARG ARM_CLANG_INSTALL_DIR="${TOOLS_DIR}/armclang" + +RUN curl --create-dirs -fsSLo /tmp/${ARM_CLANG_TAR} ${ARM_CLANG_URL} && \ + mkdir -p ${ARM_CLANG_INSTALL_DIR} && \ + tar -xf /tmp/${ARM_CLANG_TAR} -C ${ARM_CLANG_INSTALL_DIR} && \ + ${ARM_CLANG_INSTALL_DIR}/install_x86_64.sh \ + --no-interactive \ + --i-agree-to-the-contained-eula \ + -d ${TOOLS_DIR} ;\ + rm -rf ${ARM_CLANG_INSTALL_DIR} /tmp/${ARM_CLANG_TAR} + +ARG LINARO_VERSION=19.06 +RUN mkdir -p nfs/downloads/linaro/${LINARO_VERSION} ;\ + cd nfs/downloads/linaro/${LINARO_VERSION} ;\ + wget -q -c -m -A .zip -np -nd https://releases.linaro.org/members/arm/platforms/${LINARO_VERSION}/ ;\ + for file in *.zip; do unzip -q ${file} -d $(basename ${file} .zip); done + +EXPOSE 22 +ENTRYPOINT ["/usr/sbin/setup-sshd"] diff --git a/bionic-amd64-tf-a-build/build.sh b/bionic-amd64-tf-a-build/build.sh new file mode 100755 index 0000000..d2bf20c --- /dev/null +++ b/bionic-amd64-tf-a-build/build.sh @@ -0,0 +1,22 @@ +#!/bin/sh + +set -e + +trap cleanup_exit INT TERM EXIT + +cleanup_exit() +{ + rm -f *.list *.key +} + +export LANG=C + +DISTRIBUTION=$(basename ${PWD} | cut -f1 -d '-') +ARCHITECTURE=$(basename ${PWD} | cut -f2 -d '-') +PROJECT=$(basename ${PWD} | cut -f3 -d '-')-$(basename ${PWD} | cut -f4 -d '-') + +cp -a ../setup-sshd . + +image=trustedfirmware/ci-${ARCHITECTURE}-${PROJECT}-ubuntu:${DISTRIBUTION} +docker build --pull --tag=$image . +echo $image > .docker-tag diff --git a/bionic-amd64-tf-a-build/jenkins-slave b/bionic-amd64-tf-a-build/jenkins-slave new file mode 100644 index 0000000..4d89307 --- /dev/null +++ b/bionic-amd64-tf-a-build/jenkins-slave @@ -0,0 +1,100 @@ +#!/usr/bin/env sh + +# The MIT License +# +# Copyright (c) 2015, CloudBees, Inc. +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. + +# Usage jenkins-slave.sh [options] -url http://jenkins [SECRET] [AGENT_NAME] +# Optional environment variables : +# * JENKINS_TUNNEL : HOST:PORT for a tunnel to route TCP traffic to jenkins host, when jenkins can't be directly accessed over network +# * JENKINS_URL : alternate jenkins URL +# * JENKINS_SECRET : agent secret, if not set as an argument +# * JENKINS_AGENT_NAME : agent name, if not set as an argument +# * JENKINS_AGENT_WORKDIR : agent work directory, if not set by optional parameter -workDir + +if [ $# -eq 1 ]; then + + # if `docker run` only has one arguments, we assume user is running alternate command like `bash` to inspect the image + exec "$@" + +else + + # if -tunnel is not provided, try env vars + case "$@" in + *"-tunnel "*) ;; + *) + if [ ! -z "$JENKINS_TUNNEL" ]; then + TUNNEL="-tunnel $JENKINS_TUNNEL" + fi ;; + esac + + # if -workDir is not provided, try env vars + if [ ! -z "$JENKINS_AGENT_WORKDIR" ]; then + case "$@" in + *"-workDir"*) echo "Warning: Work directory is defined twice in command-line arguments and the environment variable" ;; + *) + WORKDIR="-workDir $JENKINS_AGENT_WORKDIR" ;; + esac + fi + + if [ -n "$JENKINS_URL" ]; then + URL="-url $JENKINS_URL" + fi + + if [ -n "$JENKINS_NAME" ]; then + JENKINS_AGENT_NAME="$JENKINS_NAME" + fi + + if [ -z "$JNLP_PROTOCOL_OPTS" ]; then + echo "Warning: JnlpProtocol3 is disabled by default, use JNLP_PROTOCOL_OPTS to alter the behavior" + JNLP_PROTOCOL_OPTS="-Dorg.jenkinsci.remoting.engine.JnlpProtocol3.disabled=true" + fi + + # if java home is defined, use it + JAVA_BIN="java" + if [ "$JAVA_HOME" ]; then + JAVA_BIN="$JAVA_HOME/bin/java" + fi + + # if both required options are defined, do not pass the parameters + OPT_JENKINS_SECRET="" + if [ -n "$JENKINS_SECRET" ]; then + case "$@" in + *"${JENKINS_SECRET}"*) echo "Warning: SECRET is defined twice in command-line arguments and the environment variable" ;; + *) + OPT_JENKINS_SECRET="${JENKINS_SECRET}" ;; + esac + fi + + OPT_JENKINS_AGENT_NAME="" + if [ -n "$JENKINS_AGENT_NAME" ]; then + case "$@" in + *"${JENKINS_AGENT_NAME}"*) echo "Warning: AGENT_NAME is defined twice in command-line arguments and the environment variable" ;; + *) + OPT_JENKINS_AGENT_NAME="${JENKINS_AGENT_NAME}" ;; + esac + fi + + #TODO: Handle the case when the command-line and Environment variable contain different values. + #It is fine it blows up for now since it should lead to an error anyway. + + exec $JAVA_BIN $JAVA_OPTS $JNLP_PROTOCOL_OPTS -cp /usr/share/jenkins/slave.jar hudson.remoting.jnlp.Main -headless $TUNNEL $URL $WORKDIR $OPT_JENKINS_SECRET $OPT_JENKINS_AGENT_NAME "$@" +fi diff --git a/bionic-amd64-tf-a-build/requirements_python2.txt b/bionic-amd64-tf-a-build/requirements_python2.txt new file mode 100644 index 0000000..4449ba8 --- /dev/null +++ b/bionic-amd64-tf-a-build/requirements_python2.txt @@ -0,0 +1 @@ +pygments==2.2.0 diff --git a/bionic-amd64-tf-a-build/requirements_python3.txt b/bionic-amd64-tf-a-build/requirements_python3.txt new file mode 100644 index 0000000..507db57 --- /dev/null +++ b/bionic-amd64-tf-a-build/requirements_python3.txt @@ -0,0 +1,13 @@ +cbor==1.0.0 +cryptography==2.7 +Jinja2==2.10 +MarkupSafe==1.1.0 +PyYAML==3.12 +pycryptodome==3.6.6 +pyasn1==0.1.9 +m2r==0.2.1 +Sphinx==2.0.1 +sphinx-rtd-theme==0.4.3 +sphinxcontrib-plantuml==0.15 +xmltodict==0.12.0 +imgtool==1.6.0 |