aboutsummaryrefslogtreecommitdiff
path: root/bionic-amd64-tf-a-build
diff options
context:
space:
mode:
authorLeonardo Sandoval <leonardo.sandoval@linaro.org>2020-10-29 17:12:15 -0600
committerLeonardo Sandoval <leonardo.sandoval@linaro.org>2020-10-30 10:30:52 -0600
commit5c131e4c763f45cbef691ca654d2f57d07037ead (patch)
treeddb05e4da70cbc3c3e9244b28b6313310848ce3b /bionic-amd64-tf-a-build
parent7ec9f3f67e3b2119300891fd3449c53c3591e614 (diff)
downloaddockerfiles-5c131e4c763f45cbef691ca654d2f57d07037ead.tar.gz
Introduce bionic-amd64-tf-a-build dockerfile and build infrastructure
There is a need to have separate docker images, each one targeted for specific project, i.e. TF-A, TF-M and Hafnium, otherwise some toolchain triplets may collide, i.e arm-none-eabi for M-Profiles and arm-none-eabi for A-profiles, or there could be different toolchain versions requirements as seen in [1,2]. This commit introduce the definition of the docker image (Dockerfile), its dependencies and build script for the TF-A project. At this moment, the only difference between TF-A and TF-M dockerfile is the arm-none-eabi, each targeting its profile. As a consequence of this new image, the corresponding project-name is now part of the image, leading to two new images: * trustedfirmware/ci-amd64-tf-a-ubuntu:bionic * trustedfirmware/ci-amd64-tf-m-ubuntu:bionic [1] https://trustedfirmware-a.readthedocs.io/en/latest/getting_started/prerequisites.html?highlight=arm-none-eabi-gcc#toolchain [2] https://ci.trustedfirmware.org/view/TF-M/job/tf-m-build-docs-nightly/lastStableBuild/artifact/trusted-firmware-m/build/install/doc/user_guide/html/docs/getting_started/tfm_sw_requirement.html Signed-off-by: Leonardo Sandoval <leonardo.sandoval@linaro.org> Change-Id: Ia36551b29818d57dc08fb839032a16474dc59b79
Diffstat (limited to 'bionic-amd64-tf-a-build')
-rw-r--r--bionic-amd64-tf-a-build/Dockerfile137
-rwxr-xr-xbionic-amd64-tf-a-build/build.sh22
-rw-r--r--bionic-amd64-tf-a-build/jenkins-slave100
-rw-r--r--bionic-amd64-tf-a-build/requirements_python2.txt1
-rw-r--r--bionic-amd64-tf-a-build/requirements_python3.txt13
5 files changed, 273 insertions, 0 deletions
diff --git a/bionic-amd64-tf-a-build/Dockerfile b/bionic-amd64-tf-a-build/Dockerfile
new file mode 100644
index 0000000..5f516e5
--- /dev/null
+++ b/bionic-amd64-tf-a-build/Dockerfile
@@ -0,0 +1,137 @@
+FROM ubuntu:bionic
+
+ARG TOOLS_DIR=/home/buildslave/tools
+
+ENV ARMLMD_LICENSE_FILE=27000@ci.trustedfirmware.org
+ENV DEBIAN_FRONTEND=noninteractive
+ENV PATH=$TOOLS_DIR/bin:${PATH}
+ENV PLANTUML_JAR_PATH=/usr/share/plantuml/plantuml.jar
+ENV PKG_DEPS="\
+ bison \
+ build-essential \
+ clang-tools-6.0 \
+ curl \
+ default-jre \
+ device-tree-compiler \
+ doxygen \
+ exuberant-ctags \
+ flex \
+ g++-multilib \
+ gcc-multilib \
+ git \
+ graphviz \
+ jq \
+ lcov \
+ libffi-dev \
+ libssl-dev \
+ libxml-libxml-perl \
+ openjdk-8-jdk \
+ openssh-server \
+ perl \
+ python \
+ python-psutil \
+ python3 \
+ python3-crypto \
+ python3-dev \
+ python3-psutil \
+ python3-pyasn1 \
+ srecord \
+ sudo \
+ tree \
+ unzip \
+ virtualenv \
+ wget \
+ zip \
+"
+
+# Can be overriden at build time
+ARG BUILDSLAVE_PASSWORD=buildslave
+ARG VERSION=3.28
+
+COPY requirements_*.txt /opt/
+COPY jenkins-slave /usr/local/bin/jenkins-slave
+COPY setup-sshd /usr/sbin/setup-sshd
+
+RUN set -e ;\
+ apt update -q=2 ;\
+ apt dist-upgrade -q=2 --yes ;\
+ apt install -q=2 --yes --no-install-recommends ${PKG_DEPS} ;\
+ curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash ;\
+ apt update -q=2 ;\
+ apt install -q=2 --yes --no-install-recommends git-lfs ;\
+ # Install Python requirements
+ curl -s https://bootstrap.pypa.io/get-pip.py -o /tmp/get-pip.py ;\
+ python2 /tmp/get-pip.py ;\
+ pip2 install --no-cache-dir -r /opt/requirements_python2.txt ;\
+ python3 /tmp/get-pip.py ;\
+ pip3 install --no-cache-dir -r /opt/requirements_python3.txt ;\
+ # Set Python 3 as default
+ ln -s -f /usr/bin/python3 /usr/bin/python ;\
+ # Setup buildslave user for Jenkins
+ useradd -m -s /bin/bash buildslave ;\
+ echo "buildslave:$BUILDSLAVE_PASSWORD" | chpasswd ;\
+ echo 'buildslave ALL = NOPASSWD: ALL' > /etc/sudoers.d/jenkins ;\
+ chmod 0440 /etc/sudoers.d/jenkins ;\
+ mkdir -p /var/run/sshd /home/buildslave/tools ;\
+ # Install cppcheck
+ wget -q http://github.com/danmar/cppcheck/releases/download/1.81/cppcheck-1.81.tar.gz -O /tmp/cppcheck.tar.gz ;\
+ tar -xf /tmp/cppcheck.tar.gz -C /opt ;\
+ (cd /opt/cppcheck-*; make CFGDIR=/opt/cppcheck-1.81/cfg; make install; make clean) ;\
+ # Install PlantUML
+ curl --create-dirs -fsSLo ${PLANTUML_JAR_PATH} https://repo1.maven.org/maven2/net/sourceforge/plantuml/plantuml/1.2019.6/plantuml-1.2019.6.jar ;\
+ # Install Jenkins remoting
+ curl --create-dirs -fsSLo /usr/share/jenkins/slave.jar https://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/${VERSION}/remoting-${VERSION}.jar ;\
+ # Install CMake
+ curl --create-dirs -fsSLo /tmp/cmake-Linux-x86_64.tar.gz https://cmake.org/files/v3.15/cmake-3.15.0-Linux-x86_64.tar.gz ;\
+ tar -xf /tmp/cmake-Linux-x86_64.tar.gz -C /home/buildslave/tools --strip-components=1 ;\
+ # Fix permissions
+ chmod 0755 /usr/share/jenkins ;\
+ chmod 0644 /usr/share/jenkins/slave.jar ;\
+ chmod 0755 /usr/local/bin/jenkins-slave ;\
+ chown -R buildslave:buildslave /home/buildslave/tools /usr/share/plantuml ;\
+ # Cleanup
+ apt clean ;\
+ rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+### Install GNU toolchain (arm-none-eabi)
+ARG GNU_GCC_ARM_VERSION="9.2-2019.12"
+ARG GNU_GCC_ARM_TAR="gcc-arm-${GNU_GCC_ARM_VERSION}-x86_64-arm-none-eabi.tar.xz"
+ARG GNU_GCC_ARM_URL="https://developer.arm.com/-/media/Files/downloads/gnu-a/${GNU_GCC_ARM_VERSION}/binrel/${GNU_GCC_ARM_TAR}"
+
+RUN curl --create-dirs -fsSLo /tmp/${GNU_GCC_ARM_TAR} ${GNU_GCC_ARM_URL} && \
+ tar -xf /tmp/${GNU_GCC_ARM_TAR} -C ${TOOLS_DIR} --strip-components=1 && \
+ rm /tmp/${GNU_GCC_ARM_TAR}
+
+### Install GNU toolchain (aarch64-none-elf)
+ARG GNU_GCC_AARCH64_VERSION="9.2-2019.12"
+ARG GNU_GCC_AARCH64_TAR="gcc-arm-${GNU_GCC_AARCH64_VERSION}-x86_64-aarch64-none-elf.tar.xz"
+ARG GNU_GCC_AARCH64_URL="https://developer.arm.com/-/media/Files/downloads/gnu-a/$GNU_GCC_AARCH64_VERSION/binrel/${GNU_GCC_AARCH64_TAR}"
+
+RUN curl --create-dirs -fsSLo /tmp/${GNU_GCC_AARCH64_TAR} ${GNU_GCC_AARCH64_URL} && \
+ tar -xf /tmp/${GNU_GCC_AARCH64_TAR} -C ${TOOLS_DIR} --strip-components=1 && \
+ rm /tmp/${GNU_GCC_AARCH64_TAR}
+
+### Install Arm Clang (armclang)
+ARG ARM_CLANG_VERSION="6.13"
+ARG ARM_CLANG_TAR="DS500-BN-00026-r5p0-15rel0.tgz"
+ARG ARM_CLANG_URL="https://developer.arm.com/-/media/Files/downloads/compiler/DS500-BN-00026-r5p0-15rel0.tgz\
+?revision=6a961cf7-1d9a-4664-900b-11d20552dbc7?product=Download%20Arm%20Compiler,64-bit,,Linux,6.13"
+ARG ARM_CLANG_INSTALL_DIR="${TOOLS_DIR}/armclang"
+
+RUN curl --create-dirs -fsSLo /tmp/${ARM_CLANG_TAR} ${ARM_CLANG_URL} && \
+ mkdir -p ${ARM_CLANG_INSTALL_DIR} && \
+ tar -xf /tmp/${ARM_CLANG_TAR} -C ${ARM_CLANG_INSTALL_DIR} && \
+ ${ARM_CLANG_INSTALL_DIR}/install_x86_64.sh \
+ --no-interactive \
+ --i-agree-to-the-contained-eula \
+ -d ${TOOLS_DIR} ;\
+ rm -rf ${ARM_CLANG_INSTALL_DIR} /tmp/${ARM_CLANG_TAR}
+
+ARG LINARO_VERSION=19.06
+RUN mkdir -p nfs/downloads/linaro/${LINARO_VERSION} ;\
+ cd nfs/downloads/linaro/${LINARO_VERSION} ;\
+ wget -q -c -m -A .zip -np -nd https://releases.linaro.org/members/arm/platforms/${LINARO_VERSION}/ ;\
+ for file in *.zip; do unzip -q ${file} -d $(basename ${file} .zip); done
+
+EXPOSE 22
+ENTRYPOINT ["/usr/sbin/setup-sshd"]
diff --git a/bionic-amd64-tf-a-build/build.sh b/bionic-amd64-tf-a-build/build.sh
new file mode 100755
index 0000000..d2bf20c
--- /dev/null
+++ b/bionic-amd64-tf-a-build/build.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+set -e
+
+trap cleanup_exit INT TERM EXIT
+
+cleanup_exit()
+{
+ rm -f *.list *.key
+}
+
+export LANG=C
+
+DISTRIBUTION=$(basename ${PWD} | cut -f1 -d '-')
+ARCHITECTURE=$(basename ${PWD} | cut -f2 -d '-')
+PROJECT=$(basename ${PWD} | cut -f3 -d '-')-$(basename ${PWD} | cut -f4 -d '-')
+
+cp -a ../setup-sshd .
+
+image=trustedfirmware/ci-${ARCHITECTURE}-${PROJECT}-ubuntu:${DISTRIBUTION}
+docker build --pull --tag=$image .
+echo $image > .docker-tag
diff --git a/bionic-amd64-tf-a-build/jenkins-slave b/bionic-amd64-tf-a-build/jenkins-slave
new file mode 100644
index 0000000..4d89307
--- /dev/null
+++ b/bionic-amd64-tf-a-build/jenkins-slave
@@ -0,0 +1,100 @@
+#!/usr/bin/env sh
+
+# The MIT License
+#
+# Copyright (c) 2015, CloudBees, Inc.
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+# Usage jenkins-slave.sh [options] -url http://jenkins [SECRET] [AGENT_NAME]
+# Optional environment variables :
+# * JENKINS_TUNNEL : HOST:PORT for a tunnel to route TCP traffic to jenkins host, when jenkins can't be directly accessed over network
+# * JENKINS_URL : alternate jenkins URL
+# * JENKINS_SECRET : agent secret, if not set as an argument
+# * JENKINS_AGENT_NAME : agent name, if not set as an argument
+# * JENKINS_AGENT_WORKDIR : agent work directory, if not set by optional parameter -workDir
+
+if [ $# -eq 1 ]; then
+
+ # if `docker run` only has one arguments, we assume user is running alternate command like `bash` to inspect the image
+ exec "$@"
+
+else
+
+ # if -tunnel is not provided, try env vars
+ case "$@" in
+ *"-tunnel "*) ;;
+ *)
+ if [ ! -z "$JENKINS_TUNNEL" ]; then
+ TUNNEL="-tunnel $JENKINS_TUNNEL"
+ fi ;;
+ esac
+
+ # if -workDir is not provided, try env vars
+ if [ ! -z "$JENKINS_AGENT_WORKDIR" ]; then
+ case "$@" in
+ *"-workDir"*) echo "Warning: Work directory is defined twice in command-line arguments and the environment variable" ;;
+ *)
+ WORKDIR="-workDir $JENKINS_AGENT_WORKDIR" ;;
+ esac
+ fi
+
+ if [ -n "$JENKINS_URL" ]; then
+ URL="-url $JENKINS_URL"
+ fi
+
+ if [ -n "$JENKINS_NAME" ]; then
+ JENKINS_AGENT_NAME="$JENKINS_NAME"
+ fi
+
+ if [ -z "$JNLP_PROTOCOL_OPTS" ]; then
+ echo "Warning: JnlpProtocol3 is disabled by default, use JNLP_PROTOCOL_OPTS to alter the behavior"
+ JNLP_PROTOCOL_OPTS="-Dorg.jenkinsci.remoting.engine.JnlpProtocol3.disabled=true"
+ fi
+
+ # if java home is defined, use it
+ JAVA_BIN="java"
+ if [ "$JAVA_HOME" ]; then
+ JAVA_BIN="$JAVA_HOME/bin/java"
+ fi
+
+ # if both required options are defined, do not pass the parameters
+ OPT_JENKINS_SECRET=""
+ if [ -n "$JENKINS_SECRET" ]; then
+ case "$@" in
+ *"${JENKINS_SECRET}"*) echo "Warning: SECRET is defined twice in command-line arguments and the environment variable" ;;
+ *)
+ OPT_JENKINS_SECRET="${JENKINS_SECRET}" ;;
+ esac
+ fi
+
+ OPT_JENKINS_AGENT_NAME=""
+ if [ -n "$JENKINS_AGENT_NAME" ]; then
+ case "$@" in
+ *"${JENKINS_AGENT_NAME}"*) echo "Warning: AGENT_NAME is defined twice in command-line arguments and the environment variable" ;;
+ *)
+ OPT_JENKINS_AGENT_NAME="${JENKINS_AGENT_NAME}" ;;
+ esac
+ fi
+
+ #TODO: Handle the case when the command-line and Environment variable contain different values.
+ #It is fine it blows up for now since it should lead to an error anyway.
+
+ exec $JAVA_BIN $JAVA_OPTS $JNLP_PROTOCOL_OPTS -cp /usr/share/jenkins/slave.jar hudson.remoting.jnlp.Main -headless $TUNNEL $URL $WORKDIR $OPT_JENKINS_SECRET $OPT_JENKINS_AGENT_NAME "$@"
+fi
diff --git a/bionic-amd64-tf-a-build/requirements_python2.txt b/bionic-amd64-tf-a-build/requirements_python2.txt
new file mode 100644
index 0000000..4449ba8
--- /dev/null
+++ b/bionic-amd64-tf-a-build/requirements_python2.txt
@@ -0,0 +1 @@
+pygments==2.2.0
diff --git a/bionic-amd64-tf-a-build/requirements_python3.txt b/bionic-amd64-tf-a-build/requirements_python3.txt
new file mode 100644
index 0000000..507db57
--- /dev/null
+++ b/bionic-amd64-tf-a-build/requirements_python3.txt
@@ -0,0 +1,13 @@
+cbor==1.0.0
+cryptography==2.7
+Jinja2==2.10
+MarkupSafe==1.1.0
+PyYAML==3.12
+pycryptodome==3.6.6
+pyasn1==0.1.9
+m2r==0.2.1
+Sphinx==2.0.1
+sphinx-rtd-theme==0.4.3
+sphinxcontrib-plantuml==0.15
+xmltodict==0.12.0
+imgtool==1.6.0