TF-M: Add Bionic image
Based of the xenial image this builds a Bionic image for the TF-M
project.
Change-Id: Ie620de26f0c27098aee2f5ebb0b74867669c8aa4
Signed-off-by: Benjamin Copeland <ben.copeland@linaro.org>
diff --git a/bionic-amd64-tf-m-build/Dockerfile b/bionic-amd64-tf-m-build/Dockerfile
new file mode 100644
index 0000000..057d963
--- /dev/null
+++ b/bionic-amd64-tf-m-build/Dockerfile
@@ -0,0 +1,85 @@
+FROM ubuntu:bionic
+
+ENV DEBIAN_FRONTEND=noninteractive
+ENV PATH=/home/buildslave/tools/bin:${PATH}
+ENV PLANTUML_JAR_PATH=/usr/share/plantuml/plantuml.jar
+ENV PKG_DEPS="\
+ build-essential \
+ curl \
+ default-jre \
+ device-tree-compiler \
+ doxygen \
+ git \
+ graphviz \
+ jq \
+ libffi-dev \
+ libssl-dev \
+ openjdk-8-jdk \
+ openssh-server \
+ perl \
+ python \
+ python-psutil \
+ python3 \
+ python3-crypto \
+ python3-dev \
+ python3-psutil \
+ python3-pyasn1 \
+ srecord \
+ sudo \
+ tree \
+ unzip \
+ virtualenv \
+ wget \
+ zip \
+"
+
+# Can be overriden at build time
+ARG BUILDSLAVE_PASSWORD=buildslave
+ARG VERSION=3.28
+
+COPY requirements_*.txt /opt/
+COPY jenkins-slave /usr/local/bin/jenkins-slave
+
+RUN set -e ;\
+ apt update -q=2 ;\
+ apt dist-upgrade -q=2 --yes ;\
+ apt install -q=2 --yes --no-install-recommends ${PKG_DEPS} ;\
+ curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash ;\
+ apt update -q=2 ;\
+ apt install -q=2 --yes --no-install-recommends git-lfs ;\
+ # Install Python requirements
+ curl -s https://bootstrap.pypa.io/get-pip.py -o /tmp/get-pip.py ;\
+ python2 /tmp/get-pip.py ;\
+ pip2 install --no-cache-dir -r /opt/requirements_python2.txt ;\
+ python3 /tmp/get-pip.py ;\
+ pip3 install --no-cache-dir -r /opt/requirements_python3.txt ;\
+ # Setup buildslave user for Jenkins
+ useradd -m -s /bin/bash buildslave ;\
+ echo "buildslave:$BUILDSLAVE_PASSWORD" | chpasswd ;\
+ echo 'buildslave ALL = NOPASSWD: ALL' > /etc/sudoers.d/jenkins ;\
+ chmod 0440 /etc/sudoers.d/jenkins ;\
+ mkdir -p /var/run/sshd /home/buildslave/tools ;\
+ # Install cppcheck
+ wget -q http://github.com/danmar/cppcheck/releases/download/1.81/cppcheck-1.81.tar.gz -O /tmp/cppcheck.tar.gz ;\
+ tar -xf /tmp/cppcheck.tar.gz -C /opt ;\
+ (cd /opt/cppcheck-*; make CFGDIR=/opt/cppcheck-1.81/cfg; make install; make clean) ;\
+ # Install PlantUML
+ curl --create-dirs -fsSLo ${PLANTUML_JAR_PATH} https://repo1.maven.org/maven2/net/sourceforge/plantuml/plantuml/1.2019.6/plantuml-1.2019.6.jar ;\
+ # Install Jenkins remoting
+ curl --create-dirs -fsSLo /usr/share/jenkins/slave.jar https://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/${VERSION}/remoting-${VERSION}.jar ;\
+ # Install toolchain
+ curl --create-dirs -fsSLo /tmp/gcc-arm-none-eabi-linux.tar.bz2 'https://developer.arm.com/-/media/Files/downloads/gnu-rm/6-2017q2/gcc-arm-none-eabi-6-2017-q2-update-linux.tar.bz2?revision=2cc92fb5-3e0e-402d-9197-bdfc8224d8a5?product=GNU%20Arm%20Embedded%20Toolchain,64-bit,,Linux,6-2017-q2-update' ;\
+ tar -xf /tmp/gcc-arm-none-eabi-linux.tar.bz2 -C /home/buildslave/tools --strip-components=1 ;\
+ # Install CMake
+ curl --create-dirs -fsSLo /tmp/cmake-Linux-x86_64.tar.gz https://cmake.org/files/v3.7/cmake-3.7.2-Linux-x86_64.tar.gz ;\
+ tar -xf /tmp/cmake-Linux-x86_64.tar.gz -C /home/buildslave/tools --strip-components=1 ;\
+ # Fix permissions
+ chmod 0755 /usr/share/jenkins ;\
+ chmod 0644 /usr/share/jenkins/slave.jar ;\
+ chmod 0755 /usr/local/bin/jenkins-slave ;\
+ chown -R buildslave:buildslave /home/buildslave/tools ;\
+ # Cleanup
+ apt clean ;\
+ rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+ENTRYPOINT ["/usr/local/bin/jenkins-slave"]
diff --git a/bionic-amd64-tf-m-build/build.sh b/bionic-amd64-tf-m-build/build.sh
new file mode 100755
index 0000000..34f1765
--- /dev/null
+++ b/bionic-amd64-tf-m-build/build.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+set -e
+
+trap cleanup_exit INT TERM EXIT
+
+cleanup_exit()
+{
+ rm -f *.list *.key
+}
+
+export LANG=C
+
+DISTRIBUTION=$(basename ${PWD} | cut -f1 -d '-')
+ARCHITECTURE=$(basename ${PWD} | cut -f2 -d '-')
+
+image=trustedfirmware/ci-${ARCHITECTURE}-ubuntu:${DISTRIBUTION}
+docker build --pull --tag=$image .
+echo $image > .docker-tag
diff --git a/bionic-amd64-tf-m-build/jenkins-slave b/bionic-amd64-tf-m-build/jenkins-slave
new file mode 100644
index 0000000..4d89307
--- /dev/null
+++ b/bionic-amd64-tf-m-build/jenkins-slave
@@ -0,0 +1,100 @@
+#!/usr/bin/env sh
+
+# The MIT License
+#
+# Copyright (c) 2015, CloudBees, Inc.
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+# Usage jenkins-slave.sh [options] -url http://jenkins [SECRET] [AGENT_NAME]
+# Optional environment variables :
+# * JENKINS_TUNNEL : HOST:PORT for a tunnel to route TCP traffic to jenkins host, when jenkins can't be directly accessed over network
+# * JENKINS_URL : alternate jenkins URL
+# * JENKINS_SECRET : agent secret, if not set as an argument
+# * JENKINS_AGENT_NAME : agent name, if not set as an argument
+# * JENKINS_AGENT_WORKDIR : agent work directory, if not set by optional parameter -workDir
+
+if [ $# -eq 1 ]; then
+
+ # if `docker run` only has one arguments, we assume user is running alternate command like `bash` to inspect the image
+ exec "$@"
+
+else
+
+ # if -tunnel is not provided, try env vars
+ case "$@" in
+ *"-tunnel "*) ;;
+ *)
+ if [ ! -z "$JENKINS_TUNNEL" ]; then
+ TUNNEL="-tunnel $JENKINS_TUNNEL"
+ fi ;;
+ esac
+
+ # if -workDir is not provided, try env vars
+ if [ ! -z "$JENKINS_AGENT_WORKDIR" ]; then
+ case "$@" in
+ *"-workDir"*) echo "Warning: Work directory is defined twice in command-line arguments and the environment variable" ;;
+ *)
+ WORKDIR="-workDir $JENKINS_AGENT_WORKDIR" ;;
+ esac
+ fi
+
+ if [ -n "$JENKINS_URL" ]; then
+ URL="-url $JENKINS_URL"
+ fi
+
+ if [ -n "$JENKINS_NAME" ]; then
+ JENKINS_AGENT_NAME="$JENKINS_NAME"
+ fi
+
+ if [ -z "$JNLP_PROTOCOL_OPTS" ]; then
+ echo "Warning: JnlpProtocol3 is disabled by default, use JNLP_PROTOCOL_OPTS to alter the behavior"
+ JNLP_PROTOCOL_OPTS="-Dorg.jenkinsci.remoting.engine.JnlpProtocol3.disabled=true"
+ fi
+
+ # if java home is defined, use it
+ JAVA_BIN="java"
+ if [ "$JAVA_HOME" ]; then
+ JAVA_BIN="$JAVA_HOME/bin/java"
+ fi
+
+ # if both required options are defined, do not pass the parameters
+ OPT_JENKINS_SECRET=""
+ if [ -n "$JENKINS_SECRET" ]; then
+ case "$@" in
+ *"${JENKINS_SECRET}"*) echo "Warning: SECRET is defined twice in command-line arguments and the environment variable" ;;
+ *)
+ OPT_JENKINS_SECRET="${JENKINS_SECRET}" ;;
+ esac
+ fi
+
+ OPT_JENKINS_AGENT_NAME=""
+ if [ -n "$JENKINS_AGENT_NAME" ]; then
+ case "$@" in
+ *"${JENKINS_AGENT_NAME}"*) echo "Warning: AGENT_NAME is defined twice in command-line arguments and the environment variable" ;;
+ *)
+ OPT_JENKINS_AGENT_NAME="${JENKINS_AGENT_NAME}" ;;
+ esac
+ fi
+
+ #TODO: Handle the case when the command-line and Environment variable contain different values.
+ #It is fine it blows up for now since it should lead to an error anyway.
+
+ exec $JAVA_BIN $JAVA_OPTS $JNLP_PROTOCOL_OPTS -cp /usr/share/jenkins/slave.jar hudson.remoting.jnlp.Main -headless $TUNNEL $URL $WORKDIR $OPT_JENKINS_SECRET $OPT_JENKINS_AGENT_NAME "$@"
+fi
diff --git a/bionic-amd64-tf-m-build/requirements_python2.txt b/bionic-amd64-tf-m-build/requirements_python2.txt
new file mode 100644
index 0000000..4449ba8
--- /dev/null
+++ b/bionic-amd64-tf-m-build/requirements_python2.txt
@@ -0,0 +1 @@
+pygments==2.2.0
diff --git a/bionic-amd64-tf-m-build/requirements_python3.txt b/bionic-amd64-tf-m-build/requirements_python3.txt
new file mode 100644
index 0000000..507db57
--- /dev/null
+++ b/bionic-amd64-tf-m-build/requirements_python3.txt
@@ -0,0 +1,13 @@
+cbor==1.0.0
+cryptography==2.7
+Jinja2==2.10
+MarkupSafe==1.1.0
+PyYAML==3.12
+pycryptodome==3.6.6
+pyasn1==0.1.9
+m2r==0.2.1
+Sphinx==2.0.1
+sphinx-rtd-theme==0.4.3
+sphinxcontrib-plantuml==0.15
+xmltodict==0.12.0
+imgtool==1.6.0