TF-M: revert to use semicolon separator in the RUN command
revert https://review.trustedfirmware.org/c/ci/dockerfiles/+/6672
It was working as expected, as long as we keep "set -e" in the RUN
command.
Split toolchains and binaries install into a shell script. it's easier to
read and maintain a shell script than bundle it into a Dockerfile.
Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Change-Id: Ib0d0dfd26c7ef3602547113a5172c1021c9e3ac2
diff --git a/bionic-amd64-tf-m-build/Dockerfile b/bionic-amd64-tf-m-build/Dockerfile
index 9223a4f..e51ceec 100644
--- a/bionic-amd64-tf-m-build/Dockerfile
+++ b/bionic-amd64-tf-m-build/Dockerfile
@@ -1,10 +1,9 @@
FROM ubuntu:bionic
-ARG TOOLS_DIR=/home/buildslave/tools
-
ENV ARMLMD_LICENSE_FILE=27000@ci.trustedfirmware.org
ENV DEBIAN_FRONTEND=noninteractive
-ENV PATH=$TOOLS_DIR/bin:${PATH}
+ENV TOOLS_DIR=/home/buildslave/tools
+ENV PATH=${TOOLS_DIR}/bin:${PATH}
ENV PLANTUML_JAR_PATH=/usr/share/plantuml/plantuml.jar
ENV PKG_DEPS="\
bison \
@@ -48,73 +47,37 @@
ARG BUILDSLAVE_PASSWORD=buildslave
COPY requirements_*.txt /opt/
+COPY tf-*.install /tmp/
COPY setup-sshd /usr/sbin/setup-sshd
-RUN set -e \
- && apt update -q=2 \
- && apt dist-upgrade -q=2 --yes \
- && apt install -q=2 --yes --no-install-recommends ${PKG_DEPS} \
- && curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash \
- && apt update -q=2 \
- && apt install -q=2 --yes --no-install-recommends git-lfs \
- && curl -s https://bootstrap.pypa.io/get-pip.py -o /tmp/get-pip.py \
- && python2 /tmp/get-pip.py \
- && pip2 install --no-cache-dir -r /opt/requirements_python2.txt \
- && python3 /tmp/get-pip.py \
- && pip3 install --no-cache-dir -r /opt/requirements_python3.txt \
- && ln -s -f /usr/bin/python3 /usr/bin/python \
- && useradd -m -s /bin/bash buildslave \
- && echo "buildslave:$BUILDSLAVE_PASSWORD" | chpasswd \
- && echo 'buildslave ALL = NOPASSWD: ALL' > /etc/sudoers.d/jenkins \
- && chmod 0440 /etc/sudoers.d/jenkins \
- && mkdir -p /var/run/sshd /home/buildslave/tools \
- && wget -q http://github.com/danmar/cppcheck/releases/download/1.81/cppcheck-1.81.tar.gz -O /tmp/cppcheck.tar.gz \
- && tar -xf /tmp/cppcheck.tar.gz -C /opt \
- && (cd /opt/cppcheck-*; make CFGDIR=/opt/cppcheck-1.81/cfg; make install; make clean) \
- && curl --create-dirs -fsSLo ${PLANTUML_JAR_PATH} https://repo1.maven.org/maven2/net/sourceforge/plantuml/plantuml/1.2019.6/plantuml-1.2019.6.jar \
- && curl --create-dirs -fsSLo /tmp/cmake-Linux-x86_64.tar.gz https://cmake.org/files/v3.15/cmake-3.15.0-Linux-x86_64.tar.gz \
- && tar -xf /tmp/cmake-Linux-x86_64.tar.gz -C /home/buildslave/tools --strip-components=1 \
- && chown -R buildslave:buildslave /home/buildslave/tools /usr/share/plantuml \
- && apt clean \
- && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
-
-## Latest toolchains, available in $PATH. There can be newer versions of toolchains at
-## upstream projects but these are latest for the docker image
-
-### Install GNU toolchain (arm-none-eabi)
-ARG GNU_GCC_ARM_VERSION="7-2018-q2-update"
-ARG GNU_GCC_ARM_TAR="gcc-arm-none-eabi-${GNU_GCC_ARM_VERSION}-linux.tar.bz2"
-ARG GNU_GCC_ARM_URL='https://developer.arm.com/-/media/Files/downloads/gnu-rm/7-2018q2/gcc-arm-none-eabi-7-2018-q2-update-linux.tar.bz2\
-?revision=bc2c96c0-14b5-4bb4-9f18-bceb4050fee7?product=GNU%20Arm%20Embedded%20Toolchain%20Downloads,64-bit,,Linux,7-2018-q2-update'
-
-RUN curl --create-dirs -fsSLo /tmp/${GNU_GCC_ARM_TAR} ${GNU_GCC_ARM_URL} \
- && tar -xf /tmp/${GNU_GCC_ARM_TAR} -C ${TOOLS_DIR} --strip-components=1 \
- && rm /tmp/${GNU_GCC_ARM_TAR}
-
-### Install GNU toolchain (aarch64-none-elf)
-ARG GNU_GCC_AARCH64_VERSION="9.2-2019.12"
-ARG GNU_GCC_AARCH64_TAR="gcc-arm-${GNU_GCC_AARCH64_VERSION}-x86_64-aarch64-none-elf.tar.xz"
-ARG GNU_GCC_AARCH64_URL="https://developer.arm.com/-/media/Files/downloads/gnu-a/$GNU_GCC_AARCH64_VERSION/binrel/${GNU_GCC_AARCH64_TAR}"
-
-RUN curl --create-dirs -fsSLo /tmp/${GNU_GCC_AARCH64_TAR} ${GNU_GCC_AARCH64_URL} \
- && tar -Jxf /tmp/${GNU_GCC_AARCH64_TAR} -C ${TOOLS_DIR} --strip-components=1 \
- && rm /tmp/${GNU_GCC_AARCH64_TAR}
-
-### Install Arm Clang (armclang)
-ARG ARM_CLANG_VERSION="6.13"
-ARG ARM_CLANG_TAR="DS500-BN-00026-r5p0-15rel0.tgz"
-ARG ARM_CLANG_URL="https://developer.arm.com/-/media/Files/downloads/compiler/DS500-BN-00026-r5p0-15rel0.tgz\
-?revision=6a961cf7-1d9a-4664-900b-11d20552dbc7?product=Download%20Arm%20Compiler,64-bit,,Linux,6.13"
-ARG ARM_CLANG_INSTALL_DIR="${TOOLS_DIR}/armclang"
-
-RUN curl --create-dirs -fsSLo /tmp/${ARM_CLANG_TAR} ${ARM_CLANG_URL} \
- && mkdir -p ${ARM_CLANG_INSTALL_DIR} \
- && tar -xzf /tmp/${ARM_CLANG_TAR} -C ${ARM_CLANG_INSTALL_DIR} \
- && ${ARM_CLANG_INSTALL_DIR}/install_x86_64.sh \
- --no-interactive \
- --i-agree-to-the-contained-eula \
- -d ${TOOLS_DIR} \
- && rm -rf ${ARM_CLANG_INSTALL_DIR} /tmp/${ARM_CLANG_TAR}
+RUN set -e ;\
+ apt update -q=2 ;\
+ apt dist-upgrade -q=2 --yes ;\
+ apt install -q=2 --yes --no-install-recommends ${PKG_DEPS} ;\
+ curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash ;\
+ apt update -q=2 ;\
+ apt install -q=2 --yes --no-install-recommends git-lfs ;\
+ # Install Python requirements
+ curl -s https://bootstrap.pypa.io/get-pip.py -o /tmp/get-pip.py ;\
+ python2 /tmp/get-pip.py ;\
+ pip2 install --no-cache-dir -r /opt/requirements_python2.txt ;\
+ python3 /tmp/get-pip.py ;\
+ pip3 install --no-cache-dir -r /opt/requirements_python3.txt ;\
+ # Set Python 3 as default
+ ln -s -f /usr/bin/python3 /usr/bin/python ;\
+ # Setup buildslave user for Jenkins
+ useradd -m -s /bin/bash buildslave ;\
+ echo "buildslave:$BUILDSLAVE_PASSWORD" | chpasswd ;\
+ echo 'buildslave ALL = NOPASSWD: ALL' > /etc/sudoers.d/jenkins ;\
+ chmod 0440 /etc/sudoers.d/jenkins ;\
+ mkdir -p /var/run/sshd ${TOOLS_DIR} ;\
+ # Run shell script(s) to install files, toolchains, etc...
+ bash -ex /tmp/tf-dependencies.install ;\
+ # Fix permissions
+ chown -R buildslave:buildslave ${TOOLS_DIR} /usr/share/plantuml ;\
+ # Cleanup
+ apt clean ;\
+ rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
EXPOSE 22
ENTRYPOINT ["/usr/sbin/setup-sshd"]
diff --git a/bionic-amd64-tf-m-build/tf-dependencies.install b/bionic-amd64-tf-m-build/tf-dependencies.install
new file mode 100755
index 0000000..18a031c
--- /dev/null
+++ b/bionic-amd64-tf-m-build/tf-dependencies.install
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+set -e
+
+# Install cppcheck
+wget -q http://github.com/danmar/cppcheck/releases/download/1.81/cppcheck-1.81.tar.gz -O /tmp/cppcheck.tar.gz
+tar -xf /tmp/cppcheck.tar.gz -C /opt
+(cd /opt/cppcheck-*; make CFGDIR=/opt/cppcheck-1.81/cfg; make install; make clean)
+
+# Install PlantUML
+curl --create-dirs -fsSLo ${PLANTUML_JAR_PATH} \
+https://repo1.maven.org/maven2/net/sourceforge/plantuml/plantuml/1.2019.6/plantuml-1.2019.6.jar
+
+# Install CMake
+curl --create-dirs -fsSLo /tmp/cmake-Linux-x86_64.tar.gz \
+https://cmake.org/files/v3.15/cmake-3.15.0-Linux-x86_64.tar.gz
+tar -xf /tmp/cmake-Linux-x86_64.tar.gz -C ${TOOLS_DIR} --strip-components=1
+
+# Install Arm GCC toolchain (arm-none-eabi)
+curl --create-dirs -fsSLo /tmp/gcc-arm-x86_64-arm-none-eabi.tar.bz2 \
+https://developer.arm.com/-/media/Files/downloads/gnu-rm/7-2018q2/gcc-arm-none-eabi-7-2018-q2-update-linux.tar.bz2?revision=bc2c96c0-14b5-4bb4-9f18-bceb4050fee7?product=GNU%20Arm%20Embedded%20Toolchain%20Downloads,64-bit,,Linux,7-2018-q2-update
+tar -xf /tmp/gcc-arm-x86_64-arm-none-eabi.tar.bz2 -C ${TOOLS_DIR} --strip-components=1
+
+# Install Arm GCC toolchain (aarch64-none-elf)
+curl --create-dirs -fsSLo /tmp/gcc-arm-x86_64-aarch64-none-elf.tar.xz \
+https://developer.arm.com/-/media/Files/downloads/gnu-a/9.2-2019.12/binrel/gcc-arm-9.2-2019.12-x86_64-aarch64-none-elf.tar.xz
+tar -Jxf /tmp/gcc-arm-x86_64-aarch64-none-elf.tar.xz -C ${TOOLS_DIR} --strip-components=1
+
+# Install Arm Clang (armclang)
+mkdir -p /tmp/armclang
+curl --create-dirs -fsSLo /tmp/DS500-BN-00026-r5p0-15rel0.tgz \
+https://developer.arm.com/-/media/Files/downloads/compiler/DS500-BN-00026-r5p0-15rel0.tgz?revision=6a961cf7-1d9a-4664-900b-11d20552dbc7?product=Download%20Arm%20Compiler,64-bit,,Linux,6.13
+tar -xf /tmp/DS500-BN-00026-r5p0-15rel0.tgz -C /tmp/armclang
+/tmp/armclang/install_x86_64.sh --no-interactive --i-agree-to-the-contained-eula -d ${TOOLS_DIR}