jammy-amd64-tf-a-build-lts2.14: Image for TF-A LTS 2.14
All files are based on jammy-amd64-tf-a-build
with "PROJECT=tf-a-lts2.14" in build.sh.
Change-Id: I789c80e5960049d548d12cc4d411bf5d64346723
Signed-off-by: Arthur She <arthur.she@linaro.org>
diff --git a/jammy-amd64-tf-a-build-lts2.14/Dockerfile b/jammy-amd64-tf-a-build-lts2.14/Dockerfile
new file mode 100644
index 0000000..0711764
--- /dev/null
+++ b/jammy-amd64-tf-a-build-lts2.14/Dockerfile
@@ -0,0 +1,140 @@
+FROM ubuntu:jammy
+
+# Environment variables used by CI scripts
+ENV DEBIAN_FRONTEND=noninteractive
+ENV TOOLS_DIR=/home/buildslave/tools
+ENV RUSTUP_HOME=/usr/local/rustup
+ENV CARGO_HOME=/usr/local/cargo
+ENV PATH=${RUSTUP_HOME}/bin:${CARGO_HOME}/bin:${TOOLS_DIR}/bin:${PATH}
+ENV PLANTUML_JAR_PATH=/usr/share/plantuml/plantuml.jar
+ENV PKG_DEPS="\
+ bc \
+ bison \
+ build-essential \
+ llvm \
+ clang-tools \
+ cpio \
+ curl \
+ openjdk-17-jre \
+ device-tree-compiler \
+ doxygen \
+ expect \
+ exuberant-ctags \
+ file \
+ flex \
+ fpart \
+ g++-multilib \
+ gcc-multilib \
+ gdisk \
+ git \
+ gnuplot \
+ golang-go \
+ graphviz \
+ jq \
+ ninja-build \
+ gn \
+ device-tree-compiler \
+ lcov \
+ libffi-dev \
+ libyaml-dev \
+ libxml-libxml-perl \
+ lld \
+ locales \
+ openjdk-17-jre-headless \
+ openssh-server \
+ perl \
+ python3 \
+ python3-pycryptodome \
+ python3-dev \
+ python3-git \
+ python3-psutil \
+ python3-pyasn1 \
+ python3-venv \
+ python2.7 \
+ qemu-system-arm \
+ srecord \
+ sudo \
+ tree \
+ unzip \
+ util-linux \
+ uuid-runtime \
+ virtualenv \
+ wget \
+ zip \
+ libncurses5 \
+"
+
+# Can be overriden at build time
+ARG BUILDSLAVE_PASSWORD=buildslave
+
+COPY requirements_*.txt /opt/
+COPY tf-*.install /tmp/
+COPY setup-sshd /usr/sbin/setup-sshd
+
+# Copy armclang toolchains
+COPY ARMCompiler*.tar.gz /tmp/
+
+RUN set -ex ;\
+ echo 'locales locales/locales_to_be_generated multiselect C.UTF-8 UTF-8, en_US.UTF-8 UTF-8 ' | debconf-set-selections ;\
+ echo 'locales locales/default_environment_locale select en_US.UTF-8' | debconf-set-selections ;\
+ # Set Python 3 as default
+ ln -s -f /usr/bin/python3 /usr/bin/python ;\
+ # Set symlink for python2 if not present
+ [ -L /usr/bin/python2 ] || ln -s /usr/bin/python2.7 /usr/bin/python2;\
+ apt update -q=2 ;\
+ apt dist-upgrade -q=2 --yes ;\
+ apt install -q=2 --yes --no-install-recommends ${PKG_DEPS} ;\
+ curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash ;\
+ apt update -q=2 ;\
+ apt install -q=2 --yes --no-install-recommends git-lfs ;\
+ # Install Python requirements
+ curl -s https://bootstrap.pypa.io/pip/3.5/get-pip.py -o /tmp/get-pip.py ;\
+ python2 /tmp/get-pip.py ;\
+ pip2 install --no-cache-dir -r /opt/requirements_python2.txt ;\
+ python3 /tmp/get-pip.py ;\
+ pip3 install --no-cache-dir -r /opt/requirements_python3.txt ;\
+ # Setup buildslave user for Jenkins
+ useradd -m -s /bin/bash buildslave ;\
+ echo "buildslave:$BUILDSLAVE_PASSWORD" | chpasswd ;\
+ echo 'buildslave ALL = NOPASSWD: ALL' > /etc/sudoers.d/jenkins ;\
+ chmod 0440 /etc/sudoers.d/jenkins ;\
+ # FIXME: add /arm as a temporary workaround until ARM CI moves to Open CI paths
+ mkdir -p /var/run/sshd ${TOOLS_DIR} /arm ;\
+ # Run shell script(s) to install files, toolchains, etc...
+ bash -ex /tmp/tf-dependencies.install ;\
+ bash -ex /tmp/tf-environment.install ;\
+ # Fix permissions
+ chown -R buildslave:buildslave ${TOOLS_DIR} /usr/share/plantuml /nfs/downloads/linaro /arm ;\
+ # Cleanup
+ apt clean ;\
+ rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+# Install fixed Rust version and a nightly toolchain, along with stdlib sources for nightly features
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | \
+ sh -s -- --default-toolchain 1.88.0 -y && \
+ rustup install nightly && \
+ rustup component add rust-src --toolchain nightly-x86_64-unknown-linux-gnu
+
+# Install required cargo packages
+RUN set -ex ;\
+ cargo install --locked 'tokei@12.1.*' ;\
+ cargo install --locked cargo-binutils ;\
+ cargo install --locked cargo-vet ;\
+ rustup target add aarch64-unknown-none-softfloat ;\
+ rustup component add llvm-tools rustfmt
+
+ENV NVM_DIR="/home/buildslave/.nvm"
+ENV BASH_ENV="${NVM_DIR}/nvm.sh"
+
+RUN echo "BASH_ENV=${BASH_ENV}" >> /etc/environment
+RUN echo "NVM_DIR=${NVM_DIR}" >> /etc/environment
+
+USER buildslave
+
+RUN curl -s "https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.1/install.sh" | bash
+RUN bash -c "nvm install 14"
+
+USER root
+
+EXPOSE 22
+ENTRYPOINT ["/usr/sbin/setup-sshd"]
diff --git a/jammy-amd64-tf-a-build-lts2.14/build.sh b/jammy-amd64-tf-a-build-lts2.14/build.sh
new file mode 100755
index 0000000..2324653
--- /dev/null
+++ b/jammy-amd64-tf-a-build-lts2.14/build.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+set -e
+
+trap cleanup_exit INT TERM EXIT
+
+cleanup_exit()
+{
+ rm -f *.list *.key
+}
+
+export LANG=C
+
+DISTRIBUTION=$(basename ${PWD} | cut -f1 -d '-')
+ARCHITECTURE=$(basename ${PWD} | cut -f2 -d '-')
+PROJECT=tf-a-lts2.14
+
+cp -a ../setup-sshd .
+
+# Copy armclang toolchains required for the build (previously fetched
+# from s3://trustedfirmware-private/armclang/ by build harness).
+cp ../ARMCompiler6.23_standalone_linux-x86_64.tar.gz .
+
+image=trustedfirmware/ci-${ARCHITECTURE}-${PROJECT}-ubuntu:${DISTRIBUTION}${DOCKER_SUFFIX}
+docker build --pull --no-cache --tag=$image .
+echo $image > .docker-tag
diff --git a/jammy-amd64-tf-a-build-lts2.14/requirements_python2.txt b/jammy-amd64-tf-a-build-lts2.14/requirements_python2.txt
new file mode 100644
index 0000000..a34ca8a
--- /dev/null
+++ b/jammy-amd64-tf-a-build-lts2.14/requirements_python2.txt
@@ -0,0 +1,2 @@
+pygments==2.2.0
+psutil
diff --git a/jammy-amd64-tf-a-build-lts2.14/requirements_python3.txt b/jammy-amd64-tf-a-build-lts2.14/requirements_python3.txt
new file mode 100644
index 0000000..2498663
--- /dev/null
+++ b/jammy-amd64-tf-a-build-lts2.14/requirements_python3.txt
@@ -0,0 +1,19 @@
+MarkupSafe==2.1.2
+PyYAML==6.0
+Sphinx==5.3.0
+cbor==1.0.0
+configobj==5.0.6
+cryptography==2.7
+docker==4.3.1
+imgtool==1.6.0
+lavacli==1.5.2
+m2r==0.2.1
+poetry==1.3.2
+pyasn1==0.1.9
+pycryptodome==3.6.6
+sphinx-rtd-theme==1.2.0
+sphinxcontrib-plantuml==0.24.1
+tuxsuite==1.37.1
+unidiff>=0.7.4
+xmltodict==0.12.0
+git+https://git.trustedfirmware.org/TS/trusted-services.git@topics/c-picker
diff --git a/jammy-amd64-tf-a-build-lts2.14/tf-dependencies.install b/jammy-amd64-tf-a-build-lts2.14/tf-dependencies.install
new file mode 100755
index 0000000..2f7f00b
--- /dev/null
+++ b/jammy-amd64-tf-a-build-lts2.14/tf-dependencies.install
@@ -0,0 +1,83 @@
+#!/bin/sh
+
+set -ex
+
+# Install cppcheck
+wget -q https://github.com/danmar/cppcheck/archive/refs/tags/2.7.tar.gz -O /tmp/cppcheck.tar.gz
+tar -xf /tmp/cppcheck.tar.gz -C /opt
+(cd /opt/cppcheck-*; make FILESDIR=/opt/cppcheck-2.7/cfg; make FILESDIR=/opt/cppcheck-2.7/cfg install; make clean)
+
+# Install PlantUML
+curl --connect-timeout 5 --retry 5 --create-dirs -fsSLo ${PLANTUML_JAR_PATH} \
+ https://repo1.maven.org/maven2/net/sourceforge/plantuml/plantuml/1.2019.6/plantuml-1.2019.6.jar
+cat << EOF > /usr/bin/plantuml
+#!/bin/sh
+/usr/bin/java -jar ${PLANTUML_JAR_PATH} \${@}
+EOF
+chmod 0755 /usr/bin/plantuml
+
+# Install CMake
+curl --connect-timeout 5 --retry 5 --create-dirs -fsSLo /tmp/cmake-Linux-x86_64.tar.gz \
+ https://github.com/Kitware/CMake/releases/download/v3.20.0/cmake-3.20.0-Linux-x86_64.tar.gz
+tar -xf /tmp/cmake-Linux-x86_64.tar.gz -C ${TOOLS_DIR} --strip-components=1
+
+# Install Arm GCC toolchain (arm-none-eabi GNU-A)
+curl --connect-timeout 15 --retry 5 --create-dirs -fsSLo /tmp/gcc-arm-x86_64-arm-none-eabi.tar.xz \
+ https://developer.arm.com/-/media/Files/downloads/gnu/14.3.Rel1/binrel/arm-gnu-toolchain-14.3.rel1-x86_64-arm-none-eabi.tar.xz
+tar -Jxf /tmp/gcc-arm-x86_64-arm-none-eabi.tar.xz -C ${TOOLS_DIR} --strip-components=1
+
+# Install Arm GCC toolchain (arm-none-eabi GNU-RM)
+curl --connect-timeout 15 --retry 5 --create-dirs -fsSLo /tmp/gcc-arm-x86_64-arm-none-eabi.tar.bz2 \
+ https://developer.arm.com/-/media/Files/downloads/gnu-rm/10-2020q4/gcc-arm-none-eabi-10-2020-q4-major-x86_64-linux.tar.bz2
+mkdir -p ${TOOLS_DIR}/gnu-rm
+tar xjf /tmp/gcc-arm-x86_64-arm-none-eabi.tar.bz2 -C ${TOOLS_DIR}/gnu-rm --strip-components=1
+
+# Install Arm GCC toolchain (aarch64-none-elf)
+curl --connect-timeout 15 --retry 5 --create-dirs -fsSLo /tmp/gcc-arm-x86_64-aarch64-none-elf.tar.xz \
+ https://developer.arm.com/-/media/Files/downloads/gnu/14.3.Rel1/binrel/arm-gnu-toolchain-14.3.rel1-x86_64-aarch64-none-elf.tar.xz
+tar -Jxf /tmp/gcc-arm-x86_64-aarch64-none-elf.tar.xz -C ${TOOLS_DIR} --strip-components=1
+
+# Install Linaro GCC 6.2.1 toolchain (aarch64-none-elf), which is required by some platforms, i.e. marvell
+# NOTE: Toolchain is not available through PATH so to use it, CROSS_COMPILE should point to
+# CROSS_COMPILE=${TOOLS_DIR}/gcc-linaro-6.2.1-2016.11-x86_64_aarch64-linux-gnu/bin/aarch64-linux-gnu-
+curl --connect-timeout 5 --retry 5 --create-dirs -fsSLo /tmp/gcc-linaro-x86_64_aarch64-linux-gnu.tar.xz \
+ https://releases.linaro.org/components/toolchain/binaries/6.2-2016.11/aarch64-linux-gnu/gcc-linaro-6.2.1-2016.11-x86_64_aarch64-linux-gnu.tar.xz
+tar -Jxf /tmp/gcc-linaro-x86_64_aarch64-linux-gnu.tar.xz -C ${TOOLS_DIR}
+
+# Install LLVM Clang toolchain (clang)
+curl --connect-timeout 5 --retry 5 --create-dirs -fsSLo /tmp/clang+llvm-18.1.8-x86_64-linux-gnu-ubuntu-18.04.tar.xz \
+ https://github.com/llvm/llvm-project/releases/download/llvmorg-18.1.8/clang+llvm-18.1.8-x86_64-linux-gnu-ubuntu-18.04.tar.xz
+tar -xf /tmp/clang+llvm-18.1.8-x86_64-linux-gnu-ubuntu-18.04.tar.xz -C ${TOOLS_DIR} --strip-components=1
+
+# Install Arm Clang 6.23 toolchain (armclang)
+mkdir -p /tmp/armclang-6.23
+tar -xf /tmp/ARMCompiler6.23_standalone_linux-x86_64.tar.gz -C /tmp/armclang-6.23
+/tmp/armclang-6.23/install_x86_64.sh --no-interactive --i-agree-to-the-contained-eula -d ${TOOLS_DIR}/armclang-6.23
+
+# Install the CUE data constraint language
+go install cuelang.org/go/cmd/cue@v0.5.0
+
+# Additional binaries required
+mkdir -p nfs/downloads/linaro/20.01
+cd nfs/downloads/linaro/20.01
+wget -q -c -m -A .zip -np -nd https://releases.linaro.org/members/arm/platforms/20.01/
+rm -f fvp*-android-*.zip sg*.zip
+for file in *.zip; do
+ unzip -q ${file} -d $(basename ${file} .zip)
+done
+rm -f *.zip
+
+# Install OpenSSL 3.0
+OPENSSL_VER="3.0.7"
+OPENSSL_DIRNAME="openssl-${OPENSSL_VER}"
+OPENSSL_FILENAME="openssl-${OPENSSL_VER}"
+OPENSSL_CHECKSUM="83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e"
+curl --connect-timeout 5 --retry 5 --create-dirs -fsSLo /tmp/${OPENSSL_FILENAME}.tar.gz \
+ https://www.openssl.org/source/${OPENSSL_FILENAME}.tar.gz
+echo "${OPENSSL_CHECKSUM} /tmp/${OPENSSL_FILENAME}.tar.gz" | sha256sum -c
+mkdir -p ${TOOLS_DIR}/${OPENSSL_DIRNAME} && tar -xzf /tmp/${OPENSSL_FILENAME}.tar.gz -C ${TOOLS_DIR}/${OPENSSL_DIRNAME} --strip-components=1
+cd ${TOOLS_DIR}/${OPENSSL_DIRNAME}
+./Configure --libdir=lib --prefix=/usr --api=1.0.1
+cd ${TOOLS_DIR}
+make -C ${TOOLS_DIR}/${OPENSSL_DIRNAME}
+make -C ${TOOLS_DIR}/${OPENSSL_DIRNAME} install
diff --git a/jammy-amd64-tf-a-build-lts2.14/tf-environment.install b/jammy-amd64-tf-a-build-lts2.14/tf-environment.install
new file mode 100755
index 0000000..2d5da81
--- /dev/null
+++ b/jammy-amd64-tf-a-build-lts2.14/tf-environment.install
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+set -e
+
+env | grep PLANTUML_JAR_PATH >> /etc/environment
+env | grep TOOLS_DIR >> /etc/environment
+env | grep PATH >> /etc/environment