TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / ci / dockerfiles / b720c80d82229d11d82219e9f6f2c1b79e1f5d9f / . / noble-amd64-hafnium / Dockerfile
blob: 18c7e810569b61fa1087e032606882628c79995e [file] [log] [blame]
J-Alvesf826dd02025-05-28 10:55:22 +0100[diff] [blame]1FROM ubuntu:noble
2
3ENV DEBIAN_FRONTEND=noninteractive
4ENV TOOLS_DIR=/home/buildslave/tools
5ENV PATH=${TOOLS_DIR}/bin:${PATH}
6ENV PKG_DEPS="\
7 bc \
8 bison \
9 build-essential \
10 cpio \
11 curl \
12 cmake \
Saheer Babub720c802025-07-23 09:01:16 +0100[diff] [blame^]13 openjdk-17-jdk \
J-Alvesf826dd02025-05-28 10:55:22 +0100[diff] [blame]14 flex \
15 git \
16 libglib2.0-0 \
17 libpixman-1-0 \
18 libsdl2-2.0-0 \
19 libssl-dev \
20 openssh-server \
21 python3 \
22 python3-serial \
23 python3-venv \
24 strace \
25 sudo \
26 wget \
27 device-tree-compiler \
28 ninja-build \
Jayanth Dodderi Chidanand8c910a12025-06-24 16:46:44 +0100[diff] [blame]29 libncurses6 \
30 netcat-openbsd \
31 telnet"
J-Alvesf826dd02025-05-28 10:55:22 +0100[diff] [blame]32
33# Can be overriden at build time
34ARG BUILDSLAVE_PASSWORD=buildslave
35
36COPY requirements_*.txt /opt/
37COPY tf-*.install /tmp/
38COPY setup-sshd /usr/sbin/setup-sshd
39
40RUN set -ex ;\
41 apt update -q=2 ;\
42 apt install -q=2 --yes --no-install-recommends ${PKG_DEPS} ;
43
J-Alvesf826dd02025-05-28 10:55:22 +0100[diff] [blame]44# Install Clang and LLVM.
45# Use the packages from LLVM's repository rather than the default Ubuntu
46# repository so we can control the exact version.
47ENV LLVM_VERSION=20
48RUN mkdir -p /etc/apt/keyrings
49RUN wget https://apt.llvm.org/llvm-snapshot.gpg.key -O /etc/apt/keyrings/llvm-snapshot.key
50RUN echo "deb [signed-by=/etc/apt/keyrings/llvm-snapshot.key] http://apt.llvm.org/noble/ llvm-toolchain-noble-$LLVM_VERSION main" > /etc/apt/sources.list.d/llvm.list
51RUN echo "deb-src [signed-by=/etc/apt/keyrings/llvm-snapshot.key] http://apt.llvm.org/noble/ llvm-toolchain-noble-$LLVM_VERSION main" >> /etc/apt/sources.list.d/llvm.list
52RUN apt-get update
53RUN apt-get install -y \
54 clang-$LLVM_VERSION \
55 clangd-$LLVM_VERSION \
56 clang-tidy-$LLVM_VERSION \
57 clang-format-$LLVM_VERSION \
58 llvm-$LLVM_VERSION \
59 lld-$LLVM_VERSION \
60 libc++-$LLVM_VERSION-dev
61
62# LLVM binaries are present in `/usr/bin` as `clang-20`, `clang-tidy-20`, etc.
63# But we want them to be available as `clang`, `clang-tidy`, etc.
64# So we create symlinks for them.
65RUN for f in /usr/lib/llvm-$LLVM_VERSION/bin/*; do ln -s "$f" /usr/local/bin; done
66
67# Clear APT cache to save space.
68RUN rm -rf /var/lib/apt/lists/*
69
J-Alvesbd39dcd2025-06-11 12:31:25 +0100[diff] [blame]70# Preparing for the python3 dependencies in a venv.
71# Adding the bin folder to path, so the respective pip
72# tool is used.
73RUN python3 -m venv /opt/venv
74ENV PATH=/opt/venv/bin:${PATH}
75
76RUN set -ex ;\
77 # Install Python requirements
78 pip3 install --no-cache-dir -r /opt/requirements_python3.txt ;\
79 # Setup buildslave user for Jenkins
80 useradd -m -s /bin/bash buildslave ;\
81 echo "buildslave:$BUILDSLAVE_PASSWORD" | chpasswd ;\
82 echo 'buildslave ALL = NOPASSWD: ALL' > /etc/sudoers.d/jenkins ;\
83 chmod 0440 /etc/sudoers.d/jenkins ;\
84 mkdir -p /var/run/sshd ${TOOLS_DIR} ;\
85 # Install Arm GCC toolchain (aarch64-none-elf)
86 curl --connect-timeout 5 --retry 8 --retry-delay 2 --create-dirs -fsSLo /tmp/gcc-arm-x86_64-aarch64-none-elf.tar.xz \
87 https://developer.arm.com/-/media/Files/downloads/gnu/11.2-2022.02/binrel/gcc-arm-11.2-2022.02-x86_64-aarch64-none-elf.tar.xz ;\
88 tar -Jxf /tmp/gcc-arm-x86_64-aarch64-none-elf.tar.xz -C ${TOOLS_DIR} --strip-components=1 ;\
89 # Setup environment for sshd
90 bash -ex /tmp/tf-environment.install ;\
91 # Fix permissions
92 chown -R buildslave:buildslave ${TOOLS_DIR} ;
93
J-Alvesf826dd02025-05-28 10:55:22 +0100[diff] [blame]94EXPOSE 22
95ENTRYPOINT ["/usr/sbin/setup-sshd"]