blob: 8f32c8e9115a97cb8458e7daa6c2cd0193e9b949 [file] [log] [blame]
David Brazdil5ecf75f2019-07-21 10:39:47 +02001#!/usr/bin/env bash
2# Copyright 2019 The Hafnium Authors.
3#
Andrew Walbrane959ec12020-06-17 15:01:09 +01004# Use of this source code is governed by a BSD-style
5# license that can be found in the LICENSE file or at
6# https://opensource.org/licenses/BSD-3-Clause.
Andrew Walbran5e71e9b2020-06-17 15:44:49 +01007
David Brazdil5ecf75f2019-07-21 10:39:47 +02008set -euo pipefail
9
David Brazdil4a51d652019-12-20 13:27:54 +000010SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
11ROOT_DIR="$(dirname ${SCRIPT_DIR})"
David Brazdil5ecf75f2019-07-21 10:39:47 +020012
13source "${SCRIPT_DIR}/docker/common.inc"
14
15if [ "${HAFNIUM_HERMETIC_BUILD:-}" == "inside" ]
16then
17 echo "ERROR: Invoked $0 recursively" 1>&2
18 exit 1
19fi
20
21# Set up a temp directory and register a cleanup function on exit.
22TMP_DIR="$(mktemp -d)"
23function cleanup() {
24 rm -rf "${TMP_DIR}"
25}
26trap cleanup EXIT
27
28# Build local image and write its hash to a temporary file.
29IID_FILE="${TMP_DIR}/imgid.txt"
30"${DOCKER}" build \
31 --build-arg LOCAL_UID="$(id -u)" \
32 --build-arg LOCAL_GID="$(id -g)" \
33 --iidfile="${IID_FILE}" \
J-Alves108b0452024-02-03 15:32:59 +000034 -f "${SCRIPT_DIR}/docker/Dockerfile" \
David Brazdil5ecf75f2019-07-21 10:39:47 +020035 "${SCRIPT_DIR}/docker"
36IMAGE_ID="$(cat ${IID_FILE})"
37
David Brazdil5e0484e2019-08-07 15:06:57 +010038# Parse command line arguments
David Brazdil5ecf75f2019-07-21 10:39:47 +020039INTERACTIVE=false
David Brazdil5e0484e2019-08-07 15:06:57 +010040ALLOW_PTRACE=false
Karl Meakin5c78aa42024-11-17 20:07:56 +000041TTY=true
David Brazdil5e0484e2019-08-07 15:06:57 +010042while true
43do
44 case "${1:-}" in
Karl Meakin5c78aa42024-11-17 20:07:56 +000045 --tty)
46 TTY=${2:-}
47 shift; shift
48 ;;
David Brazdil5e0484e2019-08-07 15:06:57 +010049 -i)
50 INTERACTIVE=true
51 shift
52 ;;
53 -p)
54 ALLOW_PTRACE=true
55 shift
56 ;;
57 -*)
58 echo "ERROR: Unknown command line flag: $1" 1>&2
Karl Meakin5c78aa42024-11-17 20:07:56 +000059 echo "Usage: $0 [-i] [-p] [--tty true|false] <command>"
David Brazdil5e0484e2019-08-07 15:06:57 +010060 exit 1
61 ;;
62 *)
63 break
64 ;;
65 esac
66done
David Brazdil5ecf75f2019-07-21 10:39:47 +020067
68ARGS=()
69# Run with a pseduo-TTY for nicer logging.
Karl Meakin5c78aa42024-11-17 20:07:56 +000070ARGS+=(--tty=${TTY})
David Brazdil5ecf75f2019-07-21 10:39:47 +020071# Run interactive if this script was invoked with '-i'.
72if [ "${INTERACTIVE}" == "true" ]
73then
74 ARGS+=(-i)
75fi
David Brazdil5e0484e2019-08-07 15:06:57 +010076# Allow ptrace() syscall if invoked with '-p'.
77if [ "${ALLOW_PTRACE}" == "true" ]
78then
79 echo "WARNING: Docker seccomp profile is disabled!" 1>&2
80 ARGS+=(--cap-add=SYS_PTRACE --security-opt seccomp=unconfined)
81fi
J-Alves16000be2025-06-17 14:12:01 +010082
83if [ -z "${HAFNIUM_FVP-}" ]
84then
85 HAFNIUM_FVP_DIR="${ROOT_DIR}/../fvp"
86else
87 HAFNIUM_FVP_DIR=$(dirname "$HAFNIUM_FVP")
88fi
89
90echo "Using FVP in: ${HAFNIUM_FVP_DIR}"
91
David Brazdil3cc24aa2019-09-27 10:24:41 +010092# Propagate "HAFNIUM_*" environment variables.
93# Note: Cannot use `env | while` because the loop would run inside a child
94# process and would not have any effect on variables in the parent.
95while read -r ENV_LINE
96do
97 VAR_NAME="$(echo ${ENV_LINE} | cut -d= -f1)"
98 case "${VAR_NAME}" in
99 HAFNIUM_HERMETIC_BUILD)
100 # Skip this one. It will be overridden below.
101 ;;
102 HAFNIUM_*)
103 ARGS+=(-e "${ENV_LINE}")
104 ;;
105 esac
106done <<< "$(env)"
David Brazdil5ecf75f2019-07-21 10:39:47 +0200107# Set environment variable informing the build that we are running inside
108# a container.
109ARGS+=(-e HAFNIUM_HERMETIC_BUILD=inside)
Karl Meakin71502682024-11-17 19:04:25 +0000110# Bind-mount the Hafnium root directory and the FVP directory. We mount them at
111# the same absolute location so that all paths match across the host and guest.
David Brazdil5ecf75f2019-07-21 10:39:47 +0200112ARGS+=(-v "${ROOT_DIR}":"${ROOT_DIR}")
J-Alves16000be2025-06-17 14:12:01 +0100113ARGS+=(-v "${HAFNIUM_FVP_DIR}":"${HAFNIUM_FVP_DIR}")
David Brazdil5ecf75f2019-07-21 10:39:47 +0200114# Make all files outside of the Hafnium directory read-only to ensure that all
115# generated files are written there.
116ARGS+=(--read-only)
117# Mount a writable /tmp folder. Required by LLVM/Clang for intermediate files.
118ARGS+=(--tmpfs /tmp)
119# Set working directory.
120ARGS+=(-w "${ROOT_DIR}")
121
122echo "Running in container: $*" 1>&2
123${DOCKER} run \
124 ${ARGS[@]} \
125 "${IMAGE_ID}" \
David Brazdil4a51d652019-12-20 13:27:54 +0000126 /bin/bash -c "$*"