From patchwork Tue Mar 9 10:52:35 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Silvano Cirujano Cuesta X-Patchwork-Id: 350 Return-Path: Delivered-To: ilbers.mnt@gmail.com Received: by 2002:a4a:c583:0:0:0:0:0 with SMTP id x3csp2942385oop; Tue, 9 Mar 2021 12:52:43 -0800 (PST) X-Received: by 2002:adf:e7c2:: with SMTP id e2mr31845177wrn.338.1615323163150; Tue, 09 Mar 2021 12:52:43 -0800 (PST) ARC-Seal: i=3; a=rsa-sha256; t=1615323163; cv=pass; d=google.com; s=arc-20160816; b=q/C5utAj524Z2sQtxefu4UPCM+ulZMW1TX0NbfYCOg49QUM2K8tUFFHVY+njsJuwCo CtL3e9aEnPTPNa0RFd0gyWYWX8hECVd43gjosf/+pIotYUIIxZrKwOz/rv11oYdmmtu3 dWmi7/NWLcA5xE4BmF6VeNje8643WITiKTGsySSSmBnPK44zQfRk6CQexzpFgPpWBY/W xTZvlXVB7yD6sqdtIuiFqna9M+rr1SxmglD5fZRFREdEAQLAmq1wTGamxX/7MSnZv3nJ PTiOaGGUIxD5j4vxyRDpcxL22q0onfT4PV9YBZ8CnrCt5GJNwmJ3Q5tRAFA/Q7JWXyNt kYnw== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:to:from:sender:dkim-signature; bh=e1ZybnuhG9bcHjLiCdCRv7P1sXl5ivhrk44j94Wl/FM=; b=Pi3V6yeAwhIbHAJcddGHApyz3T1w7k/Eql7oUitzC9DPAIjjjD/s+9YgjqIsLPrJX/ uB/dSEWzhANxBiyqmVxC6uZDi/J0C7UQNY6y9NTle7thzwy1t4nulpCL8ChaNXBAa5IJ dQoQN2vpVJGCaL5zf0m7cgcabBFn5RRbgexQW1rlk6bM2USDOrZniY25FUXty4Z2tq8z /f0va9fz2H+NQM8+hbjousR5E+B8zvYI6USC6H0IxaFMbsDoYHIavm4Jv+HBpmx2Axaz fwwZTvx+E2pVDPBoYqRhPuk8Of+2nj+M3eNb04lCGi6kt+YLcTRDAO71+JfWCmQjiAfn jUaQ== ARC-Authentication-Results: i=3; mx.google.com; dkim=pass header.i=@googlegroups.com header.s=20161025 header.b=ZiVzXo2d; arc=pass (i=2 spf=pass spfdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of isar-users+bncbcd6jj6cqqfrbgwat6bamgqejzhn5da@googlegroups.com designates 209.85.220.55 as permitted sender) smtp.mailfrom=isar-users+bncBCD6JJ6CQQFRBGWAT6BAMGQEJZHN5DA@googlegroups.com; dmarc=fail (p=NONE sp=NONE dis=NONE arc=pass) header.from=siemens.com Received: from mail-sor-f55.google.com (mail-sor-f55.google.com. [209.85.220.55]) by mx.google.com with SMTPS id w2sor7583847wre.35.2021.03.09.12.52.42 (Google Transport Security); Tue, 09 Mar 2021 12:52:43 -0800 (PST) Received-SPF: pass (google.com: domain of isar-users+bncbcd6jj6cqqfrbgwat6bamgqejzhn5da@googlegroups.com designates 209.85.220.55 as permitted sender) client-ip=209.85.220.55; Authentication-Results: mx.google.com; dkim=pass header.i=@googlegroups.com header.s=20161025 header.b=ZiVzXo2d; arc=pass (i=2 spf=pass spfdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of isar-users+bncbcd6jj6cqqfrbgwat6bamgqejzhn5da@googlegroups.com designates 209.85.220.55 as permitted sender) smtp.mailfrom=isar-users+bncBCD6JJ6CQQFRBGWAT6BAMGQEJZHN5DA@googlegroups.com; dmarc=fail (p=NONE sp=NONE dis=NONE arc=pass) header.from=siemens.com ARC-Seal: i=2; a=rsa-sha256; t=1615323162; cv=pass; d=google.com; s=arc-20160816; b=MrYeqlPHuqdFwJJrJnHJbbWB7LP7nME25J6H/I8BefOfA115WM+uGj7BNaCBHsOeJ9 Zi7VkJIay8w1vqdpF2W8rDNcu8gODeHe132WwKBmd+3s4yWMI4KFRDEM7MOdM4xkyJKj /v/0B6IUbkURZN9Tw4uvduG6itJl5CyE/bEQv+Cbvg02orKZWFEatLj3Dty5SXasI4JT Eeix7cNcSv4SDX2FddFK72fFjw53F3Y5OICeXiqjL5ikcJa0gmhiUMWEHhQPIAplmnOR hyrGh7L4LJnqCInwKSPQWysJhVP1N2HHFSV+MxoylHA6QnGxGFQAxH3xztGu0cS1CRIX vxdQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:to:from:sender:dkim-signature; bh=e1ZybnuhG9bcHjLiCdCRv7P1sXl5ivhrk44j94Wl/FM=; b=kBAaVOFvj+eV+w3VoPW1fotla1M5pDskWe+n4OdVF0KxWdqmc9UMZ7w9JeagdMSjFG VArv+3Gb5Hi2mLq8AEKM3UzDNvUktCSMiy/CBMbYZXZZga635KYhJpdwsWBSujKT+hQ4 ucpHj6EfQ7x0hHZfUtIKWtSp2RYAHCacsToGyrDE8GLfuEs4hdmLP0XLZ/QH9qteDNAC EmXoV62EE1Tu8AvZ8iq5keyzi+Z8oQD/BNZWrUDmDkkOFRD3MGHoVPl0XljHcmQtiZPO wdDQTwWSXLSd2L9Gk8ZN7cYZPCUeGCoEJwlq6LugKOfMRvHnFhsveHSpnw7kTTd6xKE6 MCtA== ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=pass (google.com: domain of silvano.cirujano-cuesta@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=silvano.cirujano-cuesta@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20161025; h=sender:from:to:subject:date:message-id:in-reply-to:references :mime-version:x-original-sender:x-original-authentication-results :precedence:mailing-list:list-id:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=e1ZybnuhG9bcHjLiCdCRv7P1sXl5ivhrk44j94Wl/FM=; b=ZiVzXo2dL7Yuy3NCwtdq+et0ajpzHy8cmL3M1bT9unWznWRD9xEWSZqIbfXjCUnGYj Jjjoj+nq0RSUF72Ii+ZeJ/X+2BpPQv84nLXnimrVZHq9wcomFZGoiL02SJdyCWe5ZjCF HmAv4dBNyXnipBzHdJBppVFIYNZcU17CfTBWpRjiJnv3+Fap2rbMNhCly3J/hGSx0dFH qLmEH/iBXevi5f/5AH8TUqpS6kfe6kK+wGACz7sDf5CZ16YhEIqUFuomVRH6oqydGElj svMla2m3OUjFAi2JRzle1GEWdJWKBQbUlgfuO0pG41cXr6Pfp1uCxoRsUjqhHNxqQz5n kSlA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=sender:x-gm-message-state:from:to:subject:date:message-id :in-reply-to:references:mime-version:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :x-spam-checked-in-group:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=e1ZybnuhG9bcHjLiCdCRv7P1sXl5ivhrk44j94Wl/FM=; b=MyKA8v1NS3q43dvFcB4cXKM+XedQH5Fun6ecY+p2HZLhrqmWK0Y0HVtWejM/KREz58 HlYjKwNWepiGkojov1N29wR5wIcxt/B8RDpnzsoZelbb6MwP3yN28tVQKPG6Bv45nKD9 Bz9lQzd5ORnCejuqpMZr3u+WcR/dX/MhgomfOAlMopTHL3XVJXD+MdIFvSblvo5zTQJB O9ezkKp0H7Lz9aM1i3onhAQIEbcqgw4nzYIQg6mUyeuj45gOMdOigIUC2x2fOFOLvQXo ZgCUevmN+HpeI+nGW4Llrw2bXw0WwdY8pEy6+VL5QnvUkGKbNSWQw14PKiDFAYSfqnsW xLqQ== Sender: isar-users@googlegroups.com X-Gm-Message-State: AOAM530t+TIiK4ihsz8oBuqnApg3O5EdEBijT5RsHWZHtfvrTwSvlm9A Rtnef+02RN/+slUP6gdlW1A= X-Google-Smtp-Source: ABdhPJxTF+ARp5w4yVH/t9szeNmH72VNC2PfUSbGVO0Yc9m7uk8FUrg2C9bikJG+Xi8F3ckD/ZmxVA== X-Received: by 2002:a5d:42cb:: with SMTP id t11mr30036956wrr.280.1615323162452; Tue, 09 Mar 2021 12:52:42 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a5d:6a89:: with SMTP id s9ls3504802wru.2.gmail; Tue, 09 Mar 2021 12:52:41 -0800 (PST) X-Received: by 2002:a5d:4e85:: with SMTP id e5mr30943116wru.218.1615323161750; Tue, 09 Mar 2021 12:52:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1615323161; cv=none; d=google.com; s=arc-20160816; b=huFEq5UX4/YyUBvg/9a9f7Seqvp0SJ0nYFZ+amTYdgMgliLLQ/mIIFsKL2OqZEO8bF gUgQN8aQCymRT9kF3MmzCXFtyTLNv9Z3vUhcvFdHLEzONyQeP+6w7Gnj+2c6wH0INsey cF9q1Dybg92MzUQSzEkVEL6nVxAc11G769EeMQoQ2OR8xr6s2725p0ehMk5l9aYif/Xi NoAOrl3wBVebd2W2ax7ItqHjZgz15qALaVOBsEnF2JnJG9h0FJ8txxJfN81KhUf7xolx /aJ7F9aev3Ehez4c98yNiLEuUDyFx2CQGWNzLaJi7fUXt6/tvLjsiw9aQHTgz4ToSXhL N9nA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from; bh=py1IBJk8cwCaYj/7VottqGjYeo9xSbgTPxS3DYS6IZY=; b=Pp7Ix9TdYy5DXyp4ylI8CaFZT6/Q4TdYM7jUL/Z2l8EX5KW77K6DRx/b8pyU/ke2Nw yDKWeSnQCs5BZIo6XCZThrt3AiEi+qC7a0mCPjqe+mfDdmPr3QXM7g3cKDr4IyQYzLjz u8ySS0omzrauzTC6qFHvIlOuQ4I793dyqDmbqEwAW/Zpm8v4u6ibD/e8As/DlqmzEull FCG4MSj5+OzHqHhs/UBHa2L6yf4xs4zv+vVZeoZxEvy1+rvd3WRhg7mt4dmvTOfPCGjS mkQOLJnlCo3qDSl6PWkct58FEG1FkF1hv2tWzpVGmUPb4YHNXzqmdZgH8XLiRkL1C8ol iFqQ== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of silvano.cirujano-cuesta@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=silvano.cirujano-cuesta@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: from gecko.sbs.de (gecko.sbs.de. [194.138.37.40]) by gmr-mx.google.com with ESMTPS id v16si178397wmh.1.2021.03.09.12.52.40 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 09 Mar 2021 12:52:40 -0800 (PST) Received-SPF: pass (google.com: domain of silvano.cirujano-cuesta@siemens.com designates 194.138.37.40 as permitted sender) client-ip=194.138.37.40; Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by gecko.sbs.de (8.15.2/8.15.2) with ESMTPS id 129Kqev7010027 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Tue, 9 Mar 2021 21:52:40 +0100 Received: from md1sf36c.ad001.siemens.net ([139.22.35.216]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id 129Kqeb2031095 for ; Tue, 9 Mar 2021 21:52:40 +0100 From: Silvano Cirujano Cuesta To: isar-users@googlegroups.com Subject: [PATCH v6 1/5] classes: add root filesystem containerizing class Date: Tue, 9 Mar 2021 21:52:35 +0100 Message-Id: <20210309205239.652677-2-silvano.cirujano-cuesta@siemens.com> X-Mailer: git-send-email 2.30.1 In-Reply-To: <20210309205239.652677-1-silvano.cirujano-cuesta@siemens.com> References: <20210309205239.652677-1-silvano.cirujano-cuesta@siemens.com> MIME-Version: 1.0 X-Original-Sender: silvano.cirujano-cuesta@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of silvano.cirujano-cuesta@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=silvano.cirujano-cuesta@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: =?utf-8?q?1693789101283529572?= X-GMAIL-MSGID: =?utf-8?q?1693789101283529572?= This class can be used to create container images which root filesystem is that generated by the do_rootfs task. Containerized root filesystems have following possible use-cases: - Using ISAR as a container image builder. - Simplify distribution of runtime rootfs (binaries, libraries, configurations, ...) for application development or testing. - Distributing SDKs. Signed-off-by: Silvano Cirujano Cuesta --- .../classes/image-container-extension.bbclass | 81 +++++++++++++++++++ meta/classes/image.bbclass | 1 + 2 files changed, 82 insertions(+) create mode 100644 meta/classes/image-container-extension.bbclass diff --git a/meta/classes/image-container-extension.bbclass b/meta/classes/image-container-extension.bbclass new file mode 100644 index 0000000..e26604a --- /dev/null +++ b/meta/classes/image-container-extension.bbclass @@ -0,0 +1,81 @@ +# This software is a part of ISAR. +# Copyright (C) Siemens AG, 2021 +# +# SPDX-License-Identifier: MIT +# +# This class extends the image.bbclass for containerizing the root filesystem. + +CONTAINER_FORMATS ?= "docker-archive" + +containerize_rootfs() { + local cmd="/bin/dash" + local empty_tag="empty" + local full_tag="latest" + local oci_img_dir="${WORKDIR}/oci-image" + local rootfs="$1" + local rootfs_id="$2" + local container_formats="$3" + + # prepare OCI container image skeleton + bbdebug 1 "prepare OCI container image skeleton" + rm -rf "${oci_img_dir}" + sudo umoci init --layout "${oci_img_dir}" + sudo umoci new --image "${oci_img_dir}:${empty_tag}" + sudo umoci config --image "${oci_img_dir}:${empty_tag}" \ + --config.cmd="${cmd}" + sudo umoci unpack --image "${oci_img_dir}:${empty_tag}" \ + "${oci_img_dir}_unpacked" + + # add root filesystem as the flesh of the skeleton + sudo cp -a "${rootfs}"/* "${oci_img_dir}_unpacked/rootfs/" + # clean-up temporary files + sudo find "${oci_img_dir}_unpacked/rootfs/tmp" -mindepth 1 -delete + + # pack container image + bbdebug 1 "pack container image" + sudo umoci repack --image "${oci_img_dir}:${full_tag}" \ + "${oci_img_dir}_unpacked" + sudo umoci remove --image "${oci_img_dir}:${empty_tag}" + sudo rm -rf "${oci_img_dir}_unpacked" + + # no root needed anymore + sudo chown --recursive $(id -u):$(id -g) "${oci_img_dir}" + + # convert the OCI container image to the desired format + image_name="isar-${rootfs_id}" + for image_type in ${CONTAINER_FORMATS} ; do + image_archive="${DEPLOY_DIR_IMAGE}/${rootfs_id}-${image_type}.tar" + bbdebug 1 "Creating container image type: ${image_type}" + case "${image_type}" in + "docker-archive" | "oci-archive") + if [ "${image_type}" = "oci-archive" ] ; then + target="${image_type}:${image_archive}:latest" + else + target="${image_type}:${image_archive}:${image_name}:latest" + fi + rm -f "${image_archive}" "${image_archive}.xz" + bbdebug 2 "Converting OCI image to ${image_type}" + skopeo --insecure-policy copy \ + "oci:${oci_img_dir}:${full_tag}" "${target}" + bbdebug 2 "Compressing image" + xz -T0 "${image_archive}" + ;; + "oci") + tar --create --xz --directory "${oci_img_dir}" \ + --file "${image_archive}.xz" . + ;; + "docker-daemon" | "containers-storage") + if [ -f /.dockerenv ] || [ -f /run/.containerenv ] ; then + die "Adding the container image to a container runtime (${image_type}) not supported if running from a container (e.g. 'kas-container')" + fi + skopeo --insecure-policy copy \ + "oci:${oci_img_dir}:${full_tag}" \ + "${image_type}:${image_name}:latest" + ;; + *) + die "Unsupported format for containerize_rootfs: ${image_type}" + ;; + esac + done +} + diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index eddc444..ec93cab 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass @@ -76,6 +76,7 @@ inherit image-tools-extension inherit image-postproc-extension inherit image-locales-extension inherit image-account-extension +inherit image-container-extension # Extra space for rootfs in MB ROOTFS_EXTRA ?= "64"