From patchwork Mon Mar 29 06:56:36 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Silvano Cirujano Cuesta X-Patchwork-Id: 390 Return-Path: Delivered-To: ilbers.mnt@gmail.com Received: by 2002:a4a:378f:0:0:0:0:0 with SMTP id r137csp3546326oor; Mon, 29 Mar 2021 08:56:43 -0700 (PDT) X-Received: by 2002:adf:e108:: with SMTP id t8mr28740641wrz.371.1617033403029; Mon, 29 Mar 2021 08:56:43 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1617033403; cv=pass; d=google.com; s=arc-20160816; b=oVBMMwpf/nb31Tbc41dYArD56A+1d7beRweJLkuH2mZWO7iKaEm1dAUuM1btsabVvP vOmpoq/mJSz6mLIOocIRY7r8UrG97ooKvc+W0ne0hHDk7gcgAGSeXJlw+awLqP+gObTR RwAURZnbeVR1ufg+dYOgwjpYqqm681kN7W2wtIyYSWqxUpbzryCauRsIxUuK3Epr99KL TllH+xN6Z0m48j0WRupXj3FuAx1WucXoDP7P6bZqINI9H/nX9XX6O2G2/xvxDU+/gYDO BXOg9+wGxknDEzjzKyIvHr4pAPV1xKjhvw41A/YeNvlaemzfp+C0JOIn83xsVOpZBsR6 IPrg== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:to:from:sender:dkim-signature; bh=77koU1m5Pi8cFpZ5xyTFOZstUxhBaliD0r3QMvXeJPo=; b=IwpKy3b4wS84i31NgDn/SK/XoibPfA6p2Lfjuay7usu5K70+W6suPVMR2qGMvjMEr8 7u54ZoF2pKodAk56OsFAj6DUhAQEPORvqLqWsnxm+TWsEXl8GoNazKvyicjkEskiGXR6 d+JGn79SecqIdnQIWbxdbiQQrr45SLkX40hqkRxFuwxHzcKgyJqSsw2B83tSeFWOSgHl 2SAMXPf91wdFQROUUMx9DJntau7Ft1hdgVAqARr8VD78zRS3uRT4u8kjE973pcNOXqOe AXfA53gOKEugB9dOV8lYDADBJzha9l+qHGOnGSTIUWNNkzruSTz5legw4FIVmnMd6BaG R/OQ== ARC-Authentication-Results: i=3; mx.google.com; dkim=pass header.i=@googlegroups.com header.s=20161025 header.b=dMwYvpOB; arc=pass (i=2 spf=pass spfdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of isar-users+bncbcd6jj6cqqfrboxrq6bqmgqe7gl7qja@googlegroups.com designates 209.85.220.55 as permitted sender) smtp.mailfrom=isar-users+bncBCD6JJ6CQQFRBOXRQ6BQMGQE7GL7QJA@googlegroups.com; dmarc=fail (p=NONE sp=NONE dis=NONE arc=pass) header.from=siemens.com Received: from mail-sor-f55.google.com (mail-sor-f55.google.com. [209.85.220.55]) by mx.google.com with SMTPS id i11sor8225600wmg.8.2021.03.29.08.56.42 (Google Transport Security); Mon, 29 Mar 2021 08:56:43 -0700 (PDT) Received-SPF: pass (google.com: domain of isar-users+bncbcd6jj6cqqfrboxrq6bqmgqe7gl7qja@googlegroups.com designates 209.85.220.55 as permitted sender) client-ip=209.85.220.55; Authentication-Results: mx.google.com; dkim=pass header.i=@googlegroups.com header.s=20161025 header.b=dMwYvpOB; arc=pass (i=2 spf=pass spfdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of isar-users+bncbcd6jj6cqqfrboxrq6bqmgqe7gl7qja@googlegroups.com designates 209.85.220.55 as permitted sender) smtp.mailfrom=isar-users+bncBCD6JJ6CQQFRBOXRQ6BQMGQE7GL7QJA@googlegroups.com; dmarc=fail (p=NONE sp=NONE dis=NONE arc=pass) header.from=siemens.com ARC-Seal: i=2; a=rsa-sha256; t=1617033402; cv=pass; d=google.com; s=arc-20160816; b=eXoKr2jIZBz8+NEPH8q6/rry+8lrGIWFCKGundwXPdSfL01GGzePWPqoMrD4aNei47 dgx2yv/rFJsUIQL6Htj4CLyKfwNy+Hx9RdkQAdD3aPOFnN9SJHCRVLGneCz024z59w2n Hnvz0LYCCqxAQm6wQMqnTL585cp+Qx1EqtQ92uPux+7D257zvNHXq0BDQR1wLHgCbSSk ZIqC8pVhxPovBOybXRxMaEup4Ymd5Mlj21qgjBbLzkH4ejFz20Yxbq34pT2vWD9L0cd7 ZdNtmEPimOSvwCYmEGa3QIDGN76M6Uxozeyb7W5PgQuad0yT/F7LvGvJ4Xz45zRXJttv pJvQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:to:from:sender:dkim-signature; bh=77koU1m5Pi8cFpZ5xyTFOZstUxhBaliD0r3QMvXeJPo=; b=lQRqFbOVP6qLpiKSnK6xClm505PQa0WyJ6EBjBAOPP12LavprAS51brfEAIICIeraG V0r4USKxg1W2oJMOftDj+ZjNtkNuw6VjSttL7L+qcy3SwsF/UT2GbAEGG06qfOLWjtN9 uByffQ+GdLFs5VnS3LeYk//3rabmi0um47jnG61ln1BNKprwDeWIsKfKI4HUrO2m3ooP HANNB7EuKZDiilY8m0AOVMofbbxSDeVwhzIs6sqLlJNwO91jShGohn/ykY1UaRFIbq1a gl4vDx2mgDIkbX1FZSiqoxOT2FauUJ/+AS7XQpzBHWrA3dHc4NMEvJLcFHjD+b1mHZ25 5bOw== ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=pass (google.com: domain of silvano.cirujano-cuesta@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=silvano.cirujano-cuesta@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20161025; h=sender:from:to:subject:date:message-id:in-reply-to:references :mime-version:x-original-sender:x-original-authentication-results :precedence:mailing-list:list-id:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=77koU1m5Pi8cFpZ5xyTFOZstUxhBaliD0r3QMvXeJPo=; b=dMwYvpOBK/CTiLn8WGC3so1i8qJZyp9+fe2Q2NfNXxdK7iNCbVmlgFmzLI3QIhq/YK LJP0LXaOaY3cucSkN54wVFwlpygV+6pXG5pldQkONDwkbwqSrJ9JBVCRXWozd7gzShNR 9ZzPV8ZCqOovOm4/2ShqjcwdSsweoDptoz5AmA8lKlPrWTmrQvTLp1M9lF9hDpj1yzlz FDccAQ1bSk+cWMZKzFVPWfLT1UpnRS3lfTATkrbWswjH3zJlovPWubdkYPxdmmdegUbV aSkqISGPWqS4egkf+KhRBNDFIn0KZPx01W7NHJGuCUUjAJMx8ZDL6aKxwJYKZMFQJVIO 7Zjw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=sender:x-gm-message-state:from:to:subject:date:message-id :in-reply-to:references:mime-version:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :x-spam-checked-in-group:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=77koU1m5Pi8cFpZ5xyTFOZstUxhBaliD0r3QMvXeJPo=; b=fLyOYKMosCxAT8UigWU6qBBnIVENqksB3z1qEBUUZ18B+CxgNEN1RI/R0/t0VF4iIL RkPU+rQo3fQYU1YLAMJk/b1VhkmvWGgyiNIhVfwBdbb8rpGqFG/w683n3yqx0eBXSh66 fzHMSTiV2sJM3+1WsLn+eB2lGPR040ctycn5ZkmbPJmlliFZd7RYv77Ez1Xmz6Ku98dU 5GCn9w4837r8jOOrQAYX9lW49G4pDBkd7QijuWe1AUqMGqh5dsOcr9RIajBKRjUUdNFK 1qPzai4qG7IHjLCVcj20GZ2znQq+T4ZbFxhS3p0o8RvZiRwU7Vz1wTMzfdgsECZtxTjR 2IAw== Sender: isar-users@googlegroups.com X-Gm-Message-State: AOAM531aCmbSe87VeHCqXspIvmVjLEcHgVSy/1++7GRppPdIgEIByuzJ MUbWXsmgB5QFIMExu1gK+wk= X-Google-Smtp-Source: ABdhPJyHeZwI2nJJcEP4YVDu5UjJm90xUtsixaPgIgcmiqcCyxv8QVV9MSNSQx3EEPitV7fUTmZlPg== X-Received: by 2002:a05:600c:3796:: with SMTP id o22mr17631336wmr.139.1617033402454; Mon, 29 Mar 2021 08:56:42 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a1c:24d4:: with SMTP id k203ls7921056wmk.0.canary-gmail; Mon, 29 Mar 2021 08:56:41 -0700 (PDT) X-Received: by 2002:a1c:7ec4:: with SMTP id z187mr25472741wmc.3.1617033401742; Mon, 29 Mar 2021 08:56:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617033401; cv=none; d=google.com; s=arc-20160816; b=XVL87wREaE/AQWz2SZBSSswOXvZ0FO9K9bS9eHUu4vfs2hWhdUlJDE21E5seBY3IWY y0bCJpUwyHZFpcSeijB59iTdRkatdBXIJHVPRx46zSOrxrQ3K4Oqflll77LJ9OA+VXTr sSN3V7sO8a6Gyw2AMWL1+9pOf98za9mY7ZydFHpWZy5OX4WQ+DbAY/S64sSMjdWcUJyq zwFyaGu5PDU/78Zoe4aBNuNUULQPE164YH2bdGtvaHaF/gbw1GaH4Dayv70p4rN8a3Y7 7mKOfQVuORdAw/9RDcb5qibLx4+/8K3/UVip8844TUc0/hrSSCGzXp6Qm01v6maWlBbL pOSg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from; bh=UoU5rtSUjdje4gcbAE4iAaL8dO/gY1W/Afi0o1RjDTQ=; b=xYmkw7uRxKzCIiiGJ2SMp5yKnuEAKM3miGZZKENPGpNkvymxhiX8ktjo+pD/JDuM/7 oKE5cTOs4xO6vdKXHQWJQ4BaAiFnq6mWHvLjvswq4H63BtzHvcTPzKVqh9G4g6wCgD3o zc1Qt08uxZX8AgIrzk2v59tnuShZWTQKirRlsoOK54hP3A7UJeC0tKsBJZmNrNKeGnU2 /Uoj9BKxVqJWenGbX18GJEs3Sk5ERCAmIsA95vVFFN9gUGU9/sIqSsZTu6YKrk7tR79k y0hAzBrDJhA3Y8Mp5/tNzrfXFMu/v6sVW9m1wYiVjP8zuyqj5dQ5qjMmzi9DxAGWnXTj enAA== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of silvano.cirujano-cuesta@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=silvano.cirujano-cuesta@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: from gecko.sbs.de (gecko.sbs.de. [194.138.37.40]) by gmr-mx.google.com with ESMTPS id r11si690638wrm.1.2021.03.29.08.56.41 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 29 Mar 2021 08:56:41 -0700 (PDT) Received-SPF: pass (google.com: domain of silvano.cirujano-cuesta@siemens.com designates 194.138.37.40 as permitted sender) client-ip=194.138.37.40; Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by gecko.sbs.de (8.15.2/8.15.2) with ESMTPS id 12TFufg2000539 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Mon, 29 Mar 2021 17:56:41 +0200 Received: from md1sf36c.ad001.siemens.net ([167.87.46.205]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id 12TFufsk031984 for ; Mon, 29 Mar 2021 17:56:41 +0200 From: Silvano Cirujano Cuesta To: isar-users@googlegroups.com Subject: [PATCH v8 1/5] classes: add root filesystem containerizing class Date: Mon, 29 Mar 2021 17:56:36 +0200 Message-Id: <20210329155640.62445-2-silvano.cirujano-cuesta@siemens.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210329155640.62445-1-silvano.cirujano-cuesta@siemens.com> References: <20210329155640.62445-1-silvano.cirujano-cuesta@siemens.com> MIME-Version: 1.0 X-Original-Sender: silvano.cirujano-cuesta@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of silvano.cirujano-cuesta@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=silvano.cirujano-cuesta@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: =?utf-8?q?1695582417646877331?= X-GMAIL-MSGID: =?utf-8?q?1695582417646877331?= This class can be used to create container images which root filesystem is that generated by the do_rootfs task. Containerized root filesystems have following possible use-cases: - Using ISAR as a container image builder. - Simplify distribution of runtime rootfs (binaries, libraries, configurations, ...) for application development or testing. - Distributing SDKs. Signed-off-by: Silvano Cirujano Cuesta --- .../classes/image-container-extension.bbclass | 82 +++++++++++++++++++ meta/classes/image.bbclass | 1 + 2 files changed, 83 insertions(+) create mode 100644 meta/classes/image-container-extension.bbclass diff --git a/meta/classes/image-container-extension.bbclass b/meta/classes/image-container-extension.bbclass new file mode 100644 index 0000000..f693627 --- /dev/null +++ b/meta/classes/image-container-extension.bbclass @@ -0,0 +1,82 @@ +# This software is a part of ISAR. +# Copyright (C) Siemens AG, 2021 +# +# SPDX-License-Identifier: MIT +# +# This class extends the image.bbclass for containerizing the root filesystem. + +CONTAINER_FORMATS ?= "docker-archive" +IMAGE_INSTALL += "isar-exclude-docs isar-disable-apt-cache" + +containerize_rootfs() { + local cmd="/bin/dash" + local empty_tag="empty" + local full_tag="latest" + local oci_img_dir="${WORKDIR}/oci-image" + local rootfs="$1" + local rootfs_id="$2" + local container_formats="$3" + + # prepare OCI container image skeleton + bbdebug 1 "prepare OCI container image skeleton" + rm -rf "${oci_img_dir}" + sudo umoci init --layout "${oci_img_dir}" + sudo umoci new --image "${oci_img_dir}:${empty_tag}" + sudo umoci config --image "${oci_img_dir}:${empty_tag}" \ + --config.cmd="${cmd}" + sudo umoci unpack --image "${oci_img_dir}:${empty_tag}" \ + "${oci_img_dir}_unpacked" + + # add root filesystem as the flesh of the skeleton + sudo cp -a "${rootfs}"/* "${oci_img_dir}_unpacked/rootfs/" + # clean-up temporary files + sudo find "${oci_img_dir}_unpacked/rootfs/tmp" -mindepth 1 -delete + + # pack container image + bbdebug 1 "pack container image" + sudo umoci repack --image "${oci_img_dir}:${full_tag}" \ + "${oci_img_dir}_unpacked" + sudo umoci remove --image "${oci_img_dir}:${empty_tag}" + sudo rm -rf "${oci_img_dir}_unpacked" + + # no root needed anymore + sudo chown --recursive $(id -u):$(id -g) "${oci_img_dir}" + + # convert the OCI container image to the desired format + image_name="isar-${rootfs_id}" + for image_type in ${CONTAINER_FORMATS} ; do + image_archive="${DEPLOY_DIR_IMAGE}/${rootfs_id}-${image_type}.tar" + bbdebug 1 "Creating container image type: ${image_type}" + case "${image_type}" in + "docker-archive" | "oci-archive") + if [ "${image_type}" = "oci-archive" ] ; then + target="${image_type}:${image_archive}:latest" + else + target="${image_type}:${image_archive}:${image_name}:latest" + fi + rm -f "${image_archive}" "${image_archive}.xz" + bbdebug 2 "Converting OCI image to ${image_type}" + skopeo --insecure-policy copy \ + "oci:${oci_img_dir}:${full_tag}" "${target}" + bbdebug 2 "Compressing image" + xz -T0 "${image_archive}" + ;; + "oci") + tar --create --xz --directory "${oci_img_dir}" \ + --file "${image_archive}.xz" . + ;; + "docker-daemon" | "containers-storage") + if [ -f /.dockerenv ] || [ -f /run/.containerenv ] ; then + die "Adding the container image to a container runtime (${image_type}) not supported if running from a container (e.g. 'kas-container')" + fi + skopeo --insecure-policy copy \ + "oci:${oci_img_dir}:${full_tag}" \ + "${image_type}:${image_name}:latest" + ;; + *) + die "Unsupported format for containerize_rootfs: ${image_type}" + ;; + esac + done +} + diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index eddc444..ec93cab 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass @@ -76,6 +76,7 @@ inherit image-tools-extension inherit image-postproc-extension inherit image-locales-extension inherit image-account-extension +inherit image-container-extension # Extra space for rootfs in MB ROOTFS_EXTRA ?= "64"