Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ppc64le: add support for building docker debs for xenial #23438

Merged
merged 1 commit into from
Aug 19, 2016

Conversation

tophj-ibm
Copy link
Contributor

@tophj-ibm tophj-ibm commented Jun 10, 2016

This PR adds the ability to make docker debs for xenial on ppc64le.

This is pretty standard except for a few specific power+xenial issues.

  1. Seccomp isn't enabled by default because the latest package version is a bit too old to
    have power support in it. Once that gets updated to 2.3+, it can be added back in.

    Edit: The base xenial package (v2.2.3-3) contains backports of all the power and z related changes.
  2. Power doesn't have an official 1.6.2 golang binary we can download, so we have to build from
    source. In order to build from source, we need a previous version of go, so we download that from
    the xenial repo (go1.6.1), bootstrap build latest go, and then remove the older version.

Signed-off-by: Christopher Jones tophj@linux.vnet.ibm.com

go o's

@justincormack
Copy link
Contributor

Unfortunately it is unclear if they will update libseccomp, so far there seems to have been a policy of not doing it, although I am going to try filing issues to try to change this - maybe you could file an issue against the ppc64le port on the Ubuntu bug tracker? It seems like a security issue to me not properly supporting the running platform for this...

# xenial ships with libseccomp 2.2.3, but power wasn't supported until 2.3
if [ "$suite" = 'xenial' ]; then
packages=( "${packages[@]/libseccomp-dev}" )
fi
Copy link
Contributor

@justincormack justincormack Jun 11, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Put the runc and extra buildtags here as in https://github.com/docker/docker/blob/master/contrib/builder/deb/amd64/generate.sh#L93 so it is obvious how to enable seccomp, it could even be enabled for the default case so it works in future versions on the assumption they will have a recent enough version.

@tophj-ibm tophj-ibm force-pushed the ppc64le-build-xenial-debs branch from f127ac8 to c0788fe Compare June 13, 2016 00:50
@tophj-ibm
Copy link
Contributor Author

Yeah I agree, I'm not sure what's going on with the version, but I'll go ahead and submit a bug report on the ppc64le side for it.

@justincormack
Copy link
Contributor

LGTM.

@tophj-ibm
Copy link
Contributor Author

okay, looks like power support was backported in an earlier release of libseccomp that I didn't see. I'm going to test some more and update this again.

@justincormack
Copy link
Contributor

Ah that sounds hopeful...

@tophj-ibm tophj-ibm force-pushed the ppc64le-build-xenial-debs branch from 47c987c to 858bd74 Compare June 13, 2016 21:24
@tophj-ibm
Copy link
Contributor Author

Updated. So all the tests passed with the xenial base version of seccomp enabled. Looking more into the package, power xenial seccomp just backported all the power and z related commits from 2.3.0 and 2.3.1 into 2.2.3-3 and just ignored all the x86 changes, hence it being an older version.

@justincormack
Copy link
Contributor

LGTM

@clnperez
Copy link
Contributor

clnperez commented Aug 4, 2016

Since the 1.12 madness is over, could this be rebased & looked at again? 🐱

@tophj-ibm
Copy link
Contributor Author

I'll rebase and add in the man page dockerfile when I get back on Monday 😎

@tophj-ibm tophj-ibm force-pushed the ppc64le-build-xenial-debs branch from 858bd74 to 3927723 Compare August 9, 2016 21:42
@tophj-ibm
Copy link
Contributor Author

Rebased and added in the dockerfile for the man pages.

@tophj-ibm tophj-ibm force-pushed the ppc64le-build-xenial-debs branch from 3927723 to 8606fd5 Compare August 9, 2016 22:31
@tophj-ibm tophj-ibm force-pushed the ppc64le-build-xenial-debs branch from 8606fd5 to 618fd8c Compare August 19, 2016 02:20
This PR adds the ability to make docker debs for xenial on power

Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>

Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
@tophj-ibm tophj-ibm force-pushed the ppc64le-build-xenial-debs branch from 618fd8c to 64881dc Compare August 19, 2016 02:25
@justincormack
Copy link
Contributor

updated LGTM.

@LK4D4
Copy link
Contributor

LK4D4 commented Aug 19, 2016

LGTM

@LK4D4 LK4D4 merged commit bf61c91 into moby:master Aug 19, 2016
@tophj-ibm
Copy link
Contributor Author

Thanks guys!! 🎉

@thaJeztah thaJeztah added this to the 1.13.0 milestone Sep 22, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants