diff --git a/pkg/acrn-kernel/Dockerfile b/pkg/acrn-kernel/Dockerfile index 0afca2ec2d5..61c4c0514fe 100644 --- a/pkg/acrn-kernel/Dockerfile +++ b/pkg/acrn-kernel/Dockerfile @@ -1,7 +1,7 @@ FROM lfedge/eve-alpine:145f062a40639b6c65efa36bed1c5614b873be52 as kernel-build ENV BUILD_PKGS \ - argp-standalone automake bash bc binutils-dev bison build-base curl \ + argp-standalone automake bash bc binutils-dev bison build-base \ diffutils flex git gmp-dev gnupg installkernel kmod openssl-dev \ linux-headers ncurses-dev python3 findutils sed squashfs-tools tar \ xz xz-dev zlib-dev openssl lz4 lz4-libs elfutils-libelf elfutils-dev @@ -11,9 +11,8 @@ RUN eve-alpine-deploy.sh # Download acrn-kernel ENV KERNEL_VERSION acrn-2019w39.3-150000p ENV KERNEL_SOURCE=https://github.com/projectacrn/acrn-kernel/archive/${KERNEL_VERSION}.tar.gz -RUN \ - [ -f "$(basename ${KERNEL_SOURCE})" ] || curl -fsSLO "${KERNEL_SOURCE}" && \ - tar --absolute-names -xz < "$(basename ${KERNEL_SOURCE})" && mv "/acrn-kernel-${KERNEL_VERSION}" /acrn-kernel +ADD ${KERNEL_SOURCE} /kernel.tar.gz +RUN tar --absolute-names -xz < /kernel.tar.gz && mv "/acrn-kernel-${KERNEL_VERSION}" /acrn-kernel RUN ls -l /acrn-kernel # Apply local patches diff --git a/pkg/acrn-kernel/build.yml b/pkg/acrn-kernel/build.yml index 0ac1019cbc2..5f0388227ed 100644 --- a/pkg/acrn-kernel/build.yml +++ b/pkg/acrn-kernel/build.yml @@ -1,3 +1,2 @@ image: eve-acrn-kernel org: lfedge -network: yes diff --git a/pkg/acrn/Dockerfile b/pkg/acrn/Dockerfile index 06f40082564..d3d313e10c1 100644 --- a/pkg/acrn/Dockerfile +++ b/pkg/acrn/Dockerfile @@ -3,7 +3,7 @@ FROM lfedge/eve-alpine:145f062a40639b6c65efa36bed1c5614b873be52 AS kernel-build ENV BUILD_PKGS \ gcc make libc-dev dev86 xz-dev perl bash python3-dev gettext iasl \ util-linux-dev ncurses-dev glib-dev pixman-dev libaio-dev yajl-dev \ - argp-standalone linux-headers git patch texinfo curl tar bash socat \ + argp-standalone linux-headers git patch texinfo tar bash socat \ openssh python3 libc-dev openssl-dev openssl libpciaccess libpciaccess-dev\ bsd-compat-headers libusb libusb-dev gnu-efi-dev py3-pip RUN eve-alpine-deploy.sh @@ -12,9 +12,8 @@ RUN pip3 install kconfiglib==12.14.1 ENV ACRN_VERSION 1.3 ENV ACRN_SOURCE=https://github.com/projectacrn/acrn-hypervisor/archive/v${ACRN_VERSION}.tar.gz -RUN \ - [ -f "$(basename ${ACRN_SOURCE})" ] || curl -fsSLO "${ACRN_SOURCE}" && \ - tar --absolute-names -xz < "$(basename ${ACRN_SOURCE})" && mv "/acrn-hypervisor-${ACRN_VERSION}" /acrn-hypervisor +ADD ${ACRN_SOURCE} /acrn.tar.gz +RUN tar --absolute-names -xz < /acrn.tar.gz && mv "/acrn-hypervisor-${ACRN_VERSION}" /acrn-hypervisor RUN ls -l /acrn-hypervisor # Apply local patches COPY patches-${ACRN_VERSION} /patches diff --git a/pkg/acrn/build.yml b/pkg/acrn/build.yml index 77b77b60281..edc4c8aec14 100644 --- a/pkg/acrn/build.yml +++ b/pkg/acrn/build.yml @@ -1,3 +1,2 @@ image: eve-acrn org: lfedge -network: yes diff --git a/pkg/debug/Dockerfile b/pkg/debug/Dockerfile index 4a3fe35cdea..01bb9df5f0a 100644 --- a/pkg/debug/Dockerfile +++ b/pkg/debug/Dockerfile @@ -27,7 +27,8 @@ RUN su builder -c 'cd /musl && abuild checksum && abuild -r' RUN apk add -p /out --allow-untrusted /home/builder/packages/*/musl-1.2*.apk # hadolint ignore=DL4006 -RUN curl -L https://www.ezix.org/software/files/lshw-B.${LSHW_VERSION}.tar.gz | tar xzvf - +ADD https://www.ezix.org/software/files/lshw-B.${LSHW_VERSION}.tar.gz lshw.tar.gz +RUN tar -xzvf lshw.tar.gz COPY lshw/ lshw-B.${LSHW_VERSION}/ @@ -42,7 +43,8 @@ RUN for patch in fix-musl-sc_long_bit.patch wrapper-for-basename.patch 155652295 # building hexedit WORKDIR /tmp/hexedit/hexedit-1.5 # hadolint ignore=DL4006 -RUN curl -L https://github.com/pixel/hexedit/archive/refs/tags/1.5.tar.gz | tar -C .. -xzvf - +ADD https://github.com/pixel/hexedit/archive/refs/tags/1.5.tar.gz ../1.5.tar.gz +RUN tar -C .. -xzvf ../1.5.tar.gz RUN ./autogen.sh && ./configure && make DESTDIR=/out install # tweaking various bit diff --git a/pkg/debug/build.yml b/pkg/debug/build.yml index 74d1ed12039..062c207c5d3 100644 --- a/pkg/debug/build.yml +++ b/pkg/debug/build.yml @@ -1,6 +1,5 @@ image: eve-debug org: lfedge -network: yes config: pid: host net: host diff --git a/pkg/dom0-ztools/Dockerfile b/pkg/dom0-ztools/Dockerfile index 230cb29a79d..f7c761d3231 100644 --- a/pkg/dom0-ztools/Dockerfile +++ b/pkg/dom0-ztools/Dockerfile @@ -10,12 +10,16 @@ COPY /patches / # * ZFS on Linux ENV ZFS_VERSION=2.1.2 ENV ZFS_COMMIT=zfs-${ZFS_VERSION} -ENV ZFS_REPO=https://github.com/openzfs/zfs.git +ENV ZFS_REPO=https://github.com/openzfs/zfs ENV ZFS_PATCH_DIR=/patches-zfs-"${ZFS_VERSION}" WORKDIR /tmp/zfs -RUN git clone --depth 1 -b ${ZFS_COMMIT} ${ZFS_REPO} . +ADD ${ZFS_REPO}/tarball/${ZFS_COMMIT}/ zfs.tgz +RUN tar -zxvf zfs.zip && \ + mv openzfs-zfs-*/* . && \ + rm -rf openzfs-zfs-* && \ + rm zfs.tgz RUN set -e; \ if [ ! -d "${ZFS_PATCH_DIR}" ]; then \ echo "No such dir ${ZFS_PATCH_DIR}"; \ diff --git a/pkg/dom0-ztools/build.yml b/pkg/dom0-ztools/build.yml index 7389bffb549..6b033cb6c10 100644 --- a/pkg/dom0-ztools/build.yml +++ b/pkg/dom0-ztools/build.yml @@ -1,3 +1,2 @@ org: lfedge image: eve-dom0-ztools -network: yes diff --git a/pkg/edgeview/build.yml b/pkg/edgeview/build.yml index 410264af656..0c053a65923 100644 --- a/pkg/edgeview/build.yml +++ b/pkg/edgeview/build.yml @@ -1,6 +1,5 @@ image: eve-edgeview org: lfedge -network: yes config: binds: - /:/hostfs:ro diff --git a/pkg/eve/build.yml b/pkg/eve/build.yml index 53c57bb3081..82f3abd5f74 100644 --- a/pkg/eve/build.yml +++ b/pkg/eve/build.yml @@ -1,3 +1,2 @@ image: eve org: lfedge -network: yes diff --git a/pkg/fw/Dockerfile b/pkg/fw/Dockerfile index 621c990ef69..bc14e87610c 100644 --- a/pkg/fw/Dockerfile +++ b/pkg/fw/Dockerfile @@ -1,18 +1,20 @@ FROM lfedge/eve-alpine:145f062a40639b6c65efa36bed1c5614b873be52 as build -ENV BUILD_PKGS curl tar make +ENV BUILD_PKGS tar make RUN eve-alpine-deploy.sh ENV WIRELESS_REGDB_VERSION 2022.06.06 ENV WIRELESS_REGDB_REPO https://mirrors.edge.kernel.org/pub/software/network/wireless-regdb/wireless-regdb +ADD ${WIRELESS_REGDB_REPO}-${WIRELESS_REGDB_VERSION}.tar.gz /wireless-regdb.tar.gz RUN mkdir /wireless-regdb &&\ - curl -fsSL ${WIRELESS_REGDB_REPO}-${WIRELESS_REGDB_VERSION}.tar.gz | tar -xz --strip-components=1 -C /wireless-regdb &&\ + tar -xz --strip-components=1 -C /wireless-regdb -f /wireless-regdb.tar.gz &&\ cp /wireless-regdb/regulatory.db /wireless-regdb/regulatory.db.p7s /lib/firmware ENV LINUX_FIRMWARE_VERSION 20220708 ENV LINUX_FIRMWARE_URL https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/snapshot/linux-firmware +ADD ${LINUX_FIRMWARE_URL}-${LINUX_FIRMWARE_VERSION}.tar.gz /linux-firmware.tar.gz RUN mkdir /linux-firmware &&\ - curl -fsSL ${LINUX_FIRMWARE_URL}-${LINUX_FIRMWARE_VERSION}.tar.gz | tar -xz --strip-components=1 -C /linux-firmware &&\ + tar -xz --strip-components=1 -C /linux-firmware /linux-firmware.tar.gz &&\ make -C /linux-firmware FIRMWAREDIR="/lib/firmware" install # patch merged, but not released, remove this when update LINUX_FIRMWARE_VERSION @@ -30,18 +32,19 @@ RUN ln -s ../cypress/cyfmac43430-sdio.bin /lib/firmware/brcm/brcmfmac43430-sdio. ENV RPI_FIRMWARE_VERSION 2c8f665254899a52260788dd902083bb57a99738 ENV RPI_FIRMWARE_URL https://github.com/RPi-Distro/firmware-nonfree/archive +ADD ${RPI_FIRMWARE_URL}/${RPI_FIRMWARE_VERSION}.tar.gz /rpifirmware.tar.gz RUN mkdir /rpi-firmware &&\ - curl -fsSL ${RPI_FIRMWARE_URL}/${RPI_FIRMWARE_VERSION}.tar.gz | tar -xz --strip-components=1 -C /rpi-firmware &&\ + tar -xz --strip-components=1 -C /rpi-firmware -f /rpifirmware.tar.gz / &&\ cp -a /rpi-firmware/debian/config/brcm80211/brcm/brcmfmac43436* /lib/firmware/brcm ENV RPI_BT_FIRMWARE_VERSION e7fd166981ab4bb9a36c2d1500205a078a35714d ENV RPI_BT_FIRMWARE_URL https://github.com/RPi-Distro/bluez-firmware/raw WORKDIR /lib/firmware/brcm -RUN curl -fsSL ${RPI_BT_FIRMWARE_URL}/${RPI_BT_FIRMWARE_VERSION}/broadcom/BCM43430A1.hcd -O &&\ - curl -fsSL ${RPI_BT_FIRMWARE_URL}/${RPI_BT_FIRMWARE_VERSION}/broadcom/BCM4345C0.hcd -O &&\ - curl -fsSL ${RPI_BT_FIRMWARE_URL}/${RPI_BT_FIRMWARE_VERSION}/broadcom/BCM43430B0.hcd -O &&\ - curl -fsSL ${RPI_BT_FIRMWARE_URL}/${RPI_BT_FIRMWARE_VERSION}/broadcom/BCM4345C5.hcd -O +ADD ${RPI_BT_FIRMWARE_URL}/${RPI_BT_FIRMWARE_VERSION}/broadcom/BCM43430A1.hcd . +ADD ${RPI_BT_FIRMWARE_URL}/${RPI_BT_FIRMWARE_VERSION}/broadcom/BCM4345C0.hcd . +ADD ${RPI_BT_FIRMWARE_URL}/${RPI_BT_FIRMWARE_VERSION}/broadcom/BCM43430B0.hcd . +ADD ${RPI_BT_FIRMWARE_URL}/${RPI_BT_FIRMWARE_VERSION}/broadcom/BCM4345C5.hcd . FROM lfedge/eve-alpine:145f062a40639b6c65efa36bed1c5614b873be52 as compactor ENTRYPOINT [] diff --git a/pkg/fw/build.yml b/pkg/fw/build.yml index 42dd6b2efab..e2c2eeac52b 100644 --- a/pkg/fw/build.yml +++ b/pkg/fw/build.yml @@ -1,3 +1,2 @@ image: eve-fw org: lfedge -network: yes diff --git a/pkg/guacd/build.yml b/pkg/guacd/build.yml index 22322a573d0..86f0db62ba5 100644 --- a/pkg/guacd/build.yml +++ b/pkg/guacd/build.yml @@ -1,6 +1,5 @@ image: eve-guacd org: lfedge -network: yes config: binds: - /dev:/dev diff --git a/pkg/ipxe/Dockerfile b/pkg/ipxe/Dockerfile index 59e4a78172a..2dc51cd296b 100644 --- a/pkg/ipxe/Dockerfile +++ b/pkg/ipxe/Dockerfile @@ -1,11 +1,15 @@ FROM lfedge/eve-alpine:145f062a40639b6c65efa36bed1c5614b873be52 AS build -ENV BUILD_PKGS patch curl make gcc perl util-linux-dev git mtools linux-headers musl-dev xz-dev +ENV BUILD_PKGS patch make gcc perl util-linux-dev git mtools linux-headers musl-dev xz-dev # bash xorriso coreutils syslinux RUN eve-alpine-deploy.sh WORKDIR /ws -RUN git clone --depth 1 -b v1.21.1 https://github.com/ipxe/ipxe.git . +ADD https://github.com/ipxe/ipxe/tarball/v1.21.1 /ipxe.tgz +RUN tar -zxvf /ipxe.tgz && \ + mv ipxe-ipxe-*/* . && \ + rm -rf ipxe-ipxe-* && \ + rm /ipxe.tgz COPY embedded.cfg src/embedded.cfg COPY *patch /tmp/ diff --git a/pkg/ipxe/build.yml b/pkg/ipxe/build.yml index 8924d9f7fde..a56b5e32a45 100644 --- a/pkg/ipxe/build.yml +++ b/pkg/ipxe/build.yml @@ -1,3 +1,2 @@ image: eve-ipxe org: lfedge -network: yes diff --git a/pkg/k3s/Dockerfile b/pkg/k3s/Dockerfile index 0ecc8d5d115..79e7e0a0e34 100644 --- a/pkg/k3s/Dockerfile +++ b/pkg/k3s/Dockerfile @@ -1,12 +1,16 @@ FROM lfedge/eve-alpine:145f062a40639b6c65efa36bed1c5614b873be52 as build -ENV BUILD_PKGS make gcc git musl-dev linux-headers curl bash pkgconf libseccomp-dev go patch +ENV BUILD_PKGS make gcc git musl-dev linux-headers bash pkgconf libseccomp-dev go patch RUN eve-alpine-deploy.sh ARG K3SVER=v1.18.4+k3s1 WORKDIR /k3s COPY 0001-go-mod.patch /tmp/ -RUN git clone -b ${K3SVER} --depth 1 https://github.com/rancher/k3s.git . +ADD https://github.com/rancher/k3s/tarball/${K3SVER} /tmp/k3s.tgz +RUN tar -zxvf /tmp/k3s.tgz && \ + mv rancher-k3s-*/* . && \ + rm -rf rancher-k3s-* && \ + rm /tmp/k3s.tgz RUN patch -p1 < /tmp/0001-go-mod.patch RUN scripts/download RUN scripts/build diff --git a/pkg/k3s/build.yml b/pkg/k3s/build.yml index 48995ce94e2..771b4898ad3 100644 --- a/pkg/k3s/build.yml +++ b/pkg/k3s/build.yml @@ -1,3 +1,2 @@ image: eve-k3s org: lfedge -network: yes diff --git a/pkg/kernel/Dockerfile b/pkg/kernel/Dockerfile index cdedce10710..c0a8de2c2aa 100644 --- a/pkg/kernel/Dockerfile +++ b/pkg/kernel/Dockerfile @@ -1,22 +1,37 @@ # This file must be kept as much in sync with pkg/new-kernel/Dockerfile as posisble -FROM lfedge/eve-alpine:145f062a40639b6c65efa36bed1c5614b873be52 AS kernel-build +FROM lfedge/eve-alpine:145f062a40639b6c65efa36bed1c5614b873be52 AS kernel-build-base ENV BUILD_PKGS \ - argp-standalone automake bash bc binutils-dev bison build-base curl \ + argp-standalone automake bash bc binutils-dev bison build-base \ diffutils flex git gmp-dev gnupg installkernel kmod elfutils-dev \ linux-headers libunwind-dev mpc1-dev mpfr-dev ncurses-dev findutils \ openssl-dev patch rsync sed squashfs-tools tar xz xz-dev zlib-dev openssl \ attr-dev autoconf file coreutils libtirpc-dev libtool util-linux-dev RUN eve-alpine-deploy.sh -ARG KERNEL_VERSION_aarch64=5.10.121 -ARG KERNEL_VERSION_x86_64=5.10.121 -ARG KERNEL_SOURCE -ARG KERNEL_SHA256_SUMS -ARG KERNEL_PGP2_SIGN +# set versions for arm64 +FROM kernel-build-base AS kernel-build-arm64 +ARG KERNEL_VERSION_arm64=5.15.46 +# this has to be specified separately because of dockerfile limitations +ARG KERNEL_MAJOR=5 +ENV KERNEL_VERSION=${KERNEL_VERSION_arm64} +ENV KERNEL_MAJOR=${KERNEL_MAJOR} + +# set versions for amd64 +FROM kernel-build-base AS kernel-build-amd64 +ARG KERNEL_VERSION_amd64=5.15.46 +# this has to be specified separately because of dockerfile limitations +ARG KERNEL_MAJOR=5 +ENV KERNEL_VERSION=${KERNEL_VERSION_amd64} +ENV KERNEL_MAJOR=${KERNEL_MAJOR} + +# build for all arches +FROM kernel-build-${TARGET_ARCH} AS kernel-build + +ARG KERNEL_SOURCE=https://www.kernel.org/pub/linux/kernel/v${KERNEL_MAJOR}.x/linux-${KERNEL_VERSION}.tar.xz +ARG KERNEL_SHA256_SUMS=https://www.kernel.org/pub/linux/kernel/v${KERNEL_MAJOR}.x/sha256sums.asc +ARG KERNEL_PGP2_SIGN=https://www.kernel.org/pub/linux/kernel/v${KERNEL_MAJOR}.x/linux-${KERNEL_VERSION}.tar.sign -# The only variable that is used everywhere is KERNEL_SERIES, so we stick it into env -SHELL ["/bin/sh", "-c", "export KERNEL_SERIES=$(eval echo \\$KERNEL_VERSION_$(uname -m) | sed -e 's#.[^.]*$#.x#') ; /bin/sh -c \"$1\"", "-" ] # We copy the entire directory. This copies some unneeded files, but # allows us to check for the existence /patches-${KERNEL_SERIES} to @@ -25,25 +40,24 @@ COPY / / # Download and verify kernel # PGP keys: 589DA6B1 (greg@kroah.com) & 6092693E (autosigner@kernel.org) & 00411886 (torvalds@linux-foundation.org) -RUN KERNEL_VERSION="$(eval echo \$KERNEL_VERSION_"$(uname -m)")" && KERNEL_MAJOR="$(echo "$KERNEL_VERSION" | cut -f1 -d.)" && \ - KERNEL_SOURCE=${KERNEL_SOURCE:-https://www.kernel.org/pub/linux/kernel/v${KERNEL_MAJOR}.x/linux-${KERNEL_VERSION}.tar.xz} && \ - KERNEL_SHA256_SUMS=${KERNEL_SHA256_SUMS:-https://www.kernel.org/pub/linux/kernel/v${KERNEL_MAJOR}.x/sha256sums.asc} && \ - KERNEL_PGP2_SIGN=${KERNEL_PGP2_SIGN:-https://www.kernel.org/pub/linux/kernel/v${KERNEL_MAJOR}.x/linux-${KERNEL_VERSION}.tar.sign} && \ - curl -fsSLO ${KERNEL_SHA256_SUMS} && \ - gpg2 -q --import keys.asc && \ +ADD ${KERNEL_SHA256_SUMS} kernel-sums.asc +ADD ${KERNEL_PGP2_SIGN} linux-${KERNEL_VERSION}.tar.sign +ADD ${KERNEL_SOURCE} /tmp/linux-${KERNEL_VERSION}.tar.xz + +RUN gpg2 -q --import keys.asc && \ gpg2 --verify sha256sums.asc && \ KERNEL_SHA256=$(grep linux-${KERNEL_VERSION}.tar.xz sha256sums.asc | cut -d ' ' -f 1) && \ - [ -f linux-${KERNEL_VERSION}.tar.xz ] || curl -fsSLO ${KERNEL_SOURCE} && \ + [ -f linux-${KERNEL_VERSION}.tar.xz ] || mv /tmp/linux-${KERNEL_VERSION}.tar.xz . && \ echo "${KERNEL_SHA256} linux-${KERNEL_VERSION}.tar.xz" | sha256sum -c - && \ xz -d linux-${KERNEL_VERSION}.tar.xz && \ - curl -fsSLO ${KERNEL_PGP2_SIGN} && \ gpg2 --verify linux-${KERNEL_VERSION}.tar.sign linux-${KERNEL_VERSION}.tar && \ cat linux-${KERNEL_VERSION}.tar | tar --absolute-names -x && mv /linux-${KERNEL_VERSION} /linux && \ rm -rf /out && mkdir /out && echo "KERNEL_SOURCE=${KERNEL_SOURCE}" > /out/kernel-source-info # Apply local patches WORKDIR /linux -RUN set -e ; [ ! -d /patches-"${KERNEL_SERIES}" ] || for patch in /patches-"${KERNEL_SERIES}"/*.patch; do \ +RUN set -e ; KERNEL_SERIES=${KERNEL_VERSION%.*}.x; \ + [ ! -d /patches-"${KERNEL_SERIES}" ] || for patch in /patches-"${KERNEL_SERIES}"/*.patch; do \ echo "Applying $patch"; \ patch -p1 < "$patch"; \ done @@ -56,6 +70,7 @@ RUN case $(uname -m) in \ KERNEL_DEF_CONF=/linux/arch/arm64/configs/defconfig; \ ;; \ esac && \ + KERNEL_SERIES=${KERNEL_VERSION%.*}.x; \ cp /kernel_config-${KERNEL_SERIES}-$(uname -m) ${KERNEL_DEF_CONF}; \ if [ -n "${EXTRA}" ]; then \ sed -i "s/CONFIG_LOCALVERSION=\"-linuxkit\"/CONFIG_LOCALVERSION=\"-linuxkit${EXTRA}\"/" ${KERNEL_DEF_CONF}; \ @@ -88,12 +103,15 @@ RUN make INSTALL_MOD_PATH=/tmp/kernel-modules modules_install # * ZFS on Linux ENV ZFS_VERSION=2.1.2 ENV ZFS_COMMIT=zfs-${ZFS_VERSION} -ENV ZFS_REPO=https://github.com/openzfs/zfs.git +ENV ZFS_REPO=https://github.com/openzfs/zfs ENV ZFS_PATCH_DIR=/patches-zfs-"${ZFS_VERSION}" WORKDIR /tmp/zfs -RUN git clone --depth 1 -b ${ZFS_COMMIT} ${ZFS_REPO} . +ADD ${ZFS_REPO}/tarball/${ZFS_COMMIT} /zfs.tgz +RUN tar -zxvf /zfs.tgz && \ + mv openzfs-zfs-* . && \ + rm /zfs.tgz RUN set -e; \ if [ ! -d "${ZFS_PATCH_DIR}" ]; then \ echo "No such dir ${ZFS_PATCH_DIR}"; \ @@ -118,9 +136,11 @@ RUN unzip -d /tmp /tmp/xr.zip ;\ M=/tmp/xr_usb_serial_common_lnx-3.6-and-newer-pak \ modules modules_install -RUN git clone https://github.com/brektrou/rtl8821CU.git /tmp/rtl8821CU &&\ - (cd /tmp/rtl8821CU && git checkout 8c2226a7 ) &&\ - make -C /tmp/rtl8821CU KSRC=/linux modules &&\ +ADD https://github.com/brektrou/rtl8821CU/tarball/8c2226a7 /rtl8821CU.tgz +RUN tar -zxvf /rtl8821CU.tgz && \ + mv brektrou-rtl8821CU-* /tmp/rtl8821CU && \ + rm /rtl8821CU.tgz +RUN make -C /tmp/rtl8821CU KSRC=/linux modules &&\ install -D -p -m 644 /tmp/rtl8821CU/8821cu.ko $(echo /tmp/kernel-modules/lib/modules/*)/kernel/drivers/net/wireless/realtek/rtl8821cu/8821cu.ko # Strip at least some of the modules to conserve space diff --git a/pkg/kernel/build.yml b/pkg/kernel/build.yml index c3c90e8a633..bf4783482bf 100644 --- a/pkg/kernel/build.yml +++ b/pkg/kernel/build.yml @@ -1,3 +1,2 @@ image: eve-kernel org: lfedge -network: yes diff --git a/pkg/kvm-tools/Dockerfile b/pkg/kvm-tools/Dockerfile index 5fa30fe1f9e..a93c8db0be1 100644 --- a/pkg/kvm-tools/Dockerfile +++ b/pkg/kvm-tools/Dockerfile @@ -1,9 +1,9 @@ FROM lfedge/eve-alpine:145f062a40639b6c65efa36bed1c5614b873be52 as build -# Building qemu in strip-down mirovm only mode: curl +# Building qemu in strip-down mirovm only mode: # qemu 5.1 dependencies: python3 glib-dev pixman-dev # qemu 5.2+ dependencies: py3-setuptools bash perl # ninja dependencies: cmake g++ -ENV BUILD_PKGS gcc make libc-dev binutils-dev patch libaio-dev zlib-dev zlib-static linux-headers libvncserver-dev curl python3 glib-dev pixman-dev py3-setuptools bash perl cmake g++ +ENV BUILD_PKGS gcc make libc-dev binutils-dev patch libaio-dev zlib-dev zlib-static linux-headers libvncserver-dev python3 glib-dev pixman-dev py3-setuptools bash perl cmake g++ ENV BUILD_PKGS_arm64 dtc dtc-dev # libgcc, pixman and glib are required for qemu # it maybe possible to get rid of libgcc & pixman @@ -27,16 +27,16 @@ RUN patch -p1 < /0001-Makefile-Update-bfd-detection.patch ;\ # building ninja WORKDIR /ninja-1.10.1 -# hadolint ignore=DL4006 -RUN curl -L https://github.com/ninja-build/ninja/archive/v1.10.1.tar.gz | tar -C / -xzf - +ADD https://github.com/ninja-build/ninja/archive/v1.10.1.tar.gz /ninja.tar.gz +RUN tar -C / -xzf /ninja.tar.gz RUN cmake -Bbuild-cmake -H. RUN cmake --build build-cmake RUN cmake --install build-cmake --prefix /usr # building qemu WORKDIR /qemu-5.2.0 -# hadolint ignore=DL4006 -RUN curl https://download.qemu.org/qemu-5.2.0.tar.xz | tar -C / -xJf - +ADD https://download.qemu.org/qemu-5.2.0.tar.xz /qemu-5.2.0.tar.xz +RUN tar -C / -xJf /qemu-5.2.0.tar.xz COPY i386-softmmu.mak default-configs/devices/i386-softmmu.mak COPY meson.build hw/acpi/meson.build diff --git a/pkg/kvm-tools/build.yml b/pkg/kvm-tools/build.yml index b5bc8c6b617..10964e340c0 100644 --- a/pkg/kvm-tools/build.yml +++ b/pkg/kvm-tools/build.yml @@ -1,6 +1,5 @@ image: eve-kvm-tools org: lfedge -network: yes config: binds: - /dev:/dev diff --git a/pkg/mkimage-iso-efi/build.yml b/pkg/mkimage-iso-efi/build.yml index 4b13cf9a652..8ac49365957 100644 --- a/pkg/mkimage-iso-efi/build.yml +++ b/pkg/mkimage-iso-efi/build.yml @@ -1,3 +1,2 @@ image: eve-mkimage-iso-efi org: lfedge -network: true diff --git a/pkg/mkimage-raw-efi/build.yml b/pkg/mkimage-raw-efi/build.yml index 5ccbcbb0b07..bdffdb8e9a5 100644 --- a/pkg/mkimage-raw-efi/build.yml +++ b/pkg/mkimage-raw-efi/build.yml @@ -1,4 +1,3 @@ org: lfedge image: eve-mkimage-raw-efi -network: yes diff --git a/pkg/mkrootfs-ext4/build.yml b/pkg/mkrootfs-ext4/build.yml index ac92ade315d..0c20db93e2d 100644 --- a/pkg/mkrootfs-ext4/build.yml +++ b/pkg/mkrootfs-ext4/build.yml @@ -1,3 +1,2 @@ org: lfedge image: eve-mkrootfs-ext4 -network: true diff --git a/pkg/mkrootfs-squash/build.yml b/pkg/mkrootfs-squash/build.yml index 5e2b7b55813..b6dd394db49 100644 --- a/pkg/mkrootfs-squash/build.yml +++ b/pkg/mkrootfs-squash/build.yml @@ -1,3 +1,2 @@ org: lfedge image: eve-mkrootfs-squash -network: true diff --git a/pkg/new-kernel/Dockerfile b/pkg/new-kernel/Dockerfile index a110eae2c3b..b23e32502d3 100644 --- a/pkg/new-kernel/Dockerfile +++ b/pkg/new-kernel/Dockerfile @@ -1,50 +1,65 @@ # This file must be kept as much in sync with pkg/kernel/Dockerfile as possible -FROM lfedge/eve-alpine:145f062a40639b6c65efa36bed1c5614b873be52 as kernel-build +FROM lfedge/eve-alpine:145f062a40639b6c65efa36bed1c5614b873be52 as kernel-build-base ENV BUILD_PKGS \ - argp-standalone automake bash bc binutils-dev bison build-base curl \ + argp-standalone automake bash bc binutils-dev bison build-base \ diffutils flex git gmp-dev gnupg installkernel kmod elfutils-dev \ linux-headers libunwind-dev mpc1-dev mpfr-dev ncurses-dev findutils \ openssl-dev patch rsync sed squashfs-tools tar xz xz-dev zlib-dev openssl \ attr-dev autoconf file coreutils libtirpc-dev libtool util-linux-dev RUN eve-alpine-deploy.sh +# set versions for arm64 +FROM kernel-build-base AS kernel-build-arm64 +ARG KERNEL_VERSION_arm64=5.15.46 +# this has to be specified separately because of dockerfile limitations +ARG KERNEL_MAJOR=5 +ENV KERNEL_VERSION=${KERNEL_VERSION_arm64} +ENV KERNEL_MAJOR=${KERNEL_MAJOR} + +# set versions for amd64 +FROM kernel-build-base AS kernel-build-amd64 +ARG KERNEL_VERSION_amd64=5.15.46 +# this has to be specified separately because of dockerfile limitations +ARG KERNEL_MAJOR=5 +ENV KERNEL_VERSION=${KERNEL_VERSION_amd64} +ENV KERNEL_MAJOR=${KERNEL_MAJOR} + +# set versions for riscv64 +FROM kernel-build-base AS kernel-build-riscv64 ARG KERNEL_VERSION_riscv64=5.15.46 -ARG KERNEL_VERSION_aarch64=5.15.46 -ARG KERNEL_VERSION_x86_64=5.15.46 -ARG KERNEL_SOURCE -ARG KERNEL_SHA256_SUMS -ARG KERNEL_PGP2_SIGN +# this has to be specified separately because of dockerfile limitations +ARG KERNEL_MAJOR=5 +ENV KERNEL_VERSION=${KERNEL_VERSION_riscv64} +ENV KERNEL_MAJOR=${KERNEL_MAJOR} -# The only variable that is used everywhere is KERNEL_SERIES, so we stick it into env -SHELL ["/bin/sh", "-c", "export KERNEL_SERIES=$(eval echo \\$KERNEL_VERSION_$(uname -m) | sed -e 's#^\\([^.]*\\)\\.\\([^.]*\\).*$#\\1.\\2.x#') ; /bin/sh -c \"$1\"", "-" ] +# build for all arches +FROM kernel-build-${TARGET_ARCH} AS kernel-build # We copy the entire directory. This copies some unneeded files, but # allows us to check for the existence /patches-${KERNEL_SERIES} to # build kernels without patches. COPY / / -# Download and verify kernel -# PGP keys: 589DA6B1 (greg@kroah.com) & 6092693E (autosigner@kernel.org) & 00411886 (torvalds@linux-foundation.org) -RUN KERNEL_VERSION="$(eval echo \$KERNEL_VERSION_"$(uname -m)")" && KERNEL_MAJOR="$(echo "$KERNEL_VERSION" | cut -f1 -d.)" && \ - KERNEL_SOURCE=${KERNEL_SOURCE:-https://www.kernel.org/pub/linux/kernel/v${KERNEL_MAJOR}.x/linux-${KERNEL_VERSION}.tar.xz} && \ - KERNEL_SHA256_SUMS=${KERNEL_SHA256_SUMS:-https://www.kernel.org/pub/linux/kernel/v${KERNEL_MAJOR}.x/sha256sums.asc} && \ - KERNEL_PGP2_SIGN=${KERNEL_PGP2_SIGN:-https://www.kernel.org/pub/linux/kernel/v${KERNEL_MAJOR}.x/linux-${KERNEL_VERSION}.tar.sign} && \ - curl -fsSLO ${KERNEL_SHA256_SUMS} && \ - gpg2 -q --import keys.asc && \ +ARG KERNEL_SOURCE=https://www.kernel.org/pub/linux/kernel/v${KERNEL_MAJOR}.x/linux-${KERNEL_VERSION}.tar.xz +ARG KERNEL_SHA256_SUMS=https://www.kernel.org/pub/linux/kernel/v${KERNEL_MAJOR}.x/sha256sums.asc +ARG KERNEL_PGP2_SIGN=https://www.kernel.org/pub/linux/kernel/v${KERNEL_MAJOR}.x/linux-${KERNEL_VERSION}.tar.sign + + +RUN gpg2 -q --import keys.asc && \ gpg2 --verify sha256sums.asc && \ KERNEL_SHA256=$(grep linux-${KERNEL_VERSION}.tar.xz sha256sums.asc | cut -d ' ' -f 1) && \ - [ -f linux-${KERNEL_VERSION}.tar.xz ] || curl -fsSLO ${KERNEL_SOURCE} && \ + [ -f linux-${KERNEL_VERSION}.tar.xz ] || mv /tmp/linux-${KERNEL_VERSION}.tar.xz . && \ echo "${KERNEL_SHA256} linux-${KERNEL_VERSION}.tar.xz" | sha256sum -c - && \ xz -d linux-${KERNEL_VERSION}.tar.xz && \ - curl -fsSLO ${KERNEL_PGP2_SIGN} && \ gpg2 --verify linux-${KERNEL_VERSION}.tar.sign linux-${KERNEL_VERSION}.tar && \ cat linux-${KERNEL_VERSION}.tar | tar --absolute-names -x && mv /linux-${KERNEL_VERSION} /linux && \ rm -rf /out && mkdir /out && echo "KERNEL_SOURCE=${KERNEL_SOURCE}" > /out/kernel-source-info # Apply local patches WORKDIR /linux -RUN set -e ; [ ! -d /patches-"${KERNEL_SERIES}" ] || for patch in /patches-"${KERNEL_SERIES}"/*.patch; do \ +RUN set -e ; KERNEL_SERIES=${KERNEL_VERSION%.*}.x; \ + [ ! -d /patches-"${KERNEL_SERIES}" ] || for patch in /patches-"${KERNEL_SERIES}"/*.patch; do \ echo "Applying $patch"; \ patch -p1 < "$patch"; \ done @@ -60,6 +75,7 @@ RUN case $(uname -m) in \ KERNEL_DEF_CONF=/linux/arch/riscv/configs/defconfig; \ ;; \ esac && \ + KERNEL_SERIES=${KERNEL_VERSION%.*}.x; \ cp /kernel_config-${KERNEL_SERIES}-$(uname -m) ${KERNEL_DEF_CONF}; \ if [ -n "${EXTRA}" ]; then \ sed -i "s/CONFIG_LOCALVERSION=\"-linuxkit\"/CONFIG_LOCALVERSION=\"-linuxkit${EXTRA}\"/" ${KERNEL_DEF_CONF}; \ @@ -100,7 +116,10 @@ ENV ZFS_PATCH_DIR=/patches-zfs-"${ZFS_VERSION}" WORKDIR /tmp/zfs -RUN git clone --depth 1 -b ${ZFS_COMMIT} ${ZFS_REPO} . +ADD ${ZFS_REPO}/tarball/${ZFS_COMMIT} /zfs.tgz +RUN tar -zxvf /zfs.tgz && \ + mv openzfs-zfs-* . && \ + rm /zfs.tgz RUN set -e; \ if [ ! -d "${ZFS_PATCH_DIR}" ]; then \ echo "No such dir ${ZFS_PATCH_DIR}"; \ diff --git a/pkg/new-kernel/build.yml b/pkg/new-kernel/build.yml index c74604ecfcc..1d73a0328ac 100644 --- a/pkg/new-kernel/build.yml +++ b/pkg/new-kernel/build.yml @@ -1,3 +1,2 @@ image: eve-new-kernel org: lfedge -network: yes diff --git a/pkg/newlog/build.yml b/pkg/newlog/build.yml index ad9b892ae1e..7f08bf8e2c2 100644 --- a/pkg/newlog/build.yml +++ b/pkg/newlog/build.yml @@ -1,6 +1,5 @@ image: eve-newlog org: lfedge -network: yes config: binds: - /dev:/dev diff --git a/pkg/pillar/Dockerfile b/pkg/pillar/Dockerfile index 2b9436008f0..1f32fb3da0c 100644 --- a/pkg/pillar/Dockerfile +++ b/pkg/pillar/Dockerfile @@ -19,16 +19,18 @@ ARG DEV=n ENV BUILD_PKGS git gcc linux-headers libc-dev make linux-pam-dev m4 findutils go util-linux make patch wget \ libintl libuuid libtirpc libblkid libcrypto1.1 zlib ENV PKGS alpine-baselayout musl-utils libtasn1-progs pciutils yajl xz bash iptables ip6tables iproute2 dhcpcd \ - coreutils dmidecode libbz2 libuuid ipset curl radvd ethtool util-linux e2fsprogs libcrypto1.1 xorriso \ + coreutils dmidecode libbz2 libuuid ipset radvd ethtool util-linux e2fsprogs libcrypto1.1 xorriso \ qemu-img jq e2fsprogs-extra keyutils ca-certificates ip6tables-openrc iptables-openrc ipset-openrc hdparm \ libintl libtirpc libblkid zlib RUN eve-alpine-deploy.sh -WORKDIR /go/src/github.com/google -RUN git clone https://github.com/google/fscrypt +ENV FSCRYPT_COMMIT=b41569d397d3e66099cde07d8eef36b2f42dd0ec WORKDIR /go/src/github.com/google/fscrypt -RUN git reset --hard b41569d397d3e66099cde07d8eef36b2f42dd0ec -COPY fscrypt/* ./ +ADD https://github.com/google/fscrypt/tarball/${FSCRYPT_COMMIT} /fscrypt.tgz +RUN tar -zxvf /fscrypt.tgz && \ + mv google-fscrypt-*/* . && \ + rm -rf google-fscrypt-* && \ + rm /fscrypt.tgz RUN patch -p1 < patch01-no-pam.diff && \ patch -p1 < patch02-rotate-raw-key.diff && \ patch -p1 < patch03-vendor.diff && \ diff --git a/pkg/pillar/build.yml b/pkg/pillar/build.yml index d856a71117d..8995f4fbcc9 100644 --- a/pkg/pillar/build.yml +++ b/pkg/pillar/build.yml @@ -4,7 +4,6 @@ # SPDX-License-Identifier: Apache-2.0 org: lfedge image: eve-pillar -network: yes config: binds: - /lib/modules:/lib/modules diff --git a/pkg/storage-init/build.yml b/pkg/storage-init/build.yml index 40446cb94a2..d88b70cb9a1 100644 --- a/pkg/storage-init/build.yml +++ b/pkg/storage-init/build.yml @@ -4,7 +4,6 @@ # SPDX-License-Identifier: Apache-2.0 org: lfedge image: eve-storage-init -network: yes config: binds: - /:/hostfs diff --git a/pkg/test-microsvcs/build.yml b/pkg/test-microsvcs/build.yml index 4e5ea99981d..21df6444372 100644 --- a/pkg/test-microsvcs/build.yml +++ b/pkg/test-microsvcs/build.yml @@ -1,3 +1,2 @@ org: lfedge image: eve-test-microsvcs -network: yes diff --git a/pkg/u-boot/Dockerfile b/pkg/u-boot/Dockerfile index 8ee1219b6d2..a2ab025942c 100644 --- a/pkg/u-boot/Dockerfile +++ b/pkg/u-boot/Dockerfile @@ -1,5 +1,5 @@ -FROM lfedge/eve-alpine:145f062a40639b6c65efa36bed1c5614b873be52 as build -ENV BUILD_PKGS bash binutils-dev build-base bc curl bison flex openssl-dev python3 swig +FROM lfedge/eve-alpine:145f062a40639b6c65efa36bed1c5614b873be52 as build-base +ENV BUILD_PKGS bash binutils-dev build-base bc bison flex openssl-dev python3 swig ENV BUILD_PKGS_amd64 python3-dev py-pip RUN eve-alpine-deploy.sh @@ -7,26 +7,38 @@ SHELL ["/bin/bash", "-eo", "pipefail", "-c"] ENV VERSION v2021.10 ENV SOURCE_URL https://github.com/u-boot/u-boot/archive/${VERSION}.tar.gz -ENV RAPBERRY_FIRMWARE_BLOBS_VERSION 1.20211007 -ENV RAPBERRY_FIRMWARE_BLOBS https://github.com/raspberrypi/firmware/raw/${RAPBERRY_FIRMWARE_BLOBS_VERSION} -ENV TARGET_x86_64 qemu-x86_64_defconfig -ENV TARGET_aarch64 rpi_4_defconfig -ENV TARGET_riscv64 qemu-riscv64_smode_defconfig +ENV RASPBERRY_FIRMWARE_BLOBS_VERSION 1.20211007 +ENV RASPBERRY_FIRMWARE_BLOBS https://github.com/raspberrypi/firmware/raw/${RASPBERRY_FIRMWARE_BLOBS_VERSION} -RUN curl -fsSL ${SOURCE_URL} | tar -C / -xzf - && mv /u-boot* /u-boot +ADD ${SOURCE_URL} /uboot.tar.gz +RUN tar -C / -xzf /uboot.tar.gz && mv /u-boot* /u-boot WORKDIR /u-boot -# FIXME: we need to get to the bottom of this weird workaround on x86/Alpine -RUN [ "$(uname -m)" != x86_64 ] || sed -ie 's#CONFIG_IS_ENABLED(X86_64)#1#' ./arch/x86/include/asm/byteorder.h COPY patches /tmp/patches -RUN if [ "$(uname -m)" != x86_64 ]; then\ - for p in /tmp/patches/patches-"${VERSION}"/*.patch ; do patch -p1 < "$p" || exit 1 ; done;\ - fi + + +FROM build-base AS build-amd64 +ENV TARGET qemu-x86_64_defconfig + +FROM build-base AS build-arm64 +ENV TARGET rpi_4_defconfig +# FIXME: we need to get to the bottom of this weird workaround on x86/Alpine +RUN sed -ie 's#CONFIG_IS_ENABLED(X86_64)#1#' ./arch/x86/include/asm/byteorder.h +RUN for p in /tmp/patches/patches-"${VERSION}"/*.patch ; do patch -p1 < "$p" || exit 1 ; done + +FROM build-base AS build-riscv64 +ENV TARGET qemu-riscv64_smode_defconfig +# FIXME: we need to get to the bottom of this weird workaround on x86/Alpine +RUN sed -ie 's#CONFIG_IS_ENABLED(X86_64)#1#' ./arch/x86/include/asm/byteorder.h +RUN for p in /tmp/patches/patches-"${VERSION}"/*.patch ; do patch -p1 < "$p" || exit 1 ; done + +FROM build-${TARGET_ARCH} AS build + # need to tweak u-boot config with our local settings COPY config /tmp/ -RUN cat /tmp/config >> "configs/$(eval echo \$TARGET_"$(uname -m)")" +RUN cat /tmp/config >> "configs/${TARGET} # generate default config for the target -RUN eval make \$TARGET_"$(uname -m)" +RUN eval make $TARGET RUN make -j "$(getconf _NPROCESSORS_ONLN)" # export a final set of u-boot artifacts into /boot @@ -34,9 +46,9 @@ RUN mkdir /boot && cp /u-boot/u-boot.bin /boot # FIXME: copy RPi4 dtb COPY rpi /tmp/rpi # download blobs for raspberry -d YYY +ADD ${RASPBERRY_FIRMWARE_BLOBS}/boot/fixup4.dat /tmp/rpi/fixup4.dat +ADD ${RASPBERRY_FIRMWARE_BLOBS}/boot/start4.elf /tmp/rpi/start4.elf RUN if [ "$(uname -m)" = aarch64 ]; then \ - curl -fsSLo /tmp/rpi/fixup4.dat "${RAPBERRY_FIRMWARE_BLOBS}/boot/fixup4.dat" ;\ - curl -fsSLo /tmp/rpi/start4.elf "${RAPBERRY_FIRMWARE_BLOBS}/boot/start4.elf" ;\ for i in /tmp/rpi/overlays/*.dts ; do \ scripts/dtc/dtc -@ -I dts -O dtb -o "${i/.dts/.dtbo}" "$i" && rm "$i" ;\ done ;\ diff --git a/pkg/u-boot/build.yml b/pkg/u-boot/build.yml index 266f6b90e8b..0e28d65f067 100644 --- a/pkg/u-boot/build.yml +++ b/pkg/u-boot/build.yml @@ -1,3 +1,2 @@ image: eve-u-boot org: lfedge -network: yes diff --git a/pkg/uefi/Dockerfile b/pkg/uefi/Dockerfile index 03e6d8a943e..8287cb49625 100644 --- a/pkg/uefi/Dockerfile +++ b/pkg/uefi/Dockerfile @@ -10,37 +10,32 @@ # ./uefi-tools/edk2-build.sh -b DEBUG -b RELEASE all # FROM lfedge/eve-alpine:145f062a40639b6c65efa36bed1c5614b873be52 as build -ENV BUILD_PKGS curl make gcc g++ python3 libuuid nasm util-linux-dev bash git util-linux patch +ENV BUILD_PKGS make gcc g++ python3 libuuid nasm util-linux-dev bash git util-linux patch ENV BUILD_PKGS_amd64 iasl ENV BUILD_PKGS_arm64 iasl RUN eve-alpine-deploy.sh RUN ln -s python3 /usr/bin/python -ENV EDK_VERSION_aarch64 edk2-stable202208 -ENV EDK_COMMIT_aarch64 edk2-stable202208 +COPY edk2-patches /edk2-patches -ENV EDK_VERSION_x86_64 edk2-stable202005 -ENV EDK_COMMIT_x86_64 ca407c7246bf405da6d9b1b9d93e5e7f17b4b1f9 +FROM build AS build-arm64 -ENV SBI_COMMIT cbaa9b0333517b3c25bea8d1c71ac8005ff1f727 +ENV EDK_VERSION edk2-stable202208 +ENV EDK_COMMIT edk2-stable202208 +ADD https://github.com/tianocore/edk2/tarball/${EDK_COMMIT} /edk2.zip +WORKDIR /edk2 +RUN tar -zxvf /edk2.tgz && \ + mv tianocore-edk2-* . && \ + rm -rf tianocore-edk2-* && \ + rm /edk2.tgz +RUN git -C /edk2 submodule update --init -COPY edk2-patches /edk2-patches -RUN if [ "$(uname -m)" != riscv64 ]; then \ - git clone -b "$(eval echo \$EDK_VERSION_"$(uname -m)")" https://github.com/tianocore/edk2.git /edk2 && \ - git -C /edk2 checkout "$(eval echo \$EDK_COMMIT_"$(uname -m)")" && \ - git -C /edk2 submodule update --init; \ - fi -RUN set -e ; [ ! -d /edk2 ] || [ ! -d /edk2-patches/"$(eval echo \$EDK_VERSION_"$(uname -m)")" ] || \ - for patch in /edk2-patches/"$(eval echo \$EDK_VERSION_"$(uname -m)")"/*.patch; do \ +RUN set -e ; [ ! -d /edk2 ] || [ ! -d /edk2-patches/${EDK_VERSION} ] || \ + for patch in /edk2-patches/${EDK_VERSION}/*.patch; do \ echo "Applying $patch"; \ patch -d /edk2 -p1 < "$patch" || exit 1 ; \ done -RUN if [ "$(uname -m)" = riscv64 ]; then \ - git clone https://github.com/riscv/opensbi.git /opensbi && \ - git -C /opensbi checkout ${SBI_COMMIT}; \ - fi - WORKDIR /edk2 COPY build.sh /edk2/ RUN ./build.sh @@ -50,7 +45,45 @@ RUN rm -rf /out && mkdir /out && cp /edk2/OVMF*.fd /out && if [ "$(uname -m)" = # FIXME: we should be building Raspbery Pi 4 UEFI implementations COPY rpi /tmp/rpi -RUN if [ "$(uname -m)" = aarch64 ]; then cp -r /tmp/rpi /out/ ;fi +RUN cp -r /tmp/rpi /out/ ;fi + + + +FROM build AS build-amd64 + +ENV EDK_VERSION edk2-stable202005 +ENV EDK_COMMIT ca407c7246bf405da6d9b1b9d93e5e7f17b4b1f9 +ADD https://github.com/tianocore/edk2/tarball/${EDK_COMMIT} /edk2.tgz +WORKDIR /edk2 +RUN tar -zxvf /edk2.tgz && \ + mv tianocore-edk2-* . && \ + rm -rf tianocore-edk2-* && \ + rm /edk2.tgz git -C /edk2 submodule update --init + +RUN set -e ; [ ! -d /edk2 ] || [ ! -d /edk2-patches/${EDK_VERSION} ] || \ + for patch in /edk2-patches/${EDK_VERSION}/*.patch; do \ + echo "Applying $patch"; \ + patch -d /edk2 -p1 < "$patch" || exit 1 ; \ + done + +WORKDIR /edk2 +COPY build.sh /edk2/ +RUN ./build.sh + +# now create an out dir for all the artifacts +RUN rm -rf /out && mkdir /out && cp /edk2/OVMF*.fd /out && cp /edk2/*.rom /out/ + + +FROM build AS build-riscv64 + +ENV SBI_COMMIT cbaa9b0333517b3c25bea8d1c71ac8005ff1f727 +ADD https://github.com/riscv/opensbi/tarball/${SBI_COMMIT} /opensbi.tgz + +WORKDIR /opensbi +RUN tar -zxvf /opensbi.tgz && \ + mv riscv-opensbi-* . && \ + rm -rf riscv-opensbi-* && \ + rm /opensbi.tgz FROM scratch -COPY --from=build /out/* / +COPY --from=build-${TARGET_ARCH} /out/* / diff --git a/pkg/uefi/build.yml b/pkg/uefi/build.yml index e49835d8468..19c0b0ebb6c 100644 --- a/pkg/uefi/build.yml +++ b/pkg/uefi/build.yml @@ -1,3 +1,2 @@ image: eve-uefi org: lfedge -network: yes diff --git a/pkg/vtpm/Dockerfile b/pkg/vtpm/Dockerfile index 7838e7424e5..3a366e49b29 100644 --- a/pkg/vtpm/Dockerfile +++ b/pkg/vtpm/Dockerfile @@ -24,17 +24,21 @@ WORKDIR /autoconf-archive-2019.01.06 RUN ./configure --datarootdir=/usr/share/ && \ make && make install -WORKDIR / -RUN git clone --branch=2.3.1 https://github.com/tpm2-software/tpm2-tss WORKDIR /tpm2-tss +ADD https://github.com/tpm2-software/tpm2-tss/tarball/2.3.1 /tpm2-tss.tgz +RUN tar -zxvf /tpm2-tss.tgz && \ + mv tpm2-software-tpm2-tss-* . && \ + rm /tpm2-tss.tgz RUN ./bootstrap && \ ./configure --disable-dependency-tracking && \ make && \ make install -WORKDIR / -RUN git clone --branch=4.0.1-rc0 https://github.com/tpm2-software/tpm2-tools WORKDIR /tpm2-tools +ADD https://github.com/tpm2-software/tpm2-tools/tarball/4.0.1-rc0 /tpm2-tools.tgz +RUN tar -zxvf /tpm2-tools.tgz && \ + mv tpm2-software-tpm2-tools-* . && \ + rm /tpm2-tools.tgz COPY patch-tpm2-tools.diff . RUN patch -p1 < patch-tpm2-tools.diff && \ ./bootstrap && ./configure && make diff --git a/pkg/vtpm/build.yml b/pkg/vtpm/build.yml index c19a0c6e9b8..5b2c482350d 100644 --- a/pkg/vtpm/build.yml +++ b/pkg/vtpm/build.yml @@ -1,6 +1,5 @@ image: eve-vtpm org: lfedge -network: yes config: binds: - /dev:/dev diff --git a/pkg/wlan/build.yml b/pkg/wlan/build.yml index 70c9a2d4812..3c7cc95c592 100644 --- a/pkg/wlan/build.yml +++ b/pkg/wlan/build.yml @@ -1,6 +1,5 @@ image: eve-wlan org: lfedge -network: yes config: binds: - /lib/modules:/lib/modules diff --git a/pkg/wwan/Dockerfile b/pkg/wwan/Dockerfile index 7121955d57f..6c3326cfd90 100644 --- a/pkg/wwan/Dockerfile +++ b/pkg/wwan/Dockerfile @@ -5,28 +5,52 @@ ENV BUILD_PKGS automake autoconf gettext gettext-dev git pkgconfig \ ENV PKGS alpine-baselayout musl-utils ppp jq glib RUN eve-alpine-deploy.sh +ENV LIBUBOX_COMMIT=7da66430 +ENV JSONC_COMMIT=ed54353d +ENV INOTIFY_TOOLS_COMMIT=3.20.11.0 +ENV PICOCOM_COMMIT=1acf1ddabaf3576b +ENV LIBQMI_COMMIT=1.26.2 +ENV LIBMBIM_COMMIT=1.24.2 + WORKDIR / -RUN git clone https://git.openwrt.org/project/libubox.git -RUN git clone https://github.com/json-c/json-c.git -RUN git clone https://gitlab.freedesktop.org/mobile-broadband/libqmi -RUN git clone https://gitlab.freedesktop.org/mobile-broadband/libmbim -RUN git clone https://github.com/inotify-tools/inotify-tools -RUN git clone https://github.com/npat-efault/picocom.git +ADD https://git.openwrt.org/project/libubox/tarball/${LIBUBOX_COMMIT} /libubox.tgz +ADD https://github.com/json-c/json-c/tarball/${JSONC_COMMIT} /jsonc.tgz +ADD https://github.com/inotify-tools/inotify-tools/tarball/${INOTIFY_TOOLS_COMMIT} /inotify_tools.tgz +ADD https://github.com/npat-efault/picocom/tarball/${PICOCOM_COMMIT} /picocom.tgz +ADD https://gitlab.freedesktop.org/mobile-broadband/libqmi/-/archive/${LIBQMI_COMMIT}/libqmi-${LIBQMI_COMMIT}.zip /libqmi.zip +ADD https://gitlab.freedesktop.org/mobile-broadband/libmbim/-/archive/${LIBMBIM_COMMIT}/libmbim-${LIBMBIM_COMMIT}.zip /libmbim.zip + +RUN tar -zxvf /libubox.tgz && \ + mv project-libubox-* libubox && \ + rm /libubox.tgz +RUN tar -zxvf /jsonc.tgz && \ + mv json-c-* jsonc && \ + rm /jsonc.tgz +RUN tar -zxvf /inotify_tools.tgz && \ + mv inotify-tools-* inotify-tools && \ + rm /inotify_tools.tgz +RUN tar -zxvf /picocom.tgz && \ + mv npat-efault-picocom-* picocom && \ + rm /picocom.tgz +RUN unzip /libqmi-${LIBQMI_COMMIT}.zip && \ + mv libqmi-${LIBQMI_COMMIT} libqmi && \ + rm /libqmi-${LIBQMI_COMMIT}.zip +RUN unzip /libmbim-${LIBMBIM_COMMIT}.zip && \ + mv libmbim-${LIBMBIM_COMMIT} libmbim && \ + rm /libmbim-${LIBMBIM_COMMIT}.zip WORKDIR /json-c -RUN git checkout ed54353d && ./autogen.sh && ./configure && make install +RUN ./autogen.sh && ./configure && make install WORKDIR /libubox -RUN git checkout 7da66430 && cmake . -DBUILD_LUA=OFF -DBUILD_EXAMPLES=OFF && make install +RUN cmake . -DBUILD_LUA=OFF -DBUILD_EXAMPLES=OFF && make install WORKDIR /libmbim -RUN git checkout 1.24.2 COPY patches/libmbim/*.patch /tmp/patches/libmbim/ RUN for patch in /tmp/patches/libmbim/*.patch ; do patch -p1 < "$patch" ; done RUN ./autogen.sh && ./configure --prefix=/usr && make && make install WORKDIR /libqmi -RUN git checkout 1.26.2 COPY patches/libqmi/*.patch /tmp/patches/libqmi/ RUN for patch in /tmp/patches/libqmi/*.patch ; do patch -p1 < "$patch" ; done RUN ./autogen.sh --without-udev && ./configure --prefix=/usr --without-udev --enable-mbim-qmux && make && make install diff --git a/pkg/wwan/build.yml b/pkg/wwan/build.yml index 7ce79253e30..ad343a750cc 100644 --- a/pkg/wwan/build.yml +++ b/pkg/wwan/build.yml @@ -1,6 +1,5 @@ image: eve-wwan org: lfedge -network: yes config: binds: - /lib/modules:/lib/modules diff --git a/pkg/xen-tools/Dockerfile b/pkg/xen-tools/Dockerfile index cd980c69d66..206f3652aa0 100644 --- a/pkg/xen-tools/Dockerfile +++ b/pkg/xen-tools/Dockerfile @@ -19,7 +19,7 @@ ENV BUILD_PKGS \ gcc make libc-dev dev86 xz-dev perl bash python3-dev \ gettext iasl util-linux-dev ncurses-dev glib-dev \ pixman-dev libaio-dev yajl-dev argp-standalone \ - linux-headers git patch texinfo curl tar libcap-ng-dev \ + linux-headers git patch texinfo tar libcap-ng-dev \ attr-dev flex bison cmake libusb-dev ENV BUILD_PKGS_arm64 dtc-dev @@ -38,9 +38,8 @@ ENV LIBURING_VERSION 0.7 ENV LIBURING_SOURCE=https://git.kernel.dk/cgit/liburing/snapshot/liburing-${LIBURING_VERSION}.tar.bz2 # Download and verify liburing -RUN \ - [ -f "$(basename ${LIBURING_SOURCE})" ] || curl -fsSLO "${LIBURING_SOURCE}" && \ - tar --absolute-names -xj < "$(basename ${LIBURING_SOURCE})" && mv "/liburing-${LIBURING_VERSION}" /liburing +ADD ${LIBURING_SOURCE} /liburing.tar.bz2 +RUN tar --absolute-names -xj < /liburing.tar.bz2 && mv "/liburing-${LIBURING_VERSION}" /liburing WORKDIR /liburing RUN ./configure --prefix=/usr @@ -60,9 +59,8 @@ WORKDIR / # Download and verify xen #TODO: verify Xen -RUN \ - [ -f "$(basename ${XEN_SOURCE})" ] || curl -fsSLO "${XEN_SOURCE}" && \ - tar --absolute-names -xz < "$(basename ${XEN_SOURCE})" && mv "/xen-${XEN_VERSION}" /xen +ADD ${XEN_SOURCE} /xen.tar.gz +RUN tar --absolute-names -xz < /xen.tar.gz && mv "/xen-${XEN_VERSION}" /xen # Apply local patches COPY patches-${XEN_VERSION} /patches diff --git a/pkg/xen-tools/build.yml b/pkg/xen-tools/build.yml index d249321e3b4..ca7e226c2b2 100644 --- a/pkg/xen-tools/build.yml +++ b/pkg/xen-tools/build.yml @@ -1,6 +1,5 @@ image: eve-xen-tools org: lfedge -network: yes config: binds: - /run:/run diff --git a/pkg/xen/Dockerfile b/pkg/xen/Dockerfile index 16573719e0a..e97b6fa2ba5 100644 --- a/pkg/xen/Dockerfile +++ b/pkg/xen/Dockerfile @@ -1,7 +1,7 @@ FROM lfedge/eve-alpine:145f062a40639b6c65efa36bed1c5614b873be52 as kernel-build ENV BUILD_PKGS argp-standalone automake bash bc binutils-dev bison build-base \ - curl diffutils flex git gmp-dev gnupg installkernel kmod \ + diffutils flex git gmp-dev gnupg installkernel kmod \ elfutils-dev openssl-dev linux-headers ncurses-dev python3 \ sed squashfs-tools tar xz xz-dev zlib-dev libunwind-dev ENV BUILD_PKGS_arm64 uboot-tools @@ -13,9 +13,8 @@ ENV XEN_SOURCE=https://downloads.xenproject.org/release/xen/${XEN_VERSION}/xen-$ # Download and verify xen #TODO: verify Xen -RUN \ - [ -f "$(basename ${XEN_SOURCE})" ] || curl -fsSLO "${XEN_SOURCE}" && \ - tar --absolute-names -xz < "$(basename ${XEN_SOURCE})" && mv "/xen-${XEN_VERSION}" /xen +ADD ${XEN_SOURCE} /xen.tar.gz +RUN tar --absolute-names -xz < /xen.tar.gz && mv "/xen-${XEN_VERSION}" /xen WORKDIR /xen/xen COPY *.patch arch /tmp/ diff --git a/pkg/xen/build.yml b/pkg/xen/build.yml index 1453c5575b2..6bd8253c16f 100644 --- a/pkg/xen/build.yml +++ b/pkg/xen/build.yml @@ -1,3 +1,2 @@ image: eve-xen org: lfedge -network: yes