Commit Graph

79 Commits

Author SHA1 Message Date
Jan Kiszka
a560dde924 Release 3.3 2023-06-20 21:26:48 +02:00
Jan Kiszka
7f91df6492 kas-container: Purge tmp* on clean
OpenEmbedded/Yocto expands TMPDIR by TCLIBCAPPEND. That break our -
granted - simplistic clean operation which assumes TMPDIR to be
"${TOPDIR}/tmp". Relax it a bit. This is still safe as we work on the
generally separate build dir.

An alternative to this would be calling kas shell with a concrete
configuration and ask for the actual TMPDIR and also DL_DIR while at it.
Probably doable, but it would require passing of a config file on each
global clean operation.

Isar layers are not expected expand TMPDIR, so keep things as they are
there.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2023-06-18 22:00:46 +02:00
Felix Moessbauer
e9032bc278 kas-container: track repo dir when using menu cmd
When using the kas menu command, we need to track the repository
location outside of the kas container as well. This is required to
prepare the environment for a later kas-container build, as the repo
path inside the container is different from the outside one. For that,
the location of KAS_REPO_DIR is passed via an env-var into the container.
There, this value is picked up by the menu plugin and written to the
.config.yaml file as `_source_host_dir`. When running kas-container build,
we check if the .config.yaml file contains this node and set the
KAS_REPO_DIR accordingly. The schema is extended accordingly.

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
[Jan: rework _source_dir_host extraction to make it usable for menu as well]
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2023-05-30 13:29:12 +02:00
Felix Moessbauer
b06fe8a0b7 kas-container: remove special handling of help sub command
This patch removes the special handling of the -h / --help flag for kas
subcommands. By that, the build system detection logic properly works
and runs the help command in the kas-isar container for ISAR kas files.

While this logically does not make any difference, it avoids to pull the
kas OE container for ISAR builds, just to show the help message.

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2023-05-19 09:16:28 +02:00
Felix Moessbauer
4015a6b384 kas-container: add support to set log-level
This patch forwards the log-level parameter from kas-container to kas
inside the container. For backward compatibility, the -d parameter is
deprecated but kept and also forwarded as-is to kas. By that, a more recent
kas-container script can still be used to run an older kas container.

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2023-05-03 17:25:47 +02:00
Felix Moessbauer
a206f05616 kas-container: mount repos rw when creating lockfile
This patch makes the creation and update of a lockfile more convenient.
When running the dump plugin in inplace mode, a lockfile is created next
to the first file on the kas cmdline. By that, the repo directory also
needs to be mounted rw. Otherwise the kas inside the container cannot
create the file.

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2023-05-03 08:59:52 +02:00
Freundl, Christoph' via kas-devel
8f61dcfeb6 kas: add GIT_CREDENTIAL_USEHTTPPATH environment variable
This allows the configuration of the git option 'credential.usehttppath' if
the used credential helper requires this.

Signed-off-by: Christoph Freundl <Christoph.Freundl@ifm.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2023-04-20 22:53:15 +02:00
Richard Weinberger
10e6df438f kas-container: Report errors from readlink
Currently kas-container fails silently if readlink is unable to resolve
a path.
Add -v to each readlink command to get errors reported.

Before:
$ KAS_BUILD_DIR=/scratch/rwtypo/leia kas-container shell leia.yml
$ echo $?
1

After:
$ KAS_BUILD_DIR=/scratch/rwtypo/leia kas-container shell leia.yml
readlink: /scratch/rwtypo/leia: No such file or directory

Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2023-04-20 22:53:15 +02:00
Stefan Müller-Klieser
1243612a27 kas-container: fix isar setup logic
If we run kas-container with --isar flag and did not set build_system,
we end up calling both enable_isar_mode and enable_oe_mode. This can
trigger:
  Error: keep-id is only supported in rootless mode

Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@phytec.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2023-03-13 12:49:23 +01:00
Jan Kiszka
b9abbd1e63 Release 3.2.3 2023-03-05 10:36:58 +01:00
Felix Moessbauer
06fad464b5 kas-container: mount host paths below /var/kas
As we no longer create the builder user at runtime, placing data into
/etc/skel at runtime is semantically not correct anymore. Instead, we
bind mount host paths below /var/kas/userdata. By that, we now place
the data into a directory which is fully handled by us.

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2023-02-27 16:29:50 +01:00
Felix Moessbauer
b8576ee99e kas-container: mount KAS_REPO_REF_DIR rw
With the added auto-caching logic of the referenced repos in 1c2c859,
kas-container has to mount this directory in read-write mode.
Otherwise, initial clones will fail.

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2023-02-27 12:33:15 +01:00
Jan Kiszka
0e61fdddaf Release 3.2.2 2023-02-13 21:18:57 +01:00
Jan Kiszka
f748c17023 kas-container: Make sure privileged podman will find sbin tools
The user environment may lack /usr/sbin while certain podman
configuration will need, e.g., iptables for the setup. This can cause

Error: plugin type="bridge" failed (add): cni plugin bridge failed: failed to locate iptables: exec: "iptables": executable file not found in $PATH

Resolved that by appending /usr/sbin to the PATH in privileged podman
mode.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2023-02-12 13:45:12 +01:00
Jan Kiszka
492b2c56ab container: Rework uid/gid alignment with caller
Already create the builder user/group during container image build and
only align the IDs in the entrypoint if started with a non-zero USER_ID.
The primary gain is code simplification because this removes some
dynamics from the entrypoint.

As this refactoring avoids that gitlab-ci runners start the container as
root, it was also supposed to resolve the mismatch between the owner of
the checked-out repo and builder user. Unfortunately, this does not work
yet, and the reason is still unclear.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2023-02-07 10:38:27 +01:00
Jan Kiszka
66893480c7 Release 3.2.1 2023-02-02 08:41:17 +01:00
Jan Kiszka
dc44638cd8 Release 3.2 2023-01-17 12:49:44 +01:00
Frieder Schrempf
f3521f82fa kas-container: Fix engine detection when docker is an alias for podman
The current detection mechanism assumes that if the docker command
is available the engine behind is also docker. In fact nowadays a
lot of people use /usr/bin/docker as an alias for podman. In that
case the script expects a docker engine and misses to use
podman-specific settings.

To fix this, run "docker -v" and check if the output indicates a
podman engine or a real docker engine. Otherwise error out as the
enginge is not supported.

Signed-off-by: Frieder Schrempf <frieder.schrempf@kontron.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2023-01-09 13:09:14 +01:00
Felix Moessbauer
53369faf55 add support for the dump plugin in kas-container
This patch adds support to use the dump plugin in kas-container.

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2022-12-13 14:39:14 +01:00
Felix Moessbauer
9bb1af5ecd kas-container: write debug messages to stderr
The kas-container trace / debug infrastructure has to write to stderr to
not interfer with kas output to stdout. Note, that the kas debug
messages already write to stderr. By that, the kas-container script can
be used in pipes similar to a direct invocation of kas.

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2022-11-28 08:35:11 +01:00
Felix Moessbauer
1a2de8daa7 forward DISTRO_APT_PREMIRRORS environment variable
This patch forwards the DISTRO_APT_PREMIRRORS environment variable into
the container when using the kas-container script. This variable is
commonly used to externally set mirrors for debian apt, e.g. in a CI
environment.

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2022-11-15 11:54:34 +01:00
Felix Moessbauer
102c4667d1 forward build-concurrency related env vars
This patch forwards environment variables to control the concurrency and
parallelism of the build to bitbake.
With that, the user can reduce the concurrency in case of running short
on memory. Further, by reducing the concurrency on very large and NUMA
machines, the build sometimes can be significantly speed up.

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2022-10-19 11:02:17 +02:00
Jan Kiszka
cf95cfc57b kas-container: Do not advertise deprecated --docker-args anymore
We still accept it, but we should stop talking about it.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2022-10-19 07:28:33 +02:00
Wadim Klincov
4f51a41ce7 Use correct variable on error output
Use correct variable on error output.

Signed-off-by: Wadim Klincov <wadim@klincov.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2022-09-30 14:04:33 +02:00
Claudius Heine
26a7ab8f48 kas-container: add --log-driver=none as default runtime arg
Container engines per default log all container output into journald
(Podman) or a json file (Docker).

A build with kas-container/bitbake containes lots of useless build
output like progress lines, etc.

In case of Podman, where journald is used, this means that all this is
spammed into the journald buffer and possible also send to ttys or even
serial ttys. This might make sense for containers that output only
status information about running services, but for a build process, this
is mostly just spamming and causes important information to be lost.

Since the stdout/stderr output of the container is used for
kas-container ordinarily, the background logging from the container
image can be deactivated.

Therefor add the `--log-driver=none` parameter to all container
runtimes command lines.

Signed-off-by: Claudius Heine <ch@denx.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2022-09-19 15:56:23 +02:00
Jan Kiszka
d1834dd6bf Release 3.1 2022-08-05 13:17:58 +02:00
Felix Moessbauer
fa8414b660 remove obsolete schroot mntpoint in kas-container
This patch is an addendum to 54ab356f and removes
the external mount used for the schroot.
This is no longer required as the schroot is now
placed in TMPDIR which is already mounted from the host.

This patch does not break backward compatibility, as neither
an ISAR release nor a KAS release happened while this
code path was active.

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2022-08-03 13:01:20 +02:00
Henning Schild
71cf5dc17b add NETRC_FILE to allow passing credentials into kas home
Tools like wget and git can read credentials from $HOME/.netrc for
servers that require authentication. Allow users to pass in a .netrc
file into the kas home dir to support i.e. bitbake https fetching with
auth.

Signed-off-by: Henning Schild <henning.schild@siemens.com>
[Jan: style fix in command-line.rst]
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2022-06-23 17:58:37 +02:00
Florian Bezdeka
2f149509c2 kas-container: Add support for podman >= 4.1
Starting with podman 4.1 the --userns=keep-id flag is no longer ignored
for privileged containers leading to an error when trying to start up
such a container (in our case: for ISAR builds):

  Error: keep-id is only supported in rootless mode

To address that we have to move the --userns=keep-id part to a non-ISAR
specific path.

Reported-by: Wadim Klincov <wadim@klincov.com>
Signed-off-by: Florian Bezdeka <florian.bezdeka@siemens.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2022-06-08 16:45:18 +02:00
Marcus Folkesson
0929101104 kas-container: fix typo in help text
cleanstate -> cleansstate

Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2022-04-06 08:12:04 +02:00
Anders Montonen
7909ee2b18 kas-container: add '--ssh-agent' option
The option mounts the SSH_AUTH_SOCK ssh agent socket, and sets the
environment variable in the container.

Signed-off-by: Anders Montonen <Anders.Montonen@iki.fi>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2022-03-29 09:25:23 +02:00
Jan Kiszka
680c67d756 Release 3.0.2 2022-03-08 15:52:55 +01:00
Jan Kiszka
229310958b Release 3.0.1 2022-03-08 14:31:59 +01:00
Jan Kiszka
41b52b1263 Release 3.0 2022-03-03 12:42:57 +01:00
Ryan Fairfax
32514c8f4f shell: Add option to keep current environment
When doing interactive development via kas shell it is often desirable
to keep the user's customized configuration. The new --preserve-env
argument has been added to support this scenario via an opt in flag.

This flag is blocked  when not running from a TTY or via kas-container
and kas issues a warning to the user about potential unintended side
effects when invoked.

Signed-off-by: Ryan Fairfax <rfairfax@linux.microsoft.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2022-02-26 09:20:53 +01:00
Schmidl, Tobias
87ce7f90d6 kas-container: pass http_proxy et.al through sudo
If used in a podman environment, it's important to pass the http proxy
information down through sudo. This does not happen by default. We also
want to pass the entire environment down to avoid missing any other
environment variable.

Signed-off-by: Tobias Schmidl <tobiasschmidl@siemens.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2022-02-03 07:05:23 +01:00
Uladzimir Bely
54ab356f9f Dockerfile.isar: support of sbuild
Upcoming support of sbuild in Isar requires some additional tools
to be preinstalled.

Also, `builder` user should be in `sbuild` group.

Additionally, to use external volume for schroot overlay because
the 'upper' overlayfs layer of sbuild can't be based on another
overlayfs filesystem that happens in case of using Docker.

Signed-off-by: Uladzimir Bely <ubely@ilbers.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2022-01-28 12:57:40 +01:00
Jan Kiszka
6abf837eab kas-container: Run enable_isar_mode only once
If both --isar is provide and build_system is set, enable_isar_mode will
be called twice that leads to KAS_CONTAINER_COMMAND gaining two "sudo" -
harmless but unneeded.

Reported-by: Florian Bezdeka <florian.bezdeka@siemens.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2022-01-27 12:03:03 +01:00
Jan Kiszka
484a3dda97 kas-container: Add cleansstate and cleanall
To complete the set of clean tasks that OE and Isar offer, add
cleansstate to purge SSTATE_DIR and cleanall also delete DL_DIR.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2022-01-08 10:35:37 +01:00
Jan Kiszka
833a65124e kas-container: Factor out clean into a separate function
The logic will grow, and this better happens outside of the command line
parser.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2022-01-08 10:35:32 +01:00
Jan Kiszka
5297f7d1f3 kas-container: Start init service inside container
This helps reaping zombies if processes do not perform proper cleanups.
Known to stumble is bazel so far, see
https://github.com/bazelbuild/bazel/issues/13823. But as the overhead of
an init service is negligible and problems around this are hard to
debug, we better add this option by default.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2022-01-08 08:30:10 +01:00
Florian Bezdeka
0f5401be19 kas-container: podman: Remove --pid=host
We were using the host PID namespace as workaround for problems related
to binfmt and its missing namespace support. As it turns out after
running a bunch of tests this is no longer necessary.

This patch "reverts" 6b025e4910 ("kas-docker: Podman: Fixing isar builds
failing with exec format errors").

Test matrix:

kas layer               podman 3.4.4        podman 3.0.1       podman 3.4.4
                        on Fedora 35        on Debian 11       on Debian 11
                                                          (podman from testing)
xenomai-images
 ISAR_CROSS_COMPILE = 1     OK                 OK                 OK
 ISAR_CROSS_COMPILE = 0     OK                 OK                 OK

iot-2000                    OK                 FAIL [1]           FAIL [1]

[1] The iot-2000 layer is not ISAR based, so we do not run in privileged
mode for such builds which seems to make a difference when using the
--userns=keep-id argument. As it works on Fedora and the error message
indicates "creating of systemd unit failed" it might by systemd related.

podman run --rm -t -i --userns=keep-id debian:buster-slim
Fedora: OK
Debian: Fail
  Error: OCI runtime error: error creating systemd unit
  `libpod-<snip>.scope`: got `failed`

Signed-off-by: Florian Bezdeka <florian.bezdeka@siemens.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2022-01-08 08:30:03 +01:00
Jan Kiszka
75d1a5cce4 Release 2.6.3 2021-11-29 18:19:12 +01:00
Quirin Gylstorff
2c0486d846 kas-container: Add check for KAS_REPO_REF_DIR
Check if KAS_REPO_REF_DIR exists to avoid an error during
the execution of readlink.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2021-11-06 10:57:15 +01:00
Quirin Gylstorff
9b9bb00c56 kas-container: create KAS_WORK_DIR if it not exists
If KAS_WORK_DIR is set in the executing shell
and does not exists kas-container fails silently
during readlink -f on KAS_BUILD_DIR if the default
"${KAS_WORK_DIR}/build" is used.

Create KAS_WORK_DIR to ensure the subsequent
code execution.

This can be tested by setting KAS_WORK_DIR, e.g.

```
KAS_WORK_DIR="$(pwd)/kas_work" kas-container ...
```

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2021-11-06 10:57:15 +01:00
Jan Kiszka
3ad03d1590 Release 2.6.2 2021-11-02 13:01:21 +01:00
Jan Kiszka
0b394f0bb7 Release 2.6.1 2021-10-22 20:22:20 +02:00
Jan Kiszka
a81ee2c2b1 Release 2.6 2021-10-22 17:40:17 +02:00
Jan Kiszka
da62e0bfbd kas-container: Add support for menu plugin
For this script, this is almost straightforward - except that we need to
extract the static KAS_BUILD_SYSTEM config setting from the selected
Kconfig file so that the correct container image and mode is chosen.

Two new dependencies need to be added to the container image. While
python3-newt can come from Debian, kconfiglib only exists as Python
package. To make sure we are not pulling any other packages via pip,
install kconfiglib upfront. It has no own dependencies, thus can use
--no-deps as well.

Finally, the container-entrypoint needs to be updated to make it aware
of the new plugin.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2021-10-09 15:00:05 +02:00
Jan Kiszka
5fb9067894 Fall back to .config.yaml if no configuration file given
Make the configuration file on the command line optional and fall back
to trying to open the generated .config.yaml instead. This allows the
sequence

kas menu -> save & exit
kas build
kas shell
kas ...

and also makes rebuilding the self-configured image simpler.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2021-10-09 15:00:05 +02:00