Debian Buster comes with version 2.7.1 of git-lfs which does not support
git+ssh yet, therefore we need a newer version of git-lfs for cloning a
repository which uses LFS.
Signed-off-by: Steffen Hieber <steffen.hieber@siemens.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Backport repos have a priority of 100 by default, thus can just be added
with extra pinning. Use explicit release selection on the installation
of qemu-user-static instead, that's simpler.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
To expand the usability of the standard Docker image, move sudo
enablement from Docker.isar.
Signed-off-by: Jon Mason <jdmason@kudzu.us>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Skopeo and Umoci are needed for the new ISAR SDK Container target.
A "manual" backport of Skopeo (and only Skopeo) is needed, since the
repository "buster-backports" doesn't provide it.
Signed-off-by: Silvano Cirujano Cuesta <silvano.cirujano-cuesta@siemens.com>
[Jan: add golang-github-containers-{image,common} to buster list]
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Refactor the workflows so that we can use build-push-action also for
publishing. This is a precondition for switching to buildx, needed for
multi-arch images.
The trick needed for this is using an environment variable to control
whether we should push when building the master branch, initializing it
according to the tag status.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
The leakage of grub artifacts from the building Debian version and the
usage its grub tools was fixed in Isar 0.6 already. No one is expected
to use that old version with latest kas containers, and the presence of
these packages also collide with providing non-x86 versions.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Escape '&' '\&' as sed replace & with the search term.
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
The init script is a bit noisy, so replace it with a direct call of
update-binfmts. That tool unfortunately fails to report missing kernel
support via a proper error code. Catch that by doing an extra check on
the mounted filesystem.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Add the github/ghcr equivalent to travis/dockerhub. With this in place,
we can also deploy the next and latest images to ghcr. Adjust
Dockerfile.isar accordingly. Also update the badge shown in the README.
We model the workflow with github a bit differently than so far: next
and master branch are different workflows. The former includes testing,
the latter just updates the container image. This is based on the
(offline) workflow to push changes to next first and have no commits
in master that haven't been in next before, except for release commits.
The master workflow also triggers on tags in which case it additionally
tags the container images accordingly and pushed that as well.
Travis is removed in the same run to avoid pushing differently built
images to the different registries.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
This is needed for running fakeroot from bullseye and sid which triggers
an unimplemented syscall with the current version.
Due to changes in the new qemu-user-static package, the current approach
to activate its binfmt settings no longer works. Instead, switch to an
explicit call of the binfmt-support in init script.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
This reverts commit 97942197bc.
This is only temporarily in order to release another 1.x version that is
based on stretch. Older Yocto versions, maybe up to 2.4 or 2.5, require
stretch due to incompatibilities with host tools such as git.
After that release, this commit will be restored, and we will roll out a
2.x series that shall use buster in its images.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Fix a bug in the Docker image build process
that delete /var/tmp directory.
Desired is only delete its content.
Signed-off-by: Matteo Facchinetti <matteo.facchinetti@sirius-es.it>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Will become a hard dependency when switching the (currently broken)
patch class of Isar to one derived from OE. Prepare for that.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
It turned out [1] that our current way of setting up binfmt_misc during
container start does not reliably work, namely does not overwrite
incompatible host settings. Running dpkg-reconfigure solves this.
To avoid confusing warnings of the kind
update-binfmts: warning: qemu-aarch64 already enabled in kernel.
we filter them out. That will continue to flood the console with
warnings in case the container is started without privileges.
[1] https://groups.google.com/forum/#!msg/isar-users/2G-Diz0BR1Y/Y0X6eHggCgAJ
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Daniel Wagner <daniel.wagner@siemens.com>
Doing that will allow building arm64 buster images with Isar. The new
qemu works just fine for all older suites like stretch.
Signed-off-by: Henning Schild <henning.schild@siemens.com>
Signed-off-by: Daniel Wagner <daniel.wagner@siemens.com>
Time to move forward, buster is almost in sight. We may break some older
Yocto versions this way, but they can always use older images.
Along this update, this migrates the locale setup towards the
recommendation on https://docs.docker.com/samples/library/debian/#locales.
Furthermore, DEBIAN_FRONTEND=noninteractive is moved to the top-level
Dockerfile - it's generic.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Needed due to upcoming switch from multistrap to debootstrap. The former
can eventually be removed in a later release.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
The stretch version supports multi-thread compression, allowing to
accelerate e.g. artifact compression tasks. The newer version of xz also
seem to resolve mysterious compression failures that created too short
output images.
As we install the stretch source in the base image now, we can remove
that port from the isar image and align both regarding the setup.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Additionally requires to run the container with --privileged - not nice but
unavoidable right now, see also
https://groups.google.com/forum/#!topic/isar-users/Un75m49InjY
Also note that running containers with different binfmt settings
concurrently will cause troubles. Same for the case that the host
requires deviating settings. Use carefully.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Isar requires a number of extra packages compared to a Yocto build. It
also needs a newer e2fsprogs version which can be taken from backports.
Last but not least, its keystone multistrap contains a nasty bug [1]
under in jessie so that we need to pull the updated version from
stretch.
The value of having this image still based on jessie is that it can be
used for both purposes: Yocto (2.1/2.2) and Isar builds. We push it
along the kas core image as kas-isar during the CI run.
Isar still requires some raised privileges. Therefore, the image has to
be started with the additional switches "--cap-add=SYS_ADMIN
--cap-add=MKNOD --device $(/sbin/losetup -f)".
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774698
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
