Commit Graph

41 Commits

Author SHA1 Message Date
Florian Bezdeka
7ac9debaff kas-docker: Podman: Update podman flags to make isar builds working
The --permissive and --cap-add options are conflicting for podman.
--permissive tells podman to enable all capabilities so additional
--cap-add options are not allowed / supported.

Signed-off-by: Florian Bezdeka <florian@bezdeka.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2020-07-15 13:41:04 +02:00
Florian Bezdeka
1688d60177 kas-docker: Podman: Update podman flags to make non-isar builds working
The following flags were added:
  --userns=keep-id:
    By default podman maps the user that is executing the podman run
    command into the container as root user. That is not what the kas
    entrypoint inside the container expects. Using keep-id tells podman
    to use the expected 1:1 mapping. The entrypoint is able to create
    the build user as expected.

  --security-opt label=disable:
    This is for SELinux enabled systems only. When running on SELinux
    enabled systems the volumes assigned to the container would not be
    accessible at all. The alternative to disable the labeling would
    be passing the "z" or "Z" flag to all volumes (-v) which may be
    even more dangerous.

Signed-off-by: Florian Bezdeka <florian@bezdeka.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2020-07-15 13:40:50 +02:00
Claudius Heine
f2c68e6862 kas-docker: fix shellcheck warnings
Signed-off-by: Claudius Heine <ch@denx.de>
[Jan: tiny indention fix]
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2020-06-29 16:31:01 +02:00
Vijai Kumar K
a48ae6a7fa kas-docker: Fix bad substitution error
kas-docker uses sh shell, which doesnot support pattern substitution
like bash. Replace Bash like pattern substitution with sed.

Signed-off-by: Vijai Kumar K <Vijaikumar_Kanagarajan@mentor.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2020-06-19 10:38:52 +02:00
Harald Seiler
a5dc5f8663 kas-docker: Add support for podman
On many modern Linux systems, docker no longer works because they only
have cgroups v2 support.  To use kas in a container on these systems,
one can resort to using podman.  Add support for this alternative docker
engine to kas-docker.

Now, kas-docker searches for the first available engine in "docker,
podman" or, if the KAS_DOCKER_ENGINE environment variable is set, will
force the specified engine.

Signed-off-by: Harald Seiler <hws@denx.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2020-06-03 12:00:11 +02:00
Paul Barker
f03f79c814 kas-docker: Allow extra bitbake arguments to be passed
Signed-off-by: Paul Barker <pbarker@konsulko.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2020-06-02 08:35:37 +02:00
Claudius Heine
116853cbb4 kas-docker: switch to /bin/bash as SHELL per default
In case SHELL is `/usr/bin/bash`, `/usr/bin/zsh` or something else that
is not available in the kas docker container, fall back to `/bin/bash`.

Signed-off-by: Claudius Heine <ch@denx.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2020-05-29 14:22:40 +02:00
Jan Kiszka
d02e87a0a7 Release 2.1.1 2020-05-19 08:03:26 +02:00
Jan Kiszka
68809708e8 Release 2.1 2020-05-19 07:30:20 +02:00
Jan Kiszka
378457b2c8 kas-docker: Make loop device passing optional
This used to be required in older Isar versions (prio to commit
8b8a339cfaa4) for one configuration. It may still be required by
downstream layers, though it can be avoided. To overcome this
potential need to enter the host's root password without breaking those
cases, keep the feature but make it explicit (--with-loop-dev option).

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2020-05-15 18:37:18 +02:00
Jan Kiszka
385e42ff11 kas-docker: Warn when running as root
While this works from kas perspective, some build recipes will no like
to be run with ID 0 and may either fail loudly or subtly. Better warn
when a user applies sudo on kas-docker or otherwise runs it from a root
shell.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2020-05-15 18:37:13 +02:00
Claudius Heine
96df30a80f kas-docker: add aws-dir command parameter
The `--aws-dir` parameter for the kas-docker script allows to specify a
AWScli config directory which will then be mounted to `/etc/skel/.aws`
and copied by kas into the internal home directory using the `AWS_*`
environment variables.

Signed-off-by: Claudius Heine <ch@denx.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2020-05-05 14:34:31 +02:00
Jan Kiszka
1c1e3e592a kas-docker: Fix error message
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2020-03-18 17:02:46 +01:00
Jan Kiszka
789d3aa604 kas-docker: Fix a shellcheck warning
Resolves "SC2145: Argument mixes string and array". Harmless here, but
the result looks nicer anyway.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2020-03-18 17:02:46 +01:00
Jan Kiszka
a1d9ae15e0 kas-docker: Add support for spaces in paths
This requires consistent quoting of related variables. Furthermore, the
eval in trace() has to be removed, and along with it the additional
single-tick quotes of some parameters.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2020-03-18 17:01:44 +01:00
Jan Kiszka
5932dc77ff kas-docker: Eliminate intermediate DOCKER_ARGS variable
This will allow passing of all docker arguments in a properly quoted
way. More of them will need that in order to support paths with spaces.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2020-03-17 15:07:04 +01:00
Jan Kiszka
d96a26f1c8 kas-docker: Simplify SHELL variable passing
The SHELL variable we pass can neither contain spaces nor newlines - we
check for supported values. Simplify the related assignment.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2020-03-17 15:03:38 +01:00
Jan Kiszka
1ba260deeb kas-docker: Fix clean of non-isar builddirs
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2020-03-17 09:46:18 +01:00
Jan Kiszka
141476203d Release 2.0 2019-11-20 06:53:15 +01:00
Jan Kiszka
e9ca55a239 Release 1.1 2019-10-01 16:21:40 +02:00
Jan Kiszka
8558b566d9 build: Add -c and --cmd as aliases for --task
This aligns us with bitbake. Moreover, -c/--cmd is easier to tell apart
from --target. Keep --task for backward compatibility.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2019-08-31 12:30:53 +02:00
Jan Kiszka
08a1326825 kas-docker: Reformat help output
Make sure to fit into 80 columns.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2019-08-30 13:41:16 +02:00
Jan Kiszka
f3f004f4ea kas-docker: Allow to define docker image revision
By default, we pull latest when running kas-docker. That may not be
desired in all cases, e.g. testing different image revisions or nailing
down those used in a build. Allow to override the default via the
environment variable KAS_IMAGE_VERSION.

For now, we stick with the default "latest", but we may also hard-code
the last release here at some later point.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2019-08-23 15:24:36 +02:00
Jan Kiszka
1988cdd26b kas-docker: Propagate only supported SHELL settings
Other values will cause the container to fail because the shell binary
is missing. This avoids non-obvious failures when the host SHELL is
configured differently.

Reported-by: Phillipp von Rotenhan <phillipp.von_rotenhan.ext@siemens.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2019-08-08 14:48:52 +02:00
Jan Kiszka
3eab427cc0 kas-docker: Restore KAS_PREMIRRORS support
Got broken by the merge in 0cb5d17e33.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Daniel Wagner <daniel.wagner@siemens.com>
2019-02-18 14:54:46 +01:00
Hosgor, Tolga (CT RDA DS EU TR MTS)
0cb5d17e33 kas-docker: add --no-proxy-from-env option
Allow kas-docker to use proxy configuration of docker client instead of
inheriting proxy configuration from the current environment.

Signed-off-by: Hosgor, Tolga (CT RDA DS EU TR MTS) <tolga.hosgor@siemens.com>
Signed-off-by: Daniel Wagner <daniel.wagner@siemens.com>
2019-02-14 09:31:44 +01:00
Jan Kiszka
2f7650bb05 Add KAS_PREMIRRORS support
Analogously to bitbake's PREMIRRORS, this allows to define alternative
sources for repo URLs specified in kas files.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Daniel Wagner <daniel.wagner@siemens.com>
2019-02-14 09:20:35 +01:00
Jan Kiszka
dce5c0029a kas-docker: Enable multi-line variables
We need to double-quote the content of the variables in order to
preserve newlines.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Daniel Wagner <daniel.wagner@siemens.com>
2019-02-14 09:20:34 +01:00
Jan Kiszka
1b6e3f2fb9 kas-docker: Pass in NO_PROXY
Required to control oe-git-proxy exceptions.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Daniel Wagner <daniel.wagner@siemens.com>
2019-02-14 09:20:29 +01:00
Jan Kiszka
dabda7617f kas-docker: Translate all kas files into containter paths
Ensure that all file elements of the kas file parameter are properly
canonicalized and mapped onto the container volume. This is important
when kas-docker is called using relative paths while PWD is not the
repository root.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2019-01-02 16:56:04 +01:00
Henning Schild
ffbfedaa2a kas-docker: fix hg argument for working directory
Signed-off-by: Henning Schild <henning.schild@siemens.com>
2018-12-17 10:53:20 +01:00
Jan Kiszka
280a695ab3 kas-docker: Pass build and shell options into container
This allows invocations like "kas-docker build --task clean kas.yml".

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2018-12-17 10:53:20 +01:00
Jan Kiszka
5a68998ba7 kas-docker: Allow passing multi-word variables into the container
This is complex, not just because we are passing the arguments to the
trace function, but already because they need to be protected in their
structure when unrolling them at the top level. The trick seems to be
using the argument list via set and "$@" to preserve the individual
words. Due to the trace indirection, we additionally need the single
quotes around the variable values.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2018-12-17 10:53:20 +01:00
Jan Kiszka
ccc58c7010 kas-docker: Fix SSH_DIR check
We were missing a closing brace, and the line became rather long as well.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2018-12-17 10:53:20 +01:00
Daniel Wagner
fd58905753 kas-docker: Add missing } to variable derefencing
Reported-by: Henning Schild <henning.schild@siemens.com>
Signed-off-by: Daniel Wagner <daniel.wagner@siemens.com>
2018-12-17 10:50:55 +01:00
Cirujano Cuesta, Silvano
49a6bbfc82 kas-docker: enable passing SSH configs
This commit enables passing the Docker container a directory containing
SSH configuration and optionally SSH identities and list of known SSH
hosts. Basically what you might expect to find in the ~/.ssh directory
of the container.

Signed-off-by: Silvano Cirujano Cuesta <silvano.cirujano-cuesta@siemens.com>
Suggested-by: Henning Schild <henning.schild@siemens.com>
2018-12-14 14:33:45 +01:00
Claudius Heine
98b4d888bc kas-docker: made loop back device setup more idiot proof
I understood the message:

    Setting up loop device requires root privileges

as suggestion that I should start this script as root and hit
^C before `sudo` could prompt for my password.

This patch removes that line and adds a sudo prompt to elaborate on why
root permissions are needed and what is done with them. It also adds a
check if this was unsuccessful and suggests to the user to do it
themselves. This will also be shown if sudo is not installed.

Signed-off-by: Claudius Heine <ch@denx.de>
2018-11-30 11:17:02 +01:00
Jan Kiszka
90ae592ff1 docker: Align also caller's group ID with container
This ensures that both UID and GID of the builder user inside the
container is aligned with the caller of kas-docker - or that of "docker
run" when "-e GROUP_ID=..." is specified.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2018-11-30 11:15:47 +01:00
Cirujano Cuesta, Silvano
0eb2f5edeb kas-docker: make usage printing POSIX compatible
The usage of 'echo -e' for printing the usage message is not POSIX
conform and is not being supported in the default shell of Debian
(dash).

As the 'Rationale' of the POSIX 'printf' documentation states, it was
created "due to irreconcilable differences in the various versions of
echo extant" and it should provide better compatibility throughout
different shells.

Signed-off-by: Silvano Cirujano Cuesta <silvano.cirujano-cuesta@siemens.com>
2018-11-07 14:54:45 +01:00
Jan Kiszka
a84e2c2222 kas-docker: Pass ftp_proxy variable
Forgotten because it's rarely used by now.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2018-10-02 10:38:58 +02:00
Jan Kiszka
6aa0336d36 Add kas-in-docker invocation script
This shall help to standardize the way how to run kas inside a docker
container on a kas file that is locally available. The pattern is

- checkout repo with kas file(s)
- go to directory where the build output should go into
- call "kas-docker build /path/to/kas.yml"

As building Isar images both require a specific docker image (that
could be changed, though) as well as additional privileges (that needs
to be changed in Isar one day), the option "--isar" selects that mode.

And because the output of an Isar build generally contains root-owned
files, the clean command is added which use docker privileges to clean
the build folder, avoiding a "sudo".

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2018-09-10 12:14:31 +02:00