1. Patchew
  2. Xen
  3. [PATCH for-4.19 v2 00/12] CI: part 3 (slimline, and PPC/RISCV fixes)
  4. View patch

[PATCH 12/12] CI: Refresh and upgrade the GCC-IBT container

Andrew Cooper posted 12 patches 2 months, 1 week ago
[PATCH 12/12] CI: Refresh and upgrade the GCC-IBT container
Posted by Andrew Cooper 2 months, 1 week ago 
Upgrade from Debian buster to bookworm, GCC 11.3 to 11.4 and to be a non-root
container.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Anthony PERARD <anthony.perard@vates.tech>
CC: Juergen Gross <jgross@suse.com>
CC: Roger Pau Monné <roger.pau@citrix.com>
CC: Jan Beulich <JBeulich@suse.com>
CC: Stefano Stabellini <sstabellini@kernel.org>
CC: Julien Grall <julien@xen.org>
CC: Oleksii Kurochko <oleksii.kurochko@gmail.com>
CC: Shawn Anastasio <sanastasio@raptorengineering.com>
---
 ...ockerfile => 12-x86_64-gcc-ibt.dockerfile} | 81 +++++++++++--------
 automation/gitlab-ci/build.yaml               |  4 +-
 automation/scripts/containerize               |  2 +-
 3 files changed, 49 insertions(+), 38 deletions(-)
 rename automation/build/debian/{buster-gcc-ibt.dockerfile => 12-x86_64-gcc-ibt.dockerfile} (50%)

diff --git a/automation/build/debian/buster-gcc-ibt.dockerfile b/automation/build/debian/12-x86_64-gcc-ibt.dockerfile
similarity index 50%
rename from automation/build/debian/buster-gcc-ibt.dockerfile
rename to automation/build/debian/12-x86_64-gcc-ibt.dockerfile
index ed9367aafbec..3ce60e7d9466 100644
--- a/automation/build/debian/buster-gcc-ibt.dockerfile
+++ b/automation/build/debian/12-x86_64-gcc-ibt.dockerfile
@@ -1,28 +1,33 @@
 # syntax=docker/dockerfile:1
-FROM --platform=linux/amd64 debian:buster-slim AS builder
+FROM --platform=linux/amd64 debian:bookworm-slim AS builder
 
 ENV DEBIAN_FRONTEND=noninteractive
-ENV USER root
 
-RUN apt-get update && \
-    apt-get --quiet --yes --no-install-recommends install \
-        bison \
-        build-essential \
-        ca-certificates \
-        flex \
-        g++-multilib \
-        libc6-dev-i386 \
-        libgmp-dev \
-        libisl-dev \
-        libmpc-dev \
-        libmpfr-dev \
-        patch \
+RUN <<EOF
+#!/bin/bash
+    set -e
+    apt-get -y update
+
+    DEPS=(
+        bison
+        build-essential
+        ca-certificates
+        flex
+        g++-multilib
+        libc6-dev-i386
+        libgmp-dev
+        libisl-dev
+        libmpc-dev
+        libmpfr-dev
+        patch
         wget
+    )
 
-RUN mkdir /build
-WORKDIR /build
+    apt-get -y --no-install-recommends install "${DEPS[@]}"
+    rm -rf /var/lib/apt/lists/*
+EOF
 
-RUN wget -q https://ftp.gnu.org/gnu/gcc/gcc-11.3.0/gcc-11.3.0.tar.xz -O - | tar xJ --strip=1
+RUN wget -q https://ftp.gnu.org/gnu/gcc/gcc-11.4.0/gcc-11.4.0.tar.xz -O - | tar xJ --strip=1
 RUN wget -q https://xenbits.xen.org/people/andrewcoop/gcc-11.2-Add-fcf-check-attribute-yes-no.patch -O - | patch -p1
 RUN ./configure \
         --prefix=/opt/gcc-11-ibt \
@@ -42,29 +47,35 @@ RUN ./configure \
 RUN make -j`nproc` && make -j`nproc` install
 
 
-FROM --platform=linux/amd64 debian:buster-slim
+FROM --platform=linux/amd64 debian:bookworm-slim
 COPY --from=builder /opt/gcc-11-ibt /opt/gcc-11-ibt
 
 LABEL maintainer.name="The Xen Project" \
       maintainer.email="xen-devel@lists.xenproject.org"
 
 ENV DEBIAN_FRONTEND=noninteractive
-ENV USER root
 ENV PATH="/opt/gcc-11-ibt/bin:${PATH}"
 
-RUN mkdir /build
-WORKDIR /build
+RUN <<EOF
+#!/bin/bash
+    set -e
+
+    useradd --create-home user
 
-RUN apt-get update && \
-    apt-get --quiet --yes --no-install-recommends install \
-        bison \
-        build-essential \
-        checkpolicy \
-        flex \
-        gawk \
-        make \
-        python3-minimal \
-        && \
-        apt-get autoremove -y && \
-        apt-get clean && \
-        rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/*
+    apt-get -y update
+
+    DEPS=(
+        # Xen
+        bison
+        build-essential
+        checkpolicy
+        flex
+        python3-minimal
+    )
+
+    apt-get -y --no-install-recommends install "${DEPS[@]}"
+    rm -rf /var/lib/apt/lists/*
+EOF
+
+USER user
+WORKDIR /build
diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml
index 4b9d80cc5632..b4139414bc8e 100644
--- a/automation/gitlab-ci/build.yaml
+++ b/automation/gitlab-ci/build.yaml
@@ -541,10 +541,10 @@ centos-7-gcc-debug:
   variables:
     CONTAINER: centos:7
 
-debian-buster-gcc-ibt:
+debian-12-x86_64-gcc-ibt:
   extends: .gcc-x86-64-build
   variables:
-    CONTAINER: debian:buster-gcc-ibt
+    CONTAINER: debian:12-x86_64-gcc-ibt
     RANDCONFIG: y
     EXTRA_FIXED_RANDCONFIG: |
       CONFIG_XEN_IBT=y
diff --git a/automation/scripts/containerize b/automation/scripts/containerize
index 6dbf55c8f89a..4d5669c5ad01 100755
--- a/automation/scripts/containerize
+++ b/automation/scripts/containerize
@@ -34,7 +34,7 @@ case "_${CONTAINER}" in
     _bookworm-ppc64le) CONTAINER="${BASE}/debian:12-ppc64le" ;;
     _bullseye-riscv64) CONTAINER="${BASE}/debian:11-riscv64" ;;
     _bookworm-riscv64) CONTAINER="${BASE}/debian:12-riscv64" ;;
-    _buster-gcc-ibt) CONTAINER="${BASE}/debian:buster-gcc-ibt" ;;
+    _bookworm-x86_64-gcc-ibt) CONTAINER="${BASE}/debian:12-x86_64-gcc-ibt" ;;
     _bookworm|_) CONTAINER="${BASE}/debian:bookworm" ;;
     _bookworm-i386) CONTAINER="${BASE}/debian:bookworm-i386" ;;
     _bookworm-arm64v8-arm32-gcc) CONTAINER="${BASE}/debian:bookworm-arm64v8-arm32-gcc" ;;
-- 
2.39.2
Re: [PATCH 12/12] CI: Refresh and upgrade the GCC-IBT container
Posted by Anthony PERARD 2 months, 1 week ago 
On Thu, Jul 11, 2024 at 12:15:17PM +0100, Andrew Cooper wrote:
> Upgrade from Debian buster to bookworm, GCC 11.3 to 11.4 and to be a non-root
> container.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Reviewed-by: Anthony PERARD <anthony.perard@vates.tech>

Thanks,

-- 

Anthony Perard | Vates XCP-ng Developer

XCP-ng & Xen Orchestra - Vates solutions

web: https://vates.tech

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.