Xen project Mailing List

Re: [XEN PATCH v3 0/4] automation: Update containers to allow HTTPS access to xenbits

To: Anthony PERARD <anthony.perard@xxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Fri, 24 Feb 2023 18:22:54 +0000

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=mVu5tVFhfS4KWENS5o27ClQFN70qQ4D0sbmH7KiiZqY=; b=VmMJnh2STBi3s38iJoRnbnJCWAi1qZoREiFC1ncuGWhSJxHPOW/SkCkL24oDHiqgGqQ1aRFuglqz8mNavc1uW8m8WTBqKilRRO/j6/OlH0yDdHw3QLZrIpprXojfdfu7xXLRbUg/LyjxlN8dJOdfSd75eCKN/EvHPhvFSXvP0slPegUgjfCd0qHInG9NSM5Vzta9b7UY3fxQiVFM1Mfee067zEgThA7CGRMtlv3bh29DFnsAzkv9ZQNYzZegu9q86NmlqsRPpPCr+8dUZbxs1BQs1/7PokPzG9ez1ztXzFZ1KfeX7jq6FfrlEd4x3p6AGxxDybxLZyE0A+oBm5165Q==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WpFJjZsJlVn252KHxjGED70+UYUoYujtyiAzb7kxyeFQWD3yHKusJXtb+Z5bO0G4XwNRM+MYN2FUK0AmJU8bpHVVi/LnGrvWxcKX+jTLiPXEVJNkW3IQWCP5QNLEWQNzXj7BqohJ+V3gXiBmx40mfKAXVuiaSiF80GpxpCnjUweCudVzm7TtiFwjqIXVpKcXj2ZgPaR7vA9fQPuqbLIT+pykdZpESPAJDjkdG/HazstVJBE7PO6UTjBh2Cd8Eo4/QzNtdOLKpb7l8WR6X0LAwO2Prz+4b+SUVkp7qUvCeggV9VZhcGehj7JHCL1rFvm5jb8RIY6yYzbuFw5Ae03PpQ==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;

Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Doug Goldstein <cardoe@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>

Delivery-date: Fri, 24 Feb 2023 18:23:08 +0000

Ironport-data: A9a23:iVHjz69NHnQrPaLTliaODrUDtn+TJUtcMsCJ2f8bNWPcYEJGY0x3m 2QbX2yFOquCa2Pxet8iaoq/oEgPsJDVn9YyHgI9pSg8E34SpcT7XtnIdU2Y0wF+jCHgZBk+s 5hBMImowOQcFCK0SsKFa+C5xZVE/fjUAOG6UKicYXoZqTZMEE8JkQhkl/MynrlmiN24BxLlk d7pqojUNUTNNwRcawr40Ire7kIw1BjOkGlA5AdmP6oX5AS2e0Q9V/rzG4ngdxMUfaEMdgKKb 76r5K20+Grf4yAsBruN+losWhRXKlJ6FVHmZkt+A8BOsDAbzsAB+v9T2M4nQVVWk120c+VZk 72hg3ASpTABZcUgkMxFO/VR/roX0aduoNcrKlDn2SCfItGvn9IBDJyCAWlvVbD09NqbDklk3 qcnNBJXRCuFxPCzw5G0CfBgq+IKeZyD0IM34hmMzBn/JNN/GNXvZvuP4tVVmjAtmspJAPDSI dIDbiZiZwjBZBsJPUoLDJU5n6GjgXyXnz9w8QrJ4/ZopTWMilUui9ABM/KMEjCObexTklyVu STt+GPhDwtBHNee1SCE4jSngeqncSbTCdJJSuTkqKMCbFu7yWVQEi09Wn6Hh9Klu1W9AOBgB HYd9X97xUQ13AnxJjXnZDWorXjBshMCVt54F+wh9BrL2qfS+xyeBGUPUnhGctNOnMQ/XzAt2 3eClsnlAjEpu7qQIVqG7audpz62PSkTLEcBaDUCQA9D5MPsyLzflTrKR9dnVaKw0Nv8HGipx yjQ9XdlwbIOkcQMyqO3u0jdhC6hrYTISQhz4RjLWmWi7UVyY4vNi5GU1GU3JM1odO6xJmRtd lBd8yRCxIji1a2wqRE=

Ironport-hdrordr: A9a23:vdPq2K4FQs8rkalErAPXwD7XdLJyesId70hD6qkQc3FomwKj9/ xG/c5rsyMc7Qx6ZJhOo7+90cW7L080sKQFg7X5Xo3SOzUO2lHYT72KhLGKq1Hd8m/Fh4tgPM 9bGJSWY+eAaWSS4/ya3OG5eexQv+Vu8sqT9JnjJ6EGd3AaV0lihT0JejpyCidNNXB77QJSLu vg2iJAzQDQAUg/X4CAKVQuefPMnNHPnIKOW297O/Z2gDP+9g9B8dTBYmKl4is=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 24/02/2023 6:12 pm, Anthony PERARD wrote: > On Fri, Feb 24, 2023 at 05:37:44PM +0000, Andrew Cooper wrote: >> On 24/02/2023 5:29 pm, Anthony PERARD wrote: >>> Patch series available in this git branch: >>> https://xenbits.xen.org/git-http/people/aperard/xen-unstable.git >>> br.gitlab-containers-update-v3 >>> >>> v3: >>> - new patch which remove non-debug x86_32 builds >>> - don't fix root certificates in jessie containers as those won't be used >>> anymore on the main branch. >>> >>> v2: >>> - Remove CentOS 7.2 >>> - Remove Debian Jessie test, but update container recipe for the benefit of >>> older branches. >>> - Fix CentOS 7 containner recipe to update all packages. (Fix missing >>> update of >>> HTTPS root certificates) >>> >>> There is work in progress [1] to update urls in our repo to use https, but >>> those https urls to xenbits don't work in our containers, due to an expired >>> root certificate. So we need to update those containers. >>> >>> This series update the dockerfile where just rebuilding the container isn't >>> enough. >> LGTM. >> >> Acked-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> >> >> I'll add this to my commit sweep, and rebuild the remaining containers. >> >> But on that note, I noticed that the debian unstable container was 2.3G >> when I last rebuilt it. Which I think is obscenely large for what we're >> doing. >> >> Can we see about switching to slim/tiny container bases? > I don't think that would help much, the non-slim container is only 116MB > vs 74.6MB That's 64% smaller to start with... > for the slim (amd64 containers). But maybe we could try to use > "--no-install-recommends", that might save a few bytes in our containers. Oh wow - yeah. For buster-gcc-ibt (which is already slim), we're getting: Suggested packages: binutils-doc bison-doc bzip2-doc cpp-doc gcc-8-locales dbus-user-session libpam-systemd pinentry-gnome3 tor debian-keyring flex-doc g++-multilib g++-8-multilib gcc-8-doc libstdc++6-8-dbg autoconf automake libtool gdb gcc-doc libgcc1-dbg libgomp1-dbg libitm1-dbg libatomic1-dbg libasan5-dbg liblsan0-dbg libtsan0-dbg libubsan1-dbg libmpx2-dbg libquadmath0-dbg parcimonie xloadimage scdaemon glibc-doc sensible-utils git bzr gdbm-l10n gmp-doc libgmp10-doc libmpfr-doc libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal libsasl2-modules-ldap libsasl2-modules-otp libsasl2-modules-sql libstdc++-8-doc m4-doc make-doc man-browser ed diffutils-doc perl-doc libterm-readline-gnu-perl | libterm-readline-perl-perl libb-debug-perl liblocale-codes-perl pinentry-doc readline-doc which is a whole bunch of junk we absolutely do not need. ~Andrew

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.