Xen project Mailing List

[XEN PATCH v1 6/6] CI: Run the builds and tests that use the Debian 12 containers as a normal user

From: Javi Merino <javi.merino@xxxxxxxxx>

Date: Thu, 24 Oct 2024 11:04:21 +0100

Cc: Javi Merino <javi.merino@xxxxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>

Delivery-date: Thu, 24 Oct 2024 10:04:44 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Use FF_DISABLE_UMASK_FOR_DOCKER_EXECUTOR so that GitLab CI clones xen using the user in the image, instead of as root[0]. In qemu-smoke-dom0*.sh and qemu-alpine-x86_64.sh, use fakeroot to create the rootfs images that untar a tarball that create character devices. cpio replicates the block and character devices, as well as preserving the uid and gid it sees in the current directory. fakeroot lets tar think that it is creating block and character devices, and all files are owned by root, but it is all smokes and mirrors for cpio. [0] https://gitlab.com/gitlab-org/gitlab-runner/-/issues/1736 Signed-off-by: Javi Merino <javi.merino@xxxxxxxxx> --- Regarding building the rootfs, I have chosen to use a fakeroot subshell for the entire process. automation/scripts/qubes-x86-64.sh takes a different approach, it just uses fakeroot for the tar/cpio commands. I prefer to do it this way but I am happy to be overridden if `fakeroot -s ../save tar` and `fakeroot -i ../save cpio` are preferred. automation/build/debian/12-arm64v8.dockerfile | 5 ++++- automation/build/debian/12-x86_64.dockerfile | 5 ++++- automation/gitlab-ci/test.yaml | 4 ++++ automation/scripts/qemu-alpine-x86_64.sh | 4 +++- automation/scripts/qemu-smoke-dom0-arm64.sh | 7 +++++-- automation/scripts/qemu-smoke-dom0less-arm64.sh | 5 +++-- 6 files changed, 23 insertions(+), 7 deletions(-) diff --git a/automation/build/debian/12-arm64v8.dockerfile b/automation/build/debian/12-arm64v8.dockerfile index 4da1b074aedb..c2617956ed77 100644 --- a/automation/build/debian/12-arm64v8.dockerfile +++ b/automation/build/debian/12-arm64v8.dockerfile @@ -10,6 +10,8 @@ RUN <<EOF #!/bin/bash set -eu + useradd --create-home user + apt-get update DEPS=( # Xen @@ -53,6 +55,7 @@ RUN <<EOF curl device-tree-compiler expect + fakeroot u-boot-qemu # for imagebuilder file @@ -64,5 +67,5 @@ RUN <<EOF rm -rf /var/lib/apt/lists* EOF -USER root +USER user WORKDIR /build diff --git a/automation/build/debian/12-x86_64.dockerfile b/automation/build/debian/12-x86_64.dockerfile index e0ca8b7e9c91..98b23ea3eaa4 100644 --- a/automation/build/debian/12-x86_64.dockerfile +++ b/automation/build/debian/12-x86_64.dockerfile @@ -10,6 +10,8 @@ RUN <<EOF #!/bin/bash set -eu + useradd --create-home user + apt-get update DEPS=( # Xen @@ -54,6 +56,7 @@ RUN <<EOF # for qemu-alpine-x86_64-gcc busybox-static cpio + fakeroot # For *-efi jobs ovmf @@ -64,5 +67,5 @@ RUN <<EOF rm -rf /var/lib/apt/lists* EOF -USER root +USER user WORKDIR /build diff --git a/automation/gitlab-ci/test.yaml b/automation/gitlab-ci/test.yaml index 42baa82fe36f..71f2beb68c4f 100644 --- a/automation/gitlab-ci/test.yaml +++ b/automation/gitlab-ci/test.yaml @@ -1,6 +1,10 @@ .test-jobs-common: stage: test image: registry.gitlab.com/xen-project/xen/${CONTAINER} + variables: + # Clone xen as the user in the docker images, not root + # See https://gitlab.com/gitlab-org/gitlab-runner/-/issues/1736 + FF_DISABLE_UMASK_FOR_DOCKER_EXECUTOR: true .arm64-test-needs: &arm64-test-needs - alpine-3.18-arm64-rootfs-export diff --git a/automation/scripts/qemu-alpine-x86_64.sh b/automation/scripts/qemu-alpine-x86_64.sh index 1ff689b577e3..2660403ab2b8 100755 --- a/automation/scripts/qemu-alpine-x86_64.sh +++ b/automation/scripts/qemu-alpine-x86_64.sh @@ -29,6 +29,7 @@ find . | cpio --create --format='newc' | gzip > ../initrd.cpio.gz cd .. # initrd.tar.gz is Dom0 rootfs +fakeroot <<EOF mkdir -p rootfs cd rootfs tar xvzf ../initrd.tar.gz @@ -63,7 +64,8 @@ chmod +x etc/local.d/xen.start echo "rc_verbose=yes" >> etc/rc.conf # rebuild Dom0 rootfs find . |cpio -H newc -o|gzip > ../xen-rootfs.cpio.gz -cd ../.. +EOF +cd .. cat >> binaries/pxelinux.0 << EOF #!ipxe diff --git a/automation/scripts/qemu-smoke-dom0-arm64.sh b/automation/scripts/qemu-smoke-dom0-arm64.sh index 4d22a124df11..8f9bfd620ee3 100755 --- a/automation/scripts/qemu-smoke-dom0-arm64.sh +++ b/automation/scripts/qemu-smoke-dom0-arm64.sh @@ -27,8 +27,10 @@ cd initrd find . | cpio --create --format='newc' | gzip > ../initrd.cpio.gz cd .. -mkdir -p rootfs +fakeroot <<EOF +mkdir rootfs cd rootfs + tar xvzf ../initrd.tar.gz mkdir proc mkdir run @@ -58,7 +60,8 @@ xl create -c /root/test.cfg chmod +x etc/local.d/xen.start echo "rc_verbose=yes" >> etc/rc.conf find . |cpio -H newc -o|gzip > ../xen-rootfs.cpio.gz -cd ../.. +EOF +cd .. # XXX QEMU looks for "efi-virtio.rom" even if it is unneeded curl -fsSLO https://github.com/qemu/qemu/raw/v5.2.0/pc-bios/efi-virtio.rom diff --git a/automation/scripts/qemu-smoke-dom0less-arm64.sh b/automation/scripts/qemu-smoke-dom0less-arm64.sh index 83e1866ca6c5..2d60f22d68b7 100755 --- a/automation/scripts/qemu-smoke-dom0less-arm64.sh +++ b/automation/scripts/qemu-smoke-dom0less-arm64.sh @@ -112,7 +112,8 @@ find . | cpio --create --format='newc' | gzip > ../binaries/initrd cd .. # DOM0 rootfs -mkdir -p rootfs +fakeroot <<EOF +mkdir rootfs cd rootfs tar xzf ../binaries/initrd.tar.gz mkdir proc @@ -141,7 +142,7 @@ ${dom0_check} chmod +x etc/local.d/xen.start echo "rc_verbose=yes" >> etc/rc.conf find . | cpio -H newc -o | gzip > ../binaries/dom0-rootfs.cpio.gz -cd .. +EOF # ImageBuilder echo 'MEMORY_START="0x40000000" -- 2.45.2

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.