From 53ee25f8522b97abe5bafd8007f7574d45c7d15e Mon Sep 17 00:00:00 2001 From: Eero Kelly Date: Fri, 23 Aug 2024 22:58:27 +0000 Subject: [PATCH] Reduce changes to only GuestOS --- ic-os/defs.bzl | 11 ++--------- ic-os/hostos/context/Dockerfile | 11 ++++++++--- ic-os/hostos/context/Dockerfile.base | 9 ++++----- ic-os/hostos/context/packages.common | 5 ++--- ic-os/hostos/context/packages.dev | 2 +- ic-os/hostos/envs/dev/BUILD.bazel | 1 - ic-os/hostos/envs/prod/BUILD.bazel | 1 - ic-os/setupos/context/Dockerfile | 3 ++- ic-os/setupos/context/Dockerfile.base | 2 +- ic-os/setupos/context/packages.common | 4 +--- ic-os/setupos/context/packages.dev | 2 +- ic-os/setupos/envs/dev/BUILD.bazel | 1 - ic-os/setupos/envs/prod/BUILD.bazel | 1 - 13 files changed, 22 insertions(+), 31 deletions(-) diff --git a/ic-os/defs.bzl b/ic-os/defs.bzl index d2fe98ab36c..73dea6c8502 100644 --- a/ic-os/defs.bzl +++ b/ic-os/defs.bzl @@ -147,15 +147,8 @@ def icos_build( "/run", "/boot", "/var", - "/usr/lib/firmware/brcm/brcmfmac43241b4-sdio.Intel Corp.-VALLEYVIEW C0 PLATFORM.txt.zst", - "/usr/lib/firmware/brcm/brcmfmac43340-sdio.ASUSTeK COMPUTER INC.-TF103CE.txt.zst", - "/usr/lib/firmware/brcm/brcmfmac43362-sdio.ASUSTeK COMPUTER INC.-ME176C.txt.zst", - "/usr/lib/firmware/brcm/brcmfmac43430a0-sdio.ONDA-V80 PLUS.txt.zst", - "/usr/lib/firmware/brcm/brcmfmac43455-sdio.MINIX-NEO Z83-4.txt.zst", - "/usr/lib/firmware/brcm/brcmfmac43455-sdio.Raspberry Pi Foundation-Raspberry Pi 4 Model B.txt.zst", - "/usr/lib/firmware/brcm/brcmfmac43455-sdio.Raspberry Pi Foundation-Raspberry Pi Compute Module 4.txt.zst", - "/usr/lib/firmware/brcm/brcmfmac4356-pcie.Intel Corporation-CHERRYVIEW D1 PLATFORM.txt.zst", - "/usr/lib/firmware/brcm/brcmfmac4356-pcie.Xiaomi Inc-Mipad2.txt.zst", + "/usr/lib/firmware/brcm/brcmfmac43430a0-sdio.ONDA-V80 PLUS.txt", + "/usr/lib/firmware/brcm/brcmfmac43455-sdio.MINIX-NEO Z83-4.txt", ], target_compatible_with = [ "@platforms//os:linux", diff --git a/ic-os/hostos/context/Dockerfile b/ic-os/hostos/context/Dockerfile index 8ab9c725f3c..5b3374fe043 100644 --- a/ic-os/hostos/context/Dockerfile +++ b/ic-os/hostos/context/Dockerfile @@ -39,7 +39,7 @@ RUN localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 # Clear files that may lead to indeterministic build. RUN apt-get clean && \ - find /usr/lib/python3.12 -name "*.pyc" | xargs rm && \ + find /usr/lib/python3.8 -name "*.pyc" | xargs rm && \ find /usr/lib/python3 -name "*.pyc" | xargs rm && \ find /usr/share/python3 -name "*.pyc" | xargs rm && \ truncate --size 0 /etc/machine-id @@ -91,7 +91,6 @@ RUN systemctl enable \ chrony \ libvirtd \ nftables \ - ssh \ systemd-journal-gatewayd \ systemd-networkd \ systemd-networkd-wait-online \ @@ -118,8 +117,14 @@ RUN rm -rf \ /usr/local/share/qemu/edk2-arm-code.fd \ /usr/local/share/qemu/edk2-arm-vars.fd +# Add user/group entries specified here: /usr/lib/sysusers.d/systemd.conf E.g., systemd-timesync/coredump +RUN systemd-sysusers && \ + # Fix reproducibility issue. Notes in hostos/context/Dockerfile + usermod -p '!!' systemd-timesync && \ + usermod -p '!!' systemd-coredump + # Set /bin/sh to point to /bin/bash instead of the default /bin/dash -RUN ln -sf bash /usr/bin/sh +RUN echo "set dash/sh false" | debconf-communicate && dpkg-reconfigure -fnoninteractive dash # Group accounts to which parts of the runtime state are assigned such that # user accounts can be granted individual access rights. diff --git a/ic-os/hostos/context/Dockerfile.base b/ic-os/hostos/context/Dockerfile.base index 2b3b160dc0b..b4ca1c414cd 100644 --- a/ic-os/hostos/context/Dockerfile.base +++ b/ic-os/hostos/context/Dockerfile.base @@ -20,7 +20,7 @@ # First build stage: # - Download 3rd party tools # -FROM ubuntu:24.04 AS download +FROM ubuntu:20.04 AS download USER root:root @@ -48,7 +48,7 @@ RUN cd /tmp/ && \ # Second build stage: # - Compile downloaded archives from first build stage # -FROM ubuntu:24.04 AS build +FROM ubuntu:20.04 AS build USER root:root @@ -63,8 +63,7 @@ RUN apt-get -y update && apt-get -y upgrade && apt-get -y --no-install-recommend libusb-1.0-0-dev \ ninja-build \ pkg-config \ - python3 \ - python3-setuptools + python3 # Configure and compile QEMU COPY --from=download /tmp/qemu-6.2.0.tar.xz /tmp/qemu-6.2.0.tar.xz @@ -82,7 +81,7 @@ RUN cd /tmp/ && \ # - Install and cache upstream packages from built-in Ubuntu repositories. # - Install compiled packages from the second stage. # -FROM ubuntu:24.04 +FROM ubuntu:20.04 USER root:root diff --git a/ic-os/hostos/context/packages.common b/ic-os/hostos/context/packages.common index dc3937cef05..919394eb785 100644 --- a/ic-os/hostos/context/packages.common +++ b/ic-os/hostos/context/packages.common @@ -5,14 +5,13 @@ # image only. # Need kernel to boot anything -linux-image-generic-hwe-24.04 +linux-image-generic-hwe-20.04 initramfs-tools # Need systemd for boot process systemd systemd-sysv systemd-journal-remote -systemd-resolved # Third-party services we will be running chrony @@ -76,7 +75,7 @@ xxd # QEMU required dependencies for version 6.2 ipxe-qemu ipxe-qemu-256k-compat-efi-roms -libaio1t64 +libaio1 libatomic1 libc6 libfdt1 diff --git a/ic-os/hostos/context/packages.dev b/ic-os/hostos/context/packages.dev index 85af5fabfd9..83ace26b239 100644 --- a/ic-os/hostos/context/packages.dev +++ b/ic-os/hostos/context/packages.dev @@ -7,7 +7,7 @@ nano # packages requested by networking tcpdump iperf -netcat-openbsd +netcat curl iputils-ping diff --git a/ic-os/hostos/envs/dev/BUILD.bazel b/ic-os/hostos/envs/dev/BUILD.bazel index bf099bd5ada..5f41e922a38 100644 --- a/ic-os/hostos/envs/dev/BUILD.bazel +++ b/ic-os/hostos/envs/dev/BUILD.bazel @@ -7,7 +7,6 @@ load("//ic-os/hostos:defs.bzl", "image_deps") # or //ic-os/defs.bzl for the full list of targets. icos_build( name = "dev", - build_local_base_image = True, ic_version = "//bazel:rc_only_version.txt", image_deps_func = image_deps, upload_prefix = "host-os", diff --git a/ic-os/hostos/envs/prod/BUILD.bazel b/ic-os/hostos/envs/prod/BUILD.bazel index c5996cbf914..d75dcb34418 100644 --- a/ic-os/hostos/envs/prod/BUILD.bazel +++ b/ic-os/hostos/envs/prod/BUILD.bazel @@ -7,7 +7,6 @@ load("//ic-os/hostos:defs.bzl", "image_deps") # or //ic-os/defs.bzl for the full list of targets. icos_build( name = "prod", - build_local_base_image = True, image_deps_func = image_deps, upload_prefix = "host-os", visibility = ["//rs:ic-os-pkg"], diff --git a/ic-os/setupos/context/Dockerfile b/ic-os/setupos/context/Dockerfile index dbe83d6f92a..9674925eaf2 100644 --- a/ic-os/setupos/context/Dockerfile +++ b/ic-os/setupos/context/Dockerfile @@ -39,7 +39,7 @@ RUN localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 # Clear files that may lead to indeterministic build. RUN apt-get clean && \ - find /usr/lib/python3.12 -name "*.pyc" | xargs rm && \ + find /usr/lib/python3.8 -name "*.pyc" | xargs rm && \ find /usr/lib/python3 -name "*.pyc" | xargs rm && \ find /usr/share/python3 -name "*.pyc" | xargs rm && \ truncate --size 0 /etc/machine-id @@ -76,6 +76,7 @@ RUN systemctl enable \ systemd-resolved RUN systemctl disable \ + systemd-timesyncd \ ssh # ------ SETUPOS WORK -------------------------------------------- diff --git a/ic-os/setupos/context/Dockerfile.base b/ic-os/setupos/context/Dockerfile.base index e1645b5d23f..34bca922add 100644 --- a/ic-os/setupos/context/Dockerfile.base +++ b/ic-os/setupos/context/Dockerfile.base @@ -16,7 +16,7 @@ # 1. Get your MR approved and merged into master # 2. On the next hourly master pipeline, click the "deploy-setup-os-baseimg" job # 3. Note the sha256 and update the sha256 reference in the neighboring Dockerfiles. -FROM ubuntu:24.04 +FROM ubuntu:20.04 USER root:root diff --git a/ic-os/setupos/context/packages.common b/ic-os/setupos/context/packages.common index f9cea126f21..5b5a26eb169 100644 --- a/ic-os/setupos/context/packages.common +++ b/ic-os/setupos/context/packages.common @@ -3,20 +3,18 @@ # operation for the "prod" image. # Need kernel to boot anything -linux-image-generic-hwe-24.04 +linux-image-generic-hwe-20.04 initramfs-tools # Need systemd for boot process systemd systemd-sysv systemd-journal-remote -systemd-resolved # Third-party services we will be running chrony # Required system setup tools -ssh attr ca-certificates curl diff --git a/ic-os/setupos/context/packages.dev b/ic-os/setupos/context/packages.dev index 2206dad8dbb..a48f24b11b1 100644 --- a/ic-os/setupos/context/packages.dev +++ b/ic-os/setupos/context/packages.dev @@ -7,7 +7,7 @@ nano # packages requested by networking tcpdump iperf -netcat-openbsd +netcat curl iputils-ping diff --git a/ic-os/setupos/envs/dev/BUILD.bazel b/ic-os/setupos/envs/dev/BUILD.bazel index 68d57d3fce8..df8f2a35deb 100644 --- a/ic-os/setupos/envs/dev/BUILD.bazel +++ b/ic-os/setupos/envs/dev/BUILD.bazel @@ -8,7 +8,6 @@ load("//ic-os/setupos:defs.bzl", "image_deps") # or //ic-os/defs.bzl for the full list of targets. icos_build( name = "dev", - build_local_base_image = True, ic_version = "//bazel:rc_only_version.txt", image_deps_func = image_deps, upgrades = False, diff --git a/ic-os/setupos/envs/prod/BUILD.bazel b/ic-os/setupos/envs/prod/BUILD.bazel index 9d4b2412e4f..53f67a4d529 100644 --- a/ic-os/setupos/envs/prod/BUILD.bazel +++ b/ic-os/setupos/envs/prod/BUILD.bazel @@ -8,7 +8,6 @@ load("//ic-os/setupos:defs.bzl", "image_deps") # or //ic-os/defs.bzl for the full list of targets. icos_build( name = "prod", - build_local_base_image = True, image_deps_func = image_deps, upgrades = False, upload_prefix = "setup-os",