1#!/usr/bin/env python3
2#
3# Build the required docker image to run package unit tests
4#
5# Script Variables:
6#   DOCKER_IMG_NAME:  <optional, the name of the docker image to generate>
7#                     default is openbmc/ubuntu-unit-test
8#   DISTRO:           <optional, the distro to build a docker image against>
9#   FORCE_DOCKER_BUILD: <optional, a non-zero value with force all Docker
10#                     images to be rebuilt rather than reusing caches.>
11#   BUILD_URL:        <optional, used to detect running under CI context
12#                     (ex. Jenkins)>
13#   BRANCH:           <optional, branch to build from each of the openbmc/
14#                     repositories>
15#                     default is master, which will be used if input branch not
16#                     provided or not found
17#   UBUNTU_MIRROR:    <optional, the URL of a mirror of Ubuntu to override the
18#                     default ones in /etc/apt/sources.list>
19#                     default is empty, and no mirror is used.
20#   http_proxy        The HTTP address of the proxy server to connect to.
21#                     Default: "", proxy is not setup if this is not set
22
23import os
24import re
25import sys
26import threading
27from datetime import date
28from hashlib import sha256
29
30# typing.Dict is used for type-hints.
31from typing import Any, Callable, Dict, Iterable, Optional  # noqa: F401
32
33from sh import docker, git, nproc, uname  # type: ignore
34
35try:
36    # Python before 3.8 doesn't have TypedDict, so reroute to standard 'dict'.
37    from typing import TypedDict
38except Exception:
39
40    class TypedDict(dict):  # type: ignore
41        # We need to do this to eat the 'total' argument.
42        def __init_subclass__(cls, **kwargs: Any) -> None:
43            super().__init_subclass__()
44
45
46# Declare some variables used in package definitions.
47prefix = "/usr/local"
48proc_count = nproc().strip()
49
50
51class PackageDef(TypedDict, total=False):
52    """Package Definition for packages dictionary."""
53
54    # rev [optional]: Revision of package to use.
55    rev: str
56    # url [optional]: lambda function to create URL: (package, rev) -> url.
57    url: Callable[[str, str], str]
58    # depends [optional]: List of package dependencies.
59    depends: Iterable[str]
60    # build_type [required]: Build type used for package.
61    #   Currently supported: autoconf, cmake, custom, make, meson
62    build_type: str
63    # build_steps [optional]: Steps to run for 'custom' build_type.
64    build_steps: Iterable[str]
65    # config_flags [optional]: List of options to pass configuration tool.
66    config_flags: Iterable[str]
67    # config_env [optional]: List of environment variables to set for config.
68    config_env: Iterable[str]
69    # custom_post_dl [optional]: List of steps to run after download, but
70    #   before config / build / install.
71    custom_post_dl: Iterable[str]
72    # custom_post_install [optional]: List of steps to run after install.
73    custom_post_install: Iterable[str]
74
75    # __tag [private]: Generated Docker tag name for package stage.
76    __tag: str
77    # __package [private]: Package object associated with this package.
78    __package: Any  # Type is Package, but not defined yet.
79
80
81# Packages to include in image.
82packages = {
83    "boost": PackageDef(
84        rev="1.84.0",
85        url=(
86            lambda pkg, rev: f"https://github.com/boostorg/{pkg}/releases/download/{pkg}-{rev}/{pkg}-{rev}.tar.gz"
87        ),
88        build_type="custom",
89        build_steps=[
90            (
91                "./bootstrap.sh"
92                f" --prefix={prefix} --with-libraries=context,coroutine,url"
93            ),
94            "./b2",
95            f"./b2 install --prefix={prefix}",
96        ],
97    ),
98    "USCiLab/cereal": PackageDef(
99        rev="v1.3.2",
100        build_type="custom",
101        build_steps=[f"cp -a include/cereal/ {prefix}/include/"],
102    ),
103    "danmar/cppcheck": PackageDef(
104        rev="2.12.1",
105        build_type="cmake",
106    ),
107    "CLIUtils/CLI11": PackageDef(
108        rev="v2.3.2",
109        build_type="cmake",
110        config_flags=[
111            "-DBUILD_TESTING=OFF",
112            "-DCLI11_BUILD_DOCS=OFF",
113            "-DCLI11_BUILD_EXAMPLES=OFF",
114        ],
115    ),
116    "fmtlib/fmt": PackageDef(
117        rev="10.1.1",
118        build_type="cmake",
119        config_flags=[
120            "-DFMT_DOC=OFF",
121            "-DFMT_TEST=OFF",
122        ],
123    ),
124    "Naios/function2": PackageDef(
125        rev="4.2.4",
126        build_type="custom",
127        build_steps=[
128            f"mkdir {prefix}/include/function2",
129            f"cp include/function2/function2.hpp {prefix}/include/function2/",
130        ],
131    ),
132    "google/googletest": PackageDef(
133        rev="v1.14.0",
134        build_type="cmake",
135        config_env=["CXXFLAGS=-std=c++20"],
136        config_flags=["-DTHREADS_PREFER_PTHREAD_FLAG=ON"],
137    ),
138    "nghttp2/nghttp2": PackageDef(
139        rev="v1.61.0",
140        build_type="cmake",
141        config_env=["CXXFLAGS=-std=c++20"],
142        config_flags=[
143            "-DENABLE_LIB_ONLY=ON",
144            "-DENABLE_STATIC_LIB=ON",
145        ],
146    ),
147    "nlohmann/json": PackageDef(
148        rev="v3.11.2",
149        build_type="cmake",
150        config_flags=["-DJSON_BuildTests=OFF"],
151        custom_post_install=[
152            (
153                f"ln -s {prefix}/include/nlohmann/json.hpp"
154                f" {prefix}/include/json.hpp"
155            ),
156        ],
157    ),
158    "json-c/json-c": PackageDef(
159        rev="json-c-0.17-20230812",
160        build_type="cmake",
161    ),
162    "linux-test-project/lcov": PackageDef(
163        rev="v1.16",
164        build_type="make",
165    ),
166    "LibVNC/libvncserver": PackageDef(
167        rev="LibVNCServer-0.9.14",
168        build_type="cmake",
169    ),
170    "leethomason/tinyxml2": PackageDef(
171        rev="9.0.0",
172        build_type="cmake",
173    ),
174    "tristanpenman/valijson": PackageDef(
175        rev="v1.0.1",
176        build_type="cmake",
177        config_flags=[
178            "-Dvalijson_BUILD_TESTS=0",
179            "-Dvalijson_INSTALL_HEADERS=1",
180        ],
181    ),
182    "open-power/pdbg": PackageDef(build_type="autoconf"),
183    "openbmc/gpioplus": PackageDef(
184        depends=["openbmc/stdplus"],
185        build_type="meson",
186        config_flags=[
187            "-Dexamples=false",
188            "-Dtests=disabled",
189        ],
190    ),
191    "openbmc/phosphor-dbus-interfaces": PackageDef(
192        depends=["openbmc/sdbusplus"],
193        build_type="meson",
194        config_flags=["-Dgenerate_md=false"],
195    ),
196    "openbmc/phosphor-logging": PackageDef(
197        depends=[
198            "USCiLab/cereal",
199            "openbmc/phosphor-dbus-interfaces",
200            "openbmc/sdbusplus",
201            "openbmc/sdeventplus",
202        ],
203        build_type="meson",
204        config_flags=[
205            "-Dlibonly=true",
206            "-Dtests=disabled",
207            f"-Dyamldir={prefix}/share/phosphor-dbus-yaml/yaml",
208        ],
209    ),
210    "openbmc/phosphor-objmgr": PackageDef(
211        depends=[
212            "CLIUtils/CLI11",
213            "boost",
214            "leethomason/tinyxml2",
215            "openbmc/phosphor-dbus-interfaces",
216            "openbmc/phosphor-logging",
217            "openbmc/sdbusplus",
218        ],
219        build_type="meson",
220        config_flags=[
221            "-Dtests=disabled",
222        ],
223    ),
224    "openbmc/libpeci": PackageDef(
225        build_type="meson",
226        config_flags=[
227            "-Draw-peci=disabled",
228        ],
229    ),
230    "openbmc/libpldm": PackageDef(
231        build_type="meson",
232        config_flags=[
233            "-Dabi=deprecated,stable",
234            "-Doem-ibm=enabled",
235            "-Dtests=disabled",
236        ],
237    ),
238    "openbmc/sdbusplus": PackageDef(
239        build_type="meson",
240        custom_post_dl=[
241            "cd tools",
242            f"./setup.py install --root=/ --prefix={prefix}",
243            "cd ..",
244        ],
245        config_flags=[
246            "-Dexamples=disabled",
247            "-Dtests=disabled",
248        ],
249    ),
250    "openbmc/sdeventplus": PackageDef(
251        depends=[
252            "Naios/function2",
253            "openbmc/stdplus",
254        ],
255        build_type="meson",
256        config_flags=[
257            "-Dexamples=false",
258            "-Dtests=disabled",
259        ],
260    ),
261    "openbmc/stdplus": PackageDef(
262        depends=[
263            "fmtlib/fmt",
264            "google/googletest",
265            "Naios/function2",
266        ],
267        build_type="meson",
268        config_flags=[
269            "-Dexamples=false",
270            "-Dtests=disabled",
271            "-Dgtest=enabled",
272        ],
273    ),
274}  # type: Dict[str, PackageDef]
275
276# Define common flags used for builds
277configure_flags = " ".join(
278    [
279        f"--prefix={prefix}",
280    ]
281)
282cmake_flags = " ".join(
283    [
284        "-DBUILD_SHARED_LIBS=ON",
285        "-DCMAKE_BUILD_TYPE=RelWithDebInfo",
286        f"-DCMAKE_INSTALL_PREFIX:PATH={prefix}",
287        "-GNinja",
288        "-DCMAKE_MAKE_PROGRAM=ninja",
289    ]
290)
291meson_flags = " ".join(
292    [
293        "--wrap-mode=nodownload",
294        f"-Dprefix={prefix}",
295    ]
296)
297
298
299class Package(threading.Thread):
300    """Class used to build the Docker stages for each package.
301
302    Generally, this class should not be instantiated directly but through
303    Package.generate_all().
304    """
305
306    # Copy the packages dictionary.
307    packages = packages.copy()
308
309    # Lock used for thread-safety.
310    lock = threading.Lock()
311
312    def __init__(self, pkg: str):
313        """pkg - The name of this package (ex. foo/bar )"""
314        super(Package, self).__init__()
315
316        self.package = pkg
317        self.exception = None  # type: Optional[Exception]
318
319        # Reference to this package's
320        self.pkg_def = Package.packages[pkg]
321        self.pkg_def["__package"] = self
322
323    def run(self) -> None:
324        """Thread 'run' function.  Builds the Docker stage."""
325
326        # In case this package has no rev, fetch it from Github.
327        self._update_rev()
328
329        # Find all the Package objects that this package depends on.
330        #   This section is locked because we are looking into another
331        #   package's PackageDef dict, which could be being modified.
332        Package.lock.acquire()
333        deps: Iterable[Package] = [
334            Package.packages[deppkg]["__package"]
335            for deppkg in self.pkg_def.get("depends", [])
336        ]
337        Package.lock.release()
338
339        # Wait until all the depends finish building.  We need them complete
340        # for the "COPY" commands.
341        for deppkg in deps:
342            deppkg.join()
343
344        # Generate this package's Dockerfile.
345        dockerfile = f"""
346FROM {docker_base_img_name}
347{self._df_copycmds()}
348{self._df_build()}
349"""
350
351        # Generate the resulting tag name and save it to the PackageDef.
352        #   This section is locked because we are modifying the PackageDef,
353        #   which can be accessed by other threads.
354        Package.lock.acquire()
355        tag = Docker.tagname(self._stagename(), dockerfile)
356        self.pkg_def["__tag"] = tag
357        Package.lock.release()
358
359        # Do the build / save any exceptions.
360        try:
361            Docker.build(self.package, tag, dockerfile)
362        except Exception as e:
363            self.exception = e
364
365    @classmethod
366    def generate_all(cls) -> None:
367        """Ensure a Docker stage is created for all defined packages.
368
369        These are done in parallel but with appropriate blocking per
370        package 'depends' specifications.
371        """
372
373        # Create a Package for each defined package.
374        pkg_threads = [Package(p) for p in cls.packages.keys()]
375
376        # Start building them all.
377        #   This section is locked because threads depend on each other,
378        #   based on the packages, and they cannot 'join' on a thread
379        #   which is not yet started.  Adding a lock here allows all the
380        #   threads to start before they 'join' their dependencies.
381        Package.lock.acquire()
382        for t in pkg_threads:
383            t.start()
384        Package.lock.release()
385
386        # Wait for completion.
387        for t in pkg_threads:
388            t.join()
389            # Check if the thread saved off its own exception.
390            if t.exception:
391                print(f"Package {t.package} failed!", file=sys.stderr)
392                raise t.exception
393
394    @staticmethod
395    def df_all_copycmds() -> str:
396        """Formulate the Dockerfile snippet necessary to copy all packages
397        into the final image.
398        """
399        return Package.df_copycmds_set(Package.packages.keys())
400
401    @classmethod
402    def depcache(cls) -> str:
403        """Create the contents of the '/tmp/depcache'.
404        This file is a comma-separated list of "<pkg>:<rev>".
405        """
406
407        # This needs to be sorted for consistency.
408        depcache = ""
409        for pkg in sorted(cls.packages.keys()):
410            depcache += "%s:%s," % (pkg, cls.packages[pkg]["rev"])
411        return depcache
412
413    def _update_rev(self) -> None:
414        """Look up the HEAD for missing a static rev."""
415
416        if "rev" in self.pkg_def:
417            return
418
419        # Check if Jenkins/Gerrit gave us a revision and use it.
420        if gerrit_project == self.package and gerrit_rev:
421            print(
422                f"Found Gerrit revision for {self.package}: {gerrit_rev}",
423                file=sys.stderr,
424            )
425            self.pkg_def["rev"] = gerrit_rev
426            return
427
428        # Ask Github for all the branches.
429        lookup = git(
430            "ls-remote", "--heads", f"https://github.com/{self.package}"
431        )
432
433        # Find the branch matching {branch} (or fallback to master).
434        #   This section is locked because we are modifying the PackageDef.
435        Package.lock.acquire()
436        for line in lookup.split("\n"):
437            if re.fullmatch(f".*{branch}$", line.strip()):
438                self.pkg_def["rev"] = line.split()[0]
439                break
440            elif (
441                "refs/heads/master" in line or "refs/heads/main" in line
442            ) and "rev" not in self.pkg_def:
443                self.pkg_def["rev"] = line.split()[0]
444        Package.lock.release()
445
446    def _stagename(self) -> str:
447        """Create a name for the Docker stage associated with this pkg."""
448        return self.package.replace("/", "-").lower()
449
450    def _url(self) -> str:
451        """Get the URL for this package."""
452        rev = self.pkg_def["rev"]
453
454        # If the lambda exists, call it.
455        if "url" in self.pkg_def:
456            return self.pkg_def["url"](self.package, rev)
457
458        # Default to the github archive URL.
459        return f"https://github.com/{self.package}/archive/{rev}.tar.gz"
460
461    def _cmd_download(self) -> str:
462        """Formulate the command necessary to download and unpack to source."""
463
464        url = self._url()
465        if ".tar." not in url:
466            raise NotImplementedError(
467                f"Unhandled download type for {self.package}: {url}"
468            )
469
470        cmd = f"curl -L {url} | tar -x"
471
472        if url.endswith(".bz2"):
473            cmd += "j"
474        elif url.endswith(".gz"):
475            cmd += "z"
476        else:
477            raise NotImplementedError(
478                f"Unknown tar flags needed for {self.package}: {url}"
479            )
480
481        return cmd
482
483    def _cmd_cd_srcdir(self) -> str:
484        """Formulate the command necessary to 'cd' into the source dir."""
485        return f"cd {self.package.split('/')[-1]}*"
486
487    def _df_copycmds(self) -> str:
488        """Formulate the dockerfile snippet necessary to COPY all depends."""
489
490        if "depends" not in self.pkg_def:
491            return ""
492        return Package.df_copycmds_set(self.pkg_def["depends"])
493
494    @staticmethod
495    def df_copycmds_set(pkgs: Iterable[str]) -> str:
496        """Formulate the Dockerfile snippet necessary to COPY a set of
497        packages into a Docker stage.
498        """
499
500        copy_cmds = ""
501
502        # Sort the packages for consistency.
503        for p in sorted(pkgs):
504            tag = Package.packages[p]["__tag"]
505            copy_cmds += f"COPY --from={tag} {prefix} {prefix}\n"
506            # Workaround for upstream docker bug and multiple COPY cmds
507            # https://github.com/moby/moby/issues/37965
508            copy_cmds += "RUN true\n"
509
510        return copy_cmds
511
512    def _df_build(self) -> str:
513        """Formulate the Dockerfile snippet necessary to download, build, and
514        install a package into a Docker stage.
515        """
516
517        # Download and extract source.
518        result = f"RUN {self._cmd_download()} && {self._cmd_cd_srcdir()} && "
519
520        # Handle 'custom_post_dl' commands.
521        custom_post_dl = self.pkg_def.get("custom_post_dl")
522        if custom_post_dl:
523            result += " && ".join(custom_post_dl) + " && "
524
525        # Build and install package based on 'build_type'.
526        build_type = self.pkg_def["build_type"]
527        if build_type == "autoconf":
528            result += self._cmd_build_autoconf()
529        elif build_type == "cmake":
530            result += self._cmd_build_cmake()
531        elif build_type == "custom":
532            result += self._cmd_build_custom()
533        elif build_type == "make":
534            result += self._cmd_build_make()
535        elif build_type == "meson":
536            result += self._cmd_build_meson()
537        else:
538            raise NotImplementedError(
539                f"Unhandled build type for {self.package}: {build_type}"
540            )
541
542        # Handle 'custom_post_install' commands.
543        custom_post_install = self.pkg_def.get("custom_post_install")
544        if custom_post_install:
545            result += " && " + " && ".join(custom_post_install)
546
547        return result
548
549    def _cmd_build_autoconf(self) -> str:
550        options = " ".join(self.pkg_def.get("config_flags", []))
551        env = " ".join(self.pkg_def.get("config_env", []))
552        result = "./bootstrap.sh && "
553        result += f"{env} ./configure {configure_flags} {options} && "
554        result += f"make -j{proc_count} && make install"
555        return result
556
557    def _cmd_build_cmake(self) -> str:
558        options = " ".join(self.pkg_def.get("config_flags", []))
559        env = " ".join(self.pkg_def.get("config_env", []))
560        result = "mkdir builddir && cd builddir && "
561        result += f"{env} cmake {cmake_flags} {options} .. && "
562        result += "cmake --build . --target all && "
563        result += "cmake --build . --target install && "
564        result += "cd .."
565        return result
566
567    def _cmd_build_custom(self) -> str:
568        return " && ".join(self.pkg_def.get("build_steps", []))
569
570    def _cmd_build_make(self) -> str:
571        return f"make -j{proc_count} && make install"
572
573    def _cmd_build_meson(self) -> str:
574        options = " ".join(self.pkg_def.get("config_flags", []))
575        env = " ".join(self.pkg_def.get("config_env", []))
576        result = f"{env} meson setup builddir {meson_flags} {options} && "
577        result += "ninja -C builddir && ninja -C builddir install"
578        return result
579
580
581class Docker:
582    """Class to assist with Docker interactions.  All methods are static."""
583
584    @staticmethod
585    def timestamp() -> str:
586        """Generate a timestamp for today using the ISO week."""
587        today = date.today().isocalendar()
588        return f"{today[0]}-W{today[1]:02}"
589
590    @staticmethod
591    def tagname(pkgname: Optional[str], dockerfile: str) -> str:
592        """Generate a tag name for a package using a hash of the Dockerfile."""
593        result = docker_image_name
594        if pkgname:
595            result += "-" + pkgname
596
597        result += ":" + Docker.timestamp()
598        result += "-" + sha256(dockerfile.encode()).hexdigest()[0:16]
599
600        return result
601
602    @staticmethod
603    def build(pkg: str, tag: str, dockerfile: str) -> None:
604        """Build a docker image using the Dockerfile and tagging it with 'tag'."""
605
606        # If we're not forcing builds, check if it already exists and skip.
607        if not force_build:
608            if docker.image.ls(tag, "--format", '"{{.Repository}}:{{.Tag}}"'):
609                print(
610                    f"Image {tag} already exists.  Skipping.", file=sys.stderr
611                )
612                return
613
614        # Build it.
615        #   Capture the output of the 'docker build' command and send it to
616        #   stderr (prefixed with the package name).  This allows us to see
617        #   progress but not polute stdout.  Later on we output the final
618        #   docker tag to stdout and we want to keep that pristine.
619        #
620        #   Other unusual flags:
621        #       --no-cache: Bypass the Docker cache if 'force_build'.
622        #       --force-rm: Clean up Docker processes if they fail.
623        docker.build(
624            proxy_args,
625            "--network=host",
626            "--force-rm",
627            "--no-cache=true" if force_build else "--no-cache=false",
628            "-t",
629            tag,
630            "-",
631            _in=dockerfile,
632            _out=(
633                lambda line: print(
634                    pkg + ":", line, end="", file=sys.stderr, flush=True
635                )
636            ),
637            _err_to_out=True,
638        )
639
640
641# Read a bunch of environment variables.
642docker_image_name = os.environ.get(
643    "DOCKER_IMAGE_NAME", "openbmc/ubuntu-unit-test"
644)
645force_build = os.environ.get("FORCE_DOCKER_BUILD")
646is_automated_ci_build = os.environ.get("BUILD_URL", False)
647distro = os.environ.get("DISTRO", "ubuntu:noble")
648branch = os.environ.get("BRANCH", "master")
649ubuntu_mirror = os.environ.get("UBUNTU_MIRROR")
650http_proxy = os.environ.get("http_proxy")
651
652gerrit_project = os.environ.get("GERRIT_PROJECT")
653gerrit_rev = os.environ.get("GERRIT_PATCHSET_REVISION")
654
655# Ensure appropriate docker build output to see progress and identify
656# any issues
657os.environ["BUILDKIT_PROGRESS"] = "plain"
658
659# Set up some common variables.
660username = os.environ.get("USER", "root")
661homedir = os.environ.get("HOME", "/root")
662gid = os.getgid()
663uid = os.getuid()
664
665# Use well-known constants if user is root
666if username == "root":
667    homedir = "/root"
668    gid = 0
669    uid = 0
670
671# Determine the architecture for Docker.
672arch = uname("-m").strip()
673if arch == "ppc64le":
674    docker_base = "ppc64le/"
675elif arch == "x86_64":
676    docker_base = ""
677elif arch == "aarch64":
678    docker_base = "arm64v8/"
679else:
680    print(
681        f"Unsupported system architecture({arch}) found for docker image",
682        file=sys.stderr,
683    )
684    sys.exit(1)
685
686# Special flags if setting up a deb mirror.
687mirror = ""
688if "ubuntu" in distro and ubuntu_mirror:
689    mirror = f"""
690RUN echo "deb {ubuntu_mirror} \
691        $(. /etc/os-release && echo $VERSION_CODENAME) \
692        main restricted universe multiverse" > /etc/apt/sources.list && \\
693    echo "deb {ubuntu_mirror} \
694        $(. /etc/os-release && echo $VERSION_CODENAME)-updates \
695            main restricted universe multiverse" >> /etc/apt/sources.list && \\
696    echo "deb {ubuntu_mirror} \
697        $(. /etc/os-release && echo $VERSION_CODENAME)-security \
698            main restricted universe multiverse" >> /etc/apt/sources.list && \\
699    echo "deb {ubuntu_mirror} \
700        $(. /etc/os-release && echo $VERSION_CODENAME)-proposed \
701            main restricted universe multiverse" >> /etc/apt/sources.list && \\
702    echo "deb {ubuntu_mirror} \
703        $(. /etc/os-release && echo $VERSION_CODENAME)-backports \
704            main restricted universe multiverse" >> /etc/apt/sources.list
705"""
706
707# Special flags for proxying.
708proxy_cmd = ""
709proxy_keyserver = ""
710proxy_args = []
711if http_proxy:
712    proxy_cmd = f"""
713RUN echo "[http]" >> {homedir}/.gitconfig && \
714    echo "proxy = {http_proxy}" >> {homedir}/.gitconfig
715"""
716    proxy_keyserver = f"--keyserver-options http-proxy={http_proxy}"
717
718    proxy_args.extend(
719        [
720            "--build-arg",
721            f"http_proxy={http_proxy}",
722            "--build-arg",
723            f"https_proxy={http_proxy}",
724        ]
725    )
726
727# Create base Dockerfile.
728dockerfile_base = f"""
729FROM {docker_base}{distro}
730
731{mirror}
732
733ENV DEBIAN_FRONTEND noninteractive
734
735ENV PYTHONPATH "/usr/local/lib/python3.10/site-packages/"
736
737# Sometimes the ubuntu key expires and we need a way to force an execution
738# of the apt-get commands for the dbgsym-keyring.  When this happens we see
739# an error like: "Release: The following signatures were invalid:"
740# Insert a bogus echo that we can change here when we get this error to force
741# the update.
742RUN echo "ubuntu keyserver rev as of 2021-04-21"
743
744# We need the keys to be imported for dbgsym repos
745# New releases have a package, older ones fall back to manual fetching
746# https://wiki.ubuntu.com/Debug%20Symbol%20Packages
747# Known issue with gpg to get keys via proxy -
748# https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/1788190, hence using
749# curl to get keys.
750RUN apt-get update && apt-get dist-upgrade -yy && \
751    ( apt-get install -yy gpgv ubuntu-dbgsym-keyring || \
752        ( apt-get install -yy dirmngr curl && \
753          curl -sSL \
754          'https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xF2EDC64DC5AEE1F6B9C621F0C8CAB6595FDFF622' \
755          | apt-key add - ))
756
757# Parse the current repo list into a debug repo list
758RUN sed -n '/^deb /s,^deb [^ ]* ,deb http://ddebs.ubuntu.com ,p' \
759        /etc/apt/sources.list >/etc/apt/sources.list.d/debug.list
760
761# Remove non-existent debug repos
762RUN sed -i '/-\\(backports\\|security\\) /d' /etc/apt/sources.list.d/debug.list
763
764RUN cat /etc/apt/sources.list.d/debug.list
765
766RUN apt-get update && apt-get dist-upgrade -yy && apt-get install -yy \
767    abi-compliance-checker \
768    abi-dumper \
769    autoconf \
770    autoconf-archive \
771    bison \
772    clang-17 \
773    clang-format-17 \
774    clang-tidy-17 \
775    clang-tools-17 \
776    cmake \
777    curl \
778    dbus \
779    device-tree-compiler \
780    flex \
781    g++-13 \
782    gcc-13 \
783    git \
784    iproute2 \
785    iputils-ping \
786    libaudit-dev \
787    libc6-dbg \
788    libc6-dev \
789    libconfig++-dev \
790    libcryptsetup-dev \
791    libdbus-1-dev \
792    libevdev-dev \
793    libgpiod-dev \
794    libi2c-dev \
795    libjpeg-dev \
796    libjson-perl \
797    libldap2-dev \
798    libmimetic-dev \
799    libnl-3-dev \
800    libnl-genl-3-dev \
801    libpam0g-dev \
802    libpciaccess-dev \
803    libperlio-gzip-perl \
804    libpng-dev \
805    libprotobuf-dev \
806    libsnmp-dev \
807    libssl-dev \
808    libsystemd-dev \
809    libtool \
810    liburing-dev \
811    libxml2-utils \
812    libxml-simple-perl \
813    ninja-build \
814    npm \
815    pkg-config \
816    protobuf-compiler \
817    python3 \
818    python3-dev\
819    python3-git \
820    python3-mako \
821    python3-pip \
822    python3-protobuf \
823    python3-setuptools \
824    python3-socks \
825    python3-yaml \
826    rsync \
827    shellcheck \
828    socat \
829    sudo \
830    systemd \
831    valgrind \
832    vim \
833    wget \
834    xxd
835
836RUN update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-13 13 \
837  --slave /usr/bin/g++ g++ /usr/bin/g++-13 \
838  --slave /usr/bin/gcov gcov /usr/bin/gcov-13 \
839  --slave /usr/bin/gcov-dump gcov-dump /usr/bin/gcov-dump-13 \
840  --slave /usr/bin/gcov-tool gcov-tool /usr/bin/gcov-tool-13
841RUN update-alternatives --remove cpp /usr/bin/cpp && \
842    update-alternatives --install /usr/bin/cpp cpp /usr/bin/cpp-13 13
843
844RUN update-alternatives --install /usr/bin/clang clang /usr/bin/clang-17 1000 \
845  --slave /usr/bin/clang++ clang++ /usr/bin/clang++-17 \
846  --slave /usr/bin/clang-tidy clang-tidy /usr/bin/clang-tidy-17 \
847  --slave /usr/bin/clang-format clang-format /usr/bin/clang-format-17 \
848  --slave /usr/bin/run-clang-tidy run-clang-tidy.py \
849        /usr/bin/run-clang-tidy-17 \
850  --slave /usr/bin/scan-build scan-build /usr/bin/scan-build-17
851
852"""
853
854if is_automated_ci_build:
855    dockerfile_base += f"""
856# Run an arbitrary command to polute the docker cache regularly force us
857# to re-run `apt-get update` daily.
858RUN echo {Docker.timestamp()}
859RUN apt-get update && apt-get dist-upgrade -yy
860
861"""
862
863dockerfile_base += """
864RUN pip3 install --break-system-packages \
865        beautysh \
866        black \
867        codespell \
868        flake8 \
869        gitlint \
870        inflection \
871        isort \
872        jsonschema \
873        meson==1.3.0 \
874        requests
875
876RUN npm install -g \
877        eslint@v8.56.0 eslint-plugin-json@v3.1.0 \
878        markdownlint-cli@latest \
879        prettier@latest
880"""
881
882# Build the base and stage docker images.
883docker_base_img_name = Docker.tagname("base", dockerfile_base)
884Docker.build("base", docker_base_img_name, dockerfile_base)
885Package.generate_all()
886
887# Create the final Dockerfile.
888dockerfile = f"""
889# Build the final output image
890FROM {docker_base_img_name}
891{Package.df_all_copycmds()}
892
893# Some of our infrastructure still relies on the presence of this file
894# even though it is no longer needed to rebuild the docker environment
895# NOTE: The file is sorted to ensure the ordering is stable.
896RUN echo '{Package.depcache()}' > /tmp/depcache
897
898# Ensure the group, user, and home directory are created (or rename them if
899# they already exist).
900RUN if grep -q ":{gid}:" /etc/group ; then \
901        groupmod -n {username} $(awk -F : '{{ if ($3 == {gid}) {{ print $1 }} }}' /etc/group) ; \
902    else \
903        groupadd -f -g {gid} {username} ; \
904    fi
905RUN mkdir -p "{os.path.dirname(homedir)}"
906RUN if grep -q ":{uid}:" /etc/passwd ; then \
907        usermod -l {username} -d {homedir} -m $(awk -F : '{{ if ($3 == {uid}) {{ print $1 }} }}' /etc/passwd) ; \
908    else \
909        useradd -d {homedir} -m -u {uid} -g {gid} {username} ; \
910    fi
911RUN sed -i '1iDefaults umask=000' /etc/sudoers
912RUN echo "{username} ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers
913
914# Ensure user has ability to write to /usr/local for different tool
915# and data installs
916RUN chown -R {username}:{username} /usr/local/share
917
918# Update library cache
919RUN ldconfig
920
921{proxy_cmd}
922
923RUN /bin/bash
924"""
925
926# Do the final docker build
927docker_final_img_name = Docker.tagname(None, dockerfile)
928Docker.build("final", docker_final_img_name, dockerfile)
929
930# Print the tag of the final image.
931print(docker_final_img_name)
932