Update Debian build script for Bookworm
Notable changes: * Use j2cli from Debian repos instead of pip * Use setuptools from Debian repos instead of pip * Use wheel from Debian repos instead of pip * Update grpcio and grpcio-tools python packages to match version in Bookworm * Use m2crypto from Debian repos instead of pip Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
This commit is contained in:
parent
c54de85c89
commit
152354df48
@ -31,9 +31,9 @@ set -x -e
|
||||
CONFIGURED_ARCH=$([ -f .arch ] && cat .arch || echo amd64)
|
||||
|
||||
## docker engine version (with platform)
|
||||
DOCKER_VERSION=5:24.0.2-1~debian.11~$IMAGE_DISTRO
|
||||
DOCKER_VERSION=5:24.0.2-1~debian.12~$IMAGE_DISTRO
|
||||
CONTAINERD_IO_VERSION=1.6.21-1
|
||||
LINUX_KERNEL_VERSION=5.10.0-23-2
|
||||
LINUX_KERNEL_VERSION=6.1.0-11-2
|
||||
|
||||
## Working directory to prepare the file system
|
||||
FILESYSTEM_ROOT=./fsroot
|
||||
@ -375,6 +375,7 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in
|
||||
sysfsutils \
|
||||
squashfs-tools \
|
||||
$bootloader_packages \
|
||||
rsyslog \
|
||||
screen \
|
||||
hping3 \
|
||||
tcptraceroute \
|
||||
@ -390,9 +391,9 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in
|
||||
python3-pip \
|
||||
python-is-python3 \
|
||||
cron \
|
||||
libprotobuf23 \
|
||||
libprotobuf32 \
|
||||
libgrpc++1 \
|
||||
libgrpc10 \
|
||||
libgrpc29 \
|
||||
haveged \
|
||||
fdisk \
|
||||
gpg \
|
||||
@ -401,11 +402,8 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in
|
||||
linux-perf \
|
||||
resolvconf \
|
||||
lsof \
|
||||
sysstat
|
||||
|
||||
# default rsyslog version is 8.2110.0 which has a bug on log rate limit,
|
||||
# use backport version
|
||||
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -t bullseye-backports -y install rsyslog
|
||||
sysstat \
|
||||
zstd
|
||||
|
||||
# Have systemd create the auditd log directory
|
||||
sudo mkdir -p ${FILESYSTEM_ROOT}/etc/systemd/system/auditd.service.d
|
||||
@ -451,14 +449,6 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in
|
||||
systemd-sysv \
|
||||
ntp
|
||||
|
||||
# Workaround for issue: The udev rule may fail to be executed because the
|
||||
# daemon-reload command is executed in parallel
|
||||
# Github issue: https://github.com/systemd/systemd/issues/24668
|
||||
# Github PR: https://github.com/systemd/systemd/pull/24673
|
||||
# This workaround should be removed after a upstream already contains the fixes
|
||||
sudo patch $FILESYSTEM_ROOT/lib/systemd/system/systemd-udevd.service \
|
||||
files/image_config/systemd/systemd-udevd/fix-udev-rule-may-fail-if-daemon-reload-command-runs.patch
|
||||
|
||||
if [[ $TARGET_BOOTLOADER == grub ]]; then
|
||||
if [[ $CONFIGURED_ARCH == amd64 ]]; then
|
||||
GRUB_PKG=grub-pc-bin
|
||||
@ -535,13 +525,11 @@ done < files/image_config/sysctl/sysctl-net.conf
|
||||
|
||||
sudo augtool --autosave "$sysctl_net_cmd_string" -r $FILESYSTEM_ROOT
|
||||
|
||||
# Upgrade pip via PyPI and uninstall the Debian version
|
||||
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install --upgrade pip
|
||||
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get purge -y python3-pip
|
||||
# Specify that we want to explicitly install Python packages into the system environment, and risk breakages
|
||||
sudo cp files/image_config/pip/pip.conf $FILESYSTEM_ROOT/etc/pip.conf
|
||||
|
||||
# For building Python packages
|
||||
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install 'setuptools==49.6.00'
|
||||
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install 'wheel==0.35.1'
|
||||
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install python3-setuptools python3-wheel
|
||||
|
||||
# docker Python API package is needed by Ansible docker module as well as some SONiC applications
|
||||
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install 'docker==6.1.1'
|
||||
@ -772,7 +760,8 @@ if [[ $TARGET_BOOTLOADER == uboot ]]; then
|
||||
sudo LANG=C chroot $FILESYSTEM_ROOT mv /boot/u${INITRD_FILE} /boot/$INITRD_FILE
|
||||
elif [[ $CONFIGURED_ARCH == arm64 ]]; then
|
||||
sudo cp -v $PLATFORM_DIR/${sonic_asic_platform}-${CONFIGURED_ARCH}/sonic_fit.its $FILESYSTEM_ROOT/boot/
|
||||
sudo LANG=C chroot $FILESYSTEM_ROOT mkimage -f /boot/sonic_fit.its /boot/sonic_${CONFIGURED_ARCH}.fit
|
||||
# TODO: fix for bookworm, probably needs arm64 patches in sonic-linux-kernel to be updated
|
||||
#sudo LANG=C chroot $FILESYSTEM_ROOT mkimage -f /boot/sonic_fit.its /boot/sonic_${CONFIGURED_ARCH}.fit
|
||||
fi
|
||||
fi
|
||||
|
||||
|
@ -110,7 +110,7 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in
|
||||
python3-dev
|
||||
|
||||
# Install j2cli for handling jinja template
|
||||
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install "j2cli==0.3.10"
|
||||
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install j2cli
|
||||
|
||||
# Install Python client for Redis
|
||||
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install "redis==3.5.3"
|
||||
@ -130,8 +130,8 @@ sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install ipaddr
|
||||
|
||||
# Install Python module for grpcio and grpcio-toole
|
||||
if [[ $CONFIGURED_ARCH == amd64 ]]; then
|
||||
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install "grpcio==1.39.0"
|
||||
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install "grpcio-tools==1.39.0"
|
||||
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install "grpcio==1.51.1"
|
||||
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install "grpcio-tools==1.51.1"
|
||||
fi
|
||||
|
||||
# Install sonic-py-common Python 3 package
|
||||
@ -146,9 +146,8 @@ if [[ $CONFIGURED_ARCH == armhf || $CONFIGURED_ARCH == arm64 ]]; then
|
||||
fi
|
||||
|
||||
# Install sonic-yang-models Python 3 package, install dependencies
|
||||
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/libyang_*.deb
|
||||
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/libyang-cpp_*.deb
|
||||
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/python3-yang_*.deb
|
||||
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/libyang_*.deb $debs_path/libyang-cpp_*.deb $debs_path/python3-yang_*.deb || \
|
||||
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
|
||||
SONIC_YANG_MODEL_PY3_WHEEL_NAME=$(basename {{sonic_yang_models_py3_wheel_path}})
|
||||
sudo cp {{sonic_yang_models_py3_wheel_path}} $FILESYSTEM_ROOT/$SONIC_YANG_MODEL_PY3_WHEEL_NAME
|
||||
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $SONIC_YANG_MODEL_PY3_WHEEL_NAME
|
||||
@ -165,7 +164,7 @@ sudo rm -rf $FILESYSTEM_ROOT/$SONIC_YANG_MGMT_PY3_WHEEL_NAME
|
||||
# Then immediately uninstall enum34, as enum34 should not be installed for Python >= 3.4, as it causes a
|
||||
# conflict with the new 'enum' module in the standard library
|
||||
# https://github.com/robshakir/pyangbind/issues/232
|
||||
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install pyangbind==0.8.1
|
||||
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install pyangbind==0.8.2
|
||||
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 uninstall -y enum34
|
||||
|
||||
# Install SONiC config engine Python 3 package
|
||||
@ -200,12 +199,8 @@ sudo cp {{system_health_py3_wheel_path}} $FILESYSTEM_ROOT/$SYSTEM_HEALTH_PY3_WHE
|
||||
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $SYSTEM_HEALTH_PY3_WHEEL_NAME
|
||||
sudo rm -rf $FILESYSTEM_ROOT/$SYSTEM_HEALTH_PY3_WHEEL_NAME
|
||||
|
||||
# Install prerequisites needed for installing the Python m2crypto package, used by sonic-utilities
|
||||
# These packages can be uninstalled after intallation
|
||||
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install build-essential libssl-dev swig
|
||||
|
||||
# Install prerequisites needed for using the Python m2crypto package, used by sonic-utilities
|
||||
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install openssl
|
||||
# Install m2crypto, cryptography, cffi, and pynacl packages, used by sonic-utilities
|
||||
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install python3-m2crypto python3-cryptography python3-cffi python3-nacl
|
||||
|
||||
# install libffi-dev to match utilities' dependency.
|
||||
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install libffi-dev
|
||||
@ -233,7 +228,7 @@ sudo cp -f $IMAGE_CONFIGS/readline/inputrc $FILESYSTEM_ROOT/etc/
|
||||
|
||||
# Install prerequisites needed for installing the dependent Python packages of sonic-host-services
|
||||
# These packages can be uninstalled after installation
|
||||
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install libcairo2-dev libdbus-1-dev libgirepository1.0-dev libsystemd-dev pkg-config
|
||||
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install libcairo2-dev libdbus-1-dev libgirepository1.0-dev libsystemd-dev pkg-config python3-dbus
|
||||
|
||||
# Mark runtime dependencies as manually installed to avoid them being auto-removed while uninstalling build dependencies
|
||||
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-mark manual gir1.2-glib-2.0 libdbus-1-3 libgirepository-1.0-1 libsystemd0 python3-dbus
|
||||
@ -270,7 +265,7 @@ sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/sonic-device-data_*.deb || \
|
||||
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
|
||||
|
||||
# package for supporting password hardening
|
||||
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install libpam-cracklib
|
||||
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install libpam-pwquality
|
||||
|
||||
# Install pam-tacplus and nss-tacplus
|
||||
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/libtac2_*.deb || \
|
||||
@ -356,7 +351,8 @@ sudo cp $IMAGE_CONFIGS/monit/restart_service $FILESYSTEM_ROOT/usr/bin/
|
||||
sudo chmod 755 $FILESYSTEM_ROOT/usr/bin/restart_service
|
||||
|
||||
# Installed smartmontools version should match installed smartmontools in docker-platform-monitor Dockerfile
|
||||
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install smartmontools=7.2-1
|
||||
# TODO: are mismatching versions fine for bookworm?
|
||||
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install smartmontools
|
||||
|
||||
# Install custom-built openssh sshd
|
||||
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/openssh-server_${OPENSSH_VERSION}_*.deb $debs_path/openssh-client_${OPENSSH_VERSION}_*.deb $debs_path/openssh-sftp-server_${OPENSSH_VERSION}_*.deb
|
||||
@ -481,16 +477,6 @@ sudo LANG=C chroot $FILESYSTEM_ROOT systemctl enable systemd-bootchart
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
if [[ $CONFIGURED_ARCH == armhf ]]; then
|
||||
# The azure-storage package depends on the cryptography package. Newer
|
||||
# versions of cryptography require the rust compiler, the correct version
|
||||
# for which is not readily available in buster. Hence we pre-install an
|
||||
# older version here to satisfy the azure-storage dependency.
|
||||
# Note: This is not a problem for other architectures as pre-built versions
|
||||
# of cryptography are available for those. This sequence can be removed
|
||||
# after upgrading to debian bullseye.
|
||||
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install cryptography==3.3.1
|
||||
fi
|
||||
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install azure-storage==0.36.0
|
||||
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install watchdog==0.10.3
|
||||
|
||||
@ -927,7 +913,6 @@ sudo cp $BUILD_TEMPLATES/sonic.target $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
|
||||
sudo LANG=C chroot $FILESYSTEM_ROOT systemctl enable sonic.target
|
||||
|
||||
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get purge -y python3-dev
|
||||
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get purge -y build-essential libssl-dev swig
|
||||
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get purge -y libcairo2-dev libdbus-1-dev libgirepository1.0-dev libsystemd-dev pkg-config
|
||||
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get clean -y
|
||||
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get autoremove -y
|
||||
|
2
files/image_config/pip/pip.conf
Normal file
2
files/image_config/pip/pip.conf
Normal file
@ -0,0 +1,2 @@
|
||||
[global]
|
||||
break-system-packages = true
|
@ -76,7 +76,7 @@ RUN LIBPYTHON3_DEPS="`apt-cache depends libpython3-dev:$arch |grep Depends|awk {
|
||||
RUN apt-get install -y swig libssl-dev
|
||||
|
||||
RUN PATH=/python_virtualenv/env3/bin/:$PATH python3 -m pip install pyang==2.4.0
|
||||
RUN PATH=/python_virtualenv/env3/bin/:$PATH python3 -m pip install pyangbind==0.8.1
|
||||
RUN PATH=/python_virtualenv/env3/bin/:$PATH python3 -m pip install pyangbind==0.8.2
|
||||
RUN PATH=/python_virtualenv/env3/bin/:$PATH python3 -m pip uninstall -y enum34
|
||||
RUN PATH=/python_virtualenv/env3/bin/:$PATH pip3 install --force-reinstall --no-cache-dir coverage
|
||||
{%- endif %}
|
||||
|
Loading…
Reference in New Issue
Block a user