From b46f967474632c578daa0635ef501b8c5cc9350e Mon Sep 17 00:00:00 2001 From: Saikrishna Arcot Date: Mon, 26 Jun 2023 09:14:51 -0700 Subject: [PATCH] Add Bookworm slave container Changes from Bullseye slave container: * Python 2 is no longer available at all * Python 3.11 (instead of Python 3.9) * GCC 12 (instead of GCC 10) * Python ipaddr package is no longer available * OpenJDK 17 (instead of OpenJDK 11) * Remove doxygen armhf manual compilation (no longer needed) * Disable FIPS, as the FIPS binaries are currently not yet available * Install Python setuptools through Debian instead of pip * Install Python wheel through Debian instead of pip * Install Python nose through Debian instead of pip * Install Python j2cli through Debian instead of pip * Install Python pexpect through Debian instead of pip * Install Python parameterized through Debian instead of pip * Install Python pyyaml through Debian instead of pip * Install Python pyfakefs through Debian instead of pip * Install Python m2crypto through Debian instead of pip * Python pympler 1.0 (instead of 0.8) * Install Python build (as a replacement to setup.py) Signed-off-by: Saikrishna Arcot --- .../docker-sonic-slave-template.yml | 1 + .azure-pipelines/docker-sonic-slave.yml | 3 +- Makefile | 9 + Makefile.work | 4 +- slave.mk | 2 +- sonic-slave-bookworm/Dockerfile.j2 | 667 ++++++++++++++++++ sonic-slave-bookworm/Dockerfile.user.j2 | 34 + .../disable-non-manylinux.patch | 10 + sonic-slave-bookworm/no-check-valid-until | 4 + sonic-slave-bookworm/pip.conf | 2 + sonic-slave-bookworm/sonic-jenkins-id_rsa.pub | 1 + 11 files changed, 734 insertions(+), 3 deletions(-) create mode 100644 sonic-slave-bookworm/Dockerfile.j2 create mode 100644 sonic-slave-bookworm/Dockerfile.user.j2 create mode 100644 sonic-slave-bookworm/disable-non-manylinux.patch create mode 100644 sonic-slave-bookworm/no-check-valid-until create mode 100644 sonic-slave-bookworm/pip.conf create mode 100644 sonic-slave-bookworm/sonic-jenkins-id_rsa.pub diff --git a/.azure-pipelines/docker-sonic-slave-template.yml b/.azure-pipelines/docker-sonic-slave-template.yml index 063f754531..1ac8ce67fd 100644 --- a/.azure-pipelines/docker-sonic-slave-template.yml +++ b/.azure-pipelines/docker-sonic-slave-template.yml @@ -16,6 +16,7 @@ parameters: - name: dist type: string values: + - bookworm - bullseye - buster - stretch diff --git a/.azure-pipelines/docker-sonic-slave.yml b/.azure-pipelines/docker-sonic-slave.yml index 4c679f7f95..acff1b8587 100644 --- a/.azure-pipelines/docker-sonic-slave.yml +++ b/.azure-pipelines/docker-sonic-slave.yml @@ -8,7 +8,7 @@ resources: - repository: buildimage type: github name: sonic-net/sonic-buildimage - ref: master + ref: bookworm endpoint: sonic-net schedules: @@ -44,6 +44,7 @@ parameters: - name: 'dists' type: object default: + - bookworm - bullseye - buster - stretch diff --git a/Makefile b/Makefile index 5ebb6b6a05..f2f59a990b 100644 --- a/Makefile +++ b/Makefile @@ -4,6 +4,7 @@ NOJESSIE ?= 1 NOSTRETCH ?= 1 NOBUSTER ?= 0 NOBULLSEYE ?= 0 +NOBOOKWORM ?= 1 override Q := @ ifeq ($(QUIET),n) @@ -29,6 +30,10 @@ ifeq ($(NOBULLSEYE),0) BUILD_BULLSEYE=1 endif +ifeq ($(NOBOOKWORM),0) +BUILD_BOOKWORM=1 +endif + PLATFORM_PATH := platform/$(if $(PLATFORM),$(PLATFORM),$(CONFIGURED_PLATFORM)) PLATFORM_CHECKOUT := platform/checkout PLATFORM_CHECKOUT_FILE := $(PLATFORM_CHECKOUT)/$(PLATFORM).ini @@ -48,6 +53,9 @@ ifeq ($(NOBUSTER), 0) endif ifeq ($(NOBULLSEYE), 0) $(MAKE_WITH_RETRY) BLDENV=bullseye -f Makefile.work $@ +endif +ifeq ($(NOBOOKWORM), 0) + $(MAKE_WITH_RETRY) BLDENV=bullseye -f Makefile.work $@ endif BLDENV=bullseye $(MAKE) -f Makefile.work docker-cleanup @@ -82,6 +90,7 @@ define make_work $(if $(BUILD_STRETCH),BLDENV=stretch $(MAKE) -f Makefile.work $@,) $(if $(BUILD_BUSTER),BLDENV=buster $(MAKE) -f Makefile.work $@,) $(if $(BUILD_BULLSEYE),BLDENV=bullseye $(MAKE) -f Makefile.work $@,) + $(if $(BUILD_BOOKWORM),BLDENV=bookworm $(MAKE) -f Makefile.work $@,) endef .PHONY: $(PLATFORM_PATH) diff --git a/Makefile.work b/Makefile.work index daa12602d6..f737a9a7d8 100644 --- a/Makefile.work +++ b/Makefile.work @@ -121,7 +121,9 @@ else TARGET_BOOTLOADER = uboot endif -ifeq ($(BLDENV), bullseye) +ifeq ($(BLDENV), bookworm) +SLAVE_DIR = sonic-slave-bookworm +else ifeq ($(BLDENV), bullseye) SLAVE_DIR = sonic-slave-bullseye else ifeq ($(BLDENV), buster) SLAVE_DIR = sonic-slave-buster diff --git a/slave.mk b/slave.mk index bf4f224631..7069c3490a 100644 --- a/slave.mk +++ b/slave.mk @@ -47,7 +47,7 @@ BUILD_WORKDIR = /sonic DPKG_ADMINDIR_PATH = $(BUILD_WORKDIR)/dpkg SLAVE_DIR ?= sonic-slave-$(BLDENV) -CONFIGURED_PLATFORM := $(shell [ -f .platform ] && cat .platform || echo generic) +CONFIGURED_PLATFORM = $(if $(PLATFORM),$(PLATFORM),$(shell [ -f .platform ] && cat .platform || echo generic)) PLATFORM_PATH = platform/$(CONFIGURED_PLATFORM) CONFIGURED_ARCH := $(shell [ -f .arch ] && cat .arch || echo amd64) ifeq ($(PLATFORM_ARCH),) diff --git a/sonic-slave-bookworm/Dockerfile.j2 b/sonic-slave-bookworm/Dockerfile.j2 new file mode 100644 index 0000000000..7becd870fe --- /dev/null +++ b/sonic-slave-bookworm/Dockerfile.j2 @@ -0,0 +1,667 @@ +{% set prefix = DEFAULT_CONTAINER_REGISTRY %} +{%- if CONFIGURED_ARCH == "armhf" and MULTIARCH_QEMU_ENVIRON == "y" %} +FROM {{ prefix }}multiarch/qemu-user-static:x86_64-arm-7.2.0-1 as qemu +FROM {{ prefix }}multiarch/debian-debootstrap:armhf-bookworm +COPY --from=qemu /usr/bin/qemu-arm-static /usr/bin +{%- elif CONFIGURED_ARCH == "arm64" and MULTIARCH_QEMU_ENVIRON == "y" %} +FROM {{ prefix }}multiarch/qemu-user-static:x86_64-aarch64-7.2.0-1 as qemu +FROM {{ prefix }}multiarch/debian-debootstrap:arm64-bookworm +COPY --from=qemu /usr/bin/qemu-aarch64-static /usr/bin +{%- elif CONFIGURED_ARCH == "armhf" and CROSS_BUILD_ENVIRON == "y" %} +FROM {{ prefix }}multiarch/qemu-user-static:x86_64-arm-7.2.0-1 as qemu +FROM {{ prefix }}debian:bookworm +COPY --from=qemu /usr/bin/qemu-arm-static /usr/bin +{%- elif CONFIGURED_ARCH == "arm64" and CROSS_BUILD_ENVIRON == "y" %} +FROM {{ prefix }}multiarch/qemu-user-static:x86_64-aarch64-7.2.0-1 as qemu +FROM {{ prefix }}debian:bookworm +COPY --from=qemu /usr/bin/qemu-aarch64-static /usr/bin +{%- else -%} +FROM {{ prefix }}debian:bookworm +{%- endif %} + +MAINTAINER gulv@microsoft.com + +COPY ["no-check-valid-until", "/etc/apt/apt.conf.d/"] + +{%- if CROSS_BUILD_ENVIRON != "y" %} +COPY ["sources.list.{{ CONFIGURED_ARCH }}", "/etc/apt/sources.list"] +{%- else %} +COPY ["sources.list.amd64", "/etc/apt/sources.list"] +{%- if CONFIGURED_ARCH == "armhf" %} +ARG arch=armhf +ARG gcc_arch=arm-linux-gnueabihf +ARG PYTHON_CROSS_PLATFORM=linux_armv7l +{%- elif CONFIGURED_ARCH == "arm64" %} +ARG arch=arm64 +ARG gcc_arch=aarch64-linux-gnu +ARG PYTHON_CROSS_PLATFORM=linux_aarch64 +{%- endif %} + +RUN dpkg --add-architecture $arch +RUN apt-get update +RUN apt-get install -y crossbuild-essential-$arch +RUN apt-get install -y gcc-$gcc_arch + +RUN apt-mark hold g++-$gcc_arch +RUN apt-mark hold g++-10-$gcc_arch +RUN apt-mark hold gcc-$gcc_arch +RUN apt-mark hold gcc-10-$gcc_arch + +ARG CROSS_CC=${gcc_arch}-gcc +ARG CROSS_CXX=${gcc_arch}-g++ +{%- endif %} + +## Make apt-get non-interactive +ENV DEBIAN_FRONTEND=noninteractive + +COPY ["pip.conf", "/etc/pip.conf"] + +{%- if CROSS_BUILD_ENVIRON == "y" %} +RUN apt-get install -y python3 python3-pip +RUN apt-get install -y python3-minimal:$arch python3.11:$arch python3:$arch python3-dev:$arch python3-setuptools:$arch +RUN apt-get download python3-distutils && dpkg --force-all -i python3-distutils* +RUN apt-get download python3-pip && dpkg --force-all -i python3-pip* +RUN which pip3 && pip3 install enum34 +RUN pip3 install virtualenv + +# Create target arm python3 virtual environments with all required packages installed +RUN mkdir /python_virtualenv +RUN cd /python_virtualenv && python3 -m virtualenv --copies -p /usr/bin/python3 env3 + +RUN PATH=/python_virtualenv/env3/bin/:$PATH pip3 install setuptools==66.1.1 wheel==0.38.4 fastentrypoints pytest pytest-cov pytest-runner==5.2 nose==1.3.7 mockredispy==2.9.3 mock==3.0.5 PyYAML==6.0.1 redis==3.5.3 pexpect==4.8.0 Pympler==0.8 parameterized natsort==6.2.1 MarkupSafe==2.0.1 Jinja2==3.0.3 click tabulate netaddr netifaces pyroute2 pyfakefs sphinx && ln -s /python_virtualenv/env3/bin/pytest /python_virtualenv/env3/bin/pytest-3 + +RUN apt-get --fix-broken install -y +RUN LIBPYTHON3_DEPS="`apt-cache depends libpython3-dev:$arch |grep Depends|awk {'print \$2;'}|tr "\n" " "`" && apt-get install -y libpython2.7-dev:$arch $LIBPYTHON3_DEPS libxml2-dev:$arch libxslt-dev:$arch libssl-dev:$arch libz-dev:$arch + +RUN apt-get install -y swig libssl-dev + +RUN PATH=/python_virtualenv/env3/bin/:$PATH python3 -m pip install pyang==2.4.0 +RUN PATH=/python_virtualenv/env3/bin/:$PATH python3 -m pip install pyangbind==0.8.2 +RUN PATH=/python_virtualenv/env3/bin/:$PATH python3 -m pip uninstall -y enum34 +RUN PATH=/python_virtualenv/env3/bin/:$PATH pip3 install --force-reinstall --no-cache-dir coverage +{%- endif %} + +RUN apt-get update && apt-get install -y \ + apt-utils \ + default-jre-headless \ + openssh-server \ + curl \ + wget \ + unzip \ + {{ GZ_COMPRESS_PROGRAM }} \ + git \ + build-essential \ + libtool \ + lintian \ + sudo \ + dh-make \ + dh-exec \ + kmod \ + libtinyxml2-dev \ + python3 \ + python3-pip \ + python3-setuptools \ + python3-wheel \ + python3-build \ + libncurses5-dev \ + texinfo \ + dh-autoreconf \ + doxygen \ + devscripts \ + git-buildpackage \ + perl-modules \ + libclass-accessor-perl \ + libswitch-perl \ + libzmq5 \ + libzmq3-dev \ + uuid-dev \ + jq \ + cron \ +# For sonic-swss-common + nlohmann-json3-dev \ + libhiredis-dev \ +# For quagga build + libreadline-dev \ + texlive-latex-base \ + texlive-plain-generic \ + texlive-fonts-recommended \ + libpam0g-dev \ + libpam-dev \ + libcap-dev \ + imagemagick \ + ghostscript \ + groff \ + libpcre3-dev \ + gawk \ + chrpath \ +# For frr build + libc-ares-dev \ + libsnmp-dev \ + libjson-c-dev \ + libsystemd-dev \ + libcmocka-dev \ +#{%- if CROSS_BUILD_ENVIRON != "y" %} + python3-all-dev \ + python3-all-dbg \ +#{%- endif %} + install-info \ + logrotate \ +# For libnl3 (local) build + cdbs \ +# For SAI meta build + libxml-simple-perl \ + graphviz \ + aspell \ +# For SAI meta rpc build - make rpc + libgetopt-long-descriptive-perl \ + libconst-fast-perl \ + libtemplate-perl \ + libnamespace-autoclean-perl \ + libmoose-perl \ + libmoosex-aliases-perl \ +# For linux build + bc \ + fakeroot \ + build-essential \ + devscripts \ + quilt \ + stgit \ + sbsigntool \ +# For platform-modules build + module-assistant \ +# For thrift build\ + gem2deb \ + libevent-dev \ + libglib2.0-dev \ +#{%- if CROSS_BUILD_ENVIRON != "y" %} + python3-all-dev \ +#{%- endif %} + python3-twisted \ + phpunit \ + libbit-vector-perl \ + openjdk-17-jdk \ + javahelper \ + maven-debian-helper \ + ant \ + libhttpclient-java \ + libslf4j-java \ + libservlet3.1-java \ + pkg-php-tools \ +# For mellanox sdk build + libpcre3 \ + libpcre3-dev \ + byacc \ + flex \ + libglib2.0-dev \ + bison \ + expat \ + libexpat1-dev \ + libdb-dev \ + libiptc-dev \ + libxtables-dev \ + libbpf-dev \ +# For mellanox sai build + libtool-bin \ + libxml2-dev \ +# For BFN sdk build + libusb-1.0-0-dev \ + libcurl4-openssl-dev \ + libunwind8-dev \ + telnet \ + libc-ares2 \ + libgoogle-perftools4 \ +# For build image + cpio \ + squashfs-tools \ + zip \ +# For broadcom sdk build +{%- if CONFIGURED_ARCH == "amd64" %} + linux-compiler-gcc-12-x86 \ +{%- endif %} +{%- if CONFIGURED_ARCH == "armhf" and CROSS_BUILD_ENVIRON != "y" %} + linux-compiler-gcc-12-arm \ +{%- endif %} + linux-kbuild-6.1 \ +# teamd build + libdaemon-dev \ + libdbus-1-dev \ + libjansson-dev \ +# For cavium sdk build + libpcap-dev \ + dnsutils \ + libusb-dev \ +# For cisco sdk build + libgrpc++1 \ + libabsl-dev \ +# For debian image reconfiguration + augeas-tools \ +# For p4 build + libyaml-dev \ + libevent-dev \ + libjudy-dev \ + libedit-dev \ + libnanomsg-dev \ + python3-stdeb \ +# For redis build + libjemalloc-dev \ + liblua5.1-0-dev \ + lua-bitop-dev \ + lua-cjson-dev \ +# For mft kernel module build + dkms \ +# For Jenkins static analysis, unit testing and code coverage + cppcheck \ + clang \ + pylint \ + python3-pytest \ + python3-nose \ + python3-venv \ + gcovr \ + python3-pytest-cov \ + python3-pytest-cov \ + python3-parse \ +# For snmpd + default-libmysqlclient-dev \ + libssl-dev \ + libperl-dev \ + libpci-dev \ + libpci3 \ + libsensors5 \ + libsensors4-dev \ + libwrap0-dev \ +# For lldpd + debhelper \ + autotools-dev \ + libbsd-dev \ + pkg-config \ + check \ +# For mpdecimal + docutils-common \ + libjs-sphinxdoc \ + libjs-underscore \ + python3-docutils \ + python3-jinja2 \ + python3-markupsafe \ + python3-pygments \ + python3-roman \ + python3-sphinx \ + sphinx-common \ + python3-sphinx \ +# For sonic config engine testing +{%- if CROSS_BUILD_ENVIRON != "y" %} + python3-dev \ +{%- endif %} +{%- if CONFIGURED_ARCH == "armhf" or CONFIGURED_ARCH == "arm64" %} + libxslt-dev \ +{%- endif %} + j2cli \ +# For lockfile + procmail \ +# For gtest + libgtest-dev \ + cmake \ +# For gmock + libgmock-dev \ +# For pam_tacplus build + autoconf-archive \ +# For iproute2 + cm-super-minimal \ + libatm1-dev \ + libbpf-dev \ + libelf-dev \ + libmnl-dev \ + libselinux1-dev \ + linuxdoc-tools \ + lynx \ + texlive-latex-extra \ + texlive-latex-recommended \ + iproute2 \ +# For bash + texi2html \ + sharutils \ + locales \ + time \ + man2html-base \ + libcunit1 \ + libcunit1-dev \ +# For initramfs + shellcheck \ + bash-completion \ +{%- if CONFIGURED_ARCH == "amd64" %} +# For sonic vs image build + dosfstools \ + qemu-kvm \ + libvirt-clients \ + python3-pexpect \ +{%- endif %} +# For ntp + autogen \ + libopts25-dev \ + pps-tools \ + dh-apparmor \ +# For lm-sensors + librrd8 \ + librrd-dev \ + rrdtool \ +# For kdump-tools + liblzo2-dev \ +# For iptables + libnetfilter-conntrack-dev \ + libnftnl-dev \ +# For SAI3.7 + xxd \ +# For DHCP Monitor tool + libexplain-dev \ + libevent-dev \ +# For libyang + swig \ +# For build dtb + device-tree-compiler \ +# For sonic-mgmt-framework + autoconf \ + m4 \ + libxml2-utils \ + xsltproc \ + python3-lxml \ + libexpat1-dev \ + libcurl4 \ + libcjson-dev \ + python3-yaml \ + python3-parameterized \ +# For WPA supplication + qtbase5-dev \ + aspell-en \ + libssl-dev \ + dbus \ + libdbus-1-dev \ + libdbus-glib-1-2 \ + libdbus-glib-1-dev \ + libreadline-dev \ + libncurses5-dev \ + libpcsclite-dev \ + docbook-to-man \ + docbook-utils \ +# For kdump-tools + libbz2-dev \ +# For linkmgrd + libboost-dev \ + libboost-program-options-dev \ + libboost-system-dev \ + libboost-serialization1.74-dev \ + libboost-thread-dev \ + libboost-atomic-dev \ + libboost-chrono-dev \ + libboost-container-dev \ + libboost-context-dev \ + libboost-contract-dev \ + libboost-coroutine-dev \ + libboost-date-time-dev \ + libboost-fiber-dev \ + libboost-filesystem-dev \ + libboost-graph-parallel-dev \ + libboost-log-dev \ + libboost-regex-dev \ + googletest \ + libgtest-dev \ + libgmock-dev \ +# For sonic-host-services build + libcairo2-dev \ + libdbus-1-dev \ + libgirepository1.0-dev \ + libsystemd-dev \ + pkg-config \ +# For sonic-utilities build + python3-cryptography \ +# For audisp-tacplus + libauparse-dev \ + auditd \ +# For protobuf + dh-elpa \ + xmlto \ + rake-compiler \ + default-jdk \ + libgoogle-gson-java + +{%- if CROSS_BUILD_ENVIRON == "y" %} +# Arm vs. amd64 versions conflict - remove amd64 packages +RUN apt-get remove -y libnl-3-200 +RUN apt-get install -y libpcre3:$arch +{%- endif %} + +RUN apt-get -y build-dep openssh + +# Build fix for ARM64 and ARMHF /etc/debian_version +{%- if CONFIGURED_ARCH == "armhf" or CONFIGURED_ARCH == "arm64" %} +RUN apt upgrade -y base-files libc-bin=$(dpkg-query -W -f '${Version}' libc-bin) +{%- endif %} + +## Config dpkg +## install the configuration file if it’s currently missing +RUN sudo augtool --autosave "set /files/etc/dpkg/dpkg.cfg/force-confmiss" +## combined with confold: overwrite configuration files that you have not modified +RUN sudo augtool --autosave "set /files/etc/dpkg/dpkg.cfg/force-confdef" +## do not modify the current configuration file, the new version is installed with a .dpkg-dist suffix +RUN sudo augtool --autosave "set /files/etc/dpkg/dpkg.cfg/force-confold" + +{%- if CROSS_BUILD_ENVIRON != "y" %} +# For linux build +RUN apt-get -y build-dep linux +{%- else %} +RUN apt-get install -y kernel-wedge +{%- endif %} + +# For gobgp and telemetry build +RUN apt-get install -y golang +{%- if INCLUDE_FIPS == "y" %} +# FIPS not yet available +RUN false +RUN wget -O golang-go.deb 'https://sonicstorage.blob.core.windows.net/public/fips/bookworm/0.1/{{ CONFIGURED_ARCH }}/golang-1.15-go_1.15.15-1~deb11u4%2Bfips_{{ CONFIGURED_ARCH }}.deb' \ + && wget -O golang-src.deb 'https://sonicstorage.blob.core.windows.net/public/fips/bookworm/0.1/{{ CONFIGURED_ARCH }}/golang-1.15-src_1.15.15-1~deb11u4%2Bfips_{{ CONFIGURED_ARCH }}.deb' \ + && dpkg -i golang-go.deb golang-src.deb \ + && ln -sf /usr/lib/go-1.15 /usr/local/go \ + && rm golang-go.deb golang-src.deb +{%- else %} +RUN apt-get install -y golang-go \ + && ln -sf /usr/lib/go-1.19 /usr/local/go +{%- endif %} + +RUN pip3 install --upgrade pip +RUN apt-get purge -y python3-pip + +{%- if CONFIGURED_ARCH == "armhf" %} +# Allow only manylinux wheels on armhf, to ensure that binaries/libraries work correctly on armhf +COPY ["disable-non-manylinux.patch", "/"] +{%- if CROSS_BUILD_ENVIRON == "y" %} +RUN patch -p1 -i /disable-non-manylinux.patch /python_virtualenv/env3/lib/python3.11/site-packages/pip/_vendor/packaging/tags.py +{%- else %} +RUN patch -p1 -i /disable-non-manylinux.patch /usr/local/lib/python3.11/dist-packages/pip/_vendor/packaging/tags.py +{%- endif %} +{%- endif %} + +# For building sonic-utilities +RUN pip3 install fastentrypoints mock + +# For running Python unit tests +RUN pip3 install pytest-runner==5.2 +RUN pip3 install mockredispy==2.9.3 +RUN pip3 install pyfakefs + +RUN pip3 install pillow==10.0.0 + +# For p4 build +RUN pip3 install \ + ctypesgen==1.0.2 \ + crc16 + +# For sonic config engine testing +# Install pyangbind here, outside sonic-config-engine dependencies, as pyangbind causes enum34 to be installed. +# enum34 causes Python 're' package to not work properly as it redefines an incompatible enum.py module +# https://github.com/robshakir/pyangbind/issues/232 +RUN pip3 install pyangbind==0.8.2 +RUN pip3 uninstall -y enum34 + +# For sonic-platform-common testing +RUN pip3 install redis + +# For sonic-swss-common testing +RUN pip3 install Pympler==1.0 + +# For sonic_yang_model build +RUN pip3 install pyang==2.4.0 + +# For mgmt-framework build +RUN pip3 install mmh3==2.5.1 + +RUN apt-get install -y xsltproc + +# Install dependencies for isc-dhcp-relay build +RUN apt-get -y build-dep isc-dhcp + +# Install vim +RUN apt-get install -y vim + +# Install rsyslog +RUN apt-get install -y rsyslog + +{%- if CROSS_BUILD_ENVIRON == "y" %} +RUN cd /usr/src/gtest && CXX=$CROSS_CXX CC=$CROSS_CC cmake . && make -C /usr/src/gtest +{%- else %} +RUN cd /usr/src/gtest && cmake . && make -C /usr/src/gtest +{%- endif %} + +RUN mkdir /var/run/sshd +EXPOSE 22 + +# Install docker engine 24 inside docker and enable experimental feature +RUN apt-get update +RUN apt-get install -y \ + apt-transport-https \ + ca-certificates \ + curl \ + gnupg2 \ + software-properties-common +{%- if CONFIGURED_ARCH == "armhf" %} + RUN update-ca-certificates --fresh +{%- endif %} +RUN curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add - +RUN add-apt-repository \ +{%- if CROSS_BUILD_ENVIRON == "y" %} + "deb https://download.docker.com/linux/debian \ +{%- else %} + "deb [arch={{ CONFIGURED_ARCH }}] https://download.docker.com/linux/debian \ +{%- endif %} + $(lsb_release -cs) \ + stable" +RUN apt-get update +RUN apt-get install -y docker-ce=5:24.0.2-1~debian.12~bookworm docker-ce-cli=5:24.0.2-1~debian.12~bookworm containerd.io=1.6.21-1 docker-buildx-plugin=0.10.5-1~debian.12~bookworm docker-compose-plugin=2.18.1-1~debian.12~bookworm +RUN echo "DOCKER_OPTS=\"--experimental --storage-driver=vfs {{ DOCKER_EXTRA_OPTS }}\"" >> /etc/default/docker +RUN update-alternatives --set iptables /usr/sbin/iptables-legacy + +# Install m2crypto package, needed by SWI tools +RUN sudo apt-get install python3-m2crypto + +# Install swi tools +RUN pip3 install git+https://github.com/aristanetworks/swi-tools.git@bead66bf261770237f7dd21ace3774ba04a017e9 + +{% if CONFIGURED_ARCH != "amd64" -%} +# Install node.js for azure pipeline +RUN curl -sL https://deb.nodesource.com/setup_14.x | bash - +RUN apt-get install -y nodejs + +{%- if CROSS_BUILD_ENVIRON == "y" %} +RUN apt-get install -y rsync dh-python + +RUN apt-get install -y \ + libelf-dev:$arch \ + libdw-dev:$arch \ + libbz2-dev:$arch \ + liblzo2-dev:$arch \ + libedit-dev:$arch \ + libevent-dev:$arch \ + libopts25-dev:$arch \ + libssl-dev:$arch \ + pps-tools:$arch \ + libpam-cap:$arch \ + libcap-dev:$arch \ + libpam0g-dev:$arch \ + libaudit-dev:$arch \ + libgtk-3-dev:$arch \ + libkrb5-dev:$arch \ + libsystemd-dev:$arch \ + libwrap0-dev:$arch \ + libkrb5-dev:$arch \ + libboost1.74-dev:$arch \ + libboost-dev:$arch \ + libzmq5:$arch \ + libzmq3-dev:$arch \ + libdaemon-dev:$arch \ + libjansson-dev:$arch \ + libmnl-dev:$arch \ + libsensors5:$arch \ + libsensors4-dev:$arch \ + libperl-dev:$arch \ + libmariadb-dev:$arch \ + libmariadb-dev-compat:$arch \ + libpci-dev:$arch \ + libjson-c-dev:$arch \ + libreadline-dev:$arch \ + librtr-dev:$arch \ + librrd-dev:$arch \ + libnetfilter-conntrack-dev:$arch \ + libnetfilter-conntrack3:$arch \ + libnfnetlink-dev:$arch \ + libnftnl-dev:$arch \ + libldap2-dev:$arch \ + libbind-export-dev:$arch check:$arch \ + libboost-atomic-dev:$arch \ + libboost-test-dev:$arch \ + libglib2.0-dev:$arch \ + libexplain-dev:$arch \ + libc-ares-dev:$arch \ + libiptc0:$arch \ + libxtables12:$arch \ + libatm1-dev:$arch \ + libbpf-dev:$arch \ + libdb-dev:$arch pkg-config:$arch \ + libnghttp2-14:$arch \ + librtmp1:$arch \ + libssh2-1:$arch \ + libcjson1:$arch \ + libcjson-dev:$arch \ + libcurl4-openssl-dev:$arch \ + libboost-thread-dev:$arch \ + libboost-system-dev:$arch \ + libgtest-dev:$arch \ + libgmock-dev:$arch \ + libfido2-dev:$arch \ + libcunit1:$arch \ + libcunit1-dev:$arch \ + libauparse-dev:$arch \ + libnetsnmptrapd40:$arch \ + qtbase5-dev:$arch \ + libboost-log-dev:$arch \ + libboost-filesystem-dev:$arch \ + libboost-program-options-dev:$arch + +RUN apt-get download libgirepository1.0-dev:$arch && dpkg --force-all -i libgirepository1.0-dev* +RUN PATH=/python_virtualenv/env3/bin/:$PATH pip3 install pycairo + +# Install libpcsclite-dev for wpasupplicant using download because regular install removes amd64 python package +RUN apt-get download libpcsclite1:$arch && dpkg --force-all -i libpcsclite1* && apt-get download libpcsclite-dev:$arch && dpkg --force-all -i libpcsclite-dev* +# Install python3-dev for frr (/usr/bin/python3-config for $arch) using download because regular install removes amd64 python package +RUN apt-get download python3.11-dev:$arch && apt-get download python3-dev:$arch && dpkg --force-all -i python3*-dev* +{% endif %} + +# Tell azure pipeline to use node.js in the docker +LABEL "com.azure.dev.pipelines.agent.handler.node.path"="/usr/bin/node" +{% endif -%} + +# Install Bazel build system (amd64 and arm64 architectures are supported using this method) +# TODO(PINS): Remove once pre-build Bazel binaries are available for armhf (armv7l) +{%- if CONFIGURED_ARCH == "amd64" or CONFIGURED_ARCH == "arm64" %} +ARG bazelisk_url=https://github.com/bazelbuild/bazelisk/releases/latest/download/bazelisk-linux-{{ CONFIGURED_ARCH }} +RUN curl -fsSL -o /usr/local/bin/bazel ${bazelisk_url} && chmod 755 /usr/local/bin/bazel +# Bazel requires "python" +# TODO(PINS): remove when Bazel is okay with "python3" binary name +RUN apt install -y python-is-python3 +{% endif -%} diff --git a/sonic-slave-bookworm/Dockerfile.user.j2 b/sonic-slave-bookworm/Dockerfile.user.j2 new file mode 100644 index 0000000000..4080b09c97 --- /dev/null +++ b/sonic-slave-bookworm/Dockerfile.user.j2 @@ -0,0 +1,34 @@ +ARG slave_base_tag_ref=latest +{%- if MULTIARCH_QEMU_ENVIRON != "y" and CROSS_BUILD_ENVIRON != "y" %} +FROM sonic-slave-bookworm:${slave_base_tag_ref} +{%- else %} +FROM sonic-slave-bookworm-march-{{ CONFIGURED_ARCH }}:${slave_base_tag_ref} +{%- endif %} + +# Add user +ARG user +ARG uid +ARG guid +ARG hostname + +ENV BUILD_HOSTNAME $hostname +ENV USER $user + +RUN groupadd -f -r -g $guid g$user + +RUN useradd $user -l -u $uid -g $guid -d /var/$user -m -s /bin/bash + +RUN gpasswd -a $user docker + +# Config git for stg +RUN su $user -c "git config --global user.name $user" +RUN su $user -c "git config --global user.email $user@contoso.com" + +COPY sonic-jenkins-id_rsa.pub /var/$user/.ssh/authorized_keys2 +RUN chown $user /var/$user/.ssh -R +RUN chmod go= /var/$user/.ssh -R + +# Add user to sudoers +RUN echo "$user ALL=(ALL) NOPASSWD:ALL" >>/etc/sudoers + +USER $user diff --git a/sonic-slave-bookworm/disable-non-manylinux.patch b/sonic-slave-bookworm/disable-non-manylinux.patch new file mode 100644 index 0000000000..67e81c4e91 --- /dev/null +++ b/sonic-slave-bookworm/disable-non-manylinux.patch @@ -0,0 +1,10 @@ +--- a/tags.py 2022-07-12 00:07:22.710207780 +0000 ++++ b/tags.py 2022-07-12 00:07:13.185890659 +0000 +@@ -424,7 +424,6 @@ + _, arch = linux.split("_", 1) + yield from _manylinux.platform_tags(linux, arch) + yield from _musllinux.platform_tags(arch) +- yield linux + + + def _generic_platforms() -> Iterator[str]: diff --git a/sonic-slave-bookworm/no-check-valid-until b/sonic-slave-bookworm/no-check-valid-until new file mode 100644 index 0000000000..c7c25d017f --- /dev/null +++ b/sonic-slave-bookworm/no-check-valid-until @@ -0,0 +1,4 @@ +# Instruct apt-get to NOT check the "Valid Until" date in Release files +# Once the Debian team archives a repo, they stop updating this date + +Acquire::Check-Valid-Until "false"; diff --git a/sonic-slave-bookworm/pip.conf b/sonic-slave-bookworm/pip.conf new file mode 100644 index 0000000000..9d54ef9028 --- /dev/null +++ b/sonic-slave-bookworm/pip.conf @@ -0,0 +1,2 @@ +[global] +break-system-packages = true diff --git a/sonic-slave-bookworm/sonic-jenkins-id_rsa.pub b/sonic-slave-bookworm/sonic-jenkins-id_rsa.pub new file mode 100644 index 0000000000..2a19c9e70d --- /dev/null +++ b/sonic-slave-bookworm/sonic-jenkins-id_rsa.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC769BQUJVeSIOyPsN4/Vo8xTqXQ6RI7ysVyCw/ABP3FIxf+fxmtm8t/Nbp9hq0uLHOjCw8UQbJ+XltsThFWJfH6RJY5NbfvwG7nUDjfjjp+SGEIHaVgIlpiuqiPbZ6QMjZ8Q0Sgi5p5ts1xe/4TFThwOJBHmhwydD5nk3BH7P3DDwlOCov5gjM40uMZJkketlO83zGG+25zu7O0hfDVt1vyK9bNWAhhPmGc79zdetfeFCxjimsff2m31B1KuVXiT5PDB1w+BSrUK6nNzJubnYCRgjg4prVTjA50EhlT2P7EoJAbW3TnTq8vUDkcstsGe/HZpfIB1VHBX97u4fAfGJZ root@acs-jenkins