{% set prefix = DEFAULT_CONTAINER_REGISTRY %} {%- if CONFIGURED_ARCH == "armhf" and MULTIARCH_QEMU_ENVIRON == "y" %} FROM {{ prefix }}multiarch/qemu-user-static:x86_64-arm-6.1.0-8 as qemu FROM {{ prefix }}multiarch/debian-debootstrap:armhf-bullseye COPY --from=qemu /usr/bin/qemu-arm-static /usr/bin {%- elif CONFIGURED_ARCH == "arm64" and MULTIARCH_QEMU_ENVIRON == "y" %} FROM {{ prefix }}multiarch/qemu-user-static:x86_64-aarch64-6.1.0-8 as qemu FROM {{ prefix }}multiarch/debian-debootstrap:arm64-bullseye COPY --from=qemu /usr/bin/qemu-aarch64-static /usr/bin {%- elif CONFIGURED_ARCH == "armhf" and CROSS_BUILD_ENVIRON == "y" %} FROM {{ prefix }}multiarch/qemu-user-static:x86_64-arm-6.1.0-8 as qemu FROM {{ prefix }}debian:bullseye COPY --from=qemu /usr/bin/qemu-arm-static /usr/bin {%- elif CONFIGURED_ARCH == "arm64" and CROSS_BUILD_ENVIRON == "y" %} FROM {{ prefix }}multiarch/qemu-user-static:x86_64-aarch64-6.1.0-8 as qemu FROM {{ prefix }}debian:bullseye COPY --from=qemu /usr/bin/qemu-aarch64-static /usr/bin {%- else -%} FROM {{ prefix }}debian:bullseye {%- endif %} MAINTAINER gulv@microsoft.com COPY ["no-check-valid-until", "/etc/apt/apt.conf.d/"] COPY ["apt-multiple-retries", "/etc/apt/apt.conf.d/"] {%- if CROSS_BUILD_ENVIRON != "y" %} COPY ["sources.list.{{ CONFIGURED_ARCH }}", "/etc/apt/sources.list"] {%- else %} COPY ["sources.list.amd64", "/etc/apt/sources.list"] {%- if CONFIGURED_ARCH == "armhf" %} ARG arch=armhf ARG gcc_arch=arm-linux-gnueabihf ARG PYTHON_CROSS_PLATFORM=linux_armv7l {%- elif CONFIGURED_ARCH == "arm64" %} ARG arch=arm64 ARG gcc_arch=aarch64-linux-gnu ARG PYTHON_CROSS_PLATFORM=linux_aarch64 {%- endif %} RUN dpkg --add-architecture $arch RUN apt-get update RUN apt-get install -y crossbuild-essential-$arch RUN apt-get install -y gcc-$gcc_arch RUN apt-mark hold g++-$gcc_arch RUN apt-mark hold g++-10-$gcc_arch RUN apt-mark hold gcc-$gcc_arch RUN apt-mark hold gcc-10-$gcc_arch ARG CROSS_CC=${gcc_arch}-gcc ARG CROSS_CXX=${gcc_arch}-g++ {%- endif %} ## Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive {%- if CROSS_BUILD_ENVIRON == "y" %} RUN apt-get install -y python3 python3-pip RUN apt-get install -y python3-minimal:$arch python3.9:$arch python3:$arch python3-dev:$arch python3-setuptools:$arch RUN apt-get download python3-distutils && dpkg --force-all -i python3-distutils* RUN apt-get download python3-pip && dpkg --force-all -i python3-pip* RUN which pip3 && pip3 install enum34 RUN pip3 install virtualenv # Create target arm python3 virtual environments with all required packages installed RUN mkdir /python_virtualenv RUN cd /python_virtualenv && python3 -m virtualenv --copies -p /usr/bin/python3 env3 RUN PATH=/python_virtualenv/env3/bin/:$PATH pip3 install setuptools==49.6.00 wheel==0.35.1 fastentrypoints pytest pytest-cov pytest-runner==5.2 nose==1.3.7 mockredispy==2.9.3 mock==3.0.5 PyYAML==5.4.1 redis==3.5.3 pexpect==4.8.0 Pympler==0.8 parameterized natsort==6.2.1 MarkupSafe==2.0.1 Jinja2==3.0.3 click tabulate netaddr netifaces pyroute2 pyfakefs sphinx && ln -s /python_virtualenv/env3/bin/pytest /python_virtualenv/env3/bin/pytest-3 RUN apt-get --fix-broken install -y RUN LIBPYTHON3_DEPS="`apt-cache depends libpython3-dev:$arch |grep Depends|awk {'print \$2;'}|tr "\n" " "`" && apt-get install -y libpython2.7-dev:$arch $LIBPYTHON3_DEPS libxml2-dev:$arch libxslt-dev:$arch libssl-dev:$arch libz-dev:$arch RUN apt-get install -y swig libssl-dev RUN PATH=/python_virtualenv/env3/bin/:$PATH python3 -m pip install pyang==2.4.0 RUN PATH=/python_virtualenv/env3/bin/:$PATH python3 -m pip install pyangbind==0.8.1 RUN PATH=/python_virtualenv/env3/bin/:$PATH python3 -m pip uninstall -y enum34 RUN PATH=/python_virtualenv/env3/bin/:$PATH pip3 install --force-reinstall --no-cache-dir coverage {%- endif %} RUN apt-get update && apt-get install -y \ apt-utils \ default-jre-headless \ openssh-server \ curl \ wget \ unzip \ {{ GZ_COMPRESS_PROGRAM }} \ git \ build-essential \ libtool \ lintian \ sudo \ dh-make \ dh-exec \ kmod \ libtinyxml2-dev \ python-all \ python-dev \ python-setuptools \ python3 \ python3-pip \ libncurses5-dev \ texinfo \ dh-autoreconf \ doxygen \ devscripts \ git-buildpackage \ perl-modules \ libclass-accessor-perl \ libswitch-perl \ libzmq5 \ libzmq3-dev \ uuid-dev \ jq \ cron \ # For quagga build libreadline-dev \ texlive-latex-base \ texlive-plain-generic \ texlive-fonts-recommended \ libpam0g-dev \ libpam-dev \ libcap-dev \ imagemagick \ ghostscript \ groff \ libpcre3-dev \ gawk \ chrpath \ # For frr build libc-ares-dev \ libsnmp-dev \ libjson-c-dev \ libsystemd-dev \ python3-ipaddr \ libcmocka-dev \ #{%- if CROSS_BUILD_ENVIRON != "y" %} python3-all-dev \ python3-all-dbg \ #{%- endif %} install-info \ logrotate \ # For libnl3 (local) build cdbs \ # For SAI meta build libxml-simple-perl \ graphviz \ aspell \ # For SAI meta rpc build - make rpc libgetopt-long-descriptive-perl \ libconst-fast-perl \ libtemplate-perl \ libnamespace-autoclean-perl \ libmoose-perl \ libmoosex-aliases-perl \ # For linux build bc \ fakeroot \ build-essential \ devscripts \ quilt \ stgit \ sbsigntool \ # For platform-modules build module-assistant \ # For thrift build\ gem2deb \ libevent-dev \ libglib2.0-dev \ #{%- if CROSS_BUILD_ENVIRON != "y" %} python3-all-dev \ #{%- endif %} python3-twisted \ phpunit \ libbit-vector-perl \ openjdk-11-jdk \ javahelper \ maven-debian-helper \ ant \ libhttpclient-java \ libslf4j-java \ libservlet3.1-java \ pkg-php-tools \ # For mellanox sdk build libpcre3 \ libpcre3-dev \ byacc \ flex \ libglib2.0-dev \ bison \ expat \ libexpat1-dev \ dpatch \ libdb-dev \ libiptc-dev \ libxtables-dev \ libbpf-dev \ # For mellanox sai build libtool-bin \ libxml2-dev \ # For BFN sdk build libusb-1.0-0-dev \ libcurl4-openssl-dev \ libunwind8-dev \ telnet \ libc-ares2 \ libgoogle-perftools4 \ # For build image cpio \ squashfs-tools \ zip \ # For broadcom sdk build {%- if CONFIGURED_ARCH == "amd64" %} linux-compiler-gcc-10-x86 \ {%- endif %} {%- if CONFIGURED_ARCH == "armhf" and CROSS_BUILD_ENVIRON != "y" %} linux-compiler-gcc-10-arm \ {%- endif %} linux-kbuild-5.10 \ # teamd build libdaemon-dev \ libdbus-1-dev \ libjansson-dev \ # For cavium sdk build libpcap-dev \ dnsutils \ libusb-dev \ # For cisco sdk build libgrpc++1 \ libabsl-dev \ # For debian image reconfiguration augeas-tools \ # For p4 build libyaml-dev \ libevent-dev \ libjudy-dev \ libedit-dev \ libnanomsg-dev \ python3-stdeb \ # For redis build libjemalloc-dev \ liblua5.1-0-dev \ lua-bitop-dev \ lua-cjson-dev \ # For mft kernel module build dkms \ # For Jenkins static analysis, unit testing and code coverage cppcheck \ clang \ pylint \ python3-pytest \ python3-venv \ gcovr \ python3-pytest-cov \ python3-pytest-cov \ python3-parse \ # For snmpd default-libmysqlclient-dev \ libssl-dev \ libperl-dev \ libpci-dev \ libpci3 \ libsensors5 \ libsensors4-dev \ libwrap0-dev \ # For lldpd debhelper \ autotools-dev \ libbsd-dev \ pkg-config \ check \ # For mpdecimal docutils-common \ libjs-sphinxdoc \ libjs-underscore \ python3-docutils \ python3-jinja2 \ python3-markupsafe \ python3-pygments \ python3-roman \ python3-sphinx \ sphinx-common \ python3-sphinx \ # For sonic config engine testing {%- if CROSS_BUILD_ENVIRON != "y" %} python3-dev \ {%- endif %} {%- if CONFIGURED_ARCH == "armhf" or CONFIGURED_ARCH == "arm64" %} libxslt-dev \ {%- endif %} # For lockfile procmail \ # For gtest libgtest-dev \ cmake \ # For gmock libgmock-dev \ # For pam_tacplus build autoconf-archive \ # For iproute2 cm-super-minimal \ libatm1-dev \ libbpf-dev \ libelf-dev \ libmnl-dev \ libselinux1-dev \ linuxdoc-tools \ lynx \ texlive-latex-extra \ texlive-latex-recommended \ iproute2 \ # For bash texi2html \ sharutils \ locales \ time \ man2html-base \ libcunit1 \ libcunit1-dev \ # For initramfs shellcheck \ bash-completion \ {%- if CONFIGURED_ARCH == "amd64" %} # For sonic vs image build dosfstools \ qemu-kvm \ libvirt-clients \ {%- endif %} # For ntp autogen \ libopts25-dev \ pps-tools \ dh-apparmor \ # For lm-sensors librrd8 \ librrd-dev \ rrdtool \ # For kdump-tools liblzo2-dev \ # For iptables libnetfilter-conntrack-dev \ libnftnl-dev \ # For SAI3.7 protobuf-compiler \ libprotobuf-dev \ xxd \ # For DHCP Monitor tool libexplain-dev \ libevent-dev \ # For libyang swig \ # For build dtb device-tree-compiler \ # For sonic-mgmt-framework autoconf \ m4 \ libxml2-utils \ xsltproc \ python3-lxml \ libexpat1-dev \ libcurl4 \ libcjson-dev \ # For WPA supplication qtbase5-dev \ aspell-en \ libssl-dev \ dbus \ libdbus-1-dev \ libdbus-glib-1-2 \ libdbus-glib-1-dev \ libreadline-dev \ libncurses5-dev \ libpcsclite-dev \ docbook-to-man \ docbook-utils \ # For kdump-tools libbz2-dev \ # For linkmgrd libboost-dev \ libboost-program-options-dev \ libboost-system-dev \ libboost-serialization1.74-dev \ libboost-thread-dev \ libboost-atomic-dev \ libboost-chrono-dev \ libboost-container-dev \ libboost-context-dev \ libboost-contract-dev \ libboost-coroutine-dev \ libboost-date-time-dev \ libboost-fiber-dev \ libboost-filesystem-dev \ libboost-graph-parallel-dev \ libboost-log-dev \ libboost-regex-dev \ googletest \ libgtest-dev \ libgmock-dev \ libgcc-10-dev \ # For sonic-host-services build libcairo2-dev \ libdbus-1-dev \ libgirepository1.0-dev \ libsystemd-dev \ pkg-config \ # For audisp-tacplus libauparse-dev \ auditd {%- if CROSS_BUILD_ENVIRON == "y" %} # Arm vs. amd64 versions conflict - remove amd64 packages RUN apt-get remove -y libnl-3-200 RUN apt-get install -y libpcre3:$arch {%- endif %} RUN apt-get -y build-dep openssh # Build fix for ARM64 and ARMHF /etc/debian_version {%- if CONFIGURED_ARCH == "armhf" or CONFIGURED_ARCH == "arm64" %} RUN apt upgrade -y base-files libc-bin=$(dpkg-query -W -f '${Version}' libc-bin) {%- endif %} # Build fix for ARMHF bullseye libsairedis {%- if CONFIGURED_ARCH == "armhf" and MULTIARCH_QEMU_ENVIRON == "y" %} # Install doxygen build dependency packages RUN apt install -y libxapian-dev yui-compressor texlive-extra-utils \ texlive-font-utils rdfind llvm-11-dev libclang-11-dev sassc faketime mat2 # Update doxygen with 64bit file offset patch RUN dget -u http://deb.debian.org/debian/pool/main/d/doxygen/doxygen_1.9.1-2.dsc && \ cd doxygen-1.9.1 && \ sed -i '56 a add_definitions(-D_FILE_OFFSET_BITS=64)' CMakeLists.txt && \ DEB_BUILD_OPTIONS=nocheck dpkg-buildpackage -us -uc -b && \ cd .. && \ dpkg -i ./doxygen_1.9.1-2_armhf.deb && \ rm -fr doxygen* # Aspell is unable to locate the language dictionaries. # Re-installing aspell-en dictionary to fix it. RUN apt-get install --reinstall -y aspell-en # workaround because of https://bugs.launchpad.net/qemu/+bug/1805913, just disable aspell # Issue now being tracked here - https://gitlab.com/qemu-project/qemu/-/issues/263 RUN cp /bin/true /usr/bin/aspell {%- endif %} ## Config dpkg ## install the configuration file if it’s currently missing RUN sudo augtool --autosave "set /files/etc/dpkg/dpkg.cfg/force-confmiss" ## combined with confold: overwrite configuration files that you have not modified RUN sudo augtool --autosave "set /files/etc/dpkg/dpkg.cfg/force-confdef" ## do not modify the current configuration file, the new version is installed with a .dpkg-dist suffix RUN sudo augtool --autosave "set /files/etc/dpkg/dpkg.cfg/force-confold" {%- if CROSS_BUILD_ENVIRON != "y" %} # For linux build RUN apt-get -y build-dep linux {%- else %} RUN apt-get install -y kernel-wedge {%- endif %} # For gobgp and telemetry build RUN apt-get install -y golang-1.15 && ln -s /usr/lib/go-1.15 /usr/local/go {%- if ENABLE_FIPS_FEATURE == "y" %} RUN wget -O golang-go.deb 'https://sonicstorage.blob.core.windows.net/public/fips/bullseye/0.1/{{ CONFIGURED_ARCH }}/golang-1.15-go_1.15.15-1~deb11u4%2Bfips_{{ CONFIGURED_ARCH }}.deb' \ && wget -O golang-src.deb 'https://sonicstorage.blob.core.windows.net/public/fips/bullseye/0.1/{{ CONFIGURED_ARCH }}/golang-1.15-src_1.15.15-1~deb11u4%2Bfips_{{ CONFIGURED_ARCH }}.deb' \ && dpkg -i golang-go.deb golang-src.deb \ && ln -sf /usr/lib/go-1.15 /usr/local/go \ && rm golang-go.deb golang-src.deb {%- endif %} RUN pip3 install --upgrade pip RUN apt-get purge -y python3-pip python3-yaml # For building Python packages RUN pip3 install setuptools==49.6.00 RUN pip3 install wheel==0.38.1 {%- if CONFIGURED_ARCH == "armhf" %} # Allow only manylinux wheels on armhf, to ensure that binaries/libraries work correctly on armhf COPY ["disable-non-manylinux.patch", "/"] {%- if CROSS_BUILD_ENVIRON == "y" %} RUN patch -p1 -i /disable-non-manylinux.patch /python_virtualenv/env3/lib/python3.9/site-packages/pip/_vendor/packaging/tags.py {%- else %} RUN patch -p1 -i /disable-non-manylinux.patch /usr/local/lib/python3.9/dist-packages/pip/_vendor/packaging/tags.py {%- endif %} {%- endif %} # For building sonic-utilities RUN pip3 install fastentrypoints mock # For running Python unit tests RUN pip3 install pytest-runner==5.2 RUN pip3 install nose==1.3.7 RUN pip3 install mockredispy==2.9.3 # Fix CVE-2021-23437, need to build and install libjpeg-dev for armhf for pillow 9.4.0 {%- if CONFIGURED_ARCH == "armhf" %} RUN TMP_DIR=$(mktemp -d) && \ cd $TMP_DIR && \ apt-get install -y nasm && \ apt-get source libjpeg-turbo && \ cd $(ls -d libjpeg-turbo*/) && \ dpkg-buildpackage -rfakeroot -b -us -uc > $TMP_DIR/libjpeg-dev.log && \ dpkg -i $TMP_DIR/libjpeg*-dev*.deb && \ rm -rf $TMP_DIR {%- endif %} RUN pip3 install pillow==9.4.0 # For p4 build RUN pip3 install \ ctypesgen==1.0.2 \ crc16 # For sonic config engine testing # Install pyangbind here, outside sonic-config-engine dependencies, as pyangbind causes enum34 to be installed. # enum34 causes Python 're' package to not work properly as it redefines an incompatible enum.py module # https://github.com/robshakir/pyangbind/issues/232 RUN pip3 install pyangbind==0.8.1 RUN pip3 uninstall -y enum34 # For templating RUN pip3 install j2cli==0.3.10 # For sonic-mgmt-framework # The option --no-build-isolation can be removed when upgrading PyYAML to 6.0.1 RUN pip3 install "PyYAML==5.4.1" --no-build-isolation {%- if CROSS_BUILD_ENVIRON != "y" %} RUN pip3 install "lxml==4.9.1" {%- endif %} # For sonic-platform-common testing RUN pip3 install redis # For vs image build RUN pip3 install pexpect==4.8.0 # For sonic-swss-common testing RUN pip3 install Pympler==0.8 # For sonic_yang_model build RUN pip3 install pyang==2.4.0 # For mgmt-framework build RUN pip3 install mmh3==2.5.1 RUN pip3 install parameterized==0.8.1 RUN apt-get install -y xsltproc # Install dependencies for isc-dhcp-relay build RUN apt-get -y build-dep isc-dhcp # Install vim RUN apt-get install -y vim # Install rsyslog RUN apt-get install -y rsyslog {%- if CROSS_BUILD_ENVIRON == "y" %} RUN cd /usr/src/gtest && CXX=$CROSS_CXX CC=$CROSS_CC cmake . && make -C /usr/src/gtest {%- else %} RUN cd /usr/src/gtest && cmake . && make -C /usr/src/gtest {%- endif %} RUN mkdir /var/run/sshd EXPOSE 22 # Install dependencies for dhcp relay test RUN pip3 install parameterized==0.8.1 RUN pip3 install pyfakefs # Install docker engine 20.10 inside docker and enable experimental feature RUN apt-get update RUN apt-get install -y \ apt-transport-https \ ca-certificates \ curl \ gnupg2 \ software-properties-common {%- if CONFIGURED_ARCH == "armhf" %} RUN update-ca-certificates --fresh {%- endif %} RUN curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add - RUN add-apt-repository \ {%- if CROSS_BUILD_ENVIRON == "y" %} "deb https://download.docker.com/linux/debian \ {%- else %} "deb [arch={{ CONFIGURED_ARCH }}] https://download.docker.com/linux/debian \ {%- endif %} $(lsb_release -cs) \ stable" RUN apt-get update RUN apt-get install -y docker-ce=5:20.10.14~3-0~debian-bullseye docker-ce-cli=5:20.10.14~3-0~debian-bullseye containerd.io=1.5.11-1 RUN echo "DOCKER_OPTS=\"--experimental --storage-driver=vfs {{ DOCKER_EXTRA_OPTS }}\"" >> /etc/default/docker RUN update-alternatives --set iptables /usr/sbin/iptables-legacy # Install m2crypto package, needed by SWI tools RUN pip3 install m2crypto==0.36.0 # Install swi tools RUN pip3 install git+https://github.com/aristanetworks/swi-tools.git@bead66bf261770237f7dd21ace3774ba04a017e9 {% if CONFIGURED_ARCH != "amd64" -%} # Install node.js for azure pipeline RUN curl -sL https://deb.nodesource.com/setup_14.x | bash - RUN apt-get install -y nodejs {%- if CROSS_BUILD_ENVIRON == "y" %} RUN apt-get install -y rsync dh-python RUN apt-get install -y libelf-dev:$arch libdw-dev:$arch libbz2-dev:$arch liblzo2-dev:$arch libedit-dev:$arch libevent-dev:$arch libopts25-dev:$arch libssl-dev:$arch pps-tools:$arch libpam-cap:$arch libcap-dev:$arch libpam0g-dev:$arch libaudit-dev:$arch libgtk-3-dev:$arch libkrb5-dev:$arch libsystemd-dev:$arch libwrap0-dev:$arch libkrb5-dev:$arch libboost1.74-dev:$arch libboost-dev:$arch libzmq5:$arch libzmq3-dev:$arch libdaemon-dev:$arch libjansson-dev:$arch libmnl-dev:$arch libsensors5:$arch libsensors4-dev:$arch libperl-dev:$arch libmariadb-dev:$arch libmariadb-dev-compat:$arch libpci-dev:$arch libjson-c-dev:$arch libreadline-dev:$arch librtr-dev:$arch librrd-dev:$arch libnetfilter-conntrack-dev:$arch libnetfilter-conntrack3:$arch libnfnetlink-dev:$arch libnftnl-dev:$arch libldap2-dev:$arch libbind-export-dev:$arch check:$arch libboost-atomic-dev:$arch libboost-test-dev:$arch libglib2.0-dev:$arch libexplain-dev:$arch libc-ares-dev:$arch libiptc0:$arch libxtables12:$arch libatm1-dev:$arch libbpf-dev:$arch libdb-dev:$arch pkg-config:$arch libnghttp2-14:$arch librtmp1:$arch libssh2-1:$arch libcjson1:$arch libcjson-dev:$arch libcurl4-openssl-dev:$arch libboost-thread1.74-dev:$arch libboost-thread-dev:$arch libboost-system1.74-dev:$arch libboost-system-dev:$arch libgtest-dev:$arch libgmock-dev:$arch libfido2-dev:$arch libcunit1:$arch libcunit1-dev:$arch libauparse-dev:$arch libnetsnmptrapd40:$arch qtbase5-dev:$arch libboost-log-dev:$arch libboost-filesystem-dev:$arch libboost-program-options-dev:$arch RUN apt-get download libgirepository1.0-dev:$arch && dpkg --force-all -i libgirepository1.0-dev* RUN PATH=/python_virtualenv/env3/bin/:$PATH pip3 install pycairo # Install libpcsclite-dev for wpasupplicant using download because regular install removes amd64 python package RUN apt-get download libpcsclite1:$arch && dpkg --force-all -i libpcsclite1* && apt-get download libpcsclite-dev:$arch && dpkg --force-all -i libpcsclite-dev* # Install python3-dev for frr (/usr/bin/python3-config for $arch) using download because regular install removes amd64 python package RUN apt-get download python3.9-dev:$arch && apt-get download python3-dev:$arch && dpkg --force-all -i python3*-dev* {% endif %} # Tell azure pipeline to use node.js in the docker LABEL "com.azure.dev.pipelines.agent.handler.node.path"="/usr/bin/node" {% endif -%} # Install Bazel build system (amd64 and arm64 architectures are supported using this method) # TODO(PINS): Remove once pre-build Bazel binaries are available for armhf (armv7l) {%- if CONFIGURED_ARCH == "amd64" or CONFIGURED_ARCH == "arm64" %} ARG bazelisk_url=https://github.com/bazelbuild/bazelisk/releases/latest/download/bazelisk-linux-{{ CONFIGURED_ARCH }} RUN curl -fsSL -o /usr/local/bin/bazel ${bazelisk_url} && chmod 755 /usr/local/bin/bazel # Bazel requires "python" # TODO(PINS): remove when Bazel is okay with "python3" binary name RUN apt install -y python-is-python3 {% endif -%}