qemu/tests/docker/Makefile.include
Alex Bennée d47e3751b5 tests/docker: force NOUSER=1 for base images
As base images are often used to build further images like toolchains
ensure we don't add the local user by accident. The local user should
only exist on local images and not anything that gets pushed up to the
public registry.

Reported-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20211115142915.3797652-2-alex.bennee@linaro.org>
2021-11-16 16:19:44 +00:00

343 lines
14 KiB
Makefile

# Makefile for Docker tests
.PHONY: docker docker-help docker-test docker-clean docker-image docker-qemu-src
NULL :=
SPACE := $(NULL) #
COMMA := ,
HOST_ARCH = $(if $(ARCH),$(ARCH),$(shell uname -m))
DOCKER_SUFFIX := .docker
DOCKER_FILES_DIR := $(SRC_PATH)/tests/docker/dockerfiles
# we don't run tests on intermediate images (used as base by another image)
DOCKER_PARTIAL_IMAGES := debian10 debian11
# we don't directly build virtual images (they are used to build other images)
DOCKER_VIRTUAL_IMAGES := debian-bootstrap debian-toolchain empty
DOCKER_IMAGES := $(sort $(filter-out $(DOCKER_VIRTUAL_IMAGES), $(notdir $(basename $(wildcard $(DOCKER_FILES_DIR)/*.docker)))))
DOCKER_TARGETS := $(patsubst %,docker-image-%,$(DOCKER_IMAGES))
# Use a global constant ccache directory to speed up repetitive builds
DOCKER_CCACHE_DIR := $$HOME/.cache/qemu-docker-ccache
ifeq ($(HOST_ARCH),x86_64)
DOCKER_DEFAULT_REGISTRY := registry.gitlab.com/qemu-project/qemu
endif
DOCKER_REGISTRY := $(if $(REGISTRY),$(REGISTRY),$(DOCKER_DEFAULT_REGISTRY))
DOCKER_TESTS := $(notdir $(shell \
find $(SRC_PATH)/tests/docker/ -name 'test-*' -type f))
ENGINE := auto
DOCKER_SCRIPT=$(SRC_PATH)/tests/docker/docker.py --engine $(ENGINE)
TESTS ?= %
IMAGES ?= %
CUR_TIME := $(shell date +%Y-%m-%d-%H.%M.%S.$$$$)
DOCKER_SRC_COPY := $(BUILD_DIR)/docker-src.$(CUR_TIME)
.DELETE_ON_ERROR: $(DOCKER_SRC_COPY)
$(DOCKER_SRC_COPY):
@mkdir $@
$(if $(SRC_ARCHIVE), \
$(call quiet-command, cp "$(SRC_ARCHIVE)" $@/qemu.tar, \
"CP", "$@/qemu.tar"), \
$(call quiet-command, cd $(SRC_PATH) && scripts/archive-source.sh $@/qemu.tar, \
"GEN", "$@/qemu.tar"))
$(call quiet-command, cp $(SRC_PATH)/tests/docker/run $@/run, \
"COPY","RUNNER")
docker-qemu-src: $(DOCKER_SRC_COPY)
docker-image: ${DOCKER_TARGETS}
# General rule for building docker images. If we are a sub-make
# invoked with SKIP_DOCKER_BUILD we still check the image is up to date
# though
ifdef SKIP_DOCKER_BUILD
docker-image-%: $(DOCKER_FILES_DIR)/%.docker
$(call quiet-command, \
$(DOCKER_SCRIPT) check --quiet qemu/$* $<, \
"CHECK", "$*")
else
docker-image-%: $(DOCKER_FILES_DIR)/%.docker
$(call quiet-command,\
$(DOCKER_SCRIPT) build -t qemu/$* -f $< \
$(if $V,,--quiet) \
$(if $(NOCACHE),--no-cache, \
$(if $(DOCKER_REGISTRY),--registry $(DOCKER_REGISTRY))) \
$(if $(NOUSER),,--add-current-user) \
$(if $(EXTRA_FILES),--extra-files $(EXTRA_FILES))\
$(if $(EXECUTABLE),--include-executable=$(EXECUTABLE)),\
"BUILD","$*")
# Special rule for debootstraped binfmt linux-user images
docker-binfmt-image-debian-%: $(DOCKER_FILES_DIR)/debian-bootstrap.docker
$(if $(EXECUTABLE),,\
$(error EXECUTABLE not set, debootstrap of debian-$* would fail))
$(if $(DEB_ARCH),,\
$(error DEB_ARCH not set, debootstrap of debian-$* would fail))
$(if $(DEB_TYPE),,\
$(error DEB_TYPE not set, debootstrap of debian-$* would fail))
$(if $(wildcard $(EXECUTABLE)), \
$(call quiet-command, \
DEB_ARCH=$(DEB_ARCH) \
DEB_TYPE=$(DEB_TYPE) \
$(if $(DEB_URL),DEB_URL=$(DEB_URL),) \
$(DOCKER_SCRIPT) build -t qemu/debian-$* -f $< \
$(if $V,,--quiet) $(if $(NOCACHE),--no-cache) \
$(if $(NOUSER),,--add-current-user) \
$(if $(EXTRA_FILES),--extra-files $(EXTRA_FILES)) \
$(if $(EXECUTABLE),--include-executable=$(EXECUTABLE)), \
"BUILD","binfmt debian-$* (debootstrapped)"), \
$(call quiet-command, \
$(DOCKER_SCRIPT) check --quiet qemu/debian-$* $< || \
{ echo "You will need to build $(EXECUTABLE)"; exit 1;},\
"CHECK", "debian-$* exists"))
# These are test targets
USER_TCG_TARGETS=$(patsubst %-linux-user,qemu-%,$(filter %-linux-user,$(TARGET_DIRS)))
EXEC_COPY_TESTS=$(patsubst %,docker-exec-copy-test-%, $(USER_TCG_TARGETS))
$(EXEC_COPY_TESTS): docker-exec-copy-test-%: $(DOCKER_FILES_DIR)/empty.docker
$(call quiet-command, \
$(DOCKER_SCRIPT) build -t qemu/exec-copy-test-$* -f $< \
$(if $V,,--quiet) --no-cache \
--include-executable=$* \
--skip-binfmt, \
"TEST","copy $* to container")
$(call quiet-command, \
$(DOCKER_SCRIPT) run qemu/exec-copy-test-$* \
/$* -version > tests/docker-exec-copy-test-$*.out, \
"TEST","check $* works in container")
docker-exec-copy-test: $(EXEC_COPY_TESTS)
endif
# Enforce dependencies for composite images
ifeq ($(HOST_ARCH),x86_64)
docker-image-debian-amd64: docker-image-debian10
DOCKER_PARTIAL_IMAGES += debian-amd64-cross
else
docker-image-debian-amd64-cross: docker-image-debian10
DOCKER_PARTIAL_IMAGES += debian-amd64
endif
# For non-x86 hosts not all cross-compilers have been packaged
ifneq ($(HOST_ARCH),x86_64)
DOCKER_PARTIAL_IMAGES += debian-mips-cross debian-mipsel-cross debian-mips64el-cross
DOCKER_PARTIAL_IMAGES += debian-ppc64el-cross
DOCKER_PARTIAL_IMAGES += debian-s390x-cross
DOCKER_PARTIAL_IMAGES += fedora
endif
docker-image-debian-alpha-cross: docker-image-debian10
docker-image-debian-arm64-cross: docker-image-debian10
docker-image-debian-armel-cross: docker-image-debian10
docker-image-debian-armhf-cross: docker-image-debian10
docker-image-debian-hppa-cross: docker-image-debian10
docker-image-debian-m68k-cross: docker-image-debian10
docker-image-debian-mips-cross: docker-image-debian10
docker-image-debian-mips64-cross: docker-image-debian10
docker-image-debian-mips64el-cross: docker-image-debian10
docker-image-debian-mipsel-cross: docker-image-debian10
docker-image-debian-ppc64el-cross: docker-image-debian10
docker-image-debian-s390x-cross: docker-image-debian10
docker-image-debian-sh4-cross: docker-image-debian10
docker-image-debian-sparc64-cross: docker-image-debian10
# The native build should never use the registry
docker-image-debian-native: DOCKER_REGISTRY=
# base images should not add a local user
docker-image-debian10: NOUSER=1
docker-image-debian11: NOUSER=1
#
# The build rule for hexagon-cross is special in so far for most of
# the time we don't want to build it. While dockers caching does avoid
# this most of the time sometimes we want to force the issue.
#
docker-image-debian-hexagon-cross: $(DOCKER_FILES_DIR)/debian-hexagon-cross.docker
$(if $(NOCACHE), \
$(call quiet-command, \
$(DOCKER_SCRIPT) build -t qemu/debian-hexagon-cross -f $< \
$(if $V,,--quiet) --no-cache \
--registry $(DOCKER_REGISTRY) --extra-files \
$(DOCKER_FILES_DIR)/debian-hexagon-cross.docker.d/build-toolchain.sh, \
"BUILD", "debian-hexagon-cross"), \
$(call quiet-command, \
$(DOCKER_SCRIPT) fetch $(if $V,,--quiet) \
qemu/debian-hexagon-cross $(DOCKER_REGISTRY), \
"FETCH", "debian-hexagon-cross") \
$(call quiet-command, \
$(DOCKER_SCRIPT) update $(if $V,,--quiet) \
qemu/debian-hexagon-cross --add-current-user, \
"PREPARE", "debian-hexagon-cross"))
debian-toolchain-run = \
$(if $(NOCACHE), \
$(call quiet-command, \
$(DOCKER_SCRIPT) build -t qemu/$1 -f $< \
$(if $V,,--quiet) --no-cache \
--registry $(DOCKER_REGISTRY) --extra-files \
$(DOCKER_FILES_DIR)/$1.d/build-toolchain.sh, \
"BUILD", $1), \
$(call quiet-command, \
$(DOCKER_SCRIPT) fetch $(if $V,,--quiet) \
qemu/$1 $(DOCKER_REGISTRY), \
"FETCH", $1) \
$(call quiet-command, \
$(DOCKER_SCRIPT) update $(if $V,,--quiet) \
qemu/$1 \
$(if $(NOUSER),,--add-current-user) \
"PREPARE", $1))
debian-toolchain = $(call debian-toolchain-run,$(patsubst docker-image-%,%,$1))
docker-image-debian-microblaze-cross: $(DOCKER_FILES_DIR)/debian-toolchain.docker \
$(DOCKER_FILES_DIR)/debian-microblaze-cross.d/build-toolchain.sh
$(call debian-toolchain, $@)
docker-image-debian-nios2-cross: $(DOCKER_FILES_DIR)/debian-toolchain.docker \
$(DOCKER_FILES_DIR)/debian-nios2-cross.d/build-toolchain.sh
$(call debian-toolchain, $@)
# Specialist build images, sometimes very limited tools
docker-image-debian-tricore-cross: docker-image-debian10
docker-image-debian-all-test-cross: docker-image-debian10
docker-image-debian-arm64-test-cross: docker-image-debian11
docker-image-debian-microblaze-cross: docker-image-debian10
docker-image-debian-nios2-cross: docker-image-debian10
docker-image-debian-powerpc-test-cross: docker-image-debian11
# These images may be good enough for building tests but not for test builds
DOCKER_PARTIAL_IMAGES += debian-alpha-cross
DOCKER_PARTIAL_IMAGES += debian-arm64-test-cross
DOCKER_PARTIAL_IMAGES += debian-powerpc-test-cross
DOCKER_PARTIAL_IMAGES += debian-hppa-cross
DOCKER_PARTIAL_IMAGES += debian-m68k-cross debian-mips64-cross
DOCKER_PARTIAL_IMAGES += debian-microblaze-cross
DOCKER_PARTIAL_IMAGES += debian-nios2-cross
DOCKER_PARTIAL_IMAGES += debian-sh4-cross debian-sparc64-cross
DOCKER_PARTIAL_IMAGES += debian-tricore-cross
DOCKER_PARTIAL_IMAGES += debian-xtensa-cross
DOCKER_PARTIAL_IMAGES += fedora-cris-cross
# Rules for building linux-user powered images
#
# These are slower than using native cross compiler setups but can
# work around issues with poorly working multi-arch systems and broken
# packages.
# Expand all the pre-requistes for each docker image and test combination
$(foreach i,$(filter-out $(DOCKER_PARTIAL_IMAGES) $(DOCKER_VIRTUAL_IMAGES),$(DOCKER_IMAGES)), \
$(foreach t,$(DOCKER_TESTS), \
$(eval .PHONY: docker-$t@$i) \
$(eval docker-$t@$i: docker-image-$i docker-run-$t@$i) \
) \
$(foreach t,$(DOCKER_TESTS), \
$(eval docker-all-tests: docker-$t@$i) \
$(eval docker-$t: docker-$t@$i) \
) \
)
docker:
@echo 'Build QEMU and run tests inside Docker or Podman containers'
@echo
@echo 'Available targets:'
@echo
@echo ' docker: Print this help.'
@echo ' docker-all-tests: Run all image/test combinations.'
@echo ' docker-TEST: Run "TEST" on all image combinations.'
@echo ' docker-clean: Kill and remove residual docker testing containers.'
@echo ' docker-TEST@IMAGE: Run "TEST" in container "IMAGE".'
@echo ' Note: "TEST" is one of the listed test name,'
@echo ' or a script name under $$QEMU_SRC/tests/docker/;'
@echo ' "IMAGE" is one of the listed container name.'
@echo ' docker-image: Build all images.'
@echo ' docker-image-IMAGE: Build image "IMAGE".'
@echo ' docker-run: For manually running a "TEST" with "IMAGE".'
@echo
@echo 'Available container images:'
@echo ' $(DOCKER_IMAGES)'
ifneq ($(DOCKER_USER_IMAGES),)
@echo
@echo 'Available linux-user images (docker-binfmt-image-debian-%):'
@echo ' $(DOCKER_USER_IMAGES)'
endif
@echo
@echo 'Available tests:'
@echo ' $(DOCKER_TESTS)'
@echo
@echo 'Special variables:'
@echo ' TARGET_LIST=a,b,c Override target list in builds.'
@echo ' EXTRA_CONFIGURE_OPTS="..."'
@echo ' Extra configure options.'
@echo ' IMAGES="a b c ..": Filters which images to build or run.'
@echo ' TESTS="x y z .." Filters which tests to run (for docker-test).'
@echo ' J=[0..9]* Overrides the -jN parameter for make commands'
@echo ' (default is 1)'
@echo ' DEBUG=1 Stop and drop to shell in the created container'
@echo ' before running the command.'
@echo ' NETWORK=1 Enable virtual network interface with default backend.'
@echo ' NETWORK=$$BACKEND Enable virtual network interface with $$BACKEND.'
@echo ' NOUSER=1 Define to disable adding current user to containers passwd.'
@echo ' NOCACHE=1 Ignore cache when build images.'
@echo ' EXECUTABLE=<path> Include executable in image.'
@echo ' EXTRA_FILES="<path> [... <path>]"'
@echo ' Include extra files in image.'
@echo ' ENGINE=auto/docker/podman'
@echo ' Specify which container engine to run.'
@echo ' REGISTRY=url Cache builds from registry (default:$(DOCKER_REGISTRY))'
docker-help: docker
# This rule if for directly running against an arbitrary docker target.
# It is called by the expanded docker targets (e.g. make
# docker-test-foo@bar) which will do additional verification.
#
# For example: make docker-run TEST="test-quick" IMAGE="debian:arm64" EXECUTABLE=./aarch64-linux-user/qemu-aarch64
#
docker-run: docker-qemu-src
@mkdir -p "$(DOCKER_CCACHE_DIR)"
@if test -z "$(IMAGE)" || test -z "$(TEST)"; \
then echo "Invalid target $(IMAGE)/$(TEST)"; exit 1; \
fi
$(if $(EXECUTABLE), \
$(call quiet-command, \
$(DOCKER_SCRIPT) update \
$(IMAGE) --executable $(EXECUTABLE), \
" COPYING $(EXECUTABLE) to $(IMAGE)"))
$(call quiet-command, \
$(DOCKER_SCRIPT) run \
$(if $(NOUSER),,--run-as-current-user) \
--security-opt seccomp=unconfined \
$(if $(DEBUG),-ti,) \
$(if $(NETWORK),$(if $(subst $(NETWORK),,1),--net=$(NETWORK)),--net=none) \
-e TARGET_LIST=$(subst $(SPACE),$(COMMA),$(TARGET_LIST)) \
-e EXTRA_CONFIGURE_OPTS="$(EXTRA_CONFIGURE_OPTS)" \
-e V=$V -e J=$J -e DEBUG=$(DEBUG) \
-e SHOW_ENV=$(SHOW_ENV) \
$(if $(NOUSER),, \
-e CCACHE_DIR=/var/tmp/ccache \
-v $(DOCKER_CCACHE_DIR):/var/tmp/ccache:z \
) \
-v $$(readlink -e $(DOCKER_SRC_COPY)):/var/tmp/qemu:z$(COMMA)ro \
$(IMAGE) \
/var/tmp/qemu/run \
$(TEST), " RUN $(TEST) in ${IMAGE}")
$(call quiet-command, rm -r $(DOCKER_SRC_COPY), \
" CLEANUP $(DOCKER_SRC_COPY)")
# Run targets:
#
# Of the form docker-TEST-FOO@IMAGE-BAR which will then be expanded into a call to "make docker-run"
docker-run-%: CMD = $(shell echo '$@' | sed -e 's/docker-run-\([^@]*\)@\(.*\)/\1/')
docker-run-%: IMAGE = $(shell echo '$@' | sed -e 's/docker-run-\([^@]*\)@\(.*\)/\2/')
docker-run-%:
@$(MAKE) docker-run TEST=$(CMD) IMAGE=qemu/$(IMAGE)
docker-clean:
$(call quiet-command, $(DOCKER_SCRIPT) clean)