MIRRORS/meta-raspberrypi
1
0
Fork 0
mirror of git://git.yoctoproject.org/meta-raspberrypi.git synced 2025-07-19 21:09:03 +02:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

yocto-builder/Dockerfile: Ubuntu 22.04
Some checks are pending
Mirrors / Yocto Git Mirror (push) Waiting to run
Details

Browse Source 
Upgrade to Ubuntu 22.04 because it is compatible with the Yocto
Project release Walnascar and provides a newer Python version:
- Add --ulimit "nofile=1024:1048576" to yocto-builds.yml.
- Increase vm.max_map_count.
- Add --security-opt apparmor=unconfined to docker cmdline.
- Run docker without the default seccomp profile

This commit is backport from branch master to Scarthgap because
Ubuntu 20.04 reached its end of life (EOL) on May 31, 2025. Yocto
release Scarthgap also supports Ubuntu 22.04.

This work was sponsored by GOVCERT.LU.

Suggested-by: Martin Steegmanns <martin.steegmanns@govcert.etat.lu>
Suggested-by: Stu Westerman @stu-spp
Suggested-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
This commit is contained in:
Leon Anavi 2025-04-14 16:55:04 +03:00 committed by Khem Raj
parent 1467f18a49
commit a56d87d4e6
4 changed files with 19 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/compliance.yml vendored
View File

@ -23,7 +23,9 @@ jobs:
id: ${{ github.event.number }} id: ${{ github.event.number }}
- name: Do DCO check - name: Do DCO check
run: | run: |
docker run --rm -v "$GITHUB_WORKSPACE:/work:ro" \ docker run --rm --security-opt apparmor=unconfined \
--security-opt seccomp=unconfined \
-v "$GITHUB_WORKSPACE:/work:ro" \
--env "BASE_REF=$GITHUB_BASE_REF" \ --env "BASE_REF=$GITHUB_BASE_REF" \
"dco-check-${{ github.event.number }}" "dco-check-${{ github.event.number }}"
- name: Cleanup temporary docker image - name: Cleanup temporary docker image

18
.github/workflows/docker-images/yocto-builder/Dockerfile vendored
View File

@ -2,20 +2,21 @@
# #
# SPDX-License-Identifier: MIT # SPDX-License-Identifier: MIT
FROM ubuntu:20.04 FROM ubuntu:22.04
ARG DEBIAN_FRONTEND="noninteractive" ARG DEBIAN_FRONTEND="noninteractive"
RUN apt-get update -qq RUN apt-get update -q -y
RUN apt-get install -y eatmydata RUN apt-get install -y eatmydata
# Yocto/OE build host dependencies # Yocto/OE build host dependencies
# Keep this in sync with # Keep this in sync with
# https://git.yoctoproject.org/poky/tree/documentation/poky.yaml # https://git.yoctoproject.org/poky/tree/documentation/poky.yaml.in
# https://git.yoctoproject.org/poky/tree/documentation/tools/host_packages_scripts/ubuntu_essential.sh
RUN eatmydata apt-get install -qq -y \ RUN eatmydata apt-get install -qq -y \
gawk wget git diffstat unzip texinfo gcc build-essential chrpath \ build-essential chrpath cpio debianutils diffstat file gawk gcc \
socat cpio python3 python3-pip python3-pexpect xz-utils debianutils \ git iputils-ping libacl1 liblz4-tool locales python3 python3-git \
iputils-ping python3-git python3-jinja2 libegl1-mesa libsdl1.2-dev \ python3-jinja2 python3-pexpect python3-pip python3-subunit socat \
pylint3 xterm python3-subunit mesa-common-dev zstd liblz4-tool texinfo unzip wget xz-utils zstd
# en_US.UTF-8 is required by the build system # en_US.UTF-8 is required by the build system
RUN eatmydata apt-get install -qq -y locales \ RUN eatmydata apt-get install -qq -y locales \
@ -29,6 +30,9 @@ RUN eatmydata apt-get clean && rm -rf /var/lib/apt/lists/*
RUN echo "dash dash/sh boolean false" | debconf-set-selections \ RUN echo "dash dash/sh boolean false" | debconf-set-selections \
&& dpkg-reconfigure dash && dpkg-reconfigure dash
# Fix the resource exhaustion problem on the build infrastructure
RUN echo 'vm.max_map_count = 4048576' >> /etc/sysctl.conf
# Run under normal user called 'ci' # Run under normal user called 'ci'
RUN useradd --create-home --uid 1000 --shell /usr/bin/bash ci RUN useradd --create-home --uid 1000 --shell /usr/bin/bash ci
USER ci USER ci

4
.github/workflows/yocto-builds.yml vendored
View File

@ -66,7 +66,8 @@ jobs:
if: steps.changed-files-specific.outputs.any_changed == 'true' if: steps.changed-files-specific.outputs.any_changed == 'true'
- name: Build the image - name: Build the image
run: | run: |
docker run --rm \ docker run --rm --security-opt apparmor=unconfined \
--security-opt seccomp=unconfined \
-v "$GITHUB_WORKSPACE:/work:ro" \ -v "$GITHUB_WORKSPACE:/work:ro" \
-v "$DL_DIR:$DL_DIR:rw" \ -v "$DL_DIR:$DL_DIR:rw" \
-v "$SSTATE_DIR:$SSTATE_DIR:rw" \ -v "$SSTATE_DIR:$SSTATE_DIR:rw" \
@ -76,6 +77,7 @@ jobs:
--env "IMAGE=${{ matrix.image }}" \ --env "IMAGE=${{ matrix.image }}" \
--env "DL_DIR=$DL_DIR" \ --env "DL_DIR=$DL_DIR" \
--env "SSTATE_DIR=$SSTATE_DIR" \ --env "SSTATE_DIR=$SSTATE_DIR" \
--ulimit "nofile=1024:1048576" \
"yocto-builder-${{ github.event.number }}" \ "yocto-builder-${{ github.event.number }}" \
/entrypoint-build.sh /entrypoint-build.sh
if: steps.changed-files-specific.outputs.any_changed == 'true' if: steps.changed-files-specific.outputs.any_changed == 'true'

3
.github/workflows/yocto-layer.yml vendored
View File

@ -42,7 +42,8 @@ jobs:
if: steps.changed-files-specific.outputs.any_changed == 'true' if: steps.changed-files-specific.outputs.any_changed == 'true'
- name: Run yocto-check-layer - name: Run yocto-check-layer
run: | run: |
docker run --rm -v "$GITHUB_WORKSPACE:/work:ro" \ docker run --rm --security-opt apparmor=unconfined \
-v "$GITHUB_WORKSPACE:/work:ro" \
--env "BASE_REF=$GITHUB_BASE_REF" \ --env "BASE_REF=$GITHUB_BASE_REF" \
"yocto-builder-${{ github.event.number }}" \ "yocto-builder-${{ github.event.number }}" \
/entrypoint-yocto-check-layer.sh /entrypoint-yocto-check-layer.sh