[PATCH v3 3/9] docker: Support building for multiple architectures

Heinrich Schuchardt xypron.glpk at gmx.de
Tue Nov 12 16:08:17 CET 2024 

On 12.11.24 15:10, Simon Glass wrote:
> Add instructions on how to build the file for multiple architectures.
> Add a message indicating what is happening.
>
> Update the documentation as well. Drop the 'sudo' since these should not
> be needed if Docker is correctly configured.

Please, explain what you mean by correctly configured.

By default Ubuntu requires sudo to execute docker.

https://docs.docker.com/engine/install/linux-postinstall/#manage-docker-as-a-non-root-user
teaches us:

"The docker group grants root-level privileges to the user. For details
on how this impacts security in your system, see Docker Daemon Attack
Surface."

So adding a user to the docker group may not be the best idea.

Installing Docker in rootless mode is possible
(https://docs.docker.com/engine/security/rootless/) but as said it is
not necessarily the distro default.

Best regards

Heinrich

>
> Signed-off-by: Simon Glass <sjg at chromium.org>
> ---
>
> Changes in v3:
> - Move ARGs to the top
> - Revise documentation to explain a common error and building on arm64
>
> Changes in v2:
> - Update docs also
> - Add comments to the ARG variables
>
>   doc/build/docker.rst    | 25 ++++++++++++++++++++++---
>   tools/docker/Dockerfile | 12 ++++++++++++
>   2 files changed, 34 insertions(+), 3 deletions(-)
>
> diff --git a/doc/build/docker.rst b/doc/build/docker.rst
> index 45659b3b89d..b8fd12ead71 100644
> --- a/doc/build/docker.rst
> +++ b/doc/build/docker.rst
> @@ -1,14 +1,33 @@
>   GitLab CI / U-Boot runner container
>   ===================================
>
> -In order to have a reproducible and portable build environment for CI we use a container for building in.  This means that developers can also reproduce the CI environment, to a large degree at least, locally.  This file is located in the tools/docker directory.  To build the image yourself
> +In order to have a reproducible and portable build environment for CI we use a container for building in.  This means that developers can also reproduce the CI environment, to a large degree at least, locally.  This file is located in the tools/docker directory.
> +
> +The docker image supports both amd64 and arm64. Ensure that the
> +'docker-buildx' Debian package is installed (or the equivalent on another
> +distribution).
> +
> +You will need a multi-platform container, otherwise this error is shown::
> +
> +    ERROR: Multi-platform build is not supported for the docker driver.
> +    Switch to a different driver, or turn on the containerd image store, and try again.
> +
> +You can add one with::
> +
> +    docker buildx create --name multiarch --driver docker-container --use
> +
> +Building is supported on both amd64 (i.e. 64-bit x86) and arm64 machines. While
> +both amd64 and arm64 happen in parallel, the non-native part will take
> +considerably longer as it must use QEMU to emulate the foreign code.
> +
> +To build the image yourself::
>
>   .. code-block:: bash
>
> -    sudo docker build -t your-namespace:your-tag .
> +    docker buildx build --platform linux/arm64/v8,linux/amd64 -t your-namespace:your-tag .
>
>   Or to use an existing container
>
>   .. code-block:: bash
>
> -    sudo docker pull trini/u-boot-gitlab-ci-runner:jammy-20240227-14Mar2024
> +    docker pull trini/u-boot-gitlab-ci-runner:jammy-20240227-14Mar2024
> diff --git a/tools/docker/Dockerfile b/tools/docker/Dockerfile
> index 967ac89fbde..7f4b17ab0a4 100644
> --- a/tools/docker/Dockerfile
> +++ b/tools/docker/Dockerfile
> @@ -2,13 +2,25 @@
>   # This Dockerfile is used to build an image containing basic stuff to be used
>   # to build U-Boot and run our test suites.
>
> +# Build with (for example):
> +# docker buildx build --platform linux/arm64/v8,linux/amd64 --tag sjg20/u-boot-gitlab-ci-runner-multiarch:jammy-20240808-03Nov2024 .
> +
>   FROM ubuntu:jammy-20240808
>   LABEL org.opencontainers.image.authors="Tom Rini <trini at konsulko.com>"
>   LABEL org.opencontainers.image.description=" This image is for building U-Boot inside a container"
>
> +# Used by docker to set the target platform: valid values are linux/arm64/v8
> +# and linux/amd64
> +ARG TARGETPLATFORM
> +
> +# Used by docker to set the build platform: the only valid value is linux/amd64
> +ARG BUILDPLATFORM
> +
>   # Make sure apt is happy
>   ENV DEBIAN_FRONTEND=noninteractive
>
> +RUN echo "Building on $BUILDPLATFORM, for target $TARGETPLATFORM"
> +
>   # Add LLVM repository
>   RUN apt-get update && apt-get install -y gnupg2 wget xz-utils && rm -rf /var/lib/apt/lists/*
>   RUN wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add -

More information about the U-Boot mailing list