Update and clean up Ubuntu docker files #10
Description
This issue collects a number of updates and cleanups that have been pending for some time. See "possible follow-ups" below for a non-exhaustive list of things that are out of scope of this PR.
- Remove the Ubuntu 17.10 image - this has never been used on the CI and is no longer supported. Just remove the file. (Add mypy and Jinja2 to the Docker images #16)
- Remove the Debian images - they're not used by the CI and probably very out of date. (They're referenced by two variables in
vars/common.groovybut those variables are no longer used - remove them too.) )(Add mypy and Jinja2 to the Docker images #16) -
Update the Docker Readme andrun.shscript to include--security-opt seccomp=unconfined(see below). - Update the value of the
ARMLMD_LICENSE_FILEenvironment variable in the two remaining images. The correct value can be found invars/gen_jobs.groovywhich can then be adapted to no longer set that variable (and the corresponding comments removed). (See on the old repo: 147 to apply and 149 to undo.) - Align the structure and contents of the Ubuntu 18.04 image with that of the Ubuntu 16.04 image (see below).
Seccomp: In dev_envs/docker_files/run.sh, add --security-opt seccomp=unconfined to the docker run line, and add an explanation about it in dev_envs/docker_files/README.md in the section **run**, for example (from a previous PR - 130 in the old repo):
Note, to run the `all.sh "test_zeroize"` tests you need to pass the additional parameters ` --cap-add=SYS_PTRACE --security-opt seccomp=unconfined` to allow ASLR to be disabled for the zeroize test. Without these parameters, this test will always fail.
(Experimentally, this is not needed seccomp=unconfined is not needed.)
Align 18.04 with 16.04: The 16.04 docker file has been cleaned up recently (192 in the old repo). Before that clean up, the differences between the 16.04 and 18.04 files were as follows:
- the base version obviously
- inconsequential formatting changes - formatting has been re-done anyway
- differences in handling yotta dependencies - yotta and all its dependencies have been removed anyway
- the 16.04 image supports installing arm-linux-gnueabi-gcc and (the effect of) gcc-multilib and the 18.04 image doesn't - it should
- the 16.04 image support
abi-compliance-checkerand the 18.04 image doesn't - it should
So, the 18.04 doesn't have anything extra compared to 16.04 that we'd need to preserve. As a consequence, the following strategy can be applied to align the images:
- Replace the 18.04 file with a copy of the 16.04 file and replace 16.04 with 18.04 up to an including the
FROM ubuntu:16.04line but not beyond. (One commit.) - Go over the occurrences of
16.04and[Uu]buntuin the rest of the file - those are comments indicating that we're working around some limitation (generally, packages version of some software too old) of 16.04. For each occurences, check if it also applies to 18.04 and update the comment and possibly the corresponding code. One commit for each of the following groups of occurrences:
a. abi-compliance-checker and abi-dumper
b. pip version
c. libtasn1 for GnuTLS 3.6 (or 3.7 by the time with get there).
Note: making sure all.sh runs fully on the 18.04 image is out of scope for this issue.
Possible follow-ups: (no issues created for those as we might need to discuss the strategy first).
- Start using 18.04 as the default for all.sh job in the Jenkns, and only keep a few selected jobs on 16.04 for compatibility. Chicken-and-egg problem: ideally, need to make sure
all.shpasses on the Ubuntu 18.04 first, but sinceall.shis so slow to run locally (8h+ on my laptop) it's better let the CI run it. Might need a companion PR tombedtlsif bugs are revealed (for example, new warnings from newer toolchains.) - Create ubuntu-20.04 file with the same procedure as for aligning the 18.04 image above: copy from 18.04, then look for occurrences of
18.04or[Uu]buntuto adapt. Extend the dockerfile-builder to handle a 20.04 image as well. Ensure the image passesall.sh(see comments about using 18.04 on the CI above.)