New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improved aarch64 build #31198

Merged
merged 3 commits into from Mar 7, 2017

Conversation

@docbobo
Contributor

docbobo commented Feb 20, 2017

- What I did
Fixed some issue that prevented me from running make all on aarch64.

- How I did it
Updated Dockerfile.aarch64to include a few things that are included in the files for other platforms:

  • golint
  • yamllint
  • swagger

I've also updated man/Dockerfile.aarch64 so that it bootstraps its own Go 1.7.5. Go 1.6.x is not sufficient anymore due to the fact that context was moved out of experimental.

- How to verify it
Run make all on an aarch64 platform should work except for a few unrelated test issues.

- Description for the changelog
Fixed issues that prevented make all to run properly on aarch64.

@docbobo

This comment has been minimized.

Contributor

docbobo commented Feb 20, 2017

@tophj-ibm I believe this PR is much more relevant to fixing #31061 than the changes in #31193.

@@ -1,6 +1,25 @@
FROM aarch64/ubuntu:xenial
FROM aarch64/ubuntu:wily

This comment has been minimized.

@tophj-ibm

tophj-ibm Feb 20, 2017

Contributor

nit: can you remove the extra space at the beginning so it's in-line with everything else?

@docbobo docbobo force-pushed the docbobo:master-manpages-aarch64 branch from 1b60627 to 8070d78 Feb 20, 2017

@GordonTheTurtle GordonTheTurtle removed the dco/no label Feb 20, 2017

@docbobo docbobo force-pushed the docbobo:master-manpages-aarch64 branch from 8070d78 to dc48bc2 Feb 21, 2017

@docbobo

This comment has been minimized.

Contributor

docbobo commented Feb 21, 2017

I probably don't understand the vetting process well, but why is this still on status/0-triageif all tests executed correctly?

@vieux

This comment has been minimized.

Collaborator

vieux commented Feb 21, 2017

@docbobo it's a manual process :)

@vieux

This comment has been minimized.

Collaborator

vieux commented Feb 21, 2017

@docbobo @tophj-ibm so which one should we merge this one or #31193 ?

@docbobo

This comment has been minimized.

Contributor

docbobo commented Feb 21, 2017

Well, this one is fixing #31061, but #31193 seems to be the more important change. Thus my preference would be on #31193. @tophj-ibm?

@tophj-ibm

This comment has been minimized.

Contributor

tophj-ibm commented Feb 21, 2017

@vieux I saw them as separate issues so I asked him to split them, maybe that just caused confusion.

This one is an extension of #30755 and provides a fix for make validate, and make manpages for aarch64 which is already broken and should be merged as soon as it looks good.

#31193 is for adding make deb support for debian:jessie on aarch64, which still needs some consensus around if it's okay to merge without seccomp support.

@tophj-ibm

This comment has been minimized.

Contributor

tophj-ibm commented Feb 21, 2017

this should also be cherry-picked in the 17.03.x branch

@vieux

This comment has been minimized.

Collaborator

vieux commented Feb 21, 2017

ah ok got it.

@vieux vieux added this to the 17.03.0 milestone Feb 21, 2017

@vieux

This comment has been minimized.

Collaborator

vieux commented Feb 21, 2017

@docbobo

This comment has been minimized.

Contributor

docbobo commented Feb 21, 2017

@tophj-ibm was the cherry-picking comment supposed to cover both PRs?

@tophj-ibm

This comment has been minimized.

Contributor

tophj-ibm commented Feb 21, 2017

@docbobo no, this one is a bug fix and should go into the next point release. (hence the cherry-pick)

The other is more of a feature request which should go into the next version release if it gets merged. Note, I'm not a maintainer, but they probably agree with me 😄

@fboudra

This comment has been minimized.

Contributor

fboudra commented Feb 22, 2017

quick question about an undocumented change: why going back from Xenial (current LTS) to Wily in man/Dockerfile.aarch64? Note: the bootstrap is still necessary.

@@ -1,6 +1,25 @@
FROM aarch64/ubuntu:xenial
FROM aarch64/ubuntu:wily

This comment has been minimized.

@fboudra

fboudra Feb 22, 2017

Contributor

why going back from Xenial (current LTS) to Wily?

This comment has been minimized.

@docbobo

docbobo Feb 22, 2017

Contributor

Excellent question. I did that initially so that it would be in line with the main Dockerfile.aarch64, which uses wily.

This comment has been minimized.

@vieux

vieux Feb 22, 2017

Collaborator

maybe both should use xenial ?

This comment has been minimized.

@fboudra

fboudra Feb 23, 2017

Contributor

align on Xenial is preferable since it's the latest LTS release and most likely deployed on servers along docker.

@vieux vieux modified the milestones: 17.04.0, 17.03.0 Feb 23, 2017

@vieux

This comment has been minimized.

Collaborator

vieux commented Feb 23, 2017

I moved this back to 17.04

@docbobo

This comment has been minimized.

Contributor

docbobo commented Feb 23, 2017

I am currently testing with xenial instead of wily...

Improved aarch64 build
- Added 'golint', 'yamllint', and 'swagger'
- Fixed man/Dockerfile.aarch64 by bootstrapping Go 1.7.5

Signed-off-by: Boris Pruessmann <boris@pruessmann.org>

@docbobo docbobo force-pushed the docbobo:master-manpages-aarch64 branch from dc48bc2 to cdf17e6 Feb 23, 2017

@@ -39,6 +39,7 @@ RUN apt-get update && apt-get install -y \
libcap-dev \
libltdl-dev \
libsystemd-dev \
libyaml-dev \

This comment has been minimized.

@tophj-ibm

tophj-ibm Feb 23, 2017

Contributor

just wondering, do you need both this and yamllint for the swagger stuff on aarch64? I'm just wondering because it isn't in the other dockerfiles.

This comment has been minimized.

@docbobo

docbobo Feb 24, 2017

Contributor

Good question. I am not a Python expert, but when I added yamllint to the Dockerfile, there were some complaints in the output that libyaml could not be found during compilation. However, I did not check with the other Dockerfiles to see if it's used there.

This comment has been minimized.

@docbobo

docbobo Feb 26, 2017

Contributor

To add to that: all other platforms are based on debian:jessie, while aarch64 is curently based on ubuntu:wily. So the list of packages that are being installed doesn't seem to be comparable anyway.

This comment has been minimized.

@tophj-ibm

tophj-ibm Feb 27, 2017

Contributor

good point

@thaJeztah

LGTM

@tianon

This comment has been minimized.

Member

tianon commented Feb 28, 2017

It's not really a blocker, but I was comparing this to a few of the other platforms and I'm curious whether some of the deviations are still justified?

Dockerfile.armhf:

$ diff -u <(curl -fsSL 'https://raw.githubusercontent.com/docker/docker/master/Dockerfile.armhf') <(curl -fsSL 'https://raw.githubusercontent.com/docbobo/docker/cdf17e6943b15103b37fd57da7c2729a26ecb674/Dockerfile.aarch64')
--- /dev/fd/63	2017-02-28 10:08:14.114649827 -0800
+++ /dev/fd/62	2017-02-28 10:08:14.115649796 -0800
@@ -1,9 +1,9 @@
-# This file describes the standard way to build Docker on ARMv7, using docker
+# This file describes the standard way to build Docker on aarch64, using docker
 #
 # Usage:
 #
 # # Assemble the full dev environment. This is slow the first time.
-# docker build -t docker -f Dockerfile.armhf .
+# docker build -t docker -f Dockerfile.aarch64 .
 #
 # # Mount your source in an interactive container for quick testing:
 # docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
@@ -15,11 +15,7 @@
 # the case. Therefore, you don't have to disable it anymore.
 #
 
-FROM armhf/debian:jessie
-
-# allow replacing httpredir or deb mirror
-ARG APT_MIRROR=deb.debian.org
-RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
+FROM aarch64/ubuntu:xenial
 
 # Packaged dependencies
 RUN apt-get update && apt-get install -y \
@@ -29,30 +25,34 @@
 	bash-completion \
 	btrfs-tools \
 	build-essential \
+	cmake \
 	createrepo \
 	curl \
-	cmake \
 	dpkg-sig \
+	g++ \
+	gcc \
 	git \
 	iptables \
 	jq \
-	net-tools \
 	libapparmor-dev \
+	libc6-dev \
 	libcap-dev \
 	libltdl-dev \
-	libsystemd-journal-dev \
-	libtool \
+	libsystemd-dev \
+	libyaml-dev \
 	mercurial \
+	net-tools \
+	parallel \
 	pkg-config \
 	python-dev \
 	python-mock \
 	python-pip \
 	python-websocket \
-	xfsprogs \
-	tar \
+	gccgo \
+	iproute2 \
+	iputils-ping \
 	vim-common \
-	--no-install-recommends \
-	&& pip install awscli==1.10.15
+	--no-install-recommends
 
 # Get lvm2 source for compiling statically
 ENV LVM2_VERSION 2.02.103
@@ -61,6 +61,13 @@
 		| tar -xzC /usr/local/lvm2 --strip-components=1
 # See https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
 
+# Fix platform enablement in lvm2 to support aarch64 properly
+RUN set -e \
+	&& for f in config.guess config.sub; do \
+		curl -fsSL -o "/usr/local/lvm2/autoconf/$f" "http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=$f;hb=HEAD"; \
+	done
+# "arch.c:78:2: error: #error the arch code needs to know about your machine type"
+
 # Compile and install lvm2
 RUN cd /usr/local/lvm2 \
 	&& ./configure \
@@ -70,28 +77,6 @@
 	&& make install_device-mapper
 # See https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
 
-# Install Go
-ENV GO_VERSION 1.7.5
-RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-armv6l.tar.gz" \
-	| tar -xzC /usr/local
-ENV PATH /go/bin:/usr/local/go/bin:$PATH
-ENV GOPATH /go
-
-# We're building for armhf, which is ARMv7, so let's be explicit about that
-ENV GOARCH arm
-ENV GOARM 7
-
-# Dependency for golint
-ENV GO_TOOLS_COMMIT 823804e1ae08dbb14eb807afc7db9993bc9e3cc3
-RUN git clone https://github.com/golang/tools.git /go/src/golang.org/x/tools \
-	&& (cd /go/src/golang.org/x/tools && git checkout -q $GO_TOOLS_COMMIT)
-
-# Grab Go's lint tool
-ENV GO_LINT_COMMIT 32a87160691b3c96046c0c678fe57c5bef761456
-RUN git clone https://github.com/golang/lint.git /go/src/github.com/golang/lint \
-	&& (cd /go/src/github.com/golang/lint && git checkout -q $GO_LINT_COMMIT) \
-	&& go install -v github.com/golang/lint/golint
-
 # Install seccomp: the version shipped in trusty is too old
 ENV SECCOMP_VERSION 2.3.1
 RUN set -x \
@@ -107,21 +92,40 @@
 	) \
 	&& rm -rf "$SECCOMP_PATH"
 
-# Install two versions of the registry. The first is an older version that
-# only supports schema1 manifests. The second is a newer version that supports
-# both. This allows integration-cli tests to cover push/pull with both schema1
-# and schema2 manifests.
-ENV REGISTRY_COMMIT_SCHEMA1 ec87e9b6971d831f0eff752ddb54fb64693e51cd
-ENV REGISTRY_COMMIT cb08de17d74bef86ce6c5abe8b240e282f5750be
+# Install Go
+# We don't have official binary tarballs for ARM64, eigher for Go or bootstrap,
+# so we use gccgo as bootstrap to build Go from source code.
+# We don't use the official ARMv6 released binaries as a GOROOT_BOOTSTRAP, because
+# not all ARM64 platforms support 32-bit mode. 32-bit mode is optional for ARMv8.
+ENV GO_VERSION 1.7.5
+RUN mkdir /usr/src/go && curl -fsSL https://golang.org/dl/go${GO_VERSION}.src.tar.gz | tar -v -C /usr/src/go -xz --strip-components=1 \
+	&& cd /usr/src/go/src \
+	&& GOOS=linux GOARCH=arm64 GOROOT_BOOTSTRAP="$(go env GOROOT)" ./make.bash
+
+ENV PATH /go/bin:/usr/src/go/bin:$PATH
+ENV GOPATH /go
+
+# Dependency for golint
+ENV GO_TOOLS_COMMIT 823804e1ae08dbb14eb807afc7db9993bc9e3cc3
+RUN git clone https://github.com/golang/tools.git /go/src/golang.org/x/tools \
+	&& (cd /go/src/golang.org/x/tools && git checkout -q $GO_TOOLS_COMMIT)
+
+# Grab Go's lint tool
+ENV GO_LINT_COMMIT 32a87160691b3c96046c0c678fe57c5bef761456
+RUN git clone https://github.com/golang/lint.git /go/src/github.com/golang/lint \
+	&& (cd /go/src/github.com/golang/lint && git checkout -q $GO_LINT_COMMIT) \
+	&& go install -v github.com/golang/lint/golint
+
+# Only install one version of the registry, because old version which support
+# schema1 manifests is not working on ARM64, we should skip integration-cli
+# tests for schema1 manifests on ARM64.
+ENV REGISTRY_COMMIT 47a064d4195a9b56133891bbb13620c3ac83a827
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
 	&& git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \
 	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \
 	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
 		go build -o /usr/local/bin/registry-v2 github.com/docker/distribution/cmd/registry \
-	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT_SCHEMA1") \
-	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
-		go build -o /usr/local/bin/registry-v2-schema1 github.com/docker/distribution/cmd/registry \
 	&& rm -rf "$GOPATH"
 
 # Install notary and notary-server
@@ -143,6 +147,15 @@
 	&& git checkout -q $DOCKER_PY_COMMIT \
 	&& pip install -r test-requirements.txt
 
+# Install yamllint for validating swagger.yaml
+RUN pip install yamllint==1.5.0
+
+# Install go-swagger for validating swagger.yaml
+ENV GO_SWAGGER_COMMIT c28258affb0b6251755d92489ef685af8d4ff3eb
+RUN git clone https://github.com/go-swagger/go-swagger.git /go/src/github.com/go-swagger/go-swagger \
+	&& (cd /go/src/github.com/go-swagger/go-swagger && git checkout -q $GO_SWAGGER_COMMIT) \
+	&& go install -v github.com/go-swagger/go-swagger/cmd/swagger
+
 # Set user.email so crosbymichael's in-container merge commits go smoothly
 RUN git config --global user.email 'docker-dummy@example.com'
 
@@ -163,10 +176,10 @@
 # Get useful and necessary Hub images so we can "docker load" locally instead of pulling
 COPY contrib/download-frozen-image-v2.sh /go/src/github.com/docker/docker/contrib/
 RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
-	armhf/buildpack-deps:jessie@sha256:ca6cce8e5bf5c952129889b5cc15cd6aa8d995d77e55e3749bbaadae50e476cb \
-	armhf/busybox:latest@sha256:d98a7343ac750ffe387e3d514f8521ba69846c216778919b01414b8617cfb3d4 \
-	armhf/debian:jessie@sha256:4a2187483f04a84f9830910fe3581d69b3c985cc045d9f01d8e2f3795b28107b \
-	armhf/hello-world:latest@sha256:161dcecea0225975b2ad5f768058212c1e0d39e8211098666ffa1ac74cfb7791
+	aarch64/buildpack-deps:jessie@sha256:6aa1d6910791b7ac78265fd0798e5abd6cb3f27ae992f6f960f6c303ec9535f2 \
+	aarch64/busybox:latest@sha256:b23a6a37cf269dff6e46d2473b6e227afa42b037e6d23435f1d2bc40fc8c2828 \
+	aarch64/debian:jessie@sha256:4be74a41a7c70ebe887b634b11ffe516cf4fcd56864a54941e56bb49883c3170 \
+	aarch64/hello-world:latest@sha256:65a4a158587b307bb02db4de41b836addb0c35175bdc801367b1ac1ddeb9afda
 # See also "hack/make/.ensure-frozen-images" (which needs to be updated any time this list is)
 
 # Install tomlv, vndr, runc, containerd, tini, docker-proxy
@@ -175,6 +188,7 @@
 COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
 RUN /tmp/install-binaries.sh tomlv vndr runc containerd tini proxy
 
+# Wrap all commands in the "docker-in-docker" script to allow nested containers
 ENTRYPOINT ["hack/dind"]
 
 # Upload docker source

Dockerfile.s390x:

$ diff -u <(curl -fsSL 'https://raw.githubusercontent.com/docker/docker/master/Dockerfile.s390x') <(curl -fsSL 'https://raw.githubusercontent.com/docbobo/docker/cdf17e6943b15103b37fd57da7c2729a26ecb674/Dockerfile.aarch64')
--- /dev/fd/63	2017-02-28 10:08:26.504275598 -0800
+++ /dev/fd/62	2017-02-28 10:08:26.504275598 -0800
@@ -1,9 +1,9 @@
-# This file describes the standard way to build Docker on s390x, using docker
+# This file describes the standard way to build Docker on aarch64, using docker
 #
 # Usage:
 #
 # # Assemble the full dev environment. This is slow the first time.
-# docker build -t docker -f Dockerfile.s390x .
+# docker build -t docker -f Dockerfile.aarch64 .
 #
 # # Mount your source in an interactive container for quick testing:
 # docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
@@ -15,12 +15,11 @@
 # the case. Therefore, you don't have to disable it anymore.
 #
 
-FROM s390x/debian:jessie
+FROM aarch64/ubuntu:xenial
 
 # Packaged dependencies
 RUN apt-get update && apt-get install -y \
 	apparmor \
-	apt-utils \
 	aufs-tools \
 	automake \
 	bash-completion \
@@ -30,41 +29,31 @@
 	createrepo \
 	curl \
 	dpkg-sig \
+	g++ \
+	gcc \
 	git \
 	iptables \
 	jq \
-	net-tools \
 	libapparmor-dev \
+	libc6-dev \
 	libcap-dev \
 	libltdl-dev \
-	libsystemd-journal-dev \
-	libtool \
+	libsystemd-dev \
+	libyaml-dev \
 	mercurial \
+	net-tools \
+	parallel \
 	pkg-config \
 	python-dev \
 	python-mock \
 	python-pip \
 	python-websocket \
-	xfsprogs \
-	tar \
+	gccgo \
+	iproute2 \
+	iputils-ping \
 	vim-common \
 	--no-install-recommends
 
-# Install seccomp: the version shipped in jessie is too old
-ENV SECCOMP_VERSION 2.3.1
-RUN set -x \
-	&& export SECCOMP_PATH="$(mktemp -d)" \
-	&& curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
-		| tar -xzC "$SECCOMP_PATH" --strip-components=1 \
-	&& ( \
-		cd "$SECCOMP_PATH" \
-		&& ./configure --prefix=/usr/local \
-		&& make \
-		&& make install \
-		&& ldconfig \
-	) \
-	&& rm -rf "$SECCOMP_PATH"
-
 # Get lvm2 source for compiling statically
 ENV LVM2_VERSION 2.02.103
 RUN mkdir -p /usr/local/lvm2 \
@@ -72,7 +61,7 @@
 		| tar -xzC /usr/local/lvm2 --strip-components=1
 # See https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
 
-# Fix platform enablement in lvm2 to support s390x properly
+# Fix platform enablement in lvm2 to support aarch64 properly
 RUN set -e \
 	&& for f in config.guess config.sub; do \
 		curl -fsSL -o "/usr/local/lvm2/autoconf/$f" "http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=$f;hb=HEAD"; \
@@ -88,11 +77,32 @@
 	&& make install_device-mapper
 # See https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
 
+# Install seccomp: the version shipped in trusty is too old
+ENV SECCOMP_VERSION 2.3.1
+RUN set -x \
+	&& export SECCOMP_PATH="$(mktemp -d)" \
+	&& curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
+		| tar -xzC "$SECCOMP_PATH" --strip-components=1 \
+	&& ( \
+		cd "$SECCOMP_PATH" \
+		&& ./configure --prefix=/usr/local \
+		&& make \
+		&& make install \
+		&& ldconfig \
+	) \
+	&& rm -rf "$SECCOMP_PATH"
+
+# Install Go
+# We don't have official binary tarballs for ARM64, eigher for Go or bootstrap,
+# so we use gccgo as bootstrap to build Go from source code.
+# We don't use the official ARMv6 released binaries as a GOROOT_BOOTSTRAP, because
+# not all ARM64 platforms support 32-bit mode. 32-bit mode is optional for ARMv8.
 ENV GO_VERSION 1.7.5
-RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-s390x.tar.gz" \
-	| tar -xzC /usr/local
+RUN mkdir /usr/src/go && curl -fsSL https://golang.org/dl/go${GO_VERSION}.src.tar.gz | tar -v -C /usr/src/go -xz --strip-components=1 \
+	&& cd /usr/src/go/src \
+	&& GOOS=linux GOARCH=arm64 GOROOT_BOOTSTRAP="$(go env GOROOT)" ./make.bash
 
-ENV PATH /go/bin:/usr/local/go/bin:$PATH
+ENV PATH /go/bin:/usr/src/go/bin:$PATH
 ENV GOPATH /go
 
 # Dependency for golint
@@ -106,11 +116,9 @@
 	&& (cd /go/src/github.com/golang/lint && git checkout -q $GO_LINT_COMMIT) \
 	&& go install -v github.com/golang/lint/golint
 
-# Install two versions of the registry. The first is an older version that
-# only supports schema1 manifests. The second is a newer version that supports
-# both. This allows integration-cli tests to cover push/pull with both schema1
-# and schema2 manifests.
-ENV REGISTRY_COMMIT_SCHEMA1 ec87e9b6971d831f0eff752ddb54fb64693e51cd
+# Only install one version of the registry, because old version which support
+# schema1 manifests is not working on ARM64, we should skip integration-cli
+# tests for schema1 manifests on ARM64.
 ENV REGISTRY_COMMIT 47a064d4195a9b56133891bbb13620c3ac83a827
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
@@ -118,9 +126,6 @@
 	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \
 	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
 		go build -o /usr/local/bin/registry-v2 github.com/docker/distribution/cmd/registry \
-	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT_SCHEMA1") \
-	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
-		go build -o /usr/local/bin/registry-v2-schema1 github.com/docker/distribution/cmd/registry \
 	&& rm -rf "$GOPATH"
 
 # Install notary and notary-server
@@ -142,6 +147,15 @@
 	&& git checkout -q $DOCKER_PY_COMMIT \
 	&& pip install -r test-requirements.txt
 
+# Install yamllint for validating swagger.yaml
+RUN pip install yamllint==1.5.0
+
+# Install go-swagger for validating swagger.yaml
+ENV GO_SWAGGER_COMMIT c28258affb0b6251755d92489ef685af8d4ff3eb
+RUN git clone https://github.com/go-swagger/go-swagger.git /go/src/github.com/go-swagger/go-swagger \
+	&& (cd /go/src/github.com/go-swagger/go-swagger && git checkout -q $GO_SWAGGER_COMMIT) \
+	&& go install -v github.com/go-swagger/go-swagger/cmd/swagger
+
 # Set user.email so crosbymichael's in-container merge commits go smoothly
 RUN git config --global user.email 'docker-dummy@example.com'
 
@@ -151,7 +165,7 @@
 
 VOLUME /var/lib/docker
 WORKDIR /go/src/github.com/docker/docker
-ENV DOCKER_BUILDTAGS apparmor selinux seccomp
+ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
 
 # Let us use a .bashrc file
 RUN ln -sfv $PWD/.bashrc ~/.bashrc
@@ -162,10 +176,10 @@
 # Get useful and necessary Hub images so we can "docker load" locally instead of pulling
 COPY contrib/download-frozen-image-v2.sh /go/src/github.com/docker/docker/contrib/
 RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
-	s390x/buildpack-deps:jessie@sha256:4d1381224acaca6c4bfe3604de3af6972083a8558a99672cb6989c7541780099 \
-	s390x/busybox:latest@sha256:dd61522c983884a66ed72d60301925889028c6d2d5e0220a8fe1d9b4c6a4f01b \
-	s390x/debian:jessie@sha256:b74c863400909eff3c5e196cac9bfd1f6333ce47aae6a38398d87d5875da170a \
-	s390x/hello-world:latest@sha256:780d80b3a7677c3788c0d5cd9168281320c8d4a6d9183892d8ee5cdd610f5699
+	aarch64/buildpack-deps:jessie@sha256:6aa1d6910791b7ac78265fd0798e5abd6cb3f27ae992f6f960f6c303ec9535f2 \
+	aarch64/busybox:latest@sha256:b23a6a37cf269dff6e46d2473b6e227afa42b037e6d23435f1d2bc40fc8c2828 \
+	aarch64/debian:jessie@sha256:4be74a41a7c70ebe887b634b11ffe516cf4fcd56864a54941e56bb49883c3170 \
+	aarch64/hello-world:latest@sha256:65a4a158587b307bb02db4de41b836addb0c35175bdc801367b1ac1ddeb9afda
 # See also "hack/make/.ensure-frozen-images" (which needs to be updated any time this list is)
 
 # Install tomlv, vndr, runc, containerd, tini, docker-proxy

Dockerfile:

$ diff -u <(curl -fsSL 'https://raw.githubusercontent.com/docker/docker/master/Dockerfile') <(curl -fsSL 'https://raw.githubusercontent.com/docbobo/docker/cdf17e6943b15103b37fd57da7c2729a26ecb674/Dockerfile.aarch64')
--- /dev/fd/63	2017-02-28 10:08:02.325005913 -0800
+++ /dev/fd/62	2017-02-28 10:08:02.325005913 -0800
@@ -1,9 +1,9 @@
-# This file describes the standard way to build Docker, using docker
+# This file describes the standard way to build Docker on aarch64, using docker
 #
 # Usage:
 #
 # # Assemble the full dev environment. This is slow the first time.
-# docker build -t docker .
+# docker build -t docker -f Dockerfile.aarch64 .
 #
 # # Mount your source in an interactive container for quick testing:
 # docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
@@ -11,76 +11,49 @@
 # # Run the test suite:
 # docker run --privileged docker hack/make.sh test-unit test-integration-cli test-docker-py
 #
-# # Publish a release:
-# docker run --privileged \
-#  -e AWS_S3_BUCKET=baz \
-#  -e AWS_ACCESS_KEY=foo \
-#  -e AWS_SECRET_KEY=bar \
-#  -e GPG_PASSPHRASE=gloubiboulga \
-#  docker hack/release.sh
-#
 # Note: AppArmor used to mess with privileged mode, but this is no longer
 # the case. Therefore, you don't have to disable it anymore.
 #
 
-FROM debian:jessie
-
-# allow replacing httpredir or deb mirror
-ARG APT_MIRROR=deb.debian.org
-RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
-
-# Add zfs ppa
-COPY keys/launchpad-ppa-zfs.asc /go/src/github.com/docker/docker/keys/
-RUN apt-key add /go/src/github.com/docker/docker/keys/launchpad-ppa-zfs.asc
-RUN echo deb http://ppa.launchpad.net/zfs-native/stable/ubuntu trusty main > /etc/apt/sources.list.d/zfs.list
+FROM aarch64/ubuntu:xenial
 
 # Packaged dependencies
 RUN apt-get update && apt-get install -y \
 	apparmor \
-	apt-utils \
 	aufs-tools \
 	automake \
 	bash-completion \
-	binutils-mingw-w64 \
-	bsdmainutils \
 	btrfs-tools \
 	build-essential \
-	clang \
 	cmake \
 	createrepo \
 	curl \
 	dpkg-sig \
-	gcc-mingw-w64 \
+	g++ \
+	gcc \
 	git \
 	iptables \
 	jq \
-	less \
 	libapparmor-dev \
+	libc6-dev \
 	libcap-dev \
 	libltdl-dev \
-	libnl-3-dev \
-	libprotobuf-c0-dev \
-	libprotobuf-dev \
-	libsystemd-journal-dev \
-	libtool \
-	libzfs-dev \
+	libsystemd-dev \
+	libyaml-dev \
 	mercurial \
 	net-tools \
+	parallel \
 	pkg-config \
-	protobuf-compiler \
-	protobuf-c-compiler \
 	python-dev \
 	python-mock \
 	python-pip \
 	python-websocket \
-	tar \
-	ubuntu-zfs \
-	vim \
+	gccgo \
+	iproute2 \
+	iputils-ping \
 	vim-common \
-	xfsprogs \
-	zip \
-	--no-install-recommends \
-	&& pip install awscli==1.10.15
+	--no-install-recommends
+
 # Get lvm2 source for compiling statically
 ENV LVM2_VERSION 2.02.103
 RUN mkdir -p /usr/local/lvm2 \
@@ -88,6 +61,13 @@
 		| tar -xzC /usr/local/lvm2 --strip-components=1
 # See https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
 
+# Fix platform enablement in lvm2 to support aarch64 properly
+RUN set -e \
+	&& for f in config.guess config.sub; do \
+		curl -fsSL -o "/usr/local/lvm2/autoconf/$f" "http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=$f;hb=HEAD"; \
+	done
+# "arch.c:78:2: error: #error the arch code needs to know about your machine type"
+
 # Compile and install lvm2
 RUN cd /usr/local/lvm2 \
 	&& ./configure \
@@ -97,17 +77,6 @@
 	&& make install_device-mapper
 # See https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
 
-# Configure the container for OSX cross compilation
-ENV OSX_SDK MacOSX10.11.sdk
-ENV OSX_CROSS_COMMIT a9317c18a3a457ca0a657f08cc4d0d43c6cf8953
-RUN set -x \
-	&& export OSXCROSS_PATH="/osxcross" \
-	&& git clone https://github.com/tpoechtrager/osxcross.git $OSXCROSS_PATH \
-	&& ( cd $OSXCROSS_PATH && git checkout -q $OSX_CROSS_COMMIT) \
-	&& curl -sSL https://s3.dockerproject.org/darwin/v2/${OSX_SDK}.tar.xz -o "${OSXCROSS_PATH}/tarballs/${OSX_SDK}.tar.xz" \
-	&& UNATTENDED=yes OSX_VERSION_MIN=10.6 ${OSXCROSS_PATH}/build.sh
-ENV PATH /osxcross/target/bin:$PATH
-
 # Install seccomp: the version shipped in trusty is too old
 ENV SECCOMP_VERSION 2.3.1
 RUN set -x \
@@ -124,24 +93,18 @@
 	&& rm -rf "$SECCOMP_PATH"
 
 # Install Go
-# IMPORTANT: If the version of Go is updated, the Windows to Linux CI machines
-#            will need updating, to avoid errors. Ping #docker-maintainers on IRC
-#            with a heads-up.
+# We don't have official binary tarballs for ARM64, eigher for Go or bootstrap,
+# so we use gccgo as bootstrap to build Go from source code.
+# We don't use the official ARMv6 released binaries as a GOROOT_BOOTSTRAP, because
+# not all ARM64 platforms support 32-bit mode. 32-bit mode is optional for ARMv8.
 ENV GO_VERSION 1.7.5
-RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" \
-	| tar -xzC /usr/local
+RUN mkdir /usr/src/go && curl -fsSL https://golang.org/dl/go${GO_VERSION}.src.tar.gz | tar -v -C /usr/src/go -xz --strip-components=1 \
+	&& cd /usr/src/go/src \
+	&& GOOS=linux GOARCH=arm64 GOROOT_BOOTSTRAP="$(go env GOROOT)" ./make.bash
 
-ENV PATH /go/bin:/usr/local/go/bin:$PATH
+ENV PATH /go/bin:/usr/src/go/bin:$PATH
 ENV GOPATH /go
 
-# Compile Go for cross compilation
-ENV DOCKER_CROSSPLATFORMS \
-	linux/386 linux/arm \
-	darwin/amd64 \
-	freebsd/amd64 freebsd/386 freebsd/arm \
-	windows/amd64 windows/386 \
-	solaris/amd64
-
 # Dependency for golint
 ENV GO_TOOLS_COMMIT 823804e1ae08dbb14eb807afc7db9993bc9e3cc3
 RUN git clone https://github.com/golang/tools.git /go/src/golang.org/x/tools \
@@ -153,19 +116,9 @@
 	&& (cd /go/src/github.com/golang/lint && git checkout -q $GO_LINT_COMMIT) \
 	&& go install -v github.com/golang/lint/golint
 
-# Install CRIU for checkpoint/restore support
-ENV CRIU_VERSION 2.9
-RUN mkdir -p /usr/src/criu \
-	&& curl -sSL https://github.com/xemul/criu/archive/v${CRIU_VERSION}.tar.gz | tar -v -C /usr/src/criu/ -xz --strip-components=1 \
-	&& cd /usr/src/criu \
-	&& make \
-	&& make install-criu
-
-# Install two versions of the registry. The first is an older version that
-# only supports schema1 manifests. The second is a newer version that supports
-# both. This allows integration-cli tests to cover push/pull with both schema1
-# and schema2 manifests.
-ENV REGISTRY_COMMIT_SCHEMA1 ec87e9b6971d831f0eff752ddb54fb64693e51cd
+# Only install one version of the registry, because old version which support
+# schema1 manifests is not working on ARM64, we should skip integration-cli
+# tests for schema1 manifests on ARM64.
 ENV REGISTRY_COMMIT 47a064d4195a9b56133891bbb13620c3ac83a827
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
@@ -173,9 +126,6 @@
 	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \
 	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
 		go build -o /usr/local/bin/registry-v2 github.com/docker/distribution/cmd/registry \
-	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT_SCHEMA1") \
-	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
-		go build -o /usr/local/bin/registry-v2-schema1 github.com/docker/distribution/cmd/registry \
 	&& rm -rf "$GOPATH"
 
 # Install notary and notary-server
@@ -219,8 +169,6 @@
 
 # Let us use a .bashrc file
 RUN ln -sfv $PWD/.bashrc ~/.bashrc
-# Add integration helps to bashrc
-RUN echo "source $PWD/hack/make/.integration-test-helpers" >> /etc/bash.bashrc
 
 # Register Docker's bash completion.
 RUN ln -sv $PWD/contrib/completion/bash/docker /etc/bash_completion.d/docker
@@ -228,17 +176,17 @@
 # Get useful and necessary Hub images so we can "docker load" locally instead of pulling
 COPY contrib/download-frozen-image-v2.sh /go/src/github.com/docker/docker/contrib/
 RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
-	buildpack-deps:jessie@sha256:25785f89240fbcdd8a74bdaf30dd5599a9523882c6dfc567f2e9ef7cf6f79db6 \
-	busybox:latest@sha256:e4f93f6ed15a0cdd342f5aae387886fba0ab98af0a102da6276eaf24d6e6ade0 \
-	debian:jessie@sha256:f968f10b4b523737e253a97eac59b0d1420b5c19b69928d35801a6373ffe330e \
-	hello-world:latest@sha256:8be990ef2aeb16dbcb9271ddfe2610fa6658d13f6dfb8bc72074cc1ca36966a7
+	aarch64/buildpack-deps:jessie@sha256:6aa1d6910791b7ac78265fd0798e5abd6cb3f27ae992f6f960f6c303ec9535f2 \
+	aarch64/busybox:latest@sha256:b23a6a37cf269dff6e46d2473b6e227afa42b037e6d23435f1d2bc40fc8c2828 \
+	aarch64/debian:jessie@sha256:4be74a41a7c70ebe887b634b11ffe516cf4fcd56864a54941e56bb49883c3170 \
+	aarch64/hello-world:latest@sha256:65a4a158587b307bb02db4de41b836addb0c35175bdc801367b1ac1ddeb9afda
 # See also "hack/make/.ensure-frozen-images" (which needs to be updated any time this list is)
 
 # Install tomlv, vndr, runc, containerd, tini, docker-proxy
 # Please edit hack/dockerfile/install-binaries.sh to update them.
 COPY hack/dockerfile/binaries-commits /tmp/binaries-commits
 COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
-RUN /tmp/install-binaries.sh tomlv vndr runc containerd tini proxy bindata
+RUN /tmp/install-binaries.sh tomlv vndr runc containerd tini proxy
 
 # Wrap all commands in the "docker-in-docker" script to allow nested containers
 ENTRYPOINT ["hack/dind"]
@tianon

This comment has been minimized.

Member

tianon commented Feb 28, 2017

(Just as a point of further thought, etc -- not at all a blocker ❤️)

@tophj-ibm

This comment has been minimized.

Contributor

tophj-ibm commented Feb 28, 2017

@tianon that's a good point, the dockerfiles in general definitely need some cleanup.

Just a few things I saw when checking out the diffs regarding cleanup.

  1. Figure out what packages aren't needed anymore. The non-x86 dockerfiles have switched bases a couple of times so there are extra packages that probably aren't needed anymore

  2. sync gopaths, some use /usr/src/go some use /usr/local/go, the latter preferred by go.

  3. Add yamllint and go-swagger to other dockerfiles

  4. Add CRIU for checkpoint restore to other architectures. Might be a blocker here depending on if it's supported everywhere.

IMO none of these need to happen here. make all is currently broken on aarch64 and I think fixing that before next release is most important. I can take a swing at the above in another PR though.

@tianon

This comment has been minimized.

Member

tianon commented Feb 28, 2017

@@ -1,6 +1,25 @@
FROM aarch64/ubuntu:xenial
RUN apt-get update && apt-get install -y git golang-go
# allow replacing httpredir or deb mirror
ARG APT_MIRROR=deb.debian.org

This comment has been minimized.

@justincormack

justincormack Feb 28, 2017

Contributor

This should not be in a Dockerfile that is FROM ubuntu

This comment has been minimized.

@docbobo

docbobo Mar 1, 2017

Contributor

Agreed.

Incorporated feedback from review
Signed-off-by: Boris Pruessmann <boris@pruessmann.org>
@justincormack

This comment has been minimized.

Contributor

justincormack commented Mar 1, 2017

Minor nit, he comment in the file about libseccomp is not quite correct, the version is not too old, but I don't think it ships with the static library for a static build.

@docbobo

This comment has been minimized.

Contributor

docbobo commented Mar 2, 2017

@justincormack: the comment you are referring to wasn't changed, it's already in the base version of the file. As a fact of the matter, it's like that in the Dockerfiles for three other architectures as well, including x86.

My suggestion would be to keep it like that because it makes comparing the different Dockerfiles a little bit easier, and there seems to be the desire to perform some overall cleanup.

Let me know if you disagree and I'll happily fix that.

Fixed incompatibilities with latest xenial
Signed-off-by: Boris Pruessmann <boris@pruessmann.org>
@docbobo

This comment has been minimized.

Contributor

docbobo commented Mar 2, 2017

I had to make a few more changes as building failed this morning (while working last night). It seems that aarch64/ubuntu:latest was updated within the last 12 hours, and I am suspicious that this is the root cause.

@thaJeztah

This comment has been minimized.

Member

thaJeztah commented Mar 6, 2017

@tophj-ibm

This comment has been minimized.

Contributor

tophj-ibm commented Mar 6, 2017

LGTM

@vdemeester

LGTM 🐸

@vdemeester vdemeester merged commit 7bf4085 into moby:master Mar 7, 2017

4 checks passed

dco-signed All commits are signed
experimental Jenkins build Docker-PRs-experimental 31242 has succeeded
Details
janky Jenkins build Docker-PRs 39859 has succeeded
Details
windowsRS1 Jenkins build Docker-PRs-WoW-RS1 10922 has succeeded
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment