tinkerbell · mergify · Aug 18, 2020 · Aug 5, 2020 · Aug 17, 2020 · Jul 17, 2020
diff --git a/ci/Dockerfile b/ci/Dockerfile
@@ -1,39 +1,46 @@
 # vim: set expandtab shiftwidth=4 softtabstop=4:
-FROM alpine:3.10
+FROM alpine:3.12
 
 RUN apk add --no-cache --no-progress --update --upgrade \
-    bash \
-    bridge-utils \
-    coreutils \
-    cpio \
-    curl \
-    diffutils \
-    dnsmasq \
-    docker \
-    eudev \
-    file \
-    findutils \
-    git \
-    go \
-    gptfdisk \
-    iptables \
-    jq \
-    libarchive-tools \
-    lshw \
-    make \
-    musl-dev \
-    ovmf \
-    pigz \
-    py2-pip \
-    qemu-system-aarch64 \
-    qemu-system-x86_64 \
-    rsync \
-    socat \
-    util-linux \
-    python3 \
-    python3-dev \
-    gcc \
-    && apk add --no-cache --update --upgrade \
+        bash \
+        bridge-utils \
+        coreutils \
+        cpio \
+        curl \
+        diffutils \
+        dnsmasq \
+        docker \
+        eudev \
+        file \
+        findutils \
+        gcc \
+        git \
+        go \
+        gptfdisk \
+        iptables \
+        jq \
+        libarchive-tools \
+        make \
+        musl-dev \
+        ovmf \
+        pigz \
+        py3-pip \
+        python3 \
+        python3-dev \
+        qemu-system-aarch64 \
+        qemu-system-x86_64 \
+        rsync \
+        socat \
+        util-linux \
+        && \
+    mv /etc/apk/repositories /etc/apk/repositories.old && \
+    apk add --no-cache --update --upgrade \
+        --repository=http://dl-cdn.alpinelinux.org/alpine/v3.11/main \
+        --repository=http://dl-cdn.alpinelinux.org/alpine/v3.11/community \
+        lshw \
+        && \
+    mv /etc/apk/repositories.old /etc/apk/repositories && \
+    apk add --no-cache --update --upgrade \
         --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
         cfssl \
    ;
@@ -56,8 +63,7 @@ RUN curl -fL https://github.com/mvdan/sh/releases/download/v2.3.0/shfmt_v2.3.0_l
     echo 'eef540565962cf1f5432c7e3cf212c333e096f9f481d6d441197c1cf878746d0 /bin/shfmt' | sha256sum -c && \
     chmod +x /bin/shfmt
 
-RUN pip install click packet-python==1.38.2 && \
-    pip3 install click j2cli packet-python==1.38.2 && \
+RUN pip3 install click j2cli packet-python==1.38.2 && \
     pip3 install coverage
 
 RUN curl -L https://github.com/git-lfs/git-lfs/releases/download/v2.5.1/git-lfs-linux-amd64-v2.5.1.tar.gz >/tmp/git-lfs.tar.gz && \

diff --git a/installer/alpine/Dockerfile b/installer/alpine/Dockerfile
@@ -1,9 +1,11 @@
-FROM alpine:3.7
+FROM alpine:3.12
 
 ENTRYPOINT [ "/build.sh" ]
 VOLUME /assets
 
-RUN mkdir -p /etc/apk/cache && \
+RUN true && \
+    # Setup a cache dir so apk will cache the apks
+    mkdir -p /etc/apk/cache && \
     apk add --update --upgrade \
         alpine-base \
         curl \
@@ -16,12 +18,9 @@ RUN mkdir -p /etc/apk/cache && \
         squashfs-tools \
         tcpdump \
         && \
-    apk add --no-scripts --update --upgrade --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing \
-        kexec-tools \
-        && \
+    # A cache sync ensure all the deps are cached, even if the dep was pre-installed already and thus not needed to be fetched
     apk cache sync && \
-    mv /etc/apk/cache /cache && \
-    apk add --no-scripts --no-cache --update --upgrade \
+    apk add --no-scripts --no-cache --update --upgrade --cache-dir /tmp/non-persisted-apk-cache-dir \
         abuild \
         alpine-sdk \
         build-base \
@@ -30,35 +29,38 @@ RUN mkdir -p /etc/apk/cache && \
         linux-headers \
         sudo \
         && \
-    # remove edge when linux-vanilla is > 4.14.8 and has the nfp driver enabled,
-    # likely alpine v3.8
-    apk add --no-scripts --no-cache --update --upgrade --repository http://dl-cdn.alpinelinux.org/alpine/edge/main \
-        linux-firmware \
-	&& \
     adduser -G abuild -g "Alpine Package Builder" -s /bin/ash -D builder && \
     echo "builder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers && \
     apk update
 
 USER builder
 WORKDIR /home/builder
 
-ENV COMMIT bb52b0d3f60cd75197ef218362f193378dfd869d
-ENV FLAVOR vanilla
-ENV KERNEL 4.14.55
+ENV COMMIT 69b95a3d1dd1627416f45bcbfb93c6f2d5f0d68b
+ENV FLAVOR lts
+ENV KERNEL 5.4.52
 # make sure PKGREL is +1 what is in APKGBUILD
 ENV PKGREL 1
 
-RUN true && \
-    # Setup self-signed keys to sign the built packages \
-    abuild-keygen -a -i -n && \
+# Setup self-signed keys to sign the built packages
+RUN abuild-keygen -a -i -n && \
     # Fetch alpine package tree \
     curl -fL https://github.com/alpinelinux/aports/archive/$COMMIT.tar.gz | tar -zxf - && \
-    mv aports-$COMMIT aports && \
-    # Build customized linux-$FLAVOR package \
-    cd aports/main/linux-$FLAVOR && \
+    mv aports-$COMMIT aports
+
+# Install pinned linux-firmware package
+RUN cd aports/main/linux-firmware && \
+    abuild checksum && \
+    MAKEFLAGS=-j$(nproc) abuild -r && \
+    abuild clean && \
+    sudo apk add --no-scripts --no-cache --update --upgrade --cache-dir /tmp/non-persisted-apk-cache-dir \
+        /home/builder/packages/main/x86_64/linux-firmware*.apk
+
+# Install customized linux-$FLAVOR package \
+RUN cd aports/main/linux-$FLAVOR && \
     sed -i APKBUILD \
         -e 's/silentoldconfig/olddefconfig/g' \
-	-e "/^pkgrel=/ s/=.*/=$PKGREL/" && \
+        -e "/^pkgrel=/ s/=.*/=$PKGREL/" && \
     # we only want to build the config-$FLAVOR.x86_64 kernel, so we need remove to any lines that look like config.*x86_64 but is not config-$FLAVOR.x86_46 \
     # explanation: \
     #   /config.*x86_64/! p       :: if line does *not* match config.*x86_64 (on account of the trailing ! after /.../) print it \
@@ -67,19 +69,20 @@ RUN true && \
     sed -i APKBUILD -n \
         -e '/config.*x86_64/! p; /config.*x86_64/ { /config-'$FLAVOR'.x86_64/ p }' && \
     echo 'CONFIG_KEXEC=y' >> config-$FLAVOR.x86_64 && \
+    echo 'CONFIG_IONIC=y' >> config-$FLAVOR.x86_64 && \
     abuild checksum && \
     MAKEFLAGS=-j$(nproc) abuild -r && \
     abuild clean && \
-    # Install the customized linux-vanilla package
-    sudo apk add --no-scripts --update --upgrade /home/builder/packages/main/x86_64/linux-$FLAVOR*.apk
+    sudo apk add --no-scripts --no-cache --update --upgrade --cache-dir /tmp/non-persisted-apk-cache-dir \
+        /home/builder/packages/main/x86_64/linux-$FLAVOR*.apk
 
 ARG ECLYPSIUM_DRIVER_VERSION=2.0.0
 ARG ECLYPSIUM_DRIVER_SHA512=b9cfebc3b0abd834d73f025f925d896bea8d9dac2a3c3605980a94a35cd188db159ca165e5884863f5bd4a94d39861ecdf998cf8e99ea89d6f093a7bc64b5347
 ARG ECLYPSIUM_DRIVER_FILENAME=eclypsiumdriver-alpine-${ECLYPSIUM_DRIVER_VERSION}.tgz
 
 COPY ${ECLYPSIUM_DRIVER_FILENAME} /home/builder/
 
-# Download the eclypsium driver abuild and build it
+# Install the eclypsium driver
 RUN echo "${ECLYPSIUM_DRIVER_SHA512}  ${ECLYPSIUM_DRIVER_FILENAME}" | sha512sum -c && \
     tar -zxvf ${ECLYPSIUM_DRIVER_FILENAME} && \
     cd aports/non-free/eclypsiumdriver && \
@@ -90,9 +93,28 @@ RUN echo "${ECLYPSIUM_DRIVER_SHA512}  ${ECLYPSIUM_DRIVER_FILENAME}" | sha512sum
     abuild checksum && \
     MAKEFLAGS=-j$(nproc) abuild -r && \
     abuild clean && \
-    sudo apk add --no-scripts --no-cache --update --upgrade /home/builder/packages/non-free/x86_64/eclypsium*.apk
+    sudo apk add --no-scripts --no-cache --update --upgrade --cache-dir /tmp/non-persisted-apk-cache-dir \
+        /home/builder/packages/non-free/x86_64/eclypsium*.apk
+
+# Remove built and installed packages, these never get installed at runtime
+RUN rm -rf /home/builder/packages/*
+
+
+# Build packages we want to install at osie runtime from this aports checkout #
+###############################################################################
+
+# Build pinned kexec-tools package
+RUN cd aports/testing/kexec-tools && \
+    abuild checksum && \
+    MAKEFLAGS=-j$(nproc) abuild -r && \
+    abuild clean
 
 USER root
-RUN sudo mv /cache /etc/apk/cache
+RUN true && \
+    # Setup our own repos
+    mkdir -p /etc/apk/repos && \
+    cp -a /home/builder/packages/* /etc/apk/repos && \
+    # Clear out installed file since it was empty before
+    truncate -s0 /etc/apk/cache/installed
 
 COPY build.sh /build.sh
diff --git a/installer/alpine/assets-x86_64/initramfs b/installer/alpine/assets-x86_64/initramfs
diff --git a/installer/alpine/assets-x86_64/modloop b/installer/alpine/assets-x86_64/modloop
diff --git a/installer/alpine/assets-x86_64/vmlinuz b/installer/alpine/assets-x86_64/vmlinuz
diff --git a/installer/alpine/build.sh b/installer/alpine/build.sh
@@ -19,6 +19,7 @@ build_initramfs() {
 
 	cat >/etc/mkinitfs/features.d/packetrepo.files <<-EOF
 		/etc/apk/cache/*
+		/etc/apk/repos/*
 	EOF
 
 	cat <<-EOF | sort -u >/etc/mkinitfs/features.d/virtio.modules.tmp