Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add mariner build images #832

Merged
merged 22 commits into from
Mar 30, 2023
Merged
Show file tree
Hide file tree
Changes from 9 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions src/cbl-mariner/2.0/cross/amd64-alpine/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-amd64-local
ARG ROOTFS_DIR=/crossrootfs/x64

RUN /scripts/eng/common/cross/build-rootfs.sh x64 alpine3.13 --skipunmount
10 changes: 10 additions & 0 deletions src/cbl-mariner/2.0/cross/amd64/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-amd64-local
ARG ROOTFS_DIR=/crossrootfs/x64

RUN tdnf install -y debootstrap

RUN /scripts/eng/common/cross/build-rootfs.sh x64 xenial --skipunmount

RUN LLVM_VERSION=12.0.1 LLVM_VERSION_MAJOR="${LLVM_VERSION%%.*}" && \
Copy link
Member

@am11 am11 Mar 29, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can directly use 15.0.7, which has been validated in industry and revised seven times since its initial release (has tons of fixes and improvements). 16 is very new and 12 is very old. We are already using 15 for linux-musl official builds.

cc @jkotas, @hoyosjs

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Our current plan is to ship building with LLVM 16, which will be supported by mariner. Once they add support we should be able to stop building it ourselves. 16 also won't be quite as new by the time we ship .NET 8.

I plan to make the update to 16 fairly soon after this goes in - the reason I'm not doing it here is that it's not quite as simple as updating the version number (there were some missing dependencies for the compiler-rt builds), and I wanted to prioritize getting to a point where I can run dotnet/runtime ci legs with the new images. I am sure there will be problems I haven't caught with my local testing.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Curious, why v12.0.1 specifically even as a temporary solution? If it was v9.0.x (our go-to llvm version in official legs) or v15.0.x (modern version used in latest linux-musl legs) that would make more sense for a temporary solution. AFAIK, we aren't using 12.0.x explicitly for anything.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I chose it because it matches the version available in the cbl-mariner repos, so we can just install it for the x64 and x86 builds (crossdeps-amd64 does this). It is how I discovered that the current mariner package doesn't support targeting arm/arm64.

mkdir -p $ROOTFS_DIR/usr/lib/llvm-${LLVM_VERSION_MAJOR}/lib/clang/${LLVM_VERSION}/lib/linux/ && \
cp /usr/lib/clang/${LLVM_VERSION}/lib/linux/libclang_rt.profile-x86_64.a $ROOTFS_DIR/usr/lib/llvm-${LLVM_VERSION_MAJOR}/lib/clang/${LLVM_VERSION}/lib/linux/
4 changes: 4 additions & 0 deletions src/cbl-mariner/2.0/cross/arm64-alpine/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-arm-local
ARG ROOTFS_DIR=/crossrootfs/arm64

RUN /scripts/eng/common/cross/build-rootfs.sh arm64 alpine3.13 --skipunmount
42 changes: 42 additions & 0 deletions src/cbl-mariner/2.0/cross/arm64/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-arm-local
ARG ROOTFS_DIR=/crossrootfs/arm64

RUN tdnf install -y debootstrap

RUN /scripts/eng/common/cross/build-rootfs.sh arm64 xenial --skipunmount

# Build compiler-rt profile library for PGO instrumentation
COPY --from=mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-artifacts-local \
sbomer marked this conversation as resolved.
Show resolved Hide resolved
/llvm-project.src.tar.xz .
RUN mkdir llvm-project.src && \
tar -xf llvm-project.src.tar.xz --directory llvm-project.src --strip-components=1 && \
rm llvm-project.src.tar.xz && \
mkdir compiler-rt_build && cd compiler-rt_build && \
BUILD_FLAGS="-v --sysroot=$ROOTFS_DIR" \
TARGET_TRIPLE=aarch64-linux-gnu && \
cmake ../llvm-project.src/compiler-rt \
-DCOMPILER_RT_BUILD_PROFILE=ON \
-DCOMPILER_RT_BUILD_BUILTINS=OFF \
-DCOMPILER_RT_BUILD_SANITIZERS=OFF \
-DCOMPILER_RT_BUILD_XRAY=OFF \
-DCOMPILER_RT_BUILD_LIBFUZZER=OFF \
\
-DCMAKE_C_COMPILER=clang \
-DCMAKE_CXX_COMPILER=clang++ \
-DCMAKE_EXE_LINKER_FLAGS="-fuse-ld=lld" \
-DCMAKE_C_COMPILER_TARGET=${TARGET_TRIPLE} \
-DCMAKE_CXX_COMPILER_TARGET=${TARGET_TRIPLE} \
-DLLVM_CONFIG_PATH=llvm-config \
-DCOMPILER_RT_DEFAULT_TARGET_ONLY=ON \
-DCMAKE_BUILD_TYPE=Release \
-DCMAKE_INSTALL_PREFIX=$ROOTFS_DIR/usr \
-DCMAKE_C_FLAGS="${BUILD_FLAGS}" \
-DCMAKE_CXX_FLAGS="${BUILD_FLAGS}" && \
make -j $(getconf _NPROCESSORS_ONLN) && \
make install

RUN LLVM_VERSION=12.0.1 LLVM_VERSION_MAJOR="${LLVM_VERSION%%.*}" && \
mkdir -p $ROOTFS_DIR/usr/lib/llvm-${LLVM_VERSION_MAJOR}/lib/clang/${LLVM_VERSION}/lib/linux/ && \
cp compiler-rt_build/lib/linux/libclang_rt.profile-aarch64.a $ROOTFS_DIR/usr/lib/llvm-${LLVM_VERSION_MAJOR}/lib/clang/${LLVM_VERSION}/lib/linux/

RUN rm -r compiler-rt_build llvm-project.src
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I remember how docker works correctly, although this "rm" removes the directories, they will stay hidden in the image, making it unnecessarily larger. In other words, every "RUN" command adds a layer to the docker image. Consider everything that exists at the end of the "RUN" as "committed" into the image forever. So the "RUN" with rm basically just creates a "commit" that removes the visibility of the files. Similar to what removing a file in a git commit does. So if you really want to remove some build artifacts, it should be done in the same "RUN" command that created the files.
The multistage builds were invented to remedy this problem in a cleaner way. Each stage can copy selected files from the previous stage and things that were not copied are thrown away. See https://docs.docker.com/build/building/multi-stage/ for more details.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, they do. This is what many of the commands are often linked together with && \.
(and when packages are added we clean each layer separately)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I optimized the builds more for container size - PTAL.

47 changes: 47 additions & 0 deletions src/cbl-mariner/2.0/cross/x86/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-amd64-local AS rootfsbuild
ARG ROOTFS_DIR=/crossrootfs/x86

RUN tdnf install -y \
debootstrap \
# Provides LLVMConfig.cmake, needed to build compiler-rt. Only needed on x86.
# x64 doesn't need this because we use compiler-rt from the mariner package.
# arm/arm64 don't need this because LLVMConfig.cmake is provided by the LLVM we build from source.
llvm-devel

RUN /scripts/eng/common/cross/build-rootfs.sh x86 xenial --skipunmount

# Build compiler-rt profile library for PGO instrumentation
COPY --from=mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-artifacts-local \
/llvm-project.src.tar.xz .
RUN mkdir llvm-project.src && \
tar -xf llvm-project.src.tar.xz --directory llvm-project.src --strip-components=1 && \
rm llvm-project.src.tar.xz && \
mkdir compiler-rt_build && cd compiler-rt_build && \
BUILD_FLAGS="-v --sysroot=$ROOTFS_DIR" \
TARGET_TRIPLE=i386-linux-gnu && \
cmake ../llvm-project.src/compiler-rt \
-DCOMPILER_RT_BUILD_PROFILE=ON \
-DCOMPILER_RT_BUILD_BUILTINS=OFF \
-DCOMPILER_RT_BUILD_SANITIZERS=OFF \
-DCOMPILER_RT_BUILD_XRAY=OFF \
-DCOMPILER_RT_BUILD_LIBFUZZER=OFF \
\
-DCMAKE_C_COMPILER=clang \
-DCMAKE_CXX_COMPILER=clang++ \
-DCMAKE_EXE_LINKER_FLAGS="-fuse-ld=lld" \
-DCMAKE_C_COMPILER_TARGET=${TARGET_TRIPLE} \
-DCMAKE_CXX_COMPILER_TARGET=${TARGET_TRIPLE} \
-DLLVM_CONFIG_PATH=llvm-config \
-DCOMPILER_RT_DEFAULT_TARGET_ONLY=ON \
-DCMAKE_BUILD_TYPE=Release \
-DCMAKE_INSTALL_PREFIX=$ROOTFS_DIR/usr \
-DCMAKE_C_FLAGS="${BUILD_FLAGS}" \
-DCMAKE_CXX_FLAGS="${BUILD_FLAGS}" && \
make -j $(getconf _NPROCESSORS_ONLN) && \
make install

RUN LLVM_VERSION=12.0.1 LLVM_VERSION_MAJOR="${LLVM_VERSION%%.*}" && \
mkdir -p $ROOTFS_DIR/usr/lib/llvm-${LLVM_VERSION_MAJOR}/lib/clang/${LLVM_VERSION}/lib/linux/ && \
cp compiler-rt_build/lib/linux/libclang_rt.profile-i386.a $ROOTFS_DIR/usr/lib/llvm-${LLVM_VERSION_MAJOR}/lib/clang/${LLVM_VERSION}/lib/linux/

RUN rm -r compiler-rt_build llvm-project.src
6 changes: 6 additions & 0 deletions src/cbl-mariner/2.0/crossdeps-amd64/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-local

RUN tdnf install -y \
clang \
lld \
compiler-rt
sbomer marked this conversation as resolved.
Show resolved Hide resolved
29 changes: 29 additions & 0 deletions src/cbl-mariner/2.0/crossdeps-arm/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-local

# Install LLVM-only build dependencies
RUN tdnf install -y \
texinfo \
diffutils \
binutils

# Build LLVM cross-toolchain (with support for targeting arm architectures)
COPY --from=mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-artifacts-local \
/llvm-project.src.tar.xz .
RUN mkdir llvm-project.src && \
tar -xf llvm-project.src.tar.xz --directory llvm-project.src --strip-components=1 && \
rm llvm-project.src.tar.xz && \
mkdir build && cd build && \
cmake ../llvm-project.src/llvm \
-DCMAKE_BUILD_TYPE=Release \
-DLLVM_TARGETS_TO_BUILD="host;AArch64;ARM" \
-Wno-dev \
-DLLVM_ENABLE_PROJECTS="clang;lld" && \
make -j $(getconf _NPROCESSORS_ONLN) && \
make install

RUN rm -r build llvm-project.src

RUN tdnf remove -y \
texinfo \
diffutils \
binutils
15 changes: 15 additions & 0 deletions src/cbl-mariner/2.0/crossdeps-artifacts/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-local

# 1. Obtain signing keys used to sign llvm sources
RUN wget https://releases.llvm.org/release-keys.asc && \
echo "f181a90697e3ea4b7782f1ee48314a570aef058505b4f3a0ab0611094ec13241 release-keys.asc" | sha256sum -c && \
gpg --output release-keys.gpg --dearmor release-keys.asc && \
rm release-keys.asc && \
# 2. Download llvm sources and signature, and verify signature
LLVM_VERSION=12.0.1 && \
wget -O llvm-project.src.tar.xz.sig https://github.com/llvm/llvm-project/releases/download/llvmorg-${LLVM_VERSION}/llvm-project-${LLVM_VERSION}.src.tar.xz.sig && \
echo "6cc956d622a7d3d746de0d71d8ca616a6c291e2c561703ac7a9535f38b999955 llvm-project.src.tar.xz.sig" | sha256sum -c && \
wget -O llvm-project.src.tar.xz https://github.com/llvm/llvm-project/releases/download/llvmorg-${LLVM_VERSION}/llvm-project-${LLVM_VERSION}.src.tar.xz && \
echo "129cb25cd13677aad951ce5c2deb0fe4afc1e9d98950f53b51bdcfb5a73afa0e llvm-project.src.tar.xz" | sha256sum -c && \
gpg --keyring /release-keys.gpg --verify llvm-project.src.tar.xz.sig && \
rm llvm-project.src.tar.xz.sig
44 changes: 44 additions & 0 deletions src/cbl-mariner/2.0/crossdeps/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
FROM mcr.microsoft.com/cbl-mariner/base/core:2.0

# TODO: remove this once debootstrap is available in the base repos.
COPY mariner-extended.repo /etc/yum.repos.d/

RUN tdnf update -y && \
tdnf install -y \
wget \
ca-certificates \
git \
# Common runtime build dependencies
cmake \
awk \
icu \
tar \
# Crosscomponents build dependencies
glibc-devel \
lttng-ust-devel \
kernel-headers

# Obtain arcade scripts used to build rootfs
RUN git config --global user.email builder@dotnet-buildtools-prereqs-docker && \
git clone --depth 1 --single-branch https://github.com/dotnet/arcade /scripts

# Obtain ubuntu package signing key (for use by debootstrap)
# 1. Add public key used to sign the ubuntu keyring
COPY dimitri_john_ledkov.asc .
RUN gpg --output dimitri_john_ledkov.gpg --dearmor dimitri_john_ledkov.asc && \
rm dimitri_john_ledkov.asc && \
# 2. Download the ubuntu keyrings
wget https://mirrors.edge.kernel.org/ubuntu/pool/main/u/ubuntu-keyring/ubuntu-keyring_2021.03.26.tar.gz && \
echo "492eed5c06408c6f632577adb0796130af5d6542013ef418f47187a209e49bb1 ubuntu-keyring_2021.03.26.tar.gz" | sha256sum -c && \
tar xf ubuntu-keyring_2021.03.26.tar.gz && \
rm ubuntu-keyring_2021.03.26.tar.gz && \
# 3. Verify keyrings
pushd ubuntu-keyring-2021.03.26 && \
gpg --keyring /dimitri_john_ledkov.gpg --output SHA512SUMS.txt --decrypt SHA512SUMS.txt.asc && \
rm /dimitri_john_ledkov.gpg && \
sha512sum -c SHA512SUMS.txt && \
# 4. Install the needed keyring and delete the rest
mkdir -p /usr/share/keyrings && \
mv keyrings/ubuntu-archive-keyring.gpg /usr/share/keyrings && \
popd && \
rm -r ubuntu-keyring-2021.03.26
Loading