-
Notifications
You must be signed in to change notification settings - Fork 107
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add mariner build images #832
Changes from 9 commits
0c35da6
3b86c36
33548d5
b3c3373
59c407b
b88433f
5d962aa
4dc2a9f
82b4b45
a54d50d
ae3a84d
4f0d25d
042a821
c7604ae
510b806
b6ebffa
ffc872d
8327d79
1fce64b
49178c5
ec3af4c
8a2a90d
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-amd64-local | ||
ARG ROOTFS_DIR=/crossrootfs/x64 | ||
|
||
RUN /scripts/eng/common/cross/build-rootfs.sh x64 alpine3.13 --skipunmount |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-amd64-local | ||
ARG ROOTFS_DIR=/crossrootfs/x64 | ||
|
||
RUN tdnf install -y debootstrap | ||
|
||
RUN /scripts/eng/common/cross/build-rootfs.sh x64 xenial --skipunmount | ||
|
||
RUN LLVM_VERSION=12.0.1 LLVM_VERSION_MAJOR="${LLVM_VERSION%%.*}" && \ | ||
mkdir -p $ROOTFS_DIR/usr/lib/llvm-${LLVM_VERSION_MAJOR}/lib/clang/${LLVM_VERSION}/lib/linux/ && \ | ||
cp /usr/lib/clang/${LLVM_VERSION}/lib/linux/libclang_rt.profile-x86_64.a $ROOTFS_DIR/usr/lib/llvm-${LLVM_VERSION_MAJOR}/lib/clang/${LLVM_VERSION}/lib/linux/ |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-arm-local | ||
ARG ROOTFS_DIR=/crossrootfs/arm64 | ||
|
||
RUN /scripts/eng/common/cross/build-rootfs.sh arm64 alpine3.13 --skipunmount |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-arm-local | ||
ARG ROOTFS_DIR=/crossrootfs/arm64 | ||
|
||
RUN tdnf install -y debootstrap | ||
|
||
RUN /scripts/eng/common/cross/build-rootfs.sh arm64 xenial --skipunmount | ||
|
||
# Build compiler-rt profile library for PGO instrumentation | ||
COPY --from=mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-artifacts-local \ | ||
sbomer marked this conversation as resolved.
Show resolved
Hide resolved
|
||
/llvm-project.src.tar.xz . | ||
RUN mkdir llvm-project.src && \ | ||
tar -xf llvm-project.src.tar.xz --directory llvm-project.src --strip-components=1 && \ | ||
rm llvm-project.src.tar.xz && \ | ||
mkdir compiler-rt_build && cd compiler-rt_build && \ | ||
BUILD_FLAGS="-v --sysroot=$ROOTFS_DIR" \ | ||
TARGET_TRIPLE=aarch64-linux-gnu && \ | ||
cmake ../llvm-project.src/compiler-rt \ | ||
-DCOMPILER_RT_BUILD_PROFILE=ON \ | ||
-DCOMPILER_RT_BUILD_BUILTINS=OFF \ | ||
-DCOMPILER_RT_BUILD_SANITIZERS=OFF \ | ||
-DCOMPILER_RT_BUILD_XRAY=OFF \ | ||
-DCOMPILER_RT_BUILD_LIBFUZZER=OFF \ | ||
\ | ||
-DCMAKE_C_COMPILER=clang \ | ||
-DCMAKE_CXX_COMPILER=clang++ \ | ||
-DCMAKE_EXE_LINKER_FLAGS="-fuse-ld=lld" \ | ||
-DCMAKE_C_COMPILER_TARGET=${TARGET_TRIPLE} \ | ||
-DCMAKE_CXX_COMPILER_TARGET=${TARGET_TRIPLE} \ | ||
-DLLVM_CONFIG_PATH=llvm-config \ | ||
-DCOMPILER_RT_DEFAULT_TARGET_ONLY=ON \ | ||
-DCMAKE_BUILD_TYPE=Release \ | ||
-DCMAKE_INSTALL_PREFIX=$ROOTFS_DIR/usr \ | ||
-DCMAKE_C_FLAGS="${BUILD_FLAGS}" \ | ||
-DCMAKE_CXX_FLAGS="${BUILD_FLAGS}" && \ | ||
make -j $(getconf _NPROCESSORS_ONLN) && \ | ||
make install | ||
|
||
RUN LLVM_VERSION=12.0.1 LLVM_VERSION_MAJOR="${LLVM_VERSION%%.*}" && \ | ||
mkdir -p $ROOTFS_DIR/usr/lib/llvm-${LLVM_VERSION_MAJOR}/lib/clang/${LLVM_VERSION}/lib/linux/ && \ | ||
cp compiler-rt_build/lib/linux/libclang_rt.profile-aarch64.a $ROOTFS_DIR/usr/lib/llvm-${LLVM_VERSION_MAJOR}/lib/clang/${LLVM_VERSION}/lib/linux/ | ||
|
||
RUN rm -r compiler-rt_build llvm-project.src | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. If I remember how docker works correctly, although this "rm" removes the directories, they will stay hidden in the image, making it unnecessarily larger. In other words, every "RUN" command adds a layer to the docker image. Consider everything that exists at the end of the "RUN" as "committed" into the image forever. So the "RUN" with rm basically just creates a "commit" that removes the visibility of the files. Similar to what removing a file in a git commit does. So if you really want to remove some build artifacts, it should be done in the same "RUN" command that created the files. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. yes, they do. This is what many of the commands are often linked together with There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I optimized the builds more for container size - PTAL. |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-amd64-local AS rootfsbuild | ||
ARG ROOTFS_DIR=/crossrootfs/x86 | ||
|
||
RUN tdnf install -y \ | ||
debootstrap \ | ||
# Provides LLVMConfig.cmake, needed to build compiler-rt. Only needed on x86. | ||
# x64 doesn't need this because we use compiler-rt from the mariner package. | ||
# arm/arm64 don't need this because LLVMConfig.cmake is provided by the LLVM we build from source. | ||
llvm-devel | ||
|
||
RUN /scripts/eng/common/cross/build-rootfs.sh x86 xenial --skipunmount | ||
|
||
# Build compiler-rt profile library for PGO instrumentation | ||
COPY --from=mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-artifacts-local \ | ||
/llvm-project.src.tar.xz . | ||
RUN mkdir llvm-project.src && \ | ||
tar -xf llvm-project.src.tar.xz --directory llvm-project.src --strip-components=1 && \ | ||
rm llvm-project.src.tar.xz && \ | ||
mkdir compiler-rt_build && cd compiler-rt_build && \ | ||
BUILD_FLAGS="-v --sysroot=$ROOTFS_DIR" \ | ||
TARGET_TRIPLE=i386-linux-gnu && \ | ||
cmake ../llvm-project.src/compiler-rt \ | ||
-DCOMPILER_RT_BUILD_PROFILE=ON \ | ||
-DCOMPILER_RT_BUILD_BUILTINS=OFF \ | ||
-DCOMPILER_RT_BUILD_SANITIZERS=OFF \ | ||
-DCOMPILER_RT_BUILD_XRAY=OFF \ | ||
-DCOMPILER_RT_BUILD_LIBFUZZER=OFF \ | ||
\ | ||
-DCMAKE_C_COMPILER=clang \ | ||
-DCMAKE_CXX_COMPILER=clang++ \ | ||
-DCMAKE_EXE_LINKER_FLAGS="-fuse-ld=lld" \ | ||
-DCMAKE_C_COMPILER_TARGET=${TARGET_TRIPLE} \ | ||
-DCMAKE_CXX_COMPILER_TARGET=${TARGET_TRIPLE} \ | ||
-DLLVM_CONFIG_PATH=llvm-config \ | ||
-DCOMPILER_RT_DEFAULT_TARGET_ONLY=ON \ | ||
-DCMAKE_BUILD_TYPE=Release \ | ||
-DCMAKE_INSTALL_PREFIX=$ROOTFS_DIR/usr \ | ||
-DCMAKE_C_FLAGS="${BUILD_FLAGS}" \ | ||
-DCMAKE_CXX_FLAGS="${BUILD_FLAGS}" && \ | ||
make -j $(getconf _NPROCESSORS_ONLN) && \ | ||
make install | ||
|
||
RUN LLVM_VERSION=12.0.1 LLVM_VERSION_MAJOR="${LLVM_VERSION%%.*}" && \ | ||
mkdir -p $ROOTFS_DIR/usr/lib/llvm-${LLVM_VERSION_MAJOR}/lib/clang/${LLVM_VERSION}/lib/linux/ && \ | ||
cp compiler-rt_build/lib/linux/libclang_rt.profile-i386.a $ROOTFS_DIR/usr/lib/llvm-${LLVM_VERSION_MAJOR}/lib/clang/${LLVM_VERSION}/lib/linux/ | ||
|
||
RUN rm -r compiler-rt_build llvm-project.src |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-local | ||
|
||
RUN tdnf install -y \ | ||
clang \ | ||
lld \ | ||
compiler-rt | ||
sbomer marked this conversation as resolved.
Show resolved
Hide resolved
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-local | ||
|
||
# Install LLVM-only build dependencies | ||
RUN tdnf install -y \ | ||
texinfo \ | ||
diffutils \ | ||
binutils | ||
|
||
# Build LLVM cross-toolchain (with support for targeting arm architectures) | ||
COPY --from=mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-artifacts-local \ | ||
/llvm-project.src.tar.xz . | ||
RUN mkdir llvm-project.src && \ | ||
tar -xf llvm-project.src.tar.xz --directory llvm-project.src --strip-components=1 && \ | ||
rm llvm-project.src.tar.xz && \ | ||
mkdir build && cd build && \ | ||
cmake ../llvm-project.src/llvm \ | ||
-DCMAKE_BUILD_TYPE=Release \ | ||
-DLLVM_TARGETS_TO_BUILD="host;AArch64;ARM" \ | ||
-Wno-dev \ | ||
-DLLVM_ENABLE_PROJECTS="clang;lld" && \ | ||
make -j $(getconf _NPROCESSORS_ONLN) && \ | ||
make install | ||
|
||
RUN rm -r build llvm-project.src | ||
|
||
RUN tdnf remove -y \ | ||
texinfo \ | ||
diffutils \ | ||
binutils |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
FROM mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-crossdeps-local | ||
|
||
# 1. Obtain signing keys used to sign llvm sources | ||
RUN wget https://releases.llvm.org/release-keys.asc && \ | ||
echo "f181a90697e3ea4b7782f1ee48314a570aef058505b4f3a0ab0611094ec13241 release-keys.asc" | sha256sum -c && \ | ||
gpg --output release-keys.gpg --dearmor release-keys.asc && \ | ||
rm release-keys.asc && \ | ||
# 2. Download llvm sources and signature, and verify signature | ||
LLVM_VERSION=12.0.1 && \ | ||
wget -O llvm-project.src.tar.xz.sig https://github.com/llvm/llvm-project/releases/download/llvmorg-${LLVM_VERSION}/llvm-project-${LLVM_VERSION}.src.tar.xz.sig && \ | ||
echo "6cc956d622a7d3d746de0d71d8ca616a6c291e2c561703ac7a9535f38b999955 llvm-project.src.tar.xz.sig" | sha256sum -c && \ | ||
wget -O llvm-project.src.tar.xz https://github.com/llvm/llvm-project/releases/download/llvmorg-${LLVM_VERSION}/llvm-project-${LLVM_VERSION}.src.tar.xz && \ | ||
echo "129cb25cd13677aad951ce5c2deb0fe4afc1e9d98950f53b51bdcfb5a73afa0e llvm-project.src.tar.xz" | sha256sum -c && \ | ||
gpg --keyring /release-keys.gpg --verify llvm-project.src.tar.xz.sig && \ | ||
rm llvm-project.src.tar.xz.sig |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
FROM mcr.microsoft.com/cbl-mariner/base/core:2.0 | ||
|
||
# TODO: remove this once debootstrap is available in the base repos. | ||
COPY mariner-extended.repo /etc/yum.repos.d/ | ||
|
||
RUN tdnf update -y && \ | ||
tdnf install -y \ | ||
wget \ | ||
ca-certificates \ | ||
git \ | ||
# Common runtime build dependencies | ||
cmake \ | ||
awk \ | ||
icu \ | ||
tar \ | ||
# Crosscomponents build dependencies | ||
glibc-devel \ | ||
lttng-ust-devel \ | ||
kernel-headers | ||
|
||
# Obtain arcade scripts used to build rootfs | ||
RUN git config --global user.email builder@dotnet-buildtools-prereqs-docker && \ | ||
git clone --depth 1 --single-branch https://github.com/dotnet/arcade /scripts | ||
|
||
# Obtain ubuntu package signing key (for use by debootstrap) | ||
# 1. Add public key used to sign the ubuntu keyring | ||
COPY dimitri_john_ledkov.asc . | ||
RUN gpg --output dimitri_john_ledkov.gpg --dearmor dimitri_john_ledkov.asc && \ | ||
rm dimitri_john_ledkov.asc && \ | ||
# 2. Download the ubuntu keyrings | ||
wget https://mirrors.edge.kernel.org/ubuntu/pool/main/u/ubuntu-keyring/ubuntu-keyring_2021.03.26.tar.gz && \ | ||
echo "492eed5c06408c6f632577adb0796130af5d6542013ef418f47187a209e49bb1 ubuntu-keyring_2021.03.26.tar.gz" | sha256sum -c && \ | ||
tar xf ubuntu-keyring_2021.03.26.tar.gz && \ | ||
rm ubuntu-keyring_2021.03.26.tar.gz && \ | ||
# 3. Verify keyrings | ||
pushd ubuntu-keyring-2021.03.26 && \ | ||
gpg --keyring /dimitri_john_ledkov.gpg --output SHA512SUMS.txt --decrypt SHA512SUMS.txt.asc && \ | ||
rm /dimitri_john_ledkov.gpg && \ | ||
sha512sum -c SHA512SUMS.txt && \ | ||
# 4. Install the needed keyring and delete the rest | ||
mkdir -p /usr/share/keyrings && \ | ||
mv keyrings/ubuntu-archive-keyring.gpg /usr/share/keyrings && \ | ||
popd && \ | ||
rm -r ubuntu-keyring-2021.03.26 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we can directly use 15.0.7, which has been validated in industry and revised seven times since its initial release (has tons of fixes and improvements). 16 is very new and 12 is very old. We are already using 15 for linux-musl official builds.
cc @jkotas, @hoyosjs
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Our current plan is to ship building with LLVM 16, which will be supported by mariner. Once they add support we should be able to stop building it ourselves. 16 also won't be quite as new by the time we ship .NET 8.
I plan to make the update to 16 fairly soon after this goes in - the reason I'm not doing it here is that it's not quite as simple as updating the version number (there were some missing dependencies for the compiler-rt builds), and I wanted to prioritize getting to a point where I can run dotnet/runtime ci legs with the new images. I am sure there will be problems I haven't caught with my local testing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Curious, why v12.0.1 specifically even as a temporary solution? If it was v9.0.x (our go-to llvm version in official legs) or v15.0.x (modern version used in latest linux-musl legs) that would make more sense for a temporary solution. AFAIK, we aren't using 12.0.x explicitly for anything.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I chose it because it matches the version available in the cbl-mariner repos, so we can just install it for the x64 and x86 builds (crossdeps-amd64 does this). It is how I discovered that the current mariner package doesn't support targeting arm/arm64.