From 90eb4b0ebcc96127b2111107b4dabcfbf2eeaee5 Mon Sep 17 00:00:00 2001 From: Eero Kelly Date: Thu, 19 Sep 2024 17:08:35 +0000 Subject: [PATCH 1/3] Upgrade HostOS base image --- ic-os/hostos/context/Dockerfile.base | 9 +++++---- ic-os/hostos/context/packages.common | 5 +++-- ic-os/hostos/context/packages.dev | 2 +- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/ic-os/hostos/context/Dockerfile.base b/ic-os/hostos/context/Dockerfile.base index b4ca1c414cd..2b3b160dc0b 100644 --- a/ic-os/hostos/context/Dockerfile.base +++ b/ic-os/hostos/context/Dockerfile.base @@ -20,7 +20,7 @@ # First build stage: # - Download 3rd party tools # -FROM ubuntu:20.04 AS download +FROM ubuntu:24.04 AS download USER root:root @@ -48,7 +48,7 @@ RUN cd /tmp/ && \ # Second build stage: # - Compile downloaded archives from first build stage # -FROM ubuntu:20.04 AS build +FROM ubuntu:24.04 AS build USER root:root @@ -63,7 +63,8 @@ RUN apt-get -y update && apt-get -y upgrade && apt-get -y --no-install-recommend libusb-1.0-0-dev \ ninja-build \ pkg-config \ - python3 + python3 \ + python3-setuptools # Configure and compile QEMU COPY --from=download /tmp/qemu-6.2.0.tar.xz /tmp/qemu-6.2.0.tar.xz @@ -81,7 +82,7 @@ RUN cd /tmp/ && \ # - Install and cache upstream packages from built-in Ubuntu repositories. # - Install compiled packages from the second stage. # -FROM ubuntu:20.04 +FROM ubuntu:24.04 USER root:root diff --git a/ic-os/hostos/context/packages.common b/ic-os/hostos/context/packages.common index 919394eb785..dc3937cef05 100644 --- a/ic-os/hostos/context/packages.common +++ b/ic-os/hostos/context/packages.common @@ -5,13 +5,14 @@ # image only. # Need kernel to boot anything -linux-image-generic-hwe-20.04 +linux-image-generic-hwe-24.04 initramfs-tools # Need systemd for boot process systemd systemd-sysv systemd-journal-remote +systemd-resolved # Third-party services we will be running chrony @@ -75,7 +76,7 @@ xxd # QEMU required dependencies for version 6.2 ipxe-qemu ipxe-qemu-256k-compat-efi-roms -libaio1 +libaio1t64 libatomic1 libc6 libfdt1 diff --git a/ic-os/hostos/context/packages.dev b/ic-os/hostos/context/packages.dev index 83ace26b239..85af5fabfd9 100644 --- a/ic-os/hostos/context/packages.dev +++ b/ic-os/hostos/context/packages.dev @@ -7,7 +7,7 @@ nano # packages requested by networking tcpdump iperf -netcat +netcat-openbsd curl iputils-ping From 47c3e4de2afe7dceb11aaedc29cb9dd0da3fa5fb Mon Sep 17 00:00:00 2001 From: Eero Kelly Date: Thu, 19 Sep 2024 17:09:45 +0000 Subject: [PATCH 2/3] Upgrade HostOS --- .../hostos-scripts/guestos/guestos.xml.template | 2 +- .../components/hostos-scripts/guestos/qemu-cpu.xml | 2 +- .../hostos-scripts/libvirt/setup-libvirt.sh | 3 +++ ic-os/defs.bzl | 2 -- ic-os/hostos/context/Dockerfile | 13 ++++--------- 5 files changed, 9 insertions(+), 13 deletions(-) diff --git a/ic-os/components/hostos-scripts/guestos/guestos.xml.template b/ic-os/components/hostos-scripts/guestos/guestos.xml.template index 0e94d406d57..bb58840fb0b 100755 --- a/ic-os/components/hostos-scripts/guestos/guestos.xml.template +++ b/ic-os/components/hostos-scripts/guestos/guestos.xml.template @@ -15,7 +15,7 @@ hvm - /usr/share/OVMF/OVMF_CODE.fd + /usr/share/OVMF/OVMF_CODE_4M.fd /var/lib/libvirt/qemu/nvram/guestos_VARS.fd diff --git a/ic-os/components/hostos-scripts/guestos/qemu-cpu.xml b/ic-os/components/hostos-scripts/guestos/qemu-cpu.xml index 3013b06373d..fd50c03a79e 100644 --- a/ic-os/components/hostos-scripts/guestos/qemu-cpu.xml +++ b/ic-os/components/hostos-scripts/guestos/qemu-cpu.xml @@ -1 +1 @@ - + diff --git a/ic-os/components/hostos-scripts/libvirt/setup-libvirt.sh b/ic-os/components/hostos-scripts/libvirt/setup-libvirt.sh index 5525702d98a..c2b8b8d2017 100755 --- a/ic-os/components/hostos-scripts/libvirt/setup-libvirt.sh +++ b/ic-os/components/hostos-scripts/libvirt/setup-libvirt.sh @@ -5,3 +5,6 @@ set -e # Create space for libvirt to manage its config mount --bind /run/libvirt /etc/libvirt + +# Set up log directory, because it will not create it alone +mkdir -p /var/log/libvirt/qemu diff --git a/ic-os/defs.bzl b/ic-os/defs.bzl index 5a4e614c977..5f2a4384cfd 100644 --- a/ic-os/defs.bzl +++ b/ic-os/defs.bzl @@ -148,8 +148,6 @@ def icos_build( "/run", "/boot", "/var", - "/usr/lib/firmware/brcm/brcmfmac43430a0-sdio.ONDA-V80 PLUS.txt", - "/usr/lib/firmware/brcm/brcmfmac43455-sdio.MINIX-NEO Z83-4.txt", "/usr/lib/firmware/brcm/brcmfmac43241b4-sdio.Intel Corp.-VALLEYVIEW C0 PLATFORM.txt.zst", "/usr/lib/firmware/brcm/brcmfmac43340-sdio.ASUSTeK COMPUTER INC.-TF103CE.txt.zst", "/usr/lib/firmware/brcm/brcmfmac43362-sdio.ASUSTeK COMPUTER INC.-ME176C.txt.zst", diff --git a/ic-os/hostos/context/Dockerfile b/ic-os/hostos/context/Dockerfile index 5b3374fe043..621c23eeda6 100644 --- a/ic-os/hostos/context/Dockerfile +++ b/ic-os/hostos/context/Dockerfile @@ -29,7 +29,7 @@ RUN sed -e '/.*pam_motd.so.*/d' -i /etc/pam.d/login && \ # but this is per system (so backups are not persisted across upgrades) # and thus not very useful, and /etc is read-only. # So simply suppress generating backups. -RUN sed -e 's/\(backup *= *\)1/\10/' -e 's/\(archive *= *\)1/\10/' -i /etc/lvm/lvm.conf +RUN sed -e 's/\(# \)\?\(backup *= *\)[01]/\20/' -e 's/\(# \)\?\(archive *= *\)[01]/\20/' -i /etc/lvm/lvm.conf # Deactivate systemd userdb. We don't use it. RUN sed -e 's/ *systemd//' -i /etc/nsswitch.conf @@ -39,7 +39,7 @@ RUN localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 # Clear files that may lead to indeterministic build. RUN apt-get clean && \ - find /usr/lib/python3.8 -name "*.pyc" | xargs rm && \ + find /usr/lib/python3.12 -name "*.pyc" | xargs rm && \ find /usr/lib/python3 -name "*.pyc" | xargs rm && \ find /usr/share/python3 -name "*.pyc" | xargs rm && \ truncate --size 0 /etc/machine-id @@ -91,6 +91,7 @@ RUN systemctl enable \ chrony \ libvirtd \ nftables \ + ssh \ systemd-journal-gatewayd \ systemd-networkd \ systemd-networkd-wait-online \ @@ -117,14 +118,8 @@ RUN rm -rf \ /usr/local/share/qemu/edk2-arm-code.fd \ /usr/local/share/qemu/edk2-arm-vars.fd -# Add user/group entries specified here: /usr/lib/sysusers.d/systemd.conf E.g., systemd-timesync/coredump -RUN systemd-sysusers && \ - # Fix reproducibility issue. Notes in hostos/context/Dockerfile - usermod -p '!!' systemd-timesync && \ - usermod -p '!!' systemd-coredump - # Set /bin/sh to point to /bin/bash instead of the default /bin/dash -RUN echo "set dash/sh false" | debconf-communicate && dpkg-reconfigure -fnoninteractive dash +RUN ln -sf bash /usr/bin/sh # Group accounts to which parts of the runtime state are assigned such that # user accounts can be granted individual access rights. From 915a4f306ab654a80e0c59c880ea0fb8d4289b39 Mon Sep 17 00:00:00 2001 From: Eero Kelly Date: Fri, 20 Sep 2024 17:48:24 +0000 Subject: [PATCH 3/3] Update HostOS base tags --- ic-os/hostos/context/docker-base.dev | 2 +- ic-os/hostos/context/docker-base.prod | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ic-os/hostos/context/docker-base.dev b/ic-os/hostos/context/docker-base.dev index cd5decc792b..6b56f76b0ae 100644 --- a/ic-os/hostos/context/docker-base.dev +++ b/ic-os/hostos/context/docker-base.dev @@ -1 +1 @@ -ghcr.io/dfinity/hostos-base-dev@sha256:a6e8e7ab7abf682c80dfd717d36ac027213f757ddad415c66080ac4314639590 +ghcr.io/dfinity/hostos-base-dev@sha256:e133ba80d1d291fff89fe9e60f3fbf9285095d9c15a51a1297e314d0f9fe837c diff --git a/ic-os/hostos/context/docker-base.prod b/ic-os/hostos/context/docker-base.prod index 0c1ef008b24..a18a83e2197 100644 --- a/ic-os/hostos/context/docker-base.prod +++ b/ic-os/hostos/context/docker-base.prod @@ -1 +1 @@ -ghcr.io/dfinity/hostos-base@sha256:5e93fb6cadecd22b838a8e442ed88d3c77ac5626651ee139559150d2a77a6743 +ghcr.io/dfinity/hostos-base@sha256:13ae203beb66cdb2ac198ea2441e82b6fb36b93c4e337ccbc32383de49ad7f88