vinzenz/redox
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #1043 from fengalin/docker_linux_macos

Browse source 
Docker: allow building the container on MacOS and Linux
This commit is contained in:
Jeremy Soller 2017-08-29 07:21:33 -06:00 committed by GitHub
commit 1585e0694c
2 changed files with 54 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

8
docker/Dockerfile
View file

@ -14,8 +14,12 @@ RUN apt-get update \
&& echo "deb https://static.redox-os.org/toolchain/apt/ /" >> /etc/apt/sources.list.d/redox.list \ && echo "deb https://static.redox-os.org/toolchain/apt/ /" >> /etc/apt/sources.list.d/redox.list \
&& apt-get update -o Dir::Etc::sourcelist="redox.list" \ && apt-get update -o Dir::Etc::sourcelist="redox.list" \
&& apt-get install -y x86-64-unknown-redox-newlib x86-64-unknown-redox-binutils x86-64-unknown-redox-gcc \ && apt-get install -y x86-64-unknown-redox-newlib x86-64-unknown-redox-binutils x86-64-unknown-redox-gcc \
&& groupadd -g $BUILD_GID user \ && if [ $BUILD_UID != local ] && [ $BUILD_GID != local ]; then \
&& useradd --shell /bin/bash -u $BUILD_UID -g $BUILD_GID -o -c "" -m $USER \ groupadd -g $BUILD_GID user; \
useradd --shell /bin/bash -u $BUILD_UID -g $BUILD_GID -o -c "" -m $USER; \
else \
useradd --shell /bin/bash -c "" -m $USER; \
fi \
&& echo "$USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/user-no-sudo-password && echo "$USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/user-no-sudo-password
COPY entrypoint.sh /usr/local/bin/entrypoint.sh COPY entrypoint.sh /usr/local/bin/entrypoint.sh

71
docker/README.md
View file

@ -1,36 +1,61 @@
### Building Redox using Docker images with the toolchain ## Building Redox using a Docker image with the pre-built toolchain
*All you need is git, make, qemu, fuse and docker. The method requires a non-privileged user able to run the `docker` command, which is usually achieved by adding the user to the `docker` group.* *All you need is `git`, `make`, `qemu`, `fuse` and `docker`. The method requires
a non-privileged user able to run the `docker` command, which is usually achieved
by adding the user to the `docker` group.*
It's a four-steps process with variations depending on the platform.
### <a name='get_the_sources'></a>Get the sources
```
git clone https://github.com/redox-os/redox.git ; cd redox
```
### Build the container
This will prepare an Ubuntu 17.04 docker image with the required
dependencies and the pre-built toolchain. As long as you rely on this particular
dependencies and toolchain versions, you don't need to rebuild the container.
#### Linux
```shell ```shell
git clone https://github.com/redox-os/redox.git ; cd redox #1
docker build --build-arg LOCAL_UID="$(id -u)" --build-arg LOCAL_GID="$(id -g)" \ docker build --build-arg LOCAL_UID="$(id -u)" --build-arg LOCAL_GID="$(id -g)" \
-t redox docker/ #2 -t redox docker/
git pull --rebase --recurse-submodules && git submodule sync \ ```
&& git submodule update --recursive --init #3 #### MacOS
docker run --cap-add MKNOD --cap-add SYS_ADMIN \ ```shell
-e LOCAL_UID="$(id -u)" -e LOCAL_GID="$(id -g)" \ docker build -t redox docker/
--device /dev/fuse -v "$(pwd):/home/user/src" --rm redox make fetch all #4
make qemu #5
``` ```
To unpack:
1. Creates a local copy of the repository.
2. Creates a new image in the local image repository named `redox` with Redox toolchain installed. You only need to rebuild the image if you want to update the toolchain.
3. Updates all the submodules in the repository.
4. Builds Redox using the `redox` image. The arguments allow the container to use `fuse` and ensure the resulting files are owned by the current user.
5. Runs Redox.
For SELinux, seccomp, and AppArmor enabled systems, please add following commands to #4 accordingly: ### Upate the source tree
Note: if you use the container on a different host or
with a different user, [get the sources first](#get_the_sources).
```shell
git pull --rebase --recurse-submodules && git submodule sync \
&& git submodule update --recursive --init
``` ```
### Run the container to build Redox
#### Linux without security modules
```shell
docker run --cap-add MKNOD --cap-add SYS_ADMIN --device /dev/fuse \
-e LOCAL_UID="$(id -u)" -e LOCAL_GID="$(id -g)" \
-v "$(pwd):/home/user/src" --rm redox make fetch all
```
#### Linux with security modules<br>
Add the following options depending on the security modules activated on your system:
```shell
--security-opt label=disable // disable SELinux --security-opt label=disable // disable SELinux
--security-opt seccomp=unconfined // disable seccomp --security-opt seccomp=unconfined // disable seccomp
--security-opt apparmor=unconfined // disable AppArmor --security-opt apparmor=unconfined // disable AppArmor
``` ```
Ex.: for a SELinux only system such as Fedora or CentOS
E.g., on SELinux systems, replace #4 with: ```shell
``` docker run --cap-add MKNOD --cap-add SYS_ADMIN --device /dev/fuse \
docker run --cap-add MKNOD --cap-add SYS_ADMIN \
-e LOCAL_UID="$(id -u)" -e LOCAL_GID="$(id -g)" \ -e LOCAL_UID="$(id -u)" -e LOCAL_GID="$(id -g)" \
--device /dev/fuse -v "$(pwd):/home/user/src" --security-opt label=disable \ --security-opt label=disable \
--rm redox make fetch all -v "$(pwd):/home/user/src" --rm redox make fetch all
```
#### MacOS
```shell
docker run --cap-add MKNOD --cap-add SYS_ADMIN --device /dev/fuse \
-v "$(pwd):/home/user/src" --rm redox make fetch all
``` ```