docker: Update Dockerfile and cleanup dependencies

This patch refactors the Dockerfile setup process, by optimizing the installation of tools and dependencies. It simplifies the environment setup by using ARGs for tool versions. This updated Dockerfile allows to be used for `x86_64` and `aarch64` host machines. Also, it fixes the group ID extraction bug in the init script. Signed-off-by: Leandro Belli <leandro.belli@arm.com> Change-Id: I38b999b2c54230af5e26b359823815f3194de511
ARM-software · May 3, 2024 · c88e160 · c88e160
1 parent 706c2ce
commit c88e160
Show file tree

Hide file tree

Showing 9 changed files with 376 additions and 170 deletions.
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -1,149 +1,129 @@
 #
 # Arm SCP/MCP Software
-# Copyright (c) 2021-2023, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2021-2024, Arm Limited and Contributors. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
 
-FROM ubuntu:20.04@sha256:9fa30fcef427e5e88c76bc41ad37b7cc573e1d79cecb23035e413c4be6e476ab as ci
+FROM ubuntu:20.04@sha256:9fa30fcef427e5e88c76bc41ad37b7cc573e1d79cecb23035e413c4be6e476ab AS common
 
-ARG ARM_GNU_RM_URL="https://developer.arm.com/-/media/Files/downloads/gnu-rm/10.3-2021.10/gcc-arm-none-eabi-10.3-2021.10-x86_64-linux.tar.bz2"
-ARG DOXYGEN_URL="https://sourceforge.net/projects/doxygen/files/rel-1.8.13/doxygen-1.8.13.linux.bin.tar.gz"
-ARG CMAKE_URL="https://github.com/Kitware/CMake/releases/download/v3.25.2/cmake-3.25.2-linux-x86_64.tar.gz"
-ARG AARCH64_GCC_URL="https://developer.arm.com/-/media/Files/downloads/gnu-a/9.2-2019.12/binrel/gcc-arm-9.2-2019.12-x86_64-aarch64-none-elf.tar.xz"
-ARG CPPCHECK_SRC_URL="https://github.com/danmar/cppcheck.git"
-ARG CPPCHECK_CHECKOUT_TAG="1.90"
-ARG IWYU_SRC_URL="https://github.com/include-what-you-use/include-what-you-use.git"
-ARG LINUX_SCRIPTS_URL="https://raw.githubusercontent.com/torvalds/linux/master/scripts"
-
-ARG ROOTFS_PATH="docker/rootfs"
-
-ENV ARMLMD_LICENSE_FILE=
+ARG ARM_NONE_EABI_VERSION="10.3-2021.10"
+ARG AARCH64_NONE_ELF_VERSION="9.2-2019.12"
+ARG CMAKE_VERSION="3.25.2"
+ARG LLVM_VERSION="13"
+ARG CPPCHECK_VERSION="1.90"
+ARG DOXYGEN_VERSION="1.8.13"
 
 ENV DEBIAN_FRONTEND=noninteractive
 
 RUN apt-get update && \
     apt-get dist-upgrade -y && \
-    apt-get update && \
     apt-get install -y --no-install-recommends \
-        bundler gcc g++ gpg-agent git gosu lsb-release make ninja-build \
-        xz-utils python3 python3-pip software-properties-common wget lcov && \
-    apt-get update && \
-    python3 -m pip install --upgrade pip && \
-    gem install bundler
+        gcc \
+        g++ \
+        git \
+        make \
+        ninja-build \
+        python-is-python3 \
+        python3 \
+        python3-pip \
+        software-properties-common \
+        wget \
+        xz-utils && \
+    python3 -m pip install --upgrade pip
 
 ENV DEBIAN_FRONTEND=
 
-RUN mkdir "/opt/arm-gnu-rm" && \
-    wget -nv -O - -c "${ARM_GNU_RM_URL}" | \
-    tar -jxf - -C "/opt/arm-gnu-rm" --strip-components=1 && \
-    echo 'export PATH=/opt/arm-gnu-rm/bin:${PATH}' >> \
-        "/etc/profile.d/50-scp-firmware-env.sh"
+# Install GCC arm-none-eabi
+FROM common AS arm-none-eabi
+COPY docker/installer-scripts/install-gcc-arm-none-eabi.sh \
+    /tmp
+RUN bash /tmp/install-gcc-arm-none-eabi.sh /opt/arm-none-eabi \
+    "${ARM_NONE_EABI_VERSION}"
 
-ENV PATH="/opt/arm-gnu-rm/bin:${PATH}"
 
-VOLUME "/opt/arm-compiler-6"
-ENV PATH="/opt/arm-compiler-6/bin:${PATH}"
 
-RUN mkdir "/opt/doxygen" && \
-    apt-get update && \
-    apt-get install -y --no-install-recommends \
-        libclang1-9 libclang-9-dev libclang-cpp9 && \
-    wget -nv -O - -c "${DOXYGEN_URL}" | \
-    tar -zxf - -C "/opt/doxygen" --strip-components=1 && \
-    echo 'export PATH=/opt/doxygen/bin:${PATH}' >> \
-        "/etc/profile.d/50-scp-firmware-env.sh"
+# Install GCC aarch64-none-elf
+FROM common AS aarch64-none-elf
+COPY docker/installer-scripts/install-gcc-aarch64-none-elf.sh \
+    /tmp
+RUN bash /tmp/install-gcc-aarch64-none-elf.sh /opt/aarch64-none-elf \
+    "${AARCH64_NONE_ELF_VERSION}";
 
-ENV PATH="/opt/doxygen/bin:${PATH}"
 
-RUN mkdir "/opt/cmake" && \
-    wget -nv -O - -c "${CMAKE_URL}" | \
-    tar -zxf - -C "/opt/cmake" --strip-components=1 && \
-    echo 'export PATH=/opt/cmake/bin:${PATH}' >> \
-        "/etc/profile.d/50-scp-firmware-env.sh"
+# Install CMake, it needs to be installed before LLVM and cppcheck
+FROM common AS cmake
+COPY docker/installer-scripts/install-cmake.sh /tmp
+RUN bash /tmp/install-cmake.sh /opt/cmake ${CMAKE_VERSION};
+ENV PATH="${PATH}:/opt/cmake/bin"
 
-ENV PATH="/opt/cmake/bin:${PATH}"
 
-RUN apt-get update && \
-    wget --no-check-certificate -O - \
-        https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add - && \
-    add-apt-repository \
-        'deb http://apt.llvm.org/focal/   llvm-toolchain-focal-13  main' && \
-    apt-get update && \
-    apt-get install -y --no-install-recommends \
-        clang-tidy-13 clang-13 llvm-13 libclang-13-dev llvm-13-dev lld-13
+# Install LLVM compiler and build libclang_rt.builtins
+FROM common AS llvm
+COPY --from=arm-none-eabi /opt/arm-none-eabi /opt/arm-none-eabi
+COPY --from=cmake /opt/cmake /opt/cmake
+ENV PATH="${PATH}:/opt/arm-none-eabi/bin"
+ENV PATH="${PATH}:/opt/cmake/bin"
+COPY docker/installer-scripts/install-llvm.sh /tmp
+RUN bash /tmp/install-llvm.sh "${LLVM_VERSION}"
 
-COPY ${ROOTFS_PATH}/usr/local/bin/prepare_llvm /usr/local/bin/prepare_llvm
-RUN  chmod 755 "/usr/local/bin/prepare_llvm"
-RUN  prepare_llvm
 
-RUN mkdir "/opt/aarch64-gcc" && \
-    wget -nv -O - -c "${AARCH64_GCC_URL}" | \
-    tar -Jxf - -C "/opt/aarch64-gcc" --strip-components=1 && \
-    echo 'export PATH=/opt/aarch64-gcc/bin:${PATH}' >> \
-        "/etc/profile.d/50-scp-firmware-env.sh"
+# Build and install cppcheck tool
+FROM cmake AS cppcheck
+COPY docker/installer-scripts/install-cppcheck.sh /tmp
+RUN bash /tmp/install-cppcheck.sh /opt/cppcheck "${CPPCHECK_VERSION}"
 
-ENV PATH="/opt/aarch64-gcc/bin:${PATH}"
 
-RUN cwd=$PWD && mkdir "/opt/cppcheck" && cd "/opt/cppcheck" && \
-    git clone --depth 1 --branch "${CPPCHECK_CHECKOUT_TAG}" \
-    "${CPPCHECK_SRC_URL}" source && \
-    cmake -G "Ninja" -DCMAKE_INSTALL_PREFIX=/opt/cppcheck \
-        -DFILESDIR=/opt/cppcheck ./source && \
-    cmake --build . -- install && cd $cwd && \
-    echo 'export PATH=/opt/cppcheck/bin:${PATH}' >> \
-        "/etc/profile.d/50-scp-firmware-env.sh"
+# Install Doxygen tool
+FROM cmake AS doxygen
+COPY docker/installer-scripts/install-doxygen.sh /tmp
+RUN bash /tmp/install-doxygen.sh /opt/doxygen "${DOXYGEN_VERSION}"
 
-ENV PATH="/opt/cppcheck/bin:${PATH}"
 
-RUN cwd=$PWD && mkdir "/opt/iwyu" && cd "/opt/iwyu" && \
-    git clone "${IWYU_SRC_URL}" -b clang_13 --single-branch iwyu-13 && \
-    cmake -G "Ninja" -DCMAKE_PREFIX_PATH=/usr/lib/llvm-13g \
-    ./iwyu-13 && cmake --build . && \
-    cd bin && ln -s include-what-you-use iwyu && cd $cwd && \
-    echo 'export PATH=/opt/iwyu/bin:${PATH}' >> \
-        "/etc/profile.d/50-scp-firmware-env.sh"
-
-ENV PATH="/opt/iwyu/bin:${PATH}"
+FROM llvm AS ci
+ENV ARMLMD_LICENSE_FILE=
+ENV LM_LICENSE_FILE=
 
-RUN cwd=$PWD && mkdir "/opt/checkpatch" && cd "/opt/checkpatch" && \
-    wget -nvc "${LINUX_SCRIPTS_URL}/checkpatch.pl" && \
-    wget -nvc "${LINUX_SCRIPTS_URL}/spelling.txt" && \
-    wget -nvc "${LINUX_SCRIPTS_URL}/const_structs.checkpatch" && \
-    chmod 755 "/opt/checkpatch/checkpatch.pl" && \
-    echo 'export PATH=/opt/checkpatch:${PATH}' >> \
-        "/etc/profile.d/50-scp-firmware-env.sh"
+VOLUME "/opt/arm-compiler-6"
+ENV PATH="${PATH}:/opt/arm-compiler-6/bin"
+
+COPY --from=arm-none-eabi /opt/arm-none-eabi /opt/arm-none-eabi
+COPY --from=aarch64-none-elf /opt/aarch64-none-elf /opt/aarch64-none-elf
+COPY --from=cmake /opt/cmake /opt/cmake
+COPY --from=cppcheck /opt/cppcheck /opt/cppcheck
+COPY --from=doxygen /opt/doxygen/source/build/bin/ /opt/doxygen/bin
+ENV PATH="${PATH}:/opt/arm-none-eabi/bin"
+ENV PATH="${PATH}:/opt/aarch64-none-elf/bin"
+ENV PATH="${PATH}:/opt/cmake/bin"
+ENV PATH="${PATH}:/opt/cppcheck/bin"
+ENV PATH="${PATH}:/opt/doxygen/bin"
 
-ENV PATH="/opt/checkpatch:${PATH}"
+ENV DEBIAN_FRONTEND=noninteractive
 
-COPY ${ROOTFS_PATH}/usr/local/bin/init /usr/local/bin/init
-RUN  chmod 755 "/usr/local/bin/init"
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+        bundler \
+        bzip2 \
+        gpg-agent \
+        gosu \
+        lsb-release \
+        lcov && \
+    gem install bundler -v 2.4.22
 
-RUN ln -s /usr/bin/python3 /usr/bin/python
+ENV DEBIAN_FRONTEND=
 
+# Install SCP-Firmware requirements
 COPY requirements.txt .
-RUN PIP_ROOT_USER_ACTION=ignore python3 -m pip install -r requirements.txt
+RUN PIP_ROOT_USER_ACTION=ignore \
+    python3 -m pip install --ignore-installed  -r requirements.txt
 
 COPY Gemfile .
 RUN BUNDLE_SILENCE_ROOT_WARNING=true bundler install
 
-ENTRYPOINT [ "sh", "/usr/local/bin/init" ]
+ENTRYPOINT ["sh"]
 
-FROM ci as jenkins
 
-ARG JENKINS_UID=1000
-ARG JENKINS_GID=1000
-
-RUN addgroup --gid "${JENKINS_GID}" jenkins && \
-    adduser --uid "${JENKINS_UID}" --gid "${JENKINS_GID}" --disabled-password \
-        --gecos "" jenkins
-
-ENTRYPOINT [ "sh", "-c" ]
-
-FROM ci as dev
-
-VOLUME /scp-firmware
-WORKDIR /scp-firmware
+FROM ci as user
 
 ENV DEBIAN_FRONTEND=noninteractive
 
@@ -153,50 +133,80 @@ RUN apt-get update && \
 
 ENV DEBIAN_FRONTEND=
 
-RUN adduser --disabled-password --gecos "" user && \
-    usermod -aG sudo user && \
-    passwd -d user
+COPY "docker/rootfs/usr/local/bin/init" "/usr/local/bin/init"
+RUN chmod +x /usr/local/bin/init
+
+
+FROM user as dev
+
+VOLUME /scp-firmware
+WORKDIR /scp-firmware
+
+ARG USER_UID=1000
+ARG USER_GID=1000
+ARG USERNAME=user
+
+RUN groupadd -g ${USER_GID} ${USERNAME} || true && \
+    useradd -l -u ${USER_UID} -g ${USERNAME} -m ${USERNAME} || true && \
+    usermod -aG sudo ${USERNAME} && \
+    echo "$USERNAME ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/$USERNAME && \
+    chmod 0400 /etc/sudoers.d/$USERNAME
 
 ENV NOTVISIBLE="in users profile"
 RUN echo "export VISIBLE=now" >> "/etc/profile"
 
-RUN echo "\nexport USER=user" >> "/home/user/.bashrc"
-ENV PATH="/home/user/.local/bin:${PATH}"
+RUN echo "\nexport USER=${USERNAME}" >> "/home/${USERNAME}/.bashrc"
+ENV PATH="/home/${USERNAME}/.local/bin:${PATH}"
 
-ENTRYPOINT [ "sh", "/usr/local/bin/init" ]
+ENTRYPOINT [ "bash", "/usr/local/bin/init" ]
 
-FROM dev as vagrant
+
+FROM user as vagrant
 
 VOLUME /vagrant
 WORKDIR /vagrant
 
+# Set a default username argument (vagrant by default)
+ARG USERNAME=vagrant
+
+# Update package lists and install necessary packages
+
 ENV DEBIAN_FRONTEND=noninteractive
 
 RUN apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install -y --no-install-recommends openssh-server && \
-    mkdir "/run/sshd"
+    apt-get install -y \
+    sudo \
+    openssh-server
 
 ENV DEBIAN_FRONTEND=
 
-RUN adduser --disabled-password --gecos "" vagrant && \
-    usermod -aG sudo vagrant && \
-    passwd -d vagrant
 
-ENV NOTVISIBLE="in users profile"
-RUN echo "export VISIBLE=now" >> "/etc/profile"
+# Create the user and set up SSH access
+RUN adduser --disabled-password --gecos "" $USERNAME && \
+    usermod -aG sudo $USERNAME && \
+    passwd -d vagrant && \
+    mkdir -p "/home/$USERNAME/.ssh" && \
+    chmod 700 "/home/$USERNAME/.ssh"
 
-RUN printf "\nAcceptEnv ARMLMD_LICENSE_FILE" >> /etc/ssh/sshd_config
+# Copy the authorized keys file
+COPY docker/rootfs/home/$USERNAME/.ssh/authorized_keys \
+    /home/$USERNAME/.ssh/authorized_keys
 
-RUN mkdir -p "/home/vagrant/.ssh" && \
-    chmod 755 "/home/vagrant/.ssh"
+# Set proper permissions for the authorized keys file
+RUN chmod 600 "/home/$USERNAME/.ssh/authorized_keys" && \
+    chown -R $USERNAME:$USERNAME "/home/$USERNAME/.ssh"
 
-COPY ${ROOTFS_PATH}/home/vagrant/.ssh/authorized_keys /home/vagrant/.ssh/authorized_keys
-RUN  chmod 644 "/home/vagrant/.ssh/authorized_keys"
+# Set environment variables
+ENV NOTVISIBLE="in users profile" \
+    PATH="/home/$USERNAME/.local/bin:${PATH}"
 
-RUN printf "\ncd /vagrant" >> "/home/vagrant/.bashrc"
-
-RUN echo "\nexport USER=vagrant" >> "/home/user/.bashrc"
-ENV PATH="/home/vagrant/.local/bin:${PATH}"
+# Add configuration to make the environment visible
+RUN echo "export VISIBLE=now" >> "/etc/profile" && \
+    printf "\nAcceptEnv ARMLMD_LICENSE_FILE" >> "/etc/ssh/sshd_config" && \
+    printf "\ncd /$USERNAME" >> "/home/$USERNAME/.bashrc"
 
+# Expose SSH port
 EXPOSE 22
+
+# Set entrypoint to initialize services
+ENTRYPOINT [ "bash", "/usr/local/bin/init" ]
diff --git a/docker/installer-scripts/install-cmake.sh b/docker/installer-scripts/install-cmake.sh
@@ -0,0 +1,29 @@
+#
+# Arm SCP/MCP Software
+# Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+set -e
+
+tool_dir=$1
+version=$2
+hostarch=$(uname -m)
+
+toolchain="cmake-${version}-linux-${hostarch}"
+url="https://github.com/Kitware/CMake/releases/download/v${version}/${toolchain}.tar.gz"
+
+echo -e "Installing ${toolchain}\n"
+
+# Create target folder
+mkdir -p ${tool_dir}
+
+# Download
+wget -nv ${url}
+
+# Extract
+tar -xf ${toolchain}.tar.gz -C ${tool_dir} --strip-components=1
+
+# Clean up
+rm ${toolchain}.tar.gz
diff --git a/docker/installer-scripts/install-cppcheck.sh b/docker/installer-scripts/install-cppcheck.sh
@@ -0,0 +1,29 @@
+#
+# Arm SCP/MCP Software
+# Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+set -e
+
+tool_dir=$1
+version=$2
+
+url="https://github.com/danmar/cppcheck.git"
+
+echo -e "Installing cppcheck tool version: ${version}\n"
+
+# Create target folder
+mkdir -p ${tool_dir}
+pushd ${tool_dir}
+
+# Download
+git clone "${url}" --depth 1 --branch "${version}"  source
+
+# Build
+cmake -G "Ninja" -DCMAKE_INSTALL_PREFIX=${tool_dir} \
+        -DFILESDIR=${tool_dir} ./source
+cmake --build . -- install
+
+popd