From 288d0da43c5912174e969eb2c92b0ab3eca65a67 Mon Sep 17 00:00:00 2001 From: "Henrique F. Simoes" Date: Thu, 14 Sep 2023 12:00:35 -0300 Subject: [PATCH 1/2] base: use a helper script for extracting tarballs. Trivial tarball extraction leads to file ownership to be kept, which can cause permission problems with rootless container engines. This could be overcome by changing subuid and subgid ranges or ignoring ownership from the container filesystem in the installed machine. However, this leads to a more difficult setup for the IOC machines. Instead, file ownership is ignored during extraction in the build phase. This requirement of customizing extraction for all downloaded archives justifies having a dedicated helper script for both downloading and extracting archives. For convenience, a list of URLs can be defined. Tarball archives are downloaded to a dedicated temporary directory to avoid filename conflicts, since they might have arbitrary names. The extraction can be made either in the current directory or at the filesystem root. The latter is useful to extract to specific directories without any intervention. It should be used, for instance, to install custom packages to the /usr/local tree. Noisy output from commands are replaced by short messages to make the build progress more clean. Exceptionally, `wget` output is logged to stdout only when it fails. --- base/Dockerfile | 2 ++ base/install_epics.sh | 4 +--- base/install_modules.sh | 8 ++------ base/lnls-get-n-unpack.sh | 24 ++++++++++++++++++++++++ 4 files changed, 29 insertions(+), 9 deletions(-) create mode 100755 base/lnls-get-n-unpack.sh diff --git a/base/Dockerfile b/base/Dockerfile index bab6aee..66740b9 100644 --- a/base/Dockerfile +++ b/base/Dockerfile @@ -19,6 +19,8 @@ RUN apt update -y && \ wget \ ca-certificates +COPY lnls-get-n-unpack.sh /usr/local/bin/lnls-get-n-unpack + ARG EPICS_BASE_VERSION ENV EPICS_BASE_PATH /opt/epics/base ENV EPICS_MODULES_PATH /opt/epics/modules diff --git a/base/install_epics.sh b/base/install_epics.sh index fc4a8a5..c9b1d2e 100755 --- a/base/install_epics.sh +++ b/base/install_epics.sh @@ -2,9 +2,7 @@ set -ex -wget https://epics-controls.org/download/base/base-${EPICS_BASE_VERSION}.tar.gz -tar -xf base-${EPICS_BASE_VERSION}.tar.gz -rm base-${EPICS_BASE_VERSION}.tar.gz +lnls-get-n-unpack -l https://epics-controls.org/download/base/base-${EPICS_BASE_VERSION}.tar.gz mv base-${EPICS_BASE_VERSION} ${EPICS_BASE_PATH} make -j ${JOBS} -C ${EPICS_BASE_PATH} install diff --git a/base/install_modules.sh b/base/install_modules.sh index c0d7657..76ef731 100755 --- a/base/install_modules.sh +++ b/base/install_modules.sh @@ -7,9 +7,7 @@ download_github_module() { module_name=$2 tag=$3 - wget https://github.com/$github_org/$module_name/archive/refs/tags/$tag.tar.gz - tar -xf $tag.tar.gz - rm $tag.tar.gz + lnls-get-n-unpack -l https://github.com/$github_org/$module_name/archive/refs/tags/$tag.tar.gz mv $module_name-$tag $module_name } @@ -45,9 +43,7 @@ install_github_module() { echo EPICS_BASE=${EPICS_BASE_PATH} > ${EPICS_MODULES_PATH}/../RELEASE # Build seq first since it doesn't depend on anything -wget "https://static.erico.dev/seq-$SEQUENCER_VERSION.tar.gz" -tar -xf seq-$SEQUENCER_VERSION.tar.gz -rm seq-$SEQUENCER_VERSION.tar.gz +lnls-get-n-unpack -l "https://static.erico.dev/seq-$SEQUENCER_VERSION.tar.gz" mv seq-$SEQUENCER_VERSION seq install_module seq SNCSEQ " EPICS_BASE = ${EPICS_BASE_PATH} diff --git a/base/lnls-get-n-unpack.sh b/base/lnls-get-n-unpack.sh new file mode 100755 index 0000000..0923d5e --- /dev/null +++ b/base/lnls-get-n-unpack.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +# +# Download and extract tarball archive from the network. + +set -eu + +case "$1" in + -r) dest=/ ;; + -l) dest=. ;; + *) >&2 echo "Invalid extraction mode: must be either root (-r) or local (-l)." + exit 1; + ;; +esac + +shift + +for url; do + download_dir=$(mktemp -d) + + echo Downloading "$url"... + wget -P $download_dir -o /tmp/wget.log "$url" || (cat /tmp/wget.log && false) + tar --no-same-owner -xf $download_dir/* -C $dest + rm -rf $download_dir /tmp/wget.log +done From 8f02abc2047d5087ce69ed032b4e42006ec56605 Mon Sep 17 00:00:00 2001 From: "Henrique F. Simoes" Date: Thu, 14 Sep 2023 12:14:52 -0300 Subject: [PATCH 2/2] ioc: install user-specified build and runtime tarball packages. This makes it possible to install software not packaged in the distribution repositories, such as closed-source local packages. Packages can be installed during the build-stage, since the IOC might require a given library also at compile time. `ldconfig` is executed at the end to refresh the dynamic linker library resolution cache, which is required to identify new libraries installed with lnls-get-n-unpack. `ldconfig` is not required for the build stage, as dynamic link will take place only during the binary runtime. --- Dockerfile | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Dockerfile b/Dockerfile index 83e7ec2..26f71b9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,6 +7,7 @@ FROM debian:${DEBIAN_VERSION}-slim AS base ARG RUNDIR ARG ENTRYPOINT=/bin/bash ARG RUNTIME_PACKAGES +ARG RUNTIME_TAR_PACKAGES RUN apt update -y && \ apt install -y --no-install-recommends \ @@ -14,10 +15,15 @@ RUN apt update -y && \ busybox \ netcat-openbsd \ procserv \ + wget \ $RUNTIME_PACKAGES && \ apt clean && \ rm -rf /var/lib/apt/lists/* +COPY --from=build-image /usr/local/bin/lnls-get-n-unpack /usr/local/bin/lnls-get-n-unpack +RUN lnls-get-n-unpack -r $RUNTIME_TAR_PACKAGES && \ + ldconfig + WORKDIR ${RUNDIR} RUN ln -s ${ENTRYPOINT} ./entrypoint @@ -34,8 +40,10 @@ FROM build-image AS build-stage ARG REPONAME ARG BUILD_PACKAGES +ARG BUILD_TAR_PACKAGES RUN if [ -n "$BUILD_PACKAGES" ]; then apt update && apt install $BUILD_PACKAGES; fi +RUN lnls-get-n-unpack -r $BUILD_TAR_PACKAGES WORKDIR /opt/${REPONAME}