ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2024-12-18 20:47:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Use nixos-unstable channel's prebuilt qemu_full with canokey support builtin, downloaded from nix cache

Browse Source 
- flake.lock: bumps lcoekd package list to latest packages list through 'nix flake update'
- flake.nix : comment out customizations of derivatives, removing canokey-qemu lib since qemu_full depends on qemu which depends on canokey-qemu by default now
- flake.nux: add 'less' so that 'git log' is usable
- circleci/config.yml: use docker v0.1.9
- README.md : update docker image maintainer notes to ease upstreaming of docker images and for others to play around, requiring dockerhub account

For testing iterations of this, I used:
docker_version="v0.1.9" && docker_hub_repo="tlaurion/heads-dev-env" && sed "s@\(image: \)\(.*\):\(v[0-9]*\.[0-9]*\.[0-9]*\)@\1\2:$docker_version@" -i .circleci/config.yml && nix --print-build-logs --verbose develop --ignore-environment --command true && nix build .#dockerImage && docker load < result && docker tag linuxboot/heads:dev-env "$docker_hub_repo:$docker_version" && docker push "$docker_hub_repo:$docker_version"
Then added final commit, and pushed.

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
This commit is contained in:
Thierry Laurion 2024-05-23 11:34:09 -04:00
parent cf080564df
commit c7d1495a0a
No known key found for this signature in database
GPG Key ID: 9A53E1BB3FF00461
4 changed files with 42 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.circleci/config.yml
View File

@ -45,7 +45,7 @@ commands:
jobs: jobs:
prep_env: prep_env:
docker: docker:
- image: tlaurion/heads-dev-env:v0.1.8 - image: tlaurion/heads-dev-env:v0.1.9
resource_class: large resource_class: large
working_directory: ~/heads working_directory: ~/heads
steps: steps:
@ -111,7 +111,7 @@ jobs:
build_and_persist: build_and_persist:
docker: docker:
- image: tlaurion/heads-dev-env:v0.1.8 - image: tlaurion/heads-dev-env:v0.1.9
resource_class: large resource_class: large
working_directory: ~/heads working_directory: ~/heads
parameters: parameters:
@ -139,7 +139,7 @@ jobs:
build: build:
docker: docker:
- image: tlaurion/heads-dev-env:v0.1.8 - image: tlaurion/heads-dev-env:v0.1.9
resource_class: large resource_class: large
working_directory: ~/heads working_directory: ~/heads
parameters: parameters:
@ -160,7 +160,7 @@ jobs:
save_cache: save_cache:
docker: docker:
- image: tlaurion/heads-dev-env:v0.1.8 - image: tlaurion/heads-dev-env:v0.1.9
resource_class: large resource_class: large
working_directory: ~/heads working_directory: ~/heads
steps: steps:

36
README.md
View File

@ -94,15 +94,37 @@ docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd
Maintenance notes on docker image Maintenance notes on docker image
=== ===
Redo the steps above in case the flake.nix or nix.lock changes. Then publish on docker hub: Redo the steps above in case the flake.nix or nix.lock changes. Commit changes. Then publish on docker hub:
``` ```
docker tag linuxboot/heads:dev-env tlaurion/heads-dev-env:vx.y.z #put relevant things in variables:
docker push tlaurion/heads-dev-env:vx.y.z docker_version="vx.y.z" && docker_hub_repo="tlaurion/heads-dev-env"
#test against CircleCI in PR. Merge. #update pinned packages to latest available ones if needed, modify flake.nix derivatives if needed:
#make last version the latest nix flakes update
docker tag tlaurion/heads-dev-env:vx.y.z tlaurion/heads-dev-env:latest #modify CircleCI image to use newly pushed docker image
docker push tlaurion/heads-dev-env:latest sed "s@\(image: \)\(.*\):\(v[0-9]*\.[0-9]*\.[0-9]*\)@\1\2:$docker_version@" -i .circleci/config.yml
# commit changes
git commit --signoff -m "Bump nix develop based docker image to $docker_hub_repo:$docker_version"
#use commited flake.nix and flake.lock in nix develop
nix --print-build-logs --verbose develop --ignore-environment --command true
#build new docker image from nix develop environement
nix build .#dockerImage && docker load < result
#tag produced docker image with new version
docker tag linuxboot/heads:dev-env "$docker_hub_repo:$docker_version"
#push newly created docker image to docker hub
docker push "$docker_hub_repo:$docker_version"
#test with CircleCI in PR. Merge.
git push ...
#make last tested docker image version the latest
docker tag "$docker_hub_repo:$docker_version" "$docker_hub_repo:latest"
docker push "$docker_hub_repo:latest"
```
This can be put in reproducible oneliners to ease maintainership.
Test image in dirty mode:
```
docker_version="vx.y.z" && docker_hub_repo="tlaurion/heads-dev-env" && sed "s@\(image: \)\(.*\):\(v[0-9]*\.[0-9]*\.[0-9]*\)@\1\2:$docker_version@" -i .circleci/config.yml && nix --print-build-logs --verbose develop --ignore-environment --command true && nix build .#dockerImage && docker load < result && docker tag linuxboot/heads:dev-env "$docker_hub_repo:$docker_version" && docker push "$docker_hub_repo:$docker_version"
``` ```
Notes: Notes:

6
flake.lock generated
View File

@ -20,11 +20,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1715534503, "lastModified": 1716509168,
"narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=", "narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "2057814051972fa1453ddfb0d98badbea9b83c06", "rev": "bfb7a882678e518398ce9a31a881538679f6f092",
"type": "github" "type": "github"
}, },
"original": { "original": {

11
flake.nix
View File

@ -70,12 +70,12 @@
zlib.dev zlib.dev
] ++ [ ] ++ [
# Below are overrides to make canokey-qemu library available to qemu built derivative through a qemu override, which qemu is used for other derivatives # Below are overrides to make canokey-qemu library available to qemu built derivative through a qemu override, which qemu is used for other derivatives
canokey-qemu # Canokey lib for qemu build-time compilation. #canokey-qemu # Canokey lib for qemu build-time compilation.
(qemu.override { #(qemu.override {
canokeySupport = true; # This override enables Canokey support in QEMU, resulting in -device canokey being available. # canokeySupport = true; # This override enables Canokey support in QEMU, resulting in -device canokey being available.
}) #})
# Packages for qemu support with Canokey integration from previous override # Packages for qemu support with Canokey integration from previous override
qemu_full #Heavier but contains qemu-img, kvm and everything else needed to do development cycles under docker qemu_full #Heavier but contains qemu-img, kvm and everything else needed to do development/testing cycles under docker
#qemu # To test make BOARD=qemu-coreboot-* boards and then call make BOARD=qemu-coreboot-* with inject_gpg statement, and then run statement. #qemu # To test make BOARD=qemu-coreboot-* boards and then call make BOARD=qemu-coreboot-* with inject_gpg statement, and then run statement.
#qemu_kvm # kvm additional support for qemu without all the qemu-img and everything else under qemu_full #qemu_kvm # kvm additional support for qemu without all the qemu-img and everything else under qemu_full
] ++ [ ] ++ [
@ -86,6 +86,7 @@
diffoscopeMinimal # Not sure exactly what is packed here, let's try. diffoscopeMinimal # Not sure exactly what is packed here, let's try.
gnupg #to inject public key inside of qemu create rom through inject_gpg target of targets/qemu.mk TODO: remove when pflash supported by flashrom gnupg #to inject public key inside of qemu create rom through inject_gpg target of targets/qemu.mk TODO: remove when pflash supported by flashrom
#diffoscope #should we include it? Massive:11 GB uncompressed. Wow?!?! #diffoscope #should we include it? Massive:11 GB uncompressed. Wow?!?!
less # so 'git log' is usable
] ++ [ ] ++ [
# Tools for handling binary blobs in their compressed state. (blobs/xx30/vbios_[tw]530.sh) # Tools for handling binary blobs in their compressed state. (blobs/xx30/vbios_[tw]530.sh)
bundler bundler