diff --git a/examples/packet.yml b/examples/packet.yml index 1aaf99c3b..fa7dcd534 100644 --- a/examples/packet.yml +++ b/examples/packet.yml @@ -7,6 +7,7 @@ init: - linuxkit/runc:7b15b00b4e3507d62e3ed8d44dfe650561cd35ff - linuxkit/containerd:1b6b8a5884e17b26e2725cb82c436841070fca95 - linuxkit/ca-certificates:de21b84d9b055ad9dcecc57965b654a7a24ef8e0 + - linuxkit/firmware:8fc7d7702589b67e5b1aa72bb61cc72b47a048aa onboot: - name: rngd1 image: linuxkit/rngd:94e01a4b16fadb053455cdc2269c4eb0b39199cd diff --git a/pkg/firmware-all/Dockerfile b/pkg/firmware-all/Dockerfile new file mode 100644 index 000000000..2b5294530 --- /dev/null +++ b/pkg/firmware-all/Dockerfile @@ -0,0 +1,19 @@ +FROM linuxkit/alpine:34518265c6cb63ff02074549cc5b64bef40c336f AS build +RUN apk add --no-cache git + +# Make sure you also update the FW_COMMIT in ../firmware/Dockerfile +ENV FW_URL=git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git +ENV FW_COMMIT=65b1c68c63f974d72610db38dfae49861117cae2 + +RUN mkdir -p /out/lib && \ + cd /out/lib && \ + git clone ${FW_URL} firmware && \ + cd firmware && \ + git checkout ${FW_COMMIT} && \ + rm -rf .git + +FROM scratch +WORKDIR / +ENTRYPOINT [] +COPY --from=build /out/lib/ /lib/ + diff --git a/pkg/firmware-all/README.md b/pkg/firmware-all/README.md new file mode 100644 index 000000000..095aa1f58 --- /dev/null +++ b/pkg/firmware-all/README.md @@ -0,0 +1,8 @@ +The `firmware-all` package contains all firmware binaries from the +[Linux firmware +repository](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/). It +is quite large. + +For use with the LinuxKit kernel we recommend using the +[`firmware`](../firmware/) package, which only contains the firmware +binaries for which drivers are enabled. diff --git a/pkg/firmware-all/build.yml b/pkg/firmware-all/build.yml new file mode 100644 index 000000000..8a6e84585 --- /dev/null +++ b/pkg/firmware-all/build.yml @@ -0,0 +1,2 @@ +image: firmware-all +network: true diff --git a/pkg/firmware/Dockerfile b/pkg/firmware/Dockerfile new file mode 100644 index 000000000..c36fa5ce5 --- /dev/null +++ b/pkg/firmware/Dockerfile @@ -0,0 +1,44 @@ +# Make modules from a recentish kernel available +FROM linuxkit/kernel:4.14.12 AS kernel + +FROM linuxkit/alpine:34518265c6cb63ff02074549cc5b64bef40c336f AS build +RUN apk add --no-cache git kmod + +# Clone the firmware repository +# Make sure you also update the FW_COMMIT in ../firmware-all/Dockerfile +ENV FW_URL=git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git +ENV FW_COMMIT=65b1c68c63f974d72610db38dfae49861117cae2 +WORKDIR / +RUN git clone ${FW_URL} && \ + cd /linux-firmware && \ + git checkout ${FW_COMMIT} + +# Copy files we always need/want: Licenses, docs and AMD CPU microcode +WORKDIR /linux-firmware +RUN set -e && \ + mkdir -p /out/lib/firmware && \ + cp README WHENCE /out/lib/firmware && \ + cp GPL-? LICENSE.* LICENCE.* /out/lib/firmware && \ + case $(uname -m) in \ + x86_64) \ + cp -r amd-ucode /out/lib/firmware; \ + ;; \ + esac + +# Extract kernel modules for +WORKDIR / +COPY --from=kernel /kernel.tar /kernel.tar +RUN tar xf /kernel.tar + +# Copy files required by the modules +RUN set -e && \ + for fw in $(find /lib/modules -name \*.ko -exec modinfo --field=firmware {} \;); do \ + mkdir -p "/out/lib/firmware/$fw" && \ + cp "/linux-firmware/$fw" "/out/lib/firmware/$fw"; \ + done + +FROM scratch +WORKDIR / +ENTRYPOINT [] +COPY --from=build /out/lib/ /lib/ + diff --git a/pkg/firmware/README.md b/pkg/firmware/README.md new file mode 100644 index 000000000..c901225cb --- /dev/null +++ b/pkg/firmware/README.md @@ -0,0 +1,12 @@ +The `firmware` package contains updated firmware files required by any +driver compiled as a module. Based on the modules included in a recent +LinuxKit kernel, copy the required firmware binaries as reported by +'modinfo'. We deliberately do *not* pick the latest version here to +prevent it being updated on kernel updates. Firmware revisions do not +change very often and we expect older and newer kernels to work with a +range of firmware binaries. + +Note: The current mechanism only handles firmware blobs required by +modules and ignores firmware blobs required by drivers compiled into +the kernel. However, with the LinuxKit kernels we typically compile +all hardware drivers as modules. diff --git a/pkg/firmware/build.yml b/pkg/firmware/build.yml new file mode 100644 index 000000000..1a926eabc --- /dev/null +++ b/pkg/firmware/build.yml @@ -0,0 +1,2 @@ +image: firmware +network: true