From bf5a461ce5007702690e185367a7d4fe273753e8 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Wed, 26 Jul 2017 14:55:29 +0100 Subject: [PATCH 1/4] tools/alpine: Add OVMF to the mirror and not the image We add the 'ovmf' to the mirror instead of installing it in the rootfs. This way we record the version we are using. We already pull a few images (go, tini) from community so may as well pull ovmf directly via 'packages.x86_64'. Signed-off-by: Rolf Neugebauer --- tools/alpine/Dockerfile | 7 ------- tools/alpine/packages.x86_64 | 1 + tools/alpine/versions.x86_64 | 3 ++- 3 files changed, 3 insertions(+), 8 deletions(-) diff --git a/tools/alpine/Dockerfile b/tools/alpine/Dockerfile index 54ee928f8..9109cbe56 100644 --- a/tools/alpine/Dockerfile +++ b/tools/alpine/Dockerfile @@ -29,12 +29,6 @@ RUN apk index --rewrite-arch $(uname -m) -o /mirror/$(uname -m)/APKINDEX.unsigne RUN cp /mirror/$(uname -m)/APKINDEX.unsigned.tar.gz /mirror/$(uname -m)/APKINDEX.tar.gz RUN abuild-sign /mirror/$(uname -m)/APKINDEX.tar.gz -# fetch OVMF for qemu EFI boot (this is not added as a package) -RUN mkdir -p /usr/share/ovmf && \ - if [ $(uname -m) = x86_64 ]; then \ - apk add -X http://dl-cdn.alpinelinux.org/alpine/edge/community ovmf; \ - fi - # set this as our repo but keep a copy of the upstream for downstream use RUN mv /etc/apk/repositories /etc/apk/repositories.upstream && echo "/mirror" > /etc/apk/repositories && apk update @@ -53,7 +47,6 @@ COPY --from=mirror /etc/apk/repositories.upstream /etc/apk/repositories.upstream COPY --from=mirror /etc/apk/keys /etc/apk/keys/ COPY --from=mirror /mirror /mirror/ COPY --from=mirror /go/bin /go/bin/ -COPY --from=mirror /usr/share/ovmf/ /usr/share/ovmf/ COPY --from=mirror /Dockerfile /Dockerfile RUN apk update && apk upgrade -a diff --git a/tools/alpine/packages.x86_64 b/tools/alpine/packages.x86_64 index b86c2899e..612e87b8c 100644 --- a/tools/alpine/packages.x86_64 +++ b/tools/alpine/packages.x86_64 @@ -1,2 +1,3 @@ open-vm-tools +ovmf syslinux diff --git a/tools/alpine/versions.x86_64 b/tools/alpine/versions.x86_64 index 54f005629..f0a6e7a00 100644 --- a/tools/alpine/versions.x86_64 +++ b/tools/alpine/versions.x86_64 @@ -1,4 +1,4 @@ -# linuxkit/alpine:34af9cb1990debd17fae6d4198c62ce3910d9908 +# linuxkit/alpine:77c8dfc5860012c869a19d7a2c68e701469692c8 # automatically generated list of installed packages abuild-3.0.0_rc2-r8 alpine-baselayout-3.0.4-r0 @@ -182,6 +182,7 @@ openssh-keygen-7.5_p1-r1 openssh-server-7.5_p1-r1 openssl-dev-1.0.2k-r0 opus-1.1.4-r0 +ovmf-0.0.20161115-r1 p11-kit-0.23.2-r1 patch-2.7.5-r1 pax-utils-1.2.2-r0 From 930c9c21df8037cd3bc83495cac79f2d7d8d3728 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Wed, 26 Jul 2017 15:22:35 +0100 Subject: [PATCH 2/4] tools/qemu: Install ovmf for x86 The previous commit moved ovmf to the packages instead of stashing it on the filesystem. This requires the package to be installed here. Signed-off-by: Rolf Neugebauer --- tools/qemu/Dockerfile | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/tools/qemu/Dockerfile b/tools/qemu/Dockerfile index fe2522b52..42e745873 100644 --- a/tools/qemu/Dockerfile +++ b/tools/qemu/Dockerfile @@ -1,4 +1,4 @@ -FROM linuxkit/alpine:9bcf61f605ef0ce36cc94d59b8eac307862de6e1 AS mirror +FROM linuxkit/alpine:77c8dfc5860012c869a19d7a2c68e701469692c8 AS mirror RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/ RUN apk add --no-cache --initdb -p /out \ alpine-baselayout \ @@ -7,21 +7,12 @@ RUN apk add --no-cache --initdb -p /out \ qemu-img && \ case $(uname -m) in \ x86_64) \ - apk add --no-cache --initdb -p /out qemu-system-x86_64; \ + apk add --no-cache --initdb -p /out qemu-system-x86_64 ovmf; \ ;; \ aarch64) \ apk add --no-cache --initdb -p /out qemu-system-aarch64; \ ;; \ esac - -RUN case $(uname -m) in \ - x86_64) \ - mkdir -p /out/usr/share/ovmf \ - && cp /usr/share/ovmf/bios.bin /out/usr/share/ovmf/bios.bin; \ - ;; \ - aarch64) \ - ;; \ - esac RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache FROM scratch From 4b25e00c7d0b18576bfb89708f4648ad38dcadb6 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Wed, 26 Jul 2017 15:43:28 +0100 Subject: [PATCH 3/4] cmd: Update qmeu container image hash Signed-off-by: Rolf Neugebauer --- src/cmd/linuxkit/run_qemu.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cmd/linuxkit/run_qemu.go b/src/cmd/linuxkit/run_qemu.go index 59fd1fa46..b6e07cde4 100644 --- a/src/cmd/linuxkit/run_qemu.go +++ b/src/cmd/linuxkit/run_qemu.go @@ -18,7 +18,7 @@ import ( ) // QemuImg is the version of qemu container -const QemuImg = "linuxkit/qemu:bc5e096d3b440509954aa9341db3ff4d3d615344" +const QemuImg = "linuxkit/qemu:8c07b24790ac5162dfc129791f8afeace159ca20" // QemuConfig contains the config for Qemu type QemuConfig struct { From 896c3574ab41351afe9cf12e22006f7d0b1536f8 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Wed, 26 Jul 2017 16:31:53 +0100 Subject: [PATCH 4/4] cmd: Change logic for using EFI FW when qemu is run in a container By default we want qemu to use the EFI firmware image in the qemu container. However the logic in the code would always bind mount the FW image into the container. This commit changes the logic to only bind mount the FW image if it was specified on the commandline. Signed-off-by: Rolf Neugebauer --- src/cmd/linuxkit/run_qemu.go | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/src/cmd/linuxkit/run_qemu.go b/src/cmd/linuxkit/run_qemu.go index b6e07cde4..b93a7c595 100644 --- a/src/cmd/linuxkit/run_qemu.go +++ b/src/cmd/linuxkit/run_qemu.go @@ -18,7 +18,10 @@ import ( ) // QemuImg is the version of qemu container -const QemuImg = "linuxkit/qemu:8c07b24790ac5162dfc129791f8afeace159ca20" +const ( + QemuImg = "linuxkit/qemu:8c07b24790ac5162dfc129791f8afeace159ca20" + defaultFWPath = "/usr/share/ovmf/bios.bin" +) // QemuConfig contains the config for Qemu type QemuConfig struct { @@ -114,7 +117,8 @@ func runQemu(args []string) { data := flags.String("data", "", "Metadata to pass to VM (either a path to a file or a string)") // Paths and settings for UEFI firware - fw := flags.String("fw", "/usr/share/ovmf/bios.bin", "Path to OVMF firmware for UEFI boot") + // Note, we do not use defaultFWPath here as we have a special case for containerised execution + fw := flags.String("fw", "", "Path to OVMF firmware for UEFI boot") // VM configuration enableKVM := flags.Bool("kvm", haveKVM(), "Enable KVM acceleration") @@ -326,6 +330,9 @@ func runQemuLocal(config QemuConfig) error { // Check for OVMF firmware before running if config.UEFI { + if config.FWPath == "" { + config.FWPath = defaultFWPath + } if _, err := os.Stat(config.FWPath); err != nil { if os.IsNotExist(err) { return fmt.Errorf("File [%s] does not exist, please ensure OVMF is installed", config.FWPath) @@ -375,11 +382,16 @@ func runQemuContainer(config QemuConfig) error { var args []string config, args = buildQemuCmdline(config) - // if user specify the "-fw" parameter, this should override the default in container context, - // with "-v" option, we will have the chance to assign an external FW binary to the containerized qemu - // instead of the fixed FW bin instealled by the build process of the image. + // If we are running in a container and if the the user + // does not specify the "-fw" parameter, we default to using the + // FW image in the container. Otherwise we bind mount the FW image + // into the container. if config.UEFI { - binds = append(binds, "-v", fmt.Sprintf("%[1]s:%[1]s", config.FWPath)) + if config.FWPath != "" { + binds = append(binds, "-v", fmt.Sprintf("%[1]s:%[1]s", config.FWPath)) + } else { + config.FWPath = defaultFWPath + } } dockerArgs := append([]string{"run", "--interactive", "--rm", "-w", cwd}, binds...)