Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adds RHEL 8 and RHEL 9 support for s390x #568

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Adds RHEL 8 and RHEL 9 support for s390x #568

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 6 additions & 3 deletions rpm/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ SCAN_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/scan-cl
BUILDX_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/buildx) && git rev-parse --short HEAD)

ifdef BUILD_IMAGE
BUILD_IMAGE_FLAG=--build-arg $(BUILD_IMAGE)
BUILD_IMAGE_FLAG=--build-arg BUILD_IMAGE=$(BUILD_IMAGE)
endif
BUILD?=DOCKER_BUILDKIT=1 \
docker build \
Expand Down Expand Up @@ -61,7 +61,7 @@ RUN?=docker run --rm \
FEDORA_RELEASES ?= fedora-37 fedora-36 fedora-35
CENTOS_RELEASES ?= centos-7 centos-8 centos-9
ifeq ($(ARCH),s390x)
RHEL_RELEASES ?= rhel-7
RHEL_RELEASES ?= rhel-7 rhel-8 rhel-9
else
RHEL_RELEASES ?=
endif
Expand All @@ -80,7 +80,7 @@ clean: ## remove build artifacts
-docker builder prune -f --filter until=24h

.PHONY: rpm
rpm: fedora centos ## build all rpm packages
rpm: fedora centos rhel ## build all rpm packages

.PHONY: fedora
fedora: $(FEDORA_RELEASES) ## build all fedora rpm packages
Expand All @@ -91,6 +91,9 @@ centos-8 centos-9: RPMBUILD_EXTRA_FLAGS=--define '_without_btrfs 1'
.PHONY: centos
centos: $(CENTOS_RELEASES) ## build all centos rpm packages

.PHONY: rhel-8 rhel-9
rhel-8 rhel-9: RPMBUILD_EXTRA_FLAGS=--define '_without_btrfs 1'

.PHONY: rhel
rhel: $(RHEL_RELEASES) ## build all rhel rpm packages

Expand Down
34 changes: 34 additions & 0 deletions rpm/rhel-8/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
ARG GO_IMAGE
ARG DISTRO=rhel
ARG SUITE=8
ARG BUILD_IMAGE=dockereng/${DISTRO}:${SUITE}-s390x
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was a private image that we used internally for EE releases, but it's no longer maintained; can you change this to a public image (Red Hat's official RHEL image?)

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @thaJeztah, we tried using Red Hat's universal base image for RHEL-8 and RHEL-9. However, Red Hat's official RHEL image does not have a few packages like rpmlint, libtool-ltdl-devel, selinux-policy-devel. To install these packages, repos need to be enabled.
While building docker-ce binaries, we enable the required repos using Red Hat credentials. We can change the image to Red Hat's universal base image. And add a note regarding repos to be enabled.
Please share your thoughts on the same.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @thaJeztah, Any thoughts on the above?


FROM ${GO_IMAGE} AS golang

FROM ${BUILD_IMAGE}
ENV GOPROXY=https://proxy.golang.org|direct
ENV GO111MODULE=off
ENV GOPATH=/go
ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
ENV AUTO_GOPATH 1
ENV DOCKER_BUILDTAGS exclude_graphdriver_btrfs
ARG DISTRO
ARG SUITE
ENV DISTRO=${DISTRO}
ENV SUITE=${SUITE}

RUN yum install -y rpm-build rpmlint libarchive yum-utils
COPY SPECS /root/rpmbuild/SPECS

# TODO change once we support scan-plugin on other architectures
RUN \
if [ "$(uname -m)" = "x86_64" ]; then \
yum-builddep --define '_without_btrfs 1' -y /root/rpmbuild/SPECS/*.spec; \
else \
yum-builddep --define '_without_btrfs 1' -y /root/rpmbuild/SPECS/docker-c*.spec; \
yum-builddep --define '_without_btrfs 1' -y /root/rpmbuild/SPECS/docker-b*.spec; \
fi
Comment on lines +20 to +30
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Historically, CentOS and RHEL would be "roughly equivalent", while CentOS "stream" no longer has the exact same promises, this still somewhat applies. So I did a compare with the equivalent CentOS Dockerfile;

  • For CentOS-8, we switched from yum to dnf; I think dnf is now considered the preferred (and default) for RHEL 8 and up, and yum may even be a symlink to dnf, but possibly key import (similar to CentOS) would be needed
  • For CentOS, we had to enable additional ("CentOS-Stream-Sources", "CentOS-Stream-PowerTools") repositories; were any additional repos needed for RHEL? (maybe not)
diff --git a/rpm/rhel-8/Dockerfile b/rpm/centos-8/Dockerfile
index ebe324d..b627d7f 100644
--- a/rpm/rhel-8/Dockerfile
+++ b/rpm/centos-8/Dockerfile
@@ -17,16 +17,27 @@ ARG SUITE
 ENV DISTRO=${DISTRO}
 ENV SUITE=${SUITE}

-RUN yum install -y rpm-build rpmlint libarchive yum-utils
+# In aarch64 (arm64) images, the altarch repo is specified as repository, but
+# failing, so replace the URL.
+RUN if [ -f /etc/yum.repos.d/CentOS-Stream-Sources.repo ]; then sed -i 's/altarch/centos/g' /etc/yum.repos.d/CentOS-Stream-Sources.repo; fi
+
+RUN if [ -f /etc/yum.repos.d/CentOS-Stream-PowerTools.repo ]; then sed -i 's/enabled=0/enabled=1/g' /etc/yum.repos.d/CentOS-Stream-PowerTools.repo; fi
+
+# RHEL8 / CentOS 8 changed behavior and no longer "rpm --import" or
+# "rpmkeys --import"as part of rpm package's %post scriplet. See
+# https://forums.centos.org/viewtopic.php?f=54&t=72574, and
+# https://access.redhat.com/solutions/3720351
+RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
+RUN dnf install -y rpm-build rpmlint dnf-plugins-core
 COPY SPECS /root/rpmbuild/SPECS

 # TODO change once we support scan-plugin on other architectures
 RUN \
   if [ "$(uname -m)" = "x86_64" ]; then \
-    yum-builddep --define '_without_btrfs 1' -y /root/rpmbuild/SPECS/*.spec; \
+    dnf builddep --define '_without_btrfs 1' -y /root/rpmbuild/SPECS/*.spec; \
   else \
-    yum-builddep --define '_without_btrfs 1' -y /root/rpmbuild/SPECS/docker-c*.spec; \
-    yum-builddep --define '_without_btrfs 1' -y /root/rpmbuild/SPECS/docker-b*.spec; \
+    dnf builddep --define '_without_btrfs 1' -y /root/rpmbuild/SPECS/docker-c*.spec; \
+    dnf builddep --define '_without_btrfs 1' -y /root/rpmbuild/SPECS/docker-b*.spec; \
   fi

 COPY --from=golang /usr/local/go /usr/local/go

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For CentOS-8, we switched from yum to dnf; I think dnf is now considered the preferred (and default) for RHEL 8 and up, and yum may even be a symlink to dnf, but possibly key import (similar to CentOS) would be needed

Yes, sure. We have switched to dnf and added the key import. Will update the PR with same.

For CentOS, we had to enable additional ("CentOS-Stream-Sources", "CentOS-Stream-PowerTools") repositories; were any additional repos needed for RHEL? (maybe not)

For RHEL 8, rpmlint & libtool-ltdl-devel requires "rhel-8-for-s390x-appstream-rpms" repo and
selinux-policy-devel requires "rhel-8-for-s390x-baseos-rpms" repo

For RHEL 9, rpmlint & selinux-policy-devel requires "FTP3install-s390x-9-appstream-os" repo and
libtool-ltdl-devel requires "FTP3install-s390x-9-highavailability-os" repo

To add and use these repositories, credentials are required. As suggested here, should we add a note regarding repos to be enabled?


COPY --from=golang /usr/local/go /usr/local/go
WORKDIR /root/rpmbuild
ENTRYPOINT ["/bin/rpmbuild"]
34 changes: 34 additions & 0 deletions rpm/rhel-9/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
ARG GO_IMAGE
ARG DISTRO=rhel
ARG SUITE=9
ARG BUILD_IMAGE=dockereng/${DISTRO}:${SUITE}-s390x
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same for this one


FROM ${GO_IMAGE} AS golang

FROM ${BUILD_IMAGE}
ENV GOPROXY=https://proxy.golang.org|direct
ENV GO111MODULE=off
ENV GOPATH=/go
ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
ENV AUTO_GOPATH 1
ENV DOCKER_BUILDTAGS exclude_graphdriver_btrfs
ARG DISTRO
ARG SUITE
ENV DISTRO=${DISTRO}
ENV SUITE=${SUITE}

RUN yum install -y rpm-build rpmlint libarchive yum-utils
COPY SPECS /root/rpmbuild/SPECS

# TODO change once we support scan-plugin on other architectures
RUN \
if [ "$(uname -m)" = "x86_64" ]; then \
yum-builddep --define '_without_btrfs 1' -y /root/rpmbuild/SPECS/*.spec; \
else \
yum-builddep --define '_without_btrfs 1' -y /root/rpmbuild/SPECS/docker-c*.spec; \
yum-builddep --define '_without_btrfs 1' -y /root/rpmbuild/SPECS/docker-b*.spec; \
fi
Comment on lines +20 to +30
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as the other one; if you're able to look if we need to / should be using dnf instead of yum ?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, I'll update the PR for this and notify.


COPY --from=golang /usr/local/go /usr/local/go
WORKDIR /root/rpmbuild
ENTRYPOINT ["/bin/rpmbuild"]