Installation
The local-builder is available either as a lxc / incus container, or as a OCI / Docker container. According to your choice, please follow one of the two paragraphs below.
However, do not forget to follow the third paragraph in order to set-up your host for cross-compilation.
The last paragraph is about the setup of a HTTP/HTTPS proxy configuration. Follow it only if you are using a proxy!
Using Docker
Install Docker on your computer
If it is not already done, install docker on your computer using the method that fit your distribution (cf. the official website).
We recommend using the official Docker repository in order to have the latest version of Docker.
We also recommend to add your user to the docker
group (cf. command below). Like this, you won’t have to run every docker command with sudo
. In the rest of this documentation, we consider that your user is added to the docker
group, therefore, we use the docker command without sudo
.
# Add your user to the 'docker' group
sudo usermod -aG docker ${USER}
NOTE:
If your organization uses a proxy server to connect to the internet, you may also need to configure Docker daemon to use the proxy server.
Please refer to this documentation available on docs.docker.com
Create the mount points on your host
Firstly, we need to create some directories on your computer, depending if you already have installed rp-cli
, these directories may already exist.
mkdir -p $HOME/my_rp_builder_dir/gitsources
mkdir -p $HOME/my_rp_builder_dir/gitpkgs
Start the docker local-builder
Iot.bzh has its own public docker registry, use it to deploy your local-builder. Choose the right command according to your distribution.
- For Debian/Ubuntu:
docker run --detach \
--init \
--cap-add=SYS_ADMIN \
--security-opt apparmor:unconfined \
--user $(id -u):$(id -g) \
--publish 8080:8080 \
--volume ~/my_rp_builder_dir:/home/devel/rp-build:z \
--name redpesk-localbuilder \
registry.redpesk.bzh/redpesk-ci/redpesk-localbuilder:latest
- For Almalinux/Fedora:
docker run --detach \
--init \
--cap-add=SYS_ADMIN \
--security-opt label:disable \
--user $(id -u):$(id -g) \
--publish 8080:8080 \
--volume ~/my_rp_builder_dir:/home/devel/rp-build:z \
--name redpesk-localbuilder \
registry.redpesk.bzh/redpesk-ci/redpesk-localbuilder:latest
From now, you can manage your container using the redpesk-localbuilder
name. For example:
docker container stop redpesk-localbuilder
docker container start redpesk-localbuilder
Using Incus (LXC)
Install Incus on your computer
In order to be able to run the local-builder as a LXC container, you will need incus
(this is a recent fork of lxd
that has been restricted recently by Canonical).
Please install incus
, by following their How to install Incus.
We advice to install at least the version 6.5
of incus
. If your native incus
package is older than that, please use the Zably package repository.
At the end of the installation, initialize incus
on your machine using the minimal configuration.
incus admin init --minimal
Download locally the localbuilder image
First, download locally the latest localbuilder image available and its md5 checksum file.
wget https://download.redpesk.bzh/redpesk-ci/redpesk-builder/lxc/redpesk-localbuilder_latest.tar.gz
wget https://download.redpesk.bzh/redpesk-ci/redpesk-builder/lxc/redpesk-localbuilder_latest.md5
Then, check that the downloaded image is valid.
md5sum --check redpesk-localbuilder_latest.md5
Finally, import the image inside incus
incus image import ./redpesk-localbuilder_latest.tar.gz --alias redpesk-localbuilder-image
Configure and start the localbuilder
Firstly, we need to create some directories on your computer, depending if you already have installed rp-cli
, these directories may already exist.
mkdir -p $HOME/my_rp_builder_dir/gitsources
mkdir -p $HOME/my_rp_builder_dir/gitpkgs
Then, we still have to run several command lines to finish to configure the localbuilder.
# Create the redpesk-localbuilder using the previously imported image
incus launch redpesk-localbuilder-image redpesk-localbuilder --config security.privileged=true --config security.nesting=true
# Add the loop-control device
incus config device add redpesk-localbuilder loop-control unix-char path=/dev/loop-control
# Import your ssh key
incus config device add redpesk-localbuilder my_ssh disk source=~/.ssh path=/home/devel/.ssh
# Mapping host directories in the container
incus config device add redpesk-localbuilder my_rp_build disk source=$HOME/my_rp_builder_dir path=/home/devel/rp-build
Finally, restart your localbuilder.
incus restart redpesk-localbuilder
Configure your host for cross-compilation
Most of the time, this is really straight forward. Firstly, install the qemu-user-static
package. Just use your main package manager.
- For Debian/Ubuntu:
sudo apt-get install qemu-user-static
- For Almalinux/Fedora:
sudo dnf install qemu-user-static
Verify that you have the ‘F’ flag in the /proc/sys/fs/binfmt_misc/qemu-aarch64
file:
enabled
interpreter /usr/bin/qemu-aarch64-static
flags: F
offset 0
magic 7f454c460201010000000000000000000200b700
mask ffffffffffffff00fffffffffffffffffeffffff
NOTE:
You can have more than one flag in this file, and the interpreter can be another binary (especially in recent Debian/Ubuntu system), most of the time this does not affect the local-builder proper functioning.
Setup a HTTP/HTTPS proxy configuration
It is possible to declare a proxy (like Zscaler) in the local-builder.
There are pre-declared variables in the local-builder environment:
- HTTP_PROXY: route HTTP traffic through a specified proxy
- HTTPS_PROXY: route HTTPS traffic through a specified proxy for a secure web traffic
- NO_PROXY: allow domains or IP addresses to bypass the proxy
You simply must do both things to use the local-builder within the proxy:
- these above variables in the user host which calls
rp-cli
program - configure these variables inside the localbuilder through a
rp-cli
call
Proxy configuration example in the host and in the local-builder
Save your container IP address in a variable which will be used below commands.
-
Using Incus (LXC) container
container_name="redpesk-localbuilder" # adapt name if needed export CONTAINER_IP_ADDRESS=$(incus ls $container_name --format json |jq -r '.[0].state.network.eth0.addresses[0].address')
-
Using Docker (OCI) container
container_name="redpesk-localbuilder" # adapt name if needed export CONTAINER_IP_ADDRESS=$(docker inspect -f json $container_name |jq -r '.[].NetworkSettings.IPAddress')
NOTE:
Don’t forget to configure Docker daemon to also use the proxy server.
Please refer to this documentation available on docs.docker.com
Proxy URL setup
Depending on your needs, you simply need to set these variables like below:
# HTTP_PROXY
export http_proxy="http://your_proxy_address:port"
export no_proxy="localhost,$CONTAINER_IP_ADDRESS"
rp-cli local exec "/usr/bin/setup_proxy -hp \"$http_proxy\""
# HTTPS_PROXY
export https_proxy="https://your_proxy_address:port"
export no_proxy="localhost,$CONTAINER_IP_ADDRESS"
rp-cli local exec "/usr/bin/setup_proxy -hsp \"$https_proxy\""
# NO_PROXY
export no_proxy="domain.com,localhost,127.0.0.1,$CONTAINER_IP_ADDRESS"
rp-cli local exec "/usr/bin/setup_proxy -n localhost,127.0.0.1"
Proxy SSL certificat (OPTIONAL)
Depending on your setup, you may also need to provide the ssl certificat of your proxy.
To do so, just copy your certificat file into the localbuilder container and refresh/consolidate CA certificats definition:
-
Using Incus (LXC) container
container_name="redpesk-localbuilder" # adapt name if needed incus file push ./MY_PROXY_SERVER_CERTIFICAT.crt ${container_name}:/etc/pki/ca-trust/source/anchors/ incus exec ${container_name} update-ca-trust
-
Using Docker (OCI) container
container_name="redpesk-localbuilder" # adapt name if needed docker cp ./MY_PROXY_SERVER_CERTIFICAT.crt ${container_name}:/etc/pki/ca-trust/source/anchors docker exec --user root ${container_name} update-ca-trust