Re: [PATCH 3/4] CI: Introduce new qubes-hw-runner.dockerfile

[Andrew Cooper <andrew.cooper3@citrix.com>]

On 09/06/2026 8:42 pm, Marek Marczykowski-Górecki wrote:
> On Tue, Jun 09, 2026 at 06:31:01PM +0100, Andrew Cooper wrote:
>> We want to make the build containers be non-root, but the hardware runner
>> needs to continue being root.  Split it out into a dedicated container.
>> Intentionally give it a generic name so it need not change in the future.
> I'd rather prefer to keep the alpine version in the container name, so
> future container updates can be made without breaking stable branches. I
> have a related patch for this at
> https://gitlab.com/xen-project/people/marmarek/xen/-/commits/automation-linux?ref_type=heads,
> but apparently not posted yet.
>
>> No practical change.
>>
>> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
>> ---
>> CC: Anthony PERARD <anthony.perard@vates.tech>
>> CC: Stefano Stabellini <sstabellini@kernel.org>
>> CC: Michal Orzel <michal.orzel@amd.com>
>> CC: Doug Goldstein <cardoe@cardoe.com>
>> CC: Roger Pau Monné <roger.pau@citrix.com>
>> CC: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
>> CC: Oleksii Kurochko <oleksii.kurochko@gmail.com>
>>
>> I need to backport this patch to all trees (4.18 and later) before
>> alpine:3.18-arm64v8 can be converted to be be non-root.
> Converted? Since 3.18 is EOL for quite some time already, simply phase
> it out slowly.
>
>> In all other cases we've been renaming the containers to bypass this problem,
>> but alpine:3.18-arm64v8 is in the correct new form.
>>
>> Alternatively, I could see about combining it with the Alpine update (which is
>> long overdue and needs doing).
> Yeah, this.

Marek and I had a discussion about this last night.

It's going to be much easier if I merge with the unposted series.  That
series needs to land too (all our alpine testing is currently on an
obsolete version).

However as of last night, Alpine 3.24 has been released so I'll bump to
that sorting this out.

~Andrew