Re: [RFC PATCH] gitlab: add a binary build to project registry

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Alex Bennée" <alex.bennee@linaro.org>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-devel@nongnu.org, "Anders Roxell" <anders.roxell@linaro.org>,
	"Remi Duraffort" <remi.duraffort@linaro.org>,
	"Philippe Mathieu-Daudé" <f4bug@amsat.org>,
	"Thomas Huth" <thuth@redhat.com>,
	"Wainer dos Santos Moschetta" <wainersm@redhat.com>,
	"Beraldo Leal" <bleal@redhat.com>
Subject: Re: [RFC PATCH] gitlab: add a binary build to project registry
Date: Wed, 22 Jun 2022 15:43:54 +0100	[thread overview]
Message-ID: <87bkukrbwz.fsf@linaro.org> (raw)
In-Reply-To: <CAFEAcA_v+VM1kd=_D2Tm7DkkS=i+3k26aaM-YGjnTT6-zsPDxg@mail.gmail.com>


Peter Maydell <peter.maydell@linaro.org> writes:

> On Wed, 22 Jun 2022 at 13:33, Alex Bennée <alex.bennee@linaro.org> wrote:
>>
>> There have been requests from other projects such LKFT to have
>> "official" docker images with pre-built QEMU binaries. These could
>> then be consumed by downstream CI systems by pulling directly from the
>> qemu-project container registry. The final image could then be run by
>> doing:
>>
>>   docker run --rm -it \
>>     registry.gitlab.com/qemu-project/qemu/qemu/debian-amd64-binaries \
>>     /opt/bin/qemu-system-aarch64 $ARGS
>>
>> To keep the build time down we skip user-mode, documents, plugins and
>> a selection of the more esoteric hardware emulations. Even so it still
>> takes over an hour to build and install everything.
>
>> This is very much an RFC for now as we have traditionally not provided
>> binaries for our users except for the slightly special case of
>> Windows. As currently structured this will rebuild the binaries on
>> every merge but we could change the generation rules to only trigger
>> for tagged or stable branch pushes. We also wouldn't be testing these
>> binaries so we are basically assuming they are OK by the nature of
>> being built from master which in theory never breaks.
>
> I'm a bit uncertain about providing "official" docker images
> or other pre-built binaries, because it might give the impression
> that these are OK to use with KVM, when in fact they won't necessarily
> get security fixes in a timely manner, and almost all users of QEMU for
> KVM purposes are better off with the distro QEMU.

Do we have any sort of idea how long it takes from a CVE being fixed in
a distro kernel to the eventual merge of a patch in master?

Anyway the main use case for this is emulation where we want to get new
features under -cpu max into the CI loops as soon as possible. I think
the LKFT guys are testing KVM as well though and again want to see new
KVM features as soon as possible.

I'm not proposing these images are uploaded to docker.io so less likely
to be hit by the default:

  docker run qemu:latest

(they instead get 6 year old things packages by someone calling
themselves qemu: https://hub.docker.com/u/qemu)

>
> thanks
> -- PMM


-- 
Alex Bennée

next prev parent reply	other threads:[~2022-06-22 14:51 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-06-22 12:33 [RFC PATCH] gitlab: add a binary build to project registry Alex Bennée
2022-06-22 14:17 ` Peter Maydell
2022-06-22 14:43   ` Alex Bennée [this message]
2022-06-22 15:06     ` Daniel P. Berrangé
2022-07-11 11:17       ` Anders Roxell

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87bkukrbwz.fsf@linaro.org \
    --to=alex.bennee@linaro.org \
    --cc=anders.roxell@linaro.org \
    --cc=bleal@redhat.com \
    --cc=f4bug@amsat.org \
    --cc=peter.maydell@linaro.org \
    --cc=qemu-devel@nongnu.org \
    --cc=remi.duraffort@linaro.org \
    --cc=thuth@redhat.com \
    --cc=wainersm@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.