[PATCH for-4.19 0/4] CI: Fixes, part 1

[PATCH for-4.19 0/4] CI: Fixes, part 1

[Andrew Cooper]

Minimum fixes to rebuild the containers, following the HEREDOC problems.

Unrelated to the HEREDOC problems, Archlinux and CentOS 7 need aditional
chagnes to rebuild.

There will be subsequent work to make some improvements to CI for 4.19, so in
particular we're testing with up-to-date LTS distros.

Andrew Cooper (4):
  CI: Formalise the use of heredocs
  CI: Adjust the usage of inline files
  CI: Drop bin86/dev86 from archlinux container
  CI: Rework the CentOS7 container

 automation/build/README.md                    | 10 ++-
 .../build/alpine/3.18-arm64v8.dockerfile      |  1 +
 automation/build/alpine/3.18.dockerfile       |  1 +
 .../archlinux/current-riscv64.dockerfile      |  1 +
 automation/build/archlinux/current.dockerfile |  3 +-
 automation/build/centos/7.dockerfile          | 71 ++++++++++---------
 .../bookworm-arm64v8-arm32-gcc.dockerfile     |  1 +
 .../build/debian/bookworm-arm64v8.dockerfile  |  1 +
 .../build/debian/bookworm-cppcheck.dockerfile |  1 +
 .../build/debian/bookworm-i386.dockerfile     |  1 +
 automation/build/debian/bookworm.dockerfile   |  1 +
 .../build/debian/bullseye-ppc64le.dockerfile  |  1 +
 .../build/debian/buster-gcc-ibt.dockerfile    |  1 +
 .../build/debian/jessie-i386.dockerfile       |  3 +-
 automation/build/debian/jessie.dockerfile     |  3 +-
 .../build/debian/stretch-i386.dockerfile      |  3 +-
 automation/build/debian/stretch.dockerfile    |  3 +-
 automation/build/fedora/29.dockerfile         |  1 +
 .../build/suse/opensuse-leap.dockerfile       |  1 +
 .../build/suse/opensuse-tumbleweed.dockerfile |  1 +
 automation/build/ubuntu/bionic.dockerfile     |  1 +
 automation/build/ubuntu/focal.dockerfile      |  1 +
 automation/build/ubuntu/trusty.dockerfile     |  1 +
 .../build/ubuntu/xenial-xilinx.dockerfile     |  1 +
 automation/build/ubuntu/xenial.dockerfile     |  1 +
 automation/build/yocto/yocto.dockerfile.in    |  2 +
 .../alpine/3.18-arm64v8.dockerfile            |  1 +
 .../tests-artifacts/alpine/3.18.dockerfile    |  1 +
 .../kernel/5.19-arm64v8.dockerfile            |  1 +
 .../tests-artifacts/kernel/6.1.19.dockerfile  |  1 +
 .../6.0.0-arm64v8.dockerfile                  |  1 +
 .../qemu-system-ppc64/8.1.0-ppc64.dockerfile  |  1 +
 32 files changed, 82 insertions(+), 40 deletions(-)


base-commit: fb76e08a8f7a61dfbc07d0f335f1623bca650d7f
-- 
2.39.2

[PATCH for-4.19 1/4] CI: Formalise the use of heredocs

[Andrew Cooper]

Commit b5739330d7f4 introduced the use of heredocs in the jessie/stretch
dockerfiles.

It turns out this was introduced by BuildKit in 2018 along with a
standardisation of Dockerfile syntax, and has subsequently been adopted by the
docker community.

Annotate all dockerfiles with a statement of the syntax in use, and extend
README.md details including how to activate BuildKit when it's available but
off by default.

This allows the containers to be rebuilt following commit a0e29b316363 ("CI:
Drop glibc-i386 from the build containers").

Fixes: b5739330d7f4 ("automation: fix jessie/stretch images to use archive.debian.org apt repos")
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Anthony PERARD <anthony.perard@vates.tech>
CC: Stefano Stabellini <sstabellini@kernel.org>
CC: Doug Goldstein <cardoe@cardoe.com>
CC: Roger Pau Monné <roger.pau@citrix.com>
CC: Oleksii Kurochko <oleksii.kurochko@gmail.com>
---
 automation/build/README.md                             | 10 +++++++++-
 automation/build/alpine/3.18-arm64v8.dockerfile        |  1 +
 automation/build/alpine/3.18.dockerfile                |  1 +
 automation/build/archlinux/current-riscv64.dockerfile  |  1 +
 automation/build/archlinux/current.dockerfile          |  1 +
 automation/build/centos/7.dockerfile                   |  1 +
 .../build/debian/bookworm-arm64v8-arm32-gcc.dockerfile |  1 +
 automation/build/debian/bookworm-arm64v8.dockerfile    |  1 +
 automation/build/debian/bookworm-cppcheck.dockerfile   |  1 +
 automation/build/debian/bookworm-i386.dockerfile       |  1 +
 automation/build/debian/bookworm.dockerfile            |  1 +
 automation/build/debian/bullseye-ppc64le.dockerfile    |  1 +
 automation/build/debian/buster-gcc-ibt.dockerfile      |  1 +
 automation/build/debian/jessie-i386.dockerfile         |  1 +
 automation/build/debian/jessie.dockerfile              |  1 +
 automation/build/debian/stretch-i386.dockerfile        |  1 +
 automation/build/debian/stretch.dockerfile             |  1 +
 automation/build/fedora/29.dockerfile                  |  1 +
 automation/build/suse/opensuse-leap.dockerfile         |  1 +
 automation/build/suse/opensuse-tumbleweed.dockerfile   |  1 +
 automation/build/ubuntu/bionic.dockerfile              |  1 +
 automation/build/ubuntu/focal.dockerfile               |  1 +
 automation/build/ubuntu/trusty.dockerfile              |  1 +
 automation/build/ubuntu/xenial-xilinx.dockerfile       |  1 +
 automation/build/ubuntu/xenial.dockerfile              |  1 +
 automation/build/yocto/yocto.dockerfile.in             |  2 ++
 .../tests-artifacts/alpine/3.18-arm64v8.dockerfile     |  1 +
 automation/tests-artifacts/alpine/3.18.dockerfile      |  1 +
 .../tests-artifacts/kernel/5.19-arm64v8.dockerfile     |  1 +
 automation/tests-artifacts/kernel/6.1.19.dockerfile    |  1 +
 .../qemu-system-aarch64/6.0.0-arm64v8.dockerfile       |  1 +
 .../qemu-system-ppc64/8.1.0-ppc64.dockerfile           |  1 +
 32 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/automation/build/README.md b/automation/build/README.md
index 1c040533fdd8..12a2b4af1807 100644
--- a/automation/build/README.md
+++ b/automation/build/README.md
@@ -81,7 +81,14 @@ Building a container
 
 There is a makefile to make this process easier. You should be
 able to run `make DISTRO/VERSION` to have Docker build the container
-for you. If you define the `PUSH` environment variable when running the
+for you.
+
+Xen's dockerfiles use heredocs, which depend on the standardised dockerfile
+syntax introduced by [BuiltKit].  This should work by default starting with
+docker 23.0, or podman/buildah v1.33.  For older versions of docker, it can be
+activated with `DOCKER_BUILDKIT=1` in the environment.
+
+If you define the `PUSH` environment variable when running the
 former `make` command, it will push the container to the [registry] if
 you have access to do so and have your Docker logged into the registry.
 
@@ -101,6 +108,7 @@ env CONTAINER_NO_PULL=1 \
 make -C automation/build suse/opensuse-tumbleweed PUSH=1
 ```
 
+[BuildKit]: https://docs.docker.com/build/buildkit/
 [registry]: https://gitlab.com/xen-project/xen/container_registry
 [registry help]: https://gitlab.com/help/user/project/container_registry
 
diff --git a/automation/build/alpine/3.18-arm64v8.dockerfile b/automation/build/alpine/3.18-arm64v8.dockerfile
index 91e90220240f..19fe46f8418f 100644
--- a/automation/build/alpine/3.18-arm64v8.dockerfile
+++ b/automation/build/alpine/3.18-arm64v8.dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM --platform=linux/arm64/v8 alpine:3.18
 LABEL maintainer.name="The Xen Project" \
       maintainer.email="xen-devel@lists.xenproject.org"
diff --git a/automation/build/alpine/3.18.dockerfile b/automation/build/alpine/3.18.dockerfile
index 8d5dac05b01f..263e9e90d888 100644
--- a/automation/build/alpine/3.18.dockerfile
+++ b/automation/build/alpine/3.18.dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM --platform=linux/amd64 alpine:3.18
 LABEL maintainer.name="The Xen Project" \
       maintainer.email="xen-devel@lists.xenproject.org"
diff --git a/automation/build/archlinux/current-riscv64.dockerfile b/automation/build/archlinux/current-riscv64.dockerfile
index af75b5c720ce..f7770bf82a78 100644
--- a/automation/build/archlinux/current-riscv64.dockerfile
+++ b/automation/build/archlinux/current-riscv64.dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM --platform=linux/amd64 archlinux
 LABEL maintainer.name="The Xen Project" \
       maintainer.email="xen-devel@lists.xenproject.org"
diff --git a/automation/build/archlinux/current.dockerfile b/automation/build/archlinux/current.dockerfile
index d29f1358c2bd..8929e9b5f022 100644
--- a/automation/build/archlinux/current.dockerfile
+++ b/automation/build/archlinux/current.dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM --platform=linux/amd64 archlinux:base-devel
 LABEL maintainer.name="The Xen Project" \
       maintainer.email="xen-devel@lists.xenproject.org"
diff --git a/automation/build/centos/7.dockerfile b/automation/build/centos/7.dockerfile
index 1cdc16fc05f9..657550f308bb 100644
--- a/automation/build/centos/7.dockerfile
+++ b/automation/build/centos/7.dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM --platform=linux/amd64 centos:7
 LABEL maintainer.name="The Xen Project" \
       maintainer.email="xen-devel@lists.xenproject.org"
diff --git a/automation/build/debian/bookworm-arm64v8-arm32-gcc.dockerfile b/automation/build/debian/bookworm-arm64v8-arm32-gcc.dockerfile
index a05ffeac04f9..95b3f0428372 100644
--- a/automation/build/debian/bookworm-arm64v8-arm32-gcc.dockerfile
+++ b/automation/build/debian/bookworm-arm64v8-arm32-gcc.dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM --platform=linux/arm64/v8 debian:bookworm
 LABEL maintainer.name="The Xen Project" \
       maintainer.email="xen-devel@lists.xenproject.org"
diff --git a/automation/build/debian/bookworm-arm64v8.dockerfile b/automation/build/debian/bookworm-arm64v8.dockerfile
index 2c432aacb765..3ab426a082d3 100644
--- a/automation/build/debian/bookworm-arm64v8.dockerfile
+++ b/automation/build/debian/bookworm-arm64v8.dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM --platform=linux/arm64/v8 debian:bookworm
 LABEL maintainer.name="The Xen Project" \
       maintainer.email="xen-devel@lists.xenproject.org"
diff --git a/automation/build/debian/bookworm-cppcheck.dockerfile b/automation/build/debian/bookworm-cppcheck.dockerfile
index 633268376d56..fe4cd4a1aaab 100644
--- a/automation/build/debian/bookworm-cppcheck.dockerfile
+++ b/automation/build/debian/bookworm-cppcheck.dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM --platform=linux/arm64/v8 debian:bookworm AS builder
 
 ENV DEBIAN_FRONTEND=noninteractive
diff --git a/automation/build/debian/bookworm-i386.dockerfile b/automation/build/debian/bookworm-i386.dockerfile
index 89a650338566..9a54bd7293dc 100644
--- a/automation/build/debian/bookworm-i386.dockerfile
+++ b/automation/build/debian/bookworm-i386.dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM --platform=linux/i386 debian:bookworm
 LABEL maintainer.name="The Xen Project" \
       maintainer.email="xen-devel@lists.xenproject.org"
diff --git a/automation/build/debian/bookworm.dockerfile b/automation/build/debian/bookworm.dockerfile
index d893218fc4bd..bef44dd75300 100644
--- a/automation/build/debian/bookworm.dockerfile
+++ b/automation/build/debian/bookworm.dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM --platform=linux/amd64 debian:bookworm
 LABEL maintainer.name="The Xen Project" \
       maintainer.email="xen-devel@lists.xenproject.org"
diff --git a/automation/build/debian/bullseye-ppc64le.dockerfile b/automation/build/debian/bullseye-ppc64le.dockerfile
index 6fdfb6bc2b40..e166d205f38c 100644
--- a/automation/build/debian/bullseye-ppc64le.dockerfile
+++ b/automation/build/debian/bullseye-ppc64le.dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM --platform=linux/amd64 debian:bullseye-slim
 LABEL maintainer.name="The Xen Project" \
       maintainer.email="xen-devel@lists.xenproject.org"
diff --git a/automation/build/debian/buster-gcc-ibt.dockerfile b/automation/build/debian/buster-gcc-ibt.dockerfile
index 6a3e50ef6b3f..ed9367aafbec 100644
--- a/automation/build/debian/buster-gcc-ibt.dockerfile
+++ b/automation/build/debian/buster-gcc-ibt.dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM --platform=linux/amd64 debian:buster-slim AS builder
 
 ENV DEBIAN_FRONTEND=noninteractive
diff --git a/automation/build/debian/jessie-i386.dockerfile b/automation/build/debian/jessie-i386.dockerfile
index a8dec82bb299..f6eaa94ee523 100644
--- a/automation/build/debian/jessie-i386.dockerfile
+++ b/automation/build/debian/jessie-i386.dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM --platform=linux/i386 debian/eol:jessie
 LABEL maintainer.name="The Xen Project" \
       maintainer.email="xen-devel@lists.xenproject.org"
diff --git a/automation/build/debian/jessie.dockerfile b/automation/build/debian/jessie.dockerfile
index 308675cac150..a870e743fcaf 100644
--- a/automation/build/debian/jessie.dockerfile
+++ b/automation/build/debian/jessie.dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM --platform=linux/amd64 debian/eol:jessie
 LABEL maintainer.name="The Xen Project" \
       maintainer.email="xen-devel@lists.xenproject.org"
diff --git a/automation/build/debian/stretch-i386.dockerfile b/automation/build/debian/stretch-i386.dockerfile
index da93fed8ea68..ad8db692aaf2 100644
--- a/automation/build/debian/stretch-i386.dockerfile
+++ b/automation/build/debian/stretch-i386.dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM --platform=linux/i386 debian:stretch
 LABEL maintainer.name="The Xen Project" \
       maintainer.email="xen-devel@lists.xenproject.org"
diff --git a/automation/build/debian/stretch.dockerfile b/automation/build/debian/stretch.dockerfile
index 59794ed4677b..4dfd40b54277 100644
--- a/automation/build/debian/stretch.dockerfile
+++ b/automation/build/debian/stretch.dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM --platform=linux/amd64 debian:stretch
 LABEL maintainer.name="The Xen Project" \
       maintainer.email="xen-devel@lists.xenproject.org"
diff --git a/automation/build/fedora/29.dockerfile b/automation/build/fedora/29.dockerfile
index f473ae13e7c1..08edf70838f9 100644
--- a/automation/build/fedora/29.dockerfile
+++ b/automation/build/fedora/29.dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM --platform=linux/amd64 fedora:29
 LABEL maintainer.name="The Xen Project" \
       maintainer.email="xen-devel@lists.xenproject.org"
diff --git a/automation/build/suse/opensuse-leap.dockerfile b/automation/build/suse/opensuse-leap.dockerfile
index 3ef33458a07c..28d333881233 100644
--- a/automation/build/suse/opensuse-leap.dockerfile
+++ b/automation/build/suse/opensuse-leap.dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM --platform=linux/amd64 opensuse/leap
 LABEL maintainer.name="The Xen Project" \
       maintainer.email="xen-devel@lists.xenproject.org"
diff --git a/automation/build/suse/opensuse-tumbleweed.dockerfile b/automation/build/suse/opensuse-tumbleweed.dockerfile
index a793601c876d..077fed22260c 100644
--- a/automation/build/suse/opensuse-tumbleweed.dockerfile
+++ b/automation/build/suse/opensuse-tumbleweed.dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM --platform=linux/amd64 opensuse/tumbleweed
 LABEL maintainer.name="The Xen Project" \
       maintainer.email="xen-devel@lists.xenproject.org"
diff --git a/automation/build/ubuntu/bionic.dockerfile b/automation/build/ubuntu/bionic.dockerfile
index 910d3c4b5315..cc43fc4ade12 100644
--- a/automation/build/ubuntu/bionic.dockerfile
+++ b/automation/build/ubuntu/bionic.dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM --platform=linux/amd64 ubuntu:18.04
 LABEL maintainer.name="The Xen Project " \
       maintainer.email="xen-devel@lists.xenproject.org"
diff --git a/automation/build/ubuntu/focal.dockerfile b/automation/build/ubuntu/focal.dockerfile
index 078abd56d56f..cb8bb2f6faee 100644
--- a/automation/build/ubuntu/focal.dockerfile
+++ b/automation/build/ubuntu/focal.dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM --platform=linux/amd64 ubuntu:20.04
 LABEL maintainer.name="The Xen Project " \
       maintainer.email="xen-devel@lists.xenproject.org"
diff --git a/automation/build/ubuntu/trusty.dockerfile b/automation/build/ubuntu/trusty.dockerfile
index 8bd8c085a781..e2a1bda7c3a8 100644
--- a/automation/build/ubuntu/trusty.dockerfile
+++ b/automation/build/ubuntu/trusty.dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM --platform=linux/amd64 ubuntu:14.04
 LABEL maintainer.name="The Xen Project" \
       maintainer.email="xen-devel@lists.xenproject.org"
diff --git a/automation/build/ubuntu/xenial-xilinx.dockerfile b/automation/build/ubuntu/xenial-xilinx.dockerfile
index 49f27b322995..f03d62e8bd3f 100644
--- a/automation/build/ubuntu/xenial-xilinx.dockerfile
+++ b/automation/build/ubuntu/xenial-xilinx.dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM --platform=linux/amd64 ubuntu:16.04
 LABEL maintainer.name="The Xen Project " \
       maintainer.email="xen-devel@lists.xenproject.org"
diff --git a/automation/build/ubuntu/xenial.dockerfile b/automation/build/ubuntu/xenial.dockerfile
index f6296d32925c..168bc70ffad8 100644
--- a/automation/build/ubuntu/xenial.dockerfile
+++ b/automation/build/ubuntu/xenial.dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM --platform=linux/amd64 ubuntu:16.04
 LABEL maintainer.name="The Xen Project " \
       maintainer.email="xen-devel@lists.xenproject.org"
diff --git a/automation/build/yocto/yocto.dockerfile.in b/automation/build/yocto/yocto.dockerfile.in
index b0892d420377..fbaa4e191caa 100644
--- a/automation/build/yocto/yocto.dockerfile.in
+++ b/automation/build/yocto/yocto.dockerfile.in
@@ -1,3 +1,5 @@
+# syntax=docker/dockerfile:1
+
 # Docker file to create an environment to build yocto with virtualization
 #
 # Arguments that can be passed during image creation using --build-arg:
diff --git a/automation/tests-artifacts/alpine/3.18-arm64v8.dockerfile b/automation/tests-artifacts/alpine/3.18-arm64v8.dockerfile
index 0e5ae7f2b4d8..a4542f703997 100644
--- a/automation/tests-artifacts/alpine/3.18-arm64v8.dockerfile
+++ b/automation/tests-artifacts/alpine/3.18-arm64v8.dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM --platform=linux/arm64/v8 alpine:3.18
 LABEL maintainer.name="The Xen Project" \
       maintainer.email="xen-devel@lists.xenproject.org"
diff --git a/automation/tests-artifacts/alpine/3.18.dockerfile b/automation/tests-artifacts/alpine/3.18.dockerfile
index 9cde6c9ad4da..311a92889b87 100644
--- a/automation/tests-artifacts/alpine/3.18.dockerfile
+++ b/automation/tests-artifacts/alpine/3.18.dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM --platform=linux/amd64 alpine:3.18
 LABEL maintainer.name="The Xen Project" \
       maintainer.email="xen-devel@lists.xenproject.org"
diff --git a/automation/tests-artifacts/kernel/5.19-arm64v8.dockerfile b/automation/tests-artifacts/kernel/5.19-arm64v8.dockerfile
index b0875ca0ddd1..22359c906630 100644
--- a/automation/tests-artifacts/kernel/5.19-arm64v8.dockerfile
+++ b/automation/tests-artifacts/kernel/5.19-arm64v8.dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM --platform=linux/arm64/v8 debian:bookworm
 LABEL maintainer.name="The Xen Project" \
       maintainer.email="xen-devel@lists.xenproject.org"
diff --git a/automation/tests-artifacts/kernel/6.1.19.dockerfile b/automation/tests-artifacts/kernel/6.1.19.dockerfile
index 021bde26c790..5cf53d290c6f 100644
--- a/automation/tests-artifacts/kernel/6.1.19.dockerfile
+++ b/automation/tests-artifacts/kernel/6.1.19.dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM --platform=linux/amd64 debian:bookworm
 LABEL maintainer.name="The Xen Project" \
       maintainer.email="xen-devel@lists.xenproject.org"
diff --git a/automation/tests-artifacts/qemu-system-aarch64/6.0.0-arm64v8.dockerfile b/automation/tests-artifacts/qemu-system-aarch64/6.0.0-arm64v8.dockerfile
index fb7b7b506e94..e9f5576be7a6 100644
--- a/automation/tests-artifacts/qemu-system-aarch64/6.0.0-arm64v8.dockerfile
+++ b/automation/tests-artifacts/qemu-system-aarch64/6.0.0-arm64v8.dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM --platform=linux/arm64/v8 debian:bookworm
 LABEL maintainer.name="The Xen Project" \
       maintainer.email="xen-devel@lists.xenproject.org"
diff --git a/automation/tests-artifacts/qemu-system-ppc64/8.1.0-ppc64.dockerfile b/automation/tests-artifacts/qemu-system-ppc64/8.1.0-ppc64.dockerfile
index 65857147bf4f..e28d68649239 100644
--- a/automation/tests-artifacts/qemu-system-ppc64/8.1.0-ppc64.dockerfile
+++ b/automation/tests-artifacts/qemu-system-ppc64/8.1.0-ppc64.dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM --platform=linux/amd64 debian:bullseye-slim
 LABEL maintainer.name="The Xen Project" \
       maintainer.email="xen-devel@lists.xenproject.org"
-- 
2.39.2

[PATCH for-4.19 2/4] CI: Adjust the usage of inline files

[Andrew Cooper]

As per:

  https://github.com/moby/buildkit/blob/master/frontend/dockerfile/docs/reference.md#here-documents

For inline files, use COPY with a heredoc, rather than opencoding it through
/bin/sh.

No practical change.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Anthony PERARD <anthony.perard@vates.tech>
CC: Stefano Stabellini <sstabellini@kernel.org>
CC: Doug Goldstein <cardoe@cardoe.com>
CC: Roger Pau Monné <roger.pau@citrix.com>
CC: Oleksii Kurochko <oleksii.kurochko@gmail.com>
---
 automation/build/debian/jessie-i386.dockerfile  | 2 +-
 automation/build/debian/jessie.dockerfile       | 2 +-
 automation/build/debian/stretch-i386.dockerfile | 2 +-
 automation/build/debian/stretch.dockerfile      | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/automation/build/debian/jessie-i386.dockerfile b/automation/build/debian/jessie-i386.dockerfile
index f6eaa94ee523..1eb7ff11c7d3 100644
--- a/automation/build/debian/jessie-i386.dockerfile
+++ b/automation/build/debian/jessie-i386.dockerfile
@@ -12,7 +12,7 @@ WORKDIR /build
 ENTRYPOINT ["linux32"]
 
 # replace repos in archive as release is EOL
-RUN cat <<"END" > /etc/apt/sources.list
+COPY <<"END" /etc/apt/sources.list
 deb http://archive.debian.org/debian/ jessie main contrib non-free
 deb http://archive.debian.org/debian/ jessie-backports main contrib non-free
 deb http://archive.debian.org/debian-security/ jessie/updates main contrib non-free
diff --git a/automation/build/debian/jessie.dockerfile b/automation/build/debian/jessie.dockerfile
index a870e743fcaf..4c0ffe66f8fe 100644
--- a/automation/build/debian/jessie.dockerfile
+++ b/automation/build/debian/jessie.dockerfile
@@ -10,7 +10,7 @@ RUN mkdir /build
 WORKDIR /build
 
 # replace repos in archive as release is EOL
-RUN cat <<"END" > /etc/apt/sources.list
+COPY <<"END" /etc/apt/sources.list
 deb http://archive.debian.org/debian/ jessie main contrib non-free
 deb http://archive.debian.org/debian/ jessie-backports main contrib non-free
 deb http://archive.debian.org/debian-security/ jessie/updates main contrib non-free
diff --git a/automation/build/debian/stretch-i386.dockerfile b/automation/build/debian/stretch-i386.dockerfile
index ad8db692aaf2..8ec9c3a24667 100644
--- a/automation/build/debian/stretch-i386.dockerfile
+++ b/automation/build/debian/stretch-i386.dockerfile
@@ -12,7 +12,7 @@ WORKDIR /build
 ENTRYPOINT ["linux32"]
 
 # replace repos in archive as release is EOL
-RUN cat <<"END" > /etc/apt/sources.list
+COPY <<"END" /etc/apt/sources.list
 deb http://archive.debian.org/debian/ stretch main contrib non-free
 deb http://archive.debian.org/debian/ stretch-backports main contrib non-free
 deb http://archive.debian.org/debian-security/ stretch/updates main contrib non-free
diff --git a/automation/build/debian/stretch.dockerfile b/automation/build/debian/stretch.dockerfile
index 4dfd40b54277..2db4552662de 100644
--- a/automation/build/debian/stretch.dockerfile
+++ b/automation/build/debian/stretch.dockerfile
@@ -10,7 +10,7 @@ RUN mkdir /build
 WORKDIR /build
 
 # replace repos in archive as release is EOL
-RUN cat <<"END" > /etc/apt/sources.list
+COPY <<"END" /etc/apt/sources.list
 deb http://archive.debian.org/debian/ stretch main contrib non-free
 deb http://archive.debian.org/debian/ stretch-backports main contrib non-free
 deb http://archive.debian.org/debian-security/ stretch/updates main contrib non-free
-- 
2.39.2

[PATCH for-4.19 3/4] CI: Drop bin86/dev86 from archlinux container

[Andrew Cooper]

These packages have moved out of main to AUR, and are not easily accessable
any more.  Drop them, because they're only needed for RomBIOS which is very
legacy these days.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Anthony PERARD <anthony.perard@vates.tech>
CC: Stefano Stabellini <sstabellini@kernel.org>
CC: Doug Goldstein <cardoe@cardoe.com>
CC: Roger Pau Monné <roger.pau@citrix.com>
CC: Oleksii Kurochko <oleksii.kurochko@gmail.com>
---
 automation/build/archlinux/current.dockerfile | 2 --
 1 file changed, 2 deletions(-)

diff --git a/automation/build/archlinux/current.dockerfile b/automation/build/archlinux/current.dockerfile
index 8929e9b5f022..657ddd77a85c 100644
--- a/automation/build/archlinux/current.dockerfile
+++ b/automation/build/archlinux/current.dockerfile
@@ -6,10 +6,8 @@ LABEL maintainer.name="The Xen Project" \
 RUN pacman-key --init
 
 RUN pacman -S --refresh --sysupgrade --noconfirm --noprogressbar --needed \
-        bin86 \
         bridge-utils \
         bzip2 \
-        dev86 \
         discount \
         dtc \
         e2fsprogs \
-- 
2.39.2

[PATCH for-4.19 4/4] CI: Rework the CentOS7 container

[Andrew Cooper]

CentOS 7 is fully End-of-life as of 2024-06-30, and the Yum repo configuration
points at URLs which have become non-existent.

First, start by using a heredoc RUN for legibility.  It's important to use
`set -e` to offset the fact that we're no longer chaining every command
together with an &&.

Also, because we're using a single RUN command to perform all RPM operations,
we no longer need to work around the OverlayFS bug.

Adjust the CentOS-*.repo files to point at vault.centos.org.

Take the opportunity to split the Xen deps from Tools deps, and to adjust the
other packages we use:

 * We need bzip2-devel for the dombuilder, not just bzip2.
 * zstd-devel is another optional dependency since the last time this package
   list was refreshed.
 * openssl-devel hasn't been a dependency since Xen 4.6.
 * We long ago ceased being able to build Qemu and SeaBIOS in this container,
   so drop their dependencies too.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Anthony PERARD <anthony.perard@vates.tech>
CC: Stefano Stabellini <sstabellini@kernel.org>
CC: Doug Goldstein <cardoe@cardoe.com>
CC: Roger Pau Monné <roger.pau@citrix.com>
CC: Oleksii Kurochko <oleksii.kurochko@gmail.com>
---
 automation/build/centos/7.dockerfile | 70 +++++++++++++++-------------
 1 file changed, 37 insertions(+), 33 deletions(-)

diff --git a/automation/build/centos/7.dockerfile b/automation/build/centos/7.dockerfile
index 657550f308bb..9e66d72a5bd5 100644
--- a/automation/build/centos/7.dockerfile
+++ b/automation/build/centos/7.dockerfile
@@ -6,44 +6,48 @@ LABEL maintainer.name="The Xen Project" \
 RUN mkdir /build
 WORKDIR /build
 
-# work around https://github.com/moby/moby/issues/10180
-# and add EPEL for dev86
-RUN rpm --rebuilddb && \
-    yum -y install \
-        yum-plugin-ovl \
-        epel-release \
-    && yum clean all && \
-    rm -rf /var/cache/yum
+RUN <<EOF
+    set -e
+
+    # Fix up Yum config now that mirror.centos.org doesn't exist
+    sed -e 's/mirror.centos.org/vault.centos.org/g' \
+        -e 's/^#.*baseurl=https\?/baseurl=https/g' \
+        -e 's/^mirrorlist=https\?/#mirrorlist=https/g' \
+        -i /etc/yum.repos.d/*.repo
+
+    # Add the EPEL repo to get dev86
+    yum -y install epel-release
+
+    yum -y update
 
-# install Xen depends
-RUN yum -y update \
-    && yum -y install \
+    # Xen deps
+    yum -y install \
+        bison \
+        binutils \
+        checkpolicy \
+        flex \
         gcc \
+        make \
+
+    # Tools/stubdom/docs deps
+    yum -y install \
+        acpica-tools \
+        bzip2-devel \
+        dev86 \
         gcc-c++ \
-        ncurses-devel \
-        zlib-devel \
-        openssl-devel \
-        python-devel \
+        git \
         libuuid-devel \
+        ncurses-devel \
+        patch \
         pkgconfig \
-        flex \
-        bison \
-        libaio-devel \
-        glib2-devel \
-        yajl-devel \
-        pixman-devel \
-        glibc-devel \
-        make \
-        binutils \
-        git \
-        wget \
-        acpica-tools \
+        python-devel \
         python-markdown \
-        patch \
-        checkpolicy \
-        dev86 \
+        wget \
         xz-devel \
-        bzip2 \
-        nasm \
-    && yum clean all && \
+        yajl-devel \
+        zlib-devel \
+        zstd-devel \
+
+    yum clean all
     rm -rf /var/cache/yum
+EOF
-- 
2.39.2

Re: [PATCH for-4.19 1/4] CI: Formalise the use of heredocs

[Roger Pau Monné]

On Wed, Jul 03, 2024 at 03:19:59PM +0100, Andrew Cooper wrote:
> Commit b5739330d7f4 introduced the use of heredocs in the jessie/stretch
> dockerfiles.
> 
> It turns out this was introduced by BuildKit in 2018 along with a
> standardisation of Dockerfile syntax, and has subsequently been adopted by the
> docker community.
> 
> Annotate all dockerfiles with a statement of the syntax in use, and extend
> README.md details including how to activate BuildKit when it's available but
> off by default.
> 
> This allows the containers to be rebuilt following commit a0e29b316363 ("CI:
> Drop glibc-i386 from the build containers").
> 
> Fixes: b5739330d7f4 ("automation: fix jessie/stretch images to use archive.debian.org apt repos")
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>

> ---
> CC: Anthony PERARD <anthony.perard@vates.tech>
> CC: Stefano Stabellini <sstabellini@kernel.org>
> CC: Doug Goldstein <cardoe@cardoe.com>
> CC: Roger Pau Monné <roger.pau@citrix.com>
> CC: Oleksii Kurochko <oleksii.kurochko@gmail.com>
> ---
>  automation/build/README.md                             | 10 +++++++++-
>  automation/build/alpine/3.18-arm64v8.dockerfile        |  1 +
>  automation/build/alpine/3.18.dockerfile                |  1 +
>  automation/build/archlinux/current-riscv64.dockerfile  |  1 +
>  automation/build/archlinux/current.dockerfile          |  1 +
>  automation/build/centos/7.dockerfile                   |  1 +
>  .../build/debian/bookworm-arm64v8-arm32-gcc.dockerfile |  1 +
>  automation/build/debian/bookworm-arm64v8.dockerfile    |  1 +
>  automation/build/debian/bookworm-cppcheck.dockerfile   |  1 +
>  automation/build/debian/bookworm-i386.dockerfile       |  1 +
>  automation/build/debian/bookworm.dockerfile            |  1 +
>  automation/build/debian/bullseye-ppc64le.dockerfile    |  1 +
>  automation/build/debian/buster-gcc-ibt.dockerfile      |  1 +
>  automation/build/debian/jessie-i386.dockerfile         |  1 +
>  automation/build/debian/jessie.dockerfile              |  1 +
>  automation/build/debian/stretch-i386.dockerfile        |  1 +
>  automation/build/debian/stretch.dockerfile             |  1 +
>  automation/build/fedora/29.dockerfile                  |  1 +
>  automation/build/suse/opensuse-leap.dockerfile         |  1 +
>  automation/build/suse/opensuse-tumbleweed.dockerfile   |  1 +
>  automation/build/ubuntu/bionic.dockerfile              |  1 +
>  automation/build/ubuntu/focal.dockerfile               |  1 +
>  automation/build/ubuntu/trusty.dockerfile              |  1 +
>  automation/build/ubuntu/xenial-xilinx.dockerfile       |  1 +
>  automation/build/ubuntu/xenial.dockerfile              |  1 +
>  automation/build/yocto/yocto.dockerfile.in             |  2 ++
>  .../tests-artifacts/alpine/3.18-arm64v8.dockerfile     |  1 +
>  automation/tests-artifacts/alpine/3.18.dockerfile      |  1 +
>  .../tests-artifacts/kernel/5.19-arm64v8.dockerfile     |  1 +
>  automation/tests-artifacts/kernel/6.1.19.dockerfile    |  1 +
>  .../qemu-system-aarch64/6.0.0-arm64v8.dockerfile       |  1 +
>  .../qemu-system-ppc64/8.1.0-ppc64.dockerfile           |  1 +
>  32 files changed, 41 insertions(+), 1 deletion(-)
> 
> diff --git a/automation/build/README.md b/automation/build/README.md
> index 1c040533fdd8..12a2b4af1807 100644
> --- a/automation/build/README.md
> +++ b/automation/build/README.md
> @@ -81,7 +81,14 @@ Building a container
>  
>  There is a makefile to make this process easier. You should be
>  able to run `make DISTRO/VERSION` to have Docker build the container
> -for you. If you define the `PUSH` environment variable when running the
> +for you.
> +
> +Xen's dockerfiles use heredocs, which depend on the standardised dockerfile
> +syntax introduced by [BuiltKit].  This should work by default starting with
> +docker 23.0, or podman/buildah v1.33.  For older versions of docker, it can be
> +activated with `DOCKER_BUILDKIT=1` in the environment.
> +
> +If you define the `PUSH` environment variable when running the
>  former `make` command, it will push the container to the [registry] if
>  you have access to do so and have your Docker logged into the registry.
>  
> @@ -101,6 +108,7 @@ env CONTAINER_NO_PULL=1 \
>  make -C automation/build suse/opensuse-tumbleweed PUSH=1
>  ```
>  
> +[BuildKit]: https://docs.docker.com/build/buildkit/
>  [registry]: https://gitlab.com/xen-project/xen/container_registry
>  [registry help]: https://gitlab.com/help/user/project/container_registry
>  
> diff --git a/automation/build/alpine/3.18-arm64v8.dockerfile b/automation/build/alpine/3.18-arm64v8.dockerfile
> index 91e90220240f..19fe46f8418f 100644
> --- a/automation/build/alpine/3.18-arm64v8.dockerfile
> +++ b/automation/build/alpine/3.18-arm64v8.dockerfile
> @@ -1,3 +1,4 @@
> +# syntax=docker/dockerfile:1

Will this fail to parse if not using BuildKit?

Thanks, Roger.

Re: [PATCH for-4.19 2/4] CI: Adjust the usage of inline files

[Roger Pau Monné]

On Wed, Jul 03, 2024 at 03:20:00PM +0100, Andrew Cooper wrote:
> As per:
> 
>   https://github.com/moby/buildkit/blob/master/frontend/dockerfile/docs/reference.md#here-documents
> 
> For inline files, use COPY with a heredoc, rather than opencoding it through
> /bin/sh.
> 
> No practical change.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>

Thanks, Roger.

Re: [PATCH for-4.19 1/4] CI: Formalise the use of heredocs

[Andrew Cooper]

On 03/07/2024 3:34 pm, Roger Pau Monné wrote:
> On Wed, Jul 03, 2024 at 03:19:59PM +0100, Andrew Cooper wrote:
>> Commit b5739330d7f4 introduced the use of heredocs in the jessie/stretch
>> dockerfiles.
>>
>> It turns out this was introduced by BuildKit in 2018 along with a
>> standardisation of Dockerfile syntax, and has subsequently been adopted by the
>> docker community.
>>
>> Annotate all dockerfiles with a statement of the syntax in use, and extend
>> README.md details including how to activate BuildKit when it's available but
>> off by default.
>>
>> This allows the containers to be rebuilt following commit a0e29b316363 ("CI:
>> Drop glibc-i386 from the build containers").
>>
>> Fixes: b5739330d7f4 ("automation: fix jessie/stretch images to use archive.debian.org apt repos")
>> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
> Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>

Thanks.

>
>> ---
>> CC: Anthony PERARD <anthony.perard@vates.tech>
>> CC: Stefano Stabellini <sstabellini@kernel.org>
>> CC: Doug Goldstein <cardoe@cardoe.com>
>> CC: Roger Pau Monné <roger.pau@citrix.com>
>> CC: Oleksii Kurochko <oleksii.kurochko@gmail.com>
>> ---
>>  automation/build/README.md                             | 10 +++++++++-
>>  automation/build/alpine/3.18-arm64v8.dockerfile        |  1 +
>>  automation/build/alpine/3.18.dockerfile                |  1 +
>>  automation/build/archlinux/current-riscv64.dockerfile  |  1 +
>>  automation/build/archlinux/current.dockerfile          |  1 +
>>  automation/build/centos/7.dockerfile                   |  1 +
>>  .../build/debian/bookworm-arm64v8-arm32-gcc.dockerfile |  1 +
>>  automation/build/debian/bookworm-arm64v8.dockerfile    |  1 +
>>  automation/build/debian/bookworm-cppcheck.dockerfile   |  1 +
>>  automation/build/debian/bookworm-i386.dockerfile       |  1 +
>>  automation/build/debian/bookworm.dockerfile            |  1 +
>>  automation/build/debian/bullseye-ppc64le.dockerfile    |  1 +
>>  automation/build/debian/buster-gcc-ibt.dockerfile      |  1 +
>>  automation/build/debian/jessie-i386.dockerfile         |  1 +
>>  automation/build/debian/jessie.dockerfile              |  1 +
>>  automation/build/debian/stretch-i386.dockerfile        |  1 +
>>  automation/build/debian/stretch.dockerfile             |  1 +
>>  automation/build/fedora/29.dockerfile                  |  1 +
>>  automation/build/suse/opensuse-leap.dockerfile         |  1 +
>>  automation/build/suse/opensuse-tumbleweed.dockerfile   |  1 +
>>  automation/build/ubuntu/bionic.dockerfile              |  1 +
>>  automation/build/ubuntu/focal.dockerfile               |  1 +
>>  automation/build/ubuntu/trusty.dockerfile              |  1 +
>>  automation/build/ubuntu/xenial-xilinx.dockerfile       |  1 +
>>  automation/build/ubuntu/xenial.dockerfile              |  1 +
>>  automation/build/yocto/yocto.dockerfile.in             |  2 ++
>>  .../tests-artifacts/alpine/3.18-arm64v8.dockerfile     |  1 +
>>  automation/tests-artifacts/alpine/3.18.dockerfile      |  1 +
>>  .../tests-artifacts/kernel/5.19-arm64v8.dockerfile     |  1 +
>>  automation/tests-artifacts/kernel/6.1.19.dockerfile    |  1 +
>>  .../qemu-system-aarch64/6.0.0-arm64v8.dockerfile       |  1 +
>>  .../qemu-system-ppc64/8.1.0-ppc64.dockerfile           |  1 +
>>  32 files changed, 41 insertions(+), 1 deletion(-)
>>
>> diff --git a/automation/build/README.md b/automation/build/README.md
>> index 1c040533fdd8..12a2b4af1807 100644
>> --- a/automation/build/README.md
>> +++ b/automation/build/README.md
>> @@ -81,7 +81,14 @@ Building a container
>>  
>>  There is a makefile to make this process easier. You should be
>>  able to run `make DISTRO/VERSION` to have Docker build the container
>> -for you. If you define the `PUSH` environment variable when running the
>> +for you.
>> +
>> +Xen's dockerfiles use heredocs, which depend on the standardised dockerfile
>> +syntax introduced by [BuiltKit].  This should work by default starting with
>> +docker 23.0, or podman/buildah v1.33.  For older versions of docker, it can be
>> +activated with `DOCKER_BUILDKIT=1` in the environment.
>> +
>> +If you define the `PUSH` environment variable when running the
>>  former `make` command, it will push the container to the [registry] if
>>  you have access to do so and have your Docker logged into the registry.
>>  
>> @@ -101,6 +108,7 @@ env CONTAINER_NO_PULL=1 \
>>  make -C automation/build suse/opensuse-tumbleweed PUSH=1
>>  ```
>>  
>> +[BuildKit]: https://docs.docker.com/build/buildkit/
>>  [registry]: https://gitlab.com/xen-project/xen/container_registry
>>  [registry help]: https://gitlab.com/help/user/project/container_registry
>>  
>> diff --git a/automation/build/alpine/3.18-arm64v8.dockerfile b/automation/build/alpine/3.18-arm64v8.dockerfile
>> index 91e90220240f..19fe46f8418f 100644
>> --- a/automation/build/alpine/3.18-arm64v8.dockerfile
>> +++ b/automation/build/alpine/3.18-arm64v8.dockerfile
>> @@ -1,3 +1,4 @@
>> +# syntax=docker/dockerfile:1
> Will this fail to parse if not using BuildKit?

No.  To "the legacy builder" (the pre-BuildKit thing), it's just a comment.

But to anything semi recent, it defines the version of the dockerfile
syntax we intend to use, and in particular will prevent you from
accidentally using newer syntax in an older dockerfile.

~Andrew

Re: [PATCH for-4.19 3/4] CI: Drop bin86/dev86 from archlinux container

[Roger Pau Monné]

On Wed, Jul 03, 2024 at 03:20:01PM +0100, Andrew Cooper wrote:
> These packages have moved out of main to AUR, and are not easily accessable
                                                                   ^ accessible?
> any more.  Drop them, because they're only needed for RomBIOS which is very
> legacy these days.

Is there no need to modify any build script in order to prevent
building QEMU trad (and thus rombios), or it has never been built on
Arch in the first place?

(or maybe all releases that we support no longer build QEMU trad by
default?)

> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>

Thanks, Roger.

Re: [PATCH for-4.19 3/4] CI: Drop bin86/dev86 from archlinux container

[Andrew Cooper]

On 03/07/2024 3:43 pm, Roger Pau Monné wrote:
> On Wed, Jul 03, 2024 at 03:20:01PM +0100, Andrew Cooper wrote:
>> These packages have moved out of main to AUR, and are not easily accessable
>                                                                    ^ accessible?

Fixed.

>> any more.  Drop them, because they're only needed for RomBIOS which is very
>> legacy these days.
> Is there no need to modify any build script in order to prevent
> building QEMU trad (and thus rombios), or it has never been built on
> Arch in the first place?
>
> (or maybe all releases that we support no longer build QEMU trad by
> default?)

Qemu trad is off by default now, but the ./configure script will sanity
check too.

Also, Archlinux is nonblocking because it's a rolling distro and
periodically breaks older trees because of an updated GCC.

>
>> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
> Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>

Thanks.

~Andrew

Re: [PATCH for-4.19 4/4] CI: Rework the CentOS7 container

[Roger Pau Monné]

On Wed, Jul 03, 2024 at 03:20:02PM +0100, Andrew Cooper wrote:
> CentOS 7 is fully End-of-life as of 2024-06-30, and the Yum repo configuration
> points at URLs which have become non-existent.
> 
> First, start by using a heredoc RUN for legibility.  It's important to use
> `set -e` to offset the fact that we're no longer chaining every command
> together with an &&.
> 
> Also, because we're using a single RUN command to perform all RPM operations,
> we no longer need to work around the OverlayFS bug.
> 
> Adjust the CentOS-*.repo files to point at vault.centos.org.
> 
> Take the opportunity to split the Xen deps from Tools deps, and to adjust the
> other packages we use:
> 
>  * We need bzip2-devel for the dombuilder, not just bzip2.
>  * zstd-devel is another optional dependency since the last time this package
>    list was refreshed.
>  * openssl-devel hasn't been a dependency since Xen 4.6.
>  * We long ago ceased being able to build Qemu and SeaBIOS in this container,
>    so drop their dependencies too.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Acked-by: Roger Pau Monné <roiger.pau@citrix.com>

> ---
> CC: Anthony PERARD <anthony.perard@vates.tech>
> CC: Stefano Stabellini <sstabellini@kernel.org>
> CC: Doug Goldstein <cardoe@cardoe.com>
> CC: Roger Pau Monné <roger.pau@citrix.com>
> CC: Oleksii Kurochko <oleksii.kurochko@gmail.com>
> ---
>  automation/build/centos/7.dockerfile | 70 +++++++++++++++-------------
>  1 file changed, 37 insertions(+), 33 deletions(-)
> 
> diff --git a/automation/build/centos/7.dockerfile b/automation/build/centos/7.dockerfile
> index 657550f308bb..9e66d72a5bd5 100644
> --- a/automation/build/centos/7.dockerfile
> +++ b/automation/build/centos/7.dockerfile
> @@ -6,44 +6,48 @@ LABEL maintainer.name="The Xen Project" \
>  RUN mkdir /build
>  WORKDIR /build
>  
> -# work around https://github.com/moby/moby/issues/10180
> -# and add EPEL for dev86
> -RUN rpm --rebuilddb && \
> -    yum -y install \
> -        yum-plugin-ovl \
> -        epel-release \
> -    && yum clean all && \
> -    rm -rf /var/cache/yum
> +RUN <<EOF
> +    set -e
> +
> +    # Fix up Yum config now that mirror.centos.org doesn't exist
> +    sed -e 's/mirror.centos.org/vault.centos.org/g' \
> +        -e 's/^#.*baseurl=https\?/baseurl=https/g' \
> +        -e 's/^mirrorlist=https\?/#mirrorlist=https/g' \

Why do you also need to uncomment baseurl and comment mirrorlist?
Isn't baseurl already enabled, and having extra mirrorlist won't harm
as it's just extra location to search for packages? (IOW: even if they
don't exist it shouldn't be an issue).

Thanks, Roger.

Re: [PATCH for-4.19 4/4] CI: Rework the CentOS7 container

[Andrew Cooper]

On 03/07/2024 3:55 pm, Roger Pau Monné wrote:
> On Wed, Jul 03, 2024 at 03:20:02PM +0100, Andrew Cooper wrote:
>> CentOS 7 is fully End-of-life as of 2024-06-30, and the Yum repo configuration
>> points at URLs which have become non-existent.
>>
>> First, start by using a heredoc RUN for legibility.  It's important to use
>> `set -e` to offset the fact that we're no longer chaining every command
>> together with an &&.
>>
>> Also, because we're using a single RUN command to perform all RPM operations,
>> we no longer need to work around the OverlayFS bug.
>>
>> Adjust the CentOS-*.repo files to point at vault.centos.org.
>>
>> Take the opportunity to split the Xen deps from Tools deps, and to adjust the
>> other packages we use:
>>
>>  * We need bzip2-devel for the dombuilder, not just bzip2.
>>  * zstd-devel is another optional dependency since the last time this package
>>    list was refreshed.
>>  * openssl-devel hasn't been a dependency since Xen 4.6.
>>  * We long ago ceased being able to build Qemu and SeaBIOS in this container,
>>    so drop their dependencies too.
>>
>> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
> Acked-by: Roger Pau Monné <roiger.pau@citrix.com>

Thanks.

>
>> ---
>> CC: Anthony PERARD <anthony.perard@vates.tech>
>> CC: Stefano Stabellini <sstabellini@kernel.org>
>> CC: Doug Goldstein <cardoe@cardoe.com>
>> CC: Roger Pau Monné <roger.pau@citrix.com>
>> CC: Oleksii Kurochko <oleksii.kurochko@gmail.com>
>> ---
>>  automation/build/centos/7.dockerfile | 70 +++++++++++++++-------------
>>  1 file changed, 37 insertions(+), 33 deletions(-)
>>
>> diff --git a/automation/build/centos/7.dockerfile b/automation/build/centos/7.dockerfile
>> index 657550f308bb..9e66d72a5bd5 100644
>> --- a/automation/build/centos/7.dockerfile
>> +++ b/automation/build/centos/7.dockerfile
>> @@ -6,44 +6,48 @@ LABEL maintainer.name="The Xen Project" \
>>  RUN mkdir /build
>>  WORKDIR /build
>>  
>> -# work around https://github.com/moby/moby/issues/10180
>> -# and add EPEL for dev86
>> -RUN rpm --rebuilddb && \
>> -    yum -y install \
>> -        yum-plugin-ovl \
>> -        epel-release \
>> -    && yum clean all && \
>> -    rm -rf /var/cache/yum
>> +RUN <<EOF
>> +    set -e
>> +
>> +    # Fix up Yum config now that mirror.centos.org doesn't exist
>> +    sed -e 's/mirror.centos.org/vault.centos.org/g' \
>> +        -e 's/^#.*baseurl=https\?/baseurl=https/g' \
>> +        -e 's/^mirrorlist=https\?/#mirrorlist=https/g' \
> Why do you also need to uncomment baseurl and comment mirrorlist?
> Isn't baseurl already enabled, and having extra mirrorlist won't harm
> as it's just extra location to search for packages? (IOW: even if they
> don't exist it shouldn't be an issue).

It appears that having an uncontactable mirror list, as opposed to no
mirror list, is fatal.

I didn't end up with this because I like the look of the sed expression.

~Andrew

Re: [PATCH for-4.19 3/4] CI: Drop bin86/dev86 from archlinux container

[Anthony PERARD]

On Wed, Jul 03, 2024 at 03:52:48PM +0100, Andrew Cooper wrote:
> Also, Archlinux is nonblocking because it's a rolling distro and
> periodically breaks older trees because of an updated GCC.

Correction: It should be nonblocking, it's not at the moment ;-).

Cheers,

-- 

Anthony Perard | Vates XCP-ng Developer

XCP-ng & Xen Orchestra - Vates solutions

web: https://vates.tech

Re: [PATCH for-4.19 4/4] CI: Rework the CentOS7 container

[Roger Pau Monné]

On Wed, Jul 03, 2024 at 04:09:48PM +0100, Andrew Cooper wrote:
> On 03/07/2024 3:55 pm, Roger Pau Monné wrote:
> > On Wed, Jul 03, 2024 at 03:20:02PM +0100, Andrew Cooper wrote:
> >> CentOS 7 is fully End-of-life as of 2024-06-30, and the Yum repo configuration
> >> points at URLs which have become non-existent.
> >>
> >> First, start by using a heredoc RUN for legibility.  It's important to use
> >> `set -e` to offset the fact that we're no longer chaining every command
> >> together with an &&.
> >>
> >> Also, because we're using a single RUN command to perform all RPM operations,
> >> we no longer need to work around the OverlayFS bug.
> >>
> >> Adjust the CentOS-*.repo files to point at vault.centos.org.
> >>
> >> Take the opportunity to split the Xen deps from Tools deps, and to adjust the
> >> other packages we use:
> >>
> >>  * We need bzip2-devel for the dombuilder, not just bzip2.
> >>  * zstd-devel is another optional dependency since the last time this package
> >>    list was refreshed.
> >>  * openssl-devel hasn't been a dependency since Xen 4.6.
> >>  * We long ago ceased being able to build Qemu and SeaBIOS in this container,
> >>    so drop their dependencies too.
> >>
> >> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
> > Acked-by: Roger Pau Monné <roiger.pau@citrix.com>
> 
> Thanks.
> 
> >
> >> ---
> >> CC: Anthony PERARD <anthony.perard@vates.tech>
> >> CC: Stefano Stabellini <sstabellini@kernel.org>
> >> CC: Doug Goldstein <cardoe@cardoe.com>
> >> CC: Roger Pau Monné <roger.pau@citrix.com>
> >> CC: Oleksii Kurochko <oleksii.kurochko@gmail.com>
> >> ---
> >>  automation/build/centos/7.dockerfile | 70 +++++++++++++++-------------
> >>  1 file changed, 37 insertions(+), 33 deletions(-)
> >>
> >> diff --git a/automation/build/centos/7.dockerfile b/automation/build/centos/7.dockerfile
> >> index 657550f308bb..9e66d72a5bd5 100644
> >> --- a/automation/build/centos/7.dockerfile
> >> +++ b/automation/build/centos/7.dockerfile
> >> @@ -6,44 +6,48 @@ LABEL maintainer.name="The Xen Project" \
> >>  RUN mkdir /build
> >>  WORKDIR /build
> >>  
> >> -# work around https://github.com/moby/moby/issues/10180
> >> -# and add EPEL for dev86
> >> -RUN rpm --rebuilddb && \
> >> -    yum -y install \
> >> -        yum-plugin-ovl \
> >> -        epel-release \
> >> -    && yum clean all && \
> >> -    rm -rf /var/cache/yum
> >> +RUN <<EOF
> >> +    set -e
> >> +
> >> +    # Fix up Yum config now that mirror.centos.org doesn't exist
> >> +    sed -e 's/mirror.centos.org/vault.centos.org/g' \
> >> +        -e 's/^#.*baseurl=https\?/baseurl=https/g' \
> >> +        -e 's/^mirrorlist=https\?/#mirrorlist=https/g' \
> > Why do you also need to uncomment baseurl and comment mirrorlist?
> > Isn't baseurl already enabled, and having extra mirrorlist won't harm
> > as it's just extra location to search for packages? (IOW: even if they
> > don't exist it shouldn't be an issue).
> 
> It appears that having an uncontactable mirror list, as opposed to no
> mirror list, is fatal.
> 
> I didn't end up with this because I like the look of the sed expression.

I wouldn't mind a comment to note the above, but it might be obvious
for people more familiar to yum than myself, hence no strong
request.

Thanks, Roger.

Re: [PATCH for-4.19 0/4] CI: Fixes, part 1

[Oleksii]

On Wed, 2024-07-03 at 15:19 +0100, Andrew Cooper wrote:
> Minimum fixes to rebuild the containers, following the HEREDOC
> problems.
> 
> Unrelated to the HEREDOC problems, Archlinux and CentOS 7 need
> aditional
> chagnes to rebuild.
> 
> There will be subsequent work to make some improvements to CI for
> 4.19, so in
> particular we're testing with up-to-date LTS distros.
If we really want to test with up-to-date LTS distros in 4.19 then it
probably make sense to postpone release date to July 29 to be sure that
everything is okay. July 29 is still fit in our 2 times release cycle
per year.

~ Oleksii 
> 
> Andrew Cooper (4):
>   CI: Formalise the use of heredocs
>   CI: Adjust the usage of inline files
>   CI: Drop bin86/dev86 from archlinux container
>   CI: Rework the CentOS7 container
> 
>  automation/build/README.md                    | 10 ++-
>  .../build/alpine/3.18-arm64v8.dockerfile      |  1 +
>  automation/build/alpine/3.18.dockerfile       |  1 +
>  .../archlinux/current-riscv64.dockerfile      |  1 +
>  automation/build/archlinux/current.dockerfile |  3 +-
>  automation/build/centos/7.dockerfile          | 71 ++++++++++-------
> --
>  .../bookworm-arm64v8-arm32-gcc.dockerfile     |  1 +
>  .../build/debian/bookworm-arm64v8.dockerfile  |  1 +
>  .../build/debian/bookworm-cppcheck.dockerfile |  1 +
>  .../build/debian/bookworm-i386.dockerfile     |  1 +
>  automation/build/debian/bookworm.dockerfile   |  1 +
>  .../build/debian/bullseye-ppc64le.dockerfile  |  1 +
>  .../build/debian/buster-gcc-ibt.dockerfile    |  1 +
>  .../build/debian/jessie-i386.dockerfile       |  3 +-
>  automation/build/debian/jessie.dockerfile     |  3 +-
>  .../build/debian/stretch-i386.dockerfile      |  3 +-
>  automation/build/debian/stretch.dockerfile    |  3 +-
>  automation/build/fedora/29.dockerfile         |  1 +
>  .../build/suse/opensuse-leap.dockerfile       |  1 +
>  .../build/suse/opensuse-tumbleweed.dockerfile |  1 +
>  automation/build/ubuntu/bionic.dockerfile     |  1 +
>  automation/build/ubuntu/focal.dockerfile      |  1 +
>  automation/build/ubuntu/trusty.dockerfile     |  1 +
>  .../build/ubuntu/xenial-xilinx.dockerfile     |  1 +
>  automation/build/ubuntu/xenial.dockerfile     |  1 +
>  automation/build/yocto/yocto.dockerfile.in    |  2 +
>  .../alpine/3.18-arm64v8.dockerfile            |  1 +
>  .../tests-artifacts/alpine/3.18.dockerfile    |  1 +
>  .../kernel/5.19-arm64v8.dockerfile            |  1 +
>  .../tests-artifacts/kernel/6.1.19.dockerfile  |  1 +
>  .../6.0.0-arm64v8.dockerfile                  |  1 +
>  .../qemu-system-ppc64/8.1.0-ppc64.dockerfile  |  1 +
>  32 files changed, 82 insertions(+), 40 deletions(-)
> 
> 
> base-commit: fb76e08a8f7a61dfbc07d0f335f1623bca650d7f

Re: [PATCH for-4.19 0/4] CI: Fixes, part 1

[Andrew Cooper]

On 04/07/2024 11:37 am, Oleksii wrote:
> On Wed, 2024-07-03 at 15:19 +0100, Andrew Cooper wrote:
>> Minimum fixes to rebuild the containers, following the HEREDOC
>> problems.
>>
>> Unrelated to the HEREDOC problems, Archlinux and CentOS 7 need
>> aditional
>> chagnes to rebuild.
>>
>> There will be subsequent work to make some improvements to CI for
>> 4.19, so in
>> particular we're testing with up-to-date LTS distros.
> If we really want to test with up-to-date LTS distros in 4.19 then it
> probably make sense to postpone release date to July 29 to be sure that
> everything is okay. July 29 is still fit in our 2 times release cycle
> per year.

Testing with up-to-date distros is trivial, when I can rebuild the
containers.

I've already got "CI: Fixes, part 2" and "part 3" in progress, hoping to
post today, all for 4.19.

What matters, specifically for 4.19 at this point, is that we put in
place testing such that {staging,stable}-4.19 branches are tested
suitably after release.

It would be really embarrassing for the Xen 4.19 release if it didn't
work with e.g. Ubuntu Noble.

~Andrew

Re: [PATCH for-4.19 0/4] CI: Fixes, part 1

[Oleksii]

On Thu, 2024-07-04 at 11:51 +0100, Andrew Cooper wrote:
> On 04/07/2024 11:37 am, Oleksii wrote:
> > On Wed, 2024-07-03 at 15:19 +0100, Andrew Cooper wrote:
> > > Minimum fixes to rebuild the containers, following the HEREDOC
> > > problems.
> > > 
> > > Unrelated to the HEREDOC problems, Archlinux and CentOS 7 need
> > > aditional
> > > chagnes to rebuild.
> > > 
> > > There will be subsequent work to make some improvements to CI for
> > > 4.19, so in
> > > particular we're testing with up-to-date LTS distros.
> > If we really want to test with up-to-date LTS distros in 4.19 then
> > it
> > probably make sense to postpone release date to July 29 to be sure
> > that
> > everything is okay. July 29 is still fit in our 2 times release
> > cycle
> > per year.
> 
> Testing with up-to-date distros is trivial, when I can rebuild the
> containers.
> 
> I've already got "CI: Fixes, part 2" and "part 3" in progress, hoping
> to
> post today, all for 4.19.
> 
> What matters, specifically for 4.19 at this point, is that we put in
> place testing such that {staging,stable}-4.19 branches are tested
> suitably after release.
> 
> It would be really embarrassing for the Xen 4.19 release if it didn't
> work with e.g. Ubuntu Noble.
Agree, it makes sense.

Release-Acked-by: Oleksii Kurochko <oleksii.kurochko@gmail.com>

~ Oleksii

Re: [PATCH for-4.19 4/4] CI: Rework the CentOS7 container

[Oleksii]

On Wed, 2024-07-03 at 15:20 +0100, Andrew Cooper wrote:
> CentOS 7 is fully End-of-life as of 2024-06-30, and the Yum repo
> configuration
> points at URLs which have become non-existent.
> 
> First, start by using a heredoc RUN for legibility.  It's important
> to use
> `set -e` to offset the fact that we're no longer chaining every
> command
> together with an &&.
> 
> Also, because we're using a single RUN command to perform all RPM
> operations,
> we no longer need to work around the OverlayFS bug.
> 
> Adjust the CentOS-*.repo files to point at vault.centos.org.
> 
> Take the opportunity to split the Xen deps from Tools deps, and to
> adjust the
> other packages we use:
> 
>  * We need bzip2-devel for the dombuilder, not just bzip2.
>  * zstd-devel is another optional dependency since the last time this
> package
>    list was refreshed.
>  * openssl-devel hasn't been a dependency since Xen 4.6.
>  * We long ago ceased being able to build Qemu and SeaBIOS in this
> container,
>    so drop their dependencies too.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
> ---
> CC: Anthony PERARD <anthony.perard@vates.tech>
> CC: Stefano Stabellini <sstabellini@kernel.org>
> CC: Doug Goldstein <cardoe@cardoe.com>
> CC: Roger Pau Monné <roger.pau@citrix.com>
> CC: Oleksii Kurochko <oleksii.kurochko@gmail.com>
Release-Acked-by: Oleksii Kurochko <oleksii.kurochko@gmail.com>

~ Oleksii

> ---
>  automation/build/centos/7.dockerfile | 70 +++++++++++++++-----------
> --
>  1 file changed, 37 insertions(+), 33 deletions(-)
> 
> diff --git a/automation/build/centos/7.dockerfile
> b/automation/build/centos/7.dockerfile
> index 657550f308bb..9e66d72a5bd5 100644
> --- a/automation/build/centos/7.dockerfile
> +++ b/automation/build/centos/7.dockerfile
> @@ -6,44 +6,48 @@ LABEL maintainer.name="The Xen Project" \
>  RUN mkdir /build
>  WORKDIR /build
>  
> -# work around https://github.com/moby/moby/issues/10180
> -# and add EPEL for dev86
> -RUN rpm --rebuilddb && \
> -    yum -y install \
> -        yum-plugin-ovl \
> -        epel-release \
> -    && yum clean all && \
> -    rm -rf /var/cache/yum
> +RUN <<EOF
> +    set -e
> +
> +    # Fix up Yum config now that mirror.centos.org doesn't exist
> +    sed -e 's/mirror.centos.org/vault.centos.org/g' \
> +        -e 's/^#.*baseurl=https\?/baseurl=https/g' \
> +        -e 's/^mirrorlist=https\?/#mirrorlist=https/g' \
> +        -i /etc/yum.repos.d/*.repo
> +
> +    # Add the EPEL repo to get dev86
> +    yum -y install epel-release
> +
> +    yum -y update
>  
> -# install Xen depends
> -RUN yum -y update \
> -    && yum -y install \
> +    # Xen deps
> +    yum -y install \
> +        bison \
> +        binutils \
> +        checkpolicy \
> +        flex \
>          gcc \
> +        make \
> +
> +    # Tools/stubdom/docs deps
> +    yum -y install \
> +        acpica-tools \
> +        bzip2-devel \
> +        dev86 \
>          gcc-c++ \
> -        ncurses-devel \
> -        zlib-devel \
> -        openssl-devel \
> -        python-devel \
> +        git \
>          libuuid-devel \
> +        ncurses-devel \
> +        patch \
>          pkgconfig \
> -        flex \
> -        bison \
> -        libaio-devel \
> -        glib2-devel \
> -        yajl-devel \
> -        pixman-devel \
> -        glibc-devel \
> -        make \
> -        binutils \
> -        git \
> -        wget \
> -        acpica-tools \
> +        python-devel \
>          python-markdown \
> -        patch \
> -        checkpolicy \
> -        dev86 \
> +        wget \
>          xz-devel \
> -        bzip2 \
> -        nasm \
> -    && yum clean all && \
> +        yajl-devel \
> +        zlib-devel \
> +        zstd-devel \
> +
> +    yum clean all
>      rm -rf /var/cache/yum
> +EOF

Re: [PATCH for-4.19 3/4] CI: Drop bin86/dev86 from archlinux container

[Andrew Cooper]

On 03/07/2024 5:19 pm, Anthony PERARD wrote:
> On Wed, Jul 03, 2024 at 03:52:48PM +0100, Andrew Cooper wrote:
>> Also, Archlinux is nonblocking because it's a rolling distro and
>> periodically breaks older trees because of an updated GCC.
> Correction: It should be nonblocking, it's not at the moment ;-).

And it turns out to explode in stubdom because newlib has K&R functions
which the new GCC doesn't tolerate.

I'll need to do a prep patch before this rebuild is safe.

~Andrew

[PATCH for-4.19 v2 4/4] CI: Rework the CentOS7 container

[Andrew Cooper]

CentOS 7 is fully End-of-life as of 2024-06-30, and the Yum repo configuration
points at URLs which have become non-existent.

First, start by using a heredoc RUN for legibility.  It's important to use
`set -e` to offset the fact that we're no longer chaining every command
together with an &&.

Also, because we're using a single RUN command to perform all RPM operations,
we no longer need to work around the OverlayFS bug.

Adjust the CentOS-*.repo files to point at vault.centos.org.  This also
involves swapping mirrorlist= for baseurl= in the yum config.

Use a minor bashism to express the dependenices more coherently, and identify
why we have certain dependencies.  Some adjustments are:

 * We need bzip2-devel for the dombuilder.  bzip2 needs retaining stubdom or
   `tar` fails to unpack the .bz2 archives.
 * {lzo,lz4,ztd}-devel are new optional dependency since the last time this
   package list was refreshed.
 * openssl-devel hasn't been a dependency since Xen 4.6.
 * We long ago ceased being able to build Qemu and SeaBIOS in this container,
   so drop their dependencies too.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Roger Pau Monné <roiger.pau@citrix.com>
Release-Acked-by: Oleksii Kurochko <oleksii.kurochko@gmail.com>
---
CC: Anthony PERARD <anthony.perard@vates.tech>
CC: Stefano Stabellini <sstabellini@kernel.org>
CC: Doug Goldstein <cardoe@cardoe.com>
CC: Roger Pau Monné <roger.pau@citrix.com>
CC: Oleksii Kurochko <oleksii.kurochko@gmail.com>

v2:
 * Expand on the sed required to fix the config
 * Adjust the package list to actually build.  Passing job:
     https://gitlab.com/xen-project/people/andyhhp/xen/-/jobs/7268879932
---
 automation/build/centos/7.dockerfile | 101 ++++++++++++++++-----------
 1 file changed, 62 insertions(+), 39 deletions(-)

diff --git a/automation/build/centos/7.dockerfile b/automation/build/centos/7.dockerfile
index 657550f308bb..f41dda732084 100644
--- a/automation/build/centos/7.dockerfile
+++ b/automation/build/centos/7.dockerfile
@@ -6,44 +6,67 @@ LABEL maintainer.name="The Xen Project" \
 RUN mkdir /build
 WORKDIR /build
 
-# work around https://github.com/moby/moby/issues/10180
-# and add EPEL for dev86
-RUN rpm --rebuilddb && \
-    yum -y install \
-        yum-plugin-ovl \
-        epel-release \
-    && yum clean all && \
-    rm -rf /var/cache/yum
+RUN <<EOF
+    set -e
+
+    # Fix up Yum config now that mirror.centos.org doesn't exist
+    sed -e 's/mirror.centos.org/vault.centos.org/g' \
+        -e 's/^#.*baseurl=https\?/baseurl=https/g' \
+        -e 's/^mirrorlist=https\?/#mirrorlist=https/g' \
+        -i /etc/yum.repos.d/*.repo
+
+    # Add the EPEL repo to get dev86
+    yum -y install epel-release
+
+    # Update everything (Base container is out of date)
+    yum -y update
+
+    DEPS=(
+        # Xen
+        binutils
+        gcc
+        make
+        python
+        # Kconfig
+        bison
+        flex
+        # Flask
+        checkpolicy
+
+        # Tools (general)
+        git
+        gzip
+        patch
+        perl
+        pkgconfig
+        wget
+        # libxenguest dombuilder
+        bzip2-devel
+        lz4-devel
+        lzo-devel
+        xz-devel
+        zlib-devel
+        zstd-devel
+        # libacpi
+        acpica-tools
+        # libxl
+        libuuid-devel
+        yajl-devel
+        # RomBIOS
+        dev86
+        # Header Check
+        gcc-c++
+        # xentop
+        ncurses-devel
+        # Python bindings
+        python-devel
+
+        # Stubdom download/extract
+        bzip2
+    )
+
+    yum -y install "${DEPS[@]}"
 
-# install Xen depends
-RUN yum -y update \
-    && yum -y install \
-        gcc \
-        gcc-c++ \
-        ncurses-devel \
-        zlib-devel \
-        openssl-devel \
-        python-devel \
-        libuuid-devel \
-        pkgconfig \
-        flex \
-        bison \
-        libaio-devel \
-        glib2-devel \
-        yajl-devel \
-        pixman-devel \
-        glibc-devel \
-        make \
-        binutils \
-        git \
-        wget \
-        acpica-tools \
-        python-markdown \
-        patch \
-        checkpolicy \
-        dev86 \
-        xz-devel \
-        bzip2 \
-        nasm \
-    && yum clean all && \
+    yum clean all
     rm -rf /var/cache/yum
+EOF
-- 
2.39.2

Re: [PATCH for-4.19 4/4] CI: Rework the CentOS7 container

[Andrew Cooper]

On 04/07/2024 9:15 am, Roger Pau Monné wrote:
> On Wed, Jul 03, 2024 at 04:09:48PM +0100, Andrew Cooper wrote:
>> On 03/07/2024 3:55 pm, Roger Pau Monné wrote:
>>> On Wed, Jul 03, 2024 at 03:20:02PM +0100, Andrew Cooper wrote:
>>>> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
>>> Acked-by: Roger Pau Monné <roiger.pau@citrix.com>
>> Thanks.

I've taken the liberty of correcting your email address when taking this
tag.

~Andrew