From: "Marek Marczykowski-Górecki" <marmarek@invisiblethingslab.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Xen-devel <xen-devel@lists.xenproject.org>,
"Anthony PERARD" <anthony.perard@vates.tech>,
"Stefano Stabellini" <sstabellini@kernel.org>,
"Michal Orzel" <michal.orzel@amd.com>,
"Doug Goldstein" <cardoe@cardoe.com>,
"Roger Pau Monné" <roger.pau@citrix.com>,
"Oleksii Kurochko" <oleksii.kurochko@gmail.com>
Subject: Re: [PATCH 3/4] CI: Introduce new qubes-hw-runner.dockerfile
Date: Tue, 9 Jun 2026 21:42:55 +0200 [thread overview]
Message-ID: <aihsv37_XNFFn3Mu@mail-itl> (raw)
In-Reply-To: <20260609173102.2908514-4-andrew.cooper3@citrix.com>
[-- Attachment #1: Type: text/plain, Size: 3124 bytes --]
On Tue, Jun 09, 2026 at 06:31:01PM +0100, Andrew Cooper wrote:
> We want to make the build containers be non-root, but the hardware runner
> needs to continue being root. Split it out into a dedicated container.
> Intentionally give it a generic name so it need not change in the future.
I'd rather prefer to keep the alpine version in the container name, so
future container updates can be made without breaking stable branches. I
have a related patch for this at
https://gitlab.com/xen-project/people/marmarek/xen/-/commits/automation-linux?ref_type=heads,
but apparently not posted yet.
> No practical change.
>
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
> ---
> CC: Anthony PERARD <anthony.perard@vates.tech>
> CC: Stefano Stabellini <sstabellini@kernel.org>
> CC: Michal Orzel <michal.orzel@amd.com>
> CC: Doug Goldstein <cardoe@cardoe.com>
> CC: Roger Pau Monné <roger.pau@citrix.com>
> CC: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
> CC: Oleksii Kurochko <oleksii.kurochko@gmail.com>
>
> I need to backport this patch to all trees (4.18 and later) before
> alpine:3.18-arm64v8 can be converted to be be non-root.
Converted? Since 3.18 is EOL for quite some time already, simply phase
it out slowly.
> In all other cases we've been renaming the containers to bypass this problem,
> but alpine:3.18-arm64v8 is in the correct new form.
>
> Alternatively, I could see about combining it with the Alpine update (which is
> long overdue and needs doing).
Yeah, this.
> ---
> .../build/alpine/qubes-hw-runner.dockerfile | 21 +++++++++++++++++++
> automation/gitlab-ci/test.yaml | 2 +-
> 2 files changed, 22 insertions(+), 1 deletion(-)
> create mode 100644 automation/build/alpine/qubes-hw-runner.dockerfile
>
> diff --git a/automation/build/alpine/qubes-hw-runner.dockerfile b/automation/build/alpine/qubes-hw-runner.dockerfile
> new file mode 100644
> index 000000000000..0af17c6aabc6
> --- /dev/null
> +++ b/automation/build/alpine/qubes-hw-runner.dockerfile
> @@ -0,0 +1,21 @@
> +# syntax=docker/dockerfile:1
> +FROM --platform=linux/arm64/v8 alpine:3.18
> +LABEL maintainer.name="The Xen Project"
> +LABEL maintainer.email="xen-devel@lists.xenproject.org"
> +
> +RUN apk --no-cache add bash
> +
> +RUN <<EOF
> +#!/bin/bash
> + set -eu
> +
> + DEPS=(
> + expect
> + openssh-client
> + )
> +
> + apk add --no-cache "${DEPS[@]}"
> +EOF
> +
> +USER root
> +WORKDIR /build
> diff --git a/automation/gitlab-ci/test.yaml b/automation/gitlab-ci/test.yaml
> index 89760b24e63a..70bb4bbb3b45 100644
> --- a/automation/gitlab-ci/test.yaml
> +++ b/automation/gitlab-ci/test.yaml
> @@ -145,7 +145,7 @@
> extends: .test-jobs-common
> variables:
> # the test controller runs on RPi4
> - CONTAINER: alpine:3.18-arm64v8
> + CONTAINER: alpine:qubes-hw-runner
> LOGFILE: smoke-test.log
> PCIDEV: "03:00.0"
> PCIDEV_INTR: "MSI-X"
> --
> 2.39.5
>
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
next prev parent reply other threads:[~2026-06-09 19:43 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-09 17:30 [PATCH for-4.22 0/4] CI: Disentangle hardware runner containers Andrew Cooper
2026-06-09 17:30 ` [PATCH 1/4] CI: Fixes to containerize Andrew Cooper
2026-06-09 17:31 ` [PATCH 2/4] CI: Rename xenial-xilinx to xilinx-hw-runner Andrew Cooper
2026-06-09 17:31 ` [PATCH 3/4] CI: Introduce new qubes-hw-runner.dockerfile Andrew Cooper
2026-06-09 19:42 ` Marek Marczykowski-Górecki [this message]
2026-06-09 17:31 ` [PATCH 4/4] CI: Rework the archlinux container Andrew Cooper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aihsv37_XNFFn3Mu@mail-itl \
--to=marmarek@invisiblethingslab.com \
--cc=andrew.cooper3@citrix.com \
--cc=anthony.perard@vates.tech \
--cc=cardoe@cardoe.com \
--cc=michal.orzel@amd.com \
--cc=oleksii.kurochko@gmail.com \
--cc=roger.pau@citrix.com \
--cc=sstabellini@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.