diff --git a/4.2/Dockerfile b/4.2/Dockerfile index b6cea6d..9da23dc 100644 --- a/4.2/Dockerfile +++ b/4.2/Dockerfile @@ -7,15 +7,24 @@ FROM debian:buster-slim RUN set -eux; \ +# add backports for (potentially) newer QEMU firmware packages suite="$(awk '$1 == "deb" { print $3; exit }' /etc/apt/sources.list)"; \ echo "deb http://deb.debian.org/debian $suite-backports main" > /etc/apt/sources.list.d/backports.list; \ +# and add APT pinning to ensure we don't accidentally get QEMU from Debian + { \ + echo 'Package: qemu-efi-* ovmf'; \ + echo 'Pin: release a=*-backports'; \ + echo 'Pin-Priority: 600'; \ + echo; \ + echo 'Package: qemu*'; \ + echo 'Pin: version *'; \ + echo 'Pin-Priority: -10'; \ + } > /etc/apt/preferences.d/qemu.pref; \ apt-get update; \ apt-get install -y --no-install-recommends \ - -t "$suite-backports" \ ovmf \ qemu-efi-aarch64 \ qemu-efi-arm \ -# TODO in bullseye+, add u-boot-qemu ? https://packages.debian.org/bullseye/u-boot-qemu ; \ rm -rf /var/lib/apt/lists/* diff --git a/4.2/Dockerfile.native b/4.2/Dockerfile.native new file mode 100644 index 0000000..062d465 --- /dev/null +++ b/4.2/Dockerfile.native @@ -0,0 +1,201 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:buster-slim + +RUN set -eux; \ +# add backports for (potentially) newer QEMU firmware packages + suite="$(awk '$1 == "deb" { print $3; exit }' /etc/apt/sources.list)"; \ + echo "deb http://deb.debian.org/debian $suite-backports main" > /etc/apt/sources.list.d/backports.list; \ +# and add APT pinning to ensure we don't accidentally get QEMU from Debian + { \ + echo 'Package: qemu-efi-* ovmf'; \ + echo 'Pin: release a=*-backports'; \ + echo 'Pin-Priority: 600'; \ + echo; \ + echo 'Package: qemu*'; \ + echo 'Pin: version *'; \ + echo 'Pin-Priority: -10'; \ + } > /etc/apt/preferences.d/qemu.pref; \ + apt-get update; \ + arch="$(dpkg --print-architecture)"; \ + case "$arch" in \ + amd64) apt-get install -y --no-install-recommends ovmf ;; \ + arm64) apt-get install -y --no-install-recommends qemu-efi-aarch64 ;; \ + armel | armhf) apt-get install -y --no-install-recommends qemu-efi-arm ;; \ + *) echo >&2 "warning: architecture '$arch' unknown 😅 (is there a 'QEMU firmware' package that should be installed here? likely candidates: https://packages.debian.org/source/$suite/edk2)" ;; \ + esac; \ + rm -rf /var/lib/apt/lists/* + +COPY *.patch /qemu-patches/ + +# https://wiki.qemu.org/SecurityProcess +ENV QEMU_KEYS \ +# Michael Roth + CEACC9E15534EBABB82D3FA03353C9CEF108B584 +# https://wiki.qemu.org/Planning/ReleaseProcess#Sign_the_resulting_tarball_with_GPG: (they get signed by whoever is making the release) + +# https://www.qemu.org/download/#source +# https://download.qemu.org/?C=M;O=D +ENV QEMU_VERSION 4.2.1 +ENV QEMU_URL https://download.qemu.org/qemu-4.2.1.tar.xz + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + gnupg dirmngr \ + wget \ + xz-utils \ + \ + patch \ + \ + bzip2 \ + gcc \ + gnutls-dev \ + libaio-dev \ + libbz2-dev \ + libc-dev \ + libcap-dev \ + libcap-ng-dev \ + libcurl4-gnutls-dev \ + libglib2.0-dev \ + libiscsi-dev \ + libjpeg-dev \ + libncursesw5-dev \ + libnfs-dev \ + libnuma-dev \ + libpixman-1-dev \ + libpng-dev \ + librbd-dev \ + libseccomp-dev \ + libssh-dev \ + libusb-1.0-0-dev \ + libusbredirparser-dev \ + libxen-dev \ + make \ + pkg-config \ + python3 \ + xfslibs-dev \ + zlib1g-dev \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + \ + tarball="$(basename "$QEMU_URL")"; \ + wget -O "$tarball.sig" "$QEMU_URL.sig"; \ + wget -O "$tarball" "$QEMU_URL" --progress=dot:giga; \ + \ + export GNUPGHOME="$(mktemp -d)"; \ + for key in $QEMU_KEYS; do \ + gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + done; \ + gpg --batch --verify "$tarball.sig" "$tarball"; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ + mkdir /usr/src/qemu; \ + tar -xf "$tarball" -C /usr/src/qemu --strip-components=1; \ + rm "$tarball" "$tarball.sig"; \ + \ + cd /usr/src/qemu; \ + \ + for p in /qemu-patches/*.patch; do \ + patch --strip 1 --input "$p"; \ + done; \ + rm -rf /qemu-patches; \ + \ + arch="$(dpkg --print-architecture)"; \ + case "$arch" in \ + amd64) targetList='x86_64-softmmu' ;; \ + arm64) targetList='aarch64-softmmu' ;; \ + armel | armhf) targetList='arm-softmmu' ;; \ + i386) targetList='i386-softmmu' ;; \ + mips64el) targetList='mips64el-softmmu' ;; \ + ppc64el) targetList='ppc64-softmmu' ;; \ + s390x) targetList='s390x-softmmu' ;; \ + *) echo >&2 "error: architecture '$arch' unimplemented 😅"; exit 1 ;; \ + esac; \ + \ + ./configure --help; \ + ./configure \ +# let's add a link to our source code in the output of "--version" in case our users end up filing bugs against the QEMU project O:) + --with-pkgversion='https://github.com/tianon/docker-qemu' \ + --target-list="$targetList" \ +# let's point "firmware path" to Debian's value so we get access to "OVMF.fd" and friends more easily + --firmwarepath=/usr/share/qemu:/usr/share/seabios:/usr/lib/ipxe/qemu \ +# https://salsa.debian.org/qemu-team/qemu/-/blob/058ab4ec8623766b50055c8c56d0d5448d52fb0a/debian/rules#L38 + --disable-docs \ + --disable-gtk --disable-vte \ + --disable-sdl \ + --enable-attr \ + --enable-bzip2 \ + --enable-cap-ng \ + --enable-curl \ + --enable-curses \ + --enable-fdt \ + --enable-gnutls \ + --enable-kvm \ + --enable-libiscsi \ + --enable-libnfs \ + --enable-libssh \ + --enable-libusb \ + --enable-linux-aio \ + --enable-linux-user \ + --enable-modules \ + --enable-numa \ + --enable-rbd \ + --enable-seccomp \ + --enable-system \ + --enable-tools \ + --enable-usb-redir \ + --enable-vhost-net \ + --enable-vhost-user \ + --enable-vhost-vsock \ + --enable-virtfs \ + --enable-vnc \ + --enable-vnc-jpeg \ + --enable-vnc-png \ + --enable-xen \ + --enable-xfsctl \ +# rbd support is enabled, but "librbd1" is not included since it adds ~60MB and is version-sensitive (https://github.com/tianon/docker-qemu/pull/11#issuecomment-689816553) +# --enable-vde \ + ; \ + make -j "$(nproc)"; \ + make install; \ + \ + cd /; \ + rm -rf /usr/src/qemu; \ + \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find /usr/local \ + -type f \ + \( -executable -o -name '*.so' \) \ +# rbd support is enabled, but "librbd1" is not included since it adds ~60MB and is version-sensitive (https://github.com/tianon/docker-qemu/pull/11#issuecomment-689816553) + -not -name 'block-rbd.so' \ + -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + ; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + \ +# basic smoke test + qemu-img --version + +STOPSIGNAL SIGHUP + +EXPOSE 22 +EXPOSE 5900 + +COPY start-qemu /usr/local/bin/ +CMD ["start-qemu"] diff --git a/5.0/Dockerfile b/5.0/Dockerfile index cb6fadd..fc0e0e2 100644 --- a/5.0/Dockerfile +++ b/5.0/Dockerfile @@ -7,15 +7,24 @@ FROM debian:buster-slim RUN set -eux; \ +# add backports for (potentially) newer QEMU firmware packages suite="$(awk '$1 == "deb" { print $3; exit }' /etc/apt/sources.list)"; \ echo "deb http://deb.debian.org/debian $suite-backports main" > /etc/apt/sources.list.d/backports.list; \ +# and add APT pinning to ensure we don't accidentally get QEMU from Debian + { \ + echo 'Package: qemu-efi-* ovmf'; \ + echo 'Pin: release a=*-backports'; \ + echo 'Pin-Priority: 600'; \ + echo; \ + echo 'Package: qemu*'; \ + echo 'Pin: version *'; \ + echo 'Pin-Priority: -10'; \ + } > /etc/apt/preferences.d/qemu.pref; \ apt-get update; \ apt-get install -y --no-install-recommends \ - -t "$suite-backports" \ ovmf \ qemu-efi-aarch64 \ qemu-efi-arm \ -# TODO in bullseye+, add u-boot-qemu ? https://packages.debian.org/bullseye/u-boot-qemu ; \ rm -rf /var/lib/apt/lists/* diff --git a/5.0/Dockerfile.native b/5.0/Dockerfile.native new file mode 100644 index 0000000..bb97ea7 --- /dev/null +++ b/5.0/Dockerfile.native @@ -0,0 +1,201 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:buster-slim + +RUN set -eux; \ +# add backports for (potentially) newer QEMU firmware packages + suite="$(awk '$1 == "deb" { print $3; exit }' /etc/apt/sources.list)"; \ + echo "deb http://deb.debian.org/debian $suite-backports main" > /etc/apt/sources.list.d/backports.list; \ +# and add APT pinning to ensure we don't accidentally get QEMU from Debian + { \ + echo 'Package: qemu-efi-* ovmf'; \ + echo 'Pin: release a=*-backports'; \ + echo 'Pin-Priority: 600'; \ + echo; \ + echo 'Package: qemu*'; \ + echo 'Pin: version *'; \ + echo 'Pin-Priority: -10'; \ + } > /etc/apt/preferences.d/qemu.pref; \ + apt-get update; \ + arch="$(dpkg --print-architecture)"; \ + case "$arch" in \ + amd64) apt-get install -y --no-install-recommends ovmf ;; \ + arm64) apt-get install -y --no-install-recommends qemu-efi-aarch64 ;; \ + armel | armhf) apt-get install -y --no-install-recommends qemu-efi-arm ;; \ + *) echo >&2 "warning: architecture '$arch' unknown 😅 (is there a 'QEMU firmware' package that should be installed here? likely candidates: https://packages.debian.org/source/$suite/edk2)" ;; \ + esac; \ + rm -rf /var/lib/apt/lists/* + +COPY *.patch /qemu-patches/ + +# https://wiki.qemu.org/SecurityProcess +ENV QEMU_KEYS \ +# Michael Roth + CEACC9E15534EBABB82D3FA03353C9CEF108B584 +# https://wiki.qemu.org/Planning/ReleaseProcess#Sign_the_resulting_tarball_with_GPG: (they get signed by whoever is making the release) + +# https://www.qemu.org/download/#source +# https://download.qemu.org/?C=M;O=D +ENV QEMU_VERSION 5.0.1 +ENV QEMU_URL https://download.qemu.org/qemu-5.0.1.tar.xz + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + gnupg dirmngr \ + wget \ + xz-utils \ + \ + patch \ + \ + bzip2 \ + gcc \ + gnutls-dev \ + libaio-dev \ + libbz2-dev \ + libc-dev \ + libcap-dev \ + libcap-ng-dev \ + libcurl4-gnutls-dev \ + libglib2.0-dev \ + libiscsi-dev \ + libjpeg-dev \ + libncursesw5-dev \ + libnfs-dev \ + libnuma-dev \ + libpixman-1-dev \ + libpng-dev \ + librbd-dev \ + libseccomp-dev \ + libssh-dev \ + libusb-1.0-0-dev \ + libusbredirparser-dev \ + libxen-dev \ + make \ + pkg-config \ + python3 \ + xfslibs-dev \ + zlib1g-dev \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + \ + tarball="$(basename "$QEMU_URL")"; \ + wget -O "$tarball.sig" "$QEMU_URL.sig"; \ + wget -O "$tarball" "$QEMU_URL" --progress=dot:giga; \ + \ + export GNUPGHOME="$(mktemp -d)"; \ + for key in $QEMU_KEYS; do \ + gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + done; \ + gpg --batch --verify "$tarball.sig" "$tarball"; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ + mkdir /usr/src/qemu; \ + tar -xf "$tarball" -C /usr/src/qemu --strip-components=1; \ + rm "$tarball" "$tarball.sig"; \ + \ + cd /usr/src/qemu; \ + \ + for p in /qemu-patches/*.patch; do \ + patch --strip 1 --input "$p"; \ + done; \ + rm -rf /qemu-patches; \ + \ + arch="$(dpkg --print-architecture)"; \ + case "$arch" in \ + amd64) targetList='x86_64-softmmu' ;; \ + arm64) targetList='aarch64-softmmu' ;; \ + armel | armhf) targetList='arm-softmmu' ;; \ + i386) targetList='i386-softmmu' ;; \ + mips64el) targetList='mips64el-softmmu' ;; \ + ppc64el) targetList='ppc64-softmmu' ;; \ + s390x) targetList='s390x-softmmu' ;; \ + *) echo >&2 "error: architecture '$arch' unimplemented 😅"; exit 1 ;; \ + esac; \ + \ + ./configure --help; \ + ./configure \ +# let's add a link to our source code in the output of "--version" in case our users end up filing bugs against the QEMU project O:) + --with-pkgversion='https://github.com/tianon/docker-qemu' \ + --target-list="$targetList" \ +# let's point "firmware path" to Debian's value so we get access to "OVMF.fd" and friends more easily + --firmwarepath=/usr/share/qemu:/usr/share/seabios:/usr/lib/ipxe/qemu \ +# https://salsa.debian.org/qemu-team/qemu/-/blob/058ab4ec8623766b50055c8c56d0d5448d52fb0a/debian/rules#L38 + --disable-docs \ + --disable-gtk --disable-vte \ + --disable-sdl \ + --enable-attr \ + --enable-bzip2 \ + --enable-cap-ng \ + --enable-curl \ + --enable-curses \ + --enable-fdt \ + --enable-gnutls \ + --enable-kvm \ + --enable-libiscsi \ + --enable-libnfs \ + --enable-libssh \ + --enable-libusb \ + --enable-linux-aio \ + --enable-linux-user \ + --enable-modules \ + --enable-numa \ + --enable-rbd \ + --enable-seccomp \ + --enable-system \ + --enable-tools \ + --enable-usb-redir \ + --enable-vhost-net \ + --enable-vhost-user \ + --enable-vhost-vsock \ + --enable-virtfs \ + --enable-vnc \ + --enable-vnc-jpeg \ + --enable-vnc-png \ + --enable-xen \ + --enable-xfsctl \ +# rbd support is enabled, but "librbd1" is not included since it adds ~60MB and is version-sensitive (https://github.com/tianon/docker-qemu/pull/11#issuecomment-689816553) +# --enable-vde \ + ; \ + make -j "$(nproc)"; \ + make install; \ + \ + cd /; \ + rm -rf /usr/src/qemu; \ + \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find /usr/local \ + -type f \ + \( -executable -o -name '*.so' \) \ +# rbd support is enabled, but "librbd1" is not included since it adds ~60MB and is version-sensitive (https://github.com/tianon/docker-qemu/pull/11#issuecomment-689816553) + -not -name 'block-rbd.so' \ + -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + ; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + \ +# basic smoke test + qemu-img --version + +STOPSIGNAL SIGHUP + +EXPOSE 22 +EXPOSE 5900 + +COPY start-qemu /usr/local/bin/ +CMD ["start-qemu"] diff --git a/5.1/Dockerfile b/5.1/Dockerfile index 1d1c6bd..8b6c4a8 100644 --- a/5.1/Dockerfile +++ b/5.1/Dockerfile @@ -7,15 +7,24 @@ FROM debian:buster-slim RUN set -eux; \ +# add backports for (potentially) newer QEMU firmware packages suite="$(awk '$1 == "deb" { print $3; exit }' /etc/apt/sources.list)"; \ echo "deb http://deb.debian.org/debian $suite-backports main" > /etc/apt/sources.list.d/backports.list; \ +# and add APT pinning to ensure we don't accidentally get QEMU from Debian + { \ + echo 'Package: qemu-efi-* ovmf'; \ + echo 'Pin: release a=*-backports'; \ + echo 'Pin-Priority: 600'; \ + echo; \ + echo 'Package: qemu*'; \ + echo 'Pin: version *'; \ + echo 'Pin-Priority: -10'; \ + } > /etc/apt/preferences.d/qemu.pref; \ apt-get update; \ apt-get install -y --no-install-recommends \ - -t "$suite-backports" \ ovmf \ qemu-efi-aarch64 \ qemu-efi-arm \ -# TODO in bullseye+, add u-boot-qemu ? https://packages.debian.org/bullseye/u-boot-qemu ; \ rm -rf /var/lib/apt/lists/* diff --git a/5.1/Dockerfile.native b/5.1/Dockerfile.native new file mode 100644 index 0000000..6fb2e20 --- /dev/null +++ b/5.1/Dockerfile.native @@ -0,0 +1,201 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:buster-slim + +RUN set -eux; \ +# add backports for (potentially) newer QEMU firmware packages + suite="$(awk '$1 == "deb" { print $3; exit }' /etc/apt/sources.list)"; \ + echo "deb http://deb.debian.org/debian $suite-backports main" > /etc/apt/sources.list.d/backports.list; \ +# and add APT pinning to ensure we don't accidentally get QEMU from Debian + { \ + echo 'Package: qemu-efi-* ovmf'; \ + echo 'Pin: release a=*-backports'; \ + echo 'Pin-Priority: 600'; \ + echo; \ + echo 'Package: qemu*'; \ + echo 'Pin: version *'; \ + echo 'Pin-Priority: -10'; \ + } > /etc/apt/preferences.d/qemu.pref; \ + apt-get update; \ + arch="$(dpkg --print-architecture)"; \ + case "$arch" in \ + amd64) apt-get install -y --no-install-recommends ovmf ;; \ + arm64) apt-get install -y --no-install-recommends qemu-efi-aarch64 ;; \ + armel | armhf) apt-get install -y --no-install-recommends qemu-efi-arm ;; \ + *) echo >&2 "warning: architecture '$arch' unknown 😅 (is there a 'QEMU firmware' package that should be installed here? likely candidates: https://packages.debian.org/source/$suite/edk2)" ;; \ + esac; \ + rm -rf /var/lib/apt/lists/* + +COPY *.patch /qemu-patches/ + +# https://wiki.qemu.org/SecurityProcess +ENV QEMU_KEYS \ +# Michael Roth + CEACC9E15534EBABB82D3FA03353C9CEF108B584 +# https://wiki.qemu.org/Planning/ReleaseProcess#Sign_the_resulting_tarball_with_GPG: (they get signed by whoever is making the release) + +# https://www.qemu.org/download/#source +# https://download.qemu.org/?C=M;O=D +ENV QEMU_VERSION 5.1.0 +ENV QEMU_URL https://download.qemu.org/qemu-5.1.0.tar.xz + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + gnupg dirmngr \ + wget \ + xz-utils \ + \ + patch \ + \ + bzip2 \ + gcc \ + gnutls-dev \ + libaio-dev \ + libbz2-dev \ + libc-dev \ + libcap-dev \ + libcap-ng-dev \ + libcurl4-gnutls-dev \ + libglib2.0-dev \ + libiscsi-dev \ + libjpeg-dev \ + libncursesw5-dev \ + libnfs-dev \ + libnuma-dev \ + libpixman-1-dev \ + libpng-dev \ + librbd-dev \ + libseccomp-dev \ + libssh-dev \ + libusb-1.0-0-dev \ + libusbredirparser-dev \ + libxen-dev \ + make \ + pkg-config \ + python3 \ + xfslibs-dev \ + zlib1g-dev \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + \ + tarball="$(basename "$QEMU_URL")"; \ + wget -O "$tarball.sig" "$QEMU_URL.sig"; \ + wget -O "$tarball" "$QEMU_URL" --progress=dot:giga; \ + \ + export GNUPGHOME="$(mktemp -d)"; \ + for key in $QEMU_KEYS; do \ + gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + done; \ + gpg --batch --verify "$tarball.sig" "$tarball"; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ + mkdir /usr/src/qemu; \ + tar -xf "$tarball" -C /usr/src/qemu --strip-components=1; \ + rm "$tarball" "$tarball.sig"; \ + \ + cd /usr/src/qemu; \ + \ + for p in /qemu-patches/*.patch; do \ + patch --strip 1 --input "$p"; \ + done; \ + rm -rf /qemu-patches; \ + \ + arch="$(dpkg --print-architecture)"; \ + case "$arch" in \ + amd64) targetList='x86_64-softmmu' ;; \ + arm64) targetList='aarch64-softmmu' ;; \ + armel | armhf) targetList='arm-softmmu' ;; \ + i386) targetList='i386-softmmu' ;; \ + mips64el) targetList='mips64el-softmmu' ;; \ + ppc64el) targetList='ppc64-softmmu' ;; \ + s390x) targetList='s390x-softmmu' ;; \ + *) echo >&2 "error: architecture '$arch' unimplemented 😅"; exit 1 ;; \ + esac; \ + \ + ./configure --help; \ + ./configure \ +# let's add a link to our source code in the output of "--version" in case our users end up filing bugs against the QEMU project O:) + --with-pkgversion='https://github.com/tianon/docker-qemu' \ + --target-list="$targetList" \ +# let's point "firmware path" to Debian's value so we get access to "OVMF.fd" and friends more easily + --firmwarepath=/usr/share/qemu:/usr/share/seabios:/usr/lib/ipxe/qemu \ +# https://salsa.debian.org/qemu-team/qemu/-/blob/058ab4ec8623766b50055c8c56d0d5448d52fb0a/debian/rules#L38 + --disable-docs \ + --disable-gtk --disable-vte \ + --disable-sdl \ + --enable-attr \ + --enable-bzip2 \ + --enable-cap-ng \ + --enable-curl \ + --enable-curses \ + --enable-fdt \ + --enable-gnutls \ + --enable-kvm \ + --enable-libiscsi \ + --enable-libnfs \ + --enable-libssh \ + --enable-libusb \ + --enable-linux-aio \ + --enable-linux-user \ + --enable-modules \ + --enable-numa \ + --enable-rbd \ + --enable-seccomp \ + --enable-system \ + --enable-tools \ + --enable-usb-redir \ + --enable-vhost-net \ + --enable-vhost-user \ + --enable-vhost-vsock \ + --enable-virtfs \ + --enable-vnc \ + --enable-vnc-jpeg \ + --enable-vnc-png \ + --enable-xen \ + --enable-xfsctl \ +# rbd support is enabled, but "librbd1" is not included since it adds ~60MB and is version-sensitive (https://github.com/tianon/docker-qemu/pull/11#issuecomment-689816553) +# --enable-vde \ + ; \ + make -j "$(nproc)"; \ + make install; \ + \ + cd /; \ + rm -rf /usr/src/qemu; \ + \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find /usr/local \ + -type f \ + \( -executable -o -name '*.so' \) \ +# rbd support is enabled, but "librbd1" is not included since it adds ~60MB and is version-sensitive (https://github.com/tianon/docker-qemu/pull/11#issuecomment-689816553) + -not -name 'block-rbd.so' \ + -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + ; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + \ +# basic smoke test + qemu-img --version + +STOPSIGNAL SIGHUP + +EXPOSE 22 +EXPOSE 5900 + +COPY start-qemu /usr/local/bin/ +CMD ["start-qemu"] diff --git a/5.2/Dockerfile b/5.2/Dockerfile index 89fe8c6..39b6932 100644 --- a/5.2/Dockerfile +++ b/5.2/Dockerfile @@ -7,15 +7,24 @@ FROM debian:buster-slim RUN set -eux; \ +# add backports for (potentially) newer QEMU firmware packages suite="$(awk '$1 == "deb" { print $3; exit }' /etc/apt/sources.list)"; \ echo "deb http://deb.debian.org/debian $suite-backports main" > /etc/apt/sources.list.d/backports.list; \ +# and add APT pinning to ensure we don't accidentally get QEMU from Debian + { \ + echo 'Package: qemu-efi-* ovmf'; \ + echo 'Pin: release a=*-backports'; \ + echo 'Pin-Priority: 600'; \ + echo; \ + echo 'Package: qemu*'; \ + echo 'Pin: version *'; \ + echo 'Pin-Priority: -10'; \ + } > /etc/apt/preferences.d/qemu.pref; \ apt-get update; \ apt-get install -y --no-install-recommends \ - -t "$suite-backports" \ ovmf \ qemu-efi-aarch64 \ qemu-efi-arm \ -# TODO in bullseye+, add u-boot-qemu ? https://packages.debian.org/bullseye/u-boot-qemu ; \ rm -rf /var/lib/apt/lists/* diff --git a/5.2/Dockerfile.native b/5.2/Dockerfile.native new file mode 100644 index 0000000..7a1aa40 --- /dev/null +++ b/5.2/Dockerfile.native @@ -0,0 +1,204 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:buster-slim + +RUN set -eux; \ +# add backports for (potentially) newer QEMU firmware packages + suite="$(awk '$1 == "deb" { print $3; exit }' /etc/apt/sources.list)"; \ + echo "deb http://deb.debian.org/debian $suite-backports main" > /etc/apt/sources.list.d/backports.list; \ +# and add APT pinning to ensure we don't accidentally get QEMU from Debian + { \ + echo 'Package: qemu-efi-* ovmf'; \ + echo 'Pin: release a=*-backports'; \ + echo 'Pin-Priority: 600'; \ + echo; \ + echo 'Package: qemu*'; \ + echo 'Pin: version *'; \ + echo 'Pin-Priority: -10'; \ + } > /etc/apt/preferences.d/qemu.pref; \ + apt-get update; \ + arch="$(dpkg --print-architecture)"; \ + case "$arch" in \ + amd64) apt-get install -y --no-install-recommends ovmf ;; \ + arm64) apt-get install -y --no-install-recommends qemu-efi-aarch64 ;; \ + armel | armhf) apt-get install -y --no-install-recommends qemu-efi-arm ;; \ + *) echo >&2 "warning: architecture '$arch' unknown 😅 (is there a 'QEMU firmware' package that should be installed here? likely candidates: https://packages.debian.org/source/$suite/edk2)" ;; \ + esac; \ + rm -rf /var/lib/apt/lists/* + +COPY *.patch /qemu-patches/ + +# https://wiki.qemu.org/SecurityProcess +ENV QEMU_KEYS \ +# Michael Roth + CEACC9E15534EBABB82D3FA03353C9CEF108B584 +# https://wiki.qemu.org/Planning/ReleaseProcess#Sign_the_resulting_tarball_with_GPG: (they get signed by whoever is making the release) + +# https://www.qemu.org/download/#source +# https://download.qemu.org/?C=M;O=D +ENV QEMU_VERSION 5.2.0 +ENV QEMU_URL https://download.qemu.org/qemu-5.2.0.tar.xz + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + gnupg dirmngr \ + wget \ + xz-utils \ + \ + patch \ + \ + bzip2 \ + gcc \ + gnutls-dev \ + libaio-dev \ + libbz2-dev \ + libc-dev \ + libcap-dev \ + libcap-ng-dev \ + libcurl4-gnutls-dev \ + libglib2.0-dev \ + libiscsi-dev \ + libjpeg-dev \ + libncursesw5-dev \ + libnfs-dev \ + libnuma-dev \ + libpixman-1-dev \ + libpng-dev \ + librbd-dev \ + libseccomp-dev \ + libssh-dev \ + libusb-1.0-0-dev \ + libusbredirparser-dev \ + libxen-dev \ + make \ + pkg-config \ + python3 \ + xfslibs-dev \ + zlib1g-dev \ +# https://wiki.qemu.org/ChangeLog/5.2#Build_Information + ninja-build \ + python3-setuptools \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + \ + tarball="$(basename "$QEMU_URL")"; \ + wget -O "$tarball.sig" "$QEMU_URL.sig"; \ + wget -O "$tarball" "$QEMU_URL" --progress=dot:giga; \ + \ + export GNUPGHOME="$(mktemp -d)"; \ + for key in $QEMU_KEYS; do \ + gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + done; \ + gpg --batch --verify "$tarball.sig" "$tarball"; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ + mkdir /usr/src/qemu; \ + tar -xf "$tarball" -C /usr/src/qemu --strip-components=1; \ + rm "$tarball" "$tarball.sig"; \ + \ + cd /usr/src/qemu; \ + \ + for p in /qemu-patches/*.patch; do \ + patch --strip 1 --input "$p"; \ + done; \ + rm -rf /qemu-patches; \ + \ + arch="$(dpkg --print-architecture)"; \ + case "$arch" in \ + amd64) targetList='x86_64-softmmu' ;; \ + arm64) targetList='aarch64-softmmu' ;; \ + armel | armhf) targetList='arm-softmmu' ;; \ + i386) targetList='i386-softmmu' ;; \ + mips64el) targetList='mips64el-softmmu' ;; \ + ppc64el) targetList='ppc64-softmmu' ;; \ + s390x) targetList='s390x-softmmu' ;; \ + *) echo >&2 "error: architecture '$arch' unimplemented 😅"; exit 1 ;; \ + esac; \ + \ + ./configure --help; \ + ./configure \ +# let's add a link to our source code in the output of "--version" in case our users end up filing bugs against the QEMU project O:) + --with-pkgversion='https://github.com/tianon/docker-qemu' \ + --target-list="$targetList" \ +# let's point "firmware path" to Debian's value so we get access to "OVMF.fd" and friends more easily + --firmwarepath=/usr/share/qemu:/usr/share/seabios:/usr/lib/ipxe/qemu \ +# https://salsa.debian.org/qemu-team/qemu/-/blob/058ab4ec8623766b50055c8c56d0d5448d52fb0a/debian/rules#L38 + --disable-docs \ + --disable-gtk --disable-vte \ + --disable-sdl \ + --enable-attr \ + --enable-bzip2 \ + --enable-cap-ng \ + --enable-curl \ + --enable-curses \ + --enable-fdt \ + --enable-gnutls \ + --enable-kvm \ + --enable-libiscsi \ + --enable-libnfs \ + --enable-libssh \ + --enable-libusb \ + --enable-linux-aio \ + --enable-linux-user \ + --enable-modules \ + --enable-numa \ + --enable-rbd \ + --enable-seccomp \ + --enable-system \ + --enable-tools \ + --enable-usb-redir \ + --enable-vhost-net \ + --enable-vhost-user \ + --enable-vhost-vsock \ + --enable-virtfs \ + --enable-vnc \ + --enable-vnc-jpeg \ + --enable-vnc-png \ + --enable-xen \ + --enable-xfsctl \ +# rbd support is enabled, but "librbd1" is not included since it adds ~60MB and is version-sensitive (https://github.com/tianon/docker-qemu/pull/11#issuecomment-689816553) +# --enable-vde \ + ; \ + make -j "$(nproc)"; \ + make install; \ + \ + cd /; \ + rm -rf /usr/src/qemu; \ + \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find /usr/local \ + -type f \ + \( -executable -o -name '*.so' \) \ +# rbd support is enabled, but "librbd1" is not included since it adds ~60MB and is version-sensitive (https://github.com/tianon/docker-qemu/pull/11#issuecomment-689816553) + -not -name 'block-rbd.so' \ + -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + ; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + \ +# basic smoke test + qemu-img --version + +STOPSIGNAL SIGHUP + +EXPOSE 22 +EXPOSE 5900 + +COPY start-qemu /usr/local/bin/ +CMD ["start-qemu"] diff --git a/Dockerfile.template b/Dockerfile.template index dbd63b3..f956726 100644 --- a/Dockerfile.template +++ b/Dockerfile.template @@ -1,16 +1,58 @@ FROM debian:buster-slim RUN set -eux; \ +# add backports for (potentially) newer QEMU firmware packages suite="$(awk '$1 == "deb" { print $3; exit }' /etc/apt/sources.list)"; \ echo "deb http://deb.debian.org/debian $suite-backports main" > /etc/apt/sources.list.d/backports.list; \ +# and add APT pinning to ensure we don't accidentally get QEMU from Debian + { \ + echo 'Package: qemu-efi-* ovmf'; \ + echo 'Pin: release a=*-backports'; \ + echo 'Pin-Priority: 600'; \ + echo; \ + echo 'Package: qemu*'; \ + echo 'Pin: version *'; \ + echo 'Pin-Priority: -10'; \ + } > /etc/apt/preferences.d/qemu.pref; \ apt-get update; \ +{{ def firmware_packages: { + amd64: "ovmf", + arm64: "qemu-efi-aarch64", + "armel | armhf": "qemu-efi-arm", +# TODO add "i386": "ovmf-ia32" in bullseye+ +# TODO in bullseye+, add u-boot-qemu ? https://packages.debian.org/bullseye/u-boot-qemu (not sure which arches to add this to since it contains all of them... maybe every relevant one?) +} -}} +{{ if env.variant == "native" then ( -}} + arch="$(dpkg --print-architecture)"; \ + case "$arch" in \ +{{ + [ + firmware_packages + | to_entries[] + | ( +-}} + {{ .key }}) apt-get install -y --no-install-recommends {{ .value }} ;; \ +{{ + ) + ] | add +-}} + *) echo >&2 "warning: architecture '$arch' unknown 😅 (is there a 'QEMU firmware' package that should be installed here? likely candidates: https://packages.debian.org/source/$suite/edk2)" ;; \ + esac; \ +{{ ) else ( -}} apt-get install -y --no-install-recommends \ - -t "$suite-backports" \ - ovmf \ - qemu-efi-aarch64 \ - qemu-efi-arm \ -# TODO in bullseye+, add u-boot-qemu ? https://packages.debian.org/bullseye/u-boot-qemu +{{ + [ + [ firmware_packages[] ] + | sort[] + | ( +-}} + {{ . }} \ +{{ + ) + ] | add +-}} ; \ +{{ ) end -}} rm -rf /var/lib/apt/lists/* COPY *.patch /qemu-patches/ @@ -97,11 +139,28 @@ RUN set -eux; \ patch --strip 1 --input "$p"; \ done; \ rm -rf /qemu-patches; \ +{{ if env.variant == "native" then ( -}} + \ + arch="$(dpkg --print-architecture)"; \ + case "$arch" in \ + amd64) targetList='x86_64-softmmu' ;; \ + arm64) targetList='aarch64-softmmu' ;; \ + armel | armhf) targetList='arm-softmmu' ;; \ + i386) targetList='i386-softmmu' ;; \ + mips64el) targetList='mips64el-softmmu' ;; \ + ppc64el) targetList='ppc64-softmmu' ;; \ + s390x) targetList='s390x-softmmu' ;; \ + *) echo >&2 "error: architecture '$arch' unimplemented 😅"; exit 1 ;; \ + esac; \ +{{ ) else "" end -}} \ ./configure --help; \ ./configure \ # let's add a link to our source code in the output of "--version" in case our users end up filing bugs against the QEMU project O:) --with-pkgversion='https://github.com/tianon/docker-qemu' \ +{{ if env.variant == "native" then ( -}} + --target-list="$targetList" \ +{{ ) else ( -}} --target-list=' \ # system targets # (https://sources.debian.org/src/qemu/buster/debian/rules/#L59-L63, slimmed) @@ -115,6 +174,7 @@ RUN set -eux; \ ppc64-linux-user ppc64le-linux-user riscv64-linux-user sparc64-linux-user \ s390x-linux-user \ ' \ +{{ ) end -}} # let's point "firmware path" to Debian's value so we get access to "OVMF.fd" and friends more easily --firmwarepath=/usr/share/qemu:/usr/share/seabios:/usr/lib/ipxe/qemu \ # https://salsa.debian.org/qemu-team/qemu/-/blob/058ab4ec8623766b50055c8c56d0d5448d52fb0a/debian/rules#L38 diff --git a/README.md b/README.md index c26da56..a401289 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ $ docker run -it --rm \ -e QEMU_CDROM=/tmp/debian.iso \ -e QEMU_BOOT='order=d' \ -e QEMU_PORTS='2375 2376' \ - tianon/qemu + tianon/qemu:native ``` Note: port 22 will always be mapped (regardless of the contents of `QEMU_PORTS`). @@ -24,3 +24,5 @@ For supplying additional arguments, use a command of `start-qemu `. For ex For UEFI support, [the `ovmf` package](https://packages.debian.org/sid/ovmf) is installed, which can be utilized most easily by supplying `--bios /usr/share/ovmf/OVMF.fd`. By default, this image will use [QEMU's user-mode networking stack](https://wiki.qemu.org/Documentation/Networking#User_Networking_.28SLIRP.29), which means if you want ping/ICMP working, you'll likely need to also include something like `--sysctl net.ipv4.ping_group_range='0 2147483647'` in your container runtime settings. + +The `native` variants for `amd64` only contain `qemu-system-x86_64` -- the non-`native` variants contain QEMU compiled for a variety of target CPUs. diff --git a/apply-templates.sh b/apply-templates.sh index b40fce5..bce3d12 100755 --- a/apply-templates.sh +++ b/apply-templates.sh @@ -27,14 +27,15 @@ generated_warning() { } for version; do - export version - - echo "processing $version ..." - - { - generated_warning - gawk -f "$jqt" Dockerfile.template - } > "$version/Dockerfile" - cp -a start-qemu "$version/" + for variant in '' native; do + export version variant + + echo "processing $version${variant:+ ($variant)} ..." + + { + generated_warning + gawk -f "$jqt" Dockerfile.template + } > "$version/Dockerfile${variant:+.$variant}" + done done diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 60e3b72..762b266 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -29,8 +29,8 @@ dirCommit() { ( cd "$dir" fileCommit \ - Dockerfile \ - $(git show HEAD:./Dockerfile | awk ' + Dockerfile* \ + $(git show HEAD:./Dockerfile* | awk ' toupper($1) == "COPY" { for (i = 2; i < NF; i++) { print $i @@ -40,6 +40,21 @@ dirCommit() { ) } +getArches() { + local officialImagesUrl='https://github.com/docker-library/official-images/raw/master/library/' + + eval "declare -g -A parentRepoToArches=( $( + find -name 'Dockerfile*' -exec awk ' + toupper($1) == "FROM" && $2 !~ /^(scratch|.*\/.*)(:|$)/ { + print "'"$officialImagesUrl"'" $2 + } + ' '{}' + \ + | sort -u \ + | xargs bashbrew cat --format '[{{ .RepoName }}:{{ .TagName }}]="{{ join " " .TagEntry.Architectures }}"' + ) )" +} +getArches + cat <<-EOH # this file is generated via https://github.com/tianon/docker-qemu/blob/$(fileCommit "$self")/$self @@ -71,10 +86,25 @@ for version; do commit="$(dirCommit "$version")" - echo - cat <<-EOE - Tags: $(join ', ' "${versionAliases[@]}") - GitCommit: $commit - Directory: $version - EOE + for variant in '' native; do + variantAliases=( "${versionAliases[@]}" ) + if [ -n "$variant" ]; then + variantAliases=( "${variantAliases[@]/%/-$variant}" ) + variantAliases=( "${variantAliases[@]//latest-/}" ) + fi + + variantParent="$(awk 'toupper($1) == "FROM" { print $2 }' "$version/Dockerfile${variant:+.$variant}")" + variantArches="${parentRepoToArches[$variantParent]}" + + echo + cat <<-EOE + Tags: $(join ', ' "${variantAliases[@]}") + Architectures: $(join ', ' $variantArches) + GitCommit: $commit + Directory: $version + EOE + if [ -n "$variant" ]; then + echo "File: Dockerfile.$variant" + fi + done done