Arm images (odroidC2) (#867)

* Add odroidC2 firmware package

Signed-off-by: Ettore Di Giacinto <[email protected]>

* Add image creation scripts

It also adds odroid-c2 examples image.

None of them are booting correctly. The openSUSE one fails with
#785, and the
Ubuntu one has an outdated kernel that doesn't work with our EFI setup,
needing a specific kernel compiled with EFI support. Keeping the
firmware/packages as samples until we get support for other boards.

It also add pipeline as example for building multi-arch examples images

Signed-off-by: Ettore Di Giacinto <[email protected]>

Author: mudler

.github/workflows/examples_publish.yaml

@@ -0,0 +1,71 @@
+---
+name: 'build multi-arch example files'
+
+on:
+  push:
+    branches:
+      - master
+    tags:
+      - '*'
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - tag: "odroid-c2-"
+            dockerfile: "examples/odroid-c2"
+            platforms: "linux/arm64"
+          - tag: "odroid-c2-ubuntu-3.x"
+            dockerfile: "examples/odroid-c2-ubuntu"
+            platforms: "linux/arm64"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Prepare
+        id: prep
+        run: |
+          DOCKER_IMAGE=quay.io/costoolkit/examples
+          VERSION=latest
+          SHORTREF=${GITHUB_SHA::8}
+          # If this is git tag, use the tag name as a docker tag
+          if [[ $GITHUB_REF == refs/tags/* ]]; then
+            VERSION=${GITHUB_REF#refs/tags/}
+          fi
+          TAGS="${DOCKER_IMAGE}:${{ matrix.tag }}${VERSION},${DOCKER_IMAGE}:${{ matrix.tag }}${SHORTREF}"
+          # If the VERSION looks like a version number, assume that
+          # this is the most recent version of the image and also
+          # tag it 'latest'.
+          if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
+            TAGS="$TAGS,${DOCKER_IMAGE}:${{ matrix.tag }}latest"
+          fi
+          # Set output parameters.
+          echo ::set-output name=tags::${TAGS}
+          echo ::set-output name=docker_image::${DOCKER_IMAGE}
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@master
+        with:
+          platforms: all
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@master
+
+      - name: Login to DockerHub
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v1
+        with:
+          registry: quay.io
+          username: ${{ secrets.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_PASSWORD }}
+      - name: Build
+        uses: docker/build-push-action@v2
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          context: ./${{ matrix.dockerfile }}
+          file: ./${{ matrix.dockerfile }}/Dockerfile
+          platforms: ${{ matrix.platforms }}
+          push: true
+          tags: ${{ steps.prep.outputs.tags }}

examples/odroid-c2-ubuntu/Dockerfile

@@ -0,0 +1,30 @@
+ARG LUET_VERSION=0.20.10
+FROM quay.io/luet/base:$LUET_VERSION AS luet
+
+FROM quay.io/costoolkit/examples:odroid-c2-ubuntu-base
+
+ENV COSIGN_EXPERIMENTAL=1
+ENV COSIGN_REPOSITORY=raccos/releases-green
+
+RUN apt-get update -y
+RUN apt-get install -y dracut-core curl dracut-network rsync
+
+# Copy the luet config file pointing to the upgrade repository
+COPY conf/luet.yaml /etc/luet/luet.yaml
+
+RUN curl -L https://github.com/mudler/luet/releases/download/0.20.10/luet-0.20.10-linux-arm64 --output /usr/bin/luet
+
+RUN chmod +x /usr/bin/luet
+RUN luet install -y meta/cos-verify
+
+RUN luet install --plugin luet-cosign -y meta/cos-minimal
+
+COPY files/ /
+
+# Handle initrd and vmlinuz symlinks
+RUN kernel=$(ls /lib/modules | head -n1) && \
+    dracut -f "/boot/initrd-${kernel}" "${kernel}" && \
+    ln -sf "initrd-${kernel}" /boot/initrd
+
+RUN kernel=/boot/Image && \
+    ln -sf "${kernel#/boot/}" /boot/vmlinuz

examples/odroid-c2-ubuntu/conf/luet.yaml

@@ -0,0 +1,16 @@
+logging:
+  color: false
+  enable_emoji: false
+general:
+   debug: false
+   spinner_charset: 9
+repositories:
+- name: "cos"
+  description: "cOS official"
+  type: "docker"
+  enable: true
+  cached: true
+  priority: 1
+  verify: false
+  urls:
+  - "quay.io/costoolkit/releases-green-arm64"

examples/odroid-c2-ubuntu/files/etc/cos/config

@@ -0,0 +1,45 @@
+# cOS configuration file
+# This file allows to tweak cOS configuration such as: default upgrade/recovery image and GRUB menu entry
+
+# Disable/enable image verification during upgrades ( default: true )
+VERIFY=false
+
+# Disable/enable upgrades via release channels instead of container images. ( default: true )
+CHANNEL_UPGRADES=false
+
+# Default container image used for upgrades. ( defaults to system/cos with channel CHANNEL_UPGRADES enabled )
+UPGRADE_IMAGE="quay.io/mudler/cos-test:cos-standard"
+
+# Default recovery image to use when upgrading the recovery partition
+# ( defaults to recovery/cos in vanilla cOS images with channel CHANNEL_UPGRADES enabled. Otherwise it defaults to UPGRADE_IMAGE ).
+RECOVERY_IMAGE="quay.io/costoolkit/examples:"
+
+# GRUB entry to display on boot. ( defaults: cOS )
+GRUB_ENTRY_NAME="example"
+
+# Space separated list of additional paths that are used to
+# source cloud-config from. ( defaults paths are: /system/oem /oem/ /usr/local/cloud-config/ )
+CLOUD_INIT_PATHS=""
+
+# This is the directory that can be used to store cloud-init files that can be enabled/disabled in runtime
+# by cos-features. ( defaults to /system/features )
+COS_FEATURESDIR="/system/features"
+
+# This is the repository that hosts the signature files used by cosign and luet-cosign plugin during upgrade/deploy to
+# check the artifact signatures
+COSIGN_REPOSITORY="raccos/releases-green"
+
+# This sets keyless verify on building packages with luet and the luet-cosign plugin.
+# 1  = enabled keyless, 0 = disabled, uses normal public key verification
+COSIGN_EXPERIMENTAL=1
+
+# This sets the location of the public key to use to verify the packages installed by luet during upgrade/deploy
+# This can be set to file, URL, KMS URI or Kubernetes Secret
+# This is only used if COSIGN_EXPERIMENTAL is set to 0
+COSIGN_PUBLIC_KEY_LOCATION=""
+
+# Default size (in MB) of disk image files (.img) created during upgrades
+DEFAULT_IMAGE_SIZE=3240
+
+# Path to default configuration grub file
+GRUBCONF="/etc/cos/grub.cfg"

examples/odroid-c2-ubuntu/files/etc/os-release

@@ -0,0 +1,2 @@
+VERSION="15.3"
+PRETTY_NAME="openSUSE"

examples/odroid-c2-ubuntu/files/system/oem/04_accounting.yaml

@@ -0,0 +1,17 @@
+# Default cOS OEM configuration file
+#
+# This file is part of cOS and will get reset during upgrades.
+#
+# Before you change this file manually,
+# consider copying this file to /usr/local/cloud-config or
+# copy the file with a prefix starting by 90, e.g. /oem/91_custom.yaml
+name: "Default user"
+stages:
+   initramfs:
+     - name: "Setup users"
+       ensure_entities:
+       - path: /etc/shadow
+         entity: |
+            kind: "shadow"
+            username: "root"
+            password: "cos"

examples/odroid-c2/Dockerfile

@@ -0,0 +1,69 @@
+ARG LUET_VERSION=0.20.10
+FROM quay.io/luet/base:$LUET_VERSION AS luet
+
+FROM opensuse/leap:15.3
+
+ENV COSIGN_EXPERIMENTAL=1
+ENV COSIGN_REPOSITORY=raccos/releases-green
+
+RUN zypper in -y \
+    # Odroid
+    kernel-default-extra \
+    systemd-sysvinit \
+    grub2-arm64-efi \
+    iproute2 \
+    squashfs \
+    conntrack-tools \
+    findutils \
+    haveged \
+    lsscsi \
+    lvm2 \
+    mdadm \
+    multipath-tools \
+    nfs-utils \
+    open-iscsi \
+    open-vm-tools \
+    python-azure-agent \
+    qemu-guest-agent \
+    rng-tools \
+    systemd \
+    vim \
+    parted \
+    dracut \
+    e2fsprogs \
+    dosfstools \
+    kernel-default \
+    kernel-firmware-bnx2 \
+    kernel-firmware-i915 \
+    kernel-firmware-intel \
+    kernel-firmware-iwlwifi \
+    kernel-firmware-mellanox \
+    kernel-firmware-network \
+    kernel-firmware-platform \
+    kernel-firmware-realtek \
+    coreutils \
+    less \
+    device-mapper \
+    grub2 \
+    which \
+    curl \
+    nano \
+    gawk \
+    haveged \
+    tar \
+    rsync \
+    timezone \
+    jq \
+    gptfdisk
+
+# Copy the luet config file pointing to the upgrade repository
+COPY conf/luet.yaml /etc/luet/luet.yaml
+RUN curl -L https://github.com/mudler/luet/releases/download/0.20.10/luet-0.20.10-linux-arm64 --output /usr/bin/luet
+
+RUN chmod +x /usr/bin/luet
+RUN luet install -y meta/cos-verify
+
+RUN luet install --plugin luet-cosign -y meta/cos-minimal
+
+COPY files/ /
+RUN mkinitrd

examples/odroid-c2/conf/luet.yaml

@@ -0,0 +1,16 @@
+logging:
+  color: false
+  enable_emoji: false
+general:
+   debug: false
+   spinner_charset: 9
+repositories:
+- name: "cos"
+  description: "cOS official"
+  type: "docker"
+  enable: true
+  cached: true
+  priority: 1
+  verify: false
+  urls:
+  - "quay.io/costoolkit/releases-green-arm64"

examples/odroid-c2/files/etc/cos/config

@@ -0,0 +1,45 @@
+# cOS configuration file
+# This file allows to tweak cOS configuration such as: default upgrade/recovery image and GRUB menu entry
+
+# Disable/enable image verification during upgrades ( default: true )
+VERIFY=false
+
+# Disable/enable upgrades via release channels instead of container images. ( default: true )
+CHANNEL_UPGRADES=false
+
+# Default container image used for upgrades. ( defaults to system/cos with channel CHANNEL_UPGRADES enabled )
+UPGRADE_IMAGE="quay.io/mudler/cos-test:cos-standard"
+
+# Default recovery image to use when upgrading the recovery partition
+# ( defaults to recovery/cos in vanilla cOS images with channel CHANNEL_UPGRADES enabled. Otherwise it defaults to UPGRADE_IMAGE ).
+RECOVERY_IMAGE="quay.io/mudler/cos-test:cos-standard"
+
+# GRUB entry to display on boot. ( defaults: cOS )
+GRUB_ENTRY_NAME="example"
+
+# Space separated list of additional paths that are used to
+# source cloud-config from. ( defaults paths are: /system/oem /oem/ /usr/local/cloud-config/ )
+CLOUD_INIT_PATHS=""
+
+# This is the directory that can be used to store cloud-init files that can be enabled/disabled in runtime
+# by cos-features. ( defaults to /system/features )
+COS_FEATURESDIR="/system/features"
+
+# This is the repository that hosts the signature files used by cosign and luet-cosign plugin during upgrade/deploy to
+# check the artifact signatures
+COSIGN_REPOSITORY="raccos/releases-green"
+
+# This sets keyless verify on building packages with luet and the luet-cosign plugin.
+# 1  = enabled keyless, 0 = disabled, uses normal public key verification
+COSIGN_EXPERIMENTAL=1
+
+# This sets the location of the public key to use to verify the packages installed by luet during upgrade/deploy
+# This can be set to file, URL, KMS URI or Kubernetes Secret
+# This is only used if COSIGN_EXPERIMENTAL is set to 0
+COSIGN_PUBLIC_KEY_LOCATION=""
+
+# Default size (in MB) of disk image files (.img) created during upgrades
+DEFAULT_IMAGE_SIZE=3240
+
+# Path to default configuration grub file
+GRUBCONF="/etc/cos/grub.cfg"

examples/odroid-c2/files/etc/os-release

@@ -0,0 +1,2 @@
+VERSION="15.3"
+PRETTY_NAME="openSUSE"