xref: /cloud-hypervisor/resources/Dockerfile (revision 226ecf47bb608d52367de61236fb8ad37b871ca2) 
12fe7f54eSRob Bradford# Copyright © 2025 Intel Corporation
25e9886bbSRuslan Mstoi#
3ca96ff60SRob Bradford# SPDX-License-Identifier: Apache-2.0
4ca96ff60SRob Bradford#
58c19d526SRob Bradford# When changing this file don't forget to update the tag name in the
68c19d526SRob Bradford# .github/workflows/docker-image.yaml file if doing multiple per day
78c19d526SRob Bradford
8655d5125SRuoqing HeFROM ubuntu:24.04 AS dev
9db6f894eSSamuel Ortiz
10db5d42adSSebastien BoeufARG TARGETARCH
11*226ecf47SRuoqing HeARG RUST_TOOLCHAIN="1.83.0"
12db6f894eSSamuel OrtizARG CLH_SRC_DIR="/cloud-hypervisor"
13db6f894eSSamuel OrtizARG CLH_BUILD_DIR="$CLH_SRC_DIR/build"
14db6f894eSSamuel OrtizARG CARGO_REGISTRY_DIR="$CLH_BUILD_DIR/cargo_registry"
15db6f894eSSamuel OrtizARG CARGO_GIT_REGISTRY_DIR="$CLH_BUILD_DIR/cargo_git_registry"
16db6f894eSSamuel Ortiz
17db6f894eSSamuel OrtizENV CARGO_HOME=/usr/local/rust
18db6f894eSSamuel OrtizENV RUSTUP_HOME=$CARGO_HOME
19db6f894eSSamuel OrtizENV PATH="$PATH:$CARGO_HOME/bin"
20b8ce1816SRuslan MstoiENV DEBIAN_FRONTEND=noninteractive
21db6f894eSSamuel Ortiz
22db6f894eSSamuel Ortiz# Install all CI dependencies
238363edddSRuslan Mstoi# DL3015 ignored cause not installing openvswitch-switch-dpdk recommended packages breaks ovs_dpdk test
248363edddSRuslan Mstoi# hadolint ignore=DL3008,DL3015
250090ec2dSMichael ZhaoRUN apt-get update \
260090ec2dSMichael Zhao        && apt-get -yq upgrade \
278363edddSRuslan Mstoi        && apt-get install --no-install-recommends -yq \
28d27316daSRob Bradford        build-essential \
2946d6a6cdSRob Bradford        bc \
30db6f894eSSamuel Ortiz        curl \
3146d6a6cdSRob Bradford        wget \
3246d6a6cdSRob Bradford        sudo \
33db6f894eSSamuel Ortiz        mtools \
3433b0e158SSamuel Ortiz        musl-tools \
3546d6a6cdSRob Bradford        libssl-dev \
36d27316daSRob Bradford        pkg-config \
3746d6a6cdSRob Bradford        flex \
3846d6a6cdSRob Bradford        bison \
3946d6a6cdSRob Bradford        libelf-dev \
4046d6a6cdSRob Bradford        qemu-utils \
4146d6a6cdSRob Bradford        libglib2.0-dev \
4246d6a6cdSRob Bradford        libpixman-1-dev \
4346d6a6cdSRob Bradford        libseccomp-dev \
4446d6a6cdSRob Bradford        libcap-ng-dev \
4546d6a6cdSRob Bradford        socat \
4646d6a6cdSRob Bradford        dosfstools \
4746d6a6cdSRob Bradford        cpio \
48d27316daSRob Bradford        python3 \
49d27316daSRob Bradford        python3-setuptools \
5046d6a6cdSRob Bradford        ntfs-3g \
513cb2b72eSHenry Wang        uuid-dev \
5246d6a6cdSRob Bradford        iperf3 \
5346d6a6cdSRob Bradford        zip \
54a08da07dSRob Bradford        git-core \
55a08da07dSRob Bradford        dnsmasq \
5628413d26SRob Bradford        dmsetup \
578363edddSRuslan Mstoi        ca-certificates \
588363edddSRuslan Mstoi        unzip \
598363edddSRuslan Mstoi        iproute2 \
608363edddSRuslan Mstoi        dbus \
618363edddSRuslan Mstoi    && apt-get install openvswitch-switch-dpdk -yq \
62db6f894eSSamuel Ortiz    && apt-get clean \
6370aa5bc2SRuslan Mstoi    && rm -rf /var/lib/apt/lists/* /var/log/*log  /var/log/apt/* /var/lib/dpkg/*-old /var/cache/debconf/*-old
64db6f894eSSamuel Ortiz
65fbaceea4SSebastien BoeufRUN update-alternatives --set ovs-vswitchd /usr/lib/openvswitch-switch-dpdk/ovs-vswitchd-dpdk
66fbaceea4SSebastien Boeuf
671bd8eb68SRuslan Mstoi# hadolint ignore=DL3008
68db5d42adSSebastien BoeufRUN if [ "$TARGETARCH" = "amd64" ]; then \
690090ec2dSMichael Zhao        apt-get update \
700090ec2dSMichael Zhao        && apt-get -yq upgrade \
71b9bd80faSPraveen K Paladugu        && apt-get install --no-install-recommends -yq swtpm \
720090ec2dSMichael Zhao        && apt-get clean \
7370aa5bc2SRuslan Mstoi        && rm -rf /var/lib/apt/lists/* /var/log/*log  /var/log/apt/* /var/lib/dpkg/*-old /var/cache/debconf/*-old; fi
740090ec2dSMichael Zhao
751bd8eb68SRuslan Mstoi# hadolint ignore=DL3008
76db5d42adSSebastien BoeufRUN if [ "$TARGETARCH" = "arm64" ]; then \
77b70e2547SHenry Wang        # On AArch64, `setcap` binary should be installed via `libcap2-bin`.
78b70e2547SHenry Wang        # The `setcap` binary is used in integration tests.
7956c26b3dSMichael Zhao        # `libguestfs-tools` is used for modifying cloud image kernel, and it requires
8056c26b3dSMichael Zhao        # kernel (any version) image in `/boot` and modules in `/lib/modules`.
81b70e2547SHenry Wang        apt-get update \
82b70e2547SHenry Wang        && apt-get -yq upgrade \
838363edddSRuslan Mstoi        && apt-get install --no-install-recommends -yq \
8456c26b3dSMichael Zhao        libcap2-bin \
8556c26b3dSMichael Zhao        libguestfs-tools \
86b7512d3dSRob Bradford        linux-image-generic \
876037c835SHenry Wang        autotools-dev \
886037c835SHenry Wang        autoconf \
896037c835SHenry Wang        automake \
906037c835SHenry Wang        perl \
916037c835SHenry Wang        texinfo \
92b70e2547SHenry Wang        && apt-get clean \
9370aa5bc2SRuslan Mstoi        && rm -rf /var/lib/apt/lists/* /var/log/*log  /var/log/apt/* /var/lib/dpkg/*-old /var/cache/debconf/*-old; fi
94b70e2547SHenry Wang
9533b0e158SSamuel Ortiz# Fix the libssl-dev install
961bd8eb68SRuslan Mstoi# hadolint ignore=SC2155
971e5d35d1SSebastien BoeufRUN export ARCH="$(uname -m)" \
981bd8eb68SRuslan Mstoi    && cp /usr/include/"$ARCH"-linux-gnu/openssl/opensslconf.h /usr/include/openssl/
991e5d35d1SSebastien BoeufENV X86_64_UNKNOWN_LINUX_GNU_OPENSSL_LIB_DIR=/usr/lib/x86_64-linux-gnu/
1001e5d35d1SSebastien BoeufENV X86_64_UNKNOWN_LINUX_MUSL_OPENSSL_LIB_DIR=/usr/lib/x86_64-linux-gnu/
1011e5d35d1SSebastien BoeufENV AARCH64_UNKNOWN_LINUX_GNU_OPENSSL_LIB_DIR=/usr/lib/aarch64-linux-gnu/
1021e5d35d1SSebastien BoeufENV AARCH64_UNKNOWN_LINUX_MUSL_OPENSSL_LIB_DIR=/usr/lib/aarch64-linux-gnu/
10333b0e158SSamuel OrtizENV OPENSSL_INCLUDE_DIR=/usr/include/
10433b0e158SSamuel Ortiz
105db6f894eSSamuel Ortiz# Install the rust toolchain
1061bd8eb68SRuslan Mstoi# hadolint ignore=DL4006,SC2155
1071e5d35d1SSebastien BoeufRUN export ARCH="$(uname -m)" \
108ece4fc20SRob Bradford    && nohup curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal --default-toolchain "$RUST_TOOLCHAIN" \
1091bd8eb68SRuslan Mstoi    && rustup target add "$ARCH"-unknown-linux-musl --toolchain "$RUST_TOOLCHAIN" \
1100d50d0b2SRuoqing He    && if [ "$TARGETARCH" = "amd64" ]; then \
1110d50d0b2SRuoqing He        rustup toolchain add --profile minimal --force-non-host \
1120d50d0b2SRuoqing He            $RUST_TOOLCHAIN-x86_64-unknown-linux-musl; fi \
113db5d42adSSebastien Boeuf    && if [ "$TARGETARCH" = "amd64" ]; then rustup component add rustfmt; fi \
114db5d42adSSebastien Boeuf    && if [ "$TARGETARCH" = "amd64" ]; then rustup component add clippy; fi \
115db6f894eSSamuel Ortiz    && rm -rf "$CARGO_HOME/registry" \
116db6f894eSSamuel Ortiz    && ln -s "$CARGO_REGISTRY_DIR" "$CARGO_HOME/registry" \
117db6f894eSSamuel Ortiz    && rm -rf "$CARGO_HOME/git" \
118db6f894eSSamuel Ortiz    && ln -s "$CARGO_GIT_REGISTRY_DIR" "$CARGO_HOME/git"
119db6f894eSSamuel Ortiz
120db6f894eSSamuel Ortiz# Set the rust environment
1211bd8eb68SRuslan Mstoi# hadolint ignore=SC2016
1221bd8eb68SRuslan MstoiRUN echo 'source $CARGO_HOME/env' >> "$HOME"/.bashrc \
1231bd8eb68SRuslan Mstoi    && mkdir "$HOME"/.cargo \
1241bd8eb68SRuslan Mstoi    && ln -s $CARGO_HOME/env "$HOME"/.cargo/env
125ae68c802SBo Chen
126655d5125SRuoqing He# Allow pip to install packages system wide
1275388fa1cSRuoqing He# hadolint ignore=DL3003,SC2046
1285388fa1cSRuoqing HeRUN rm /usr/lib/python3.12/EXTERNALLY-MANAGED \
129655d5125SRuoqing He        && git clone https://github.com/spdk/spdk \
13027f7b2c2SBo Chen        && cd spdk \
1317f47a030Sdom.song        && git checkout ef8bcce58f3f02b79c0619a297e4f17e81e62b24 \
13227f7b2c2SBo Chen        && git submodule update --init \
13327f7b2c2SBo Chen        && apt-get update \
13427f7b2c2SBo Chen        && ./scripts/pkgdep.sh \
13505769879SRob Bradford        && apt-get clean \
13627f7b2c2SBo Chen        && ./configure --with-vfio-user \
1375388fa1cSRuoqing He        && if [ "$TARGETARCH" = "amd64" ]; then \
1385388fa1cSRuoqing He            make -j $(nproc) TARGET_ARCHITECTURE=skylake; \
1395388fa1cSRuoqing He        elif [ "$TARGETARCH" = "arm64" ]; then \
1405cb51154SRuoqing He            make -j $(nproc) TARGET_ARCHITECTURE="armv8.2-a" DPDKBUILD_FLAGS="-Dplatform=generic"; \
1415388fa1cSRuoqing He        else \
1425388fa1cSRuoqing He            echo "Unsupported architecture: ${TARGETARCH}" && exit 1; \
1435388fa1cSRuoqing He        fi \
1447f47a030Sdom.song        && rm -rf /usr/local/bin/spdk-nvme \
14527f7b2c2SBo Chen        && mkdir /usr/local/bin/spdk-nvme \
1467f47a030Sdom.song        && cp -f ./build/bin/nvmf_tgt /usr/local/bin/spdk-nvme \
1477f47a030Sdom.song        && cp -f ./scripts/rpc.py /usr/local/bin/spdk-nvme \
1485cb51154SRuoqing He        && cp -rf ./python/spdk/ /usr/local/bin/spdk-nvme \
1497f47a030Sdom.song        && cp -rf ./python /usr/local/bin \
1505388fa1cSRuoqing He        && cd .. && rm -rf spdk
1511603841fSBo Chen
1521603841fSBo Chen# install ethr tool for performance tests
15309e21e8fSRob BradfordRUN if [ "$TARGETARCH" = "amd64" ]; then \
1541bd8eb68SRuslan Mstoi    wget -nv https://github.com/microsoft/ethr/releases/latest/download/ethr_linux.zip \
1551603841fSBo Chen    && unzip ethr_linux.zip \
1561603841fSBo Chen    && cp ethr /usr/local/bin \
15709e21e8fSRob Bradford    && rm ethr_linux.zip; fi
158