diff options
author | Tim Taubert <ttaubert@mozilla.com> | 2017-12-01 16:17:06 +0100 |
---|---|---|
committer | Tim Taubert <ttaubert@mozilla.com> | 2017-12-01 16:17:06 +0100 |
commit | c00df3870876ac841b890f328da112c80c04f12e (patch) | |
tree | db9e1ada2b693536604d341e70d77bf705b51508 /automation/taskcluster | |
parent | 07ec5f898074ac09b24ec124a33d717d1ef01ab0 (diff) | |
download | nss-hg-c00df3870876ac841b890f328da112c80c04f12e.tar.gz |
Bug 1422326 - Use fewer layers in HACL* docker image r=franziskus
Summary: https://treeherder.mozilla.org/#/jobs?repo=nss-try&revision=2fc53af42652ac888f87516a4f681cab56135f6a
Reviewers: franziskus
Reviewed By: franziskus
Differential Revision: https://phabricator.services.mozilla.com/D308
Diffstat (limited to 'automation/taskcluster')
-rw-r--r-- | automation/taskcluster/docker-hacl/Dockerfile | 50 | ||||
-rw-r--r-- | automation/taskcluster/docker-hacl/setup-user.sh | 26 | ||||
-rw-r--r-- | automation/taskcluster/docker-hacl/setup.sh | 30 | ||||
-rw-r--r-- | automation/taskcluster/graph/src/image_builder.js | 1 |
4 files changed, 63 insertions, 44 deletions
diff --git a/automation/taskcluster/docker-hacl/Dockerfile b/automation/taskcluster/docker-hacl/Dockerfile index 12a798101..399513143 100644 --- a/automation/taskcluster/docker-hacl/Dockerfile +++ b/automation/taskcluster/docker-hacl/Dockerfile @@ -12,56 +12,18 @@ ENV opamv 4.04.2 ENV haclversion 122e47dee739029f7dd8e7b9dd8e9d77e8646652 # Install required packages and set versions -RUN apt-get -qq update -RUN apt-get install --yes sudo libssl-dev libsqlite3-dev g++-5 gcc-5 m4 make opam pkg-config python libgmp3-dev cmake curl libtool-bin autoconf wget -RUN update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-5 200 -RUN update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-5 200 +ADD setup.sh /tmp/setup.sh +RUN bash /tmp/setup.sh -# Create user +# Create user, add scripts. RUN useradd -ms /bin/bash worker -RUN echo "worker ALL=(ALL:ALL) NOPASSWD:ALL" >> /etc/sudoers WORKDIR /home/worker - -# Add build and test scripts. ADD bin /home/worker/bin RUN chmod +x /home/worker/bin/* USER worker -# Prepare build (OCaml packages) +# Build F*, HACL*, verify. Install a few more dependencies. ENV OPAMYES true -RUN opam init -RUN echo ". /home/worker/.opam/opam-init/init.sh > /dev/null 2> /dev/null || true" >> .bashrc -RUN opam switch -v ${opamv} -RUN opam install ocamlfind batteries sqlite3 fileutils yojson ppx_deriving_yojson zarith pprint menhir ulex process fix wasm stdint - -# Get the HACL* code -RUN git clone ${haclrepo} hacl-star -RUN git -C hacl-star checkout ${haclversion} - -# Prepare submodules, and build, verify, test, and extract c code -# This caches the extracted c code (pins the HACL* version). All we need to do -# on CI now is comparing the code in this docker image with the one in NSS. -RUN opam config exec -- make -C hacl-star prepare -j$(nproc) ENV PATH "/home/worker/hacl-star/dependencies/z3/bin:$PATH" -RUN make -C hacl-star verify-nss -j$(nproc) -RUN make -C hacl-star -f Makefile.build snapshots/nss -j$(nproc) -RUN KOPTS="-funroll-loops 5" make -C hacl-star/code/curve25519 test -j$(nproc) -RUN make -C hacl-star/code/salsa-family test -j$(nproc) - -# Get clang-format-3.9 -RUN curl -LO http://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz -RUN curl -LO http://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig -# Verify the signature. -RUN gpg --keyserver pool.sks-keyservers.net --recv-keys B6C8F98282B944E3B0D5C2530FC3042E345AD05D -RUN gpg --verify *.tar.xz.sig -# Install into /usr/local/. -RUN sudo tar xJvf *.tar.xz -C /usr/local --strip-components=1 -# Cleanup. -RUN rm *.tar.xz* - -# Cleanup -RUN rm -rf ~/.ccache ~/.cache -RUN rm -rf /home/worker/hacl-star/dependencies -RUN sudo apt-get autoremove -y -RUN sudo apt-get clean -RUN sudo apt-get autoclean +ADD setup-user.sh /tmp/setup-user.sh +RUN bash /tmp/setup-user.sh diff --git a/automation/taskcluster/docker-hacl/setup-user.sh b/automation/taskcluster/docker-hacl/setup-user.sh new file mode 100644 index 000000000..ef341ec7d --- /dev/null +++ b/automation/taskcluster/docker-hacl/setup-user.sh @@ -0,0 +1,26 @@ +#!/usr/bin/env bash + +set -v -e -x + +# Prepare build (OCaml packages) +opam init +echo ". /home/worker/.opam/opam-init/init.sh > /dev/null 2> /dev/null || true" >> .bashrc +opam switch -v ${opamv} +opam install ocamlfind batteries sqlite3 fileutils yojson ppx_deriving_yojson zarith pprint menhir ulex process fix wasm stdint + +# Get the HACL* code +git clone ${haclrepo} hacl-star +git -C hacl-star checkout ${haclversion} + +# Prepare submodules, and build, verify, test, and extract c code +# This caches the extracted c code (pins the HACL* version). All we need to do +# on CI now is comparing the code in this docker image with the one in NSS. +opam config exec -- make -C hacl-star prepare -j$(nproc) +make -C hacl-star verify-nss -j$(nproc) +make -C hacl-star -f Makefile.build snapshots/nss -j$(nproc) +KOPTS="-funroll-loops 5" make -C hacl-star/code/curve25519 test -j$(nproc) +make -C hacl-star/code/salsa-family test -j$(nproc) + +# Cleanup. +rm -rf ~/.ccache ~/.cache +rm -rf /home/worker/hacl-star/dependencies diff --git a/automation/taskcluster/docker-hacl/setup.sh b/automation/taskcluster/docker-hacl/setup.sh new file mode 100644 index 000000000..418150a4f --- /dev/null +++ b/automation/taskcluster/docker-hacl/setup.sh @@ -0,0 +1,30 @@ +#!/usr/bin/env bash + +set -v -e -x + +# Update packages. +export DEBIAN_FRONTEND=noninteractive +apt-get -qq update +apt-get install --yes libssl-dev libsqlite3-dev g++-5 gcc-5 m4 make opam pkg-config python libgmp3-dev cmake curl libtool-bin autoconf wget locales +update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-5 200 +update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-5 200 + +# Get clang-format-3.9 +curl -LO http://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz +curl -LO http://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig +# Verify the signature. +gpg --keyserver pool.sks-keyservers.net --recv-keys B6C8F98282B944E3B0D5C2530FC3042E345AD05D +gpg --verify *.tar.xz.sig +# Install into /usr/local/. +tar xJvf *.tar.xz -C /usr/local --strip-components=1 +# Cleanup. +rm *.tar.xz* + +locale-gen en_US.UTF-8 +dpkg-reconfigure locales + +# Cleanup. +rm -rf ~/.ccache ~/.cache +apt-get autoremove -y +apt-get clean +apt-get autoclean diff --git a/automation/taskcluster/graph/src/image_builder.js b/automation/taskcluster/graph/src/image_builder.js index 1346f43b2..b89b6980c 100644 --- a/automation/taskcluster/graph/src/image_builder.js +++ b/automation/taskcluster/graph/src/image_builder.js @@ -54,6 +54,7 @@ export async function buildTask({name, path}) { ], platform: "nss-decision", features: ["dind"], + maxRunTime: 7200, kind: "build", symbol: "I" }; |