| commit | 2983d7285fe019f943f1b722f26a0f2e959c5f80 | [log] [tgz] |
|---|---|---|
| author | Leopold Schabel <leo@nexantic.com> | Wed Oct 23 12:16:42 2019 +0200 |
| committer | Leopold Schabel <leo@nexantic.com> | Wed Oct 23 12:16:42 2019 +0200 |
| tree | f6b5056682bef41597d02347dff0d523916d196f | |
| parent | e28e1b3556feb786c71f161b357fcf6899e44c19 [diff] |
Improve Bazel Fedora build container handling and cache repository downloads Adds lifecycle management scripts for the dev container and a "bazel" wrapper script, which sets container-only startup options. Replaces /dev/null bind mounts by SELinux contexts for container breakup prevention, since newer podman versions managed to somehow break the ordering of mounts and mounting on top of a volume gives ENOENT. This requires a placeholder .arcconfig. On Fedora, SELinux prevents the container from accessing /dev/kvm, which requires a custom policy (see rWa716c988d69e). Design considerations: - The build cache is on a tmpfs. This avoids fuse-overlayfs overhead. If the container is recreated, we want to drop the build cache - Bazel does not track ambient dependencies, so we do not know if we need to rebuild anything (like after upgrading a compiler). - The repository cache contains just workspace dependencies and is mounted as a volume. The repository caches does not work terribly well yet, we probably need to mount parts ~/.cache/bazel as well. podman always mounts volumes as noexec, so this is not as straight-forward as it looks. Test Plan: Ran the commands from the README as my unprivileged workstation user. Smalltown was built and launched successfully. X-Origin-Diff: phab/D198 GitOrigin-RevId: aff720d2862cdf5d1df67813d842d221d69a84c0
The build uses a Fedora 30 base image with a set of dependencies. Guide has been tested on a Fedora 30 host, with latest rW deployed.
Build the base image:
podman build -t smalltown-builder .
Launch the VM:
scripts/bin/bazel run scripts:launch
Exit qemu using the monitor console: Ctrl-A c quit.