| Leopold | e1ebf72 | 2023-01-08 14:18:15 +0100 | [diff] [blame] | 1 | # How to set up a build environment |
| 2 | |
| 3 | We strongly recommend a Linux workstation - it offers the |
| 4 | best developer experience by a fair margin. Fedora or Ubuntu are good choices. |
| 5 | |
| 6 | The more CPU cores, the merrier - our build is fully parallelized, but the monorepo builds |
| 7 | a LOT of stuff, including all of EDK2, QEMU, the Linux kernel, Kubernetes... Bazel is smart about |
| 8 | not rebuilding things that haven't changed, but sometimes, you'll still be hit with a full rebuild |
| 9 | (such as when the sysroot or Bazel version changes). |
| 10 | |
| 11 | We will offer pre-warmed build caches in the future, but for now, bring a big rig! |
| 12 | |
| 13 | ## Dependencies |
| 14 | |
| 15 | Monogon's monorepo uses [Bazel](https://bazel.build) for fast, hermetic and fully reproducible builds. |
| 16 | |
| 17 | Our build environment brings its own hermetic and reproducible sysroot, |
| 18 | so we only require minimal host dependencies: |
| 19 | |
| 20 | - Any Linux distribution with a reasonably recent kernel with unprivileged |
| 21 | user namespaces enabled. Bazel requires user namespaces to set up its hermetic per-action |
| 22 | sandbox without special privileges or capabilities. |
| 23 | |
| 24 | - [Bazelisk](https://github.com/bazelbuild/bazelisk) >= v1.15.0. Bazel is serious about breaking |
| 25 | backwards compatibility with each major release, so you need the right version to build the repo. |
| 26 | Bazelisk downloads (and verifies) the correct version of Bazel for you. It's the de-facto standard |
| 27 | way of using Bazel, a bit like rustup is for Rust users. |
| 28 | |
| 29 | The following distributions are known to work: |
| 30 | |
| 31 | - Fedora >= 36 |
| 32 | - Ubuntu >= 20.04 |
| 33 | - Debian >= 11 |
| 34 | - RHEL / Alma / Rocky >= 8.4 |
| Leopold Schabel | 9508b12 | 2023-07-14 17:54:17 +0200 | [diff] [blame] | 35 | - NixOS >= 23.05 (see below) |
| Leopold | e1ebf72 | 2023-01-08 14:18:15 +0100 | [diff] [blame] | 36 | |
| 37 | You can use this snippet to install the official Bazelisk release binary to `/usr/local/bin`: |
| 38 | |
| 39 | ```bash |
| 40 | TMPFILE=$(mktemp) && \ |
| 41 | curl -L -o $TMPFILE \ |
| 42 | https://github.com/bazelbuild/bazelisk/releases/download/v1.15.0/bazelisk-linux-amd64 && \ |
| 43 | sha256sum -c - <<< "19fd84262d5ef0cb958bcf01ad79b528566d8fef07ca56906c5c516630a0220b $TMPFILE" && \ |
| 44 | sudo install -m 0755 $TMPFILE /usr/local/bin/bazel && \ |
| 45 | rm $TMPFILE |
| 46 | ``` |
| 47 | |
| 48 | Alternatively, if you have a Go >= 1.16 toolchain, you can compile it yourself: |
| 49 | |
| 50 | ```bash |
| 51 | # This uses Go's transparency log for pinning to ensure the release hasn't been tampered with. |
| 52 | go install github.com/bazelbuild/bazelisk@v1.15.0 |
| 53 | sudo mv ~/go/bin/bazelisk /usr/local/bin/bazel |
| 54 | ``` |
| 55 | |
| 56 | ### /dev/kvm access for test suites |
| 57 | |
| 58 | Monogon's tests make extensive use of KVM to run virtual machines, both to test the OS as well |
| 59 | as running various microVM-based unit tests. If you want to run all tests, you'll need to make sure |
| 60 | that your local user has access to `/dev/kvm`. You can check this by running `touch /dev/kvm`. |
| 61 | |
| 62 | If you only want to build artifacts without running tests, no KVM access is required. |
| 63 | |
| 64 | On most Linux distributions, you can add your user to the `kvm` group to allow access to `/dev/kvm`: |
| 65 | |
| 66 | ```bash |
| 67 | sudo gpasswd -a $USER kvm |
| 68 | # re-login or run "sudo -u $USER -i" to get a shell with the new group membership |
| 69 | ``` |
| 70 | |
| 71 | If you are running in a virtual machine, make sure that your virtualization software supports |
| 72 | nested virtualization - otherwise, it won't be possible to use KVM inside the VM. |
| 73 | |
| 74 | `/dev/kvm` is considered safe to use by unprivileged users. All of Monogon's monorepo can |
| 75 | be built and tested without root privileges or other dangerous capabilities. |
| 76 | |
| 77 | ### NixOS |
| 78 | |
| Leopold Schabel | 67023fe | 2023-08-14 12:36:35 +0000 | [diff] [blame] | 79 | We fully support building on NixOS, and we provide a `shell.nix` file to make it easy. Just run `nix-shell` in the |
| 80 | project root! This will drop you into a shell with all dependencies installed, and you can run `bazel ...` as usual. |
| Leopold Schabel | 9508b12 | 2023-07-14 17:54:17 +0200 | [diff] [blame] | 81 | |
| Tim Windelschmidt | 5bfdb97 | 2023-11-25 06:01:28 +0100 | [diff] [blame] | 82 | You can also execute tools/bazel directly on a system with Nix installed, as our bazel wrapper automatically switches into the environment created by our `shell.nix`. |
| Leopold | e1ebf72 | 2023-01-08 14:18:15 +0100 | [diff] [blame] | 83 | |
| 84 | ## IntelliJ |
| 85 | |
| 86 | This repository is compatible with the IntelliJ Bazel plugin out of the box, which enables |
| 87 | full autocompletion for external dependencies and generated code. |
| 88 | |
| 89 | The following steps are necessary: |
| 90 | |
| 91 | - Install the [Bazel](https://plugins.jetbrains.com/plugin/8609-bazel), |
| 92 | Go and Protocol Buffer plugins in IntelliJ. |
| 93 | - Make sure that Bazel "*Bazel Binary Location*" in Other Settings → Bazel Settings points to Bazelisk. |
| 94 | - Use _File → Import Bazel project_... and select your monorepo checkout. |
| 95 | |
| 96 | After running the first sync (Alt-Y), everything should now resolve in the IDE, including generated code. |
| 97 | Whenever the project structure changes, re-run the sync to update the IDE. |
| 98 | |
| 99 | It can be useful to configure an External Tool to run Gazelle and add a keyboard shortcut |
| 100 | to quickly run it after changing the project layout. |
| 101 | |
| 102 | ## Trouble? |
| 103 | |
| 104 | Developer experience is very important. Please file a GitHub issue if you run into any problems |
| 105 | or encounter any pain points - we want to fix them! |