Xen project Mailing List

[PATCH 3/4] CI: Introduce new qubes-hw-runner.dockerfile

To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Tue, 9 Jun 2026 18:31:01 +0100

Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=google header.d=citrix.com header.i="@citrix.com" header.h="Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From"

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx>

Delivery-date: Tue, 09 Jun 2026 17:31:15 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

We want to make the build containers be non-root, but the hardware runner needs to continue being root. Split it out into a dedicated container. Intentionally give it a generic name so it need not change in the future. No practical change. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> --- CC: Anthony PERARD <anthony.perard@xxxxxxxxxx> CC: Stefano Stabellini <sstabellini@xxxxxxxxxx> CC: Michal Orzel <michal.orzel@xxxxxxx> CC: Doug Goldstein <cardoe@xxxxxxxxxx> CC: Roger Pau Monné <roger.pau@xxxxxxxxxx> CC: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx> CC: Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx> I need to backport this patch to all trees (4.18 and later) before alpine:3.18-arm64v8 can be converted to be be non-root. In all other cases we've been renaming the containers to bypass this problem, but alpine:3.18-arm64v8 is in the correct new form. Alternatively, I could see about combining it with the Alpine update (which is long overdue and needs doing). --- .../build/alpine/qubes-hw-runner.dockerfile | 21 +++++++++++++++++++ automation/gitlab-ci/test.yaml | 2 +- 2 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 automation/build/alpine/qubes-hw-runner.dockerfile diff --git a/automation/build/alpine/qubes-hw-runner.dockerfile b/automation/build/alpine/qubes-hw-runner.dockerfile new file mode 100644 index 000000000000..0af17c6aabc6 --- /dev/null +++ b/automation/build/alpine/qubes-hw-runner.dockerfile @@ -0,0 +1,21 @@ +# syntax=docker/dockerfile:1 +FROM --platform=linux/arm64/v8 alpine:3.18 +LABEL maintainer.name="The Xen Project" +LABEL maintainer.email="xen-devel@xxxxxxxxxxxxxxxxxxxx" + +RUN apk --no-cache add bash + +RUN <<EOF +#!/bin/bash + set -eu + + DEPS=( + expect + openssh-client + ) + + apk add --no-cache "${DEPS[@]}" +EOF + +USER root +WORKDIR /build diff --git a/automation/gitlab-ci/test.yaml b/automation/gitlab-ci/test.yaml index 89760b24e63a..70bb4bbb3b45 100644 --- a/automation/gitlab-ci/test.yaml +++ b/automation/gitlab-ci/test.yaml @@ -145,7 +145,7 @@ extends: .test-jobs-common variables: # the test controller runs on RPi4 - CONTAINER: alpine:3.18-arm64v8 + CONTAINER: alpine:qubes-hw-runner LOGFILE: smoke-test.log PCIDEV: "03:00.0" PCIDEV_INTR: "MSI-X" -- 2.39.5

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.