Open
Conversation
christoph-zededa
force-pushed
the
bump_alpine-3.22
branch
from
d84c1b3 to
a8040ba
Compare
github-actions
bot
requested review from
OhmSpectator,
andrewd-zededa,
deitch,
eriknordmark,
europaul,
jsfakian,
milan-zededa,
naiming-zededa,
rene,
rouming,
rucoder,
shjala and
zedi-pramodh
christoph-zededa
force-pushed
the
bump_alpine-3.22
branch
4 times, most recently
from
9574d8e to
2bf2b96
Compare
rene
reviewed
Mar 4, 2026
| riscv64) \ | ||
| ROOT_URL=https://storage.googleapis.com/eve-alpine && \ | ||
| ROOTFS_URL="$ROOT_URL/images/alpine-minirootfs-220909-riscv64.tar.gz"; \ | ||
| x86_64|aarch64|riscv64) \ |
Contributor
There was a problem hiding this comment.
My understanding is that we had alpine-base solely because of lack of support for riscv64, so we had to download the minirootfs from a personal customized repo. AFAIU we can just do the bootstrap of pkg/alpine directly from alpine:3.22. Is pkg/alpine-base really needed?
Contributor
Author
There was a problem hiding this comment.
Can we please do only the bump of alpine in this PR and do "refactorings" in future PRs?
It is a lot of effort rebasing these >30 commits on master all the time while also the alpine packages get updated in parallel.
Contributor
There was a problem hiding this comment.
I'm working on a pull request to eliminate alpine-base (two lines, maybe three), but need to add documentation changes.
rene
reviewed
Mar 4, 2026
| COPY --from=build /usr/share/dbus-1 /usr/share/dbus-1 | ||
| COPY --from=build /bin/udevadm /bin/udevadm | ||
| COPY --from=build /lib/udev/rules.d /lib/udev/rules.d | ||
| COPY --from=build /usr/lib/udev/rules.d /lib/udev/rules.d |
Contributor
There was a problem hiding this comment.
Question to @milan-zededa, considering Alpine 3.22, is really needed to build all these libraries? Isn't their versions from Alpine 3.22 good enough?
rene
reviewed
Mar 4, 2026
| ./configure && \ | ||
| make -j$(nproc) | ||
| RUN ./bootstrap | ||
| RUN ./configure CFLAGS="-Wno-error" |
Contributor
There was a problem hiding this comment.
vtpm is a critical tool. Which build warnings are you ignoring? Better double check with @shjala .
Contributor
Author
There was a problem hiding this comment.
this one:
#43 4.290 In file included from tools/tpm2_getekcertificate.c:8:
#43 4.290 In function 'retrieve_web_endorsement_certificate',
#43 4.290 inlined from 'get_web_ek_certificate' at tools/tpm2_getekcertificate.c:334:11,
#43 4.290 inlined from 'get_ek_certificates' at tools/tpm2_getekcertificate.c:539:19,
#43 4.290 inlined from 'tpm2_tool_onrun' at tools/tpm2_getekcertificate.c:793:10:
#43 4.290 tools/tpm2_getekcertificate.c:235:14: error: call to '_curl_easy_setopt_err_long' declared with attribute warning: curl_easy_setopt expects a long argument [-Werror=attribute-warning]
#43 4.290 235 | rc = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
#43 4.290 | ^~~~~~~~~~~~~~~~
#43 4.290 tools/tpm2_getekcertificate.c:292:10: error: call to '_curl_easy_setopt_err_long' declared with attribute warning: curl_easy_setopt expects a long argument [-Werror=attribute-warning]
#43 4.290 292 | rc = curl_easy_setopt(curl, CURLOPT_FAILONERROR, true);
#43 4.290 | ^~~~~~~~~~~~~~~~
#43 4.387 cc1: all warnings being treated as errors
#43 4.392 make: *** [Makefile:4067: tools/tpm2-tpm2_getekcertificate.o] Error 1
#43 ERROR: process "/bin/sh -c make -j$(nproc)" did not complete successfully: exit code: 2
Error: error building "lfedge/eve-vtpm:7ee178e008fe2cadcc6be8e32a0cbfddc5eb4990-dirty-dcf2937": error building for arch amd64: failed to solve: process "/bin/sh -c make -j$(nproc)" did not complete successfully: exit code: 2
rene
reviewed
Mar 4, 2026
rene
reviewed
Mar 4, 2026
| @@ -1,49 +0,0 @@ | |||
| From 78e87b0d8e4aa57aae85bc756c78ec47357697d9 Mon Sep 17 00:00:00 2001 | |||
| From: Lyonel Vincent <lyonel@ezix.org> | |||
Contributor
There was a problem hiding this comment.
You can rename the patch number 5 (0005-core-osutils-Fix-std-length_error.patch) to 0001-core-osutils-Fix-std-length_error.patch
Contributor
|
@christoph-zededa (and @famleebob) thank you very much for this work.... this was something everyone was eagerly awaiting.... |
christoph-zededa
commented
Mar 4, 2026
| RUN find /out/usr/lib/ -name '*.la' -delete | ||
| RUN find /out/usr/lib/ -name '*.a' -delete | ||
|
|
||
| RUN rm /out/usr/lib/libprotoc.so* /out/usr/lib/libprotobuf* |
Contributor
Author
There was a problem hiding this comment.
@shjala can you comment on if it is okay to remove these? According to ldd vtpm is not linking against it dynamically, but perhaps it does a dlopen?
Contributor
|
Do the arm64 kvm images still fit in 300Mbyte with these updates? |
Contributor
Author
Yes, on master qemu I see that the size taken is 265.1mb and on my temporary alpine bump branch it is about the same size - 263.5mb. |
christoph-zededa
force-pushed
the
bump_alpine-3.22
branch
from
2bf2b96 to
e407213
Compare
add necessary CXX flags for stat64 and add packages to compile Signed-off-by: Christoph Ostarek <christoph@zededa.com>
to fix compile errors on newer alpine versions Signed-off-by: Christoph Ostarek <christoph@zededa.com>
missing libraries added C++ standard increased Signed-off-by: Christoph Ostarek <christoph@zededa.com>
do not error our if FORTIFY_SOURCE is set twice, once as per compiler, once as per project. Unfortunately we do not have control over setting it here besides disabling it completely, so we disable erroring out on this warning Signed-off-by: Christoph Ostarek <christoph@zededa.com>
adding includes for building on arm64 Signed-off-by: Christoph Ostarek <christoph@zededa.com>
to avoid compile error source of this package: https://github.com/openwrt/openwrt/pull/17352/changes for bsp-imx also fix version name Signed-off-by: Christoph Ostarek <christoph@zededa.com>
add necessary alpine packages needed for the cross-compilers package Signed-off-by: Christoph Ostarek <christoph@zededa.com>
Updated items built within the container, that is `muscl` version to 1.2.5, `lshw` version to 2.20, and `openssh` to 10.0p1`. We download the sources from a `Debian` mirror. This appearsd to be more trusted than `mucl.libc.org`. That assumption should be tested someday (is it still valid?). `abuild` has changed such that a step that a failed `apk add` did not "fail" the `docker` step, needed to mask that new failure. (step is repeated in the Dockerfile, with require `--allow-trusted` argument). Updated to the latest from alpine musl ABUILD file (updated patches, and such). `lshw` insured that all patches are factored in, keeping a fix by Rene. `https://ezix.org/src/pkg/lshw` appears to be the currently active git repository, continued to download tar file. `hexedit` built, so I left it alone. Need to check for fixes. `openssh` the file `/usr/src/ssh/RELEASE_KEY.asc` no longer found. Needed to ADD it from the openssh web site. Signed-off-by: Gerald (Bob) Lee <bob@famleehouse.net>
Often fails verify of the openssh source tar file trying to get a lock. Appears that the import has not completed when the verify starts (at least not released the lock). Inserting a `RUN sleep 5` between the operations passed consistently. Further, tried putting them on a single RUN line (must exit and have result examined). Build consistently work. Signed-off-by: Gerald (Bob) Lee <bob@famleehouse.net>
- fix compiling tpm2 - replace dhclient with dhcpcd as dhclient is no more available in alpine packages Signed-off-by: Christoph Ostarek <christoph@zededa.com>
to the same version we bump everything else Signed-off-by: Christoph Ostarek <christoph@zededa.com>
- add packages needed for new alpine - update aports to alpine 3.22.3 - add needed distfiles for building aports - add workaround for building for armhf Signed-off-by: Christoph Ostarek <christoph@zededa.com>
add necessary packages and cflags Signed-off-by: Christoph Ostarek <christoph@zededa.com>
newer gcc complains and errors out with: ``` 26 19.38 INSTALL out/arm/export-ta_arm64/ta/f04a0fe7-1f5d-4b9b-abf7-619b85b4ce8c.ta 26 19.40 ld.bfd: warning: out/arm/core/all_objs.o has a LOAD segment with RWX permissions 26 19.47 GEN out/arm/core/unpaged_entries.txt 26 19.47 GEN out/arm/core/init_entries.txt 26 19.47 LD out/arm/core/unpaged.o 26 19.48 UPD out/arm/core/.buildcount 26 19.49 GEN out/arm/core/version.o 26 19.50 LD out/arm/core/init.o 26 19.55 ld.bfd: warning: out/arm/core/unpaged.o has a LOAD segment with RWX permissions 26 19.56 GEN out/arm/core/text_unpaged.ld.S 26 19.56 GEN out/arm/core/rodata_unpaged.ld.S 26 19.58 ld.bfd: warning: out/arm/core/init.o has a LOAD segment with RWX permissions 26 19.59 GEN out/arm/core/text_init.ld.S 26 19.60 GEN out/arm/core/rodata_init.ld.S 26 19.63 CPP out/arm/core/kern.ld 26 19.65 LD out/arm/core/tee.elf 26 19.77 ld.bfd: warning: out/arm/core/tee.elf has a LOAD segment with RWX permissions 26 19.84 make: *** [core/arch/arm/kernel/link.mk:167: out/arm/core/tee.elf] Error 1 ``` Signed-off-by: Christoph Ostarek <christoph@zededa.com>
in order to make it compile similar to pkg/optee-os Signed-off-by: Christoph Ostarek <christoph@zededa.com>
busybox adds 'vi' Signed-off-by: Christoph Ostarek <christoph@zededa.com>
This reverts commit 4c0c966. Signed-off-by: Christoph Ostarek <christoph@zededa.com>
to save a lot of space as it brings in libLLVM Signed-off-by: Christoph Ostarek <christoph@zededa.com>
in order to save space Signed-off-by: Christoph Ostarek <christoph@zededa.com>
use `unsigned int` here to avoid compiler error Signed-off-by: Christoph Ostarek <christoph@zededa.com>
this is currently broken and probably needs updated gcc/binutils (according to https://www.mail-archive.com/grub-devel@gnu.org/msg36136.html ) Signed-off-by: Christoph Ostarek <christoph@zededa.com>
it is what it is Signed-off-by: Christoph Ostarek <christoph@zededa.com>
this has been kept for easier transition, but can go away now Signed-off-by: Christoph Ostarek <christoph@zededa.com>
they use newer alpine Signed-off-by: Christoph Ostarek <christoph@zededa.com>
this PR needs a bit more disk space will be reverted shortly before merging into master or shortly after Signed-off-by: Christoph Ostarek <christoph@zededa.com>
for builds whereever it makes sense this is especially needed when a lot of packages are rebuilt Signed-off-by: Christoph Ostarek <christoph@zededa.com>
this updates the dependencies of the packages to use the newest version Signed-off-by: Christoph Ostarek <christoph@zededa.com>
christoph-zededa
force-pushed
the
bump_alpine-3.22
branch
from
9942d57 to
197bc1a
Compare
Contributor
Author
Seems the folder with the udev rules was wrong: https://github.com/lf-edge/eve/compare/9942d57aa8a19748f5c356709166bc65e38122a4..197bc1a3610a9bf57b1b64e5300742ccf239c1e2 thx to @andrewd-zededa for the hint |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Update EVE to alpine 3.22
People that look at this PR, should also have a look at lf-edge/eve-rust#19
How to test and validate this PR
All current tests should work the same with this PR.
Changelog notes
Update Alpine to 3.22
PR Backports
For all current LTS branches, please state explicitly if this PR should be
backported or not. This section is used by our scripts to track the backports,
so, please, do not omit it.
Here is the list of current LTS branches (it should be always up to date):
Checklist
And the last but not least:
check them.
Please, check the boxes above after submitting the PR in interactive mode.
Thanks to @famleebob for the initial alpine bumping and help with several packages.