ioc: copy locally installed software from build stages.#55
ioc: copy locally installed software from build stages.#55henriquesimoes wants to merge 1 commit intomainfrom
Conversation
Dockerfile
Outdated
| FROM base AS no-build | ||
|
|
||
| COPY --from=build-image /opt /opt | ||
| COPY --from=build-image /usr/local /usr/local |
There was a problem hiding this comment.
Don't we have scripts here which are only relevant for the image build phase? 🤔
Like lnls-get-n-unpack
There was a problem hiding this comment.
You are right. But after-build stages wouldn't be aware of such things. We must remove everything (including lnls-get-n-unpack) beforehand if we don't want it to be in the final image, otherwise we won't shrink the image size (which is related to #19).
There was a problem hiding this comment.
So it makes sense to wait for #59 before merging this. What do you think?
There was a problem hiding this comment.
I'm okay with it.
Extra software may be built in the first stages, but are currently not available in the resulting IOC image. Copy the entire `/usr/local` tree in all IOC stages, so that locally installed binaries, libraries and configuration files can be used at runtime. This allows us to build patched versions of tools (e.g. procServ) during build phases and install them at IOC images, centralizing and making it easier to track how they are built. In addition, IOCs can also install custom files which will be available at runtime in a known location. Also, IOCs themselves can also be installed in FHS-compliant paths [1] inside the container as any other packaged software, allowing them the use of conventional system software in a straightforward manner (such as `env` executable discovery). [1] https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s09.html
|
Do we need this for ADPimega at the moment? |
Nope. We're installing the required libraries at build and runtime. We wouldn't need to install libpimega at runtime if we had this PR merged. cnpem/ad-aravis-epics-ioc#1 is depending on this to allow us to copy symlinks installed by the IOC under |
Are you suggesting the IOC build script copy executables itself? |
Not necessarily. I was referring to the creation of a symbolic link at, say, |
I think it would be possible to support defining only the link or hard copy without requiring a copy of everything under |
|
Are you thinking about an explicit rule copying only the link (or binary) in a hard-coded way or a variable-based one? If it is the latter, it would also work to get rid of the However, it also assumes we know what's relevant beforehand, and we can always properly name them. I think that should be true given the build artifacts are deterministic. |
2 participants
Software, other than shared libraries, may be built in the first stages, but are currently not available in the resulting IOC image. Copy the entire
/usr/localtree in all IOC stages, so that locally installed binaries and configuration can be usable at runtime.This allows us to build custom versions of applications during build phases and install them at IOC images, centralizing and making it easier to track how they are built. In addition, IOCs can also install custom files which will be available at runtime in a known location. Still, IOCs themselves can also be installed in FHS-compliant paths inside the container as any other packaged software, allowing them to make use of tools based on system-installed artifacts (such as
envexecutable discovery).