Open Bug 1488325 Opened 6 years ago Updated 4 months ago

CI builds depend on undocumented aarch64 docker images

Categories

(NSS :: Test, defect, P3)

3.39

Tracking

(Not tracked)

People

(Reporter: mt, Unassigned)

References

(Blocks 2 open bugs)

Details

(Whiteboard: [nss-fx][nss-ci])

The base image is here: franziskus/xenial:aarch64

I assume that this is a xenial build with a qemu binary installed in it so that the image can be build on an Intel machine, but it's a mystery.  We really need better reproducibility in our build chain.  That means dockerfiles in repos, and it probably means the scripts necessary to build them.
We have a similar issue with franziskus/nss-aarch64-ci.
Blocks: 1488331
Summary: CI builds depend on an undocumented docker image → CI builds depend on undocumented aarch64 docker images
The aarch64 image is here https://searchfox.org/nss/source/automation/taskcluster/docker-aarch64. The base image is a plain xenial aarch64 base image. Unfortunately there aren't any official ones around. The image is built on the aarch64 machine that's used for CI. It would be great if the image builder could be used here as well but unfortunately that's not working on arm.
I did some research on this and it might be possible to build an image that uses emulation so that we can use the image builder.  See https://www.ecliptik.com/Cross-Building-and-Running-Multi-Arch-Docker-Images/
That could work indeed. It probably needs some hacking around the image builder though. But we already have a copy of that in the NSS tree (the upstream version works only on mozilla-central for a while now so we had to fork).
Assignee: franziskuskiefer → nobody
QA Contact: mwobensmith
Severity: normal → S4
Priority: -- → P3
Whiteboard: [nss-fx][nss-ci]
You need to log in before you can comment on or make changes to this bug.