| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <31937c2c-23b5-471d-abcb-188721e995d8@gtucker.io> Date: Mon, 15 Dec 2025 11:15:19 +0100 From: Guillaume Tucker <gtucker@...cker.io> To: Onur Özkan <work@...rozkan.dev> Cc: Nathan Chancellor <nathan@...nel.org>, Miguel Ojeda <ojeda@...nel.org>, linux-kernel@...r.kernel.org, rust-for-linux@...r.kernel.org, linux-kbuild@...r.kernel.org, automated-testing@...ts.yoctoproject.org, workflows@...r.kernel.org, llvm@...ts.linux.dev, Arnd Bergmann <arnd@...db.de> Subject: Re: [PATCH v1 1/2] scripts: add tool to run containerized builds Hi Onur, On 15/12/2025 10:24 am, Onur Özkan wrote: > Hi Guillaume, > > Excellent work! Just one note from my side so far: Thanks for the review! > On Wed, 10 Dec 2025 14:58:28 +0100 > Guillaume Tucker<gtucker@...cker.io> wrote: > >> Add a 'scripts/container' tool written in Python to run any command in >> the source tree from within a container. This can typically be used >> to call 'make' with a compiler toolchain image to run reproducible >> builds but any arbitrary command can be run too. Only Docker and >> Podman are supported for this initial version. >> >> Cc: Nathan Chancellor<nathan@...nel.org> >> Cc: Miguel Ojeda<ojeda@...nel.org> >> Link: >> https://lore.kernel.org/all/affb7aff-dc9b-4263-bbd4- >> a7965c19ac4e@...cker.io/ >> Signed-off-by: Guillaume Tucker<gtucker@...cker.io> --- >> scripts/container | 112 >> ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 112 >> insertions(+) create mode 100755 scripts/container >> >> diff --git a/scripts/container b/scripts/container >> new file mode 100755 >> index 000000000000..74644ac33685 >> --- /dev/null >> +++ b/scripts/container >> @@ -0,0 +1,112 @@ >> +#!/bin/env python3 > By default, this will not work on NixOS because /bin/env is > not a valid path. > > It will fail like this: > > $ cat something > #!/bin/env python3 > > $ ./something > zsh: ./something: bad interpreter: /bin/env: no such file or > directory > > Is there a reason for not using /usr/bin/env? Ah sorry, my bad. I initially started writing this as a shell script using /bin/sh and typed it wrong when changing to Python. So I'll fix it in v2, thanks for flagging this (pylint didn't...). Another change I want to make is to drop the default image as 'gcc' doesn't really help. If the user hasn't set a custom tag, it will pull some generic image from docker.io which won't have all the tools needed to build a kernel. So making the -i option required or turning it into a positional argument would be better than some implicit behaviour. I'll start a separate thread with Konstantin and Arnd about hosting kernel.org toolchain container images as having that should make the tool much more useful and we might set valid default values e.g. kernel.org/gcc. Cheers, Guillaume
Powered by blists - more mailing lists