> -----Original Message----- > From: Richard Henderson <richard.hender...@linaro.org> ... > On 10/1/21 12:59 PM, Brian Cain wrote: > > Alex, > > > > We need to update the docker container used for hexagon for new test cases > proposed in Taylor's recent patch series under review. Thankfully, CodeLinaro > has provided a binary of the hexagon cross toolchain so now I think we can > simplify the hexagon docker file to something like the below. I hope this > also > means that we can remove the exceptional handling for the hexagon container. > > > > I can propose a patch but I'm not quite certain how to test it. > > make docker-image-debian-hexagon-cross NOCACHE=1 V=1 > > and then make check-tcg to use the new image.
Ok -- so the intent of the NOCACHE is that it will force the use of my newly modified Dockerfile and not the one in the qemu container repository? > > The "--no-check-certificate" argument to wget is very bad but I'm not quite > certain how to upgrade/change the container's certificate store to accept the > apparently-legit-but-perhaps-newer-than-expected certificate presented by > codelinaro.jfrog.io. > > Hum. This all suggests that it would be better to update the build-toolchain > script. If there's any trust concerns we can verify the download in the dockerfile using the hash file for the tarball and/or the gpg signature. The build-toolchain is a bit of a hassle given the processing time, it'd be great to avoid it. If the hash or signature check doesn't suffice I will investigate how to update debian10's signatures. Are we bound to debian10 for all the containers? If using a different basis was effective at resolving this issue, could I select a different one? > > RUN cd /tmp && \ > > wget --quiet --no-check-certificate ${CLANG_URL} > > RUN cd /opt && \ > > tar xf /tmp/clang+llvm-Sept-2021-cross-hexagon-unknown-linux- > musl.tar.xz > > You'd want to remove the tarball as well. Yes, good point.