On Fri, Oct 03, 2025 at 12:22:15PM -0700, Raymond Mao wrote: > Fetch OP-TEE (4.7.0), TF-A (v2.13.0), MbedTLS (v3.6) and build > bl1 and fip with both Firmware Handoff and Measured Boot enabled. > > Signed-off-by: Raymond Mao <[email protected]> > --- > Changes in V2: > - Move OP-TEE dependencies into the common group. > - Fetch MbedTLS/TF-A and build bl1/fip in dockerfile instead of > post-buildman script. > - Remove Trust Boot related build options. > > tools/docker/Dockerfile | 74 +++++++++++++++++++++++++++++++++++++++-- > 1 file changed, 71 insertions(+), 3 deletions(-) > > diff --git a/tools/docker/Dockerfile b/tools/docker/Dockerfile > index 5b4c75f8400..0a213a7a61e 100644 > --- a/tools/docker/Dockerfile > +++ b/tools/docker/Dockerfile > @@ -58,6 +58,9 @@ RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \ > RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ > --mount=type=cache,target=/var/lib/apt,sharing=locked \ > apt-get update && apt-get install -y \ > + adb \ > + acpica-tools \ > + autoconf \ > automake \ > autopoint \ > bc \ > @@ -65,21 +68,26 @@ RUN > --mount=type=cache,target=/var/cache/apt,sharing=locked \ > bison \ > build-essential \ > byacc \ > + ccache \ > cgpt \ > clang-18 \ > coreutils \ > cpio \ > + cscope \ > curl \ > device-tree-compiler \ > dosfstools \ > e2fsprogs \ > + e2tools \ > efitools \ > erofs-utils \ > exfatprogs \ > expect \ > fakeroot \ > + fastboot \ > fdisk \ > flex \ > + ftp-upload \ > gawk \ > gdisk \ > gettext \ > @@ -92,11 +100,20 @@ RUN > --mount=type=cache,target=/var/cache/apt,sharing=locked \ > imagemagick \ > inetutils-telnet \ > iputils-ping \ > + libattr1-dev \ > + libcap-ng-dev \ > libconfuse-dev \ > + libfdt-dev \ > + libftdi-dev \ > libgit2-dev \ > libjson-glib-dev \ > + libglib2.0-dev \ > + libgmp3-dev \ > libgnutls28-dev \ > libgnutls30 \ > + libhidapi-dev \ > + libmpc-dev \ > + libncurses5-dev \ > libpixman-1-dev \ > libpython3-dev \ > libsdl1.2-dev \ > @@ -110,9 +127,11 @@ RUN > --mount=type=cache,target=/var/cache/apt,sharing=locked \ > lz4 \ > lzma-alone \ > lzop \ > + make \ > mount \ > mtd-utils \ > mtools \ > + netcat \ > net-tools \ > ninja-build \ > openssl \ > @@ -122,12 +141,16 @@ RUN > --mount=type=cache,target=/var/cache/apt,sharing=locked \ > python-is-python3 \ > python2.7 \ > python3 \ > + python3-cryptography \ > python3-dev \ > python3-pip \ > + python3-pyelftools \ > + python3-serial \ > python3-sphinx \ > python3-tomli \ > python3-venv \ > rpm2cpio \ > + rsync \ > sbsigntool \ > socat \ > softhsm2 \ > @@ -136,13 +159,20 @@ RUN > --mount=type=cache,target=/var/cache/apt,sharing=locked \ > sudo \ > swig \ > texinfo \ > + unzip \ > util-linux \ > uuid-dev \ > vboot-kernel-utils \ > vboot-utils \ > + wget \ > + xdg-utils \ > xilinx-bootgen \ > + xsltproc \ > + xterm \ > xxd \ > - zip > + xz-utils \ > + zip \ > + zlib1g-dev
Are some of these deps perhaps optional? I would hope we could build without cscope and xterm, to pick randomly from the top and bottom of the list. I ask since everything we add here makes the container larger, and it's already very big. I'm almost wondering if we should (follow-up, later) add a step where we remove things that tools we built needed, but U-Boot doesn't need for build/tests. -- Tom
signature.asc
Description: PGP signature
