CINXE.COM
Launchpad Blog
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta name="description" content="Blog posts from the Launchpad team" /> <title>Launchpad Blog</title> <link href="https://blog.launchpad.net/wp-content/themes/launchpad/style.css" rel="stylesheet" type="text/css" /> <link rel="shortcut icon" href="https://launchpad.net/@@/launchpad" /> <script type="text/javascript" src="https://blog.launchpad.net/wp-content/themes/launchpad/js/mootools-1.2-core.js"></script> <script type="text/javascript" src="https://blog.launchpad.net/wp-content/themes/launchpad/js/funcs.js"></script> <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-12833497-3']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> </head> <body> <!-- Header --> <div id="header"> <a href="/wp-admin" style="float:right; top: 2px;">Log in</a> <div id="finder"> <input type="search" accesskey="s" value="Search blog archives" name="s" id="s" /> <input type="hidden" name="blog_url" id="blog_url" value="https://blog.launchpad.net" /> <a href="https://blog.launchpad.net/feed" title="RSS Feed for Blog Entries"><img src="https://blog.launchpad.net/wp-content/themes/launchpad/images/rss.png" alt="RSS Feed" /></a> </div> <h1><a href="https://blog.launchpad.net" class="header-link"><img src="https://blog.launchpad.net/wp-content/themes/launchpad/images/logo.png" /><span class="logotext"> launchpad</span><strong>blog</strong></a></h1> </div> <div id="content" class="widecolumn"> <div class="navigation"> « <a href="https://blog.launchpad.net/general/introducing-project-scoped-access-tokens" rel="prev">Introducing Project-Scoped Access Tokens</a> <a href="https://blog.launchpad.net/general/launchpad-verified-federated-matrix-accounts" rel="next">Launchpad-linked federated Matrix accounts</a> » </div> <div class="post" id="post-4397"> <h2> <a href="https://blog.launchpad.net/ppa/self-service-riscv64-builds" rel="bookmark" title="Permanent Link: Self-service riscv64 builds">Self-service riscv64 builds</a> </h2> <div class="entry"> <p>Launchpad has supported building for riscv64 for a while, since it was a requirement to get Ubuntu’s riscv64 port going. We don’t actually have riscv64 hardware in our datacentre, since we’d need server-class hardware with the hypervisor extension and that’s still in its infancy; instead, we do full-system emulation of riscv64 on beefy amd64 hardware using <code>qemu</code>. This has worked well enough for a while, although it isn’t exactly fast.</p> <p>The biggest problem with our setup wasn’t so much performance, though; it was that we were just using a bunch of manually-provisioned virtual machines, and they weren’t being reset to a clean state between builds. As a result, it would have been possible for a malicious build to compromise future builds on the same builder: it would only need a chroot or container escape. This violated our standard security model for builders, in which each build runs in an isolated ephemeral VM, and each VM is destroyed and restarted from a clean image at the end of every build. As a result, we had to limit the set of people who were allowed to have riscv64 builds on Launchpad, and we had to restrict things like snap recipes to only use very tightly-pinned parts from elsewhere on the internet (pinning is often a good idea anyway, but at an infrastructural level it isn’t something we need to require on other architectures).</p> <p>We’ve wanted to bring this onto the same footing as our other architectures for some time. In Canonical’s most recent product development cycle, we worked with the OpenStack team to get <a href="https://bugs.launchpad.net/bugs/2023211">riscv64 emulation support into nova</a>, and installed a backport of this on our newest internal cloud region. This almost took care of the problem. However, Launchpad builder images start out as <a href="https://cloud-images.ubuntu.com/">standard Ubuntu cloud images</a>, which on riscv64 are only available from Ubuntu 22.04 LTS onwards; in testing 22.04-based VMs on other relatively slow architectures we already knew that we were seeing some mysterious hangs in snap recipe builds. Figuring this out blocked us for some time, and involved some pretty intensive debugging of the “<code>strace</code> absolutely everything in sight and see if anything sensible falls out” variety. We eventually narrowed this down to a LXD bug and were at least able to provide a <a href="https://github.com/canonical/lxd/pull/12530">workaround</a>, at which point bringing up new builders was easy.</p> <p>As a result, you can now enable riscv64 builds for yourself in your PPAs or snap recipes. Visit the PPA and follow the “Change details” link, or visit the snap recipe and follow the “Edit snap package” link; you’ll see a list of checkboxes under “Processors”, and you can enable or disable any that aren’t greyed out, including riscv64. This now means that all Ubuntu architectures are fully virtualized and unrestricted in Launchpad, making it easier for developers to experiment.</p> <p>Tags: <a href="https://blog.launchpad.net/tag/front-page" rel="tag">front-page</a>, <a href="https://blog.launchpad.net/tag/ppa" rel="tag">PPA</a>, <a href="https://blog.launchpad.net/tag/soyuz" rel="tag">soyuz</a></p> <p class="postmetadata alt"> <small>This entry was posted by <strong>Colin Watson</strong> on Wednesday, November 22nd, 2023 at 2:00 pm and is filed under <a href="https://blog.launchpad.net/category/ppa" rel="category tag">PPA</a>. You can follow any responses to this entry through the <a href="https://blog.launchpad.net/ppa/self-service-riscv64-builds/feed">RSS 2.0</a> feed. You can <a href="#respond">leave a response</a>, or <a href="https://blog.launchpad.net/ppa/self-service-riscv64-builds/trackback" rel="trackback">trackback</a> from your own site. </small> </p> </div> </div> <!-- You can start editing here. --> <h3 id="comments">One Response to “Self-service riscv64 builds”</h3> <ol class="commentlist"> <li class="alt" id="comment-792721"> <img alt='' src='https://secure.gravatar.com/avatar/?s=32&d=blank&r=g' srcset='https://secure.gravatar.com/avatar/?s=64&d=blank&r=g 2x' class='avatar avatar-32 photo avatar-default' height='32' width='32' loading='lazy'/> <cite>Anonymous</cite> Says: <br /> <small class="commentmetadata"><a href="#comment-792721" title="">December 5th, 2023 at 3:51 pm</a> </small> <p>great blog. if you allow iwant to post this on <a href="https://theinstaapps.com/instander-for-pc/" rel="nofollow ugc">https://theinstaapps.com/instander-for-pc/</a></p> </li> </ol> <h3 id="respond">Leave a Reply</h3> <form action="https://blog.launchpad.net/wp-comments-post.php" method="post" id="commentform"> <p><input type="text" name="author" id="author" value="" size="22" tabindex="1" /> <label for="author"><small>Name </small></label></p> <p><input type="text" name="email" id="email" value="" size="22" tabindex="2" /> <label for="email"><small>Mail (will not be published) </small></label></p> <p><input type="text" name="url" id="url" value="" size="22" tabindex="3" /> <label for="url"><small>Website</small></label></p> <!--<p><small><strong>XHTML:</strong> You can use these tags: <code><a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> </code></small></p>--> <p><textarea name="comment" id="comment" cols="100%" rows="10" tabindex="4"></textarea></p> <p><input name="submit" type="submit" id="submit" tabindex="5" value="Submit Comment" /> <input type="hidden" name="comment_post_ID" value="4397" /> </p> <p style="display: none;"><input type="hidden" id="akismet_comment_nonce" name="akismet_comment_nonce" value="95d9d7f7e4" /></p><p style="display: none !important;"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_1" name="ak_js" value="190"/><script>document.getElementById( "ak_js_1" ).setAttribute( "value", ( new Date() ).getTime() );</script></p> </form> </div> <div id="footer"> <p> <a href="https://help.launchpad.net/Legal">Terms of use</a> | <a href="https://launchpad.net/feedback">Help improve Launchpad</a> | <a href="https://launchpad.net/faq">FAQ</a> </p> <p><a rel="license" href="http://creativecommons.org/licenses/by/2.0/uk/"> <span xmlns:dc="http://purl.org/dc/elements/1.1/" href="http://purl.org/dc/dcmitype/Text" property="dc:title" rel="dc:type">Launchpad Blog</span> by <a xmlns:cc="http://creativecommons.org/ns#" href="https://canonical.com/" property="cc:attributionName" rel="cc:attributionURL">Canonical Ltd</a> is licensed under a <a rel="license" href="http://creativecommons.org/licenses/by/2.0/uk/">Creative Commons Attribution 2.0 UK: England & Wales License</a>. <img alt="Creative Commons License" style="border-width:0;vertical-align:middle;" src="https://i.creativecommons.org/l/by/2.0/uk/80x15.png" /></a></p> <p>© 2004-2019 <a href="https://canonical.com/" target="_blank">Canonical Limited.</a></p> </div>