From 25de987f076d5d1d909dd545b58d41de01d82452 Mon Sep 17 00:00:00 2001 From: Dariusz Trawinski Date: Fri, 24 Apr 2026 14:24:08 +0200 Subject: [PATCH 1/9] refactor capi stage and targz target --- Dockerfile.redhat | 16 ---------------- Makefile | 31 ++++++++++++++++--------------- create_package.sh | 3 +-- 3 files changed, 17 insertions(+), 33 deletions(-) diff --git a/Dockerfile.redhat b/Dockerfile.redhat index 3a59009f21..963aedfb9b 100644 --- a/Dockerfile.redhat +++ b/Dockerfile.redhat @@ -263,26 +263,17 @@ COPY src/python/binding/tests/requirements.txt /ovms/src/python/binding/tests/re WORKDIR /ovms -# hadolint ignore=DL3059 - # Mediapipe COPY BUILD.bazel /ovms/ COPY *\.bzl /ovms/ COPY yarn.lock /ovms/ COPY package.json /ovms/ -# prebuild dependencies before copying sources -# hadolint ignore=DL3059 -RUN bazel build --jobs=$JOBS ${debug_bazel_flags} //:ovms_dependencies @com_google_googletest//:gtest - # hadolint ignore=DL3059 RUN cp -v /etc/ssl/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt COPY src/ /ovms/src/ -# hadolint ignore=DL3059 -RUN bazel build --jobs=$JOBS ${debug_bazel_flags} @org_tensorflow//tensorflow/core:framework - # Sample CPU Extension WORKDIR /ovms/src/example/SampleCpuExtension/ RUN make @@ -308,9 +299,6 @@ ARG minitrace_flags RUN bash -c "sed -i -e 's|REPLACE_PROJECT_VERSION|${PROJECT_VERSION}|g' /ovms/src/version.hpp" && \ bash -c "sed -i -e 's|REPLACE_BAZEL_BUILD_FLAGS|${debug_bazel_flags}${minitrace_flags}|g' /ovms/src/version.hpp" -# Custom Nodes -RUN bazel build --jobs=$JOBS ${debug_bazel_flags} //src:release_custom_nodes - # OVMS ARG OPTIMIZE_BUILDING_TESTS=0 RUN rm -f /usr/lib64/cmake/OpenSSL/OpenSSLConfig.cmake @@ -370,16 +358,12 @@ ARG BASE_OS=redhat ARG ov_use_binary=0 ARG FUZZER_BUILD=0 ARG debug_bazel_flags="--strip=always --config=mp_on_py_on --//:distro=redhat" -COPY --from=capi-build /ovms_release/lib/libovms_shared.so /ovms_release/lib/ COPY create_package.sh / RUN ./create_package.sh # hadolint ignore=DL3059 RUN chown -R ovms:ovms /ovms_release RUN mkdir /licenses && ln -s /ovms_release/LICENSE /licenses && ln -s /ovms_release/thirdparty-licenses /licenses/thirdparty-licenses -# Remove capi library -RUN if [ -f /ovms_release/lib/libovms_shared.so ] ; then mv /ovms_release/lib/libovms_shared.so / ; else exit 0 ; fi ; -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # FROM $RELEASE_BASE_IMAGE as release diff --git a/Makefile b/Makefile index 6d7c5d2918..29c3bb1fa5 100644 --- a/Makefile +++ b/Makefile @@ -70,7 +70,7 @@ $(error PYTHON_DISABLE cannot be 0 when MEDIAPIPE_DISABLE is 1) endif endif FUZZER_BUILD ?= 0 - +DOCKER_BUILDKIT ?= 1 # NOTE: when changing any value below, you'll need to adjust WORKSPACE file by hand: # - uncomment source build section, comment binary section # - adjust binary version path - version variable is not passed to WORKSPACE file! @@ -355,13 +355,10 @@ ifeq ($(NO_DOCKER_CACHE),true) @docker pull registry.access.redhat.com/ubi9/ubi-minimal:$(BASE_OS_TAG_REDHAT) endif endif -ifeq ($(USE_BUILDX),true) - $(eval BUILDX:=buildx) -endif ifeq ($(BUILD_CUSTOM_NODES),true) @echo "Building custom nodes" - @cd src/custom_nodes && make USE_BUILDX=$(USE_BUILDX) NO_DOCKER_CACHE=$(NO_DOCKER_CACHE) BASE_OS=$(OS) BASE_IMAGE=$(BASE_IMAGE) + @cd src/custom_nodes && make NO_DOCKER_CACHE=$(NO_DOCKER_CACHE) BASE_OS=$(OS) BASE_IMAGE=$(BASE_IMAGE) endif @echo "Building docker image $(BASE_OS)" # Provide metadata information into image if defined @@ -385,15 +382,23 @@ targz_package: --target=pkg && \ rm -vrf dist/$(OS) && mkdir -p dist/$(OS) && \ ID=$$(docker create $(OVMS_CPP_DOCKER_IMAGE)-pkg:$(OVMS_CPP_IMAGE_TAG)) && \ - docker cp $$ID:/ovms_pkg/$(OS) dist/ && \ + docker cp $$ID:/ovms_pkg/$(OS)/ovms.tar dist/$(OS)/ && \ + docker rm $$ID + docker $(BUILDX) build -f Dockerfile.$(DIST_OS) . \ + $(BUILD_ARGS) \ + --build-arg BUILD_IMAGE=$(BUILD_IMAGE) \ + -t $(OVMS_CPP_DOCKER_IMAGE)-capi:$(OVMS_CPP_IMAGE_TAG) \ + --target=capi-build && \ + ID=$$(docker create $(OVMS_CPP_DOCKER_IMAGE)-capi:$(OVMS_CPP_IMAGE_TAG)) && \ + docker cp $$ID:/ovms_release/lib/libovms_shared.so dist/$(OS)/ && \ docker rm $$ID - cd dist/$(OS) && sha256sum --check ovms.tar.gz.sha256 + cd dist/$(OS) && \ + tar rf ovms.tar --transform 's,^,ovms/lib/,' libovms_shared.so && \ + gzip ovms.tar && \ + rm -f libovms_shared.so && \ + sha256sum ovms.tar.gz > ovms.tar.gz.sha256 ovms_release_images: -ifeq ($(USE_BUILDX),true) - $(eval BUILDX:=buildx) - $(eval NO_CACHE_OPTION:=--no-cache-filter release) -endif ifeq ($(BASE_OS),redhat) $(eval NPU:=0) else @@ -441,10 +446,6 @@ ifeq ($(BASE_OS),redhat) endif release_image: -ifeq ($(USE_BUILDX),true) - $(eval BUILDX:=buildx) - $(eval NO_CACHE_OPTION:=--no-cache-filter release) -endif docker $(BUILDX) build $(NO_CACHE_OPTION) -f Dockerfile.$(DIST_OS) . \ $(BUILD_ARGS) \ --build-arg BUILD_IMAGE=$(BUILD_IMAGE) \ diff --git a/create_package.sh b/create_package.sh index 78546e32d4..6da89162b9 100755 --- a/create_package.sh +++ b/create_package.sh @@ -110,8 +110,7 @@ find /ovms_release/ovms/lib/python/openvino -name *cpython* | grep -vZ $rls_pyth mkdir -p /ovms_pkg/${BASE_OS} cd /ovms_pkg/${BASE_OS} -tar czf ovms.tar.gz --transform 's/ovms_release/ovms/' /ovms_release/ -sha256sum ovms.tar.gz > ovms.tar.gz.sha256 && \ +tar cf ovms.tar --transform 's/ovms_release/ovms/' /ovms_release/ cd /ovms_release ls -l From 8f1bb0f7631277c42d6cc29d01d99659090e9e29 Mon Sep 17 00:00:00 2001 From: Dariusz Trawinski Date: Wed, 20 May 2026 12:13:02 +0200 Subject: [PATCH 2/9] minor change for trace logs --- src/config.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/config.cpp b/src/config.cpp index 6bdcd90795..b6fdba045b 100644 --- a/src/config.cpp +++ b/src/config.cpp @@ -94,7 +94,7 @@ bool Config::parse(ServerSettingsImpl* serverSettings, ModelsSettingsImpl* model static EnvGuard envGuard; #if defined(__linux__) || defined(_WIN32) - if (this->serverSettings.logLevel == "DEBUG") { + if (this->serverSettings.logLevel == "DEBUG" || this->serverSettings.logLevel == "TRACE") { envGuard.set("OPENVINO_LOG_LEVEL", "4"); } #endif From fc45698854a6f2a4acdc048e1f860e6cc7d273b9 Mon Sep 17 00:00:00 2001 From: Dariusz Trawinski Date: Wed, 20 May 2026 15:43:57 +0200 Subject: [PATCH 3/9] change --- src/config.cpp | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/config.cpp b/src/config.cpp index b6fdba045b..21f39fc697 100644 --- a/src/config.cpp +++ b/src/config.cpp @@ -91,14 +91,12 @@ Config& Config::parse(int argc, char** argv) { bool Config::parse(ServerSettingsImpl* serverSettings, ModelsSettingsImpl* modelsSettings) { this->serverSettings = *serverSettings; this->modelsSettings = *modelsSettings; - static EnvGuard envGuard; #if defined(__linux__) || defined(_WIN32) if (this->serverSettings.logLevel == "DEBUG" || this->serverSettings.logLevel == "TRACE") { envGuard.set("OPENVINO_LOG_LEVEL", "4"); } #endif - return validate(); } From 7f9e255c69601284380e2f9e3e595d611cc5ed7e Mon Sep 17 00:00:00 2001 From: Dariusz Trawinski Date: Thu, 21 May 2026 11:46:19 +0200 Subject: [PATCH 4/9] speedup bulding with WA for Konflux --- Dockerfile.redhat | 4 ++++ Makefile | 1 + 2 files changed, 5 insertions(+) diff --git a/Dockerfile.redhat b/Dockerfile.redhat index 5303a59762..0047b8d896 100644 --- a/Dockerfile.redhat +++ b/Dockerfile.redhat @@ -272,6 +272,10 @@ COPY package.json /ovms/ # hadolint ignore=DL3059 RUN cp -v /etc/ssl/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt +ARG KONFLUX=1 # This is a workaround to avoid bazel fetching dependencies during build, which causes issues in Konflux. Should be disabled when building outside of Konflux to speed up the build by using bazel cache and avoid fetching dependencies which are alread cached. +RUN if [ "$KONFLUX" == "0" ] ; then true ; else exit 0 ; fi ; \ + bazel build --jobs=$JOBS ${debug_bazel_flags} //:ovms_dependencies @com_google_googletest//:gtest + COPY src/ /ovms/src/ # Sample CPU Extension diff --git a/Makefile b/Makefile index 29c3bb1fa5..fae559ef3f 100644 --- a/Makefile +++ b/Makefile @@ -71,6 +71,7 @@ endif endif FUZZER_BUILD ?= 0 DOCKER_BUILDKIT ?= 1 +KONFLUX ?= 0 # NOTE: when changing any value below, you'll need to adjust WORKSPACE file by hand: # - uncomment source build section, comment binary section # - adjust binary version path - version variable is not passed to WORKSPACE file! From 6ae9610adfdbfaf8679087f5f74ff73533a8f2c7 Mon Sep 17 00:00:00 2001 From: Dariusz Trawinski Date: Thu, 21 May 2026 11:51:29 +0200 Subject: [PATCH 5/9] optimize patchelf --- Dockerfile.redhat | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/Dockerfile.redhat b/Dockerfile.redhat index 0047b8d896..4e013dfd0a 100644 --- a/Dockerfile.redhat +++ b/Dockerfile.redhat @@ -158,6 +158,12 @@ RUN curl -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHT RUN dnf install -y https://github.com/linux-test-project/lcov/releases/download/v1.16/lcov-1.16-1.noarch.rpm && dnf clean all +WORKDIR /patchelf +# hadolint ignore=DL3003 +RUN wget -q https://github.com/NixOS/patchelf/archive/0.10.tar.gz && \ + tar -xf 0.10.tar.gz && cd patchelf-0.10 && \ + ./bootstrap.sh && ./configure && make && make install + ENV TF_SYSTEM_LIBS="curl" ENV TEST_LOG="/root/.cache/bazel/_bazel_root/bc57d4817a53cab8c785464da57d1983/execroot/ovms/bazel-out/test.log" ARG ov_source_branch=c01cd93e24d1cd78bfbb401eed51c08fb93e0816 @@ -274,7 +280,7 @@ RUN cp -v /etc/ssl/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt ARG KONFLUX=1 # This is a workaround to avoid bazel fetching dependencies during build, which causes issues in Konflux. Should be disabled when building outside of Konflux to speed up the build by using bazel cache and avoid fetching dependencies which are alread cached. RUN if [ "$KONFLUX" == "0" ] ; then true ; else exit 0 ; fi ; \ - bazel build --jobs=$JOBS ${debug_bazel_flags} //:ovms_dependencies @com_google_googletest//:gtest + bazel build --jobs=$JOBS ${debug_bazel_flags} //:ovms_dependencies @com_google_googletest//:gtest && \ COPY src/ /ovms/src/ @@ -287,12 +293,6 @@ RUN if ! [[ $debug_bazel_flags == *"py_off"* ]]; then true ; else exit 0 ; fi ; echo $'Metadata-Version: 1.0\nName: openvino\nVersion: 2026.2' > /opt/intel/openvino/python/openvino-4.dist-info/METADATA ENV PYTHONPATH=/opt/intel/openvino/python:/ovms/bazel-bin/src/python/binding -WORKDIR /patchelf -# hadolint ignore=DL3003 -RUN wget -q https://github.com/NixOS/patchelf/archive/0.10.tar.gz && \ - tar -xf 0.10.tar.gz && cd patchelf-0.10 && \ - ./bootstrap.sh && ./configure && make && make install - WORKDIR /ovms ARG PROJECT_VERSION="2026.2.0" From 8db3ca0db63e94906e27f7a2a016d1b773fabcbe Mon Sep 17 00:00:00 2001 From: Dariusz Trawinski Date: Thu, 21 May 2026 11:52:40 +0200 Subject: [PATCH 6/9] fix --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index fae559ef3f..09b4f46ff3 100644 --- a/Makefile +++ b/Makefile @@ -242,6 +242,7 @@ BUILD_ARGS = --build-arg http_proxy=$(HTTP_PROXY)\ --build-arg JOBS=$(JOBS)\ --build-arg CAPI_FLAGS=$(CAPI_FLAGS)\ --build-arg VERBOSE_LOGS=$(VERBOSE_LOGS) + --build-arg KONFLUX=$(KONFLUX) .PHONY: default docker_build \ From 9166cbff2a8e10fdf3a071cbb6ff230727a5b2db Mon Sep 17 00:00:00 2001 From: Dariusz Trawinski Date: Thu, 21 May 2026 11:56:49 +0200 Subject: [PATCH 7/9] fix2 --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 09b4f46ff3..43d4611ae3 100644 --- a/Makefile +++ b/Makefile @@ -241,7 +241,7 @@ BUILD_ARGS = --build-arg http_proxy=$(HTTP_PROXY)\ --build-arg RELEASE_BASE_IMAGE=$(BASE_IMAGE_RELEASE)\ --build-arg JOBS=$(JOBS)\ --build-arg CAPI_FLAGS=$(CAPI_FLAGS)\ - --build-arg VERBOSE_LOGS=$(VERBOSE_LOGS) + --build-arg VERBOSE_LOGS=$(VERBOSE_LOGS)\ --build-arg KONFLUX=$(KONFLUX) From 3116d528d64dc5482bf4edcfd243cd3bb4398c72 Mon Sep 17 00:00:00 2001 From: Dariusz Trawinski Date: Thu, 21 May 2026 12:00:01 +0200 Subject: [PATCH 8/9] fix3 --- Dockerfile.redhat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile.redhat b/Dockerfile.redhat index 4e013dfd0a..921198619a 100644 --- a/Dockerfile.redhat +++ b/Dockerfile.redhat @@ -278,7 +278,7 @@ COPY package.json /ovms/ # hadolint ignore=DL3059 RUN cp -v /etc/ssl/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt -ARG KONFLUX=1 # This is a workaround to avoid bazel fetching dependencies during build, which causes issues in Konflux. Should be disabled when building outside of Konflux to speed up the build by using bazel cache and avoid fetching dependencies which are alread cached. +ARG KONFLUX=1 # This is a workaround to avoid bazel fetching dependencies during build, which causes issues in Konflux. Should be disabled when building outside of Konflux to speed up the build by using bazel cache and avoid fetching dependencies which are already cached. RUN if [ "$KONFLUX" == "0" ] ; then true ; else exit 0 ; fi ; \ bazel build --jobs=$JOBS ${debug_bazel_flags} //:ovms_dependencies @com_google_googletest//:gtest && \ From 39c182160af4418fb4c57969554cf6ec740f431d Mon Sep 17 00:00:00 2001 From: Dariusz Trawinski Date: Thu, 21 May 2026 12:43:05 +0200 Subject: [PATCH 9/9] fix4 --- Dockerfile.redhat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile.redhat b/Dockerfile.redhat index 921198619a..d1791cbbaa 100644 --- a/Dockerfile.redhat +++ b/Dockerfile.redhat @@ -280,7 +280,7 @@ RUN cp -v /etc/ssl/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt ARG KONFLUX=1 # This is a workaround to avoid bazel fetching dependencies during build, which causes issues in Konflux. Should be disabled when building outside of Konflux to speed up the build by using bazel cache and avoid fetching dependencies which are already cached. RUN if [ "$KONFLUX" == "0" ] ; then true ; else exit 0 ; fi ; \ - bazel build --jobs=$JOBS ${debug_bazel_flags} //:ovms_dependencies @com_google_googletest//:gtest && \ + bazel build --jobs=$JOBS ${debug_bazel_flags} //:ovms_dependencies @com_google_googletest//:gtest COPY src/ /ovms/src/