DOMjudge · nickygerritsen · Jul 24, 2025 · Jul 30, 2025 · Jul 30, 2025 · Jul 30, 2025
diff --git a/provision-contest/ansible/roles/base_packages/defaults/main.yml b/provision-contest/ansible/roles/base_packages/defaults/main.yml
@@ -42,6 +42,7 @@ INSTALLED_PACKAGES:
   - php-mysql
   - php-xml
   - php-zip
+  - php-bcmath
   - pv
   - python3-sphinx
   - python3-sphinx-rtd-theme

diff --git a/provision-contest/ansible/roles/judgedaemon/tasks/main.yml b/provision-contest/ansible/roles/judgedaemon/tasks/main.yml
@@ -33,26 +33,69 @@
     src: chroot-list
     dest: /tmp/dj_ansible/
 
+- name: Check if pc2packages key is already in ubuntu-archive-keyring.gpg
+  ansible.builtin.shell: |
+    gpg --no-default-keyring --keyring /usr/share/keyrings/ubuntu-archive-keyring.gpg --list-keys --with-colons | \
+    grep -q "$(gpg --show-keys --with-colons /etc/apt/trusted.gpg.d/pc2packages.asc | grep '^fpr:' | head -1 | cut -d: -f10)"
+  register: key_exists
+  failed_when: false
+  changed_when: false
+  check_mode: false
+  when: ICPC_IMAGE
+
+- name: Add pc2packages key to ubuntu-archive-keyring.gpg
+  ansible.builtin.shell: |
+    gpg --no-default-keyring --keyring /usr/share/keyrings/ubuntu-archive-keyring.gpg --import /etc/apt/trusted.gpg.d/pc2packages.asc
+  when:
+    - ICPC_IMAGE
+    - key_exists.rc != 0
+
 - name: Create chroot
   shell: "set -o pipefail &&
           {{ DJ_DIR }}/misc-tools/dj_make_chroot -y -H
-            -i icpc-kotlinc,openjdk-17-jdk-headless
+            -i openjdk-21-jdk-headless
             -l \"$(ls /tmp/dj_ansible/install-chroot/*.deb 2>/dev/null | tr '\n' ',')\"
             -s \"$(ls /tmp/dj_ansible/chroot-list/*.list 2>/dev/null | tr '\n' ',')\"
             2>&1 | tee /tmp/dj_make_chroot.log;
           grep '^Done building chroot in' /tmp/dj_make_chroot.log"
   environment:
-    DEBMIRROR: "{%- if WF_RESTRICTED_NETWORK and ICPC_IMAGE -%}https://packages/ubuntu
-                {%- elif ICPC_IMAGE -%}https://sysopspackages.icpc.global/ubuntu
+    DEBMIRROR: "{%- if WF_RESTRICTED_NETWORK and ICPC_IMAGE -%}https://packages/ubuntu-noble
+                {%- elif ICPC_IMAGE -%}https://sysopspackages.icpc.global/ubuntu-noble
                 {%- else -%}
                 {%- endif -%}"
   args:
     executable: /bin/bash
     creates: "/chroot/domjudge"
 
+- name: Create kotlinc directory in chroot
+  ansible.builtin.file:
+    path: /chroot/domjudge/usr/lib/kotlinc
+    state: directory
+    mode: '0755'
+  when: ICPC_IMAGE
+
+- name: Sync kotlinc folder to chroot
+  ansible.posix.synchronize:
+    src: /opt/kotlinc/
+    dest: /chroot/domjudge/usr/lib/kotlinc/
+    delete: false
+    recursive: true
+  delegate_to: "{{ inventory_hostname }}"
+  when: ICPC_IMAGE
+
+- name: Create symlinks for kotlin binaries in chroot
+  ansible.builtin.file:
+    src: ../../lib/kotlinc/bin/{{ item }}
+    dest: /chroot/domjudge/usr/local/bin/{{ item }}
+    state: link
+  loop:
+    - kotlin
+    - kotlinc
+  when: ICPC_IMAGE
+
 - name: Pre-generate the kernel flags for ansible usage
   set_fact:
-    procline: "apparmor=0 systemd.unified_cgroup_hierarchy=0 cgroup_enable=memory swapaccount=1 isolcpus={{ cpucore | join(',') }}"
+    procline: "apparmor=0 cgroup_enable=memory swapaccount=1 isolcpus={{ cpucore | join(',') }}"
 
 - name: Add cgroup kernel parameters
   lineinfile:

diff --git a/provision-contest/disable-turboboost_ht b/provision-contest/disable-turboboost_ht
@@ -4,6 +4,23 @@ set -eu -o pipefail
 shopt -s extglob
 
 declare -A core_ids
+declare -a disabled_cores
+
+disable_cpu () {
+  cpu="$1"
+  echo 0 > $cpu/online
+  disabled_cores+=("${cpu##*/}")
+}
+
+store_isolcpus_fact="/var/tmp/isolcpus"
+
+# Learn all efficency cores if they exist
+cpu_list=()
+if [ -f /sys/devices/cpu_atom/cpus ]; then
+  range="$(cat /sys/devices/cpu_atom/cpus)"
+  IFS='-' read -r start end <<< "$range"
+  cpu_list=($(eval echo {$start..$end}))
+fi
 
 # shellcheck disable=SC2012
 for cpu in $(ls -1d /sys/devices/system/cpu/cpu* | sort --version-sort) ; do
@@ -32,23 +49,44 @@ for cpu in $(ls -1d /sys/devices/system/cpu/cpu* | sort --version-sort) ; do
         chmod a-w $cpu/cpufreq/scaling_{max,min}_freq
     fi
 
-    # Disable all but one thread on each core. Both core_id and physical_package_id are
-    # numbers it must be ensured that for the following examples are seen as distinct:
+    # Disable all but one thread on each core per socket. Both core_id and physical_package_id
+    # are numbers so it must be ensured that for the following examples are seen as distinct:
     #  - core_id=1,  physical_package=11
-    #  - core_id=11, physycal_package=1
+    #  - core_id=11, physical_package=1
     # Simple concatenation would result in the string '111' for both cores. Though `cat`
     # adds a newline after each file, we do not want to rely on `cat` to always add this
     # 'delimiter'.
     core_id=$(cat $cpu/topology/core_id | tr -d '\n')'-'$(cat $cpu/topology/physical_package_id | tr -d '\n')
+
+    # Disable all efficiency cores
+    found=0
+    for efficiency_core in "${cpu_list[@]}"; do
+      if [[ "$cpu" == "/sys/devices/system/cpu/cpu$efficiency_core" ]]; then
+        disable_cpu $cpu
+        found=1
+        break
+      fi
+    done
+    if [ "$found" -eq "1" ]; then
+      continue
+    fi
+
     if [[ ${core_ids[$core_id]:-} ]]; then
-        echo 0 > $cpu/online
+        disable_cpu $cpu
     else
         core_ids[$core_id]=1
     fi
 done
 
+if [ -n "${store_isolcpus_fact}" ]; then
+  csv_string=$(IFS=, ; echo "${disabled_cores[*]}")
+  echo "$csv_string" > "$store_isolcpus_fact"
+fi
+
 DIR_INTEL=/sys/devices/system/cpu/intel_pstate
 DIR_AMD=/sys/devices/system/cpu/cpufreq
+# Same for some ARM CPUs
+FILE_AMD=$DIR_AMD/boost
 if [ -d $DIR_INTEL ]; then
     # now disable turbo boost
     FILE=$DIR_INTEL/no_turbo
@@ -61,11 +99,10 @@ if [ -d $DIR_INTEL ]; then
     # increase freq from powersaving to normal, but don't overclock
     echo 100 > $DIR_INTEL/min_perf_pct
     echo 100 > $DIR_INTEL/max_perf_pct
-elif [ -d $DIR_AMD ]; then
+elif [ -f $FILE_AMD ]; then
     # now disable boosting
-    FILE=$DIR_AMD/boost
-    echo -n 0 > $FILE || echo "Could not write to '$FILE', ignoring for now..."
-    if [ $(cat $FILE) -ne 0 ]; then
+    echo -n 0 > $FILE_AMD || echo "Could not write to '$FILE_AMD', ignoring for now..."
+    if [ $(cat $FILE_AMD) -ne 0 ]; then
         echo "Error: turboboost still enabled!"
         exit 1
     fi