github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-09-14 05:19:21 +00:00
Code Issues Projects Releases Wiki Activity

ci: shim-v2 no sudo

Browse Source 
Build shim-v2 without sudo docker this is not needed. This is part 6 of N

Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>
This commit is contained in:
Zvonko Kaiser
2024-05-28 11:52:01 +00:00
parent a7931115a0
commit 25c784c568
3 changed files with 64 additions and 150 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
tools/packaging/static-build/shim-v2/Dockerfile
View File

@@ -5,6 +5,20 @@
FROM ubuntu:20.04 FROM ubuntu:20.04
ENV DEBIAN_FRONTEND=noninteractive ENV DEBIAN_FRONTEND=noninteractive
ENV GO_HOME="/opt"
ENV GOCACHE="${GO_HOME}/.cache"
ENV RUSTUP_HOME="/opt/rustup"
ENV CARGO_HOME="/opt/cargo"
ENV PATH="/opt/cargo/bin/:/opt/go/bin:${PATH}"
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN mkdir ${RUSTUP_HOME} ${CARGO_HOME} ${GOCACHE} && \
chmod -R a+rwX ${RUSTUP_HOME} ${CARGO_HOME} ${GO_HOME}
ARG GO_VERSION
ARG RUST_VERSION
RUN apt-get update && \ RUN apt-get update && \
apt-get install -y --no-install-recommends \ apt-get install -y --no-install-recommends \
build-essential \ build-essential \
@@ -16,11 +30,34 @@ RUN apt-get update && \
musl-tools \ musl-tools \
protobuf-compiler \ protobuf-compiler \
sudo && \ sudo && \
apt-get clean && rm -rf /var/lib/apt/lists/ apt-get clean && rm -rf /var/lib/apt/lists/&& \
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain ${RUST_VERSION}
COPY install_go_rust.sh /usr/bin/install_go_rust.sh RUN ARCH=$(uname -m); \
ARG GO_VERSION rust_arch=""; \
ARG RUST_VERSION libc=""; \
RUN install_go_rust.sh "${GO_VERSION}" "${RUST_VERSION}" case "${ARCH}" in \
ENV PATH=/usr/local/go/bin:${PATH} "aarch64") rust_arch="${ARCH}"; libc="musl"; ;; \
ENV PATH=/root/.cargo/bin/:${PATH} "ppc64le") rust_arch="powerpc64le"; libc="gnu"; ;; \
"x86_64") rust_arch="${ARCH}"; libc="musl"; ;; \
"s390x") rust_arch="${ARCH}"; libc="gnu"; ;; \
*) echo "Unsupported architecture: ${ARCH}" && exit 1 ;; \
esac; \
rustup target add "${rust_arch}-unknown-linux-${libc}"
RUN ARCH=$(uname -m); \
goarch=""; \
kernelname=$(uname -s | tr '[:upper:]' '[:lower:]'); \
case "${ARCH}" in \
"aarch64") goarch="arm64" ;; \
"ppc64le") goarch=${ARCH} ;; \
"x86_64") goarch="amd64" ;; \
"s390x") goarch=${ARCH} ;; \
*) echo "Unsupported architecture: ${ARCH}" && exit 1 ;; \
esac; \
curl -OL "https://storage.googleapis.com/golang/go${GO_VERSION}.${kernelname}-${goarch}.tar.gz" && \
tar -C "${GO_HOME}" -xzf "go${GO_VERSION}.${kernelname}-${goarch}.tar.gz" && \
rm "go${GO_VERSION}.${kernelname}-${goarch}.tar.gz"
# aarch64 requires this name -- link for all
RUN ln -s /usr/bin/musl-gcc "/usr/bin/$(uname -m)-linux-musl-gcc"

36
tools/packaging/static-build/shim-v2/build.sh
View File

@@ -32,13 +32,13 @@ if [ "${MEASURED_ROOTFS}" == "yes" ]; then
[ -f "$root_hash_file" ] || \ [ -f "$root_hash_file" ] || \
die "Root hash file for measured rootfs not found at ${root_hash_file}" die "Root hash file for measured rootfs not found at ${root_hash_file}"
root_hash=$(sudo sed -e 's/Root hash:\s*//g;t;d' "${root_hash_file}") root_hash=$(sed -e 's/Root hash:\s*//g;t;d' "${root_hash_file}")
root_measure_config="rootfs_verity.scheme=dm-verity rootfs_verity.hash=${root_hash}" root_measure_config="rootfs_verity.scheme=dm-verity rootfs_verity.hash=${root_hash}"
EXTRA_OPTS+=" ROOTMEASURECONFIG=\"${root_measure_config}\"" EXTRA_OPTS+=" ROOTMEASURECONFIG=\"${root_measure_config}\""
fi fi
sudo docker pull ${container_image} || \ docker pull ${container_image} || \
(sudo docker ${BUILDX} build ${PLATFORM} \ (docker ${BUILDX} build ${PLATFORM} \
--build-arg GO_VERSION="${GO_VERSION}" \ --build-arg GO_VERSION="${GO_VERSION}" \
--build-arg RUST_VERSION="${RUST_VERSION}" \ --build-arg RUST_VERSION="${RUST_VERSION}" \
-t "${container_image}" \ -t "${container_image}" \
@@ -55,48 +55,50 @@ fi
#Build rust project using cross build musl image to speed up #Build rust project using cross build musl image to speed up
[[ "${CROSS_BUILD}" == "true" && ${ARCH} != "s390x" ]] && container_image="messense/rust-musl-cross:${GCC_ARCH}-musl" && CC=${GCC_ARCH}-unknown-linux-musl-gcc [[ "${CROSS_BUILD}" == "true" && ${ARCH} != "s390x" ]] && container_image="messense/rust-musl-cross:${GCC_ARCH}-musl" && CC=${GCC_ARCH}-unknown-linux-musl-gcc
sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \ docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
--env CROSS_BUILD=${CROSS_BUILD} \ --env CROSS_BUILD=${CROSS_BUILD} \
--env ARCH=${ARCH} \ --env ARCH=${ARCH} \
--env CC="${CC}" \ --env CC="${CC}" \
-w "${repo_root_dir}/src/runtime-rs" \ -w "${repo_root_dir}/src/runtime-rs" \
--user "$(id -u)":"$(id -g)" \
"${container_image}" \ "${container_image}" \
bash -c "git config --global --add safe.directory ${repo_root_dir} && \ bash -c "make clean-generated-files && make PREFIX=${PREFIX} QEMUCMD=qemu-system-${arch}"
make clean-generated-files && make PREFIX=${PREFIX} QEMUCMD=qemu-system-${arch}"
sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \ docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
--env CROSS_BUILD=${CROSS_BUILD} \ --env CROSS_BUILD=${CROSS_BUILD} \
--env ARCH=${ARCH} \ --env ARCH=${ARCH} \
--env CC="${CC}" \ --env CC="${CC}" \
-w "${repo_root_dir}/src/runtime-rs" \ -w "${repo_root_dir}/src/runtime-rs" \
--user "$(id -u)":"$(id -g)" \
"${container_image}" \ "${container_image}" \
bash -c "git config --global --add safe.directory ${repo_root_dir} && make PREFIX="${PREFIX}" DESTDIR="${DESTDIR}" install" bash -c "make PREFIX="${PREFIX}" DESTDIR="${DESTDIR}" install"
[ "${CROSS_BUILD}" == "true" ] && container_image="${container_image_bk}-cross-build" [ "${CROSS_BUILD}" == "true" ] && container_image="${container_image_bk}-cross-build"
sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \ docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
-w "${repo_root_dir}/src/runtime" \ -w "${repo_root_dir}/src/runtime" \
--user "$(id -u)":"$(id -g)" \
"${container_image}" \ "${container_image}" \
bash -c "git config --global --add safe.directory ${repo_root_dir} && \ bash -c "make clean-generated-files && make PREFIX=${PREFIX} QEMUCMD=qemu-system-${arch} ${EXTRA_OPTS}"
make clean-generated-files && make PREFIX=${PREFIX} QEMUCMD=qemu-system-${arch} ${EXTRA_OPTS}"
sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \ docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
-w "${repo_root_dir}/src/runtime" \ -w "${repo_root_dir}/src/runtime" \
--user "$(id -u)":"$(id -g)" \
"${container_image}" \ "${container_image}" \
bash -c "git config --global --add safe.directory ${repo_root_dir} && make PREFIX="${PREFIX}" DESTDIR="${DESTDIR}" ${EXTRA_OPTS} install" bash -c "make PREFIX="${PREFIX}" DESTDIR="${DESTDIR}" ${EXTRA_OPTS} install"
for vmm in ${VMM_CONFIGS}; do for vmm in ${VMM_CONFIGS}; do
config_file="${DESTDIR}/${PREFIX}/share/defaults/kata-containers/configuration-${vmm}.toml" config_file="${DESTDIR}/${PREFIX}/share/defaults/kata-containers/configuration-${vmm}.toml"
if [ -f ${config_file} ]; then if [ -f ${config_file} ]; then
if [ ${ARCH} == "ppc64le" ]; then if [ ${ARCH} == "ppc64le" ]; then
sudo sed -i -e '/^image =/d' ${config_file} sed -i -e '/^image =/d' ${config_file}
sudo sed -i 's/^# \(initrd =.*\)/\1/g' ${config_file} sed -i 's/^# \(initrd =.*\)/\1/g' ${config_file}
else else
sudo sed -i -e '/^initrd =/d' ${config_file} sed -i -e '/^initrd =/d' ${config_file}
fi fi
fi fi
done done
pushd "${DESTDIR}/${PREFIX}/share/defaults/kata-containers" pushd "${DESTDIR}/${PREFIX}/share/defaults/kata-containers"
sudo ln -sf "configuration-qemu.toml" configuration.toml ln -sf "configuration-qemu.toml" configuration.toml
popd popd

125
tools/packaging/static-build/shim-v2/install_go_rust.sh
View File

@@ -1,125 +0,0 @@
#!/usr/bin/env bash
#
# Copyright (c) 2018 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
set -o errexit
set -o nounset
set -o pipefail
tmp_dir=$(mktemp -d -t install-go-tmp.XXXXXXXXXX)
script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
script_name="$(basename "${BASH_SOURCE[0]}")"
force=""
install_dest="/usr/local/"
finish() {
rm -rf "$tmp_dir"
}
die() {
echo >&2 "ERROR: $*"
exit 1
}
info() {
echo "INFO: $*"
}
usage(){
exit_code="$1"
cat <<EOF
Usage:
${script_name} [options]
Example:
${script_name}
Options
-d <path> : destination path, path where go will be installed.
-f : enable force install, remove existent go pkg before installation.
-h : display this help.
EOF
exit "$exit_code"
}
trap finish EXIT
go_version=${1:-}
rust_version=${2:-}
ARCH=${ARCH:-$(uname -m)}
case "${ARCH}" in
aarch64)
goarch=arm64
LIBC=musl
# This is a hack needed as part of Ubuntu 20.04
if [ ! -f /usr/bin/aarch64-linux-musl-gcc ]; then
ln -sf /usr/bin/musl-gcc /usr/bin/aarch64-linux-musl-gcc
fi
;;
ppc64le)
goarch=${ARCH}
ARCH=powerpc64le
LIBC=gnu
;;
s390x)
goarch=${ARCH}
LIBC=gnu
;;
x86_64)
goarch=amd64
LIBC=musl
;;
*)
echo "unsupported architecture $(uname -m)"
exit 1
;;
esac
curl --proto '=https' --tlsv1.2 https://sh.rustup.rs -sSLf | sh -s -- -y --default-toolchain ${rust_version} -t ${ARCH}-unknown-linux-${LIBC}
source /root/.cargo/env
rustup target add ${ARCH}-unknown-linux-${LIBC}
pushd "${tmp_dir}"
while getopts "d:fh" opt
do
case $opt in
d) install_dest="${OPTARG}" ;;
f) force="true" ;;
h) usage 0 ;;
esac
done
shift $(( $OPTIND - 1 ))
if [ -z "$go_version" ];then
echo "Missing go"
usage 1
fi
if command -v go; then
[[ "$(go version)" == *"go${go_version}"* ]] && \
info "Go ${go_version} already installed" && \
exit
if [ "${force}" = "true" ]; then
info "removing $(go version)"
sudo rm -rf "${install_dest}/go"
else
die "$(go version) is installed, use -f or remove it before install go ${go_version}"
fi
fi
info "Download go version ${go_version}"
kernel_name=$(uname -s)
curl -OL "https://storage.googleapis.com/golang/go${go_version}.${kernel_name,,}-${goarch}.tar.gz"
info "Install go"
mkdir -p "${install_dest}"
sudo tar -C "${install_dest}" -xzf "go${go_version}.${kernel_name,,}-${goarch}.tar.gz"
popd