ci: shim-v2 no sudo

Build shim-v2 without sudo docker this is not needed. This is part 6 of N Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>
2025-09-13 21:09:31 +00:00 · 2024-05-28 11:52:01 +00:00
parent a7931115a0
commit 25c784c568
3 changed files with 64 additions and 150 deletions
--- a/tools/packaging/static-build/shim-v2/Dockerfile
+++ b/tools/packaging/static-build/shim-v2/Dockerfile
@@ -5,6 +5,20 @@
 FROM ubuntu:20.04
 ENV DEBIAN_FRONTEND=noninteractive

+ENV GO_HOME="/opt"
+ENV GOCACHE="${GO_HOME}/.cache" 
+ENV RUSTUP_HOME="/opt/rustup"
+ENV CARGO_HOME="/opt/cargo"
+ENV PATH="/opt/cargo/bin/:/opt/go/bin:${PATH}"
+
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+RUN mkdir ${RUSTUP_HOME} ${CARGO_HOME} ${GOCACHE} && \
+    chmod -R a+rwX ${RUSTUP_HOME} ${CARGO_HOME} ${GO_HOME}
+
+ARG GO_VERSION
+ARG RUST_VERSION
+
 RUN apt-get update && \
    apt-get install -y --no-install-recommends \
        build-essential \
@@ -16,11 +30,34 @@ RUN apt-get update && \
        musl-tools \
        protobuf-compiler \
        sudo && \
-    apt-get clean && rm -rf /var/lib/apt/lists/
+        apt-get clean && rm -rf /var/lib/apt/lists/&& \
+        curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain ${RUST_VERSION}
    
-COPY install_go_rust.sh /usr/bin/install_go_rust.sh
-ARG GO_VERSION
-ARG RUST_VERSION
-RUN install_go_rust.sh "${GO_VERSION}" "${RUST_VERSION}"
-ENV PATH=/usr/local/go/bin:${PATH}
-ENV PATH=/root/.cargo/bin/:${PATH}
+RUN ARCH=$(uname -m); \
+   	rust_arch=""; \
+   	libc=""; \
+   	case "${ARCH}" in \
+        "aarch64") rust_arch="${ARCH}"; libc="musl"; ;; \
+        "ppc64le") rust_arch="powerpc64le"; libc="gnu"; ;; \
+        "x86_64") rust_arch="${ARCH}"; libc="musl"; ;; \
+        "s390x") rust_arch="${ARCH}"; libc="gnu"; ;; \
+        *) echo "Unsupported architecture: ${ARCH}" && exit 1 ;; \
+  	esac; \
+   	rustup target add "${rust_arch}-unknown-linux-${libc}" 
+        
+RUN ARCH=$(uname -m); \
+    goarch=""; \
+    kernelname=$(uname -s | tr '[:upper:]' '[:lower:]'); \
+   	case "${ARCH}" in \
+        "aarch64") goarch="arm64" ;; \
+        "ppc64le") goarch=${ARCH} ;; \
+        "x86_64") goarch="amd64" ;; \
+        "s390x") goarch=${ARCH} ;; \
+        *) echo "Unsupported architecture: ${ARCH}" && exit 1 ;; \
+    esac; \
+    curl -OL "https://storage.googleapis.com/golang/go${GO_VERSION}.${kernelname}-${goarch}.tar.gz" && \
+    tar -C "${GO_HOME}" -xzf "go${GO_VERSION}.${kernelname}-${goarch}.tar.gz" && \
+    rm "go${GO_VERSION}.${kernelname}-${goarch}.tar.gz"
+        
+# aarch64 requires this name -- link for all
+RUN ln -s /usr/bin/musl-gcc "/usr/bin/$(uname -m)-linux-musl-gcc"
--- a/tools/packaging/static-build/shim-v2/build.sh
+++ b/tools/packaging/static-build/shim-v2/build.sh
@@ -32,13 +32,13 @@ if [ "${MEASURED_ROOTFS}" == "yes" ]; then
 	[ -f "$root_hash_file" ] || \
 		die "Root hash file for measured rootfs not found at ${root_hash_file}"

-	root_hash=$(sudo sed -e 's/Root hash:\s*//g;t;d' "${root_hash_file}")
+	root_hash=$(sed -e 's/Root hash:\s*//g;t;d' "${root_hash_file}")
 	root_measure_config="rootfs_verity.scheme=dm-verity rootfs_verity.hash=${root_hash}"
 	EXTRA_OPTS+=" ROOTMEASURECONFIG=\"${root_measure_config}\""
 fi

-sudo docker pull ${container_image} || \
-	(sudo docker ${BUILDX} build ${PLATFORM}  \
+docker pull ${container_image} || \
+	(docker ${BUILDX} build ${PLATFORM}  \
 		--build-arg GO_VERSION="${GO_VERSION}" \
 		--build-arg RUST_VERSION="${RUST_VERSION}" \
 		-t "${container_image}" \
@@ -55,48 +55,50 @@ fi
 #Build rust project using cross build musl image to speed up
 [[ "${CROSS_BUILD}" == "true" && ${ARCH} != "s390x" ]] && container_image="messense/rust-musl-cross:${GCC_ARCH}-musl" && CC=${GCC_ARCH}-unknown-linux-musl-gcc

-sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
+docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
 	--env CROSS_BUILD=${CROSS_BUILD} \
 	--env ARCH=${ARCH} \
 	--env CC="${CC}" \
 	-w "${repo_root_dir}/src/runtime-rs" \
+	--user "$(id -u)":"$(id -g)" \
 	"${container_image}" \
-	bash -c "git config --global --add safe.directory ${repo_root_dir} && \
-		make clean-generated-files && make PREFIX=${PREFIX} QEMUCMD=qemu-system-${arch}"
+	bash -c "make clean-generated-files && make PREFIX=${PREFIX} QEMUCMD=qemu-system-${arch}"

-sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
+docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
 	--env CROSS_BUILD=${CROSS_BUILD} \
        --env ARCH=${ARCH} \
        --env CC="${CC}" \
 	-w "${repo_root_dir}/src/runtime-rs" \
+	--user "$(id -u)":"$(id -g)" \
 	"${container_image}" \
-	bash -c "git config --global --add safe.directory ${repo_root_dir} && make PREFIX="${PREFIX}" DESTDIR="${DESTDIR}" install"
+	bash -c "make PREFIX="${PREFIX}" DESTDIR="${DESTDIR}" install"

 [ "${CROSS_BUILD}" == "true" ] && container_image="${container_image_bk}-cross-build"

-sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
+docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
 	-w "${repo_root_dir}/src/runtime" \
+	--user "$(id -u)":"$(id -g)" \
 	"${container_image}" \
-	bash -c "git config --global --add safe.directory ${repo_root_dir} && \
-		make clean-generated-files && make PREFIX=${PREFIX} QEMUCMD=qemu-system-${arch} ${EXTRA_OPTS}"
+	bash -c "make clean-generated-files && make PREFIX=${PREFIX} QEMUCMD=qemu-system-${arch} ${EXTRA_OPTS}"

-sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
+docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
 	-w "${repo_root_dir}/src/runtime" \
+	--user "$(id -u)":"$(id -g)" \
 	"${container_image}" \
-	bash -c "git config --global --add safe.directory ${repo_root_dir} && make PREFIX="${PREFIX}" DESTDIR="${DESTDIR}" ${EXTRA_OPTS} install"
+	bash -c "make PREFIX="${PREFIX}" DESTDIR="${DESTDIR}" ${EXTRA_OPTS} install"

 for vmm in ${VMM_CONFIGS}; do
 	config_file="${DESTDIR}/${PREFIX}/share/defaults/kata-containers/configuration-${vmm}.toml"
 	if [ -f ${config_file} ]; then
 		if [ ${ARCH} == "ppc64le" ]; then
- 			sudo sed -i -e '/^image =/d' ${config_file}
- 			sudo sed -i 's/^# \(initrd =.*\)/\1/g' ${config_file}
+ 			sed -i -e '/^image =/d' ${config_file}
+ 			sed -i 's/^# \(initrd =.*\)/\1/g' ${config_file}
 		else
- 			sudo sed -i -e '/^initrd =/d' ${config_file}
+ 			sed -i -e '/^initrd =/d' ${config_file}
 		fi
 	fi
 done

 pushd "${DESTDIR}/${PREFIX}/share/defaults/kata-containers"
-	sudo ln -sf "configuration-qemu.toml" configuration.toml
+	ln -sf "configuration-qemu.toml" configuration.toml
 popd
--- a/tools/packaging/static-build/shim-v2/install_go_rust.sh
+++ b/tools/packaging/static-build/shim-v2/install_go_rust.sh
@@ -1,125 +0,0 @@
-#!/usr/bin/env bash
-#
-# Copyright (c) 2018 Intel Corporation
-#
-# SPDX-License-Identifier: Apache-2.0
-#
-
-set -o errexit
-set -o nounset
-set -o pipefail
-
-tmp_dir=$(mktemp -d -t install-go-tmp.XXXXXXXXXX)
-script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-script_name="$(basename "${BASH_SOURCE[0]}")"
-force=""
-
-install_dest="/usr/local/"
-
-finish() {
-	rm -rf "$tmp_dir"
-}
-
-die() {
-	echo >&2 "ERROR: $*"
-	exit 1
-}
-
-info() {
-	echo "INFO: $*"
-}
-
-usage(){
-	exit_code="$1"
-	cat <<EOF
-Usage:
-
-${script_name} [options]
-
-Example:
-${script_name}
-
-Options
-d <path> : destination path, path where go will be installed.
-f        : enable force install, remove existent go pkg before installation.
-h        : display this help.
-EOF
-
-	exit "$exit_code"
-}
-
-trap finish EXIT
-
-go_version=${1:-}
-rust_version=${2:-}
-
-ARCH=${ARCH:-$(uname -m)}
-case "${ARCH}" in
-	aarch64)
-		goarch=arm64
-		LIBC=musl
-		# This is a hack needed as part of Ubuntu 20.04
-		if [ ! -f /usr/bin/aarch64-linux-musl-gcc ]; then
-			ln -sf /usr/bin/musl-gcc /usr/bin/aarch64-linux-musl-gcc
-		fi
-		;;
-	ppc64le) 
-		goarch=${ARCH}
-		ARCH=powerpc64le
-		LIBC=gnu
-		;;
-	s390x)
-		goarch=${ARCH}
-		LIBC=gnu
-		;;
-	x86_64)
-		goarch=amd64
-		LIBC=musl
-		;;
-	*)
-		echo "unsupported architecture $(uname -m)"
-		exit 1
-		;;
-esac
-
-curl --proto '=https' --tlsv1.2 https://sh.rustup.rs -sSLf | sh -s -- -y --default-toolchain ${rust_version} -t ${ARCH}-unknown-linux-${LIBC}
-source /root/.cargo/env
-rustup target add ${ARCH}-unknown-linux-${LIBC}
-
-pushd "${tmp_dir}"
-
-while getopts "d:fh" opt
-do
-	case $opt in
-		d)	install_dest="${OPTARG}" ;;
-		f)	force="true" ;;
-		h)	usage 0 ;;
-	esac
-done
-
-shift $(( $OPTIND - 1 ))
-
-if [ -z "$go_version" ];then
-	echo "Missing go"
-	usage 1
-fi
-
-if command -v go; then
-	[[ "$(go version)" == *"go${go_version}"* ]] && \
-		info "Go ${go_version} already installed" && \
-		exit
-	if [ "${force}" = "true" ]; then
-		info "removing $(go version)"
-		sudo rm -rf "${install_dest}/go"
-	else
-		die "$(go version) is installed, use -f or remove it before install go ${go_version}"
-	fi
-fi
-
-info "Download go version ${go_version}"
-kernel_name=$(uname -s)
-curl -OL "https://storage.googleapis.com/golang/go${go_version}.${kernel_name,,}-${goarch}.tar.gz"
-info "Install go"
-mkdir -p "${install_dest}"
-sudo tar -C "${install_dest}" -xzf "go${go_version}.${kernel_name,,}-${goarch}.tar.gz"
-popd