virtiofsd: Build inside a container

When moving to building the CI artefacts using the kata-deploy scripts, we've noticed that the build would fail on any machine where the tarball wasn't officially provided. This happens as rust is missing from the 1st layer container. However, it's a very common practice to leave the 1st layer container with the minimum possible dependencies and install whatever is needed for building a specific component in a 2nd layer container, which virtiofsd never had. In this commit we introduce the second layer containers (yes, comtainers), one for building virtiofsd using musl, and one for building virtiofsd using glibc. The reason for taking this approach was to actually simplify the scripts and avoid building the dependencies (libseccomp, libcap-ng) using musl libc. Fixes: #5425 Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com> (cherry picked from commit 7e5941c578)
2025-06-05 21:53:20 +00:00 · 2022-10-13 21:53:15 +02:00 · 2022-10-13 21:53:15 +02:00 · 2e49586445
commit 2e49586445
parent e2a8815ba4
5 changed files with 109 additions and 8 deletions
--- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
@ -26,7 +26,7 @@ readonly firecracker_builder="${static_build_dir}/firecracker/build-static-firec
 readonly kernel_builder="${static_build_dir}/kernel/build.sh"
 readonly qemu_builder="${static_build_dir}/qemu/build-static-qemu.sh"
 readonly shimv2_builder="${static_build_dir}/shim-v2/build.sh"
-readonly virtiofsd_builder="${static_build_dir}/virtiofsd/build-static-virtiofsd.sh"
+readonly virtiofsd_builder="${static_build_dir}/virtiofsd/build.sh"

 readonly rootfs_builder="${repo_root_dir}/tools/packaging/guest-image/build_image.sh"

--- a/tools/packaging/static-build/virtiofsd/build-static-virtiofsd.sh
+++ b/tools/packaging/static-build/virtiofsd/build-static-virtiofsd.sh
@ -16,10 +16,13 @@ script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"

 source "${script_dir}/../../scripts/lib.sh"

+virtiofsd_repo="${virtiofsd_repo:-}"
 virtiofsd_version="${virtiofsd_version:-}"
+virtiofsd_zip="${virtiofsd_zip:-}"

-[ -n "$virtiofsd_version" ] || virtiofsd_version=$(get_from_kata_deps "externals.virtiofsd.version")
+[ -n "$virtiofsd_repo" ] || die "failed to get virtiofsd repo"
 [ -n "$virtiofsd_version" ] || die "failed to get virtiofsd version"
+[ -n "${virtiofsd_zip}" ] || die "failed to get virtiofsd binary URL"

 [ -d "virtiofsd" ] && rm -r virtiofsd

@ -28,8 +31,6 @@ pull_virtiofsd_released_binary() {
 	info "Only x86_64 binaries are distributed as part of the virtiofsd releases" && return 1
    fi
    info "Download virtiofsd version: ${virtiofsd_version}"
-    virtiofsd_zip=$(get_from_kata_deps "externals.virtiofsd.meta.binary")
-    [ -n "${virtiofsd_zip}" ] || die "failed to get virtiofsd binary URL"

    mkdir -p virtiofsd

@ -44,31 +45,35 @@ pull_virtiofsd_released_binary() {
 }

 init_env() {
+   source "$HOME/.cargo/env"
+
   case ${ARCH} in
     "aarch64")
       LIBC="musl"
+       ARCH_LIBC=""
     ;;
     "ppc64le")
       LIBC="gnu"
       ARCH="powerpc64le"
+       ARCH_LIBC=${ARCH}-linux-${LIBC}
     ;;
     "s390x")
       LIBC="gnu"
+       ARCH_LIBC=${ARCH}-linux-${LIBC}
     ;;
     "x86_64")
       LIBC="musl"
+       ARCH_LIBC=""
+     ;;
  esac

-    ARCH_LIBC=${ARCH}-linux-${LIBC}
 }
 	   
 build_virtiofsd_from_source() {
   echo "build viriofsd from source"
   init_env

-   virtiofsd_url=$(get_from_kata_deps "externals.virtiofsd.url")
-
-   git clone --depth 1 --branch ${virtiofsd_version} ${virtiofsd_url} virtiofsd
+   git clone --depth 1 --branch ${virtiofsd_version} ${virtiofsd_repo} virtiofsd
   pushd virtiofsd

   export RUSTFLAGS='-C target-feature=+crt-static -C link-self-contained=yes'
--- a/tools/packaging/static-build/virtiofsd/build.sh
+++ b/tools/packaging/static-build/virtiofsd/build.sh
@ -0,0 +1,61 @@
+#!/usr/bin/env bash
+#
+# Copyright (c) 2022 Intel
+#
+# SPDX-License-Identifier: Apache-2.0
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+readonly repo_root_dir="$(cd "${script_dir}/../../../.." && pwd)"
+readonly virtiofsd_builder="${script_dir}/build-static-virtiofsd.sh"
+
+source "${script_dir}/../../scripts/lib.sh"
+
+DESTDIR=${DESTDIR:-${PWD}}
+PREFIX=${PREFIX:-/opt/kata}
+container_image="kata-virtiofsd-builder"
+kata_version="${kata_version:-}"
+virtiofsd_repo="${virtiofsd_repo:-}"
+virtiofsd_version="${virtiofsd_version:-}"
+virtiofsd_zip="${virtiofsd_zip:-}"
+package_output_dir="${package_output_dir:-}"
+
+[ -n "${virtiofsd_repo}" ] || virtiofsd_repo=$(get_from_kata_deps "externals.virtiofsd.url")
+[ -n "${virtiofsd_version}" ] || virtiofsd_version=$(get_from_kata_deps "externals.virtiofsd.version")
+[ -n "${virtiofsd_zip}" ] || virtiofsd_zip=$(get_from_kata_deps "externals.virtiofsd.meta.binary")
+
+[ -n "${virtiofsd_repo}" ] || die "Failed to get virtiofsd repo"
+[ -n "${virtiofsd_version}" ] || die "Failed to get virtiofsd version or commit"
+[ -n "${virtiofsd_zip}" ] || die "Failed to get virtiofsd binary URL"
+
+ARCH=$(uname -m)
+case ${ARCH} in
+	"aarch64")
+		libc="musl"
+		;;
+	"ppc64le")
+		libc="gnu"
+		;;
+	"s390x")
+		libc="gnu"
+		;;
+	"x86_64")
+		libc="musl"
+		;;
+esac
+
+sudo docker build \
+	-t "${container_image}" "${script_dir}/${libc}"
+
+sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
+	-w "${PWD}" \
+	--env DESTDIR="${DESTDIR}" \
+	--env PREFIX="${PREFIX}" \
+	--env virtiofsd_repo="${virtiofsd_repo}" \
+	--env virtiofsd_version="${virtiofsd_version}" \
+	--env virtiofsd_zip="${virtiofsd_zip}" \
+	"${container_image}" \
+	bash -c "${virtiofsd_builder}"
--- a/tools/packaging/static-build/virtiofsd/gnu/Dockerfile
+++ b/tools/packaging/static-build/virtiofsd/gnu/Dockerfile
@ -0,0 +1,19 @@
+# Copyright (c) 2022 Intel
+#
+# SPDX-License-Identifier: Apache-2.0
+
+FROM ubuntu:20.04
+ENV DEBIAN_FRONTEND=noninteractive
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+        build-essential \
+        ca-certificates \
+        curl \
+        git \
+        libcap-ng-dev \
+        libseccomp-dev \
+        unzip && \
+    apt-get clean && rm -rf /var/lib/lists/ && \
+    curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
--- a/tools/packaging/static-build/virtiofsd/musl/Dockerfile
+++ b/tools/packaging/static-build/virtiofsd/musl/Dockerfile
@ -0,0 +1,16 @@
+# Copyright (c) 2022 Intel
+#
+# SPDX-License-Identifier: Apache-2.0
+
+FROM alpine:3.16.2
+
+SHELL ["/bin/ash", "-o", "pipefail", "-c"]
+RUN apk --no-cache add \
+        bash \
+        curl \
+        gcc \
+        git \
+        libcap-ng-static \
+        libseccomp-static \
+        musl-dev && \
+    curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y