From 2e49586445d399fea2d137c6f142ca4735b54c6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Thu, 13 Oct 2022 21:53:15 +0200 Subject: [PATCH] virtiofsd: Build inside a container MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When moving to building the CI artefacts using the kata-deploy scripts, we've noticed that the build would fail on any machine where the tarball wasn't officially provided. This happens as rust is missing from the 1st layer container. However, it's a very common practice to leave the 1st layer container with the minimum possible dependencies and install whatever is needed for building a specific component in a 2nd layer container, which virtiofsd never had. In this commit we introduce the second layer containers (yes, comtainers), one for building virtiofsd using musl, and one for building virtiofsd using glibc. The reason for taking this approach was to actually simplify the scripts and avoid building the dependencies (libseccomp, libcap-ng) using musl libc. Fixes: #5425 Signed-off-by: Fabiano FidĂȘncio (cherry picked from commit 7e5941c578b1d70894640924e62924eb8944d7fc) --- .../local-build/kata-deploy-binaries.sh | 2 +- .../virtiofsd/build-static-virtiofsd.sh | 19 +++--- .../packaging/static-build/virtiofsd/build.sh | 61 +++++++++++++++++++ .../static-build/virtiofsd/gnu/Dockerfile | 19 ++++++ .../static-build/virtiofsd/musl/Dockerfile | 16 +++++ 5 files changed, 109 insertions(+), 8 deletions(-) create mode 100755 tools/packaging/static-build/virtiofsd/build.sh create mode 100644 tools/packaging/static-build/virtiofsd/gnu/Dockerfile create mode 100644 tools/packaging/static-build/virtiofsd/musl/Dockerfile diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh index 78fb8326b4..e1e7250788 100755 --- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh @@ -26,7 +26,7 @@ readonly firecracker_builder="${static_build_dir}/firecracker/build-static-firec readonly kernel_builder="${static_build_dir}/kernel/build.sh" readonly qemu_builder="${static_build_dir}/qemu/build-static-qemu.sh" readonly shimv2_builder="${static_build_dir}/shim-v2/build.sh" -readonly virtiofsd_builder="${static_build_dir}/virtiofsd/build-static-virtiofsd.sh" +readonly virtiofsd_builder="${static_build_dir}/virtiofsd/build.sh" readonly rootfs_builder="${repo_root_dir}/tools/packaging/guest-image/build_image.sh" diff --git a/tools/packaging/static-build/virtiofsd/build-static-virtiofsd.sh b/tools/packaging/static-build/virtiofsd/build-static-virtiofsd.sh index 30eb14a952..90d6d6fa57 100755 --- a/tools/packaging/static-build/virtiofsd/build-static-virtiofsd.sh +++ b/tools/packaging/static-build/virtiofsd/build-static-virtiofsd.sh @@ -16,10 +16,13 @@ script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" source "${script_dir}/../../scripts/lib.sh" +virtiofsd_repo="${virtiofsd_repo:-}" virtiofsd_version="${virtiofsd_version:-}" +virtiofsd_zip="${virtiofsd_zip:-}" -[ -n "$virtiofsd_version" ] || virtiofsd_version=$(get_from_kata_deps "externals.virtiofsd.version") +[ -n "$virtiofsd_repo" ] || die "failed to get virtiofsd repo" [ -n "$virtiofsd_version" ] || die "failed to get virtiofsd version" +[ -n "${virtiofsd_zip}" ] || die "failed to get virtiofsd binary URL" [ -d "virtiofsd" ] && rm -r virtiofsd @@ -28,8 +31,6 @@ pull_virtiofsd_released_binary() { info "Only x86_64 binaries are distributed as part of the virtiofsd releases" && return 1 fi info "Download virtiofsd version: ${virtiofsd_version}" - virtiofsd_zip=$(get_from_kata_deps "externals.virtiofsd.meta.binary") - [ -n "${virtiofsd_zip}" ] || die "failed to get virtiofsd binary URL" mkdir -p virtiofsd @@ -44,31 +45,35 @@ pull_virtiofsd_released_binary() { } init_env() { + source "$HOME/.cargo/env" + case ${ARCH} in "aarch64") LIBC="musl" + ARCH_LIBC="" ;; "ppc64le") LIBC="gnu" ARCH="powerpc64le" + ARCH_LIBC=${ARCH}-linux-${LIBC} ;; "s390x") LIBC="gnu" + ARCH_LIBC=${ARCH}-linux-${LIBC} ;; "x86_64") LIBC="musl" + ARCH_LIBC="" + ;; esac - ARCH_LIBC=${ARCH}-linux-${LIBC} } build_virtiofsd_from_source() { echo "build viriofsd from source" init_env - virtiofsd_url=$(get_from_kata_deps "externals.virtiofsd.url") - - git clone --depth 1 --branch ${virtiofsd_version} ${virtiofsd_url} virtiofsd + git clone --depth 1 --branch ${virtiofsd_version} ${virtiofsd_repo} virtiofsd pushd virtiofsd export RUSTFLAGS='-C target-feature=+crt-static -C link-self-contained=yes' diff --git a/tools/packaging/static-build/virtiofsd/build.sh b/tools/packaging/static-build/virtiofsd/build.sh new file mode 100755 index 0000000000..64441d2aef --- /dev/null +++ b/tools/packaging/static-build/virtiofsd/build.sh @@ -0,0 +1,61 @@ +#!/usr/bin/env bash +# +# Copyright (c) 2022 Intel +# +# SPDX-License-Identifier: Apache-2.0 + +set -o errexit +set -o nounset +set -o pipefail + +script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +readonly repo_root_dir="$(cd "${script_dir}/../../../.." && pwd)" +readonly virtiofsd_builder="${script_dir}/build-static-virtiofsd.sh" + +source "${script_dir}/../../scripts/lib.sh" + +DESTDIR=${DESTDIR:-${PWD}} +PREFIX=${PREFIX:-/opt/kata} +container_image="kata-virtiofsd-builder" +kata_version="${kata_version:-}" +virtiofsd_repo="${virtiofsd_repo:-}" +virtiofsd_version="${virtiofsd_version:-}" +virtiofsd_zip="${virtiofsd_zip:-}" +package_output_dir="${package_output_dir:-}" + +[ -n "${virtiofsd_repo}" ] || virtiofsd_repo=$(get_from_kata_deps "externals.virtiofsd.url") +[ -n "${virtiofsd_version}" ] || virtiofsd_version=$(get_from_kata_deps "externals.virtiofsd.version") +[ -n "${virtiofsd_zip}" ] || virtiofsd_zip=$(get_from_kata_deps "externals.virtiofsd.meta.binary") + +[ -n "${virtiofsd_repo}" ] || die "Failed to get virtiofsd repo" +[ -n "${virtiofsd_version}" ] || die "Failed to get virtiofsd version or commit" +[ -n "${virtiofsd_zip}" ] || die "Failed to get virtiofsd binary URL" + +ARCH=$(uname -m) +case ${ARCH} in + "aarch64") + libc="musl" + ;; + "ppc64le") + libc="gnu" + ;; + "s390x") + libc="gnu" + ;; + "x86_64") + libc="musl" + ;; +esac + +sudo docker build \ + -t "${container_image}" "${script_dir}/${libc}" + +sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \ + -w "${PWD}" \ + --env DESTDIR="${DESTDIR}" \ + --env PREFIX="${PREFIX}" \ + --env virtiofsd_repo="${virtiofsd_repo}" \ + --env virtiofsd_version="${virtiofsd_version}" \ + --env virtiofsd_zip="${virtiofsd_zip}" \ + "${container_image}" \ + bash -c "${virtiofsd_builder}" diff --git a/tools/packaging/static-build/virtiofsd/gnu/Dockerfile b/tools/packaging/static-build/virtiofsd/gnu/Dockerfile new file mode 100644 index 0000000000..c214dfc415 --- /dev/null +++ b/tools/packaging/static-build/virtiofsd/gnu/Dockerfile @@ -0,0 +1,19 @@ +# Copyright (c) 2022 Intel +# +# SPDX-License-Identifier: Apache-2.0 + +FROM ubuntu:20.04 +ENV DEBIAN_FRONTEND=noninteractive +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + build-essential \ + ca-certificates \ + curl \ + git \ + libcap-ng-dev \ + libseccomp-dev \ + unzip && \ + apt-get clean && rm -rf /var/lib/lists/ && \ + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y diff --git a/tools/packaging/static-build/virtiofsd/musl/Dockerfile b/tools/packaging/static-build/virtiofsd/musl/Dockerfile new file mode 100644 index 0000000000..9b9bb93b90 --- /dev/null +++ b/tools/packaging/static-build/virtiofsd/musl/Dockerfile @@ -0,0 +1,16 @@ +# Copyright (c) 2022 Intel +# +# SPDX-License-Identifier: Apache-2.0 + +FROM alpine:3.16.2 + +SHELL ["/bin/ash", "-o", "pipefail", "-c"] +RUN apk --no-cache add \ + bash \ + curl \ + gcc \ + git \ + libcap-ng-static \ + libseccomp-static \ + musl-dev && \ + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y