From 9cba8c4c27451c3185e419e8e77ef960d7e87b63 Mon Sep 17 00:00:00 2001 From: Penny Zheng Date: Thu, 20 Feb 2020 09:54:09 +0800 Subject: [PATCH 1/4] musl: install musl on aarch64 The original musl-installing method is only for x86_64 and i386(see musl config.mak template file). musl.cc provides small and reliable pre-built musl toolchains for many architectures. Static so they run on supported platforms without dependencies. Fixes: #411 Signed-off-by: Penny Zheng --- scripts/lib.sh | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/scripts/lib.sh b/scripts/lib.sh index 1ddaa5fce1..c7a09aeb8b 100644 --- a/scripts/lib.sh +++ b/scripts/lib.sh @@ -296,9 +296,23 @@ RUN pushd /root; \ make install > /dev/null 2>\&1; \ popd " - local musl_tar="musl-${MUSL_VERSION}.tar.gz" - local musl_dir="musl-${MUSL_VERSION}" - readonly install_musl=" + # install musl for compiling rust-agent + install_musl= + if [ "${muslarch}" == "aarch64" ]; then + local musl_tar="${muslarch}-linux-musl-native.tgz" + local musl_dir="${muslarch}-linux-musl-native" + install_musl=" +RUN cd /tmp; \ + curl -sLO https://musl.cc/${musl_tar}; tar -zxf ${musl_tar}; \ + mkdir -p /usr/local/musl/; \ + cp -r ${musl_dir}/* /usr/local/musl/ +ENV PATH=\$PATH:/usr/local/musl/bin +RUN ln -sf /usr/local/musl/bin/g++ /usr/bin/g++ +" + else + local musl_tar="musl-${MUSL_VERSION}.tar.gz" + local musl_dir="musl-${MUSL_VERSION}" + install_musl=" RUN pushd /root; \ curl -sLO https://www.musl-libc.org/releases/${musl_tar}; tar -zxf ${musl_tar}; \ cd ${musl_dir}; \ @@ -310,6 +324,8 @@ RUN pushd /root; \ popd ENV PATH=\$PATH:/usr/local/musl/bin " + fi + readonly install_rust=" RUN curl --proto '=https' --tlsv1.2 https://sh.rustup.rs -sSLf --output /tmp/rust-init; \ chmod a+x /tmp/rust-init; \ From 41aaa36e6f32b97b537d3ccdf65e06c4df454c5c Mon Sep 17 00:00:00 2001 From: Penny Zheng Date: Thu, 20 Feb 2020 10:57:15 +0800 Subject: [PATCH 2/4] ubuntu/debian: create aarch64-specific Dockerfile.in The musl package in ubuntu/debian could not provide everything we need on aarch64. e.g. we need `aarch64-linux-musl-gcc` as linker, and it's not provided in package. Fixes: #411 Signed-off-by: Penny Zheng --- rootfs-builder/debian/Dockerfile-aarch64.in | 35 ++++++++++++++++++ rootfs-builder/ubuntu/Dockerfile-aarch64.in | 39 +++++++++++++++++++++ scripts/lib.sh | 11 ++++-- 3 files changed, 83 insertions(+), 2 deletions(-) create mode 100644 rootfs-builder/debian/Dockerfile-aarch64.in create mode 100644 rootfs-builder/ubuntu/Dockerfile-aarch64.in diff --git a/rootfs-builder/debian/Dockerfile-aarch64.in b/rootfs-builder/debian/Dockerfile-aarch64.in new file mode 100644 index 0000000000..e119d3599f --- /dev/null +++ b/rootfs-builder/debian/Dockerfile-aarch64.in @@ -0,0 +1,35 @@ +# +# Copyright (c) 2020 ARM Limited +# +# SPDX-License-Identifier: Apache-2.0 + +# NOTE: OS_VERSION is set according to config.sh +from docker.io/debian:@OS_VERSION@ + +# RUN commands +RUN apt-get update && apt-get install -y \ + autoconf \ + automake \ + binutils \ + build-essential \ + chrony \ + cmake \ + coreutils \ + curl \ + debianutils \ + debootstrap \ + g++ \ + gcc \ + git \ + libc-dev \ + libstdc++-6-dev \ + m4 \ + make \ + sed \ + systemd \ + tar \ + vim +# This will install the proper golang to build Kata components +@INSTALL_GO@ +@INSTALL_MUSL@ +@INSTALL_RUST@ diff --git a/rootfs-builder/ubuntu/Dockerfile-aarch64.in b/rootfs-builder/ubuntu/Dockerfile-aarch64.in new file mode 100644 index 0000000000..13bb09743e --- /dev/null +++ b/rootfs-builder/ubuntu/Dockerfile-aarch64.in @@ -0,0 +1,39 @@ +# +# Copyright (c) 2020 ARM Limited +# +# SPDX-License-Identifier: Apache-2.0 + +#ubuntu: docker image to be used to create a rootfs +#@OS_VERSION@: Docker image version to build this dockerfile +from docker.io/ubuntu:@OS_VERSION@ + +# This dockerfile needs to provide all the componets need to build a rootfs +# Install any package need to create a rootfs (package manager, extra tools) + +# RUN commands +RUN apt-get update && apt-get install -y \ + autoconf \ + automake \ + binutils \ + build-essential \ + chrony \ + cmake \ + coreutils \ + curl \ + debianutils \ + debootstrap \ + g++ \ + gcc \ + git \ + libc6-dev \ + libstdc++-8-dev \ + m4 \ + make \ + sed \ + systemd \ + tar \ + vim +# This will install the proper golang to build Kata components +@INSTALL_GO@ +@INSTALL_MUSL@ +@INSTALL_RUST@ diff --git a/scripts/lib.sh b/scripts/lib.sh index c7a09aeb8b..9f8aa54dc9 100644 --- a/scripts/lib.sh +++ b/scripts/lib.sh @@ -274,7 +274,6 @@ generate_dockerfile() curlOptions=("-OL") [ -n "${http_proxy:-}" ] && curlOptions+=("-x ${http_proxy:-}") - readonly dockerfile_template="Dockerfile.in" readonly install_go=" RUN cd /tmp ; curl ${curlOptions[@]} https://storage.googleapis.com/golang/go${GO_VERSION}.linux-${goarch}.tar.gz RUN tar -C /usr/ -xzf /tmp/go${GO_VERSION}.linux-${goarch}.tar.gz @@ -344,7 +343,15 @@ RUN ln -sf /usr/bin/g++ /bin/musl-g++ # rust agent still need go to build # because grpc-sys need go to build pushd ${dir} - [ -f "${dockerfile_template}" ] || die "${dockerfile_template}: file not found" + dockerfile_template="Dockerfile.in" + dockerfile_arch_template="Dockerfile-${architecture}.in" + # if arch-specific docker file exists, swap the univesal one with it. + if [ -f "${dockerfile_arch_template}" ]; then + dockerfile_template="${dockerfile_arch_template}" + else + [ -f "${dockerfile_template}" ] || die "${dockerfile_template}: file not found" + fi + # powerpc have no musl target, don't setup rust enviroment # since we cannot static link agent. Besides, there is # also long double representation problem when building musl-libc From a390a360dbdcef4f4516cf2e837259dd9f29aa06 Mon Sep 17 00:00:00 2001 From: Penny Zheng Date: Tue, 10 Mar 2020 13:57:47 +0800 Subject: [PATCH 3/4] rootfs: remove RUST_SRC_PATH If user wants to use customized rust-agent, they could use AGENT_SOURCE_BIN to pass the static binary. The rust-agent is always statically linked with musl. Fixes: #411 Signed-off-by: Penny Zheng --- rootfs-builder/rootfs.sh | 19 ++++--------------- scripts/lib.sh | 2 +- 2 files changed, 5 insertions(+), 16 deletions(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 5a5655ec17..f0dd260aaa 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -17,7 +17,6 @@ GO_AGENT_PKG=${GO_AGENT_PKG:-github.com/kata-containers/agent} RUST_AGENT_PKG=${RUST_AGENT_PKG:-github.com/kata-containers/kata-containers} RUST_AGENT=${RUST_AGENT:-no} RUST_VERSION="null" -RUST_SRC_PATH=${RUST_SRC_PATH:-${HOME}/rust} CMAKE_VERSION=${CMAKE_VERSION:-"null"} MUSL_VERSION=${MUSL_VERSION:-"null"} AGENT_BIN=${AGENT_BIN:-kata-agent} @@ -107,9 +106,6 @@ RUST_AGENT When set to "yes", build kata-agent from kata-rust-agent ins RUST_AGENT_PKG URL of the Git repository hosting the agent package. Default value: ${RUST_AGENT_PKG} -RUST_SRC_PATH Path of the source code - Default value: ${RUST_SRC_PATH} - AGENT_VERSION Version of the agent to include in the rootfs. Default value: ${AGENT_VERSION:-} @@ -281,7 +277,6 @@ check_env_variables() if [ -z "${AGENT_SOURCE_BIN}" ]; then [ "$RUST_AGENT" == "yes" -o "$RUST_AGENT" == "no" ] || die "RUST_AGENT($RUST_AGENT) is invalid (must be yes or no)" - mkdir -p ${RUST_SRC_PATH} || : fi [ -n "${KERNEL_MODULES_DIR}" ] && [ ! -d "${KERNEL_MODULES_DIR}" ] && die "KERNEL_MODULES_DIR defined but is not an existing directory" @@ -392,7 +387,7 @@ build_rootfs_distro() if [ "$RUST_AGENT" == "no" ]; then docker_run_args+=" --env GO_AGENT_PKG=${GO_AGENT_PKG}" else - docker_run_args+=" --env RUST_AGENT_PKG=${RUST_AGENT_PKG} -v ${RUST_SRC_PATH}:${RUST_SRC_PATH} --env RUST_SRC_PATH=${RUST_SRC_PATH}" + docker_run_args+=" --env RUST_AGENT_PKG=${RUST_AGENT_PKG}" fi docker_run_args+=" --env RUST_AGENT=${RUST_AGENT} -v ${GOPATH_LOCAL}:${GOPATH_LOCAL} --env GOPATH=${GOPATH_LOCAL}" else @@ -405,9 +400,6 @@ build_rootfs_distro() # Relabel volumes so SELinux allows access (see docker-run(1)) if command -v selinuxenabled > /dev/null && selinuxenabled ; then SRC_VOL=("${GOPATH_LOCAL}") - if [ "${RUST_AGENT}" == "yes" ]; then - SRC_VOL+=("${RUST_SRC_PATH}") - fi for volume_dir in "${script_dir}" \ "${ROOTFS_DIR}" \ @@ -570,12 +562,9 @@ EOT # looks like $HOME is resolved to empty when # container is started source "${HOME}/.cargo/env" - local -r agent_dir="$(basename ${RUST_AGENT_PKG})/src/agent" - pushd "${RUST_SRC_PATH}" - if [ ! -d ${RUST_SRC_PATH}/${agent_dir} ]; then - git clone https://${RUST_AGENT_PKG}.git - fi - cd ${agent_dir} + git clone https://${RUST_AGENT_PKG}.git + local -r agent_dir="${GOPATH_LOCAL}/src/${RUST_AGENT_PKG}/src/agent" + pushd "${agent_dir}" # checkout correct version [ -n "${AGENT_VERSION}" ] && git checkout "${AGENT_VERSION}" && OK "git checkout successful" make clean diff --git a/scripts/lib.sh b/scripts/lib.sh index 9f8aa54dc9..d585da4072 100644 --- a/scripts/lib.sh +++ b/scripts/lib.sh @@ -199,7 +199,7 @@ create_summary_file() if [ "${RUST_AGENT}" == "no" ]; then agent_version=$("$agent" --version|awk '{print $NF}') else - local -r agentdir="${RUST_SRC_PATH}/$(basename ${RUST_AGENT_PKG} .git)/src/agent" + local -r agentdir="${GOPATH}/src/${RUST_AGENT_PKG}/src/agent" agent_version=$(cat ${agentdir}/VERSION) fi From 67343a178c111ba986dfb4ea5220284f178907dc Mon Sep 17 00:00:00 2001 From: Penny Zheng Date: Tue, 10 Mar 2020 14:06:33 +0800 Subject: [PATCH 4/4] rust-agent: Separate the build up of rust-agent and go-agent Separate the build up of rust-agent and go-agent, hence you only select one as kata-agent. I've added the generation of rust-agent systemd service files into rust-agent Makefile. Therefore, we could use same `make` commands to build go-agent and rust-agent. Fixes: #411 Signed-off-by: Penny Zheng --- rootfs-builder/rootfs.sh | 35 ++++++++++++++++------------------- 1 file changed, 16 insertions(+), 19 deletions(-) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index f0dd260aaa..692321e56d 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -544,34 +544,31 @@ EOT AGENT_DEST="${AGENT_DIR}/${AGENT_BIN}" if [ -z "${AGENT_SOURCE_BIN}" ] ; then + if [ "$RUST_AGENT" != "yes" ]; then + agent_pkg="${GO_AGENT_PKG}" + agent_dir="${GOPATH_LOCAL}/src/${GO_AGENT_PKG}" + else + # The PATH /.cargo/bin is apparently wrong + # looks like $HOME is resolved to empty when + # container is started + source "${HOME}/.cargo/env" + agent_pkg="${RUST_AGENT_PKG}" + agent_dir="${GOPATH_LOCAL}/src/${RUST_AGENT_PKG}/src/agent" + # For now, rust-agent doesn't support seccomp yet. + SECCOMP="no" + fi + info "Pull Agent source code" - go get -d "${GO_AGENT_PKG}" || true + go get -d "${agent_pkg}" || true OK "Pull Agent source code" info "Build agent" - pushd "${GOPATH_LOCAL}/src/${GO_AGENT_PKG}" + pushd "${agent_dir}" [ -n "${AGENT_VERSION}" ] && git checkout "${AGENT_VERSION}" && OK "git checkout successful" || info "checkout failed!" make clean make INIT=${AGENT_INIT} make install DESTDIR="${ROOTFS_DIR}" INIT=${AGENT_INIT} SECCOMP=${SECCOMP} popd - if [ "$RUST_AGENT" == "yes" ]; then - # build rust agent - info "Build rust agent" - # The PATH /.cargo/bin is apparently wrong - # looks like $HOME is resolved to empty when - # container is started - source "${HOME}/.cargo/env" - git clone https://${RUST_AGENT_PKG}.git - local -r agent_dir="${GOPATH_LOCAL}/src/${RUST_AGENT_PKG}/src/agent" - pushd "${agent_dir}" - # checkout correct version - [ -n "${AGENT_VERSION}" ] && git checkout "${AGENT_VERSION}" && OK "git checkout successful" - make clean - make - make install DESTDIR="${ROOTFS_DIR}" - popd - fi else cp ${AGENT_SOURCE_BIN} ${AGENT_DEST} OK "cp ${AGENT_SOURCE_BIN} ${AGENT_DEST}"