From 5c3e55362442726f9234cd2d1a2382f4fde5dcc4 Mon Sep 17 00:00:00 2001 From: Jakob Naucke Date: Mon, 7 Mar 2022 11:56:45 +0100 Subject: [PATCH 1/6] osbuilder: apk add --no-cache Hadolint DL3019. If you're wondering why this is in this PR, that's because I touch the file later, and we're only triggering the lints for changed files. Signed-off-by: Jakob Naucke --- tools/osbuilder/rootfs-builder/alpine/Dockerfile.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/osbuilder/rootfs-builder/alpine/Dockerfile.in b/tools/osbuilder/rootfs-builder/alpine/Dockerfile.in index 802506d099..45e33a788f 100644 --- a/tools/osbuilder/rootfs-builder/alpine/Dockerfile.in +++ b/tools/osbuilder/rootfs-builder/alpine/Dockerfile.in @@ -6,7 +6,7 @@ ARG IMAGE_REGISTRY=docker.io FROM ${IMAGE_REGISTRY}/alpine:3.15 -RUN apk update && apk add \ +RUN apk update && apk add --no-cache \ apk-tools-static \ autoconf \ automake \ From 0072cc2b66ea4423275cb8abea548e045f3e91e0 Mon Sep 17 00:00:00 2001 From: Jakob Naucke Date: Fri, 4 Mar 2022 18:22:19 +0100 Subject: [PATCH 2/6] osbuilder: Remove musl installations Remove a lot of cruft of musl installations -- we needed those for the Go agent, but Rustup just takes care of everything. aarch64 on Debian-based & Alpine is an exception -- create a symlink `aarch64-linux-musl-gcc` to `musl-tools`'s `musl-gcc` or `gcc` on Alpine. This is unified -- arch-specific Dockerfiles are removed. Signed-off-by: Jakob Naucke --- ci/install_musl.sh | 24 ----- tools/osbuilder/dracut/Dockerfile.in | 3 - .../rootfs-builder/alpine/Dockerfile.in | 2 + .../rootfs-builder/clearlinux/Dockerfile.in | 1 - .../debian/Dockerfile-aarch64.in | 34 ------ .../rootfs-builder/debian/Dockerfile.in | 4 +- tools/osbuilder/rootfs-builder/rootfs.sh | 9 -- .../template/Dockerfile.template | 1 - .../ubuntu/Dockerfile-aarch64.in | 43 -------- .../rootfs-builder/ubuntu/Dockerfile.in | 4 +- tools/osbuilder/scripts/lib.sh | 101 ++---------------- tools/osbuilder/tests/test_images.sh | 2 - versions.yaml | 13 --- 13 files changed, 13 insertions(+), 228 deletions(-) delete mode 100755 ci/install_musl.sh delete mode 100644 tools/osbuilder/rootfs-builder/debian/Dockerfile-aarch64.in delete mode 100644 tools/osbuilder/rootfs-builder/ubuntu/Dockerfile-aarch64.in diff --git a/ci/install_musl.sh b/ci/install_musl.sh deleted file mode 100755 index 4beec29113..0000000000 --- a/ci/install_musl.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/usr/bin/env bash -# Copyright (c) 2020 Ant Group -# -# SPDX-License-Identifier: Apache-2.0 -# - -set -e - -install_aarch64_musl() { - local arch=$(uname -m) - if [ "${arch}" == "aarch64" ]; then - local musl_tar="${arch}-linux-musl-native.tgz" - local musl_dir="${arch}-linux-musl-native" - pushd /tmp - if curl -sLO --fail https://musl.cc/${musl_tar}; then - tar -zxf ${musl_tar} - mkdir -p /usr/local/musl/ - cp -r ${musl_dir}/* /usr/local/musl/ - fi - popd - fi -} - -install_aarch64_musl diff --git a/tools/osbuilder/dracut/Dockerfile.in b/tools/osbuilder/dracut/Dockerfile.in index f84838bc3d..e80fa374a3 100644 --- a/tools/osbuilder/dracut/Dockerfile.in +++ b/tools/osbuilder/dracut/Dockerfile.in @@ -36,7 +36,4 @@ RUN zypper --non-interactive refresh; \ zypper --non-interactive clean --all; -# This will install the proper golang to build Kata components -@INSTALL_MUSL@ -@INSTALL_GO@ @INSTALL_RUST@ diff --git a/tools/osbuilder/rootfs-builder/alpine/Dockerfile.in b/tools/osbuilder/rootfs-builder/alpine/Dockerfile.in index 45e33a788f..c9c4f0fba1 100644 --- a/tools/osbuilder/rootfs-builder/alpine/Dockerfile.in +++ b/tools/osbuilder/rootfs-builder/alpine/Dockerfile.in @@ -26,3 +26,5 @@ RUN apk update && apk add --no-cache \ musl-dev \ protoc \ tar +# aarch64 requires this name -- link for all +RUN ln -s /usr/bin/gcc "/usr/bin/$(uname -m)-linux-musl-gcc" diff --git a/tools/osbuilder/rootfs-builder/clearlinux/Dockerfile.in b/tools/osbuilder/rootfs-builder/clearlinux/Dockerfile.in index b38990a9e0..ac5b0ff748 100644 --- a/tools/osbuilder/rootfs-builder/clearlinux/Dockerfile.in +++ b/tools/osbuilder/rootfs-builder/clearlinux/Dockerfile.in @@ -37,5 +37,4 @@ RUN dnf -y update && dnf install -y \ dnf clean all # This will install the proper packages to build Kata components -@INSTALL_MUSL@ @INSTALL_RUST@ diff --git a/tools/osbuilder/rootfs-builder/debian/Dockerfile-aarch64.in b/tools/osbuilder/rootfs-builder/debian/Dockerfile-aarch64.in deleted file mode 100644 index 727506f47a..0000000000 --- a/tools/osbuilder/rootfs-builder/debian/Dockerfile-aarch64.in +++ /dev/null @@ -1,34 +0,0 @@ -# -# Copyright (c) 2020 ARM Limited -# -# SPDX-License-Identifier: Apache-2.0 - -ARG IMAGE_REGISTRY=docker.io -# NOTE: OS_VERSION is set according to config.sh -FROM ${IMAGE_REGISTRY}/debian:@OS_VERSION@ - -# RUN commands -RUN apt-get update && apt-get install -y \ - autoconf \ - automake \ - binutils \ - build-essential \ - chrony \ - coreutils \ - curl \ - debianutils \ - debootstrap \ - g++ \ - gcc \ - git \ - libc-dev \ - libstdc++-8-dev \ - m4 \ - make \ - sed \ - systemd \ - tar \ - vim -# This will install the proper packages to build Kata components -@INSTALL_MUSL@ -@INSTALL_RUST@ diff --git a/tools/osbuilder/rootfs-builder/debian/Dockerfile.in b/tools/osbuilder/rootfs-builder/debian/Dockerfile.in index 685dd0f4d5..0220598570 100644 --- a/tools/osbuilder/rootfs-builder/debian/Dockerfile.in +++ b/tools/osbuilder/rootfs-builder/debian/Dockerfile.in @@ -27,14 +27,14 @@ RUN apt-get update && apt-get --no-install-recommends install -y \ libstdc++-8-dev \ m4 \ make \ - musl \ - musl-dev \ musl-tools \ sed \ systemd \ tar \ vim \ wget +# aarch64 requires this name -- link for all +RUN ln -s /usr/bin/musl-gcc "/usr/bin/$(uname -m)-linux-musl-gcc" # This will install the proper packages to build Kata components @INSTALL_RUST@ diff --git a/tools/osbuilder/rootfs-builder/rootfs.sh b/tools/osbuilder/rootfs-builder/rootfs.sh index 80633a0451..07f8ea89ec 100755 --- a/tools/osbuilder/rootfs-builder/rootfs.sh +++ b/tools/osbuilder/rootfs-builder/rootfs.sh @@ -14,7 +14,6 @@ script_name="${0##*/}" script_dir="$(dirname $(readlink -f $0))" AGENT_VERSION=${AGENT_VERSION:-} RUST_VERSION="null" -MUSL_VERSION=${MUSL_VERSION:-"null"} AGENT_BIN=${AGENT_BIN:-kata-agent} AGENT_INIT=${AGENT_INIT:-no} KERNEL_MODULES_DIR=${KERNEL_MODULES_DIR:-""} @@ -335,11 +334,6 @@ build_rootfs_distro() echo "Required rust version: $RUST_VERSION" - detect_musl_version || - die "Could not detect the required musl version for AGENT_VERSION='${AGENT_VERSION:-main}'." - - echo "Required musl version: $MUSL_VERSION" - if [ -z "${USE_DOCKER}" ] && [ -z "${USE_PODMAN}" ]; then info "build directly" build_rootfs ${ROOTFS_DIR} @@ -544,7 +538,6 @@ EOT LIBC=gnu echo "WARNING: Forcing LIBC=gnu because $ARCH has no musl Rust target" fi - [ "$LIBC" == "musl" ] && bash ${script_dir}/../../../ci/install_musl.sh test -r "${HOME}/.cargo/env" && source "${HOME}/.cargo/env" # rust agent needs ${arch}-unknown-linux-${LIBC} if ! (rustup show | grep -v linux-${LIBC} > /dev/null); then @@ -555,7 +548,6 @@ EOT bash ${script_dir}/../../../ci/install_rust.sh ${RUST_VERSION} fi test -r "${HOME}/.cargo/env" && source "${HOME}/.cargo/env" - [ "$ARCH" == "aarch64" ] && OLD_PATH=$PATH && export PATH=$PATH:/usr/local/musl/bin agent_dir="${script_dir}/../../../src/agent/" @@ -577,7 +569,6 @@ EOT make clean make LIBC=${LIBC} INIT=${AGENT_INIT} SECCOMP=${SECCOMP} make install DESTDIR="${ROOTFS_DIR}" LIBC=${LIBC} INIT=${AGENT_INIT} - [ "$ARCH" == "aarch64" ] && export PATH=$OLD_PATH && rm -rf /usr/local/musl if [ "${SECCOMP}" == "yes" ]; then rm -rf "${libseccomp_install_dir}" "${gperf_install_dir}" fi diff --git a/tools/osbuilder/rootfs-builder/template/Dockerfile.template b/tools/osbuilder/rootfs-builder/template/Dockerfile.template index b881dac439..863cab3e57 100644 --- a/tools/osbuilder/rootfs-builder/template/Dockerfile.template +++ b/tools/osbuilder/rootfs-builder/template/Dockerfile.template @@ -14,5 +14,4 @@ FROM ${IMAGE_REGISTRY}/@distro@:@OS_VERSION@ # RUN commands # This will install the proper packages to build Kata components -@INSTALL_MUSL@ @INSTALL_RUST@ diff --git a/tools/osbuilder/rootfs-builder/ubuntu/Dockerfile-aarch64.in b/tools/osbuilder/rootfs-builder/ubuntu/Dockerfile-aarch64.in deleted file mode 100644 index bad7006458..0000000000 --- a/tools/osbuilder/rootfs-builder/ubuntu/Dockerfile-aarch64.in +++ /dev/null @@ -1,43 +0,0 @@ -# -# Copyright (c) 2020 ARM Limited -# -# SPDX-License-Identifier: Apache-2.0 - -ARG IMAGE_REGISTRY=docker.io -#ubuntu: docker image to be used to create a rootfs -#@OS_VERSION@: Docker image version to build this dockerfile -FROM ${IMAGE_REGISTRY}/ubuntu:@OS_VERSION@ - -# This dockerfile needs to provide all the componets need to build a rootfs -# Install any package need to create a rootfs (package manager, extra tools) - -# Avoid tzdata setup -ENV DEBIAN_FRONTEND noninteractive - -# RUN commands -RUN apt-get update && apt-get install -y \ - autoconf \ - automake \ - binutils \ - build-essential \ - chrony \ - coreutils \ - curl \ - debianutils \ - debootstrap \ - g++ \ - gcc \ - git \ - libc6-dev \ - libstdc++-8-dev \ - m4 \ - make \ - sed \ - systemd \ - tar \ - vim && \ - apt-get clean && rm -rf /var/lib/apt/lists/ - -# This will install the proper packages to build Kata components -@INSTALL_MUSL@ -@INSTALL_RUST@ diff --git a/tools/osbuilder/rootfs-builder/ubuntu/Dockerfile.in b/tools/osbuilder/rootfs-builder/ubuntu/Dockerfile.in index 07bf30ce89..edc9216414 100644 --- a/tools/osbuilder/rootfs-builder/ubuntu/Dockerfile.in +++ b/tools/osbuilder/rootfs-builder/ubuntu/Dockerfile.in @@ -31,8 +31,6 @@ RUN apt-get update && apt-get --no-install-recommends install -y \ libstdc++-8-dev \ m4 \ make \ - musl \ - musl-dev \ musl-tools \ protobuf-compiler \ sed \ @@ -40,6 +38,8 @@ RUN apt-get update && apt-get --no-install-recommends install -y \ tar \ vim \ wget +# aarch64 requires this name -- link for all +RUN ln -s /usr/bin/musl-gcc "/usr/bin/$(uname -m)-linux-musl-gcc" # This will install the proper packages to build Kata components @INSTALL_RUST@ diff --git a/tools/osbuilder/scripts/lib.sh b/tools/osbuilder/scripts/lib.sh index 9f806d0394..9e248e86c8 100644 --- a/tools/osbuilder/scripts/lib.sh +++ b/tools/osbuilder/scripts/lib.sh @@ -7,7 +7,6 @@ set -e KATA_REPO=${KATA_REPO:-github.com/kata-containers/kata-containers} -MUSL_VERSION=${MUSL_VERSION:-"null"} # Give preference to variable set by CI yq_file="${script_dir}/../../../ci/install_yq.sh" kata_versions_file="${script_dir}/../../../versions.yaml" @@ -204,68 +203,12 @@ generate_dockerfile() dir="$1" [ -d "${dir}" ] || die "${dir}: not a directory" - local architecture=$(uname -m) - local rustarch=${architecture} - local muslarch=${architecture} - local libc=musl - case "$(uname -m)" in - "ppc64le") - rustarch=powerpc64le - muslarch=powerpc64 - libc=gnu - ;; - "s390x") - libc=gnu - ;; - - *) - ;; - esac + local rustarch=$(uname -m) + [ "$rustarch" = ppc64le ] && rustarch=powerpc64le [ -n "${http_proxy:-}" ] && readonly set_proxy="RUN sed -i '$ a proxy="${http_proxy:-}"' /etc/dnf/dnf.conf /etc/yum.conf; true" # Rust agent - # rust installer should set path apropiately, just in case - # install musl for compiling rust-agent - local musl_source_url="https://git.zv.io/toolchains/musl-cross-make.git" - local musl_source_dir="musl-cross-make" - install_musl= - if [ "${muslarch}" == "aarch64" ]; then - local musl_tar="${muslarch}-linux-musl-native.tgz" - local musl_dir="${muslarch}-linux-musl-native" - local aarch64_musl_target="aarch64-linux-musl" - install_musl=" -RUN cd /tmp; \ - mkdir -p /usr/local/musl/; \ - if curl -sLO --fail https://musl.cc/${musl_tar}; then \ - tar -zxf ${musl_tar}; \ - cp -r ${musl_dir}/* /usr/local/musl/; \ - else \ - git clone ${musl_source_url}; \ - TARGET=${aarch64_musl_target} make -j$(nproc) -C ${musl_source_dir} install; \ - cp -r ${musl_source_dir}/output/* /usr/local/musl/; \ - cp /usr/local/musl/bin/aarch64-linux-musl-g++ /usr/local/musl/bin/g++; \ - fi -ENV PATH=\$PATH:/usr/local/musl/bin -RUN ln -sf /usr/local/musl/bin/g++ /usr/bin/g++ -" - else - local musl_tar="musl-${MUSL_VERSION}.tar.gz" - local musl_dir="musl-${MUSL_VERSION}" - install_musl=" -RUN pushd /root; \ - curl -sLO https://www.musl-libc.org/releases/${musl_tar}; tar -zxf ${musl_tar}; \ - cd ${musl_dir}; \ - sed -i \"s/^ARCH = .*/ARCH = ${muslarch}/g\" dist/config.mak; \ - ./configure > /dev/null 2>\&1; \ - make > /dev/null 2>\&1; \ - make install > /dev/null 2>\&1; \ - echo \"/usr/local/musl/lib\" > /etc/ld-musl-${muslarch}.path; \ - popd -ENV PATH=\$PATH:/usr/local/musl/bin -" - fi - readonly install_rust=" RUN curl --proto '=https' --tlsv1.2 https://sh.rustup.rs -sSLf --output /tmp/rust-init; \ chmod a+x /tmp/rust-init; \ @@ -280,31 +223,12 @@ RUN . /root/.cargo/env; \ RUN ln -sf /usr/bin/g++ /bin/musl-g++ " pushd "${dir}" - dockerfile_template="Dockerfile.in" - dockerfile_arch_template="Dockerfile-${architecture}.in" - # if arch-specific docker file exists, swap the univesal one with it. - if [ -f "${dockerfile_arch_template}" ]; then - dockerfile_template="${dockerfile_arch_template}" - else - [ -f "${dockerfile_template}" ] || die "${dockerfile_template}: file not found" - fi - # ppc64le and s390x have no musl target - if [ "${architecture}" == "ppc64le" ] || [ "${architecture}" == "s390x" ]; then - sed \ - -e "s|@OS_VERSION@|${OS_VERSION:-}|g" \ - -e "s|@INSTALL_MUSL@||g" \ - -e "s|@INSTALL_RUST@|${install_rust//$'\n'/\\n}|g" \ - -e "s|@SET_PROXY@|${set_proxy:-}|g" \ - "${dockerfile_template}" > Dockerfile - else - sed \ - -e "s|@OS_VERSION@|${OS_VERSION:-}|g" \ - -e "s|@INSTALL_MUSL@|${install_musl//$'\n'/\\n}|g" \ - -e "s|@INSTALL_RUST@|${install_rust//$'\n'/\\n}|g" \ - -e "s|@SET_PROXY@|${set_proxy:-}|g" \ - "${dockerfile_template}" > Dockerfile - fi + sed \ + -e "s#@OS_VERSION@#${OS_VERSION:-}#g" \ + -e "s#@INSTALL_RUST@#${install_rust//$'\n'/\\n}#g" \ + -e "s#@SET_PROXY@#${set_proxy:-}#g" \ + Dockerfile.in > Dockerfile popd } @@ -345,17 +269,6 @@ detect_rust_version() [ -n "$RUST_VERSION" ] } -detect_musl_version() -{ - info "Detecting musl version" - local yq_path="externals.musl.version" - - info "Get musl version from ${kata_versions_file}" - MUSL_VERSION="$(get_package_version_from_kata_yaml "$yq_path")" - - [ -n "$MUSL_VERSION" ] -} - before_starting_container() { return 0 } diff --git a/tools/osbuilder/tests/test_images.sh b/tools/osbuilder/tests/test_images.sh index fbbe5d5901..fcbc360a20 100755 --- a/tools/osbuilder/tests/test_images.sh +++ b/tools/osbuilder/tests/test_images.sh @@ -640,8 +640,6 @@ test_dracut() die "Could not detect the required Go version for AGENT_VERSION='${AGENT_VERSION:-master}'." detect_rust_version || die "Could not detect the required rust version for AGENT_VERSION='${AGENT_VERSION:-master}'." - detect_musl_version || - die "Could not detect the required musl version for AGENT_VERSION='${AGENT_VERSION:-master}'." generate_dockerfile ${dracut_dir} info "Creating container for dracut" diff --git a/versions.yaml b/versions.yaml index 2412053e5f..5c7bb5e625 100644 --- a/versions.yaml +++ b/versions.yaml @@ -233,19 +233,6 @@ externals: .*/v?(\d\S+)\.tar\.gz version: "v1.0.1" - musl: - description: | - The musl library is used to build the rust agent. - url: "https://www.musl-libc.org/" - uscan-url: >- - https://www.musl-libc.org/releases/ - musl-([\d\.]+)\.tar\.gz - version: "1.1.23" - meta: - description: | - 'newest-version' is the latest version known to work. - newest-version: "1.1.23" - nydus: description: "Nydus image acceleration service" url: "https://github.com/dragonflyoss/image-service" From 2c86b956fadc9f1240f08437097d8d623b122536 Mon Sep 17 00:00:00 2001 From: Jakob Naucke Date: Fri, 4 Mar 2022 18:23:19 +0100 Subject: [PATCH 3/6] osbuilder: Simplify Rust installation no double export, direct target Signed-off-by: Jakob Naucke --- tools/osbuilder/scripts/lib.sh | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/tools/osbuilder/scripts/lib.sh b/tools/osbuilder/scripts/lib.sh index 9e248e86c8..9db989900a 100644 --- a/tools/osbuilder/scripts/lib.sh +++ b/tools/osbuilder/scripts/lib.sh @@ -210,17 +210,11 @@ generate_dockerfile() # Rust agent readonly install_rust=" -RUN curl --proto '=https' --tlsv1.2 https://sh.rustup.rs -sSLf --output /tmp/rust-init; \ - chmod a+x /tmp/rust-init; \ - export http_proxy=${http_proxy:-}; \ - export https_proxy=${http_proxy:-}; \ - /tmp/rust-init -y --default-toolchain ${RUST_VERSION} -RUN . /root/.cargo/env; \ - export http_proxy=${http_proxy:-}; \ - export https_proxy=${http_proxy:-}; \ - cargo install cargo-when; \ - rustup target install ${rustarch}-unknown-linux-${libc} -RUN ln -sf /usr/bin/g++ /bin/musl-g++ +ENV http_proxy=${http_proxy:-} +ENV https_proxy=${http_proxy:-} +RUN curl --proto '=https' --tlsv1.2 https://sh.rustup.rs -sSLf | \ + sh -s -- -y --default-toolchain ${RUST_VERSION} -t ${rustarch}-unknown-linux-${LIBC} +RUN . /root/.cargo/env; cargo install cargo-when " pushd "${dir}" From 0a313eda1c6e62a2b7f1fb93ac1ea222b05032e0 Mon Sep 17 00:00:00 2001 From: Jakob Naucke Date: Tue, 1 Mar 2022 15:20:35 +0100 Subject: [PATCH 4/6] osbuilder: Fix use of LIBC in rootfs.sh - Add a doc comment - Pass to build container, e.g. to build x86_64 with glibc (would always use musl) Signed-off-by: Jakob Naucke --- tools/osbuilder/rootfs-builder/rootfs.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tools/osbuilder/rootfs-builder/rootfs.sh b/tools/osbuilder/rootfs-builder/rootfs.sh index 07f8ea89ec..6bc0f8b7db 100755 --- a/tools/osbuilder/rootfs-builder/rootfs.sh +++ b/tools/osbuilder/rootfs-builder/rootfs.sh @@ -124,6 +124,9 @@ KERNEL_MODULES_DIR Path to a directory containing kernel modules to include in the rootfs. Default value: +LIBC libc the agent is built against (gnu or musl). + Default value: ${LIBC} (varies with architecture) + ROOTFS_DIR Path to the directory that is populated with the rootfs. Default value: <${script_name} path>/rootfs- @@ -407,6 +410,7 @@ build_rootfs_distro() --env AGENT_INIT="${AGENT_INIT}" \ --env CI="${CI}" \ --env KERNEL_MODULES_DIR="${KERNEL_MODULES_DIR}" \ + --env LIBC="${LIBC}" \ --env EXTRA_PKGS="${EXTRA_PKGS}" \ --env OSBUILDER_VERSION="${OSBUILDER_VERSION}" \ --env OS_VERSION="${OS_VERSION}" \ From df511bf17934a2bb41403438d0a23784bf0d2fb5 Mon Sep 17 00:00:00 2001 From: Jakob Naucke Date: Tue, 15 Feb 2022 19:12:41 +0100 Subject: [PATCH 5/6] packaging: Enable cross-building agent Requires setting ARCH and CC. - Add CC linker option for building agent. - Set host for building libseccomp. Fixes: #3681 Signed-off-by: Jakob Naucke --- ci/install_libseccomp.sh | 7 ++++--- utils.mk | 11 ++++++++++- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/ci/install_libseccomp.sh b/ci/install_libseccomp.sh index 8933438860..4c4a42cb96 100755 --- a/ci/install_libseccomp.sh +++ b/ci/install_libseccomp.sh @@ -19,7 +19,7 @@ source "${tests_repo_dir}/.ci/lib.sh" # fail. So let's ensure they are unset here. unset PREFIX DESTDIR -arch=$(uname -m) +arch=${ARCH:-$(uname -m)} workdir="$(mktemp -d --tmpdir build-libseccomp.XXXXX)" # Variables for libseccomp @@ -70,7 +70,8 @@ build_and_install_gperf() { curl -sLO "${gperf_tarball_url}" tar -xf "${gperf_tarball}" pushd "gperf-${gperf_version}" - ./configure --prefix="${gperf_install_dir}" + # Unset $CC for configure, we will always use native for gperf + CC= ./configure --prefix="${gperf_install_dir}" make make install export PATH=$PATH:"${gperf_install_dir}"/bin @@ -84,7 +85,7 @@ build_and_install_libseccomp() { curl -sLO "${libseccomp_tarball_url}" tar -xf "${libseccomp_tarball}" pushd "libseccomp-${libseccomp_version}" - ./configure --prefix="${libseccomp_install_dir}" CFLAGS="${cflags}" --enable-static + ./configure --prefix="${libseccomp_install_dir}" CFLAGS="${cflags}" --enable-static --host="${arch}" make make install popd diff --git a/utils.mk b/utils.mk index e833b40d7a..c87da0c06b 100644 --- a/utils.mk +++ b/utils.mk @@ -113,7 +113,8 @@ endef BUILD_TYPE = release ##VAR ARCH=arch target to build (format: uname -m) -ARCH = $(shell uname -m) +HOST_ARCH = $(shell uname -m) +ARCH ?= $(HOST_ARCH) ##VAR LIBC=musl|gnu LIBC ?= musl ifneq ($(LIBC),musl) @@ -142,6 +143,14 @@ ifeq ($(ARCH), aarch64) $(warning "WARNING: aarch64-musl needs extra symbols from libgcc") endif +ifneq ($(HOST_ARCH),$(ARCH)) + ifeq ($(CC),) + CC = gcc + $(warning "WARNING: A foreign ARCH was passed, but no CC alternative. Using gcc.") + endif + override EXTRA_RUSTFLAGS += -C linker=$(CC) +endif + TRIPLE = $(ARCH)-unknown-linux-$(LIBC) CWD := $(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) From 72f7e9e3002db2540d605af3249ae87316711fd5 Mon Sep 17 00:00:00 2001 From: Jakob Naucke Date: Tue, 15 Feb 2022 19:12:41 +0100 Subject: [PATCH 6/6] osbuilder: Multistrap Ubuntu Use `multistrap` for building Ubuntu rootfs. Adds support for building for foreign architectures using the `ARCH` environment variable. In the process, the Ubuntu rootfs workflow is vastly simplified. Signed-off-by: Jakob Naucke --- tools/osbuilder/rootfs-builder/rootfs.sh | 18 ++-- .../rootfs-builder/ubuntu/Dockerfile.in | 42 +++------ .../osbuilder/rootfs-builder/ubuntu/config.sh | 48 +++++----- .../rootfs-builder/ubuntu/rootfs_lib.sh | 93 +++++-------------- tools/osbuilder/scripts/lib.sh | 5 +- 5 files changed, 71 insertions(+), 135 deletions(-) diff --git a/tools/osbuilder/rootfs-builder/rootfs.sh b/tools/osbuilder/rootfs-builder/rootfs.sh index 6bc0f8b7db..9bd485fe41 100755 --- a/tools/osbuilder/rootfs-builder/rootfs.sh +++ b/tools/osbuilder/rootfs-builder/rootfs.sh @@ -39,7 +39,11 @@ handle_error() { trap 'handle_error $LINENO' ERR # Default architecture -ARCH=$(uname -m) +export ARCH=${ARCH:-$(uname -m)} +if [ "$ARCH" == "ppc64le" ] || [ "$ARCH" == "s390x" ]; then + LIBC=gnu + echo "WARNING: Forcing LIBC=gnu because $ARCH has no musl Rust target" +fi # distro-specific config file typeset -r CONFIG_SH="config.sh" @@ -103,6 +107,11 @@ AGENT_SOURCE_BIN Path to the directory of agent binary. AGENT_VERSION Version of the agent to include in the rootfs. Default value: ${AGENT_VERSION:-} +ARCH Target architecture (according to \`uname -m\`). + Foreign bootstraps are currently only supported for Ubuntu + and glibc agents. + Default value: $(uname -m) + DISTRO_REPO Use host repositories to install guest packages. Default value: @@ -408,6 +417,7 @@ build_rootfs_distro() --env ROOTFS_DIR="/rootfs" \ --env AGENT_BIN="${AGENT_BIN}" \ --env AGENT_INIT="${AGENT_INIT}" \ + --env ARCH="${ARCH}" \ --env CI="${CI}" \ --env KERNEL_MODULES_DIR="${KERNEL_MODULES_DIR}" \ --env LIBC="${LIBC}" \ @@ -538,10 +548,6 @@ EOT AGENT_DEST="${AGENT_DIR}/${AGENT_BIN}" if [ -z "${AGENT_SOURCE_BIN}" ] ; then - if [ "$ARCH" == "ppc64le" ] || [ "$ARCH" == "s390x" ]; then - LIBC=gnu - echo "WARNING: Forcing LIBC=gnu because $ARCH has no musl Rust target" - fi test -r "${HOME}/.cargo/env" && source "${HOME}/.cargo/env" # rust agent needs ${arch}-unknown-linux-${LIBC} if ! (rustup show | grep -v linux-${LIBC} > /dev/null); then @@ -559,7 +565,7 @@ EOT info "Set up libseccomp" libseccomp_install_dir=$(mktemp -d -t libseccomp.XXXXXXXXXX) gperf_install_dir=$(mktemp -d -t gperf.XXXXXXXXXX) - bash ${script_dir}/../../../ci/install_libseccomp.sh "${libseccomp_install_dir}" "${gperf_install_dir}" + ${script_dir}/../../../ci/install_libseccomp.sh "${libseccomp_install_dir}" "${gperf_install_dir}" echo "Set environment variables for the libseccomp crate to link the libseccomp library statically" export LIBSECCOMP_LINK_TYPE=static export LIBSECCOMP_LIB_PATH="${libseccomp_install_dir}/lib" diff --git a/tools/osbuilder/rootfs-builder/ubuntu/Dockerfile.in b/tools/osbuilder/rootfs-builder/ubuntu/Dockerfile.in index edc9216414..de3c31ed93 100644 --- a/tools/osbuilder/rootfs-builder/ubuntu/Dockerfile.in +++ b/tools/osbuilder/rootfs-builder/ubuntu/Dockerfile.in @@ -1,45 +1,29 @@ -# -# Copyright (c) 2018 Yash Jain +# Copyright (c) 2018 Yash Jain, 2022 IBM Corp. # # SPDX-License-Identifier: Apache-2.0 ARG IMAGE_REGISTRY=docker.io -#ubuntu: docker image to be used to create a rootfs -#@OS_VERSION@: Docker image version to build this dockerfile FROM ${IMAGE_REGISTRY}/ubuntu:@OS_VERSION@ +@SET_PROXY@ -# This dockerfile needs to provide all the componets need to build a rootfs -# Install any package need to create a rootfs (package manager, extra tools) - -# RUN commands -RUN apt-get update && apt-get --no-install-recommends install -y \ - apt-utils \ - autoconf \ - automake \ - binutils \ - build-essential \ +RUN apt-get update && \ + DEBIAN_FRONTEND=noninteractive \ + apt-get --no-install-recommends -y install \ ca-certificates \ - chrony \ - coreutils \ curl \ - debianutils \ - debootstrap \ g++ \ - gcc \ + $(gcc_arch="@ARCH@" && [ "$(uname -m)" != "$gcc_arch" ] && ( \ + libc_arch="$gcc_arch" && \ + [ "$gcc_arch" = aarch64 ] && libc_arch=arm64; \ + [ "$gcc_arch" = ppc64le ] && gcc_arch=powerpc64le && libc_arch=ppc64el; \ + [ "$gcc_arch" = x86_64 ] && gcc_arch=x86-64 && libc_arch=amd64; \ + echo "gcc-$gcc_arch-linux-gnu libc6-dev-$libc_arch-cross")) \ git \ - libc6-dev \ - libstdc++-8-dev \ - m4 \ make \ + multistrap \ musl-tools \ - protobuf-compiler \ - sed \ - systemd \ - tar \ - vim \ - wget + protobuf-compiler # aarch64 requires this name -- link for all RUN ln -s /usr/bin/musl-gcc "/usr/bin/$(uname -m)-linux-musl-gcc" -# This will install the proper packages to build Kata components @INSTALL_RUST@ diff --git a/tools/osbuilder/rootfs-builder/ubuntu/config.sh b/tools/osbuilder/rootfs-builder/ubuntu/config.sh index 14ae93ece6..8afc348048 100644 --- a/tools/osbuilder/rootfs-builder/ubuntu/config.sh +++ b/tools/osbuilder/rootfs-builder/ubuntu/config.sh @@ -1,34 +1,28 @@ -# This is a configuration file add extra variables to -# -# Copyright (c) 2018 Yash Jain +# Copyright (c) 2018 Yash Jain, 2022 IBM Corp. # # SPDX-License-Identifier: Apache-2.0 -# be used by build_rootfs() from rootfs_lib.sh the variables will be -# loaded just before call the function. For more information see the -# rootfs-builder/README.md file. -OS_VERSION=${OS_VERSION:-20.04} +OS_NAME=ubuntu # This should be Ubuntu's code name, e.g. "focal" (Focal Fossa) for 20.04 -OS_NAME=${OS_NAME:-"focal"} +OS_VERSION=${OS_VERSION:-focal} +PACKAGES=chrony +[ "$AGENT_INIT" = no ] && PACKAGES+=" init" +[ "$SECCOMP" = yes ] && PACKAGES+=" libseccomp2" +REPO_URL=http://ports.ubuntu.com -# packages to be installed by default -PACKAGES="systemd coreutils init kmod" -EXTRA_PKGS+=" chrony" - -DEBOOTSTRAP=${PACKAGE_MANAGER:-"debootstrap"} - -case $(uname -m) in - x86_64) ARCHITECTURE="amd64";; - ppc64le) ARCHITECTURE="ppc64el";; - aarch64) ARCHITECTURE="arm64";; - s390x) ARCHITECTURE="s390x";; - (*) die "$(uname -m) not supported " +case "$ARCH" in + aarch64) DEB_ARCH=arm64;; + ppc64le) DEB_ARCH=ppc64el;; + s390x) DEB_ARCH="$ARCH";; + x86_64) DEB_ARCH=amd64; REPO_URL=http://archive.ubuntu.com/ubuntu;; + *) die "$ARCH not supported" esac -# Init process must be one of {systemd,kata-agent} -INIT_PROCESS=systemd -# List of zero or more architectures to exclude from build, -# as reported by `uname -m` -ARCH_EXCLUDE_LIST=() - -[ "$SECCOMP" = "yes" ] && PACKAGES+=" libseccomp2" || true +if [ "$(uname -m)" != "$ARCH" ]; then + case "$ARCH" in + ppc64le) cc_arch=powerpc64le;; + x86_64) cc_arch=x86-64;; + *) cc_arch="$ARCH" + esac + export CC="$cc_arch-linux-gnu-gcc" +fi diff --git a/tools/osbuilder/rootfs-builder/ubuntu/rootfs_lib.sh b/tools/osbuilder/rootfs-builder/ubuntu/rootfs_lib.sh index e94df355db..4261c7ff07 100644 --- a/tools/osbuilder/rootfs-builder/ubuntu/rootfs_lib.sh +++ b/tools/osbuilder/rootfs-builder/ubuntu/rootfs_lib.sh @@ -1,78 +1,29 @@ -# - Arguments -# -# Copyright (c) 2018 Yash Jain +# Copyright (c) 2018 Yash Jain, 2022 IBM Corp. # # SPDX-License-Identifier: Apache-2.0 -# -# -# rootfs_dir=$1 -# -# - Optional environment variables -# -# EXTRA_PKGS: Variable to add extra PKGS provided by the user -# -# BIN_AGENT: Name of the Kata-Agent binary -# -# REPO_URL: URL to distribution repository ( should be configured in -# config.sh file) -# -# Any other configuration variable for a specific distro must be added -# and documented on its own config.sh -# -# - Expected result -# -# rootfs_dir populated with rootfs pkgs -# It must provide a binary in /sbin/init -# + build_rootfs() { - # Mandatory - local ROOTFS_DIR=$1 + local rootfs_dir=$1 + local multistrap_conf=multistrap.conf - # Name of the Kata-Agent binary - local BIN_AGENT=${BIN_AGENT} + # For simplicity's sake, use multistrap for foreign and native bootstraps. + cat > "$multistrap_conf" << EOF +[General] +cleanup=true +aptsources=Ubuntu +bootstrap=Ubuntu - # In case of support EXTRA packages, use it to allow - # users to add more packages to the base rootfs - local EXTRA_PKGS=${EXTRA_PKGS:-} +[Ubuntu] +source=$REPO_URL +keyring=ubuntu-keyring +suite=focal +packages=$PACKAGES $EXTRA_PKGS +EOF + multistrap -a "$DEB_ARCH" -d "$rootfs_dir" -f "$multistrap_conf" + rm -rf "$rootfs_dir/var/run" + ln -s /run "$rootfs_dir/var/run" + cp --remove-destination /etc/resolv.conf "$rootfs_dir/etc" - # In case rootfs is created using repositories allow user to modify - # the default URL - local REPO_URL=${REPO_URL:-YOUR_REPO} - - # PATH where files this script is placed - # Use it to refer to files in the same directory - # Example: ${CONFIG_DIR}/foo - local CONFIG_DIR=${CONFIG_DIR} - - - # Populate ROOTFS_DIR - # Must provide /sbin/init and /bin/${BIN_AGENT} - DEBOOTSTRAP="debootstrap" - check_root - mkdir -p "${ROOTFS_DIR}" - if [ -n "${PKG_MANAGER}" ]; then - info "debootstrap path provided by user: ${PKG_MANAGER}" - elif check_program $DEBOOTSTRAP ; then - PKG_MANAGER=$DEBOOTSTRAP - else - die "$DEBOOTSTRAP is not installed" - fi - # trim whitespace - PACKAGES=$(echo $PACKAGES |xargs ) - # add comma as debootstrap needs , separated package names. - # Don't change $PACKAGES in config.sh to include ',' - # This is done to maintain consistency - PACKAGES=$(echo $PACKAGES | sed -e 's/ /,/g' ) - - ${PKG_MANAGER} --variant=minbase \ - --arch=${ARCHITECTURE}\ - --include="$PACKAGES" \ - ${OS_NAME} \ - ${ROOTFS_DIR} - - [ -n "${EXTRA_PKGS}" ] && chroot $ROOTFS_DIR apt-get install -y ${EXTRA_PKGS} - - # Reduce image size and memory footprint - # removing not needed files and directories. - chroot $ROOTFS_DIR rm -rf /usr/share/{bash-completion,bug,doc,info,lintian,locale,man,menu,misc,pixmaps,terminfo,zoneinfo,zsh} + # Reduce image size and memory footprint by removing unnecessary files and directories. + rm -rf $rootfs_dir/usr/share/{bash-completion,bug,doc,info,lintian,locale,man,menu,misc,pixmaps,terminfo,zsh} } diff --git a/tools/osbuilder/scripts/lib.sh b/tools/osbuilder/scripts/lib.sh index 9db989900a..5a6a1be1e7 100644 --- a/tools/osbuilder/scripts/lib.sh +++ b/tools/osbuilder/scripts/lib.sh @@ -203,8 +203,8 @@ generate_dockerfile() dir="$1" [ -d "${dir}" ] || die "${dir}: not a directory" - local rustarch=$(uname -m) - [ "$rustarch" = ppc64le ] && rustarch=powerpc64le + local rustarch="$ARCH" + [ "$ARCH" = ppc64le ] && rustarch=powerpc64le [ -n "${http_proxy:-}" ] && readonly set_proxy="RUN sed -i '$ a proxy="${http_proxy:-}"' /etc/dnf/dnf.conf /etc/yum.conf; true" @@ -220,6 +220,7 @@ RUN . /root/.cargo/env; cargo install cargo-when sed \ -e "s#@OS_VERSION@#${OS_VERSION:-}#g" \ + -e "s#@ARCH@#$ARCH#g" \ -e "s#@INSTALL_RUST@#${install_rust//$'\n'/\\n}#g" \ -e "s#@SET_PROXY@#${set_proxy:-}#g" \ Dockerfile.in > Dockerfile