packaging: agent: Allow building in all arches

We're moving away from alpine and using ubuntu in order to be able to build the agent for all the architectures we need. Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2025-04-26 19:11:04 +00:00 · 2024-01-25 17:06:57 +01:00 · 2024-01-25 17:06:57 +01:00 · 5b0d0687e5
commit 5b0d0687e5
parent 1039641ab8
7 changed files with 81 additions and 22 deletions
--- a/.gitignore
+++ b/.gitignore
@ -15,3 +15,4 @@ src/agent/protocols/src/*.rs
 !src/agent/protocols/src/lib.rs
 build
 src/tools/log-parser/kata-log-parser
+tools/packaging/static-build/agent/install_libseccomp.sh
--- a/tools/packaging/kata-deploy/local-build/Makefile
+++ b/tools/packaging/kata-deploy/local-build/Makefile
@ -64,6 +64,9 @@ kata-tarball: | all-parallel merge-builds
 $(MK_DIR)/dockerbuild/install_yq.sh:
 	$(MK_DIR)/kata-deploy-copy-yq-installer.sh

+copy-scripts-for-the-agent-build:
+	${MK_DIR}/kata-deploy-copy-libseccomp-installer.sh
+
 all-parallel: $(MK_DIR)/dockerbuild/install_yq.sh
 	${MAKE} -f $(MK_PATH) all -j $(shell nproc ${CI:+--ignore 1}) V=

@ -76,10 +79,10 @@ serial-targets:
 %-tarball-build: $(MK_DIR)/dockerbuild/install_yq.sh
 	$(call BUILD,$*)

-agent-tarball:
+agent-tarball: copy-scripts-for-the-agent-build
 	${MAKE} $@-build

-agent-opa-tarball:
+agent-opa-tarball: copy-scripts-for-the-agent-build
 	${MAKE} $@-build

 agent-ctl-tarball:
--- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
@ -681,6 +681,11 @@ install_agent_helper() {
 		"${final_tarball_path}" \
 		&& return 0

+	export LIBSECCOMP_VERSION="$(get_from_kata_deps "externals.libseccomp.version")"
+	export LIBSECCOMP_URL="$(get_from_kata_deps "externals.libseccomp.url")"
+	export GPERF_VERSION="$(get_from_kata_deps "externals.gperf.version")"
+	export GPERF_URL="$(get_from_kata_deps "externals.gperf.url")"
+
 	info "build static agent"
 	DESTDIR="${destdir}" AGENT_POLICY=${agent_policy} "${agent_builder}"
 }
--- a/tools/packaging/kata-deploy/local-build/kata-deploy-copy-libseccomp-installer.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-copy-libseccomp-installer.sh
@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+#
+# Copyright (c) 2024 Intel Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+[ -z "${DEBUG}" ] || set -x
+set -o errexit
+set -o nounset
+set -o pipefail
+set -o errtrace
+
+script_dir=$(dirname "$(readlink -f "$0")")
+install_libseccomp_script_src="${script_dir}/../../../../ci/install_libseccomp.sh"
+install_libseccomp_script_dest="${script_dir}/../../static-build/agent/install_libseccomp.sh"
+
+cp "${install_libseccomp_script_src}" "${install_libseccomp_script_dest}"
+
+# We don't have to import any other file, as we're passing
+# the env vars needed for installing libseccomp and gperf.
+sed -i -e '/^source.*$/d' ${install_libseccomp_script_dest}
--- a/tools/packaging/static-build/agent/Dockerfile
+++ b/tools/packaging/static-build/agent/Dockerfile
@ -2,20 +2,25 @@
 #
 # SPDX-License-Identifier: Apache-2.0

-FROM alpine:3.18
+FROM ubuntu:22.04
 ARG RUST_TOOLCHAIN

-SHELL ["/bin/ash", "-o", "pipefail", "-c"]
-RUN apk --no-cache add \
-        bash \
-        curl \
-        gcc \
-        git \
-        libcap-ng-static \
-        libseccomp-static \
-        make \
-        musl-dev \
-        openssl-dev \
-        openssl-libs-static \
-        protoc && \
-    curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain ${RUST_TOOLCHAIN}
+COPY install_libseccomp.sh /usr/bin/install_libseccomp.sh
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+RUN apt-get update && \
+	apt-get --no-install-recommends -y install \
+		ca-certificates \
+		curl \
+		g++ \
+		gcc \
+		libssl-dev \
+		make \
+		musl-tools \
+		openssl \
+		perl \
+		protobuf-compiler && \
+	apt-get clean && rm -rf /var/lib/apt/lists/ && \
+    	curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain ${RUST_TOOLCHAIN}
--- a/tools/packaging/static-build/agent/build-static-agent.sh
+++ b/tools/packaging/static-build/agent/build-static-agent.sh
@ -15,13 +15,30 @@ source "${script_dir}/../../scripts/lib.sh"
 init_env() {
 	source "$HOME/.cargo/env"

-	export LIBC=musl
+	ARCH=$(uname -m)
+	rust_arch=""
+	case ${ARCH} in
+		"aarch64")
+			export LIBC=musl
+			rust_arch=${ARCH}
+			;;
+		"ppc64le")
+			export LIBC=gnu
+			rust_arch="powerpc64le"
+			;;
+		"x86_64")
+			export LIBC=musl
+			rust_arch=${ARCH}
+			;;
+		"s390x")
+			export LIBC=gnu
+			rust_arch=${ARCH}
+			;;
+	esac
+	rustup target add ${rust_arch}-unknown-linux-${LIBC}
+
 	export LIBSECCOMP_LINK_TYPE=static
 	export LIBSECCOMP_LIB_PATH=/usr/lib
-
-	# This is needed to workaround
-	# https://github.com/sfackler/rust-openssl/issues/1624
-	export OPENSSL_NO_VENDOR=Y
 }

 build_agent_from_source() {
@ -29,6 +46,8 @@ build_agent_from_source() {

 	init_env

+	/usr/bin/install_libseccomp.sh /usr /usr
+
 	cd src/agent
 	DESTDIR=${DESTDIR} AGENT_POLICY=${AGENT_POLICY} make
 	DESTDIR=${DESTDIR} AGENT_POLICY=${AGENT_POLICY} make install
--- a/tools/packaging/static-build/agent/build.sh
+++ b/tools/packaging/static-build/agent/build.sh
@ -26,6 +26,10 @@ sudo docker pull ${container_image} || \
 sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
 	--env DESTDIR=${DESTDIR} \
 	--env AGENT_POLICY=${AGENT_POLICY:-no} \
+	--env LIBSECCOMP_VERSION=${LIBSECCOMP_VERSION} \
+	--env LIBSECCOMP_URL=${LIBSECCOMP_URL} \
+	--env GPERF_VERSION=${GPERF_VERSION} \
+	--env GPERF_URL=${GPERF_URL} \
 	-w "${repo_root_dir}" \
 	"${container_image}" \
 	bash -c "${agent_builder}"