diff --git a/.gitignore b/.gitignore index 29d21ac6d..fd1452f7b 100644 --- a/.gitignore +++ b/.gitignore @@ -15,3 +15,4 @@ src/agent/protocols/src/*.rs !src/agent/protocols/src/lib.rs build src/tools/log-parser/kata-log-parser +tools/packaging/static-build/agent/install_libseccomp.sh diff --git a/tools/packaging/kata-deploy/local-build/Makefile b/tools/packaging/kata-deploy/local-build/Makefile index ee907f16a..901500ae3 100644 --- a/tools/packaging/kata-deploy/local-build/Makefile +++ b/tools/packaging/kata-deploy/local-build/Makefile @@ -64,6 +64,9 @@ kata-tarball: | all-parallel merge-builds $(MK_DIR)/dockerbuild/install_yq.sh: $(MK_DIR)/kata-deploy-copy-yq-installer.sh +copy-scripts-for-the-agent-build: + ${MK_DIR}/kata-deploy-copy-libseccomp-installer.sh + all-parallel: $(MK_DIR)/dockerbuild/install_yq.sh ${MAKE} -f $(MK_PATH) all -j $(shell nproc ${CI:+--ignore 1}) V= @@ -76,10 +79,10 @@ serial-targets: %-tarball-build: $(MK_DIR)/dockerbuild/install_yq.sh $(call BUILD,$*) -agent-tarball: +agent-tarball: copy-scripts-for-the-agent-build ${MAKE} $@-build -agent-opa-tarball: +agent-opa-tarball: copy-scripts-for-the-agent-build ${MAKE} $@-build agent-ctl-tarball: diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh index b56ee79e6..fe598f503 100755 --- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh @@ -681,6 +681,11 @@ install_agent_helper() { "${final_tarball_path}" \ && return 0 + export LIBSECCOMP_VERSION="$(get_from_kata_deps "externals.libseccomp.version")" + export LIBSECCOMP_URL="$(get_from_kata_deps "externals.libseccomp.url")" + export GPERF_VERSION="$(get_from_kata_deps "externals.gperf.version")" + export GPERF_URL="$(get_from_kata_deps "externals.gperf.url")" + info "build static agent" DESTDIR="${destdir}" AGENT_POLICY=${agent_policy} "${agent_builder}" } diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-copy-libseccomp-installer.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-copy-libseccomp-installer.sh new file mode 100755 index 000000000..e52f369e0 --- /dev/null +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-copy-libseccomp-installer.sh @@ -0,0 +1,22 @@ +#!/usr/bin/env bash +# +# Copyright (c) 2024 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 +# + +[ -z "${DEBUG}" ] || set -x +set -o errexit +set -o nounset +set -o pipefail +set -o errtrace + +script_dir=$(dirname "$(readlink -f "$0")") +install_libseccomp_script_src="${script_dir}/../../../../ci/install_libseccomp.sh" +install_libseccomp_script_dest="${script_dir}/../../static-build/agent/install_libseccomp.sh" + +cp "${install_libseccomp_script_src}" "${install_libseccomp_script_dest}" + +# We don't have to import any other file, as we're passing +# the env vars needed for installing libseccomp and gperf. +sed -i -e '/^source.*$/d' ${install_libseccomp_script_dest} diff --git a/tools/packaging/static-build/agent/Dockerfile b/tools/packaging/static-build/agent/Dockerfile index c72104cb5..517b95721 100644 --- a/tools/packaging/static-build/agent/Dockerfile +++ b/tools/packaging/static-build/agent/Dockerfile @@ -2,20 +2,25 @@ # # SPDX-License-Identifier: Apache-2.0 -FROM alpine:3.18 +FROM ubuntu:22.04 ARG RUST_TOOLCHAIN -SHELL ["/bin/ash", "-o", "pipefail", "-c"] -RUN apk --no-cache add \ - bash \ - curl \ - gcc \ - git \ - libcap-ng-static \ - libseccomp-static \ - make \ - musl-dev \ - openssl-dev \ - openssl-libs-static \ - protoc && \ - curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain ${RUST_TOOLCHAIN} +COPY install_libseccomp.sh /usr/bin/install_libseccomp.sh + +ENV DEBIAN_FRONTEND=noninteractive + +SHELL ["/bin/bash", "-o", "pipefail", "-c"] +RUN apt-get update && \ + apt-get --no-install-recommends -y install \ + ca-certificates \ + curl \ + g++ \ + gcc \ + libssl-dev \ + make \ + musl-tools \ + openssl \ + perl \ + protobuf-compiler && \ + apt-get clean && rm -rf /var/lib/apt/lists/ && \ + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain ${RUST_TOOLCHAIN} diff --git a/tools/packaging/static-build/agent/build-static-agent.sh b/tools/packaging/static-build/agent/build-static-agent.sh index 1d7389c33..2646cbb08 100755 --- a/tools/packaging/static-build/agent/build-static-agent.sh +++ b/tools/packaging/static-build/agent/build-static-agent.sh @@ -15,13 +15,30 @@ source "${script_dir}/../../scripts/lib.sh" init_env() { source "$HOME/.cargo/env" - export LIBC=musl + ARCH=$(uname -m) + rust_arch="" + case ${ARCH} in + "aarch64") + export LIBC=musl + rust_arch=${ARCH} + ;; + "ppc64le") + export LIBC=gnu + rust_arch="powerpc64le" + ;; + "x86_64") + export LIBC=musl + rust_arch=${ARCH} + ;; + "s390x") + export LIBC=gnu + rust_arch=${ARCH} + ;; + esac + rustup target add ${rust_arch}-unknown-linux-${LIBC} + export LIBSECCOMP_LINK_TYPE=static export LIBSECCOMP_LIB_PATH=/usr/lib - - # This is needed to workaround - # https://github.com/sfackler/rust-openssl/issues/1624 - export OPENSSL_NO_VENDOR=Y } build_agent_from_source() { @@ -29,6 +46,8 @@ build_agent_from_source() { init_env + /usr/bin/install_libseccomp.sh /usr /usr + cd src/agent DESTDIR=${DESTDIR} AGENT_POLICY=${AGENT_POLICY} make DESTDIR=${DESTDIR} AGENT_POLICY=${AGENT_POLICY} make install diff --git a/tools/packaging/static-build/agent/build.sh b/tools/packaging/static-build/agent/build.sh index d847092e4..870c054e4 100755 --- a/tools/packaging/static-build/agent/build.sh +++ b/tools/packaging/static-build/agent/build.sh @@ -26,6 +26,10 @@ sudo docker pull ${container_image} || \ sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \ --env DESTDIR=${DESTDIR} \ --env AGENT_POLICY=${AGENT_POLICY:-no} \ + --env LIBSECCOMP_VERSION=${LIBSECCOMP_VERSION} \ + --env LIBSECCOMP_URL=${LIBSECCOMP_URL} \ + --env GPERF_VERSION=${GPERF_VERSION} \ + --env GPERF_URL=${GPERF_URL} \ -w "${repo_root_dir}" \ "${container_image}" \ bash -c "${agent_builder}"