From 5b0d0687e5963d8aa2c116a7c56abc740fcc78c0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fabiano.fidencio@intel.com>
Date: Thu, 25 Jan 2024 17:06:57 +0100
Subject: [PATCH] packaging: agent: Allow building in all arches
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
We're moving away from alpine and using ubuntu in order to be able to
build the agent for all the architectures we need.
Signed-off-by: Fabiano FidĂȘncio <fabiano.fidencio@intel.com>
---
.gitignore | 1 +
.../kata-deploy/local-build/Makefile | 7 ++--
.../local-build/kata-deploy-binaries.sh | 5 +++
.../kata-deploy-copy-libseccomp-installer.sh | 22 ++++++++++++
tools/packaging/static-build/agent/Dockerfile | 35 +++++++++++--------
.../static-build/agent/build-static-agent.sh | 29 ++++++++++++---
tools/packaging/static-build/agent/build.sh | 4 +++
7 files changed, 81 insertions(+), 22 deletions(-)
create mode 100755 tools/packaging/kata-deploy/local-build/kata-deploy-copy-libseccomp-installer.sh
diff --git a/.gitignore b/.gitignore
index 29d21ac6de..fd1452f7bf 100644
--- a/.gitignore
+++ b/.gitignore
@@ -15,3 +15,4 @@ src/agent/protocols/src/*.rs
!src/agent/protocols/src/lib.rs
build
src/tools/log-parser/kata-log-parser
+tools/packaging/static-build/agent/install_libseccomp.sh
diff --git a/tools/packaging/kata-deploy/local-build/Makefile b/tools/packaging/kata-deploy/local-build/Makefile
index ee907f16a6..901500ae3c 100644
--- a/tools/packaging/kata-deploy/local-build/Makefile
+++ b/tools/packaging/kata-deploy/local-build/Makefile
@@ -64,6 +64,9 @@ kata-tarball: | all-parallel merge-builds
$(MK_DIR)/dockerbuild/install_yq.sh:
$(MK_DIR)/kata-deploy-copy-yq-installer.sh
+copy-scripts-for-the-agent-build:
+ ${MK_DIR}/kata-deploy-copy-libseccomp-installer.sh
+
all-parallel: $(MK_DIR)/dockerbuild/install_yq.sh
${MAKE} -f $(MK_PATH) all -j $(shell nproc ${CI:+--ignore 1}) V=
@@ -76,10 +79,10 @@ serial-targets:
%-tarball-build: $(MK_DIR)/dockerbuild/install_yq.sh
$(call BUILD,$*)
-agent-tarball:
+agent-tarball: copy-scripts-for-the-agent-build
${MAKE} $@-build
-agent-opa-tarball:
+agent-opa-tarball: copy-scripts-for-the-agent-build
${MAKE} $@-build
agent-ctl-tarball:
diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
index b56ee79e63..fe598f5037 100755
--- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
@@ -681,6 +681,11 @@ install_agent_helper() {
"${final_tarball_path}" \
&& return 0
+ export LIBSECCOMP_VERSION="$(get_from_kata_deps "externals.libseccomp.version")"
+ export LIBSECCOMP_URL="$(get_from_kata_deps "externals.libseccomp.url")"
+ export GPERF_VERSION="$(get_from_kata_deps "externals.gperf.version")"
+ export GPERF_URL="$(get_from_kata_deps "externals.gperf.url")"
+
info "build static agent"
DESTDIR="${destdir}" AGENT_POLICY=${agent_policy} "${agent_builder}"
}
diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-copy-libseccomp-installer.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-copy-libseccomp-installer.sh
new file mode 100755
index 0000000000..e52f369e04
--- /dev/null
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-copy-libseccomp-installer.sh
@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+#
+# Copyright (c) 2024 Intel Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+[ -z "${DEBUG}" ] || set -x
+set -o errexit
+set -o nounset
+set -o pipefail
+set -o errtrace
+
+script_dir=$(dirname "$(readlink -f "$0")")
+install_libseccomp_script_src="${script_dir}/../../../../ci/install_libseccomp.sh"
+install_libseccomp_script_dest="${script_dir}/../../static-build/agent/install_libseccomp.sh"
+
+cp "${install_libseccomp_script_src}" "${install_libseccomp_script_dest}"
+
+# We don't have to import any other file, as we're passing
+# the env vars needed for installing libseccomp and gperf.
+sed -i -e '/^source.*$/d' ${install_libseccomp_script_dest}
diff --git a/tools/packaging/static-build/agent/Dockerfile b/tools/packaging/static-build/agent/Dockerfile
index c72104cb59..517b957214 100644
--- a/tools/packaging/static-build/agent/Dockerfile
+++ b/tools/packaging/static-build/agent/Dockerfile
@@ -2,20 +2,25 @@
#
# SPDX-License-Identifier: Apache-2.0
-FROM alpine:3.18
+FROM ubuntu:22.04
ARG RUST_TOOLCHAIN
-SHELL ["/bin/ash", "-o", "pipefail", "-c"]
-RUN apk --no-cache add \
- bash \
- curl \
- gcc \
- git \
- libcap-ng-static \
- libseccomp-static \
- make \
- musl-dev \
- openssl-dev \
- openssl-libs-static \
- protoc && \
- curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain ${RUST_TOOLCHAIN}
+COPY install_libseccomp.sh /usr/bin/install_libseccomp.sh
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+RUN apt-get update && \
+ apt-get --no-install-recommends -y install \
+ ca-certificates \
+ curl \
+ g++ \
+ gcc \
+ libssl-dev \
+ make \
+ musl-tools \
+ openssl \
+ perl \
+ protobuf-compiler && \
+ apt-get clean && rm -rf /var/lib/apt/lists/ && \
+ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain ${RUST_TOOLCHAIN}
diff --git a/tools/packaging/static-build/agent/build-static-agent.sh b/tools/packaging/static-build/agent/build-static-agent.sh
index 1d7389c33a..2646cbb089 100755
--- a/tools/packaging/static-build/agent/build-static-agent.sh
+++ b/tools/packaging/static-build/agent/build-static-agent.sh
@@ -15,13 +15,30 @@ source "${script_dir}/../../scripts/lib.sh"
init_env() {
source "$HOME/.cargo/env"
- export LIBC=musl
+ ARCH=$(uname -m)
+ rust_arch=""
+ case ${ARCH} in
+ "aarch64")
+ export LIBC=musl
+ rust_arch=${ARCH}
+ ;;
+ "ppc64le")
+ export LIBC=gnu
+ rust_arch="powerpc64le"
+ ;;
+ "x86_64")
+ export LIBC=musl
+ rust_arch=${ARCH}
+ ;;
+ "s390x")
+ export LIBC=gnu
+ rust_arch=${ARCH}
+ ;;
+ esac
+ rustup target add ${rust_arch}-unknown-linux-${LIBC}
+
export LIBSECCOMP_LINK_TYPE=static
export LIBSECCOMP_LIB_PATH=/usr/lib
-
- # This is needed to workaround
- # https://github.com/sfackler/rust-openssl/issues/1624
- export OPENSSL_NO_VENDOR=Y
}
build_agent_from_source() {
@@ -29,6 +46,8 @@ build_agent_from_source() {
init_env
+ /usr/bin/install_libseccomp.sh /usr /usr
+
cd src/agent
DESTDIR=${DESTDIR} AGENT_POLICY=${AGENT_POLICY} make
DESTDIR=${DESTDIR} AGENT_POLICY=${AGENT_POLICY} make install
diff --git a/tools/packaging/static-build/agent/build.sh b/tools/packaging/static-build/agent/build.sh
index d847092e4d..870c054e45 100755
--- a/tools/packaging/static-build/agent/build.sh
+++ b/tools/packaging/static-build/agent/build.sh
@@ -26,6 +26,10 @@ sudo docker pull ${container_image} || \
sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
--env DESTDIR=${DESTDIR} \
--env AGENT_POLICY=${AGENT_POLICY:-no} \
+ --env LIBSECCOMP_VERSION=${LIBSECCOMP_VERSION} \
+ --env LIBSECCOMP_URL=${LIBSECCOMP_URL} \
+ --env GPERF_VERSION=${GPERF_VERSION} \
+ --env GPERF_URL=${GPERF_URL} \
-w "${repo_root_dir}" \
"${container_image}" \
bash -c "${agent_builder}"