diff --git a/tools/packaging/static-build/agent/Dockerfile b/tools/packaging/static-build/agent/Dockerfile index 5d7bbd3764..d0e3bd3197 100644 --- a/tools/packaging/static-build/agent/Dockerfile +++ b/tools/packaging/static-build/agent/Dockerfile @@ -9,7 +9,20 @@ COPY install_libseccomp.sh /usr/bin/install_libseccomp.sh ENV DEBIAN_FRONTEND=noninteractive +ENV RUSTUP_HOME="/opt/rustup" +ENV CARGO_HOME="/opt/cargo" +ENV PATH="/opt/cargo/bin/:${PATH}" +ENV OPT_LIB="/opt/lib" + +ENV LIBSECCOMP_LINK_TYPE=static +ENV LIBSECCOMP_LIB_PATH=${OPT_LIB} + +ENV PKG_CONFIG_PATH=${OPT_LIB}/pkgconfig:$PKG_CONFIG_PATH + SHELL ["/bin/bash", "-o", "pipefail", "-c"] + +RUN mkdir ${RUSTUP_HOME} ${CARGO_HOME} && chmod -R a+rwX /opt + RUN apt-get update && \ apt-get --no-install-recommends -y install \ ca-certificates \ @@ -24,7 +37,19 @@ RUN apt-get update && \ protobuf-compiler \ clang && \ apt-get clean && rm -rf /var/lib/apt/lists/ && \ - curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain ${RUST_TOOLCHAIN} + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain ${RUST_TOOLCHAIN} + +RUN ARCH=$(uname -m); \ + rust_arch=""; \ + libc=""; \ + case "${ARCH}" in \ + "aarch64") rust_arch="${ARCH}"; libc="musl" ;; \ + "ppc64le") rust_arch="powerpc64le"; libc="gnu" ;; \ + "x86_64") rust_arch="${ARCH}"; libc="musl" ;; \ + "s390x") rust_arch="${ARCH}"; libc="gnu" ;; \ + *) echo "Unsupported architecture: ${ARCH}" && exit 1 ;; \ + esac; \ + rustup target add "${rust_arch}-unknown-linux-${libc}" # aarch64 requires this name -- link for all RUN ln -s /usr/bin/musl-gcc "/usr/bin/$(uname -m)-linux-musl-gcc" diff --git a/tools/packaging/static-build/agent/build-static-agent.sh b/tools/packaging/static-build/agent/build-static-agent.sh index 4fd8522801..e57af1ad6c 100755 --- a/tools/packaging/static-build/agent/build-static-agent.sh +++ b/tools/packaging/static-build/agent/build-static-agent.sh @@ -12,45 +12,14 @@ script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" source "${script_dir}/../../scripts/lib.sh" -init_env() { - source "$HOME/.cargo/env" - - ARCH=$(uname -m) - rust_arch="" - case ${ARCH} in - "aarch64") - export LIBC=musl - rust_arch=${ARCH} - ;; - "ppc64le") - export LIBC=gnu - rust_arch="powerpc64le" - ;; - "x86_64") - export LIBC=musl - rust_arch=${ARCH} - ;; - "s390x") - export LIBC=gnu - rust_arch=${ARCH} - ;; - esac - rustup target add ${rust_arch}-unknown-linux-${LIBC} - - export LIBSECCOMP_LINK_TYPE=static - export LIBSECCOMP_LIB_PATH=/usr/lib -} - build_agent_from_source() { echo "build agent from source" - init_env - - /usr/bin/install_libseccomp.sh /usr /usr + /usr/bin/install_libseccomp.sh /opt /opt cd src/agent DESTDIR=${DESTDIR} AGENT_POLICY=${AGENT_POLICY} PULL_TYPE=${PULL_TYPE} make DESTDIR=${DESTDIR} AGENT_POLICY=${AGENT_POLICY} PULL_TYPE=${PULL_TYPE} make install } -build_agent_from_source $@ +build_agent_from_source "$@" diff --git a/tools/packaging/static-build/agent/build.sh b/tools/packaging/static-build/agent/build.sh index 89ab314bc0..625ac3321f 100755 --- a/tools/packaging/static-build/agent/build.sh +++ b/tools/packaging/static-build/agent/build.sh @@ -16,14 +16,14 @@ source "${script_dir}/../../scripts/lib.sh" container_image="${AGENT_CONTAINER_BUILDER:-$(get_agent_image_name)}" [ "${CROSS_BUILD}" == "true" ] && container_image="${container_image}-cross-build" -sudo docker pull ${container_image} || \ - (sudo docker $BUILDX build $PLATFORM \ +docker pull ${container_image} || \ + (docker $BUILDX build $PLATFORM \ --build-arg RUST_TOOLCHAIN="$(get_from_kata_deps "languages.rust.meta.newest-version")" \ -t "${container_image}" "${script_dir}" && \ # No-op unless PUSH_TO_REGISTRY is exported as "yes" push_to_registry "${container_image}") -sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \ +docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \ --env DESTDIR=${DESTDIR} \ --env AGENT_POLICY=${AGENT_POLICY:-no} \ --env PULL_TYPE=${PULL_TYPE:-default} \ @@ -32,5 +32,6 @@ sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \ --env GPERF_VERSION=${GPERF_VERSION} \ --env GPERF_URL=${GPERF_URL} \ -w "${repo_root_dir}" \ + --user "$(id -u)":"$(id -g)" \ "${container_image}" \ bash -c "${agent_builder}"