Merge pull request #9722 from zvonkok/busybox-build

deploy: Add busybox target
2025-08-30 23:37:45 +00:00 · 2024-07-17 13:47:15 +02:00 · 2024-07-17 13:47:15 +02:00 · b7051890af
commit b7051890af
parent 5ce2c1010a b1909e940e
9 changed files with 1355 additions and 0 deletions
--- a/tools/packaging/kata-deploy/local-build/Makefile
+++ b/tools/packaging/kata-deploy/local-build/Makefile
@ -77,6 +77,9 @@ agent-tarball: copy-scripts-for-the-agent-build
 agent-ctl-tarball:
 	${MAKE} $@-build

+busybox-tarball: 
+	${MAKE} $@-build
+	
 coco-guest-components-tarball:
 	${MAKE} $@-build

--- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh
@ -100,6 +100,7 @@ VIRTIOFSD_CONTAINER_BUILDER="${VIRTIOFSD_CONTAINER_BUILDER:-}"
 MEASURED_ROOTFS="${MEASURED_ROOTFS:-}"
 PULL_TYPE="${PULL_TYPE:-default}"
 USE_CACHE="${USE_CACHE:-}"
+BUSYBOX_CONF_FILE=${BUSYBOX_CONF_FILE:-}

 docker run \
 	-v $HOME/.docker:/root/.docker \
@ -127,6 +128,7 @@ docker run \
 	--env MEASURED_ROOTFS="${MEASURED_ROOTFS}" \
 	--env PULL_TYPE="${PULL_TYPE}" \
 	--env USE_CACHE="${USE_CACHE}" \
+	--env BUSYBOX_CONF_FILE="${BUSYBOX_CONF_FILE}" \
 	--env AA_KBC="${AA_KBC:-}" \
 	--env HKD_PATH="$(realpath "${HKD_PATH:-}" 2> /dev/null || true)" \
 	--env SE_KERNEL_PARAMS="${SE_KERNEL_PARAMS:-}" \
--- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
@ -22,6 +22,7 @@ readonly static_build_dir="${repo_root_dir}/tools/packaging/static-build"
 readonly version_file="${repo_root_dir}/VERSION"
 readonly versions_yaml="${repo_root_dir}/versions.yaml"

+readonly busybox_builder="${static_build_dir}/busybox/build.sh"
 readonly agent_builder="${static_build_dir}/agent/build.sh"
 readonly coco_guest_components_builder="${static_build_dir}/coco-guest-components/build.sh"
 readonly clh_builder="${static_build_dir}/cloud-hypervisor/build-static-clh.sh"
@ -40,6 +41,7 @@ readonly tools_builder="${static_build_dir}/tools/build.sh"
 readonly se_image_builder="${repo_root_dir}/tools/packaging/guest-image/build_se_image.sh"

 ARCH=${ARCH:-$(uname -m)}
+BUSYBOX_CONF_FILE="${BUSYBOX_CONF_FILE:-}"
 MEASURED_ROOTFS=${MEASURED_ROOTFS:-no}
 PULL_TYPE=${PULL_TYPE:-default}
 USE_CACHE="${USE_CACHE:-"yes"}"
@ -799,6 +801,22 @@ install_ovmf_sev() {
 	install_ovmf "sev" "edk2-sev.tar.gz"
 }

+install_busybox() {
+	latest_artefact="$(get_from_kata_deps ".externals.busybox.version")"
+	latest_builder_image="$(get_busybox_image_name)"
+
+	install_cached_tarball_component \
+		"${build_target}" \
+		"${latest_artefact}" \
+		"${latest_builder_image}" \
+		"${final_tarball_name}" \
+		"${final_tarball_path}" \
+		&& return 0
+
+	info "build static busybox"
+	DESTDIR=${destdir} BUSYBOX_CONF_FILE=${BUSYBOX_CONF_FILE:?} "${busybox_builder}"
+}
+
 install_agent() {
 	latest_artefact="$(git log -1 --abbrev=9 --pretty=format:"%h" ${repo_root_dir}/src/agent)"
 	artefact_tag="$(git log -1 --pretty=format:"%H" ${repo_root_dir})"
@ -1014,6 +1032,8 @@ handle_build() {

 	agent-ctl) install_agent_ctl ;;

+	busybox) install_busybox ;;
+
 	boot-image-se) install_se_image ;;

 	coco-guest-components) install_coco_guest_components ;;
--- a/tools/packaging/scripts/lib.sh
+++ b/tools/packaging/scripts/lib.sh
@ -186,6 +186,11 @@ get_ovmf_image_name() {
 	echo "${BUILDER_REGISTRY}:ovmf-$(get_last_modification ${ovmf_script_dir})-$(uname -m)"
 }

+get_busybox_image_name() {
+	busybox_script_dir="${repo_root_dir}/tools/packaging/static-build/busybox"
+	echo "${BUILDER_REGISTRY}:busybox-$(get_last_modification "${busybox_script_dir}")-$(uname -m)"
+}
+
 get_virtiofsd_image_name() {
 	ARCH=${ARCH:-$(uname -m)}
 	case ${ARCH} in
--- a/tools/packaging/static-build/busybox/Dockerfile
+++ b/tools/packaging/static-build/busybox/Dockerfile
@ -0,0 +1,8 @@
+# Copyright (c) 2024 NVIDIA Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+
+FROM alpine:3.20.0
+
+RUN apk update && apk --no-cache add gpg gpg-agent coreutils bash curl make \
+ 	gcc g++ pkgconf libselinux-dev gpg-agent
--- a/tools/packaging/static-build/busybox/build-static-busybox.sh
+++ b/tools/packaging/static-build/busybox/build-static-busybox.sh
@ -0,0 +1,59 @@
+#!/usr/bin/env bash
+#
+# Copyright (c) 2024 NVIDIA Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+set -x
+
+script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+# shellcheck source=/dev/null
+source "${script_dir}/../../scripts/lib.sh"
+
+build_busybox_from_source()
+{
+	echo "build busybox from source"
+
+	URL_TARBZ2="${BUSYBOX_URL:?}/busybox-${BUSYBOX_VERSION:?}.tar.bz2"
+	URL_SHA="${BUSYBOX_URL:?}/busybox-${BUSYBOX_VERSION:?}.tar.bz2.sha256"
+	URL_SIG="${BUSYBOX_URL:?}/busybox-${BUSYBOX_VERSION:?}.tar.bz2.sig"
+
+	curl -O "${URL_TARBZ2}"
+	curl -O "${URL_SHA}"
+	curl -O "${URL_SIG}"
+
+	echo "Verifying SHA256 checksum..."
+	sha256_file="$(basename "${URL_SHA}")"
+	sha256sum -c "${sha256_file}"
+
+	gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys C9E9416F76E610DBD09D040F47B70C55ACC9965B
+
+	echo "Verifying GPG signature..."
+	tarbz_file="$(basename "${URL_TARBZ2}")"
+	sig_file="$(basename "${URL_SIG}")"
+
+	gpg --verify "${sig_file}" "${tarbz_file}"
+
+	tar xvf busybox-"${BUSYBOX_VERSION:?}".tar.bz2
+
+	cd busybox-"${BUSYBOX_VERSION:?}"
+
+	cp "${BUSYBOX_CONF_DIR:?}/${BUSYBOX_CONF_FILE:?}" .config
+
+	# we do not want to install to CONFIG_PREFIX="./_install"
+	# we want CONFIG_PREFIX="${DESTDIR}"
+	sed -i "s|CONFIG_PREFIX=\"./_install\"|CONFIG_PREFIX=\"${DESTDIR}\"|g" .config
+
+	make
+	make install
+
+}
+
+
+build_busybox_from_source "$@"
--- a/tools/packaging/static-build/busybox/build.sh
+++ b/tools/packaging/static-build/busybox/build.sh
@ -0,0 +1,46 @@
+#!/usr/bin/env bash
+#
+# Copyright (c) 2024 NVIDIA Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+set -x
+
+script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+# shellcheck source=/dev/null
+source "${script_dir}/../../scripts/lib.sh"
+
+
+readonly busybox_builder="${script_dir}/build-static-busybox.sh"
+
+busybox_version="$(get_from_kata_deps ".externals.busybox.version")"
+readonly BUSYBOX_VERSION=${busybox_version}
+
+busybox_url="$(get_from_kata_deps ".externals.busybox.url")"
+readonly BUSYBOX_URL="${busybox_url}"
+
+
+container_image="${BUSYBOX_CONTAINER_BUILDER:-$(get_busybox_image_name)}"
+[ "${CROSS_BUILD}" == "true" ] && container_image="${container_image}-cross-build"
+
+docker pull "${container_image}" || \
+	(docker $BUILDX build $PLATFORM \
+		-t "${container_image}" "${script_dir}" \
+	 # No-op unless PUSH_TO_REGISTRY is exported as "yes"
+	 push_to_registry "${container_image}")
+
+docker run --rm -i -v "${repo_root_dir:?}:${repo_root_dir}" \
+	--env DESTDIR="${DESTDIR:?}" \
+	--env BUSYBOX_VERSION="${BUSYBOX_VERSION:?}" \
+	--env BUSYBOX_URL="${BUSYBOX_URL:?}" \
+	--env BUSYBOX_CONF_FILE="${BUSYBOX_CONF_FILE:?}" \
+	--env BUSYBOX_CONF_DIR="${script_dir:?}" \
+	--env HOME="/tmp" \
+	--user "$(id -u):$(id -g)" \
+	-w "${repo_root_dir}/build/busybox/builddir" \
+	"${container_image}" \
+	sh -c "${busybox_builder}"
--- a/tools/packaging/static-build/busybox/busybox.nvidia.conf
+++ b/tools/packaging/static-build/busybox/busybox.nvidia.conf
--- a/versions.yaml
+++ b/versions.yaml
@ -213,6 +213,11 @@ assets:
 externals:
  description: "Third-party projects used by the system"

+  busybox:
+    desc: "The Swiss Army Knife of Embedded Linux"
+    version: "1.36.1"
+    url: "https://busybox.net/downloads"
+
  cni-plugins:
    description: "CNI network plugins"
    url: "https://github.com/containernetworking/plugins"