diff --git a/tools/osbuilder/rootfs-builder/rootfs.sh b/tools/osbuilder/rootfs-builder/rootfs.sh index b6cae53da9..0a37cf5210 100755 --- a/tools/osbuilder/rootfs-builder/rootfs.sh +++ b/tools/osbuilder/rootfs-builder/rootfs.sh @@ -502,6 +502,39 @@ prepare_overlay() popd > /dev/null } +build_opa_from_source() +{ + local opa_repo_url=$1 + opa_version="$(get_package_version_from_kata_yaml externals.open-policy-agent.version)" + + if [ ${CROSS_BUILD} == "yes" ]; then + export GOOS="${TARGET_OS}" + export GOARCH="${TARGET_ARCH}}" + fi + + current_dir="$(pwd)" + pushd $(mktemp -d) &>/dev/null + git clone -b "${opa_version}" "${opa_repo_url}" opa || return 1 + ( + cd opa + export WASM_ENABLED=0 + export DOCKER_RUNNING=0 + make ci-go-ci-build-linux-static || return 1 + + info "Copy OPA binary to ${current_dir}/opa" + binary_name="_release/${opa_version##v}/opa_${GOOS}_${GOARCH}_static" + if [ -f "${binary_name}" ]; then + cp "${binary_name}" "${current_dir}/opa" + else + echo "OPA binary ${binary_name} not found" + return 1 + fi + ) + rm -rf opa + popd &>/dev/null + return 0 +} + # Setup an existing rootfs directory, based on the OPTIONAL distro name # provided as argument setup_rootfs() @@ -667,9 +700,15 @@ EOF # OPA should be built from the cached source code instead of downloading # this binary. # - opa_bin_url="$(get_package_version_from_kata_yaml externals.open-policy-agent.meta.binary)" - info "Downloading OPA binary from ${opa_bin_url}" - curl --fail -L "${opa_bin_url}" -o opa || die "Failed to download OPA" + if [ "$ARCH" == "ppc64le" ] || [ "$ARCH" == "s390x" ]; then + opa_repo_url="$(get_package_version_from_kata_yaml externals.open-policy-agent.url)" + info "Building OPA binary from source at ${opa_repo_url}" + build_opa_from_source "${opa_repo_url}" || die "Failed to build OPA" + else + opa_bin_url="$(get_package_version_from_kata_yaml externals.open-policy-agent.meta.binary)" + info "Downloading OPA binary from ${opa_bin_url}" + curl --fail -L "${opa_bin_url}" -o opa || die "Failed to download OPA" + fi # Install the OPA binary. opa_bin_dir="/usr/local/bin"