Merge pull request #5426 from fidencio/topic/build-virtiofsd-in-a-2nd-layer-container

virtiofsd: Build inside a container

snap/snapcraft.yaml

@@ -82,8 +82,36 @@ parts:
       fi
       rustup component add rustfmt
 
+  docker:
+    after: [metadata]
+    plugin: nil
+    prime:
+      - -*
+    build-packages:
+      - curl
+    override-build: |
+      source "${SNAPCRAFT_PROJECT_DIR}/snap/local/snap-common.sh"
+
+      sudo apt-get -y update
+      sudo apt-get -y install ca-certificates curl gnupg lsb-release
+      curl -fsSL https://download.docker.com/linux/ubuntu/gpg |\
+          sudo gpg --batch --yes --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
+      distro_codename=$(lsb_release -cs)
+      echo "deb [arch=${dpkg_arch} signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu ${distro_codename} stable" |\
+          sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+      sudo apt-get -y update
+      sudo apt-get -y install docker-ce docker-ce-cli containerd.io
+
+      echo "Unmasking docker service"
+      sudo -E systemctl unmask docker.service || true
+      sudo -E systemctl unmask docker.socket || true
+      echo "Adding $USER into docker group"
+      sudo -E gpasswd -a $USER docker
+      echo "Starting docker"
+      sudo -E systemctl start docker || true
+
   image:
-    after: [godeps, qemu, kernel]
+    after: [godeps, docker, qemu, kernel]
     plugin: nil
     build-packages:
       - docker.io
@@ -107,14 +135,6 @@ parts:
       # Copy yq binary. It's used in the container
       cp -a "${yq}" "${GOPATH}/bin/"
 
-      echo "Unmasking docker service"
-      sudo -E systemctl unmask docker.service || true
-      sudo -E systemctl unmask docker.socket || true
-      echo "Adding $USER into docker group"
-      sudo -E gpasswd -a $USER docker
-      echo "Starting docker"
-      sudo -E systemctl start docker || true
-
       cd "${kata_dir}/tools/osbuilder"
 
       # build image
@@ -301,54 +321,31 @@ parts:
 
   virtiofsd:
     plugin: nil
-    after: [godeps, rustdeps]
+    after: [godeps, rustdeps, docker]
     override-build: |
       source "${SNAPCRAFT_PROJECT_DIR}/snap/local/snap-common.sh"
 
-      # Currently, powerpc makes use of the QEMU's C implementation.
-      # The other platforms make use of the new rust virtiofsd.
-      #
-      # See "tools/packaging/scripts/configure-hypervisor.sh".
-      if [ "${arch}" == "ppc64le" ]
-      then
-          echo "INFO: Building QEMU's C version of virtiofsd"
-          # Handled by the 'qemu' part, so nothing more to do here.
-          exit 0
-      else
-          echo "INFO: Building rust version of virtiofsd"
-      fi
+      echo "INFO: Building rust version of virtiofsd"
 
-      cd "${kata_dir}"
+      cd "${SNAPCRAFT_PROJECT_DIR}"
+      # Clean-up build dir in case it already exists
+      sudo -E NO_TTY=true make virtiofsd-tarball
 
-      export PATH=${PATH}:${HOME}/.cargo/bin
-      # Download the rust implementation of virtiofsd
-      tools/packaging/static-build/virtiofsd/build-static-virtiofsd.sh
       sudo install \
         --owner='root' \
         --group='root' \
         --mode=0755 \
         -D \
         --target-directory="${SNAPCRAFT_PART_INSTALL}/usr/libexec/" \
-        virtiofsd/virtiofsd
+        build/virtiofsd/builddir/virtiofsd/virtiofsd
 
   cloud-hypervisor:
     plugin: nil
-    after: [godeps]
+    after: [godeps, docker]
     override-build: |
       source "${SNAPCRAFT_PROJECT_DIR}/snap/local/snap-common.sh"
 
       if [ "${arch}" == "aarch64" ] || [ "${arch}" == "x86_64" ]; then
-          sudo apt-get -y update
-          sudo apt-get -y install ca-certificates curl gnupg lsb-release
-          curl -fsSL https://download.docker.com/linux/ubuntu/gpg |\
-              sudo gpg --batch --yes --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
-          distro_codename=$(lsb_release -cs)
-          echo "deb [arch=${dpkg_arch} signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu ${distro_codename} stable" |\
-              sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
-          sudo apt-get -y update
-          sudo apt-get -y install docker-ce docker-ce-cli containerd.io
-          sudo systemctl start docker.socket
-
           cd "${SNAPCRAFT_PROJECT_DIR}"
           sudo -E NO_TTY=true make cloud-hypervisor-tarball
 

tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh

@@ -26,7 +26,7 @@ readonly firecracker_builder="${static_build_dir}/firecracker/build-static-firec
 readonly kernel_builder="${static_build_dir}/kernel/build.sh"
 readonly qemu_builder="${static_build_dir}/qemu/build-static-qemu.sh"
 readonly shimv2_builder="${static_build_dir}/shim-v2/build.sh"
-readonly virtiofsd_builder="${static_build_dir}/virtiofsd/build-static-virtiofsd.sh"
+readonly virtiofsd_builder="${static_build_dir}/virtiofsd/build.sh"
 
 readonly rootfs_builder="${repo_root_dir}/tools/packaging/guest-image/build_image.sh"
 

tools/packaging/static-build/virtiofsd/build-static-virtiofsd.sh

@@ -16,10 +16,13 @@ script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 
 source "${script_dir}/../../scripts/lib.sh"
 
+virtiofsd_repo="${virtiofsd_repo:-}"
 virtiofsd_version="${virtiofsd_version:-}"
+virtiofsd_zip="${virtiofsd_zip:-}"
 
-[ -n "$virtiofsd_version" ] || virtiofsd_version=$(get_from_kata_deps "externals.virtiofsd.version")
+[ -n "$virtiofsd_repo" ] || die "failed to get virtiofsd repo"
 [ -n "$virtiofsd_version" ] || die "failed to get virtiofsd version"
+[ -n "${virtiofsd_zip}" ] || die "failed to get virtiofsd binary URL"
 
 [ -d "virtiofsd" ] && rm -r virtiofsd
 
@@ -28,8 +31,6 @@ pull_virtiofsd_released_binary() {
 	info "Only x86_64 binaries are distributed as part of the virtiofsd releases" && return 1
     fi
     info "Download virtiofsd version: ${virtiofsd_version}"
-    virtiofsd_zip=$(get_from_kata_deps "externals.virtiofsd.meta.binary")
-    [ -n "${virtiofsd_zip}" ] || die "failed to get virtiofsd binary URL"
 
     mkdir -p virtiofsd
 
@@ -44,31 +45,35 @@ pull_virtiofsd_released_binary() {
 }
 
 init_env() {
+   source "$HOME/.cargo/env"
+
    case ${ARCH} in
      "aarch64")
        LIBC="musl"
+       ARCH_LIBC=""
      ;;
      "ppc64le")
        LIBC="gnu"
        ARCH="powerpc64le"
+       ARCH_LIBC=${ARCH}-linux-${LIBC}
      ;;
      "s390x")
        LIBC="gnu"
+       ARCH_LIBC=${ARCH}-linux-${LIBC}
      ;;
      "x86_64")
        LIBC="musl"
+       ARCH_LIBC=""
+     ;;
   esac
 
-    ARCH_LIBC=${ARCH}-linux-${LIBC}
 }
 	   
 build_virtiofsd_from_source() {
    echo "build viriofsd from source"
    init_env
 
-   virtiofsd_url=$(get_from_kata_deps "externals.virtiofsd.url")
-
-   git clone --depth 1 --branch ${virtiofsd_version} ${virtiofsd_url} virtiofsd
+   git clone --depth 1 --branch ${virtiofsd_version} ${virtiofsd_repo} virtiofsd
    pushd virtiofsd
 
    export RUSTFLAGS='-C target-feature=+crt-static -C link-self-contained=yes'

tools/packaging/static-build/virtiofsd/build.sh

@@ -0,0 +1,61 @@
+#!/usr/bin/env bash
+#
+# Copyright (c) 2022 Intel
+#
+# SPDX-License-Identifier: Apache-2.0
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+readonly repo_root_dir="$(cd "${script_dir}/../../../.." && pwd)"
+readonly virtiofsd_builder="${script_dir}/build-static-virtiofsd.sh"
+
+source "${script_dir}/../../scripts/lib.sh"
+
+DESTDIR=${DESTDIR:-${PWD}}
+PREFIX=${PREFIX:-/opt/kata}
+container_image="kata-virtiofsd-builder"
+kata_version="${kata_version:-}"
+virtiofsd_repo="${virtiofsd_repo:-}"
+virtiofsd_version="${virtiofsd_version:-}"
+virtiofsd_zip="${virtiofsd_zip:-}"
+package_output_dir="${package_output_dir:-}"
+
+[ -n "${virtiofsd_repo}" ] || virtiofsd_repo=$(get_from_kata_deps "externals.virtiofsd.url")
+[ -n "${virtiofsd_version}" ] || virtiofsd_version=$(get_from_kata_deps "externals.virtiofsd.version")
+[ -n "${virtiofsd_zip}" ] || virtiofsd_zip=$(get_from_kata_deps "externals.virtiofsd.meta.binary")
+
+[ -n "${virtiofsd_repo}" ] || die "Failed to get virtiofsd repo"
+[ -n "${virtiofsd_version}" ] || die "Failed to get virtiofsd version or commit"
+[ -n "${virtiofsd_zip}" ] || die "Failed to get virtiofsd binary URL"
+
+ARCH=$(uname -m)
+case ${ARCH} in
+	"aarch64")
+		libc="musl"
+		;;
+	"ppc64le")
+		libc="gnu"
+		;;
+	"s390x")
+		libc="gnu"
+		;;
+	"x86_64")
+		libc="musl"
+		;;
+esac
+
+sudo docker build \
+	-t "${container_image}" "${script_dir}/${libc}"
+
+sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
+	-w "${PWD}" \
+	--env DESTDIR="${DESTDIR}" \
+	--env PREFIX="${PREFIX}" \
+	--env virtiofsd_repo="${virtiofsd_repo}" \
+	--env virtiofsd_version="${virtiofsd_version}" \
+	--env virtiofsd_zip="${virtiofsd_zip}" \
+	"${container_image}" \
+	bash -c "${virtiofsd_builder}"

tools/packaging/static-build/virtiofsd/gnu/Dockerfile

@@ -0,0 +1,19 @@
+# Copyright (c) 2022 Intel
+#
+# SPDX-License-Identifier: Apache-2.0
+
+FROM ubuntu:20.04
+ENV DEBIAN_FRONTEND=noninteractive
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+        build-essential \
+        ca-certificates \
+        curl \
+        git \
+        libcap-ng-dev \
+        libseccomp-dev \
+        unzip && \
+    apt-get clean && rm -rf /var/lib/lists/ && \
+    curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y

tools/packaging/static-build/virtiofsd/musl/Dockerfile

@@ -0,0 +1,16 @@
+# Copyright (c) 2022 Intel
+#
+# SPDX-License-Identifier: Apache-2.0
+
+FROM alpine:3.16.2
+
+SHELL ["/bin/ash", "-o", "pipefail", "-c"]
+RUN apk --no-cache add \
+        bash \
+        curl \
+        gcc \
+        git \
+        libcap-ng-static \
+        libseccomp-static \
+        musl-dev && \
+    curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y