osbuilder: fix alpine agent build

Since we always build musl kata-agent, there is no need to build
it inside a musl container. We can just build on the host and then
copy the binary to the target rootfs.

There are still a lot to clean up and it should be made so for ALL
target distros instead of just alpine. But this is at least working
for alpine first.

Signed-off-by: Peng Tao <[email protected]>

tools/osbuilder/scripts/install-yq.sh → ci/install_yq.sh

@@ -71,4 +71,3 @@ function install_yq() {
 }
 
 install_yq
-

src/runtime/golang.mk

@@ -22,7 +22,7 @@ ifeq (,$(not_check_version))
     have_yq=$(shell if [ -x "$(GOPATH)/bin/yq" ]; then echo "true"; else echo ""; fi)
     ifeq (,$(have_yq))
         $(info INFO: yq was not found, installing it)
-        install_yq=$(shell .ci/install-yq.sh)
+        install_yq=$(shell ../../ci/install_yq.sh)
     endif
     ifneq (,$(install_yq))
         $(error "ERROR: install yq failed")

src/runtime/virtcontainers/pkg/cloud-hypervisor/Makefile

@@ -6,7 +6,7 @@
 
 all: | update-yaml generate-client-code
 MK_DIR := $(dir $(realpath $(firstword $(MAKEFILE_LIST))))
-YQ_INSTALLER := "$(MK_DIR)/../../../.ci/install-yq.sh"
+YQ_INSTALLER := "$(MK_DIR)/../../../../../ci/install_yq.sh"
 VERSIONS_FILE := "$(MK_DIR)/../../../../../versions.yaml"
 YQ := $(shell command -v yq 2> /dev/null)
 
@@ -22,7 +22,7 @@ generate-client-code: clean-generated-code
 
 update-yaml:
 ifndef YQ
-	$(MK_DIR)/../../../.ci/install-yq.sh
+	$(MK_DIR)/../../../../../ci//install_yq.sh
 endif
 	clh_version=$(shell yq r $(VERSIONS_FILE) assets.hypervisor.cloud_hypervisor.version); \
 	curl -OL https://raw.githubusercontent.com/cloud-hypervisor/cloud-hypervisor/$$clh_version/vmm/src/api/openapi/cloud-hypervisor.yaml

tools/osbuilder/rootfs-builder/alpine/Dockerfile.in

@@ -3,39 +3,9 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
-From docker.io/golang:@GO_VERSION@-alpine
+From docker.io/alpine:3.11.6
 
 RUN apk update && apk add \
-    apk-tools-static \
-    autoconf \
-    automake \
-    bash \
-    binutils \
-    cmake \
-    coreutils \
-    curl \
-    g++ \
-    gcc \
-    git \
-    libc-dev \
-    libseccomp \
-    libseccomp-dev \
-    linux-headers \
-    m4 \
-    make \
-    musl \
-    musl-dev \
-    tar \
-    vim
-# alpine doesn't support x86_64-unknown-linux-gnu
-# It only support x86_64-unknown-linux-musl. Even worse,
-# it doesn't support proc-macro, which is needed for serde_derive
-#
-# See issue: https://github.com/kata-containers/osbuilder/issues/386
-# -- FIXME
-#
-# Thus, we cannot build rust agent on alpine
-# The way to use alpine is to generate rootfs or build
-# go agent to get rootfs and then cp rust agent to rootfs.
-# pity..
-# RUN ln -svf /usr/bin/gcc /bin/musl-gcc; ln -svf /usr/bin/g++ /bin/musl-g++
+		  bash \
+		  coreutils \
+		  binutils

tools/osbuilder/rootfs-builder/alpine/config.sh

@@ -13,9 +13,7 @@ BASE_PACKAGES="alpine-base"
 # See a list of mirrors at http://nl.alpinelinux.org/alpine/MIRRORS.txt
 MIRROR=http://dl-5.alpinelinux.org/alpine
 
-# Mandatory Packages that must be installed
-#  - iptables: Need by Kata agent
-PACKAGES="iptables"
+PACKAGES=""
 
 # Init process must be one of {systemd,kata-agent}
 INIT_PROCESS=kata-agent

tools/osbuilder/rootfs-builder/alpine/rootfs_lib.sh

@@ -9,8 +9,6 @@
 #
 # - Optional environment variables
 #
-# EXTRA_PKGS: Variable to add extra PKGS provided by the user
-#
 # BIN_AGENT: Name of the Kata-Agent binary
 #
 # Any other configuration variable for a specific distro must be added
@@ -24,21 +22,12 @@ build_rootfs() {
 	# Mandatory
 	local ROOTFS_DIR=$1
 
-	# In case of support EXTRA packages, use it to allow
-	# users add more packages to the base rootfs
-	local EXTRA_PKGS=${EXTRA_PKGS:-}
-
 	# Populate ROOTFS_DIR
 	check_root
 	mkdir -p "${ROOTFS_DIR}"
 
-	/sbin/apk.static \
-	    -X ${MIRROR}/${OS_VERSION}/main \
-	    -U \
-	    --allow-untrusted \
-	    --root ${ROOTFS_DIR}\
-	    --initdb add ${BASE_PACKAGES} ${EXTRA_PKGS} ${PACKAGES}
+	cp -a -r /bin /etc /lib /sbin /usr /var ${ROOTFS_DIR}
+	mkdir -p ${ROOTFS_DIR}{/root,/proc,/dev,/home,/media,/mnt,/opt,/run,/srv,/sys,/tmp}
 
-	mkdir -p ${ROOTFS_DIR}{/root,/etc/apk,/proc}
 	echo "${MIRROR}/${OS_VERSION}/main" >  ${ROOTFS_DIR}/etc/apk/repositories
 }

tools/osbuilder/rootfs-builder/rootfs.sh

@@ -288,6 +288,7 @@ check_env_variables()
 # Builds a rootfs based on the distro name provided as argument
 build_rootfs_distro()
 {
+	repo_dir="${script_dir}/../../../"
 	[ -n "${distro}" ] || usage 1
 	distro_config_dir="${script_dir}/${distro}"
 
@@ -346,21 +347,8 @@ build_rootfs_distro()
 
 	if [ -z "${USE_DOCKER}" ] && [ -z "${USE_PODMAN}" ]; then
 		#Generate an error if the local Go version is too old
-		foundVersion=$(go version | sed -E "s/^.+([0-9]+\.[0-9]+\.[0-9]+).*$/\1/g")
-
-		compare_versions "${GO_VERSION}" "${foundVersion}" || \
-			die "Your Go version ${foundVersion} is older than the minimum expected Go version ${GO_VERSION}"
-
-		if [ "${RUST_AGENT}" == "yes" ]; then
-			source "${HOME}/.cargo/env"
-			foundVersion=$(rustc --version | sed -E "s/^.+([0-9]+\.[0-9]+\.[0-9]+).*$/\1/g")
-
-			compare_versions "${RUST_VERSION}" "${foundVersion}" || \
-				die "Your rust version ${foundVersion} is older than the minimum expected rust version ${RUST_VERSION}"
-
-			foundVersion=$(cmake --version | grep "[0-9]\+.[0-9]\+.[0-9]\+" | sed -E "s/^.+([0-9]+\.[0-9]+\.[0-9]+).*$/\1/g")
-
-		fi
+		echo "build directly"
+		build_rootfs ${ROOTFS_DIR}
 	else
 		if [ -n "${USE_DOCKER}" ]; then
 			container_engine="docker"
@@ -427,19 +415,16 @@ build_rootfs_distro()
 			--env INSIDE_CONTAINER=1 \
 			--env SECCOMP="${SECCOMP}" \
 			--env DEBUG="${DEBUG}" \
+			--env STAGE_PREPARE_ROOTFS=1 \
 			--env HOME="/root" \
-			-v "${script_dir}":"/osbuilder" \
+			-v "${repo_dir}":"/kata-containers" \
 			-v "${ROOTFS_DIR}":"/rootfs" \
 			-v "${script_dir}/../scripts":"/scripts" \
 			-v "${kernel_mod_dir}":"${kernel_mod_dir}" \
 			$docker_run_args \
 			${image_name} \
-			bash /osbuilder/rootfs.sh "${distro}"
-
-		exit $?
+			bash /kata-containers/tools/osbuilder/rootfs-builder/rootfs.sh "${distro}"
 	fi
-
-	build_rootfs ${ROOTFS_DIR}
 }
 
 # Used to create a minimal directory tree where the agent can be instaleld.
@@ -560,17 +545,15 @@ EOT
 			# The PATH /.cargo/bin is apparently wrong
 			# looks like $HOME is resolved to empty when
 			# container is started
-			source "${HOME}/.cargo/env"
+			test -r "${HOME}/.cargo/env" && source "${HOME}/.cargo/env" || true
+			# rust agent needs x86_64-unknown-linux-musl
+			bash ${script_dir}/../../../ci/install_rust.sh
 			agent_pkg="${RUST_AGENT_PKG}"
-			agent_dir="${GOPATH_LOCAL}/src/${RUST_AGENT_PKG}/src/agent"
+			agent_dir="${script_dir}/../../../src/agent/"
 			# For now, rust-agent doesn't support seccomp yet.
 			SECCOMP="no"
 		fi
 
-		info "Pull Agent source code"
-		go get -d "${agent_pkg}" || true
-		OK "Pull Agent source code"
-
 		info "Build agent"
 		pushd "${agent_dir}"
 		[ -n "${AGENT_VERSION}" ] && git checkout "${AGENT_VERSION}" && OK "git checkout successful" || info "checkout failed!"
@@ -624,18 +607,10 @@ parse_arguments()
 	distro="$1"
 	arch=$(uname -m)
 
-	if [ "${distro}" == "alpine" ]; then
-		if [ "${RUST_AGENT}" == "yes" ]; then
-			die "rust agent cannot be built on ${distro}.
-alpine: only has stable/nightly-x86_64-unknown-linux-musl toolchain. It does not support proc-macro compilation.
-See issue: https://github.com/kata-containers/osbuilder/issues/386"
-		fi
-	fi
-
 	if [ "${RUST_AGENT}" == "yes" ] && [ "${arch}" == "s390x" ]; then
-		die "Cannot build rust agent on ppc64le.
-musl cannot be built on ppc64le because of long double
-reprentation is broken. And rust has no musl target on ppc64le.
+		die "Cannot build rust agent on s390x
+musl cannot be built on s390x because of long double
+reprentation is broken. And rust has no musl target on s390x.
 See issue: https://github.com/kata-containers/osbuilder/issues/388"
 	fi
 }
@@ -673,8 +648,10 @@ main()
 		prepare_overlay
 	fi
 
-	init="${ROOTFS_DIR}/sbin/init"
-	setup_rootfs
+	if [ "$STAGE_PREPARE_ROOTFS" == "" ]; then
+		init="${ROOTFS_DIR}/sbin/init"
+		setup_rootfs
+	fi
 }
 
 main $*

tools/osbuilder/scripts/lib.sh

@@ -7,15 +7,11 @@
 set -e
 
 KATA_REPO=${KATA_REPO:-github.com/kata-containers/kata-containers}
-KATA_REPO_DIR="${GOPATH}/src/${KATA_REPO}"
 CMAKE_VERSION=${CMAKE_VERSION:-"null"}
 MUSL_VERSION=${MUSL_VERSION:-"null"}
-#https://github.com/kata-containers/tests/blob/master/.ci/jenkins_job_build.sh
 # Give preference to variable set by CI
-KATA_BRANCH=${branch:-}
-KATA_BRANCH=${KATA_BRANCH:-master}
-yq_file="${script_dir}/../scripts/install-yq.sh"
-kata_versions_file="${KATA_REPO_DIR}/versions.yaml"
+yq_file="${script_dir}/../../../ci/install_yq.sh"
+kata_versions_file="${script_dir}/../../../versions.yaml"
 
 error()
 {
@@ -199,7 +195,7 @@ create_summary_file()
 	if [ "${RUST_AGENT}" == "no" ]; then
 		agent_version=$("$agent" --version|awk '{print $NF}')
 	else
-		local -r agentdir="${GOPATH}/src/${KATA_REPO}/src/agent"
+		local -r agentdir="${script_dir}/../../../"
 		agent_version=$(cat ${agentdir}/VERSION)
 	fi
 

tools/packaging/kernel/configs/fragments/whitelist.conf

@@ -7,3 +7,4 @@ CONFIG_NF_NAT_PROTO_GRE
 CONFIG_NF_NAT_PROTO_SCTP
 CONFIG_NF_NAT_PROTO_UDPLITE
 CONFIG_REFCOUNT_FULL
+CONFIG_MEMCG_SWAP_ENABLED

tools/packaging/obs-packaging/kata-containers-image/build_image.sh

@@ -28,10 +28,6 @@ trap exit_handler EXIT
 arch_target="$(uname -m)"
 
 source "${script_dir}/../versions.txt"
-# osbuilder info
-[ -n "${osbuider_version}" ] || osbuider_version="${kata_version}"
-# Agent version
-[ -n "${agent_version}" ] || agent_version="${kata_version}"
 
 readonly destdir="${PWD}"
 
@@ -59,9 +55,9 @@ create_tarball() {
 	agent_sha=$(get_repo_hash "${script_dir}")
 	#reduce sha size for short names
 	agent_sha=${agent_sha:0:${short_commit_length}}
-	tarball_name="kata-containers-${osbuider_version}-${agent_sha}-${arch_target}.tar.gz"
-	image_name="kata-containers-image_${img_distro}_${osbuider_version}_agent_${agent_sha}.img"
-	initrd_name="kata-containers-initrd_${initrd_distro}_${osbuider_version}_agent_${agent_sha}.initrd"
+	tarball_name="kata-containers-${kata_version}-${agent_sha}-${arch_target}.tar.gz"
+	image_name="kata-containers-image_${img_distro}_${kata_version}_agent_${agent_sha}.img"
+	initrd_name="kata-containers-initrd_${initrd_distro}_${kata_version}_agent_${agent_sha}.initrd"
 
 	mv "${script_dir}/../../../osbuilder/kata-containers.img" "${image_name}"
 	mv "${script_dir}/../../../osbuilder/kata-containers-initrd.img" "${initrd_name}"

tools/packaging/obs-packaging/runtime/_service-template

@@ -3,7 +3,7 @@
 <!--- OBS plugin tar_scm (Source control manager) -->
 <service name="tar_scm">
     <param name="scm">git</param>
-    <param name="url">https://github.com/kata-containers/runtime.git</param>
+    <param name="url">https://github.com/kata-containers/kata-containers.git</param>
     <param name="filename">kata-runtime</param>
     <!--- versionformat defines the name of the  tarball. -->
     <param name="versionformat">@VERSION@</param>

tools/packaging/release/kata-deploy-binaries.sh

@@ -195,7 +195,7 @@ install_docker_config_script() {
 #Install all components that are not assets
 install_kata_components() {
 	kata_version=${1:-$kata_version}
-	pushd "${script_dir}/../../../"
+	pushd "${script_dir}/../../../src/runtime"
 	echo "Checkout to version ${kata_version}"
 	git checkout "${kata_version}"
 	echo "Build"

tools/packaging/scripts/lib.sh

@@ -34,16 +34,14 @@ get_from_kata_deps() {
 	local dependency="$1"
 	BRANCH=${branch:-master}
 	local branch="${2:-${BRANCH}}"
-	local runtime_repo="github.com/kata-containers/kata-containers"
 	GOPATH=${GOPATH:-${HOME}/go}
-	local runtime_repo_dir="${GOPATH}/src/${runtime_repo}"
 	# For our CI, we will query the local versions.yaml file both for kernel and
 	# all other subsystems. eg: a new version of NEMU would be good to test
 	# through CI. For the kernel, .ci/install_kata_kernel.sh file in tests
 	# repository will pass the kernel version as an override to this function to
 	# allow testing of kernels before they land in tree.
-	if [ "${CI:-}" = "true" ] && [ -d "${runtime_repo_dir}" ]; then
-		versions_file="${runtime_repo_dir}/versions.yaml"
+	if [ "${CI:-}" = "true" ]; then
+		versions_file="${this_script_dir}/../../../versions.yaml"
 	else
 		versions_file="versions-${branch}.yaml"
 	fi

versions.yaml

@@ -114,7 +114,7 @@ assets:
     description: |
       Root filesystem disk image used to boot the guest virtual
       machine.
-    url: "https://github.com/kata-containers/osbuilder"
+    url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
     architecture:
       aarch64:
         name: "ubuntu"
@@ -135,7 +135,7 @@ assets:
     description: |
       Root filesystem initrd used to boot the guest virtual
       machine.
-    url: "https://github.com/kata-containers/osbuilder"
+    url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
     architecture:
       aarch64:
         name: &default-initrd-name "alpine"
@@ -162,16 +162,6 @@ assets:
     url: "https://gitlab.com/virtio-fs/linux.git"
     tag: "kata-v5.6-april-09-2020"
 
-components:
-  description: "Core system functionality"
-
-  agent:
-    description: |
-      Container management service running in the guest virtual machines
-      root context.
-    url: "https://github.com/kata-containers/agent"
-    commit: "6f6e9ecd8aded0783c31968b304a9d6589114363"
-
 externals:
   description: "Third-party projects used by the system"