diff --git a/Makefile b/Makefile index 3c5de649..9f7104de 100644 --- a/Makefile +++ b/Makefile @@ -74,9 +74,6 @@ checkout: src ./scripts/checkout.sh src/github.com/containerd/containerd "$(REF)" ./scripts/checkout.sh src/github.com/opencontainers/runc "$$(./scripts/determine-runc-version)" -# NOTE: building static binaries currently only works when using an -# ubuntu/debian BUILD_IMAGE, because build-dependencies are not -# installed beforehand. .PHONY: static static: TARGET=binaries static: build diff --git a/dockerfiles/rpm.dockerfile b/dockerfiles/rpm.dockerfile index 64889b7a..d6fffbb4 100644 --- a/dockerfiles/rpm.dockerfile +++ b/dockerfiles/rpm.dockerfile @@ -44,7 +44,7 @@ FROM redhat-base AS amzn-base FROM redhat-base AS ol-base RUN . "/etc/os-release"; if [ "${VERSION_ID%.*}" -eq 7 ]; then yum-config-manager --enable ol7_addons --enable ol7_optional_latest; fi -RUN . "/etc/os-release"; if [ "${VERSION_ID%.*}" -eq 8 ]; then yum-config-manager --enable ol8_addons; fi +RUN . "/etc/os-release"; if [ "${VERSION_ID%.*}" -eq 8 ]; then yum-config-manager --enable ol8_addons --enable ol8_codeready_builder; fi FROM ${BUILD_IMAGE} AS fedora-base RUN dnf install -y rpm-build git dnf-plugins-core @@ -71,9 +71,11 @@ WORKDIR /root/rpmbuild COPY --from=go-md2man /go/bin/go-md2man /go/bin/go-md2man COPY rpm/containerd.spec SPECS/containerd.spec COPY scripts/build-rpm /root/ +COPY scripts/build-static /root/ COPY scripts/.rpm-helpers /root/ RUN . /root/.rpm-helpers \ - && install_build_deps SPECS/containerd.spec + && install_build_deps SPECS/containerd.spec \ + && install_package glibc-static ARG PACKAGE ENV PACKAGE=${PACKAGE:-containerd.io} @@ -122,6 +124,26 @@ FROM scratch AS packages COPY --from=build-packages /archive /archive COPY --from=verify-packages /build /build +FROM build-env AS build-binaries +# NOTE: not using a cache-mount for /root/.cache/go-build, to prevent issues +# with CGO when building multiple distros on the same machine / build-cache +RUN --mount=type=bind,from=golang,source=/usr/local/go/,target=/usr/local/go/ \ + --mount=type=bind,source=/src,target=/go/src,rw \ + /root/build-static +ARG UID=0 +ARG GID=0 +RUN chown -R ${UID}:${GID} /build + +FROM distro-image AS verify-binaries +COPY --from=build-binaries /build /build +RUN tar -C /usr/local/bin/ --strip-components 1 -xzf "$(find /build/static -type f -name containerd.io*.tar.gz)" +RUN containerd --version +RUN ctr --version +RUN runc --version + +FROM scratch AS binaries +COPY --from=verify-binaries /build /build + # This stage is mainly for debugging (running the build interactively with mounted source) FROM build-env AS runtime COPY --from=golang /usr/local/go/ /usr/local/go/ diff --git a/scripts/build-static b/scripts/build-static index f912ceed..e427ba3a 100755 --- a/scripts/build-static +++ b/scripts/build-static @@ -28,6 +28,8 @@ ARCH=$(uname -m) DEST_DIR="/build/static/${ARCH}/" mkdir -p "${DEST_DIR}" +. "/etc/os-release" + # Build containerd ( set -x @@ -35,6 +37,12 @@ mkdir -p "${DEST_DIR}" export EXTRA_FLAGS='-buildmode=pie' export EXTRA_LDFLAGS='-extldflags "-fno-PIC -static"' + case "${ID}" in + centos|ol|rhel) + BUILDTAGS='netgo osusergo static_build apparmor selinux no_btrfs' + ;; + esac + make -C "/go/src/github.com/containerd/containerd" make -C "/go/src/github.com/containerd/containerd" DESTDIR="${DEST_DIR}" install ) @@ -43,6 +51,25 @@ mkdir -p "${DEST_DIR}" ( set -x RUNC_BUILDTAGS="seccomp apparmor selinux" + + case "${ID}" in + fedora) + # seccomp requires the libseccomp-static package, which is available on + # Fedora, but not on RHEL/CentOS + # + # /usr/local/go/pkg/tool/linux_amd64/link: running gcc failed: exit status 1 + # /usr/bin/ld: cannot find -lseccomp + # + # With LD_DEBUG=libs + # go build github.com/opencontainers/runc/vendor/github.com/seccomp/libseccomp-golang: invalid flag in pkg-config --cflags: 1277: + # make: Leaving directory '/go/src/github.com/opencontainers/runc' + dnf -y install libseccomp-static + ;; + centos|ol|rhel) + RUNC_BUILDTAGS="apparmor selinux" + ;; + esac + make -C "/go/src/github.com/opencontainers/runc" BUILDTAGS="${RUNC_BUILDTAGS}" static install -D -p -t "${DEST_DIR}/bin" "/go/src/github.com/opencontainers/runc/runc" )