Added support for Rhel 8 and SLES 15 for s390x

Added Dockerfile for rhel-8 and sles-15. Added spec files rpm/SPECS/checkpolicy.spec, rpm/SPECS/policycoreutils.spec for sles-15 support. Modified rpm/SPECS/docker-ce.spec for adding support for sles-15 with btrfs support. Modified rpm/Makefile to add support for sles-15 and rhel-8.

Signed-off-by: Nirman Narang <[email protected]>

rpm/Makefile

@@ -10,7 +10,7 @@ ENGINE_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/docke
 SCAN_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/scan-cli-plugin) && git rev-parse --short HEAD)
 
 ifdef BUILD_IMAGE
-	BUILD_IMAGE_FLAG=--build-arg $(BUILD_IMAGE)
+	BUILD_IMAGE_FLAG=--build-arg BUILD_IMAGE=$(BUILD_IMAGE)
 endif
 BUILD?=DOCKER_BUILDKIT=1 \
 	docker build \
@@ -50,15 +50,26 @@ RUN?=docker run --rm \
 	$(RUN_FLAGS) \
 	rpmbuild-$@/$(ARCH) $(RPMBUILD_FLAGS)
 
+RUN_SLES?=docker run --rm \
+	-e PLATFORM \
+	-v $(CURDIR)/rpmbuild/SOURCES:/usr/src/packages/SOURCES:ro \
+	-v $(CURDIR)/rpmbuild/$@/RPMS:/usr/src/packages/RPMS \
+	-v $(CURDIR)/rpmbuild/$@/SRPMS:/usr/src/packages/SRPMS \
+	$(RUN_FLAGS) \
+	rpmbuild-$@/$(ARCH) $(RPMBUILD_FLAGS)
+
 FEDORA_RELEASES ?= fedora-34 fedora-33
 CENTOS_RELEASES ?= centos-7 centos-8
 ifeq ($(ARCH),s390x)
-RHEL_RELEASES ?= rhel-7
+RHEL_RELEASES ?= rhel-7 rhel-8
+SLES_RELEASES ?= sles-15
 else
 RHEL_RELEASES ?=
+SLES_RELEASES ?=
 endif
 
-DISTROS := $(FEDORA_RELEASES) $(CENTOS_RELEASES) $(RHEL_RELEASES)
+
+DISTROS := $(FEDORA_RELEASES) $(CENTOS_RELEASES) $(RHEL_RELEASES) 
 BUNDLES := $(patsubst %,rpmbuild/bundles-ce-%-$(DPKG_ARCH).tar.gz,$(DISTROS))
 
 .PHONY: help
@@ -72,7 +83,7 @@ clean: ## remove build artifacts
 	-docker builder prune -f --filter until=24h
 
 .PHONY: rpm
-rpm: fedora centos ## build all rpm packages
+rpm: fedora centos rhel sles ## build all rpm packages
 
 .PHONY: fedora
 fedora: $(FEDORA_RELEASES) ## build all fedora rpm packages
@@ -83,9 +94,15 @@ centos-8: RPMBUILD_EXTRA_FLAGS=--define '_without_btrfs 1'
 .PHONY: centos
 centos: $(CENTOS_RELEASES) ## build all centos rpm packages
 
+.PHONY: rhel-8
+rhel-8: RPMBUILD_EXTRA_FLAGS=--define '_without_btrfs 1'
+
 .PHONY: rhel
 rhel: $(RHEL_RELEASES) ## build all rhel rpm packages
 
+.PHONY: sles
+sles: $(SLES_RELEASES) ## build all sles rpm packages
+
 .PHONY: $(DISTROS)
 $(DISTROS): rpmbuild/SOURCES/engine.tgz rpmbuild/SOURCES/cli.tgz rpmbuild/SOURCES/scan-cli-plugin.tgz rpmbuild/SOURCES/plugin-installers.tgz
 	@echo "== Building packages for $@ =="
@@ -94,6 +111,14 @@ $(DISTROS): rpmbuild/SOURCES/engine.tgz rpmbuild/SOURCES/cli.tgz rpmbuild/SOURCE
 	$(RUN)
 	$(CHOWN) -R $(shell id -u):$(shell id -g) "rpmbuild/$@"
 
+.PHONY: $(SLES_RELEASES)
+$(SLES_RELEASES): rpmbuild/SOURCES/engine.tgz rpmbuild/SOURCES/cli.tgz rpmbuild/SOURCES/scan-cli-plugin.tgz rpmbuild/SOURCES/plugin-installers.tgz
+	@echo "== Building packages for $@ =="
+	mkdir -p "rpmbuild/$@"
+	$(BUILD)
+	$(RUN_SLES)
+	$(CHOWN) -R $(shell id -u):$(shell id -g) "rpmbuild/$@"
+
 rpmbuild/SOURCES/engine.tgz:
 	mkdir -p $(@D)
 	docker run --rm -w /v \

rpm/SPECS/checkpolicy.spec

@@ -0,0 +1,22 @@
+Name:           checkpolicy
+Version:        3.2.61.1
+Release:        1%{?dist}
+Group:          System Environment/Base
+Summary:        policycoreutils package
+License:        GPLv2
+%description
+
+%configure
+
+%install
+wget https://github.com/SELinuxProject/selinux/releases/download/3.2/libsepol-3.2.tar.gz
+zypper install -y wget tar gcc7 make gzip bison libsepol-devel flex
+tar -xvf libsepol-3.2.tar.gz
+cd libsepol-3.2
+make CC=gcc
+cd ..
+wget https://github.com/SELinuxProject/selinux/releases/download/3.2/checkpolicy-3.2.tar.gz
+tar -xvf checkpolicy-3.2.tar.gz
+cd checkpolicy-3.2
+make CC=gcc
+%files

rpm/SPECS/docker-ce.spec

@@ -18,24 +18,38 @@ Packager: Docker <[email protected]>
 Requires: /usr/sbin/groupadd
 Requires: docker-ce-cli
 Requires: docker-ce-rootless-extras
+%if 0%{?suse_version}
+Requires: container-selinux
+Requires: libseccomp2
+Requires: libcgroup-devel
+%else
 Requires: container-selinux >= 2:2.74
 Requires: libseccomp >= 2.3
+Requires: libcgroup
+%endif
 Requires: systemd
 Requires: iptables
-Requires: libcgroup
 Requires: containerd.io >= 1.4.1
 Requires: tar
 Requires: xz
 
 BuildRequires: bash
+%if 0%{?suse_version}
+BuildRequires: btrfsprogs
+%else
 %{?_with_btrfs:BuildRequires: btrfs-progs-devel}
+%endif
 BuildRequires: ca-certificates
 BuildRequires: cmake
 BuildRequires: device-mapper-devel
 BuildRequires: gcc
 BuildRequires: git
 BuildRequires: glibc-static
+%if 0%{?suse_version}
+BuildRequires: libarchive13
+%else
 BuildRequires: libarchive
+%endif
 BuildRequires: libseccomp-devel
 BuildRequires: libselinux-devel
 BuildRequires: libtool

rpm/SPECS/policycoreutils.spec

@@ -0,0 +1,31 @@
+Name:           policycoreutils
+Version:        3.2
+Release:        1%{?dist}
+Group:          System Environment/Base
+Summary:        policycoreutils package
+License:        GPLv2
+%description
+
+%configure
+
+%install
+wget https://github.com/SELinuxProject/selinux/releases/download/3.2/libsepol-3.2.tar.gz
+zypper install -y gzip make gcc7 flex libbz2-devel libsemanage-devel gettext bison wget tar
+update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-7 7
+tar -xvf libsepol-3.2.tar.gz
+cd libsepol-3.2
+make CC=gcc
+make install
+cd ..
+wget https://github.com/SELinuxProject/selinux/releases/download/3.2/libselinux-3.2.tar.gz
+tar -xvf libselinux-3.2.tar.gz
+cd libselinux-3.2
+make CC=gcc
+make install
+cd ..
+wget https://github.com/SELinuxProject/selinux/releases/download/3.2/policycoreutils-3.2.tar.gz
+tar -xvf policycoreutils-3.2.tar.gz
+cd policycoreutils-3.2
+make CC=gcc
+make install
+%files

rpm/rhel-8/Dockerfile

@@ -0,0 +1,35 @@
+ARG GO_IMAGE
+ARG DISTRO=rhel
+ARG SUITE=8
+ARG BUILD_IMAGE=dockereng/${DISTRO}:${SUITE}-s390x
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE}
+ENV GOPROXY=direct
+ENV GO111MODULE=off
+ENV GOPATH=/go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV AUTO_GOPATH 1
+ENV DOCKER_BUILDTAGS seccomp selinux exclude_graphdriver_btrfs
+ENV RUNC_BUILDTAGS seccomp selinux
+ARG DISTRO
+ARG SUITE
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+ENV CC=gcc
+
+RUN yum install -y rpm-build rpmlint libarchive yum-utils
+COPY SPECS /root/rpmbuild/SPECS
+
+# TODO change once we support scan-plugin on other architectures
+RUN \
+  if [ "$(uname -m)" = "x86_64" ]; then \
+    yum-builddep -y /root/rpmbuild/SPECS/*.spec; \
+  else \
+    yum-builddep --define '_without_btrfs 1' -y /root/rpmbuild/SPECS/docker-c*.spec; \
+  fi
+
+COPY --from=golang /usr/local/go /usr/local/go
+WORKDIR /root/rpmbuild
+ENTRYPOINT ["/bin/rpmbuild"]

rpm/sles-15/Dockerfile

@@ -0,0 +1,48 @@
+ARG GO_IMAGE
+ARG DISTRO=sles
+ARG SUITE=15
+ARG BUILD_IMAGE=dockereng/${DISTRO}:${SUITE}-s390x
+
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE}
+ENV GOPROXY=direct
+ENV GO111MODULE=off
+ENV GOPATH=/go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV AUTO_GOPATH 1
+ENV DOCKER_BUILDTAGS seccomp selinux
+ENV RUNC_BUILDTAGS seccomp selinux
+ARG DISTRO
+ARG SUITE
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+ENV CC=gcc
+USER root
+
+
+RUN zypper install -y rpm-build rpmlint pkg-config libsystemd0 systemd-devel selinux-tools wget cmake device-mapper-devel git glibc-devel-static libseccomp-devel libtool libarchive-devel  btrfsprogs libbtrfs-devel lsb-release
+
+COPY SPECS /usr/src/packages/SPECS
+COPY rpmbuild/SOURCES/ /usr/src/packages/SOURCES/
+RUN rpmbuild -bb /usr/src/packages/SPECS/policycoreutils.spec
+RUN rpmbuild -bb /usr/src/packages/SPECS/checkpolicy.spec 
+RUN rpm -i /usr/src/packages/RPMS/s390x/policycoreutils-3.2-1.s390x.rpm && rpm -i /usr/src/packages/RPMS/s390x/checkpolicy-3.2.61.1-1.s390x.rpm \
+&& sles_version=$(lsb_release -r | rev | cut -c1) \
+&& opensuse_repo="https://download.opensuse.org/repositories/security:SELinux/SLE_15_SP$sles_version/security:SELinux.repo" \
+&& zypper addrepo $opensuse_repo \
+&& zypper --gpg-auto-import-keys refresh && zypper install -y selinux-policy selinux-policy-devel \
+&& mkdir -p /root/rpmbuild/ && cp -r /usr/src/packages/* /root/rpmbuild/
+
+# TODO change once we support scan-plugin on other architectures
+RUN \
+  if [ "$(uname -m)" = "x86" ]; then \
+    rpmbuild /root/rpmbuild/SPECS/*.spec; \
+  else \
+     rpmbuild /usr/src/packages/SPECS/docker-c*.spec; \
+  fi
+
+COPY --from=golang /usr/local/go /usr/local/go
+WORKDIR /root/rpmbuild
+ENTRYPOINT ["/usr/bin/rpmbuild"]