fcvm/Containerfile.vsock-integrity at main · ejc3/fcvm · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# Vsock integrity test container
#
# Builds on localhost/nested-test (which has fcvm) and adds vsock-integrity binary.
#
# Build:
#   # First build nested-test if not exists
#   podman build -t localhost/nested-test -f Containerfile.nested .
#   # Then build this
#   podman build -t localhost/vsock-integrity -f Containerfile.vsock-integrity .
#
# Test flow:
#   1. Host starts L1 with this container
#   2. L1 runs echo server + starts L2
#   3. L2 runs vsock client, tests data integrity

FROM docker.io/library/rust:1.83-slim AS builder

# Install the native musl target for static linking (L2 runs alpine).
# Derived from the build arch — a hardcoded aarch64 target broke the
# x86_64 CI runners the moment the test was re-enabled.
RUN MUSL_TARGET="$(uname -m)-unknown-linux-musl" && \
    rustup target add "$MUSL_TARGET" && \
    apt-get update && apt-get install -y musl-tools && rm -rf /var/lib/apt/lists/*

WORKDIR /build
COPY tests/vsock-integrity/ .
RUN MUSL_TARGET="$(uname -m)-unknown-linux-musl" && \
    cargo build --release --target "$MUSL_TARGET" && \
    cp "target/$MUSL_TARGET/release/vsock-integrity" /build/vsock-integrity

FROM localhost/nested-test

# Add vsock-integrity binary (musl-linked for alpine)
COPY --from=builder /build/vsock-integrity /usr/local/bin/

# Add test script
COPY tests/vsock-integrity/run-test.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/run-test.sh

# Default: run the vsock integrity test
ENTRYPOINT ["/usr/local/bin/run-test.sh"]