Add support for static builds

Currently only supporting a debian base-image for building (e.g. ubuntu). Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
docker · Jun 4, 2022 · 0d5e250 · 0d5e250
1 parent fd32fcd
commit 0d5e250
Show file tree

Hide file tree

Showing 5 changed files with 93 additions and 1 deletion.
diff --git a/Makefile b/Makefile
@@ -76,6 +76,18 @@ checkout: src
 	./scripts/checkout.sh src/github.com/containerd/containerd "$(REF)"
 	./scripts/checkout.sh src/github.com/opencontainers/runc "$$(./scripts/determine-runc-version)"
 
+# NOTE: building static binaries currently only works when using an
+#       ubuntu/debian BUILD_IMAGE, because build-dependencies are not
+#       installed beforehand.
+.PHONY: static
+static: TARGET=binaries
+static: build
+
+# This target is used for building rpm, deb, and static packages:
+#
+# - If TARGET=binaries, static binaries are built
+# - If TARGET is not specified, the default is either "rpm" or "deb",
+#   depending on the BUILD_IMAGE
 .PHONY: build
 build: checkout common/containerd.service
 build:

diff --git a/README.md b/README.md
@@ -15,6 +15,13 @@ make docker.io/library/<distro>:<version> [docker.io/library/<distro>:<version>
 
 After build completes, packages can be found in the `build` directory.
 
+To build static binaries:
+
+```bash
+make clean
+make static
+```
+
 ## Building a package from a local source directory
 
 Specify the path to the local source directory using `CONTAINERD_DIR` and/or

diff --git a/dockerfiles/deb.dockerfile b/dockerfiles/deb.dockerfile
@@ -90,6 +90,7 @@ COPY debian/ debian/
 RUN apt-get update -q \
  && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i debian/control
 COPY scripts/build-deb    /root/
+COPY scripts/build-static /root/
 COPY scripts/.helpers     /root/
 
 ARG PACKAGE
@@ -128,6 +129,26 @@ FROM scratch AS packages
 COPY --from=build-packages  /archive /archive
 COPY --from=verify-packages /build   /build
 
+FROM build-env AS build-binaries
+# NOTE: not using a cache-mount for /root/.cache/go-build, to prevent issues
+#       with CGO when building multiple distros on the same machine / build-cache
+RUN --mount=type=bind,from=golang,source=/usr/local/go/,target=/usr/local/go/ \
+    --mount=type=bind,source=/src,target=/go/src,rw \
+    /root/build-static
+ARG UID=0
+ARG GID=0
+RUN chown -R ${UID}:${GID} /build
+
+FROM distro-image AS verify-binaries
+COPY --from=build-binaries /build /build
+RUN tar -C /usr/local/bin/ --strip-components 1 -xzf "$(find /build/static -type f -name containerd.io*.tar.gz)"
+RUN containerd --version
+RUN ctr --version
+RUN runc --version
+
+FROM scratch AS binaries
+COPY --from=verify-binaries /build /build
+
 # This stage is mainly for debugging (running the build interactively with mounted source)
 FROM build-env AS runtime
 COPY --from=golang /usr/local/go/ /usr/local/go/

diff --git a/dockerfiles/rpm.dockerfile b/dockerfiles/rpm.dockerfile
@@ -73,7 +73,8 @@ COPY --from=go-md2man /go/bin/go-md2man /go/bin/go-md2man
 COPY rpm/containerd.spec SPECS/containerd.spec
 COPY scripts/build-rpm    /root/
 COPY scripts/.rpm-helpers /root/
-RUN . /root/.rpm-helpers; install_build_deps SPECS/containerd.spec
+RUN . /root/.rpm-helpers \
+ && install_build_deps SPECS/containerd.spec
 
 ARG PACKAGE
 ENV PACKAGE=${PACKAGE:-containerd.io}

diff --git a/scripts/build-static b/scripts/build-static
@@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+
+#   Copyright 2018-2022 Docker Inc.
+
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+
+#       http://www.apache.org/licenses/LICENSE-2.0
+
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+
+set -e
+
+VERSION="$(git --git-dir "${GO_SRC_PATH}/.git" describe --tags | sed 's/^v//')"
+# Check if we're on a tagged version, change VERSION to dev build if not
+if ! git --git-dir "${GO_SRC_PATH}/.git" describe --exact-match HEAD >/dev/null 2>&1; then
+	git_date=$(date --date "@$(git --git-dir "${GO_SRC_PATH}/.git" log -1 --pretty='%at')" +'%Y%m%d.%H%M%S')
+	git_sha=$(git --git-dir "${GO_SRC_PATH}/.git" log -1 --pretty='%h')
+	VERSION="${git_date}~${git_sha}"
+fi
+
+ARCH=$(uname -m)
+DEST_DIR="/build/static/${ARCH}/"
+mkdir -p "${DEST_DIR}"
+
+# Build containerd
+(
+	set -x
+	# see https://github.com/containerd/containerd/blob/main/BUILDING.md#static-binaries
+	export EXTRA_FLAGS='-buildmode=pie'
+	export EXTRA_LDFLAGS='-linkmode external -extldflags "-fno-PIC -static"'
+	export BUILDTAGS='netgo osusergo static_build'
+
+	make -C "/go/src/github.com/containerd/containerd"
+	make -C "/go/src/github.com/containerd/containerd" DESTDIR="${DEST_DIR}" install
+)
+
+# Build runc
+(
+	set -x
+	make -C "/go/src/github.com/opencontainers/runc" static
+	install -D -p -t "${DEST_DIR}/bin" "/go/src/github.com/opencontainers/runc/runc"
+)
+
+tar -C "${DEST_DIR}" --exclude=containerd-stress -czf "${DEST_DIR}/containerd.io-${VERSION}.linux-${ARCH}.tar.gz" "bin/"
+rm -r "${DEST_DIR:?}/bin/"