Skip to content

Commit

Permalink
Add support for static builds on rpm-based distros
Browse files Browse the repository at this point in the history
this patch allows building static binaries on rpm-based
distros. Building is not succesfull on all distros, but
works on most recent versions (CentOS 8, Oracle Linux 8,
Fedora 30, 31)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
  • Loading branch information
thaJeztah committed Jul 21, 2020
1 parent 168d446 commit 46fbe58
Show file tree
Hide file tree
Showing 3 changed files with 51 additions and 5 deletions.
3 changes: 0 additions & 3 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -71,9 +71,6 @@ checkout: src
./scripts/checkout.sh src/github.com/opencontainers/runc "$(RUNC_REF)"
./scripts/checkout.sh src/github.com/containerd/containerd "$(REF)"

# NOTE: building static binaries currently only works when using an
# ubuntu/debian BUILD_IMAGE, because build-dependencies are not
# installed beforehand.
.PHONY: static
static: TARGET=binaries
static: build
Expand Down
26 changes: 24 additions & 2 deletions dockerfiles/rpm.dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ FROM redhat-base AS amzn-base

FROM redhat-base AS ol-base
RUN . "/etc/os-release"; if [ "${VERSION_ID%.*}" -eq 7 ]; then yum-config-manager --enable ol7_addons --enable ol7_optional_latest; fi
RUN . "/etc/os-release"; if [ "${VERSION_ID%.*}" -eq 8 ]; then yum-config-manager --enable ol8_addons; fi
RUN . "/etc/os-release"; if [ "${VERSION_ID%.*}" -eq 8 ]; then yum-config-manager --enable ol8_addons --enable ol8_codeready_builder; fi

FROM ${BUILD_IMAGE} AS fedora-base
RUN dnf install -y rpm-build git dnf-plugins-core
Expand All @@ -71,9 +71,11 @@ WORKDIR /root/rpmbuild
COPY --from=go-md2man /go/bin/go-md2man /go/bin/go-md2man
COPY rpm/containerd.spec SPECS/containerd.spec
COPY scripts/build-rpm /root/
COPY scripts/build-static /root/
COPY scripts/.rpm-helpers /root/
RUN . /root/.rpm-helpers \
&& install_build_deps SPECS/containerd.spec
&& install_build_deps SPECS/containerd.spec \
&& install_package glibc-static

ARG PACKAGE
ENV PACKAGE=${PACKAGE:-containerd.io}
Expand Down Expand Up @@ -122,6 +124,26 @@ FROM scratch AS packages
COPY --from=build-packages /archive /archive
COPY --from=verify-packages /build /build

FROM build-env AS build-binaries
# NOTE: not using a cache-mount for /root/.cache/go-build, to prevent issues
# with CGO when building multiple distros on the same machine / build-cache
RUN --mount=type=bind,from=golang,source=/usr/local/go/,target=/usr/local/go/ \
--mount=type=bind,source=/src,target=/go/src,rw \
/root/build-static
ARG UID=0
ARG GID=0
RUN chown -R ${UID}:${GID} /build

FROM distro-image AS verify-binaries
COPY --from=build-binaries /build /build
RUN tar -C /usr/local/bin/ --strip-components 1 -xzf "$(find /build/static -type f -name containerd.io*.tar.gz)"
RUN containerd --version
RUN ctr --version
RUN runc --version

FROM scratch AS binaries
COPY --from=verify-binaries /build /build

# This stage is mainly for debugging (running the build interactively with mounted source)
FROM build-env AS runtime
COPY --from=golang /usr/local/go/ /usr/local/go/
Expand Down
27 changes: 27 additions & 0 deletions scripts/build-static
Original file line number Diff line number Diff line change
Expand Up @@ -28,13 +28,21 @@ ARCH=$(uname -m)
DEST_DIR="/build/static/${ARCH}/"
mkdir -p "${DEST_DIR}"

. "/etc/os-release"

# Build containerd
(
set -x
export BUILDTAGS='netgo osusergo static_build seccomp apparmor selinux'
export EXTRA_FLAGS='-buildmode=pie'
export EXTRA_LDFLAGS='-extldflags "-fno-PIC -static"'

case "${ID}" in
centos|ol|rhel)
BUILDTAGS='netgo osusergo static_build apparmor selinux no_btrfs'
;;
esac

make -C "/go/src/github.com/containerd/containerd"
make -C "/go/src/github.com/containerd/containerd" DESTDIR="${DEST_DIR}" install
)
Expand All @@ -43,6 +51,25 @@ mkdir -p "${DEST_DIR}"
(
set -x
RUNC_BUILDTAGS="seccomp apparmor selinux"

case "${ID}" in
fedora)
# seccomp requires the libseccomp-static package, which is available on
# Fedora, but not on RHEL/CentOS
#
# /usr/local/go/pkg/tool/linux_amd64/link: running gcc failed: exit status 1
# /usr/bin/ld: cannot find -lseccomp
#
# With LD_DEBUG=libs
# go build github.com/opencontainers/runc/vendor/github.com/seccomp/libseccomp-golang: invalid flag in pkg-config --cflags: 1277:
# make: Leaving directory '/go/src/github.com/opencontainers/runc'
dnf -y install libseccomp-static
;;
centos|ol|rhel)
RUNC_BUILDTAGS="apparmor selinux"
;;
esac

make -C "/go/src/github.com/opencontainers/runc" BUILDTAGS="${RUNC_BUILDTAGS}" static
install -D -p -t "${DEST_DIR}/bin" "/go/src/github.com/opencontainers/runc/runc"
)
Expand Down

0 comments on commit 46fbe58

Please sign in to comment.