From 3de6791a5970457060dc80b348568a546f86b25a Mon Sep 17 00:00:00 2001
From: Erikson Tung <etung@amazon.com>
Date: Thu, 19 Aug 2021 13:54:29 -0700
Subject: [PATCH] build: add Dockerfile for controller, build with
 bottlerocket-sdk

Build the binaries with the bottlerocket-sdk.

Dockerfile: install openssl with musl for controller, test-agent
---
 Dockerfile.sdk_with_openssl                   | 24 ++++++++++++++++
 Makefile                                      | 28 ++++++++++++++++---
 controller/Dockerfile                         | 19 +++++++++++++
 .../examples/example_test_agent/Dockerfile    | 22 +++++++++++----
 4 files changed, 84 insertions(+), 9 deletions(-)
 create mode 100644 Dockerfile.sdk_with_openssl
 create mode 100644 controller/Dockerfile

diff --git a/Dockerfile.sdk_with_openssl b/Dockerfile.sdk_with_openssl
new file mode 100644
index 000000000..4100a0c47
--- /dev/null
+++ b/Dockerfile.sdk_with_openssl
@@ -0,0 +1,24 @@
+ARG ARCH
+FROM public.ecr.aws/bottlerocket/bottlerocket-sdk-${ARCH}:v0.22.0 as build
+ARG ARCH
+ARG OPENSSL_VERSION=1.1.1k
+ARG OPENSSL_SHA256SUM=892a0875b9872acd04a9fde79b1f943075d5ea162415de3047c327df33fbaee5
+USER root
+
+# Build openssl using musl toolchain for openssl-sys crate
+RUN yum install -y perl
+RUN mkdir /musl && \
+    echo "/musl/lib" >> /etc/ld-musl-${ARCH}.path && \
+    ln -s /usr/include/${ARCH}-linux-gnu/asm /${ARCH}-bottlerocket-linux-musl/sys-root/usr/include/asm && \
+    ln -s /usr/include/asm-generic /${ARCH}-bottlerocket-linux-musl/sys-root/usr/include/asm-generic && \
+    ln -s /usr/include/linux /${ARCH}-bottlerocket-linux-musl/sys-root/usr/include/linux
+
+RUN curl -O -sSL https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz && \
+    echo "${OPENSSL_SHA256SUM} openssl-${OPENSSL_VERSION}.tar.gz" | sha256sum --check && \
+    tar -xzf openssl-${OPENSSL_VERSION}.tar.gz && \
+    cd openssl-${OPENSSL_VERSION} && \
+    ./Configure no-shared no-async -fPIC --prefix=/musl --openssldir=/musl/ssl linux-${ARCH} && \
+    env C_INCLUDE_PATH=/musl/include/ make depend 2> /dev/null && \
+    make -j$(nproc) && \
+    make install && \
+    cd .. && rm -rf openssl-${OPENSSL_VERSION}
diff --git a/Makefile b/Makefile
index b7e288996..96f2dc7f7 100644
--- a/Makefile
+++ b/Makefile
@@ -1,8 +1,28 @@
-.PHONY: example-test-agent-container
+.PHONY: sdk-openssl example-test-agent-image controller-image images
 
-# Build a container image for daemon and tools.
-example-test-agent-container:
+ARCH=$(shell uname -m)
+
+images: controller-image
+
+# Augment the bottlerocket-sdk image with openssl built with the musl toolchain
+sdk-openssl:
+	docker build \
+		--network=host \
+		--build-arg ARCH="$(ARCH)" \
+		--tag "bottlerocket-sdk-with-openssl-$(ARCH)" \
+		-f Dockerfile.sdk_with_openssl .
+
+# Build the container image for the example test-agent program
+example-test-agent-image: sdk-openssl
 	docker build \
 		--network=host \
-		--tag 'example_test_agent' \
+		--build-arg ARCH="$(ARCH)" \
+		--tag "example-test-agent" \
 		-f test-agent/examples/example_test_agent/Dockerfile .
+
+controller-image: sdk-openssl
+	docker build \
+		--network=host \
+		--build-arg ARCH="$(ARCH)" \
+		--tag "test-sys-controller" \
+		-f controller/Dockerfile .
diff --git a/controller/Dockerfile b/controller/Dockerfile
new file mode 100644
index 000000000..9822fbb5a
--- /dev/null
+++ b/controller/Dockerfile
@@ -0,0 +1,19 @@
+ARG ARCH
+FROM bottlerocket-sdk-with-openssl-${ARCH} as build
+ARG ARCH
+USER root
+
+ADD ./ /src/
+WORKDIR /src/controller
+RUN export PKG_CONFIG_ALLOW_CROSS=1 && \
+    export OPENSSL_STATIC=true && \
+    export OPENSSL_DIR=/musl && \
+    cargo install --locked --target ${ARCH}-bottlerocket-linux-musl --path . --root ./
+
+FROM scratch
+# Copy CA certificates store
+COPY --from=public.ecr.aws/amazonlinux/amazonlinux:2 /etc/ssl /etc/ssl
+COPY --from=public.ecr.aws/amazonlinux/amazonlinux:2 /etc/pki /etc/pki
+COPY --from=build /src/controller/bin/controller ./
+
+ENTRYPOINT ["./controller"]
diff --git a/test-agent/examples/example_test_agent/Dockerfile b/test-agent/examples/example_test_agent/Dockerfile
index 784254830..905da9870 100644
--- a/test-agent/examples/example_test_agent/Dockerfile
+++ b/test-agent/examples/example_test_agent/Dockerfile
@@ -1,7 +1,19 @@
-# TODO Use Bottlerocket SDK
-FROM rust:1.53.0
-WORKDIR /src
+ARG ARCH
+FROM bottlerocket-sdk-with-openssl-${ARCH} as build
+ARG ARCH
+USER root
+
 ADD ./ /src/
 WORKDIR /src/test-agent
-RUN cargo install --path . --example example_test_agent --root ./
-ENTRYPOINT ["/src/test-agent/bin/example_test_agent"]
+RUN export PKG_CONFIG_ALLOW_CROSS=1 && \
+    export OPENSSL_STATIC=true && \
+    export OPENSSL_DIR=/musl && \
+    cargo install --locked --target ${ARCH}-bottlerocket-linux-musl --path . --example example_test_agent --root ./
+
+FROM scratch
+# Copy CA certificates store
+COPY --from=public.ecr.aws/amazonlinux/amazonlinux:2 /etc/ssl /etc/ssl
+COPY --from=public.ecr.aws/amazonlinux/amazonlinux:2 /etc/pki /etc/pki
+COPY --from=build /src/test-agent/bin/example_test_agent ./
+
+ENTRYPOINT ["./example_test_agent"]