diff --git a/.cargo/config.toml b/.cargo/config.toml new file mode 100644 index 000000000..9663ce992 --- /dev/null +++ b/.cargo/config.toml @@ -0,0 +1,23 @@ +[target.x86_64-bottlerocket-linux-musl] +linker = "/usr/bin/x86_64-bottlerocket-linux-musl-gcc" +ar = "/usr/bin/x86_64-bottlerocket-linux-musl-gcc-ar" + +rustflags = [ + "-Ctarget-feature=+crt-static", + "-Clink-arg=-Wl,-Bstatic", + "-Clink-arg=-lc", + "-Clink-arg=-lgcc", + "-Clink-arg=-Wl,-z,relro,-z,now", +] + +[target.aarch64-bottlerocket-linux-musl] +linker = "/usr/bin/aarch64-bottlerocket-linux-musl-gcc" +ar = "/usr/bin/aarch64-bottlerocket-linux-musl-gcc-ar" + +rustflags = [ + "-Ctarget-feature=+crt-static", + "-Clink-arg=-Wl,-Bstatic", + "-Clink-arg=-lc", + "-Clink-arg=-lgcc", + "-Clink-arg=-Wl,-z,relro,-z,now", +] diff --git a/.gitignore b/.gitignore index b83d22266..0bd3972c2 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,3 @@ /target/ +/.cargo/* +!.cargo/config.toml diff --git a/Dockerfile.sdk_openssl b/Dockerfile.sdk_openssl deleted file mode 100644 index 9b3c497b3..000000000 --- a/Dockerfile.sdk_openssl +++ /dev/null @@ -1,30 +0,0 @@ -ARG ARCH -FROM public.ecr.aws/bottlerocket/bottlerocket-sdk-${ARCH}:v0.22.0 as build -ARG ARCH -ARG OPENSSL_VERSION=1.1.1k -ARG OPENSSL_SHA256SUM=892a0875b9872acd04a9fde79b1f943075d5ea162415de3047c327df33fbaee5 -USER root - -# Build openssl using musl toolchain for openssl-sys crate -RUN dnf install -y perl -RUN mkdir /musl && \ - echo "/musl/lib" >> /etc/ld-musl-${ARCH}.path && \ - ln -s /usr/include/${ARCH}-linux-gnu/asm /${ARCH}-bottlerocket-linux-musl/sys-root/usr/include/asm && \ - ln -s /usr/include/asm-generic /${ARCH}-bottlerocket-linux-musl/sys-root/usr/include/asm-generic && \ - ln -s /usr/include/linux /${ARCH}-bottlerocket-linux-musl/sys-root/usr/include/linux - -RUN curl -O -sSL https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz && \ - echo "${OPENSSL_SHA256SUM} openssl-${OPENSSL_VERSION}.tar.gz" | sha256sum --check && \ - tar -xzf openssl-${OPENSSL_VERSION}.tar.gz && \ - cd openssl-${OPENSSL_VERSION} && \ - if [ ${ARCH} = "aarch64" ]; then CONFIGURE_ARGS="-mno-outline-atomics"; else CONFIGURE_ARGS=""; fi && \ - ./Configure no-shared no-async ${CONFIGURE_ARGS} -fPIC --prefix=/musl --openssldir=/musl/ssl linux-${ARCH} && \ - env C_INCLUDE_PATH=/musl/include/ make depend 2> /dev/null && \ - make -j && \ - make install && \ - cd .. && rm -rf openssl-${OPENSSL_VERSION} - -# We need these environment variables set for building the `openssl-sys` crate -ENV PKG_CONFIG_ALLOW_CROSS=1 -ENV OPENSSL_STATIC=true -ENV OPENSSL_DIR=/musl diff --git a/Makefile b/Makefile index 4c645addb..ce242ce63 100644 --- a/Makefile +++ b/Makefile @@ -1,51 +1,54 @@ +TOP := $(dir $(firstword $(MAKEFILE_LIST))) + .PHONY: build sdk-openssl example-test-agent-image example-resource-agent-image controller-image images sonobuoy-test-agent-image integ-test UNAME_ARCH=$(shell uname -m) ARCH ?= $(lastword $(subst :, ,$(filter $(UNAME_ARCH):%,x86_64:amd64 aarch64:arm64))) -images: controller-image +export CARGO_HOME = $(TOP)/.cargo + +# Fetches crates from upstream +fetch: + cargo fetch --locked + +images: fetch controller-image # Builds, Lints and Tests the Rust workspace -build: +build: fetch cargo fmt -- --check cargo build --locked cargo test --locked -# Augment the bottlerocket-sdk image with openssl built with the musl toolchain -sdk-openssl: - docker build $(DOCKER_BUILD_FLAGS) \ - --build-arg ARCH="$(UNAME_ARCH)" \ - --tag "bottlerocket-sdk-openssl-$(UNAME_ARCH)" \ - -f Dockerfile.sdk_openssl . - # Build the container image for the example test-agent program -example-test-agent-image: sdk-openssl +example-test-agent-image: fetch docker build $(DOCKER_BUILD_FLAGS) \ --build-arg ARCH="$(UNAME_ARCH)" \ --tag "example-testsys-agent" \ + --network none \ -f agent/test-agent/examples/example_test_agent/Dockerfile . # Build the container image for the example resource-agent program -example-resource-agent-image: sdk-openssl +example-resource-agent-image: fetch docker build $(DOCKER_BUILD_FLAGS) \ --build-arg ARCH="$(UNAME_ARCH)" \ --tag "example-resource-agent" \ + --network none \ -f agent/resource-agent/examples/example_resource_agent/Dockerfile . -controller-image: sdk-openssl +controller-image: fetch docker build $(DOCKER_BUILD_FLAGS) \ --build-arg ARCH="$(UNAME_ARCH)" \ --tag "testsys-controller" \ -f controller/Dockerfile . -sonobuoy-test-agent-image: sdk-openssl +sonobuoy-test-agent-image: fetch docker build $(DOCKER_BUILD_FLAGS) \ --build-arg UNAME_ARCH="$(UNAME_ARCH)" \ --build-arg ARCH="$(ARCH)" \ --tag "sonobuoy-test-agent" \ -f agent/sonobuoy-test-agent/Dockerfile . -integ-test: controller-image example-test-agent-image example-resource-agent-image sonobuoy-test-agent-image +integ-test: fetch controller-image example-test-agent-image example-resource-agent-image sonobuoy-test-agent-image docker tag example-testsys-agent example-testsys-agent:integ docker tag testsys-controller testsys-controller:integ docker tag example-resource-agent example-resource-agent:integ diff --git a/agent/resource-agent/examples/example_resource_agent/Dockerfile b/agent/resource-agent/examples/example_resource_agent/Dockerfile index 172893fbb..eaad71f47 100644 --- a/agent/resource-agent/examples/example_resource_agent/Dockerfile +++ b/agent/resource-agent/examples/example_resource_agent/Dockerfile @@ -1,11 +1,16 @@ ARG ARCH -FROM bottlerocket-sdk-openssl-${ARCH} as build +FROM public.ecr.aws/c2b5m1s5/thar-be-a-beta-sdk-${ARCH}:v0.23.0 as build + ARG ARCH USER root - +# We need these environment variables set for building the `openssl-sys` crate +ENV PKG_CONFIG_PATH=/${ARCH}-bottlerocket-linux-musl/sys-root/usr/lib/pkgconfig +ENV PKG_CONFIG_ALLOW_CROSS=1 +ENV CARGO_HOME=/src/.cargo +ENV OPENSSL_STATIC=true ADD ./ /src/ WORKDIR /src/agent/resource-agent -RUN cargo install --locked --target ${ARCH}-bottlerocket-linux-musl --path . --example example_resource_agent --root ./ +RUN cargo install --offline --locked --target ${ARCH}-bottlerocket-linux-musl --path . --example example_resource_agent --root ./ FROM scratch # Copy CA certificates store diff --git a/agent/sonobuoy-test-agent/Dockerfile b/agent/sonobuoy-test-agent/Dockerfile index 3bb5f92af..671cdc7d3 100644 --- a/agent/sonobuoy-test-agent/Dockerfile +++ b/agent/sonobuoy-test-agent/Dockerfile @@ -1,11 +1,16 @@ ARG UNAME_ARCH -FROM bottlerocket-sdk-openssl-${UNAME_ARCH} as build +FROM public.ecr.aws/c2b5m1s5/thar-be-a-beta-sdk-${UNAME_ARCH}:v0.23.0 as build + ARG UNAME_ARCH USER root - +# We need these environment variables set for building the `openssl-sys` crate +ENV PKG_CONFIG_PATH=/${UNAME_ARCH}-bottlerocket-linux-musl/sys-root/usr/lib/pkgconfig +ENV PKG_CONFIG_ALLOW_CROSS=1 +ENV CARGO_HOME=/src/.cargo +ENV OPENSSL_STATIC=true ADD ./ /src/ WORKDIR /src/agent/sonobuoy-test-agent -RUN cargo install --locked --target ${UNAME_ARCH}-bottlerocket-linux-musl --path . --root ./ +RUN cargo install --offline --locked --target ${UNAME_ARCH}-bottlerocket-linux-musl --path . --root ./ FROM public.ecr.aws/amazonlinux/amazonlinux:2 ARG ARCH diff --git a/agent/test-agent/examples/example_test_agent/Dockerfile b/agent/test-agent/examples/example_test_agent/Dockerfile index 483bb5ddd..49bc2e6d1 100644 --- a/agent/test-agent/examples/example_test_agent/Dockerfile +++ b/agent/test-agent/examples/example_test_agent/Dockerfile @@ -1,11 +1,16 @@ ARG ARCH -FROM bottlerocket-sdk-openssl-${ARCH} as build +FROM public.ecr.aws/c2b5m1s5/thar-be-a-beta-sdk-${ARCH}:v0.23.0 as build + ARG ARCH USER root - +# We need these environment variables set for building the `openssl-sys` crate +ENV PKG_CONFIG_PATH=/${ARCH}-bottlerocket-linux-musl/sys-root/usr/lib/pkgconfig +ENV PKG_CONFIG_ALLOW_CROSS=1 +ENV CARGO_HOME=/src/.cargo +ENV OPENSSL_STATIC=true ADD ./ /src/ WORKDIR /src/agent/test-agent -RUN cargo install --locked --target ${ARCH}-bottlerocket-linux-musl --path . --example example_test_agent --root ./ +RUN cargo install --offline --locked --target ${ARCH}-bottlerocket-linux-musl --path . --example example_test_agent --root ./ FROM scratch # Copy CA certificates store diff --git a/controller/Dockerfile b/controller/Dockerfile index ffe139967..98a365725 100644 --- a/controller/Dockerfile +++ b/controller/Dockerfile @@ -1,11 +1,16 @@ ARG ARCH -FROM bottlerocket-sdk-openssl-${ARCH} as build +FROM public.ecr.aws/c2b5m1s5/thar-be-a-beta-sdk-${ARCH}:v0.23.0 as build + ARG ARCH USER root - +# We need these environment variables set for building the `openssl-sys` crate +ENV PKG_CONFIG_PATH=/${ARCH}-bottlerocket-linux-musl/sys-root/usr/lib/pkgconfig +ENV PKG_CONFIG_ALLOW_CROSS=1 +ENV CARGO_HOME=/src/.cargo +ENV OPENSSL_STATIC=true ADD ./ /src/ WORKDIR /src/controller -RUN cargo install --locked --target ${ARCH}-bottlerocket-linux-musl --path . --root ./ +RUN cargo install --offline --locked --target ${ARCH}-bottlerocket-linux-musl --path . --root ./ FROM scratch # Copy CA certificates store