core/initramfs: add cilium, force static binaries
This adds a Bazel transition to the initramfs rule to ensure all
binaries that are part of it are built statically.
Test Plan: tested by building the binary and checking all binaries are static
X-Origin-Diff: phab/D557
GitOrigin-RevId: 897b902c6b139fdffd1179caae757f5151ad7804
diff --git a/build/fietsje/deps_containerd.go b/build/fietsje/deps_containerd.go
index 11d9762..6eea0e2 100644
--- a/build/fietsje/deps_containerd.go
+++ b/build/fietsje/deps_containerd.go
@@ -21,7 +21,6 @@
"github.com/containerd/containerd", "8e685f78cf66e2901b2fbed2fdddd64449a74ab9",
buildTags("no_zfs", "no_aufs", "no_devicemapper", "no_btrfs"),
disabledProtoBuild,
- patches("containerd-build.patch"),
).use(
"github.com/BurntSushi/toml",
"github.com/Microsoft/go-winio",
@@ -100,7 +99,6 @@
// containernetworking/plugins
p.collectOverride(
"github.com/containernetworking/plugins", "v0.8.2",
- patches("cni-plugins-build.patch"),
).use(
"github.com/alexflint/go-filemutex",
"github.com/coreos/go-iptables",
diff --git a/core/BUILD b/core/BUILD
index 1229388..fcfc049 100644
--- a/core/BUILD
+++ b/core/BUILD
@@ -34,6 +34,11 @@
"@com_github_containernetworking_plugins//plugins/main/loopback": "/containerd/bin/cni/loopback",
"@com_github_containernetworking_plugins//plugins/main/ptp": "/containerd/bin/cni/ptp",
"@com_github_containernetworking_plugins//plugins/ipam/host-local": "/containerd/bin/cni/host-local",
+
+ # Cilium binaries
+ "@com_github_cilium_cilium//cilium": "/cilium/bin/cilium",
+ "@com_github_cilium_cilium//daemon": "/cilium/bin/daemon",
+ "@com_github_cilium_cilium//operator": "/cilium/bin/operator",
},
)
diff --git a/core/build/def.bzl b/core/build/def.bzl
index 69994fc..1451f3d 100644
--- a/core/build/def.bzl
+++ b/core/build/def.bzl
@@ -14,6 +14,24 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+def _build_pure_transition_impl(settings, attr):
+ """
+ Transition that enables pure, static build of Go binaries.
+ """
+ return {
+ "@io_bazel_rules_go//go/config:pure": True,
+ "@io_bazel_rules_go//go/config:static": True,
+ }
+
+build_pure_transition = transition(
+ implementation = _build_pure_transition_impl,
+ inputs = [],
+ outputs = [
+ "@io_bazel_rules_go//go/config:pure",
+ "@io_bazel_rules_go//go/config:static",
+ ],
+)
+
def _smalltown_initramfs_impl(ctx):
"""
Generate an lz4-compressed initramfs based on a label/file list.
@@ -143,6 +161,8 @@
Dictionary of Labels to String, placing a given Label's output file in the initramfs at the location
specified by the String value. The specified labels must only have a single output.
""",
+ # Attach pure transition to ensure all binaries added to the initramfs are pure/static binaries.
+ cfg = build_pure_transition,
),
"extra_dirs": attr.string_list(
default = [],
@@ -168,5 +188,10 @@
executable = True,
cfg = "host",
),
+
+ # Allow for transitions to be attached to this rule.
+ "_whitelist_function_transition": attr.label(
+ default = "@bazel_tools//tools/whitelists/function_transition_whitelist",
+ ),
},
)
diff --git a/core/cmd/mkimage/main.go b/core/cmd/mkimage/main.go
index 1238c04..574842f 100644
--- a/core/cmd/mkimage/main.go
+++ b/core/cmd/mkimage/main.go
@@ -36,6 +36,7 @@
initramfsPath = flag.String("initramfs", "", "External initramfs [optional]")
enrolmentCredentialsPath = flag.String("enrolment-credentials", "", "Enrolment credentials [optional]")
dataPartitionSizeMiB = flag.Uint64("data-partition-size", 2048, "Override the data partition size (default 2048 MiB)")
+ espPartitionSizeMiB = flag.Uint64("esp-partition-size", 512, "Override the ESP partition size (default: 512MiB)")
)
func mibToSectors(size uint64) uint64 {
@@ -66,13 +67,13 @@
Type: gpt.EFISystemPartition,
Name: "ESP",
Start: mibToSectors(1),
- End: mibToSectors(256) - 1,
+ End: mibToSectors(*espPartitionSizeMiB) - 1,
},
{
Type: SmalltownDataPartition,
Name: "SIGNOS-DATA",
- Start: mibToSectors(256),
- End: mibToSectors(*dataPartitionSizeMiB+256) - 1,
+ Start: mibToSectors(*espPartitionSizeMiB),
+ End: mibToSectors(*espPartitionSizeMiB+*dataPartitionSizeMiB) - 1,
},
},
}
diff --git a/third_party/go/patches/cni-plugins-build.patch b/third_party/go/patches/cni-plugins-build.patch
deleted file mode 100644
index e9cef5b..0000000
--- a/third_party/go/patches/cni-plugins-build.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-Copyright 2020 The Monogon Project Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
-
-From 16e16b82c44cf48f0752a74de83845263fd04fda Mon Sep 17 00:00:00 2001
-From: Lorenz Brun <lorenz@brun.one>
-Date: Wed, 5 Feb 2020 16:37:42 +0100
-Subject: [PATCH] Build the plugins we need in pure mode
-
----
- plugins/ipam/host-local/BUILD.bazel | 1 +
- plugins/main/loopback/BUILD.bazel | 1 +
- plugins/main/ptp/BUILD.bazel | 1 +
- 3 files changed, 3 insertions(+)
-
-diff --git a/plugins/ipam/host-local/BUILD.bazel b/plugins/ipam/host-local/BUILD.bazel
-index ce1f2d6..72817a6 100644
---- a/plugins/ipam/host-local/BUILD.bazel
-+++ b/plugins/ipam/host-local/BUILD.bazel
-@@ -22,6 +22,7 @@ go_library(
- go_binary(
- name = "host-local",
- embed = [":go_default_library"],
-+ pure = "on",
- visibility = ["//visibility:public"],
- )
-
-diff --git a/plugins/main/loopback/BUILD.bazel b/plugins/main/loopback/BUILD.bazel
-index c4d6e00..952bfb1 100644
---- a/plugins/main/loopback/BUILD.bazel
-+++ b/plugins/main/loopback/BUILD.bazel
-@@ -19,6 +19,7 @@ go_library(
- go_binary(
- name = "loopback",
- embed = [":go_default_library"],
-+ pure = "on",
- visibility = ["//visibility:public"],
- )
-
-diff --git a/plugins/main/ptp/BUILD.bazel b/plugins/main/ptp/BUILD.bazel
-index 512de12..2eb5d50 100644
---- a/plugins/main/ptp/BUILD.bazel
-+++ b/plugins/main/ptp/BUILD.bazel
-@@ -23,6 +23,7 @@ go_library(
- go_binary(
- name = "ptp",
- embed = [":go_default_library"],
-+ pure = "on",
- visibility = ["//visibility:public"],
- )
-
---
-2.20.1
diff --git a/third_party/go/patches/containerd-build.patch b/third_party/go/patches/containerd-build.patch
deleted file mode 100644
index 6a0fcc2..0000000
--- a/third_party/go/patches/containerd-build.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-Copyright 2020 The Monogon Project Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
-
-diff --git a/cmd/containerd-shim-runc-v2/BUILD.bazel b/cmd/containerd-shim-runc-v2/BUILD.bazel
-index 516b165..728b4dd 100644
---- a/cmd/containerd-shim-runc-v2/BUILD.bazel
-+++ b/cmd/containerd-shim-runc-v2/BUILD.bazel
-@@ -21,5 +21,6 @@ go_library(
- go_binary(
- name = "containerd-shim-runc-v2",
- embed = [":go_default_library"],
-+ pure = "on",
- visibility = ["//visibility:public"],
- )
-diff --git a/cmd/containerd/BUILD.bazel b/cmd/containerd/BUILD.bazel
-index 8eed766..9d95be6 100644
---- a/cmd/containerd/BUILD.bazel
-+++ b/cmd/containerd/BUILD.bazel
-@@ -81,5 +81,6 @@ go_library(
- go_binary(
- name = "containerd",
- embed = [":go_default_library"],
-+ pure = "on",
- visibility = ["//visibility:public"],
- )
diff --git a/third_party/go/patches/gvisor-containerd-shim-build.patch b/third_party/go/patches/gvisor-containerd-shim-build.patch
index e221fe8..3431f2e 100644
--- a/third_party/go/patches/gvisor-containerd-shim-build.patch
+++ b/third_party/go/patches/gvisor-containerd-shim-build.patch
@@ -16,7 +16,7 @@
From d92dc4195d4de5149e7e55890fa856837a35217e Mon Sep 17 00:00:00 2001
From: Lorenz Brun <lorenz@brun.one>
Date: Mon, 4 May 2020 15:33:40 +0200
-Subject: [PATCH] Reflect code patches in Bazel and build pure
+Subject: [PATCH] Reflect code patches in Bazel
---
cmd/containerd-shim-runsc-v1/BUILD.bazel | 1 +
@@ -26,17 +26,6 @@
pkg/v2/BUILD.bazel | 14 ++++++++------
5 files changed, 16 insertions(+), 11 deletions(-)
-diff --git a/cmd/containerd-shim-runsc-v1/BUILD.bazel b/cmd/containerd-shim-runsc-v1/BUILD.bazel
-index 8fb6a86..d58f069 100644
---- a/cmd/containerd-shim-runsc-v1/BUILD.bazel
-+++ b/cmd/containerd-shim-runsc-v1/BUILD.bazel
-@@ -14,5 +14,6 @@ go_library(
- go_binary(
- name = "containerd-shim-runsc-v1",
- embed = [":go_default_library"],
-+ pure = "on",
- visibility = ["//visibility:public"],
- )
diff --git a/cmd/gvisor-containerd-shim/BUILD.bazel b/cmd/gvisor-containerd-shim/BUILD.bazel
index 8478746..f6a6fa2 100644
--- a/cmd/gvisor-containerd-shim/BUILD.bazel
diff --git a/third_party/go/repositories.bzl b/third_party/go/repositories.bzl
index f5c515c..9f5b6af 100644
--- a/third_party/go/repositories.bzl
+++ b/third_party/go/repositories.bzl
@@ -242,10 +242,6 @@
"no_devicemapper",
"no_btrfs",
],
- patches = [
- "//third_party/go/patches:containerd-build.patch",
- ],
- patch_args = ["-p1"],
)
go_repository(
name = "com_github_containerd_continuity",
@@ -301,10 +297,6 @@
importpath = "github.com/containernetworking/plugins",
version = "v0.8.2",
sum = "h1:5lnwfsAYO+V7yXhysJKy3E1A2Gy9oVut031zfdOzI9w=",
- patches = [
- "//third_party/go/patches:cni-plugins-build.patch",
- ],
- patch_args = ["-p1"],
)
go_repository(
name = "com_github_coreos_go_iptables",