core/initramfs: add cilium, force static binaries
This adds a Bazel transition to the initramfs rule to ensure all
binaries that are part of it are built statically.
Test Plan: tested by building the binary and checking all binaries are static
X-Origin-Diff: phab/D557
GitOrigin-RevId: 897b902c6b139fdffd1179caae757f5151ad7804
diff --git a/core/BUILD b/core/BUILD
index 1229388..fcfc049 100644
--- a/core/BUILD
+++ b/core/BUILD
@@ -34,6 +34,11 @@
"@com_github_containernetworking_plugins//plugins/main/loopback": "/containerd/bin/cni/loopback",
"@com_github_containernetworking_plugins//plugins/main/ptp": "/containerd/bin/cni/ptp",
"@com_github_containernetworking_plugins//plugins/ipam/host-local": "/containerd/bin/cni/host-local",
+
+ # Cilium binaries
+ "@com_github_cilium_cilium//cilium": "/cilium/bin/cilium",
+ "@com_github_cilium_cilium//daemon": "/cilium/bin/daemon",
+ "@com_github_cilium_cilium//operator": "/cilium/bin/operator",
},
)
diff --git a/core/build/def.bzl b/core/build/def.bzl
index 69994fc..1451f3d 100644
--- a/core/build/def.bzl
+++ b/core/build/def.bzl
@@ -14,6 +14,24 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+def _build_pure_transition_impl(settings, attr):
+ """
+ Transition that enables pure, static build of Go binaries.
+ """
+ return {
+ "@io_bazel_rules_go//go/config:pure": True,
+ "@io_bazel_rules_go//go/config:static": True,
+ }
+
+build_pure_transition = transition(
+ implementation = _build_pure_transition_impl,
+ inputs = [],
+ outputs = [
+ "@io_bazel_rules_go//go/config:pure",
+ "@io_bazel_rules_go//go/config:static",
+ ],
+)
+
def _smalltown_initramfs_impl(ctx):
"""
Generate an lz4-compressed initramfs based on a label/file list.
@@ -143,6 +161,8 @@
Dictionary of Labels to String, placing a given Label's output file in the initramfs at the location
specified by the String value. The specified labels must only have a single output.
""",
+ # Attach pure transition to ensure all binaries added to the initramfs are pure/static binaries.
+ cfg = build_pure_transition,
),
"extra_dirs": attr.string_list(
default = [],
@@ -168,5 +188,10 @@
executable = True,
cfg = "host",
),
+
+ # Allow for transitions to be attached to this rule.
+ "_whitelist_function_transition": attr.label(
+ default = "@bazel_tools//tools/whitelists/function_transition_whitelist",
+ ),
},
)
diff --git a/core/cmd/mkimage/main.go b/core/cmd/mkimage/main.go
index 1238c04..574842f 100644
--- a/core/cmd/mkimage/main.go
+++ b/core/cmd/mkimage/main.go
@@ -36,6 +36,7 @@
initramfsPath = flag.String("initramfs", "", "External initramfs [optional]")
enrolmentCredentialsPath = flag.String("enrolment-credentials", "", "Enrolment credentials [optional]")
dataPartitionSizeMiB = flag.Uint64("data-partition-size", 2048, "Override the data partition size (default 2048 MiB)")
+ espPartitionSizeMiB = flag.Uint64("esp-partition-size", 512, "Override the ESP partition size (default: 512MiB)")
)
func mibToSectors(size uint64) uint64 {
@@ -66,13 +67,13 @@
Type: gpt.EFISystemPartition,
Name: "ESP",
Start: mibToSectors(1),
- End: mibToSectors(256) - 1,
+ End: mibToSectors(*espPartitionSizeMiB) - 1,
},
{
Type: SmalltownDataPartition,
Name: "SIGNOS-DATA",
- Start: mibToSectors(256),
- End: mibToSectors(*dataPartitionSizeMiB+256) - 1,
+ Start: mibToSectors(*espPartitionSizeMiB),
+ End: mibToSectors(*espPartitionSizeMiB+*dataPartitionSizeMiB) - 1,
},
},
}