kata-containers · devimc · Sep 4, 2020 · Sep 1, 2020 · Sep 2, 2020
diff --git a/tools/packaging/snap/README.md → snap/README.md b/tools/packaging/snap/README.md → snap/README.md
diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml
@@ -0,0 +1,323 @@
+name: kata-containers
+summary: Build lightweight VMs that seamlessly plug into the containers ecosystem
+description: |
+  Kata Containers is an open source project and community working to build a
+  standard implementation of lightweight Virtual Machines (VMs) that feel and
+  perform like containers, but provide the workload isolation and security
+  advantages of VMs
+confinement: classic
+adopt-info: metadata
+base: core20
+
+parts:
+  metadata:
+    plugin: nil
+    prime:
+      - -*
+    build-packages:
+      - git
+      - git-extras
+    override-pull: |
+      version="9999"
+      kata_url="https://github.com/kata-containers/kata-containers"
+
+      image_info="${SNAPCRAFT_IMAGE_INFO:-}"
+      snap_env="$(echo "${image_info}" | egrep -o "build_url.*" | egrep -o "snap.*build" | cut -d/ -f2)"
+
+      case "${snap_env}" in
+        stable)
+          # Get the latest stable version
+          version=$(git ls-remote --tags ${kata_url}  | egrep -o "refs.*" | egrep -v "\-alpha|\-rc|{}" | egrep -o "[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+" | sort -V -r | head -1)
+          git checkout ${version}
+        ;;
+
+        *-dev)
+          version="${snap_env}"
+        ;;
+      esac
+
+      snapcraftctl set-grade "stable"
+      snapcraftctl set-version "${version}"
+
+      # setup GOPATH - this repo dir should be there
+      export GOPATH=${SNAPCRAFT_STAGE}/gopath
+      kata_dir=${GOPATH}/src/github.com/${SNAPCRAFT_PROJECT_NAME}/${SNAPCRAFT_PROJECT_NAME}
+      mkdir -p $(dirname ${kata_dir})
+      ln -sf $(realpath "${SNAPCRAFT_STAGE}/..") ${kata_dir}
+
+  godeps:
+    after: [metadata]
+    plugin: nil
+    prime:
+      - -*
+    build-packages:
+      - curl
+    override-build: |
+      # put everything in stage
+      cd ${SNAPCRAFT_STAGE}
+
+      yq_path="./yq"
+      yq_pkg="github.com/mikefarah/yq"
+      goos="linux"
+      case "$(uname -m)" in
+        aarch64) goarch="arm64";;
+        ppc64le) goarch="ppc64le";;
+        x86_64) goarch="amd64";;
+        s390x) goarch="s390x";;
+        *) echo "unsupported architecture: $(uname -m)"; exit 1;;
+      esac
+
+      # Workaround to get latest release from github (to not use github token).
+      # Get the redirection to latest release on github.
+      yq_latest_url=$(curl -Ls -o /dev/null -w %{url_effective} "https://${yq_pkg}/releases/latest")
+      # The redirected url should include the latest release version
+      # https://github.com/mikefarah/yq/releases/tag/<VERSION-HERE>
+      yq_version=$(basename "${yq_latest_url}")
+      yq_url="https://${yq_pkg}/releases/download/${yq_version}/yq_${goos}_${goarch}"
+      curl -o "${yq_path}" -LSsf ${yq_url}
+      chmod +x ${yq_path}
+
+      kata_dir=gopath/src/github.com/${SNAPCRAFT_PROJECT_NAME}/${SNAPCRAFT_PROJECT_NAME}
+      version="$(${yq_path} r ${kata_dir}/versions.yaml languages.golang.meta.newest-version)"
+      tarfile="go${version}.${goos}-${goarch}.tar.gz"
+      curl -LO https://golang.org/dl/${tarfile}
+      tar -xf ${tarfile} --strip-components=1
+
+  image:
+    after: [godeps]
+    plugin: nil
+    build-packages:
+      - docker.io
+      - cpio
+      - git
+      - iptables
+      - software-properties-common
+      - uidmap
+      - gnupg2
+    override-build: |
+      yq=${SNAPCRAFT_STAGE}/yq
+
+      # set GOPATH
+      export GOPATH=${SNAPCRAFT_STAGE}/gopath
+      kata_dir=${GOPATH}/src/github.com/${SNAPCRAFT_PROJECT_NAME}/${SNAPCRAFT_PROJECT_NAME}
+
+      export GOROOT=${SNAPCRAFT_STAGE}
+      export PATH="${GOROOT}/bin:${PATH}"
+
+      if [ -n "$http_proxy" ]; then
+        echo "Setting proxy $http_proxy"
+        sudo -E systemctl set-environment http_proxy=$http_proxy || true
+        sudo -E systemctl set-environment https_proxy=$https_proxy || true
+      fi
+
+      # Copy yq binary. It's used in the container
+      mkdir -p "${GOPATH}/bin/"
+      cp -a "${yq}" "${GOPATH}/bin/"
+
+      echo "Unmasking docker service"
+      sudo -E systemctl unmask docker.service || true
+      sudo -E systemctl unmask docker.socket || true
+      echo "Adding $USER into docker group"
+      sudo -E gpasswd -a $USER docker
+      echo "Starting docker"
+      sudo -E systemctl start docker || true
+
+      cd ${kata_dir}/tools/osbuilder
+
+      # build image
+      export AGENT_VERSION=$(cat ${kata_dir}/VERSION)
+      export AGENT_INIT=yes
+      export USE_DOCKER=1
+      export DEBUG=1
+      case "$(uname -m)" in
+        aarch64|ppc64le|s390x)
+          sudo -E PATH=$PATH make initrd DISTRO=alpine
+        ;;
+        x86_64)
+          # In some build systems it's impossible to build a rootfs image, try with the initrd image
+          sudo -E PATH=$PATH make image DISTRO=clearlinux || sudo -E PATH=$PATH make initrd DISTRO=alpine
+        ;;
+        *) echo "unsupported architecture: $(uname -m)"; exit 1;;
+      esac
+
+      # Install image
+      kata_image_dir=${SNAPCRAFT_PART_INSTALL}/usr/share/kata-containers
+      mkdir -p ${kata_image_dir}
+      cp kata-containers*.img ${kata_image_dir}
+
+  runtime:
+    after: [godeps, image]
+    plugin: nil
+    build-attributes: [no-patchelf]
+    override-build: |
+      # set GOPATH
+      export GOPATH=${SNAPCRAFT_STAGE}/gopath
+      export GOROOT=${SNAPCRAFT_STAGE}
+      export PATH="${GOROOT}/bin:${PATH}"
+      kata_dir=${GOPATH}/src/github.com/${SNAPCRAFT_PROJECT_NAME}/${SNAPCRAFT_PROJECT_NAME}
+
+      cd ${kata_dir}/src/runtime
+
+      # setup arch
+      arch=$(uname -m)
+      if [ ${arch} = "ppc64le" ]; then
+        arch="ppc64"
+      fi
+
+      # build and install runtime
+      make \
+        PREFIX=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr \
+        SKIP_GO_VERSION_CHECK=1 \
+        QEMUCMD=qemu-system-$arch
+      make install \
+        PREFIX=/usr \
+        DESTDIR=${SNAPCRAFT_PART_INSTALL} \
+        SKIP_GO_VERSION_CHECK=1 \
+        QEMUCMD=qemu-system-$arch
+
+      if [ -e ${SNAPCRAFT_PART_INSTALL}/../../image/install/usr/share/kata-containers/kata-containers.img ]; then
+        # Use rootfs image by default
+        sed -i -e '/^initrd =/d' ${SNAPCRAFT_PART_INSTALL}/usr/share/defaults/${SNAPCRAFT_PROJECT_NAME}/configuration.toml
+      else
+        # Use initrd by default
+        sed -i -e '/^image =/d' ${SNAPCRAFT_PART_INSTALL}/usr/share/defaults/${SNAPCRAFT_PROJECT_NAME}/configuration.toml
+      fi
+
+  kernel:
+    after: [godeps, image]
+    plugin: nil
+    build-packages:
+      - libelf-dev
+      - curl
+      - build-essential
+      - bison
+      - flex
+    override-build: |
+      export GOPATH=${SNAPCRAFT_STAGE}/gopath
+      kata_dir=${GOPATH}/src/github.com/${SNAPCRAFT_PROJECT_NAME}/${SNAPCRAFT_PROJECT_NAME}
+
+      cd ${kata_dir}/tools/packaging/kernel
+
+      # Say 'no' to everithing, fix issues with incomplete .config files
+      yes "n" | ./build-kernel.sh setup
+      kernel_dir_prefix="kata-linux-"
+      cd ${kernel_dir_prefix}*
+      version=$(basename ${PWD} | sed 's|'"${kernel_dir_prefix}"'||' | cut -d- -f1)
+      make -j $(($(nproc)-1)) EXTRAVERSION=".container"
+
+      kernel_suffix=${version}.container
+      kata_kernel_dir=${SNAPCRAFT_PART_INSTALL}/usr/share/kata-containers
+      mkdir -p ${kata_kernel_dir}
+
+      # Install bz kernel
+      make install INSTALL_PATH=${kata_kernel_dir} EXTRAVERSION=".container" || true
+      vmlinuz_name=vmlinuz-${kernel_suffix}
+      ln -sf ${vmlinuz_name} ${kata_kernel_dir}/vmlinuz.container
+
+      # Install raw kernel
+      vmlinux_name=vmlinux-${kernel_suffix}
+      cp vmlinux ${kata_kernel_dir}/${vmlinux_name}
+      ln -sf ${vmlinux_name} ${kata_kernel_dir}/vmlinux.container
+
+  qemu:
+    plugin: make
+    after: [godeps, runtime]
+    build-packages:
+      - gcc
+      - python
+      - zlib1g-dev
+      - libcap-ng-dev
+      - libglib2.0-dev
+      - libpixman-1-dev
+      - libnuma-dev
+      - libltdl-dev
+      - libcap-dev
+      - libattr1-dev
+      - libfdt-dev
+      - curl
+      - libcapstone-dev
+      - bc
+      - libblkid-dev
+      - libffi-dev
+      - libmount-dev
+      - libselinux1-dev
+    override-build: |
+      yq=${SNAPCRAFT_STAGE}/yq
+      export GOPATH=${SNAPCRAFT_STAGE}/gopath
+      kata_dir=${GOPATH}/src/github.com/${SNAPCRAFT_PROJECT_NAME}/${SNAPCRAFT_PROJECT_NAME}
+
+      versions_file="${kata_dir}/versions.yaml"
+      # arch-specific definition
+      case "$(uname -m)" in
+        "aarch64")
+          branch="$(${yq} r ${versions_file} assets.hypervisor.qemu.architecture.aarch64.branch)"
+          url="$(${yq} r ${versions_file} assets.hypervisor.qemu.url)"
+          commit="$(${yq} r ${versions_file} assets.hypervisor.qemu.architecture.aarch64.commit)"
+          patches_dir="${kata_dir}/tools/packaging/obs-packaging/qemu-aarch64/patches/"
+        ;;
+
+        *)
+          branch="$(${yq} r ${versions_file} assets.hypervisor.qemu.tag)"
+          url="$(${yq} r ${versions_file} assets.hypervisor.qemu.url)"
+          commit=""
+          patches_dir="${kata_dir}/tools/packaging/qemu/patches/$(echo ${branch} | sed -e 's/.[[:digit:]]*$//' -e 's/^v//').x"
+        ;;
+      esac
+
+      # download source
+      qemu_dir=${SNAPCRAFT_STAGE}/qemu
+      git clone --branch ${branch} --single-branch ${url} "${qemu_dir}"
+      cd ${qemu_dir}
+      [ -z "${commit}" ] || git checkout ${commit}
+
+      [ -n "$(ls -A ui/keycodemapdb)" ] || git clone https://github.com/qemu/keycodemapdb ui/keycodemapdb/
+      [ -n "$(ls -A capstone)" ] || git clone https://github.com/qemu/capstone capstone
+
+      # Apply patches
+      for patch in ${patches_dir}/*.patch; do
+        echo "Applying $(basename "$patch") ..."
+        patch \
+          --batch \
+          --forward \
+          --strip 1 \
+          --input "$patch"
+      done
+
+      # Only x86_64 supports libpmem
+      [ "$(uname -m)" = "x86_64" ] && sudo apt-get --no-install-recommends install -y apt-utils ca-certificates libpmem-dev
+
+      configure_hypervisor=${kata_dir}/tools/packaging/scripts/configure-hypervisor.sh
+      chmod +x ${configure_hypervisor}
+      # static build
+      echo "$(${configure_hypervisor} -s qemu) \
+        --disable-rbd
+        --prefix=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr \
+        --datadir=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/share \
+        --libexecdir=/snap/${SNAPCRAFT_PROJECT_NAME}/current/usr/libexec/qemu" \
+        | xargs ./configure
+
+      # Copy QEMU configurations (Kconfigs)
+      cp -a ${kata_dir}/tools/packaging/qemu/default-configs/* default-configs/
+
+      # build and install
+      make -j $(($(nproc)-1))
+      make install DESTDIR=${SNAPCRAFT_PART_INSTALL}
+    prime:
+      - -snap/
+      - -usr/bin/qemu-ga
+      - -usr/bin/qemu-pr-helper
+      - -usr/bin/virtfs-proxy-helper
+      - -usr/include/
+      - -usr/libexec/
+      - -usr/share/applications/
+      - -usr/share/icons/
+      - -usr/var/
+      - usr/*
+      - lib/*
+    organize:
+      # Hack: move qemu to /
+      "snap/kata-containers/current/": "./"
+
+apps:
+  runtime:
+    command: usr/bin/containerd-shim-kata-v2