diff --git a/Dockerfile b/Dockerfile index 0d959a7..97b0f5b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,27 +1,31 @@ -ARG TAG -FROM public.ecr.aws/zero-downtime/alpine-builder:$TAG - +FROM alpine:3.16 ARG ALPINE="v3.16" -ARG SYSROOT=/home/alpine/sysroot-aarch64 -USER root +RUN echo "http://dl-cdn.alpinelinux.org/alpine/${ALPINE}/main" > /etc/apk/repositories && \ + echo "http://dl-cdn.alpinelinux.org/alpine/${ALPINE}/community" >> /etc/apk/repositories && \ + echo "@edge-main http://dl-cdn.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories && \ + echo "@edge-community http://dl-cdn.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories && \ + echo "@kubezero https://cdn.zero-downtime.net/alpine/${ALPINE}/kubezero" >> /etc/apk/repositories && \ + wget -q -O /etc/apk/keys/stefan@zero-downtime.net-61bb6bfb.rsa.pub https://cdn.zero-downtime.net/alpine/stefan@zero-downtime.net-61bb6bfb.rsa.pub -# Workaround for apk fetch bug related to `g++-aarch64` name, todo -RUN wget https://cdn.zero-downtime.net/alpine/v3.16/kubezero/x86_64/g%2B%2B-aarch64-11.2.1_git20220219-r2.apk && \ - apk add --no-cache g%2B%2B-aarch64-11.2.1_git20220219-r2.apk && rm -f g%2B%2B-aarch64-11.2.1_git20220219-r2.apk +RUN apk -U --no-cache upgrade && \ + apk --no-cache add \ + alpine-sdk \ + lua-aports \ + doas \ + pigz \ + xz + # gcc-gnat \ -RUN apk -U --no-cache add \ - build-base-aarch64@kubezero - # gcc-gnat-aarch64@kubezero +RUN adduser -D alpine && \ + addgroup alpine abuild && \ + echo "permit nopass :abuild" > /etc/doas.d/doas.conf && \ + install -d -g abuild -m 775 /var/cache/distfiles && \ + install -d -g abuild -m 775 /packages -RUN mkdir -p ${SYSROOT} && \ - apk -X https://dl-cdn.alpinelinux.org/alpine/${ALPINE}/main -U --allow-untrusted --no-scripts -p ${SYSROOT} --initdb --arch aarch64 add alpine-base && \ - apk -X https://dl-cdn.alpinelinux.org/alpine/${ALPINE}/main --arch aarch64 -p ${SYSROOT} --allow-untrusted add alpine-keys && \ - cp /etc/apk/repositories ${SYSROOT}/etc/apk - -RUN apk -U --arch aarch64 -p ${SYSROOT} add \ - libgcc \ - libstdc++ \ - musl-dev +COPY abuilder aarch64-toolchain.sh /usr/bin/ +WORKDIR /home/alpine USER alpine + +ENTRYPOINT ["abuilder"] diff --git a/Dockerfile.stage1 b/Dockerfile.stage1 deleted file mode 100644 index 97b0f5b..0000000 --- a/Dockerfile.stage1 +++ /dev/null @@ -1,31 +0,0 @@ -FROM alpine:3.16 -ARG ALPINE="v3.16" - -RUN echo "http://dl-cdn.alpinelinux.org/alpine/${ALPINE}/main" > /etc/apk/repositories && \ - echo "http://dl-cdn.alpinelinux.org/alpine/${ALPINE}/community" >> /etc/apk/repositories && \ - echo "@edge-main http://dl-cdn.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories && \ - echo "@edge-community http://dl-cdn.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories && \ - echo "@kubezero https://cdn.zero-downtime.net/alpine/${ALPINE}/kubezero" >> /etc/apk/repositories && \ - wget -q -O /etc/apk/keys/stefan@zero-downtime.net-61bb6bfb.rsa.pub https://cdn.zero-downtime.net/alpine/stefan@zero-downtime.net-61bb6bfb.rsa.pub - -RUN apk -U --no-cache upgrade && \ - apk --no-cache add \ - alpine-sdk \ - lua-aports \ - doas \ - pigz \ - xz - # gcc-gnat \ - -RUN adduser -D alpine && \ - addgroup alpine abuild && \ - echo "permit nopass :abuild" > /etc/doas.d/doas.conf && \ - install -d -g abuild -m 775 /var/cache/distfiles && \ - install -d -g abuild -m 775 /packages - -COPY abuilder aarch64-toolchain.sh /usr/bin/ - -WORKDIR /home/alpine -USER alpine - -ENTRYPOINT ["abuilder"] diff --git a/Makefile b/Makefile index 76cdc36..3f6abc2 100644 --- a/Makefile +++ b/Makefile @@ -1,25 +1,40 @@ +REGISTRY := public.ecr.aws/zero-downtime +IMAGE := alpine-builder +REGION := us-east-1 + +include .ci/podman.mk + BUILDER := v3.16.2 -RELEASE := v3.16 PKG := '*' - CF_DIST := E1YFUJXMCXT2RN +ARCH := '' -.PHONY: builder aports download upload packages +BUILDER_RELEASE = $(shell echo $(BUILDER) | sed -e 's/-.*$$//') +RELEASE := $(shell echo $(BUILDER_RELEASE) | sed -e 's/\.[0-9]$$//') -all: build +.PHONY: apk aports download upload packages invalidate_cdn -packages: +aarch64-toolchain: + @podman run -it --rm \ + -v ${PWD}/distfiles:/var/cache/distfiles \ + -v ${PWD}/packages:/home/alpine/packages \ + -v ${PWD}/aports:/home/alpine/aports \ + -v ${HOME}/.gitconfig/:/home/alpine/.gitconfig:ro \ + -v ${HOME}/.abuild/:/home/alpine/.abuild:ro \ + $(REGISTRY)/$(IMAGE):$(TAG) aarch64-toolchain + +packages: reset-permissions mkdir -p packages/kubezero/aarch64 packages/kubezero/x86_64 distfiles: mkdir -p distfiles -aports: - [ -d aports/.git ] && { GIT_DIR=aports/.git cd aports; git pull; } \ - || git clone https://gitlab.alpinelinux.org/alpine/aports.git +aports: reset-permissions + @[ -d aports/.git ] && { cd aports; git pull origin $(BUILDER_RELEASE); } + @[ -d aports/.git ] || { git clone https://gitlab.alpinelinux.org/alpine/aports.git && \ + cd aports && git checkout $(BUILDER_RELEASE); } -# Mounts release into /work of the builder container to build all -build: packages distfiles +apk: packages distfiles podman run -it --rm \ -v ${PWD}/distfiles:/var/cache/distfiles \ -v ${PWD}/packages:/home/alpine/packages \ @@ -27,15 +42,22 @@ build: packages distfiles -v ${PWD}/kubezero:/home/alpine/kubezero \ -v ${HOME}/.gitconfig/:/home/alpine/.gitconfig:ro \ -v ${HOME}/.abuild/:/home/alpine/.abuild:ro \ - public.ecr.aws/zero-downtime/alpine-builder:${BUILDER} $(PKG) + $(REGISTRY)/$(IMAGE):$(TAG) $(PKG) $(ARCH) + +reset-permissions: + @[ -d aports ] && doas chown -R $(USER): aports + @[ -d distfiles ] && doas chown -R $(USER): distfiles + @[ -d packages ] && doas chown -R $(USER): packages + @[ -d kubezero ] && doas chown -R $(USER): kubezero download: - aws s3 sync s3://zero-downtime-web/cdn/alpine/$(RELEASE)/kubezero/x86_64/ packages/work/x86_64/ --exclude APKINDEX.tar.gz + aws s3 sync s3://zero-downtime-web/cdn/alpine/$(RELEASE)/kubezero/x86_64/ packages/kubezero/x86_64/ --exclude APKINDEX.tar.gz + aws s3 sync s3://zero-downtime-web/cdn/alpine/$(RELEASE)/kubezero/aarch64/ packages/kubezero/aarch64/ --exclude APKINDEX.tar.gz -invalidate: +invalidate_cdn: aws cloudfront create-invalidation --distribution $(CF_DIST) --paths "/alpine/*" -upload: invalidate +upload: invalidate_cdn aws s3 sync --delete packages/kubezero/x86_64/ s3://zero-downtime-web/cdn/alpine/$(RELEASE)/kubezero/x86_64/ --exclude APKINDEX.tar.gz aws s3 sync --delete packages/kubezero/aarch64/ s3://zero-downtime-web/cdn/alpine/$(RELEASE)/kubezero/aarch64/ --exclude APKINDEX.tar.gz aws s3 cp packages/kubezero/x86_64/APKINDEX.tar.gz s3://zero-downtime-web/cdn/alpine/$(RELEASE)/kubezero/x86_64/ --cache-control max-age=1 diff --git a/abuilder b/abuilder index b42efc9..cf06003 100755 --- a/abuilder +++ b/abuilder @@ -1,12 +1,15 @@ #!/bin/sh -set -ex +set -e if [ -d ~/.abuild ]; then doas cp ~/.abuild/*.rsa.pub /etc/apk/keys/ fi -doas chown -R alpine:abuild ~/packages /var/cache/distfiles ~/aports +for f in ~/packages /var/cache/distfiles ~/aports; do + [ -d $f ] && doas chown -R alpine:abuild $f +done + doas apk update if [ "$1" == 'debug' ]; then @@ -18,17 +21,27 @@ elif [ "$1" == 'aarch64-toolchain' ]; then else # Set ENV for cross compile for aarch64 if [ "$2" == "aarch64" ]; then + ALPINE="v3.16" TARGET_ARCH=aarch64 SUDO_APK=abuild-apk APORTS=/home/alpine/aports + CBUILDROOT=/home/alpine/sysroot-aarch64 + + mkdir -p $CBUILDROOT/etc/apk/keys + doas apk -X https://dl-cdn.alpinelinux.org/alpine/${ALPINE}/main --no-cache --no-scripts -p $CBUILDROOT --initdb --allow-untrusted --arch aarch64 add alpine-base + doas apk -X https://dl-cdn.alpinelinux.org/alpine/${ALPINE}/main --no-cache --arch aarch64 -p $CBUILDROOT --allow-untrusted add alpine-keys + doas cp /etc/apk/keys/stefan@zero-downtime.net-61bb6bfb.rsa.pub ${CBUILDROOT}/etc/apk/keys + doas cp /etc/apk/repositories ${CBUILDROOT}/etc/apk + + EXTRADEPENDS_TARGET="libgcc libstdc++ musl-dev fortify-headers libc-dev busybox" - export CBUILDROOT="/home/alpine/sysroot-aarch64/" . /usr/share/abuild/functions.sh export CBUILD - export CHOST=$TARGET_ARCH export GOARCH=arm64 export GOOS=linux + + doas apk update -p $CBUILDROOT fi for pkg in ~/$1; do @@ -37,7 +50,7 @@ else # If checksum is OK, build package APKBUILD=$pkg abuild verify && rc=$? || rc=$? if [ $rc -eq 0 ]; then - APKBUILD=$pkg abuild -r + CHOST=$TARGET_ARCH APKBUILD=$pkg abuild -r else APKBUILD=$pkg abuild checksum diff --git a/kubezero/fluent-bit/APKBUILD b/kubezero/fluent-bit/APKBUILD index 1777856..a79acbc 100644 --- a/kubezero/fluent-bit/APKBUILD +++ b/kubezero/fluent-bit/APKBUILD @@ -14,9 +14,8 @@ makedepends=" flex fts-dev gtest-dev - zlib-dev yaml-dev - yaml-static + zlib-dev " subpackages=" $pkgname-dev @@ -33,28 +32,30 @@ options="!check" build() { if [ "$CBUILD" != "$CHOST" ]; then - CMAKE_CROSSOPTS="-DCMAKE_SYSTEM_NAME=Linux -DCMAKE_HOST_SYSTEM_NAME=Linux" + CMAKE_CROSSOPTS="-DCMAKE_SYSTEM_NAME=Linux -DCMAKE_HOST_SYSTEM_NAME=Linux -DCMAKE_C_COMPILER=$CHOST-gcc" fi # default CORE_STACK_SIZE=((3 * PTHREAD_STACK_MIN) / 2)=3072 is invalid # set default to 24576 # Disable stream processor due to issue see: https://github.com/fluent/fluent-bit/issues/2464 cmake -B build \ -DCMAKE_INSTALL_PREFIX=/usr \ + -DCMAKE_INSTALL_LIBDIR=lib \ -DCMAKE_BUILD_TYPE=None \ - -DCMAKE_FIND_LIBRARY_SUFFIXES=".a" \ - -DBUILD_SHARED_LIBS=OFF \ - -DCMAKE_EXE_LINKER_FLAGS="-static" \ -DFLB_CORO_STACK_SIZE=24576 \ -DFLB_RELEASE=Yes \ - -DFLB_DEBUG=No \ - -DFLB_SHARED_LIB=No \ + -DFLB_DEBUG=Off \ + -DFLB_SHARED_LIB=Off \ -DFLB_JEMALLOC=Yes \ - -DFLB_IN_SYSTEMD=No \ + -DFLB_LUAJIT=Yes \ + -DFLB_IN_SYSTEMD=Off \ -DFLB_PROXY_GO=No \ -DFLB_HTTP_SERVER=Yes \ - -DFLB_STREAM_PROCESSOR=No \ $CMAKE_CROSSOPTS . make -C build + #-DCMAKE_FIND_LIBRARY_SUFFIXES=".a" \ + #-DCMAKE_EXE_LINKER_FLAGS="-static" \ + #-DFLB_STREAM_PROCESSOR=No \ + #-DFLB_FILTER_LUA=Off \ #-DFLB_TESTS_INTERNAL=Yes \ #-DFLB_AWS=No \ #-DFLB_SIGNV4=No \ @@ -64,6 +65,7 @@ build() { #-DFLB_OUT_KINESIS_STREAMS=No \ #-DFLB_OUT_BIGQUERY=No \ #-DFLB_FILTER_AWS=No \ + #-DCMAKE_VERBOSE_MAKEFILE:BOOL=ON \ } check() {