Add support for static builds on rpm-based distros

thaJeztah · thaJeztah · commit e25718cd88b2 · 2021-07-19T16:27:12.000+02:00
this patch allows building static binaries on rpm-based
distros. Building is not succesfull on all distros, but
works on most recent versions (CentOS 8, Oracle Linux 8,
Fedora 30, 31)

Signed-off-by: Sebastiaan van Stijn &lt;github@gone.nl&gt;
diff --git a/Makefile b/Makefile
@@ -74,9 +74,6 @@ checkout: src
 	./scripts/checkout.sh src/github.com/containerd/containerd "$(REF)"
 	./scripts/checkout.sh src/github.com/opencontainers/runc "$$(./scripts/determine-runc-version)"
 
-# NOTE: building static binaries currently only works when using an
-#       ubuntu/debian BUILD_IMAGE, because build-dependencies are not
-#       installed beforehand.
 .PHONY: static
 static: TARGET=binaries
 static: build
diff --git a/dockerfiles/rpm.dockerfile b/dockerfiles/rpm.dockerfile
@@ -45,7 +45,7 @@ FROM redhat-base AS amzn-base
 
 FROM redhat-base AS ol-base
 RUN . "/etc/os-release"; if [ "${VERSION_ID%.*}" -eq 7 ]; then yum-config-manager --enable ol7_addons --enable ol7_optional_latest; fi
-RUN . "/etc/os-release"; if [ "${VERSION_ID%.*}" -eq 8 ]; then yum-config-manager --enable ol8_addons; fi
+RUN . "/etc/os-release"; if [ "${VERSION_ID%.*}" -eq 8 ]; then yum-config-manager --enable ol8_addons --enable ol8_codeready_builder; fi
 
 FROM ${BUILD_IMAGE} AS fedora-base
 RUN dnf install -y rpm-build git dnf-plugins-core
@@ -72,9 +72,11 @@ WORKDIR /root/rpmbuild
 COPY --from=go-md2man /go/bin/go-md2man /go/bin/go-md2man
 COPY rpm/containerd.spec SPECS/containerd.spec
 COPY scripts/build-rpm    /root/
+COPY scripts/build-static /root/
 COPY scripts/.rpm-helpers /root/
 RUN . /root/.rpm-helpers \
- && install_build_deps SPECS/containerd.spec
+ && install_build_deps SPECS/containerd.spec \
+ && install_package glibc-static
 
 ARG PACKAGE
 ENV PACKAGE=${PACKAGE:-containerd.io}
@@ -123,6 +125,26 @@ FROM scratch AS packages
 COPY --from=build-packages  /archive /archive
 COPY --from=verify-packages /build   /build
 
+FROM build-env AS build-binaries
+# NOTE: not using a cache-mount for /root/.cache/go-build, to prevent issues
+#       with CGO when building multiple distros on the same machine / build-cache
+RUN --mount=type=bind,from=golang,source=/usr/local/go/,target=/usr/local/go/ \
+    --mount=type=bind,source=/src,target=/go/src,rw \
+    /root/build-static
+ARG UID=0
+ARG GID=0
+RUN chown -R ${UID}:${GID} /build
+
+FROM distro-image AS verify-binaries
+COPY --from=build-binaries /build /build
+RUN tar -C /usr/local/bin/ --strip-components 1 -xzf "$(find /build/static -type f -name containerd.io*.tar.gz)"
+RUN containerd --version
+RUN ctr --version
+RUN runc --version
+
+FROM scratch AS binaries
+COPY --from=verify-binaries /build /build
+
 # This stage is mainly for debugging (running the build interactively with mounted source)
 FROM build-env AS runtime
 COPY --from=golang /usr/local/go/ /usr/local/go/
diff --git a/scripts/build-static b/scripts/build-static
@@ -28,13 +28,21 @@ ARCH=$(uname -m)
 DEST_DIR="/build/static/${ARCH}/"
 mkdir -p "${DEST_DIR}"
 
+. "/etc/os-release"
+
 # Build containerd
 (
 	set -x
 	export BUILDTAGS='netgo osusergo static_build seccomp apparmor selinux'
 	export EXTRA_FLAGS='-buildmode=pie'
 	export EXTRA_LDFLAGS='-extldflags "-fno-PIC -static"'
 
+	case "${ID}" in
+		centos|ol|rhel)
+			BUILDTAGS='netgo osusergo static_build apparmor selinux no_btrfs'
+			;;
+	esac
+
 	make -C "/go/src/github.com/containerd/containerd"
 	make -C "/go/src/github.com/containerd/containerd" DESTDIR="${DEST_DIR}" install
 )
@@ -43,6 +51,25 @@ mkdir -p "${DEST_DIR}"
 (
 	set -x
 	RUNC_BUILDTAGS="seccomp apparmor selinux"
+
+	case "${ID}" in
+	fedora)
+		# seccomp requires the libseccomp-static package, which is available on
+		# Fedora, but not on RHEL/CentOS
+		#
+		# /usr/local/go/pkg/tool/linux_amd64/link: running gcc failed: exit status 1
+		# /usr/bin/ld: cannot find -lseccomp
+		#
+		# With LD_DEBUG=libs
+		# go build github.com/opencontainers/runc/vendor/github.com/seccomp/libseccomp-golang: invalid flag in pkg-config --cflags: 1277:
+		# make: Leaving directory '/go/src/github.com/opencontainers/runc'
+		dnf -y install libseccomp-static
+		;;
+	centos|ol|rhel)
+		RUNC_BUILDTAGS="apparmor selinux"
+		;;
+	esac
+
 	make -C "/go/src/github.com/opencontainers/runc" BUILDTAGS="${RUNC_BUILDTAGS}" static
 	install -D -p -t "${DEST_DIR}/bin" "/go/src/github.com/opencontainers/runc/runc"
 )
