[meta-virtualization] [PATCH V2 2/2] runc: add PACKAGECONFIG to allow building as static or not
Bruce Ashfield
bruce.ashfield at gmail.com
Mon Sep 9 10:24:45 PDT 2019
On Mon, Sep 9, 2019 at 6:34 AM Stefan Agner <stefan at agner.ch> wrote:
>
> On 2019-09-09 12:14, ChenQi wrote:
> > On 09/09/2019 05:35 PM, Stefan Agner wrote:
> >> Hi Chen,
> >>
> >> On 2019-08-07 03:14, Chen Qi wrote:
> >>> Add a new PACKAGECONFIG, static, which when enabled will build
> >>> runc as static. Default to enable it.
> >>>
> >>> We need this because we should allow users to build runc as not
> >>> static so that when docker's cgroup driver is set to systemd,
> >>> we don't get error.
> >> Do you happen to know why we use statically linked runc by default? It
> >> seems that distros nowadays use statically linked version of it.
> >>
> >> To some degree it seems that we overturn a distro decision here
> >> (DISABLE_STATIC).
> >>
> >> --
> >> Stefan
> >>
> >
> > Please refer to
> > https://lists.yoctoproject.org/pipermail/meta-virtualization/2019-August/004338.html
> >
>
> Thanks for the link!
>
> > runc is one of those things that may need to be static in some configurations.
> > Since it has security impact, updating runc (and the libc) should be done in
> > paralell and this can cause problems otherwise.
>
> Hm, I don't completely get that argument, as in OE we normally do full
> image updates. So libc will be updated with runc anyways.
Some do .. many don't in the container based systems. In fact, for my
meta-virt use cases, there's *never* a full image update.
>
> Also that argument you can make for every component, not sure why runc
> is that special.
runc is very much plumbing in a lot of the setups that I know about.
It is used in some small systems (more 'small' in terms of
functionality and runtime complexity, not disk space) for starting
very early (but yet containerized) processes. And for the
container-in-container use cases, it is used as a shared runtime (bind
mounted, etc), which allows it to be atomically updated for a system
.. etc, etc.
>
> >
> > Now, that doesn't mean it HAS to be static, but it should be a configuration and
> > may be wise to have as the default to be static.
>
> ...
>
> > So PACKAGECONFIG is the right answer here. I'm not sure what the right default
> > for the recipe is.... but in the end the users configuration and distro can and
> > should be able to select what they want.
>
> IMHO, default should be dynamically linked since this is the default in
> OE in general. Also since OE images are commonly updated as a whole and
> in embedded we often care more about space saving.
>
> Anyways, good there is a package config now, and now that I know the
> reasons it is compiled statically by default I can safely flip that
> switch for our distro.
Indeed. That's why I wanted it to be a packageconfig, everyone can
chose what best suits their distro.
Cheers,
Bruce
>
> --
> Stefan
>
>
> > Best Regards,
> > Chen Qi
> >
> >>> Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
> >>> ---
> >>> ...-GOBUILDFLAGS-for-runc-and-remove-re.patch | 35 +++++++++++++++++++
> >>> ...ld-drop-recvtty-and-use-GOBUILDFLAGS.patch | 22 ------------
> >>> recipes-containers/runc/runc-docker_git.bb | 2 +-
> >>> .../runc/runc-opencontainers_git.bb | 1 +
> >>> recipes-containers/runc/runc.inc | 10 ++++--
> >>> 5 files changed, 45 insertions(+), 25 deletions(-)
> >>> create mode 100644
> >>> recipes-containers/runc/files/0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch
> >>> delete mode 100644
> >>> recipes-containers/runc/runc-docker/0001-build-drop-recvtty-and-use-GOBUILDFLAGS.patch
> >>>
> >>> diff --git
> >>> a/recipes-containers/runc/files/0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch
> >>> b/recipes-containers/runc/files/0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch
> >>> new file mode 100644
> >>> index 0000000..94cbb4c
> >>> --- /dev/null
> >>> +++
> >>> b/recipes-containers/runc/files/0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch
> >>> @@ -0,0 +1,35 @@
> >>> +From d2c47a973f354ffd505bb4e809c59e57b543726d Mon Sep 17 00:00:00 2001
> >>> +From: Chen Qi <Qi.Chen at windriver.com>
> >>> +Date: Tue, 6 Aug 2019 19:01:45 +0800
> >>> +Subject: [PATCH] Makefile: respect GOBUILDFLAGS for runc and remove recvtty
> >>> + from static
> >>> +
> >>> +Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
> >>> +---
> >>> + Makefile | 3 +--
> >>> + 1 file changed, 1 insertion(+), 2 deletions(-)
> >>> +
> >>> +diff --git a/Makefile b/Makefile
> >>> +index 0f26a1c8..a0c6b40b 100644
> >>> +--- a/src/import/Makefile
> >>> ++++ b/src/import/Makefile
> >>> +@@ -30,7 +30,7 @@ SHELL := $(shell command -v bash 2>/dev/null)
> >>> + .DEFAULT: runc
> >>> +
> >>> + runc: $(SOURCES)
> >>> +- $(GO) build -buildmode=pie $(EXTRA_FLAGS) -ldflags "-X
> >>> main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)"
> >>> -tags "$(BUILDTAGS)" -o runc .
> >>> ++ $(GO) build $(GOBUILDFLAGS) $(EXTRA_FLAGS) -ldflags "-X
> >>> main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)"
> >>> -tags "$(BUILDTAGS)" -o runc .
> >>> +
> >>> + all: runc recvtty
> >>> +
> >>> +@@ -41,7 +41,6 @@ contrib/cmd/recvtty/recvtty: $(SOURCES)
> >>> +
> >>> + static: $(SOURCES)
> >>> + CGO_ENABLED=1 $(GO) build $(EXTRA_FLAGS) -tags "$(BUILDTAGS) netgo
> >>> osusergo static_build" -installsuffix netgo -ldflags "-w -extldflags
> >>> -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION}
> >>> $(EXTRA_LDFLAGS)" -o runc .
> >>> +- CGO_ENABLED=1 $(GO) build $(EXTRA_FLAGS) -tags "$(BUILDTAGS) netgo
> >>> osusergo static_build" -installsuffix netgo -ldflags "-w -extldflags
> >>> -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION}
> >>> $(EXTRA_LDFLAGS)" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty
> >>> +
> >>> + release:
> >>> + script/release.sh -r release/$(VERSION) -v $(VERSION)
> >>> +--
> >>> +2.17.1
> >>> +
> >>> diff --git
> >>> a/recipes-containers/runc/runc-docker/0001-build-drop-recvtty-and-use-GOBUILDFLAGS.patch
> >>> b/recipes-containers/runc/runc-docker/0001-build-drop-recvtty-and-use-GOBUILDFLAGS.patch
> >>> deleted file mode 100644
> >>> index 9ba9957..0000000
> >>> ---
> >>> a/recipes-containers/runc/runc-docker/0001-build-drop-recvtty-and-use-GOBUILDFLAGS.patch
> >>> +++ /dev/null
> >>> @@ -1,22 +0,0 @@
> >>> -From a9a2b9e72027d0b2357f6dfe8b154762aaa8dd02 Mon Sep 17 00:00:00 2001
> >>> -From: Bruce Ashfield <bruce.ashfield at windriver.com>
> >>> -Date: Thu, 19 Apr 2018 16:39:41 -0400
> >>> -Subject: [PATCH] build: drop recvtty and use GOBUILDFLAGS
> >>> -
> >>> -Signed-off-by: Bruce Ashfield <bruce.ashfield at windriver.com>
> >>> ----
> >>> - Makefile | 3 +--
> >>> - 1 file changed, 1 insertion(+), 2 deletions(-)
> >>> -
> >>> -Index: git/src/import/Makefile
> >>> -===================================================================
> >>> ---- git.orig/src/import/Makefile
> >>> -+++ git/src/import/Makefile
> >>> -@@ -41,7 +41,6 @@
> >>> -
> >>> - static: $(SOURCES)
> >>> - CGO_ENABLED=1 $(GO) build $(EXTRA_FLAGS) -tags "$(BUILDTAGS) netgo
> >>> osusergo static_build" -installsuffix netgo -ldflags "-w -extldflags
> >>> -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION}
> >>> $(EXTRA_LDFLAGS)" -o runc .
> >>> -- CGO_ENABLED=1 $(GO) build $(EXTRA_FLAGS) -tags "$(BUILDTAGS) netgo
> >>> osusergo static_build" -installsuffix netgo -ldflags "-w -extldflags
> >>> -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION}
> >>> $(EXTRA_LDFLAGS)" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty
> >>> -
> >>> - release:
> >>> - script/release.sh -r release/$(VERSION) -v $(VERSION)
> >>> diff --git a/recipes-containers/runc/runc-docker_git.bb
> >>> b/recipes-containers/runc/runc-docker_git.bb
> >>> index 2bf6222..c9f460b 100644
> >>> --- a/recipes-containers/runc/runc-docker_git.bb
> >>> +++ b/recipes-containers/runc/runc-docker_git.bb
> >>> @@ -5,7 +5,7 @@ include runc.inc
> >>> SRCREV_runc-docker = "425e105d5a03fabd737a126ad93d62a9eeede87f"
> >>> SRC_URI = "git://github.com/opencontainers/runc;nobranch=1;name=runc-docker \
> >>> file://0001-runc-Add-console-socket-dev-null.patch \
> >>> - file://0001-build-drop-recvtty-and-use-GOBUILDFLAGS.patch \
> >>> +
> >>> file://0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch
> >>> \
> >>> file://0001-runc-docker-SIGUSR1-daemonize.patch \
> >>> "
> >>> diff --git a/recipes-containers/runc/runc-opencontainers_git.bb
> >>> b/recipes-containers/runc/runc-opencontainers_git.bb
> >>> index 76ab794..361bc94 100644
> >>> --- a/recipes-containers/runc/runc-opencontainers_git.bb
> >>> +++ b/recipes-containers/runc/runc-opencontainers_git.bb
> >>> @@ -3,5 +3,6 @@ include runc.inc
> >>> SRCREV = "652297c7c7e6c94e8d064ad5916c32891a6fd388"
> >>> SRC_URI = " \
> >>> git://github.com/opencontainers/runc;branch=master \
> >>> + file://0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch \
> >>> "
> >>> RUNC_VERSION = "1.0.0-rc8"
> >>> diff --git a/recipes-containers/runc/runc.inc b/recipes-containers/runc/runc.inc
> >>> index 46fd09d..41ea41b 100644
> >>> --- a/recipes-containers/runc/runc.inc
> >>> +++ b/recipes-containers/runc/runc.inc
> >>> @@ -14,8 +14,10 @@ inherit go
> >>> inherit goarch
> >>> inherit pkgconfig
> >>> -PACKAGECONFIG ??= ""
> >>> +PACKAGECONFIG ??= "static"
> >>> PACKAGECONFIG[seccomp] = "seccomp,,libseccomp"
> >>> +# This PACKAGECONFIG serves the purpose of whether building runc as
> >>> static or not
> >>> +PACKAGECONFIG[static] = ""
> >>> PROVIDES += "virtual/runc"
> >>> RPROVIDES_${PN} = "virtual/runc"
> >>> @@ -54,7 +56,11 @@ do_compile() {
> >>> export CFLAGS=""
> >>> export LDFLAGS=""
> >>> - oe_runmake static
> >>> + if ${@bb.utils.contains('PACKAGECONFIG', 'static', 'true', 'false', d)}; then
> >>> + oe_runmake static
> >>> + else
> >>> + oe_runmake runc
> >>> + fi
> >>> }
> >>> do_install() {
> >>> -- 2.17.1
> --
> _______________________________________________
> meta-virtualization mailing list
> meta-virtualization at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/meta-virtualization
--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II
More information about the meta-virtualization
mailing list