diff --git a/.gitignore b/.gitignore index f971d203c5b0d8790dbea7fe64800480c0e96e4a..361174ab1b08e7e8e8a18517e381ab4370387bf6 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ _output/ shim/bin/ shim/.idea/ *.rpm +*.deb diff --git a/Makefile b/Makefile index bfee7bc1bf4cacaf04d6055e7be70a127586acd5..dad55cea620971b2e4a2f88cb6a4cad5442c7302 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,8 @@ -.PHONY: all install clean uninstall rpm +.PHONY: all install clean uninstall package export INCLAVARE_CONTAINERS_VERSION := $(shell cat ./VERSION) components := rune shim sgx-tools -rpm_release_components := rune shim +dist_release_components := rune shim all: for name in $(components); do \ @@ -24,7 +24,7 @@ uninstall: $(MAKE) -C $$name uninstall; \ done -rpm: - for name in $(rpm_release_components); do \ - $(MAKE) -C $$name rpm; \ +package: + for name in $(dist_release_components); do \ + $(MAKE) -C $$name package; \ done diff --git a/rune/Makefile b/rune/Makefile index f71f78ea70c43f437a063943d11e815533f6b363..7853da30555e43b1126794c4d3465c5489a31c7f 100644 --- a/rune/Makefile +++ b/rune/Makefile @@ -161,11 +161,11 @@ localcross: CGO_ENABLED=1 GOARCH=arm64 CC=aarch64-linux-gnu-gcc $(GO_BUILD) -o runc-arm64 . CGO_ENABLED=1 GOARCH=ppc64le CC=powerpc64le-linux-gnu-gcc $(GO_BUILD) -o runc-ppc64le . -rpm: - $(MAKE) -C dist rpm +package: + $(MAKE) -C dist package .PHONY: rune all recvtty static release dbuild lint man runcimage \ test localtest unittest localunittest integration localintegration \ rootlessintegration localrootlessintegration shell install install-bash \ install-man clean uninstall validate ci \ - vendor verify-dependencies cross localcross skeleton rpm + vendor verify-dependencies cross localcross skeleton package diff --git a/rune/dist/Makefile b/rune/dist/Makefile index 586eedb43e9f2d506dfcb15fa6c83116a4501a55..4cb8c15d6bbfb25d68b1ba21d8f7dac7183089df 100644 --- a/rune/dist/Makefile +++ b/rune/dist/Makefile @@ -16,4 +16,17 @@ rpm: release-tarball @rm -rf $(RPMBUILD_DIR) @echo "the rpms of rune located in $(PROJECT_DIR)" -.PHONY: release-tarball rpm +deb: + @cd deb && ./build.sh + @echo "the debs of rune located in $(PROJECT_DIR)" + +package: +ifeq (/etc/debian_version, $(wildcard /etc/debian_version)) + make deb +else ifeq (/etc/redhat-release, $(wildcard /etc/redhat-release)) + make rpm +else + @echo "error! don't support generating packages on this system" +endif + +.PHONY: release-tarball rpm deb package diff --git a/rune/dist/deb/build.sh b/rune/dist/deb/build.sh new file mode 100755 index 0000000000000000000000000000000000000000..e22d681be77e7fa647dac98555595753bcffc7e7 --- /dev/null +++ b/rune/dist/deb/build.sh @@ -0,0 +1,41 @@ +#!/bin/bash + +PROJECT_DIR=$(cd ../../..; pwd) +DEBBUILD_DIR=$(mktemp -u /tmp/debbuild.XXXX) +SCRIPT_DIR=$(pwd) +PACKAGE=rune +PROJECT=inclavare-containers +VERSION=$(cd ../../..; cat ./VERSION) +RELEASE_TARBALL=$DEBBUILD_DIR/v$VERSION.tar.gz +RELEASE_TARBALL_URL=https://github.com/alibaba/inclavare-containers/archive/v$VERSION.tar.gz +TARBALL_NAME=$PACKAGE\_$VERSION.orig.tar.gz +DEB_BUILD_FOLDER=$DEBBUILD_DIR/$PACKAGE-$VERSION + +# create and rename the tarball +mkdir -p $DEBBUILD_DIR +if [ ! -f "$RELEASE_TARBALL" ]; then + wget -P $DEBBUILD_DIR $RELEASE_TARBALL_URL +fi +tar zxfP $DEBBUILD_DIR/v$VERSION.tar.gz -C $DEBBUILD_DIR +mv $DEBBUILD_DIR/$PROJECT-$VERSION $DEBBUILD_DIR/$PACKAGE-$VERSION +cd $DEBBUILD_DIR && tar zcfP $TARBALL_NAME $PACKAGE-$VERSION + +# check the go version +if ! [ -x "$(command -v go)" ]; then + echo 'Error: go is not installed. Please install Go 1.14 and above' + exit 1 +fi + +NEED_GO_VERSION=14 +CURRENT_GO_VERSION=$(go version | awk '{print $3}' | sed 's/go//g' | sed 's/\./ /g' | awk '{print $2}') +if [ $CURRENT_GO_VERSION -lt $NEED_GO_VERSION ]; then + echo 'Error: go version is less than 1.14.0. Please install Go 1.14 and above' + exit +fi + +# build_deb_package +cp -rf $SCRIPT_DIR/debian $DEB_BUILD_FOLDER +cd $DEB_BUILD_FOLDER +dpkg-buildpackage -us -uc +cp $DEBBUILD_DIR/*.deb $PROJECT_DIR +rm -rf $DEBBUILD_DIR diff --git a/rune/dist/deb/debian/changelog b/rune/dist/deb/debian/changelog new file mode 100644 index 0000000000000000000000000000000000000000..55398365b70acf83d7587aeb6317b0967a00026e --- /dev/null +++ b/rune/dist/deb/debian/changelog @@ -0,0 +1,5 @@ +rune (0.2.0-1) unstable; urgency=low + + * Initial release. + + -- Shirong Hao Mon, 13 Jul 2020 13:48:35 +0000 diff --git a/rune/dist/deb/debian/compat b/rune/dist/deb/debian/compat new file mode 100644 index 0000000000000000000000000000000000000000..ec635144f60048986bc560c5576355344005e6e7 --- /dev/null +++ b/rune/dist/deb/debian/compat @@ -0,0 +1 @@ +9 diff --git a/rune/dist/deb/debian/control b/rune/dist/deb/debian/control new file mode 100644 index 0000000000000000000000000000000000000000..513567e897c33ea07a0fbe19a5aa53e6da44c4c6 --- /dev/null +++ b/rune/dist/deb/debian/control @@ -0,0 +1,12 @@ +Source: rune +Section: devel +Priority: extra +Maintainer: Shirong Hao +Build-Depends: debhelper (>=9), libseccomp-dev, libprotobuf-dev (>=3), protobuf-compiler +Standards-Version: 3.9.8 +Homepage: https://github.com/alibaba/inclavare-containers + +Package: rune +Architecture: amd64 +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: rune is a CLI tool for spawning and running enclaves in containers according to the OCI specification. The codebase of rune is a fork of runc, so rune can be used as runc if enclave is not configured or available. diff --git a/rune/dist/deb/debian/rules b/rune/dist/deb/debian/rules new file mode 100755 index 0000000000000000000000000000000000000000..7585e3f2d0d790b183e91d2eb6d2dad5bf3fd420 --- /dev/null +++ b/rune/dist/deb/debian/rules @@ -0,0 +1,19 @@ +#!/usr/bin/make -f +BUILD_ROOT := $(CURDIR)/debian/rune +BUILD_DIR := /usr/bin +LICENSE := /usr/share/licenses/rune +PROTOBUF_VERSION := 1.3.5 + +export GO111MODULE := on + +%: + dh $@ + +override_dh_auto_build: + go get github.com/golang/protobuf/protoc-gen-go@v$(PROTOBUF_VERSION) + make -C rune +override_dh_auto_install: + install -d -p $(BUILD_ROOT)$(BUILD_DIR) + install -p -m 755 $(CURDIR)/rune/rune $(BUILD_ROOT)$(BUILD_DIR) + install -d -p $(BUILD_ROOT)$(LICENSE) + install -p -m 644 $(CURDIR)/rune/LICENSE $(BUILD_ROOT)$(LICENSE) diff --git a/rune/dist/deb/debian/source/format b/rune/dist/deb/debian/source/format new file mode 100644 index 0000000000000000000000000000000000000000..163aaf8d82b6c54f23c45f32895dbdfdcc27b047 --- /dev/null +++ b/rune/dist/deb/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/shim/Makefile b/shim/Makefile index ce269de13fd12fbd392c74eef37ee445ec02bee3..5af8c28339e886e2a17a62d9abdbc4acbbb929b8 100644 --- a/shim/Makefile +++ b/shim/Makefile @@ -39,7 +39,7 @@ SHIM_CGO_ENABLED ?= 0 BINARIES=$(addprefix bin/,$(COMMANDS)) -.PHONY: clean all binaries help install uninstall rpm +.PHONY: clean all binaries help install uninstall package .DEFAULT: default all: binaries @@ -55,8 +55,8 @@ clean: ## clean up binaries @echo "$@" @rm -f $(BINARIES) -rpm: - $(MAKE) -C dist rpm +package: + $(MAKE) -C dist package install: ## install binaries @echo "$@ $(BINARIES)" diff --git a/shim/dist/Makefile b/shim/dist/Makefile index 0710ab1b75781af5ca4714d92b99191d6f05ada1..dc3567f9e4585550df62147315db8fced8de8fcb 100644 --- a/shim/dist/Makefile +++ b/shim/dist/Makefile @@ -1,4 +1,3 @@ -# Variables for building rpm PROJECT_DIR := $(shell cd ../..; pwd) RPMBUILD_DIR := $(shell mktemp -u /tmp/rpmbuild.XXXX) RELEASE_TARBALL_URL := https://github.com/alibaba/inclavare-containers/archive/v$(INCLAVARE_CONTAINERS_VERSION).tar.gz @@ -17,4 +16,17 @@ rpm: release-tarball @rm -rf $(RPMBUILD_DIR) @echo "the rpms of shim-rune located in $(PROJECT_DIR)" -.PHONY: release-tarball rpm +deb: + @cd deb && ./build.sh + @echo "the debs of shim-rune located in $(PROJECT_DIR)" + +package: +ifeq (/etc/debian_version, $(wildcard /etc/debian_version)) + make deb +else ifeq (/etc/redhat-release, $(wildcard /etc/redhat-release)) + make rpm +else + @echo "error! don't support generating packages on this system" +endif + +.PHONY: release-tarball rpm deb package diff --git a/shim/dist/deb/build.sh b/shim/dist/deb/build.sh new file mode 100755 index 0000000000000000000000000000000000000000..c8f87ac2f84551a0883f1aad6c5d4cc3a9cbc166 --- /dev/null +++ b/shim/dist/deb/build.sh @@ -0,0 +1,41 @@ +#!/bin/bash + +PROJECT_DIR=$(cd ../../..; pwd) +DEBBUILD_DIR=$(mktemp -u /tmp/debbuild.XXXX) +SCRIPT_DIR=$(pwd) +PACKAGE=shim-rune +PROJECT=inclavare-containers +VERSION=$(cd ../../..; cat ./VERSION) +RELEASE_TARBALL=$DEBBUILD_DIR/v$VERSION.tar.gz +RELEASE_TARBALL_URL=https://github.com/alibaba/inclavare-containers/archive/v$VERSION.tar.gz +TARBALL_NAME=$PACKAGE\_$VERSION.orig.tar.gz +DEB_BUILD_FOLDER=$DEBBUILD_DIR/$PACKAGE-$VERSION + +# create and rename the tarball +mkdir -p $DEBBUILD_DIR +if [ ! -f "$RELEASE_TARBALL" ]; then + wget -P $DEBBUILD_DIR $RELEASE_TARBALL_URL +fi +tar zxfP $DEBBUILD_DIR/v$VERSION.tar.gz -C $DEBBUILD_DIR +mv $DEBBUILD_DIR/$PROJECT-$VERSION $DEBBUILD_DIR/$PACKAGE-$VERSION +cd $DEBBUILD_DIR && tar zcfP $TARBALL_NAME $PACKAGE-$VERSION + +# check the go version +if ! [ -x "$(command -v go)" ]; then + echo 'Error: go is not installed. Please install Go 1.14 and above' + exit 1 +fi + +NEED_GO_VERSION=14 +CURRENT_GO_VERSION=$(go version | awk '{print $3}' | sed 's/go//g' | sed 's/\./ /g' | awk '{print $2}') +if [ $CURRENT_GO_VERSION -lt $NEED_GO_VERSION ]; then + echo 'Error: go version is less than 1.14.0. Please install Go 1.14 and above' + exit +fi + +# build deb package +cp -rf $SCRIPT_DIR/debian $DEB_BUILD_FOLDER +cd $DEB_BUILD_FOLDER +dpkg-buildpackage -us -uc +cp $DEBBUILD_DIR/*.deb $PROJECT_DIR +rm -rf $DEBBUILD_DIR diff --git a/shim/dist/deb/debian/changelog b/shim/dist/deb/debian/changelog new file mode 100644 index 0000000000000000000000000000000000000000..3a2c05daa6c4cfa6eaa0ec42d285c5a269202ad3 --- /dev/null +++ b/shim/dist/deb/debian/changelog @@ -0,0 +1,5 @@ +shim-rune (0.2.0-1) unstable; urgency=low + + * Initial release. Closes: + + -- Shirong Hao Mon, 13 Jul 2020 13:48:35 +0000 diff --git a/shim/dist/deb/debian/compat b/shim/dist/deb/debian/compat new file mode 100644 index 0000000000000000000000000000000000000000..ec635144f60048986bc560c5576355344005e6e7 --- /dev/null +++ b/shim/dist/deb/debian/compat @@ -0,0 +1 @@ +9 diff --git a/shim/dist/deb/debian/control b/shim/dist/deb/debian/control new file mode 100644 index 0000000000000000000000000000000000000000..5fd7faeee8231fd25efdfdde7bdc47b98cfa98da --- /dev/null +++ b/shim/dist/deb/debian/control @@ -0,0 +1,12 @@ +Source: shim-rune +Section: devel +Priority: extra +Maintainer: Shirong Hao +Build-Depends: debhelper (>=9) +Standards-Version: 3.9.8 +Homepage: https://github.com/alibaba/inclavare-containers + +Package: shim-rune +Architecture: amd64 +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: containerd-shim-rune-v2 is a shim for Inclavare Containers(runE). diff --git a/shim/dist/deb/debian/postinst b/shim/dist/deb/debian/postinst new file mode 100644 index 0000000000000000000000000000000000000000..197eb5c76ea8684d239727556fa2bfc88ca4e57a --- /dev/null +++ b/shim/dist/deb/debian/postinst @@ -0,0 +1,16 @@ +#!/bin/sh + +SHIM_CONFIG_DIR=/etc/inclavare-containers + +mkdir -p $SHIM_CONFIG_DIR +cat << EOF > $SHIM_CONFIG_DIR/config.toml +log_level = "info" # "debug" "info" "warn" "error" +sgx_tool_sign = "/opt/intel/sgxsdk/bin/x64/sgx_sign" +[containerd] + socket = "/run/containerd/containerd.sock" +[enclave_runtime] + [enclave_runtime.occlum] + build_image = "docker.io/occlum/occlum:0.13.0-ubuntu18.04" + enclave_runtime_path = "/usr/lib64/libocclum-pal.so" + [enclave_runtime.graphene] +EOF diff --git a/shim/dist/deb/debian/postrm b/shim/dist/deb/debian/postrm new file mode 100644 index 0000000000000000000000000000000000000000..f0b3fea62d46fbbda4f4c96dcde4c39dd70b7854 --- /dev/null +++ b/shim/dist/deb/debian/postrm @@ -0,0 +1,4 @@ +#!/bin/bash + +SHIM_CONFIG_DIR=/etc/inclavare-containers +rm -f $SHIM_CONFIG_DIR/config.toml diff --git a/shim/dist/deb/debian/rules b/shim/dist/deb/debian/rules new file mode 100755 index 0000000000000000000000000000000000000000..ec202dfdd7d69dfcd6c0e31241b73b0bcf81ad2e --- /dev/null +++ b/shim/dist/deb/debian/rules @@ -0,0 +1,17 @@ +#!/usr/bin/make -f +BUILD_ROOT := $(CURDIR)/debian/shim-rune +BUILD_DIR := /usr/local/bin +LICENSE := /usr/share/licenses/shim-rune + +%: + dh $@ + +override_dh_auto_build: + GOOS=linux make binaries -C shim +override_dh_auto_install: + install -d -p $(BUILD_ROOT)$(BUILD_DIR) + install -p -m 755 $(CURDIR)/shim/bin/containerd-shim-rune-v2 $(BUILD_ROOT)$(BUILD_DIR) + install -d -p $(BUILD_ROOT)$(LICENSE) + install -p -m 644 $(CURDIR)/shim/LICENSE $(BUILD_ROOT)$(LICENSE) +override_dh_usrlocal: + diff --git a/shim/dist/deb/debian/source/format b/shim/dist/deb/debian/source/format new file mode 100644 index 0000000000000000000000000000000000000000..163aaf8d82b6c54f23c45f32895dbdfdcc27b047 --- /dev/null +++ b/shim/dist/deb/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt)