Added support for Rhel 8 and SLES 15 for s390x

Added Dockerfile for rhel-8 and sles-15. Added spec files rpm/SPECS/checkpolicy.spec, rpm/SPECS/policycoreutils.spec for sles-15 support. Modified rpm/SPECS/docker-ce.spec for adding support for sles-15 with btrfs support. Modified rpm/Makefile to add support for sles-15 and rhel-8. Signed-off-by: Nirman Narang <[email protected]> updates policycoreutils to 3.3 Refactor SLES_RELEASE and install git 2.x on RHEL-7 Signed-off-by: Prabhav Thali <[email protected]> rhel9
docker · Jul 28, 2022 · 48c86c4 · 48c86c4
1 parent 870786d
commit 48c86c4
Show file tree

Hide file tree

Showing 8 changed files with 252 additions and 6 deletions.
diff --git a/rpm/Makefile b/rpm/Makefile
@@ -12,7 +12,7 @@ ENGINE_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/docke
 SCAN_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/scan-cli-plugin) && git rev-parse --short HEAD)
 
 ifdef BUILD_IMAGE
-	BUILD_IMAGE_FLAG=--build-arg $(BUILD_IMAGE)
+	BUILD_IMAGE_FLAG=--build-arg BUILD_IMAGE=$(BUILD_IMAGE)
 endif
 BUILD?=DOCKER_BUILDKIT=1 \
 	docker build \
@@ -57,12 +57,22 @@ RUN?=docker run --rm \
 	$(RUN_FLAGS) \
 	rpmbuild-$@/$(ARCH) $(RPMBUILD_FLAGS)
 
+RUN_SLES?=docker run --rm \
+	-e PLATFORM \
+	-v $(CURDIR)/rpmbuild/SOURCES:/usr/src/packages/SOURCES:ro \
+	-v $(CURDIR)/rpmbuild/$@/RPMS:/usr/src/packages/RPMS \
+	-v $(CURDIR)/rpmbuild/$@/SRPMS:/usr/src/packages/SRPMS \
+	$(RUN_FLAGS) \
+	rpmbuild-$@/$(ARCH) $(RPMBUILD_FLAGS)
+
 FEDORA_RELEASES ?= fedora-36 fedora-35 fedora-34
 CENTOS_RELEASES ?= centos-7 centos-8 centos-9
 ifeq ($(ARCH),s390x)
-RHEL_RELEASES ?= rhel-7
+RHEL_RELEASES ?= rhel-7 rhel-8 rhel-9
+SLES_RELEASES ?= sles-15
 else
 RHEL_RELEASES ?=
+SLES_RELEASES ?=
 endif
 
 DISTROS := $(FEDORA_RELEASES) $(CENTOS_RELEASES) $(RHEL_RELEASES)
@@ -79,7 +89,7 @@ clean: ## remove build artifacts
 	-docker builder prune -f --filter until=24h
 
 .PHONY: rpm
-rpm: fedora centos ## build all rpm packages
+rpm: fedora centos rhel sles ## build all rpm packages
 
 .PHONY: fedora
 fedora: $(FEDORA_RELEASES) ## build all fedora rpm packages
@@ -90,9 +100,15 @@ centos-8 centos-9: RPMBUILD_EXTRA_FLAGS=--define '_without_btrfs 1'
 .PHONY: centos
 centos: $(CENTOS_RELEASES) ## build all centos rpm packages
 
+.PHONY: rhel-8 rhel-9
+rhel-8 rhel-9: RPMBUILD_EXTRA_FLAGS=--define '_without_btrfs 1'
+
 .PHONY: rhel
 rhel: $(RHEL_RELEASES) ## build all rhel rpm packages
 
+.PHONY: sles
+sles: $(SLES_RELEASES) ## build all sles rpm packages
+
 .PHONY: $(DISTROS)
 $(DISTROS): sources
 	@echo "== Building packages for $@ =="
@@ -101,6 +117,14 @@ $(DISTROS): sources
 	$(RUN)
 	$(CHOWN) -R $(shell id -u):$(shell id -g) "rpmbuild/$@"
 
+.PHONY: $(SLES_RELEASES)
+$(SLES_RELEASES): rpmbuild/SOURCES/engine.tgz rpmbuild/SOURCES/cli.tgz rpmbuild/SOURCES/buildx.tgz rpmbuild/SOURCES/compose.tgz rpmbuild/SOURCES/scan-cli-plugin.tgz
+	@echo "== Building packages for $@ =="
+	mkdir -p "rpmbuild/$@"
+	$(BUILD)
+	$(RUN_SLES)
+	$(CHOWN) -R $(shell id -u):$(shell id -g) "rpmbuild/$@"
+
 .PHONY: sources
 sources: rpmbuild/SOURCES/engine.tgz rpmbuild/SOURCES/cli.tgz rpmbuild/SOURCES/buildx.tgz rpmbuild/SOURCES/compose.tgz rpmbuild/SOURCES/scan-cli-plugin.tgz
 

diff --git a/rpm/SPECS/docker-ce.spec b/rpm/SPECS/docker-ce.spec
@@ -20,27 +20,41 @@ Packager: Docker <[email protected]>
 Requires: /usr/sbin/groupadd
 Requires: docker-ce-cli
 Requires: docker-ce-rootless-extras
+%if 0%{?suse_version}
+Requires: container-selinux
+Requires: libseccomp2
+Requires: libcgroup-devel
+%else
 Requires: container-selinux >= 2:2.74
 Requires: libseccomp >= 2.3
-Requires: systemd
-Requires: iptables
 %if %{undefined rhel} || 0%{?rhel} < 9
 # Libcgroup is no longer available in RHEL/CentOS >= 9 distros.
 Requires: libcgroup
 %endif
+%endif
+Requires: systemd
+Requires: iptables
 Requires: containerd.io >= 1.6.4
 Requires: tar
 Requires: xz
 
 BuildRequires: bash
+%if 0%{?suse_version}
+BuildRequires: btrfsprogs
+%else
 %{?_with_btrfs:BuildRequires: btrfs-progs-devel}
+%endif
 BuildRequires: ca-certificates
 BuildRequires: cmake
 BuildRequires: device-mapper-devel
 BuildRequires: gcc
 BuildRequires: git
 BuildRequires: glibc-static
+%if 0%{?suse_version}
+BuildRequires: libarchive13
+%else
 BuildRequires: libarchive
+%endif
 BuildRequires: libseccomp-devel
 BuildRequires: libselinux-devel
 BuildRequires: libtool

diff --git a/rpm/SPECS/policycoreutils.spec b/rpm/SPECS/policycoreutils.spec
@@ -0,0 +1,48 @@
+Name:           policycoreutils
+Version:        3.4
+Release:        1%{?dist}
+Group:          System Environment/Base
+Summary:        SELinux policy core utilities
+License:        GPLv2
+%description
+
+%configure
+
+BuildRequires: gzip
+BuildRequires: make
+BuildRequires: gcc7
+BuildRequires: flex
+BuildRequires: libbz2-devel
+BuildRequires: pcre2-devel
+BuildRequires: audit-devel
+BuildRequires: gettext
+BuildRequires: bison
+BuildRequires: wget
+BuildRequires: tar
+
+%install
+wget https://github.com/SELinuxProject/selinux/releases/download/3.4/libsepol-3.4.tar.gz
+update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-7 7
+tar -xvf libsepol-3.4.tar.gz
+cd libsepol-3.4
+make CC=gcc
+make install
+cd ..
+wget https://github.com/SELinuxProject/selinux/releases/download/3.4/libselinux-3.4.tar.gz
+tar -xvf libselinux-3.4.tar.gz
+cd libselinux-3.4
+make CC=gcc
+make install
+cd ..
+wget https://github.com/SELinuxProject/selinux/releases/download/3.4/libsemanage-3.4.tar.gz
+tar -xvf libsemanage-3.4.tar.gz
+cd libsemanage-3.4
+make CC=gcc
+make install
+cd ..
+wget https://github.com/SELinuxProject/selinux/releases/download/3.4/policycoreutils-3.4.tar.gz
+tar -xvf policycoreutils-3.4.tar.gz
+cd policycoreutils-3.4
+make CC=gcc
+make install
+%files
diff --git a/rpm/SPECS/sles_dependencies.spec b/rpm/SPECS/sles_dependencies.spec
@@ -0,0 +1,35 @@
+Name:       SLES_Dependencies
+Version:    %{_version}
+License:    GPLv2
+Release:    1%{?dist}
+Summary:    SLES Dependencies
+
+%description
+The file lists the dependencies required for building the rpmbuild-sles-15
+
+BuildRequires: rpm-build
+BuildRequires: rpmlint
+BuildRequires: pkg-config
+BuildRequires: libsystemd0
+BuildRequires: systemd-devel
+BuildRequires: selinux-tools
+BuildRequires: wget
+BuildRequires: cmake
+BuildRequires: git
+BuildRequires: glibc-devel-static
+BuildRequires: libseccomp-devel
+BuildRequires: libtool
+BuildRequires: libarchive-devel
+BuildRequires: btrfsprogs
+BuildRequires: libbtrfs-devel
+BuildRequires: lsb-release
+BuildRequires: gzip
+BuildRequires: make
+BuildRequires: gcc7
+BuildRequires: flex
+BuildRequires: libbz2-devel
+BuildRequires: libsemanage-devel
+BuildRequires: libsepol-devel
+BuildRequires: gettext
+BuildRequires: bison
+BuildRequires: tar
diff --git a/rpm/rhel-7/Dockerfile b/rpm/rhel-7/Dockerfile
@@ -9,14 +9,24 @@ FROM ${BUILD_IMAGE}
 ENV GOPROXY=direct
 ENV GO111MODULE=off
 ENV GOPATH=/go
-ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV PATH $PATH:/usr/local/bin:/usr/local/go/bin:$GOPATH/bin
 ENV AUTO_GOPATH 1
 ARG DISTRO
 ARG SUITE
 ENV DISTRO=${DISTRO}
 ENV SUITE=${SUITE}
 ENV CC=gcc
 
+# Install Git
+RUN yum groupinstall -y "Development Tools"; \
+    yum install -y gettext-devel openssl-devel perl-devel perl-CPAN zlib-devel curl-devel wget; \
+    wget https://github.com/git/git/archive/refs/tags/v2.26.2.tar.gz; \
+    tar -xvzf v2.26.2.tar.gz; \
+    cd git-2.26.2; \
+    make configure; \
+    ./configure --prefix=/usr/local; \
+    make install
+
 # In aarch64 (arm64) images, the altarch repo is specified as repository, but
 # failing, so replace the URL.
 RUN if [ -f /etc/yum.repos.d/CentOS-Sources.repo ]; then sed -i 's/altarch/centos/g' /etc/yum.repos.d/CentOS-Sources.repo; fi

diff --git a/rpm/rhel-8/Dockerfile b/rpm/rhel-8/Dockerfile
@@ -0,0 +1,35 @@
+ARG GO_IMAGE
+ARG DISTRO=rhel
+ARG SUITE=8
+ARG BUILD_IMAGE=dockereng/${DISTRO}:${SUITE}-s390x
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE}
+ENV GOPROXY=direct
+ENV GO111MODULE=off
+ENV GOPATH=/go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV AUTO_GOPATH 1
+ENV DOCKER_BUILDTAGS seccomp selinux exclude_graphdriver_btrfs
+ENV RUNC_BUILDTAGS seccomp selinux
+ARG DISTRO
+ARG SUITE
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+ENV CC=gcc
+
+RUN yum install -y rpm-build rpmlint libarchive yum-utils
+COPY SPECS /root/rpmbuild/SPECS
+
+# TODO change once we support scan-plugin on other architectures
+RUN \
+  if [ "$(uname -m)" = "x86_64" ]; then \
+    yum-builddep -y /root/rpmbuild/SPECS/*.spec; \
+  else \
+    yum-builddep --define '_without_btrfs 1' -y /root/rpmbuild/SPECS/docker-c*.spec; \
+  fi
+
+COPY --from=golang /usr/local/go /usr/local/go
+WORKDIR /root/rpmbuild
+ENTRYPOINT ["/bin/rpmbuild"]
diff --git a/rpm/rhel-9/Dockerfile b/rpm/rhel-9/Dockerfile
@@ -0,0 +1,35 @@
+ARG GO_IMAGE
+ARG DISTRO=rhel
+ARG SUITE=9
+ARG BUILD_IMAGE=dockereng/${DISTRO}:${SUITE}-s390x
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE}
+ENV GOPROXY=direct
+ENV GO111MODULE=off
+ENV GOPATH=/go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV AUTO_GOPATH 1
+ENV DOCKER_BUILDTAGS seccomp selinux exclude_graphdriver_btrfs
+ENV RUNC_BUILDTAGS seccomp selinux
+ARG DISTRO
+ARG SUITE
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+ENV CC=gcc
+
+RUN yum install -y rpm-build rpmlint libarchive yum-utils
+COPY SPECS /root/rpmbuild/SPECS
+
+# TODO change once we support scan-plugin on other architectures
+RUN \
+  if [ "$(uname -m)" = "x86_64" ]; then \
+    yum-builddep -y /root/rpmbuild/SPECS/*.spec; \
+  else \
+    yum-builddep --define '_without_btrfs 1' -y /root/rpmbuild/SPECS/docker-c*.spec; \
+  fi
+
+COPY --from=golang /usr/local/go /usr/local/go
+WORKDIR /root/rpmbuild
+ENTRYPOINT ["/bin/rpmbuild"]
diff --git a/rpm/sles-15/Dockerfile b/rpm/sles-15/Dockerfile
@@ -0,0 +1,45 @@
+ARG GO_IMAGE
+ARG DISTRO=sles
+ARG SUITE=15
+ARG BUILD_IMAGE=dockereng/${DISTRO}:${SUITE}-s390x
+
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE}
+ENV GOPROXY=direct
+ENV GO111MODULE=off
+ENV GOPATH=/go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV AUTO_GOPATH 1
+ENV DOCKER_BUILDTAGS seccomp selinux
+ENV RUNC_BUILDTAGS seccomp selinux
+ARG DISTRO
+ARG SUITE
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+ENV CC=gcc
+USER root
+
+COPY SPECS /usr/src/packages/SPECS
+COPY rpmbuild/SOURCES/ /usr/src/packages/SOURCES/
+RUN zypper -n install $(rpmspec --parse /usr/src/packages/SPECS/sles_dependencies.spec | grep BuildRequires | cut -d' ' -f2 | xargs)
+RUN rpmbuild -bb /usr/src/packages/SPECS/policycoreutils.spec
+RUN rpm -i /usr/src/packages/RPMS/s390x/policycoreutils-3.4-1.s390x.rpm \
+&& sles_version=$(lsb_release -r | rev | cut -c1) \
+&& opensuse_repo="https://download.opensuse.org/repositories/security:SELinux/SLE_15_SP$sles_version/security:SELinux.repo" \
+&& zypper addrepo $opensuse_repo \
+&& zypper --gpg-auto-import-keys refresh && zypper install -y selinux-policy selinux-policy-devel device-mapper-devel \
+&& mkdir -p /root/rpmbuild/ && cp -r /usr/src/packages/* /root/rpmbuild/
+
+# TODO change once we support scan-plugin on other architectures
+RUN \
+  if [ "$(uname -m)" = "x86" ]; then \
+    rpmbuild /root/rpmbuild/SPECS/*.spec; \
+  else \
+     rpmbuild /usr/src/packages/SPECS/docker-c*.spec; \
+  fi
+
+COPY --from=golang /usr/local/go /usr/local/go
+WORKDIR /root/rpmbuild
+ENTRYPOINT ["/usr/bin/rpmbuild"]