From ac88800fcb0a45d6e3560abebdd018597ae42e2d Mon Sep 17 00:00:00 2001 From: Nirman Narang Date: Tue, 14 Sep 2021 21:27:27 -0700 Subject: [PATCH] Adds RHEL 8, RHEL 9 and SLES 15 support for s390x Added Dockerfile for rhel-8 and sles-15. Added spec files rpm/SPECS/checkpolicy.spec, rpm/SPECS/policycoreutils.spec for sles-15 support. Modified rpm/SPECS/docker-ce.spec for adding support for sles-15 with btrfs support. Modified rpm/Makefile to add support for sles-15 and rhel-8. Signed-off-by: Nirman Narang updates policycoreutils to 3.4 Refactor SLES_RELEASE and install git 2.x on RHEL-7 Add RHEL 9 Dockerfile Signed-off-by: Prabhav Thali --- rpm/Makefile | 30 ++++++++++++++++++-- rpm/SPECS/docker-ce.spec | 18 ++++++++++-- rpm/SPECS/policycoreutils.spec | 48 ++++++++++++++++++++++++++++++++ rpm/SPECS/sles_dependencies.spec | 33 ++++++++++++++++++++++ rpm/rhel-7/Dockerfile | 12 +++++++- rpm/rhel-8/Dockerfile | 34 ++++++++++++++++++++++ rpm/rhel-9/Dockerfile | 34 ++++++++++++++++++++++ rpm/sles-15/Dockerfile | 41 +++++++++++++++++++++++++++ 8 files changed, 244 insertions(+), 6 deletions(-) create mode 100644 rpm/SPECS/policycoreutils.spec create mode 100644 rpm/SPECS/sles_dependencies.spec create mode 100644 rpm/rhel-8/Dockerfile create mode 100644 rpm/rhel-9/Dockerfile create mode 100644 rpm/sles-15/Dockerfile diff --git a/rpm/Makefile b/rpm/Makefile index 84d9c9d86e..938375077e 100644 --- a/rpm/Makefile +++ b/rpm/Makefile @@ -13,7 +13,7 @@ SCAN_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/scan-cl BUILDX_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/buildx) && git rev-parse --short HEAD) ifdef BUILD_IMAGE - BUILD_IMAGE_FLAG=--build-arg $(BUILD_IMAGE) + BUILD_IMAGE_FLAG=--build-arg BUILD_IMAGE=$(BUILD_IMAGE) endif BUILD?=DOCKER_BUILDKIT=1 \ docker build \ @@ -58,12 +58,22 @@ RUN?=docker run --rm \ $(RUN_FLAGS) \ rpmbuild-$@/$(ARCH) $(RPMBUILD_FLAGS) +RUN_SLES?=docker run --rm \ + -e PLATFORM \ + -v $(CURDIR)/rpmbuild/SOURCES:/usr/src/packages/SOURCES:ro \ + -v $(CURDIR)/rpmbuild/$@/RPMS:/usr/src/packages/RPMS \ + -v $(CURDIR)/rpmbuild/$@/SRPMS:/usr/src/packages/SRPMS \ + $(RUN_FLAGS) \ + rpmbuild-$@/$(ARCH) $(RPMBUILD_FLAGS) + FEDORA_RELEASES ?= fedora-37 fedora-36 fedora-35 CENTOS_RELEASES ?= centos-7 centos-8 centos-9 ifeq ($(ARCH),s390x) -RHEL_RELEASES ?= rhel-7 +RHEL_RELEASES ?= rhel-7 rhel-8 rhel-9 +SLES_RELEASES ?= sles-15 else RHEL_RELEASES ?= +SLES_RELEASES ?= endif DISTROS := $(FEDORA_RELEASES) $(CENTOS_RELEASES) $(RHEL_RELEASES) @@ -80,7 +90,7 @@ clean: ## remove build artifacts -docker builder prune -f --filter until=24h .PHONY: rpm -rpm: fedora centos ## build all rpm packages +rpm: fedora centos rhel sles ## build all rpm packages .PHONY: fedora fedora: $(FEDORA_RELEASES) ## build all fedora rpm packages @@ -91,9 +101,15 @@ centos-8 centos-9: RPMBUILD_EXTRA_FLAGS=--define '_without_btrfs 1' .PHONY: centos centos: $(CENTOS_RELEASES) ## build all centos rpm packages +.PHONY: rhel-8 rhel-9 +rhel-8 rhel-9: RPMBUILD_EXTRA_FLAGS=--define '_without_btrfs 1' + .PHONY: rhel rhel: $(RHEL_RELEASES) ## build all rhel rpm packages +.PHONY: sles +sles: $(SLES_RELEASES) ## build all sles rpm packages + .PHONY: $(DISTROS) $(DISTROS): sources @echo "== Building packages for $@ ==" @@ -102,6 +118,14 @@ $(DISTROS): sources $(RUN) $(CHOWN) -R $(shell id -u):$(shell id -g) "rpmbuild/$@" +.PHONY: $(SLES_RELEASES) +$(SLES_RELEASES): rpmbuild/SOURCES/engine.tgz rpmbuild/SOURCES/cli.tgz rpmbuild/SOURCES/buildx.tgz rpmbuild/SOURCES/compose.tgz rpmbuild/SOURCES/scan-cli-plugin.tgz + @echo "== Building packages for $@ ==" + mkdir -p "rpmbuild/$@" + $(BUILD) + $(RUN_SLES) + $(CHOWN) -R $(shell id -u):$(shell id -g) "rpmbuild/$@" + .PHONY: sources sources: rpmbuild/SOURCES/engine.tgz rpmbuild/SOURCES/cli.tgz rpmbuild/SOURCES/buildx.tgz rpmbuild/SOURCES/compose.tgz rpmbuild/SOURCES/scan-cli-plugin.tgz diff --git a/rpm/SPECS/docker-ce.spec b/rpm/SPECS/docker-ce.spec index 6352f7b1bb..be51bb6451 100644 --- a/rpm/SPECS/docker-ce.spec +++ b/rpm/SPECS/docker-ce.spec @@ -20,27 +20,41 @@ Packager: Docker Requires: /usr/sbin/groupadd Requires: docker-ce-cli Requires: docker-ce-rootless-extras +%if 0%{?suse_version} +Requires: container-selinux +Requires: libseccomp2 +Requires: libcgroup-devel +%else Requires: container-selinux >= 2:2.74 Requires: libseccomp >= 2.3 -Requires: systemd -Requires: iptables %if %{undefined rhel} || 0%{?rhel} < 9 # Libcgroup is no longer available in RHEL/CentOS >= 9 distros. Requires: libcgroup %endif +%endif +Requires: systemd +Requires: iptables Requires: containerd.io >= 1.6.4 Requires: tar Requires: xz BuildRequires: bash +%if 0%{?suse_version} +BuildRequires: btrfsprogs +%else %{?_with_btrfs:BuildRequires: btrfs-progs-devel} +%endif BuildRequires: ca-certificates BuildRequires: cmake BuildRequires: device-mapper-devel BuildRequires: gcc BuildRequires: git BuildRequires: glibc-static +%if 0%{?suse_version} +BuildRequires: libarchive13 +%else BuildRequires: libarchive +%endif BuildRequires: libseccomp-devel BuildRequires: libselinux-devel BuildRequires: libtool diff --git a/rpm/SPECS/policycoreutils.spec b/rpm/SPECS/policycoreutils.spec new file mode 100644 index 0000000000..497805a508 --- /dev/null +++ b/rpm/SPECS/policycoreutils.spec @@ -0,0 +1,48 @@ +Name: policycoreutils +Version: 3.4 +Release: 1%{?dist} +Group: System Environment/Base +Summary: SELinux policy core utilities +License: GPLv2 +%description + +%configure + +BuildRequires: gzip +BuildRequires: make +BuildRequires: gcc7 +BuildRequires: flex +BuildRequires: libbz2-devel +BuildRequires: pcre2-devel +BuildRequires: audit-devel +BuildRequires: gettext +BuildRequires: bison +BuildRequires: wget +BuildRequires: tar + +%install +wget https://github.com/SELinuxProject/selinux/releases/download/3.4/libsepol-3.4.tar.gz +update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-7 7 +tar -xvf libsepol-3.4.tar.gz +cd libsepol-3.4 +make CC=gcc +make install +cd .. +wget https://github.com/SELinuxProject/selinux/releases/download/3.4/libselinux-3.4.tar.gz +tar -xvf libselinux-3.4.tar.gz +cd libselinux-3.4 +make CC=gcc +make install +cd .. +wget https://github.com/SELinuxProject/selinux/releases/download/3.4/libsemanage-3.4.tar.gz +tar -xvf libsemanage-3.4.tar.gz +cd libsemanage-3.4 +make CC=gcc +make install +cd .. +wget https://github.com/SELinuxProject/selinux/releases/download/3.4/policycoreutils-3.4.tar.gz +tar -xvf policycoreutils-3.4.tar.gz +cd policycoreutils-3.4 +make CC=gcc +make install +%files diff --git a/rpm/SPECS/sles_dependencies.spec b/rpm/SPECS/sles_dependencies.spec new file mode 100644 index 0000000000..3ff96260e9 --- /dev/null +++ b/rpm/SPECS/sles_dependencies.spec @@ -0,0 +1,33 @@ +Name: SLES_Dependencies +Version: %{_version} +License: GPLv2 +Release: 1%{?dist} +Summary: SLES Dependencies + +%description +The file lists the dependencies required for building the rpmbuild-sles-15 + +BuildRequires: rpm-build +BuildRequires: rpmlint +BuildRequires: pkg-config +BuildRequires: libsystemd0 +BuildRequires: systemd-devel +BuildRequires: selinux-tools +BuildRequires: wget +BuildRequires: cmake +BuildRequires: git +BuildRequires: glibc-devel-static +BuildRequires: libseccomp-devel +BuildRequires: libtool +BuildRequires: libarchive-devel +BuildRequires: btrfsprogs +BuildRequires: libbtrfs-devel +BuildRequires: lsb-release +BuildRequires: gzip +BuildRequires: make +BuildRequires: gcc7 +BuildRequires: flex +BuildRequires: libbz2-devel +BuildRequires: gettext +BuildRequires: bison +BuildRequires: tar diff --git a/rpm/rhel-7/Dockerfile b/rpm/rhel-7/Dockerfile index f5c91fd056..0fe5b6731d 100644 --- a/rpm/rhel-7/Dockerfile +++ b/rpm/rhel-7/Dockerfile @@ -9,7 +9,7 @@ FROM ${BUILD_IMAGE} ENV GOPROXY=https://proxy.golang.org|direct ENV GO111MODULE=off ENV GOPATH=/go -ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin +ENV PATH $PATH:/usr/local/bin:/usr/local/go/bin:$GOPATH/bin ENV AUTO_GOPATH 1 ARG DISTRO ARG SUITE @@ -17,6 +17,16 @@ ENV DISTRO=${DISTRO} ENV SUITE=${SUITE} ENV CC=gcc +# Install Git +RUN yum groupinstall -y "Development Tools"; \ + yum install -y gettext-devel openssl-devel perl-devel perl-CPAN zlib-devel curl-devel wget; \ + wget https://github.com/git/git/archive/refs/tags/v2.26.2.tar.gz; \ + tar -xvzf v2.26.2.tar.gz; \ + cd git-2.26.2; \ + make configure; \ + ./configure --prefix=/usr/local; \ + make install + # In aarch64 (arm64) images, the altarch repo is specified as repository, but # failing, so replace the URL. RUN if [ -f /etc/yum.repos.d/CentOS-Sources.repo ]; then sed -i 's/altarch/centos/g' /etc/yum.repos.d/CentOS-Sources.repo; fi diff --git a/rpm/rhel-8/Dockerfile b/rpm/rhel-8/Dockerfile new file mode 100644 index 0000000000..ebe324dd07 --- /dev/null +++ b/rpm/rhel-8/Dockerfile @@ -0,0 +1,34 @@ +ARG GO_IMAGE +ARG DISTRO=rhel +ARG SUITE=8 +ARG BUILD_IMAGE=dockereng/${DISTRO}:${SUITE}-s390x + +FROM ${GO_IMAGE} AS golang + +FROM ${BUILD_IMAGE} +ENV GOPROXY=https://proxy.golang.org|direct +ENV GO111MODULE=off +ENV GOPATH=/go +ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin +ENV AUTO_GOPATH 1 +ENV DOCKER_BUILDTAGS exclude_graphdriver_btrfs +ARG DISTRO +ARG SUITE +ENV DISTRO=${DISTRO} +ENV SUITE=${SUITE} + +RUN yum install -y rpm-build rpmlint libarchive yum-utils +COPY SPECS /root/rpmbuild/SPECS + +# TODO change once we support scan-plugin on other architectures +RUN \ + if [ "$(uname -m)" = "x86_64" ]; then \ + yum-builddep --define '_without_btrfs 1' -y /root/rpmbuild/SPECS/*.spec; \ + else \ + yum-builddep --define '_without_btrfs 1' -y /root/rpmbuild/SPECS/docker-c*.spec; \ + yum-builddep --define '_without_btrfs 1' -y /root/rpmbuild/SPECS/docker-b*.spec; \ + fi + +COPY --from=golang /usr/local/go /usr/local/go +WORKDIR /root/rpmbuild +ENTRYPOINT ["/bin/rpmbuild"] diff --git a/rpm/rhel-9/Dockerfile b/rpm/rhel-9/Dockerfile new file mode 100644 index 0000000000..724eec057f --- /dev/null +++ b/rpm/rhel-9/Dockerfile @@ -0,0 +1,34 @@ +ARG GO_IMAGE +ARG DISTRO=rhel +ARG SUITE=9 +ARG BUILD_IMAGE=dockereng/${DISTRO}:${SUITE}-s390x + +FROM ${GO_IMAGE} AS golang + +FROM ${BUILD_IMAGE} +ENV GOPROXY=https://proxy.golang.org|direct +ENV GO111MODULE=off +ENV GOPATH=/go +ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin +ENV AUTO_GOPATH 1 +ENV DOCKER_BUILDTAGS exclude_graphdriver_btrfs +ARG DISTRO +ARG SUITE +ENV DISTRO=${DISTRO} +ENV SUITE=${SUITE} + +RUN yum install -y rpm-build rpmlint libarchive yum-utils +COPY SPECS /root/rpmbuild/SPECS + +# TODO change once we support scan-plugin on other architectures +RUN \ + if [ "$(uname -m)" = "x86_64" ]; then \ + yum-builddep --define '_without_btrfs 1' -y /root/rpmbuild/SPECS/*.spec; \ + else \ + yum-builddep --define '_without_btrfs 1' -y /root/rpmbuild/SPECS/docker-c*.spec; \ + yum-builddep --define '_without_btrfs 1' -y /root/rpmbuild/SPECS/docker-b*.spec; \ + fi + +COPY --from=golang /usr/local/go /usr/local/go +WORKDIR /root/rpmbuild +ENTRYPOINT ["/bin/rpmbuild"] diff --git a/rpm/sles-15/Dockerfile b/rpm/sles-15/Dockerfile new file mode 100644 index 0000000000..e84c8c0b55 --- /dev/null +++ b/rpm/sles-15/Dockerfile @@ -0,0 +1,41 @@ +ARG GO_IMAGE +ARG DISTRO=sles +ARG SUITE=15 +ARG BUILD_IMAGE=dockereng/${DISTRO}:${SUITE}-s390x + +FROM ${GO_IMAGE} AS golang + +FROM ${BUILD_IMAGE} +ENV GOPROXY=https://proxy.golang.org|direct +ENV GO111MODULE=off +ENV GOPATH /go +ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin +ENV AUTO_GOPATH 1 +ARG DISTRO +ARG SUITE +ENV DISTRO=${DISTRO} +ENV SUITE=${SUITE} + +COPY SPECS /usr/src/packages/SPECS +COPY rpmbuild/SOURCES/ /usr/src/packages/SOURCES/ +RUN zypper -n install $(rpmspec --parse /usr/src/packages/SPECS/sles_dependencies.spec | grep BuildRequires | cut -d' ' -f2 | xargs) +RUN rpmbuild -bb /usr/src/packages/SPECS/policycoreutils.spec +RUN rpm -i /usr/src/packages/RPMS/s390x/policycoreutils-3.4-1.s390x.rpm \ +&& sles_version=$(lsb_release -r | rev | cut -c1) \ +&& opensuse_repo="https://download.opensuse.org/repositories/security:SELinux/15.$sles_version/security:SELinux.repo" \ +&& zypper addrepo $opensuse_repo \ +&& zypper --gpg-auto-import-keys refresh && zypper install -y selinux-policy selinux-policy-devel device-mapper-devel \ +&& mkdir -p /root/rpmbuild/ && cp -r /usr/src/packages/* /root/rpmbuild/ + +# TODO change once we support scan-plugin on other architectures +RUN \ + if [ "$(uname -m)" = "x86" ]; then \ + rpmbuild -y /root/rpmbuild/SPECS/*.spec; \ + else \ + rpmbuild -y /root/rpmbuild/SPECS/docker-c*.spec; \ + rpmbuild -y /root/rpmbuild/SPECS/docker-b*.spec; \ + fi + +COPY --from=golang /usr/local/go /usr/local/go +WORKDIR /root/rpmbuild +ENTRYPOINT ["/usr/bin/rpmbuild"]