github.com/opencontainers/runc@v1.2.0-rc.1.0.20240520010911-492dc558cdd6/Makefile (about) 1 SHELL = /bin/bash 2 3 CONTAINER_ENGINE := docker 4 GO ?= go 5 6 # Get CC values for cross-compilation. 7 include cc_platform.mk 8 9 PREFIX ?= /usr/local 10 BINDIR := $(PREFIX)/sbin 11 MANDIR := $(PREFIX)/share/man 12 13 GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null) 14 GIT_BRANCH_CLEAN := $(shell echo $(GIT_BRANCH) | sed -e "s/[^[:alnum:]]/-/g") 15 RUNC_IMAGE := runc_dev$(if $(GIT_BRANCH_CLEAN),:$(GIT_BRANCH_CLEAN)) 16 PROJECT := github.com/opencontainers/runc 17 BUILDTAGS ?= seccomp urfave_cli_no_docs 18 BUILDTAGS += $(EXTRA_BUILDTAGS) 19 20 COMMIT ?= $(shell git describe --dirty --long --always) 21 VERSION ?= $(shell cat ./VERSION) 22 LDFLAGS_COMMON := -X main.gitCommit=$(COMMIT) -X main.version=$(VERSION) 23 24 GOARCH := $(shell $(GO) env GOARCH) 25 26 GO_BUILDMODE := 27 # Enable dynamic PIE executables on supported platforms. 28 ifneq (,$(filter $(GOARCH),386 amd64 arm arm64 ppc64le riscv64 s390x)) 29 ifeq (,$(findstring -race,$(EXTRA_FLAGS))) 30 GO_BUILDMODE := "-buildmode=pie" 31 endif 32 endif 33 GO_BUILD := $(GO) build -trimpath $(GO_BUILDMODE) \ 34 $(EXTRA_FLAGS) -tags "$(BUILDTAGS)" \ 35 -ldflags "$(LDFLAGS_COMMON) $(EXTRA_LDFLAGS)" 36 37 GO_BUILDMODE_STATIC := 38 LDFLAGS_STATIC := -extldflags -static 39 # Enable static PIE executables on supported platforms. 40 # This (among the other things) requires libc support (rcrt1.o), which seems 41 # to be available only for arm64 and amd64 (Debian Bullseye). 42 ifneq (,$(filter $(GOARCH),arm64 amd64)) 43 ifeq (,$(findstring -race,$(EXTRA_FLAGS))) 44 GO_BUILDMODE_STATIC := -buildmode=pie 45 LDFLAGS_STATIC := -linkmode external -extldflags -static-pie 46 endif 47 endif 48 # Enable static PIE binaries on supported platforms. 49 GO_BUILD_STATIC := $(GO) build -trimpath $(GO_BUILDMODE_STATIC) \ 50 $(EXTRA_FLAGS) -tags "$(BUILDTAGS) netgo osusergo" \ 51 -ldflags "$(LDFLAGS_COMMON) $(LDFLAGS_STATIC) $(EXTRA_LDFLAGS)" 52 53 GPG_KEYID ?= asarai@suse.de 54 55 # Some targets need cgo, which is disabled by default when cross compiling. 56 # Enable cgo explicitly for those. 57 # Both runc and libcontainer/integration need libcontainer/nsenter. 58 runc static localunittest: export CGO_ENABLED=1 59 # seccompagent needs libseccomp (when seccomp build tag is set). 60 ifneq (,$(filter $(BUILDTAGS),seccomp)) 61 seccompagent: export CGO_ENABLED=1 62 endif 63 64 .DEFAULT: runc 65 66 .PHONY: runc 67 runc: runc-bin verify-dmz-arch 68 69 .PHONY: runc-bin 70 runc-bin: runc-dmz 71 $(GO_BUILD) -o runc . 72 73 .PHONY: all 74 all: runc recvtty sd-helper seccompagent fs-idmap memfd-bind pidfd-kill remap-rootfs 75 76 .PHONY: recvtty sd-helper seccompagent fs-idmap memfd-bind pidfd-kill remap-rootfs 77 recvtty sd-helper seccompagent fs-idmap memfd-bind pidfd-kill remap-rootfs: 78 $(GO_BUILD) -o contrib/cmd/$@/$@ ./contrib/cmd/$@ 79 80 .PHONY: clean 81 clean: 82 rm -f runc runc-* libcontainer/dmz/binary/runc-dmz 83 rm -f contrib/cmd/recvtty/recvtty 84 rm -f contrib/cmd/sd-helper/sd-helper 85 rm -f contrib/cmd/seccompagent/seccompagent 86 rm -f contrib/cmd/fs-idmap/fs-idmap 87 rm -f contrib/cmd/memfd-bind/memfd-bind 88 rm -f contrib/cmd/pidfd-kill/pidfd-kill 89 rm -f contrib/cmd/remap-rootfs/remap-rootfs 90 sudo rm -rf release 91 rm -rf man/man8 92 93 .PHONY: static 94 static: static-bin verify-dmz-arch 95 96 .PHONY: static-bin 97 static-bin: runc-dmz 98 $(GO_BUILD_STATIC) -o runc . 99 100 .PHONY: runc-dmz 101 runc-dmz: 102 rm -f libcontainer/dmz/binary/runc-dmz 103 $(GO) generate -tags "$(BUILDTAGS)" ./libcontainer/dmz 104 105 .PHONY: releaseall 106 releaseall: RELEASE_ARGS := "-a 386 -a amd64 -a arm64 -a armel -a armhf -a ppc64le -a riscv64 -a s390x" 107 releaseall: release 108 109 .PHONY: release 110 release: runcimage 111 $(CONTAINER_ENGINE) run $(CONTAINER_ENGINE_RUN_FLAGS) \ 112 --rm -v $(CURDIR):/go/src/$(PROJECT) \ 113 -e RELEASE_ARGS=$(RELEASE_ARGS) \ 114 $(RUNC_IMAGE) make localrelease 115 script/release_sign.sh -S $(GPG_KEYID) -r release/$(VERSION) -v $(VERSION) 116 117 .PHONY: localrelease 118 localrelease: verify-changelog 119 script/release_build.sh -r release/$(VERSION) -v $(VERSION) $(RELEASE_ARGS) 120 121 .PHONY: dbuild 122 dbuild: runcimage 123 $(CONTAINER_ENGINE) run $(CONTAINER_ENGINE_RUN_FLAGS) \ 124 --privileged --rm \ 125 -v $(CURDIR):/go/src/$(PROJECT) \ 126 $(RUNC_IMAGE) make clean all 127 128 .PHONY: lint 129 lint: 130 golangci-lint run ./... 131 132 .PHONY: man 133 man: 134 man/md2man-all.sh 135 136 .PHONY: runcimage 137 runcimage: 138 $(CONTAINER_ENGINE) build $(CONTAINER_ENGINE_BUILD_FLAGS) -t $(RUNC_IMAGE) . 139 140 .PHONY: test 141 test: unittest integration rootlessintegration 142 143 .PHONY: localtest 144 localtest: localunittest localintegration localrootlessintegration 145 146 .PHONY: unittest 147 unittest: runcimage 148 $(CONTAINER_ENGINE) run $(CONTAINER_ENGINE_RUN_FLAGS) \ 149 -t --privileged --rm \ 150 -v /lib/modules:/lib/modules:ro \ 151 -v $(CURDIR):/go/src/$(PROJECT) \ 152 $(RUNC_IMAGE) make localunittest TESTFLAGS="$(TESTFLAGS)" 153 154 .PHONY: localunittest 155 localunittest: all 156 $(GO) test -timeout 3m -tags "$(BUILDTAGS)" $(TESTFLAGS) -v ./... 157 158 .PHONY: integration 159 integration: runcimage 160 $(CONTAINER_ENGINE) run $(CONTAINER_ENGINE_RUN_FLAGS) \ 161 -t --privileged --rm \ 162 -v /lib/modules:/lib/modules:ro \ 163 -v $(CURDIR):/go/src/$(PROJECT) \ 164 $(RUNC_IMAGE) make localintegration TESTPATH="$(TESTPATH)" 165 166 .PHONY: localintegration 167 localintegration: all 168 bats -t tests/integration$(TESTPATH) 169 170 .PHONY: rootlessintegration 171 rootlessintegration: runcimage 172 $(CONTAINER_ENGINE) run $(CONTAINER_ENGINE_RUN_FLAGS) \ 173 -t --privileged --rm \ 174 -v $(CURDIR):/go/src/$(PROJECT) \ 175 -e ROOTLESS_TESTPATH \ 176 $(RUNC_IMAGE) make localrootlessintegration 177 178 .PHONY: localrootlessintegration 179 localrootlessintegration: all 180 tests/rootless.sh 181 182 .PHONY: shell 183 shell: runcimage 184 $(CONTAINER_ENGINE) run $(CONTAINER_ENGINE_RUN_FLAGS) \ 185 -ti --privileged --rm \ 186 -v $(CURDIR):/go/src/$(PROJECT) \ 187 $(RUNC_IMAGE) bash 188 189 .PHONY: install 190 install: 191 install -D -m0755 runc $(DESTDIR)$(BINDIR)/runc 192 193 .PHONY: install-bash 194 install-bash: 195 install -D -m0644 contrib/completions/bash/runc $(DESTDIR)$(PREFIX)/share/bash-completion/completions/runc 196 197 .PHONY: install-man 198 install-man: man 199 install -d -m 755 $(DESTDIR)$(MANDIR)/man8 200 install -D -m 644 man/man8/*.8 $(DESTDIR)$(MANDIR)/man8 201 202 .PHONY: cfmt 203 cfmt: C_SRC=$(shell git ls-files '*.c' | grep -v '^vendor/') 204 cfmt: 205 indent -linux -l120 -il0 -ppi2 -cp1 -T size_t -T jmp_buf $(C_SRC) 206 207 .PHONY: shellcheck 208 shellcheck: 209 shellcheck tests/integration/*.bats tests/integration/*.sh \ 210 tests/integration/*.bash tests/*.sh \ 211 man/*.sh script/* 212 # TODO: add shellcheck for more sh files (contrib/completions/bash/runc). 213 214 .PHONY: shfmt 215 shfmt: 216 $(CONTAINER_ENGINE) run $(CONTAINER_ENGINE_RUN_FLAGS) \ 217 --rm -v $(CURDIR):/src -w /src \ 218 mvdan/shfmt:v3.5.1 -d -w . 219 220 .PHONY: localshfmt 221 localshfmt: 222 shfmt -d -w . 223 224 .PHONY: vendor 225 vendor: 226 $(GO) mod tidy 227 $(GO) mod vendor 228 $(GO) mod verify 229 230 .PHONY: verify-changelog 231 verify-changelog: 232 # No space at EOL. 233 ! grep -n '\s$$' CHANGELOG.md 234 # Period before issue/PR references. 235 ! grep -n '[0-9a-zA-Z][^.] (#[1-9][0-9, #]*)$$' CHANGELOG.md 236 237 .PHONY: verify-dependencies 238 verify-dependencies: vendor 239 @test -z "$$(git status --porcelain -- go.mod go.sum vendor/)" \ 240 || (echo -e "git status:\n $$(git status -- go.mod go.sum vendor/)\nerror: vendor/, go.mod and/or go.sum not up to date. Run \"make vendor\" to update"; exit 1) \ 241 && echo "all vendor files are up to date." 242 243 .PHONY: verify-dmz-arch 244 verify-dmz-arch: 245 @if test -s libcontainer/dmz/binary/runc-dmz; then \ 246 set -Eeuo pipefail; \ 247 export LC_ALL=C; \ 248 diff -u \ 249 <(readelf -h runc | grep -E "(Machine|Flags):") \ 250 <(readelf -h libcontainer/dmz/binary/runc-dmz | grep -E "(Machine|Flags):"); \ 251 fi 252 253 .PHONY: validate-keyring 254 validate-keyring: 255 script/keyring_validate.sh