github.com/opencontainers/runc@v1.2.0-rc.1.0.20240520010911-492dc558cdd6/script/release_build.sh (about) 1 #!/bin/bash 2 # Copyright (C) 2017 SUSE LLC. 3 # Copyright (C) 2017-2021 Open Containers Authors 4 # 5 # Licensed under the Apache License, Version 2.0 (the "License"); 6 # you may not use this file except in compliance with the License. 7 # You may obtain a copy of the License at 8 # 9 # http://www.apache.org/licenses/LICENSE-2.0 10 # 11 # Unless required by applicable law or agreed to in writing, software 12 # distributed under the License is distributed on an "AS IS" BASIS, 13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 # See the License for the specific language governing permissions and 15 # limitations under the License. 16 17 set -e 18 19 ## ---> 20 # Project-specific options and functions. In *theory* you shouldn't need to 21 # touch anything else in this script in order to use this elsewhere. 22 : "${LIBSECCOMP_VERSION:=2.5.5}" 23 project="runc" 24 root="$(readlink -f "$(dirname "${BASH_SOURCE[0]}")/..")" 25 26 # shellcheck source=./script/lib.sh 27 source "$root/script/lib.sh" 28 29 # This function takes an output path as an argument, where the built 30 # (preferably static) binary should be placed. 31 # Parameters: 32 # $1 -- destination directory to place build artefacts to. 33 # $2 -- native architecture (a .suffix for a native binary file name). 34 # $@ -- additional architectures to cross-build for. 35 function build_project() { 36 local builddir 37 builddir="$(dirname "$1")" 38 shift 39 local native_arch="$1" 40 shift 41 local arches=("$@") 42 43 # Assume that if /opt/libseccomp exists, then we are run 44 # via Dockerfile, and seccomp is already built. 45 local seccompdir=/opt/libseccomp temp_dir 46 if [ ! -d "$seccompdir" ]; then 47 temp_dir="$(mktemp -d)" 48 seccompdir="$temp_dir" 49 # Download and build libseccomp. 50 "$root/script/seccomp.sh" "$LIBSECCOMP_VERSION" "$seccompdir" "${arches[@]}" 51 fi 52 53 # For reproducible builds, add these to EXTRA_LDFLAGS: 54 # -w to disable DWARF generation; 55 # -s to disable symbol table; 56 # -buildid= to remove variable build id. 57 local ldflags="-w -s -buildid=" 58 # Add -a to go build flags to make sure it links against 59 # the provided libseccomp, not the system one (otherwise 60 # it can reuse cached pkg-config results). 61 local make_args=(COMMIT_NO= EXTRA_FLAGS="-a" EXTRA_LDFLAGS="${ldflags}" static) 62 63 # Save the original cflags. 64 local original_cflags="${CFLAGS:-}" 65 66 # Build for all requested architectures. 67 local arch 68 for arch in "${arches[@]}"; do 69 # Reset CFLAGS. 70 CFLAGS="$original_cflags" 71 set_cross_vars "$arch" 72 make -C "$root" \ 73 PKG_CONFIG_PATH="$seccompdir/$arch/lib/pkgconfig" \ 74 "${make_args[@]}" 75 "$STRIP" "$root/$project" 76 mv "$root/$project" "$builddir/$project.$arch" 77 done 78 79 # Sanity check: make sure libseccomp version is as expected. 80 local ver 81 ver=$("$builddir/$project.$native_arch" --version | awk '$1 == "libseccomp:" {print $2}') 82 if [ "$ver" != "$LIBSECCOMP_VERSION" ]; then 83 echo >&2 "libseccomp version mismatch: want $LIBSECCOMP_VERSION, got $ver" 84 exit 1 85 fi 86 87 # Copy libseccomp source tarball. 88 cp "$seccompdir"/src/* "$builddir" 89 90 # Clean up. 91 if [ -n "$tempdir" ]; then 92 rm -rf "$tempdir" 93 fi 94 } 95 96 # End of the easy-to-configure portion. 97 ## <--- 98 99 # Print usage information. 100 function usage() { 101 echo "usage: release_build.sh [-a <cross-arch>]... [-c <commit-ish>] [-H <hashcmd>]" >&2 102 echo " [-r <release-dir>] [-v <version>]" >&2 103 exit 1 104 } 105 106 # Log something to stderr. 107 function log() { 108 echo "[*] $*" >&2 109 } 110 111 # Log something to stderr and then exit with 0. 112 function bail() { 113 log "$@" 114 exit 0 115 } 116 117 # When creating releases we need to build static binaries, an archive of the 118 # current commit, and generate detached signatures for both. 119 commit="HEAD" 120 version="" 121 releasedir="" 122 hashcmd="" 123 # Always build a native binary. 124 native_arch="$(go env GOARCH || echo "amd64")" 125 arches=("$native_arch") 126 127 while getopts "a:c:H:hr:v:" opt; do 128 case "$opt" in 129 a) 130 # Add architecture if not already present in arches. 131 if ! (printf "%s\0" "${arches[@]}" | grep -zqxF "$OPTARG"); then 132 arches+=("$OPTARG") 133 fi 134 ;; 135 c) 136 commit="$OPTARG" 137 ;; 138 H) 139 hashcmd="$OPTARG" 140 ;; 141 h) 142 usage 143 ;; 144 r) 145 releasedir="$OPTARG" 146 ;; 147 v) 148 version="$OPTARG" 149 ;; 150 :) 151 echo "Missing argument: -$OPTARG" >&2 152 usage 153 ;; 154 \?) 155 echo "Invalid option: -$OPTARG" >&2 156 usage 157 ;; 158 esac 159 done 160 161 version="${version:-$(<"$root/VERSION")}" 162 releasedir="${releasedir:-release/$version}" 163 hashcmd="${hashcmd:-sha256sum}" 164 # Suffixes of files to checksum/sign. 165 suffixes=("${arches[@]}" tar.xz) 166 167 log "creating $project release in '$releasedir'" 168 log " version: $version" 169 log " commit: $commit" 170 log " hash: $hashcmd" 171 172 # Make explicit what we're doing. 173 set -x 174 175 # Make the release directory. 176 rm -rf "$releasedir" && mkdir -p "$releasedir" 177 178 # Build project. 179 build_project "$releasedir/$project" "$native_arch" "${arches[@]}" 180 181 # Generate new archive. 182 git archive --format=tar --prefix="$project-$version/" "$commit" | xz >"$releasedir/$project.tar.xz" 183 184 # Generate sha256 checksums for binaries and libseccomp tarball. 185 ( 186 cd "$releasedir" 187 # Add $project. prefix to all suffixes. 188 "$hashcmd" "${suffixes[@]/#/$project.}" >"$project.$hashcmd" 189 )