forked from nestybox/sysbox
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathMakefile
372 lines (294 loc) · 12.7 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
#
# Sysbox Makefile
#
.PHONY: sysbox sysbox-static \
sysbox-runc sysbox-runc-static sysbox-runc-debug \
sysbox-fs sysbox-fs-static sysbox-fs-debug \
sysbox-mgr sysbox-mgr-static sysbox-mgr-debug \
sysbox-ipc \
install uninstall \
test \
test-sysbox test-sysbox-ci test-sysbox-shiftuid test-sysbox-shiftuid-ci test-sysbox-local \
test-runc test-fs test-mgr \
test-shell test-shell-shiftuid \
test-fs-local test-mgr-local \
test-img test-cleanup \
listRuncPkgs listFsPkgs listMgrPkgs \
pjdfstest pjdfstest-clean \
clean
export SHELL=bash
ifeq ($(HOSTNAME),)
export HOSTNAME=$(shell hostname)
endif
# Source-code paths of the sysbox binary targets.
SYSRUNC_DIR := sysbox-runc
SYSFS_DIR := sysbox-fs
SYSMGR_DIR := sysbox-mgr
SYSIPC_DIR := sysbox-ipc
LIB_SECCOMP_DIR := sysbox-libs/libseccomp-golang
# Consider to have this one moved out within sysbox-runc folder.
SYSRUNC_BUILDTAGS := seccomp apparmor
PROJECT := /root/nestybox/sysbox
# Sysbox binary targets destination.
ifeq ($(DESTDIR),)
INSTALL_DIR := /usr/local/sbin
else
INSTALL_DIR := ${DESTDIR}
endif
TEST_DIR := $(CURDIR)/tests
TEST_IMAGE := sysbox-test
# Host kernel info
KERNEL_REL := $(shell uname -r)
export KERNEL_REL
# Sysbox image-generation globals utilized during the testing of sysbox installer.
IMAGE_BASE_DISTRO := $(shell lsb_release -is | tr '[:upper:]' '[:lower:]')
ifeq ($(IMAGE_BASE_DISTRO), centos)
IMAGE_BASE_RELEASE := $(shell lsb_release -ds | tr -dc '0-9.' | cut -d'.' -f1)
else
IMAGE_BASE_RELEASE := $(shell lsb_release -cs)
endif
IMAGE_FILE_PATH := image/deb/debbuild/$(IMAGE_BASE_DISTRO)-$(IMAGE_BASE_RELEASE)
IMAGE_FILE_NAME := sysbox_$(VERSION)-0.$(IMAGE_BASE_DISTRO)-$(IMAGE_BASE_RELEASE)_amd64.deb
# Volumes to mount into the privileged test container. These are
# required because certain mounts inside the test container can't
# be backed by overlayfs (e.g., /var/lib/docker, /var/lib/sysbox, etc.).
# Note that the volumes must not be on tmpfs either, because the
# docker engine inside the privileged test container will mount overlayfs
# on top , and overlayfs can't be mounted on top of tmpfs.
TEST_VOL1 := /var/tmp/sysbox-test-var-lib-docker
TEST_VOL2 := /var/tmp/sysbox-test-var-lib-sysbox
TEST_VOL3 := /var/tmp/sysbox-test-scratch
export TEST_VOL1
export TEST_VOL2
export TEST_VOL3
# In scenarios where the egress-interface's mtu is lower than expected (1500 bytes),
# we must explicitly configure dockerd with such a value.
EGRESS_IFACE := $(shell ip route show | awk '/default via/ {print $$5}')
EGRESS_IFACE_MTU := $(shell ip link show dev $(EGRESS_IFACE) | awk '/mtu/ {print $$5}')
# Find out if 'shiftfs' module is present.
SHIFTUID_ON := $(shell modprobe shiftfs >/dev/null 2>&1 && lsmod | grep shiftfs)
# libseccomp (used by Sysbox components)
LIBSECCOMP := sysbox-libs/libseccomp/src/.libs/libseccomp.a
LIBSECCOMP_DIR := sysbox-libs/libseccomp
LIBSECCOMP_SRC := $(shell find $(LIBSECCOMP_DIR)/src 2>&1 | grep -E '.*\.(c|h)')
LIBSECCOMP_SRC += $(shell find $(LIBSECCOMP_DIR)/include 2>&1 | grep -E '.*\.h')
#
# build targets
# TODO: parallelize building of runc, fs, and mgr; note that grpc must be built before these.
#
.DEFAULT := help
help:
@awk 'BEGIN {FS = ":.*##"; printf "\n\033[1mUsage:\n make \033[36m<target>\033[0m\n"} \
/^[a-zA-Z_-]+:.*?##/ { printf " \033[36m%-22s\033[0m %s\n", $$1, $$2 } /^##@/ \
{ printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
##@ Building targets
DOCKER_SYSBOX_BLD := docker run --privileged --rm \
--hostname sysbox-build \
--name sysbox-build \
-v $(CURDIR):$(PROJECT) \
-v $(GOPATH)/pkg/mod:/go/pkg/mod \
-v /lib/modules/$(KERNEL_REL):/lib/modules/$(KERNEL_REL):ro \
-v /usr/src/$(HEADERS):/usr/src/$(HEADERS):ro \
-v /usr/src/$(HEADERS_BASE):/usr/src/$(HEADERS_BASE):ro \
-v /usr/include/linux/seccomp.h:/usr/include/linux/seccomp.h:ro \
$(TEST_IMAGE)
sysbox: ## Build sysbox
sysbox: test-img
@printf "\n** Building sysbox **\n\n"
$(DOCKER_SYSBOX_BLD) /bin/bash -c "buildContainerInit sysbox-local"
sysbox-debug: ## Build sysbox (with debug symbols)
sysbox-debug: test-img
@printf "\n** Building sysbox **\n\n"
$(DOCKER_SYSBOX_BLD) /bin/bash -c "buildContainerInit sysbox-debug-local"
sysbox-static: ## Build sysbox (static linking)
sysbox-static: test-img
@printf "\n** Building sysbox **\n\n"
$(DOCKER_SYSBOX_BLD) /bin/bash -c "buildContainerInit sysbox-static-local"
sysbox-local: sysbox-runc sysbox-fs sysbox-mgr
@echo $(HOSTNAME) > .buildinfo
sysbox-debug-local: sysbox-runc-debug sysbox-fs-debug sysbox-mgr-debug
sysbox-static-local: sysbox-runc-static sysbox-fs-static sysbox-mgr-static
sysbox-runc: $(LIBSECCOMP) sysbox-ipc
@cd $(SYSRUNC_DIR) && make BUILDTAGS="$(SYSRUNC_BUILDTAGS)"
sysbox-runc-debug: sysbox-ipc
@cd $(SYSRUNC_DIR) && make BUILDTAGS="$(SYSRUNC_BUILDTAGS)" sysbox-runc-debug
sysbox-runc-static: sysbox-ipc
@cd $(SYSRUNC_DIR) && make static
sysbox-fs: $(LIBSECCOMP) sysbox-ipc
@cd $(SYSFS_DIR) && make
sysbox-fs-debug: sysbox-ipc
@cd $(SYSFS_DIR) && make sysbox-fs-debug
sysbox-fs-static: sysbox-ipc
@cd $(SYSFS_DIR) && make sysbox-fs-static
sysbox-mgr: sysbox-ipc
@cd $(SYSMGR_DIR) && make
sysbox-mgr-debug: sysbox-ipc
@cd $(SYSMGR_DIR) && make sysbox-mgr-debug
sysbox-mgr-static: sysbox-ipc
@cd $(SYSMGR_DIR) && make sysbox-mgr-static
sysbox-ipc:
@cd $(SYSIPC_DIR) && make sysbox-ipc
$(LIBSECCOMP): $(LIBSECCOMP_SRC)
@echo "Building libseccomp ..."
@cd $(LIBSECCOMP_DIR) && ./autogen.sh && ./configure && make
@echo "Building libseccomp completed."
#
# install targets (require root privileges)
#
##@ Installation targets
install: ## Install all sysbox binaries (requires root privileges)
install -D -m0755 sysbox-fs/sysbox-fs $(INSTALL_DIR)/sysbox-fs
install -D -m0755 sysbox-mgr/sysbox-mgr $(INSTALL_DIR)/sysbox-mgr
install -D -m0755 sysbox-runc/sysbox-runc $(INSTALL_DIR)/sysbox-runc
install -D -m0755 scr/sysbox $(INSTALL_DIR)/sysbox
uninstall: ## Uninstall all sysbox binaries (requires root privileges)
rm -f $(INSTALL_DIR)/sysbox
rm -f $(INSTALL_DIR)/sysbox-fs
rm -f $(INSTALL_DIR)/sysbox-mgr
rm -f $(INSTALL_DIR)/sysbox-runc
#
# Test targets
#
# These targets run Sysbox tests within a privileged test container.
# they are meant as development tests.
#
HEADERS := linux-headers-$(KERNEL_REL)
export HEADERS
# hacky: works on ubuntu but may not work on other distros
HEADERS_BASE := $(shell find /usr/src/$(HEADERS) -maxdepth 1 -type l -exec readlink {} \; | cut -d"/" -f2 | head -1)
export HEADERS_BASE
# Alternative: reads symlinks and finds longest common prefix with sed (works on shell but fails on makefile for some reason)
# HEADERS_BASE := $(shell find /usr/src/$(HEADERS) -maxdepth 1 -type l -exec readlink -f {} \; | uniq | sed -e 's,$,/,;1{h;d;}' -e 'G;s,\(.*/\).*\n\1.*,\1,;h;$!d;s,/$,,' )
DOCKER_RUN := docker run -it --privileged --rm \
--hostname sysbox-test \
--name sysbox-test \
-v $(CURDIR):$(PROJECT) \
-v $(TEST_VOL1):/var/lib/docker \
-v $(TEST_VOL2):/var/lib/sysbox \
-v $(TEST_VOL3):/mnt/scratch \
-v $(GOPATH)/pkg/mod:/go/pkg/mod \
-v /lib/modules/$(KERNEL_REL):/lib/modules/$(KERNEL_REL):ro \
-v /usr/src/$(HEADERS):/usr/src/$(HEADERS):ro \
-v /usr/src/$(HEADERS_BASE):/usr/src/$(HEADERS_BASE):ro \
-v /usr/include/linux/seccomp.h:/usr/include/linux/seccomp.h:ro \
$(TEST_IMAGE)
##@ Testing targets
test: ## Run all sysbox test suites
test: test-fs test-mgr test-runc test-sysbox test-sysbox-shiftuid
test-sysbox: ## Run sysbox integration tests
test-sysbox: test-img
@printf "\n** Running sysbox integration tests **\n\n"
$(TEST_DIR)/scr/testContainerPre $(TEST_VOL1) $(TEST_VOL2) $(TEST_VOL3)
$(DOCKER_RUN) /bin/bash -c "export PHY_EGRESS_IFACE_MTU=$(EGRESS_IFACE_MTU) && \
testContainerInit && make test-sysbox-local TESTPATH=$(TESTPATH)"
test-sysbox-ci: ## Run sysbox integration tests (continuous integration)
test-sysbox-ci: test-img test-fs test-mgr
@printf "\n** Running sysbox integration tests **\n\n"
$(TEST_DIR)/scr/testContainerPre $(TEST_VOL1) $(TEST_VOL2) $(TEST_VOL3)
$(DOCKER_RUN) /bin/bash -c "export PHY_EGRESS_IFACE_MTU=$(EGRESS_IFACE_MTU) && \
testContainerInit && make test-sysbox-local-ci TESTPATH=$(TESTPATH)"
test-sysbox-shiftuid: ## Run sysbox integration tests with uid-shifting (shiftfs)
test-sysbox-shiftuid: test-img
ifeq ($(SHIFTUID_ON), )
@printf "\n** No shiftfs module found. Skipping $@ target. **\n\n"
else
@printf "\n** Running sysbox integration tests (with uid shifting) **\n\n"
$(TEST_DIR)/scr/testContainerPre $(TEST_VOL1) $(TEST_VOL2) $(TEST_VOL3)
$(DOCKER_RUN) /bin/bash -c "export PHY_EGRESS_IFACE_MTU=$(EGRESS_IFACE_MTU) && \
export SHIFT_UIDS=true && testContainerInit && \
make test-sysbox-local TESTPATH=$(TESTPATH)"
endif
test-sysbox-shiftuid-ci: ## Run sysbox integration tests with uid-shifting (shiftfs) (continuous integration)
test-sysbox-shiftuid-ci: test-img test-fs test-mgr
ifeq ($(SHIFTUID_ON), )
@printf "\n** No shiftfs module found. Skipping $@ target. **\n\n"
else
@printf "\n** Running sysbox integration tests (with uid shifting) **\n\n"
$(TEST_DIR)/scr/testContainerPre $(TEST_VOL1) $(TEST_VOL2) $(TEST_VOL3)
$(DOCKER_RUN) /bin/bash -c "export PHY_EGRESS_IFACE_MTU=$(EGRESS_IFACE_MTU) && \
export SHIFT_UIDS=true && testContainerInit && \
make test-sysbox-local-ci TESTPATH=$(TESTPATH)"
endif
test-runc: ## Run sysbox-runc unit & integration tests
test-runc: $(LIBSECCOMP) sysbox-ipc
@printf "\n** Running sysbox-runc unit & integration tests **\n\n"
cd $(SYSRUNC_DIR) && make clean && make BUILDTAGS="$(SYSRUNC_BUILDTAGS)" test
test-fs: ## Run sysbox-fs unit tests
test-fs: test-img
@printf "\n** Running sysbox-fs unit tests **\n\n"
$(DOCKER_RUN) /bin/bash -c "make --no-print-directory test-fs-local"
test-mgr: ## Run sysbox-mgr unit tests
test-mgr: test-img
@printf "\n** Running sysbox-mgr unit tests **\n\n"
$(DOCKER_RUN) /bin/bash -c "make --no-print-directory test-mgr-local"
test-shell: ## Get a shell in the test container (useful for debug)
test-shell: test-img
$(TEST_DIR)/scr/testContainerPre $(TEST_VOL1) $(TEST_VOL2) $(TEST_VOL3)
$(DOCKER_RUN) /bin/bash -c "export PHY_EGRESS_IFACE_MTU=$(EGRESS_IFACE_MTU) && \
testContainerInit && /bin/bash"
test-shell-shiftuid: ## Get a shell in the test container with uid-shifting
test-shell-shiftuid: test-img
$(TEST_DIR)/scr/testContainerPre $(TEST_VOL1) $(TEST_VOL2) $(TEST_VOL3)
$(DOCKER_RUN) /bin/bash -c "export PHY_EGRESS_IFACE_MTU=$(EGRESS_IFACE_MTU) && \
export SHIFT_UIDS=true && testContainerInit && /bin/bash"
test-img: ## Build test container image
test-img:
@printf "\n** Building the test container **\n\n"
@cd $(TEST_DIR) && docker build -t $(TEST_IMAGE) \
-f Dockerfile.$(IMAGE_BASE_DISTRO)-$(IMAGE_BASE_RELEASE) .
test-cleanup: ## Clean up sysbox integration tests (requires root privileges)
test-cleanup: test-img
@printf "\n** Cleaning up sysbox integration tests **\n\n"
$(DOCKER_RUN) /bin/bash -c "testContainerCleanup"
$(TEST_DIR)/scr/testContainerPost $(TEST_VOL1) $(TEST_VOL2) $(TEST_VOL3)
#
# Local test targets (these are invoked from within the test container
# by the test target above); in theory they can run directly on a host
# machine, but they require root privileges and might messup the state
# of the host.
#
test-sysbox-local:
$(TEST_DIR)/scr/testSysbox $(TESTPATH)
test-sysbox-local-ci:
$(TEST_DIR)/scr/testSysboxCI $(TESTPATH)
test-fs-local: sysbox-ipc
cd $(SYSFS_DIR) && go test -timeout 3m -v $(fsPkgs)
test-mgr-local: sysbox-ipc
dockerd > /var/log/dockerd.log 2>&1 &
sleep 2
cd $(SYSMGR_DIR) && go test -timeout 3m -v $(mgrPkgs)
#
# Misc targets
#
# recvtty is a tool inside the sysbox-runc repo that is needed by some integration tests
sysbox-runc-recvtty:
@cd $(SYSRUNC_DIR) && make recvtty
#
# Misc targets
#
listRuncPkgs:
@echo $(runcPkgs)
listFsPkgs:
@echo $(fsPkgs)
listMgrPkgs:
@echo $(mgrPkgs)
#
# cleanup targets
#
##@ Cleaning targets
clean: ## Eliminate sysbox binaries
clean:
cd $(SYSRUNC_DIR) && make clean
cd $(SYSFS_DIR) && make clean
cd $(SYSMGR_DIR) && make clean
cd $(SYSIPC_DIR) && make clean
clean_libseccomp: ## Clean libseccomp
clean_libseccomp:
cd $(LIBSECCOMP_DIR) && sudo make distclean
# memoize all packages once
_runcPkgs = $(shell cd $(SYSRUNC_DIR) && go list ./... | grep -v vendor)
runcPkgs = $(if $(__runcPkgs),,$(eval __runcPkgs := $$(_runcPkgs)))$(__runcPkgs)
_fsPkgs = $(shell cd $(SYSFS_DIR) && go list ./... | grep -v vendor)
fsPkgs = $(if $(__fsPkgs),,$(eval __fsPkgs := $$(_fsPkgs)))$(__fsPkgs)
_mgrPkgs = $(shell cd $(SYSMGR_DIR) && go list ./... | grep -v vendor)
mgrPkgs = $(if $(__mgrPkgs),,$(eval __mgrPkgs := $$(_mgrPkgs)))$(__mgrPkgs)