new: arm64 support #143
new: arm64 support #143
Conversation
poiana
added
kind/cleanup
do-not-merge/work-in-progress
dco-signoff: yes
kind/feature
|
I am not getting why tests are failing. On my setup they pass with no issues. |
|
Builders:
It was a timeout issue. Increasing the timeout to 120 fixed the issue. I am going to increase the default timeout to 120.
The issue is only present on newest kernel (like 5.10+). For reference, i was able to build debian kernel |
|
NOTE to maintainers: should we document (at least in README) supported gcc/clang versions? |
Yes, please.
I would not tie the two things so tight right now... |
|
I will document them :) Thanks! |
| steps: | ||
| - checkout | ||
| - run: | ||
| name: Test | ||
| command: make test | ||
| "images": | ||
| docker: | ||
| - image: docker:stable | ||
| - image: cimg/base:stable |
There was a problem hiding this comment.
Switched to cimg/base:stable as it already provides docker buildx command for us, when a 20.10.x version of docker is requested.
| @@ -2,30 +2,29 @@ version: 2 | |||
| jobs: | |||
| "test": | |||
| docker: | |||
| - image: docker.io/golang:1.14.0 | |||
| - image: docker.io/golang:1.17.0 | |||
There was a problem hiding this comment.
Golang1.16 had an issue that prevented tests to pass.
Mmmh i am not sure: i think we need this; it is the easiest way: the distro builder specifies one of the supported gcc/clang, and based on that, the build processor will choose the correct builder image. I think i will open a PR once #113 is merged, to achieve that. We can then discuss on it :) |
Moreover, upload release binary package for arm64. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
…rting order. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
…rmations. Added readme about supported gcc and llvm versions and architectures. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
… the docker job. This allows us to use docker buildx already provided by circle ci image. See https://support.circleci.com/hc/en-us/articles/360058095471-How-To-Use-Docker-Buildx-in-Remote-Docker- for more info. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
Signed-off-by: Federico Di Pierro <nierro92@gmail.com> Co-authored-by: David Windsor <dwindsor@secureworks.com>
|
Uh, rebased on top of #113 🥇 |
|
/cc @dwindsor 🥳 |
pkg/driverbuilder/builder/vanilla.go
Outdated
| kv := kernelReleaseFromBuildConfig(c.Build) | ||
|
|
||
| var urls []string | ||
| if c.KernelUrls == nil { |
There was a problem hiding this comment.
Hmm, so if a user wants to specify e.g. one additional server in which to look for kernel-devel packages, IIUC he'd have to also enumerate all of the other URLs aside from the one he wants to add? I'm thinking the common use case here will be a user who wants to search for kernel packages from the usual locations plus additional locations? So maybe have --kernelurls be append by default?
There was a problem hiding this comment.
For me, kernelurls is to pass the exact url for downloading a kernel-devel package (in case of Ubuntu, we need 2 urls, the arch one and the _all one).
Therefore there is no need to append it.
Idea is that it is much simpler for an user to search for the exact url for its kernel devel, than to possibly adjust kernels scraping code inside driverkit, thus even if driverkit does not support discovering your url, you can still build your driver.
Moreover, this way we are able to support:
- various ubuntu flavors, like ubuntu-kvm, ubuntu-gcp and so on
- ubuntu/debian kernelversions like
32~16.04
Note that this is part of a broader scope together with https://github.com/falcosecurity/kernel-crawler, that outputs a driverkit-like json for any found kernel with the urls to download its devel packages; see: https://github.com/falcosecurity/kernel-crawler/blob/main/kernels/x86_64/list.json
There was a problem hiding this comment.
What i am trying to say is that in the future users can try their luck by providing exact kernel url parameter whenever a "kernel header not found" error happens; and in case, fixing their configs to provide the kernelurls.
In the end, the current kernel url auto-formatting method will remain as a fallback for when no kernelurls param is passed.
That's of course IMHO :)
There was a problem hiding this comment.
Idea is that it is much simpler for an user to search for the exact url for its kernel devel, than to possibly adjust kernels scraping code inside driverkit, thus even if driverkit does not support discovering your url, you can still build your driver.
👆 Definitely. This is a powerful addition!
The case I'm thinking of is, deploying Falco to a fleet of machines that has many instances of "kernel headers not found" because they have many e.g. ubuntu-gcp machines, but with different kernel versions. So, we know the kernel headers for ubuntu-gcp can all be found at e.g. pub.ubuntu.com/blah/gcp/packages/kernel-devel-1.2.3-4.deb. Could we have kernelurls accept the directory to pub.ubuntu.com/blah/gcp/packages and have it crawl that directory via the usual means, auto-extracting the URLs to kernel-devel packages it finds there?
There was a problem hiding this comment.
I see; perhaps that would be useful to also use a privare deb repository (for example).
I think it is a great idea; we might think of something like:
- if
kernelurlscontains some formatting options, like%M.%m.%p-> we format it with proper variables and use it - if
kernelurlsdoes not contain any formatting option, it means that it is a fullpath and we can use it without further effort
This is a nice solution, even if i'll have to write some formatting specs (like, in the above example: "%M" -> major, "%m" -> minor and "%p" -> patch).
What do you think?
Btw i can also try to split this feature from this PR if you wish; it helped me test various arm64 builds but it is not strictly related to it.
There was a problem hiding this comment.
if
kernelurlscontains some formatting options, like%M.%m.%p-> we format it with proper variables and use it
Ahh, I think I see what you mean. So, for e.g. in the previous case mentioned with a fleet of ubuntu-gcp machines, one would do something like:
driverkit --kernelurls pub.ubuntu.com/blah/ubuntu-gcp/packages/kernel-devel-%M.%m-%p.deb
If so, this is a great idea! Allowing the user to specify the package URL format at runtime protects us against having to constantly update the builders if/when a vendor changes the formatting of their packages.
Doesn't necessarily need to be separate from this PR - I think it makes sense to include it here. We'll get this merged and then cut a new release. 🚀
There was a problem hiding this comment.
Actually, thinking about this more: this will be a significant amount of unrelated work to add to this PR. Support for formatting specs will have to be added to each builder, so it does make sense to put it in another PR. No need to bother splitting it off into another branch if you've already started! 😬
|
/lgtm |
|
@dwindsor: changing LGTM is restricted to collaborators In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/hold I want to test the shiny new qemu 7.0.0 for the x86_64 -> arm64 cross build :) |
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
Moreover, it seems `go` installation is mandatory, otherwise buildx build failed at the link stage with: ``` /usr/local/go/pkg/tool/linux_arm64/link: running gcc failed: exit status 1 collect2: error: ld returned 1 exit status ``` Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
|
Tested and fixed qemu integration. As agreed with @dwindsor, I will remove the I will unhold the PR once |
…part of another PR. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
|
/unhold Removed |
|
/lgtm |
|
LGTM label has been added. Git tree hash: 49bb73c0e9fae80a82b00376ebfafad8283b45cf
|
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dwindsor, FedeDP The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
What type of PR is this?
/kind cleanup
/kind feature
Any specific area of the project related to this PR?
/area build
/area cmd
/area pkg
What this PR does / why we need it:
multiarch/qemu-user-static. By default, current running architecture will be built; but one has the option to force a different arch with thearchitectureoption.kernelurlsdirectly from the config file/cli argument. kernel-crawler will dump driverkit-like configs with the kernel urls already provided, as it fetched them.Still needed:
Double check the very first commit; i am not sure if CircleCI will work. If anyone with a strong knowledge could double check it, it would really help me!Fixed with 6f9deb0Which issue(s) this PR fixes:
Fixes #142
supersedes #119
Special notes for your reviewer:
NOTE: the diff is big but most of the changes are from go.sum.
Does this PR introduce a user-facing change?: