scripts: add proper 386 and amd64 target triples and builds

We need these to match the Makefile detection of the right gcc for runc-dmz, as well as making sure that everything builds properly for our cross-i386 tests. While we're at it, add x86 to the list of build targets for release builds (presumably nobody will use it, but since we do test builds of this anyway it probably won't hurt). In addition, clean up the handling of the native architecture build by treating it the same as any other build (ensuring that building runc from a different platform will work the same way regardless of the native architecture). In practice, the build works the same way as before. Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
lifubang · Sep 22, 2023 · 321aa20 · 321aa20
1 parent 1d9b158
commit 321aa20
Show file tree

Hide file tree

Showing 5 changed files with 83 additions and 40 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -9,19 +9,15 @@ ARG CRIU_REPO=https://download.opensuse.org/repositories/devel:/tools:/criu/Debi
 RUN KEYFILE=/usr/share/keyrings/criu-repo-keyring.gpg; \
     wget -nv $CRIU_REPO/Release.key -O- | gpg --dearmor > "$KEYFILE" \
     && echo "deb [signed-by=$KEYFILE] $CRIU_REPO/ /" > /etc/apt/sources.list.d/criu.list \
+    && dpkg --add-architecture i386 \
     && apt-get update \
     && apt-get install -y --no-install-recommends \
         build-essential \
         criu \
-        gcc-aarch64-linux-gnu libc-dev-arm64-cross \
-        gcc-arm-linux-gnueabi libc-dev-armel-cross \
-        gcc-arm-linux-gnueabihf libc-dev-armhf-cross \
-        gcc-powerpc64le-linux-gnu libc-dev-ppc64el-cross \
-        gcc-s390x-linux-gnu libc-dev-s390x-cross \
-        gcc-riscv64-linux-gnu libc-dev-riscv64-cross \
+        gcc \
+        gcc-multilib \
         curl \
         gawk \
-        gcc \
         gperf \
         iptables \
         jq \
@@ -32,6 +28,14 @@ RUN KEYFILE=/usr/share/keyrings/criu-repo-keyring.gpg; \
         sudo \
         uidmap \
         iproute2 \
+    && apt-get install -y --no-install-recommends \
+        libc-dev:i386 libgcc-s1:i386 \
+        gcc-aarch64-linux-gnu libc-dev-arm64-cross \
+        gcc-arm-linux-gnueabi libc-dev-armel-cross \
+        gcc-arm-linux-gnueabihf libc-dev-armhf-cross \
+        gcc-powerpc64le-linux-gnu libc-dev-ppc64el-cross \
+        gcc-s390x-linux-gnu libc-dev-s390x-cross \
+        gcc-riscv64-linux-gnu libc-dev-riscv64-cross \
     && apt-get clean \
     && rm -rf /var/cache/apt /var/lib/apt/lists/* /etc/apt/sources.list.d/*.list
 
@@ -54,7 +58,7 @@ RUN cd /tmp \
 ARG LIBSECCOMP_VERSION
 COPY script/seccomp.sh script/lib.sh /tmp/script/
 RUN mkdir -p /opt/libseccomp \
-    && /tmp/script/seccomp.sh "$LIBSECCOMP_VERSION" /opt/libseccomp arm64 armel armhf ppc64le riscv64 s390x
+    && /tmp/script/seccomp.sh "$LIBSECCOMP_VERSION" /opt/libseccomp 386 amd64 arm64 armel armhf ppc64le riscv64 s390x
 ENV LIBSECCOMP_VERSION=$LIBSECCOMP_VERSION
 ENV LD_LIBRARY_PATH=/opt/libseccomp/lib
 ENV PKG_CONFIG_PATH=/opt/libseccomp/lib/pkgconfig

diff --git a/Makefile b/Makefile
@@ -68,7 +68,7 @@ recvtty sd-helper seccompagent fs-idmap:
 static:
 	$(GO_BUILD_STATIC) -o runc .
 
-releaseall: RELEASE_ARGS := "-a arm64 -a armel -a armhf -a ppc64le -a riscv64 -a s390x"
+releaseall: RELEASE_ARGS := "-a 386 -a amd64 -a arm64 -a armel -a armhf -a ppc64le -a riscv64 -a s390x"
 releaseall: release
 
 release: runcimage

diff --git a/script/lib.sh b/script/lib.sh
@@ -1,42 +1,74 @@
 #!/bin/bash
 
+# NOTE: Make sure you keep this file in sync with cc_platform.mk.
+
 # set_cross_vars sets a few environment variables used for cross-compiling,
 # based on the architecture specified in $1.
 function set_cross_vars() {
 	GOARCH="$1" # default, may be overridden below
 	unset GOARM
 
+	PLATFORM=linux-gnu
+	# openSUSE has a custom PLATFORM
+	if grep -iq "ID_LIKE=.*suse" /etc/os-release; then
+		PLATFORM=suse-linux
+		is_suse=1
+	fi
+
 	case $1 in
+	386)
+		# Always use the 64-bit compiler to build the 386 binary, which works
+		# for the more common cross-build method for x86 (namely, the
+		# equivalent of dpkg --add-architecture).
+		local cpu_type
+		if [ -v is_suse ]; then
+			# There is no x86_64-suse-linux-gcc, so use the native one.
+			HOST=
+			cpu_type=i586
+		else
+			HOST=x86_64-${PLATFORM}
+			cpu_type=i686
+		fi
+		CFLAGS="-m32 -march=$cpu_type ${CFLAGS[*]}"
+		;;
+	amd64)
+		if [ -n "${is_suse:-}" ]; then
+			# There is no x86_64-suse-linux-gcc, so use the native one.
+			HOST=
+		else
+			HOST=x86_64-${PLATFORM}
+		fi
+		;;
 	arm64)
-		HOST=aarch64-linux-gnu
+		HOST=aarch64-${PLATFORM}
 		;;
 	armel)
-		HOST=arm-linux-gnueabi
+		HOST=arm-${PLATFORM}eabi
 		GOARCH=arm
 		GOARM=6
 		;;
 	armhf)
-		HOST=arm-linux-gnueabihf
+		HOST=arm-${PLATFORM}eabihf
 		GOARCH=arm
 		GOARM=7
 		;;
 	ppc64le)
-		HOST=powerpc64le-linux-gnu
+		HOST=powerpc64le-${PLATFORM}
 		;;
 	riscv64)
-		HOST=riscv64-linux-gnu
+		HOST=riscv64-${PLATFORM}
 		;;
 	s390x)
-		HOST=s390x-linux-gnu
+		HOST=s390x-${PLATFORM}
 		;;
 	*)
 		echo "set_cross_vars: unsupported architecture: $1" >&2
 		exit 1
 		;;
 	esac
 
-	CC=$HOST-gcc
-	STRIP=$HOST-strip
+	CC="${HOST:+$HOST-}gcc"
+	STRIP="${HOST:+$HOST-}strip"
 
-	export HOST GOARM GOARCH CC STRIP
+	export HOST CFLAGS GOARM GOARCH CC STRIP
 }
diff --git a/script/release_build.sh b/script/release_build.sh
@@ -60,24 +60,14 @@ function build_project() {
 	# it can reuse cached pkg-config results).
 	local make_args=(COMMIT_NO= EXTRA_FLAGS="-a" EXTRA_LDFLAGS="${ldflags}" static)
 
-	# Build natively.
-	make -C "$root" \
-		PKG_CONFIG_PATH="$seccompdir/lib/pkgconfig" \
-		"${make_args[@]}"
-	strip "$root/$project"
-	# Sanity check: make sure libseccomp version is as expected.
-	local ver
-	ver=$("$root/$project" --version | awk '$1 == "libseccomp:" {print $2}')
-	if [ "$ver" != "$LIBSECCOMP_VERSION" ]; then
-		echo >&2 "libseccomp version mismatch: want $LIBSECCOMP_VERSION, got $ver"
-		exit 1
-	fi
+	# Save the original cflags.
+	local original_cflags="${CFLAGS:-}"
 
-	mv "$root/$project" "$builddir/$project.$native_arch"
-
-	# Cross-build for for other architectures.
+	# Build for all requested architectures.
 	local arch
 	for arch in "${arches[@]}"; do
+		# Reset CFLAGS.
+		CFLAGS="$original_cflags"
 		set_cross_vars "$arch"
 		make -C "$root" \
 			PKG_CONFIG_PATH="$seccompdir/$arch/lib/pkgconfig" \
@@ -86,6 +76,14 @@ function build_project() {
 		mv "$root/$project" "$builddir/$project.$arch"
 	done
 
+	# Sanity check: make sure libseccomp version is as expected.
+	local ver
+	ver=$("$builddir/$project.$native_arch" --version | awk '$1 == "libseccomp:" {print $2}')
+	if [ "$ver" != "$LIBSECCOMP_VERSION" ]; then
+		echo >&2 "libseccomp version mismatch: want $LIBSECCOMP_VERSION, got $ver"
+		exit 1
+	fi
+
 	# Copy libseccomp source tarball.
 	cp "$seccompdir"/src/* "$builddir"
 
@@ -122,12 +120,17 @@ commit="HEAD"
 version=""
 releasedir=""
 hashcmd=""
-declare -a add_arches
+# Always build a native binary.
+native_arch="$(go env GOARCH || echo "amd64")"
+arches=("$native_arch")
 
 while getopts "a:c:H:hr:v:" opt; do
 	case "$opt" in
 	a)
-		add_arches+=("$OPTARG")
+		# Add architecture if not already present in arches.
+		if ! (printf "%s\0" "${arches[@]}" | grep -zqxF "$OPTARG"); then
+			arches+=("$OPTARG")
+		fi
 		;;
 	c)
 		commit="$OPTARG"
@@ -158,9 +161,8 @@ done
 version="${version:-$(<"$root/VERSION")}"
 releasedir="${releasedir:-release/$version}"
 hashcmd="${hashcmd:-sha256sum}"
-native_arch="$(go env GOARCH || echo "amd64")"
 # Suffixes of files to checksum/sign.
-suffixes=("$native_arch" "${add_arches[@]}" tar.xz)
+suffixes=("${arches[@]}" tar.xz)
 
 log "creating $project release in '$releasedir'"
 log "  version: $version"
@@ -174,7 +176,7 @@ set -x
 rm -rf "$releasedir" && mkdir -p "$releasedir"
 
 # Build project.
-build_project "$releasedir/$project" "$native_arch" "${add_arches[@]}"
+build_project "$releasedir/$project" "$native_arch" "${arches[@]}"
 
 # Generate new archive.
 git archive --format=tar --prefix="$project-$version/" "$commit" | xz >"$releasedir/$project.tar.xz"

diff --git a/script/seccomp.sh b/script/seccomp.sh
@@ -33,16 +33,21 @@ function build_libseccomp() {
 	tar xf "$tar" -C "$srcdir"
 	pushd "$srcdir/libseccomp-$ver" || return
 
-	# Build natively and install to /usr/local.
+	# Install native version for Dockerfile builds.
 	./configure \
 		--prefix="$dest" --libdir="$dest/lib" \
 		--enable-static --enable-shared
 	make install
 	make clean
 
-	# Build and install for additional architectures.
+	# Save the original cflags.
+	local original_cflags="${CFLAGS:-}"
+
+	# Build and install for all requested architectures.
 	local arch
 	for arch in "${arches[@]}"; do
+		# Reset CFLAGS.
+		CFLAGS="$original_cflags"
 		set_cross_vars "$arch"
 		./configure --host "$HOST" \
 			--prefix="$dest/$arch" --libdir="$dest/$arch/lib" \