Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add macOS support #4059

Closed
wants to merge 1 commit into from
Closed

Add macOS support #4059

wants to merge 1 commit into from

Conversation

slonopotamus
Copy link
Contributor

@slonopotamus slonopotamus commented Jul 24, 2023
edited
Loading

This PR adds experimental support for running native macOS containers using rund.

This PR depends on

Also, see rund macOS containerd shim.

crazy-max
crazy-max requested changes Jul 24, 2023
View reviewed changes
Copy link
Member

@crazy-max crazy-max left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR almost fixes compilation of buildkitd on macOS.

I'm not sure what you try to "fix". Afaik there is no isolation primitives / bind mounts in the MacOS kernel. I guess we would need to shell out to some kind of mount helper.

If we can start with a proposal to discuss on a proper abstraction (pluggable) interface that would be great.

I also can't first fix moby and then fix buildkit.

This is possible:

@slonopotamus
Copy link
Contributor Author

slonopotamus commented Jul 24, 2023
edited
Loading

Afaik there is no isolation primitives / bind mounts in the MacOS kernel.

That's a completely different story and I'd like to avoid expanding the scope of current PR to cover those aspects. It is just a small initial step that only makes the thing compile and nothing else.

This is possible

I'll take a look, thanks.

@slonopotamus
Copy link
Contributor Author

I'll add some background context here.

I'm currently working on a containerd shim for macOS: https://github.com/macOScontainers/rund.

While it doesn't offer the usual container level of isolation from the host due to kernel limitations, there is a highly requested containerd/containerd#5525. Even with the limited functionality of rootfs delivery + chroot, such thing would be very useful for CI needs.

I'm not sure it will ever become an official containerd shim, but actually that doesn't matter much.

So, the point here is that eventually I'd like to be able to get the whole containerd+buildkit+moby combo working and current PR is just a small step in that direction.

@slonopotamus
Copy link
Contributor Author

It seems like changes in this PR somewhat overlap with #2376 and would definitely cause conflicts. If #2376 is going to be merged any time soon, let it go first. I'll resolve conflicts on my side after that.

@slonopotamus
Copy link
Contributor Author

slonopotamus commented Jul 25, 2023
edited
Loading

This is possible

Sorry, I'm still not understanding.

I have two separate repos, with buildkit and with moby.

If I try to build buildkit with changes from current PR, it fails in moby code:

% go build -o buildkitd ./cmd/buildkitd
# github.com/docker/docker/pkg/chrootarchive
vendor/github.com/docker/docker/pkg/chrootarchive/archive_unix.go:30:8: undefined: goInChroot
vendor/github.com/docker/docker/pkg/chrootarchive/archive_unix.go:52:8: undefined: goInChroot
vendor/github.com/docker/docker/pkg/chrootarchive/diff_unix.go:44:8: undefined: goInChroot

If I try to build moby, it fails in buildkit code:

% ./hack/make.sh

Removing bundles/

---> Making bundle: binary-daemon (in bundles/binary-daemon)
Building static bundles/binary-daemon/dockerd (darwin/arm64)...
+ tee /Users/marat/Documents/moby/go.mod
module github.com/docker/docker

go 1.19
+ trap 'rm -f "${ROOTDIR}/go.mod"' EXIT
+ GO111MODULE=on
+ go build -mod=vendor -modfile=vendor.mod -o bundles/binary-daemon/dockerd -tags 'netgo osusergo static_build  libdm_dlsym_deferred_remove' -ldflags '-w -X "github.com/docker/docker/dockerversion.Version=dev" -X "github.com/docker/docker/dockerversion.GitCommit=96b473a0bd" -X "github.com/docker/docker/dockerversion.BuildTime=" -X "github.com/docker/docker/dockerversion.PlatformName=" -X "github.com/docker/docker/dockerversion.ProductName=" -X "github.com/docker/docker/dockerversion.DefaultProductLicense="  -extldflags -static ' github.com/docker/docker/cmd/dockerd
package github.com/docker/docker/cmd/dockerd
        imports github.com/docker/docker/api/server/backend/build
        imports github.com/docker/docker/builder/builder-next
        imports github.com/docker/docker/builder/builder-next/adapters/containerimage
        imports github.com/moby/buildkit/cache
        imports github.com/moby/buildkit/snapshot
        imports github.com/containerd/containerd/snapshots/overlay/overlayutils: build constraints exclude all Go files in /Users/marat/Documents/moby/vendor/github.com/containerd/containerd/snapshots/overlay/overlayutils
package github.com/docker/docker/cmd/dockerd
        imports github.com/docker/docker/api/server/backend/build
        imports github.com/docker/docker/builder/builder-next
        imports github.com/docker/docker/libnetwork
        imports github.com/docker/docker/libnetwork/iptables: build constraints exclude all Go files in /Users/marat/Documents/moby/libnetwork/iptables
package github.com/docker/docker/cmd/dockerd
        imports github.com/docker/docker/api/server/backend/build
        imports github.com/docker/docker/builder/builder-next
        imports github.com/moby/buildkit/executor/oci
        imports github.com/moby/buildkit/util/entitlements/security: build constraints exclude all Go files in /Users/marat/Documents/moby/vendor/github.com/moby/buildkit/util/entitlements/security
package github.com/docker/docker/cmd/dockerd
        imports github.com/docker/docker/api/server/backend/build
        imports github.com/docker/docker/builder/builder-next
        imports github.com/docker/docker/builder/builder-next/adapters/containerimage
        imports github.com/moby/buildkit/cache
        imports github.com/moby/buildkit/snapshot
        imports github.com/moby/buildkit/util/overlay: build constraints exclude all Go files in /Users/marat/Documents/moby/vendor/github.com/moby/buildkit/util/overlay
+ rm -f /Users/marat/Documents/moby/go.mod

So, I don't see any way to fix them one by one. I suppose the procedure has to be

  1. Fix issues in one of the repos (but it won't be buildable)
  2. Update dependency in second repo to fixed state
  3. Update dependency in first repo to fixed state

@akhramov could you please enlighten me, how you worked around this cycle in context of your FreeBSD changes? If I understand things properly, when moby/moby#45724 was merged, moby actually cannot be built on FreeBSD, right?

@akhramov
Copy link
Contributor

@slonopotamus the trick is that you don't need to build moby in its entirety, but rather a few well-isolated packages. In your case you would need to fix github.com/docker/docker/pkg/chrootarchive which does not depend on buildkit :)

@slonopotamus
Copy link
Contributor Author

Okay, makes sense. Thanks.

slonopotamus added a commit to slonopotamus/moby that referenced this pull request Jul 27, 2023
@slonopotamus
pkg/chrootarchive: fix Darwin build
34623d0 
Before this commit, `doPack`, `doUnpack` and `doUnpackLayer` were not implemented for Darwin, causing build failure.

This change allows all non-Linux Unixes to use FreeBSD reexec-based pack/unpack implementation

See also: moby/buildkit#4059
See also: 8b84373

Signed-off-by: Marat Radchenko <marat@slonopotamus.org>
@slonopotamus slonopotamus mentioned this pull request Jul 27, 2023
Merged
@slonopotamus
Copy link
Contributor Author

See moby/moby#46094 for fixes on Moby side.

@slonopotamus slonopotamus marked this pull request as draft July 28, 2023 10:22
@slonopotamus
Copy link
Contributor Author

Given that #2376 was merged, I'll rebase soon and add some more code unification across Darwin/FreeBSD.

@slonopotamus
Copy link
Contributor Author

slonopotamus commented Aug 3, 2023
edited
Loading

Okay, I managed to put bits together and even build a simple macOS native Dockerfile:

Functionality of this PR has some dependencies, see top message.

@slonopotamus slonopotamus changed the title Build fixes for macOS Add experimental macOS support Aug 3, 2023
slonopotamus added a commit to darwin-containers/moby that referenced this pull request Aug 3, 2023
@slonopotamus
pkg/chrootarchive: fix Darwin build
3943872 
Before this commit, `doPack`, `doUnpack` and `doUnpackLayer` were not implemented for Darwin, causing build failure.

This change allows all non-Linux Unixes to use FreeBSD reexec-based pack/unpack implementation

See also: moby/buildkit#4059
See also: 8b84373

Signed-off-by: Marat Radchenko <marat@slonopotamus.org>
slonopotamus added a commit to slonopotamus/moby that referenced this pull request Aug 3, 2023
@slonopotamus
pkg/chrootarchive: fix Darwin build
b39996a 
Before this commit, `doPack`, `doUnpack` and `doUnpackLayer` were not implemented for Darwin, causing build failure.

This change allows all non-Linux Unixes to use FreeBSD reexec-based pack/unpack implementation

See also: moby/buildkit#4059
See also: 8b84373

Signed-off-by: Marat Radchenko <marat@slonopotamus.org>
@slonopotamus slonopotamus marked this pull request as ready for review August 4, 2023 18:29
@slonopotamus
Copy link
Contributor Author

I'd like to get some feedback on buildkit changes. Vendoring update is not going to happen as it is present in current PR for obvious reasons, so I'll revert it before the actual merge.

AkihiroSuda
AkihiroSuda reviewed Aug 7, 2023
View reviewed changes
go.mod Outdated Show resolved Hide resolved
@slonopotamus slonopotamus marked this pull request as draft August 12, 2023 23:05
@AkihiroSuda AkihiroSuda mentioned this pull request Aug 22, 2023
Merged
slonopotamus added a commit to slonopotamus/moby that referenced this pull request Sep 10, 2023
@slonopotamus
pkg/chrootarchive: fix Darwin build
3c4859c 
Before this commit, `doPack`, `doUnpack` and `doUnpackLayer` were not implemented for Darwin, causing build failure.

This change allows all non-Linux Unixes to use FreeBSD reexec-based pack/unpack implementation

See also: moby/buildkit#4059
See also: 8b84373

Signed-off-by: Marat Radchenko <marat@slonopotamus.org>
slonopotamus added a commit to slonopotamus/moby that referenced this pull request Sep 24, 2023
@slonopotamus
pkg/chrootarchive: fix Darwin build
0d64e64 
Before this commit, `doPack`, `doUnpack` and `doUnpackLayer` were not implemented for Darwin, causing build failure.

This change allows all non-Linux Unixes to use FreeBSD reexec-based pack/unpack implementation

See also: moby/buildkit#4059
See also: 8b84373

Signed-off-by: Marat Radchenko <marat@slonopotamus.org>
@slonopotamus
Copy link
Contributor Author

slonopotamus commented Sep 27, 2023
edited
Loading

I've restructured my branch a bit to make it clearer what changes are buildkit-related.

First commit just updates containerd to a version that includes containerd/containerd#8789. That is out of discussion currently, every party agreed that there needs to be a more universal solution.

Second commit is what I'd really like to land in buildkit repo. I'll rebase this branch a lot, so the link will become outdated, but look for "Add macOS support" commit message. As of now, it is this: 57cd14f

I suggest we only review and merge this single commit and nothing else in current PR.

UPD: Okay, it won't work this way because we want CI to pass. I'll possibly create a separate PR from a branch that only contains that single commit.

@slonopotamus slonopotamus changed the title Add experimental macOS support Add macOS support Sep 27, 2023
@slonopotamus
Copy link
Contributor Author

slonopotamus commented Sep 27, 2023
edited
Loading

Reorganised things again so this PR now only includes Buildkit-specific changes. CI is currently failing, will investigate tomorrow.

UPD: Fixed, ready for review. CI that builds these changes + updated containerd for macOS can be seen in https://github.com/macOScontainers/buildkit

slonopotamus added a commit to darwin-containers/moby that referenced this pull request Sep 27, 2023
@slonopotamus
pkg/chrootarchive: fix Darwin build
6ee1d02 
Before this commit, `doPack`, `doUnpack` and `doUnpackLayer` were not implemented for Darwin, causing build failure.

This change allows all non-Linux Unixes to use FreeBSD reexec-based pack/unpack implementation

See also: moby/buildkit#4059
See also: 8b84373

Signed-off-by: Marat Radchenko <marat@slonopotamus.org>
@slonopotamus slonopotamus marked this pull request as ready for review September 28, 2023 08:04
@slonopotamus slonopotamus mentioned this pull request Sep 28, 2023
Closed
slonopotamus added a commit to slonopotamus/moby that referenced this pull request Sep 28, 2023
@slonopotamus
pkg/chrootarchive: fix Darwin build
9e3ed7b 
Before this commit, `doPack`, `doUnpack` and `doUnpackLayer` were not implemented for Darwin, causing build failure.

This change allows all non-Linux Unixes to use FreeBSD reexec-based pack/unpack implementation

See also: moby/buildkit#4059
See also: 8b84373

Signed-off-by: Marat Radchenko <marat@slonopotamus.org>
@slonopotamus slonopotamus marked this pull request as draft December 10, 2023 14:03
@slonopotamus
Add macOS support
f13ca3e 
Signed-off-by: Marat Radchenko <marat@slonopotamus.org>
@slonopotamus slonopotamus mentioned this pull request Aug 29, 2024
Merged
@slonopotamus
Copy link
Contributor Author

slonopotamus commented Aug 29, 2024
edited
Loading

I've split these changes into easier-to-review #5271 (already merged) and #5276.

@slonopotamus slonopotamus deleted the macos branch August 29, 2024 15:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@akhramov akhramov akhramov left review comments

@AkihiroSuda AkihiroSuda AkihiroSuda left review comments

@crazy-max crazy-max crazy-max requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@slonopotamus @akhramov @crazy-max @AkihiroSuda