Skip to content

Commit c07c717

Browse files
jclapisjclapis
committed
Ported the cross-compilation stuff into PBS
1 parent 3aee63d commit c07c717

2 files changed

Lines changed: 120 additions & 14 deletions

File tree

provisioning/pbs.Dockerfile

Lines changed: 105 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,22 +1,120 @@
1-
FROM lukemathwalker/cargo-chef:latest-rust-1.83 AS chef
1+
# This will be the main build image
2+
FROM --platform=${BUILDPLATFORM} lukemathwalker/cargo-chef:latest-rust-1.83 AS chef
3+
ARG TARGETOS TARGETARCH BUILDPLATFORM OPENSSL_VENDORED
24
WORKDIR /app
35

4-
FROM chef AS planner
6+
FROM --platform=${BUILDPLATFORM} chef AS planner
7+
ARG TARGETOS TARGETARCH BUILDPLATFORM OPENSSL_VENDORED
58
COPY . .
69
RUN cargo chef prepare --recipe-path recipe.json
710

8-
FROM chef AS builder
11+
FROM --platform=${BUILDPLATFORM} chef AS builder
12+
ARG TARGETOS TARGETARCH BUILDPLATFORM OPENSSL_VENDORED
13+
ENV BUILD_VAR_SCRIPT=/tmp/env.sh
914
COPY --from=planner /app/recipe.json recipe.json
1015

11-
RUN cargo chef cook --release --recipe-path recipe.json
16+
# Set up the build environment for cross-compilation if needed
17+
RUN if [ "$BUILDPLATFORM" = "linux/amd64" -a "$TARGETARCH" = "arm64" ]; then \
18+
# We're on x64, cross-compiling for arm64
19+
rustup target add aarch64-unknown-linux-gnu && \
20+
apt update && \
21+
apt install -y gcc-aarch64-linux-gnu && \
22+
echo "#!/bin/sh" > ${BUILD_VAR_SCRIPT} && \
23+
echo "export TARGET=aarch64-unknown-linux-gnu" >> ${BUILD_VAR_SCRIPT} && \
24+
echo "export TARGET_FLAG=--target=aarch64-unknown-linux-gnu" >> ${BUILD_VAR_SCRIPT} && \
25+
echo "export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=/usr/bin/aarch64-linux-gnu-gcc" >> ${BUILD_VAR_SCRIPT} && \
26+
echo "export RUSTFLAGS=\"-L /usr/aarch64-linux-gnu/lib -L $(dirname $(aarch64-linux-gnu-gcc -print-libgcc-file-name))\"" >> ${BUILD_VAR_SCRIPT} && \
27+
if [ "$OPENSSL_VENDORED" != "true" ]; then \
28+
# If we're linking to OpenSSL dynamically, we have to set it up for cross-compilation
29+
dpkg --add-architecture arm64 && \
30+
apt update && \
31+
apt install -y libssl-dev:arm64 zlib1g-dev:arm64 && \
32+
echo "export PKG_CONFIG_ALLOW_CROSS=true" >> ${BUILD_VAR_SCRIPT} && \
33+
echo "export PKG_CONFIG_LIBDIR=/usr/lib/aarch64-linux-gnu/pkgconfig" >> ${BUILD_VAR_SCRIPT} && \
34+
echo "export OPENSSL_INCLUDE_DIR=/usr/include/aarch64-linux-gnu" >> ${BUILD_VAR_SCRIPT} && \
35+
echo "export OPENSSL_LIB_DIR=/usr/lib/aarch64-linux-gnu" >> ${BUILD_VAR_SCRIPT}; \
36+
fi; \
37+
elif [ "$BUILDPLATFORM" = "linux/arm64" -a "$TARGETARCH" = "amd64" ]; then \
38+
# We're on arm64, cross-compiling for x64
39+
rustup target add x86_64-unknown-linux-gnu && \
40+
apt update && \
41+
apt install -y gcc-x86-64-linux-gnu && \
42+
echo "#!/bin/sh" > ${BUILD_VAR_SCRIPT} && \
43+
echo "export TARGET=x86_64-unknown-linux-gnu" >> ${BUILD_VAR_SCRIPT} && \
44+
echo "export TARGET_FLAG=--target=x86_64-unknown-linux-gnu" >> ${BUILD_VAR_SCRIPT} && \
45+
echo "export CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_LINKER=/usr/bin/x86_64-linux-gnu-gcc" >> ${BUILD_VAR_SCRIPT} && \
46+
echo "export RUSTFLAGS=\"-L /usr/x86_64-linux-gnu/lib -L $(dirname $(x86_64-linux-gnu-gcc -print-libgcc-file-name))\"" >> ${BUILD_VAR_SCRIPT} && \
47+
if [ "$OPENSSL_VENDORED" != "true" ]; then \
48+
# If we're linking to OpenSSL dynamically, we have to set it up for cross-compilation
49+
dpkg --add-architecture amd64 && \
50+
apt update && \
51+
apt install -y libssl-dev:amd64 zlib1g-dev:amd64 && \
52+
echo "export PKG_CONFIG_ALLOW_CROSS=true" >> ${BUILD_VAR_SCRIPT} && \
53+
echo "export PKG_CONFIG_LIBDIR=/usr/lib/x86_64-linux-gnu/pkgconfig" >> ${BUILD_VAR_SCRIPT} && \
54+
echo "export OPENSSL_INCLUDE_DIR=/usr/include/x86_64-linux-gnu" >> ${BUILD_VAR_SCRIPT} && \
55+
echo "export OPENSSL_LIB_DIR=/usr/lib/x86_64-linux-gnu" >> ${BUILD_VAR_SCRIPT}; \
56+
fi; \
57+
fi
1258

13-
RUN apt-get update && apt-get install -y protobuf-compiler
59+
# Run cook to prep the build
60+
RUN if [ -f ${BUILD_VAR_SCRIPT} ]; then \
61+
. ${BUILD_VAR_SCRIPT} && \
62+
echo "Cross-compilation environment set up for ${TARGET}"; \
63+
else \
64+
echo "No cross-compilation needed"; \
65+
fi && \
66+
if [ "$OPENSSL_VENDORED" = "true" ]; then \
67+
echo "Using vendored OpenSSL" && \
68+
FEATURE_OPENSSL_VENDORED='--features openssl-vendored'; \
69+
else \
70+
echo "Using system OpenSSL"; \
71+
fi && \
72+
export GIT_HASH=$(git rev-parse HEAD) && \
73+
cargo chef cook ${TARGET_FLAG} --release --recipe-path recipe.json ${FEATURE_OPENSSL_VENDORED}
1474

75+
# Now we can copy the source files - chef cook wants to run before this step
1576
COPY . .
16-
RUN cargo build --release --bin commit-boost-pbs
1777

78+
# Get the latest Protoc since the one in the Debian repo is incredibly old
79+
RUN apt update && apt install -y unzip curl ca-certificates && \
80+
PROTOC_VERSION=$(curl -s "https://api.github.com/repos/protocolbuffers/protobuf/releases/latest" | grep -Po '"tag_name": "v\K[0-9.]+') && \
81+
if [ "$BUILDPLATFORM" = "linux/amd64" ]; then \
82+
PROTOC_ARCH=x86_64; \
83+
elif [ "$BUILDPLATFORM" = "linux/arm64" ]; then \
84+
PROTOC_ARCH=aarch_64; \
85+
else \
86+
echo "${BUILDPLATFORM} is not supported."; \
87+
exit 1; \
88+
fi && \
89+
curl -Lo protoc.zip https://github.com/protocolbuffers/protobuf/releases/latest/download/protoc-$PROTOC_VERSION-linux-$PROTOC_ARCH.zip && \
90+
unzip -q protoc.zip bin/protoc -d /usr && \
91+
unzip -q protoc.zip "include/google/*" -d /usr && \
92+
chmod a+x /usr/bin/protoc && \
93+
rm -rf protoc.zip
1894

19-
FROM debian:bookworm-20240904-slim AS runtime
95+
# Build the application
96+
RUN if [ -f ${BUILD_VAR_SCRIPT} ]; then \
97+
chmod +x ${BUILD_VAR_SCRIPT} && \
98+
. ${BUILD_VAR_SCRIPT} && \
99+
echo "Cross-compilation environment set up for ${TARGET}"; \
100+
else \
101+
echo "No cross-compilation needed"; \
102+
fi && \
103+
if [ "$OPENSSL_VENDORED" = "true" ]; then \
104+
echo "Using vendored OpenSSL" && \
105+
FEATURE_OPENSSL_VENDORED='--features openssl-vendored'; \
106+
else \
107+
echo "Using system OpenSSL"; \
108+
fi && \
109+
export GIT_HASH=$(git rev-parse HEAD) && \
110+
cargo build ${TARGET_FLAG} --release --bin commit-boost-pbs ${FEATURE_OPENSSL_VENDORED} && \
111+
if [ ! -z "$TARGET" ]; then \
112+
# If we're cross-compiling, we need to move the binary out of the target dir
113+
mv target/${TARGET}/release/commit-boost-pbs target/release/commit-boost-pbs; \
114+
fi
115+
116+
# Assemble the runner image
117+
FROM debian:bookworm-slim AS runtime
20118
WORKDIR /app
21119

22120
RUN apt-get update && apt-get install -y \

provisioning/signer.Dockerfile

Lines changed: 15 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -35,8 +35,6 @@ RUN if [ "$BUILDPLATFORM" = "linux/amd64" -a "$TARGETARCH" = "arm64" ]; then \
3535
echo "export PKG_CONFIG_LIBDIR=/usr/lib/aarch64-linux-gnu/pkgconfig" >> ${BUILD_VAR_SCRIPT} && \
3636
echo "export OPENSSL_INCLUDE_DIR=/usr/include/aarch64-linux-gnu" >> ${BUILD_VAR_SCRIPT} && \
3737
echo "export OPENSSL_LIB_DIR=/usr/lib/aarch64-linux-gnu" >> ${BUILD_VAR_SCRIPT}; \
38-
else \
39-
echo "export FEATURE_OPENSSL_VENDORED='--features openssl-vendored'" >> ${BUILD_VAR_SCRIPT}; \
4038
fi; \
4139
elif [ "$BUILDPLATFORM" = "linux/arm64" -a "$TARGETARCH" = "amd64" ]; then \
4240
# We're on arm64, cross-compiling for x64
@@ -57,22 +55,26 @@ RUN if [ "$BUILDPLATFORM" = "linux/amd64" -a "$TARGETARCH" = "arm64" ]; then \
5755
echo "export PKG_CONFIG_LIBDIR=/usr/lib/x86_64-linux-gnu/pkgconfig" >> ${BUILD_VAR_SCRIPT} && \
5856
echo "export OPENSSL_INCLUDE_DIR=/usr/include/x86_64-linux-gnu" >> ${BUILD_VAR_SCRIPT} && \
5957
echo "export OPENSSL_LIB_DIR=/usr/lib/x86_64-linux-gnu" >> ${BUILD_VAR_SCRIPT}; \
60-
else \
61-
echo "export FEATURE_OPENSSL_VENDORED='--features openssl-vendored'" >> ${BUILD_VAR_SCRIPT}; \
6258
fi; \
6359
fi
6460

6561
# Run cook to prep the build
6662
RUN if [ -f ${BUILD_VAR_SCRIPT} ]; then \
67-
source ${BUILD_VAR_SCRIPT}; \
63+
. ${BUILD_VAR_SCRIPT} && \
6864
echo "Cross-compilation environment set up for ${TARGET}"; \
6965
else \
7066
echo "No cross-compilation needed"; \
7167
fi && \
68+
if [ "$OPENSSL_VENDORED" = "true" ]; then \
69+
echo "Using vendored OpenSSL" && \
70+
FEATURE_OPENSSL_VENDORED='--features openssl-vendored'; \
71+
else \
72+
echo "Using system OpenSSL"; \
73+
fi && \
7274
export GIT_HASH=$(git rev-parse HEAD) && \
7375
cargo chef cook ${TARGET_FLAG} --release --recipe-path recipe.json ${FEATURE_OPENSSL_VENDORED}
7476

75-
# Now we can copy the source files
77+
# Now we can copy the source files - chef cook wants to run before this step
7678
COPY . .
7779

7880
# Get the latest Protoc since the one in the Debian repo is incredibly old
@@ -95,11 +97,17 @@ RUN apt update && apt install -y unzip curl ca-certificates && \
9597
# Build the application
9698
RUN if [ -f ${BUILD_VAR_SCRIPT} ]; then \
9799
chmod +x ${BUILD_VAR_SCRIPT} && \
98-
. ${BUILD_VAR_SCRIPT}; \
100+
. ${BUILD_VAR_SCRIPT} && \
99101
echo "Cross-compilation environment set up for ${TARGET}"; \
100102
else \
101103
echo "No cross-compilation needed"; \
102104
fi && \
105+
if [ "$OPENSSL_VENDORED" = "true" ]; then \
106+
echo "Using vendored OpenSSL" && \
107+
FEATURE_OPENSSL_VENDORED='--features openssl-vendored'; \
108+
else \
109+
echo "Using system OpenSSL"; \
110+
fi && \
103111
export GIT_HASH=$(git rev-parse HEAD) && \
104112
cargo build ${TARGET_FLAG} --release --bin commit-boost-signer ${FEATURE_OPENSSL_VENDORED} && \
105113
if [ ! -z "$TARGET" ]; then \

0 commit comments

Comments
 (0)