mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
wip
This commit is contained in:
Malte Poll
parent
f888d67ed5
commit
0d266992ee
@ -96,7 +96,7 @@ go_library(
|
||||
"typedparams.go",
|
||||
],
|
||||
cdeps = [
|
||||
"@libvirt//:libvirt",
|
||||
"@//nix/cc:libvirt",
|
||||
],
|
||||
cgo = True,
|
||||
importpath = "libvirt.org/go/libvirt",
|
||||
|
||||
@ -66,6 +66,11 @@ nixpkgs_package(
|
||||
repository = "@nixpkgs",
|
||||
)
|
||||
|
||||
nixpkgs_package(
|
||||
name = "patchelf",
|
||||
repository = "@nixpkgs",
|
||||
)
|
||||
|
||||
load("//nix/cc:nixpkgs_cc_libraries.bzl", "nixpkgs_cc_library_deps")
|
||||
|
||||
nixpkgs_cc_library_deps()
|
||||
@ -178,16 +183,6 @@ nixpkgs_cc_configure(
|
||||
repository = "@nixpkgs",
|
||||
)
|
||||
|
||||
nixpkgs_cc_configure(
|
||||
name = "nixpkgs_cc_toolchain_x86_64",
|
||||
cross_cpu = "k8",
|
||||
repository = "@nixpkgs",
|
||||
)
|
||||
|
||||
# register_toolchains(
|
||||
# "@nixpkgs_cc_toolchain//:toolchain",
|
||||
# )
|
||||
|
||||
register_toolchains(
|
||||
"@zig_sdk//libc_aware/toolchain:linux_amd64_gnu.2.23",
|
||||
"@zig_sdk//libc_aware/toolchain:linux_arm64_gnu.2.23",
|
||||
|
||||
0
bazel/patchelf/BUILD.bazel
Normal file
0
bazel/patchelf/BUILD.bazel
Normal file
@ -0,0 +1,37 @@
|
||||
""" Bazel rule for postprocessing elf files with patchelf """
|
||||
|
||||
def _patchelf_impl(ctx):
|
||||
output = ctx.outputs.out
|
||||
ctx.actions.run_shell(
|
||||
inputs = [ctx.file.src, ctx.file.rpath],
|
||||
tools = [ctx.executable._patchelf_binary],
|
||||
outputs = [output],
|
||||
arguments = [
|
||||
ctx.executable._patchelf_binary.path,
|
||||
ctx.file.rpath.path,
|
||||
output.path,
|
||||
ctx.file.src.path,
|
||||
],
|
||||
command = "\"$1\" --set-rpath \"$(cat \"$2\")\" --output \"$3\" \"$4\"",
|
||||
progress_message = "Patching ELF binary " + ctx.file.src.basename,
|
||||
)
|
||||
return DefaultInfo(
|
||||
files = depset([output]),
|
||||
executable = output,
|
||||
)
|
||||
|
||||
patchelf = rule(
|
||||
implementation = _patchelf_impl,
|
||||
attrs = {
|
||||
"out": attr.output(mandatory = True),
|
||||
"rpath": attr.label(mandatory = True, allow_single_file = True),
|
||||
"src": attr.label(mandatory = True, allow_single_file = True),
|
||||
"_patchelf_binary": attr.label(
|
||||
default = Label("@patchelf//:bin/patchelf"),
|
||||
allow_single_file = True,
|
||||
executable = True,
|
||||
cfg = "exec",
|
||||
),
|
||||
},
|
||||
executable = True,
|
||||
)
|
||||
@ -1,10 +1,7 @@
|
||||
platform(
|
||||
name = "constellation_os_x86_64",
|
||||
constraint_values = [
|
||||
"@platforms//cpu:x86_64",
|
||||
"@platforms//os:linux",
|
||||
"@rules_nixpkgs_core//constraints:support_nix",
|
||||
],
|
||||
alias(
|
||||
name = "constellation_os",
|
||||
actual = ":x86_64-linux_nix",
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
platform(
|
||||
@ -42,3 +39,27 @@ platform(
|
||||
"@rules_nixpkgs_core//constraints:support_nix",
|
||||
],
|
||||
)
|
||||
|
||||
alias(
|
||||
name = "go-pure_aarch64-linux",
|
||||
actual = "@io_bazel_rules_go//go/toolchain:linux_arm64",
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
alias(
|
||||
name = "go-pure_aarch64-darwin",
|
||||
actual = "@io_bazel_rules_go//go/toolchain:darwin_arm64",
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
alias(
|
||||
name = "go-pure_x86_64-linux",
|
||||
actual = "@io_bazel_rules_go//go/toolchain:linux_amd64",
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
alias(
|
||||
name = "go-pure_x86_64-darwin",
|
||||
actual = "@io_bazel_rules_go//go/toolchain:darwin_amd64",
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
|
||||
load("@rules_pkg//:pkg.bzl", "pkg_tar")
|
||||
load("//bazel/go:platform.bzl", "platform_binary")
|
||||
load("//bazel/patchelf:patchelf.bzl", "patchelf")
|
||||
|
||||
go_library(
|
||||
name = "bootstrapper_lib",
|
||||
@ -61,18 +62,24 @@ go_binary(
|
||||
|
||||
platform_binary(
|
||||
name = "bootstrapper_linux_amd64",
|
||||
# platform = "@zig_sdk//libc_aware/platform:linux_amd64_gnu.2.23",
|
||||
platform = "//bazel/platforms:constellation_os_x86_64",
|
||||
platform = "//bazel/platforms:constellation_os",
|
||||
target_file = ":bootstrapper",
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
patchelf(
|
||||
name = "bootstrapper_patched",
|
||||
src = ":bootstrapper_linux_amd64",
|
||||
out = "bootstrapper_with_nix_rpath",
|
||||
rpath = "@cryptsetup_x86_64-linux//:rpath",
|
||||
)
|
||||
|
||||
pkg_tar(
|
||||
name = "bootstrapper-package",
|
||||
srcs = [
|
||||
":bootstrapper_linux_amd64",
|
||||
":bootstrapper_patched",
|
||||
],
|
||||
mode = "0755",
|
||||
remap_paths = {"/platform:linux_amd64_gnu.2.23": "/usr/bin/bootstrapper"},
|
||||
remap_paths = {"/bootstrapper_with_nix_rpath": "/usr/bin/bootstrapper"},
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
@ -67,7 +67,9 @@ oci_image(
|
||||
entrypoint = ["/start.sh"],
|
||||
os = "linux",
|
||||
tars = [
|
||||
"//rpm:containerized-libvirt",
|
||||
# TODO(malt3): test if libvirt works
|
||||
"@libvirt_x86_64-linux//:closure.tar",
|
||||
"@libvirt_x86_64-linux//:bin-linktree.tar",
|
||||
":start",
|
||||
],
|
||||
visibility = ["//visibility:public"],
|
||||
|
||||
@ -1,7 +1,6 @@
|
||||
load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
|
||||
load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_cross_binary", "go_library")
|
||||
load("@rules_pkg//:pkg.bzl", "pkg_tar")
|
||||
load("@rules_pkg//pkg:mappings.bzl", "pkg_files")
|
||||
load("//bazel/go:platform.bzl", "platform_binary")
|
||||
|
||||
go_library(
|
||||
name = "debugd_lib",
|
||||
@ -38,10 +37,10 @@ go_binary(
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
platform_binary(
|
||||
go_cross_binary(
|
||||
name = "debugd_linux_amd64",
|
||||
platform = "@zig_sdk//libc_aware/platform:linux_amd64_gnu.2.23",
|
||||
target_file = ":debugd",
|
||||
platform = "//bazel/platforms:go-pure_x86_64-linux",
|
||||
target = "debugd",
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
@ -61,6 +60,6 @@ pkg_tar(
|
||||
":debugd_unit",
|
||||
],
|
||||
mode = "0755",
|
||||
remap_paths = {"/platform:linux_amd64_gnu.2.23": "/usr/bin/debugd"},
|
||||
remap_paths = {"/debugd_linux_amd64": "/usr/bin/debugd"},
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
|
||||
load("@rules_pkg//:pkg.bzl", "pkg_tar")
|
||||
load("//bazel/go:platform.bzl", "platform_binary")
|
||||
load("//bazel/patchelf:patchelf.bzl", "patchelf")
|
||||
|
||||
go_library(
|
||||
name = "cmd_lib",
|
||||
@ -41,17 +42,24 @@ go_binary(
|
||||
|
||||
platform_binary(
|
||||
name = "disk-mapper_linux_amd64",
|
||||
platform = "@zig_sdk//libc_aware/platform:linux_amd64_gnu.2.23",
|
||||
platform = "//bazel/platforms:constellation_os",
|
||||
target_file = ":cmd",
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
patchelf(
|
||||
name = "disk-mapper_patched",
|
||||
src = ":disk-mapper_linux_amd64",
|
||||
out = "disk-mapper_with_nix_rpath",
|
||||
rpath = "@cryptsetup_x86_64-linux//:rpath",
|
||||
)
|
||||
|
||||
pkg_tar(
|
||||
name = "disk-mapper-package",
|
||||
srcs = [
|
||||
":disk-mapper_linux_amd64",
|
||||
":disk-mapper_patched",
|
||||
],
|
||||
mode = "0755",
|
||||
remap_paths = {"/platform:linux_amd64_gnu.2.23": "/usr/sbin/disk-mapper"},
|
||||
remap_paths = {"/disk-mapper_with_nix_rpath": "/usr/sbin/disk-mapper"},
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
@ -46,7 +46,7 @@
|
||||
|
||||
packages.cryptsetup = callPackage ./nix/cc/cryptsetup.nix { pkgs = pkgsUnstable; };
|
||||
|
||||
packages.libvirt = pkgsUnstable.libvirt;
|
||||
packages.libvirt = callPackage ./nix/cc/libvirt.nix { pkgs = pkgsUnstable; };
|
||||
|
||||
packages.awscli2 = pkgsUnstable.awscli2;
|
||||
|
||||
|
||||
@ -2,6 +2,7 @@ load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
|
||||
load("@rules_oci//oci:defs.bzl", "oci_image")
|
||||
load("@rules_pkg//:pkg.bzl", "pkg_tar")
|
||||
load("//bazel/go:platform.bzl", "platform_binary")
|
||||
load("//bazel/patchelf:patchelf.bzl", "patchelf")
|
||||
|
||||
go_library(
|
||||
name = "qemu-metadata-api_lib",
|
||||
@ -29,18 +30,25 @@ go_binary(
|
||||
|
||||
platform_binary(
|
||||
name = "qemu_metadata_api_linux_amd64",
|
||||
platform = "//bazel/platforms:constellation_os_x86_64",
|
||||
platform = "//bazel/platforms:constellation_os",
|
||||
target_file = ":qemu-metadata-api",
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
patchelf(
|
||||
name = "qemu_metadata_api_patched",
|
||||
src = ":qemu_metadata_api_linux_amd64",
|
||||
out = "qemu_metadata_api_with_nix_rpath",
|
||||
rpath = "@libvirt_x86_64-linux//:rpath",
|
||||
)
|
||||
|
||||
pkg_tar(
|
||||
name = "layer",
|
||||
srcs = [
|
||||
":qemu_metadata_api_linux_amd64",
|
||||
":qemu_metadata_api_patched",
|
||||
],
|
||||
mode = "0755",
|
||||
remap_paths = {"/platform:linux_amd64_gnu.2.23": "/server"},
|
||||
remap_paths = {"/qemu_metadata_api_with_nix_rpath": "/server"},
|
||||
)
|
||||
|
||||
oci_image(
|
||||
@ -49,7 +57,8 @@ oci_image(
|
||||
entrypoint = ["/server"],
|
||||
os = "linux",
|
||||
tars = [
|
||||
"//rpm:libvirt-devel",
|
||||
# TODO(malt3): test if metadata api works with libvirt from nix
|
||||
"@libvirt_x86_64-linux//:closure.tar",
|
||||
":layer",
|
||||
],
|
||||
visibility = ["//visibility:public"],
|
||||
|
||||
@ -1,3 +1,4 @@
|
||||
load("@aspect_bazel_lib//lib:copy_file.bzl", "copy_file")
|
||||
load("@rules_pkg//:pkg.bzl", "pkg_tar")
|
||||
load("@rules_pkg//pkg:mappings.bzl", "pkg_files", "strip_prefix")
|
||||
|
||||
@ -18,3 +19,11 @@ pkg_tar(
|
||||
srcs = [":sysroot"],
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
copy_file(
|
||||
name = "cryptsetup_closure",
|
||||
src = "@cryptsetup_x86_64-linux//:closure.tar",
|
||||
out = "cryptsetup_closure.tar",
|
||||
allow_symlink = True,
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
@ -49,6 +49,7 @@ mkosi_image(
|
||||
],
|
||||
extra_trees = [
|
||||
"//image:sysroot_tar",
|
||||
"//image:cryptsetup_closure",
|
||||
],
|
||||
local_mirror = ["@mkosi_rpms//:repo"],
|
||||
mkosi_conf = "mkosi.conf",
|
||||
|
||||
@ -14,6 +14,7 @@ mkosi_image(
|
||||
],
|
||||
extra_trees = [
|
||||
"//image:sysroot_tar",
|
||||
"//image:cryptsetup_closure",
|
||||
"//disk-mapper/cmd:disk-mapper-package.tar",
|
||||
],
|
||||
local_mirror = ["@mkosi_rpms//:repo"],
|
||||
|
||||
@ -2,5 +2,5 @@
|
||||
Type=esp
|
||||
Format=vfat
|
||||
CopyFiles=/efi:/
|
||||
SizeMinBytes=256M
|
||||
SizeMaxBytes=512M
|
||||
SizeMinBytes=512M
|
||||
SizeMaxBytes=1024M
|
||||
|
||||
@ -1,6 +1,5 @@
|
||||
load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
|
||||
load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_cross_binary", "go_library")
|
||||
load("@rules_pkg//:pkg.bzl", "pkg_tar")
|
||||
load("//bazel/go:platform.bzl", "platform_binary")
|
||||
|
||||
go_library(
|
||||
name = "cmd_lib",
|
||||
@ -22,13 +21,15 @@ go_library(
|
||||
go_binary(
|
||||
name = "cmd",
|
||||
embed = [":cmd_lib"],
|
||||
# keep
|
||||
pure = "on",
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
platform_binary(
|
||||
go_cross_binary(
|
||||
name = "measurement-reader_linux_amd64",
|
||||
platform = "@zig_sdk//libc_aware/platform:linux_amd64_gnu.2.23",
|
||||
target_file = ":cmd",
|
||||
platform = "//bazel/platforms:go-pure_x86_64-linux",
|
||||
target = ":cmd",
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
@ -38,6 +39,6 @@ pkg_tar(
|
||||
":measurement-reader_linux_amd64",
|
||||
],
|
||||
mode = "0755",
|
||||
remap_paths = {"/platform:linux_amd64_gnu.2.23": "/usr/sbin/measurement-reader"},
|
||||
remap_paths = {"/measurement-reader_linux_amd64": "/usr/sbin/measurement-reader"},
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
@ -3,10 +3,10 @@ load("@bazel_skylib//lib:selects.bzl", "selects")
|
||||
alias(
|
||||
name = "org_openssl",
|
||||
actual = select({
|
||||
":aarch64-linux": "@org_openssl_aarch64-linux//:org_openssl",
|
||||
":aarch64-darwin": "@org_openssl_aarch64-darwin//:org_openssl",
|
||||
":x86_64-linux": "@org_openssl_x86_64-linux//:org_openssl",
|
||||
":aarch64-linux": "@org_openssl_aarch64-linux//:org_openssl",
|
||||
":x86_64-darwin": "@org_openssl_x86_64-darwin//:org_openssl",
|
||||
":x86_64-linux": "@org_openssl_x86_64-linux//:org_openssl",
|
||||
}),
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
@ -15,9 +15,7 @@ alias(
|
||||
name = "cryptsetup",
|
||||
actual = select({
|
||||
":aarch64-linux": "@cryptsetup_aarch64-linux//:cryptsetup",
|
||||
":aarch64-darwin": "@cryptsetup_aarch64-darwin//:cryptsetup",
|
||||
":x86_64-linux": "@cryptsetup_x86_64-linux//:cryptsetup",
|
||||
":x86_64-darwin": "@cryptsetup_x86_64-darwin//:cryptsetup",
|
||||
}),
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
@ -26,9 +24,25 @@ alias(
|
||||
name = "libvirt",
|
||||
actual = select({
|
||||
":aarch64-linux": "@libvirt_aarch64-linux//:libvirt",
|
||||
":aarch64-darwin": "@libvirt_aarch64-darwin//:libvirt",
|
||||
":x86_64-linux": "@libvirt_x86_64-linux//:libvirt",
|
||||
":x86_64-darwin": "@libvirt_x86_64-darwin//:libvirt",
|
||||
}),
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
alias(
|
||||
name = "cryptsetup_rpath",
|
||||
actual = select({
|
||||
":aarch64-linux": "@cryptsetup_aarch64-linux//:rpath",
|
||||
":x86_64-linux": "@cryptsetup_x86_64-linux//:rpath",
|
||||
}),
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
alias(
|
||||
name = "libvirt_rpath",
|
||||
actual = select({
|
||||
":aarch64-linux": "@libvirt_aarch64-linux//:libvirt",
|
||||
":x86_64-linux": "@libvirt_x86_64-linux//:libvirt",
|
||||
}),
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
@ -1,5 +1,16 @@
|
||||
{ pkgs }:
|
||||
{ pkgs, buildEnv, closureInfo }:
|
||||
let
|
||||
lib = pkgs.lib;
|
||||
packages = [ pkgs.cryptsetup.out pkgs.cryptsetup.dev ];
|
||||
closure = builtins.toString (lib.strings.splitString "\n" (builtins.readFile "${closureInfo {rootPaths = packages;}}/store-paths"));
|
||||
rpath = pkgs.lib.makeLibraryPath [ pkgs.cryptsetup pkgs.glibc pkgs.libgcc.lib ];
|
||||
in
|
||||
pkgs.symlinkJoin {
|
||||
name = "cryptsetup";
|
||||
paths = [ pkgs.cryptsetup.out pkgs.cryptsetup.dev ];
|
||||
buildInputs = packages;
|
||||
postBuild = ''
|
||||
tar -cf $out/closure.tar ${closure}
|
||||
echo "${rpath}" > $out/rpath
|
||||
'';
|
||||
}
|
||||
|
||||
17
nix/cc/libvirt.nix
Normal file
17
nix/cc/libvirt.nix
Normal file
@ -0,0 +1,17 @@
|
||||
{ pkgs, buildEnv, closureInfo }:
|
||||
let
|
||||
lib = pkgs.lib;
|
||||
packages = [ pkgs.libvirt ];
|
||||
closure = builtins.toString (lib.strings.splitString "\n" (builtins.readFile "${closureInfo {rootPaths = packages;}}/store-paths"));
|
||||
rpath = pkgs.lib.makeLibraryPath [ pkgs.libvirt pkgs.glib pkgs.libxml2 pkgs.readline pkgs.glibc pkgs.libgcc.lib ];
|
||||
in
|
||||
pkgs.symlinkJoin {
|
||||
name = "libvirt";
|
||||
paths = [ pkgs.libvirt ];
|
||||
buildInputs = packages;
|
||||
postBuild = ''
|
||||
tar -cf $out/closure.tar ${closure}
|
||||
tar --transform 's+^./+bin/+' -cf $out/bin-linktree.tar -C $out/bin .
|
||||
echo "${rpath}" > $out/rpath
|
||||
'';
|
||||
}
|
||||
@ -72,6 +72,7 @@ filegroup(
|
||||
srcs = glob(["include/**/*.h"]),
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
exports_files(["closure.tar", "rpath"])
|
||||
cc_library(
|
||||
name = "cryptsetup",
|
||||
srcs = glob(["lib/**/*.so*"]),
|
||||
@ -91,6 +92,7 @@ filegroup(
|
||||
srcs = glob(["include/**/*.h"]),
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
exports_files(["bin-linktree.tar", "closure.tar", "rpath"])
|
||||
cc_library(
|
||||
name = "libvirt",
|
||||
srcs = glob([
|
||||
|
||||
@ -1,6 +1,5 @@
|
||||
load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
|
||||
load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_cross_binary", "go_library")
|
||||
load("@rules_pkg//:pkg.bzl", "pkg_tar")
|
||||
load("//bazel/go:platform.bzl", "platform_binary")
|
||||
|
||||
go_library(
|
||||
name = "cmd_lib",
|
||||
@ -25,10 +24,10 @@ go_binary(
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
platform_binary(
|
||||
go_cross_binary(
|
||||
name = "upgrade_agent_linux_amd64",
|
||||
platform = "@zig_sdk//libc_aware/platform:linux_amd64_gnu.2.23",
|
||||
target_file = ":cmd",
|
||||
platform = "//bazel/platforms:go-pure_x86_64-linux",
|
||||
target = ":cmd",
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
@ -38,6 +37,6 @@ pkg_tar(
|
||||
":upgrade_agent_linux_amd64",
|
||||
],
|
||||
mode = "0755",
|
||||
remap_paths = {"/platform:linux_amd64_gnu.2.23": "/usr/bin/upgrade-agent"},
|
||||
remap_paths = {"/upgrade_agent_linux_amd64": "/usr/bin/upgrade-agent"},
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user