Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-08-05 21:44:15 -04:00
Code Issues Projects Releases Packages Wiki Activity

cli: convert libvirt container image to Bazel

Browse source
This commit is contained in:
Malte Poll 2023-04-03 17:50:22 +02:00 committed by Malte Poll
parent 498e8241ff
commit 1f81763a27
8 changed files with 167 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

58
cli/internal/libvirt/BUILD.bazel
View file

@ -1,4 +1,7 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library") load("@io_bazel_rules_go//go:def.bzl", "go_library")
load("@rules_oci//oci:defs.bzl", "oci_image")
load("@rules_pkg//:pkg.bzl", "pkg_tar")
load("@rules_pkg//pkg:mappings.bzl", "pkg_attributes", "pkg_files", "strip_prefix")
go_library( go_library(
name = "libvirt", name = "libvirt",
@ -14,3 +17,58 @@ go_library(
"@com_github_spf13_afero//:afero", "@com_github_spf13_afero//:afero",
], ],
) )
pkg_files(
name = "etc",
srcs = [
"//cli/internal/libvirt/etc:passwd_db",
],
attributes = pkg_attributes(
group = "root",
mode = "0644",
owner = "root",
),
prefix = "etc",
strip_prefix = strip_prefix.from_pkg(),
)
pkg_files(
name = "nvram",
srcs = [
"//cli/internal/libvirt/nvram:nvram_vars",
],
prefix = "usr/share/OVMF",
strip_prefix = strip_prefix.from_pkg(),
)
pkg_files(
name = "libvirt_conf",
srcs = [
"libvirtd.conf",
"qemu.conf",
],
prefix = "/etc/libvirt",
)
pkg_tar(
name = "start",
srcs = [
"start.sh",
":etc",
":libvirt_conf",
":nvram",
],
mode = "0755",
)
oci_image(
name = "constellation_libvirt",
architecture = "amd64",
entrypoint = ["/start.sh"],
os = "linux",
tars = [
"//rpm:containerized-libvirt",
":start",
],
visibility = ["//visibility:public"],
)

8
cli/internal/libvirt/etc/BUILD.bazel Normal file
View file

@ -0,0 +1,8 @@
filegroup(
name = "passwd_db",
srcs = glob(
["**/*"],
exclude = ["BUILD"],
),
visibility = ["//visibility:public"],
)

51
cli/internal/libvirt/etc/group Normal file
View file

@ -0,0 +1,51 @@
root:x:0:
bin:x:1:
daemon:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
lp:x:7:
mem:x:8:
kmem:x:9:
wheel:x:10:
cdrom:x:11:
mail:x:12:
man:x:15:
dialout:x:18:
floppy:x:19:
games:x:20:
tape:x:33:
video:x:39:
ftp:x:50:
lock:x:54:
audio:x:63:
users:x:100:
nobody:x:65534:
tss:x:59:
dbus:x:81:
unbound:x:999:
utmp:x:22:
utempter:x:35:
saslauth:x:76:saslauth
input:x:104:
kvm:x:36:qemu
render:x:105:
sgx:x:106:
systemd-journal:x:190:
systemd-network:x:192:
systemd-oom:x:997:
systemd-resolve:x:193:
polkitd:x:996:
rtkit:x:172:
gluster:x:995:
dnsmasq:x:994:
rpc:x:32:
brlapi:x:993:
rpcuser:x:29:
qemu:x:107:
pipewire:x:992:
geoclue:x:991:
libvirt:x:990:
systemd-coredump:x:989:
systemd-timesync:x:988:

31
cli/internal/libvirt/etc/passwd Normal file
View file

@ -0,0 +1,31 @@
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:65534:65534:Kernel Overflow User:/:/sbin/nologin
tss:x:59:59:Account used for TPM access:/:/usr/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
unbound:x:999:999:Unbound DNS resolver:/var/lib/unbound:/sbin/nologin
saslauth:x:998:76:Saslauthd user:/run/saslauthd:/sbin/nologin
systemd-network:x:192:192:systemd Network Management:/:/usr/sbin/nologin
systemd-oom:x:997:997:systemd Userspace OOM Killer:/:/usr/sbin/nologin
systemd-resolve:x:193:193:systemd Resolver:/:/usr/sbin/nologin
polkitd:x:996:996:User for polkitd:/:/sbin/nologin
rtkit:x:172:172:RealtimeKit:/proc:/sbin/nologin
gluster:x:995:995:GlusterFS daemons:/run/gluster:/sbin/nologin
dnsmasq:x:994:994:Dnsmasq DHCP and DNS server:/var/lib/dnsmasq:/usr/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
qemu:x:107:107:qemu user:/:/sbin/nologin
pipewire:x:993:992:PipeWire System Daemon:/var/run/pipewire:/sbin/nologin
geoclue:x:992:991:User for geoclue:/var/lib/geoclue:/sbin/nologin
systemd-coredump:x:989:989:systemd Core Dumper:/:/usr/sbin/nologin
systemd-timesync:x:988:988:systemd Time Synchronization:/:/usr/sbin/nologin

5
cli/internal/libvirt/libvirtd.conf Normal file
View file

@ -0,0 +1,5 @@
listen_tls = 0
listen_tcp = 1
tcp_port = "16599"
listen_addr = "localhost"
auth_tcp = "none"

8
cli/internal/libvirt/nvram/BUILD.bazel Normal file
View file

@ -0,0 +1,8 @@
filegroup(
name = "nvram_vars",
srcs = glob(
["**/*.fd"],
exclude = ["BUILD"],
),
visibility = ["//visibility:public"],
)

1
cli/internal/libvirt/qemu.conf Normal file
View file

@ -0,0 +1 @@
cgroup_controllers = []

5
cli/internal/libvirt/start.sh
View file

@ -3,6 +3,11 @@
set -euo pipefail set -euo pipefail
shopt -s inherit_errexit shopt -s inherit_errexit
# ensure library cache is up to date
ldconfig
chown -R tss:root /var/lib/swtpm-localca
# Assign qemu the GID of the host system's 'kvm' group to avoid permission issues for environments defaulting to 660 for /dev/kvm (e.g. Debian-based distros) # Assign qemu the GID of the host system's 'kvm' group to avoid permission issues for environments defaulting to 660 for /dev/kvm (e.g. Debian-based distros)
KVM_HOST_GID="$(stat -c '%g' /dev/kvm)" KVM_HOST_GID="$(stat -c '%g' /dev/kvm)"
groupadd -o -g "${KVM_HOST_GID}" host-kvm groupadd -o -g "${KVM_HOST_GID}" host-kvm