diff --git a/3rdparty/bazel/com_github_google_go_tpm_tools/ms_tpm_20_ref.need b/3rdparty/bazel/com_github_google_go_tpm_tools/ms_tpm_20_ref.need index d01f49c85..c112011d4 100644 --- a/3rdparty/bazel/com_github_google_go_tpm_tools/ms_tpm_20_ref.need +++ b/3rdparty/bazel/com_github_google_go_tpm_tools/ms_tpm_20_ref.need @@ -231,6 +231,9 @@ cc_library( ":ms_tpm_20_ref_google_samples", "@org_openssl//:openssl", ], + target_compatible_with = [ + "@platforms//os:linux", + ] ) cc_library( diff --git a/3rdparty/bazel/com_github_google_go_tpm_tools/ms_tpm_20_ref.patch b/3rdparty/bazel/com_github_google_go_tpm_tools/ms_tpm_20_ref.patch index bc15a2930..8bedaa64c 100644 --- a/3rdparty/bazel/com_github_google_go_tpm_tools/ms_tpm_20_ref.patch +++ b/3rdparty/bazel/com_github_google_go_tpm_tools/ms_tpm_20_ref.patch @@ -1,6 +1,6 @@ --- simulator/ms-tpm-20-ref/BUILD.bazel +++ simulator/ms-tpm-20-ref/BUILD.bazel -@@ -0,0 +1,509 @@ +@@ -0,0 +1,512 @@ +cc_library( + name = "ms_tpm_20_ref", + visibility = ["//visibility:public"], @@ -231,6 +231,9 @@ + ":ms_tpm_20_ref_google_samples", + "@org_openssl//:openssl", + ], ++ target_compatible_with = [ ++ "@platforms//os:linux", ++ ], +) + +cc_library( diff --git a/3rdparty/bazel/org_openssl/BUILD.bazel b/3rdparty/bazel/org_openssl/BUILD.bazel index 91b886aba..dae5bf546 100644 --- a/3rdparty/bazel/org_openssl/BUILD.bazel +++ b/3rdparty/bazel/org_openssl/BUILD.bazel @@ -18,11 +18,19 @@ cc_test( ], "//conditions:default": [], }), + # TODO support OpenSSL on Mac + target_compatible_with = [ + "@platforms//os:linux", + ], deps = ["@org_openssl//:openssl"], ) build_test( name = "build_test", + # TODO support OpenSSL on Mac + target_compatible_with = [ + "@platforms//os:linux", + ], targets = [ "@org_openssl//:openssl", ], diff --git a/bazel/go/go_test.bzl b/bazel/go/go_test.bzl index 79784729a..0277132ef 100644 --- a/bazel/go/go_test.bzl +++ b/bazel/go/go_test.bzl @@ -9,7 +9,7 @@ def go_test(ld = None, count = 3, **kwargs): It adds the following: - Sets test count to 3. - - Sets race detector to on by default. + - Sets race detector to on by default (except Mac OS) - Optionally sets the interpreter path to ld. Args: @@ -23,7 +23,16 @@ def go_test(ld = None, count = 3, **kwargs): kwargs["args"].append("--test.count={}".format(count)) # enable race detector by default - kwargs.setdefault("race", "on") + race_value = select({ + "@platforms//os:macos": "off", + "//conditions:default": "on", + }) + pure_value = select({ + "@platforms//os:macos": "on", + "//conditions:default": "off", + }) + kwargs.setdefault("race", race_value) + kwargs.setdefault("pure", pure_value) # set gc_linkopts to set the interpreter path to ld. kwargs.setdefault("gc_linkopts", []) diff --git a/bootstrapper/internal/diskencryption/BUILD.bazel b/bootstrapper/internal/diskencryption/BUILD.bazel index fd6a04826..ab28fd387 100644 --- a/bootstrapper/internal/diskencryption/BUILD.bazel +++ b/bootstrapper/internal/diskencryption/BUILD.bazel @@ -9,6 +9,9 @@ go_library( "diskencryption_cross.go", ], importpath = "github.com/edgelesssys/constellation/v2/bootstrapper/internal/diskencryption", + target_compatible_with = [ + "@platforms//os:linux", + ], visibility = ["//bootstrapper:__subpackages__"], deps = select({ "@io_bazel_rules_go//go/platform:android": [ diff --git a/csi/cryptmapper/BUILD.bazel b/csi/cryptmapper/BUILD.bazel index 9a165a73f..df32f6bd8 100644 --- a/csi/cryptmapper/BUILD.bazel +++ b/csi/cryptmapper/BUILD.bazel @@ -9,6 +9,9 @@ go_library( "cryptmapper_cross.go", ], importpath = "github.com/edgelesssys/constellation/v2/csi/cryptmapper", + target_compatible_with = [ + "@platforms//os:linux", + ], visibility = ["//visibility:public"], deps = select({ "@io_bazel_rules_go//go/platform:android": [ diff --git a/disk-mapper/internal/setup/BUILD.bazel b/disk-mapper/internal/setup/BUILD.bazel index 3b5d51edc..035d57304 100644 --- a/disk-mapper/internal/setup/BUILD.bazel +++ b/disk-mapper/internal/setup/BUILD.bazel @@ -5,6 +5,8 @@ go_library( name = "setup", srcs = [ "interface.go", + "mount_cross.go", + "mount_linux.go", "setup.go", ], importpath = "github.com/edgelesssys/constellation/v2/disk-mapper/internal/setup", diff --git a/disk-mapper/internal/setup/interface.go b/disk-mapper/internal/setup/interface.go index 4b96e0f1c..e4dde7f76 100644 --- a/disk-mapper/internal/setup/interface.go +++ b/disk-mapper/internal/setup/interface.go @@ -9,7 +9,6 @@ package setup import ( "io/fs" "os" - "syscall" "github.com/edgelesssys/constellation/v2/internal/cloud/metadata" ) @@ -49,16 +48,6 @@ type RecoveryDoer interface { // DiskMounter uses the syscall package to mount disks. type DiskMounter struct{} -// Mount performs a mount syscall. -func (m DiskMounter) Mount(source string, target string, fstype string, flags uintptr, data string) error { - return syscall.Mount(source, target, fstype, flags, data) -} - -// Unmount performs an unmount syscall. -func (m DiskMounter) Unmount(target string, flags int) error { - return syscall.Unmount(target, flags) -} - // MkdirAll uses os.MkdirAll to create the directory. func (m DiskMounter) MkdirAll(path string, perm fs.FileMode) error { return os.MkdirAll(path, perm) diff --git a/disk-mapper/internal/setup/mount_cross.go b/disk-mapper/internal/setup/mount_cross.go new file mode 100644 index 000000000..271a467d0 --- /dev/null +++ b/disk-mapper/internal/setup/mount_cross.go @@ -0,0 +1,22 @@ +//go:build !linux + +/* +Copyright (c) Edgeless Systems GmbH + +SPDX-License-Identifier: AGPL-3.0-only +*/ +package setup + +import ( + "errors" +) + +// Mount performs a mount syscall. +func (m DiskMounter) Mount(_ string, _ string, _ string, _ uintptr, _ string) error { + return errors.New("mount not implemented on this platform") +} + +// Unmount performs an unmount syscall. +func (m DiskMounter) Unmount(_ string, _ int) error { + return errors.New("mount not implemented on this platform") +} diff --git a/disk-mapper/internal/setup/mount_linux.go b/disk-mapper/internal/setup/mount_linux.go new file mode 100644 index 000000000..d3ee2d229 --- /dev/null +++ b/disk-mapper/internal/setup/mount_linux.go @@ -0,0 +1,22 @@ +//go:build linux + +/* +Copyright (c) Edgeless Systems GmbH + +SPDX-License-Identifier: AGPL-3.0-only +*/ +package setup + +import ( + "syscall" +) + +// Mount performs a mount syscall. +func (m DiskMounter) Mount(source string, target string, fstype string, flags uintptr, data string) error { + return syscall.Mount(source, target, fstype, flags, data) +} + +// Unmount performs an unmount syscall. +func (m DiskMounter) Unmount(target string, flags int) error { + return syscall.Unmount(target, flags) +} diff --git a/disk-mapper/internal/setup/setup.go b/disk-mapper/internal/setup/setup.go index d722cd07b..fffd074a4 100644 --- a/disk-mapper/internal/setup/setup.go +++ b/disk-mapper/internal/setup/setup.go @@ -44,6 +44,7 @@ const ( stateDiskMountPath = "/var/run/state" cryptsetupOptions = "cipher=aes-xts-plain64,integrity=hmac-sha256" stateInfoPath = stateDiskMountPath + "/constellation/node_state.json" + msrdonly = 0x1 // same as syscall.MS_RDONLY ) // Manager handles formatting, mapping, mounting and unmounting of state disks. @@ -95,7 +96,7 @@ func (s *Manager) PrepareExistingDisk(recover RecoveryDoer) error { } // we do not care about cleaning up the mount point on error, since any errors returned here should cause a boot failure - if err := s.mounter.Mount(filepath.Join("/dev/mapper/", stateDiskMappedName), stateDiskMountPath, "ext4", syscall.MS_RDONLY, ""); err != nil { + if err := s.mounter.Mount(filepath.Join("/dev/mapper/", stateDiskMappedName), stateDiskMountPath, "ext4", msrdonly, ""); err != nil { return err } diff --git a/disk-mapper/internal/test/benchmark_test.go b/disk-mapper/internal/test/benchmark_test.go index 55277e174..a59db6088 100644 --- a/disk-mapper/internal/test/benchmark_test.go +++ b/disk-mapper/internal/test/benchmark_test.go @@ -1,4 +1,4 @@ -//go:build integration && cgo +//go:build integration && cgo && linux /* Copyright (c) Edgeless Systems GmbH diff --git a/hack/qemu-metadata-api/server/BUILD.bazel b/hack/qemu-metadata-api/server/BUILD.bazel index 846b44c47..386efbfe2 100644 --- a/hack/qemu-metadata-api/server/BUILD.bazel +++ b/hack/qemu-metadata-api/server/BUILD.bazel @@ -5,6 +5,9 @@ go_library( name = "server", srcs = ["server.go"], importpath = "github.com/edgelesssys/constellation/v2/hack/qemu-metadata-api/server", + target_compatible_with = [ + "@platforms//os:linux", + ], visibility = ["//visibility:public"], deps = [ "//hack/qemu-metadata-api/virtwrapper",