From b01cb5d84ee19bfe17e5f8cfc843d200945d3a1e Mon Sep 17 00:00:00 2001 From: Ryan Harper Date: Wed, 11 Sep 2024 10:22:39 -0500 Subject: [PATCH] Build stacker on Ubuntu 24.04 LTS (noble) Fix build on Ubuntu 24.04 - install libsystem-dev for static libsystemd library - Use ppa:puzzleos/dev to pull in patched lxc 5.0.3 which includes liblxc.a in the lxc-dev package - Handle modifying kernel tunables for user-namespace and apparmor restrictions - Adjust Makefile to add -lsystemd to the libs when making stacker-dynamic, but omit the library when stacker-static is building built - Add default container policy to rfs if not already present Signed-off-by: Ryan Harper --- .github/workflows/build.yaml | 2 +- Makefile | 13 ++++- install-build-deps.sh | 99 +++++++++++++++++++++++++++--------- 3 files changed, 89 insertions(+), 25 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 23f2fcf9..719b7356 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -32,7 +32,7 @@ on: jobs: build: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 services: registry: image: ghcr.io/project-stacker/registry:2 diff --git a/Makefile b/Makefile index 74716909..e123156b 100644 --- a/Makefile +++ b/Makefile @@ -1,3 +1,4 @@ +SHELL=/bin/bash TOP_LEVEL := $(patsubst %/,%,$(dir $(abspath $(lastword $(MAKEFILE_LIST))))) BUILD_D = $(TOP_LEVEL)/.build export GOPATH ?= $(BUILD_D)/gopath @@ -77,6 +78,16 @@ stacker-cov: $(STAGE1_STACKER) $(STACKER_DEPS) cmd/stacker/lxc-wrapper/lxc-wrapp --substitute VERSION_FULL=$(VERSION_FULL) \ --substitute WITH_COV=yes +# On Ubuntu 24.04 the lxc package does not link against libsystemd so the pkg-config +# below does list -lsystemd; we must add it to the list but only for stacker-dynamic +ifeq ($(shell awk -F= '/VERSION_ID/ {print $$2}' /etc/os-release),"24.04") +ifeq (stacker-dynamic,$(firstword $(MAKECMDGOALS))) +LXC_WRAPPER_LIBS=-lsystemd +else +LXC_WRAPPER_LIBS= +endif +endif + stacker-static: $(STACKER_DEPS) cmd/stacker/lxc-wrapper/lxc-wrapper $(call build_stacker,,static_build,-extldflags '-static',stacker) @@ -91,7 +102,7 @@ stacker-dynamic: $(STACKER_DEPS) cmd/stacker/lxc-wrapper/lxc-wrapper $(call build_stacker,,,,stacker-dynamic) cmd/stacker/lxc-wrapper/lxc-wrapper: cmd/stacker/lxc-wrapper/lxc-wrapper.c - make -C cmd/stacker/lxc-wrapper LDFLAGS=-static LDLIBS="$(shell pkg-config --static --libs lxc) -lpthread -ldl" lxc-wrapper + make -C cmd/stacker/lxc-wrapper LDFLAGS=-static LDLIBS="$(shell pkg-config --static --libs lxc) $(LXC_WRAPPER_LIBS) -lpthread -ldl" lxc-wrapper .PHONY: go-download diff --git a/install-build-deps.sh b/install-build-deps.sh index 4d52557b..e9ced2b1 100755 --- a/install-build-deps.sh +++ b/install-build-deps.sh @@ -22,27 +22,56 @@ installdeps_fedora() { } installdeps_ubuntu() { - sudo add-apt-repository -y ppa:project-machine/squashfuse - sudo apt -yy install \ - build-essential \ - cryptsetup-bin \ - jq \ - libacl1-dev \ - libcap-dev \ - libcryptsetup-dev \ - libdevmapper-dev \ - libpam0g-dev \ - libseccomp-dev \ - libselinux1-dev \ - libssl-dev \ - libzstd-dev \ - lxc-dev \ - lxc-utils \ - parallel \ - pkg-config \ - squashfs-tools \ - squashfuse \ - libarchive-tools + PKGS=( + build-essential + cryptsetup-bin + jq + libacl1-dev + libcap-dev + libcryptsetup-dev + libdevmapper-dev + liblxc-dev + libpam0g-dev + libseccomp-dev + libselinux1-dev + libssl-dev + libzstd-dev + lxc-dev + lxc-utils + parallel + pkg-config + squashfs-tools + squashfuse + libarchive-tools + ) + + case "$VERSION_ID" in + 22.04) + sudo add-apt-repository -y ppa:project-machine/squashfuse + ;; + 24.04) + # lp:2080069 + # temporarily add puzzleos/dev to pickup lxc-dev package which + # provides static liblxc.a + sudo add-apt-repository -y ppa:puzzleos/dev + + # allow array to expand again + #shellcheck disable=2206 + PKGS=( ${PKGS[*]} libsystemd-dev ) + + # 24.04 has additional apparmor restrictions, probably doesn't apply + # for root in github VM but developers will run into this + enable_userns + ;; + esac + + sudo apt -yy install "${PKGS[*]}" + + # Work around an Ubuntu packaging bug. Fixed in 23.04 onward. + if [ "$VERSION_ID" != "24.04" ]; then + sudo sed -i 's/#define LXC_DEVEL 1/#define LXC_DEVEL 0/' /usr/include/lxc/version.h + fi + # skopeo deps sudo apt -yy install \ libgpgme-dev \ @@ -54,8 +83,24 @@ installdeps_ubuntu() { sudo apt -yy install golang-go go version fi - # Work around an Ubuntu packaging bug. Fixed in 23.04 onward. - sudo sed -i 's/#define LXC_DEVEL 1/#define LXC_DEVEL 0/' /usr/include/lxc/version.h +} + +enable_userns() { + SYSCTL_USERNS="/etc/sysctl.d/00-enable-userns.conf" + if ! [ -s "${SYSCTL_USERNS}" ]; then + echo "Add kernel tunables to enable user namespaces in $SYSCTL_USERNS " + cat <