Dockerized static binary build

.gitignore

@@ -1,3 +1,4 @@
 /build/
 /dist/
+/vendor/
 test-resources/volumes/

Dockerfile

@@ -0,0 +1,4 @@
+FROM golang:alpine3.7
+MAINTAINER Max Goltzsche <[email protected]>
+
+RUN apk --update --no-cache add gcc musl-dev libseccomp-dev btrfs-progs-dev lvm2-dev make git

Dockerfile-ubuntu

@@ -0,0 +1,10 @@
+FROM ubuntu:16.04
+MAINTAINER Max Goltzsche <[email protected]>
+
+RUN set -x \
+	&& apt-get update \
+	&& apt-get install -y software-properties-common \
+	&& add-apt-repository ppa:longsleep/golang-backports \
+	&& apt-get update
+
+RUN apt-get install -y golang-go libseccomp-dev libgpgme11-dev libassuan-dev btrfs-tools libdevmapper-dev curl

Makefile

@@ -0,0 +1,87 @@
+BUILDIMAGE=local/cntnr-build:latest
+DOCKERRUN=docker run -v "${REPODIR}:/work" -w /work -u `id -u`:`id -g`
+
+REPODIR=$(shell pwd)
+GOPATH=${REPODIR}/build
+PKGNAME=github.com/mgoltzsche/cntnr
+VENDORLOCK=${REPODIR}/vendor/ready
+BINARY=cntnr
+
+BUILDTAGS?=containers_image_ostree_stub containers_image_storage_stub containers_image_openpgp libdm_no_deferred_remove btrfs_noversion
+BUILDTAGS_STATIC=${BUILDTAGS} linux static_build exclude_graphdriver_devicemapper
+LDFLAGS_STATIC=${LDFLAGS} -extldflags '-static'
+
+CNI_VERSION=0.6.0
+CNIGOPATH=${GOPATH}/cni
+
+
+all: build-static cni-plugins-static
+
+build-static: buildimage
+	${DOCKERRUN} ${BUILDIMAGE} make build BUILDTAGS="${BUILDTAGS_STATIC}" LDFLAGS="${LDFLAGS_STATIC}"
+
+build: dependencies
+	# Build application
+	GOPATH="${GOPATH}" \
+	go build -o dist/bin/${BINARY} -a -ldflags "${LDFLAGS}" -tags "${BUILDTAGS}" "${PKGNAME}"
+
+test: dependencies
+	# Run tests. TODO: more tests
+	GOPATH="${GOPATH}" go test -tags "${BUILDTAGS}" "${PKGNAME}/model"
+
+runc: dependencies
+	rm -rf "${GOPATH}/src/github.com/opencontainers/runc"
+	mkdir -p "${GOPATH}/src/github.com/opencontainers"
+	cp -r "${GOPATH}/src/${PKGNAME}/vendor/github.com/opencontainers/runc" "${GOPATH}/src/github.com/opencontainers/runc"
+	ln -s "${REPODIR}/vendor" "${GOPATH}/src/github.com/opencontainers/runc/vendor"
+	cd "${GOPATH}/src/github.com/opencontainers/runc" && \
+	export GOPATH="${GOPATH}" && \
+	make clean && \
+	make BUILDTAGS='seccomp selinux ambient' && \
+	cp runc "${REPODIR}/dist/bin/runc"
+
+cni-plugins-static: buildimage
+	${DOCKERRUN} ${BUILDIMAGE} make cni-plugins LDFLAGS="${LDFLAGS_STATIC}"
+
+cni-plugins:
+	# Build CNI plugins
+	mkdir -p "${CNIGOPATH}"
+	wget -O "${CNIGOPATH}/cni-${CNI_VERSION}.tar.gz" "https://github.com/containernetworking/cni/archive/v${CNI_VERSION}.tar.gz"
+	wget -O "${CNIGOPATH}/cni-plugins-${CNI_VERSION}.tar.gz" "https://github.com/containernetworking/plugins/archive/v${CNI_VERSION}.tar.gz"
+	tar -xzf "${CNIGOPATH}/cni-${CNI_VERSION}.tar.gz" -C "${CNIGOPATH}"
+	tar -xzf "${CNIGOPATH}/cni-plugins-${CNI_VERSION}.tar.gz" -C "${CNIGOPATH}"
+	rm -rf "${CNIGOPATH}/src/github.com/containernetworking"
+	mkdir -p "${CNIGOPATH}/src/github.com/containernetworking"
+	mv "${CNIGOPATH}/cni-${CNI_VERSION}"     "${CNIGOPATH}/src/github.com/containernetworking/cni"
+	mv "${CNIGOPATH}/plugins-${CNI_VERSION}" "${CNIGOPATH}/src/github.com/containernetworking/plugins"
+	export GOPATH="${CNIGOPATH}" && \
+	for TYPE in main ipam meta; do \
+		for CNIPLUGIN in `ls ${CNIGOPATH}/src/github.com/containernetworking/plugins/plugins/$$TYPE`; do \
+			(set -x; go build -o dist/cni-plugins/$$CNIPLUGIN -a -ldflags "${LDFLAGS}" github.com/containernetworking/plugins/plugins/$$TYPE/$$CNIPLUGIN) || exit 1; \
+		done \
+	done
+
+buildimage:
+	docker build -t ${BUILDIMAGE} .
+
+build-sh: buildimage
+	${DOCKERRUN} -ti ${BUILDIMAGE} /bin/sh
+
+dependencies: .workspace
+	# Fetch dependencies
+	[ "`ls vendor`" ] || \
+		(GOPATH="${GOPATH}" go get github.com/LK4D4/vndr && \
+		cd "${GOPATH}/src/${PKGNAME}" && "${GOPATH}/bin/vndr" -whitelist='.*')
+
+.workspace:
+	# Prepare workspace directory
+	[ -d "${GOPATH}" ] || mkdir -p vendor ${GOPATH}/src/${PKGNAME} && \
+		ln -sf ${REPODIR}/* ${GOPATH}/src/${PKGNAME} && \
+		ln -sf ${REPODIR}/vendor.conf ${GOPATH}/vendor.conf && \
+		rm -f ${GOPATH}/src/${PKGNAME}/build
+
+install:
+	cp dist/bin/cntnr /bin/cntnr
+
+clean:
+	rm -rf ./build ./dist

README.md

@@ -40,9 +40,11 @@ Though this does not solve the whole problem since some applications may still n
 
 
 ## Build
-Build the binary dist/bin/cntnr
+Build the binary dist/bin/cntnr (requires docker)
 ```
-./build.sh
+git clone https://github.com/mgoltzsche/cntnr.git
+cd cntnr
+make
 ```
 
 
@@ -55,7 +57,7 @@ hello world
 ```
 
 ### Create and run Firefox as unprivileged user
-Build a Firefox ESR container image tagged as `local/firefox:alpine`:
+Build a Firefox ESR container image `local/firefox:alpine`:
 ```
 cntnr image create \
 	--from=docker://alpine:3.7 \
@@ -90,6 +92,6 @@ cntnr bundle run firefox
 - apply CLI/compose network configuration
 - health check
 - systemd integration (notify when startup complete)
-- service discovery integration (consul, etcd)
 - network manager daemon with ACL to be used by unprivileged users to configure their container networks
-- container annotation driven env var sync with distributed KV store (consul, etcd) to e.g. auto-configure webserver/loadbalancer or for basic master election
+- _service discovery integration (consul, etcd)_
+- _container annotation driven env var sync with distributed KV store (consul, etcd) to e.g. auto-configure webserver/loadbalancer or for basic master election_

build.sh

@@ -15,9 +15,13 @@ REPOPATH="$(cd "$REPOPATH" && pwd)"
 PKGNAME=github.com/mgoltzsche/cntnr
 MAIN=$PKGNAME/cmd/cntnr
 BINARY=cntnr
+LDFLAGS=
+[ ! "${BUILD_STATIC:-false}" = true ] || LDFLAGS='-extldflags "-static"'
 
-# Exclude ostree since not available on ubuntu 16.04
-export BUILDTAGS=containers_image_ostree_stub
+# Exclude github.com/containers/image dependencies (exclude ostree since not available on ubuntu 16.04)
+# github.com/containers/storage specific tags: btrfs_noversion, static_build, exclude_graphdriver_devicemapper
+BUILDTAGS=${BUILDTAGS:-'containers_image_ostree_stub containers_image_storage_stub containers_image_openpgp libdm_no_deferred_remove btrfs_noversion'}
+[ ! "${BUILD_STATIC:-false}" = true ] || BUILDTAGS="$BUILDTAGS linux static_build exclude_graphdriver_devicemapper"
 
 initWorkspace() {
 	# Create workspace
@@ -36,9 +40,9 @@ initWorkspace() {
 		# Fetch dependencies
 		(
 			cd "$GOPATH/src/$PKGNAME" &&
-			"$VNDR" -whitelist='.*' &&
+			"$VNDR" -whitelist='.*' #&&
 			# Replace 'Sirupsen' with 'sirupsen' since he renamed his profile which causes conflicts in mtree and image-tools
-			(find "$GOPATH/src/$PKGNAME/vendor" -type f -name '*.go' -print0 | xargs -0 -n 1 sed -i 's/"github.com\/Sirupsen\/logrus"/"github.com\/sirupsen\/logrus"/g')
+			#(find "$GOPATH/src/$PKGNAME/vendor" -type f -name '*.go' -print0 | xargs -0 -n 1 sed -i 's/"github.com\/Sirupsen\/logrus"/"github.com\/sirupsen\/logrus"/g')
 		) || return 1
 	fi
 }
@@ -56,7 +60,7 @@ case "$1" in
 		initWorkspace &&
 
 		# Build cntnr binary
-		go build -o dist/bin/$BINARY -tags "$BUILDTAGS" $PKGNAME &&
+		go build -o dist/bin/$BINARY -a -ldflags "$LDFLAGS" -tags "$BUILDTAGS" $PKGNAME &&
 
 		# Build and run tests
 		go test -tags "$BUILDTAGS" $PKGNAME/model
@@ -92,7 +96,7 @@ case "$1" in
 		rm -rf "$WORKSPACE/src/$PKGNAME" &&
 		mkdir -p "$WORKSPACE/src/$PKGNAME" &&
 		ln -s "$REPOPATH"/* "$WORKSPACE/src/$PKGNAME" &&
-		rm "$WORKSPACE/src/$PKGNAME/build" &&
+		rm "$WORKSPACE/src/$PKGNAME/build" "$WORKSPACE/src/$PKGNAME/vendor" &&
 		cat <<-EOF
 			################################################################
 			# Setup LiteIDE project using the main package's context menu: #

generate/hook.go

@@ -109,7 +109,13 @@ func (b *HookBuilder) AddPortMapEntry(entry PortMapEntry) {
 	b.hook.Ports = append(b.hook.Ports, entry)
 }
 
-func (b *HookBuilder) Build(spec *generate.Generator) error {
+func (b *HookBuilder) Build(spec *generate.Generator) (err error) {
+	defer func() {
+		if err != nil {
+			err = fmt.Errorf("generate hook call: %s", err)
+		}
+	}()
+
 	//hookBinary, err := exec.LookPath("cntnr-hooks")
 	executable, err := os.Executable()
 	if err != nil {
@@ -170,8 +176,8 @@ func (b *HookBuilder) Build(spec *generate.Generator) error {
 	// TODO: better parse hook args directly by using same code the hook uses
 	j, err := json.Marshal(b.hook)
 	if err != nil {
-		return fmt.Errorf("build hook args: %s", err)
+		return
 	}
 	spec.AddAnnotation(ANNOTATION_HOOK_ARGS, string(j))
-	return nil
+	return
 }

model/transform.go

@@ -21,7 +21,13 @@ const (
 	ANNOTATION_BUNDLE_ID         = "com.github.mgoltzsche.cntnr.bundle.id"
 )
 
-func (service *Service) ToSpec(p *Project, rootless bool, spec *generate.SpecBuilder) error {
+func (service *Service) ToSpec(p *Project, rootless bool, spec *generate.SpecBuilder) (err error) {
+	defer func() {
+		if err != nil {
+			err = fmt.Errorf("generate OCI bundle spec: %s", err)
+		}
+	}()
+
 	vols := NewVolumeResolver(p)
 
 	if rootless {

oci/image/store/imagerepo.go

@@ -67,6 +67,9 @@ func OpenImageRepo(dir, externalBlobDir string, create bool) (r *ImageRepo, err
 			return
 		}
 	} else if _, e := os.Lstat(blobDir); os.IsNotExist(e) {
+		if _, e = os.Stat(externalBlobDir); os.IsNotExist(e) {
+			return r, fmt.Errorf("blob dir: %s", err)
+		}
 		if err = os.Symlink(externalBlobDir, blobDir); err != nil {
 			return
 		}

oci/image/store/imagestorerw.go

@@ -174,12 +174,18 @@ func (s *ImageStoreRW) ImportImage(src string) (img image.Image, err error) {
 
 	// Create temp image directory
 	name, ref := nameAndRef(srcRef)
+	if err = os.MkdirAll(s.repoDir, 0775); err != nil {
+		return
+	}
 	imgDir, err := ioutil.TempDir(s.repoDir, "tmpimg-")
 	if err != nil {
 		return
 	}
 	defer os.RemoveAll(imgDir)
 	imgBlobDir := filepath.Join(imgDir, "blobs")
+	if err = os.MkdirAll(s.blobs.blobDir, 0775); err != nil {
+		return
+	}
 	if err = os.Symlink(s.blobs.blobDir, imgBlobDir); err != nil {
 		return
 	}

pkg/atomic/writer.go

@@ -45,6 +45,10 @@ func WriteFile(dest string, reader io.Reader) (size int64, err error) {
 		err = fmt.Errorf("copy to temp file: %s", err)
 		return
 	}
+	if err = tmpFile.Sync(); err != nil {
+		err = fmt.Errorf("sync temp file: %s", err)
+		return
+	}
 	tmpFile.Close()
 
 	// Rename temp file