Add podman static build

We’re now able to build a static podman binary based on a custom nix derivation. This is integrated in cirrus as well, whereas a later target would be to provide a self-contained static binary bundle which can be installed on any Linux x64-bit system. Fixes: https://github.com/containers/libpod/issues/1399 Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2025-05-17 23:26:08 +08:00 · 2020-03-20 10:55:23 +01:00
parent 18b273b72b
commit c21258b70e
12 changed files with 147 additions and 1 deletions
--- a/.cirrus.yml
+++ b/.cirrus.yml
@ -820,6 +820,7 @@ success_task:
        - "test_build_cache_images"
        - "verify_test_built_images"
        - "docs"
+        - "static_build"
        # FIXME remove when all v2 tests pass
        - "integration_test_temporary"

@ -835,3 +836,18 @@ success_task:
        memory: 1

    success_script: '/usr/local/bin/entrypoint.sh ./$SCRIPT_BASE/success.sh |& ${TIMESTAMP}'
+
+static_build_task:
+    container:
+        image: quay.io/podman/nix-podman:1.0.0
+        cpu: 8
+        memory: 12
+    timeout_in: 20m
+    depends_on:
+        - "gating"
+    build_script:
+        - nix build -f nix
+    binaries_artifacts:
+        path: "result-bin/bin/podman"
+    on_failure:
+        failed_branch_script: '$CIRRUS_WORKING_DIR/$SCRIPT_BASE/notice_branch_failure.sh |& ${TIMESTAMP}'
--- a/.gitignore
+++ b/.gitignore
@ -31,3 +31,4 @@ release.txt
 /test/copyimg/copyimg
 /test/goecho/goecho
 .vscode*
+result-bin
--- a/10
+++ b/10
@ -0,0 +1,10 @@
+# vim: set syntax=dockerfile:
+FROM nixos/nix:latest
+
+RUN apk add --no-cache bash git
+
+COPY . /work
+WORKDIR work/nix
+RUN nix-build
+WORKDIR /
+RUN rm -rf work
--- a/26
+++ b/26
@ -74,7 +74,7 @@ LDFLAGS_PODMAN ?= \
 	  -X $(LIBPOD)/define.buildInfo=$(BUILD_INFO) \
 	  -X $(LIBPOD)/config._installPrefix=$(PREFIX) \
 	  -X $(LIBPOD)/config._etcDir=$(ETCDIR) \
-	  -extldflags "$(LDFLAGS)"
+	  $(EXTRA_LDFLAGS)
 #Update to LIBSECCOMP_COMMIT should reflect in Dockerfile too.
 LIBSECCOMP_COMMIT := v2.3.3
 # Rarely if ever should integration tests take more than 50min,
@ -217,6 +217,30 @@ bin/podman.cross.%: .gopathok
 	GOARCH="$${TARGET##*.}" \
 	$(GO_BUILD) -gcflags '$(GCFLAGS)' -asmflags '$(ASMFLAGS)' -ldflags '$(LDFLAGS_PODMAN)' -tags '$(BUILDTAGS_CROSS)' -o "$@" $(PROJECT)/cmd/podman

+# Update nix/nixpkgs.json its latest master commit
+.PHONY: nixpkgs
+nixpkgs:
+	@nix run -f channel:nixpkgs-unstable nix-prefetch-git -c nix-prefetch-git \
+		--no-deepClone https://github.com/nixos/nixpkgs > nix/nixpkgs.json
+
+NIX_IMAGE ?= quay.io/podman/nix-podman:1.0.0
+
+# Build the nix image as base for static builds
+.PHONY: nix-image
+nix-image:
+	$(CONTAINER_RUNTIME) build -t $(NIX_IMAGE) -f Containerfile-nix .
+
+# Build podman statically linked based on the default nix container image
+.PHONY: build-static
+build-static:
+	$(CONTAINER_RUNTIME) run \
+		--rm -it \
+		-v $(shell pwd):/work \
+		-w /work $(NIX_IMAGE) \
+		sh -c "nix build -f nix && \
+			   mkdir -p bin && \
+			   cp result-*bin/bin/podman bin/podman-static"
+
 .PHONY: run-docker-py-tests
 run-docker-py-tests:
 	$(eval testLogs=$(shell mktemp))
--- a/README.md
+++ b/README.md
@ -180,3 +180,9 @@ Podman offers a Varlink-based API for remote management of containers.
 However, this API has been deprecated by the REST API.
 Varlink support is in maintenance mode, and will be removed in a future release.
 For more details, you can see [this blog](https://podman.io/blogs/2020/01/17/podman-new-api.html).
+
+## Static Binary Builds
+The Cirrus CI integration within this repository contains a `static_build` job
+which produces a static Podman binary for testing purposes. Please note that
+this binary is not officially supported with respect to feature-completeness
+and functionality and should be only used for testing.
--- a/libpod/define/info.go
+++ b/libpod/define/info.go
@ -33,6 +33,7 @@ type HostInfo struct {
 	SwapFree       int64                  `json:"swapFree"`
 	SwapTotal      int64                  `json:"swapTotal"`
 	Uptime         string                 `json:"uptime"`
+	Linkmode       string                 `json:"linkmode"`
 }

 // SlirpInfo describes the slirp exectuable that
--- a/libpod/info.go
+++ b/libpod/info.go
@ -14,6 +14,7 @@ import (

 	"github.com/containers/buildah"
 	"github.com/containers/libpod/libpod/define"
+	"github.com/containers/libpod/libpod/linkmode"
 	"github.com/containers/libpod/pkg/cgroups"
 	registries2 "github.com/containers/libpod/pkg/registries"
 	"github.com/containers/libpod/pkg/rootless"
@ -86,6 +87,7 @@ func (r *Runtime) hostInfo() (*define.HostInfo, error) {
 	info := define.HostInfo{
 		Arch:           runtime.GOARCH,
 		BuildahVersion: buildah.Version,
+		Linkmode:       linkmode.Linkmode(),
 		CPUs:           runtime.NumCPU(),
 		Distribution:   hostDistributionInfo,
 		EventLogger:    r.eventer.String(),
--- a/libpod/linkmode/linkmode_dynamic.go
+++ b/libpod/linkmode/linkmode_dynamic.go
@ -0,0 +1,8 @@
+// +build !static
+
+package linkmode
+
+// Linkmode returns the linking mode (static/dynamic) for the build.
+func Linkmode() string {
+	return "dynamic"
+}
--- a/libpod/linkmode/linkmode_static.go
+++ b/libpod/linkmode/linkmode_static.go
@ -0,0 +1,8 @@
+// +build static
+
+package linkmode
+
+// Linkmode returns the linking mode (static/dynamic) for the build.
+func Linkmode() string {
+	return "static"
+}
--- a/nix/default.nix
+++ b/nix/default.nix
@ -0,0 +1,53 @@
+let
+  pkgs = import ./nixpkgs.nix {
+    config = {
+      packageOverrides = pkg: {
+        go_1_12 = pkg.go_1_14;
+      };
+    };
+  };
+
+  static = pkg: pkg.overrideAttrs(old: {
+    configureFlags = (old.configureFlags or []) ++
+      [ "--without-shared" "--disable-shared" ];
+    dontDisableStatic = true;
+    enableSharedExecutables = false;
+    enableStatic = true;
+  });
+
+  patchLvm2 = pkg: pkg.overrideAttrs(old: {
+    configureFlags = [
+      "--disable-cmdlib" "--disable-readline" "--disable-udev_rules"
+      "--disable-udev_sync" "--enable-pkgconfig" "--enable-static_link"
+    ];
+    preConfigure = old.preConfigure + ''
+      substituteInPlace libdm/Makefile.in --replace \
+        SUBDIRS=dm-tools SUBDIRS=
+      substituteInPlace tools/Makefile.in --replace \
+        "TARGETS += lvm.static" ""
+      substituteInPlace tools/Makefile.in --replace \
+        "INSTALL_LVM_TARGETS += install_tools_static" ""
+    '';
+    postInstall = "";
+  });
+
+  self = {
+    podman-static = (pkgs.podman.overrideAttrs(old: {
+      name = "podman-static";
+      buildInputs = old.buildInputs ++ (with pkgs; [
+        (static pkgs.libassuan)
+        (static pkgs.libgpgerror)
+        git
+        glibc
+        glibc.static
+      ]);
+      src = ./..;
+      EXTRA_LDFLAGS = ''-linkmode external -extldflags "-static -lm"'';
+      BUILDTAGS = ''static apparmor selinux seccomp systemd varlink containers_image_ostree_stub'';
+    })).override {
+      gpgme = (static pkgs.gpgme);
+      libseccomp = (static pkgs.libseccomp);
+      lvm2 = (patchLvm2 (static pkgs.lvm2));
+    };
+  };
+in self
--- a/nix/nixpkgs.json
+++ b/nix/nixpkgs.json
@ -0,0 +1,9 @@
+{
+  "url": "https://github.com/nixos/nixpkgs",
+  "rev": "a08d4f605bca62c282ce9955d5ddf7d824e89809",
+  "date": "2020-03-20T10:10:15+01:00",
+  "sha256": "1bniq08dlmrmrz4aga1cj0d7rqbaq9xapm5ar15wdv2c6431z2m8",
+  "fetchSubmodules": false,
+  "deepClone": false,
+  "leaveDotGit": false
+}
--- a/nix/nixpkgs.nix
+++ b/nix/nixpkgs.nix
@ -0,0 +1,8 @@
+let
+  json = builtins.fromJSON (builtins.readFile ./nixpkgs.json);
+  nixpkgs = import (builtins.fetchTarball {
+    name = "nixos-unstable";
+    url = "${json.url}/archive/${json.rev}.tar.gz";
+    inherit (json) sha256;
+  });
+in nixpkgs