zishuo/runc
1
0
Fork 0
mirror of https://github.com/opencontainers/runc.git synced 2025-09-26 19:41:35 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
7d81b21c1a9af47fd610b3169b0dbc12e8f64308
runc/Makefile
Kir Kolyshkin c12c99b7d2 runc: embed version from VERSION file 
This ensures that if runc is built without the provided Makefile, the
version is still properly set.

No change in the output.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-04-23 09:31:26 -07:00

252 lines
7.0 KiB
Makefile
Raw Blame History

SHELL = /bin/bash
CONTAINER_ENGINE := docker
GO ?= go
PREFIX ?= /usr/local
BINDIR := $(PREFIX)/sbin
MANDIR := $(PREFIX)/share/man
GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null)
GIT_BRANCH_CLEAN := $(shell echo $(GIT_BRANCH) | sed -e "s/[^[:alnum:]]/-/g")
RUNC_IMAGE := runc_dev$(if $(GIT_BRANCH_CLEAN),:$(GIT_BRANCH_CLEAN))
PROJECT := github.com/opencontainers/runc
EXTRA_BUILDTAGS :=
BUILDTAGS := seccomp urfave_cli_no_docs
BUILDTAGS += $(EXTRA_BUILDTAGS)
COMMIT := $(shell git describe --dirty --long --always)
EXTRA_VERSION :=
LDFLAGS_COMMON := -X main.gitCommit=$(COMMIT) \
$(if $(strip $(EXTRA_VERSION)),-X main.extraVersion=$(EXTRA_VERSION),)
GOARCH := $(shell $(GO) env GOARCH)
# -trimpath may be required on some platforms to create reproducible builds
# on the other hand, it does strip out build information, like -ldflags, which
# some tools use to infer the version, in the absence of go information,
# which happens when you use `go build`.
# This enables someone to override by doing `make runc TRIMPATH= ` etc.
TRIMPATH := -trimpath
GO_BUILDMODE :=
# Enable dynamic PIE executables on supported platforms.
ifneq (,$(filter $(GOARCH),386 amd64 arm arm64 ppc64le riscv64 s390x))
ifeq (,$(findstring -race,$(EXTRA_FLAGS)))
GO_BUILDMODE := "-buildmode=pie"
endif
endif
GO_BUILD := $(GO) build $(TRIMPATH) $(GO_BUILDMODE) \
$(EXTRA_FLAGS) -tags "$(BUILDTAGS)" \
-ldflags "$(LDFLAGS_COMMON) $(EXTRA_LDFLAGS)"
GO_BUILDMODE_STATIC :=
LDFLAGS_STATIC := -extldflags -static
# Enable static PIE executables on supported platforms.
# This (among the other things) requires libc support (rcrt1.o), which seems
# to be available only for arm64 and amd64 (Debian Bullseye).
ifneq (,$(filter $(GOARCH),arm64 amd64))
ifeq (,$(findstring -race,$(EXTRA_FLAGS)))
GO_BUILDMODE_STATIC := -buildmode=pie
LDFLAGS_STATIC := -linkmode external -extldflags -static-pie
endif
endif
# Enable static PIE binaries on supported platforms.
GO_BUILD_STATIC := $(GO) build $(TRIMPATH) $(GO_BUILDMODE_STATIC) \
$(EXTRA_FLAGS) -tags "$(BUILDTAGS) netgo osusergo" \
-ldflags "$(LDFLAGS_COMMON) $(LDFLAGS_STATIC) $(EXTRA_LDFLAGS)"
GPG_KEYID ?= asarai@suse.de
# Some targets need cgo, which is disabled by default when cross compiling.
# Enable cgo explicitly for those.
# Both runc and libcontainer/integration need libcontainer/nsenter.
runc static localunittest: export CGO_ENABLED=1
# seccompagent needs libseccomp (when seccomp build tag is set).
ifneq (,$(filter $(BUILDTAGS),seccomp))
seccompagent: export CGO_ENABLED=1
endif
.DEFAULT: runc
.PHONY: runc
runc: runc-bin
.PHONY: runc-bin
runc-bin:
$(GO_BUILD) -o runc .
.PHONY: all
all: runc memfd-bind
.PHONY: memfd-bind
memfd-bind:
$(GO_BUILD) -o contrib/cmd/$@/$@ ./contrib/cmd/$@
TESTBINDIR := tests/cmd/_bin
$(TESTBINDIR):
mkdir $(TESTBINDIR)
TESTBINS := recvtty sd-helper seccompagent fs-idmap pidfd-kill remap-rootfs key_label
.PHONY: test-binaries $(TESTBINS)
test-binaries: $(TESTBINS)
$(TESTBINS): $(TESTBINDIR)
$(GO_BUILD) -o $(TESTBINDIR) ./tests/cmd/$@
.PHONY: clean
clean:
rm -f runc runc-*
rm -f contrib/cmd/memfd-bind/memfd-bind
rm -fr $(TESTBINDIR)
sudo rm -rf release
rm -rf man/man8
.PHONY: static
static: static-bin
.PHONY: static-bin
static-bin:
$(GO_BUILD_STATIC) -o runc .
.PHONY: releaseall
releaseall: RELEASE_ARGS := "-a 386 -a amd64 -a arm64 -a armel -a armhf -a ppc64le -a riscv64 -a s390x"
releaseall: release
.PHONY: release
release: runcimage
$(CONTAINER_ENGINE) run $(CONTAINER_ENGINE_RUN_FLAGS) \
--rm -v $(CURDIR):/go/src/$(PROJECT) \
-e RELEASE_ARGS=$(RELEASE_ARGS) \
$(RUNC_IMAGE) make localrelease
script/release_sign.sh -S $(GPG_KEYID)
.PHONY: localrelease
localrelease: verify-changelog
script/release_build.sh $(RELEASE_ARGS)
.PHONY: dbuild
dbuild: runcimage
$(CONTAINER_ENGINE) run $(CONTAINER_ENGINE_RUN_FLAGS) \
--privileged --rm \
-v $(CURDIR):/go/src/$(PROJECT) \
$(RUNC_IMAGE) make clean runc test-binaries
.PHONY: lint
lint:
golangci-lint run ./...
.PHONY: man
man:
man/md2man-all.sh
.PHONY: runcimage
runcimage:
$(CONTAINER_ENGINE) build $(CONTAINER_ENGINE_BUILD_FLAGS) -t $(RUNC_IMAGE) .
.PHONY: test
test: unittest integration rootlessintegration
.PHONY: localtest
localtest: localunittest localintegration localrootlessintegration
.PHONY: unittest
unittest: runcimage
$(CONTAINER_ENGINE) run $(CONTAINER_ENGINE_RUN_FLAGS) \
-t --privileged --rm \
-v /lib/modules:/lib/modules:ro \
-v $(CURDIR):/go/src/$(PROJECT) \
$(RUNC_IMAGE) make localunittest TESTFLAGS="$(TESTFLAGS)"
.PHONY: localunittest
localunittest: test-binaries
$(GO) test -timeout 3m -tags "$(BUILDTAGS)" $(TESTFLAGS) -v ./...
.PHONY: integration
integration: runcimage
$(CONTAINER_ENGINE) run $(CONTAINER_ENGINE_RUN_FLAGS) \
-t --privileged --rm \
-v /lib/modules:/lib/modules:ro \
-v $(CURDIR):/go/src/$(PROJECT) \
$(RUNC_IMAGE) make localintegration TESTPATH="$(TESTPATH)"
.PHONY: localintegration
localintegration: runc test-binaries
bats -t tests/integration$(TESTPATH)
.PHONY: rootlessintegration
rootlessintegration: runcimage
$(CONTAINER_ENGINE) run $(CONTAINER_ENGINE_RUN_FLAGS) \
-t --privileged --rm \
-v $(CURDIR):/go/src/$(PROJECT) \
-e ROOTLESS_TESTPATH \
$(RUNC_IMAGE) make localrootlessintegration
.PHONY: localrootlessintegration
localrootlessintegration: runc test-binaries
tests/rootless.sh
.PHONY: shell
shell: runcimage
$(CONTAINER_ENGINE) run $(CONTAINER_ENGINE_RUN_FLAGS) \
-ti --privileged --rm \
-v $(CURDIR):/go/src/$(PROJECT) \
$(RUNC_IMAGE) bash
.PHONY: install
install:
install -D -m0755 runc $(DESTDIR)$(BINDIR)/runc
.PHONY: install-bash
install-bash:
install -D -m0644 contrib/completions/bash/runc $(DESTDIR)$(PREFIX)/share/bash-completion/completions/runc
.PHONY: install-man
install-man: man
install -d -m 755 $(DESTDIR)$(MANDIR)/man8
install -D -m 644 man/man8/*.8 $(DESTDIR)$(MANDIR)/man8
.PHONY: cfmt
cfmt: C_SRC=$(shell git ls-files '*.c' | grep -v '^vendor/')
cfmt:
indent -linux -l120 -il0 -ppi2 -cp1 -sar -T size_t -T jmp_buf $(C_SRC)
.PHONY: shellcheck
shellcheck:
shellcheck tests/integration/*.bats tests/integration/*.sh \
tests/integration/*.bash tests/*.sh \
man/*.sh script/*
# TODO: add shellcheck for more sh files (contrib/completions/bash/runc).
.PHONY: shfmt
shfmt:
$(CONTAINER_ENGINE) run $(CONTAINER_ENGINE_RUN_FLAGS) \
--rm -v $(CURDIR):/src -w /src \
mvdan/shfmt:v3.11.0 -d -w .
.PHONY: localshfmt
localshfmt:
shfmt -d -w .
.PHONY: vendor
vendor:
$(GO) mod tidy
$(GO) mod vendor
$(GO) mod verify
.PHONY: verify-changelog
verify-changelog:
# No space at EOL.
! grep -n '\s$$' CHANGELOG.md
# Period before issue/PR references.
! grep -n '[0-9a-zA-Z][^.] (#[1-9][0-9, #]*)$$' CHANGELOG.md
.PHONY: verify-dependencies
verify-dependencies: vendor
@test -z "$$(git status --porcelain -- go.mod go.sum vendor/)" \
|| (echo -e "git status:\n $$(git status -- go.mod go.sum vendor/)\nerror: vendor/, go.mod and/or go.sum not up to date. Run \"make vendor\" to update"; exit 1) \
&& echo "all vendor files are up to date."
.PHONY: validate-keyring
validate-keyring:
script/keyring_validate.sh
Reference in New Issue View Git Blame Copy Permalink