diff --git a/.dockerignore b/.dockerignore index 8797cc5274e..05dc17082f2 100644 --- a/.dockerignore +++ b/.dockerignore @@ -8,3 +8,4 @@ test/certs/webpki test/certs/.softhsm-tokens .git .gocache +.github diff --git a/.gitignore b/.gitignore index 5e1426c919a..502a89ea7a6 100644 --- a/.gitignore +++ b/.gitignore @@ -3,6 +3,8 @@ *.a *.so *.pyc +boulder-*.deb +boulder-*.tar.gz # Folders _obj diff --git a/Containerfile b/Containerfile index 01eb012c2f0..4f810e45bb3 100644 --- a/Containerfile +++ b/Containerfile @@ -6,6 +6,7 @@ FROM docker.io/ubuntu:24.04 AS builder ARG COMMIT_ID ARG COMMIT_TIMESTAMP ARG GO_VERSION +ARG TARGETPLATFORM ARG VERSION ENV DEBIAN_FRONTEND=noninteractive @@ -14,7 +15,12 @@ RUN apt-get --assume-yes --no-install-recommends --update install \ ca-certificates curl gcc git gnupg2 libc6-dev COPY tools/fetch-and-verify-go.sh /tmp -RUN /tmp/fetch-and-verify-go.sh ${GO_VERSION} +RUN case "${TARGETPLATFORM}" in \ + "linux/amd64"|"") PLATFORM="linux-amd64" ;; \ + "linux/arm64") PLATFORM="linux-arm64" ;; \ + *) echo "Unsupported platform: ${TARGETPLATFORM}" && exit 1 ;; \ + esac && \ + /tmp/fetch-and-verify-go.sh ${GO_VERSION} ${PLATFORM} RUN tar -C /opt -xzf go.tar.gz ENV PATH="/opt/go/bin:${PATH}" diff --git a/tools/container-build.sh b/tools/container-build.sh index 9f973bd707f..6f4637b2548 100755 --- a/tools/container-build.sh +++ b/tools/container-build.sh @@ -7,25 +7,34 @@ set -ex -# Without this, `go install` produces: -# # runtime/cgo -# gcc: error: unrecognized command-line option '-m64' -if [ "$(uname -m)" = "arm64" ]; then - export DOCKER_DEFAULT_PLATFORM=linux/amd64 -fi - if [ -z "${GO_VERSION}" ] ; then echo "GO_VERSION not set" exit 1 fi -ARCH="$(uname -m)" +# Determine what architecture to build for +if [ -n "${DOCKER_DEFAULT_PLATFORM:-}" ]; then + PLATFORM="${DOCKER_DEFAULT_PLATFORM}" +else + case "$(uname -m)" in + x86_64) PLATFORM="linux/amd64" ;; + aarch64|arm64) PLATFORM="linux/arm64" ;; + *) echo "Unsupported architecture: $(uname -m)" && exit 1 ;; + esac +fi + +case "${PLATFORM}" in + linux/amd64) ARCH="amd64" ;; + linux/arm64) ARCH="arm64" ;; + *) echo "Unsupported platform: ${PLATFORM}" && exit 1 ;; +esac COMMIT_ID="$(git rev-parse --short=8 HEAD)" COMMIT_TIMESTAMP="$(git show -s --format=%ct HEAD)" COMMIT_DATE_ISO8601="$(TZ=UTC0 git show -s --format=%cd --date=format:%Y-%m-%dT%H:%M:%SZ HEAD)" VERSION="${GO_VERSION}.${COMMIT_TIMESTAMP}" docker buildx build \ + --platform "$PLATFORM" \ --file Containerfile \ --build-arg "COMMIT_ID=${COMMIT_ID}" \ --build-arg "COMMIT_TIMESTAMP=${COMMIT_TIMESTAMP}" \ @@ -40,6 +49,7 @@ docker buildx build \ docker run boulder tar -C /opt/boulder --mtime="@${COMMIT_TIMESTAMP}" --owner=0 --group=0 --numeric-owner --sort=name -cp . | gzip -n > "./boulder-${VERSION}-${COMMIT_ID}.${ARCH}.tar.gz" # Produces e.g. boulder-1.25.0.1754519595-591c0545.x86_64.deb docker run -v .:/boulderrepo \ + -e "ARCH=${ARCH}" \ -e "COMMIT_ID=${COMMIT_ID}" \ -e "VERSION=${VERSION}" \ -e "SOURCE_DATE_EPOCH=${COMMIT_TIMESTAMP}" \ diff --git a/tools/make-deb.sh b/tools/make-deb.sh index 6b831d8903e..b4cded16022 100755 --- a/tools/make-deb.sh +++ b/tools/make-deb.sh @@ -10,6 +10,10 @@ set -eu cd "$(realpath -- "$(dirname -- "$0")")/.." +if [ -z "${ARCH:-}" ]; then echo "ARCH not set"; exit 1; fi +if [ -z "${VERSION:-}" ]; then echo "VERSION not set"; exit 1; fi +if [ -z "${COMMIT_ID:-}" ]; then echo "COMMIT_ID not set"; exit 1; fi + BUILD="$(mktemp -d)" mkdir -p "${BUILD}/opt" @@ -21,7 +25,7 @@ Package: boulder Version: 1:${VERSION} License: Mozilla Public License v2.0 Vendor: ISRG -Architecture: amd64 +Architecture: ${ARCH} Maintainer: Community Section: default Priority: extra @@ -33,4 +37,4 @@ EOF find "${BUILD}" ! -type l -exec touch -d "@${SOURCE_DATE_EPOCH}" {} \; find "${BUILD}" -type l -exec touch -h -d "@${SOURCE_DATE_EPOCH}" {} \; -dpkg-deb -Zgzip -b "${BUILD}" "boulder-${VERSION}-${COMMIT_ID}.x86_64.deb" +dpkg-deb -Zgzip -b "${BUILD}" "boulder-${VERSION}-${COMMIT_ID}.${ARCH}.deb"