fixup! Use Signed Binaries for Docker Build

Author: sheylatrudo

.pipelines/build/images.jobs.yaml

@@ -70,6 +70,21 @@ jobs:
         search_root: $(OUT_DIR)
 
 
+    - task: ShellScript@2
+      displayName: "Package with DropGZ"
+      condition: and(succeeded(), eq('$(packageWithDropGZ)', 'True'))
+      inputs:
+        scriptPath: $(REPO_ROOT)/.pipelines/build/scripts/dropgz.sh
+
+    - task: onebranch.pipeline.signing@1
+      condition: and(succeeded(), eq('$(packageWithDropGZ)', 'True'))
+      inputs:
+        command: 'sign'
+        signing_profile: 'external_distribution'
+        files_to_sign: '**/dropgz'
+        search_root: $(OUT_DIR)
+
+
   - job: images_${{ job_data.job }}
     displayName: "Build Images - ${{ job_data.displayName }} -"
     dependsOn:

.pipelines/build/scripts/azure-ipam.sh

@@ -13,11 +13,7 @@ pushd "$REPO_ROOT"/azure-ipam
     -o "$OUT_DIR"/bin/azure-ipam \
     -ldflags "-X github.com/Azure/azure-container-networking/azure-ipam/internal/buildinfo.Version="$AZURE_IPAM_VERSION" -X main.version="$AZURE_IPAM_VERSION"" \
     -gcflags="-dwarflocationlists=true" \
-    main.go
+    .
 
   cp *.conflist "$OUT_DIR"/files/
 popd
-
-
-# Build with DropGZ
-./dropgz.sh

.pipelines/build/scripts/cni.sh

@@ -63,6 +63,3 @@ pushd "$REPO_ROOT"/cni
   cp azure-$OS-multitenancy.conflist "$OUT_DIR"/files/multitenancy.conflist
   cp "$REPO_ROOT"/telemetry/azure-vnet-telemetry.config "$OUT_DIR"/files/azure-vnet-telemetry.config
 popd
-
-# Build with DropGZ
-./dropgz.sh

.pipelines/build/scripts/dropgz.sh

@@ -1,3 +1,6 @@
+#!/bin/bash
+set -eux
+
 export GOOS=$OS
 export GOARCH=$ARCH
 export CGO_ENABLED=0 

.pipelines/build/scripts/ipv6-hp-bpf.sh

@@ -12,25 +12,31 @@ mkdir -p "$OUT_DIR"/lib
 # Package up Needed C Files
 if [[ -f /etc/debian_version ]];then
   apt-get update -y
-  if [[ $GOARCH =~ amd64 ]]; then
-    apt-get install -y llvm clang linux-libc-dev linux-headers-generic libbpf-dev libc6-dev nftables iproute2 gcc-multilib tree
-    cp /lib/"$ARCH"/ld-linux-x86-64.so.2 "$OUT_DIR"/lib/
-    for dir in /usr/include/x86_64-linux-gnu/*; do 
-      ln -sfn "$dir" /usr/include/$(basename "$dir") 
-    done
+  if [[ $ARCH =~ amd64 ]]; then
+    apt-get install -y llvm clang linux-libc-dev linux-headers-generic libbpf-dev libc6-dev nftables iproute2 gcc-multilib build-essential binutils 
+
+    ARCH=x86_64-linux-gnu
+    cp /usr/lib/"$ARCH"/ld-linux-x86-64.so.2 "$OUT_DIR"/lib/
 
-  elif [[ $GOARCH =~ arm64 ]]; then
-    apt-get install -y llvm clang linux-libc-dev linux-headers-generic libbpf-dev libc6-dev nftables iproute2 gcc-aarch64-linux-gnu tree
-    cp /lib/"$ARCH"/ld-linux-aarch64.so.1 "$OUT_DIR"/lib/
-    for dir in /usr/include/aarch64-linux-gnu/*; do 
-      ln -sfn "$dir" /usr/include/$(basename "$dir")
-    done
+  elif [[ $ARCH =~ arm64 ]]; then
+    apt-get install -y llvm clang linux-libc-dev linux-headers-generic libbpf-dev libc6-dev nftables iproute2 gcc-aarch64-linux-gnu
+
+    ARCH=aarch64-linux-gnu
+    PLAT=linux-aarch64
+    cp /usr/lib/"$ARCH"/ld-linux-aarch64.so.1 "$OUT_DIR"/lib/
   fi
+
+  for dir in /usr/include/"$ARCH"/*; do 
+    ln -sfn "$dir" /usr/include/$(basename "$dir")
+  done
+
+
 # Mariner
 else
-  tdnf install -y llvm clang libbpf-devel nftables tree
-  cp /lib/"$ARCH"/ld-linux-x86-64.so.2 "$OUT_DIR"/lib/
-  for dir in /usr/include/x86_64-linux-gnu/*; do 
+  tdnf install -y llvm clang libbpf-devel nftables gcc binutils iproute glibc-devel.i686
+  ARCH=x86_64-linux-gnu
+  cp /usr/lib/"$ARCH"/ld-linux-x86-64.so.2 "$OUT_DIR"/lib/
+  for dir in /usr/include/"$ARCH"/*; do 
     if [[ -d $dir ]]; then
       ln -sfn "$dir" /usr/include/$(basename "$dir") 
     elif [[ -f "$dir" ]]; then
@@ -39,6 +45,8 @@ else
   done
 fi
 
+
+# Copy Library Files
 ln -sfn /usr/include/"$ARCH"/asm /usr/include/asm
 cp /lib/"$ARCH"/libnftables.so.1 "$OUT_DIR"/lib/
 cp /lib/"$ARCH"/libedit.so.2 "$OUT_DIR"/lib/
@@ -61,13 +69,13 @@ cp /sbin/ip "$OUT_DIR"/bin/ip
 pushd "$REPO_ROOT"/bpf-prog/ipv6-hp-bpf
   cp ./cmd/ipv6-hp-bpf/*.go .
 
-  if [ "$DEBUG" = "true" ]; then 
+  if [[ "$DEBUG" =~ ^[T|t]rue$ ]]; then 
     echo "\n#define DEBUG" >> ./include/helper.h
   fi
 
   go generate ./...
   go build -v -a -trimpath \
     -o "$OUT_DIR"/bin/ipv6-hp-bpf \
-     -ldflags "-X main.version="$IPV6_HP_BPF_VERSION"" \
-     -gcflags="-dwarflocationlists=true" .
+    -ldflags "-X main.version="$IPV6_HP_BPF_VERSION"" \
+    -gcflags="-dwarflocationlists=true" .
 popd

.pipelines/run-pipeline.yaml

@@ -137,12 +137,14 @@ stages:
                 archiveName: azure-ipam
                 archiveVersion: $(AZURE_IPAM_VERSION)
                 imageTag: $(Build.BuildNumber)
+                packageWithDropGZ: True
               cni:
                 name: cni
                 extraArgs: '--build-arg CNI_AI_PATH=$(CNI_AI_PATH) --build-arg CNI_AI_ID=$(CNI_AI_ID)'
                 archiveName: azure-cni
                 archiveVersion: $(CNI_VERSION)
                 imageTag: $(Build.BuildNumber)
+                packageWithDropGZ: True
               cns:
                 name: cns
                 extraArgs: '--build-arg CNS_AI_PATH=$(CNS_AI_PATH) --build-arg CNS_AI_ID=$(CNS_AI_ID)'
@@ -178,12 +180,14 @@ stages:
                 archiveName: azure-ipam
                 archiveVersion: $(OS)-$(ARCH)-$(AZURE_IPAM_VERSION)
                 imageTag: $(Build.BuildNumber)
+                packageWithDropGZ: True
               cni:
                 name: cni
                 extraArgs: '--build-arg CNI_AI_PATH=$(CNI_AI_PATH) --build-arg CNI_AI_ID=$(CNI_AI_ID)'
                 archiveName: azure-cni
                 archiveVersion: $(CNI_VERSION)
                 imageTag: $(Build.BuildNumber)
+                packageWithDropGZ: True
               cns:
                 name: cns
                 extraArgs: '--build-arg CNS_AI_PATH=$(CNS_AI_PATH) --build-arg CNS_AI_ID=$(CNS_AI_ID)'
@@ -213,12 +217,14 @@ stages:
                 archiveVersion: $(AZURE_IPAM_VERSION)
                 extraArgs: ''
                 imageTag: $(Build.BuildNumber)
+                packageWithDropGZ: True
               cni:
                 name: cni
                 extraArgs: '--build-arg CNI_AI_PATH=$(CNI_AI_PATH) --build-arg CNI_AI_ID=$(CNI_AI_ID)'
                 archiveName: azure-cni
                 archiveVersion: $(CNI_VERSION)
                 imageTag: $(Build.BuildNumber)
+                packageWithDropGZ: True
               cns:
                 name: cns
                 extraArgs: '--build-arg CNS_AI_PATH=$(CNS_AI_PATH) --build-arg CNS_AI_ID=$(CNS_AI_ID)'