chore: add devtool command for building CI artifacts

Running resources/rebuild.sh script assumes an Ubuntu host (it relies on
apt). Add a new `build_ci_artifacts` command in devtool that runs the
script inside devctr. This allows us to build CI artifacts without
necessarily being in an Ubuntu system.

Also, extend resources/rebuild.sh to perform some cleanup after running
commands so, at the end, it only produces the directory with the
artifacts and no intermediate by-products.

Signed-off-by: Babis Chalios <[email protected]>

Author: bchalios

resources/rebuild.sh

@@ -16,8 +16,8 @@ source "$GIT_ROOT_DIR/tools/functions"
 
 # Make sure we have all the needed tools
 function install_dependencies {
-    sudo apt update
-    sudo apt install -y bc flex bison gcc make libelf-dev libssl-dev squashfs-tools busybox-static tree cpio curl
+    apt update
+    apt install -y bc flex bison gcc make libelf-dev libssl-dev squashfs-tools busybox-static tree cpio curl patch docker.io
 }
 
 function dir2ext4img {
@@ -30,13 +30,21 @@ function dir2ext4img {
     local TMP_MNT=$(mktemp -d)
     truncate -s "$SIZE" "$IMG"
     mkfs.ext4 -F "$IMG"
-    sudo mount "$IMG" "$TMP_MNT"
-    sudo tar c -C $DIR . |sudo tar x -C "$TMP_MNT"
+    mount "$IMG" "$TMP_MNT"
+    tar c -C $DIR . |tar x -C "$TMP_MNT"
     # cleanup
-    sudo umount "$TMP_MNT"
+    # Use the -l flag for lazy unmounting since sometimes umount fails
+    # with "device busy" and simply calling `sync` doesn't help
+    umount -l "$TMP_MNT"
     rmdir $TMP_MNT
 }
 
+function prepare_docker {
+    nohup /usr/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://127.0.0.1:2375 &
+
+    # Wait for Docker socket to be created
+    timeout 15 sh -c "until docker info; do echo .; sleep 1; done"
+}
 
 function compile_and_install {
     local C_FILE=$1
@@ -54,6 +62,9 @@ function build_rootfs {
     local rootfs="tmp_rootfs"
     mkdir -pv "$rootfs"
 
+    # Launch Docker
+    prepare_docker
+
     cp -rvf overlay/* $rootfs
 
     # curl -O https://cloud-images.ubuntu.com/minimal/releases/jammy/release/ubuntu-22.04-minimal-cloudimg-amd64-root.tar.xz
@@ -76,25 +87,29 @@ mkdir -pv $rootfs/var/lib/dpkg/
 EOF
 
     # TBD what abt /etc/hosts?
-    echo |sudo tee $rootfs/etc/resolv.conf
+    echo | tee $rootfs/etc/resolv.conf
 
     # Generate key for ssh access from host
     if [ ! -s id_rsa ]; then
         ssh-keygen -f id_rsa -N ""
     fi
-    sudo install -d -m 0600 "$rootfs/root/.ssh/"
-    sudo cp id_rsa.pub "$rootfs/root/.ssh/authorized_keys"
+    install -d -m 0600 "$rootfs/root/.ssh/"
+    cp id_rsa.pub "$rootfs/root/.ssh/authorized_keys"
     id_rsa=$OUTPUT_DIR/$ROOTFS_NAME.id_rsa
-    sudo cp id_rsa $id_rsa
+    cp id_rsa $id_rsa
 
     # -comp zstd but guest kernel does not support
     rootfs_img="$OUTPUT_DIR/$ROOTFS_NAME.squashfs"
-    sudo mv $rootfs/root/manifest $OUTPUT_DIR/$ROOTFS_NAME.manifest
-    sudo mksquashfs $rootfs $rootfs_img -all-root -noappend
+    mv $rootfs/root/manifest $OUTPUT_DIR/$ROOTFS_NAME.manifest
+    mksquashfs $rootfs $rootfs_img -all-root -noappend
     rootfs_ext4=$OUTPUT_DIR/$ROOTFS_NAME.ext4
     dir2ext4img $rootfs $rootfs_ext4
-    sudo rm -rf $rootfs
-    sudo chown -Rc $USER. $OUTPUT_DIR
+    rm -rf $rootfs
+    for bin in fast_page_fault_helper fillmem init readmem; do
+        rm $PWD/overlay/usr/local/bin/$bin
+    done
+    rm -f id_rsa{,.pub}
+    rm -f nohup.out
 }
 
 
@@ -241,6 +256,10 @@ function build_al_kernels {
     if [[ "$KERNEL_VERSION" == @(all|6.1) ]]; then
         build_al_kernel $PWD/guest_configs/microvm-kernel-ci-$ARCH-6.1.config 5.10
     fi
+
+    # Undo kernel patches on top of AL configuration
+    git restore $PWD/guest_configs
+    rm -rf $PWD/guest_configs/*.orig 
 }
 
 function print_help {

tools/devtool

@@ -134,6 +134,8 @@ OPT_UNATTENDED=false
 # Get the target prefix to avoid repeated calls to uname -m
 TARGET_PREFIX="$(uname -m)-unknown-linux-"
 
+# Container path to directory where we store built CI artifacts.
+CTR_CI_ARTIFACTS_PATH="${CTR_FC_ROOT_DIR}/resources/$(uname -m)"
 
 # Check if Docker is available and exit if it's not.
 # Upon returning from this call, the caller can be certain Docker is available.
@@ -231,7 +233,7 @@ cmd_fix_perms() {
     run_devctr \
         --workdir "$CTR_FC_ROOT_DIR" \
         -- \
-        chown -R "$(id -u):$(id -g)" "$CTR_FC_BUILD_DIR"  "$CTR_TEST_RESULTS_DIR"
+        chown -R "$(id -u):$(id -g)" "$CTR_FC_BUILD_DIR" "$CTR_TEST_RESULTS_DIR" "$CTR_CI_ARTIFACTS_PATH"
 }
 
 # Builds the development container from its Dockerfile.
@@ -412,6 +414,10 @@ cmd_help() {
     echo "            --performance            Tweak various setting of the host running the tests (such as C- and P-states)"
     echo "                                     to achieve consistent performance. Used for running performance tests in CI."
     echo ""
+    echo "    build_ci_artifacts [all|rootfs|kernels]"
+    echo "        Builds the rootfs and guest kernel artifacts we use for our CI."
+    echo "        Run './tools/devtool build_ci_artifacts help' for more details about the available commands."
+    echo ""    
 
     cat <<EOF
     test_debug [-- [<pytest args>]]
@@ -1161,6 +1167,20 @@ cmd_install() {
     done
 }
 
+cmd_build_ci_artifacts() {
+    # Check prerequisites
+    ensure_devctr
+
+    # We need to run nested Docker here, so run this container as privileged.
+    run_devctr \
+        --privileged \
+        --workdir "$CTR_FC_ROOT_DIR" \
+        -- \
+        ./resources/rebuild.sh "$@"
+
+    cmd_fix_perms
+}
+
 
 main() {