Skip to content

docker update #4982

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Jan 8, 2025
Merged

docker update #4982

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6d5fbd9
chore: unpin cargo-deny and specify tag for libseccomp
ShadowCurse Jan 8, 2025
ab4939a
chore: allow seccomp rules integration tests to run on aarch64
ShadowCurse Jan 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 0 additions & 6 deletions tests/integration_tests/build/test_seccomp_no_redundant_rules.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,6 @@
import platform
from pathlib import Path

import pytest

from framework import utils
from framework.static_analysis import (
determine_unneeded_seccomp_rules,
Expand All @@ -15,10 +13,6 @@
)


@pytest.mark.skipif(
platform.machine() != "x86_64",
reason="aarch64 nightly toolchain does not support flags needed to compile analyzable binary yet",
)
def test_redundant_seccomp_rules():
"""Test that fails if static analysis determines redundant seccomp rules"""
arch = platform.processor()
Expand Down
10 changes: 8 additions & 2 deletions tools/devctr/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --profile minimal --default-too
&& rustup target add x86_64-unknown-linux-musl \
&& rustup target add aarch64-unknown-linux-musl \
&& rustup component add llvm-tools-preview clippy rustfmt \
&& cargo install --locked cargo-audit cargo-deny@0.16.1 grcov cargo-sort cargo-afl \
&& cargo install --locked cargo-audit cargo-deny grcov cargo-sort cargo-afl \
&& cargo install --locked kani-verifier && cargo kani setup \
\
&& NIGHTLY_TOOLCHAIN=$(rustup toolchain list | grep nightly | tr -d '\n') \
Expand Down Expand Up @@ -149,12 +149,18 @@ RUN cd /usr/include/$ARCH-linux-musl \
&& ln -s ../asm-generic asm-generic

# Install static version of libseccomp
#
# We need to compile from source because
# libseccomp provided by the distribution is not
# compiled with musl-gcc and we need this
# for our musl builds.
# We specify the tag in order to have a fixed version
# of the library.
RUN apt-get update \
&& apt-get -y install \
libtool gperf \
&& git clone https://github.com/seccomp/libseccomp /tmp/libseccomp \
&& cd /tmp/libseccomp \
&& git checkout tags/v2.5.5 \
&& ./autogen.sh \
&& CC="musl-gcc -static" ./configure --enable-static=yes --enable-shared=false \
&& make install \
Expand Down
2 changes: 1 addition & 1 deletion tools/devtool
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@
DEVCTR_IMAGE_NO_TAG="public.ecr.aws/firecracker/fcuvm"

# Development container tag
DEVCTR_IMAGE_TAG=${DEVCTR_IMAGE_TAG:-v76}
DEVCTR_IMAGE_TAG=${DEVCTR_IMAGE_TAG:-v77}

# Development container image (name:tag)
# This should be updated whenever we upgrade the development container.
Expand Down
Loading