mirror of https://github.com/containers/podman.git
Merge pull request #21978 from ashley-cui/fatbin
[CI:BUILD] Build universal Podman binary for Mac installer
This commit is contained in:
openshift-merge-bot[bot]
GitHub
commit
f3dd5f132a
|
|
@ -351,6 +351,7 @@ osx_alt_build_task:
|
|||
- cd contrib/pkginstaller
|
||||
- make ARCH=amd64 NO_CODESIGN=1 pkginstaller
|
||||
- make ARCH=aarch64 NO_CODESIGN=1 pkginstaller
|
||||
- make ARCH=universal NO_CODESIGN=1 pkginstaller
|
||||
# Produce a new repo.tbz artifact for consumption by dependent tasks.
|
||||
repo_prep_script: *repo_prep
|
||||
repo_artifacts: *repo_artifacts
|
||||
|
|
|
|||
|
|
@ -67,6 +67,7 @@ jobs:
|
|||
URI="https://github.com/containers/podman/releases/download/${{steps.getversion.outputs.version}}"
|
||||
ARM_FILE="podman-installer-macos-arm64.pkg"
|
||||
AMD_FILE="podman-installer-macos-amd64.pkg"
|
||||
UNIVERSAL_FILE="podman-installer-macos-universal.pkg"
|
||||
|
||||
status=$(curl -s -o /dev/null -w "%{http_code}" "${URI}/${ARM_FILE}")
|
||||
if [[ "$status" == "404" ]] ; then
|
||||
|
|
@ -83,10 +84,19 @@ jobs:
|
|||
echo "::warning::AMD installer already exists, skipping"
|
||||
echo "buildamd=false" >> $GITHUB_OUTPUT
|
||||
fi
|
||||
|
||||
status=$(curl -s -o /dev/null -w "%{http_code}" "${URI}/${UNIVERSAL_FILE}")
|
||||
if [[ "$status" == "404" ]] ; then
|
||||
echo "builduniversal=true" >> $GITHUB_OUTPUT
|
||||
else
|
||||
echo "::warning::Universal installer already exists, skipping"
|
||||
echo "builduniversal=false" >> $GITHUB_OUTPUT
|
||||
fi
|
||||
- name: Checkout Version
|
||||
if: >-
|
||||
steps.check.outputs.buildamd == 'true' ||
|
||||
steps.check.outputs.buildarm == 'true' ||
|
||||
steps.check.outputs.builduniversal == 'true' ||
|
||||
steps.actual_dryrun.outputs.dryrun == 'true'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
|
||||
with:
|
||||
|
|
@ -96,6 +106,7 @@ jobs:
|
|||
if: >-
|
||||
steps.check.outputs.buildamd == 'true' ||
|
||||
steps.check.outputs.buildarm == 'true' ||
|
||||
steps.check.outputs.builduniversal == 'true' ||
|
||||
steps.actual_dryrun.outputs.dryrun == 'true'
|
||||
uses: actions/setup-go@v5
|
||||
with:
|
||||
|
|
@ -104,6 +115,7 @@ jobs:
|
|||
if: >-
|
||||
steps.check.outputs.buildamd == 'true' ||
|
||||
steps.check.outputs.buildarm == 'true' ||
|
||||
steps.check.outputs.builduniversal == 'true' ||
|
||||
steps.actual_dryrun.outputs.dryrun == 'true'
|
||||
run: |
|
||||
echo $APPLICATION_CERTIFICATE | base64 --decode -o appcert.p12
|
||||
|
|
@ -129,10 +141,17 @@ jobs:
|
|||
run: |
|
||||
make ARCH=amd64 notarize &> /dev/null
|
||||
cd out && shasum -a 256 podman-installer-macos-amd64.pkg >> shasums
|
||||
- name: Build and Sign Universal
|
||||
if: steps.check.outputs.builduniversal == 'true' || steps.actual_dryrun.outputs.dryrun == 'true'
|
||||
working-directory: contrib/pkginstaller
|
||||
run: |
|
||||
make ARCH=universal notarize &> /dev/null
|
||||
cd out && shasum -a 256 podman-installer-macos-universal.pkg >> shasums
|
||||
- name: Artifact
|
||||
if: >-
|
||||
steps.check.outputs.buildamd == 'true' ||
|
||||
steps.check.outputs.buildarm == 'true' ||
|
||||
steps.check.outputs.builduniversal == 'true' ||
|
||||
steps.actual_dryrun.outputs.dryrun == 'true'
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
|
|
@ -144,7 +163,8 @@ jobs:
|
|||
if: >-
|
||||
steps.actual_dryrun.outputs.dryrun == 'false' &&
|
||||
(steps.check.outputs.buildamd == 'true' ||
|
||||
steps.check.outputs.buildarm == 'true')
|
||||
steps.check.outputs.buildarm == 'true'||
|
||||
steps.check.outputs.builduniversal == 'true' )
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
run: |
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
out
|
||||
Distribution
|
||||
welcome.html
|
||||
tmp-download
|
||||
tmp-bin
|
||||
.vscode
|
||||
root
|
||||
|
|
|
|||
|
|
@ -11,22 +11,22 @@ VFKIT_VERSION ?= 0.5.1
|
|||
GVPROXY_RELEASE_URL ?= https://github.com/containers/gvisor-tap-vsock/releases/download/v$(GVPROXY_VERSION)/gvproxy-darwin
|
||||
VFKIT_RELEASE_URL ?= https://github.com/crc-org/vfkit/releases/download/v$(VFKIT_VERSION)/vfkit-unsigned
|
||||
PACKAGE_DIR ?= out/packaging
|
||||
TMP_DOWNLOAD ?= tmp-download
|
||||
TMP_BIN ?= tmp-bin
|
||||
PACKAGE_ROOT ?= root
|
||||
PKG_NAME := podman-installer-macos-$(GOARCH).pkg
|
||||
|
||||
default: pkginstaller
|
||||
|
||||
podman_version:
|
||||
make -C ../../ test/version/version
|
||||
make -B -C ../../ test/version/version
|
||||
|
||||
$(TMP_DOWNLOAD)/gvproxy:
|
||||
mkdir -p $(TMP_DOWNLOAD)
|
||||
cd $(TMP_DOWNLOAD) && curl -sLo gvproxy $(GVPROXY_RELEASE_URL)
|
||||
$(TMP_BIN)/gvproxy:
|
||||
mkdir -p $(TMP_BIN)
|
||||
cd $(TMP_BIN) && curl -sLo gvproxy $(GVPROXY_RELEASE_URL)
|
||||
|
||||
$(TMP_DOWNLOAD)/vfkit:
|
||||
mkdir -p $(TMP_DOWNLOAD)
|
||||
cd $(TMP_DOWNLOAD) && curl -sLo vfkit $(VFKIT_RELEASE_URL)
|
||||
$(TMP_BIN)/vfkit:
|
||||
mkdir -p $(TMP_BIN)
|
||||
cd $(TMP_BIN) && curl -sLo vfkit $(VFKIT_RELEASE_URL)
|
||||
|
||||
packagedir: podman_version package_root Distribution welcome.html
|
||||
mkdir -p $(PACKAGE_DIR)
|
||||
|
|
@ -42,10 +42,10 @@ packagedir: podman_version package_root Distribution welcome.html
|
|||
cp ../../LICENSE $(PACKAGE_DIR)/Resources/LICENSE.txt
|
||||
cp vfkit.entitlements $(PACKAGE_DIR)/
|
||||
|
||||
package_root: clean-pkgroot $(TMP_DOWNLOAD)/gvproxy $(TMP_DOWNLOAD)/vfkit
|
||||
package_root: clean-pkgroot $(TMP_BIN)/gvproxy $(TMP_BIN)/vfkit
|
||||
mkdir -p $(PACKAGE_ROOT)/podman/bin
|
||||
cp $(TMP_DOWNLOAD)/gvproxy $(PACKAGE_ROOT)/podman/bin/
|
||||
cp $(TMP_DOWNLOAD)/vfkit $(PACKAGE_ROOT)/podman/bin/
|
||||
cp $(TMP_BIN)/gvproxy $(PACKAGE_ROOT)/podman/bin/
|
||||
cp $(TMP_BIN)/vfkit $(PACKAGE_ROOT)/podman/bin/
|
||||
chmod a+x $(PACKAGE_ROOT)/podman/bin/*
|
||||
mkdir $(PACKAGE_ROOT)/podman/config
|
||||
cp ../../pkg/machine/ocipull/policy.json $(PACKAGE_ROOT)/podman/config/policy.json
|
||||
|
|
@ -64,7 +64,7 @@ notarize: _notarize
|
|||
|
||||
.PHONY: clean clean-pkgroot
|
||||
clean:
|
||||
rm -rf $(TMP_DOWNLOAD) $(PACKAGE_ROOT) $(PACKAGE_DIR) Distribution welcome.html ../../test/version/version
|
||||
rm -rf $(TMP_BIN) $(PACKAGE_ROOT) $(PACKAGE_DIR) out Distribution welcome.html ../../test/version/version
|
||||
|
||||
clean-pkgroot:
|
||||
rm -rf $(PACKAGE_ROOT) $(PACKAGE_DIR) Distribution welcome.html
|
||||
|
|
|
|||
|
|
@ -1,13 +1,13 @@
|
|||
## How to build
|
||||
|
||||
```sh
|
||||
$ make ARCH=<amd64 | aarch64> NO_CODESIGN=1 pkginstaller
|
||||
$ make ARCH=<amd64 | aarch64 | universal> NO_CODESIGN=1 pkginstaller
|
||||
|
||||
# or to create signed pkg
|
||||
$ make ARCH=<amd64 | aarch64> CODESIGN_IDENTITY=<ID> PRODUCTSIGN_IDENTITY=<ID> pkginstaller
|
||||
$ make ARCH=<amd64 | aarch64 | universal> CODESIGN_IDENTITY=<ID> PRODUCTSIGN_IDENTITY=<ID> pkginstaller
|
||||
|
||||
# or to prepare a signed and notarized pkg for release
|
||||
$ make ARCH=<amd64 | aarch64> CODESIGN_IDENTITY=<ID> PRODUCTSIGN_IDENTITY=<ID> NOTARIZE_USERNAME=<appleID> NOTARIZE_PASSWORD=<appleID-password> NOTARIZE_TEAM=<team-id> notarize
|
||||
$ make ARCH=<amd64 | aarch64 | universal> CODESIGN_IDENTITY=<ID> PRODUCTSIGN_IDENTITY=<ID> NOTARIZE_USERNAME=<appleID> NOTARIZE_PASSWORD=<appleID-password> NOTARIZE_TEAM=<team-id> notarize
|
||||
```
|
||||
|
||||
The generated pkg will be written to `out/podman-macos-installer-*.pkg`.
|
||||
|
|
|
|||
|
|
@ -10,6 +10,8 @@ NO_CODESIGN=${NO_CODESIGN:-0}
|
|||
HELPER_BINARIES_DIR="/opt/podman/bin"
|
||||
MACHINE_POLICY_JSON_DIR="/opt/podman/config"
|
||||
|
||||
tmpBin="contrib/pkginstaller/tmp-bin"
|
||||
|
||||
binDir="${BASEDIR}/root/podman/bin"
|
||||
|
||||
version=$(cat "${BASEDIR}/VERSION")
|
||||
|
|
@ -17,13 +19,46 @@ arch=$(cat "${BASEDIR}/ARCH")
|
|||
|
||||
function build_podman() {
|
||||
pushd "$1"
|
||||
make GOARCH="${goArch}" podman-remote HELPER_BINARIES_DIR="${HELPER_BINARIES_DIR}" MACHINE_POLICY_JSON_DIR="${MACHINE_POLICY_JSON_DIR}"
|
||||
make GOARCH="${goArch}" podman-mac-helper
|
||||
cp bin/darwin/podman "contrib/pkginstaller/out/packaging/${binDir}/podman"
|
||||
cp bin/darwin/podman-mac-helper "contrib/pkginstaller/out/packaging/${binDir}/podman-mac-helper"
|
||||
|
||||
case ${goArch} in
|
||||
universal)
|
||||
build_fat
|
||||
cp "${tmpBin}/podman-universal" "contrib/pkginstaller/out/packaging/${binDir}/podman"
|
||||
cp "${tmpBin}/podman-mac-helper-universal" "contrib/pkginstaller/out/packaging/${binDir}/podman-mac-helper"
|
||||
;;
|
||||
|
||||
amd64 | arm64)
|
||||
build_podman_arch ${goArch}
|
||||
cp "${tmpBin}/podman-${goArch}" "contrib/pkginstaller/out/packaging/${binDir}/podman"
|
||||
cp "${tmpBin}/podman-mac-helper-${goArch}" "contrib/pkginstaller/out/packaging/${binDir}/podman-mac-helper"
|
||||
;;
|
||||
*)
|
||||
echo -n "Unknown arch: ${goArch}"
|
||||
;;
|
||||
esac
|
||||
|
||||
popd
|
||||
}
|
||||
|
||||
function build_podman_arch(){
|
||||
make -B GOARCH="$1" podman-remote HELPER_BINARIES_DIR="${HELPER_BINARIES_DIR}" MACHINE_POLICY_JSON_DIR="${MACHINE_POLICY_JSON_DIR}"
|
||||
make -B GOARCH="$1" podman-mac-helper
|
||||
mkdir -p "${tmpBin}"
|
||||
cp bin/darwin/podman "${tmpBin}/podman-$1"
|
||||
cp bin/darwin/podman-mac-helper "${tmpBin}/podman-mac-helper-$1"
|
||||
}
|
||||
|
||||
function build_fat(){
|
||||
echo "Building ARM Podman"
|
||||
build_podman_arch "arm64"
|
||||
echo "Building AMD Podman"
|
||||
build_podman_arch "amd64"
|
||||
|
||||
echo "Creating universal binary"
|
||||
lipo -create -output "${tmpBin}/podman-universal" "${tmpBin}/podman-arm64" "${tmpBin}/podman-amd64"
|
||||
lipo -create -output "${tmpBin}/podman-mac-helper-universal" "${tmpBin}/podman-mac-helper-arm64" "${tmpBin}/podman-mac-helper-amd64"
|
||||
}
|
||||
|
||||
function sign() {
|
||||
local opts=""
|
||||
entitlements="${BASEDIR}/$(basename "$1").entitlements"
|
||||
|
|
@ -39,6 +74,7 @@ if [ "${goArch}" = aarch64 ]; then
|
|||
fi
|
||||
|
||||
build_podman "../../../../"
|
||||
|
||||
sign "${binDir}/podman"
|
||||
sign "${binDir}/gvproxy"
|
||||
sign "${binDir}/vfkit"
|
||||
|
|
|
|||
Loading…
Reference in New Issue